Is the default strength of DRBG in 3.0 FIPS provider - 1024 or 256 bits? #21758
-
Assuming we build the OpenSSL3 FIPS provider with the default seeding option (i.e. OS seeding), what is the value of DRBG strength? The code appears to pick 1024 bits (from 81aef6b of @paulidale providers/implementations/rands/seed_src.c
But the documentation appears to state 256 bits. https://www.openssl.org/docs/man3.0/man1/openssl-rand.html
https://www.openssl.org/docs/man3.0/man3/RAND_bytes.html
Can anyone confirm the documentation (or) point me to the correct code logic? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 8 replies
-
The code above provides strength of the seed source, not the DRBG itself. The number 1024 is arbitrary to not limit the strength of the whole chain. The default DRBG type fetched is the AES-256-CTR DRBG which should provide strength of 256 bits. The resulting strength of the whole chain should be the minimum of all the strengths of RBGs in the chain which is 256 bits. |
Beta Was this translation helpful? Give feedback.
-
BTW the seed source is outside the FIPS module boundary. The FIPS provider depends on external seeding for its DRBG. |
Beta Was this translation helpful? Give feedback.
The code above provides strength of the seed source, not the DRBG itself. The number 1024 is arbitrary to not limit the strength of the whole chain. The default DRBG type fetched is the AES-256-CTR DRBG which should provide strength of 256 bits. The resulting strength of the whole chain should be the minimum of all the strengths of RBGs in the chain which is 256 bits.