man2/getrandom.2

   1 .\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
   2 .\" Copyright (C) 2014,2015 Heinrich Schuchardt <xypron.glpk@gmx.de>
   3 .\" Copyright (C) 2015, Michael Kerrisk <mtk.manpages@gmail.com>
   4 .\"
   5 .\" %%%LICENSE_START(VERBATIM)
   6 .\" Permission is granted to make and distribute verbatim copies of this
   7 .\" manual provided the copyright notice and this permission notice are
   8 .\" preserved on all copies.
   9 .\"
  10 .\" Permission is granted to copy and distribute modified versions of
  11 .\" this manual under the conditions for verbatim copying, provided that
  12 .\" the entire resulting derived work is distributed under the terms of
  13 .\" a permission notice identical to this one.
  14 .\"
  15 .\" Since the Linux kernel and libraries are constantly changing, this
  16 .\" manual page may be incorrect or out-of-date.  The author(s) assume.
  17 .\" no responsibility for errors or omissions, or for damages resulting.
  18 .\" from the use of the information contained herein.  The author(s) may.
  19 .\" not have taken the same level of care in the production of this.
  20 .\" manual, which is licensed free of charge, as they might when working.
  21 .\" professionally.
  22 .\"
  23 .\" Formatted or processed versions of this manual, if unaccompanied by
  24 .\" the source, must acknowledge the copyright and authors of this work.
  25 .\" %%%LICENSE_END
  26 .\"
  27 .TH GETRANDOM 2 2017-03-13 "Linux" "Linux Programmer's Manual"
  28 .SH NAME
  29 getrandom \- obtain a series of random bytes
  30 .SH SYNOPSIS
  31 .B #include <sys/random.h>
  32 .PP
  33 .BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
  34 .SH DESCRIPTION
  35 The
  36 .BR getrandom ()
  37 system call fills the buffer pointed to by
  38 .I buf
  39 with up to
  40 .I buflen
  41 random bytes.
  42 These bytes can be used to seed user-space random number generators
  43 or for cryptographic purposes.
  44 .PP
  45 By default,
  46 .BR getrandom ()
  47 draws entropy from the
  48 .I urandom
  49 source (i.e., the same source as the
  50 .IR /dev/urandom
  51 device).
  52 This behavior can be changed via the
  53 .I flags
  54 argument.
  55 .PP
  56 If the
  57 .I urandom
  58 source has been initialized,
  59 reads of up to 256 bytes will always return as many bytes as
  60 requested and will not be interrupted by signals.
  61 No such guarantees apply for larger buffer sizes.
  62 For example, if the call is interrupted by a signal handler,
  63 it may return a partially filled buffer, or fail with the error
  64 .BR EINTR .
  65 .PP
  66 If the
  67 .I urandom
  68 source has not yet been initialized, then
  69 .BR getrandom ()
  70 will block, unless
  71 .B GRND_NONBLOCK
  72 is specified in
  73 .IR flags .
  74 .PP
  75 The
  76 .I flags
  77 argument is a bit mask that can contain zero or more of the following values
  78 ORed together:
  79 .TP
  80 .B GRND_RANDOM
  81 If this bit is set, then random bytes are drawn from the
  82 .I random
  83 source
  84 (i.e., the same source as the
  85 .IR /dev/random
  86 device)
  87 instead of the
  88 .I urandom
  89 source.
  90 The
  91 .I random
  92 source is limited based on the entropy that can be obtained from environmental
  93 noise.
  94 If the number of available bytes in the
  95 .I random
  96 source is less than requested in
  97 .IR buflen ,
  98 the call returns just the available random bytes.
  99 If no random bytes are available, the behavior depends on the presence of
 100 .B GRND_NONBLOCK
 101 in the
 102 .I flags
 103 argument.
 104 .TP
 105 .B GRND_NONBLOCK
 106 By default, when reading from the
 107 .IR random
 108 source,
 109 .BR getrandom ()
 110 blocks if no random bytes are available,
 111 and when reading from the
 112 .IR urandom
 113 source, it blocks if the entropy pool has not yet been initialized.
 114 If the
 115 .B GRND_NONBLOCK
 116 flag is set, then
 117 .BR getrandom ()
 118 does not block in these cases, but instead immediately returns \-1 with
 119 .I errno
 120 set to
 121 .BR EAGAIN .
 122 .SH RETURN VALUE
 123 On success,
 124 .BR getrandom ()
 125 returns the number of bytes that were copied to the buffer
 126 .IR buf .
 127 This may be less than the number of bytes requested via
 128 .I buflen
 129 if either
 130 .BR GRND_RANDOM
 131 was specified in
 132 .IR flags
 133 and insufficient entropy was present in the
 134 .IR random
 135 source or the system call was interrupted by a signal.
 136 .PP
 137 On error, \-1 is returned, and
 138 .I errno
 139 is set appropriately.
 140 .SH ERRORS
 141 .TP
 142 .B EAGAIN
 143 The requested entropy was not available, and
 144 .BR getrandom ()
 145 would have blocked if the
 146 .B GRND_NONBLOCK
 147 flag was not set.
 148 .TP
 149 .B EFAULT
 150 The address referred to by
 151 .I buf
 152 is outside the accessible address space.
 153 .TP
 154 .B EINTR
 155 The call was interrupted by a signal
 156 handler; see the description of how interrupted
 157 .BR read (2)
 158 calls on "slow" devices are handled with and without the
 159 .B SA_RESTART
 160 flag in the
 161 .BR signal (7)
 162 man page.
 163 .TP
 164 .B EINVAL
 165 An invalid flag was specified in
 166 .IR flags .
 167 .SH VERSIONS
 168 .BR getrandom ()
 169 was introduced in version 3.17 of the Linux kernel.
 170 Support was added to glibc in version 2.25.
 171 .SH CONFORMING TO
 172 This system call is Linux-specific.
 173 .SH NOTES
 174 For an overview and comparison of the various interfaces that
 175 can be used to obtain randomness, see
 176 .BR random (7).
 177 .PP
 178 Unlike
 179 .IR /dev/random
 180 and
 181 .IR /dev/urandom ,
 182 .BR getrandom ()
 183 does not involve the use of pathnames or file descriptors.
 184 Thus,
 185 .BR getrandom ()
 186 can be useful in cases where
 187 .BR chroot (2)
 188 makes
 189 .I /dev
 190 pathnames invisible,
 191 and where an application (e.g., a daemon during start-up)
 192 closes a file descriptor for one of these files
 193 that was opened by a library.
 194 .\"
 195 .SS Maximum number of bytes returned
 196 As of Linux 3.19 the following limits apply:
 197 .IP * 3
 198 When reading from the
 199 .IR urandom
 200 source, a maximum of 33554431 bytes is returned by a single call to
 201 .BR getrandom ()
 202 on systems where
 203 .I int
 204 has a size of 32 bits.
 205 .IP *
 206 When reading from the
 207 .IR random
 208 source, a maximum of 512 bytes is returned.
 209 .SS Interruption by a signal handler
 210 When reading from the
 211 .I urandom
 212 source
 213 .RB ( GRND_RANDOM
 214 is not set),
 215 .BR getrandom ()
 216 will block until the entropy pool has been initialized
 217 (unless the
 218 .BR GRND_NONBLOCK
 219 flag was specified).
 220 If a request is made to read a large number of bytes (more than 256),
 221 .BR getrandom ()
 222 will block until those bytes have been generated and transferred
 223 from kernel memory to
 224 .IR buf .
 225 When reading from the
 226 .I random
 227 source
 228 .RB ( GRND_RANDOM
 229 is set),
 230 .BR getrandom ()
 231 will block until some random bytes become available
 232 (unless the
 233 .BR GRND_NONBLOCK
 234 flag was specified).
 235 .PP
 236 The behavior when a call to
 237 .BR getrandom ()
 238 that is blocked while reading from the
 239 .I urandom
 240 source is interrupted by a signal handler
 241 depends on the initialization state of the entropy buffer
 242 and on the request size,
 243 .IR buflen .
 244 If the entropy is not yet initialized, then the call will fail with the
 245 .B EINTR
 246 error.
 247 If the entropy pool has been initialized
 248 and the request size is large
 249 .RI ( buflen "\ >\ 256),"
 250 the call either succeeds, returning a partially filled buffer,
 251 or fails with the error
 252 .BR EINTR.
 253 If the entropy pool has been initialized and the request size is small
 254 .RI ( buflen "\ <=\ 256),"
 255 then
 256 .BR getrandom ()
 257 will not fail with
 258 .BR EINTR .
 259 Instead, it will return all of the bytes that have been requested.
 260 .PP
 261 When reading from the
 262 .IR random
 263 source, blocking requests of any size can be interrupted by a signal handler
 264 (the call fails with the error
 265 .BR EINTR ).
 266 .PP
 267 Using
 268 .BR getrandom ()
 269 to read small buffers (<=\ 256 bytes) from the
 270 .I urandom
 271 source is the preferred mode of usage.
 272 .PP
 273 The special treatment of small values of
 274 .I buflen
 275 was designed for compatibility with
 276 OpenBSD's
 277 .BR getentropy (3),
 278 which is nowadays supported by glibc.
 279 .PP
 280 The user of
 281 .BR getrandom ()
 282 .I must
 283 always check the return value,
 284 to determine whether either an error occurred
 285 or fewer bytes than requested were returned.
 286 In the case where
 287 .B GRND_RANDOM
 288 is not specified and
 289 .I buflen
 290 is less than or equal to 256,
 291 a return of fewer bytes than requested should never happen,
 292 but the careful programmer will check for this anyway!
 293 .SH BUGS
 294 As of Linux 3.19, the following bug exists:
 295 .\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16
 296 .IP * 3
 297 Depending on CPU load,
 298 .BR getrandom ()
 299 does not react to interrupts before reading all bytes requested.
 300 .SH SEE ALSO
 301 .BR getentropy (3),
 302 .BR random (4),
 303 .BR urandom (4),
 304 .BR random (7),
 305 .BR signal (7)