From a76f78dc3f43dbc25021f17255fee87cc0eafc73 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Wed, 24 Jul 2019 22:50:43 +0000 Subject: [PATCH] Remove cap_random(3). Now that we have a way to obtain entropy in capability mode (getrandom(2)), libcap_random is obsolete. Remove it. Bump __FreeBSD_version in case anything happens to use it, though I've found no consumers. Reviewed by: delphij, emaste, oshogbo Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D21033 --- ObsoleteFiles.inc | 5 + lib/libcasper/libcasper/libcasper.3 | 1 - lib/libcasper/services/Makefile | 1 - lib/libcasper/services/cap_random/Makefile | 29 ----- .../services/cap_random/Makefile.depend | 19 --- .../services/cap_random/cap_random.3 | 98 --------------- .../services/cap_random/cap_random.c | 119 ------------------ .../services/cap_random/cap_random.h | 51 -------- share/mk/src.libnames.mk | 3 - sys/sys/param.h | 2 +- targets/pseudo/userland/lib/Makefile.depend | 1 - 11 files changed, 6 insertions(+), 323 deletions(-) delete mode 100644 lib/libcasper/services/cap_random/Makefile delete mode 100644 lib/libcasper/services/cap_random/Makefile.depend delete mode 100644 lib/libcasper/services/cap_random/cap_random.3 delete mode 100644 lib/libcasper/services/cap_random/cap_random.c delete mode 100644 lib/libcasper/services/cap_random/cap_random.h diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index 737d1d9c6c91..ad4f6e702d3a 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -38,6 +38,11 @@ # xargs -n1 | sort | uniq -d; # done +# 20190722: cap_random(3) removed +OLD_FILES+=lib/casper/libcap_random.so.1 +OLD_FILES+=usr/include/casper/cap_random.h +OLD_FILES+=usr/share/man/man3/cap_random.3.gz +OLD_FILES+=usr/share/man/man3/cap_random_buf.3.gz # 20190708: vm_page_hold() and _unhold() removed OLD_FILES+=usr/share/man/man9/vm_page_hold.9.gz # 20190618: sys/capability.h removed (sys/capsicum.h is the one to use) diff --git a/lib/libcasper/libcasper/libcasper.3 b/lib/libcasper/libcasper/libcasper.3 index d1804b8ab25a..edde1b3b55db 100644 --- a/lib/libcasper/libcasper/libcasper.3 +++ b/lib/libcasper/libcasper/libcasper.3 @@ -264,7 +264,6 @@ functions always succeed. .Xr cap_dns 3 , .Xr cap_grp 3 , .Xr cap_pwd 3 , -.Xr cap_random 3 , .Xr cap_sysctl 3 , .Xr cap_syslog 3 , .Xr libcasper_service 3 , diff --git a/lib/libcasper/services/Makefile b/lib/libcasper/services/Makefile index 973805ea99aa..fb4b8c34f31e 100644 --- a/lib/libcasper/services/Makefile +++ b/lib/libcasper/services/Makefile @@ -6,7 +6,6 @@ SUBDIR= cap_dns SUBDIR+= cap_fileargs SUBDIR+= cap_grp SUBDIR+= cap_pwd -SUBDIR+= cap_random SUBDIR+= cap_sysctl SUBDIR+= cap_syslog diff --git a/lib/libcasper/services/cap_random/Makefile b/lib/libcasper/services/cap_random/Makefile deleted file mode 100644 index 77f222f3202b..000000000000 --- a/lib/libcasper/services/cap_random/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# $FreeBSD$ - -SHLIBDIR?= /lib/casper - -.include - -PACKAGE=libcasper - -SHLIB_MAJOR= 1 -INCSDIR?= ${INCLUDEDIR}/casper - -.if ${MK_CASPER} != "no" -SHLIB= cap_random - -SRCS= cap_random.c -.endif - -INCS= cap_random.h - -LIBADD= nv - -CFLAGS+=-I${.CURDIR} - -MAN+= cap_random.3 - -MLINKS+=cap_random.3 libcap_random.3 -MLINKS+=cap_random.3 cap_random_buf.3 - -.include diff --git a/lib/libcasper/services/cap_random/Makefile.depend b/lib/libcasper/services/cap_random/Makefile.depend deleted file mode 100644 index a293d0a10b77..000000000000 --- a/lib/libcasper/services/cap_random/Makefile.depend +++ /dev/null @@ -1,19 +0,0 @@ -# $FreeBSD$ -# Autogenerated - do NOT edit! - -DIRDEPS = \ - gnu/lib/csu \ - include \ - include/xlocale \ - lib/${CSU_DIR} \ - lib/libc \ - lib/libcasper/libcasper \ - lib/libcompiler_rt \ - lib/libnv \ - - -.include - -.if ${DEP_RELDIR} == ${_DEP_RELDIR} -# local dependencies - needed for -jN in clean tree -.endif diff --git a/lib/libcasper/services/cap_random/cap_random.3 b/lib/libcasper/services/cap_random/cap_random.3 deleted file mode 100644 index efaedb006d15..000000000000 --- a/lib/libcasper/services/cap_random/cap_random.3 +++ /dev/null @@ -1,98 +0,0 @@ -.\" Copyright (c) 2018 Mariusz Zaborski -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd February 26, 2018 -.Dt CAP_RANDOM 3 -.Os -.Sh NAME -.Nm cap_random_buf -.Nd "library for getting entropy in capability mode" -.Sh LIBRARY -.Lb libcap_random -.Sh SYNOPSIS -.In sys/nv.h -.In libcasper.h -.In casper/cap_random.h -.Ft "int" -.Fn cap_random_buf "cap_channel_t *chan" "void *buf" "size_t nbytes" -.Sh DESCRIPTION -The function -.Fn cap_random_buf -is equivalent to -.Xr arc4random_buf 3 -except that the connection to the -.Nm system.random -service needs to be provided. -.Sh EXAMPLES -The following example first opens a capability to casper and then uses this -capability to create the -.Nm system.random -casper service to obtain entropy. -.Bd -literal -cap_channel_t *capcas, *caprandom; -unsigned char buf[16]; -int i; - -/* Open capability to Casper. */ -capcas = cap_init(); -if (capcas == NULL) - err(1, "Unable to contact Casper"); - -/* Enter capability mode sandbox. */ -if (cap_enter() < 0 && errno != ENOSYS) - err(1, "Unable to enter capability mode"); - -/* Use Casper capability to create capability to the system.random service. */ -caprandom = cap_service_open(capcas, "system.random"); -if (caprandom == NULL) - err(1, "Unable to open system.random service"); - -/* Close Casper capability, we don't need it anymore. */ -cap_close(capcas); - -/* Obtain entropy. */ -if (cap_random_buf(caprandom, buf, sizeof(buf)) < 0) - err(1, "Unable to obtain entropy"); - -for (i = 0; i < sizeof(buf); i++) - printf("%.2x ", buf[i]); -printf("\\n"); -.Ed -.Sh SEE ALSO -.Xr cap_enter 2 , -.Xr arc4random_buf 3 , -.Xr err 3 , -.Xr capsicum 4 , -.Xr nv 9 -.Sh AUTHORS -The -.Nm cap_random -service was implemented by -.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net -under sponsorship from the FreeBSD Foundation. -.Pp -This manual page was written by -.An Mariusz Zaborski Aq Mt oshogbo@FreeBSD.org . diff --git a/lib/libcasper/services/cap_random/cap_random.c b/lib/libcasper/services/cap_random/cap_random.c deleted file mode 100644 index c524ba8beab6..000000000000 --- a/lib/libcasper/services/cap_random/cap_random.c +++ /dev/null @@ -1,119 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause-FreeBSD - * - * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. - * - * This software was developed by Pawel Jakub Dawidek under sponsorship from - * the FreeBSD Foundation. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include "cap_random.h" - -#define MAXSIZE (1024 * 1024) - -int -cap_random_buf(cap_channel_t *chan, void *buf, size_t nbytes) -{ - nvlist_t *nvl; - const void *randbuf; - uint8_t *ptr; - size_t left, randbufsize; - - left = nbytes; - ptr = buf; - - while (left > 0) { - nvl = nvlist_create(0); - nvlist_add_string(nvl, "cmd", "generate"); - nvlist_add_number(nvl, "size", - (uint64_t)(left > MAXSIZE ? MAXSIZE : left)); - nvl = cap_xfer_nvlist(chan, nvl); - if (nvl == NULL) - return (-1); - if (nvlist_get_number(nvl, "error") != 0) { - errno = (int)nvlist_get_number(nvl, "error"); - nvlist_destroy(nvl); - return (-1); - } - - randbuf = nvlist_get_binary(nvl, "data", &randbufsize); - memcpy(ptr, randbuf, randbufsize); - - nvlist_destroy(nvl); - - ptr += randbufsize; - assert(left >= randbufsize); - left -= randbufsize; - } - - return (0); -} - -/* - * Service functions. - */ - -static int -random_command(const char *cmd, const nvlist_t *limits __unused, - nvlist_t *nvlin, nvlist_t *nvlout) -{ - void *data; - size_t size; - - if (strcmp(cmd, "generate") != 0) - return (EINVAL); - if (!nvlist_exists_number(nvlin, "size")) - return (EINVAL); - - size = (size_t)nvlist_get_number(nvlin, "size"); - if (size == 0 || size > MAXSIZE) - return (EINVAL); - - data = malloc(size); - if (data == NULL) - return (ENOMEM); - - arc4random_buf(data, size); - - nvlist_move_binary(nvlout, "data", data, size); - - return (0); -} - -CREATE_SERVICE("system.random", NULL, random_command, 0); diff --git a/lib/libcasper/services/cap_random/cap_random.h b/lib/libcasper/services/cap_random/cap_random.h deleted file mode 100644 index 2c37b9c618d4..000000000000 --- a/lib/libcasper/services/cap_random/cap_random.h +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. - * - * This software was developed by Pawel Jakub Dawidek under sponsorship from - * the FreeBSD Foundation. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#ifndef _CAP_RANDOM_H_ -#define _CAP_RANDOM_H_ - -#ifdef HAVE_CASPER -#define WITH_CASPER -#endif - -#ifdef WITH_CASPER -int cap_random_buf(cap_channel_t *chan, void *buf, size_t nbytes); -#else -inline int -cap_random_buf(cap_channel_t *chan, void *buf, size_t nbytes) -{ - - arc4random_buf(buf, nbytes); - return(0); -} -#endif - -#endif /* !_CAP_RANDOM_H_ */ diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index fcb03aaaedcd..5710df3214c4 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -82,7 +82,6 @@ _LIBRARIES= \ cap_fileargs \ cap_grp \ cap_pwd \ - cap_random \ cap_sysctl \ cap_syslog \ com_err \ @@ -260,7 +259,6 @@ _DP_cap_dns= nv _DP_cap_fileargs= nv _DP_cap_grp= nv _DP_cap_pwd= nv -_DP_cap_random= nv _DP_cap_sysctl= nv _DP_cap_syslog= nv .if ${MK_OFED} != "no" @@ -599,7 +597,6 @@ LIBCASPERDIR= ${OBJTOP}/lib/libcasper/libcasper LIBCAP_DNSDIR= ${OBJTOP}/lib/libcasper/services/cap_dns LIBCAP_GRPDIR= ${OBJTOP}/lib/libcasper/services/cap_grp LIBCAP_PWDDIR= ${OBJTOP}/lib/libcasper/services/cap_pwd -LIBCAP_RANDOMDIR= ${OBJTOP}/lib/libcasper/services/cap_random LIBCAP_SYSCTLDIR= ${OBJTOP}/lib/libcasper/services/cap_sysctl LIBCAP_SYSLOGDIR= ${OBJTOP}/lib/libcasper/services/cap_syslog LIBBSDXMLDIR= ${OBJTOP}/lib/libexpat diff --git a/sys/sys/param.h b/sys/sys/param.h index 460f25e1f34c..eed0787c8b99 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300036 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300037 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, diff --git a/targets/pseudo/userland/lib/Makefile.depend b/targets/pseudo/userland/lib/Makefile.depend index 6e2e549278a7..9f72a50e7884 100644 --- a/targets/pseudo/userland/lib/Makefile.depend +++ b/targets/pseudo/userland/lib/Makefile.depend @@ -221,7 +221,6 @@ DIRDEPS+= \ lib/libcasper/services/cap_dns \ lib/libcasper/services/cap_grp \ lib/libcasper/services/cap_pwd \ - lib/libcasper/services/cap_random \ lib/libcasper/services/cap_sysctl \ .endif