23 Apr, 2015
2 commits
-
There is currently a large ifdef FIPS code section in proc.c.
Ostensibly it's there because the fips_enabled sysctl sits under
/proc/sys/crypto. However, no other crypto sysctls exist.In fact, the whole ethos of the crypto API is against such user
interfaces so this patch moves all the FIPS sysctl code over to
fips.c.Signed-off-by: Herbert Xu
-
The header file internal.h is only meant for internal crypto API
implementors such as rng.c. So fips has no business in including
it.This patch removes that inclusions and instead adds inclusions of
the actual features used by fips.Signed-off-by: Herbert Xu
29 Aug, 2008
1 commit
-
Add the ability to turn FIPS-compliant mode on or off at boot
In order to be FIPS compliant, several check may need to be preformed that may
be construed as unusefull in a non-compliant mode. This patch allows us to set
a kernel flag incating that we are running in a fips-compliant mode from boot
up. It also exports that mode information to user space via a sysctl
(/proc/sys/crypto/fips_enabled).Tested successfully by me.
Signed-off-by: Neil Horman
Signed-off-by: Herbert Xu
