OpenSSL 3.0 - providing entropy to EVP_RAND ?

Bala Duvvuri b_duvvuri at yahoo.com
Wed Apr 14 10:47:33 UTC 2021


 1> >>The best way to do this, is to create a provider which acts as a seed source and to then use this as the parent of the primary DRBG. See, for example, test/testutil/fakerandom.c for how to do this. The key is to set up the seed source before the RNG subsystem is first used.

In our case we provide the entropy and nonce from hardware sources (as its on embedded platform) as requested by DRBG in older version.
Now, if we setup a custom provider and use it as parent of the primary DRBG, its not clear how the entropy and nonce from this provider will be accessed, which API is invoked for the entropy/nonce consumption (any specific callbacks set)? Can you please explain the steps or example of the usage?

2> Also, we need set DRBG for CAVS test (Input: EntropyInput, Nonce, PersonalizationString, AdditionalInput, EntropyInputPR, AdditionalInput, EntropyInputPR), with OpenSSL 1.1.1, the below steps were done:

RAND_DRBG_new(NID_aes_256_ctr, RAND_DRBG_FLAGS, NULL);
RAND_DRBG_set_callbacks // This will setup to return the provided entropy and nonce inputs
RAND_DRBG_instantiate // Pass personalization string.
RAND_DRBG_generate

Can you kindly let me know the equivalent steps with OpenSSL 3.0?


Thank you for your help in this.

Thanks
Bala

     On Wednesday, 24 March, 2021, 11:56:18 am IST, Dr Paul Dale <pauli at openssl.org> wrote:  
 
  RAND_add() forces a reseed to the DRBGs and uses the passed material (not as entropy but as additional input).
 
 EVP_RAND_reseed() is a more direct interface but remember that the built in DRBGs are free to ignore what the user claims is entropy.  History has shown us time and again that entropy is often anything but.
 
 The best way to do this, is to create a provider which acts as a seed source and to then use this as the parent of the primary DRBG.  See, for example, test/testutil/fakerandom.c for how to do this.  The key is to set up the seed source before the RNG subsystem is first used.
 
 If you simply want to replace the built-in DRBGs with a real random source, create a provider and set the appropriate environment/config variables.
 
 
 Pauli
 
 
 On 24/3/21 4:14 pm, Bala Duvvuri via openssl-users wrote:
  
 Hi All,In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for entropy and nonce generation.How can this be achieved with EVP_RAND implementation i.e. does it allow entropy to be provided? ThanksBala 
 
   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210414/1dd537e1/attachment-0001.html>


More information about the openssl-users mailing list