mirror of
https://github.com/torvalds/linux.git
synced 2025-12-07 20:06:24 +00:00
33eea63ff9
Replace simple_strtol() with the recommended kstrtoint() for parsing the 'fips=' boot parameter. Unlike simple_strtol(), which returns a long, kstrtoint() converts the string directly to an integer and avoids implicit casting. Check the return value of kstrtoint() and reject invalid values. This adds error handling while preserving existing behavior for valid values, and removes use of the deprecated simple_strtol() helper. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
103 lines
2.1 KiB
C
103 lines
2.1 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* FIPS 200 support.
|
|
*
|
|
* Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
|
|
*/
|
|
|
|
#include <linux/export.h>
|
|
#include <linux/fips.h>
|
|
#include <linux/init.h>
|
|
#include <linux/module.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/sysctl.h>
|
|
#include <linux/notifier.h>
|
|
#include <linux/string_choices.h>
|
|
#include <generated/utsrelease.h>
|
|
|
|
int fips_enabled;
|
|
EXPORT_SYMBOL_GPL(fips_enabled);
|
|
|
|
ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
|
|
EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
|
|
|
|
/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
|
|
static int fips_enable(char *str)
|
|
{
|
|
if (kstrtoint(str, 0, &fips_enabled))
|
|
return 0;
|
|
|
|
fips_enabled = !!fips_enabled;
|
|
pr_info("fips mode: %s\n", str_enabled_disabled(fips_enabled));
|
|
return 1;
|
|
}
|
|
|
|
__setup("fips=", fips_enable);
|
|
|
|
#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
|
|
#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
|
|
#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
|
|
#else
|
|
#define FIPS_MODULE_VERSION UTS_RELEASE
|
|
#endif
|
|
|
|
static char fips_name[] = FIPS_MODULE_NAME;
|
|
static char fips_version[] = FIPS_MODULE_VERSION;
|
|
|
|
static const struct ctl_table crypto_sysctl_table[] = {
|
|
{
|
|
.procname = "fips_enabled",
|
|
.data = &fips_enabled,
|
|
.maxlen = sizeof(int),
|
|
.mode = 0444,
|
|
.proc_handler = proc_dointvec
|
|
},
|
|
{
|
|
.procname = "fips_name",
|
|
.data = &fips_name,
|
|
.maxlen = 64,
|
|
.mode = 0444,
|
|
.proc_handler = proc_dostring
|
|
},
|
|
{
|
|
.procname = "fips_version",
|
|
.data = &fips_version,
|
|
.maxlen = 64,
|
|
.mode = 0444,
|
|
.proc_handler = proc_dostring
|
|
},
|
|
};
|
|
|
|
static struct ctl_table_header *crypto_sysctls;
|
|
|
|
static void crypto_proc_fips_init(void)
|
|
{
|
|
crypto_sysctls = register_sysctl("crypto", crypto_sysctl_table);
|
|
}
|
|
|
|
static void crypto_proc_fips_exit(void)
|
|
{
|
|
unregister_sysctl_table(crypto_sysctls);
|
|
}
|
|
|
|
void fips_fail_notify(void)
|
|
{
|
|
if (fips_enabled)
|
|
atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL);
|
|
}
|
|
EXPORT_SYMBOL_GPL(fips_fail_notify);
|
|
|
|
static int __init fips_init(void)
|
|
{
|
|
crypto_proc_fips_init();
|
|
return 0;
|
|
}
|
|
|
|
static void __exit fips_exit(void)
|
|
{
|
|
crypto_proc_fips_exit();
|
|
}
|
|
|
|
module_init(fips_init);
|
|
module_exit(fips_exit);
|