Entropy Source for Openssl 3.8

Dr Paul Dale pauli at openssl.org
Tue Jul 11 23:40:25 UTC 2023


Manish et al,

If you create a provider that supplies an equivalent to EVP_RAND_seed 
that accesses your hardware entropy source, you can use this for both 
the FIPS and non-FIPS case.  Call RAND_set_seed_source_type() early on 
to use your seed source instead of the built in ones.  Alternatively, 
this can be done via configuration (search for "seed" in the config(5) 
man page for details).


Paul Dale


On 11/7/23 01:34, Manish Patidar wrote:
> Thanks Pauli for your response.
> Still I am not clear how to feed the h/w entropy  to openssl.
>
> For Non-fips mode ,  as per your suggestion, we have two option:
>
> 1. RAND_set_rand_method/RAND_set_rand_engine
>     Need implement method using EVP_RAND (EVP_RAND_fetch , 
> EVP_RAND_CTX_new, EVP_RAND_instantiate,  EVP_RAND_seed, 
> EVP_RAND_generate)
>     and set the method(RAND_set_rand_method)  to openssl
>     How to feed h/w entropy, using  EVP_RAND_seed ?
>
> 2. Write a new provider, if we can't use the above method
>     We can refer to test/testutil/fake_random.c ?
>     Internally, can we use EVP_RAND (AES_CTR DRBG)  in provider 
> implementation ?
>
> For Fips mode:
>     We need to use AES_CTR drbg,  how to provide hardware entropy to 
> FIPS providers.
>     How to replace "seed" source, can you please provide more details. ?
>
> Is it possible to have a common solution for both FIPS and non-FIPS 
> mode ?
>
> Regards
> Manish
>
> On Mon, Jun 26, 2023 at 3:18 AM Dr Paul Dale <pauli at openssl.org> wrote:
>
>     Both RAND_set_rand_method and RAND_set_rand_engine exist in 3.0.8.
>     They
>     are deprecated but I doubt they'll be removed for a long time --
>     per our
>     policies, they won't be before OpenSSL 4.0 is released.
>
>     If you really want to avoid these two, you will have to write a
>     provider
>     that implements access to the entropy source.  You can then use this
>     provider instead of OpenSSL's default sources.  I suggest looking
>     at the
>     "test" and "seed" randoms.
>
>     For FIPS usage, it would be easiest to replace the "seed" source and
>     this is outside the FIPS boundary.  If you RNG is FIPS validated, it
>     should be possible to use it directly, although the path is more
>     complex.
>
>
>     Pauli
>
>     On 25/6/23 07:34, Manish Patidar wrote:
>     > Hi
>     > I am using Openssl 3.8 on rtos,  we have harware random entropy
>     source
>     > for RNG.   In our env, Openssl used entropy source is not available.
>     >
>     > Look like  entropy callback which used to available in earlier
>     > versions, is no more supported.  I am wondering how to plungin
>     > hardware entropy to Openssl.
>     >
>     > We are going to use h/w entropy in fips mode also, so we need
>     solution
>     > which works for both mode.
>     >
>     > It will be really helpful if someone guide how to use h/w entropy
>     > source in openssl 3.8
>     >
>     > Regards
>     > Manish
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230712/d4b7e8dd/attachment.htm>


More information about the openssl-users mailing list