c1e80940f3
ObsoleteFiles.inc: Remove manual pages for arc4random_addrandom(3) and arc4random_stir(3). contrib/ntp/lib/isc/random.c: contrib/ntp/sntp/libevent/evutil_rand.c: Eliminate in-tree usage of arc4random_addrandom(). crypto/heimdal/lib/roken/rand.c: crypto/openssh/config.h: Eliminate in-tree usage of arc4random_stir(). include/stdlib.h: Remove arc4random_stir() and arc4random_addrandom() prototypes, provide temporary shims for transistion period. lib/libc/gen/Makefile.inc: Hook arc4random-compat.c to build, add hint for Chacha20 source for kernel, and remove arc4random_addrandom(3) and arc4random_stir(3) links. lib/libc/gen/arc4random.c: Adopt OpenBSD arc4random.c,v 1.54 with bare minimum changes, use the sys/crypto/chacha20 implementation of keystream. lib/libc/gen/Symbol.map: Remove arc4random_stir and arc4random_addrandom interfaces. lib/libc/gen/arc4random.h: Adopt OpenBSD arc4random.h,v 1.4 but provide _ARC4_LOCK of our own. lib/libc/gen/arc4random.3: Adopt OpenBSD arc4random.3,v 1.35 but keep FreeBSD r114444 and r118247. lib/libc/gen/arc4random-compat.c: Compatibility shims for arc4random_stir and arc4random_addrandom functions to preserve ABI. Log once when called but do nothing otherwise. lib/libc/gen/getentropy.c: lib/libc/include/libc_private.h: Fold __arc4_sysctl into getentropy.c (renamed to arnd_sysctl). Remove from libc_private.h as a result. sys/crypto/chacha20/chacha.c: sys/crypto/chacha20/chacha.h: Make it possible to use the kernel implementation in libc. PR: 182610 Reviewed by: cem, markm Obtained from: OpenBSD Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16760
144 lines
4.6 KiB
Groff
144 lines
4.6 KiB
Groff
.\" $OpenBSD: arc4random.3,v 1.35 2014/11/25 16:45:24 millert Exp $
|
|
.\"
|
|
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by Niels Provos.
|
|
.\" 4. The name of the author may not be used to endorse or promote products
|
|
.\" derived from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\" Manual page, using -mandoc macros
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd July 19, 2014
|
|
.Dt ARC4RANDOM 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm arc4random ,
|
|
.Nm arc4random_buf ,
|
|
.Nm arc4random_uniform
|
|
.Nd random number generator
|
|
.Sh LIBRARY
|
|
.Lb libc
|
|
.Sh SYNOPSIS
|
|
.In stdlib.h
|
|
.Ft uint32_t
|
|
.Fn arc4random "void"
|
|
.Ft void
|
|
.Fn arc4random_buf "void *buf" "size_t nbytes"
|
|
.Ft uint32_t
|
|
.Fn arc4random_uniform "uint32_t upper_bound"
|
|
.Sh DESCRIPTION
|
|
This family of functions provides higher quality data than those
|
|
described in
|
|
.Xr rand 3 ,
|
|
.Xr random 3 ,
|
|
and
|
|
.Xr rand48 3 .
|
|
.Pp
|
|
Use of these functions is encouraged for almost all random number
|
|
consumption because the other interfaces are deficient in either
|
|
quality, portability, standardization, or availability.
|
|
These functions can be called in almost all coding environments,
|
|
including
|
|
.Xr pthreads 3
|
|
and
|
|
.Xr chroot 2 .
|
|
.Pp
|
|
High quality 32-bit pseudo-random numbers are generated very quickly.
|
|
On each call, a cryptographic pseudo-random number generator is used
|
|
to generate a new result.
|
|
One data pool is used for all consumers in a process, so that consumption
|
|
under program flow can act as additional stirring.
|
|
The subsystem is re-seeded from the kernel random number subsystem using
|
|
.Xr getentropy 2
|
|
on a regular basis, and also upon
|
|
.Xr fork 2 .
|
|
.Pp
|
|
The
|
|
.Fn arc4random
|
|
function returns a single 32-bit value.
|
|
The
|
|
.Fn arc4random
|
|
function returns pseudo-random numbers in the range of 0 to
|
|
.if t 2\u\s731\s10\d\(mi1,
|
|
.if n (2**32)\(mi1,
|
|
and therefore has twice the range of
|
|
.Xr rand 3
|
|
and
|
|
.Xr random 3 .
|
|
.Pp
|
|
.Fn arc4random_buf
|
|
fills the region
|
|
.Fa buf
|
|
of length
|
|
.Fa nbytes
|
|
with random data.
|
|
.Pp
|
|
.Fn arc4random_uniform
|
|
will return a single 32-bit value, uniformly distributed but less than
|
|
.Fa upper_bound .
|
|
This is recommended over constructions like
|
|
.Dq Li arc4random() % upper_bound
|
|
as it avoids "modulo bias" when the upper bound is not a power of two.
|
|
In the worst case, this function may consume multiple iterations
|
|
to ensure uniformity; see the source code to understand the problem
|
|
and solution.
|
|
.Sh RETURN VALUES
|
|
These functions are always successful, and no return value is
|
|
reserved to indicate an error.
|
|
.Sh EXAMPLES
|
|
The following produces a drop-in replacement for the traditional
|
|
.Fn rand
|
|
and
|
|
.Fn random
|
|
functions using
|
|
.Fn arc4random :
|
|
.Pp
|
|
.Dl "#define foo4random() (arc4random() % ((unsigned)RAND_MAX + 1))"
|
|
.Sh SEE ALSO
|
|
.Xr rand 3 ,
|
|
.Xr rand48 3 ,
|
|
.Xr random 3
|
|
.Sh HISTORY
|
|
These functions first appeared in
|
|
.Ox 2.1 .
|
|
.Pp
|
|
The original version of this random number generator used the
|
|
RC4 (also known as ARC4) algorithm.
|
|
In
|
|
.Ox 5.5
|
|
it was replaced with the ChaCha20 cipher, and it may be replaced
|
|
again in the future as cryptographic techniques advance.
|
|
A good mnemonic is
|
|
.Dq A Replacement Call for Random .
|
|
.Pp
|
|
The
|
|
.Fn arc4random
|
|
random number generator was first introduced in
|
|
.Fx 2.2.6 .
|
|
The ChaCha20 based implementation was introduced in
|
|
.Fx 12.0 ,
|
|
with obsolete stir and addrandom interfaces removed at the same time.
|