Entropy Source for Openssl 3.8
Dr Paul Dale
pauli at openssl.org
Thu Aug 31 22:56:31 UTC 2023
Manish,
The quick fix would be to not call to ossl_prov_get_entropy() in
crngt_get_entropy() and to use your source in its place.
Dr Paul Dale
On 1/9/23 05:49, Manish Patidar wrote:
> So currently, there is no way to provide custom entropy in FIPS mode.
> I have tried remove the FIPS Module macro in RAND_get0_primary but
> EVP_RAND_fetch is failed in rand_new_seed
>
> Can you please suggest changes in OpenSSL so that it takes entropy
> from custom provider.
>
> As we will go FIPS certification for our product, we can modify the
> OpenSSL code.
>
> Regards
> Manish
>
> On Thu, 31 Aug 2023, 4:21 am Dr Paul Dale, <pauli at openssl.org> wrote:
>
> Manish,
>
> The code there is somewhat confused by the way the FIPS provider
> gathers it's entropy.
> It doesn't access the seed source directly, instead it has
> call-backs into libcrypto to request entropy.
> The critical function is ossl_rand_get_entropy in
> crypto/rand/prov_seed.c. This function satisfies the FIPS
> provider's request for entropy and it doesn't access the seed
> source specified, instead it goes directly to OpenSSL's internal
> entropy gathering.
>
> So, no there isn't a way to do what you want.
>
> It wasn't intended to operate this way and I'll look at producing
> a fix.
>
> Pauli
>
> On 31/8/23 03:59, Manish Patidar wrote:
>> Hi Paul,
>> I have created provider for entropy and set the seed source
>> using RAND_set_seed_source_type(). This is working fine non-fips
>> mode but its not working in fips mode.
>>
>> Look like, entropy provider can't be used in fips mode.
>>
>> RAND_bytes_ex - > RAND_get0_public - > RAND_get0_primary :
>> Code which get entropy from provider is under #ifndef FIPS_MODULE
>> #ifndef FIPS_MODULE
>> If (dgbl->seed == NULL) {
>> dgbl->seed = rand_new_seed(ctx)
>> }
>> #endif
>> dbgl->primary = rand_new_drbg(ctx, dbgl->seed)
>>
>> In non-fips mode, dbgl->seed is not null (act as parent) but in
>> fips mode it is NULL and parent is null.
>>
>> Is this correct?
>> Is there any way to set custom entropy source in fips mode?
>>
>> Regards
>> Manish
>>
>>
>> On Wed, 12 Jul 2023, 5:10 am Dr Paul Dale, <pauli at openssl.org> wrote:
>>
>> Manish et al,
>>
>> If you create a provider that supplies an equivalent to
>> EVP_RAND_seed that accesses your hardware entropy source, you
>> can use this for both the FIPS and non-FIPS case. Call
>> RAND_set_seed_source_type() early on to use your seed source
>> instead of the built in ones. Alternatively, this can be done
>> via configuration (search for "seed" in the config(5) man
>> page for details).
>>
>>
>> Paul Dale
>>
>>
>> On 11/7/23 01:34, Manish Patidar wrote:
>>> Thanks Pauli for your response.
>>> Still I am not clear how to feed the h/w entropy to openssl.
>>>
>>> For Non-fips mode , as per your suggestion, we have two option:
>>>
>>> 1. RAND_set_rand_method/RAND_set_rand_engine
>>> Need implement method using EVP_RAND (EVP_RAND_fetch ,
>>> EVP_RAND_CTX_new, EVP_RAND_instantiate, EVP_RAND_seed,
>>> EVP_RAND_generate)
>>> and set the method(RAND_set_rand_method) to openssl
>>> How to feed h/w entropy, using EVP_RAND_seed ?
>>>
>>> 2. Write a new provider, if we can't use the above method
>>> We can refer to test/testutil/fake_random.c ?
>>> Internally, can we use EVP_RAND (AES_CTR DRBG) in
>>> provider implementation ?
>>>
>>> For Fips mode:
>>> We need to use AES_CTR drbg, how to provide hardware
>>> entropy to FIPS providers.
>>> How to replace "seed" source, can you please provide
>>> more details. ?
>>>
>>> Is it possible to have a common solution for both FIPS and
>>> non-FIPS mode ?
>>>
>>> Regards
>>> Manish
>>>
>>> On Mon, Jun 26, 2023 at 3:18 AM Dr Paul Dale
>>> <pauli at openssl.org> wrote:
>>>
>>> Both RAND_set_rand_method and RAND_set_rand_engine exist
>>> in 3.0.8. They
>>> are deprecated but I doubt they'll be removed for a long
>>> time -- per our
>>> policies, they won't be before OpenSSL 4.0 is released.
>>>
>>> If you really want to avoid these two, you will have to
>>> write a provider
>>> that implements access to the entropy source. You can
>>> then use this
>>> provider instead of OpenSSL's default sources. I
>>> suggest looking at the
>>> "test" and "seed" randoms.
>>>
>>> For FIPS usage, it would be easiest to replace the
>>> "seed" source and
>>> this is outside the FIPS boundary. If you RNG is FIPS
>>> validated, it
>>> should be possible to use it directly, although the path
>>> is more complex.
>>>
>>>
>>> Pauli
>>>
>>> On 25/6/23 07:34, Manish Patidar wrote:
>>> > Hi
>>> > I am using Openssl 3.8 on rtos, we have harware
>>> random entropy source
>>> > for RNG. In our env, Openssl used entropy source is
>>> not available.
>>> >
>>> > Look like entropy callback which used to available in
>>> earlier
>>> > versions, is no more supported. I am wondering how to
>>> plungin
>>> > hardware entropy to Openssl.
>>> >
>>> > We are going to use h/w entropy in fips mode also, so
>>> we need solution
>>> > which works for both mode.
>>> >
>>> > It will be really helpful if someone guide how to use
>>> h/w entropy
>>> > source in openssl 3.8
>>> >
>>> > Regards
>>> > Manish
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230901/27216e5b/attachment.htm>
More information about the openssl-users
mailing list