diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2018-11-16 17:42:10 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2018-11-17 19:00:12 +0100 |
commit | 19475258209dd537a9f123ab935c41fa7747c54f (patch) | |
tree | 1f7801ee7d48a71a3a21420d0318fb174fa74627 /patches | |
parent | 98ea4609fd2baad35f6a6984713451c6818a5ddf (diff) | |
download | ptxdist-19475258209dd537a9f123ab935c41fa7747c54f.tar.gz ptxdist-19475258209dd537a9f123ab935c41fa7747c54f.tar.xz |
crda: don't use builtin keys
This is one step torwards updating OpenSSL to version 1.1.x: The data
structures needed for builtin keys are no longer accessable in that
version.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'patches')
-rw-r--r-- | patches/crda-3.18/0001-fix-linking-libreg.patch (renamed from patches/crda-3.18/0005-fix-linking-libreg.patch) | 2 | ||||
-rw-r--r-- | patches/crda-3.18/0001-key2pub-Fix-ssl-keys.c-generation.patch | 34 | ||||
-rw-r--r-- | patches/crda-3.18/0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch | 23 | ||||
-rw-r--r-- | patches/crda-3.18/0002-Pregenerate-keys-ssl.c.patch | 168 | ||||
-rw-r--r-- | patches/crda-3.18/0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch | 66 | ||||
-rw-r--r-- | patches/crda-3.18/0004-Makefile-Fix-libreg-build.patch | 44 | ||||
-rw-r--r-- | patches/crda-3.18/0004-udev-Fix-rule-for-initial-setup.patch (renamed from patches/crda-3.18/0003-udev-Fix-rule-for-initial-setup.patch) | 0 | ||||
-rw-r--r-- | patches/crda-3.18/series | 11 |
8 files changed, 95 insertions, 253 deletions
diff --git a/patches/crda-3.18/0005-fix-linking-libreg.patch b/patches/crda-3.18/0001-fix-linking-libreg.patch index c98c35f6b..8eae90bd3 100644 --- a/patches/crda-3.18/0005-fix-linking-libreg.patch +++ b/patches/crda-3.18/0001-fix-linking-libreg.patch @@ -9,7 +9,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile -index 60a3182474e6..0bfded68a6c8 100644 +index a3ead30371c9..2f485724c3be 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ CFLAGS += -std=gnu99 -Wall -Werror -pedantic diff --git a/patches/crda-3.18/0001-key2pub-Fix-ssl-keys.c-generation.patch b/patches/crda-3.18/0001-key2pub-Fix-ssl-keys.c-generation.patch deleted file mode 100644 index e3fe28c75..000000000 --- a/patches/crda-3.18/0001-key2pub-Fix-ssl-keys.c-generation.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Markus Pargmann <mpa@pengutronix.de> -Date: Thu, 17 Apr 2014 14:40:49 +0200 -Subject: [PATCH] key2pub: Fix ssl-keys.c generation - -This patch fixes the generated ssl-keys.c file. Without these fixes, -crda does not compile with ssl. - -Signed-off-by: Markus Pargmann <mpa@pengutronix.de> ---- - utils/key2pub.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/utils/key2pub.py b/utils/key2pub.py -index 3e84cd2a934d..7de45f7b9603 100755 ---- a/utils/key2pub.py -+++ b/utils/key2pub.py -@@ -59,7 +59,7 @@ def print_ssl_32(output, name, val): - - def print_ssl(output, name, val): - import struct -- output.write('#include <stdint.h>\n') -+ output.write('#include <stdint.h>\n#include <openssl/bn.h>\n') - if len(struct.pack('@L', 0)) == 8: - return print_ssl_64(output, name, val) - else: -@@ -78,7 +78,7 @@ struct pubkey { - - #define KEYS(e,n) { KEY(e), KEY(n), } - --static struct pubkey keys[] = { -+__attribute__((unused)) static struct pubkey keys[] = { - ''') - for n in xrange(n + 1): - output.write(' KEYS(e_%d, n_%d),\n' % (n, n)) diff --git a/patches/crda-3.18/0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch b/patches/crda-3.18/0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch new file mode 100644 index 000000000..fac346892 --- /dev/null +++ b/patches/crda-3.18/0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch @@ -0,0 +1,23 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Sat, 23 Aug 2014 11:13:44 -0700 +Subject: [PATCH] Do not run ldconfig if DESTDIR is set + +Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> +--- + Makefile | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Makefile b/Makefile +index 2f485724c3be..b74d3b544bd9 100644 +--- a/Makefile ++++ b/Makefile +@@ -127,7 +127,9 @@ install-libreg: + $(NQ) ' INSTALL libreg' + $(Q)mkdir -p $(DESTDIR)/$(LIBDIR) + $(Q)cp $(LIBREG) $(DESTDIR)/$(LIBDIR)/ ++ifndef DESTDIR + $(Q)ldconfig ++endif + + %.o: %.c regdb.h $(LIBREG) + $(NQ) ' CC ' $@ diff --git a/patches/crda-3.18/0002-Pregenerate-keys-ssl.c.patch b/patches/crda-3.18/0002-Pregenerate-keys-ssl.c.patch deleted file mode 100644 index eba0f335e..000000000 --- a/patches/crda-3.18/0002-Pregenerate-keys-ssl.c.patch +++ /dev/null @@ -1,168 +0,0 @@ -From: Jan Luebbe <jlu@pengutronix.de> -Date: Thu, 26 Jan 2012 15:33:36 +0100 -Subject: [PATCH] Pregenerate keys-ssl.c - -Note: The content is different for 32 and 64 bit systems so we need two -versions. - -Signed-off-by: Markus Pargmann <mpa@pengutronix.de> -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - keys-ssl.c.32 | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - keys-ssl.c.64 | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 140 insertions(+) - create mode 100644 keys-ssl.c.32 - create mode 100644 keys-ssl.c.64 - -diff --git a/keys-ssl.c.32 b/keys-ssl.c.32 -new file mode 100644 -index 000000000000..024afeb20577 ---- /dev/null -+++ b/keys-ssl.c.32 -@@ -0,0 +1,70 @@ -+#include <stdint.h> -+#include <openssl/bn.h> -+static BN_ULONG e_0[1] = { -+ 0x00010001, -+}; -+ -+#include <stdint.h> -+#include <openssl/bn.h> -+static BN_ULONG n_0[64] = { -+ 0x16a0d8e1, 0x63a27054, 0xc8ba757b, 0xdc9fca11, -+ 0xcbcb35e3, 0xb9c06510, 0xba941433, 0x39e3dfeb, -+ 0x6c1fce9d, 0x7bbae38a, 0xfefabba7, 0x205a5a73, -+ 0x97839a2e, 0x53ea3e5a, 0x61dc0170, 0xfec8f5b6, -+ 0xd29a1004, 0xefe311d8, 0xa5156bb8, 0x8c6a92d0, -+ 0x7a6eb5cc, 0x9067cc76, 0x0bd5b1ff, 0xd103580b, -+ 0x8f3a2daf, 0x4a563e84, 0x46b0943e, 0xacd7cadb, -+ 0xebd1e198, 0x5fabb688, 0x5916f173, 0x7e70c1d3, -+ 0x5d6ca84e, 0xaaa8acc8, 0xe20fd4dc, 0x1685c157, -+ 0xad933f64, 0xf9e9c9c7, 0xc5f59824, 0xbe6272ed, -+ 0x53447bd1, 0x585d9a7d, 0x5b3bc30d, 0x011a5b3f, -+ 0xffbbf0e9, 0xf312b966, 0x482c131b, 0x2203fb37, -+ 0x0dc38eab, 0x3e7c157d, 0xb39fcc8d, 0xb04de1d6, -+ 0x07fc0d84, 0x4d9f0137, 0xe13b5ac5, 0xb075a241, -+ 0x8e56e153, 0x0a9a9d48, 0xf97054eb, 0xf2cff393, -+ 0x376024f2, 0x2a2ead68, 0x88d35dce, 0xd6579971, -+}; -+ -+#include <stdint.h> -+#include <openssl/bn.h> -+static BN_ULONG e_1[1] = { -+ 0x00010001, -+}; -+ -+#include <stdint.h> -+#include <openssl/bn.h> -+static BN_ULONG n_1[64] = { -+ 0xc4ff951d, 0xa066f4da, 0xd5e1c45f, 0xe6e0d246, -+ 0x84e3c7a1, 0xe7fb4616, 0xf6e26899, 0x11151b7a, -+ 0xc5ee7852, 0x6c3f93fb, 0xd0d8dec8, 0x96790b2b, -+ 0xa129207c, 0xb1722bf4, 0x044137b1, 0x3673e797, -+ 0x2912661e, 0x18327707, 0x9a5ed820, 0xd37e005c, -+ 0x7568a1ea, 0x655b7f25, 0xa29c63c6, 0xe731f136, -+ 0xeeecac1e, 0x3036d253, 0xa5cb80c7, 0x85ef7a7f, -+ 0x45ebba27, 0x2ad91b73, 0xccd3df7d, 0x715756f6, -+ 0x36fa6823, 0x28900fac, 0x469b935f, 0xf1026fe9, -+ 0x21f0531f, 0x98b8d156, 0xb22dea88, 0x180b2895, -+ 0xa9fd602d, 0x8ad9fe76, 0x19da1044, 0x510cd145, -+ 0x1184fbca, 0x0b09f968, 0x1cfd24d5, 0x578b9616, -+ 0x146b61c4, 0x3b1b0817, 0x323d718b, 0x205bd497, -+ 0x1eb31270, 0x2d7e66f4, 0x52c2032a, 0x389f7c6a, -+ 0x3fd9d759, 0x7c68dd6f, 0x71257e90, 0xac7ea583, -+ 0x2c413815, 0xf239d766, 0x28843903, 0xb540e39c, -+}; -+ -+ -+struct pubkey { -+ struct bignum_st e, n; -+}; -+ -+#define KEY(data) { \ -+ .d = data, \ -+ .top = sizeof(data)/sizeof(data[0]), \ -+} -+ -+#define KEYS(e,n) { KEY(e), KEY(n), } -+ -+__attribute__((unused)) static struct pubkey keys[] = { -+ KEYS(e_0, n_0), -+ KEYS(e_1, n_1), -+}; -diff --git a/keys-ssl.c.64 b/keys-ssl.c.64 -new file mode 100644 -index 000000000000..15110e56058d ---- /dev/null -+++ b/keys-ssl.c.64 -@@ -0,0 +1,70 @@ -+#include <stdint.h> -+#include <openssl/bn.h> -+static BN_ULONG e_0[1] = { -+ 0x0000000000010001, -+}; -+ -+#include <stdint.h> -+#include <openssl/bn.h> -+static BN_ULONG n_0[32] = { -+ 0x63a2705416a0d8e1, 0xdc9fca11c8ba757b, -+ 0xb9c06510cbcb35e3, 0x39e3dfebba941433, -+ 0x7bbae38a6c1fce9d, 0x205a5a73fefabba7, -+ 0x53ea3e5a97839a2e, 0xfec8f5b661dc0170, -+ 0xefe311d8d29a1004, 0x8c6a92d0a5156bb8, -+ 0x9067cc767a6eb5cc, 0xd103580b0bd5b1ff, -+ 0x4a563e848f3a2daf, 0xacd7cadb46b0943e, -+ 0x5fabb688ebd1e198, 0x7e70c1d35916f173, -+ 0xaaa8acc85d6ca84e, 0x1685c157e20fd4dc, -+ 0xf9e9c9c7ad933f64, 0xbe6272edc5f59824, -+ 0x585d9a7d53447bd1, 0x011a5b3f5b3bc30d, -+ 0xf312b966ffbbf0e9, 0x2203fb37482c131b, -+ 0x3e7c157d0dc38eab, 0xb04de1d6b39fcc8d, -+ 0x4d9f013707fc0d84, 0xb075a241e13b5ac5, -+ 0x0a9a9d488e56e153, 0xf2cff393f97054eb, -+ 0x2a2ead68376024f2, 0xd657997188d35dce, -+}; -+ -+#include <stdint.h> -+#include <openssl/bn.h> -+static BN_ULONG e_1[1] = { -+ 0x0000000000010001, -+}; -+ -+#include <stdint.h> -+#include <openssl/bn.h> -+static BN_ULONG n_1[32] = { -+ 0xa066f4dac4ff951d, 0xe6e0d246d5e1c45f, -+ 0xe7fb461684e3c7a1, 0x11151b7af6e26899, -+ 0x6c3f93fbc5ee7852, 0x96790b2bd0d8dec8, -+ 0xb1722bf4a129207c, 0x3673e797044137b1, -+ 0x183277072912661e, 0xd37e005c9a5ed820, -+ 0x655b7f257568a1ea, 0xe731f136a29c63c6, -+ 0x3036d253eeecac1e, 0x85ef7a7fa5cb80c7, -+ 0x2ad91b7345ebba27, 0x715756f6ccd3df7d, -+ 0x28900fac36fa6823, 0xf1026fe9469b935f, -+ 0x98b8d15621f0531f, 0x180b2895b22dea88, -+ 0x8ad9fe76a9fd602d, 0x510cd14519da1044, -+ 0x0b09f9681184fbca, 0x578b96161cfd24d5, -+ 0x3b1b0817146b61c4, 0x205bd497323d718b, -+ 0x2d7e66f41eb31270, 0x389f7c6a52c2032a, -+ 0x7c68dd6f3fd9d759, 0xac7ea58371257e90, -+ 0xf239d7662c413815, 0xb540e39c28843903, -+}; -+ -+ -+struct pubkey { -+ struct bignum_st e, n; -+}; -+ -+#define KEY(data) { \ -+ .d = data, \ -+ .top = sizeof(data)/sizeof(data[0]), \ -+} -+ -+#define KEYS(e,n) { KEY(e), KEY(n), } -+ -+__attribute__((unused)) static struct pubkey keys[] = { -+ KEYS(e_0, n_0), -+ KEYS(e_1, n_1), -+}; diff --git a/patches/crda-3.18/0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch b/patches/crda-3.18/0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch new file mode 100644 index 000000000..5a55618e6 --- /dev/null +++ b/patches/crda-3.18/0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch @@ -0,0 +1,66 @@ +From: Kel Modderman <kel@otaku42.de> +Date: Fri, 16 Nov 2018 16:50:45 +0100 +Subject: [PATCH] Allow build without embedding pubkey data into crda/regdbdump + binaries + +Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> +--- + Makefile | 5 +++++ + reglib.c | 6 ++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index b74d3b544bd9..9ce318484001 100644 +--- a/Makefile ++++ b/Makefile +@@ -42,7 +42,12 @@ ifeq ($(USE_OPENSSL),1) + CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl` + LIBREGLIBS += `pkg-config --libs openssl` + ++ifeq ($(RUNTIME_PUBKEY_ONLY),1) ++CFLAGS += -DRUNTIME_PUBKEY_ONLY ++else ++CFLAGS += -DHAVE_KEYS_SSL + $(LIBREG): keys-ssl.c ++endif + + else + CFLAGS += -DUSE_GCRYPT +diff --git a/reglib.c b/reglib.c +index e00e9b8d4b44..87691022f9e7 100644 +--- a/reglib.c ++++ b/reglib.c +@@ -30,7 +30,7 @@ + + #include "reglib.h" + +-#ifdef USE_OPENSSL ++#if defined(USE_OPENSSL) && defined(HAVE_KEYS_SSL) + #include "keys-ssl.c" + #endif + +@@ -83,7 +83,6 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) + { + RSA *rsa; + uint8_t hash[SHA_DIGEST_LENGTH]; +- unsigned int i; + int ok = 0; + DIR *pubkey_dir; + struct dirent *nextfile; +@@ -95,6 +94,8 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) + goto out; + } + ++#ifdef HAVE_KEYS_SSL ++ unsigned int i; + for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) { + rsa = RSA_new(); + if (!rsa) { +@@ -112,6 +113,7 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) + rsa->n = NULL; + RSA_free(rsa); + } ++#endif + if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) { + while (!ok && (nextfile = readdir(pubkey_dir))) { + snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR, diff --git a/patches/crda-3.18/0004-Makefile-Fix-libreg-build.patch b/patches/crda-3.18/0004-Makefile-Fix-libreg-build.patch deleted file mode 100644 index bb0708365..000000000 --- a/patches/crda-3.18/0004-Makefile-Fix-libreg-build.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Markus Pargmann <mpa@pengutronix.de> -Date: Thu, 17 Apr 2014 15:34:35 +0200 -Subject: [PATCH] Makefile: Fix libreg build - -Signed-off-by: Markus Pargmann <mpa@pengutronix.de> ---- - Makefile | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/Makefile b/Makefile -index a3ead30371c9..60a3182474e6 100644 ---- a/Makefile -+++ b/Makefile -@@ -5,8 +5,8 @@ REG_GIT?=git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.g - - PREFIX ?= /usr/ - MANDIR ?= $(PREFIX)/share/man/ --INCLUDE_DIR ?= $(PREFIX)/include/reglib/ --LIBDIR ?= $(PREFIX)/lib -+INCLUDE_DIR ?= /include/reglib/ -+LIBDIR ?= /lib/ - - SBINDIR ?= /sbin/ - -@@ -120,14 +120,14 @@ $(LIBREG): regdb.h reglib.h reglib.c - - install-libreg-headers: - $(NQ) ' INSTALL libreg-headers' -- $(Q)mkdir -p $(DESTDIR)/$(INCLUDE_DIR) -- $(Q)cp *.h $(DESTDIR)/$(INCLUDE_DIR)/ -+ $(Q)$(MKDIR) $(DESTDIR)/$(INCLUDE_DIR) -+ $(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(INCLUDE_DIR) *.h - - install-libreg: - $(NQ) ' INSTALL libreg' -- $(Q)mkdir -p $(DESTDIR)/$(LIBDIR) -- $(Q)cp $(LIBREG) $(DESTDIR)/$(LIBDIR)/ -- $(Q)ldconfig -+ $(Q)$(MKDIR) $(LIBDIR) -+ $(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(LIBDIR) $(LIBREG) -+# $(Q)ldconfig - - %.o: %.c regdb.h $(LIBREG) - $(NQ) ' CC ' $@ diff --git a/patches/crda-3.18/0003-udev-Fix-rule-for-initial-setup.patch b/patches/crda-3.18/0004-udev-Fix-rule-for-initial-setup.patch index 551b84bf6..551b84bf6 100644 --- a/patches/crda-3.18/0003-udev-Fix-rule-for-initial-setup.patch +++ b/patches/crda-3.18/0004-udev-Fix-rule-for-initial-setup.patch diff --git a/patches/crda-3.18/series b/patches/crda-3.18/series index b9a852d35..fdaa19478 100644 --- a/patches/crda-3.18/series +++ b/patches/crda-3.18/series @@ -1,8 +1,7 @@ # generated by git-ptx-patches #tag:base --start-number 1 -0001-key2pub-Fix-ssl-keys.c-generation.patch -0002-Pregenerate-keys-ssl.c.patch -0003-udev-Fix-rule-for-initial-setup.patch -0004-Makefile-Fix-libreg-build.patch -0005-fix-linking-libreg.patch -# 9dcc6620d08511a73c701d4068e90869 - git-ptx-patches magic +0001-fix-linking-libreg.patch +0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch +0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch +0004-udev-Fix-rule-for-initial-setup.patch +# dd65795471004db85b4dbc56ca3ee99c - git-ptx-patches magic |