Add fips_mode check for kernel.

Akso add a separate function so we can detect that kernel and crypto
lib is in different FIPS state (only for testing).

lib/crypto_backend/cipher_generic.c

@@ -8,6 +8,8 @@
 
 #include <errno.h>
 #include <strings.h>
+#include <unistd.h>
+#include <fcntl.h>
 #include "crypto_backend.h"
 
 struct cipher_alg {
@@ -77,3 +79,21 @@ int crypt_cipher_wrapped_key(const char *name, const char *mode)
 
 	return ca ? (int)ca->wrapped_key : 0;
 }
+
+bool crypt_fips_mode_kernel(void)
+{
+	int fd;
+	char buf = 0;
+
+	fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
+
+	if (fd < 0)
+		return false;
+
+	if (read(fd, &buf, 1) != 1)
+		buf = '0';
+
+	close(fd);
+
+	return (buf == '1');
+}

lib/crypto_backend/crypto_backend.h

@@ -148,6 +148,9 @@ int crypt_backend_memeq(const void *m1, const void *m2, size_t n);
 /* crypto backend running in FIPS mode */
 bool crypt_fips_mode(void);
 
+/* kernel running in FIPS mode */
+bool crypt_fips_mode_kernel(void);
+
 # ifdef __cplusplus
 }
 # endif

lib/crypto_backend/crypto_kernel.c

@@ -408,5 +408,5 @@ int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
 
 bool crypt_fips_mode(void)
 {
-	return false;
+	return crypt_fips_mode_kernel();
 }