OpenSSL 3.0 - providing entropy to EVP_RAND ?
Dr Paul Dale
pauli at openssl.org
Wed Apr 14 11:31:54 UTC 2021
For setting up a parent for a DRBG, look at
/providers/implementations/rands/test_rng.c which produces seed material
(test_rng_generate) and nonces (test_rng_nonce). The built in DRBG's
don't need the nonce, they will act as per SP800-90Ar1 section 9.1 with
a nonce available from their parent.
/providers/implementations/rands/seed_src.c is the OpenSSL seed source
and it doesn't supply nonces.
For the CAVS tests, look at test/acvp_test.c or test/evp_test.c which
both include code to run NISTs tests.
Pauli
On 14/4/21 8:47 pm, Bala Duvvuri wrote:
> 1> >>The best way to do this, is to create a provider which acts as a
> seed source and to then use this as the parent of the primary DRBG.
> See, for example, test/testutil/fakerandom.c for how to do this. The
> key is to set up the seed source before the RNG subsystem is first used.
>
> In our case we provide the entropy and nonce from hardware sources (as
> its on embedded platform) as requested by DRBG in older version.
> Now, if we setup a custom provider and use it as parent of the primary
> DRBG, its not clear how the entropy and nonce from this provider will
> be accessed, which API is invoked for the entropy/nonce consumption
> (any specific callbacks set)? Can you please explain the steps or
> example of the usage?
>
> 2> Also, we need set DRBG for CAVS test (Input: EntropyInput, Nonce,
> PersonalizationString, AdditionalInput, EntropyInputPR,
> AdditionalInput, EntropyInputPR), with OpenSSL 1.1.1, the below steps
> were done:
>
> RAND_DRBG_new(NID_aes_256_ctr, RAND_DRBG_FLAGS, NULL);
> RAND_DRBG_set_callbacks // This will setup to return the provided
> entropy and nonce inputs
> RAND_DRBG_instantiate // Pass personalization string.
> RAND_DRBG_generate
>
> Can you kindly let me know the equivalent steps with OpenSSL 3.0?
>
>
> Thank you for your help in this.
>
> Thanks
> Bala
>
> On Wednesday, 24 March, 2021, 11:56:18 am IST, Dr Paul Dale
> <pauli at openssl.org> wrote:
>
>
> RAND_add() forces a reseed to the DRBGs and uses the passed material
> (not as entropy but as additional input).
>
> EVP_RAND_reseed() is a more direct interface but remember that the
> built in DRBGs are free to ignore what the user claims is /entropy/.
> History has shown us time and again that /entropy/ is often anything but.
>
> The *best* way to do this, is to create a provider which acts as a
> seed source and to then use this as the parent of the primary DRBG.
> See, for example, test/testutil/fakerandom.c for how to do this. The
> key is to set up the seed source before the RNG subsystem is first used.
>
> If you simply want to replace the built-in DRBGs with a real random
> source, create a provider and set the appropriate environment/config
> variables.
>
>
> Pauli
>
>
> On 24/3/21 4:14 pm, Bala Duvvuri via openssl-users wrote:
>> Hi All,In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for entropy and nonce generation.How can this be achieved with EVP_RAND implementation i.e. does it allow entropy to be provided? ThanksBala
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210414/963a5272/attachment.html>
More information about the openssl-users
mailing list