X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=lib%2Futils_fips.c;h=34b2daede4f50f527515ac8d79b46208f91d310c;hb=322b430a2589cdc7985e98a14ec12322b91c9d5e;hp=759890d747c84f5d744f1210b874f76228d02c80;hpb=73493c1f445718c8219092d25ae6f5963c2a1365;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/lib/utils_fips.c b/lib/utils_fips.c index 759890d..34b2dae 100644 --- a/lib/utils_fips.c +++ b/lib/utils_fips.c @@ -1,11 +1,12 @@ /* * FIPS mode utilities * - * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -17,45 +18,29 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include -#include "libcryptsetup.h" -#include "nls.h" +#include +#include +#include #include "utils_fips.h" -#include "config.h" #if !ENABLE_FIPS int crypt_fips_mode(void) { return 0; } -void crypt_fips_libcryptsetup_check(struct crypt_device *cd) {} -void crypt_fips_self_check(struct crypt_device *cd) {} #else -#include - -int crypt_fips_mode(void) -{ - return FIPSCHECK_kernel_fips_mode(); -} - -static void crypt_fips_verify(struct crypt_device *cd, - const char *name, const char *function) +static int kernel_fips_mode(void) { - if (!crypt_fips_mode()) - return; + int fd; + char buf[1] = ""; - if (!FIPSCHECK_verify(name, function)) { - crypt_log(cd, CRYPT_LOG_ERROR, _("FIPS checksum verification failed.\n")); - _exit(EXIT_FAILURE); + if ((fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0) { + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR); + close(fd); } - crypt_log(cd, CRYPT_LOG_VERBOSE, _("Running in FIPS mode.\n")); + return (buf[0] == '1') ? 1 : 0; } -void crypt_fips_libcryptsetup_check(struct crypt_device *cd) -{ - crypt_fips_verify(cd, "libcryptsetup.so", "crypt_init"); -} - -void crypt_fips_self_check(struct crypt_device *cd) +int crypt_fips_mode(void) { - crypt_fips_verify(cd, NULL, NULL); + return kernel_fips_mode() && !access("/etc/system-fips", F_OK); } #endif /* ENABLE_FIPS */