// SPDX-License-Identifier: GPL-2.0-or-later
|
/*
|
* FIPS 200 support.
|
*
|
* Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
|
*/
|
|
#include <linux/export.h>
|
#include <linux/fips.h>
|
#include <linux/init.h>
|
#include <linux/module.h>
|
#include <linux/kernel.h>
|
#include <linux/sysctl.h>
|
#include <linux/notifier.h>
|
|
int fips_enabled;
|
EXPORT_SYMBOL_GPL(fips_enabled);
|
|
ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
|
EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
|
|
/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
|
static int fips_enable(char *str)
|
{
|
fips_enabled = !!simple_strtol(str, NULL, 0);
|
printk(KERN_INFO "fips mode: %s\n",
|
fips_enabled ? "enabled" : "disabled");
|
return 1;
|
}
|
|
__setup("fips=", fips_enable);
|
|
static struct ctl_table crypto_sysctl_table[] = {
|
{
|
.procname = "fips_enabled",
|
.data = &fips_enabled,
|
.maxlen = sizeof(int),
|
.mode = 0444,
|
.proc_handler = proc_dointvec
|
},
|
{}
|
};
|
|
static struct ctl_table crypto_dir_table[] = {
|
{
|
.procname = "crypto",
|
.mode = 0555,
|
.child = crypto_sysctl_table
|
},
|
{}
|
};
|
|
static struct ctl_table_header *crypto_sysctls;
|
|
static void crypto_proc_fips_init(void)
|
{
|
crypto_sysctls = register_sysctl_table(crypto_dir_table);
|
}
|
|
static void crypto_proc_fips_exit(void)
|
{
|
unregister_sysctl_table(crypto_sysctls);
|
}
|
|
void fips_fail_notify(void)
|
{
|
if (fips_enabled)
|
atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL);
|
}
|
EXPORT_SYMBOL_GPL(fips_fail_notify);
|
|
static int __init fips_init(void)
|
{
|
crypto_proc_fips_init();
|
return 0;
|
}
|
|
static void __exit fips_exit(void)
|
{
|
crypto_proc_fips_exit();
|
}
|
|
subsys_initcall(fips_init);
|
module_exit(fips_exit);
|
