1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * FIPS 200 support.
4 *
5 * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
6 */
7
8#include <linux/export.h>
9#include <linux/fips.h>
10#include <linux/init.h>
11#include <linux/module.h>
12#include <linux/kernel.h>
13#include <linux/sysctl.h>
14#include <linux/notifier.h>
15#include <generated/utsrelease.h>
16
17int fips_enabled;
18EXPORT_SYMBOL_GPL(fips_enabled);
19
20ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
21EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
22
23/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
24static int fips_enable(char *str)
25{
26 fips_enabled = !!simple_strtol(str, NULL, 0);
27 printk(KERN_INFO "fips mode: %s\n",
28 fips_enabled ? "enabled" : "disabled");
29 return 1;
30}
31
32__setup("fips=", fips_enable);
33
34#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
35#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
36#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
37#else
38#define FIPS_MODULE_VERSION UTS_RELEASE
39#endif
40
41static char fips_name[] = FIPS_MODULE_NAME;
42static char fips_version[] = FIPS_MODULE_VERSION;
43
44static struct ctl_table crypto_sysctl_table[] = {
45 {
46 .procname = "fips_enabled",
47 .data = &fips_enabled,
48 .maxlen = sizeof(int),
49 .mode = 0444,
50 .proc_handler = proc_dointvec
51 },
52 {
53 .procname = "fips_name",
54 .data = &fips_name,
55 .maxlen = 64,
56 .mode = 0444,
57 .proc_handler = proc_dostring
58 },
59 {
60 .procname = "fips_version",
61 .data = &fips_version,
62 .maxlen = 64,
63 .mode = 0444,
64 .proc_handler = proc_dostring
65 },
66 {}
67};
68
69static struct ctl_table_header *crypto_sysctls;
70
71static void crypto_proc_fips_init(void)
72{
73 crypto_sysctls = register_sysctl("crypto", crypto_sysctl_table);
74}
75
76static void crypto_proc_fips_exit(void)
77{
78 unregister_sysctl_table(table: crypto_sysctls);
79}
80
81void fips_fail_notify(void)
82{
83 if (fips_enabled)
84 atomic_notifier_call_chain(nh: &fips_fail_notif_chain, val: 0, NULL);
85}
86EXPORT_SYMBOL_GPL(fips_fail_notify);
87
88static int __init fips_init(void)
89{
90 crypto_proc_fips_init();
91 return 0;
92}
93
94static void __exit fips_exit(void)
95{
96 crypto_proc_fips_exit();
97}
98
99subsys_initcall(fips_init);
100module_exit(fips_exit);
101

source code of linux/crypto/fips.c