GETENTROPY(2) System Calls Manual GETENTROPY(2)

getentropyget entropy

#include <sys/random.h>

int
getentropy(void *buf, size_t buflen);

() fills a buffer with random data, which can be used as input for process-context pseudorandom generators like arc4random(3).

The maximum buffer size permitted is 256 bytes. If buflen exceeds this, an error of EIO will be indicated.

() should be used as a replacement for random(4) when random data derived directly from the kernel random byte generator is required. Unlike the random(4) pseudo-devices, it is not vulnerable to file descriptor exhaustion attacks and is available when sandboxed or in a chroot, making it more reliable for security-critical applications.

However, it should be noted that () is primarily intended for use in the construction and seeding of userspace PRNGs like arc4random(3) or CC_crypto(3). Clients who simply require random data should use arc4random(3), () from CC_crypto(3), or () from the Security framework instead of getentropy() or random(4)

Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.

getentropy() will succeed unless:

[]
The buf parameter points to an invalid address.
[]
Too many bytes requested, or some other fatal error occurred.

arc4random(3) CC_crypto(3) random(4)

The getentropy() function appeared in OSX 10.12

October 2 2015 macOS 15.2