On 15.03.2017 10:50, Jayalakshmi bhat wrote:
> Hi All,
>
> OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have 
> question associated with this. 
>
> 1. OpenSSL wiki says  : Default DRBG is 256-bit CTR AES *using a derivation 
> function*
> 2. Where as the document 
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf  
> mentions "no derivation function" in one place and in another sections 
> mentions both
> *Section 4 Modes of Operation and Cryptographic Functionality*
> Random Number  Generation;    [SP 800­90] DRBG5                         Hash 
> DRBG  
> Symmetric key  generation        Prediction resistance                       
> HMAC DRBG, no reseed 
>                                                supported for all variations   
>             CTR DRBG (AES), no derivation function 
> *Section 6 Self­test *
> DRBG  KAT  CTR_DRBG: AES, 256 bit with and without derivation function *
> *
>
> Please can any one let me know what is the default behavior? Is there any way 
> to toggle between using and not using derivation function.
>
> Regards
> Jayalakshmi
>

The default is set by the FIPS enabled OpenSSL crypto library (not by the 
OpenSSL  FIPS object module itself) in RAND_init_fips(), rand_lib.c:277:

openssl-1.0.2k/crypto/rand/rand_lib.c:277:    if (FIPS_drbg_init(dctx, 
fips_drbg_type, fips_drbg_flags) <= 0) {


The default value is DRBG_FLAG_CTR_USE_DF, wich  follows from

openssl-1.0.2k/crypto/rand/rand_lib.c:251:# ifndef OPENSSL_DRBG_DEFAULT_FLAGS
openssl-1.0.2k/crypto/rand/rand_lib.c:252:#  define OPENSSL_DRBG_DEFAULT_FLAGS  
    DRBG_FLAG_CTR_USE_DF
openssl-1.0.2k/crypto/rand/rand_lib.c:256:static int fips_drbg_flags = 
OPENSSL_DRBG_DEFAULT_FLAGS;
openssl-1.0.2k/crypto/rand/rand_lib.c:261:    fips_drbg_flags = flags;

and you can change it using void RAND_set_fips_drbg_type(int type, int flags).


Regards,
Matthias St. Pierre




-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to