lib/libc/gen: use Lemire's algorithm for arc4random_uniform().

Daniel Lemire has published a more efficient range reduction algorithm
for finding a random number in a given range without bias, reduc

lib/libc/gen: use Lemire's algorithm for arc4random_uniform().

Daniel Lemire has published a more efficient range reduction algorithm
for finding a random number in a given range without bias, reducing the
number of divisions to none in the common case and 1 in case the initial
sample is rejected.

This speeds up performance by 22% on amd64, 15% on i386, and 70% on armv7.

os: FreeBSD
arch: amd64
cpu: Intel(R) Core(TM) i7-4910MQ CPU @ 2.90GHz
│ benchmark.out │
│ sec/op │
Arc4random_uniform 56.53n ± 0%
Fast_uniform 44.00n ± 0%
geomean 49.87n

Reviewed by: cem
Approved by: emaste
Differential Revision: https://reviews.freebsd.org/D47659

show more ...

History for arc4random_*()

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

arc4random(3): fix .Xr issues

- pthreads(3) should actually be pthread(3).
- getentropy(2) should actually be getentropy(3).

This makes the manpage `make manlint` clean.

MFC after: 1 week
Sponsore

arc4random(3): fix .Xr issues

- pthreads(3) should actually be pthread(3).
- getentropy(2) should actually be getentropy(3).

This makes the manpage `make manlint` clean.

MFC after: 1 week
Sponsored by: DellEMC Isilon

show more ...

Sync with OpenBSD:

arc4random.c: In the incredibly unbelievable circumstance where
_rs_init() fails to allocate pages, don't call abort() because of
corefile data leakage concerns, but simply _exit(

Sync with OpenBSD:

arc4random.c: In the incredibly unbelievable circumstance where
_rs_init() fails to allocate pages, don't call abort() because of
corefile data leakage concerns, but simply _exit(). The reasoning
is _rs_init() will only fail if someone finds a way to apply
specific pressure against this failure point, for the purpose of
leaking information into a core which they can read. We don't
need a corefile in this instance to debug that. So take this
"lever" away from whoever in the future wants to do that.

arc4random.3: reference random(4)

arc4random_uniform.c: include stdint.h over sys/types.h

show more ...

arc4random(3): Expand the SEE ALSO section

Submitted by: Gordon Bergling
Approved by: brueffer@
Obtained from: NetBSD
Differential Revision: https://reviews.freebsd.org/D23716

MFHead@r345677

arc4random: Adjust example code to use uniform() API

PR: 236678
Reported by: Andras Farkas <deepbluemistake AT gmail.com>

Merge ^/head r338026 through r338297, and resolve conflicts.

lib/libc/gen: use Lemire's algorithm for arc4random_uniform().

Daniel Lemire has published a more efficient range reduction algorithm
for finding a random number in a given range without bias, reduc

lib/libc/gen: use Lemire's algorithm for arc4random_uniform().

Daniel Lemire has published a more efficient range reduction algorithm
for finding a random number in a given range without bias, reducing the
number of divisions to none in the common case and 1 in case the initial
sample is rejected.

This speeds up performance by 22% on amd64, 15% on i386, and 70% on armv7.

os: FreeBSD
arch: amd64
cpu: Intel(R) Core(TM) i7-4910MQ CPU @ 2.90GHz
│ benchmark.out │
│ sec/op │
Arc4random_uniform 56.53n ± 0%
Fast_uniform 44.00n ± 0%
geomean 49.87n

Reviewed by: cem
Approved by: emaste
Differential Revision: https://reviews.freebsd.org/D47659

show more ...

History for arc4random_*()

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

arc4random(3): fix .Xr issues

- pthreads(3) should actually be pthread(3).
- getentropy(2) should actually be getentropy(3).

This makes the manpage `make manlint` clean.

MFC after: 1 week
Sponsore

arc4random(3): fix .Xr issues

- pthreads(3) should actually be pthread(3).
- getentropy(2) should actually be getentropy(3).

This makes the manpage `make manlint` clean.

MFC after: 1 week
Sponsored by: DellEMC Isilon

show more ...

Sync with OpenBSD:

arc4random.c: In the incredibly unbelievable circumstance where
_rs_init() fails to allocate pages, don't call abort() because of
corefile data leakage concerns, but simply _exit(

Sync with OpenBSD:

arc4random.c: In the incredibly unbelievable circumstance where
_rs_init() fails to allocate pages, don't call abort() because of
corefile data leakage concerns, but simply _exit(). The reasoning
is _rs_init() will only fail if someone finds a way to apply
specific pressure against this failure point, for the purpose of
leaking information into a core which they can read. We don't
need a corefile in this instance to debug that. So take this
"lever" away from whoever in the future wants to do that.

arc4random.3: reference random(4)

arc4random_uniform.c: include stdint.h over sys/types.h

show more ...

arc4random(3): Expand the SEE ALSO section

Submitted by: Gordon Bergling
Approved by: brueffer@
Obtained from: NetBSD
Differential Revision: https://reviews.freebsd.org/D23716

MFHead@r345677

arc4random: Adjust example code to use uniform() API

PR: 236678
Reported by: Andras Farkas <deepbluemistake AT gmail.com>

Merge ^/head r338026 through r338297, and resolve conflicts.

Update userland arc4random() with OpenBSD's Chacha20 based arc4random().

ObsoleteFiles.inc:

Remove manual pages for arc4random_addrandom(3) and
arc4random_stir(3).

contrib/ntp/lib/isc/

Update userland arc4random() with OpenBSD's Chacha20 based arc4random().

ObsoleteFiles.inc:

Remove manual pages for arc4random_addrandom(3) and
arc4random_stir(3).

contrib/ntp/lib/isc/random.c:
contrib/ntp/sntp/libevent/evutil_rand.c:

Eliminate in-tree usage of arc4random_addrandom().

crypto/heimdal/lib/roken/rand.c:
crypto/openssh/config.h:

Eliminate in-tree usage of arc4random_stir().

include/stdlib.h:

Remove arc4random_stir() and arc4random_addrandom() prototypes,
provide temporary shims for transistion period.

lib/libc/gen/Makefile.inc:

Hook arc4random-compat.c to build, add hint for Chacha20 source for
kernel, and remove arc4random_addrandom(3) and arc4random_stir(3)
links.

lib/libc/gen/arc4random.c:

Adopt OpenBSD arc4random.c,v 1.54 with bare minimum changes, use the
sys/crypto/chacha20 implementation of keystream.

lib/libc/gen/Symbol.map:

Remove arc4random_stir and arc4random_addrandom interfaces.

lib/libc/gen/arc4random.h:

Adopt OpenBSD arc4random.h,v 1.4 but provide _ARC4_LOCK of our own.

lib/libc/gen/arc4random.3:

Adopt OpenBSD arc4random.3,v 1.35 but keep FreeBSD r114444 and
r118247.

lib/libc/gen/arc4random-compat.c:

Compatibility shims for arc4random_stir and arc4random_addrandom
functions to preserve ABI. Log once when called but do nothing
otherwise.

lib/libc/gen/getentropy.c:
lib/libc/include/libc_private.h:

Fold __arc4_sysctl into getentropy.c (renamed to arnd_sysctl).
Remove from libc_private.h as a result.

sys/crypto/chacha20/chacha.c:
sys/crypto/chacha20/chacha.h:

Make it possible to use the kernel implementation in libc.

PR: 182610
Reviewed by: cem, markm
Obtained from: OpenBSD
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16760

show more ...

MFC

IFC @ r234692

sys/amd64/include/cpufunc.h
sys/amd64/include/fpu.h
sys/amd64/amd64/fpu.c
sys/amd64/vmm/vmm.c

- Add API to allow vmm FPU state init/save/restore.

FP stuff discussed with: kib

Update userland arc4random() with OpenBSD's Chacha20 based arc4random().

ObsoleteFiles.inc:

Remove manual pages for arc4random_addrandom(3) and
arc4random_stir(3).

contrib/ntp/lib/isc/

Update userland arc4random() with OpenBSD's Chacha20 based arc4random().

ObsoleteFiles.inc:

Remove manual pages for arc4random_addrandom(3) and
arc4random_stir(3).

contrib/ntp/lib/isc/random.c:
contrib/ntp/sntp/libevent/evutil_rand.c:

Eliminate in-tree usage of arc4random_addrandom().

crypto/heimdal/lib/roken/rand.c:
crypto/openssh/config.h:

Eliminate in-tree usage of arc4random_stir().

include/stdlib.h:

Remove arc4random_stir() and arc4random_addrandom() prototypes,
provide temporary shims for transistion period.

lib/libc/gen/Makefile.inc:

Hook arc4random-compat.c to build, add hint for Chacha20 source for
kernel, and remove arc4random_addrandom(3) and arc4random_stir(3)
links.

lib/libc/gen/arc4random.c:

Adopt OpenBSD arc4random.c,v 1.54 with bare minimum changes, use the
sys/crypto/chacha20 implementation of keystream.

lib/libc/gen/Symbol.map:

Remove arc4random_stir and arc4random_addrandom interfaces.

lib/libc/gen/arc4random.h:

Adopt OpenBSD arc4random.h,v 1.4 but provide _ARC4_LOCK of our own.

lib/libc/gen/arc4random.3:

Adopt OpenBSD arc4random.3,v 1.35 but keep FreeBSD r114444 and
r118247.

lib/libc/gen/arc4random-compat.c:

Compatibility shims for arc4random_stir and arc4random_addrandom
functions to preserve ABI. Log once when called but do nothing
otherwise.

lib/libc/gen/getentropy.c:
lib/libc/include/libc_private.h:

Fold __arc4_sysctl into getentropy.c (renamed to arnd_sysctl).
Remove from libc_private.h as a result.

sys/crypto/chacha20/chacha.c:
sys/crypto/chacha20/chacha.h:

Make it possible to use the kernel implementation in libc.

PR: 182610
Reviewed by: cem, markm
Obtained from: OpenBSD
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16760

show more ...

MFC

IFC @ r234692

sys/amd64/include/cpufunc.h
sys/amd64/include/fpu.h
sys/amd64/amd64/fpu.c
sys/amd64/vmm/vmm.c

- Add API to allow vmm FPU state init/save/restore.

FP stuff discussed with: kib

IFC @231845

Sponsored by: Cisco Systems, Inc.