Release libbsd 0.8.1

Reuse the getentropy code for Linux on the Hurd, which has fallbacks
for when the better interfaces are not present. And remove all the code
that is not supported currently on the Hurd. Ideally the Hurd should
get an equivalent interfaces that does not suffer from the same
problems as /dev/urandom.

configure.ac

@@ -13,7 +13,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])],
 
 LIBBSD_ABI_MAJOR=0
 LIBBSD_ABI_MINOR=8
-LIBBSD_ABI_PATCH=0
+LIBBSD_ABI_PATCH=1
 
 LIBBSD_ABI="$LIBBSD_ABI_MAJOR:$LIBBSD_ABI_MINOR:$LIBBSD_ABI_PATCH"
 AC_SUBST([LIBBSD_ABI])

include/bsd/bsd.h

@@ -27,10 +27,12 @@
 #ifndef LIBBSD_H
 #define LIBBSD_H
 
+#ifdef LIBBSD_OVERLAY
+#warning "This header is meant to be used w/o the libbsd overlay."
+#else
 /*
  * Include all bsd compat headers.
  */
-
 #include <bsd/sys/cdefs.h>
 #include <bsd/sys/queue.h>
 #include <bsd/sys/tree.h>
@@ -40,5 +42,6 @@
 #include <bsd/err.h>
 #include <bsd/getopt.h>
 #include <bsd/md5.h>
+#endif
 
 #endif

include/bsd/err.h

@@ -34,7 +34,11 @@
 #ifndef LIBBSD_ERR_H
 #define LIBBSD_ERR_H
 
+#ifdef LIBBSD_OVERLAY
 #include <sys/cdefs.h>
+#else
+#include <bsd/sys/cdefs.h>
+#endif
 
 #include <stdarg.h>
 

include/bsd/md5.h

@@ -28,6 +28,7 @@ typedef struct MD5Context {
 } MD5_CTX;
 
 #include <sys/cdefs.h>
+#include <sys/types.h>
 
 __BEGIN_DECLS
 void	 MD5Init(MD5_CTX *);

include/bsd/sys/endian.h

@@ -1,6 +1,9 @@
 /*
  * Copyright © 2011 Guillem Jover <guillem@hadrons.org>
  *
+ * Copyright © 2002 Thomas Moestl <tmm@FreeBSD.org>
+ * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -9,19 +12,18 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
  *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
  */
 
 #ifdef LIBBSD_OVERLAY
@@ -49,32 +51,6 @@
 #define _PDP_ENDIAN __PDP_ENDIAN
 #endif
 
-/*
- * Copyright © 2002 Thomas Moestl <tmm@FreeBSD.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
 #include <stdint.h>
 
 /* Alignment-agnostic encode/decode bytestream to/from little/big endian. */

include/bsd/unistd.h

@@ -34,7 +34,11 @@
 #ifndef LIBBSD_UNISTD_H
 #define LIBBSD_UNISTD_H
 
+#ifdef LIBBSD_OVERLAY
 #include <sys/cdefs.h>
+#else
+#include <bsd/sys/cdefs.h>
+#endif
 #include <sys/stat.h>
 
 #ifndef S_ISTXT

src/Makefile.am

@@ -12,6 +12,7 @@ libbsd_la_included_sources = \
 	getentropy_aix.c \
 	getentropy_bsd.c \
 	getentropy_hpux.c \
+	getentropy_hurd.c \
 	getentropy_linux.c \
 	getentropy_osx.c \
 	getentropy_solaris.c \
@@ -57,8 +58,6 @@ libbsd_la_LDFLAGS = \
 libbsd_la_SOURCES = \
 	arc4random.c \
 	arc4random.h \
-	arc4random_bsd.h \
-	arc4random_linux.h \
 	arc4random_unix.h \
 	arc4random_openbsd.h \
 	arc4random_uniform.c \

src/arc4random.h

@@ -1,3 +1,29 @@
+/*
+ * Copyright © 2015 Guillem Jover <guillem@hadrons.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
 #ifndef LIBBSD_ARC4RANDOM_H
 #define LIBBSD_ARC4RANDOM_H
 
@@ -6,24 +32,10 @@
 int
 getentropy(void *buf, size_t len);
 
-#if defined(__linux__)
-#include "arc4random_linux.h"
-#elif defined(__FreeBSD__)
-#include "arc4random_bsd.h"
-#elif defined(__NetBSD__)
-#include "arc4random_bsd.h"
-#elif defined(__OpenBSD__)
+#if defined(__OpenBSD__)
 #include "arc4random_openbsd.h"
-#elif defined(__sun)
-#include "arc4random_unix.h"
-#elif defined(__APPLE__)
-#include "arc4random_unix.h"
-#elif defined(_AIX)
-#include "arc4random_unix.h"
-#elif defined(__hpux)
-#include "arc4random_unix.h"
 #else
-#error "No arc4random hooks defined for this platform."
+#include "arc4random_unix.h"
 #endif
 
 #endif

src/arc4random_bsd.h

@@ -1,86 +0,0 @@
-/*	$OpenBSD: arc4random_freebsd.h,v 1.2 2015/01/15 06:57:18 deraadt Exp $	*/
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-/*
- * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
- * a program does not link to -lthr. Callbacks registered with pthread_atfork()
- * appear to fail silently. So, it is not always possible to detect a PID
- * wraparound.
- */
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
-	raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-	_rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-	static pid_t _rs_pid = 0;
-	pid_t pid = getpid();
-
-	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
-		_rs_pid = pid;
-		_rs_forked = 0;
-		if (rs)
-			memset(rs, 0, sizeof(*rs));
-	}
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-		return (-1);
-
-	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-		munmap(*rsp, sizeof(**rsp));
-		return (-1);
-	}
-
-	_ARC4_ATFORK(_rs_forkhandler);
-	return (0);
-}

src/arc4random_linux.h

@@ -1,86 +0,0 @@
-/*	$OpenBSD: arc4random_linux.h,v 1.8 2014/08/13 06:04:10 deraadt Exp $	*/
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#ifdef __GLIBC__
-extern void *__dso_handle;
-extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
-#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle)
-#else
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-#endif
-
-static inline void
-_getentropy_fail(void)
-{
-	raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-	_rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-	static pid_t _rs_pid = 0;
-	pid_t pid = getpid();
-
-	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
-		_rs_pid = pid;
-		_rs_forked = 0;
-		if (rs)
-			memset(rs, 0, sizeof(*rs));
-	}
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-		return (-1);
-
-	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-		munmap(*rsp, sizeof(**rsp));
-		return (-1);
-	}
-
-	_ARC4_ATFORK(_rs_forkhandler);
-	return (0);
-}

src/arc4random_unix.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random_hpux.h,v 1.1 2015/01/06 21:08:11 bcook Exp $	*/
+/*	$OpenBSD: arc4random_linux.h,v 1.8 2014/08/13 06:04:10 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -32,7 +32,19 @@ static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
 #define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
 #define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
 
+#ifdef __GLIBC__
+extern void *__dso_handle;
+extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
+#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle)
+#else
+/*
+ * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
+ * a program does not link to -lthr. Callbacks registered with pthread_atfork()
+ * appear to fail silently. So, it is not always possible to detect a PID
+ * wraparound.
+ */
 #define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
+#endif
 
 static inline void
 _getentropy_fail(void)

src/closefrom.c

@@ -136,7 +136,7 @@ closefrom_procfs(int lowfd)
 	int i;
 
 	/* Use /proc/self/fd (or /dev/fd on FreeBSD) if it exists. */
-# if defined(__FreeBSD__) || defined(__APPLE__)
+# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__)
 	path = "/dev/fd";
 # else
 	path = "/proc/self/fd";

src/getentropy.c

@@ -26,18 +26,20 @@
 
 #if defined(__linux__)
 #include "getentropy_linux.c"
-#elif defined(__FreeBSD__)
-#include "arc4random_bsd.c"
+#elif defined(__GNU__)
+#include "getentropy_hurd.c"
+#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+#include "getentropy_bsd.c"
 #elif defined(__NetBSD__)
-#include "arc4random_bsd.c"
+#include "getentropy_bsd.c"
 #elif defined(__sun)
-#include "arc4random_solaris.c"
+#include "getentropy_solaris.c"
 #elif defined(__APPLE__)
-#include "arc4random_osx.c"
+#include "getentropy_osx.c"
 #elif defined(_AIX)
-#include "arc4random_aix.c"
+#include "getentropy_aix.c"
 #elif defined(__hpux)
-#include "arc4random_hpux.c"
+#include "getentropy_hpux.c"
 #else
 #error "No getentropy hooks defined for this platform."
 #endif

src/getentropy_aix.c

@@ -39,7 +39,7 @@
 #include <string.h>
 #include <termios.h>
 
-#include <openssl/sha.h>
+#include "hash/sha512.h"
 
 #include <libperfstat.h>
 

src/getentropy_hpux.c

@@ -41,7 +41,8 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <openssl/sha.h>
+
+#include "hash/sha512.h"
 
 #include <sys/vfs.h>
 

src/getentropy_hurd.c

@@ -0,0 +1,446 @@
+/*	$OpenBSD: getentropy_linux.c,v 1.40 2015/08/25 17:26:43 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+ * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
+ */
+
+#define	_POSIX_C_SOURCE	199309L
+#define	_GNU_SOURCE	1
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/resource.h>
+#include <sys/syscall.h>
+#include <sys/statvfs.h>
+#include <sys/socket.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <link.h>
+#include <termios.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+
+#include "hash/sha512.h"
+
+#ifdef HAVE_GETAUXVAL
+#include <sys/auxv.h>
+#endif
+#include <sys/vfs.h>
+
+#define REPEAT 5
+#define min(a, b) (((a) < (b)) ? (a) : (b))
+
+#define HX(a, b) \
+	do { \
+		if ((a)) \
+			HD(errno); \
+		else \
+			HD(b); \
+	} while (0)
+
+#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
+#define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
+#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
+
+int	getentropy(void *buf, size_t len);
+
+static int gotdata(char *buf, size_t len);
+static int getentropy_urandom(void *buf, size_t len);
+static int getentropy_fallback(void *buf, size_t len);
+static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
+
+int
+getentropy(void *buf, size_t len)
+{
+	int ret = -1;
+
+	if (len > 256) {
+		errno = EIO;
+		return (-1);
+	}
+
+	/*
+	 * Try to get entropy with /dev/urandom
+	 *
+	 * This can fail if the process is inside a chroot or if file
+	 * descriptors are exhausted.
+	 */
+	ret = getentropy_urandom(buf, len);
+	if (ret != -1)
+		return (ret);
+
+	/*
+	 * Entropy collection via /dev/urandom has failed.
+	 *
+	 * No other API exists for collecting entropy.  See the large
+	 * comment block above.
+	 *
+	 * We have very few options:
+	 *     - Even syslog_r is unsafe to call at this low level, so
+	 *	 there is no way to alert the user or program.
+	 *     - Cannot call abort() because some systems have unsafe
+	 *	 corefiles.
+	 *     - Could raise(SIGKILL) resulting in silent program termination.
+	 *     - Return EIO, to hint that arc4random's stir function
+	 *       should raise(SIGKILL)
+	 *     - Do the best under the circumstances....
+	 *
+	 * This code path exists to bring light to the issue that Hurd
+	 * does not provide a failsafe API for entropy collection.
+	 *
+	 * We hope this demonstrates that Hurd should either get a
+	 * sysctl ABI, or consider providing a new failsafe API which
+	 * works in a chroot or when file descriptors are exhausted.
+	 */
+#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
+#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+	raise(SIGKILL);
+#endif
+	ret = getentropy_fallback(buf, len);
+	if (ret != -1)
+		return (ret);
+
+	errno = EIO;
+	return (ret);
+}
+
+/*
+ * Basic sanity checking; wish we could do better.
+ */
+static int
+gotdata(char *buf, size_t len)
+{
+	char	any_set = 0;
+	size_t	i;
+
+	for (i = 0; i < len; ++i)
+		any_set |= buf[i];
+	if (any_set == 0)
+		return (-1);
+	return (0);
+}
+
+static int
+getentropy_urandom(void *buf, size_t len)
+{
+	struct stat st;
+	size_t i;
+	int fd, flags;
+	int save_errno = errno;
+
+start:
+
+	flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+	flags |= O_NOFOLLOW;
+#endif
+#ifdef O_CLOEXEC
+	flags |= O_CLOEXEC;
+#endif
+	fd = open("/dev/urandom", flags, 0);
+	if (fd == -1) {
+		if (errno == EINTR)
+			goto start;
+		goto nodevrandom;
+	}
+#ifndef O_CLOEXEC
+	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#endif
+
+	/* Lightly verify that the device node looks sane */
+	if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
+		close(fd);
+		goto nodevrandom;
+	}
+	for (i = 0; i < len; ) {
+		size_t wanted = len - i;
+		ssize_t ret = read(fd, (char *)buf + i, wanted);
+
+		if (ret == -1) {
+			if (errno == EAGAIN || errno == EINTR)
+				continue;
+			close(fd);
+			goto nodevrandom;
+		}
+		i += ret;
+	}
+	close(fd);
+	if (gotdata(buf, len) == 0) {
+		errno = save_errno;
+		return (0);		/* satisfied */
+	}
+nodevrandom:
+	errno = EIO;
+	return (-1);
+}
+
+static const int cl[] = {
+	CLOCK_REALTIME,
+#ifdef CLOCK_MONOTONIC
+	CLOCK_MONOTONIC,
+#endif
+#ifdef CLOCK_MONOTONIC_RAW
+	CLOCK_MONOTONIC_RAW,
+#endif
+#ifdef CLOCK_TAI
+	CLOCK_TAI,
+#endif
+#ifdef CLOCK_VIRTUAL
+	CLOCK_VIRTUAL,
+#endif
+#ifdef CLOCK_UPTIME
+	CLOCK_UPTIME,
+#endif
+#ifdef CLOCK_PROCESS_CPUTIME_ID
+	CLOCK_PROCESS_CPUTIME_ID,
+#endif
+#ifdef CLOCK_THREAD_CPUTIME_ID
+	CLOCK_THREAD_CPUTIME_ID,
+#endif
+};
+
+static int
+getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
+{
+	SHA512_CTX *ctx = data;
+
+	SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
+	return (0);
+}
+
+static int
+getentropy_fallback(void *buf, size_t len)
+{
+	uint8_t results[SHA512_DIGEST_LENGTH];
+	int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
+	static int cnt;
+	struct timespec ts;
+	struct timeval tv;
+	struct rusage ru;
+	sigset_t sigset;
+	struct stat st;
+	SHA512_CTX ctx;
+	static pid_t lastpid;
+	pid_t pid;
+	size_t i, ii, m;
+	char *p;
+
+	pid = getpid();
+	if (lastpid == pid) {
+		faster = 1;
+		repeat = 2;
+	} else {
+		faster = 0;
+		lastpid = pid;
+		repeat = REPEAT;
+	}
+	for (i = 0; i < len; ) {
+		int j;
+		SHA512_Init(&ctx);
+		for (j = 0; j < repeat; j++) {
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			dl_iterate_phdr(getentropy_phdr, &ctx);
+
+			for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
+				HX(clock_gettime(cl[ii], &ts) == -1, ts);
+
+			HX((pid = getpid()) == -1, pid);
+			HX((pid = getsid(pid)) == -1, pid);
+			HX((pid = getppid()) == -1, pid);
+			HX((pid = getpgid(0)) == -1, pid);
+			HX((e = getpriority(0, 0)) == -1, e);
+
+			if (!faster) {
+				ts.tv_sec = 0;
+				ts.tv_nsec = 1;
+				(void) nanosleep(&ts, NULL);
+			}
+
+			HX(sigpending(&sigset) == -1, sigset);
+			HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
+			    sigset);
+
+			HF(getentropy);	/* an addr in this library */
+			HF(printf);		/* an addr in libc */
+			p = (char *)&p;
+			HD(p);		/* an addr on stack */
+			p = (char *)&errno;
+			HD(p);		/* the addr of errno */
+
+			if (i == 0) {
+				struct sockaddr_storage ss;
+				struct statvfs stvfs;
+				struct termios tios;
+				struct statfs stfs;
+				socklen_t ssl;
+				off_t off;
+
+				/*
+				 * Prime-sized mappings encourage fragmentation;
+				 * thus exposing some address entropy.
+				 */
+				struct mm {
+					size_t	npg;
+					void	*p;
+				} mm[] =	 {
+					{ 17, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 11, MAP_FAILED }, { 2, MAP_FAILED },
+					{ 5, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 7, MAP_FAILED }, { 1, MAP_FAILED },
+					{ 57, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 131, MAP_FAILED }, { 1, MAP_FAILED },
+				};
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					HX(mm[m].p = mmap(NULL,
+					    mm[m].npg * pgs,
+					    PROT_READ|PROT_WRITE,
+					    MAP_PRIVATE|MAP_ANON, -1,
+					    (off_t)0), mm[m].p);
+					if (mm[m].p != MAP_FAILED) {
+						size_t mo;
+
+						/* Touch some memory... */
+						p = mm[m].p;
+						mo = cnt %
+						    (mm[m].npg * pgs - 1);
+						p[mo] = 1;
+						cnt += (int)((long)(mm[m].p)
+						    / pgs);
+					}
+
+					/* Check cnts and times... */
+					for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
+					    ii++) {
+						HX((e = clock_gettime(cl[ii],
+						    &ts)) == -1, ts);
+						if (e != -1)
+							cnt += (int)ts.tv_nsec;
+					}
+
+					HX((e = getrusage(RUSAGE_SELF,
+					    &ru)) == -1, ru);
+					if (e != -1) {
+						cnt += (int)ru.ru_utime.tv_sec;
+						cnt += (int)ru.ru_utime.tv_usec;
+					}
+				}
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					if (mm[m].p != MAP_FAILED)
+						munmap(mm[m].p, mm[m].npg * pgs);
+					mm[m].p = MAP_FAILED;
+				}
+
+				HX(stat(".", &st) == -1, st);
+				HX(statvfs(".", &stvfs) == -1, stvfs);
+				HX(statfs(".", &stfs) == -1, stfs);
+
+				HX(stat("/", &st) == -1, st);
+				HX(statvfs("/", &stvfs) == -1, stvfs);
+				HX(statfs("/", &stfs) == -1, stfs);
+
+				HX((e = fstat(0, &st)) == -1, st);
+				if (e == -1) {
+					if (S_ISREG(st.st_mode) ||
+					    S_ISFIFO(st.st_mode) ||
+					    S_ISSOCK(st.st_mode)) {
+						HX(fstatvfs(0, &stvfs) == -1,
+						    stvfs);
+						HX(fstatfs(0, &stfs) == -1,
+						    stfs);
+						HX((off = lseek(0, (off_t)0,
+						    SEEK_CUR)) < 0, off);
+					}
+					if (S_ISCHR(st.st_mode)) {
+						HX(tcgetattr(0, &tios) == -1,
+						    tios);
+					} else if (S_ISSOCK(st.st_mode)) {
+						memset(&ss, 0, sizeof ss);
+						ssl = sizeof(ss);
+						HX(getpeername(0,
+						    (void *)&ss, &ssl) == -1,
+						    ss);
+					}
+				}
+
+				HX((e = getrusage(RUSAGE_CHILDREN,
+				    &ru)) == -1, ru);
+				if (e != -1) {
+					cnt += (int)ru.ru_utime.tv_sec;
+					cnt += (int)ru.ru_utime.tv_usec;
+				}
+			} else {
+				/* Subsequent hashes absorb previous result */
+				HD(results);
+			}
+
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			HD(cnt);
+		}
+#ifdef HAVE_GETAUXVAL
+#ifdef AT_RANDOM
+		/* Not as random as you think but we take what we are given */
+		p = (char *) getauxval(AT_RANDOM);
+		if (p)
+			HR(p, 16);
+#endif
+#ifdef AT_SYSINFO_EHDR
+		p = (char *) getauxval(AT_SYSINFO_EHDR);
+		if (p)
+			HR(p, pgs);
+#endif
+#ifdef AT_BASE
+		p = (char *) getauxval(AT_BASE);
+		if (p)
+			HD(p);
+#endif
+#endif
+
+		SHA512_Final(results, &ctx);
+		memcpy((char *)buf + i, results, min(sizeof(results), len - i));
+		i += min(sizeof(results), len - i);
+	}
+	explicit_bzero(&ctx, sizeof ctx);
+	explicit_bzero(results, sizeof results);
+	if (gotdata(buf, len) == 0) {
+		errno = save_errno;
+		return (0);		/* satisfied */
+	}
+	errno = EIO;
+	return (-1);
+}

src/getentropy_linux.c

@@ -47,7 +47,8 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <openssl/sha.h>
+
+#include "hash/sha512.h"
 
 #include <linux/types.h>
 #include <linux/random.h>

src/hash/sha512.h

@@ -31,6 +31,8 @@
 
 #include <sys/types.h>
 
+#define SHA512_DIGEST_LENGTH		64
+
 typedef struct SHA512Context {
 	uint64_t state[8];
 	uint64_t count[2];

test/.gitignore

@@ -6,7 +6,7 @@ fgetln
 funopen
 fparseln
 fpurge
-headers
+headers-gen.c
 humanize
 overlay
 proctitle-init

test/Makefile.am

@@ -1,16 +1,35 @@
 ## Process this file with automake to produce Makefile.in
 
-AM_CPPFLAGS = \
+HEADERS_CPPFLAGS = \
 	-I$(top_builddir) \
-	-isystem $(top_srcdir)/include/bsd/ \
 	-include $(top_builddir)/config.h \
-	-DLIBBSD_OVERLAY -DLIBBSD_DISABLE_DEPRECATED \
+	-DLIBBSD_DISABLE_DEPRECATED \
 	-D__REENTRANT
 
+AM_CPPFLAGS = \
+	-isystem $(top_srcdir)/include/bsd/ \
+	$(HEADERS_CPPFLAGS) \
+	-DLIBBSD_OVERLAY
+
+AM_TESTS_ENVIRONMENT = \
+	export CC="$(CC)"; \
+	export CPPFLAGS="$(HEADERS_CPPFLAGS)"; \
+	export top_srcdir="$(top_srcdir)"; \
+	$(nil)
+
 LDADD = $(top_builddir)/src/libbsd.la
 
+EXTRA_DIST = \
+	headers-overlay.sh \
+	headers-system.sh \
+	$(nil)
+
+check_SCRIPTS = \
+	headers-overlay.sh \
+	headers-system.sh \
+	$(nil)
+
 check_PROGRAMS = \
-	headers \
 	overlay \
 	bzero \
 	closefrom \
@@ -47,4 +66,4 @@ fparseln_SOURCES = test-stream.c test-stream.h fparseln.c
 proctitle_init_SOURCES = proctitle.c
 proctitle_init_CPPFLAGS = $(AM_CPPFLAGS) -DTEST_USE_SETPROCTITLE_INIT=1
 
-TESTS = $(check_PROGRAMS)
+TESTS = $(check_SCRIPTS) $(check_PROGRAMS)

test/headers-overlay.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+run()
+{
+  echo "$@"
+  "$@"
+}
+
+incdir="${top_srcdir}/include/bsd"
+CPPFLAGS="$CPPFLAGS -DLIBBSD_OVERLAY"
+
+for inc in $(cd $incdir; find -name '*.h' | sort | cut -c3-); do
+  cat >headers-gen.c <<SOURCE
+#include <$inc>
+int main() { return 0; }
+SOURCE
+
+  echo "testing header $inc"
+  run $CC -isystem "$incdir" $CPPFLAGS headers-gen.c -o /dev/null
+  echo
+
+  rm -f headers-gen*
+done

test/headers-system.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+run()
+{
+  echo "$@"
+  "$@"
+}
+
+incdir="${top_srcdir}/include"
+
+for inc in $(cd $incdir; find -name '*.h' | sort | cut -c3-); do
+  cat >headers-gen.c <<SOURCE
+#include <$inc>
+int main() { return 0; }
+SOURCE
+
+  echo "testing header $inc"
+  run $CC -isystem "$incdir" $CPPFLAGS headers-gen.c -o /dev/null
+  echo
+
+  rm -f headers-gen.*
+done

test/headers.c

@@ -1,25 +0,0 @@
-/* Check that all libbsd overlayed headers preprocess. */
-#include <sys/cdefs.h>
-#include <sys/endian.h>
-#include <sys/bitstring.h>
-#include <sys/queue.h>
-#include <sys/tree.h>
-#include <sys/poll.h>
-
-#include <err.h>
-#include <getopt.h>
-#include <libutil.h>
-#include <md5.h>
-#include <nlist.h>
-#include <readpassphrase.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <vis.h>
-
-int
-main()
-{
-	return 0;
-}

test/overlay.c

@@ -1,3 +1,29 @@
+/*
+ * Copyright © 2012 Guillem Jover <guillem@hadrons.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
 /* Include system headers that are “known” to pull bits selectively from
  * other headers through magic macros, to check that the overlay is working
  * properly. */