Closed Bug 298511 Opened 20 years ago Closed 19 years ago

Increase FIPS 186-2 RNG internal state size

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.10
Platform:
Sun
Solaris
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: glenbeasley, Assigned: wtc)

References

Details

We only implement FIPS 186-2 RNG whose internal state is 160 bits, this can be
shorter than the symmectric key size we need to generate for AES 256. see: VE
07.13.01  

We may want to implement ANSI RNG which can have longer seed and seed keys.
Status: NEW → ASSIGNED
Priority: -- → P1
Summary: Implement ANSI RNG for FIPS 140-2 → Implement ANSI RNG for FIPS 140-2
Target Milestone: --- → 3.11
Blocks: 304360
It turns out that FIPS 186-2 RNG can have an internal
state (the seed-key, XKEY) size of 160 to 512 bits.
So we can continue to use the FIPS 186-2 RNG and just
need to increase its internal state size (the b parameter).
I've changed the summary of this bug accordingly.

I propose that we increase b to 256 bits first.  If that
is not big enough, we can increase it to the maximum 512
bits.

My patch in bug 294106 will fix this bug.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Summary: Implement ANSI RNG for FIPS 140-2 → Increase FIPS 186-2 RNG internal state size
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Since the patch for this bug is attached to 294106, I'm marking this bug
as depending on that one.
Depends on: 294106
This bug has been fixed by the patch for bug 294106.
Status: REOPENED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → FIXED
I forgot to note that the RNG's internal state is
now 256 bits.  If necessary we can further increase
it to 512 bits.
You need to log in before you can comment on or make changes to this bug.