From: Jarod Wilson <jarod@redhat.com>
Subject: crypto: fips - only panic on bad/missing crypto mod signatures
Git-commit: 002c77a48b479b094b834b02ef78be47ceac76fd
Patch-mainline: Queued in subsystem maintainer repository
Git-repo: git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git
References: bnc#887503

 crypto: fips - only panic on bad/missing crypto mod signatures

Per further discussion with NIST, the requirements for FIPS state that
we only need to panic the system on failed kernel module signature checks
for crypto subsystem modules. This moves the fips-mode-only module
signature check out of the generic module loading code, into the crypto
subsystem, at points where we can catch both algorithm module loads and
mode module loads. At the same time, make CONFIG_CRYPTO_FIPS dependent on
CONFIG_MODULE_SIG, as this is entirely necessary for FIPS mode.

v2: remove extraneous blank line, perform checks in static inline
function, drop no longer necessary fips.h include.

CC: "David S. Miller" <davem@davemloft.net>
CC: Rusty Russell <rusty@rustcorp.com.au>
CC: Stephan Mueller <stephan.mueller@atsec.com>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Torsten Duwe <duwe@suse.de>

Index: linux-3.0-SLE11-SP3/crypto/algapi.c
===================================================================
--- linux-3.0-SLE11-SP3.orig/crypto/algapi.c
+++ linux-3.0-SLE11-SP3/crypto/algapi.c
@@ -59,8 +59,20 @@ static inline int crypto_set_driver_name
 	return 0;
 }
 
+static inline void crypto_check_module_sig(struct module *mod)
+{
+#if defined ( CONFIG_CRYPTO_FIPS ) && defined ( CONFIG_MODULE_SIG )
+	if (fips_enabled && mod && !mod->sig_ok)
+		panic("Module %s signature verification failed in FIPS mode\n",
+		      mod->name);
+#endif
+	return;
+}
+
 static int crypto_check_alg(struct crypto_alg *alg)
 {
+	crypto_check_module_sig(alg->cra_module);
+
 	if (alg->cra_alignmask & (alg->cra_alignmask + 1))
 		return -EINVAL;
 
@@ -413,6 +425,8 @@ int crypto_register_template(struct cryp
 
 	down_write(&crypto_alg_sem);
 
+	crypto_check_module_sig(tmpl->module);
+
 	list_for_each_entry(q, &crypto_template_list, list) {
 		if (q == tmpl)
 			goto out;
Index: linux-3.0-SLE11-SP3/kernel/module.c
===================================================================
--- linux-3.0-SLE11-SP3.orig/kernel/module.c
+++ linux-3.0-SLE11-SP3/kernel/module.c
@@ -59,7 +59,6 @@
 #include <linux/jump_label.h>
 #include <linux/pfn.h>
 #include <linux/bsearch.h>
-#include <linux/fips.h>
 #include "module-internal.h"
 
 #define CREATE_TRACE_POINTS
@@ -2445,9 +2444,6 @@ static int module_sig_check(struct load_
 	}
 
 	/* Not having a signature is only an error if we're strict. */
-	if (err < 0 && fips_enabled)
-		panic("Module verification failed with error %d in FIPS mode\n",
-		      err);
 	if (err == -ENOKEY && !sig_enforce)
 		err = 0;
 
