Does macOS still use Yarrow as it's cryptographically secure pseudorandom number generator?
Yarrow is gone.
The kernel CPRNG is a Fortuna-derived design targeting a 256-bit security level.
https://support.apple.com/en-ie/guide/security/seca0c73a75b/1/web/1
Ok! So I mailed Craig Federighi recently about this, concerned that macOS wasn’t capable of generating >128bit quality keys.
He responded!
‘The source you were referencing is out of date. You can find more current informations here: FIPS certification document, section 7: "The NDRNG feeds entropy from the pool into the DRBG on demand. The NDRNG provides 256-bits of entropy.”’
What a legend.
So yup, macOS and iOS are both capable of generating 256 bit entropy and creating quality CS keys for both ECC and Symmetric Key crypto.
EDIT: Apple confirmed the kernel CPRNG is a Fortuna-derived design targeting a 256-bit security level.
It seems as of 10.14 Apple are still using Yarrow.
The source of xnu-4903.221.2/osfmk/prng/random.h says "...we retain Yarrow." and the subsequent code is conditioned on Yarrow being hard coded true:
void early_random_cpu_init(int cpu);
/*
* Wrapper for requesting a CCKPRNG operation.
* This macro makes the DRBG call with pre-emption disabled to ensure that
* any attempt to block will cause a panic. And the operation is timed and
* cannot exceed 10msec (for development kernels).
* But skip this while we retain Yarrow.
*/
#define YARROW 1
#if YARROW
#define PRNG_CCKPRNG(op) \
MACRO_BEGIN \
op; \
MACRO_END
#else
Assuming it is up to date, man random
on 10.14.5 confirms this:
The random device implements the Yarrow pseudo random number generator algorithm and maintains its entropy pool. The kernel automatically seeds the algorithm with additional entropy during normal execution.
Whether Yarrow is sufficient or not seems to be covered in your other question.