| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20121001204150.GA20849@hansolo.jdub.homelinux.org> Date: Mon, 1 Oct 2012 16:41:50 -0400 From: Josh Boyer <jwboyer@...hat.com> To: David Howells <dhowells@...hat.com> Cc: Rusty Russell <rusty@...tcorp.com.au>, herbert@...dor.hengli.com.au, pjones@...hat.com, linux-crypto@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, keyrings@...ux-nfs.org Subject: Re: [GIT PULL] Asymmetric keys and module signing On Sat, Sep 29, 2012 at 08:13:25AM +0100, David Howells wrote: > Rusty Russell <rusty@...tcorp.com.au> wrote: > > > [ 2.808075] Loading module verification certificates > > [ 2.809331] X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired > > [ 2.810500] MODSIGN: Problem loading in-kernel X.509 certificate (-127) > > Hmmm... Other people have seen that. > > Ahhhhh! > > I wonder if the problem is that the certificate is valid for 100 years.... > That might well cause an overflow on a 32-bit system. That does seem quite plausible. The comparisons are done with time_t, which boils down to 'long' and 100 years in seconds would overflow LONG_MAX. > Could you try changing the '36500' in kernel/Makefile to something shorter, > like 365? I tried two values today. One close to LONG_MAX (24800 or ~68 years), and 10 years (3650). The former still seemed to overflow, but specifying a 10yr lifetime appears to have worked. josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists