FIPS: error notifications to the OS, and some questions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

FIPS: error notifications to the OS, and some questions


I am new to NSS.  The goal is to use NSS in FIPS mode and to provide the OS (Linux) some kind of notification when a FIPS error happens.  I presume that FIPS POST tests are run when NSS is put into FIPS mode using modutils.  I also assume that 'continuous, pair-wise tests as well as DRBG tests are done when running.  Are these assumptions true ?

Where would a good location be to add code in order to notify the OS of any FIPS error ?  That would at least be logging the error using the system's logger and woudl also include some basic notification  such as creating a file somewhere under inotify observation by a daemon  application.  Is any provision for notifyinh the OS already included ?

Where can I find the latest Security Policy and, is there a User  Guide for NSS in FIPS mode ?  I browsed the web pages although seemingly I could not find links to these documents.

Many thanks, regards.

dev-security mailing list
[hidden email]