Entropy-supplying system calls

Entropy-supplying system calls are system calls in Unix-like operating system kernels through which processes can obtain entropic or random data. The first of these was, introduced to the OpenBSD operating system in release 5.6 (November 2014), as a refactoring of the sysctl(3) KERN_ARND approach used since 1997. Linux offers a very similar system call,, which was based on. It was first available in Linux 3.17, released in October 2014. In July 2015, Solaris introduced slightly modified versions of  and. In August 2015, FreeBSD introduced the  system call for obtaining random data from the kernel.

These system calls allow processes to access quality random data without opening and reading from randomness pseudo-devices.

Microsoft Windows'  and Apple iOS's   API are very similar. However, they are not implemented as system calls.

Motivation
Traditionally, Unix-like operating systems supply random data through two pseudo-devices:  and. However, safely and reliably reading random data from these devices can be difficult and complicated. For example, an attacker could interfere with a process's access to the pseudo-devices by opening all available file descriptors, or through a similar form of resource exhaustion attack. The use of these devices also interferes with privilege revocation. Unprivileged processes are often denied the ability to open and read files and devices, and the randomness devices are not even visible to chrooted processes.

The difficulty of using randomness pseudo-devices often leads developers to use standard library functions instead. Some of these, such as the C programming language's, POSIX's  , and  , are very unsafe when used for cryptography or similar applications, because these algorithms are actually deterministic, having been intentionally crippled to satisfy seed-reuse requirements through the interfaces  ,  , and.

A significant difference exists between these calls:  guarantees that random numbers will be returned immediately, without any blocking. It requires operating support which guarantees random data stream initialization at the earliest opportunity. To encourage other operating systems follow this model,  cannot indicate errors to the application. Other calls described here may return errors instead, or block indeterminately. Such blocking semantics have been implicated in significant problems.

As security becomes a more widespread priority in software development, quality randomness is used more often and in more contexts. Because of this, providing quality randomness is increasingly considered a core responsibility of the kernel. System calls are the traditional interface through which a process uses core kernel services, and kernels are therefore supporting accessing randomness through system calls.

Usage
Because it is faster and adds another layer of entropy mixing, it is usually suggested that processes use these syscalls' data through a userspace cryptographically secure pseudorandom number generator (CSPRNG) rather than assigning the retrieved data directly to variables. For this purpose, OpenBSD's C standard library includes the function, which programs are expected to call when they need random data. Like,   also may not block nor return an error.

This approach allows a program to fetch less entropy from the kernel without reducing the strength of its random data. The  system call is designed based on this assumption, supplying no more than 256 bytes per call.