FIPS-standardisarjan (Federal Information Processing Standards) numeron <A
HREF=http://csrc.nist.gov/fips/fips1401.htm#secAppB>104-1</A> aiheena on "Security
Requirements for Cryptographic Modules" Sen liitteenä B on hyödyllinen ohjelmoijan
muistilista:<P>

<H3>APPENDIX B: Recommended Software Development Practices</H3>

The following programming techniques should be used to facilitate analysis of the program, and to
reduce the chances of programming errors.  Deviations from these practices may be appropriate in
some instances.<P>

<UL>
<LI>Each variable should have an associated comment that gives the range of allowable values
for the variable.  If the range is unrestricted, this should be noted.<P>

<LI>Each procedure should have only one entry point.  Each procedure should have at most
two exit points, one for error exits and one for normal exits.<P>

<LI>Control flow within a procedure should be defined using only the following constructs:
sequence, if-then-else, while-do, case, repeat-until, for, and other structured loop
constructs.<P>

<LI>Data should be communicated between procedures through the use of argument lists
and/or explicit return values.  Global variables should not be used except where necessary for the
implementation of an abstract data type.<P>

<LI>Modules (which consist of data plus one or more associated procedures) should be
constructed according to the principle of encapsulation/information-hiding.<P>

<LI>Each loop should be preceded by a convincing argument (as a comment) that termination
is guaranteed.<P>

<LI>Each procedure should perform only a single, well-defined function.<P>

<LI>Each procedure should be preceded by a comment explaining the function performed by
the procedure.<P>

<LI>Floating point comparisons should not be used.<P>

<LI>Where possible, variable names should be used in only one context within the same
procedure.<P>

<LI>Equivalence of variables should not be used to permit multiple memory usage for
conflicting purposes.<P>

<LI>Upon entry to a procedure, input parameters should be checked for appropriate values
where possible.<P>

<LI>The software should be hierarchically structured as a series of layers.<P>
</UL>


<H5>Assembly language</H5>

The following additional programming practices should be used when the implementation is in
assembly language.  Deviations from these practices may be appropriate in some instances.<P>

<UL>
<LI>All code should be position independent, except where appropriate security concerns,
efficiency or hardware constraints require position dependency.<P>

<LI>All register references should use symbolic register names.<P>

<LI>Self-modifying code should not be used.<P>

<LI>All procedures should be responsible for saving and restoring the contents of any
register which is used within the procedure.<P>

<LI>Control transfer instructions should not use numeric literals.<P>

<LI>Each unit should contain comments describing register use in the unit.<P>

</UL>