Again, the operation is very similar to the other APIs. During initialization, the struct sockaddr data structure must be filled as follows:

struct sockaddr_alg sa = {
	.salg_family = AF_ALG,
	.salg_type = "rng", /* this selects the symmetric cipher */
	.salg_name = "drbg_nopr_sha256" /* this is the cipher name */
};
    

Depending on the RNG type, the RNG must be seeded. The seed is provided using the setsockopt interface to set the key. For example, the ansi_cprng requires a seed. The DRBGs do not require a seed, but may be seeded.

Using the read()/recvmsg() system calls, random numbers can be obtained. The kernel generates at most 128 bytes in one call. If user space requires more data, multiple calls to read()/recvmsg() must be made.

WARNING: The user space caller may invoke the initially mentioned accept system call multiple times. In this case, the returned file descriptors have the same state.