lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri,  3 Feb 2017 02:31:18 +0100
From:   Antony Vennard <antony@...nard.ch>
To:     David Howells <dhowells@...hat.com>,
        David Woodhouse <dwmw2@...radead.org>
Cc:     keyrings@...r.kernel.org, linux-kernel@...r.kernel.org,
        Antony Vennard <antony@...nard.ch>
Subject: [PATCH 1/1] Load OpenSSL config if present in sign-file.c

This patch modifies scripts/sign-file.c such that custom engine
configurations can be loaded for signing kernel modules.

Signed-off-by: Antony Vennard <antony@...nard.ch>
---
 scripts/sign-file.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 19ec468..78901aa 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -24,6 +24,7 @@
 #include <arpa/inet.h>
 #include <openssl/opensslv.h>
 #include <openssl/bio.h>
+#include <openssl/conf.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
@@ -137,7 +138,6 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
 	if (!strncmp(private_key_name, "pkcs11:", 7)) {
 		ENGINE *e;
 
-		ENGINE_load_builtin_engines();
 		drain_openssl_errors();
 		e = ENGINE_by_id("pkcs11");
 		ERR(!e, "Load PKCS#11 ENGINE");
@@ -227,10 +227,21 @@ int main(int argc, char **argv)
 	X509 *x509;
 	BIO *bd, *bm;
 	int opt, n;
+
 	OpenSSL_add_all_algorithms();
+	OPENSSL_load_builtin_modules();
+	ENGINE_load_builtin_engines();
 	ERR_load_crypto_strings();
 	ERR_clear_error();
 
+	if (CONF_modules_load_file(NULL, NULL,
+		CONF_MFLAGS_DEFAULT_SECTION |
+		CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+		fprintf(stderr, "FATAL: error loading configuration file.\n");
+		ERR_print_errors_fp(stderr);
+		exit(4);
+	}
+
 	key_pass = getenv("KBUILD_SIGN_PIN");
 
 #ifndef USE_PKCS7
-- 
2.9.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ