Switch the DRBGs from AES-128-CTR to AES-256-CTR
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5401
This commit is contained in:
Kurt Roeckx
parent
649cfb5cbb
commit
32bda2b2e4
1 changed files with 13 additions and 5 deletions
|
|
@ -15,14 +15,22 @@
|
|||
|
||||
/*
|
||||
* Default security strength (in the sense of [NIST SP 800-90Ar1])
|
||||
* of the default OpenSSL DRBG, and the corresponding NID.
|
||||
*
|
||||
* Currently supported values: 128, 192, 256
|
||||
* NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
|
||||
* of the cipher by collecting less entropy. The current DRBG implemantion does
|
||||
* not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
|
||||
* to that of the cipher.
|
||||
*
|
||||
* TODO(DRBG): would be nice to have the strength configurable
|
||||
* RAND_DRBG_STRENGTH is currently only used for the legacy RAND
|
||||
* implementation.
|
||||
*
|
||||
* Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
|
||||
* NID_aes_256_ctr
|
||||
*
|
||||
* TODO(DRBG): would be nice to have the NID and strength configurable
|
||||
*/
|
||||
# define RAND_DRBG_STRENGTH 128
|
||||
# define RAND_DRBG_NID NID_aes_128_ctr
|
||||
# define RAND_DRBG_STRENGTH 256
|
||||
# define RAND_DRBG_NID NID_aes_256_ctr
|
||||
|
||||
/*
|
||||
* Object lifetime functions.
|
||||
|
|
|
|||
Loading…
Reference in a new issue