diff --git a/CMakeLists.txt b/CMakeLists.txt
index 51d56ae1..aae0633a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,8 +8,6 @@ option(BUILD_SHARED_LIBS "Build using shared libraries" OFF)
 
 include_directories(include)
 
-
-
 set(src
 	src/version.c
 	src/debug.c
@@ -76,62 +74,63 @@ set(src
 )
 
 option(ENABLE_SM3_AVX_BMI2 "Enable SM3 AVX+BMI2 assembly implementation" OFF)
-
-
 if (ENABLE_SM3_AVX_BMI2)
 	enable_language(ASM)
 	list(APPEND src src/sm3_avx_bmi2.s)
 endif()
 
-option(ENABLE_SM4_AESNI_AVX "Enable SM4 AESNI+AVX assembly implementation" OFF)
 
+option(ENABLE_SM4_AESNI_AVX "Enable SM4 AESNI+AVX assembly implementation" OFF)
 if (ENABLE_SM4_AESNI_AVX)
 	list(APPEND src src/sm4_aesni_avx.c)
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=native")
 endif()
 
-if (WIN32)
-	list(APPEND src src/u_time.c)
-	list(APPEND src src/rand_win.c)
-else()
-	list(APPEND src src/rand.c)
-endif()
 
+option(ENABLE_BROKEN_CRYPTO "Enable broken crypto algorithms" OFF)
 set(broken_crypto_src
 	src/des.c
 	src/sha1.c
 	src/md5.c
 	src/rc4.c
 )
-
-option(ENABLE_BROKEN_CRYPTO "Enable broken crypto algorithms" OFF)
-
 if (ENABLE_BROKEN_CRYPTO)
 	list(APPEND src ${broken_crypto_src})
 endif()
 
 option(ENABLE_RDRND "Enable Intel RDRND instructions" OFF)
-
 if (${CMAKE_SYSTEM_PROCESSOR} MATCHES x86_64)
 	set(ENABLE_RDRND ON)
 endif()
-
 if (ENABLE_RDRND)
 	list(APPEND src src/rdrand.c)
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd -mrdseed")
 endif()
 
+
+if (WIN32)
+	list(APPEND src src/u_time.c)
+	list(APPEND src src/rand_win.c)
+elseif (APPLE)
+	list(APPEND src src/rand_apple.c)
+else()
+	list(APPEND src src/rand_unix.c)
+endif()
+
+add_library(gmssl ${src})
+
 if (WIN32)
 	set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON)
-	add_library(gmssl ${src})
+elseif (APPLE)
+	target_link_libraries(gmssl dl)
+	target_link_libraries(gmssl "-framework Security")
+	#target_link_libraries(gmssl "-framework CoreFoundation") # rand_apple.c CFRelease()
+elseif (MINGW)
+	target_link_libraries(gmssl PRIVATE wsock32)
 else()
-	add_library(gmssl ${src})
 	target_link_libraries(gmssl dl)
 endif()
 
-if(MINGW)
-	target_link_libraries(gmssl PRIVATE wsock32)
-endif()
 
 SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.0 SOVERSION 3)
 
diff --git a/include/gmssl/rand.h b/include/gmssl/rand.h
index 4742c0d0..6b11f916 100644
--- a/include/gmssl/rand.h
+++ b/include/gmssl/rand.h
@@ -28,9 +28,6 @@ Rand Public API
 
 int rand_bytes(uint8_t *buf, size_t buflen);
 
-int rdrand_bytes(uint8_t *buf, size_t buflen);
-int rdseed_bytes(uint8_t *buf, size_t buflen);
-
 
 #ifdef __cplusplus
 }
diff --git a/include/gmssl/rdrand.h b/include/gmssl/rdrand.h
new file mode 100644
index 00000000..b8930f42
--- /dev/null
+++ b/include/gmssl/rdrand.h
@@ -0,0 +1,30 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_RDRAND_H
+#define GMSSL_RDRAND_H
+
+#include <stdint.h>
+#include <stdlib.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+int rdrand_bytes(uint8_t *buf, size_t buflen);
+int rdseed_bytes(uint8_t *buf, size_t buflen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/src/rand.c b/src/rand.c
deleted file mode 100644
index 5e34ada7..00000000
--- a/src/rand.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/rand.h>
-#include <gmssl/error.h>
-
-#define RAND_MAX_BUF_SIZE 4096
-
-int rand_bytes(uint8_t *buf, size_t len)
-{
-	FILE *fp;
-	if (!buf) {
-		error_print();
-		return -1;
-	}
-	if (len > RAND_MAX_BUF_SIZE) {
-		error_print();
-		return -1;
-	}
-	if (!len) {
-		return 0;
-	}
-
-	if (!(fp = fopen("/dev/urandom", "rb"))) {
-		error_print();
-		return -1;
-	}
-	if (fread(buf, 1, len, fp) != len) {
-		error_print();
-		fclose(fp);
-		return -1;
-	}
-	fclose(fp);
-	return 1;
-}
diff --git a/src/rand_apple.c b/src/rand_apple.c
index 1c2bb0b8..1b249dd6 100644
--- a/src/rand_apple.c
+++ b/src/rand_apple.c
@@ -20,12 +20,15 @@ int rand_bytes(uint8_t *buf, size_t len)
 {
 	int errCode;
 	if ((errCode = SecRandomCopyBytes(kSecRandomDefault, len, buf)) != errSecSuccess) {
-		//CFStringRef errStr;
-		//errStr = SecCopyErrorMessageString(errCode, NULL);
-		//CFRelease(errStr);
 		error_print();
+		fprintf(stderr, "%s:%d: SecRandomCopyBytes() return OSStatus = %d\n", __FILE__, __LINE__, errCode);
+		/*
+		CFStringRef errStr;
+		errStr = SecCopyErrorMessageString(errCode, NULL);
+		fprintf(stderr, "error: %s\n", CFStringGetCStringPtr(errStr, kCFStringEncodingMacRoman));
+		CFRelease(errStr); // -framework CoreFoundation
+		*/
 		return -1;
 	}
 	return 1;
 }
-
diff --git a/src/rand_unix.c b/src/rand_unix.c
index a660dcdd..9f741dda 100644
--- a/src/rand_unix.c
+++ b/src/rand_unix.c
@@ -14,7 +14,9 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <unistd.h> // in Linux
-//#include <sys/random.h> // in Apple
+#ifdef APPLE
+#include <sys/random.h> // in Apple
+#endif
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
 
@@ -37,4 +39,3 @@ int rand_bytes(uint8_t *buf, size_t len)
 	}
 	return 1;
 }
-