Bugzilla Bug 347024: Moved the software integrity test from

nsc_CommonInitialize to the new function sftk_fipsSoftwareIntegrityTest
and have sftk_fipsPowerUpSelfTest call sftk_fipsSoftwareIntegrityTest.
Updated the audit logging code.  Removed an extraneous comma between two
string literals in fipstokn.c. r=relyea,nelsonb.
Modified files: fipstest.c fipstokn.c pkcs11.c

security/nss/lib/softoken/fipstest.c

@@ -36,7 +36,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: fipstest.c,v 1.17 2006/07/28 20:45:01 wtchang%redhat.com Exp $ */
+/* $Id: fipstest.c,v 1.18 2006/08/03 21:50:51 wtchang%redhat.com Exp $ */
 
 #include "softoken.h"   /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB,  */
                         /*              DES-CBC, DES3-ECB, DES3-CBC, RSA */
@@ -1831,6 +1831,19 @@ sftk_fips_RNG_PowerUpSelfTest( void )
    return( CKR_OK ); 
 }
 
+static CK_RV
+sftk_fipsSoftwareIntegrityTest(void)
+{
+    CK_RV crv = CKR_OK;
+
+    /* make sure that our check file signatures are OK */
+    if( !BLAPI_VerifySelf( NULL ) || 
+	!BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) {
+	crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
+    }
+    return crv;
+}
+
 CK_RV
 sftk_fipsPowerUpSelfTest( void )
 {
@@ -1928,6 +1941,12 @@ sftk_fipsPowerUpSelfTest( void )
         return rv;
 #endif
 
+    /* Software/Firmware Integrity Test. */
+    rv = sftk_fipsSoftwareIntegrityTest();
+
+    if( rv != CKR_OK )
+        return rv;
+
     /* Passed Power-Up SelfTest(s). */
     return( CKR_OK );
 }

security/nss/lib/softoken/fipstokn.c

@@ -438,7 +438,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
 	    char msg[128];
 	    PR_snprintf(msg,sizeof msg,
 			"C_Initialize()=0x%08lX "
-			"self-test: cryptographic algorithm test failed",
+			"power-up self-tests failed",
 			(PRUint32)crv);
 	    sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
 	}
@@ -637,8 +637,8 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
 	if (sftk_fatalError) {
 	    severity = NSS_AUDIT_ERROR;
 	    PR_snprintf(msg,sizeof msg,
-			"C_Login(hSession=%lu, userType=%lu)=0x%08lX ",
-			"self-test: cryptographic algorithm test failed",
+			"C_Login(hSession=%lu, userType=%lu)=0x%08lX "
+			"power-up self-tests failed",
 			(PRUint32)hSession,(PRUint32)userType,(PRUint32)rv);
 	} else {
 	    severity = (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) ?

security/nss/lib/softoken/pkcs11.c

@@ -2986,21 +2986,6 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
 
 
     if (isFIPS) {
-	/* make sure that our check file signatures are OK */
-	if (!BLAPI_VerifySelf(NULL) || 
-	    !BLAPI_SHVerify(SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_closePeer)) {
-	    crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
-	    if (sftk_audit_enabled) {
-		char msg[128];
-		PR_snprintf(msg,sizeof msg,
-		    "C_Initialize()=0x%08lX "
-		    "self-test: software/firmware integrity test failed",
-		    (PRUint32)crv);
-		sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
-	    }
-	    return crv;
-	}
-
 	loginWaitTime = PR_SecondsToInterval(1);
     }