summaryrefslogtreecommitdiffstats
path: root/lib/utils_fips.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:12 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:12 +0000
commit1be69c2c660b70ac2f4de2a5326e27e3e60eb82d (patch)
treebb299ab6f411f4fccd735907035de710e4ec6abc /lib/utils_fips.c
parentInitial commit. (diff)
downloadcryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.tar.xz
cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.zip
Adding upstream version 2:2.3.7.upstream/2%2.3.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--lib/utils_fips.c46
1 files changed, 46 insertions, 0 deletions
diff --git a/lib/utils_fips.c b/lib/utils_fips.c
new file mode 100644
index 0000000..4fa22fb
--- /dev/null
+++ b/lib/utils_fips.c
@@ -0,0 +1,46 @@
+/*
+ * FIPS mode utilities
+ *
+ * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include "utils_fips.h"
+
+#if !ENABLE_FIPS
+int crypt_fips_mode(void) { return 0; }
+#else
+static int kernel_fips_mode(void)
+{
+ int fd;
+ char buf[1] = "";
+
+ if ((fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0) {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
+ close(fd);
+ }
+
+ return (buf[0] == '1') ? 1 : 0;
+}
+
+int crypt_fips_mode(void)
+{
+ return kernel_fips_mode() && !access("/etc/system-fips", F_OK);
+}
+#endif /* ENABLE_FIPS */