From c1d8b5d1f7c3ae991e9dd5cff7857b1d133e73e8 Mon Sep 17 00:00:00 2001 From: guenther Date: Fri, 2 Aug 2024 01:53:21 +0000 Subject: [PATCH] getentropy(2) is in POSIX-2024, so adjust the #include visibility, change the "too much" error to EINVAL, add GETENTROPY_MAX to (via sys/syslimits.h), and update the manpage. ok deraadt@ --- include/unistd.h | 7 +++++-- lib/libc/sys/getentropy.2 | 17 ++++++++++++----- sys/dev/rnd.c | 7 ++++--- sys/sys/syslimits.h | 6 +++++- 4 files changed, 26 insertions(+), 11 deletions(-) diff --git a/include/unistd.h b/include/unistd.h index 1fda33a9cda..04972072f96 100644 --- a/include/unistd.h +++ b/include/unistd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: unistd.h,v 1.109 2024/05/18 05:20:22 guenther Exp $ */ +/* $OpenBSD: unistd.h,v 1.110 2024/08/02 01:53:21 guenther Exp $ */ /* $NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $ */ /*- @@ -471,6 +471,10 @@ int symlinkat(const char *, int, const char *); int unlinkat(int, const char *, int); #endif +#if __POSIX_VISIBLE >= 202405 || __BSD_VISIBLE +int getentropy(void *, size_t); +#endif + #if __BSD_VISIBLE int dup3(int, int, int); int pipe2(int [2], int); @@ -525,7 +529,6 @@ int setthrname(pid_t, const char *); void setusershell(void); int strtofflags(char **, u_int32_t *, u_int32_t *); int swapctl(int cmd, const void *arg, int misc); -int getentropy(void *, size_t); int pledge(const char *, const char *); int unveil(const char *, const char *); pid_t __tfork_thread(const struct __tfork *, size_t, void (*)(void *), diff --git a/lib/libc/sys/getentropy.2 b/lib/libc/sys/getentropy.2 index 3f4fb058a48..54320698e58 100644 --- a/lib/libc/sys/getentropy.2 +++ b/lib/libc/sys/getentropy.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getentropy.2,v 1.10 2022/02/06 00:29:02 jsg Exp $ +.\" $OpenBSD: getentropy.2,v 1.11 2024/08/02 01:53:21 guenther Exp $ .\" .\" Copyright (c) 2014 Theo de Raadt .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: February 6 2022 $ +.Dd $Mdocdate: August 2 2024 $ .Dt GETENTROPY 2 .Os .Sh NAME @@ -30,7 +30,9 @@ fills a buffer with high-quality entropy, which can be used as input for process-context pseudorandom generators like .Xr arc4random 3 . .Pp -The maximum buffer size permitted is 256 bytes. +The maximum buffer size permitted is +.Dv GETENTROPY_MAX +(256) bytes. .Pp .Fn getentropy is not intended for regular code; use the @@ -51,11 +53,16 @@ The .Fa buf parameter points to an invalid address. -.It Bq Er EIO -Too many bytes requested, or some other fatal error occurred. +.It Bq Er EINVAL +Too many bytes requested. .El .Sh SEE ALSO .Xr arc4random 3 +.Sh STANDARDS +The +.Fn getentropy +function conforms to +.St -p1003.1-2024 . .Sh HISTORY The .Fn getentropy diff --git a/sys/dev/rnd.c b/sys/dev/rnd.c index 4ad4a73a0fc..259721d90c0 100644 --- a/sys/dev/rnd.c +++ b/sys/dev/rnd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rnd.c,v 1.228 2024/06/14 10:17:05 claudio Exp $ */ +/* $OpenBSD: rnd.c,v 1.229 2024/08/02 01:53:21 guenther Exp $ */ /* * Copyright (c) 2011,2020 Theo de Raadt. @@ -75,6 +75,7 @@ #include #include #include +#include #include @@ -814,11 +815,11 @@ sys_getentropy(struct proc *p, void *v, register_t *retval) syscallarg(void *) buf; syscallarg(size_t) nbyte; } */ *uap = v; - char buf[256]; + char buf[GETENTROPY_MAX]; int error; if (SCARG(uap, nbyte) > sizeof(buf)) - return (EIO); + return (EINVAL); arc4random_buf(buf, SCARG(uap, nbyte)); if ((error = copyout(buf, SCARG(uap, buf), SCARG(uap, nbyte))) != 0) return (error); diff --git a/sys/sys/syslimits.h b/sys/sys/syslimits.h index 4ebc656224b..d8c98a9ea59 100644 --- a/sys/sys/syslimits.h +++ b/sys/sys/syslimits.h @@ -1,4 +1,4 @@ -/* $OpenBSD: syslimits.h,v 1.15 2022/02/22 16:58:08 deraadt Exp $ */ +/* $OpenBSD: syslimits.h,v 1.16 2024/08/02 01:53:21 guenther Exp $ */ /* $NetBSD: syslimits.h,v 1.12 1995/10/05 05:26:19 thorpej Exp $ */ /* @@ -76,4 +76,8 @@ #define HOST_NAME_MAX 255 /* max hostname length w/o NUL */ #endif +#if __POSIX_VISIBLE >= 202405 +#define GETENTROPY_MAX 256 /* max bytes from getentropy(2) */ +#endif + #define _MAXCOMLEN 24 /* includes NUL */ -- 2.20.1