Designers/developers
should add or modify existing control flow
logic along any data flow paths that
connect "sources" (signals with
intermediate cryptographic state/results)
with "sinks" (hardware module outputs and
other signals outside of trusted
cryptographic zone). The control flow
logic should only allow cryptographic
results to be driven to "sinks" when
appropriate conditions are satisfied
(typically when the final result for a
cryptographic operation has been
generated). When the appropriate
conditions are not satisfied (i.e., before
or during a cryptographic operation), the
control flow logic should drive a safe
default value to
"sinks".
Designers/developers
should add or modify existing control flow
logic along any data flow paths that
connect "sources" (signals with
intermediate cryptographic state/results)
with "sinks" (hardware module outputs and
other signals outside of trusted
cryptographic zone). The control flow
logic should only allow cryptographic
results to be driven to "sinks" when
appropriate conditions are satisfied
(typically when the final result for a
cryptographic operation has been
generated). When the appropriate
conditions are not satisfied (i.e., before
or during a cryptographic operation), the
control flow logic should drive a safe
default value to
"sinks".