man2/getrandom.2

   1 .\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
   2 .\" Copyright (C) 2014,2015 Heinrich Schuchardt <xypron.glpk@gmx.de>
   3 .\" Copyright (C) 2015, Michael Kerrisk <mtk.manpages@gmail.com>
   4 .\"
   5 .\" %%%LICENSE_START(VERBATIM)
   6 .\" Permission is granted to make and distribute verbatim copies of this
   7 .\" manual provided the copyright notice and this permission notice are
   8 .\" preserved on all copies.
   9 .\"
  10 .\" Permission is granted to copy and distribute modified versions of
  11 .\" this manual under the conditions for verbatim copying, provided that
  12 .\" the entire resulting derived work is distributed under the terms of
  13 .\" a permission notice identical to this one.
  14 .\"
  15 .\" Since the Linux kernel and libraries are constantly changing, this
  16 .\" manual page may be incorrect or out-of-date.  The author(s) assume.
  17 .\" no responsibility for errors or omissions, or for damages resulting.
  18 .\" from the use of the information contained herein.  The author(s) may.
  19 .\" not have taken the same level of care in the production of this.
  20 .\" manual, which is licensed free of charge, as they might when working.
  21 .\" professionally.
  22 .\"
  23 .\" Formatted or processed versions of this manual, if unaccompanied by
  24 .\" the source, must acknowledge the copyright and authors of this work.
  25 .\" %%%LICENSE_END
  26 .\"
  27 .TH GETRANDOM 2 2017-09-15 "Linux" "Linux Programmer's Manual"
  28 .SH NAME
  29 getrandom \- obtain a series of random bytes
  30 .SH SYNOPSIS
  31 .B #include <sys/random.h>
  32 .PP
  33 .BI "ssize_t getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
  34 .SH DESCRIPTION
  35 The
  36 .BR getrandom ()
  37 system call fills the buffer pointed to by
  38 .I buf
  39 with up to
  40 .I buflen
  41 random bytes.
  42 These bytes can be used to seed user-space random number generators
  43 or for cryptographic purposes.
  44 .PP
  45 By default,
  46 .BR getrandom ()
  47 draws entropy from the
  48 .I urandom
  49 source (i.e., the same source as the
  50 .IR /dev/urandom
  51 device).
  52 This behavior can be changed via the
  53 .I flags
  54 argument.
  55 .PP
  56 If the
  57 .I urandom
  58 source has been initialized,
  59 reads of up to 256 bytes will always return as many bytes as
  60 requested and will not be interrupted by signals.
  61 No such guarantees apply for larger buffer sizes.
  62 For example, if the call is interrupted by a signal handler,
  63 it may return a partially filled buffer, or fail with the error
  64 .BR EINTR .
  65 .PP
  66 If the
  67 .I urandom
  68 source has not yet been initialized, then
  69 .BR getrandom ()
  70 will block, unless
  71 .B GRND_NONBLOCK
  72 is specified in
  73 .IR flags .
  74 .PP
  75 The
  76 .I flags
  77 argument is a bit mask that can contain zero or more of the following values
  78 ORed together:
  79 .TP
  80 .B GRND_RANDOM
  81 If this bit is set, then random bytes are drawn from the
  82 .I random
  83 source
  84 (i.e., the same source as the
  85 .IR /dev/random
  86 device)
  87 instead of the
  88 .I urandom
  89 source.
  90 The
  91 .I random
  92 source is limited based on the entropy that can be obtained from environmental
  93 noise.
  94 If the number of available bytes in the
  95 .I random
  96 source is less than requested in
  97 .IR buflen ,
  98 the call returns just the available random bytes.
  99 If no random bytes are available, the behavior depends on the presence of
 100 .B GRND_NONBLOCK
 101 in the
 102 .I flags
 103 argument.
 104 .TP
 105 .B GRND_NONBLOCK
 106 By default, when reading from the
 107 .IR random
 108 source,
 109 .BR getrandom ()
 110 blocks if no random bytes are available,
 111 and when reading from the
 112 .IR urandom
 113 source, it blocks if the entropy pool has not yet been initialized.
 114 If the
 115 .B GRND_NONBLOCK
 116 flag is set, then
 117 .BR getrandom ()
 118 does not block in these cases, but instead immediately returns \-1 with
 119 .I errno
 120 set to
 121 .BR EAGAIN .
 122 .SH RETURN VALUE
 123 On success,
 124 .BR getrandom ()
 125 returns the number of bytes that were copied to the buffer
 126 .IR buf .
 127 This may be less than the number of bytes requested via
 128 .I buflen
 129 if either
 130 .BR GRND_RANDOM
 131 was specified in
 132 .IR flags
 133 and insufficient entropy was present in the
 134 .IR random
 135 source or the system call was interrupted by a signal.
 136 .PP
 137 On error, \-1 is returned, and
 138 .I errno
 139 is set appropriately.
 140 .SH ERRORS
 141 .TP
 142 .B EAGAIN
 143 The requested entropy was not available, and
 144 .BR getrandom ()
 145 would have blocked if the
 146 .B GRND_NONBLOCK
 147 flag was not set.
 148 .TP
 149 .B EFAULT
 150 The address referred to by
 151 .I buf
 152 is outside the accessible address space.
 153 .TP
 154 .B EINTR
 155 The call was interrupted by a signal
 156 handler; see the description of how interrupted
 157 .BR read (2)
 158 calls on "slow" devices are handled with and without the
 159 .B SA_RESTART
 160 flag in the
 161 .BR signal (7)
 162 man page.
 163 .TP
 164 .B EINVAL
 165 An invalid flag was specified in
 166 .IR flags .
 167 .TP
 168 .B ENOSYS
 169 The glibc wrapper function for
 170 .BR getrandom ()
 171 determined that the underlying kernel does not implement this system call.
 172 .SH VERSIONS
 173 .BR getrandom ()
 174 was introduced in version 3.17 of the Linux kernel.
 175 Support was added to glibc in version 2.25.
 176 .SH CONFORMING TO
 177 This system call is Linux-specific.
 178 .SH NOTES
 179 For an overview and comparison of the various interfaces that
 180 can be used to obtain randomness, see
 181 .BR random (7).
 182 .PP
 183 Unlike
 184 .IR /dev/random
 185 and
 186 .IR /dev/urandom ,
 187 .BR getrandom ()
 188 does not involve the use of pathnames or file descriptors.
 189 Thus,
 190 .BR getrandom ()
 191 can be useful in cases where
 192 .BR chroot (2)
 193 makes
 194 .I /dev
 195 pathnames invisible,
 196 and where an application (e.g., a daemon during start-up)
 197 closes a file descriptor for one of these files
 198 that was opened by a library.
 199 .\"
 200 .SS Maximum number of bytes returned
 201 As of Linux 3.19 the following limits apply:
 202 .IP * 3
 203 When reading from the
 204 .IR urandom
 205 source, a maximum of 33554431 bytes is returned by a single call to
 206 .BR getrandom ()
 207 on systems where
 208 .I int
 209 has a size of 32 bits.
 210 .IP *
 211 When reading from the
 212 .IR random
 213 source, a maximum of 512 bytes is returned.
 214 .SS Interruption by a signal handler
 215 When reading from the
 216 .I urandom
 217 source
 218 .RB ( GRND_RANDOM
 219 is not set),
 220 .BR getrandom ()
 221 will block until the entropy pool has been initialized
 222 (unless the
 223 .BR GRND_NONBLOCK
 224 flag was specified).
 225 If a request is made to read a large number of bytes (more than 256),
 226 .BR getrandom ()
 227 will block until those bytes have been generated and transferred
 228 from kernel memory to
 229 .IR buf .
 230 When reading from the
 231 .I random
 232 source
 233 .RB ( GRND_RANDOM
 234 is set),
 235 .BR getrandom ()
 236 will block until some random bytes become available
 237 (unless the
 238 .BR GRND_NONBLOCK
 239 flag was specified).
 240 .PP
 241 The behavior when a call to
 242 .BR getrandom ()
 243 that is blocked while reading from the
 244 .I urandom
 245 source is interrupted by a signal handler
 246 depends on the initialization state of the entropy buffer
 247 and on the request size,
 248 .IR buflen .
 249 If the entropy is not yet initialized, then the call fails with the
 250 .B EINTR
 251 error.
 252 If the entropy pool has been initialized
 253 and the request size is large
 254 .RI ( buflen "\ >\ 256),"
 255 the call either succeeds, returning a partially filled buffer,
 256 or fails with the error
 257 .BR EINTR .
 258 If the entropy pool has been initialized and the request size is small
 259 .RI ( buflen "\ <=\ 256),"
 260 then
 261 .BR getrandom ()
 262 will not fail with
 263 .BR EINTR .
 264 Instead, it will return all of the bytes that have been requested.
 265 .PP
 266 When reading from the
 267 .IR random
 268 source, blocking requests of any size can be interrupted by a signal handler
 269 (the call fails with the error
 270 .BR EINTR ).
 271 .PP
 272 Using
 273 .BR getrandom ()
 274 to read small buffers (<=\ 256 bytes) from the
 275 .I urandom
 276 source is the preferred mode of usage.
 277 .PP
 278 The special treatment of small values of
 279 .I buflen
 280 was designed for compatibility with
 281 OpenBSD's
 282 .BR getentropy (3),
 283 which is nowadays supported by glibc.
 284 .PP
 285 The user of
 286 .BR getrandom ()
 287 .I must
 288 always check the return value,
 289 to determine whether either an error occurred
 290 or fewer bytes than requested were returned.
 291 In the case where
 292 .B GRND_RANDOM
 293 is not specified and
 294 .I buflen
 295 is less than or equal to 256,
 296 a return of fewer bytes than requested should never happen,
 297 but the careful programmer will check for this anyway!
 298 .SH BUGS
 299 As of Linux 3.19, the following bug exists:
 300 .\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16
 301 .IP * 3
 302 Depending on CPU load,
 303 .BR getrandom ()
 304 does not react to interrupts before reading all bytes requested.
 305 .SH SEE ALSO
 306 .BR getentropy (3),
 307 .BR random (4),
 308 .BR urandom (4),
 309 .BR random (7),
 310 .BR signal (7)