[thirdparty/openssl.git] / doc / man3 / RAND_bytes.pod

=pod

=head1 NAME

RAND_bytes, RAND_priv_bytes, RAND_bytes_ex, RAND_priv_bytes_ex,
RAND_pseudo_bytes, RAND_set1_random_provider - generate random data

=head1 SYNOPSIS

 #include <openssl/rand.h>

 int RAND_bytes(unsigned char *buf, int num);
 int RAND_priv_bytes(unsigned char *buf, int num);

 int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                   unsigned int strength);
 int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                        unsigned int strength);

 int RAND_set1_random_provider(OSSL_LIB_CTX *ctx, OSSL_PROVIDER *p);

The following function has been deprecated since OpenSSL 1.1.0, and can be
hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
see L<openssl_user_macros(7)>:

 int RAND_pseudo_bytes(unsigned char *buf, int num);

=head1 DESCRIPTION

RAND_bytes() generates B<num> random bytes using a cryptographically
secure pseudo random generator (CSPRNG) and stores them in B<buf>. B<buf> B<MUST NOT> be NULL.

RAND_priv_bytes() has the same semantics as RAND_bytes().  It is intended to
be used for generating values that should remain private. If using the
default RAND_METHOD, this function uses a separate "private" PRNG
instance so that a compromise of the "public" PRNG instance will not
affect the secrecy of these private values, as described in L<RAND(7)>
and L<EVP_RAND(7)>.

RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and
RAND_priv_bytes() except that they both take additional I<strength> and
I<ctx> parameters. The bytes generated will have a security strength of at
least I<strength> bits.
The DRBG used for the operation is the public or private DRBG associated with
the specified I<ctx>. The parameter can be NULL, in which case
the default library context is used (see L<OSSL_LIB_CTX(3)>.
If the default RAND_METHOD has been changed then for compatibility reasons the
RAND_METHOD will be used in preference and the DRBG of the library context
ignored.

RAND_set1_random_provider() specifies a provider, I<prov>, which will be used
by the library context I<ctx> for all of the generate calls above instead
of the built-in in DRBGs and entropy source.  Pass NULL for the provider
to disable the random provider functionality.  In this case, the built-in DRBGs
and entropy source will be used.  This call should not be considered thread safe.

=head1 NOTES

By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it
was able to seed itself from a trusted entropy source.
On all major platforms supported by OpenSSL (including the Unix-like platforms
and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use
using the operating systems's random generator.

If the entropy source fails or is not available, the CSPRNG will enter an
error state and refuse to generate random bytes. For that reason, it is important
to always check the error return value of RAND_bytes() and RAND_priv_bytes() and
not take randomness for granted.

On other platforms, there might not be a trusted entropy source available
or OpenSSL might have been explicitly configured to use different entropy sources.
If you are in doubt about the quality of the entropy source, don't hesitate to ask
your operating system vendor or post a question on GitHub or the openssl-users
mailing list.

=head1 RETURN VALUES

RAND_bytes() and RAND_priv_bytes()
return 1 on success, -1 if not supported by the current
RAND method, or 0 on other failure. The error code can be
obtained by L<ERR_get_error(3)>.

RAND_set1_random_provider() returns 1 on success and 0 on failure.

=head1 SEE ALSO

L<RAND_add(3)>,
L<RAND_bytes(3)>,
L<RAND_priv_bytes(3)>,
L<ERR_get_error(3)>,
L<RAND(7)>,
L<EVP_RAND(7)>

=head1 HISTORY

=over 2

=item *

RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.

=item *

The RAND_priv_bytes() function was added in OpenSSL 1.1.1.

=item *

The RAND_bytes_ex() and RAND_priv_bytes_ex() functions were added in OpenSSL 3.0

=item *

The RAND_set1_random_provider() function was added in OpenSSL 3.5

=back

=head1 COPYRIGHT

Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
60b52453 UM	1	=pod
	2
	3	=head1 NAME
	4
993ebac9	5	RAND_bytes, RAND_priv_bytes, RAND_bytes_ex, RAND_priv_bytes_ex,
c6ec0451	6	RAND_pseudo_bytes, RAND_set1_random_provider - generate random data
60b52453 UM	7
	8	=head1 SYNOPSIS
	9
	10	#include <openssl/rand.h>
	11
	12	int RAND_bytes(unsigned char *buf, int num);
ddc6a5c8	13	int RAND_priv_bytes(unsigned char *buf, int num);
60b52453	14
528685fe	15	int RAND_bytes_ex(OSSL_LIB_CTX ctx, unsigned char buf, size_t num,
e587bccd	16	unsigned int strength);
528685fe	17	int RAND_priv_bytes_ex(OSSL_LIB_CTX ctx, unsigned char buf, size_t num,
e587bccd	18	unsigned int strength);
993ebac9	19
c6ec0451 P	20	int RAND_set1_random_provider(OSSL_LIB_CTX ctx, OSSL_PROVIDER p);
c6ec0451 P	21
3dbf8243 MC	22	The following function has been deprecated since OpenSSL 1.1.0, and can be
	23	hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
	24	see L<openssl_user_macros(7)>:
302d38e3	25
60b52453 UM	26	int RAND_pseudo_bytes(unsigned char *buf, int num);
	27
	28	=head1 DESCRIPTION
	29
88398d2a	30	RAND_bytes() generates B<num> random bytes using a cryptographically
5d632274	31	secure pseudo random generator (CSPRNG) and stores them in B<buf>. B<buf> B<MUST NOT> be NULL.
720b3598	32
ddc6a5c8	33	RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to
b26befb5 NT	34	be used for generating values that should remain private. If using the
	35	default RAND_METHOD, this function uses a separate "private" PRNG
	36	instance so that a compromise of the "public" PRNG instance will not
	37	affect the secrecy of these private values, as described in L<RAND(7)>
7d615e21	38	and L<EVP_RAND(7)>.
b26befb5	39
993ebac9	40	RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and
e587bccd	41	RAND_priv_bytes() except that they both take additional I<strength> and
e304aa87	42	I<ctx> parameters. The bytes generated will have a security strength of at
e587bccd	43	least I<strength> bits.
993ebac9 MC	44	The DRBG used for the operation is the public or private DRBG associated with
993ebac9 MC	45	the specified I<ctx>. The parameter can be NULL, in which case
b4250010	46	the default library context is used (see L<OSSL_LIB_CTX(3)>.
993ebac9 MC	47	If the default RAND_METHOD has been changed then for compatibility reasons the
	48	RAND_METHOD will be used in preference and the DRBG of the library context
	49	ignored.
	50
c6ec0451 P	51	RAND_set1_random_provider() specifies a provider, I<prov>, which will be used
	52	by the library context I<ctx> for all of the generate calls above instead
	53	of the built-in in DRBGs and entropy source. Pass NULL for the provider
	54	to disable the random provider functionality. In this case, the built-in DRBGs
	55	and entropy source will be used. This call should not be considered thread safe.
	56
b26befb5 NT	57	=head1 NOTES
b26befb5 NT	58
88398d2a DMSP	59	By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it
	60	was able to seed itself from a trusted entropy source.
	61	On all major platforms supported by OpenSSL (including the Unix-like platforms
	62	and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use
	63	using the operating systems's random generator.
	64
	65	If the entropy source fails or is not available, the CSPRNG will enter an
	66	error state and refuse to generate random bytes. For that reason, it is important
	67	to always check the error return value of RAND_bytes() and RAND_priv_bytes() and
	68	not take randomness for granted.
	69
	70	On other platforms, there might not be a trusted entropy source available
	71	or OpenSSL might have been explicitly configured to use different entropy sources.
	72	If you are in doubt about the quality of the entropy source, don't hesitate to ask
	73	your operating system vendor or post a question on GitHub or the openssl-users
	74	mailing list.
ddc6a5c8	75
60b52453 UM	76	=head1 RETURN VALUES
60b52453 UM	77
a73d990e	78	RAND_bytes() and RAND_priv_bytes()
ddc6a5c8	79	return 1 on success, -1 if not supported by the current
0ea155fc RS	80	RAND method, or 0 on other failure. The error code can be
	81	obtained by L<ERR_get_error(3)>.
	82
c6ec0451 P	83	RAND_set1_random_provider() returns 1 on success and 0 on failure.
c6ec0451 P	84
b5c4bbbe JL	85	=head1 SEE ALSO
	86
	87	L<RAND_add(3)>,
	88	L<RAND_bytes(3)>,
	89	L<RAND_priv_bytes(3)>,
	90	L<ERR_get_error(3)>,
	91	L<RAND(7)>,
7d615e21	92	L<EVP_RAND(7)>
b5c4bbbe	93
a95d7574	94	=head1 HISTORY
0ea155fc	95
b26befb5 NT	96	=over 2
	97
	98	=item *
	99
5ecff87d	100	RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.
60b52453	101
b26befb5 NT	102	=item *
b26befb5 NT	103
fc5ecadd	104	The RAND_priv_bytes() function was added in OpenSSL 1.1.1.
b26befb5	105
993ebac9 MC	106	=item *
	107
	108	The RAND_bytes_ex() and RAND_priv_bytes_ex() functions were added in OpenSSL 3.0
	109
c6ec0451 P	110	=item *
	111
	112	The RAND_set1_random_provider() function was added in OpenSSL 3.5
	113
b26befb5 NT	114	=back
b26befb5 NT	115
e2f92610 RS	116	=head1 COPYRIGHT
e2f92610 RS	117
0c679f55	118	Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	119
4746f25a	120	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	121	this file except in compliance with the License. You can obtain a copy
	122	in the file LICENSE in the source distribution or at
	123	L<https://www.openssl.org/source/license.html>.
	124
	125	=cut