1=pod 2 3=head1 NAME 4 5RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes - generate random data 6 7=head1 SYNOPSIS 8 9 #include <openssl/rand.h> 10 11 int RAND_bytes(unsigned char *buf, int num); 12 int RAND_priv_bytes(unsigned char *buf, int num); 13 14Deprecated: 15 16 #if OPENSSL_API_COMPAT < 0x10100000L 17 int RAND_pseudo_bytes(unsigned char *buf, int num); 18 #endif 19 20=head1 DESCRIPTION 21 22RAND_bytes() generates B<num> random bytes using a cryptographically 23secure pseudo random generator (CSPRNG) and stores them in B<buf>. 24 25RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to 26be used for generating values that should remain private. If using the 27default RAND_METHOD, this function uses a separate "private" PRNG 28instance so that a compromise of the "public" PRNG instance will not 29affect the secrecy of these private values, as described in L<RAND(7)> 30and L<RAND_DRBG(7)>. 31 32=head1 NOTES 33 34By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it 35was able to seed itself from a trusted entropy source. 36On all major platforms supported by OpenSSL (including the Unix-like platforms 37and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use 38using the operating systems's random generator. 39 40If the entropy source fails or is not available, the CSPRNG will enter an 41error state and refuse to generate random bytes. For that reason, it is important 42to always check the error return value of RAND_bytes() and RAND_priv_bytes() and 43not take randomness for granted. 44 45On other platforms, there might not be a trusted entropy source available 46or OpenSSL might have been explicitly configured to use different entropy sources. 47If you are in doubt about the quality of the entropy source, don't hesitate to ask 48your operating system vendor or post a question on GitHub or the openssl-users 49mailing list. 50 51=head1 RETURN VALUES 52 53RAND_bytes() and RAND_priv_bytes() 54return 1 on success, -1 if not supported by the current 55RAND method, or 0 on other failure. The error code can be 56obtained by L<ERR_get_error(3)>. 57 58=head1 SEE ALSO 59 60L<RAND_add(3)>, 61L<RAND_bytes(3)>, 62L<RAND_priv_bytes(3)>, 63L<ERR_get_error(3)>, 64L<RAND(7)>, 65L<RAND_DRBG(7)> 66 67=head1 HISTORY 68 69=over 2 70 71=item * 72 73RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead. 74 75=item * 76 77The RAND_priv_bytes() function was added in OpenSSL 1.1.1. 78 79=back 80 81=head1 COPYRIGHT 82 83Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. 84 85Licensed under the OpenSSL license (the "License"). You may not use 86this file except in compliance with the License. You can obtain a copy 87in the file LICENSE in the source distribution or at 88L<https://www.openssl.org/source/license.html>. 89 90=cut 91