I'm using the OpenSSL EVP API in C to call the CTR_DRBG implementation and I'm having some trouble getting the output to be deterministic.
Configuration and all input arguments are fixed (entropy, nonce, personalization string, addtional inputs 1 and 2). I can’t seem to achieve passing all these parameters to OpenSSL.
First I use the EVP_RAND_fetch function with CTR-DRBG. However, I think this enforces the use of an external source of entropy.
Setting the entropy is done through the EVP_RAND_CTX_set_params and OSSL_RAND_PARAM_TEST_ENTROPY parameter, but this one is only documented in the TEST-RAND fetch string. And if I use TEST-RAND, I can’t find a way to tell OpenSSL to use CTR_DRBG.
Here’s one of the known-to-be-correct test vectors I’m trying to validate against:
Configuration: AES-128, no reseed, no prediction resistance, use derivation function
EntropyInput: 890eb067acf7382eff80b0c73bc872c6
Nonce: aad471ef3ef1d203
Personalization string, additionalInput_1, additionalInput_2: (empty)
Output size: 512 bits
Expected output: a5514ed7095f64f3d0d3a5760394ab42062f373a25072a6ea6bcfd8489e94af6cf18659fea22ed1ca0a9e33f718b115ee536b12809c31b72b08ddd8be1910fa3