feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

linuxkm: in module_hooks.c, fix logic+gating around CONFIG_MODULE_SIG and WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE.

Browse Source
This commit is contained in:
Daniel Pouzzner
2021-10-22 16:57:21 -05:00
parent 9b5f8c84b0
commit 071be3171e
1 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
linuxkm/module_hooks.c
View File

@@ -100,6 +100,10 @@ static void lkmFipsCb(int ok, int err, const char* hash)
} }
#endif #endif
#if defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE) && !defined(CONFIG_MODULE_SIG)
#error WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE requires a CONFIG_MODULE_SIG kernel.
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
static int __init wolfssl_init(void) static int __init wolfssl_init(void)
#else #else
@@ -108,9 +112,15 @@ static int wolfssl_init(void)
{ {
int ret; int ret;
#ifdef CONFIG_MODULE_SIG #if defined(CONFIG_MODULE_SIG_FORCE) || defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE)
if (THIS_MODULE->sig_ok == false) { if (THIS_MODULE->sig_ok == false) {
pr_err("wolfSSL module load aborted -- bad or missing module signature with CONFIG_MODULE_SIG kernel.\n"); pr_err("wolfSSL module load aborted -- bad or missing module signature with "
#ifdef CONFIG_MODULE_SIG_FORCE
"CONFIG_MODULE_SIG_FORCE kernel"
#else
"FIPS dynamic hash"
#endif
".\n");
return -ECANCELED; return -ECANCELED;
} }
#endif #endif
@@ -119,7 +129,6 @@ static int wolfssl_init(void)
ret = set_up_wolfssl_linuxkm_pie_redirect_table(); ret = set_up_wolfssl_linuxkm_pie_redirect_table();
if (ret < 0) if (ret < 0)
return ret; return ret;
#endif #endif
#ifdef HAVE_LINUXKM_PIE_SUPPORT #ifdef HAVE_LINUXKM_PIE_SUPPORT
@@ -243,19 +252,25 @@ static int wolfssl_init(void)
#endif #endif
#ifdef WOLFCRYPT_ONLY #ifdef WOLFCRYPT_ONLY
pr_info("wolfCrypt " LIBWOLFSSL_VERSION_STRING " loaded" pr_info("wolfCrypt " LIBWOLFSSL_VERSION_STRING " loaded%s"
#ifdef CONFIG_MODULE_SIG
" with valid module signature"
#endif
".\nSee https://www.wolfssl.com/ for more information.\n" ".\nSee https://www.wolfssl.com/ for more information.\n"
"wolfCrypt Copyright (C) 2006-present wolfSSL Inc. Licensed under " WOLFSSL_LICENSE ".\n"); "wolfCrypt Copyright (C) 2006-present wolfSSL Inc. Licensed under " WOLFSSL_LICENSE ".\n",
#ifdef CONFIG_MODULE_SIG
THIS_MODULE->sig_ok ? " with valid module signature" : " without valid module signature"
#else #else
pr_info("wolfSSL " LIBWOLFSSL_VERSION_STRING " loaded" ""
#ifdef CONFIG_MODULE_SIG
" with valid module signature"
#endif #endif
);
#else
pr_info("wolfSSL " LIBWOLFSSL_VERSION_STRING " loaded%s"
".\nSee https://www.wolfssl.com/ for more information.\n" ".\nSee https://www.wolfssl.com/ for more information.\n"
"wolfSSL Copyright (C) 2006-present wolfSSL Inc. Licensed under " WOLFSSL_LICENSE ".\n"); "wolfSSL Copyright (C) 2006-present wolfSSL Inc. Licensed under " WOLFSSL_LICENSE ".\n",
#ifdef CONFIG_MODULE_SIG
THIS_MODULE->sig_ok ? " with valid module signature" : " without valid module signature"
#else
""
#endif
);
#endif #endif
return 0; return 0;