xref: /freebsd/share/man/man9/random.9 (revision c7a063741720ef81d4caa4613242579d12f1d605)
1.\"
2.\" Copyright (c) 2015
3.\"	Mark R V Murray
4.\" Copyright (c) 2000
5.\"	The Regents of the University of California.  All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
17.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
20.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26.\"
27.\" $FreeBSD$
28.\" "
29.Dd March 22, 2021
30.Dt RANDOM 9
31.Os
32.Sh NAME
33.Nm arc4rand ,
34.Nm arc4random ,
35.Nm arc4random_buf ,
36.Nm is_random_seeded ,
37.Nm random ,
38.Nm read_random ,
39.Nm read_random_uio
40.Nd supply pseudo-random numbers
41.Sh SYNOPSIS
42.In sys/libkern.h
43.Ft uint32_t
44.Fn arc4random "void"
45.Ft void
46.Fn arc4random_buf "void *ptr" "size_t len"
47.Ft void
48.Fn arc4rand "void *ptr" "u_int length" "int reseed"
49.Pp
50.In sys/random.h
51.Ft bool
52.Fn is_random_seeded "void"
53.Ft void
54.Fn read_random "void *buffer" "int count"
55.Ft int
56.Fn read_random_uio "struct uio *uio" "bool nonblock"
57.Ss LEGACY ROUTINES
58.In sys/libkern.h
59.Ft u_long
60.Fn random "void"
61.Sh DESCRIPTION
62The
63.Fn arc4random
64and
65.Fn arc4random_buf
66functions will return very good quality random numbers, suited for
67security-related purposes.
68Both are wrappers around the underlying
69.Fn arc4rand
70interface.
71.Fn arc4random
72returns a 32-bit random value, while
73.Fn arc4random_buf
74fills
75.Fa ptr
76with
77.Fa len
78bytes of random data.
79.Pp
80The
81.Fn arc4rand
82CSPRNG
83is seeded from the
84.Xr random 4
85kernel abstract entropy device.
86Automatic reseeding happens at unspecified time and bytes (of output)
87intervals.
88A reseed can be forced by passing a non-zero
89.Fa reseed
90value.
91.Pp
92The
93.Fn read_random
94function is used to read entropy directly from the kernel abstract entropy
95device.
96.Fn read_random
97blocks if and until the entropy device is seeded.
98The provided
99.Fa buffer
100is filled with no more than
101.Fa count
102bytes.
103It is strongly advised that
104.Fn read_random
105is not used directly;
106instead, use the
107.Fn arc4rand
108family of functions.
109.Pp
110The
111.Fn is_random_seeded
112function can be used to check in advance if
113.Fn read_random
114will block.
115(If random is seeded, it will not block.)
116.Pp
117The
118.Fn read_random_uio
119function behaves identically to
120.Xr read 2
121on
122.Pa /dev/random .
123The
124.Fa uio
125argument points to a buffer where random data should be stored.
126If
127.Fa nonblock
128is true and the random device is not seeded, this function does not return any
129data.
130Otherwise, this function may block interruptibly until the random device is seeded.
131If the function is interrupted before the random device is seeded, no data is
132returned.
133.Pp
134The deprecated
135.Fn random
136function will return a 31-bit value.
137It is obsolete and scheduled to be removed in
138.Fx 14.0 .
139Consider
140.Xr prng 9
141instead and see
142.Sx SECURITY CONSIDERATIONS .
143.Sh RETURN VALUES
144The
145.Fn arc4rand
146function uses the Chacha20 algorithm to generate a pseudo-random sequence of
147bytes.
148The
149.Fn arc4random
150function uses
151.Fn arc4rand
152to generate pseudo-random numbers
153in the range from 0 to
154.if t 2\u\s732\s10\d\(mi1.
155.if n (2**32)\(mi1.
156.Pp
157The
158.Fn read_random
159function returns
160the number of bytes placed in
161.Fa buffer .
162.Pp
163.Fn read_random_uio
164returns zero when successful,
165otherwise an error code is returned.
166.Pp
167.Fn random
168returns numbers
169in the range from 0 to
170.if t 2\u\s731\s10\d\(mi1.
171.if n (2**31)\(mi1.
172
173.Sh ERRORS
174.Fn read_random_uio
175may fail if:
176.Bl -tag -width Er
177.It Bq Er EFAULT
178.Fa uio
179points to an invalid memory region.
180.It Bq Er EWOULDBLOCK
181The random device is unseeded and
182.Fa nonblock
183is true.
184.El
185.Sh AUTHORS
186.An Dan Moschuk
187wrote
188.Fn arc4random .
189.An Mark R V Murray
190wrote
191.Fn read_random .
192.Sh SECURITY CONSIDERATIONS
193Do not use
194.Fn random
195in new code.
196.Pp
197It is important to remember that the
198.Fn random
199function is entirely predictable.
200It is easy for attackers to predict future output of
201.Fn random
202by recording some generated values.
203We cannot emphasize strongly enough that
204.Fn random
205must not be used to generate values that are intended to be unpredictable.
206