Entropy Source for Openssl 3.8

Dr Paul Dale pauli at openssl.org
Wed Aug 30 22:51:23 UTC 2023 

Manish,

The code there is somewhat confused by the way the FIPS provider gathers 
it's entropy.
It doesn't access the seed source directly, instead it has call-backs 
into libcrypto to request entropy.
The critical function is ossl_rand_get_entropy in 
crypto/rand/prov_seed.c.  This function satisfies the FIPS provider's 
request for entropy and it doesn't access the seed source specified, 
instead it goes directly to OpenSSL's internal entropy gathering.

So, no there isn't a way to do what you want.

It wasn't intended to operate this way and I'll look at producing a fix.

Pauli

On 31/8/23 03:59, Manish Patidar wrote:
> Hi Paul,
> I have created provider for entropy and  set the seed source 
> using RAND_set_seed_source_type(). This is working fine non-fips mode 
> but its not working in fips mode.
>
> Look like, entropy provider can't be used in fips mode.
>
> RAND_bytes_ex - > RAND_get0_public - > RAND_get0_primary :
> Code which get entropy from provider is under #ifndef FIPS_MODULE
> #ifndef FIPS_MODULE
>  If (dgbl->seed == NULL) {
>        dgbl->seed = rand_new_seed(ctx)
> }
> #endif
> dbgl->primary = rand_new_drbg(ctx, dbgl->seed)
>
> In non-fips mode, dbgl->seed is not null (act as parent) but in fips 
> mode it is NULL and parent is null.
>
> Is this correct?
> Is there any way to set custom entropy source in fips mode?
>
> Regards
> Manish
>
>
> On Wed, 12 Jul 2023, 5:10 am Dr Paul Dale, <pauli at openssl.org> wrote:
>
>     Manish et al,
>
>     If you create a provider that supplies an equivalent to
>     EVP_RAND_seed that accesses your hardware entropy source, you can
>     use this for both the FIPS and non-FIPS case. Call
>     RAND_set_seed_source_type() early on to use your seed source
>     instead of the built in ones.  Alternatively, this can be done via
>     configuration (search for "seed" in the config(5) man page for
>     details).
>
>
>     Paul Dale
>
>
>     On 11/7/23 01:34, Manish Patidar wrote:
>>     Thanks Pauli for your response.
>>     Still I am not clear how to feed the h/w entropy  to openssl.
>>
>>     For Non-fips mode ,  as per your suggestion, we have two option:
>>
>>     1. RAND_set_rand_method/RAND_set_rand_engine
>>         Need implement method using EVP_RAND (EVP_RAND_fetch ,
>>     EVP_RAND_CTX_new, EVP_RAND_instantiate,  EVP_RAND_seed,
>>     EVP_RAND_generate)
>>         and set the method(RAND_set_rand_method)  to openssl
>>         How to feed h/w entropy, using  EVP_RAND_seed ?
>>
>>     2. Write a new provider, if we can't use the above method
>>         We can refer to test/testutil/fake_random.c ?
>>         Internally, can we use EVP_RAND (AES_CTR DRBG)  in provider
>>     implementation ?
>>
>>     For Fips mode:
>>         We need to use AES_CTR drbg,  how to provide hardware entropy
>>     to FIPS providers.
>>         How to replace "seed" source, can you please provide more
>>     details. ?
>>
>>     Is it possible to have a common solution for both FIPS and
>>     non-FIPS mode ?
>>
>>     Regards
>>     Manish
>>
>>     On Mon, Jun 26, 2023 at 3:18 AM Dr Paul Dale <pauli at openssl.org>
>>     wrote:
>>
>>         Both RAND_set_rand_method and RAND_set_rand_engine exist in
>>         3.0.8. They
>>         are deprecated but I doubt they'll be removed for a long time
>>         -- per our
>>         policies, they won't be before OpenSSL 4.0 is released.
>>
>>         If you really want to avoid these two, you will have to write
>>         a provider
>>         that implements access to the entropy source.  You can then
>>         use this
>>         provider instead of OpenSSL's default sources.  I suggest
>>         looking at the
>>         "test" and "seed" randoms.
>>
>>         For FIPS usage, it would be easiest to replace the "seed"
>>         source and
>>         this is outside the FIPS boundary.  If you RNG is FIPS
>>         validated, it
>>         should be possible to use it directly, although the path is
>>         more complex.
>>
>>
>>         Pauli
>>
>>         On 25/6/23 07:34, Manish Patidar wrote:
>>         > Hi
>>         > I am using Openssl 3.8 on rtos,  we have harware random
>>         entropy source
>>         > for RNG.   In our env, Openssl used entropy source is not
>>         available.
>>         >
>>         > Look like  entropy callback which used to available in earlier
>>         > versions, is no more supported.  I am wondering how to plungin
>>         > hardware entropy to Openssl.
>>         >
>>         > We are going to use h/w entropy in fips mode also, so we
>>         need solution
>>         > which works for both mode.
>>         >
>>         > It will be really helpful if someone guide how to use h/w
>>         entropy
>>         > source in openssl 3.8
>>         >
>>         > Regards
>>         > Manish
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230831/1a9f4a01/attachment.htm>

More information about the openssl-users mailing list