NAME

getentropy — get entropy

SYNOPSIS

#include <sys/random.h>

int
getentropy(void *buf, size_t buflen);

DESCRIPTION

getentropy() fills a buffer with random data, which can be used as input for process-context pseudorandom generators like arc4random(3).

The maximum buffer size permitted is 256 bytes. If buflen exceeds this, an error of EIO will be indicated.

getentropy() should be used as a replacement for random(4) when random data derived directly from the kernel random byte generator is required. Unlike the random(4) pseudo-devices, it is not vulnerable to file descriptor exhaustion attacks and is available when sandboxed or in a chroot, making it more reliable for security-critical applications.

However, it should be noted that getentropy() is primarily intended for use in the construction and seeding of userspace PRNGs like arc4random(3) or CC_crypto(3). Clients who simply require random data should use arc4random(3), CCRandomGenerateBytes() from CC_crypto(3), or SecRandomCopyBytes() from the Security framework instead of getentropy() or random(4)

RETURN VALUES

Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.

ERRORS

getentropy() will succeed unless:

[EINVAL]

The buf parameter points to an invalid address.

[EIO]

Too many bytes requested, or some other fatal error occurred.

SEE ALSO

arc4random(3) CC_crypto(3) random(4)

HISTORY

The getentropy() function appeared in OSX 10.12