Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED]sign-file: LibreSSL 3.0.2 only supports SHA1 signing
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
sdauth
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2018
Posts: 130
Location: Frankreich

PostPosted: Tue Jan 21, 2020 8:42 am    Post subject: [SOLVED]sign-file: LibreSSL 3.0.2 only supports SHA1 signing Reply with quote

Hello,

Does anyone know how to make SHA512 kernel module signing work with Libressl ?
For now, I'm greeted with this error upon kernel module installation when I choose SHA512 for example :

Code:
sign-file: LibreSSL 3.0.2 only supports SHA1 signing


(If I choose SHA1, it works of course)

The issue was already there with previous Libressl version (2.9.2 for example)


Last edited by sdauth on Sat Apr 11, 2020 9:10 pm; edited 1 time in total
Back to top
View user's profile Send private message
Jackalope
n00b
n00b


Joined: 24 Sep 2018
Posts: 27

PostPosted: Tue Apr 07, 2020 8:40 am    Post subject: Reply with quote

Same issue with
Code:
genkernel all

Code:

*         >> Installing 5.4.28-gentoo-x86_64 modules (and stripping) ...
COMMAND: nice -n10 make -j7  ARCH="x86" modules_install
  INSTALL arch/x86/crypto/aegis128-aesni.ko
  INSTALL arch/x86/crypto/aesni-intel.ko
  INSTALL arch/x86/crypto/blowfish-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx2.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx-x86_64.ko
  INSTALL arch/x86/crypto/cast5-avx-x86_64.ko
  INSTALL arch/x86/crypto/camellia-x86_64.ko
sign-file: LibreSSL 3.0.2 only supports SHA1 signing
make[1]: *** [scripts/Makefile.modinst:33: arch/x86/crypto/aegis128-aesni.ko] Error 3
make[1]: *** Waiting for unfinished jobs....
sign-file: LibreSSL 3.0.2 only supports SHA1 signing
make[1]: *** [scripts/Makefile.modinst:33: arch/x86/crypto/cast5-avx-x86_64.ko] Error 3
sign-file: LibreSSL 3.0.2 only supports SHA1 signing
make[1]: *** [scripts/Makefile.modinst:33: arch/x86/crypto/camellia-aesni-avx-x86_64.ko] Error 3
sign-file: LibreSSL 3.0.2 only supports SHA1 signing
sign-file: LibreSSL 3.0.2 only supports SHA1 signing
make[1]: *** [scripts/Makefile.modinst:33: arch/x86/crypto/blowfish-x86_64.ko] Error 3
make[1]: *** [scripts/Makefile.modinst:33: arch/x86/crypto/camellia-x86_64.ko] Error 3
sign-file: LibreSSL 3.0.2 only supports SHA1 signing
make[1]: *** [scripts/Makefile.modinst:33: arch/x86/crypto/camellia-aesni-avx2.ko] Error 3
sign-file: LibreSSL 3.0.2 only supports SHA1 signing
make[1]: *** [scripts/Makefile.modinst:33: arch/x86/crypto/aesni-intel.ko] Error 3
make: *** [Makefile:1316: _modinst_] Error 2

* ERROR: compile_modules(): compile_generic() failed to compile the "modules_install" target!


Looks like I cant use genkernel for automatic kernel preparing.
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2336
Location: Germania

PostPosted: Tue Apr 07, 2020 9:21 am    Post subject: Reply with quote

Hmm, google search yields:
https://bugzilla.kernel.org/show_bug.cgi?id=202159#c9
https://github.com/libressl-portable/portable/issues/448

Looks like LibreSSL 3.0.2 and patch to kernel (comment #9 - Mikhail Novosyolov 2020-03-20 09:19:15 UTC) seems to help?
_________________
boost|select libs to build|slotable|python-buildid

hear hear
Back to top
View user's profile Send private message
Jackalope
n00b
n00b


Joined: 24 Sep 2018
Posts: 27

PostPosted: Tue Apr 07, 2020 9:39 am    Post subject: Reply with quote

geki wrote:
Hmm, google search yields:
https://bugzilla.kernel.org/show_bug.cgi?id=202159#c9
https://github.com/libressl-portable/portable/issues/448

Looks like LibreSSL 3.0.2 and patch to kernel (comment #9 - Mikhail Novosyolov 2020-03-20 09:19:15 UTC) seems to help?


I am compiled manually without SHA256 already instead.
Back to top
View user's profile Send private message
sdauth
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2018
Posts: 130
Location: Frankreich

PostPosted: Sat Apr 11, 2020 9:08 pm    Post subject: Reply with quote

geki wrote:
Hmm, google search yields:
https://bugzilla.kernel.org/show_bug.cgi?id=202159#c9
https://github.com/libressl-portable/portable/issues/448

Looks like LibreSSL 3.0.2 and patch to kernel (comment #9 - Mikhail Novosyolov 2020-03-20 09:19:15 UTC) seems to help?


Indeed. Actually, I was waiting Libressl 3.1.0 to try it. I just finished recompiling packages against Libressl 3.1.0 and applied the patch :
https://patchwork.kernel.org/patch/11446123/

in /usr/src/linux.
Now I'm finally able to sign my modules with SHA512 ! Great 8)

Hopefully, this patch will be added to gentoo-sources soon. Meanwhile, I'll add it to /etc/portage/patches
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum