1 .\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
2 .\" Copyright (C) 2014,2015 Heinrich Schuchardt <xypron.glpk@gmx.de>
3 .\" Copyright (C) 2015, Michael Kerrisk <mtk.manpages@gmail.com>
5 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
7 .TH getrandom 2 (date) "Linux man-pages (unreleased)"
9 getrandom \- obtain a series of random bytes
12 .RI ( libc ", " \-lc )
15 .B #include <sys/random.h>
17 .BI "ssize_t getrandom(void " buf [. buflen "], size_t " buflen ", \
18 unsigned int " flags );
23 system call fills the buffer pointed to by
28 These bytes can be used to seed user-space random number generators
29 or for cryptographic purposes.
33 draws entropy from the
35 source (i.e., the same source as the
38 This behavior can be changed via the
44 source has been initialized,
45 reads of up to 256 bytes will always return as many bytes as
46 requested and will not be interrupted by signals.
47 No such guarantees apply for larger buffer sizes.
48 For example, if the call is interrupted by a signal handler,
49 it may return a partially filled buffer, or fail with the error
54 source has not yet been initialized, then
63 argument is a bit mask that can contain zero or more of the following values
67 If this bit is set, then random bytes are drawn from the
70 (i.e., the same source as the
78 source is limited based on the entropy that can be obtained from environmental
80 If the number of available bytes in the
82 source is less than requested in
84 the call returns just the available random bytes.
85 If no random bytes are available, the behavior depends on the presence of
92 By default, when reading from the
96 blocks if no random bytes are available,
97 and when reading from the
99 source, it blocks if the entropy pool has not yet been initialized.
104 does not block in these cases, but instead immediately returns \-1 with
111 returns the number of bytes that were copied to the buffer
113 This may be less than the number of bytes requested via
119 and insufficient entropy was present in the
121 source or the system call was interrupted by a signal.
123 On error, \-1 is returned, and
125 is set to indicate the error.
129 The requested entropy was not available, and
131 would have blocked if the
136 The address referred to by
138 is outside the accessible address space.
141 The call was interrupted by a signal
142 handler; see the description of how interrupted
144 calls on "slow" devices are handled with and without the
151 An invalid flag was specified in
155 The glibc wrapper function for
157 determined that the underlying kernel does not implement this system call.
160 was introduced in Linux 3.17.
161 Support was added in glibc 2.25.
163 This system call is Linux-specific.
165 For an overview and comparison of the various interfaces that
166 can be used to obtain randomness, see
174 does not involve the use of pathnames or file descriptors.
177 can be useful in cases where
182 and where an application (e.g., a daemon during start-up)
183 closes a file descriptor for one of these files
184 that was opened by a library.
186 .SS Maximum number of bytes returned
187 As of Linux 3.19 the following limits apply:
189 When reading from the
191 source, a maximum of 33554431 bytes is returned by a single call to
195 has a size of 32 bits.
197 When reading from the
199 source, a maximum of 512 bytes is returned.
200 .SS Interruption by a signal handler
201 When reading from the
207 will block until the entropy pool has been initialized
211 If a request is made to read a large number of bytes (more than 256),
213 will block until those bytes have been generated and transferred
214 from kernel memory to
216 When reading from the
222 will block until some random bytes become available
227 The behavior when a call to
229 that is blocked while reading from the
231 source is interrupted by a signal handler
232 depends on the initialization state of the entropy buffer
233 and on the request size,
235 If the entropy is not yet initialized, then the call fails with the
238 If the entropy pool has been initialized
239 and the request size is large
240 .RI ( buflen "\ >\ 256),"
241 the call either succeeds, returning a partially filled buffer,
242 or fails with the error
244 If the entropy pool has been initialized and the request size is small
245 .RI ( buflen "\ <=\ 256),"
250 Instead, it will return all of the bytes that have been requested.
252 When reading from the
254 source, blocking requests of any size can be interrupted by a signal handler
255 (the call fails with the error
260 to read small buffers (<=\ 256 bytes) from the
262 source is the preferred mode of usage.
264 The special treatment of small values of
266 was designed for compatibility with
269 which is nowadays supported by glibc.
274 always check the return value,
275 to determine whether either an error occurred
276 or fewer bytes than requested were returned.
281 is less than or equal to 256,
282 a return of fewer bytes than requested should never happen,
283 but the careful programmer will check for this anyway!
285 As of Linux 3.19, the following bug exists:
286 .\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16
288 Depending on CPU load,
290 does not react to interrupts before reading all bytes requested.