[openssl-users] Fips CTR_DRBG

Dr. Stephen Henson steve at openssl.org
Fri Feb 27 12:54:46 UTC 2015


On Fri, Feb 27, 2015, Piotr ??obacz wrote:

> I can do mutch more i can give the source code:
> 
> 	  dctx = FIPS_drbg_new(NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
> 

Try including the flag DRBG_FLAG_TEST: the DRBG needs to be in test mode
otherwise the continuous PRNG test discards the first block generated.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


More information about the openssl-users mailing list