From 071be3171ea52794a2c1e43302eeedccdcbbc5de Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Fri, 22 Oct 2021 16:57:21 -0500
Subject: [PATCH] linuxkm: in module_hooks.c, fix logic+gating around
 CONFIG_MODULE_SIG and WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE.

---
 linuxkm/module_hooks.c | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index 5b3f48d74..17a386f83 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -100,6 +100,10 @@ static void lkmFipsCb(int ok, int err, const char* hash)
 }
 #endif
 
+#if defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE) && !defined(CONFIG_MODULE_SIG)
+#error WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE requires a CONFIG_MODULE_SIG kernel.
+#endif
+
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
 static int __init wolfssl_init(void)
 #else
@@ -108,9 +112,15 @@ static int wolfssl_init(void)
 {
     int ret;
 
-#ifdef CONFIG_MODULE_SIG
+#if defined(CONFIG_MODULE_SIG_FORCE) || defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE)
     if (THIS_MODULE->sig_ok == false) {
-        pr_err("wolfSSL module load aborted -- bad or missing module signature with CONFIG_MODULE_SIG kernel.\n");
+        pr_err("wolfSSL module load aborted -- bad or missing module signature with "
+#ifdef CONFIG_MODULE_SIG_FORCE
+               "CONFIG_MODULE_SIG_FORCE kernel"
+#else
+               "FIPS dynamic hash"
+#endif
+	".\n");
         return -ECANCELED;
     }
 #endif
@@ -119,7 +129,6 @@ static int wolfssl_init(void)
     ret = set_up_wolfssl_linuxkm_pie_redirect_table();
     if (ret < 0)
         return ret;
-
 #endif
 
 #ifdef HAVE_LINUXKM_PIE_SUPPORT
@@ -243,19 +252,25 @@ static int wolfssl_init(void)
 #endif
 
 #ifdef WOLFCRYPT_ONLY
-    pr_info("wolfCrypt " LIBWOLFSSL_VERSION_STRING " loaded"
-#ifdef CONFIG_MODULE_SIG
-            " with valid module signature"
-#endif
+    pr_info("wolfCrypt " LIBWOLFSSL_VERSION_STRING " loaded%s"
             ".\nSee https://www.wolfssl.com/ for more information.\n"
-            "wolfCrypt Copyright (C) 2006-present wolfSSL Inc.  Licensed under " WOLFSSL_LICENSE ".\n");
+            "wolfCrypt Copyright (C) 2006-present wolfSSL Inc.  Licensed under " WOLFSSL_LICENSE ".\n",
+#ifdef CONFIG_MODULE_SIG
+            THIS_MODULE->sig_ok ? " with valid module signature" : " without valid module signature"
 #else
-    pr_info("wolfSSL " LIBWOLFSSL_VERSION_STRING " loaded"
-#ifdef CONFIG_MODULE_SIG
-            " with valid module signature"
+            ""
 #endif
+	);
+#else
+    pr_info("wolfSSL " LIBWOLFSSL_VERSION_STRING " loaded%s"
             ".\nSee https://www.wolfssl.com/ for more information.\n"
-            "wolfSSL Copyright (C) 2006-present wolfSSL Inc.  Licensed under " WOLFSSL_LICENSE ".\n");
+            "wolfSSL Copyright (C) 2006-present wolfSSL Inc.  Licensed under " WOLFSSL_LICENSE ".\n",
+#ifdef CONFIG_MODULE_SIG
+            THIS_MODULE->sig_ok ? " with valid module signature" : " without valid module signature"
+#else
+            ""
+#endif
+        );
 #endif
 
     return 0;