On 15.03.2017 10:50, Jayalakshmi bhat wrote: > Hi All, > > OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have question associated with this. > > 1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES *using a derivation function* > 2. Where as the document http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf mentions "no derivation function" in one place and in another sections mentions both > *Section 4 Modes of Operation and Cryptographic Functionality* > Random Number Generation; [SP 80090] DRBG5 Hash DRBG > Symmetric key generation Prediction resistance HMAC DRBG, no reseed > supported for all variations CTR DRBG (AES), no derivation function > *Section 6 Selftest * > DRBG KAT CTR_DRBG: AES, 256 bit with and without derivation function * > * > > Please can any one let me know what is the default behavior? Is there any way to toggle between using and not using derivation function. > > Regards > Jayalakshmi > The default is set by the FIPS enabled OpenSSL crypto library (not by the OpenSSL FIPS object module itself) in RAND_init_fips(), rand_lib.c:277: openssl-1.0.2k/crypto/rand/rand_lib.c:277: if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { The default value is DRBG_FLAG_CTR_USE_DF, wich follows from openssl-1.0.2k/crypto/rand/rand_lib.c:251:# ifndef OPENSSL_DRBG_DEFAULT_FLAGS openssl-1.0.2k/crypto/rand/rand_lib.c:252:# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF openssl-1.0.2k/crypto/rand/rand_lib.c:256:static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; openssl-1.0.2k/crypto/rand/rand_lib.c:261: fips_drbg_flags = flags; and you can change it using void RAND_set_fips_drbg_type(int type, int flags). Regards, Matthias St. Pierre -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users