(root)/
glibc-2.38/
sysdeps/
unix/
sysv/
linux/
fips-private.h
       1  /* FIPS compliance status test for GNU/Linux systems.
       2     Copyright (C) 2012-2023 Free Software Foundation, Inc.
       3     This file is part of the GNU C Library.
       4  
       5     The GNU C Library is free software; you can redistribute it and/or
       6     modify it under the terms of the GNU Lesser General Public
       7     License as published by the Free Software Foundation; either
       8     version 2.1 of the License, or (at your option) any later version.
       9  
      10     The GNU C Library is distributed in the hope that it will be useful,
      11     but WITHOUT ANY WARRANTY; without even the implied warranty of
      12     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      13     Lesser General Public License for more details.
      14  
      15     You should have received a copy of the GNU Lesser General Public
      16     License along with the GNU C Library; if not, see
      17     <https://www.gnu.org/licenses/>.  */
      18  
      19  #ifndef _FIPS_PRIVATE_H
      20  #define _FIPS_PRIVATE_H
      21  
      22  #include <errno.h>
      23  #include <fcntl.h>
      24  #include <stdlib.h>
      25  #include <unistd.h>
      26  #include <not-cancel.h>
      27  #include <stdbool.h>
      28  
      29  /* Return true if FIPS mode is enabled.  See
      30     sysdeps/generic/fips-private.h for more information.  */
      31  
      32  static bool
      33  fips_enabled_p (void)
      34  {
      35    static enum
      36    {
      37      FIPS_UNTESTED = 0,
      38      FIPS_ENABLED = 1,
      39      FIPS_DISABLED = -1,
      40      FIPS_TEST_FAILED = -2
      41    } checked;
      42  
      43    if (checked == FIPS_UNTESTED)
      44      {
      45        int fd = __open_nocancel ("/proc/sys/crypto/fips_enabled", O_RDONLY);
      46  
      47        if (fd != -1)
      48  	{
      49  	  /* This is more than enough, the file contains a single integer.  */
      50  	  char buf[32];
      51  	  ssize_t n;
      52  	  n = TEMP_FAILURE_RETRY (__read_nocancel (fd, buf, sizeof (buf) - 1));
      53  	  __close_nocancel_nostatus (fd);
      54  
      55  	  if (n > 0)
      56  	    {
      57  	      /* Terminate the string.  */
      58  	      buf[n] = '\0';
      59  
      60  	      char *endp;
      61  	      long int res = strtol (buf, &endp, 10);
      62  	      if (endp != buf && (*endp == '\0' || *endp == '\n'))
      63  		checked = (res > 0) ? FIPS_ENABLED : FIPS_DISABLED;
      64  	    }
      65  	}
      66  
      67        if (checked == FIPS_UNTESTED)
      68  	checked = FIPS_TEST_FAILED;
      69      }
      70  
      71    return checked == FIPS_ENABLED;
      72  }
      73  
      74  #endif /* _FIPS_PRIVATE_H */