OpenSSL DRBG in FIPS mode confusion.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OpenSSL DRBG in FIPS mode confusion.

Jayalakshmi bhat
Hi All,

OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have question associated with this. 

1. OpenSSL wiki says  : Default DRBG is 256-bit CTR AES using a derivation function
2. Where as the document http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf  mentions "no derivation function" in one place and in another sections mentions both
Section 4 Modes of Operation and Cryptographic Functionality
Random Number  Generation;    [SP 800­90] DRBG5                         Hash DRBG  
Symmetric key  generation        Prediction resistance                       HMAC DRBG, no reseed 
                                               supported for all variations               CTR DRBG (AES), no derivation function 
Section 6 Self­test 
DRBG  KAT  CTR_DRBG: AES, 256 bit with and without derivation function 

Please can any one let me know what is the default behavior? Is there any way to toggle between using and not using derivation function.

Regards
Jayalakshmi

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL DRBG in FIPS mode confusion.

Dr. Matthias St. Pierre


On 15.03.2017 10:50, Jayalakshmi bhat wrote:

> Hi All,
>
> OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have question associated with this.
>
> 1. OpenSSL wiki says  : Default DRBG is 256-bit CTR AES *using a derivation function*
> 2. Where as the document http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf  mentions "no derivation function" in one place and in another sections mentions both
> *Section 4 Modes of Operation and Cryptographic Functionality*
> Random Number  Generation;    [SP 800­90] DRBG5                         Hash DRBG  
> Symmetric key  generation        Prediction resistance                       HMAC DRBG, no reseed
>                                                supported for all variations               CTR DRBG (AES), no derivation function
> *Section 6 Self­test *
> DRBG  KAT  CTR_DRBG: AES, 256 bit with and without derivation function *
> *
>
> Please can any one let me know what is the default behavior? Is there any way to toggle between using and not using derivation function.
>
> Regards
> Jayalakshmi
>

The default is set by the FIPS enabled OpenSSL crypto library (not by the OpenSSL  FIPS object module itself) in RAND_init_fips(), rand_lib.c:277:

openssl-1.0.2k/crypto/rand/rand_lib.c:277:    if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) {


The default value is DRBG_FLAG_CTR_USE_DF, wich  follows from

openssl-1.0.2k/crypto/rand/rand_lib.c:251:# ifndef OPENSSL_DRBG_DEFAULT_FLAGS
openssl-1.0.2k/crypto/rand/rand_lib.c:252:#  define OPENSSL_DRBG_DEFAULT_FLAGS      DRBG_FLAG_CTR_USE_DF
openssl-1.0.2k/crypto/rand/rand_lib.c:256:static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
openssl-1.0.2k/crypto/rand/rand_lib.c:261:    fips_drbg_flags = flags;

and you can change it using void RAND_set_fips_drbg_type(int type, int flags).


Regards,
Matthias St. Pierre




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...