1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * FIPS 200 support. |
4 | * |
5 | * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com> |
6 | */ |
7 | |
8 | #include <linux/export.h> |
9 | #include <linux/fips.h> |
10 | #include <linux/init.h> |
11 | #include <linux/module.h> |
12 | #include <linux/kernel.h> |
13 | #include <linux/sysctl.h> |
14 | #include <linux/notifier.h> |
15 | #include <generated/utsrelease.h> |
16 | |
17 | int fips_enabled; |
18 | EXPORT_SYMBOL_GPL(fips_enabled); |
19 | |
20 | ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain); |
21 | EXPORT_SYMBOL_GPL(fips_fail_notif_chain); |
22 | |
23 | /* Process kernel command-line parameter at boot time. fips=0 or fips=1 */ |
24 | static int fips_enable(char *str) |
25 | { |
26 | fips_enabled = !!simple_strtol(str, NULL, 0); |
27 | printk(KERN_INFO "fips mode: %s\n" , |
28 | fips_enabled ? "enabled" : "disabled" ); |
29 | return 1; |
30 | } |
31 | |
32 | __setup("fips=" , fips_enable); |
33 | |
34 | #define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME |
35 | #ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION |
36 | #define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION |
37 | #else |
38 | #define FIPS_MODULE_VERSION UTS_RELEASE |
39 | #endif |
40 | |
41 | static char fips_name[] = FIPS_MODULE_NAME; |
42 | static char fips_version[] = FIPS_MODULE_VERSION; |
43 | |
44 | static struct ctl_table crypto_sysctl_table[] = { |
45 | { |
46 | .procname = "fips_enabled" , |
47 | .data = &fips_enabled, |
48 | .maxlen = sizeof(int), |
49 | .mode = 0444, |
50 | .proc_handler = proc_dointvec |
51 | }, |
52 | { |
53 | .procname = "fips_name" , |
54 | .data = &fips_name, |
55 | .maxlen = 64, |
56 | .mode = 0444, |
57 | .proc_handler = proc_dostring |
58 | }, |
59 | { |
60 | .procname = "fips_version" , |
61 | .data = &fips_version, |
62 | .maxlen = 64, |
63 | .mode = 0444, |
64 | .proc_handler = proc_dostring |
65 | }, |
66 | {} |
67 | }; |
68 | |
69 | static struct ctl_table_header *crypto_sysctls; |
70 | |
71 | static void crypto_proc_fips_init(void) |
72 | { |
73 | crypto_sysctls = register_sysctl("crypto" , crypto_sysctl_table); |
74 | } |
75 | |
76 | static void crypto_proc_fips_exit(void) |
77 | { |
78 | unregister_sysctl_table(table: crypto_sysctls); |
79 | } |
80 | |
81 | void fips_fail_notify(void) |
82 | { |
83 | if (fips_enabled) |
84 | atomic_notifier_call_chain(nh: &fips_fail_notif_chain, val: 0, NULL); |
85 | } |
86 | EXPORT_SYMBOL_GPL(fips_fail_notify); |
87 | |
88 | static int __init fips_init(void) |
89 | { |
90 | crypto_proc_fips_init(); |
91 | return 0; |
92 | } |
93 | |
94 | static void __exit fips_exit(void) |
95 | { |
96 | crypto_proc_fips_exit(); |
97 | } |
98 | |
99 | subsys_initcall(fips_init); |
100 | module_exit(fips_exit); |
101 | |