Entropy Source for Openssl 3.8

Wed Aug 30 17:59:02 UTC 2023

Hi Paul,
I have created provider for entropy and  set the seed source
using RAND_set_seed_source_type(). This is working fine non-fips mode but
its not working in fips mode.

Look like, entropy provider can't be used in fips mode.

RAND_bytes_ex - > RAND_get0_public - > RAND_get0_primary :
Code which get entropy from provider is under #ifndef FIPS_MODULE
#ifndef FIPS_MODULE
 If (dgbl->seed == NULL) {
       dgbl->seed = rand_new_seed(ctx)
}
#endif
dbgl->primary = rand_new_drbg(ctx, dbgl->seed)

In non-fips mode, dbgl->seed is not null (act as parent) but in fips mode
it is NULL and parent is null.

Is this correct?
Is there any way to set custom entropy source in fips mode?

Regards
Manish

On Wed, 12 Jul 2023, 5:10 am Dr Paul Dale, <pauli at openssl.org> wrote:

> Manish et al,
>
> If you create a provider that supplies an equivalent to EVP_RAND_seed that
> accesses your hardware entropy source, you can use this for both the FIPS
> and non-FIPS case.  Call RAND_set_seed_source_type() early on to use your
> seed source instead of the built in ones.  Alternatively, this can be done
> via configuration (search for "seed" in the config(5) man page for details).
>
>
> Paul Dale
>
>
> On 11/7/23 01:34, Manish Patidar wrote:
>
> Thanks Pauli for your response.
> Still I am not clear how to feed the h/w entropy  to openssl.
>
> For Non-fips mode ,  as per your suggestion, we have two option:
>
> 1. RAND_set_rand_method/RAND_set_rand_engine
>     Need implement method using EVP_RAND (EVP_RAND_fetch ,
> EVP_RAND_CTX_new, EVP_RAND_instantiate,  EVP_RAND_seed, EVP_RAND_generate)
>     and set the method(RAND_set_rand_method)  to openssl
>     How to feed h/w entropy, using  EVP_RAND_seed ?
>
> 2. Write a new provider, if we can't use the above method
>     We can refer to test/testutil/fake_random.c ?
>     Internally, can we use EVP_RAND (AES_CTR DRBG)  in provider
> implementation ?
>
> For Fips mode:
>     We need to use AES_CTR drbg,  how to provide hardware entropy to FIPS
> providers.
>     How to replace "seed" source, can you please provide more details. ?
>
> Is it possible to have a common solution for both FIPS and non-FIPS mode ?
>
> Regards
> Manish
>
> On Mon, Jun 26, 2023 at 3:18 AM Dr Paul Dale <pauli at openssl.org> wrote:
>
>> Both RAND_set_rand_method and RAND_set_rand_engine exist in 3.0.8. They
>> are deprecated but I doubt they'll be removed for a long time -- per our
>> policies, they won't be before OpenSSL 4.0 is released.
>>
>> If you really want to avoid these two, you will have to write a provider
>> that implements access to the entropy source.  You can then use this
>> provider instead of OpenSSL's default sources.  I suggest looking at the
>> "test" and "seed" randoms.
>>
>> For FIPS usage, it would be easiest to replace the "seed" source and
>> this is outside the FIPS boundary.  If you RNG is FIPS validated, it
>> should be possible to use it directly, although the path is more complex.
>>
>>
>> Pauli
>>
>> On 25/6/23 07:34, Manish Patidar wrote:
>> > Hi
>> > I am using Openssl 3.8 on rtos,  we have harware random entropy source
>> > for RNG.   In our env, Openssl used entropy source is not available.
>> >
>> > Look like  entropy callback which used to available in earlier
>> > versions, is no more supported.  I am wondering how to plungin
>> > hardware entropy to Openssl.
>> >
>> > We are going to use h/w entropy in fips mode also, so we need solution
>> > which works for both mode.
>> >
>> > It will be really helpful if someone guide how to use h/w entropy
>> > source in openssl 3.8
>> >
>> > Regards
>> > Manish
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230830/5ab4029c/attachment.htm>