canmove, Confirmed users
937
edits
No edit summary |
|||
Line 46: | Line 46: | ||
=== JAR=== | === JAR=== | ||
Signed object interface. Not part of cryptographic boundary. | Signed object interface. Not part of cryptographic boundary. | ||
== Inhibition of Data Output == | |||
All data output via the data output interface is inhibited when the NSS module is in the fatal error state or performing self-tests. | |||
=== In Error State === | |||
When the NSS module is in the fatal error state, most PKCS #11 functions, including all the functions that output data via the data output interface, do nothing and return the CKR_DEVICE_ERROR error code immediately. Only the functions that shut down and restart the module, reinitialize the module, or output status information can be invoked in the fatal error state: FC_GetFunctionList, FC_Initialize, FC_Finalize, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, FC_GetTokenInfo, FC_InitToken, FC_CloseSession, FC_CloseAllSessions, and FC_WaitForSlotEvent. | |||
=== During Self-Tests === | |||
The NSS module performs power-up self-tests in FC_Initialize and FC_Login. | |||
FC_GetFunctionList is the only function that may be called before the NSS module is "powered up" (i.e., before FC_Initialize is called). | |||
The following functions are the only functions that may be called when the user is not logged in to the NSS module: FC_GetFunctionList, FC_Finalize, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, FC_GetTokenInfo, FC_GetMechanismList, FC_GetMechanismInfo, FC_InitToken, FC_InitPIN, FC_OpenSession, FC_CloseSession, FC_CloseAllSessions, FC_GetSessionInfo, FC_Login, FC_DigestInit, FC_Digest, FC_DigestUpdate, FC_DigestFinal, FC_SeedRandom, FC_GenerateRandom, FC_GetOperationState, FC_SetOperationState, and FC_WaitForSlotEvent. None of these functions output data via the data output interface. All other functions do nothing and return the CKR_USER_NOT_LOGGED_IN error code immediately. |