projects
/
platform
/
upstream
/
cryptsetup.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Imported Upstream version 2.3.3
[platform/upstream/cryptsetup.git]
/
lib
/
utils_fips.c
diff --git
a/lib/utils_fips.c
b/lib/utils_fips.c
index
759890d
..
34b2dae
100644
(file)
--- a/
lib/utils_fips.c
+++ b/
lib/utils_fips.c
@@
-1,11
+1,12
@@
/*
* FIPS mode utilities
*
/*
* FIPS mode utilities
*
- * Copyright (C) 2011-20
12,
Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-20
20
Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
@@
-17,45
+18,29
@@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include <
stdlib
.h>
-#include
"libcryptsetup.h"
-#include
"nls.h"
+#include <
unistd
.h>
+#include
<fcntl.h>
+#include
<errno.h>
#include "utils_fips.h"
#include "utils_fips.h"
-#include "config.h"
#if !ENABLE_FIPS
int crypt_fips_mode(void) { return 0; }
#if !ENABLE_FIPS
int crypt_fips_mode(void) { return 0; }
-void crypt_fips_libcryptsetup_check(struct crypt_device *cd) {}
-void crypt_fips_self_check(struct crypt_device *cd) {}
#else
#else
-#include <fipscheck.h>
-
-int crypt_fips_mode(void)
-{
- return FIPSCHECK_kernel_fips_mode();
-}
-
-static void crypt_fips_verify(struct crypt_device *cd,
- const char *name, const char *function)
+static int kernel_fips_mode(void)
{
{
- i
f (!crypt_fips_mode())
-
return
;
+ i
nt fd;
+
char buf[1] = ""
;
- if (
!FIPSCHECK_verify(name, function)
) {
-
crypt_log(cd, CRYPT_LOG_ERROR, _("FIPS checksum verification failed.\n")
);
-
_exit(EXIT_FAILURE
);
+ if (
(fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0
) {
+
while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR
);
+
close(fd
);
}
}
-
crypt_log(cd, CRYPT_LOG_VERBOSE, _("Running in FIPS mode.\n"))
;
+
return (buf[0] == '1') ? 1 : 0
;
}
}
-void crypt_fips_libcryptsetup_check(struct crypt_device *cd)
-{
- crypt_fips_verify(cd, "libcryptsetup.so", "crypt_init");
-}
-
-void crypt_fips_self_check(struct crypt_device *cd)
+int crypt_fips_mode(void)
{
{
-
crypt_fips_verify(cd, NULL, NULL
);
+
return kernel_fips_mode() && !access("/etc/system-fips", F_OK
);
}
#endif /* ENABLE_FIPS */
}
#endif /* ENABLE_FIPS */