forked from Minki/linux
crypto: fips - make proc files report fips module name and version
FIPS 140-3 introduced a requirement for the FIPS module to return information about itself, specifically a name and a version. These values must match the values reported on FIPS certificates. This patch adds two files to read a name and a version from: /proc/sys/crypto/fips_name /proc/sys/crypto/fips_version v2: removed redundant parentheses in config entries. v3: move FIPS_MODULE_* defines to fips.c where they are used. v4: return utsrelease.h inclusion Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Vladis Dronov
Herbert Xu
parent
1353e576ae
commit
5a44749f65
@ -33,6 +33,27 @@ config CRYPTO_FIPS
|
|||||||
certification. You should say no unless you know what
|
certification. You should say no unless you know what
|
||||||
this is.
|
this is.
|
||||||
|
|
||||||
|
config CRYPTO_FIPS_NAME
|
||||||
|
string "FIPS Module Name"
|
||||||
|
default "Linux Kernel Cryptographic API"
|
||||||
|
depends on CRYPTO_FIPS
|
||||||
|
help
|
||||||
|
This option sets the FIPS Module name reported by the Crypto API via
|
||||||
|
the /proc/sys/crypto/fips_name file.
|
||||||
|
|
||||||
|
config CRYPTO_FIPS_CUSTOM_VERSION
|
||||||
|
bool "Use Custom FIPS Module Version"
|
||||||
|
depends on CRYPTO_FIPS
|
||||||
|
default n
|
||||||
|
|
||||||
|
config CRYPTO_FIPS_VERSION
|
||||||
|
string "FIPS Module Version"
|
||||||
|
default "(none)"
|
||||||
|
depends on CRYPTO_FIPS_CUSTOM_VERSION
|
||||||
|
help
|
||||||
|
This option provides the ability to override the FIPS Module Version.
|
||||||
|
By default the KERNELRELEASE value is used.
|
||||||
|
|
||||||
config CRYPTO_ALGAPI
|
config CRYPTO_ALGAPI
|
||||||
tristate
|
tristate
|
||||||
select CRYPTO_ALGAPI2
|
select CRYPTO_ALGAPI2
|
||||||
|
|||||||
@ -12,6 +12,7 @@
|
|||||||
#include <linux/kernel.h>
|
#include <linux/kernel.h>
|
||||||
#include <linux/sysctl.h>
|
#include <linux/sysctl.h>
|
||||||
#include <linux/notifier.h>
|
#include <linux/notifier.h>
|
||||||
|
#include <generated/utsrelease.h>
|
||||||
|
|
||||||
int fips_enabled;
|
int fips_enabled;
|
||||||
EXPORT_SYMBOL_GPL(fips_enabled);
|
EXPORT_SYMBOL_GPL(fips_enabled);
|
||||||
@ -30,6 +31,16 @@ static int fips_enable(char *str)
|
|||||||
|
|
||||||
__setup("fips=", fips_enable);
|
__setup("fips=", fips_enable);
|
||||||
|
|
||||||
|
#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
|
||||||
|
#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
|
||||||
|
#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
|
||||||
|
#else
|
||||||
|
#define FIPS_MODULE_VERSION UTS_RELEASE
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static char fips_name[] = FIPS_MODULE_NAME;
|
||||||
|
static char fips_version[] = FIPS_MODULE_VERSION;
|
||||||
|
|
||||||
static struct ctl_table crypto_sysctl_table[] = {
|
static struct ctl_table crypto_sysctl_table[] = {
|
||||||
{
|
{
|
||||||
.procname = "fips_enabled",
|
.procname = "fips_enabled",
|
||||||
@ -38,6 +49,20 @@ static struct ctl_table crypto_sysctl_table[] = {
|
|||||||
.mode = 0444,
|
.mode = 0444,
|
||||||
.proc_handler = proc_dointvec
|
.proc_handler = proc_dointvec
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
.procname = "fips_name",
|
||||||
|
.data = &fips_name,
|
||||||
|
.maxlen = 64,
|
||||||
|
.mode = 0444,
|
||||||
|
.proc_handler = proc_dostring
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.procname = "fips_version",
|
||||||
|
.data = &fips_version,
|
||||||
|
.maxlen = 64,
|
||||||
|
.mode = 0444,
|
||||||
|
.proc_handler = proc_dostring
|
||||||
|
},
|
||||||
{}
|
{}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user