1.\" 2.\" Copyright (c) 2015 3.\" Mark R V Murray 4.\" Copyright (c) 2000 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 17.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 20.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" " 29.Dd March 22, 2021 30.Dt RANDOM 9 31.Os 32.Sh NAME 33.Nm arc4rand , 34.Nm arc4random , 35.Nm arc4random_buf , 36.Nm is_random_seeded , 37.Nm random , 38.Nm read_random , 39.Nm read_random_uio 40.Nd supply pseudo-random numbers 41.Sh SYNOPSIS 42.In sys/libkern.h 43.Ft uint32_t 44.Fn arc4random "void" 45.Ft void 46.Fn arc4random_buf "void *ptr" "size_t len" 47.Ft void 48.Fn arc4rand "void *ptr" "u_int length" "int reseed" 49.Pp 50.In sys/random.h 51.Ft bool 52.Fn is_random_seeded "void" 53.Ft void 54.Fn read_random "void *buffer" "int count" 55.Ft int 56.Fn read_random_uio "struct uio *uio" "bool nonblock" 57.Ss LEGACY ROUTINES 58.In sys/libkern.h 59.Ft u_long 60.Fn random "void" 61.Sh DESCRIPTION 62The 63.Fn arc4random 64and 65.Fn arc4random_buf 66functions will return very good quality random numbers, suited for 67security-related purposes. 68Both are wrappers around the underlying 69.Fn arc4rand 70interface. 71.Fn arc4random 72returns a 32-bit random value, while 73.Fn arc4random_buf 74fills 75.Fa ptr 76with 77.Fa len 78bytes of random data. 79.Pp 80The 81.Fn arc4rand 82CSPRNG 83is seeded from the 84.Xr random 4 85kernel abstract entropy device. 86Automatic reseeding happens at unspecified time and bytes (of output) 87intervals. 88A reseed can be forced by passing a non-zero 89.Fa reseed 90value. 91.Pp 92The 93.Fn read_random 94function is used to read entropy directly from the kernel abstract entropy 95device. 96.Fn read_random 97blocks if and until the entropy device is seeded. 98The provided 99.Fa buffer 100is filled with no more than 101.Fa count 102bytes. 103It is strongly advised that 104.Fn read_random 105is not used directly; 106instead, use the 107.Fn arc4rand 108family of functions. 109.Pp 110The 111.Fn is_random_seeded 112function can be used to check in advance if 113.Fn read_random 114will block. 115(If random is seeded, it will not block.) 116.Pp 117The 118.Fn read_random_uio 119function behaves identically to 120.Xr read 2 121on 122.Pa /dev/random . 123The 124.Fa uio 125argument points to a buffer where random data should be stored. 126If 127.Fa nonblock 128is true and the random device is not seeded, this function does not return any 129data. 130Otherwise, this function may block interruptibly until the random device is seeded. 131If the function is interrupted before the random device is seeded, no data is 132returned. 133.Pp 134The deprecated 135.Fn random 136function will return a 31-bit value. 137It is obsolete and scheduled to be removed in 138.Fx 14.0 . 139Consider 140.Xr prng 9 141instead and see 142.Sx SECURITY CONSIDERATIONS . 143.Sh RETURN VALUES 144The 145.Fn arc4rand 146function uses the Chacha20 algorithm to generate a pseudo-random sequence of 147bytes. 148The 149.Fn arc4random 150function uses 151.Fn arc4rand 152to generate pseudo-random numbers 153in the range from 0 to 154.if t 2\u\s732\s10\d\(mi1. 155.if n (2**32)\(mi1. 156.Pp 157The 158.Fn read_random 159function returns 160the number of bytes placed in 161.Fa buffer . 162.Pp 163.Fn read_random_uio 164returns zero when successful, 165otherwise an error code is returned. 166.Pp 167.Fn random 168returns numbers 169in the range from 0 to 170.if t 2\u\s731\s10\d\(mi1. 171.if n (2**31)\(mi1. 172 173.Sh ERRORS 174.Fn read_random_uio 175may fail if: 176.Bl -tag -width Er 177.It Bq Er EFAULT 178.Fa uio 179points to an invalid memory region. 180.It Bq Er EWOULDBLOCK 181The random device is unseeded and 182.Fa nonblock 183is true. 184.El 185.Sh AUTHORS 186.An Dan Moschuk 187wrote 188.Fn arc4random . 189.An Mark R V Murray 190wrote 191.Fn read_random . 192.Sh SECURITY CONSIDERATIONS 193Do not use 194.Fn random 195in new code. 196.Pp 197It is important to remember that the 198.Fn random 199function is entirely predictable. 200It is easy for attackers to predict future output of 201.Fn random 202by recording some generated values. 203We cannot emphasize strongly enough that 204.Fn random 205must not be used to generate values that are intended to be unpredictable. 206