[PATCH] crypto: fips - make proc files report fips module name and version

[PATCH] crypto: fips - make proc files report fips module name and version

[Vladis Dronov]

FIPS 140-3 introduced a requirement for the FIPS module to return
information about itself, specifically a name and a version. These
values must match the values reported on FIPS certificates.

This patch adds two files to read a name and a version from:

/proc/sys/crypto/fips_name
/proc/sys/crypto/fips_version

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/Kconfig       | 21 +++++++++++++++++++++
 crypto/fips.c        | 27 ++++++++++++++++++++++-----
 include/linux/fips.h |  9 +++++++++
 3 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 1d44893a997b..082ff03d9f6c 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -33,6 +33,27 @@ config CRYPTO_FIPS
 	  certification.  You should say no unless you know what
 	  this is.
 
+config CRYPTO_FIPS_NAME
+	string "FIPS Module Name"
+	default "Linux Kernel Cryptographic API"
+	depends on (CRYPTO_FIPS)
+	help
+	  This option sets the FIPS Module name reported by the Crypto API via
+	  the /proc/sys/crypto/fips_name file.
+
+config CRYPTO_FIPS_CUSTOM_VERSION
+	bool "Use Custom FIPS Module Version"
+	depends on (CRYPTO_FIPS)
+	default n
+
+config CRYPTO_FIPS_VERSION
+	string "FIPS Module Version"
+	default "(none)"
+	depends on (CRYPTO_FIPS_CUSTOM_VERSION)
+	help
+	  This option provides the ability to override the FIPS Module Version.
+	  By default the KERNELRELEASE value is used.
+
 config CRYPTO_ALGAPI
 	tristate
 	select CRYPTO_ALGAPI2
diff --git a/crypto/fips.c b/crypto/fips.c
index 7b1d8caee669..644895d23c9b 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -30,13 +30,30 @@ static int fips_enable(char *str)
 
 __setup("fips=", fips_enable);
 
+static char fips_name[] = FIPS_MODULE_NAME;
+static char fips_version[] = FIPS_MODULE_VERSION;
+
 static struct ctl_table crypto_sysctl_table[] = {
 	{
-		.procname       = "fips_enabled",
-		.data           = &fips_enabled,
-		.maxlen         = sizeof(int),
-		.mode           = 0444,
-		.proc_handler   = proc_dointvec
+		.procname	= "fips_enabled",
+		.data		= &fips_enabled,
+		.maxlen		= sizeof(int),
+		.mode		= 0444,
+		.proc_handler	= proc_dointvec
+	},
+	{
+		.procname	= "fips_name",
+		.data		= &fips_name,
+		.maxlen		= 64,
+		.mode		= 0444,
+		.proc_handler	= proc_dostring
+	},
+	{
+		.procname	= "fips_version",
+		.data		= &fips_version,
+		.maxlen		= 64,
+		.mode		= 0444,
+		.proc_handler	= proc_dostring
 	},
 	{}
 };
diff --git a/include/linux/fips.h b/include/linux/fips.h
index c6961e932fef..72d2e0e1d3ac 100644
--- a/include/linux/fips.h
+++ b/include/linux/fips.h
@@ -2,10 +2,19 @@
 #ifndef _FIPS_H
 #define _FIPS_H
 
+#include <generated/utsrelease.h>
+
 #ifdef CONFIG_CRYPTO_FIPS
 extern int fips_enabled;
 extern struct atomic_notifier_head fips_fail_notif_chain;
 
+#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
+#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
+#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
+#else
+#define FIPS_MODULE_VERSION UTS_RELEASE
+#endif
+
 void fips_fail_notify(void);
 
 #else
-- 
2.36.1

Re: [PATCH] crypto: fips - make proc files report fips module name and version

[Randy Dunlap]

Hi--

On 6/20/22 06:16, Vladis Dronov wrote:
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 1d44893a997b..082ff03d9f6c 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -33,6 +33,27 @@ config CRYPTO_FIPS
>  	  certification.  You should say no unless you know what
>  	  this is.
>  
> +config CRYPTO_FIPS_NAME
> +	string "FIPS Module Name"
> +	default "Linux Kernel Cryptographic API"
> +	depends on (CRYPTO_FIPS)

No parentheses.

> +	help
> +	  This option sets the FIPS Module name reported by the Crypto API via
> +	  the /proc/sys/crypto/fips_name file.
> +
> +config CRYPTO_FIPS_CUSTOM_VERSION
> +	bool "Use Custom FIPS Module Version"
> +	depends on (CRYPTO_FIPS)

Ditto.

> +	default n
> +
> +config CRYPTO_FIPS_VERSION
> +	string "FIPS Module Version"
> +	default "(none)"
> +	depends on (CRYPTO_FIPS_CUSTOM_VERSION)

Ditto.

> +	help
> +	  This option provides the ability to override the FIPS Module Version.
> +	  By default the KERNELRELEASE value is used.

-- 
~Randy

Re: [PATCH] crypto: fips - make proc files report fips module name and version

[Vlad Dronov]

Hi,

On Mon, Jun 20, 2022 at 11:40 PM Randy Dunlap <rdunlap@infradead.org> wrote:
>
> Hi--
>
> On 6/20/22 06:16, Vladis Dronov wrote:
> > diff --git a/crypto/Kconfig b/crypto/Kconfig
> > index 1d44893a997b..082ff03d9f6c 100644
> > --- a/crypto/Kconfig
> > +++ b/crypto/Kconfig
> > @@ -33,6 +33,27 @@ config CRYPTO_FIPS
> >         certification.  You should say no unless you know what
> >         this is.
> >
> > +config CRYPTO_FIPS_NAME
> > +     string "FIPS Module Name"
> > +     default "Linux Kernel Cryptographic API"
> > +     depends on (CRYPTO_FIPS)
>
> No parentheses.
>
> > +     help
> > +       This option sets the FIPS Module name reported by the Crypto API via
> > +       the /proc/sys/crypto/fips_name file.
> > +
> > +config CRYPTO_FIPS_CUSTOM_VERSION
> > +     bool "Use Custom FIPS Module Version"
> > +     depends on (CRYPTO_FIPS)
>
> Ditto.
>
> > +     default n
> > +
> > +config CRYPTO_FIPS_VERSION
> > +     string "FIPS Module Version"
> > +     default "(none)"
> > +     depends on (CRYPTO_FIPS_CUSTOM_VERSION)
>
> Ditto.
>
> > +     help
> > +       This option provides the ability to override the FIPS Module Version.
> > +       By default the KERNELRELEASE value is used.
>
> --
> ~Randy

Oh dang, indeed. Thanks, Randy.

Let me post v2 to this same thread to reduce separate threads.

Best regards,
Vladis Dronov | Red Hat, Inc. | The Core Kernel | Senior Software Engineer

[PATCH v2] crypto: fips - make proc files report fips module name and version

[Vladis Dronov]

FIPS 140-3 introduced a requirement for the FIPS module to return
information about itself, specifically a name and a version. These
values must match the values reported on FIPS certificates.

This patch adds two files to read a name and a version from:

/proc/sys/crypto/fips_name
/proc/sys/crypto/fips_version

v2: removed redundant parentheses in config entries.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/Kconfig       | 21 +++++++++++++++++++++
 crypto/fips.c        | 27 ++++++++++++++++++++++-----
 include/linux/fips.h |  9 +++++++++
 3 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 1d44893a997b..082ff03d9f6c 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -33,6 +33,27 @@ config CRYPTO_FIPS
 	  certification.  You should say no unless you know what
 	  this is.
 
+config CRYPTO_FIPS_NAME
+	string "FIPS Module Name"
+	default "Linux Kernel Cryptographic API"
+	depends on CRYPTO_FIPS
+	help
+	  This option sets the FIPS Module name reported by the Crypto API via
+	  the /proc/sys/crypto/fips_name file.
+
+config CRYPTO_FIPS_CUSTOM_VERSION
+	bool "Use Custom FIPS Module Version"
+	depends on CRYPTO_FIPS
+	default n
+
+config CRYPTO_FIPS_VERSION
+	string "FIPS Module Version"
+	default "(none)"
+	depends on CRYPTO_FIPS_CUSTOM_VERSION
+	help
+	  This option provides the ability to override the FIPS Module Version.
+	  By default the KERNELRELEASE value is used.
+
 config CRYPTO_ALGAPI
 	tristate
 	select CRYPTO_ALGAPI2
diff --git a/crypto/fips.c b/crypto/fips.c
index 7b1d8caee669..644895d23c9b 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -30,13 +30,30 @@ static int fips_enable(char *str)
 
 __setup("fips=", fips_enable);
 
+static char fips_name[] = FIPS_MODULE_NAME;
+static char fips_version[] = FIPS_MODULE_VERSION;
+
 static struct ctl_table crypto_sysctl_table[] = {
 	{
-		.procname       = "fips_enabled",
-		.data           = &fips_enabled,
-		.maxlen         = sizeof(int),
-		.mode           = 0444,
-		.proc_handler   = proc_dointvec
+		.procname	= "fips_enabled",
+		.data		= &fips_enabled,
+		.maxlen		= sizeof(int),
+		.mode		= 0444,
+		.proc_handler	= proc_dointvec
+	},
+	{
+		.procname	= "fips_name",
+		.data		= &fips_name,
+		.maxlen		= 64,
+		.mode		= 0444,
+		.proc_handler	= proc_dostring
+	},
+	{
+		.procname	= "fips_version",
+		.data		= &fips_version,
+		.maxlen		= 64,
+		.mode		= 0444,
+		.proc_handler	= proc_dostring
 	},
 	{}
 };
diff --git a/include/linux/fips.h b/include/linux/fips.h
index c6961e932fef..72d2e0e1d3ac 100644
--- a/include/linux/fips.h
+++ b/include/linux/fips.h
@@ -2,10 +2,19 @@
 #ifndef _FIPS_H
 #define _FIPS_H
 
+#include <generated/utsrelease.h>
+
 #ifdef CONFIG_CRYPTO_FIPS
 extern int fips_enabled;
 extern struct atomic_notifier_head fips_fail_notif_chain;
 
+#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
+#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
+#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
+#else
+#define FIPS_MODULE_VERSION UTS_RELEASE
+#endif
+
 void fips_fail_notify(void);
 
 #else
-- 
2.36.1

Re: [PATCH v2] crypto: fips - make proc files report fips module name and version

[Herbert Xu]

On Tue, Jun 21, 2022 at 05:08:32PM +0200, Vladis Dronov wrote:
>
> diff --git a/include/linux/fips.h b/include/linux/fips.h
> index c6961e932fef..72d2e0e1d3ac 100644
> --- a/include/linux/fips.h
> +++ b/include/linux/fips.h
> @@ -2,10 +2,19 @@
>  #ifndef _FIPS_H
>  #define _FIPS_H
>  
> +#include <generated/utsrelease.h>
> +
>  #ifdef CONFIG_CRYPTO_FIPS
>  extern int fips_enabled;
>  extern struct atomic_notifier_head fips_fail_notif_chain;
>  
> +#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
> +#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
> +#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
> +#else
> +#define FIPS_MODULE_VERSION UTS_RELEASE
> +#endif

Why does this need to be in fips.h? If it's only used by one file
then it should be moved to the place where it's used.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH v2] crypto: fips - make proc files report fips module name and version

[Vlad Dronov]

Hi, Herbert,

On Mon, Jun 27, 2022 at 3:19 AM Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> On Tue, Jun 21, 2022 at 05:08:32PM +0200, Vladis Dronov wrote:
> >
> >  #ifdef CONFIG_CRYPTO_FIPS
> >  extern int fips_enabled;
> >  extern struct atomic_notifier_head fips_fail_notif_chain;
> >
> > +#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
> > +#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
> > +#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
> > +#else
> > +#define FIPS_MODULE_VERSION UTS_RELEASE
> > +#endif
>
> Why does this need to be in fips.h? If it's only used by one file
> then it should be moved to the place where it's used.

Indeed, you are right, these defines are used only once, thank you. I'll move
them to fips.c. Let me post v3 to this same thread below.

Just a heads-up, a kernel with this patch builds, boots and a FIPS output is
correct.

Best regards,
Vladis Dronov | Red Hat, Inc. | The Core Kernel | Senior Software Engineer

[PATCH v3] crypto: fips - make proc files report fips module name and version

[Vladis Dronov]

FIPS 140-3 introduced a requirement for the FIPS module to return
information about itself, specifically a name and a version. These
values must match the values reported on FIPS certificates.

This patch adds two files to read a name and a version from:

/proc/sys/crypto/fips_name
/proc/sys/crypto/fips_version

v2: removed redundant parentheses in config entries.
v3: move FIPS_MODULE_* defines to fips.c where they are used.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/Kconfig | 21 +++++++++++++++++++++
 crypto/fips.c  | 34 +++++++++++++++++++++++++++++-----
 2 files changed, 50 insertions(+), 5 deletions(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 1d44893a997b..3891c331f2e7 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -33,6 +33,27 @@ config CRYPTO_FIPS
 	  certification.  You should say no unless you know what
 	  this is.
 
+config CRYPTO_FIPS_NAME
+	string "FIPS Module Name"
+	default "Linux Kernel Cryptographic API"
+	depends on CRYPTO_FIPS
+	help
+	  This option sets the FIPS Module name reported by the Crypto API via
+	  the /proc/sys/crypto/fips_name file.
+
+config CRYPTO_FIPS_CUSTOM_VERSION
+	bool "Use Custom FIPS Module Version"
+	depends on CRYPTO_FIPS
+	default n
+
+config CRYPTO_FIPS_VERSION
+	string "FIPS Module Version"
+	default "(none)"
+	depends on CRYPTO_FIPS_CUSTOM_VERSION
+	help
+	  This option provides the ability to override the FIPS Module Version.
+	  By default the KERNELRELEASE value is used.
+
 config CRYPTO_ALGAPI
 	tristate
 	select CRYPTO_ALGAPI2
diff --git a/crypto/fips.c b/crypto/fips.c
index 7b1d8caee669..d820f83cb878 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -30,13 +30,37 @@ static int fips_enable(char *str)
 
 __setup("fips=", fips_enable);
 
+#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
+#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
+#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
+#else
+#define FIPS_MODULE_VERSION UTS_RELEASE
+#endif
+
+static char fips_name[] = FIPS_MODULE_NAME;
+static char fips_version[] = FIPS_MODULE_VERSION;
+
 static struct ctl_table crypto_sysctl_table[] = {
 	{
-		.procname       = "fips_enabled",
-		.data           = &fips_enabled,
-		.maxlen         = sizeof(int),
-		.mode           = 0444,
-		.proc_handler   = proc_dointvec
+		.procname	= "fips_enabled",
+		.data		= &fips_enabled,
+		.maxlen		= sizeof(int),
+		.mode		= 0444,
+		.proc_handler	= proc_dointvec
+	},
+	{
+		.procname	= "fips_name",
+		.data		= &fips_name,
+		.maxlen		= 64,
+		.mode		= 0444,
+		.proc_handler	= proc_dostring
+	},
+	{
+		.procname	= "fips_version",
+		.data		= &fips_version,
+		.maxlen		= 64,
+		.mode		= 0444,
+		.proc_handler	= proc_dostring
 	},
 	{}
 };
-- 
2.36.1

Re: [PATCH v3] crypto: fips - make proc files report fips module name and version

[Herbert Xu]

On Mon, Jun 27, 2022 at 09:51:44PM +0200, Vladis Dronov wrote:
>
> diff --git a/crypto/fips.c b/crypto/fips.c
> index 7b1d8caee669..d820f83cb878 100644
> --- a/crypto/fips.c
> +++ b/crypto/fips.c
> @@ -30,13 +30,37 @@ static int fips_enable(char *str)
>  
>  __setup("fips=", fips_enable);
>  
> +#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
> +#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
> +#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
> +#else
> +#define FIPS_MODULE_VERSION UTS_RELEASE
> +#endif
> +
> +static char fips_name[] = FIPS_MODULE_NAME;
> +static char fips_version[] = FIPS_MODULE_VERSION;

This doesn't compile for me because you need to include
generated/utsrelease.h.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH v4] crypto: fips - make proc files report fips module name and version

[Vladis Dronov]

FIPS 140-3 introduced a requirement for the FIPS module to return
information about itself, specifically a name and a version. These
values must match the values reported on FIPS certificates.

This patch adds two files to read a name and a version from:

/proc/sys/crypto/fips_name
/proc/sys/crypto/fips_version

v2: removed redundant parentheses in config entries.
v3: move FIPS_MODULE_* defines to fips.c where they are used.
v4: return utsrelease.h inclusion

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 crypto/Kconfig | 21 +++++++++++++++++++++
 crypto/fips.c  | 35 ++++++++++++++++++++++++++++++-----
 2 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 1d44893a997b..3891c331f2e7 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -33,6 +33,27 @@ config CRYPTO_FIPS
 	  certification.  You should say no unless you know what
 	  this is.
 
+config CRYPTO_FIPS_NAME
+	string "FIPS Module Name"
+	default "Linux Kernel Cryptographic API"
+	depends on CRYPTO_FIPS
+	help
+	  This option sets the FIPS Module name reported by the Crypto API via
+	  the /proc/sys/crypto/fips_name file.
+
+config CRYPTO_FIPS_CUSTOM_VERSION
+	bool "Use Custom FIPS Module Version"
+	depends on CRYPTO_FIPS
+	default n
+
+config CRYPTO_FIPS_VERSION
+	string "FIPS Module Version"
+	default "(none)"
+	depends on CRYPTO_FIPS_CUSTOM_VERSION
+	help
+	  This option provides the ability to override the FIPS Module Version.
+	  By default the KERNELRELEASE value is used.
+
 config CRYPTO_ALGAPI
 	tristate
 	select CRYPTO_ALGAPI2
diff --git a/crypto/fips.c b/crypto/fips.c
index 7b1d8caee669..b05d3c7b3ca5 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -12,6 +12,7 @@
 #include <linux/kernel.h>
 #include <linux/sysctl.h>
 #include <linux/notifier.h>
+#include <generated/utsrelease.h>
 
 int fips_enabled;
 EXPORT_SYMBOL_GPL(fips_enabled);
@@ -30,13 +31,37 @@ static int fips_enable(char *str)
 
 __setup("fips=", fips_enable);
 
+#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
+#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
+#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
+#else
+#define FIPS_MODULE_VERSION UTS_RELEASE
+#endif
+
+static char fips_name[] = FIPS_MODULE_NAME;
+static char fips_version[] = FIPS_MODULE_VERSION;
+
 static struct ctl_table crypto_sysctl_table[] = {
 	{
-		.procname       = "fips_enabled",
-		.data           = &fips_enabled,
-		.maxlen         = sizeof(int),
-		.mode           = 0444,
-		.proc_handler   = proc_dointvec
+		.procname	= "fips_enabled",
+		.data		= &fips_enabled,
+		.maxlen		= sizeof(int),
+		.mode		= 0444,
+		.proc_handler	= proc_dointvec
+	},
+	{
+		.procname	= "fips_name",
+		.data		= &fips_name,
+		.maxlen		= 64,
+		.mode		= 0444,
+		.proc_handler	= proc_dostring
+	},
+	{
+		.procname	= "fips_version",
+		.data		= &fips_version,
+		.maxlen		= 64,
+		.mode		= 0444,
+		.proc_handler	= proc_dostring
 	},
 	{}
 };
-- 
2.36.1

Re: [PATCH v3] crypto: fips - make proc files report fips module name and version

[Vlad Dronov]

Hi, Herbert,

On Fri, Jul 8, 2022 at 10:27 AM Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> On Mon, Jun 27, 2022 at 09:51:44PM +0200, Vladis Dronov wrote:
> >
> > diff --git a/crypto/fips.c b/crypto/fips.c
> > index 7b1d8caee669..d820f83cb878 100644
> > --- a/crypto/fips.c
> > +++ b/crypto/fips.c
> > @@ -30,13 +30,37 @@ static int fips_enable(char *str)
> >
> >  __setup("fips=", fips_enable);
> >
> > +#define FIPS_MODULE_NAME CONFIG_CRYPTO_FIPS_NAME
> > +#ifdef CONFIG_CRYPTO_FIPS_CUSTOM_VERSION
> > +#define FIPS_MODULE_VERSION CONFIG_CRYPTO_FIPS_VERSION
> > +#else
> > +#define FIPS_MODULE_VERSION UTS_RELEASE
> > +#endif
> > +
> > +static char fips_name[] = FIPS_MODULE_NAME;
> > +static char fips_version[] = FIPS_MODULE_VERSION;
>
> This doesn't compile for me because you need to include
> generated/utsrelease.h.

Dang, it does not build now indeed. I'm not sure how my previous
build succeeded so I've assumed utsrelease.h is included in fips.c
via some other .h file.

I've posted v4 to this same thread below, it just adds the "#include
<generated/utsrelease.h>" line.

I'm sorry for the noise.

Best regards,
Vladis Dronov | Red Hat, Inc. | The Core Kernel | Senior Software Engineer

Re: [PATCH v4] crypto: fips - make proc files report fips module name and version

[Herbert Xu]

On Fri, Jul 08, 2022 at 02:33:13PM +0200, Vladis Dronov wrote:
> FIPS 140-3 introduced a requirement for the FIPS module to return
> information about itself, specifically a name and a version. These
> values must match the values reported on FIPS certificates.
> 
> This patch adds two files to read a name and a version from:
> 
> /proc/sys/crypto/fips_name
> /proc/sys/crypto/fips_version
> 
> v2: removed redundant parentheses in config entries.
> v3: move FIPS_MODULE_* defines to fips.c where they are used.
> v4: return utsrelease.h inclusion
> 
> Signed-off-by: Simo Sorce <simo@redhat.com>
> Signed-off-by: Vladis Dronov <vdronov@redhat.com>
> ---
>  crypto/Kconfig | 21 +++++++++++++++++++++
>  crypto/fips.c  | 35 ++++++++++++++++++++++++++++++-----
>  2 files changed, 51 insertions(+), 5 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt