FIPS Design Assurance: Difference between revisions

All software components of the NSS cryptographic module are contained within two libraries, libsoftokn3 and libfreebl3, as described in [http://wiki.mozilla.org/FIPS_Module_Specification#Module_Components Section 1]. The combined role that is supported is realized entirely within these two libraries. Each of these libraries is shipped with a checksum file containing a DSA signature of the library file. When the NSS cryptographic module is started up in FIPS mode, the module recomputes the SHA-1 hash of the library file and verifies the signature. Initialization fails if the signature is not valid.

An annotated source listing of the software components contained in the NSS cryptographic module is [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html here].