NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

NSSCryptoModuleSpec/Section 9: Self Tests (view source)

Revision as of 23:40, 4 August 2006

456 bytes removed , 4 August 2006

no edit summary

Wtchang

canmove, Confirmed users

937

edits

@@ Line 40: / Line 40: @@
 ||
 [http://wiki.mozilla.org/VE_09#VE.09.05.01 VE.09.05.01 ]          [http://wiki.mozilla.org/VE_09#VE.09.06.01 VE.09.06.01 ]
 ||
-'''Power-up self-test''':
+All the PKCS #11 functions that perform cryptographic operations or output data check the Boolean state variable <code>sftk_fatalError</code> on entry. In the Error state (<code>sftk_fatalError</code> is true), no action besides returning the error code <code>CKR_DEVICE_ERROR</code> is taken by those functions, which prevents cryptograhic operations and data output. (See also [http://wiki.mozilla.org/ModuleInterfaces#In_Error_State In Error State].)
-[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html#FC_Initialize PKCS #11 Initialization]:
-During the PKCS #11 initialization of the FIPS 140-2 module, any error return
-from the battery of self-tests will put the module in the Error state.
-The Error state will inhibit further cryptographic operations (see [http://wiki.mozilla.org/ModuleInterfaces#In_Error_State In Error State]).
-Output from the cryptographic module is via two paths: 1) the return code of the cryptographic function and, 2) buffers and objects which are operated on by the function, the locations of which are passed as function arguments. In the Error state the return code is always <code>CKR_DEVICE_ERROR</code>. No action besides setting the return code is taken by the requested function, which prevents data output of the second type.
 || Draft
 |-