[openssl-users] Fips CTR_DRBG
Dr. Stephen Henson
steve at openssl.org
Thu Feb 26 13:28:47 UTC 2015
On Thu, Feb 26, 2015, Piotr ??obacz wrote:
> i have a question about FIPS CTR_DRBG. I have managed to compile openssl
> with fips and everything works fine. The method FIPS_mode returns me 1
> so i am in FIPS mode, but what is my problem i dunno how to use properly
> FIPS_drbg api.
If you simply want to use the DRBG in CTR mode then you don't need to do
anything special: in FIPS mode the DRBG in CTR mode with a 256 bit AES key is
the default and you can just use the normal RAND APIs.
Do not use the self test or algorithm test code in applications: you need to
set up proper entropy gathering callbacks and the test code contains
deterministic examples which would have zero security in a real application.
That's what the RAND API will do by default.
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users