If module signing fails when the kernel is running with FIPS enabled then the
kernel should panic lest the crypto layer be compromised. Possibly a panic
shouldn't happen on cases like ENOMEM.
Reported-by: Stephan Mueller <stephan.muel...@atsec.com>
Signed-off-by: David Howells <dhowe...@redhat.com>
---
kernel/module-verify.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/module-verify.c b/kernel/module-verify.c
index 6684e24..070d730 100644
--- a/kernel/module-verify.c
+++ b/kernel/module-verify.c
@@ -19,6 +19,7 @@
#include <linux/sched.h>
#include <linux/modsign.h>
#include <linux/moduleparam.h>
+#include <linux/fips.h>
#include <keys/crypto-type.h>
#include "module-verify.h"
@@ -97,6 +98,10 @@ int module_verify(const void *data, size_t size, bool
*_gpgsig_ok)
pr_devel("module_verify_signature() = %d\n", ret);
+ if (ret < 0 && fips_enabled)
+ panic("Module verification failed with error %d in FIPS
mode\n",
+ ret);
+
switch (ret) {
case 0: /* Good signature */
*_gpgsig_ok = true;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
