| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Aug 2015 17:09:22 -0400
From: Valdis.Kletnieks@...edu
To: David Howells <dhowells@...hat.com>
Cc: David Woodhouse <David.Woodhouse@...el.com>,
linux-kernel@...r.kernel.org
Subject: Re: Module signing broken after SYSTEM_DATA_VERIFICATION commit?
On Fri, 28 Aug 2015 11:23:54 +0100, David Howells said:
> Valdis Kletnieks <Valdis.Kletnieks@...edu> wrote:
>
> > [ 31.829322] PKCS7: Unknown OID: [32] 2.16.840.1.101.3.4.2.3
> > [ 31.829328] PKCS7: Unknown OID: [180] 2.16.840.1.101.3.4.2.3
>
> OID_sha1, /* 1.3.14.3.2.26 */
> OID_sha256, /* 2.16.840.1.101.3.4.2.1 */
>
> I suspect I'm missing something here in oid_registry.h. Looking online, I
> see:
>
> id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
> id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
> id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }
> id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }
> id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }
> id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }
>
> Are you perchance using sha512 hashes in your signatures?
% grep MODULE_SIG /usr/src/linux-next/.config
CONFIG_MODULE_SIG=y
# CONFIG_MODULE_SIG_FORCE is not set
CONFIG_MODULE_SIG_ALL=y
# CONFIG_MODULE_SIG_SHA1 is not set
# CONFIG_MODULE_SIG_SHA224 is not set
# CONFIG_MODULE_SIG_SHA256 is not set
# CONFIG_MODULE_SIG_SHA384 is not set
CONFIG_MODULE_SIG_SHA512=y
CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_SIG_KEY="signing_key.pem"
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists