From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60ED3C433EF for ; Mon, 20 Sep 2021 17:15:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3CCD2613A5 for ; Mon, 20 Sep 2021 17:15:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346421AbhITRQa (ORCPT ); Mon, 20 Sep 2021 13:16:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:41202 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347612AbhITRO1 (ORCPT ); Mon, 20 Sep 2021 13:14:27 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id BAF60613A5; Mon, 20 Sep 2021 16:58:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1632157092; bh=S3kVn85mjnu0Qvr5bIEbxz2Euwg5MAybncTBszSHQiI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VTNcomfyd5VQXKZdkutyQYbG9Rq+nwPJeiIKh564MToqz3Q4Md0pd1qKx/aJawwwN 0uUfbyuyGtYjRh89Lt/SLP4MVeTfn9bd+gFDnGPcFZ0PiJFu8oFoijHE9GOiChaQ0h mimCMCI0DdMXpeLZljEDrv8MdDlJBK21r5OboNo0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Howells , David Woodhouse , Stefan Berger , Jarkko Sakkinen , Sasha Levin Subject: [PATCH 4.14 050/217] certs: Trigger creation of RSA module signing key if its not an RSA key Date: Mon, 20 Sep 2021 18:41:11 +0200 Message-Id: <20210920163926.320216001@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210920163924.591371269@linuxfoundation.org> References: <20210920163924.591371269@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Stefan Berger [ Upstream commit ea35e0d5df6c92fa2e124bb1b91d09b2240715ba ] Address a kbuild issue where a developer created an ECDSA key for signing kernel modules and then builds an older version of the kernel, when bi- secting the kernel for example, that does not support ECDSA keys. If openssl is installed, trigger the creation of an RSA module signing key if it is not an RSA key. Fixes: cfc411e7fff3 ("Move certificate handling to its own directory") Cc: David Howells Cc: David Woodhouse Signed-off-by: Stefan Berger Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Sasha Levin --- certs/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/certs/Makefile b/certs/Makefile index 5d0999b9e21b..ca3c71e3a3d9 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -46,11 +46,19 @@ endif redirect_openssl = 2>&1 quiet_redirect_openssl = 2>&1 silent_redirect_openssl = 2>/dev/null +openssl_available = $(shell openssl help 2>/dev/null && echo yes) # We do it this way rather than having a boolean option for enabling an # external private key, because 'make randconfig' might enable such a # boolean option and we unfortunately can't make it depend on !RANDCONFIG. ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") + +ifeq ($(openssl_available),yes) +X509TEXT=$(shell openssl x509 -in "certs/signing_key.pem" -text 2>/dev/null) + +$(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f "certs/signing_key.pem")) +endif + $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "###" @$(kecho) "### Now generating an X.509 key pair to be used for signing modules." -- 2.30.2