GETENTROPY(2) BSD System Calls Manual GETENTROPY(2)
NAME
getentropy -- get entropy
SYNOPSIS
#include <sys/random.h>
int
getentropy(void *buf, size_t buflen);
DESCRIPTION
getentropy() fills a buffer with random data, which can be used as input for process-context pseudorandom generators like arc4random(3).
The maximum buffer size permitted is 256 bytes. If buflen exceeds this, an error of EIO will be indicated.
getentropy() should be used as a replacement for random(4) when random data derived directly from the kernel random byte generator is
required. Unlike the random(4) pseudo-devices, it is not vulnerable to file descriptor exhaustion attacks and is available when sandboxed or
in a chroot, making it more reliable for security-critical applications.
However, it should be noted that getentropy() is primarily intended for use in the construction and seeding of userspace PRNGs like
arc4random(3) or CC_crypto(3). Clients who simply require random data should use arc4random(3), CCRandomGenerateBytes() from CC_crypto(3),
or SecRandomCopyBytes() from the Security framework instead of getentropy() or random(4)
RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the
error.
ERRORS
getentropy() will succeed unless:
[EINVAL] The buf parameter points to an invalid address.
[EIO] Too many bytes requested, or some other fatal error occurred.
SEE ALSO
arc4random(3) CC_crypto(3) random(4)
HISTORY
The getentropy() function appeared in OSX 10.12
BSD
October 2 2015 BSD
