diff options
author | Vladis Dronov <vdronov@redhat.com> | 2022-07-08 14:33:13 +0200 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-07-15 16:43:22 +0800 |
commit | f8daa5465f243e6a4afcb0feca83f8cdc59e5ee2 (patch) | |
tree | e789c3d71fd5fea0008f5bcb451f7ed7597ba5b0 /crypto/fips.c | |
parent | 764636396e0b347c29277e0e55331d7ea341d768 (diff) | |
download | linux-crypto-f8daa5465f243e6a4afcb0feca83f8cdc59e5ee2.tar.gz linux-crypto-f8daa5465f243e6a4afcb0feca83f8cdc59e5ee2.zip |
crypto: fips - make proc files report fips module name and version
FIPS 140-3 introduced a requirement for the FIPS module to return
information about itself, specifically a name and a version. These
values must match the values reported on FIPS certificates.
This patch adds two files to read a name and a version from:
/proc/sys/crypto/fips_name
/proc/sys/crypto/fips_version
v2: removed redundant parentheses in config entries.
v3: move FIPS_MODULE_* defines to fips.c where they are used.
v4: return utsrelease.h inclusion
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to '')
-rw-r--r-- | crypto/fips.c | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/crypto/fips.c b/crypto/fips.c index 7b1d8cae..b05d3c7b 100644 --- a/crypto/fips.c +++ b/crypto/fips.c @@ -12,6 +12,7 @@ #include <linux/kernel.h> #include <linux/sysctl.h> #include <linux/notifier.h> +#include <generated/utsrelease.h> int fips_enabled; EXPORT_SYMBOL_GPL(fips_enabled); @@ -30,13 +31,37 @@ static int fips_enable(char *str) __setup("fips=", fips_enable); +#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME +#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION +#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION +#else +#define FIPS_MODULE_VERSION UTS_RELEASE +#endif + +static char fips_name[] = FIPS_MODULE_NAME; +static char fips_version[] = FIPS_MODULE_VERSION; + static struct ctl_table crypto_sysctl_table[] = { { - .procname = "fips_enabled", - .data = &fips_enabled, - .maxlen = sizeof(int), - .mode = 0444, - .proc_handler = proc_dointvec + .procname = "fips_enabled", + .data = &fips_enabled, + .maxlen = sizeof(int), + .mode = 0444, + .proc_handler = proc_dointvec + }, + { + .procname = "fips_name", + .data = &fips_name, + .maxlen = 64, + .mode = 0444, + .proc_handler = proc_dostring + }, + { + .procname = "fips_version", + .data = &fips_version, + .maxlen = 64, + .mode = 0444, + .proc_handler = proc_dostring }, {} }; |