GETENTROPY(3) | Library Functions Manual | GETENTROPY(3) |
getentropy
—
#include <unistd.h>
int
getentropy
(void
*buf, size_t
buflen);
#include
<limits.h>
#define GETENTROPY_MAX 256
getentropy
function fills buf
with exactly buflen independent uniform random bytes
derived from the system's entropy pool.
The output of getentropy
is meant to be
unpredictable to an adversary and fit for use in cryptography. See
CAVEATS below.
getentropy
is meant for seeding random
number generators, not for direct use by applications; most applications
should use
arc4random(3).
buflen must be at most 256.
getentropy
() function returns the value 0 if
successful; otherwise the value -1 is returned and the global variable
errno is set to indicate the error.
getentropy
will succeed unless:
On systems which have no hardware random number generator and which have not had secret seed material loaded, NetBSD makes a reasonable effort to incorporate samples from various physical processes available to it that might be unpredictable from random jitter in timing.
However, the getentropy
interface alone
can make no security guarantees without a physical system configuration that
includes random number generation hardware or secret seed material from such
hardware on another machine.
NetBSD attempts to reseed the system
entropy pool when it has detected the system has been cloned as a guest in a
virtual machine, so that subsequent calls to
getentropy
in the clones yield independent outputs.
However, this relies on the virtual machine host to notify the guest, e.g.
through the
acpivmgenid(4) device,
and even so there is an unavoidable small window of time between when the
virtual machine is actually cloned and when the system is reseeded during
which getentropy
may yield identical outputs in the
clones.
getentropy
function conforms to
IEEE Std 1003.1-2024 (“POSIX.1”).
getentropy
function first appeared in
OpenBSD 5.6, then in FreeBSD
12.0, and in NetBSD 10.0.
August 28, 2024 | NetBSD 10.1 |