> So my concerns are:
> 1. Whether I really can count on getting a high-entropy PRNG across these 
> various platforms, without any explicit initialization.

Yes, for the mentioned platforms, the default configuration is 
`--with-rand-seed=os`, which means the DRBG automatically seeds
and reseeds using os entropy sources.

2. If something goes wrong with PRNG initialization, that it will fail hard 
rather than fall back to something less secure. And if so how I detect such a 
failure.

If the (re-)seeding fails, the DRBG enters an error state. When you try to 
generate random bytes it will detect the error state and try
automatically to heal the error state by reinstantiating. But if reseeding 
fails, it will return and error code and not generate any pseudo random bytes.

Citing from the manual pages:

        OpenSSL comes with a default implementation of the RAND API which is 
based on the
        deterministic random bit generator (DRBG) model as described in [NIST 
SP 800-90A Rev. 1].
        The default random generator will initialize automatically on first use 
and will be fully functional
        without having to be initialized ('seeded') explicitly. It seeds and 
reseeds itself automatically using
        trusted random sources provided by the operating system.

        As a normal application developer, you do not have to worry about any 
details, just use RAND_bytes(3)
        to obtain random data. Having said that, there is one important rule to 
obey: Always check the error
        return value of RAND_bytes(3) and do not take randomness for granted.

        https://www.openssl.org/docs/man1.1.1/man7/RAND.html

(See also https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html)

Matthias

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to