1 .\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
2 .\" Copyright (C) 2014,2015 Heinrich Schuchardt <xypron.glpk@gmx.de>
3 .\" Copyright (C) 2015, Michael Kerrisk <tmk.manpages@gmail.com>
5 .\" %%%LICENSE_START(VERBATIM)
6 .\" Permission is granted to make and distribute verbatim copies of this
7 .\" manual provided the copyright notice and this permission notice are
8 .\" preserved on all copies.
10 .\" Permission is granted to copy and distribute modified versions of
11 .\" this manual under the conditions for verbatim copying, provided that
12 .\" the entire resulting derived work is distributed under the terms of
13 .\" a permission notice identical to this one.
15 .\" Since the Linux kernel and libraries are constantly changing, this
16 .\" manual page may be incorrect or out-of-date. The author(s) assume.
17 .\" no responsibility for errors or omissions, or for damages resulting.
18 .\" from the use of the information contained herein. The author(s) may.
19 .\" not have taken the same level of care in the production of this.
20 .\" manual, which is licensed free of charge, as they might when working.
23 .\" Formatted or processed versions of this manual, if unaccompanied by
24 .\" the source, must acknowledge the copyright and authors of this work.
27 .TH GETRANDOM 2 2015-01-22 "Linux" "Linux Programmer's Manual"
29 getrandom \- obtain a series of random bytes
31 .B #include <linux/random.h>
33 .BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
37 system call fills the buffer pointed to by
42 These bytes can be used to seed user-space random number generators
43 or for cryptographic purposes.
46 relies on entropy gathered from device drivers and other sources of
48 Unnecessarily reading large quantities of data will have a negative impact
56 should not be used for Monte Carlo simulations or other
57 programs/algorithms which are doing probabilistic sampling.
61 draws entropy from the
64 This behavior can be changed via the
69 pool has been initialized,
70 reads of up to 256 bytes will always return as many bytes as
71 requested and will not be interrupted by signals.
72 No such guarantees apply for larger buffer sizes.
73 For example, if the call is interrupted by a signal handler,
74 it may return a partially filled buffer, or fail with the error
76 If the pool has not yet been initialized, then the call blocks, unless
83 argument is a bit mask that can contain zero or more of the following values
87 If this bit is set, then random bytes are drawn from the
94 pool is limited based on the entropy that can be obtained from environmental
96 If the number of available bytes in
98 is less than requested in
100 the call returns just the available random bytes.
101 If no random bytes are available, the behavior depends on the presence of
108 By default, when reading from
111 blocks if no random bytes are available,
112 and when reading from
114 it blocks if the entropy pool has not yet been initialized.
119 does not block in these cases, but instead immediately returns \-1 with
126 returns the number of bytes that were copied to the buffer
128 This may be less than the number of bytes requested via
134 and insufficient entropy was present in the
136 pool, or if the system call was interrupted by a signal.
138 On error, \-1 is returned, and
140 is set appropriately.
144 An invalid flag was specified in
148 The address referred to by
150 is outside the accessible address space.
153 The requested entropy was not available, and
155 would have blocked if the
160 The call was interrupted by a signal
161 handler; see the description of how interrupted
163 calls on "slow" devices are handled with and without the
170 was introduced in version 3.17 of the Linux kernel.
172 This system call is Linux-specific.
174 .SS Maximum number of bytes returned
175 As of Linux 3.19 the following limits apply:
179 a maximum of 33554431 bytes is returned by a single call to
183 has a size of 32 bits.
187 a maximum of 512 bytes is returned.
188 .SS Initialization of the entropy pool
189 The kernel collects bits of entropy from environment.
190 When a sufficient number of random bits has been collected, the
192 entropy pool is considered to be initialized.
193 This state is normally reached early in the system bootstrap phase.
194 .SS Interruption by a signal handler
200 will block until the entropy pool has been initialized
204 If a request is made to read a large number (more than 256) of bytes,
206 will block until those bytes have been generated and transferred
207 from kernel memory to
214 will block until some random bytes become available
219 The behavior when a call to
221 that is blocked while reading from
223 is interrupted by a signal handler
224 depends on the initialization state of the entropy buffer
225 and on the request size,
227 If the entropy is not yet initialized, then the call will fail with the
230 If the entropy pool has been initialized
231 and the request size is large
232 .RI ( buflen "\ >\ 256),"
233 the call either succeeds, returning a partially filled buffer,
234 or fails with the error
236 If the entropy pool has been initialized and the request size is small
237 .RI ( buflen "\ <=\ 256),"
242 Instead, it will return all of the bytes that have been requested.
246 blocking requests of any size can be interrupted by a signal
247 (the call fails with the error
254 for small values (<=\ 256) of
256 is the preferred mode of usage.
258 The special treatment of small values of
260 was designed for compatibility with
268 always check the return value,
269 to determine whether either an error occurred
270 or fewer bytes than requested were returned.
275 is less than or equal to 256,
276 a return of fewer bytes than requested should never happen,
277 but the careful programmer will check for this anyway!
278 .SS Choice of random device
279 Unless you are doing long-term key generation (and perhaps not even
280 then), you probably shouldn't be using
282 The cryptographic algorithms used for
284 are quite conservative, and so should be sufficient for all purposes.
287 is that it can block.
288 Furthermore, dealing with the partially fulfilled
290 requests that can occur when using
292 increases code complexity.
293 .SS Emulating OpenBSD's getentropy()
296 system call in OpenBSD can be emulated using the following
302 getentropy(void *buf, size_t buflen)
308 ret = getrandom(buf, buflen, 0);
320 As of Linux 3.19, the following bug exists:
321 .\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16
323 Depending on CPU load,
325 does not react to interrupts before reading all bytes requested.
331 This page is part of release 3.79 of the Linux
334 A description of the project,
335 information about reporting bugs,
336 and the latest version of this page,
338 \%http://www.kernel.org/doc/man\-pages/.