Random number generation in Openssl provider #24158
Unanswered
sujaygkulkarni-nxp
asked this question in
Q&A
Replies: 1 comment 2 replies
-
Unfortunately you cannot depend on other providers in OSSL_provider_init() function. @paulidale might be able to give you some hints on how this can be workarounded. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to implement a openssl provider (say x-prov) with random number generation from HSM. The x-prov provider during the initialization (in OSSL_provider_init function) has to use the RAND_bytes api of openssl.
I execute the openssl command as openssl rand --provider x-prov.so --provider default -hex 32
I am getting the following error
rand: unable to load provider x-prov.so Hint: use -provider-path option or OPENSSL_MODULES environment variable. 4007CE76A07F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (CTR-DRBG : 0), Properties () 4007CE76A07F0000:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:crypto/rand/rand_lib.c:571:
Loading the default provider at the start as - "openssl rand --provider default --provider x-prov.so -hex 32" will solve the RAND_bytes api issue, But even the "openssl rand" command will get the random numbers from default provider. (wont use the x-prov.so for this).
Beta Was this translation helpful? Give feedback.
All reactions