GETENTROPY(2) | System Calls Manual | GETENTROPY(2) |
getentropy
— get
entropy
#include
<sys/random.h>
int
getentropy
(void
*buf, size_t
buflen);
getentropy
()
fills a buffer with random data, which can be used as input for
process-context pseudorandom generators like
arc4random(3).
The maximum buffer size permitted is 256 bytes. If
buflen exceeds this, an error of
EIO
will be indicated.
getentropy
()
should be used as a replacement for
random(4) when random data derived
directly from the kernel random byte generator is required. Unlike the
random(4) pseudo-devices, it is not
vulnerable to file descriptor exhaustion attacks and is available when
sandboxed or in a chroot, making it more reliable for security-critical
applications.
However, it should be noted that
getentropy
()
is primarily intended for use in the construction and seeding of userspace
PRNGs like arc4random(3) or
CC_crypto(3). Clients who simply
require random data should use
arc4random(3),
CCRandomGenerateBytes
()
from CC_crypto(3), or
SecRandomCopyBytes
()
from the Security framework instead of getentropy
()
or random(4)
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.
getentropy
() will succeed unless:
The getentropy
() function appeared in OSX
10.12
October 2 2015 | macOS 15.2 |