From: Kurt Roeckx Date: Sun, 18 Feb 2018 18:16:13 +0000 (+0100) Subject: Switch the DRBGs from AES-128-CTR to AES-256-CTR X-Git-Tag: OpenSSL_1_1_1-pre2~40 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=32bda2b2e4900308cb025020d8c8692e1d3c2ba9;p=oweals%2Fopenssl.git Switch the DRBGs from AES-128-CTR to AES-256-CTR Reviewed-by: Dr. Matthias St. Pierre GH: #5401 --- diff --git a/include/internal/rand.h b/include/internal/rand.h index d56742e533..471b6b55d2 100644 --- a/include/internal/rand.h +++ b/include/internal/rand.h @@ -15,14 +15,22 @@ /* * Default security strength (in the sense of [NIST SP 800-90Ar1]) - * of the default OpenSSL DRBG, and the corresponding NID. * - * Currently supported values: 128, 192, 256 + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implemantion does + * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG + * to that of the cipher. * - * TODO(DRBG): would be nice to have the strength configurable + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + * + * TODO(DRBG): would be nice to have the NID and strength configurable */ -# define RAND_DRBG_STRENGTH 128 -# define RAND_DRBG_NID NID_aes_128_ctr +# define RAND_DRBG_STRENGTH 256 +# define RAND_DRBG_NID NID_aes_256_ctr /* * Object lifetime functions.