<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font color="#d00505">Comments inline.</font><br>
<font color="#d00505"><br>
Pauli<br>
</font><br>
<div class="moz-cite-prefix">On 15/4/21 12:09 am, Bala Duvvuri
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1433467435.2017681.1618409383479@mail.yahoo.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div> HI Paul,<br>
<br>
Thanks a lot for your response, thank you for pointing to
/providers/implementations/rands/test_rng.c and the code to run
NIST test.<br>
<br>
Still finding it a bit difficult to wrap around these new APIs<br>
<br>
In the old implementation using OpenSSL 1.1.1, to generate
random numbers:<br>
<br>
a> we have set the callback for custom entropy (using
RAND_DRBG_set_callbacks) for the RAND_DRBG_get0_master() DRBG
instance (DRBG defaulted to CTR mode)<br>
b> Also we have set the personalization string using
RAND_DRBG_instantiate and the reseed interval to 1 using
RAND_DRBG_set_reseed_interval for both master and public/private
DRBG<br>
c> RAND_bytes is used to avail random numbers.<br>
<br>
""In summary, we want to use the CTR_DRBG implementation and
provide our custom entropy/nonce from hardware""<br>
<br>
I am not sure if my understanding is clear, can you please let
me know this basic question how to go about this in OpenSSL 3.0?<br>
<br>
1>Will I be able to use the built in DRBG and set a new
custom provider for the built in DRBG as parent?<br>
</div>
</blockquote>
<br>
<font color="#d00505">Yes, exactly. This is what I've been saying.</font><br>
<br>
<br>
<blockquote type="cite"
cite="mid:1433467435.2017681.1618409383479@mail.yahoo.com">
<div>2> OR, is this the approach I need to follow<br>
<br>
rand = EVP_RAND_fetch(NULL, "CTR-DRBG", NULL);<br>
<br>
Can you let me know how can I link this "rand" to new parent
that I setup ?<br>
</div>
</blockquote>
<br>
<font color="#d00505">You can't link DRBG's to parents after
creation. This code will use the OpenSSL built in entropy source
and you won't be able to change it.<br>
</font><br>
<blockquote type="cite"
cite="mid:1433467435.2017681.1618409383479@mail.yahoo.com">
<div><br>
3> >> The built in DRBG's don't need the nonce, they
will act as per SP800-90Ar1 section 9.1 with a nonce available
from their parent. <br>
/providers/implementations/rands/seed_src.c is the OpenSSL seed
source and it doesn't supply nonces.<br>
<br>
So does the built in DRBG need a nonce as above statements are
contradictory?<br>
</div>
</blockquote>
<br>
<font color="#d00505">It can accept a nonce. However, if one isn't
provided it uses a random once grabbed from it's parent via the
generate call. The latter path is easier.<br>
<br>
</font><br>
<blockquote type="cite"
cite="mid:1433467435.2017681.1618409383479@mail.yahoo.com">
<div>4> Also, where is the drbg_data defined/looked up in this
case for the test data vectors<br>
<br>
0 acvp_test.c 1341 const struct drbg_st *tst =
&drbg_data[id];<br>
1 acvp_test.c 1468 ADD_ALL_TESTS(drbg_test,
OSSL_NELEM(drbg_data));<br>
</div>
</blockquote>
<br>
<font color="#d00505">Try:<br>
</font>
<blockquote><font color="#d00505"><font size="+1" face="monospace">grep
drbg_data test/*</font></font><br>
</blockquote>
<br>
<br>
<blockquote type="cite"
cite="mid:1433467435.2017681.1618409383479@mail.yahoo.com">
<div>Thanks<br>
Bala<br>
<br>
</div>
<div class="yahoo_quoted" style="margin:10px 0px 0px
0.8ex;border-left:1px solid #ccc;padding-left:1ex;">
<div style="font-family:'Helvetica Neue', Helvetica, Arial,
sans-serif;font-size:13px;color:#26282a;">
<div> On Wednesday, 14 April, 2021, 05:02:22 pm IST, Dr Paul
Dale <a class="moz-txt-link-rfc2396E" href="mailto:pauli@openssl.org"><pauli@openssl.org></a> wrote: </div>
<div><br>
</div>
<div><br>
</div>
<div>
<div id="yiv4894925252">
<div> For setting up a parent for a DRBG, look at
/providers/implementations/rands/test_rng.c which
produces seed material (test_rng_generate) and nonces
(test_rng_nonce). The built in DRBG's don't need the
nonce, they will act as per SP800-90Ar1 section 9.1 with
a nonce available from their parent.
/providers/implementations/rands/seed_src.c is the
OpenSSL seed source and it doesn't supply nonces.<br
clear="none">
<br clear="none">
For the CAVS tests, look at test/acvp_test.c or
test/evp_test.c which both include code to run NISTs
tests.<br clear="none">
<br clear="none">
<br clear="none">
Pauli<br clear="none">
<br clear="none">
<div class="yiv4894925252yqt0138045905"
id="yiv4894925252yqt46005">
<div class="yiv4894925252moz-cite-prefix">On 14/4/21
8:47 pm, Bala Duvvuri wrote:<br clear="none">
</div>
<blockquote type="cite"> </blockquote>
</div>
</div>
<div class="yiv4894925252yqt0138045905"
id="yiv4894925252yqt88607">
<div>
<div> 1> >>The best way to do this, is to
create a provider which acts as a seed source and to
then use this as the parent of the primary DRBG.
See, for example, test/testutil/fakerandom.c for how
to do this. The key is to set up the seed source
before the RNG subsystem is first used.<br
clear="none">
<br clear="none">
In our case we provide the entropy and nonce from
hardware sources (as its on embedded platform) as
requested by DRBG in older version.<br clear="none">
Now, if we setup a custom provider and use it as
parent of the primary DRBG, its not clear how the
entropy and nonce from this provider will be
accessed, which API is invoked for the entropy/nonce
consumption (any specific callbacks set)? Can you
please explain the steps or example of the usage?<br
clear="none">
<br clear="none">
2> Also, we need set DRBG for CAVS test (Input:
EntropyInput, Nonce, PersonalizationString,
AdditionalInput, EntropyInputPR, AdditionalInput,
EntropyInputPR), with OpenSSL 1.1.1, the below steps
were done:<br clear="none">
<br clear="none">
RAND_DRBG_new(NID_aes_256_ctr, RAND_DRBG_FLAGS,
NULL);<br clear="none">
RAND_DRBG_set_callbacks // This will setup to return
the provided entropy and nonce inputs<br
clear="none">
RAND_DRBG_instantiate // Pass personalization
string.<br clear="none">
RAND_DRBG_generate<br clear="none">
<br clear="none">
Can you kindly let me know the equivalent steps with
OpenSSL 3.0?<br clear="none">
<br clear="none">
<br clear="none">
Thank you for your help in this.<br clear="none">
<br clear="none">
Thanks<br clear="none">
Bala<br clear="none">
<br clear="none">
</div>
<div class="yiv4894925252yahoo_quoted"
style="margin:10px 0px 0px 0.8ex;border-left:1px
solid #ccc;padding-left:1ex;">
<div style="font-family:'Helvetica Neue', Helvetica,
Arial, sans-serif;font-size:13px;color:#26282a;">
<div> On Wednesday, 24 March, 2021, 11:56:18 am
IST, Dr Paul Dale <a rel="nofollow noopener
noreferrer" shape="rect"
class="yiv4894925252moz-txt-link-rfc2396E"
ymailto="mailto:pauli@openssl.org"
target="_blank"
href="mailto:pauli@openssl.org"
moz-do-not-send="true"><pauli@openssl.org></a>
wrote: </div>
<div><br clear="none">
</div>
<div><br clear="none">
</div>
<div>
<div id="yiv4894925252">
<div> RAND_add() forces a reseed to the DRBGs
and uses the passed material (not as entropy
but as additional input).<br clear="none">
<br clear="none">
EVP_RAND_reseed() is a more direct interface
but remember that the built in DRBGs are
free to ignore what the user claims is <i>entropy</i>.
History has shown us time and again that <i>entropy</i>
is often anything but.<br clear="none">
<br clear="none">
The <b>best</b> way to do this, is to
create a provider which acts as a seed
source and to then use this as the parent of
the primary DRBG. See, for example, <font
face="monospace">test/testutil/fakerandom.c</font>
for how to do this. The key is to set up
the seed source before the <font
face="monospace">RNG</font> subsystem is
first used.<br clear="none">
<br clear="none">
If you simply want to replace the built-in
DRBGs with a real random source, create a
provider and set the appropriate
environment/config variables.<br
clear="none">
<br clear="none">
<br clear="none">
Pauli<br clear="none">
<br clear="none">
<br clear="none">
<div class="yiv4894925252yqt3838012062"
id="yiv4894925252yqt31614">
<div class="yiv4894925252moz-cite-prefix">On
24/3/21 4:14 pm, Bala Duvvuri via
openssl-users wrote:<br clear="none">
</div>
<blockquote type="cite">
<pre class="yiv4894925252moz-quote-pre">Hi All,In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for entropy and nonce generation.How can this be achieved with EVP_RAND implementation i.e. does it allow entropy to be provided? ThanksBala</pre>
</blockquote>
</div>
<br clear="none">
</div>
</div>
</div>
</div>
</div>
<br clear="none">
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>