Dr. Matthias St. Pierre wrote in <450169f8ca7c43d1841c4c8052e78c72@Ex13.\ ncp.local>: |> So my concerns are: |> 1. Whether I really can count on getting a high-entropy PRNG across \ |> these various platforms, without any explicit initialization. | |Yes, for the mentioned platforms, the default configuration is `--with-r\ |and-seed=os`, which means the DRBG automatically seeds |and reseeds using os entropy sources. | |2. If something goes wrong with PRNG initialization, that it will fail \ |hard rather than fall back to something less secure. And if so how \ |I detect such a failure. | |If the (re-)seeding fails, the DRBG enters an error state. When you \ |try to generate random bytes it will detect the error state and try |automatically to heal the error state by reinstantiating. But if reseeding \ |fails, it will return and error code and not generate any pseudo random \ |bytes. | |Citing from the manual pages: ... | As a normal application developer, you do not have to worry about \ | any details, just use RAND_bytes(3) | to obtain random data. Having said that, there is one important rule \ | to obey: Always check the error | return value of RAND_bytes(3) and do not take randomness for granted. | | https://www.openssl.org/docs/man1.1.1/man7/RAND.html That is new however, _imho_. The wording of RAND_bytes(3) (still) says that "an error occurs [.if.] not [been] seeded with enough [data]", and RAND_status(3) returns 1 if the PRNG "has been seeded with enough data". So if it is seeded it is seeded, in my understanding anything further on up the road only mixes in noise (which likely will undergo further maths and be stirred into the pool, i have not looked, actually). I do not test RAND_bytes(3) return (yet), because i have ensured the PRNG is sufficiently seeded, and RAND_status(3) returns success, before RAND_bytes(3) is used the first time. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users