libgcrypt FSM shutdown state -- what does this mean?

xxiao8 xxiao8 at fosiao.com
Thu Oct 15 05:09:44 CEST 2015


I don't have a self-written program instead I use cryptsetup that uses 
libgcrypt, will it suffice to say:

1. if cryptsetup runs successfully under fips mode that means libgcrypt 
passes its selftest internally? I don't see how to invoke a self-test 
under fips externally(I have a kernel running fips mode)

2. if for whatever reason, libgcrypt enters into 'fatal-error/shutdown' 
state, the cryptsetup will quit as it can not use the library any more, 
is this correct? will the libgcrypt "disable" itself so other programs 
that use it can no longer function? otherwise how can I detect libgcrypt 
went bad?

Thanks
xxiao

On 10/14/2015 04:19 AM, Werner Koch wrote:
> On Wed, 14 Oct 2015 05:45, xxiao8 at fosiao.com said:
>
>> if anything went wrong it enters to Shutdown state, what does this
>> mean to a library? I have cryptsetup that uses this library? how do I
>> know libgcrypt has shutdown? Is there a way to monitor libgcrypt that
>
> The whole state machinery is more for documentary purposes because we
> can't map the FIPS required states onto our processing model.  Thus you
> won't see all states and in particular not the shutdown state.  Instead
> we end up here
>
>    _gcry_fips_noreturn (void)
>    {
>    #ifdef HAVE_SYSLOG
>      syslog (LOG_USER|LOG_ERR, "Libgcrypt terminated the application");
>    #endif /*HAVE_SYSLOG*/
>      fflush (NULL);
>      abort ();
>      /*NOTREACHED*/
>    }
>
> for severe errors.
>
> What you can do is to check wether libgcrypt is in operational mode
> (selftests done and not in an error state or not runnign in FIPS mode):
>
>        if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
>          puts ("Libgcrypt is operational");
>
>
> Salam-Shalom,
>
>     Werner
>
>




More information about the Gcrypt-devel mailing list