Updated: 2025/Nov/16
Please read Privacy Policy. It's for your privacy.
GETENTROPY(3) Library Functions Manual GETENTROPY(3)
NAME
getentropy - generate uniform random seeds from system entropy for
cryptography
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
getentropy(void *buf, size_t buflen);
#include <limits.h>
#define GETENTROPY_MAX 256
DESCRIPTION
The getentropy function fills buf with exactly buflen independent uniform
random bytes derived from the system's entropy pool.
The output of getentropy is meant to be unpredictable to an adversary and
fit for use in cryptography. See CAVEATS below.
getentropy is meant for seeding random number generators, not for direct
use by applications; most applications should use arc4random(3).
buflen must be at most 256.
RETURN VALUES
The getentropy() function returns the value 0 if successful; otherwise
the value -1 is returned and the global variable errno is set to indicate
the error.
ERRORS
getentropy will succeed unless:
[EFAULT] The buf argument points to an invalid memory address.
[EINVAL] More than 256 bytes were requested.
CAVEATS
Security can only be guaranteed relative to whatever unpredictable
physical processes or secret seed material are available to the system;
see entropy(7).
On systems which have no hardware random number generator and which have
not had secret seed material loaded, NetBSD makes a reasonable effort to
incorporate samples from various physical processes available to it that
might be unpredictable from random jitter in timing.
However, the getentropy interface alone can make no security guarantees
without a physical system configuration that includes random number
generation hardware or secret seed material from such hardware on another
machine.
NetBSD attempts to reseed the system entropy pool when it has detected
the system has been cloned as a guest in a virtual machine, so that
subsequent calls to getentropy in the clones yield independent outputs.
However, this relies on the virtual machine host to notify the guest,
e.g. through the acpivmgenid(4) device, and even so there is an
unavoidable small window of time between when the virtual machine is
actually cloned and when the system is reseeded during which getentropy
may yield identical outputs in the clones.
SEE ALSO
arc4random(3), rnd(4), entropy(7)
STANDARDS
The getentropy function conforms to IEEE Std 1003.1-2024 ("POSIX.1").
HISTORY
The getentropy function first appeared in OpenBSD 5.6, then in
FreeBSD 12.0, and in NetBSD 10.0.
NetBSD 11.99 August 28, 2024 NetBSD 11.99