openssl rand doesn't use provider or propquery and does not allow to fetch a specific rand type by name

[simo5]

rand_main parses provider options via opt_provider(), however it never fetches a random provider, it just unconditionally uses the default.

[t8m]

I assume this is because the EVP_RAND is initialized before the potential rand provider is loaded.

[t8m]

@simo5 What does the random provider actually provide? Which algorithm? How do you call the rand command?

[simo5]

I called the algorithm PKCS11-RAND because for pkcs11 you have no idea what algorithm there is, it's like the rdrand engine.

But that is not the point, the openssl command simply ignore all provider related options.

I think we should look closely at the whole abstraction built around the rand provider in any case.

Other things I found: the provider loader API considers locking functions optional, yet if you do not provide them you do not go far, as early on the code requires them for seeding the "primary" drbg, which is not a thing in a hardware RNG (which, btw does not allow (re)seeding with the token I have).

I think you should try to convert the rdrand engine in a provider and then you'll figure out all the things that are not really right ...

OTOH, you may consider that I should only use HW sources for seeding and not for final numbers, but that doesn't work if your provider is a FIPS provider and you want random numbers to come out only from a certified source and not from some additional PRNG that is not certified.

Anyway I tried to call openssl rand -provider pkcs11 -propquery provider=pkcs11 1
And saw that the provider's rng code was untouched.

To force the use of the provider code for testing I now change the openssl.conf file to add a random section wth random = PKCS11-RAND and that does request bytes from the provider.

[paulidale]

The code is still going to fetch CTR-DRBG regardless of the provider command line options (which are working BTW). Using config and setting random = PKCS11-RAND changes what is being fetched and thus works.

To address the real problem, what the rand command needs is another option to specify the RNG to be used along with any parameters it might need (a -randopt like -pkeyopt for genpkey). Given these it should then call RAND_set_seed_source_type() and/or RAND_set_DRBG_type() to specify the RNG to use. Alternatively, it could call RAND_set0_public() to override the public DRBG with the specified source.

[paulidale]

I edited the title to be more accurate.

[simo5]

I will test if the other options work, at a first read of the code I did not see them used at all.

[simo5]

Changing the name to CTR-DRBG did indeed pull the random generator from the provider, the problem is that it does it unconditionally.
Setting -propquery provider!=pkcs11 or -provider default -propquery provider=default makes no difference.
So I think I maintain my initial report that these options are ignored in openssl rand

[t8m]

Yeah, I assume the propquery is not applied to the CTR-DRBG fetch.

[paulidale]

Thanks for the extra investigation.

[paulidale]

The -file command line option isn't ideal either.