On 30.07.19 11:59, Kurt Roeckx wrote:
On Tue, Jul 30, 2019 at 12:42:33PM +1000, Dr Paul Dale wrote:
Overly simplified, the problem boils down to the CTR DRBG needing an AES CTR
cipher context to work. When creating the former, a recursive call is made to
get the latter.
I'm not sure what you mean with "CTR" both times.
Are you saying that an AES requires a DRBG now?
No. Pauli simply meant that the CTR DRBG utilizes an EVP_CIPHER_CTX for its
internal implementation.
(The original FIPS 2.0 implementation was based on low level crypto calls, but
that was changed by you
to EVP in commit
https://github.com/openssl/openssl/commit/dbdcc04f27db70ac71748eb595ce23c9733afbe7
for performance reasons.)
Matthias
