canmove, Confirmed users
937
edits
FIPS Design Assurance: Difference between revisions
no edit summary
No edit summary |
|||
| Line 32: | Line 32: | ||
# Use the chmod utility to set the file mode bits of the shared libraries/DLLs to 0755 so that all users can execute the library files, but only the files' owner can modify. | # Use the chmod utility to set the file mode bits of the shared libraries/DLLs to 0755 so that all users can execute the library files, but only the files' owner can modify. | ||
# Use the chmod utility to set the file mode bits of the associated .chk files to 0644. For example, on most Unix and Linux platforms. | # Use the chmod utility to set the file mode bits of the associated .chk files to 0644. For example, on most Unix and Linux platforms. | ||
# By default the NSS cryptographic module operates in the non-FIPS Approved mode, meaning that if an application calls the standard PKCS #11 function C_GetFunctionList and calls the function pointers in that list, it gets the non-FIPS Approved mode. To run the NSS cryptographic module in the FIPS Approved mode, an application must call the alternative function FC_GetFunctionList and call the function pointers in that list. See [http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy] | # By default the NSS cryptographic module operates in the non-FIPS Approved mode, meaning that if an application calls the standard PKCS #11 function C_GetFunctionList and calls the function pointers in that list, it gets the non-FIPS Approved mode. To run the NSS cryptographic module in the FIPS Approved mode, an application must call the alternative function FC_GetFunctionList and call the function pointers in that list. See the Sample Cryptographic Module Initialization Code section of the [http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy] for an example of a programmatic method of placing the NSS cryptographic module into FIPS mode. | ||
===Components=== | ===Components=== | ||