From: Lucas De Marchi <lucas.de.marchi@gmail.com>
To: Ferry van Steen <Ferry.van.Steen@citrus.nl>
Cc: "jcm@jonmasters.org" <jcm@jonmasters.org>,
David Howells <dhowells@redhat.com>,
linux-modules <linux-modules@vger.kernel.org>
Subject: Re: modinfo shows md4 signature instead of sha256
Date: Wed, 31 Jan 2018 09:39:39 -0800 [thread overview]
Message-ID: <CAKi4VAKF5YCa8e2a1kEJU5MgecKWOdcPK94vWTgEzRM2j6CqYA@mail.gmail.com> (raw)
In-Reply-To: <093e06b77d7e44af8b9597f1a3701fa7@citrus.nl>
Hi Ferry,
CC'ing mailing list and Yauheni who worked on fixing modinfo output in
the last release.
On Wed, Jan 31, 2018 at 1:23 AM, Ferry van Steen
<Ferry.van.Steen@citrus.nl> wrote:
> Hi,
>
>
> sorry, not sure where to file this. There seems to be a bug in either the
> kernel signing modules with a wrong signature algorithm, or modinfo is
> reporting it incorrectly. I presume it's the latter.
>
>
> More details are here: https://bugzilla.redhat.com/show_bug.cgi?id=3D1490=
975
Not showing the output on older versions is a known issue: support for
PKCS#7 sig type was
only added to kmod in v23.
Now for the incorrect info, the problem appears to be in the kernel
implementation:
it appends a PKCS#7, but doens't fill out the struct module_signature
correctly. So in F27 I get this from, e.g.
soundcore.ko:
$ xxd -c 8 -g 1 mod.ko | tail -n6
00004d80: b9 d5 04 00 00 02 00 00 ........ <<<<<<
00004d88: 00 00 00 00 00 02 d3 7e .......~
00004d90: 4d 6f 64 75 6c 65 20 73 Module s
00004d98: 69 67 6e 61 74 75 72 65 ignature
00004da0: 20 61 70 70 65 6e 64 65 appende
00004da8: 64 7e 0a d~.
See line marked above. It should match a struct module_signature. So:
id_type =3D=3D 0x2 // PKCS7
hash =3D=3D 0 // md4
algo =3D=3D 0 // dsa
Looking at scripts/sign-file.c, indeed id_type is the only field that
is filled out.
CC'ing David Howells as well. Any input here?
Lucas De Marchi
>
>
> Thanks in advance and kind regards,
>
>
> Ferry van Steen
> Linux Developer
> Ferry.van.Steen@Citrus.nl
>
> Citrus Software
> =E2=97=8F Almystraat 10A
> =E2=97=8F 5061 PA Oisterwijk
> =E2=97=8F +31 (0)13 - 529 91 55
> =E2=97=8F www.citrus.nl
> ______________________________________________________
>
> This message may contain confidential or privileged information. If you a=
re
> not the addressee, please notify the sender and delete it from your files=
.
> Please consider the environmental impact before printing this e-mail.
>
--=20
Lucas De Marchi
next parent reply other threads:[~2018-01-31 17:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <093e06b77d7e44af8b9597f1a3701fa7@citrus.nl>
2018-01-31 17:39 ` Lucas De Marchi [this message]
2018-01-31 17:40 ` modinfo shows md4 signature instead of sha256 Lucas De Marchi
2018-01-31 20:39 ` Yauheni Kaliuta
2018-01-31 21:06 ` Yauheni Kaliuta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKi4VAKF5YCa8e2a1kEJU5MgecKWOdcPK94vWTgEzRM2j6CqYA@mail.gmail.com \
--to=lucas.de.marchi@gmail.com \
--cc=Ferry.van.Steen@citrus.nl \
--cc=dhowells@redhat.com \
--cc=jcm@jonmasters.org \
--cc=linux-modules@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).