<div>                Thank you for all the help, got this working.<br><br>Thanks<br>Bala<br>            </div>            <div class="yahoo_quoted" style="margin:10px 0px 0px 0.8ex;border-left:1px solid #ccc;padding-left:1ex;">                        <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">                                <div>                    On Thursday, 15 April, 2021, 04:02:10 am IST, Dr Paul Dale <pauli@openssl.org> wrote:                </div>                <div><br></div>                <div><br></div>                <div><div id="yiv8409399438"><div>    <font color="#d00505">Comments inline.</font><br clear="none">    <font color="#d00505"><br clear="none">      Pauli<br clear="none">    </font><br clear="none">    <div class="yiv8409399438moz-cite-prefix">On 15/4/21 12:09 am, Bala Duvvuri      wrote:<br clear="none">    </div>    <blockquote type="cite">      </blockquote></div><div><div> HI Paul,<br clear="none">        <br clear="none">        Thanks a lot for your response, thank you for pointing to        /providers/implementations/rands/test_rng.c and the code to run        NIST test.<br clear="none">        <br clear="none">        Still finding it a bit difficult to wrap around these new APIs<br clear="none">        <br clear="none">        In the old implementation using OpenSSL 1.1.1, to generate        random numbers:<br clear="none">        <br clear="none">        a> we have set the callback for custom entropy (using        RAND_DRBG_set_callbacks) for the RAND_DRBG_get0_master() DRBG        instance (DRBG defaulted to CTR mode)<br clear="none">        b> Also we have set the personalization string using        RAND_DRBG_instantiate and the reseed interval to 1 using        RAND_DRBG_set_reseed_interval for both master and public/private        DRBG<br clear="none">        c> RAND_bytes is used to avail random numbers.<br clear="none">        <br clear="none">        ""In summary, we want to use the CTR_DRBG implementation and        provide our custom entropy/nonce from hardware""<br clear="none">        <br clear="none">        I am not sure if my understanding is clear, can you please let        me know this basic question how to go about this in OpenSSL 3.0?<br clear="none">        <br clear="none">        1>Will I be able to use the built in DRBG and set a new        custom provider for the built in DRBG as parent?<br clear="none">      </div>        <br clear="none">    <font color="#d00505">Yes, exactly.  This is what I've been saying.</font><br clear="none">    <br clear="none">    <br clear="none">    <blockquote type="cite">      <div>2> OR, is this the approach I need to follow<br clear="none">        <br clear="none">        rand = EVP_RAND_fetch(NULL, "CTR-DRBG", NULL);<br clear="none">        <br clear="none">        Can you let me know how can I link this "rand" to new parent        that I setup ?<br clear="none">      </div>    </blockquote>    <br clear="none">    <font color="#d00505">You can't link DRBG's to parents after      creation.  This code will use the OpenSSL built in entropy source      and you won't be able to change it.<br clear="none">    </font><br clear="none">    <blockquote type="cite">      <div><br clear="none">        3> >> The built in DRBG's don't need the nonce, they        will act as per SP800-90Ar1 section 9.1 with a nonce available        from their parent. <br clear="none">        /providers/implementations/rands/seed_src.c is the OpenSSL seed        source and it doesn't supply nonces.<br clear="none">        <br clear="none">        So does the built in DRBG need a nonce as above statements are        contradictory?<br clear="none">      </div>    </blockquote>    <br clear="none">    <font color="#d00505">It can accept a nonce.  However, if one isn't      provided it uses a random once grabbed from it's parent via the      generate call.  The latter path is easier.<br clear="none">      <br clear="none">    </font><br clear="none">    <blockquote type="cite">      <div>4> Also, where is the drbg_data defined/looked up in this        case for the test data vectors<br clear="none">        <br clear="none">        0 acvp_test.c 1341 const struct drbg_st *tst =        &drbg_data[id];<br clear="none">        1 acvp_test.c 1468 ADD_ALL_TESTS(drbg_test,        OSSL_NELEM(drbg_data));<br clear="none">      </div>    </blockquote>    <br clear="none">    <font color="#d00505">Try:<br clear="none">    </font>    <blockquote><font color="#d00505"><font size="+1" face="monospace">grep          drbg_data test/*</font></font><div class="yiv8409399438yqt7752808023" id="yiv8409399438yqtfd99120"><br clear="none">    </div></blockquote><div class="yiv8409399438yqt7752808023" id="yiv8409399438yqtfd12505">    <br clear="none">    <br clear="none">    <blockquote type="cite">      <div>Thanks<br clear="none">        Bala<br clear="none">        <br clear="none">      </div>      <div class="yiv8409399438yahoo_quoted" style="margin:10px 0px 0px 0.8ex;border-left:1px solid #ccc;padding-left:1ex;">        <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">          <div> On Wednesday, 14 April, 2021, 05:02:22 pm IST, Dr Paul            Dale <a rel="nofollow noopener noreferrer" shape="rect" class="yiv8409399438moz-txt-link-rfc2396E" ymailto="mailto:pauli@openssl.org" target="_blank" href="mailto:pauli@openssl.org"><pauli@openssl.org></a> wrote: </div>          <div><br clear="none">          </div>          <div><br clear="none">          </div>          <div>            <div id="yiv8409399438">              <div> For setting up a parent for a DRBG, look at                /providers/implementations/rands/test_rng.c which                produces seed material (test_rng_generate) and nonces                (test_rng_nonce).  The built in DRBG's don't need the                nonce, they will act as per SP800-90Ar1 section 9.1 with                a nonce available from their parent.                 /providers/implementations/rands/seed_src.c is the                OpenSSL seed source and it doesn't supply nonces.<br clear="none">                <br clear="none">                For the CAVS tests, look at test/acvp_test.c or                test/evp_test.c which both include code to run NISTs                tests.<br clear="none">                <br clear="none">                <br clear="none">                Pauli<br clear="none">                <br clear="none">                <div class="yiv8409399438yqt0138045905" id="yiv8409399438yqt46005">                  <div class="yiv8409399438moz-cite-prefix">On 14/4/21                    8:47 pm, Bala Duvvuri wrote:<br clear="none">                  </div>                  <blockquote type="cite"> </blockquote>                </div>              </div>              <div class="yiv8409399438yqt0138045905" id="yiv8409399438yqt88607">                <div>                  <div> 1> >>The best way to do this, is to                    create a provider which acts as a seed source and to                    then use this as the parent of the primary DRBG.                    See, for example, test/testutil/fakerandom.c for how                    to do this. The key is to set up the seed source                    before the RNG subsystem is first used.<br clear="none">                    <br clear="none">                    In our case we provide the entropy and nonce from                    hardware sources (as its on embedded platform) as                    requested by DRBG in older version.<br clear="none">                    Now, if we setup a custom provider and use it as                    parent of the primary DRBG, its not clear how the                    entropy and nonce from this provider will be                    accessed, which API is invoked for the entropy/nonce                    consumption (any specific callbacks set)? Can you                    please explain the steps or example of the usage?<br clear="none">                    <br clear="none">                    2> Also, we need set DRBG for CAVS test (Input:                    EntropyInput, Nonce, PersonalizationString,                    AdditionalInput, EntropyInputPR, AdditionalInput,                    EntropyInputPR), with OpenSSL 1.1.1, the below steps                    were done:<br clear="none">                    <br clear="none">                    RAND_DRBG_new(NID_aes_256_ctr, RAND_DRBG_FLAGS,                    NULL);<br clear="none">                    RAND_DRBG_set_callbacks // This will setup to return                    the provided entropy and nonce inputs<br clear="none">                    RAND_DRBG_instantiate // Pass personalization                    string.<br clear="none">                    RAND_DRBG_generate<br clear="none">                    <br clear="none">                    Can you kindly let me know the equivalent steps with                    OpenSSL 3.0?<br clear="none">                    <br clear="none">                    <br clear="none">                    Thank you for your help in this.<br clear="none">                    <br clear="none">                    Thanks<br clear="none">                    Bala<br clear="none">                    <br clear="none">                  </div>                  <div class="yiv8409399438yahoo_quoted" style="margin:10px 0px 0px 0.8ex;border-left:1px solid #ccc;padding-left:1ex;">                    <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">                      <div> On Wednesday, 24 March, 2021, 11:56:18 am                        IST, Dr Paul Dale <a rel="nofollow noopener noreferrer" shape="rect" class="yiv8409399438moz-txt-link-rfc2396E" ymailto="mailto:pauli@openssl.org" target="_blank" href="mailto:pauli@openssl.org"><pauli@openssl.org></a>                        wrote: </div>                      <div><br clear="none">                      </div>                      <div><br clear="none">                      </div>                      <div>                        <div id="yiv8409399438">                          <div> RAND_add() forces a reseed to the DRBGs                            and uses the passed material (not as entropy                            but as additional input).<br clear="none">                            <br clear="none">                            EVP_RAND_reseed() is a more direct interface                            but remember that the built in DRBGs are                            free to ignore what the user claims is <i>entropy</i>.                             History has shown us time and again that <i>entropy</i>                            is often anything but.<br clear="none">                            <br clear="none">                            The <b>best</b> way to do this, is to                            create a provider which acts as a seed                            source and to then use this as the parent of                            the primary DRBG.  See, for example, <font face="monospace">test/testutil/fakerandom.c</font>                            for how to do this.  The key is to set up                            the seed source before the <font face="monospace">RNG</font> subsystem is                            first used.<br clear="none">                            <br clear="none">                            If you simply want to replace the built-in                            DRBGs with a real random source, create a                            provider and set the appropriate                            environment/config variables.<br clear="none">                            <br clear="none">                            <br clear="none">                            Pauli<br clear="none">                            <br clear="none">                            <br clear="none">                            <div class="yiv8409399438yqt3838012062" id="yiv8409399438yqt31614">                              <div class="yiv8409399438moz-cite-prefix">On                                24/3/21 4:14 pm, Bala Duvvuri via                                openssl-users wrote:<br clear="none">                              </div>                              <blockquote type="cite">                                <pre class="yiv8409399438moz-quote-pre">Hi All,In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for entropy and nonce generation.How can this be achieved with EVP_RAND implementation i.e. does it allow entropy to be provided? ThanksBala</pre>                              </blockquote>                            </div>                            <br clear="none">                          </div>                        </div>                      </div>                    </div>                  </div>                  <br clear="none">                </div>              </div>            </div>          </div>        </div>      </div>    </blockquote>    <br clear="none">  </div></div></div></div>            </div>                </div>