canmove, Confirmed users
937
edits
VE 07KeyMgmt: Difference between revisions
→Random Number Generator
No edit summary |
|||
| Line 40: | Line 40: | ||
=Random Number Generator= | =Random Number Generator= | ||
There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm 1 of FIPS 186-2 Change Notice 1. | |||
The RNG is used for all purposes, including the generation of cryptographic keys used by an Approved security function. | |||
If the seed and seed key input to the RNG have the same value, the RNG returns a failure status code and doesn't produce any output. The check is done by the <code>memcmp</code> function call in the function <code>FIPS186Change_GenerateX</code>: | |||
if (memcmp(XKEY_old, XSEEDj, BSIZE) == 0) { | |||
/* Should we add the error code SEC_ERROR_BAD_RNG_SEED? */ | |||
PORT_SetError(SEC_ERROR_INVALID_ARGS); | |||
rv = SECFailure; | |||
goto done; | |||
} | |||
=Key Zeroization= | =Key Zeroization= | ||