Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
ccb778e1 NH |
2 | /* |
3 | * FIPS 200 support. | |
4 | * | |
5 | * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com> | |
ccb778e1 NH |
6 | */ |
7 | ||
76450f93 HX |
8 | #include <linux/export.h> |
9 | #include <linux/fips.h> | |
10 | #include <linux/init.h> | |
94072cb2 | 11 | #include <linux/module.h> |
76450f93 | 12 | #include <linux/kernel.h> |
94072cb2 | 13 | #include <linux/sysctl.h> |
9552389c | 14 | #include <linux/notifier.h> |
5a44749f | 15 | #include <generated/utsrelease.h> |
ccb778e1 NH |
16 | |
17 | int fips_enabled; | |
18 | EXPORT_SYMBOL_GPL(fips_enabled); | |
19 | ||
9552389c GBY |
20 | ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain); |
21 | EXPORT_SYMBOL_GPL(fips_fail_notif_chain); | |
22 | ||
ccb778e1 NH |
23 | /* Process kernel command-line parameter at boot time. fips=0 or fips=1 */ |
24 | static int fips_enable(char *str) | |
25 | { | |
26 | fips_enabled = !!simple_strtol(str, NULL, 0); | |
27 | printk(KERN_INFO "fips mode: %s\n", | |
28 | fips_enabled ? "enabled" : "disabled"); | |
29 | return 1; | |
30 | } | |
31 | ||
32 | __setup("fips=", fips_enable); | |
94072cb2 | 33 | |
5a44749f VD |
34 | #define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME |
35 | #ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION | |
36 | #define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION | |
37 | #else | |
38 | #define FIPS_MODULE_VERSION UTS_RELEASE | |
39 | #endif | |
40 | ||
41 | static char fips_name[] = FIPS_MODULE_NAME; | |
42 | static char fips_version[] = FIPS_MODULE_VERSION; | |
43 | ||
94072cb2 HX |
44 | static struct ctl_table crypto_sysctl_table[] = { |
45 | { | |
5a44749f VD |
46 | .procname = "fips_enabled", |
47 | .data = &fips_enabled, | |
48 | .maxlen = sizeof(int), | |
49 | .mode = 0444, | |
50 | .proc_handler = proc_dointvec | |
51 | }, | |
52 | { | |
53 | .procname = "fips_name", | |
54 | .data = &fips_name, | |
55 | .maxlen = 64, | |
56 | .mode = 0444, | |
57 | .proc_handler = proc_dostring | |
58 | }, | |
59 | { | |
60 | .procname = "fips_version", | |
61 | .data = &fips_version, | |
62 | .maxlen = 64, | |
63 | .mode = 0444, | |
64 | .proc_handler = proc_dostring | |
94072cb2 HX |
65 | }, |
66 | {} | |
67 | }; | |
68 | ||
69 | static struct ctl_table crypto_dir_table[] = { | |
70 | { | |
71 | .procname = "crypto", | |
72 | .mode = 0555, | |
73 | .child = crypto_sysctl_table | |
74 | }, | |
75 | {} | |
76 | }; | |
77 | ||
78 | static struct ctl_table_header *crypto_sysctls; | |
79 | ||
80 | static void crypto_proc_fips_init(void) | |
81 | { | |
82 | crypto_sysctls = register_sysctl_table(crypto_dir_table); | |
83 | } | |
84 | ||
85 | static void crypto_proc_fips_exit(void) | |
86 | { | |
87 | unregister_sysctl_table(crypto_sysctls); | |
88 | } | |
89 | ||
9552389c GBY |
90 | void fips_fail_notify(void) |
91 | { | |
92 | if (fips_enabled) | |
93 | atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL); | |
94 | } | |
95 | EXPORT_SYMBOL_GPL(fips_fail_notify); | |
96 | ||
94072cb2 HX |
97 | static int __init fips_init(void) |
98 | { | |
99 | crypto_proc_fips_init(); | |
100 | return 0; | |
101 | } | |
102 | ||
103 | static void __exit fips_exit(void) | |
104 | { | |
105 | crypto_proc_fips_exit(); | |
106 | } | |
107 | ||
c4741b23 | 108 | subsys_initcall(fips_init); |
94072cb2 | 109 | module_exit(fips_exit); |