[PATCH 23/23] MODSIGN: Panic the kernel if FIPS is enabled uponmodule signing failure

From: David Howells
Date: Tue May 22 2012 - 19:05:30 EST


If module signing fails when the kernel is running with FIPS enabled then the
kernel should panic lest the crypto layer be compromised. Possibly a panic
shouldn't happen on cases like ENOMEM.

Reported-by: Stephan Mueller <stephan.mueller@xxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
---

kernel/module-verify.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)


diff --git a/kernel/module-verify.c b/kernel/module-verify.c
index f989fee..9baecc6 100644
--- a/kernel/module-verify.c
+++ b/kernel/module-verify.c
@@ -19,6 +19,7 @@
#include <linux/sched.h>
#include <linux/modsign.h>
#include <linux/moduleparam.h>
+#include <linux/fips.h>
#include <keys/crypto-type.h>
#include "module-verify.h"

@@ -109,6 +110,10 @@ int module_verify(const void *data, size_t size, bool *_gpgsig_ok)

pr_devel("module_verify_signature() = %d\n", ret);

+ if (ret < 0 && fips_enabled)
+ panic("Module verification failed with error %d in FIPS mode\n",
+ ret);
+
switch (ret) {
case 0: /* Good signature */
*_gpgsig_ok = true;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/