Re: OpenSSL 3.0.0 custom entropy source

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Try working from providers/implementations/rands/seed_src.c  You'll need to reimplement seed_src_generate() to use your RNG.

To use your custom seed source, you can either use the OpenSSL configuration file to set a "random" section that includes a "seed" setting or you can call RAND_set_seed_source_type() early in your startup sequence.


Pauli

On 14/9/21 8:19 am, Kory Hamzeh wrote:
Hi,

We are upgrading from OpenSSL 1.0.1g+OpenSSL-FIPS-2.0.5 to 3.0.0. Yes, I know, big jump. We have our own entropy source we use to seed the OpenSSL DRBG. This is a basic code snippet of how we set it up:

         DRBG_CTX *dctx = FIPS_get_default_drbg();
         FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
         FIPS_drbg_set_callbacks(dctx,
                                                    rand_get_entropy,
                                                   rand_free_entropy,
                                                   0,
                                                   rand_get_entropy,
                                                   rand_free_entropy);


Error checking has been removed in the example for the sake of brevity.

I am trying to figure out  how to implement this with OpenSSL 3. From what I have read in the docs, I need to create a rand provider. But I still feel like I don’t understand how it all fit together. I did look at fuzz_rand.c and fake_rand.c, and if I understood everything correctly, neither of them use an external entropy/seed source.

Are there better examples of what I am looking for?

Thanks,
Kory





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux