crypto: api - Add fips_enable flag

Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Neil Horman <nhorman@tuxdriver.com> 2008-08-05 02:13:08 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-29 01:50:02 -0400
commit: ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4 (patch)
tree: d15c704e38e731391fdb8bf8db1922aff893acd7 /crypto/fips.c
parent: 5be5e667a9a5d8d5553e009e67bc692d95e5916a (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/crypto/fips.c b/crypto/fips.c
new file mode 100644
index 000000000000..553970081c62
--- /dev/null
+++ b/crypto/fips.c
@@ -0,0 +1,27 @@
+/*
+ * FIPS 200 support.
+ *
+ * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include "internal.h"
+int fips_enabled;
+EXPORT_SYMBOL_GPL(fips_enabled);
+/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
+static int fips_enable(char *str)
+{
+        fips_enabled = !!simple_strtol(str, NULL, 0);
+        printk(KERN_INFO "fips mode: %s\n",
+                fips_enabled ? "enabled" : "disabled");
+        return 1;
+}
+__setup("fips=", fips_enable);
author	Neil Horman <nhorman@tuxdriver.com>	2008-08-05 02:13:08 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2008-08-29 01:50:02 -0400
commit	ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4 (patch)
tree	d15c704e38e731391fdb8bf8db1922aff893acd7 /crypto/fips.c
parent	5be5e667a9a5d8d5553e009e67bc692d95e5916a (diff)

diff --git a/crypto/fips.c b/crypto/fips.c new file mode 100644 index 000000000000..553970081c62 --- /dev/null +++ b/crypto/fips.c
@@ -0,0 +1,27 @@
	1	/*
	2	* FIPS 200 support.
	3	*
	4	* Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the Free
	8	* Software Foundation; either version 2 of the License, or (at your option)
	9	* any later version.
	10	*
	11	*/
	12
	13	#include "internal.h"
	14
	15	int fips_enabled;
	16	EXPORT_SYMBOL_GPL(fips_enabled);
	17
	18	/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
	19	static int fips_enable(char *str)
	20	{
	21	fips_enabled = !!simple_strtol(str, NULL, 0);
	22	printk(KERN_INFO "fips mode: %s\n",
	23	fips_enabled ? "enabled" : "disabled");
	24	return 1;
	25	}
	26
	27	__setup("fips=", fips_enable);