Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp2318829pxb; Mon, 20 Sep 2021 18:41:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwL0EqkTX9fA3JDLQbAqrpZKbErfdwtqlW70Aqk3OjPVQBad5lpSRwrTXoeNKYCM1oxsM6l X-Received: by 2002:a5e:930a:: with SMTP id k10mr17901107iom.61.1632188480450; Mon, 20 Sep 2021 18:41:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632188480; cv=none; d=google.com; s=arc-20160816; b=E92JohwwBqKSIYEKdKuk9InRAUiaA+8qRAX8BQJT2YuGMidthWgk1RZLz9iz641BTF C2Ew95JZOWglrpJqVrJjBGt35PwrGKEf0WVMTl2hV27Ce9XzTuegEQ9q1tL76lawmwak 0l+66xUBsws9N9syd/DrOSMzDEWhoc7W/8QMf5oRHynL76o/thAdY+527aLtWqMhQGy2 ZDIZhZE6nppbptUiJnhwoyt58z2zJKanxda7RmcqfogSt2KZ1KZESTVTfAHEIMqqMdWS 0c1EwDK9RpsDvS0MK3FmI3gh8rQT1XR5Facm/hW7TctTkN3br+cpa9reW3jBMK2YbTyL SJIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cfmxoeMtepGNzt8NJXy5Ve003yW+HEN1Lc0E3TKffCg=; b=rNTbUxw8B5dzZoT/1JkKZZExzVnjq8nTkCc3dueeHexGPQbkEnPnu9NGZ56GzZaz9p TpsUAS/vGetRtDOruuw1Q78nP7ze9T37Q12r+ufQojWRXIcvBss38WFVtyuUZSPEg5BB 5AHc7DGw3xccJ7R3npp/JyGrm3iqCAnMjo2ygnXlfUVMZP0yJbV8o+mCapfsZRqJqgfb 1dK3tu7VaU9sXlXD3hiwMuqr2awcP8GGWN+vuwBmtEwwB1zAFvBWYRF57rsUOqIpqdou HLimE1ROnzUq6R8xEmTsSiEvZDwQBvNnNZKGcnBp/wXbW512YxprC5z5WGndeRURo2hY NZaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wEtsl1Ib; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y12si1557481ilv.168.2021.09.20.18.41.09; Mon, 20 Sep 2021 18:41:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wEtsl1Ib; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243001AbhITQsh (ORCPT + 99 others); Mon, 20 Sep 2021 12:48:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:36452 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243378AbhITQr4 (ORCPT ); Mon, 20 Sep 2021 12:47:56 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B45CD611ED; Mon, 20 Sep 2021 16:46:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1632156389; bh=2JqvXqvVZJfH9DPbT6roUpriO96zABwe2vLAyDsNh4w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wEtsl1IbIRMov47S1AyxiUgh6L/eEwhoyjJ2M+m7og9XJVPdoKSZOuIWk1f65Xv4g NXKF9p2Su/3B9BDZm9FqeUM83jX/R8fohqYmdoU0dHeREYacdcCqGnIK/kb/VAUGds mnBGlrUS9mMrYijkiB2qk+k/J2PEW/YXMCiighDs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Howells , David Woodhouse , Stefan Berger , Jarkko Sakkinen , Sasha Levin Subject: [PATCH 4.4 037/133] certs: Trigger creation of RSA module signing key if its not an RSA key Date: Mon, 20 Sep 2021 18:41:55 +0200 Message-Id: <20210920163913.854205452@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210920163912.603434365@linuxfoundation.org> References: <20210920163912.603434365@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefan Berger [ Upstream commit ea35e0d5df6c92fa2e124bb1b91d09b2240715ba ] Address a kbuild issue where a developer created an ECDSA key for signing kernel modules and then builds an older version of the kernel, when bi- secting the kernel for example, that does not support ECDSA keys. If openssl is installed, trigger the creation of an RSA module signing key if it is not an RSA key. Fixes: cfc411e7fff3 ("Move certificate handling to its own directory") Cc: David Howells Cc: David Woodhouse Signed-off-by: Stefan Berger Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Sasha Levin --- certs/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/certs/Makefile b/certs/Makefile index 2773c4afa24c..4417cc5cf5e8 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -39,11 +39,19 @@ endif redirect_openssl = 2>&1 quiet_redirect_openssl = 2>&1 silent_redirect_openssl = 2>/dev/null +openssl_available = $(shell openssl help 2>/dev/null && echo yes) # We do it this way rather than having a boolean option for enabling an # external private key, because 'make randconfig' might enable such a # boolean option and we unfortunately can't make it depend on !RANDCONFIG. ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") + +ifeq ($(openssl_available),yes) +X509TEXT=$(shell openssl x509 -in "certs/signing_key.pem" -text 2>/dev/null) + +$(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f "certs/signing_key.pem")) +endif + $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "###" @$(kecho) "### Now generating an X.509 key pair to be used for signing modules." -- 2.30.2