canmove, Confirmed users
937
edits
FIPS Module Specification: Difference between revisions
→Approved Mode of Operation
| Line 84: | Line 84: | ||
===Approved Mode of Operation=== | ===Approved Mode of Operation=== | ||
In order to run the NSS module in the FIPS approved mode, an attribute must be explicitly set on the module. This can be done programmatically with a call to | In order to run the NSS module in the FIPS approved mode, an attribute must be explicitly set on the module. This can be done programmatically with a call to SECMOD_DeleteInternalModule() (with the module to delete being the internal module): | ||
<pre> | <pre> | ||
SECMODModule *internal; | SECMODModule *internal; | ||
| Line 103: | Line 103: | ||
The setting is permanent for the NSS module and all subsequent invocations of NSS functions using that cert directory will be in FIPS mode. The module can be taken out of FIPS mode by substituting ''false'' for ''true'' in the command above. The state of the module can be checked with: | The setting is permanent for the NSS module and all subsequent invocations of NSS functions using that cert directory will be in FIPS mode. The module can be taken out of FIPS mode by substituting ''false'' for ''true'' in the command above. The state of the module can be checked with: | ||
modutil -chkfips true -dbdir certdir | modutil -chkfips true -dbdir certdir | ||
or with a call to | or with a call to PK11_IsFIPS(). | ||
===Design Specification=== | ===Design Specification=== | ||