Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8350 Commits
49 Branches
254 MiB
Tree: ea887211a6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ea887211a6'
${ noResults }
openntpd-openbsd/src/lib/libcrypto/arc4random/getentropy_linux.c

525 lines
12 KiB
Raw Normal View History

Backport getentropy changes from deraadt@ on MAIN Saw a mention somewhere a while back that the gotdata() function in here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
5 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Provide a link to the canonical API specification. ok beck
10 years ago
Update the link for the getentropy(2) manual to man.openbsd.org/ ok deraadt@
8 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
tab love
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Not all Linux libc's include linux/sysctl.h in sys/sysctl.h. Include it if we have the sysctl syscall.
9 years ago
guard inclusion of sys/sysctl.h so we can detect at compile time and keep linux distros happy that don't have it. ok bcook@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Use dl_iterate_phdr() to iterate over the segments and throw the addresses into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
include header needed by older linux kernels not all versions of <linux/random.h> include <linux/types.h> by default
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Possibly obtain a little bit of entropy from addresses returned by getauxval if we have it. ok deraadt@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Possibly obtain a little bit of entropy from addresses returned by getauxval if we have it. ok deraadt@
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
ensure SYS_getrandom and GRND_NONBLOCK are both defined before using getrandom(2) Based on discussion here https://github.com/libressl-portable/openbsd/pull/82 Suggested fix from jsing@
6 years ago
Demonstrate how new linux getrandom() will be called, at least until it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
10 years ago
only build the getrandom path if SYS_getrandom is defined. like the sysctl path
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
protect sysctl path with SYS__sysctl instead; from enh@google, ok bcook
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
Use dl_iterate_phdr() to iterate over the segments and throw the addresses into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
unify files further
9 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
ensure SYS_getrandom and GRND_NONBLOCK are both defined before using getrandom(2) Based on discussion here https://github.com/libressl-portable/openbsd/pull/82 Suggested fix from jsing@
6 years ago
Demonstrate how new linux getrandom() will be called, at least until it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
10 years ago
Switch Linux getrandom() usage to non-blocking mode, continuing to use fallback mechanims if unsuccessful. The design of Linux getrandom is broken. It has an uninitialized phase coupled with blocking behaviour, which is unacceptable from within a library at boot time without possible recovery. ok deraadt@ jsing@
7 years ago
Demonstrate how new linux getrandom() will be called, at least until it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
10 years ago
only build the getrandom path if SYS_getrandom is defined. like the sysctl path
10 years ago
Demonstrate how new linux getrandom() will be called, at least until it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
protect sysctl path with SYS__sysctl instead; from enh@google, ok bcook
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
KNF
10 years ago
fix typo in comment; ok beck
8 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
KNF
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
comment fixes from theo
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
protect sysctl path with SYS__sysctl instead; from enh@google, ok bcook
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
KNF
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
Switch Linux getrandom() usage to non-blocking mode, continuing to use fallback mechanims if unsuccessful. The design of Linux getrandom is broken. It has an uninitialized phase coupled with blocking behaviour, which is unacceptable from within a library at boot time without possible recovery. ok deraadt@ jsing@
7 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
remove gratuitous differences, ok beck bcook
10 years ago
rearrange so that the main function with the important comments is at the top ok deraadt@ beck@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
ensure SYS_getrandom and GRND_NONBLOCK are both defined before using getrandom(2) Based on discussion here https://github.com/libressl-portable/openbsd/pull/82 Suggested fix from jsing@
6 years ago
Demonstrate how new linux getrandom() will be called, at least until it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
10 years ago
preserve errno value on success. If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
10 years ago
getrandom(2) support for getentropy_linux This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
10 years ago
Demonstrate how new linux getrandom() will be called, at least until it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
10 years ago
getrandom(2) support for getentropy_linux This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
10 years ago
Switch Linux getrandom() usage to non-blocking mode, continuing to use fallback mechanims if unsuccessful. The design of Linux getrandom is broken. It has an uninitialized phase coupled with blocking behaviour, which is unacceptable from within a library at boot time without possible recovery. ok deraadt@ jsing@
7 years ago
getrandom(2) support for getentropy_linux This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
10 years ago
preserve errno value on success. If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
10 years ago
Demonstrate how new linux getrandom() will be called, at least until it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
10 years ago
only build the getrandom path if SYS_getrandom is defined. like the sysctl path
10 years ago
Demonstrate how new linux getrandom() will be called, at least until it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
O_NOFOLLOW would be very nice to have here if the version of linux we are running supports it. from enh@google.com
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
O_NOFOLLOW would be very nice to have here if the version of linux we are running supports it. from enh@google.com
10 years ago
remove gratuitous differences, ok beck bcook
10 years ago
O_NOFOLLOW would be very nice to have here if the version of linux we are running supports it. from enh@google.com
10 years ago
remove gratuitous differences, ok beck bcook
10 years ago
O_NOFOLLOW would be very nice to have here if the version of linux we are running supports it. from enh@google.com
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
remove gratuitous differences, ok beck bcook
10 years ago
O_NOFOLLOW would be very nice to have here if the version of linux we are running supports it. from enh@google.com
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
indent
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
O_NOFOLLOW would be very nice to have here if the version of linux we are running supports it. from enh@google.com
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Backport getentropy changes from deraadt@ on MAIN Saw a mention somewhere a while back that the gotdata() function in here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
5 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unify files further
9 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
protect sysctl path with SYS__sysctl instead; from enh@google, ok bcook
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
cast from void * before math; enh@google
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Backport getentropy changes from deraadt@ on MAIN Saw a mention somewhere a while back that the gotdata() function in here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
5 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unify files further
9 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
protect sysctl path with SYS__sysctl instead; from enh@google, ok bcook
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unify versions, so they are easier to diff.
9 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Use dl_iterate_phdr() to iterate over the segments and throw the addresses into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
10 years ago
unify files further
9 years ago
Use dl_iterate_phdr() to iterate over the segments and throw the addresses into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repeat calls to getentrypy() with the same pid likely indicate reseeds. Since we assume the PRNG above is doing "something old, something new" folding, shortcut and do fewer repeats through the timing loop. ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repeat calls to getentrypy() with the same pid likely indicate reseeds. Since we assume the PRNG above is doing "something old, something new" folding, shortcut and do fewer repeats through the timing loop. ok beck
10 years ago
unbreak last commit - but same intent, make re-seed less expensive
10 years ago
repeat calls to getentrypy() with the same pid likely indicate reseeds. Since we assume the PRNG above is doing "something old, something new" folding, shortcut and do fewer repeats through the timing loop. ok beck
10 years ago
unbreak last commit - but same intent, make re-seed less expensive
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
j should be an int, like repeat
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unbreak last commit - but same intent, make re-seed less expensive
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
KNF
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
fix oops, accidental delete.. darn copying of files between machines
10 years ago
KNF
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Use dl_iterate_phdr() to iterate over the segments and throw the addresses into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
10 years ago
KNF
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unbreak last commit - but same intent, make re-seed less expensive
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
KNF
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
unbreak build of getentropy_sysctl - we need linux/sysctl.h, and RANDOM_UUID is an enum member.
10 years ago
repair indentation for an inner loop; shorten some macros and variable names to shorten line lengths ok beck
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on older Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
10 years ago
Possibly obtain a little bit of entropy from addresses returned by getauxval if we have it. ok deraadt@
10 years ago
get the page of data at AT_SYSINFO_EHDR ok deraadt@
10 years ago
Possibly obtain a little bit of entropy from addresses returned by getauxval if we have it. ok deraadt@
10 years ago
fix HD() misuse; from brent cook
10 years ago
Only call getauxval(3) if HAVE_GETAUXVAL is defined. Fixes build on older Linux (such as Ubuntu 12.04LTS) that don't have it yet. Seems the AT_XXX defines are pulled in by <link.h> now. ok beck@
10 years ago
Possibly obtain a little bit of entropy from addresses returned by getauxval if we have it. ok deraadt@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Remove signed/unsigned warning, statement before declaration and add a function to use function pointers that does not take sizeof(fptr). OK beck@
10 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
Use explicit_bzero() instead of memset() on buffers going out of scope. Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
10 years ago
Backport getentropy changes from deraadt@ on MAIN Saw a mention somewhere a while back that the gotdata() function in here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
5 years ago
Work in progress on how to deal with the inherit unreliability of /dev/urandom. Does well in the fallback case. Get it in tree so it can be worked on. ok otto@ deraadt@
10 years ago
 
  1. /*	$OpenBSD: getentropy_linux.c,v 1.45.4.1 2018/12/15 15:10:12 bcook Exp $	*/
  2. 

  3. /*

  4.  * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
  5.  * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
  6.  *
  7.  * Permission to use, copy, modify, and distribute this software for any
  8.  * purpose with or without fee is hereby granted, provided that the above
  9.  * copyright notice and this permission notice appear in all copies.
  10.  *
  11.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  12.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  13.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  14.  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  15.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  16.  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  17.  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  18.  *
  19.  * Emulation of getentropy(2) as documented at:
  20.  * http://man.openbsd.org/getentropy.2

  21.  */
  22. 

  23. #define	_POSIX_C_SOURCE	199309L

  24. #define	_GNU_SOURCE	1

  25. #include <sys/types.h>

  26. #include <sys/param.h>

  27. #include <sys/ioctl.h>

  28. #include <sys/resource.h>

  29. #include <sys/syscall.h>

  30. #ifdef SYS__sysctl

  31. #include <linux/sysctl.h>

  32. #endif

  33. #include <sys/statvfs.h>

  34. #include <sys/socket.h>

  35. #include <sys/mount.h>

  36. #include <sys/mman.h>

  37. #include <sys/stat.h>

  38. #include <sys/time.h>

  39. #include <stdlib.h>

  40. #include <stdint.h>

  41. #include <stdio.h>

  42. #include <link.h>

  43. #include <termios.h>

  44. #include <fcntl.h>

  45. #include <signal.h>

  46. #include <string.h>

  47. #include <errno.h>

  48. #include <unistd.h>

  49. #include <time.h>

  50. #include <openssl/sha.h>

  51. 

  52. #include <linux/types.h>

  53. #include <linux/random.h>

  54. #ifdef HAVE_GETAUXVAL

  55. #include <sys/auxv.h>

  56. #endif

  57. #include <sys/vfs.h>

  58. 

  59. #define REPEAT 5

  60. #define min(a, b) (((a) < (b)) ? (a) : (b))

  61. 

  62. #define HX(a, b) \

  63. 	do { \
  64. 		if ((a)) \
  65. 			HD(errno); \
  66. 		else \
  67. 			HD(b); \
  68. 	} while (0)
  69. 

  70. #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))

  71. #define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))

  72. #define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))

  73. 

  74. int	getentropy(void *buf, size_t len);
  75. 

  76. #if defined(SYS_getrandom) && defined(GRND_NONBLOCK)

  77. static int getentropy_getrandom(void *buf, size_t len);
  78. #endif

  79. static int getentropy_urandom(void *buf, size_t len);
  80. #ifdef SYS__sysctl

  81. static int getentropy_sysctl(void *buf, size_t len);
  82. #endif

  83. static int getentropy_fallback(void *buf, size_t len);
  84. static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
  85. 

  86. int
  87. getentropy(void *buf, size_t len)
  88. {
  89. 	int ret = -1;
  90. 

  91. 	if (len > 256) {
  92. 		errno = EIO;
  93. 		return (-1);
  94. 	}
  95. 

  96. #if defined(SYS_getrandom) && defined(GRND_NONBLOCK)

  97. 	/*

  98. 	 * Try descriptor-less getrandom(), in non-blocking mode.
  99. 	 *
  100. 	 * The design of Linux getrandom is broken.  It has an
  101. 	 * uninitialized phase coupled with blocking behaviour, which
  102. 	 * is unacceptable from within a library at boot time without
  103. 	 * possible recovery. See http://bugs.python.org/issue26839#msg267745

  104. 	 */
  105. 	ret = getentropy_getrandom(buf, len);
  106. 	if (ret != -1)
  107. 		return (ret);
  108. #endif

  109. 

  110. 	/*

  111. 	 * Try to get entropy with /dev/urandom
  112. 	 *
  113. 	 * This can fail if the process is inside a chroot or if file
  114. 	 * descriptors are exhausted.
  115. 	 */
  116. 	ret = getentropy_urandom(buf, len);
  117. 	if (ret != -1)
  118. 		return (ret);
  119. 

  120. #ifdef SYS__sysctl

  121. 	/*

  122. 	 * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
  123. 	 * sysctl is a failsafe API, so it guarantees a result.  This
  124. 	 * should work inside a chroot, or when file descriptors are
  125. 	 * exhausted.
  126. 	 *
  127. 	 * However this can fail if the Linux kernel removes support
  128. 	 * for sysctl.  Starting in 2007, there have been efforts to
  129. 	 * deprecate the sysctl API/ABI, and push callers towards use
  130. 	 * of the chroot-unavailable fd-using /proc mechanism --
  131. 	 * essentially the same problems as /dev/urandom.
  132. 	 *
  133. 	 * Numerous setbacks have been encountered in their deprecation
  134. 	 * schedule, so as of June 2014 the kernel ABI still exists on
  135. 	 * most Linux architectures. The sysctl() stub in libc is missing
  136. 	 * on some systems.  There are also reports that some kernels
  137. 	 * spew messages to the console.
  138. 	 */
  139. 	ret = getentropy_sysctl(buf, len);
  140. 	if (ret != -1)
  141. 		return (ret);
  142. #endif /* SYS__sysctl */

  143. 

  144. 	/*

  145. 	 * Entropy collection via /dev/urandom and sysctl have failed.
  146. 	 *
  147. 	 * No other API exists for collecting entropy.  See the large
  148. 	 * comment block above.
  149. 	 *
  150. 	 * We have very few options:
  151. 	 *     - Even syslog_r is unsafe to call at this low level, so
  152. 	 *	 there is no way to alert the user or program.
  153. 	 *     - Cannot call abort() because some systems have unsafe
  154. 	 *	 corefiles.
  155. 	 *     - Could raise(SIGKILL) resulting in silent program termination.
  156. 	 *     - Return EIO, to hint that arc4random's stir function
  157. 	 *       should raise(SIGKILL)
  158. 	 *     - Do the best under the circumstances....
  159. 	 *
  160. 	 * This code path exists to bring light to the issue that Linux
  161. 	 * still does not provide a failsafe API for entropy collection.
  162. 	 *
  163. 	 * We hope this demonstrates that Linux should either retain their
  164. 	 * sysctl ABI, or consider providing a new failsafe API which
  165. 	 * works in a chroot or when file descriptors are exhausted.
  166. 	 */
  167. #undef FAIL_INSTEAD_OF_TRYING_FALLBACK

  168. #ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK

  169. 	raise(SIGKILL);
  170. #endif

  171. 	ret = getentropy_fallback(buf, len);
  172. 	if (ret != -1)
  173. 		return (ret);
  174. 

  175. 	errno = EIO;
  176. 	return (ret);
  177. }
  178. 

  179. #if defined(SYS_getrandom) && defined(GRND_NONBLOCK)

  180. static int
  181. getentropy_getrandom(void *buf, size_t len)
  182. {
  183. 	int pre_errno = errno;
  184. 	int ret;
  185. 	if (len > 256)
  186. 		return (-1);
  187. 	do {
  188. 		ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK);
  189. 	} while (ret == -1 && errno == EINTR);
  190. 

  191. 	if (ret != len)
  192. 		return (-1);
  193. 	errno = pre_errno;
  194. 	return (0);
  195. }
  196. #endif

  197. 

  198. static int
  199. getentropy_urandom(void *buf, size_t len)
  200. {
  201. 	struct stat st;
  202. 	size_t i;
  203. 	int fd, cnt, flags;
  204. 	int save_errno = errno;
  205. 

  206. start:
  207. 

  208. 	flags = O_RDONLY;
  209. #ifdef O_NOFOLLOW

  210. 	flags |= O_NOFOLLOW;
  211. #endif

  212. #ifdef O_CLOEXEC

  213. 	flags |= O_CLOEXEC;
  214. #endif

  215. 	fd = open("/dev/urandom", flags, 0);
  216. 	if (fd == -1) {
  217. 		if (errno == EINTR)
  218. 			goto start;
  219. 		goto nodevrandom;
  220. 	}
  221. #ifndef O_CLOEXEC

  222. 	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
  223. #endif

  224. 

  225. 	/* Lightly verify that the device node looks sane */
  226. 	if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
  227. 		close(fd);
  228. 		goto nodevrandom;
  229. 	}
  230. 	if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) {
  231. 		close(fd);
  232. 		goto nodevrandom;
  233. 	}
  234. 	for (i = 0; i < len; ) {
  235. 		size_t wanted = len - i;
  236. 		ssize_t ret = read(fd, (char *)buf + i, wanted);
  237. 

  238. 		if (ret == -1) {
  239. 			if (errno == EAGAIN || errno == EINTR)
  240. 				continue;
  241. 			close(fd);
  242. 			goto nodevrandom;
  243. 		}
  244. 		i += ret;
  245. 	}
  246. 	close(fd);
  247. 	errno = save_errno;
  248. 	return (0);		/* satisfied */
  249. nodevrandom:
  250. 	errno = EIO;
  251. 	return (-1);
  252. }
  253. 

  254. #ifdef SYS__sysctl

  255. static int
  256. getentropy_sysctl(void *buf, size_t len)
  257. {
  258. 	static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
  259. 	size_t i;
  260. 	int save_errno = errno;
  261. 

  262. 	for (i = 0; i < len; ) {
  263. 		size_t chunk = min(len - i, 16);
  264. 

  265. 		/* SYS__sysctl because some systems already removed sysctl() */
  266. 		struct __sysctl_args args = {
  267. 			.name = mib,
  268. 			.nlen = 3,
  269. 			.oldval = (char *)buf + i,
  270. 			.oldlenp = &chunk,
  271. 		};
  272. 		if (syscall(SYS__sysctl, &args) != 0)
  273. 			goto sysctlfailed;
  274. 		i += chunk;
  275. 	}
  276. 	errno = save_errno;
  277. 	return (0);			/* satisfied */
  278. sysctlfailed:
  279. 	errno = EIO;
  280. 	return (-1);
  281. }
  282. #endif /* SYS__sysctl */

  283. 

  284. static const int cl[] = {
  285. 	CLOCK_REALTIME,
  286. #ifdef CLOCK_MONOTONIC

  287. 	CLOCK_MONOTONIC,
  288. #endif

  289. #ifdef CLOCK_MONOTONIC_RAW

  290. 	CLOCK_MONOTONIC_RAW,
  291. #endif

  292. #ifdef CLOCK_TAI

  293. 	CLOCK_TAI,
  294. #endif

  295. #ifdef CLOCK_VIRTUAL

  296. 	CLOCK_VIRTUAL,
  297. #endif

  298. #ifdef CLOCK_UPTIME

  299. 	CLOCK_UPTIME,
  300. #endif

  301. #ifdef CLOCK_PROCESS_CPUTIME_ID

  302. 	CLOCK_PROCESS_CPUTIME_ID,
  303. #endif

  304. #ifdef CLOCK_THREAD_CPUTIME_ID

  305. 	CLOCK_THREAD_CPUTIME_ID,
  306. #endif

  307. };
  308. 

  309. static int
  310. getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
  311. {
  312. 	SHA512_CTX *ctx = data;
  313. 

  314. 	SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
  315. 	return (0);
  316. }
  317. 

  318. static int
  319. getentropy_fallback(void *buf, size_t len)
  320. {
  321. 	uint8_t results[SHA512_DIGEST_LENGTH];
  322. 	int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
  323. 	static int cnt;
  324. 	struct timespec ts;
  325. 	struct timeval tv;
  326. 	struct rusage ru;
  327. 	sigset_t sigset;
  328. 	struct stat st;
  329. 	SHA512_CTX ctx;
  330. 	static pid_t lastpid;
  331. 	pid_t pid;
  332. 	size_t i, ii, m;
  333. 	char *p;
  334. 

  335. 	pid = getpid();
  336. 	if (lastpid == pid) {
  337. 		faster = 1;
  338. 		repeat = 2;
  339. 	} else {
  340. 		faster = 0;
  341. 		lastpid = pid;
  342. 		repeat = REPEAT;
  343. 	}
  344. 	for (i = 0; i < len; ) {
  345. 		int j;
  346. 		SHA512_Init(&ctx);
  347. 		for (j = 0; j < repeat; j++) {
  348. 			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
  349. 			if (e != -1) {
  350. 				cnt += (int)tv.tv_sec;
  351. 				cnt += (int)tv.tv_usec;
  352. 			}
  353. 

  354. 			dl_iterate_phdr(getentropy_phdr, &ctx);
  355. 

  356. 			for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
  357. 				HX(clock_gettime(cl[ii], &ts) == -1, ts);
  358. 

  359. 			HX((pid = getpid()) == -1, pid);
  360. 			HX((pid = getsid(pid)) == -1, pid);
  361. 			HX((pid = getppid()) == -1, pid);
  362. 			HX((pid = getpgid(0)) == -1, pid);
  363. 			HX((e = getpriority(0, 0)) == -1, e);
  364. 

  365. 			if (!faster) {
  366. 				ts.tv_sec = 0;
  367. 				ts.tv_nsec = 1;
  368. 				(void) nanosleep(&ts, NULL);
  369. 			}
  370. 

  371. 			HX(sigpending(&sigset) == -1, sigset);
  372. 			HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
  373. 			    sigset);
  374. 

  375. 			HF(getentropy);	/* an addr in this library */
  376. 			HF(printf);		/* an addr in libc */
  377. 			p = (char *)&p;
  378. 			HD(p);		/* an addr on stack */
  379. 			p = (char *)&errno;
  380. 			HD(p);		/* the addr of errno */
  381. 

  382. 			if (i == 0) {
  383. 				struct sockaddr_storage ss;
  384. 				struct statvfs stvfs;
  385. 				struct termios tios;
  386. 				struct statfs stfs;
  387. 				socklen_t ssl;
  388. 				off_t off;
  389. 

  390. 				/*

  391. 				 * Prime-sized mappings encourage fragmentation;
  392. 				 * thus exposing some address entropy.
  393. 				 */
  394. 				struct mm {
  395. 					size_t	npg;
  396. 					void	*p;
  397. 				} mm[] =	 {
  398. 					{ 17, MAP_FAILED }, { 3, MAP_FAILED },
  399. 					{ 11, MAP_FAILED }, { 2, MAP_FAILED },
  400. 					{ 5, MAP_FAILED }, { 3, MAP_FAILED },
  401. 					{ 7, MAP_FAILED }, { 1, MAP_FAILED },
  402. 					{ 57, MAP_FAILED }, { 3, MAP_FAILED },
  403. 					{ 131, MAP_FAILED }, { 1, MAP_FAILED },
  404. 				};
  405. 

  406. 				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
  407. 					HX(mm[m].p = mmap(NULL,
  408. 					    mm[m].npg * pgs,
  409. 					    PROT_READ|PROT_WRITE,
  410. 					    MAP_PRIVATE|MAP_ANON, -1,
  411. 					    (off_t)0), mm[m].p);
  412. 					if (mm[m].p != MAP_FAILED) {
  413. 						size_t mo;
  414. 

  415. 						/* Touch some memory... */
  416. 						p = mm[m].p;
  417. 						mo = cnt %
  418. 						    (mm[m].npg * pgs - 1);
  419. 						p[mo] = 1;
  420. 						cnt += (int)((long)(mm[m].p)
  421. 						    / pgs);
  422. 					}
  423. 

  424. 					/* Check cnts and times... */
  425. 					for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
  426. 					    ii++) {
  427. 						HX((e = clock_gettime(cl[ii],
  428. 						    &ts)) == -1, ts);
  429. 						if (e != -1)
  430. 							cnt += (int)ts.tv_nsec;
  431. 					}
  432. 

  433. 					HX((e = getrusage(RUSAGE_SELF,
  434. 					    &ru)) == -1, ru);
  435. 					if (e != -1) {
  436. 						cnt += (int)ru.ru_utime.tv_sec;
  437. 						cnt += (int)ru.ru_utime.tv_usec;
  438. 					}
  439. 				}
  440. 

  441. 				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
  442. 					if (mm[m].p != MAP_FAILED)
  443. 						munmap(mm[m].p, mm[m].npg * pgs);
  444. 					mm[m].p = MAP_FAILED;
  445. 				}
  446. 

  447. 				HX(stat(".", &st) == -1, st);
  448. 				HX(statvfs(".", &stvfs) == -1, stvfs);
  449. 				HX(statfs(".", &stfs) == -1, stfs);
  450. 

  451. 				HX(stat("/", &st) == -1, st);
  452. 				HX(statvfs("/", &stvfs) == -1, stvfs);
  453. 				HX(statfs("/", &stfs) == -1, stfs);
  454. 

  455. 				HX((e = fstat(0, &st)) == -1, st);
  456. 				if (e == -1) {
  457. 					if (S_ISREG(st.st_mode) ||
  458. 					    S_ISFIFO(st.st_mode) ||
  459. 					    S_ISSOCK(st.st_mode)) {
  460. 						HX(fstatvfs(0, &stvfs) == -1,
  461. 						    stvfs);
  462. 						HX(fstatfs(0, &stfs) == -1,
  463. 						    stfs);
  464. 						HX((off = lseek(0, (off_t)0,
  465. 						    SEEK_CUR)) < 0, off);
  466. 					}
  467. 					if (S_ISCHR(st.st_mode)) {
  468. 						HX(tcgetattr(0, &tios) == -1,
  469. 						    tios);
  470. 					} else if (S_ISSOCK(st.st_mode)) {
  471. 						memset(&ss, 0, sizeof ss);
  472. 						ssl = sizeof(ss);
  473. 						HX(getpeername(0,
  474. 						    (void *)&ss, &ssl) == -1,
  475. 						    ss);
  476. 					}
  477. 				}
  478. 

  479. 				HX((e = getrusage(RUSAGE_CHILDREN,
  480. 				    &ru)) == -1, ru);
  481. 				if (e != -1) {
  482. 					cnt += (int)ru.ru_utime.tv_sec;
  483. 					cnt += (int)ru.ru_utime.tv_usec;
  484. 				}
  485. 			} else {
  486. 				/* Subsequent hashes absorb previous result */
  487. 				HD(results);
  488. 			}
  489. 

  490. 			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
  491. 			if (e != -1) {
  492. 				cnt += (int)tv.tv_sec;
  493. 				cnt += (int)tv.tv_usec;
  494. 			}
  495. 

  496. 			HD(cnt);
  497. 		}
  498. #ifdef HAVE_GETAUXVAL

  499. #ifdef AT_RANDOM

  500. 		/* Not as random as you think but we take what we are given */
  501. 		p = (char *) getauxval(AT_RANDOM);
  502. 		if (p)
  503. 			HR(p, 16);
  504. #endif

  505. #ifdef AT_SYSINFO_EHDR

  506. 		p = (char *) getauxval(AT_SYSINFO_EHDR);
  507. 		if (p)
  508. 			HR(p, pgs);
  509. #endif

  510. #ifdef AT_BASE

  511. 		p = (char *) getauxval(AT_BASE);
  512. 		if (p)
  513. 			HD(p);
  514. #endif

  515. #endif

  516. 

  517. 		SHA512_Final(results, &ctx);
  518. 		memcpy((char *)buf + i, results, min(sizeof(results), len - i));
  519. 		i += min(sizeof(results), len - i);
  520. 	}
  521. 	explicit_bzero(&ctx, sizeof ctx);
  522. 	explicit_bzero(results, sizeof results);
  523. 	errno = save_errno;
  524. 	return (0);		/* satisfied */
  525. }