1 .\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
2 .\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk@gmx.de>
4 .\" %%%LICENSE_START(VERBATIM)
5 .\" Permission is granted to make and distribute verbatim copies of this
6 .\" manual provided the copyright notice and this permission notice are
7 .\" preserved on all copies.
9 .\" Permission is granted to copy and distribute modified versions of
10 .\" this manual under the conditions for verbatim copying, provided that
11 .\" the entire resulting derived work is distributed under the terms of
12 .\" a permission notice identical to this one.
14 .\" Since the Linux kernel and libraries are constantly changing, this
15 .\" manual page may be incorrect or out-of-date. The author(s) assume.
16 .\" no responsibility for errors or omissions, or for damages resulting.
17 .\" from the use of the information contained herein. The author(s) may.
18 .\" not have taken the same level of care in the production of this.
19 .\" manual, which is licensed free of charge, as they might when working.
22 .\" Formatted or processed versions of this manual, if unaccompanied by
23 .\" the source, must acknowledge the copyright and authors of this work.
26 .TH GETRANDOM 2 2015-01-22 "Linux" "Linux Programmer's Manual"
28 getrandom \- obtain a series of random bytes
30 .B #include <linux/random.h>
32 .BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
36 system call fills the buffer pointed to by
41 These can be used to seed user-space random number generators
42 or for other cryptographic purposes.
45 relies on entropy gathered from device drivers and other sources of
47 Unnecessarily reading large quantities of data will have a negative impact
55 should not be used for Monte Carlo simulations or other
56 programs/algorithms which are doing probabilistic sampling.
60 draws entropy from the
63 This behavior can be changed via the
68 pool has been initialized, reading from that pool never blocks.
69 If the pool has not yet been initialized, then the call blocks, unless
76 argument is a bit mask that can contain zero or more of the following values
80 If this bit is set, then random bytes are drawn from the
87 pool is limited based on the entropy that can be obtained from environmental
89 If the number of available bytes in
91 is less than requested in
93 the call returns just the available random bytes.
94 If no random bytes are available, the behavior depends on the presence of
101 By default, if there are no random bytes available at all (when reading from
103 or the entropy pool has not yet been initialized (when reading from
106 blocks until data is available.
111 instead immediately returns \-1 with
118 returns the number of bytes that were copied to the buffer
120 This may be less than the number of bytes requested via
126 and insufficient entropy was present in the
128 pool, or if the system call was interrupted by a signal.
130 On error, \-1 is returned, and
132 is set appropriately.
136 An invalid flag was specified in
140 The address referred to by
142 is outside the accessible address space.
145 The requested entropy was not available, and
147 would have blocked if the
152 While blocked waiting for entropy, the call was interrupted by a signal
153 handler; see the description of how interrupted
155 calls on "slow" devices are handled with and without the
162 was introduced in version 3.17 of the Linux kernel.
164 This system call is Linux-specific.
166 .SS Interruption by a signal handler
169 can block only when called without the
176 blocking occurs only if the entropy pool has not been initialized yet.
181 blocking occurs if not enough random bytes are available.
183 The behavior when a call to
185 that is blocked while reading from
187 is interrupted by a signal handler
188 depends on the initialization state of the entropy buffer
189 and on the request size,
191 If the entropy is not yet initialized or the request size is large
192 .RI ( buflen "\ >\ 256),"
193 then the call will fail with the
196 If the entropy pool has been initialized and the request size is small
197 .RI ( buflen "\ <=\ 256),"
202 Instead, it will return all of the bytes that have been requested.
214 for small values (<=\ 256) of
216 is the preferred mode of usage.
218 The special treatment of small values of
220 was designed for compatibility with
228 always check the return value,
229 to determine whether either an error occurred
230 or fewer bytes than requested were returned.
235 is less than or equal to 256,
236 a return of fewer bytes than requested should never happen,
237 but the careful programmer will check for this anyway!
238 .SS Choice of random device
239 Unless you are doing long-term key generation (and perhaps not even
240 then), you probably shouldn't be using
242 The cryptographic algorithms used for
244 are quite conservative, and so should be sufficient for all purposes.
247 is that it can block.
248 Furthermore, dealing with the partially fulfilled
250 requests that can occur when using
252 increases code complexity.
253 .SS Emulating OpenBSD's getentropy()
256 system call in OpenBSD can be emulated using the following
262 getentropy(void *buf, size_t buflen)
268 ret = getrandom(buf, buflen, 0);
280 As of Linux 3.19, the following bug exists:
281 .\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16
283 Depending on CPU load,
285 does not react to interrupts before reading all bytes requested.