Received: by 2002:a05:6a10:6d25:0:0:0:0 with SMTP id gq37csp1854317pxb; Mon, 13 Sep 2021 07:00:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwm/osIb2ii/lXDpn0s5Fd2zwu/uBVn7b7BgxRWS0dljNVXMeiR9VzQHo1SVvf7NJ4hwsE0 X-Received: by 2002:a05:6402:2156:: with SMTP id bq22mr893383edb.49.1631541622632; Mon, 13 Sep 2021 07:00:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631541622; cv=none; d=google.com; s=arc-20160816; b=pbigkBQtoXhQH3TAdcu2rG7juKsu7KZjhYhk0PffARzedD6RQCHmWl9x6ZgAMWkck4 7afBxNU9FP1QeTsI0kmRSxWKJqtBnSKckq2hyeTXXhERThqX/lYInmkWvGjXMU+Bv6IT GvNq68B05xQXp5fJ2l806xvDoRX6C3kV5l9AZZgkKWvcE7/264WEJ0cBK9/ffK88rv8S 31oK3Zela6Y/dp8woMkVtLHWc3DSsZgWtNgIaHs586VUSNgGJa3FfcuH0DDvXSgw0zjQ lr8qsMUu815pKac835rPfEKQxQ5Rc30yeNPsZw0LGG0ibdv3xL8aHCl71LKwRL02KEo7 3mPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=r279uve9GVcVy5wfDU/uwHjdHg5igh7kAgkZwn25+WE=; b=T1LRucMekef77NB+vqe/HyoD/th363FHztVdJNfLwd0hquymi2lmpjAm7TX/gAZDiW PJ29log2CxykmlerKSGweLDmseTfAtvYxNiTK8C3M+veaPPazOh0TxlMsBZApewLnclb JrIuTwm7daGAnnt5B58sFOQEV2spOfKvylPvhxo8SYWgoT1oq6xJambRdNAvtQjJK2Uh 5VT/3+pPnywA6Q7Fgd+3GLRZEdFs1JD9fXH5yz57Dlud7zqsF7624dRtLtEkB3Apu0hj b4/eagomUwFaCUC/8Tz5bScypz0lUaqU38DrkKGuGLpgFPXUARk5/Sp6w/wbSwVEfjUl 2Chg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oKHyv923; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e24si7106210ejl.353.2021.09.13.06.59.52; Mon, 13 Sep 2021 07:00:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oKHyv923; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243209AbhIMN6W (ORCPT + 99 others); Mon, 13 Sep 2021 09:58:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:40480 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343569AbhIMNzk (ORCPT ); Mon, 13 Sep 2021 09:55:40 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 28CDA619A6; Mon, 13 Sep 2021 13:35:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1631540141; bh=uPKHFJqu3rTSPQzxnPEi0qkx4KPNse7MlsqU42wUxWk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oKHyv923wG2LZxQv0av6hryO05nB6RjVbSAd+FxBw2kVnzhOl7ul5pmPhksQJAYew NHkVi7E+8tpjWdYv+YlWyXcKggkkRVJEFUszmTLPqKZoJKOZvuzdxvDEV7mda359h/ T/csbhPibtxgA1NVX/UsiUJs/GNCbzajN6PlkjtQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Howells , David Woodhouse , Stefan Berger , Jarkko Sakkinen , Sasha Levin Subject: [PATCH 5.13 069/300] certs: Trigger creation of RSA module signing key if its not an RSA key Date: Mon, 13 Sep 2021 15:12:10 +0200 Message-Id: <20210913131111.690051566@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210913131109.253835823@linuxfoundation.org> References: <20210913131109.253835823@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefan Berger [ Upstream commit ea35e0d5df6c92fa2e124bb1b91d09b2240715ba ] Address a kbuild issue where a developer created an ECDSA key for signing kernel modules and then builds an older version of the kernel, when bi- secting the kernel for example, that does not support ECDSA keys. If openssl is installed, trigger the creation of an RSA module signing key if it is not an RSA key. Fixes: cfc411e7fff3 ("Move certificate handling to its own directory") Cc: David Howells Cc: David Woodhouse Signed-off-by: Stefan Berger Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Sasha Levin --- certs/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/certs/Makefile b/certs/Makefile index 359239a0ee9e..f9344e52ecda 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -57,11 +57,19 @@ endif redirect_openssl = 2>&1 quiet_redirect_openssl = 2>&1 silent_redirect_openssl = 2>/dev/null +openssl_available = $(shell openssl help 2>/dev/null && echo yes) # We do it this way rather than having a boolean option for enabling an # external private key, because 'make randconfig' might enable such a # boolean option and we unfortunately can't make it depend on !RANDCONFIG. ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") + +ifeq ($(openssl_available),yes) +X509TEXT=$(shell openssl x509 -in "certs/signing_key.pem" -text 2>/dev/null) + +$(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f "certs/signing_key.pem")) +endif + $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "###" @$(kecho) "### Now generating an X.509 key pair to be used for signing modules." -- 2.30.2