diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:12 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:12 +0000 |
commit | 1be69c2c660b70ac2f4de2a5326e27e3e60eb82d (patch) | |
tree | bb299ab6f411f4fccd735907035de710e4ec6abc /lib/utils_fips.c | |
parent | Initial commit. (diff) | |
download | cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.tar.xz cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.zip |
Adding upstream version 2:2.3.7.upstream/2%2.3.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | lib/utils_fips.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/lib/utils_fips.c b/lib/utils_fips.c new file mode 100644 index 0000000..4fa22fb --- /dev/null +++ b/lib/utils_fips.c @@ -0,0 +1,46 @@ +/* + * FIPS mode utilities + * + * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <unistd.h> +#include <fcntl.h> +#include <errno.h> +#include "utils_fips.h" + +#if !ENABLE_FIPS +int crypt_fips_mode(void) { return 0; } +#else +static int kernel_fips_mode(void) +{ + int fd; + char buf[1] = ""; + + if ((fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0) { + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR); + close(fd); + } + + return (buf[0] == '1') ? 1 : 0; +} + +int crypt_fips_mode(void) +{ + return kernel_fips_mode() && !access("/etc/system-fips", F_OK); +} +#endif /* ENABLE_FIPS */ |