OpenSSL 3.0 - providing entropy to EVP_RAND ?

Dr Paul Dale pauli at openssl.org
Wed Apr 14 11:31:54 UTC 2021


For setting up a parent for a DRBG, look at 
/providers/implementations/rands/test_rng.c which produces seed material 
(test_rng_generate) and nonces (test_rng_nonce).  The built in DRBG's 
don't need the nonce, they will act as per SP800-90Ar1 section 9.1 with 
a nonce available from their parent. 
/providers/implementations/rands/seed_src.c is the OpenSSL seed source 
and it doesn't supply nonces.

For the CAVS tests, look at test/acvp_test.c or test/evp_test.c which 
both include code to run NISTs tests.


Pauli

On 14/4/21 8:47 pm, Bala Duvvuri wrote:
> 1> >>The best way to do this, is to create a provider which acts as a 
> seed source and to then use this as the parent of the primary DRBG. 
> See, for example, test/testutil/fakerandom.c for how to do this. The 
> key is to set up the seed source before the RNG subsystem is first used.
>
> In our case we provide the entropy and nonce from hardware sources (as 
> its on embedded platform) as requested by DRBG in older version.
> Now, if we setup a custom provider and use it as parent of the primary 
> DRBG, its not clear how the entropy and nonce from this provider will 
> be accessed, which API is invoked for the entropy/nonce consumption 
> (any specific callbacks set)? Can you please explain the steps or 
> example of the usage?
>
> 2> Also, we need set DRBG for CAVS test (Input: EntropyInput, Nonce, 
> PersonalizationString, AdditionalInput, EntropyInputPR, 
> AdditionalInput, EntropyInputPR), with OpenSSL 1.1.1, the below steps 
> were done:
>
> RAND_DRBG_new(NID_aes_256_ctr, RAND_DRBG_FLAGS, NULL);
> RAND_DRBG_set_callbacks // This will setup to return the provided 
> entropy and nonce inputs
> RAND_DRBG_instantiate // Pass personalization string.
> RAND_DRBG_generate
>
> Can you kindly let me know the equivalent steps with OpenSSL 3.0?
>
>
> Thank you for your help in this.
>
> Thanks
> Bala
>
> On Wednesday, 24 March, 2021, 11:56:18 am IST, Dr Paul Dale 
> <pauli at openssl.org> wrote:
>
>
> RAND_add() forces a reseed to the DRBGs and uses the passed material 
> (not as entropy but as additional input).
>
> EVP_RAND_reseed() is a more direct interface but remember that the 
> built in DRBGs are free to ignore what the user claims is /entropy/.  
> History has shown us time and again that /entropy/ is often anything but.
>
> The *best* way to do this, is to create a provider which acts as a 
> seed source and to then use this as the parent of the primary DRBG.  
> See, for example, test/testutil/fakerandom.c for how to do this.  The 
> key is to set up the seed source before the RNG subsystem is first used.
>
> If you simply want to replace the built-in DRBGs with a real random 
> source, create a provider and set the appropriate environment/config 
> variables.
>
>
> Pauli
>
>
> On 24/3/21 4:14 pm, Bala Duvvuri via openssl-users wrote:
>> Hi All,In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for entropy and nonce generation.How can this be achieved with EVP_RAND implementation i.e. does it allow entropy to be provided? ThanksBala
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210414/963a5272/attachment.html>


More information about the openssl-users mailing list