Module signing broken after SYSTEM_DATA_VERIFICATION commit?

From: Valdis Kletnieks
Date: Thu Aug 27 2015 - 22:39:17 EST

I build kernels with MODULE_SIG=y, MODULE_SIG_FORCE=n (for build and run
coverage, but it shouldn't dork my system if it breaks). next-20150810
works just fine, but next-20150826 breaks modprobe - all calls to it
drop this in the dmesg:

[ 31.829322] PKCS7: Unknown OID: [32] 2.16.840.
[ 31.829328] PKCS7: Unknown OID: [180] 2.16.840.
[ 31.829330] Unsupported digest algo: 55

and the modprobe fails.

This looks like the most suspicious commit in the area:

commit 091f6e26eb326adbd718f406e440c838bed8ebb6
Author: David Howells <dhowells@xxxxxxxxxx>
Date: Mon Jul 20 21:16:28 2015 +0100

MODSIGN: Extract the blob PKCS#7 signature verifier from module signing

though it could be something else equally recent. Is this ringing any
bells, or should I go bisect it?

Attachment: pgpsmB7vV_MPn.pgp
Description: PGP signature