2014-10-03 00:15:13 +00:00
|
|
|
.\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
|
|
|
|
.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of
|
|
|
|
.\" this manual under the conditions for verbatim copying, provided that
|
|
|
|
.\" the entire resulting derived work is distributed under the terms of
|
|
|
|
.\" a permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume.
|
|
|
|
.\" no responsibility for errors or omissions, or for damages resulting.
|
|
|
|
.\" from the use of the information contained herein. The author(s) may.
|
|
|
|
.\" not have taken the same level of care in the production of this.
|
|
|
|
.\" manual, which is licensed free of charge, as they might when working.
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
|
2015-01-22 18:30:10 +00:00
|
|
|
.TH GETRANDOM 2 2015-01-22 "Linux" "Linux Programmer's Manual"
|
2014-10-03 00:15:13 +00:00
|
|
|
.SH NAME
|
|
|
|
getrandom \- obtain a series of random bytes
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B #include <linux/random.h>
|
|
|
|
.sp
|
|
|
|
.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
|
|
|
|
.SH DESCRIPTION
|
2015-01-22 20:12:21 +00:00
|
|
|
The
|
2014-10-03 00:15:13 +00:00
|
|
|
.BR getrandom ()
|
2015-01-22 20:12:21 +00:00
|
|
|
system call fills the buffer pointed to by
|
2014-10-03 00:15:13 +00:00
|
|
|
.I buf
|
|
|
|
with up to
|
|
|
|
.I buflen
|
|
|
|
random bytes.
|
|
|
|
These can be used to seed user-space random number generators
|
|
|
|
or for other cryptographic purposes.
|
|
|
|
.PP
|
|
|
|
.BR getrandom ()
|
|
|
|
relies on entropy gathered from device drivers and other sources of
|
|
|
|
environmental noise.
|
|
|
|
Unnecessarily reading large quantities of data will have a negative impact
|
|
|
|
on other users of the
|
|
|
|
.I /dev/random
|
2014-11-11 09:14:05 +00:00
|
|
|
and
|
2014-10-03 00:15:13 +00:00
|
|
|
.I /dev/urandom
|
|
|
|
devices.
|
|
|
|
Therefore
|
|
|
|
.BR getrandom ()
|
|
|
|
should not be used for Monte Carlo simulations or other
|
|
|
|
programs/algorithms which are doing probabilistic sampling.
|
2014-11-11 09:19:01 +00:00
|
|
|
|
|
|
|
By default,
|
|
|
|
.BR getrandom ()
|
|
|
|
draws entropy from the
|
|
|
|
.IR /dev/urandom
|
2015-01-22 19:30:46 +00:00
|
|
|
pool.
|
2014-11-11 09:19:01 +00:00
|
|
|
This behavior can be changed via the
|
|
|
|
.I flags
|
|
|
|
argument.
|
2015-01-22 19:30:46 +00:00
|
|
|
If the
|
|
|
|
.IR /dev/urandom
|
|
|
|
pool has been initialized, reading from that pool never blocks.
|
2014-11-11 09:19:01 +00:00
|
|
|
|
2014-10-03 00:15:13 +00:00
|
|
|
The
|
|
|
|
.I flags
|
|
|
|
argument is a bit mask that can contain zero or more of the following values
|
|
|
|
ORed together:
|
|
|
|
.TP
|
|
|
|
.B GRND_RANDOM
|
|
|
|
If this bit is set, then random bytes are drawn from the
|
|
|
|
.I /dev/random
|
|
|
|
pool instead of the
|
|
|
|
.I /dev/urandom
|
|
|
|
pool.
|
|
|
|
The
|
|
|
|
.I /dev/random
|
|
|
|
pool is limited based on the entropy that can be obtained from environmental
|
|
|
|
noise.
|
2014-11-11 10:27:06 +00:00
|
|
|
If the number of available bytes in
|
|
|
|
.I /dev/random
|
|
|
|
is less than requested in
|
2014-10-03 00:15:13 +00:00
|
|
|
.IR buflen ,
|
2014-11-11 10:27:06 +00:00
|
|
|
the call returns just the available random bytes.
|
2015-01-22 20:12:21 +00:00
|
|
|
If no random byte is available, the behavior depends on the
|
2014-10-03 00:15:13 +00:00
|
|
|
presence of
|
|
|
|
.B GRND_NONBLOCK
|
|
|
|
in the
|
|
|
|
.I flags
|
|
|
|
argument.
|
|
|
|
.TP
|
|
|
|
.B GRND_NONBLOCK
|
2014-11-11 10:22:07 +00:00
|
|
|
By default, if there is no random byte available at all,
|
2014-10-03 00:15:13 +00:00
|
|
|
.BR getrandom ()
|
2014-11-11 10:22:07 +00:00
|
|
|
blocks until data is available.
|
2014-10-03 00:15:13 +00:00
|
|
|
If the
|
|
|
|
.B GRND_NONBLOCK
|
2014-11-11 10:22:07 +00:00
|
|
|
flag is set, then
|
2014-10-03 00:15:13 +00:00
|
|
|
.BR getrandom ()
|
2015-01-22 20:12:21 +00:00
|
|
|
instead immediately returns \-1 with
|
2014-11-11 10:22:07 +00:00
|
|
|
.I errno
|
|
|
|
set to
|
|
|
|
.BR EAGAIN .
|
2014-10-03 00:15:13 +00:00
|
|
|
.SH RETURN VALUE
|
|
|
|
On success,
|
|
|
|
.BR getrandom ()
|
|
|
|
returns the number of bytes that were copied to the buffer
|
|
|
|
.IR buf .
|
2014-11-11 09:14:05 +00:00
|
|
|
This may be less than the number of bytes requested via
|
2014-10-03 00:15:13 +00:00
|
|
|
.I buflen
|
|
|
|
if insufficient entropy was present in the
|
|
|
|
.IR /dev/random
|
|
|
|
pool, or if the system call was interrupted by a signal.
|
|
|
|
.PP
|
2015-01-22 20:12:21 +00:00
|
|
|
On error, \-1 is returned, and
|
2014-10-03 00:15:13 +00:00
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
2014-11-11 09:14:05 +00:00
|
|
|
An invalid flag was specified in
|
|
|
|
.IR flags .
|
2014-10-03 00:15:13 +00:00
|
|
|
.TP
|
|
|
|
.B EFAULT
|
2014-11-11 09:14:05 +00:00
|
|
|
The address referred to by
|
2014-10-03 00:15:13 +00:00
|
|
|
.I buf
|
|
|
|
is outside the accessible address space.
|
|
|
|
.TP
|
|
|
|
.B EAGAIN
|
|
|
|
The requested entropy was not available, and
|
|
|
|
.BR getrandom ()
|
|
|
|
would have blocked if the
|
|
|
|
.B GRND_NONBLOCK
|
|
|
|
flag was not set.
|
|
|
|
.TP
|
|
|
|
.B EINTR
|
|
|
|
While blocked waiting for entropy, the call was interrupted by a signal
|
|
|
|
handler; see the description of how interrupted
|
|
|
|
.BR read (2)
|
|
|
|
calls on "slow" devices are handled with and without the
|
|
|
|
.B SA_RESTART
|
|
|
|
flag in the
|
|
|
|
.BR signal (7)
|
|
|
|
man page.
|
|
|
|
.SH VERSIONS
|
|
|
|
.BR getrandom ()
|
|
|
|
was introduced in version 3.17 of the Linux kernel.
|
|
|
|
.SH CONFORMING TO
|
|
|
|
This system call is Linux-specific.
|
|
|
|
.SH NOTES
|
|
|
|
.SS Interruption by a signal handler
|
2015-01-22 19:30:46 +00:00
|
|
|
A call to
|
|
|
|
.BR getrandom ()
|
2015-01-22 20:12:21 +00:00
|
|
|
can block only when called without the
|
2015-01-22 19:30:46 +00:00
|
|
|
.B GRND_NONBLOCK
|
|
|
|
flag.
|
|
|
|
When reading from
|
|
|
|
.I /dev/urandom
|
|
|
|
.RB ( GRND_RANDOM
|
2015-01-22 20:04:21 +00:00
|
|
|
is not set),
|
2015-01-22 20:12:21 +00:00
|
|
|
blocking occurs only if the entropy pool has not been initialized yet.
|
2015-01-22 19:30:46 +00:00
|
|
|
When reading from
|
|
|
|
.I /dev/random
|
|
|
|
.RB ( GRND_RANDOM
|
2015-01-22 20:04:21 +00:00
|
|
|
is set),
|
2015-01-22 19:30:46 +00:00
|
|
|
blocking occurs if not enough random bytes are available.
|
|
|
|
|
2015-01-22 20:18:43 +00:00
|
|
|
The behavior when a call to
|
2014-10-03 00:15:13 +00:00
|
|
|
.BR getrandom ()
|
2015-01-22 20:18:43 +00:00
|
|
|
that is blocked while reading from
|
2014-10-03 00:15:13 +00:00
|
|
|
.I /dev/urandom
|
2015-01-22 20:18:43 +00:00
|
|
|
is interrupted by a signal handler
|
2014-10-03 00:15:13 +00:00
|
|
|
depends on the initialization state of the entropy buffer
|
2015-01-22 20:12:21 +00:00
|
|
|
and on the request size,
|
2014-10-03 00:15:13 +00:00
|
|
|
.IR buflen .
|
|
|
|
If the entropy is not yet initialized or the request size is large
|
2014-11-11 09:14:05 +00:00
|
|
|
.RI ( buflen "\ >\ 256),"
|
2015-01-22 20:12:21 +00:00
|
|
|
then the call will fail with the
|
2014-10-03 00:15:13 +00:00
|
|
|
.B EINTR
|
2015-01-22 20:12:21 +00:00
|
|
|
error.
|
2014-11-11 09:14:05 +00:00
|
|
|
If the entropy pool has been initialized and the request size is small
|
|
|
|
.RI ( buflen "\ <=\ 256),"
|
2015-01-22 20:12:21 +00:00
|
|
|
then
|
2014-10-03 00:15:13 +00:00
|
|
|
.BR getrandom ()
|
2015-01-22 20:12:21 +00:00
|
|
|
will not fail with
|
2014-10-03 00:15:13 +00:00
|
|
|
.BR EINTR .
|
|
|
|
Instead, it will return all of the bytes that have been requested.
|
|
|
|
.PP
|
|
|
|
When reading from
|
2015-01-22 20:04:21 +00:00
|
|
|
.IR /dev/random ,
|
2014-10-03 00:15:13 +00:00
|
|
|
these guarantees do
|
|
|
|
.I not
|
|
|
|
apply.
|
|
|
|
.PP
|
|
|
|
Calling
|
|
|
|
.BR getrandom ()
|
|
|
|
to read
|
|
|
|
.I /dev/urandom
|
2014-11-11 09:14:05 +00:00
|
|
|
for small values (<=\ 256) of
|
2014-10-03 00:15:13 +00:00
|
|
|
.I buflen
|
|
|
|
is the preferred mode of usage.
|
|
|
|
.PP
|
|
|
|
The special treatment of small values of
|
|
|
|
.I buflen
|
|
|
|
was designed for compatibility with
|
|
|
|
OpenBSD's
|
|
|
|
.BR getentropy ()
|
|
|
|
system call.
|
|
|
|
.PP
|
|
|
|
The user of
|
|
|
|
.BR getrandom ()
|
|
|
|
.I must
|
2014-11-11 09:14:05 +00:00
|
|
|
always check the return value,
|
|
|
|
to determine whether either an error occurred
|
|
|
|
or fewer bytes than requested were returned.
|
2014-10-03 00:15:13 +00:00
|
|
|
In the case where
|
|
|
|
.B GRND_RANDOM
|
|
|
|
is not specified and
|
|
|
|
.I buflen
|
|
|
|
is less than or equal to 256,
|
|
|
|
a return of fewer bytes than requested should never happen,
|
|
|
|
but the careful user-space code should check for this anyway!
|
|
|
|
.SS Choice of random device
|
|
|
|
Unless you are doing long-term key generation (and perhaps not even
|
|
|
|
then), you probably shouldn't be using
|
|
|
|
.B GRND_RANDOM.
|
|
|
|
The cryptographic algorithms used for
|
|
|
|
.I /dev/urandom
|
|
|
|
are quite conservative, and so should be sufficient for all purposes.
|
|
|
|
The disadvantage of
|
|
|
|
.B GRND_RANDOM
|
|
|
|
is that it can block.
|
|
|
|
Furthermore, dealing with partially fulfilled
|
|
|
|
.BR getrandom ()
|
|
|
|
requests increases code complexity.
|
|
|
|
.SS Emulating OpenBSD's getentropy()
|
|
|
|
The
|
|
|
|
.BR getentropy ()
|
|
|
|
system call in OpenBSD can be emulated using the following
|
|
|
|
function:
|
|
|
|
|
|
|
|
.in +4n
|
|
|
|
.nf
|
|
|
|
int
|
|
|
|
getentropy(void *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (buflen > 256)
|
|
|
|
goto failure;
|
|
|
|
ret = getrandom(buf, buflen, 0);
|
|
|
|
if (ret < 0)
|
|
|
|
return ret;
|
|
|
|
if (ret == buflen)
|
|
|
|
return 0;
|
|
|
|
failure:
|
|
|
|
errno = EIO;
|
2015-01-22 20:12:21 +00:00
|
|
|
return \-1;
|
2014-10-03 00:15:13 +00:00
|
|
|
}
|
|
|
|
.fi
|
|
|
|
.in
|
2015-01-22 18:30:10 +00:00
|
|
|
.SH BUGS
|
|
|
|
As of Linux 3.19, the following bug exists:
|
|
|
|
.\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16
|
2015-01-22 20:12:21 +00:00
|
|
|
.IP * 3
|
|
|
|
Depending on CPU load,
|
2015-01-22 18:30:10 +00:00
|
|
|
.BR getrandom ()
|
|
|
|
does not react to interrupts before reading all bytes requested.
|
2014-10-03 00:15:13 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR random (4),
|
|
|
|
.BR urandom (4)
|