Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

Dr Paul Dale <pauli@xxxxxxxxxxx> · Wed, 14 Apr 2021 21:31:54 +1000



    For setting up a parent for a DRBG, look at
    /providers/implementations/rands/test_rng.c which produces seed
    material (test_rng_generate) and nonces (test_rng_nonce).  The built
    in DRBG's don't need the nonce, they will act as per SP800-90Ar1
    section 9.1 with a nonce available from their parent. 
    /providers/implementations/rands/seed_src.c is the OpenSSL seed
    source and it doesn't supply nonces.

    
    For the CAVS tests, look at test/acvp_test.c or test/evp_test.c
    which both include code to run NISTs tests.

    
    Pauli

    
    On 14/4/21 8:47 pm, Bala Duvvuri wrote:

    
       1> >>The best way to do this, is to create a
        provider which acts as a seed source and to then use this as the
        parent of the primary DRBG. See, for example,
        test/testutil/fakerandom.c for how to do this. The key is to set
        up the seed source before the RNG subsystem is first used.

        
        In our case we provide the entropy and nonce from hardware
        sources (as its on embedded platform) as requested by DRBG in
        older version.

        Now, if we setup a custom provider and use it as parent of the
        primary DRBG, its not clear how the entropy and nonce from this
        provider will be accessed, which API is invoked for the
        entropy/nonce consumption (any specific callbacks set)? Can you
        please explain the steps or example of the usage?

        
        2> Also, we need set DRBG for CAVS test (Input: EntropyInput,
        Nonce, PersonalizationString, AdditionalInput, EntropyInputPR,
        AdditionalInput, EntropyInputPR), with OpenSSL 1.1.1, the below
        steps were done:

        
        RAND_DRBG_new(NID_aes_256_ctr, RAND_DRBG_FLAGS, NULL);

        RAND_DRBG_set_callbacks // This will setup to return the
        provided entropy and nonce inputs

        RAND_DRBG_instantiate // Pass personalization string.

        RAND_DRBG_generate

        
        Can you kindly let me know the equivalent steps with OpenSSL
        3.0?

        
        Thank you for your help in this.

        
        Thanks

        Bala

        
           On Wednesday, 24 March, 2021, 11:56:18 am IST, Dr Paul
            Dale <pauli@xxxxxxxxxxx> wrote: 
          

               RAND_add() forces a reseed to the DRBGs and uses the
                passed material (not as entropy but as additional
                input).

                
                EVP_RAND_reseed() is a more direct interface but
                remember that the built in DRBGs are free to ignore what
                the user claims is entropy.  History has shown
                us time and again that entropy is often anything
                but.

                
                The best way to do this, is to create a provider
                which acts as a seed source and to then use this as the
                parent of the primary DRBG.  See, for example, test/testutil/fakerandom.c for
                how to do this.  The key is to set up the seed source
                before the RNG subsystem
                is first used.

                
                If you simply want to replace the built-in DRBGs with a
                real random source, create a provider and set the
                appropriate environment/config variables.

                
                Pauli

                
                  On 24/3/21
                    4:14 pm, Bala Duvvuri via openssl-users wrote:

                  
                    Hi All,In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for entropy and nonce generation.How can this be achieved with EVP_RAND implementation i.e. does it allow entropy to be provided? ThanksBala