Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-02-10T17:49:18+00:00 2026-02-10T17:49:18+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-10T17:49:18+00:00 urn:sha1:a7423e6ea2f8f6f453de79213c26f7a36c86d9a2 Pull module updates from Sami Tolvanen: "Module signing: - Remove SHA-1 support for signing modules. SHA-1 is no longer considered secure for signatures due to vulnerabilities that can lead to hash collisions. None of the major distributions use SHA-1 anymore, and the kernel has defaulted to SHA-512 since v6.11. Note that loading SHA-1 signed modules is still supported. - Update scripts/sign-file to use only the OpenSSL CMS API for signing. As SHA-1 support is gone, we can drop the legacy PKCS#7 API which was limited to SHA-1. This also cleans up support for legacy OpenSSL versions. Cleanups and fixes: - Use system_dfl_wq instead of the per-cpu system_wq following the ongoing workqueue API refactoring. - Avoid open-coded kvrealloc() in module decompression logic by using the standard helper. - Improve section annotations by replacing the custom __modinit with __init_or_module and removing several unused __INIT*_OR_MODULE macros. - Fix kernel-doc warnings in include/linux/moduleparam.h. - Ensure set_module_sig_enforced is only declared when module signing is enabled. - Fix gendwarfksyms build failures on 32-bit hosts. MAINTAINERS: - Update the module subsystem entry to reflect the maintainer rotation and update the git repository link" * tag 'modules-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux: modules: moduleparam.h: fix kernel-doc comments module: Only declare set_module_sig_enforced when CONFIG_MODULE_SIG=y module/decompress: Avoid open-coded kvrealloc() gendwarfksyms: Fix build on 32-bit hosts sign-file: Use only the OpenSSL CMS API for signing module: Remove SHA-1 support for module signing module: replace use of system_wq with system_dfl_wq params: Replace __modinit with __init_or_module module: Remove unused __INIT*_OR_MODULE macros MAINTAINERS: Update module subsystem maintainers and repository 2026-02-02T16:57:39+00:00 David Howells dhowells@redhat.com 2025-10-06T07:35:51+00:00 urn:sha1:0ad9a71933e73c8a2af101d28e9a1dc35bae02d5 Allow ML-DSA module signing to be enabled. Note that OpenSSL's CMS_*() function suite does not, as of OpenSSL-3.6, support the use of CMS_NOATTR with ML-DSA, so the prohibition against using signedAttrs with module signing has to be removed. The selected digest then applies only to the algorithm used to calculate the digest stored in the messageDigest attribute. The OpenSSL development branch has patches applied that fix this[1], but it appears that that will only be available in OpenSSL-4. [1] https://github.com/openssl/openssl/pull/28923 sign-file won't set CMS_NOATTR if openssl is earlier than v4, resulting in the use of signed attributes. The ML-DSA algorithm takes the raw data to be signed without regard to what digest algorithm is specified in the CMS message. The CMS specified digest algorithm is ignored unless signedAttrs are used; in such a case, only SHA512 is permitted. Signed-off-by: David Howells <dhowells@redhat.com> cc: Jarkko Sakkinen <jarkko@kernel.org> cc: Eric Biggers <ebiggers@kernel.org> cc: Lukas Wunner <lukas@wunner.de> cc: Ignat Korchagin <ignat@cloudflare.com> cc: Stephan Mueller <smueller@chronox.de> cc: Herbert Xu <herbert@gondor.apana.org.au> cc: keyrings@vger.kernel.org cc: linux-crypto@vger.kernel.org 2025-12-22T16:35:54+00:00 Petr Pavlu petr.pavlu@suse.com 2025-11-11T15:48:32+00:00 urn:sha1:d7afd65b4acc775df872af30948dd7c196587169 The USE_PKCS7 code in sign-file utilizes PKCS7_sign(), which allows signing only with SHA-1. Since SHA-1 support for module signing has been removed, drop the use of the OpenSSL PKCS7 API by the tool in favor of using only the newer CMS API. The use of the PKCS7 API is selected by the following: #if defined(LIBRESSL_VERSION_NUMBER) || \ OPENSSL_VERSION_NUMBER < 0x10000000L || \ defined(OPENSSL_NO_CMS) #define USE_PKCS7 #endif Looking at the individual ifdefs: * LIBRESSL_VERSION_NUMBER: LibreSSL added the CMS API implementation from OpenSSL in 3.1.0, making the ifdef no longer relevant. This version was released on April 8, 2020. * OPENSSL_VERSION_NUMBER < 0x10000000L: OpenSSL 1.0.0 was released on March 29, 2010. Supporting earlier versions should no longer be necessary. The file Documentation/process/changes.rst already states that at least version 1.0.0 is required to build the kernel. * OPENSSL_NO_CMS: OpenSSL can be configured with "no-cms" to disable CMS support. In this case, sign-file will no longer be usable. The CMS API support is now required. In practice, since distributions now typically sign modules with SHA-2, for which sign-file already required CMS API support, removing the USE_PKCS7 code shouldn't cause any issues. Signed-off-by: Petr Pavlu <petr.pavlu@suse.com> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> [Sami: Used Petr's updated commit message] Signed-off-by: Sami Tolvanen <samitolvanen@google.com> 2024-09-20T16:52:48+00:00 Jan Stancek jstancek@redhat.com 2024-09-20T16:52:48+00:00 urn:sha1:558bdc45dfb2669e1741384a0c80be9c82fa052c ENGINE API has been deprecated since OpenSSL version 3.0 [1]. Distros have started dropping support from headers and in future it will likely disappear also from library. It has been superseded by the PROVIDER API, so use it instead for OPENSSL MAJOR >= 3. [1] https://github.com/openssl/openssl/blob/master/README-ENGINES.md [jarkko: fixed up alignment issues reported by checkpatch.pl --strict] Signed-off-by: Jan Stancek <jstancek@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com> Reviewed-by: Neal Gompa <neal@gompa.dev> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2024-09-20T16:49:52+00:00 Jan Stancek jstancek@redhat.com 2024-07-12T07:11:15+00:00 urn:sha1:467d60eddf55588add232feda325da7215ddaf30 ERR_get_error_line() is deprecated since OpenSSL 3.0. Use ERR_peek_error_line() instead, and combine display_openssl_errors() and drain_openssl_errors() to a single function where parameter decides if it should consume errors silently. Signed-off-by: Jan Stancek <jstancek@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com> Reviewed-by: Neal Gompa <neal@gompa.dev> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2024-09-20T16:49:52+00:00 Jan Stancek jstancek@redhat.com 2024-07-12T07:11:14+00:00 urn:sha1:300e6d4116f956b035281ec94297dc4dc8d4e1d3 Couple error handling helpers are repeated in both tools, so move them to a common header. Signed-off-by: Jan Stancek <jstancek@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com> Reviewed-by: Neal Gompa <neal@gompa.dev> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2023-12-13T20:55:11+00:00 Yusong Gao a869920004@gmail.com 2023-12-13T10:31:10+00:00 urn:sha1:829649443e78d85db0cff0c37cadb28fbb1a5f6f There are some wrong return values check in sign-file when call OpenSSL API. The ERR() check cond is wrong because of the program only check the return value is < 0 which ignored the return val is 0. For example: 1. CMS_final() return 1 for success or 0 for failure. 2. i2d_CMS_bio_stream() returns 1 for success or 0 for failure. 3. i2d_TYPEbio() return 1 for success and 0 for failure. 4. BIO_free() return 1 for success and 0 for failure. Link: https://www.openssl.org/docs/manmaster/man3/ Fixes: e5a2e3c84782 ("scripts/sign-file.c: Add support for signing with a raw signature") Signed-off-by: Yusong Gao <a869920004@gmail.com> Reviewed-by: Juerg Haefliger <juerg.haefliger@canonical.com> Signed-off-by: David Howells <dhowells@redhat.com> Link: https://lore.kernel.org/r/20231213024405.624692-1-a869920004@gmail.com/ # v5 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2022-08-03T20:56:20+00:00 Tianjia Zhang tianjia.zhang@linux.alibaba.com 2022-06-27T09:21:07+00:00 urn:sha1:1a83950270684f860b15430394ea8df540d71353 When an error occurs, use errx() instead of err() to display the error message, because openssl has its own error record. When an error occurs, errno will not be changed, while err() displays the errno error message. It will cause confusion. For example, when CMS_add1_signer() fails, the following message will appear: sign-file: CMS_add1_signer: Success errx() ignores errno and does not cause such issue. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2022-06-08T20:18:39+00:00 Linus Torvalds torvalds@linux-foundation.org 2022-06-08T20:18:39+00:00 urn:sha1:6bfb56e93bcef41859c2d5ab234ffd80b691be35 OpenSSL 3.0 deprecated the OpenSSL's ENGINE API. That is as may be, but the kernel build host tools still use it. Disable the warning about deprecated declarations until somebody who cares fixes it. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2017-02-10T01:43:47+00:00 Felix Fietkau nbd@nbd.name 2017-02-09T17:17:45+00:00 urn:sha1:f86880175d0db2e3f2e27c24881dd9b395b0b920 The sign-file tool failed to build against libressl. Fix this by extending the PKCS7 check and thus making sign-file link against libressl without an error. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>