2023-02-09 01:17:02

by Herbert Xu

[permalink] [raw]
Subject: [PATCH] crypto: proc - Print fips status

As FIPS may disable algorithms it is useful to show their status
in /proc/crypto.

Signed-off-by: Herbert Xu <[email protected]>

diff --git a/crypto/proc.c b/crypto/proc.c
index 12fccb9c5205..56c7c78df297 100644
--- a/crypto/proc.c
+++ b/crypto/proc.c
@@ -11,6 +11,7 @@
#include <linux/atomic.h>
#include <linux/init.h>
#include <linux/crypto.h>
+#include <linux/fips.h>
#include <linux/module.h> /* for module_name() */
#include <linux/rwsem.h>
#include <linux/proc_fs.h>
@@ -48,6 +49,11 @@ static int c_show(struct seq_file *m, void *p)
seq_printf(m, "internal : %s\n",
(alg->cra_flags & CRYPTO_ALG_INTERNAL) ?
"yes" : "no");
+ if (fips_enabled) {
+ seq_printf(m, "fips : %s\n",
+ (alg->cra_flags & CRYPTO_ALG_FIPS_INTERNAL) ?
+ "no" : "yes");
+ }

if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
seq_printf(m, "type : larval\n");
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


2023-02-09 14:20:08

by Ard Biesheuvel

[permalink] [raw]
Subject: Re: [PATCH] crypto: proc - Print fips status

On Thu, 9 Feb 2023 at 02:17, Herbert Xu <[email protected]> wrote:
>
> As FIPS may disable algorithms it is useful to show their status
> in /proc/crypto.
>
> Signed-off-by: Herbert Xu <[email protected]>

Acked-by: Ard Biesheuvel <[email protected]>

>
> diff --git a/crypto/proc.c b/crypto/proc.c
> index 12fccb9c5205..56c7c78df297 100644
> --- a/crypto/proc.c
> +++ b/crypto/proc.c
> @@ -11,6 +11,7 @@
> #include <linux/atomic.h>
> #include <linux/init.h>
> #include <linux/crypto.h>
> +#include <linux/fips.h>
> #include <linux/module.h> /* for module_name() */
> #include <linux/rwsem.h>
> #include <linux/proc_fs.h>
> @@ -48,6 +49,11 @@ static int c_show(struct seq_file *m, void *p)
> seq_printf(m, "internal : %s\n",
> (alg->cra_flags & CRYPTO_ALG_INTERNAL) ?
> "yes" : "no");
> + if (fips_enabled) {
> + seq_printf(m, "fips : %s\n",
> + (alg->cra_flags & CRYPTO_ALG_FIPS_INTERNAL) ?
> + "no" : "yes");
> + }
>
> if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
> seq_printf(m, "type : larval\n");
> --
> Email: Herbert Xu <[email protected]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt