1/* fips.c - FIPS mode management 2 * Copyright (C) 2008 Free Software Foundation, Inc. 3 * 4 * This file is part of Libgcrypt. 5 * 6 * Libgcrypt is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU Lesser General Public License as 8 * published by the Free Software Foundation; either version 2.1 of 9 * the License, or (at your option) any later version. 10 * 11 * Libgcrypt is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this program; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20#include <config.h> 21#include <stdio.h> 22#include <stdlib.h> 23#include <errno.h> 24#include <unistd.h> 25#include <string.h> 26#ifdef ENABLE_HMAC_BINARY_CHECK 27# include <dlfcn.h> 28#endif 29#ifdef HAVE_SYSLOG 30# include <syslog.h> 31#endif /*HAVE_SYSLOG*/ 32 33#include "g10lib.h" 34#include "ath.h" 35#include "cipher-proto.h" 36#include "hmac256.h" 37 38 39/* The name of the file used to foce libgcrypt into fips mode. */ 40#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled" 41 42 43/* The states of the finite state machine used in fips mode. */ 44enum module_states 45 { 46 /* POWEROFF cannot be represented. */ 47 STATE_POWERON = 0, 48 STATE_INIT, 49 STATE_SELFTEST, 50 STATE_OPERATIONAL, 51 STATE_ERROR, 52 STATE_FATALERROR, 53 STATE_SHUTDOWN 54 }; 55 56 57/* Flag telling whether we are in fips mode. It uses inverse logic so 58 that fips mode is the default unless changed by the initialization 59 code. To check whether fips mode is enabled, use the function 60 fips_mode()! */ 61static int no_fips_mode_required; 62 63/* Flag to indicate that we are in the enforced FIPS mode. */ 64static int enforced_fips_mode; 65 66/* If this flag is set, the application may no longer assume that the 67 process is running in FIPS mode. This flag is protected by the 68 FSM_LOCK. */ 69static int inactive_fips_mode; 70 71/* This is the lock we use to protect the FSM. */ 72static ath_mutex_t fsm_lock = ATH_MUTEX_INITIALIZER; 73 74/* The current state of the FSM. The whole state machinery is only 75 used while in fips mode. Change this only while holding fsm_lock. */ 76static enum module_states current_state; 77 78 79 80 81 82static void fips_new_state (enum module_states new_state); 83 84 85 86/* Convert lowercase hex digits; assumes valid hex digits. */ 87#define loxtoi_1(p) (*(p) <= '9'? (*(p)- '0'): (*(p)-'a'+10)) 88#define loxtoi_2(p) ((loxtoi_1(p) * 16) + loxtoi_1((p)+1)) 89 90/* Returns true if P points to a lowercase hex digit. */ 91#define loxdigit_p(p) !!strchr ("01234567890abcdef", *(p)) 92 93 94 95/* Check whether the OS is in FIPS mode and record that in a module 96 local variable. If FORCE is passed as true, fips mode will be 97 enabled anyway. Note: This function is not thread-safe and should 98 be called before any threads are created. This function may only 99 be called once. */ 100void 101_gcry_initialize_fips_mode (int force) 102{ 103 static int done; 104 gpg_error_t err; 105 106 /* Make sure we are not accidently called twice. */ 107 if (done) 108 { 109 if ( fips_mode () ) 110 { 111 fips_new_state (STATE_FATALERROR); 112 fips_noreturn (); 113 } 114 /* If not in fips mode an assert is sufficient. */ 115 gcry_assert (!done); 116 } 117 done = 1; 118 119 /* If the calling application explicitly requested fipsmode, do so. */ 120 if (force) 121 { 122 gcry_assert (!no_fips_mode_required); 123 goto leave; 124 } 125 126 /* For testing the system it is useful to override the system 127 provided detection of the FIPS mode and force FIPS mode using a 128 file. The filename is hardwired so that there won't be any 129 confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is 130 actually used. The file itself may be empty. */ 131 if ( !access (FIPS_FORCE_FILE, F_OK) ) 132 { 133 gcry_assert (!no_fips_mode_required); 134 goto leave; 135 } 136 137 /* Checking based on /proc file properties. */ 138 { 139 static const char procfname[] = "/proc/sys/crypto/fips_enabled"; 140 FILE *fp; 141 int saved_errno; 142 143 fp = fopen (procfname, "r"); 144 if (fp) 145 { 146 char line[256]; 147 148 if (fgets (line, sizeof line, fp) && atoi (line)) 149 { 150 /* System is in fips mode. */ 151 fclose (fp); 152 gcry_assert (!no_fips_mode_required); 153 goto leave; 154 } 155 fclose (fp); 156 } 157 else if ((saved_errno = errno) != ENOENT 158 && saved_errno != EACCES 159 && !access ("/proc/version", F_OK) ) 160 { 161 /* Problem reading the fips file despite that we have the proc 162 file system. We better stop right away. */ 163 log_info ("FATAL: error reading `%s' in libgcrypt: %s\n", 164 procfname, strerror (saved_errno)); 165#ifdef HAVE_SYSLOG 166 syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " 167 "reading `%s' failed: %s - abort", 168 procfname, strerror (saved_errno)); 169#endif /*HAVE_SYSLOG*/ 170 abort (); 171 } 172 } 173 174 /* Fips not not requested, set flag. */ 175 no_fips_mode_required = 1; 176 177 leave: 178 if (!no_fips_mode_required) 179 { 180 /* Yes, we are in FIPS mode. */ 181 FILE *fp; 182 183 /* Intitialize the lock to protect the FSM. */ 184 err = ath_mutex_init (&fsm_lock); 185 if (err) 186 { 187 /* If that fails we can't do anything but abort the 188 process. We need to use log_info so that the FSM won't 189 get involved. */ 190 log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n", 191 strerror (err)); 192#ifdef HAVE_SYSLOG 193 syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " 194 "creating FSM lock failed: %s - abort", 195 strerror (err)); 196#endif /*HAVE_SYSLOG*/ 197 abort (); 198 } 199 200 201 /* If the FIPS force files exists, is readable and has a number 202 != 0 on its first line, we enable the enforced fips mode. */ 203 fp = fopen (FIPS_FORCE_FILE, "r"); 204 if (fp) 205 { 206 char line[256]; 207 208 if (fgets (line, sizeof line, fp) && atoi (line)) 209 enforced_fips_mode = 1; 210 fclose (fp); 211 } 212 213 /* Now get us into the INIT state. */ 214 fips_new_state (STATE_INIT); 215 216 } 217 return; 218} 219 220static void 221lock_fsm (void) 222{ 223 gpg_error_t err; 224 225 err = ath_mutex_lock (&fsm_lock); 226 if (err) 227 { 228 log_info ("FATAL: failed to acquire the FSM lock in libgrypt: %s\n", 229 strerror (err)); 230#ifdef HAVE_SYSLOG 231 syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " 232 "acquiring FSM lock failed: %s - abort", 233 strerror (err)); 234#endif /*HAVE_SYSLOG*/ 235 abort (); 236 } 237} 238 239static void 240unlock_fsm (void) 241{ 242 gpg_error_t err; 243 244 err = ath_mutex_unlock (&fsm_lock); 245 if (err) 246 { 247 log_info ("FATAL: failed to release the FSM lock in libgrypt: %s\n", 248 strerror (err)); 249#ifdef HAVE_SYSLOG 250 syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " 251 "releasing FSM lock failed: %s - abort", 252 strerror (err)); 253#endif /*HAVE_SYSLOG*/ 254 abort (); 255 } 256} 257 258 259/* This function returns true if fips mode is enabled. This is 260 independent of the fips required finite state machine and only used 261 to enable fips specific code. Please use the fips_mode macro 262 instead of calling this function directly. */ 263int 264_gcry_fips_mode (void) 265{ 266 /* No locking is required because we have the requirement that this 267 variable is only initialized once with no other threads 268 existing. */ 269 return !no_fips_mode_required; 270} 271 272 273/* Return a flag telling whether we are in the enforced fips mode. */ 274int 275_gcry_enforced_fips_mode (void) 276{ 277 return enforced_fips_mode; 278} 279 280 281/* If we do not want to enforce the fips mode, we can set a flag so 282 that the application may check whether it is still in fips mode. 283 TEXT will be printed as part of a syslog message. This function 284 may only be be called if in fips mode. */ 285void 286_gcry_inactivate_fips_mode (const char *text) 287{ 288 gcry_assert (_gcry_fips_mode ()); 289 290 if (_gcry_enforced_fips_mode () ) 291 { 292 /* Get us into the error state. */ 293 fips_signal_error (text); 294 return; 295 } 296 297 lock_fsm (); 298 if (!inactive_fips_mode) 299 { 300 inactive_fips_mode = 1; 301 unlock_fsm (); 302#ifdef HAVE_SYSLOG 303 syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: " 304 "%s - FIPS mode inactivated", text); 305#endif /*HAVE_SYSLOG*/ 306 } 307 else 308 unlock_fsm (); 309} 310 311 312/* Return the FIPS mode inactive flag. If it is true the FIPS mode is 313 not anymore active. */ 314int 315_gcry_is_fips_mode_inactive (void) 316{ 317 int flag; 318 319 if (!_gcry_fips_mode ()) 320 return 0; 321 lock_fsm (); 322 flag = inactive_fips_mode; 323 unlock_fsm (); 324 return flag; 325} 326 327 328 329static const char * 330state2str (enum module_states state) 331{ 332 const char *s; 333 334 switch (state) 335 { 336 case STATE_POWERON: s = "Power-On"; break; 337 case STATE_INIT: s = "Init"; break; 338 case STATE_SELFTEST: s = "Self-Test"; break; 339 case STATE_OPERATIONAL: s = "Operational"; break; 340 case STATE_ERROR: s = "Error"; break; 341 case STATE_FATALERROR: s = "Fatal-Error"; break; 342 case STATE_SHUTDOWN: s = "Shutdown"; break; 343 default: s = "?"; break; 344 } 345 return s; 346} 347 348 349/* Return true if the library is in the operational state. */ 350int 351_gcry_fips_is_operational (void) 352{ 353 int result; 354 355 if (!fips_mode ()) 356 result = 1; 357 else 358 { 359 lock_fsm (); 360 if (current_state == STATE_INIT) 361 { 362 /* If we are still in the INIT state, we need to run the 363 selftests so that the FSM can eventually get into 364 operational state. Given that we would need a 2-phase 365 initialization of libgcrypt, but that has traditionally 366 not been enforced, we use this on demand self-test 367 checking. Note that Proper applications would do the 368 application specific libgcrypt initialization between a 369 gcry_check_version() and gcry_control 370 (GCRYCTL_INITIALIZATION_FINISHED) where the latter will 371 run the selftests. The drawback of these on-demand 372 self-tests are a small chance that self-tests are 373 performed by severeal threads; that is no problem because 374 our FSM make sure that we won't oversee any error. */ 375 unlock_fsm (); 376 _gcry_fips_run_selftests (0); 377 lock_fsm (); 378 } 379 380 result = (current_state == STATE_OPERATIONAL); 381 unlock_fsm (); 382 } 383 return result; 384} 385 386 387/* This is test on whether the library is in the operational state. In 388 contrast to _gcry_fips_is_operational this function won't do a 389 state transition on the fly. */ 390int 391_gcry_fips_test_operational (void) 392{ 393 int result; 394 395 if (!fips_mode ()) 396 result = 1; 397 else 398 { 399 lock_fsm (); 400 result = (current_state == STATE_OPERATIONAL); 401 unlock_fsm (); 402 } 403 return result; 404} 405 406 407/* This is a test on whether the library is in the error or 408 operational state. */ 409int 410_gcry_fips_test_error_or_operational (void) 411{ 412 int result; 413 414 if (!fips_mode ()) 415 result = 1; 416 else 417 { 418 lock_fsm (); 419 result = (current_state == STATE_OPERATIONAL 420 || current_state == STATE_ERROR); 421 unlock_fsm (); 422 } 423 return result; 424} 425 426 427static void 428reporter (const char *domain, int algo, const char *what, const char *errtxt) 429{ 430 if (!errtxt && !_gcry_log_verbosity (2)) 431 return; 432 433 log_info ("libgcrypt selftest: %s %s%s (%d): %s%s%s%s\n", 434 !strcmp (domain, "hmac")? "digest":domain, 435 !strcmp (domain, "hmac")? "HMAC-":"", 436 !strcmp (domain, "cipher")? _gcry_cipher_algo_name (algo) : 437 !strcmp (domain, "digest")? _gcry_md_algo_name (algo) : 438 !strcmp (domain, "hmac")? _gcry_md_algo_name (algo) : 439 !strcmp (domain, "pubkey")? _gcry_pk_algo_name (algo) : "", 440 algo, errtxt? errtxt:"Okay", 441 what?" (":"", what? what:"", what?")":""); 442} 443 444/* Run self-tests for all required cipher algorithms. Return 0 on 445 success. */ 446static int 447run_cipher_selftests (int extended) 448{ 449 static int algos[] = 450 { 451 GCRY_CIPHER_3DES, 452 GCRY_CIPHER_AES128, 453 GCRY_CIPHER_AES192, 454 GCRY_CIPHER_AES256, 455 0 456 }; 457 int idx; 458 gpg_error_t err; 459 int anyerr = 0; 460 461 for (idx=0; algos[idx]; idx++) 462 { 463 err = _gcry_cipher_selftest (algos[idx], extended, reporter); 464 reporter ("cipher", algos[idx], NULL, 465 err? gpg_strerror (err):NULL); 466 if (err) 467 anyerr = 1; 468 } 469 return anyerr; 470} 471 472 473/* Run self-tests for all required hash algorithms. Return 0 on 474 success. */ 475static int 476run_digest_selftests (int extended) 477{ 478 static int algos[] = 479 { 480 GCRY_MD_SHA1, 481 GCRY_MD_SHA224, 482 GCRY_MD_SHA256, 483 GCRY_MD_SHA384, 484 GCRY_MD_SHA512, 485 0 486 }; 487 int idx; 488 gpg_error_t err; 489 int anyerr = 0; 490 491 for (idx=0; algos[idx]; idx++) 492 { 493 err = _gcry_md_selftest (algos[idx], extended, reporter); 494 reporter ("digest", algos[idx], NULL, 495 err? gpg_strerror (err):NULL); 496 if (err) 497 anyerr = 1; 498 } 499 return anyerr; 500} 501 502 503/* Run self-tests for all HMAC algorithms. Return 0 on success. */ 504static int 505run_hmac_selftests (int extended) 506{ 507 static int algos[] = 508 { 509 GCRY_MD_SHA1, 510 GCRY_MD_SHA224, 511 GCRY_MD_SHA256, 512 GCRY_MD_SHA384, 513 GCRY_MD_SHA512, 514 0 515 }; 516 int idx; 517 gpg_error_t err; 518 int anyerr = 0; 519 520 for (idx=0; algos[idx]; idx++) 521 { 522 err = _gcry_hmac_selftest (algos[idx], extended, reporter); 523 reporter ("hmac", algos[idx], NULL, 524 err? gpg_strerror (err):NULL); 525 if (err) 526 anyerr = 1; 527 } 528 return anyerr; 529} 530 531 532/* Run self-tests for all required public key algorithms. Return 0 on 533 success. */ 534static int 535run_pubkey_selftests (int extended) 536{ 537 static int algos[] = 538 { 539 GCRY_PK_RSA, 540 GCRY_PK_DSA, 541 /* GCRY_PK_ECDSA is not enabled in fips mode. */ 542 0 543 }; 544 int idx; 545 gpg_error_t err; 546 int anyerr = 0; 547 548 for (idx=0; algos[idx]; idx++) 549 { 550 err = _gcry_pk_selftest (algos[idx], extended, reporter); 551 reporter ("pubkey", algos[idx], NULL, 552 err? gpg_strerror (err):NULL); 553 if (err) 554 anyerr = 1; 555 } 556 return anyerr; 557} 558 559 560/* Run self-tests for the random number generator. Returns 0 on 561 success. */ 562static int 563run_random_selftests (void) 564{ 565 gpg_error_t err; 566 567 err = _gcry_random_selftest (reporter); 568 reporter ("random", 0, NULL, err? gpg_strerror (err):NULL); 569 570 return !!err; 571} 572 573/* Run an integrity check on the binary. Returns 0 on success. */ 574static int 575check_binary_integrity (void) 576{ 577#ifdef ENABLE_HMAC_BINARY_CHECK 578 gpg_error_t err; 579 Dl_info info; 580 unsigned char digest[32]; 581 int dlen; 582 char *fname = NULL; 583 const char key[] = "What am I, a doctor or a moonshuttle conductor?"; 584 585 if (!dladdr ("gcry_check_version", &info)) 586 err = gpg_error_from_syserror (); 587 else 588 { 589 dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname, 590 key, strlen (key)); 591 if (dlen < 0) 592 err = gpg_error_from_syserror (); 593 else if (dlen != 32) 594 err = gpg_error (GPG_ERR_INTERNAL); 595 else 596 { 597 fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 ); 598 if (!fname) 599 err = gpg_error_from_syserror (); 600 else 601 { 602 FILE *fp; 603 char *p; 604 605 /* Prefix the basename with a dot. */ 606 strcpy (fname, info.dli_fname); 607 p = strrchr (fname, '/'); 608 if (p) 609 p++; 610 else 611 p = fname; 612 memmove (p+1, p, strlen (p)+1); 613 *p = '.'; 614 strcat (fname, ".hmac"); 615 616 /* Open the file. */ 617 fp = fopen (fname, "r"); 618 if (!fp) 619 err = gpg_error_from_syserror (); 620 else 621 { 622 /* A buffer of 64 bytes plus one for a LF and one to 623 detect garbage. */ 624 unsigned char buffer[64+1+1]; 625 const unsigned char *s; 626 int n; 627 628 /* The HMAC files consists of lowercase hex digits 629 only with an optional trailing linefeed. Fail if 630 there is any garbage. */ 631 err = gpg_error (GPG_ERR_SELFTEST_FAILED); 632 n = fread (buffer, 1, sizeof buffer, fp); 633 if (n == 64 || (n == 65 && buffer[64] == '\n')) 634 { 635 buffer[64] = 0; 636 for (n=0, s= buffer; 637 n < 32 && loxdigit_p (s) && loxdigit_p (s+1); 638 n++, s += 2) 639 buffer[n] = loxtoi_2 (s); 640 if ( n == 32 && !memcmp (digest, buffer, 32) ) 641 err = 0; 642 } 643 fclose (fp); 644 } 645 } 646 } 647 } 648 reporter ("binary", 0, fname, err? gpg_strerror (err):NULL); 649#ifdef HAVE_SYSLOG 650 if (err) 651 syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " 652 "integrity check using `%s' failed: %s", 653 fname? fname:"[?]", gpg_strerror (err)); 654#endif /*HAVE_SYSLOG*/ 655 gcry_free (fname); 656 return !!err; 657#else 658 return 0; 659#endif 660} 661 662 663/* Run the self-tests. If EXTENDED is true, extended versions of the 664 selftest are run, that is more tests than required by FIPS. */ 665gpg_err_code_t 666_gcry_fips_run_selftests (int extended) 667{ 668 enum module_states result = STATE_ERROR; 669 gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED; 670 671 if (fips_mode ()) 672 fips_new_state (STATE_SELFTEST); 673 674 if (run_cipher_selftests (extended)) 675 goto leave; 676 677 if (run_digest_selftests (extended)) 678 goto leave; 679 680 if (run_hmac_selftests (extended)) 681 goto leave; 682 683 /* Run random tests before the pubkey tests because the latter 684 require random. */ 685 if (run_random_selftests ()) 686 goto leave; 687 688 if (run_pubkey_selftests (extended)) 689 goto leave; 690 691 /* Now check the integrity of the binary. We do this this after 692 having checked the HMAC code. */ 693 if (check_binary_integrity ()) 694 goto leave; 695 696 /* All selftests passed. */ 697 result = STATE_OPERATIONAL; 698 ec = 0; 699 700 leave: 701 if (fips_mode ()) 702 fips_new_state (result); 703 704 return ec; 705} 706 707 708/* This function is used to tell the FSM about errors in the library. 709 The FSM will be put into an error state. This function should not 710 be called directly but by one of the macros 711 712 fips_signal_error (description) 713 fips_signal_fatal_error (description) 714 715 where DESCRIPTION is a string describing the error. */ 716void 717_gcry_fips_signal_error (const char *srcfile, int srcline, const char *srcfunc, 718 int is_fatal, const char *description) 719{ 720 if (!fips_mode ()) 721 return; /* Not required. */ 722 723 /* Set new state before printing an error. */ 724 fips_new_state (is_fatal? STATE_FATALERROR : STATE_ERROR); 725 726 /* Print error. */ 727 log_info ("%serror in libgcrypt, file %s, line %d%s%s: %s\n", 728 is_fatal? "fatal ":"", 729 srcfile, srcline, 730 srcfunc? ", function ":"", srcfunc? srcfunc:"", 731 description? description : "no description available"); 732#ifdef HAVE_SYSLOG 733 syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " 734 "%serror in file %s, line %d%s%s: %s", 735 is_fatal? "fatal ":"", 736 srcfile, srcline, 737 srcfunc? ", function ":"", srcfunc? srcfunc:"", 738 description? description : "no description available"); 739#endif /*HAVE_SYSLOG*/ 740} 741 742 743/* Perform a state transition to NEW_STATE. If this is an invalid 744 transition, the module will go into a fatal error state. */ 745static void 746fips_new_state (enum module_states new_state) 747{ 748 int ok = 0; 749 enum module_states last_state; 750 751 lock_fsm (); 752 753 last_state = current_state; 754 switch (current_state) 755 { 756 case STATE_POWERON: 757 if (new_state == STATE_INIT 758 || new_state == STATE_ERROR 759 || new_state == STATE_FATALERROR) 760 ok = 1; 761 break; 762 763 case STATE_INIT: 764 if (new_state == STATE_SELFTEST 765 || new_state == STATE_ERROR 766 || new_state == STATE_FATALERROR) 767 ok = 1; 768 break; 769 770 case STATE_SELFTEST: 771 if (new_state == STATE_OPERATIONAL 772 || new_state == STATE_ERROR 773 || new_state == STATE_FATALERROR) 774 ok = 1; 775 break; 776 777 case STATE_OPERATIONAL: 778 if (new_state == STATE_SHUTDOWN 779 || new_state == STATE_SELFTEST 780 || new_state == STATE_ERROR 781 || new_state == STATE_FATALERROR) 782 ok = 1; 783 break; 784 785 case STATE_ERROR: 786 if (new_state == STATE_SHUTDOWN 787 || new_state == STATE_ERROR 788 || new_state == STATE_FATALERROR 789 || new_state == STATE_SELFTEST) 790 ok = 1; 791 break; 792 793 case STATE_FATALERROR: 794 if (new_state == STATE_SHUTDOWN ) 795 ok = 1; 796 break; 797 798 case STATE_SHUTDOWN: 799 /* We won't see any transition *from* Shutdown because the only 800 allowed new state is Power-Off and that one can't be 801 represented. */ 802 break; 803 804 } 805 806 if (ok) 807 { 808 current_state = new_state; 809 } 810 811 unlock_fsm (); 812 813 if (!ok || _gcry_log_verbosity (2)) 814 log_info ("libgcrypt state transition %s => %s %s\n", 815 state2str (last_state), state2str (new_state), 816 ok? "granted":"denied"); 817 818 if (!ok) 819 { 820 /* Invalid state transition. Halting library. */ 821#ifdef HAVE_SYSLOG 822 syslog (LOG_USER|LOG_ERR, 823 "Libgcrypt error: invalid state transition %s => %s", 824 state2str (last_state), state2str (new_state)); 825#endif /*HAVE_SYSLOG*/ 826 fips_noreturn (); 827 } 828 else if (new_state == STATE_ERROR || new_state == STATE_FATALERROR) 829 { 830#ifdef HAVE_SYSLOG 831 syslog (LOG_USER|LOG_WARNING, 832 "Libgcrypt notice: state transition %s => %s", 833 state2str (last_state), state2str (new_state)); 834#endif /*HAVE_SYSLOG*/ 835 } 836} 837 838 839 840 841/* This function should be called to ensure that the execution shall 842 not continue. */ 843void 844_gcry_fips_noreturn (void) 845{ 846#ifdef HAVE_SYSLOG 847 syslog (LOG_USER|LOG_ERR, "Libgcrypt terminated the application"); 848#endif /*HAVE_SYSLOG*/ 849 fflush (NULL); 850 abort (); 851 /*NOTREACHED*/ 852} 853