GETENTROPY(2)                 System Calls Manual                GETENTROPY(2)

NAME
     getentropy – get entropy

SYNOPSIS
     #include <sys/random.h>

     int
     getentropy(void *buf, size_t buflen);

DESCRIPTION
     getentropy() fills a buffer with random data, which can be used as input
     for process-context pseudorandom generators like arc4random(3).

     The maximum buffer size permitted is 256 bytes.  If buflen exceeds this,
     an error of EIO will be indicated.

     getentropy() should be used as a replacement for random(4) when random
     data derived directly from the kernel random byte generator is required.
     Unlike the random(4) pseudo-devices, it is not vulnerable to file
     descriptor exhaustion attacks and is available when sandboxed or in a
     chroot, making it more reliable for security-critical applications.

     However, it should be noted that getentropy() is primarily intended for
     use in the construction and seeding of userspace PRNGs like arc4random(3)
     or CC_crypto(3).  Clients who simply require random data should use
     arc4random(3), CCRandomGenerateBytes() from CC_crypto(3), or
     SecRandomCopyBytes() from the Security framework instead of getentropy()
     or random(4)

RETURN VALUES
     Upon successful completion, the value 0 is returned; otherwise the
     value -1 is returned and the global variable errno is set to indicate the
     error.

ERRORS
     getentropy() will succeed unless:

     [EINVAL]           The buf parameter points to an invalid address.

     [EIO]              Too many bytes requested, or some other fatal error
                        occurred.

SEE ALSO
     arc4random(3) CC_crypto(3) random(4)

HISTORY
     The getentropy() function appeared in OSX 10.12

macOS 15.2                      October 2 2015                      macOS 15.2