FIPSFSM: Difference between revisions

The NSS cryptographic module has two modes of operation: FIPS Approved mode and non-FIPS Approved mode. The two modes of operation are independent of each other -- they have their own copies of data structures and they are even allowed to be active at the same time. '''The module is FIPS 140-2 compliant only when the non-FIPS Approved mode is inactive (in state 1.A).''' Put another way, to change from non-FIPS Approved mode to FIPS Approved mode an application must call <code>C_Finalize/FC_Initialize</code> in either order to effect the change. The FIPS Approved mode on the left hand side is of more interest to the FIPS 140-2 validation and it is therefore shown with more details. When a program calls the <code>FC_Initialize</code> function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See [http://wiki.mozilla.org/Section_9:_Self_Tests Self Tests] for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized for the FIPS Approved mode and the module enters the normal operational state. Please refer to the tables below when studying this state transition diagram.