Allow getting out of the FIPS error state by running a self-test.

author: Werner Koch <wk@gnupg.org> 2008-08-27 10:10:47 +0000
committer: Werner Koch <wk@gnupg.org> 2008-08-27 10:10:47 +0000
commit: b7725f9968d8fb623c7c4d37c55714942643bfcb (patch)
tree: b1f3435ceae1fc28e4f984fbe8555558f6d0a61a /src/fips.c
parent: d1e87a8bf19a041e3fe6144213b081f6374ba06b (diff)
download: libgcrypt-b7725f9968d8fb623c7c4d37c55714942643bfcb.tar.gz
1 files changed, 21 insertions, 1 deletions
diff --git a/src/fips.c b/src/fips.c
index 3089f768..c9f29bd2 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -289,6 +289,26 @@ _gcry_fips_test_operational (void)
 }
 
 
+/* This is a test on whether the library is in the error or
+   operational state. */
+int
+_gcry_fips_test_error_or_operational (void)
+{
+  int result;
+
+  if (!fips_mode ())
+    result = 1;
+  else
+    {
+      lock_fsm ();
+      result = (current_state == STATE_OPERATIONAL
+                || current_state == STATE_ERROR);
+      unlock_fsm ();
+    }
+  return result;
+}
+
+
 static void
 reporter (const char *domain, int algo, const char *what, const char *errtxt)
 {
@@ -604,7 +624,7 @@ fips_new_state (enum module_states new_state)
     case STATE_ERROR:
       if (new_state == STATE_SHUTDOWN
           || new_state == STATE_FATALERROR
-          || new_state == STATE_INIT)
+          || new_state == STATE_SELFTEST)
         ok = 1;
       break;
author	Werner Koch <wk@gnupg.org>	2008-08-27 10:10:47 +0000
committer	Werner Koch <wk@gnupg.org>	2008-08-27 10:10:47 +0000
commit	b7725f9968d8fb623c7c4d37c55714942643bfcb (patch)
tree	b1f3435ceae1fc28e4f984fbe8555558f6d0a61a /src/fips.c
parent	d1e87a8bf19a041e3fe6144213b081f6374ba06b (diff)
download	libgcrypt-b7725f9968d8fb623c7c4d37c55714942643bfcb.tar.gz