fips.c 2.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * FIPS 200 support.
  4. *
  5. * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
  6. */
  7. #include <linux/export.h>
  8. #include <linux/fips.h>
  9. #include <linux/init.h>
  10. #include <linux/module.h>
  11. #include <linux/kernel.h>
  12. #include <linux/sysctl.h>
  13. #include <linux/notifier.h>
  14. #include <linux/string_choices.h>
  15. #include <generated/utsrelease.h>
  16. int fips_enabled;
  17. EXPORT_SYMBOL_GPL(fips_enabled);
  18. ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
  19. EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
  20. /* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
  21. static int __init fips_enable(char *str)
  22. {
  23. if (kstrtoint(str, 0, &fips_enabled))
  24. return 0;
  25. fips_enabled = !!fips_enabled;
  26. pr_info("fips mode: %s\n", str_enabled_disabled(fips_enabled));
  27. return 1;
  28. }
  29. __setup("fips=", fips_enable);
  30. #define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
  31. #ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
  32. #define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
  33. #else
  34. #define FIPS_MODULE_VERSION UTS_RELEASE
  35. #endif
  36. static char fips_name[] = FIPS_MODULE_NAME;
  37. static char fips_version[] = FIPS_MODULE_VERSION;
  38. static const struct ctl_table crypto_sysctl_table[] = {
  39. {
  40. .procname = "fips_enabled",
  41. .data = &fips_enabled,
  42. .maxlen = sizeof(int),
  43. .mode = 0444,
  44. .proc_handler = proc_dointvec
  45. },
  46. {
  47. .procname = "fips_name",
  48. .data = &fips_name,
  49. .maxlen = 64,
  50. .mode = 0444,
  51. .proc_handler = proc_dostring
  52. },
  53. {
  54. .procname = "fips_version",
  55. .data = &fips_version,
  56. .maxlen = 64,
  57. .mode = 0444,
  58. .proc_handler = proc_dostring
  59. },
  60. };
  61. static struct ctl_table_header *crypto_sysctls;
  62. static void crypto_proc_fips_init(void)
  63. {
  64. crypto_sysctls = register_sysctl("crypto", crypto_sysctl_table);
  65. }
  66. static void crypto_proc_fips_exit(void)
  67. {
  68. unregister_sysctl_table(crypto_sysctls);
  69. }
  70. void fips_fail_notify(void)
  71. {
  72. if (fips_enabled)
  73. atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL);
  74. }
  75. EXPORT_SYMBOL_GPL(fips_fail_notify);
  76. static int __init fips_init(void)
  77. {
  78. crypto_proc_fips_init();
  79. return 0;
  80. }
  81. static void __exit fips_exit(void)
  82. {
  83. crypto_proc_fips_exit();
  84. }
  85. module_init(fips_init);
  86. module_exit(fips_exit);