> So my concerns are:
> 1. Whether I really can count on getting a high-entropy PRNG across these
> various platforms, without any explicit initialization.
Yes, for the mentioned platforms, the default configuration is
`--with-rand-seed=os`, which means the DRBG automatically seeds
and reseeds using os entropy sources.
2. If something goes wrong with PRNG initialization, that it will fail hard
rather than fall back to something less secure. And if so how I detect such a
failure.
If the (re-)seeding fails, the DRBG enters an error state. When you try to
generate random bytes it will detect the error state and try
automatically to heal the error state by reinstantiating. But if reseeding
fails, it will return and error code and not generate any pseudo random bytes.
Citing from the manual pages:
OpenSSL comes with a default implementation of the RAND API which is
based on the
deterministic random bit generator (DRBG) model as described in [NIST
SP 800-90A Rev. 1].
The default random generator will initialize automatically on first use
and will be fully functional
without having to be initialized ('seeded') explicitly. It seeds and
reseeds itself automatically using
trusted random sources provided by the operating system.
As a normal application developer, you do not have to worry about any
details, just use RAND_bytes(3)
to obtain random data. Having said that, there is one important rule to
obey: Always check the error
return value of RAND_bytes(3) and do not take randomness for granted.
https://www.openssl.org/docs/man1.1.1/man7/RAND.html
(See also https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html)
Matthias
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
