[openssl-users] RNG behavior by default

[Kurt Roeckx]

On Thu, Jan 03, 2019 at 11:03:01AM -0500, Mike Blaguszewski wrote:
> I am using the EVP API (version 1.1.1) for performing public key and symmetric key operations across a variety of platforms (macOS, Windows, Linux, iOS and Android). I am currently not doing anything to explicitly seed OpenSSL’s random number generator. My understanding is that the default behavior <https://www.openssl.org/blog/blog/2017/08/12/random/> should be cryptographically secure.
> 
> So my concerns are:
> 1. Whether I really can count on getting a high-entropy PRNG across these various platforms, without any explicit initialization.
> 2. If something goes wrong with PRNG initialization, that it will fail hard rather than fall back to something less secure. And if so how I detect such a failure.
> 
> Our current implementation uses libsodium, which relies on the usual system calls to generate entropy, so if I can count on OpenSSL always doing this then I’m happy. 

It will make use of system calls when available. Those are known
to provide system calls:
- Linux since 3.17
- Darwin since 16 (OSX 10.12, IOS 10.0).
- Solaris since 11.3
- OpenBSD since 5.6
- FreeBSD since 12.0 (1200061)

By default it will fall back to use something like /dev/urandom if
the system call is not available or returns an error.

On Windows we are also using the system provided entropy by using
function calls.

You do not need to do anything to initialize RNG. It will
automatically initiailze on first use.

It will hard fail when it's not able to get entropy.

Since it now reseeds from time to time, it can actually start to
fail after having run succesfully for some time. But it's very
unlikely that you would run into that, by default we should make
sure that we can always get entropy.


Kurt