VE 07KeyMgmt: Difference between revisions

VE 07KeyMgmt (view source)

Revision as of 16:33, 6 May 2009

579 bytes removed , 6 May 2009

→‎Random Number Generator

Glenb

22

edits

@@ Line 140: / Line 140: @@
 =Random Number Generator=
-There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm 1 of FIPS 186-2 Change Notice 1. (The RNG validation certificate is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].) The Approved RNG is used within the NSS cryptographic module for all cryptographic purposes, including the generation of cryptographic keys used by an Approved security function.
+There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf SP 800-90]. (The RNG validation certificate is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208 NEEDSUPDATEFOR_3_12_X].) The Approved RNG is used within the NSS cryptographic module for all cryptographic purposes, including the generation of cryptographic keys used by an Approved security function.
-If the seed and seed key input to the Approved RNG have the same value, the Approved RNG returns a failure status code and doesn't produce any output. The check is done by the <code>memcmp</code> function call in the function <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#FIPS186Change_GenerateX FIPS186Change_GenerateX]</code>:
-            if (memcmp(XKEY_old, XSEEDj, BSIZE) == 0) {
-                /* Should we add the error code SEC_ERROR_BAD_RNG_SEED? */
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                rv = SECFailure;
-                goto done;
-            }
 =Key Zeroization=