Re: rand interface while upgrading openssl

[Chitrang Srivastava]

Thanks Michael,

I am using *ssleay_rand_add* function which was present in earlier version
of openssl
https://code.woboq.org/crypto/openssl/crypto/rand/md_rand.c.html#ssleay_rand_add

I don't find this file or function in latest version of openssl.
As I understood recommended way is to use engine method but on embedded
system we compile everything in a single elf binary.
No concept of dynamic shared object or engine , so i defined
OPENSSL_NO_ENGINE to compile engine thing out.

Is there any default random number like md_rand.c in this version of
openssl.
For entropy we will be providing SHA1/SHA2 of a mix of CPU clock and
various other thing(serial #, mac, ) to seed.

-Thanks,

On Wed, Apr 17, 2019 at 1:23 AM Michael Wojcik <
michael.woj...@microfocus.com> wrote:

> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Chitrang Srivastava
> > Sent: Tuesday, April 16, 2019 08:24
>
> > I need suggestion regarding random number interface , earlier we were
> using  RAND_METHOD.
>
> That's a mechanism for telling OpenSSL what mechanism to use for its
> cryptographically-strong pseudorandom number generator (CPRNG).
>
> > Can I still use the same mechanism? Because I see new code rand folder
> contains OS specific
> > implementation of
> >
> > rand_pool_acquire_entropy
> > rand_pool_add_nonce_data
> > rand_pool_add_additional_data
>
> That's part of OpenSSL's mechanism for getting entropy for the CPRNG. The
> CPRNG needs this, but they are not the same thing.
>
> > As I understand , above function also needs to be ported?
>
> I believe you'll need some implementation of them, but I haven't poked
> around this corner of the OpenSSL 1.1 sources.
>
> > Any document to start with porting random number to any platform.
>
> The CPRNG seeding mechanism is cryptographically sensitive, and should not
> be implemented by a non-expert. What does your existing implementation do
> to provide entropy for the OpenSSL CPRNG? If the answer is "nothing" (or
> something that's not adequately opaque to an attacker), then your product
> has seriously flawed security. An attacker who can guess the entropy for
> the CPRNG pool can break your encryption.
>
> It will also be platform-specific (though some mechanisms will exist on
> multiple platforms), so there can't be much guidance on doing it for "any
> platform".
>
> The literature on seeding CPRNGs is fairly extensive. It's often a
> challenge for embedded applications, particularly SOC-based ones which may
> not have much in the way of internal noise sources such as clock skew. Some
> CPUs have entropy sources, such as Intel's RDRAND; if you trust them (and
> in an embedded application you may not have much choice) you can use that.
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>

RE: rand interface while upgrading openssl

[Michael Wojcik]

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
> Chitrang Srivastava
> Sent: Tuesday, April 16, 2019 08:24

> I need suggestion regarding random number interface , earlier we were using  
> RAND_METHOD.

That's a mechanism for telling OpenSSL what mechanism to use for its 
cryptographically-strong pseudorandom number generator (CPRNG).

> Can I still use the same mechanism? Because I see new code rand folder 
> contains OS specific
> implementation of
>
> rand_pool_acquire_entropy
> rand_pool_add_nonce_data
> rand_pool_add_additional_data

That's part of OpenSSL's mechanism for getting entropy for the CPRNG. The CPRNG 
needs this, but they are not the same thing.

> As I understand , above function also needs to be ported?

I believe you'll need some implementation of them, but I haven't poked around 
this corner of the OpenSSL 1.1 sources.

> Any document to start with porting random number to any platform.

The CPRNG seeding mechanism is cryptographically sensitive, and should not be 
implemented by a non-expert. What does your existing implementation do to 
provide entropy for the OpenSSL CPRNG? If the answer is "nothing" (or something 
that's not adequately opaque to an attacker), then your product has seriously 
flawed security. An attacker who can guess the entropy for the CPRNG pool can 
break your encryption.

It will also be platform-specific (though some mechanisms will exist on 
multiple platforms), so there can't be much guidance on doing it for "any 
platform".

The literature on seeding CPRNGs is fairly extensive. It's often a challenge 
for embedded applications, particularly SOC-based ones which may not have much 
in the way of internal noise sources such as clock skew. Some CPUs have entropy 
sources, such as Intel's RDRAND; if you trust them (and in an embedded 
application you may not have much choice) you can use that.

--
Michael Wojcik
Distinguished Engineer, Micro Focus