d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FreeBSD src
247,302 Commits 72 Branches 135 Tags 3.2 GiB
C 59.6%
C++ 25.5%
Roff 5.1%
Shell 2.9%
Assembly 2.7%
Other 3.6%
86def3dcd6
Go to file
Conrad Meyer 86def3dcd6 getrandom(2): Add Linux GRND_INSECURE API flag 
Treat it as a synonym for GRND_NONBLOCK.  The reasoning is this:

We have two choices for handling Linux's GRND_INSECURE API flag.

1. We could ignore it completely (like GRND_RANDOM).  However, this might
produce the surprising result of GRND_INSECURE requests blocking, when the
Linux API does not block.

2. Alternatively, we could treat GRND_INSECURE requests as requests for
GRND_NONBLOCk.  Here, the surprising result for Linux programs is that
invocations with unseeded random(4) will produce EAGAIN, rather than
garbage.

Honoring the flag in the way Linux does seems fraught.  If we actually use
the output of a random(4) implementation prior to seeding, we leak some
entropy (in an information theory and also practical sense) from what will
be the initial seed to attackers (or allow attackers to arbitrary DoS
initial seeding, if we don't leak).  This seems unacceptable -- it defeats
the purpose of blocking on initial seeding.

Secondary to that concern, before seeding we may have arbitrarily little
entropy collected; producing output from zero or a handful of entropy bits
does not seem particularly useful to userspace.

If userspace can accept garbage, insecure, non-random bytes, they can create
their own insecure garbage with srandom(time(NULL)) or similar.  Any program
which would be satisfied with a 3-bit key CTR stream has no need for CSPRNG
bytes.  So asking the kernel to produce such an output from the secure
getrandom(2) API seems inane.

For now, we've elected to emulate GRND_INSECURE as an alternative spelling
of GRND_NONBLOCK (2).  Consider this API not-quite stable for now.  We
guarantee it will never block.  But we will attempt to monitor actual port
uptake of this bizarre API and may revise our plans for the unseeded
behavior (prior stable/13 branching).

Approved by:	csprng(markm), manpages(bcr)
See also:	https://lwn.net/ml/linux-kernel/cover.1577088521.git.luto@kernel.org/
See also:	https://lwn.net/ml/linux-kernel/20200107204400.GH3619@mit.edu/
Differential Revision:	https://reviews.freebsd.org/D23130
2020-01-12 20:47:38 +00:00
bin sh: Fix rare memory leak with SIGINT 2020-01-01 12:06:37 +00:00
cddl Use a deterministic hash for USDT symbol names. 2020-01-07 21:56:20 +00:00
contrib revert r356513: libunwind: untested attempt to fix sparc64 build 2020-01-09 14:10:11 +00:00
crypto sshd: make getpwclass wrapper MON_ISAUTH not MON_AUTH 2019-11-20 16:30:37 +00:00
etc Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp 2019-12-22 11:50:44 +00:00
gnu Retire build support for GCC's DWARF unwinder 2020-01-08 21:07:55 +00:00
include Revert r355760, r355759 2019-12-15 17:33:26 +00:00
kerberos5 Update Makefile.depend files 2019-12-11 17:37:53 +00:00
lib getrandom(2): Add Linux GRND_INSECURE API flag 2020-01-12 20:47:38 +00:00
libexec rtld: clean up Makefile. 2020-01-11 09:18:58 +00:00
release release: chase ports r519089 (rpi-firmware update) 2019-12-05 16:17:56 +00:00
rescue Remove unused defines since r147075 2019-07-12 04:44:50 +00:00
sbin Tighten FAT checks and fix off-by-one error in corner case. 2020-01-12 06:13:52 +00:00
secure Update Makefile.depend files 2019-12-11 17:37:53 +00:00
share src.opts.mk: force KERBEROS_SUPPORT off where KERBEROS forced off 2020-01-10 22:00:39 +00:00
stand loader: bioscd probe can get sector size 0 2020-01-09 21:21:08 +00:00
sys getrandom(2): Add Linux GRND_INSECURE API flag 2020-01-12 20:47:38 +00:00
targets Update libssp paths in various Makefile.depend* files 2020-01-06 18:15:55 +00:00
tests tests: fusefs: silence remaining unsigned/signed comparison warnings 2020-01-10 21:51:27 +00:00
tools Makefile.inc1: push /usr/libexec into the BPATH/TMPPATH 2020-01-12 04:18:36 +00:00
usr.bin Fix the way 'factor' behaves when using OpenSSL to match the description 2020-01-12 20:25:11 +00:00
usr.sbin camdd: initialize devs earlier 2020-01-10 22:20:23 +00:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.cirrus.yml Update vendor/libarchive/dist to git 5e270715b51d199467195b56f77e21cb8bb1d642 2020-01-05 01:30:41 +00:00
.clang-format Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitattributes Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitignore Update vendor/libarchive/dist to git 5e270715b51d199467195b56f77e21cb8bb1d642 2020-01-05 01:30:41 +00:00
COPYRIGHT Happy New Year 2020! 2019-12-31 16:01:36 +00:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS Move all sources from the llvm project into contrib/llvm-project. 2019-12-20 19:53:05 +00:00
Makefile Use clang and lld as the default toolchain for RISCV. 2020-01-08 17:25:59 +00:00
Makefile.inc1 Makefile.inc1: push /usr/libexec into the BPATH/TMPPATH 2020-01-12 04:18:36 +00:00
Makefile.libcompat libcompat: build 32-bit rtld and ldd as part of "everything" 2019-11-07 22:58:10 +00:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc Provide libssp based on libc 2020-01-04 20:19:25 +00:00
README Import OpenSSL 1.1.1d. 2019-09-10 17:40:53 +00:00
README.md README: add generic notes about GENERIC and NOTES 2018-06-17 19:44:24 +00:00
RELNOTES Add an entry to RELNOTES for r355677. 2019-12-13 16:28:48 +00:00
UPDATING Add notes for MAKE_OBSOLETE_GCC going away and riscv switching to clang/lld. 2020-01-08 17:31:54 +00:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, and https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information, including setting make(1) variables.

Source Roadmap:

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

stand		Boot loader sources.

sys		Kernel sources.

sys/<arch>/conf Kernel configuration files. GENERIC is the configuration
		used in release builds. NOTES contains documentation of
		all possible entries.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html