rand interface while upgrading openssl

[Michael Wojcik]

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Chitrang Srivastava
> Sent: Tuesday, April 16, 2019 08:24

> I need suggestion regarding random number interface , earlier we were using  RAND_METHOD.

That's a mechanism for telling OpenSSL what mechanism to use for its cryptographically-strong pseudorandom number generator (CPRNG).

> Can I still use the same mechanism? Because I see new code rand folder contains OS specific
> implementation of
>
> rand_pool_acquire_entropy
> rand_pool_add_nonce_data
> rand_pool_add_additional_data

That's part of OpenSSL's mechanism for getting entropy for the CPRNG. The CPRNG needs this, but they are not the same thing.

> As I understand , above function also needs to be ported?

I believe you'll need some implementation of them, but I haven't poked around this corner of the OpenSSL 1.1 sources.

> Any document to start with porting random number to any platform.

The CPRNG seeding mechanism is cryptographically sensitive, and should not be implemented by a non-expert. What does your existing implementation do to provide entropy for the OpenSSL CPRNG? If the answer is "nothing" (or something that's not adequately opaque to an attacker), then your product has seriously flawed security. An attacker who can guess the entropy for the CPRNG pool can break your encryption.

It will also be platform-specific (though some mechanisms will exist on multiple platforms), so there can't be much guidance on doing it for "any platform".

The literature on seeding CPRNGs is fairly extensive. It's often a challenge for embedded applications, particularly SOC-based ones which may not have much in the way of internal noise sources such as clock skew. Some CPUs have entropy sources, such as Intel's RDRAND; if you trust them (and in an embedded application you may not have much choice) you can use that.

--
Michael Wojcik
Distinguished Engineer, Micro Focus