Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752989946, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"8908949f6022b29329788b84e1ab2cd9", "commit": {"type":"commit", "time": 1519242034, "time_ofs": 60, "oid_tree": { "oid": "4c7e82f15c70fe821006fa38d2be12f0aa05204a", "alias": []}, "oid":{ "oid": "32bda2b2e4900308cb025020d8c8692e1d3c2ba9", "alias": []}, "msg": "Switch the DRBGs from AES-128-CTR to AES-256-CTR", "sig_commit": { "git_time": { "time": 1519242034, "offset": 60 }, "name": "Kurt Roeckx", "email": "kurt@roeckx.be", "md5": "07d47d7a232d566ec15a49b65d5dd9c1" }, "sig_author": { "git_time": { "time": 1518977773, "offset": 60 }, "name": "Kurt Roeckx", "email": "kurt@roeckx.be", "md5": "07d47d7a232d566ec15a49b65d5dd9c1" }}, "body": "Switch the DRBGs from AES-128-CTR to AES-256-CTR\n\nReviewed-by: Dr. Matthias St. Pierre \u003cMatthias.St.Pierre@ncp-e.com\u003e\nGH: #5401\n" , "diff": "diff --git a/include/internal/rand.h b/include/internal/rand.h\nindex d56742e..471b6b5 100644\n--- a/include/internal/rand.h\n+++ b/include/internal/rand.h\n@@ -15,14 +15,22 @@\n \n /*\n * Default security strength (in the sense of [NIST SP 800-90Ar1])\n- * of the default OpenSSL DRBG, and the corresponding NID.\n *\n- * Currently supported values: 128, 192, 256\n+ * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that\n+ * of the cipher by collecting less entropy. The current DRBG implemantion does\n+ * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG\n+ * to that of the cipher.\n *\n- * TODO(DRBG): would be nice to have the strength configurable\n+ * RAND_DRBG_STRENGTH is currently only used for the legacy RAND\n+ * implementation.\n+ *\n+ * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and\n+ * NID_aes_256_ctr\n+ *\n+ * TODO(DRBG): would be nice to have the NID and strength configurable\n */\n-# define RAND_DRBG_STRENGTH 128\n-# define RAND_DRBG_NID NID_aes_128_ctr\n+# define RAND_DRBG_STRENGTH 256\n+# define RAND_DRBG_NID NID_aes_256_ctr\n \n /*\n * Object lifetime functions.\n","s":{"c":1752989946,"u": 61283}} ],"g": 62870,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}