linux/scripts
David Howells 283e8ba2df MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old
The sign-file.c program actually uses CMS rather than PKCS#7 to sign a file
since that allows the target X.509 certificate to be specified by
subjectKeyId rather than by issuer + serialNumber.

However, older versions of the OpenSSL crypto library (such as may be found
in CentOS 5.11) don't support CMS.  Assume everything prior to
OpenSSL-1.0.0 doesn't support CMS and switch to using PKCS#7 in that case.

Further, the pre-1.0.0 OpenSSL only supports PKCS#7 signing with SHA1, so
give an error from the sign-file script if the caller requests anything
other than SHA1.

The compiler gives the following error with an OpenSSL crypto library
that's too old:

  HOSTCC  scripts/sign-file
scripts/sign-file.c:23:25: fatal error: openssl/cms.h: No such file or directory
 #include <openssl/cms.h>

Reported-by: Vinson Lee <vlee@twopensource.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: David Woodhouse <David.Woodhouse@intel.com>
2015-09-25 16:31:46 +01:00
..
basic
coccinelle
dtc
gdb
genksyms
kconfig
ksymoops
mod
package
selinux
tracing
.gitignore
analyze_suspend.py
asn1_compiler.c
bloat-o-meter
bootgraph.pl
check_extable.sh
checkincludes.pl
checkkconfigsymbols.py
checkpatch.pl
checkstack.pl
checksyscalls.sh
checkversion.pl
cleanfile
cleanpatch
coccicheck
config
conmakehash.c
decode_stacktrace.sh
decodecode
depmod.sh
diffconfig
docproc.c
export_report.pl
extract-cert.c
extract-ikconfig
extract-vmlinux
gcc-goto.sh
gcc-ld
gcc-version.sh
gcc-x86_32-has-stack-protector.sh
gcc-x86_64-has-stack-protector.sh
gen_initramfs_list.sh
get_maintainer.pl
gfp-translate
headerdep.pl
headers.sh
headers_check.pl
headers_install.sh
kallsyms.c
Kbuild.include
kernel-doc
kernel-doc-xml-ref
ld-version.sh
Lindent
link-vmlinux.sh
Makefile
Makefile.asm-generic
Makefile.build
Makefile.clean
Makefile.dtbinst
Makefile.extrawarn
Makefile.fwinst
Makefile.headersinst
Makefile.help
Makefile.host
Makefile.kasan
Makefile.lib
Makefile.modbuiltin
Makefile.modinst
Makefile.modpost
Makefile.modsign
makelst
markup_oops.pl
mkcompile_h
mkmakefile
mksysmap
mkuboot.sh
mkversion
module-common.lds
namespace.pl
objdiff
patch-kernel
pnmtologo.c
profile2linkerlist.pl
recordmcount.c
recordmcount.h
recordmcount.pl
setlocalversion
show_delta
sign-file.c
sortextable.c
sortextable.h
spelling.txt
stackdelta
stackusage
tags.sh
unifdef.c
ver_linux
xen-hypercalls.sh
xz_wrap.sh