summaryrefslogtreecommitdiffstats
path: root/crypto/fips.c
diff options
context:
space:
mode:
authorNeil Horman <nhorman@tuxdriver.com>2008-08-05 14:13:08 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>2008-08-29 15:50:02 +1000
commitccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4 (patch)
treed15c704e38e731391fdb8bf8db1922aff893acd7 /crypto/fips.c
parent5be5e667a9a5d8d5553e009e67bc692d95e5916a (diff)
downloadlinux-stable-ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4.tar.gz
linux-stable-ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4.tar.bz2
linux-stable-ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4.zip
crypto: api - Add fips_enable flag
Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/fips.c')
-rw-r--r--crypto/fips.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/crypto/fips.c b/crypto/fips.c
new file mode 100644
index 000000000000..553970081c62
--- /dev/null
+++ b/crypto/fips.c
@@ -0,0 +1,27 @@
+/*
+ * FIPS 200 support.
+ *
+ * Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+
+#include "internal.h"
+
+int fips_enabled;
+EXPORT_SYMBOL_GPL(fips_enabled);
+
+/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
+static int fips_enable(char *str)
+{
+ fips_enabled = !!simple_strtol(str, NULL, 0);
+ printk(KERN_INFO "fips mode: %s\n",
+ fips_enabled ? "enabled" : "disabled");
+ return 1;
+}
+
+__setup("fips=", fips_enable);