lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5164884C.70909@intel.com>
Date:	Tue, 09 Apr 2013 14:29:48 -0700
From:	David Cohen <david.a.cohen@...el.com>
To:	Rusty Russell <rusty@...tcorp.com.au>
CC:	dhowells@...hat.com, linux-kernel@...r.kernel.org,
	"Gross, Mark" <mark.gross@...el.com>
Subject: Re: [PATCH] MODSIGN: do not send garbage to stderr when enabling
 modules signature

On 04/08/2013 08:27 PM, Rusty Russell wrote:
> David Cohen <david.a.cohen@...el.com> writes:
>> openssl may send garbage to stderr when generating X.509 key pair for
>> modules signature regardless there was an error or not. It makes more
>> difficult to create scripts based on kernel error/warning messages.
>> This patch makes sure openssl logs go to default stdout.
>>
>> Signed-off-by: David Cohen <david.a.cohen@...el.com>
> Can you please give an example of the "garbage" in your commit message,
> or is it binary?

I can write to commit message, it's not binary. I'll send a new patch.

The problem is openssl writes its logs to stderr.
Here's the example I'm going to write to commit message. I captured only 
stderr in this case:

crypto/anubis.c:581: warning: ‘inter’ is used uninitialized in this function
Generating a 4096 bit RSA private key
.........
drivers/gpu/drm/i915/i915_gem_gtt.c: In function ‘gen6_ggtt_insert_entries’:
drivers/gpu/drm/i915/i915_gem_gtt.c:440: warning: ‘addr’ may be used 
uninitialized in this function
.net/mac80211/tx.c: In function ‘ieee80211_subif_start_xmit’:
net/mac80211/tx.c:1780: warning: ‘chanctx_conf’ may be used 
uninitialized in this function
..drivers/isdn/hardware/mISDN/hfcpci.c: In function ‘hfcpci_softirq’:
.....drivers/isdn/hardware/mISDN/hfcpci.c:2298: warning: ignoring return 
value of ‘driver_for_each_device’, declared with attribute 
warn_unused_result
net/unix/af_unix.c: In function ‘unix_bind’:
net/unix/af_unix.c:892: warning: ‘path.dentry’ may be used uninitialized 
in this function
net/unix/af_unix.c:892: warning: ‘path.mnt’ may be used uninitialized in 
this function
...++
In file included from drivers/message/i2o/config-osm.c:39:
drivers/message/i2o/i2o_config.c: In function ‘i2o_cfg_passthru’:
drivers/message/i2o/i2o_config.c:888: warning: cast to pointer from 
integer of different size
drivers/message/i2o/i2o_config.c:943: warning: cast to pointer from 
integer of different size
drivers/net/ethernet/amd/nmclan_cs.c: In function ‘nmclan_config’:
drivers/net/ethernet/amd/nmclan_cs.c:625: warning: 
‘pcmcia_request_exclusive_irq’ is deprecated (declared at 
include/pcmcia/ds.h:201)
drivers/net/ethernet/mellanox/mlx4/mcg.c: In function ‘find_entry’:
.........................................................................................................................................................................................++
writing new private key to 'signing_key.priv'
-----
drivers/net/ethernet/mellanox/mlx4/mcg.c:601: warning: ‘hash’ may be 
used uninitialized in this function


The problem happens when we use high N value on make -jN. All warnings 
get mixed with dots and other outputs from openssl when printed during 
key pair generation.

Br, David


>
> Thanks,
> Rusty,.
>
>> ---
>>   kernel/Makefile |    2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/kernel/Makefile b/kernel/Makefile
>> index bbde5f1..5a51e6c 100644
>> --- a/kernel/Makefile
>> +++ b/kernel/Makefile
>> @@ -175,7 +175,7 @@ signing_key.priv signing_key.x509: x509.genkey
>>   	openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
>>   		-batch -x509 -config x509.genkey \
>>   		-outform DER -out signing_key.x509 \
>> -		-keyout signing_key.priv
>> +		-keyout signing_key.priv 2>&1
>>   	@echo "###"
>>   	@echo "### Key pair generated."
>>   	@echo "###"
>> -- 
>> 1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ