1*12929SMisaki.Miyashita@Oracle.COM /*
2*12929SMisaki.Miyashita@Oracle.COM * CDDL HEADER START
3*12929SMisaki.Miyashita@Oracle.COM *
4*12929SMisaki.Miyashita@Oracle.COM * The contents of this file are subject to the terms of the
5*12929SMisaki.Miyashita@Oracle.COM * Common Development and Distribution License (the "License").
6*12929SMisaki.Miyashita@Oracle.COM * You may not use this file except in compliance with the License.
7*12929SMisaki.Miyashita@Oracle.COM *
8*12929SMisaki.Miyashita@Oracle.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*12929SMisaki.Miyashita@Oracle.COM * or http://www.opensolaris.org/os/licensing.
10*12929SMisaki.Miyashita@Oracle.COM * See the License for the specific language governing permissions
11*12929SMisaki.Miyashita@Oracle.COM * and limitations under the License.
12*12929SMisaki.Miyashita@Oracle.COM *
13*12929SMisaki.Miyashita@Oracle.COM * When distributing Covered Code, include this CDDL HEADER in each
14*12929SMisaki.Miyashita@Oracle.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*12929SMisaki.Miyashita@Oracle.COM * If applicable, add the following below this CDDL HEADER, with the
16*12929SMisaki.Miyashita@Oracle.COM * fields enclosed by brackets "[]" replaced with your own identifying
17*12929SMisaki.Miyashita@Oracle.COM * information: Portions Copyright [yyyy] [name of copyright owner]
18*12929SMisaki.Miyashita@Oracle.COM *
19*12929SMisaki.Miyashita@Oracle.COM * CDDL HEADER END
20*12929SMisaki.Miyashita@Oracle.COM */
21*12929SMisaki.Miyashita@Oracle.COM /*
22*12929SMisaki.Miyashita@Oracle.COM * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
23*12929SMisaki.Miyashita@Oracle.COM */
24*12929SMisaki.Miyashita@Oracle.COM
25*12929SMisaki.Miyashita@Oracle.COM #include <fcntl.h>
26*12929SMisaki.Miyashita@Oracle.COM #include <stdio.h>
27*12929SMisaki.Miyashita@Oracle.COM #include <stdlib.h>
28*12929SMisaki.Miyashita@Oracle.COM #include <strings.h>
29*12929SMisaki.Miyashita@Oracle.COM #include <unistd.h>
30*12929SMisaki.Miyashita@Oracle.COM #include <locale.h>
31*12929SMisaki.Miyashita@Oracle.COM #include <libgen.h>
32*12929SMisaki.Miyashita@Oracle.COM #include <sys/types.h>
33*12929SMisaki.Miyashita@Oracle.COM #include <sys/stat.h>
34*12929SMisaki.Miyashita@Oracle.COM #include <zone.h>
35*12929SMisaki.Miyashita@Oracle.COM #include <sys/crypto/ioctladmin.h>
36*12929SMisaki.Miyashita@Oracle.COM #include "cryptoadm.h"
37*12929SMisaki.Miyashita@Oracle.COM
38*12929SMisaki.Miyashita@Oracle.COM #define HW_CONF_DIR "/platform/sun4v/kernel/drv"
39*12929SMisaki.Miyashita@Oracle.COM
40*12929SMisaki.Miyashita@Oracle.COM
41*12929SMisaki.Miyashita@Oracle.COM /* Get FIPS-140 status from .conf */
42*12929SMisaki.Miyashita@Oracle.COM int
fips_hw_status(char * filename,char * property,int * hw_fips_mode)43*12929SMisaki.Miyashita@Oracle.COM fips_hw_status(char *filename, char *property, int *hw_fips_mode)
44*12929SMisaki.Miyashita@Oracle.COM {
45*12929SMisaki.Miyashita@Oracle.COM FILE *pfile;
46*12929SMisaki.Miyashita@Oracle.COM char buffer[BUFSIZ];
47*12929SMisaki.Miyashita@Oracle.COM char *str = NULL;
48*12929SMisaki.Miyashita@Oracle.COM char *cursor = NULL;
49*12929SMisaki.Miyashita@Oracle.COM
50*12929SMisaki.Miyashita@Oracle.COM /* Open the .conf file */
51*12929SMisaki.Miyashita@Oracle.COM if ((pfile = fopen(filename, "r")) == NULL) {
52*12929SMisaki.Miyashita@Oracle.COM cryptodebug("failed to open %s for write.", filename);
53*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
54*12929SMisaki.Miyashita@Oracle.COM }
55*12929SMisaki.Miyashita@Oracle.COM
56*12929SMisaki.Miyashita@Oracle.COM while (fgets(buffer, BUFSIZ, pfile) != NULL) {
57*12929SMisaki.Miyashita@Oracle.COM if (buffer[0] == '#') {
58*12929SMisaki.Miyashita@Oracle.COM /* skip comments */
59*12929SMisaki.Miyashita@Oracle.COM continue;
60*12929SMisaki.Miyashita@Oracle.COM }
61*12929SMisaki.Miyashita@Oracle.COM
62*12929SMisaki.Miyashita@Oracle.COM /* find the property string */
63*12929SMisaki.Miyashita@Oracle.COM if ((str = strstr(buffer, property)) == NULL) {
64*12929SMisaki.Miyashita@Oracle.COM /* didn't find the property string in this line */
65*12929SMisaki.Miyashita@Oracle.COM continue;
66*12929SMisaki.Miyashita@Oracle.COM }
67*12929SMisaki.Miyashita@Oracle.COM
68*12929SMisaki.Miyashita@Oracle.COM cursor = strtok(str, "= ;");
69*12929SMisaki.Miyashita@Oracle.COM cursor = strtok(NULL, "= ;");
70*12929SMisaki.Miyashita@Oracle.COM if (cursor == NULL) {
71*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR, gettext(
72*12929SMisaki.Miyashita@Oracle.COM "Invalid config file contents: %s."), filename);
73*12929SMisaki.Miyashita@Oracle.COM (void) fclose(pfile);
74*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
75*12929SMisaki.Miyashita@Oracle.COM }
76*12929SMisaki.Miyashita@Oracle.COM *hw_fips_mode = atoi(cursor);
77*12929SMisaki.Miyashita@Oracle.COM (void) fclose(pfile);
78*12929SMisaki.Miyashita@Oracle.COM return (SUCCESS);
79*12929SMisaki.Miyashita@Oracle.COM }
80*12929SMisaki.Miyashita@Oracle.COM
81*12929SMisaki.Miyashita@Oracle.COM /*
82*12929SMisaki.Miyashita@Oracle.COM * If the fips property is not found in the config file,
83*12929SMisaki.Miyashita@Oracle.COM * FIPS mode is false by default.
84*12929SMisaki.Miyashita@Oracle.COM */
85*12929SMisaki.Miyashita@Oracle.COM *hw_fips_mode = CRYPTO_FIPS_MODE_DISABLED;
86*12929SMisaki.Miyashita@Oracle.COM (void) fclose(pfile);
87*12929SMisaki.Miyashita@Oracle.COM
88*12929SMisaki.Miyashita@Oracle.COM return (SUCCESS);
89*12929SMisaki.Miyashita@Oracle.COM }
90*12929SMisaki.Miyashita@Oracle.COM
91*12929SMisaki.Miyashita@Oracle.COM /*
92*12929SMisaki.Miyashita@Oracle.COM * Update the HW .conf file with the updated entry.
93*12929SMisaki.Miyashita@Oracle.COM */
94*12929SMisaki.Miyashita@Oracle.COM int
fips_update_hw_conf(char * filename,char * property,int action)95*12929SMisaki.Miyashita@Oracle.COM fips_update_hw_conf(char *filename, char *property, int action)
96*12929SMisaki.Miyashita@Oracle.COM {
97*12929SMisaki.Miyashita@Oracle.COM FILE *pfile;
98*12929SMisaki.Miyashita@Oracle.COM FILE *pfile_tmp;
99*12929SMisaki.Miyashita@Oracle.COM char buffer[BUFSIZ];
100*12929SMisaki.Miyashita@Oracle.COM char buffer2[BUFSIZ];
101*12929SMisaki.Miyashita@Oracle.COM char *tmpfile_name = NULL;
102*12929SMisaki.Miyashita@Oracle.COM char *str = NULL;
103*12929SMisaki.Miyashita@Oracle.COM char *cursor = NULL;
104*12929SMisaki.Miyashita@Oracle.COM int rc = SUCCESS;
105*12929SMisaki.Miyashita@Oracle.COM boolean_t found = B_FALSE;
106*12929SMisaki.Miyashita@Oracle.COM
107*12929SMisaki.Miyashita@Oracle.COM /* Open the .conf file */
108*12929SMisaki.Miyashita@Oracle.COM if ((pfile = fopen(filename, "r+")) == NULL) {
109*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR,
110*12929SMisaki.Miyashita@Oracle.COM gettext("failed to update the configuration - %s"),
111*12929SMisaki.Miyashita@Oracle.COM strerror(errno));
112*12929SMisaki.Miyashita@Oracle.COM cryptodebug("failed to open %s for write.", filename);
113*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
114*12929SMisaki.Miyashita@Oracle.COM }
115*12929SMisaki.Miyashita@Oracle.COM
116*12929SMisaki.Miyashita@Oracle.COM /* Lock the .conf file */
117*12929SMisaki.Miyashita@Oracle.COM if (lockf(fileno(pfile), F_TLOCK, 0) == -1) {
118*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR,
119*12929SMisaki.Miyashita@Oracle.COM gettext("failed to update the configuration - %s"),
120*12929SMisaki.Miyashita@Oracle.COM strerror(errno));
121*12929SMisaki.Miyashita@Oracle.COM cryptodebug(gettext("failed to lock %s"), filename);
122*12929SMisaki.Miyashita@Oracle.COM (void) fclose(pfile);
123*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
124*12929SMisaki.Miyashita@Oracle.COM }
125*12929SMisaki.Miyashita@Oracle.COM
126*12929SMisaki.Miyashita@Oracle.COM /*
127*12929SMisaki.Miyashita@Oracle.COM * Create a temporary file to save updated configuration file first.
128*12929SMisaki.Miyashita@Oracle.COM */
129*12929SMisaki.Miyashita@Oracle.COM tmpfile_name = tempnam(HW_CONF_DIR, NULL);
130*12929SMisaki.Miyashita@Oracle.COM if ((pfile_tmp = fopen(tmpfile_name, "w")) == NULL) {
131*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR, gettext("failed to open %s - %s"),
132*12929SMisaki.Miyashita@Oracle.COM tmpfile_name, strerror(errno));
133*12929SMisaki.Miyashita@Oracle.COM free(tmpfile_name);
134*12929SMisaki.Miyashita@Oracle.COM (void) fclose(pfile);
135*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
136*12929SMisaki.Miyashita@Oracle.COM }
137*12929SMisaki.Miyashita@Oracle.COM
138*12929SMisaki.Miyashita@Oracle.COM
139*12929SMisaki.Miyashita@Oracle.COM /*
140*12929SMisaki.Miyashita@Oracle.COM * Loop thru entire .conf file, update the entry to be
141*12929SMisaki.Miyashita@Oracle.COM * updated and save the updated file to the temporary file first.
142*12929SMisaki.Miyashita@Oracle.COM */
143*12929SMisaki.Miyashita@Oracle.COM while (fgets(buffer, BUFSIZ, pfile) != NULL) {
144*12929SMisaki.Miyashita@Oracle.COM if (buffer[0] == '#') {
145*12929SMisaki.Miyashita@Oracle.COM /* comments: write to the file without modification */
146*12929SMisaki.Miyashita@Oracle.COM goto write_to_tmp;
147*12929SMisaki.Miyashita@Oracle.COM }
148*12929SMisaki.Miyashita@Oracle.COM
149*12929SMisaki.Miyashita@Oracle.COM (void) strlcpy(buffer2, buffer, BUFSIZ);
150*12929SMisaki.Miyashita@Oracle.COM
151*12929SMisaki.Miyashita@Oracle.COM /* find the property string */
152*12929SMisaki.Miyashita@Oracle.COM if ((str = strstr(buffer2, property)) == NULL) {
153*12929SMisaki.Miyashita@Oracle.COM /*
154*12929SMisaki.Miyashita@Oracle.COM * Didn't find the property string in this line.
155*12929SMisaki.Miyashita@Oracle.COM * Write to the file without modification.
156*12929SMisaki.Miyashita@Oracle.COM */
157*12929SMisaki.Miyashita@Oracle.COM goto write_to_tmp;
158*12929SMisaki.Miyashita@Oracle.COM }
159*12929SMisaki.Miyashita@Oracle.COM
160*12929SMisaki.Miyashita@Oracle.COM found = B_TRUE;
161*12929SMisaki.Miyashita@Oracle.COM
162*12929SMisaki.Miyashita@Oracle.COM cursor = strtok(str, "= ;");
163*12929SMisaki.Miyashita@Oracle.COM cursor = strtok(NULL, "= ;");
164*12929SMisaki.Miyashita@Oracle.COM if (cursor == NULL) {
165*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR, gettext(
166*12929SMisaki.Miyashita@Oracle.COM "Invalid config file contents %s: %s."),
167*12929SMisaki.Miyashita@Oracle.COM filename, strerror(errno));
168*12929SMisaki.Miyashita@Oracle.COM goto errorexit;
169*12929SMisaki.Miyashita@Oracle.COM }
170*12929SMisaki.Miyashita@Oracle.COM
171*12929SMisaki.Miyashita@Oracle.COM cursor = buffer + (cursor - buffer2);
172*12929SMisaki.Miyashita@Oracle.COM *cursor = (action == FIPS140_ENABLE) ? '1' : '0';
173*12929SMisaki.Miyashita@Oracle.COM
174*12929SMisaki.Miyashita@Oracle.COM write_to_tmp:
175*12929SMisaki.Miyashita@Oracle.COM
176*12929SMisaki.Miyashita@Oracle.COM if (fputs(buffer, pfile_tmp) == EOF) {
177*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR, gettext(
178*12929SMisaki.Miyashita@Oracle.COM "failed to write to a temp file: %s."),
179*12929SMisaki.Miyashita@Oracle.COM strerror(errno));
180*12929SMisaki.Miyashita@Oracle.COM goto errorexit;
181*12929SMisaki.Miyashita@Oracle.COM }
182*12929SMisaki.Miyashita@Oracle.COM }
183*12929SMisaki.Miyashita@Oracle.COM
184*12929SMisaki.Miyashita@Oracle.COM /* if the fips mode property is not specified, FALSE by default */
185*12929SMisaki.Miyashita@Oracle.COM if (found == B_FALSE) {
186*12929SMisaki.Miyashita@Oracle.COM (void) snprintf(buffer, BUFSIZ, "%s=%c;\n",
187*12929SMisaki.Miyashita@Oracle.COM property, (action == FIPS140_ENABLE) ? '1' : '0');
188*12929SMisaki.Miyashita@Oracle.COM if (fputs(buffer, pfile_tmp) == EOF) {
189*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR, gettext(
190*12929SMisaki.Miyashita@Oracle.COM "failed to write to a tmp file: %s."),
191*12929SMisaki.Miyashita@Oracle.COM strerror(errno));
192*12929SMisaki.Miyashita@Oracle.COM goto errorexit;
193*12929SMisaki.Miyashita@Oracle.COM }
194*12929SMisaki.Miyashita@Oracle.COM }
195*12929SMisaki.Miyashita@Oracle.COM
196*12929SMisaki.Miyashita@Oracle.COM (void) fclose(pfile);
197*12929SMisaki.Miyashita@Oracle.COM if (fclose(pfile_tmp) != 0) {
198*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR,
199*12929SMisaki.Miyashita@Oracle.COM gettext("failed to close %s: %s"), tmpfile_name,
200*12929SMisaki.Miyashita@Oracle.COM strerror(errno));
201*12929SMisaki.Miyashita@Oracle.COM free(tmpfile_name);
202*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
203*12929SMisaki.Miyashita@Oracle.COM }
204*12929SMisaki.Miyashita@Oracle.COM
205*12929SMisaki.Miyashita@Oracle.COM /* Copy the temporary file to the .conf file */
206*12929SMisaki.Miyashita@Oracle.COM if (rename(tmpfile_name, filename) == -1) {
207*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR,
208*12929SMisaki.Miyashita@Oracle.COM gettext("failed to update the configuration - %s"),
209*12929SMisaki.Miyashita@Oracle.COM strerror(errno));
210*12929SMisaki.Miyashita@Oracle.COM cryptodebug("failed to rename %s to %s: %s", tmpfile_name,
211*12929SMisaki.Miyashita@Oracle.COM filename, strerror(errno));
212*12929SMisaki.Miyashita@Oracle.COM rc = FAILURE;
213*12929SMisaki.Miyashita@Oracle.COM } else if (chmod(filename,
214*12929SMisaki.Miyashita@Oracle.COM S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
215*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR,
216*12929SMisaki.Miyashita@Oracle.COM gettext("failed to update the configuration - %s"),
217*12929SMisaki.Miyashita@Oracle.COM strerror(errno));
218*12929SMisaki.Miyashita@Oracle.COM cryptodebug("failed to chmod to %s: %s", filename,
219*12929SMisaki.Miyashita@Oracle.COM strerror(errno));
220*12929SMisaki.Miyashita@Oracle.COM rc = FAILURE;
221*12929SMisaki.Miyashita@Oracle.COM } else {
222*12929SMisaki.Miyashita@Oracle.COM rc = SUCCESS;
223*12929SMisaki.Miyashita@Oracle.COM }
224*12929SMisaki.Miyashita@Oracle.COM
225*12929SMisaki.Miyashita@Oracle.COM if ((rc == FAILURE) && (unlink(tmpfile_name) != 0)) {
226*12929SMisaki.Miyashita@Oracle.COM cryptoerror(LOG_STDERR, gettext(
227*12929SMisaki.Miyashita@Oracle.COM "(Warning) failed to remove %s: %s"),
228*12929SMisaki.Miyashita@Oracle.COM tmpfile_name, strerror(errno));
229*12929SMisaki.Miyashita@Oracle.COM }
230*12929SMisaki.Miyashita@Oracle.COM
231*12929SMisaki.Miyashita@Oracle.COM free(tmpfile_name);
232*12929SMisaki.Miyashita@Oracle.COM return (rc);
233*12929SMisaki.Miyashita@Oracle.COM
234*12929SMisaki.Miyashita@Oracle.COM errorexit:
235*12929SMisaki.Miyashita@Oracle.COM (void) fclose(pfile);
236*12929SMisaki.Miyashita@Oracle.COM (void) fclose(pfile_tmp);
237*12929SMisaki.Miyashita@Oracle.COM free(tmpfile_name);
238*12929SMisaki.Miyashita@Oracle.COM
239*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
240*12929SMisaki.Miyashita@Oracle.COM }
241*12929SMisaki.Miyashita@Oracle.COM
242*12929SMisaki.Miyashita@Oracle.COM
243*12929SMisaki.Miyashita@Oracle.COM /*
244*12929SMisaki.Miyashita@Oracle.COM * Perform the FIPS related actions
245*12929SMisaki.Miyashita@Oracle.COM */
246*12929SMisaki.Miyashita@Oracle.COM int
do_fips_hw_actions(int action,int provider)247*12929SMisaki.Miyashita@Oracle.COM do_fips_hw_actions(int action, int provider)
248*12929SMisaki.Miyashita@Oracle.COM {
249*12929SMisaki.Miyashita@Oracle.COM int rc = SUCCESS;
250*12929SMisaki.Miyashita@Oracle.COM int fips_mode = 0;
251*12929SMisaki.Miyashita@Oracle.COM char *filename;
252*12929SMisaki.Miyashita@Oracle.COM char *propname;
253*12929SMisaki.Miyashita@Oracle.COM char *provname;
254*12929SMisaki.Miyashita@Oracle.COM
255*12929SMisaki.Miyashita@Oracle.COM switch (provider) {
256*12929SMisaki.Miyashita@Oracle.COM case HW_PROVIDER_NCP:
257*12929SMisaki.Miyashita@Oracle.COM filename = "/platform/sun4v/kernel/drv/ncp.conf";
258*12929SMisaki.Miyashita@Oracle.COM propname = "ncp-fips-140";
259*12929SMisaki.Miyashita@Oracle.COM provname = "ncp";
260*12929SMisaki.Miyashita@Oracle.COM break;
261*12929SMisaki.Miyashita@Oracle.COM case HW_PROVIDER_N2CP:
262*12929SMisaki.Miyashita@Oracle.COM filename = "/platform/sun4v/kernel/drv/n2cp.conf";
263*12929SMisaki.Miyashita@Oracle.COM propname = "n2cp-fips-140";
264*12929SMisaki.Miyashita@Oracle.COM provname = "n2cp";
265*12929SMisaki.Miyashita@Oracle.COM break;
266*12929SMisaki.Miyashita@Oracle.COM case HW_PROVIDER_N2RNG:
267*12929SMisaki.Miyashita@Oracle.COM filename = "/platform/sun4v/kernel/drv/n2rng.conf";
268*12929SMisaki.Miyashita@Oracle.COM propname = "n2rng-fips-140";
269*12929SMisaki.Miyashita@Oracle.COM provname = "n2rng";
270*12929SMisaki.Miyashita@Oracle.COM break;
271*12929SMisaki.Miyashita@Oracle.COM default:
272*12929SMisaki.Miyashita@Oracle.COM (void) printf(gettext("Internal Error: Invalid HW "
273*12929SMisaki.Miyashita@Oracle.COM "provider [%d] specified.\n"));
274*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
275*12929SMisaki.Miyashita@Oracle.COM }
276*12929SMisaki.Miyashita@Oracle.COM
277*12929SMisaki.Miyashita@Oracle.COM /* Get FIPS-140 status from .conf */
278*12929SMisaki.Miyashita@Oracle.COM if (fips_hw_status(filename, propname, &fips_mode) != SUCCESS) {
279*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
280*12929SMisaki.Miyashita@Oracle.COM }
281*12929SMisaki.Miyashita@Oracle.COM
282*12929SMisaki.Miyashita@Oracle.COM if (action == FIPS140_STATUS) {
283*12929SMisaki.Miyashita@Oracle.COM if (fips_mode == CRYPTO_FIPS_MODE_ENABLED)
284*12929SMisaki.Miyashita@Oracle.COM (void) printf(gettext(
285*12929SMisaki.Miyashita@Oracle.COM "%s: FIPS-140 mode is enabled.\n"), provname);
286*12929SMisaki.Miyashita@Oracle.COM else
287*12929SMisaki.Miyashita@Oracle.COM (void) printf(gettext(
288*12929SMisaki.Miyashita@Oracle.COM "%s: FIPS-140 mode is disabled.\n"), provname);
289*12929SMisaki.Miyashita@Oracle.COM return (SUCCESS);
290*12929SMisaki.Miyashita@Oracle.COM }
291*12929SMisaki.Miyashita@Oracle.COM
292*12929SMisaki.Miyashita@Oracle.COM /* Is it a duplicate operation? */
293*12929SMisaki.Miyashita@Oracle.COM if ((action == FIPS140_ENABLE) &&
294*12929SMisaki.Miyashita@Oracle.COM (fips_mode == CRYPTO_FIPS_MODE_ENABLED)) {
295*12929SMisaki.Miyashita@Oracle.COM (void) printf(
296*12929SMisaki.Miyashita@Oracle.COM gettext("%s: FIPS-140 mode has already been enabled.\n"),
297*12929SMisaki.Miyashita@Oracle.COM provname);
298*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
299*12929SMisaki.Miyashita@Oracle.COM }
300*12929SMisaki.Miyashita@Oracle.COM
301*12929SMisaki.Miyashita@Oracle.COM if ((action == FIPS140_DISABLE) &&
302*12929SMisaki.Miyashita@Oracle.COM (fips_mode == CRYPTO_FIPS_MODE_DISABLED)) {
303*12929SMisaki.Miyashita@Oracle.COM (void) printf(
304*12929SMisaki.Miyashita@Oracle.COM gettext("%s: FIPS-140 mode has already been disabled.\n"),
305*12929SMisaki.Miyashita@Oracle.COM provname);
306*12929SMisaki.Miyashita@Oracle.COM return (FAILURE);
307*12929SMisaki.Miyashita@Oracle.COM }
308*12929SMisaki.Miyashita@Oracle.COM
309*12929SMisaki.Miyashita@Oracle.COM if ((action == FIPS140_ENABLE) || (action == FIPS140_DISABLE)) {
310*12929SMisaki.Miyashita@Oracle.COM /* Update .conf */
311*12929SMisaki.Miyashita@Oracle.COM if ((rc = fips_update_hw_conf(filename, propname, action))
312*12929SMisaki.Miyashita@Oracle.COM != SUCCESS)
313*12929SMisaki.Miyashita@Oracle.COM return (rc);
314*12929SMisaki.Miyashita@Oracle.COM }
315*12929SMisaki.Miyashita@Oracle.COM
316*12929SMisaki.Miyashita@Oracle.COM /* No need to inform kernel */
317*12929SMisaki.Miyashita@Oracle.COM if (action == FIPS140_ENABLE) {
318*12929SMisaki.Miyashita@Oracle.COM (void) printf(gettext(
319*12929SMisaki.Miyashita@Oracle.COM "%s: FIPS-140 mode was enabled successfully.\n"),
320*12929SMisaki.Miyashita@Oracle.COM provname);
321*12929SMisaki.Miyashita@Oracle.COM } else {
322*12929SMisaki.Miyashita@Oracle.COM (void) printf(gettext(
323*12929SMisaki.Miyashita@Oracle.COM "%s: FIPS-140 mode was disabled successfully.\n"),
324*12929SMisaki.Miyashita@Oracle.COM provname);
325*12929SMisaki.Miyashita@Oracle.COM }
326*12929SMisaki.Miyashita@Oracle.COM
327*12929SMisaki.Miyashita@Oracle.COM return (SUCCESS);
328*12929SMisaki.Miyashita@Oracle.COM }
329