crda: don't use builtin keys

This is one step torwards updating OpenSSL to version 1.1.x: The data
structures needed for builtin keys are no longer accessable in that
version.

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

8 files changed, 95 insertions, 253 deletions

diff --git a/patches/crda-3.18/0005-fix-linking-libreg.patch b/patches/crda-3.18/0001-fix-linking-libreg.patch
index c98c35f6b..8eae90bd3 100644
--- a/patches/crda-3.18/0005-fix-linking-libreg.patch
+++ b/patches/crda-3.18/0001-fix-linking-libreg.patch
@@ -9,7 +9,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 60a3182474e6..0bfded68a6c8 100644
+index a3ead30371c9..2f485724c3be 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -30,7 +30,7 @@ CFLAGS += -std=gnu99 -Wall -Werror -pedantic
diff --git a/patches/crda-3.18/0001-key2pub-Fix-ssl-keys.c-generation.patch b/patches/crda-3.18/0001-key2pub-Fix-ssl-keys.c-generation.patch
deleted file mode 100644
index e3fe28c75..000000000
--- a/patches/crda-3.18/0001-key2pub-Fix-ssl-keys.c-generation.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Markus Pargmann <mpa@pengutronix.de>
-Date: Thu, 17 Apr 2014 14:40:49 +0200
-Subject: [PATCH] key2pub: Fix ssl-keys.c generation
-
-This patch fixes the generated ssl-keys.c file. Without these fixes,
-crda does not compile with ssl.
-
-Signed-off-by: Markus Pargmann <mpa@pengutronix.de>
----
- utils/key2pub.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/utils/key2pub.py b/utils/key2pub.py
-index 3e84cd2a934d..7de45f7b9603 100755
---- a/utils/key2pub.py
-+++ b/utils/key2pub.py
-@@ -59,7 +59,7 @@ def print_ssl_32(output, name, val):
- 
- def print_ssl(output, name, val):
-     import struct
--    output.write('#include <stdint.h>\n')
-+    output.write('#include <stdint.h>\n#include <openssl/bn.h>\n')
-     if len(struct.pack('@L', 0)) == 8:
-         return print_ssl_64(output, name, val)
-     else:
-@@ -78,7 +78,7 @@ struct pubkey {
- 
- #define KEYS(e,n)	{ KEY(e), KEY(n), }
- 
--static struct pubkey keys[] = {
-+__attribute__((unused)) static struct pubkey keys[] = {
- ''')
-     for n in xrange(n + 1):
-         output.write('	KEYS(e_%d, n_%d),\n' % (n, n))
diff --git a/patches/crda-3.18/0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch b/patches/crda-3.18/0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch
new file mode 100644
index 000000000..fac346892
--- /dev/null
+++ b/patches/crda-3.18/0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch
@@ -0,0 +1,23 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Sat, 23 Aug 2014 11:13:44 -0700
+Subject: [PATCH] Do not run ldconfig if DESTDIR is set
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ Makefile | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index 2f485724c3be..b74d3b544bd9 100644
+--- a/Makefile
++++ b/Makefile
+@@ -127,7 +127,9 @@ install-libreg:
+ 	$(NQ) '  INSTALL  libreg'
+ 	$(Q)mkdir -p $(DESTDIR)/$(LIBDIR)
+ 	$(Q)cp $(LIBREG) $(DESTDIR)/$(LIBDIR)/
++ifndef DESTDIR
+ 	$(Q)ldconfig
++endif
+ 
+ %.o: %.c regdb.h $(LIBREG)
+ 	$(NQ) '  CC  ' $@
diff --git a/patches/crda-3.18/0002-Pregenerate-keys-ssl.c.patch b/patches/crda-3.18/0002-Pregenerate-keys-ssl.c.patch
deleted file mode 100644
index eba0f335e..000000000
--- a/patches/crda-3.18/0002-Pregenerate-keys-ssl.c.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From: Jan Luebbe <jlu@pengutronix.de>
-Date: Thu, 26 Jan 2012 15:33:36 +0100
-Subject: [PATCH] Pregenerate keys-ssl.c
-
-Note: The content is different for 32 and 64 bit systems so we need two
-versions.
-
-Signed-off-by: Markus Pargmann <mpa@pengutronix.de>
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- keys-ssl.c.32 | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- keys-ssl.c.64 | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 140 insertions(+)
- create mode 100644 keys-ssl.c.32
- create mode 100644 keys-ssl.c.64
-
-diff --git a/keys-ssl.c.32 b/keys-ssl.c.32
-new file mode 100644
-index 000000000000..024afeb20577
---- /dev/null
-+++ b/keys-ssl.c.32
-@@ -0,0 +1,70 @@
-+#include <stdint.h>
-+#include <openssl/bn.h>
-+static BN_ULONG e_0[1] = {
-+	0x00010001, 
-+};
-+
-+#include <stdint.h>
-+#include <openssl/bn.h>
-+static BN_ULONG n_0[64] = {
-+	0x16a0d8e1, 0x63a27054, 0xc8ba757b, 0xdc9fca11, 
-+	0xcbcb35e3, 0xb9c06510, 0xba941433, 0x39e3dfeb, 
-+	0x6c1fce9d, 0x7bbae38a, 0xfefabba7, 0x205a5a73, 
-+	0x97839a2e, 0x53ea3e5a, 0x61dc0170, 0xfec8f5b6, 
-+	0xd29a1004, 0xefe311d8, 0xa5156bb8, 0x8c6a92d0, 
-+	0x7a6eb5cc, 0x9067cc76, 0x0bd5b1ff, 0xd103580b, 
-+	0x8f3a2daf, 0x4a563e84, 0x46b0943e, 0xacd7cadb, 
-+	0xebd1e198, 0x5fabb688, 0x5916f173, 0x7e70c1d3, 
-+	0x5d6ca84e, 0xaaa8acc8, 0xe20fd4dc, 0x1685c157, 
-+	0xad933f64, 0xf9e9c9c7, 0xc5f59824, 0xbe6272ed, 
-+	0x53447bd1, 0x585d9a7d, 0x5b3bc30d, 0x011a5b3f, 
-+	0xffbbf0e9, 0xf312b966, 0x482c131b, 0x2203fb37, 
-+	0x0dc38eab, 0x3e7c157d, 0xb39fcc8d, 0xb04de1d6, 
-+	0x07fc0d84, 0x4d9f0137, 0xe13b5ac5, 0xb075a241, 
-+	0x8e56e153, 0x0a9a9d48, 0xf97054eb, 0xf2cff393, 
-+	0x376024f2, 0x2a2ead68, 0x88d35dce, 0xd6579971, 
-+};
-+
-+#include <stdint.h>
-+#include <openssl/bn.h>
-+static BN_ULONG e_1[1] = {
-+	0x00010001, 
-+};
-+
-+#include <stdint.h>
-+#include <openssl/bn.h>
-+static BN_ULONG n_1[64] = {
-+	0xc4ff951d, 0xa066f4da, 0xd5e1c45f, 0xe6e0d246, 
-+	0x84e3c7a1, 0xe7fb4616, 0xf6e26899, 0x11151b7a, 
-+	0xc5ee7852, 0x6c3f93fb, 0xd0d8dec8, 0x96790b2b, 
-+	0xa129207c, 0xb1722bf4, 0x044137b1, 0x3673e797, 
-+	0x2912661e, 0x18327707, 0x9a5ed820, 0xd37e005c, 
-+	0x7568a1ea, 0x655b7f25, 0xa29c63c6, 0xe731f136, 
-+	0xeeecac1e, 0x3036d253, 0xa5cb80c7, 0x85ef7a7f, 
-+	0x45ebba27, 0x2ad91b73, 0xccd3df7d, 0x715756f6, 
-+	0x36fa6823, 0x28900fac, 0x469b935f, 0xf1026fe9, 
-+	0x21f0531f, 0x98b8d156, 0xb22dea88, 0x180b2895, 
-+	0xa9fd602d, 0x8ad9fe76, 0x19da1044, 0x510cd145, 
-+	0x1184fbca, 0x0b09f968, 0x1cfd24d5, 0x578b9616, 
-+	0x146b61c4, 0x3b1b0817, 0x323d718b, 0x205bd497, 
-+	0x1eb31270, 0x2d7e66f4, 0x52c2032a, 0x389f7c6a, 
-+	0x3fd9d759, 0x7c68dd6f, 0x71257e90, 0xac7ea583, 
-+	0x2c413815, 0xf239d766, 0x28843903, 0xb540e39c, 
-+};
-+
-+
-+struct pubkey {
-+	struct bignum_st e, n;
-+};
-+
-+#define KEY(data) {				\
-+	.d = data,				\
-+	.top = sizeof(data)/sizeof(data[0]),	\
-+}
-+
-+#define KEYS(e,n)	{ KEY(e), KEY(n), }
-+
-+__attribute__((unused)) static struct pubkey keys[] = {
-+	KEYS(e_0, n_0),
-+	KEYS(e_1, n_1),
-+};
-diff --git a/keys-ssl.c.64 b/keys-ssl.c.64
-new file mode 100644
-index 000000000000..15110e56058d
---- /dev/null
-+++ b/keys-ssl.c.64
-@@ -0,0 +1,70 @@
-+#include <stdint.h>
-+#include <openssl/bn.h>
-+static BN_ULONG e_0[1] = {
-+	0x0000000000010001, 
-+};
-+
-+#include <stdint.h>
-+#include <openssl/bn.h>
-+static BN_ULONG n_0[32] = {
-+	0x63a2705416a0d8e1, 0xdc9fca11c8ba757b, 
-+	0xb9c06510cbcb35e3, 0x39e3dfebba941433, 
-+	0x7bbae38a6c1fce9d, 0x205a5a73fefabba7, 
-+	0x53ea3e5a97839a2e, 0xfec8f5b661dc0170, 
-+	0xefe311d8d29a1004, 0x8c6a92d0a5156bb8, 
-+	0x9067cc767a6eb5cc, 0xd103580b0bd5b1ff, 
-+	0x4a563e848f3a2daf, 0xacd7cadb46b0943e, 
-+	0x5fabb688ebd1e198, 0x7e70c1d35916f173, 
-+	0xaaa8acc85d6ca84e, 0x1685c157e20fd4dc, 
-+	0xf9e9c9c7ad933f64, 0xbe6272edc5f59824, 
-+	0x585d9a7d53447bd1, 0x011a5b3f5b3bc30d, 
-+	0xf312b966ffbbf0e9, 0x2203fb37482c131b, 
-+	0x3e7c157d0dc38eab, 0xb04de1d6b39fcc8d, 
-+	0x4d9f013707fc0d84, 0xb075a241e13b5ac5, 
-+	0x0a9a9d488e56e153, 0xf2cff393f97054eb, 
-+	0x2a2ead68376024f2, 0xd657997188d35dce, 
-+};
-+
-+#include <stdint.h>
-+#include <openssl/bn.h>
-+static BN_ULONG e_1[1] = {
-+	0x0000000000010001, 
-+};
-+
-+#include <stdint.h>
-+#include <openssl/bn.h>
-+static BN_ULONG n_1[32] = {
-+	0xa066f4dac4ff951d, 0xe6e0d246d5e1c45f, 
-+	0xe7fb461684e3c7a1, 0x11151b7af6e26899, 
-+	0x6c3f93fbc5ee7852, 0x96790b2bd0d8dec8, 
-+	0xb1722bf4a129207c, 0x3673e797044137b1, 
-+	0x183277072912661e, 0xd37e005c9a5ed820, 
-+	0x655b7f257568a1ea, 0xe731f136a29c63c6, 
-+	0x3036d253eeecac1e, 0x85ef7a7fa5cb80c7, 
-+	0x2ad91b7345ebba27, 0x715756f6ccd3df7d, 
-+	0x28900fac36fa6823, 0xf1026fe9469b935f, 
-+	0x98b8d15621f0531f, 0x180b2895b22dea88, 
-+	0x8ad9fe76a9fd602d, 0x510cd14519da1044, 
-+	0x0b09f9681184fbca, 0x578b96161cfd24d5, 
-+	0x3b1b0817146b61c4, 0x205bd497323d718b, 
-+	0x2d7e66f41eb31270, 0x389f7c6a52c2032a, 
-+	0x7c68dd6f3fd9d759, 0xac7ea58371257e90, 
-+	0xf239d7662c413815, 0xb540e39c28843903, 
-+};
-+
-+
-+struct pubkey {
-+	struct bignum_st e, n;
-+};
-+
-+#define KEY(data) {				\
-+	.d = data,				\
-+	.top = sizeof(data)/sizeof(data[0]),	\
-+}
-+
-+#define KEYS(e,n)	{ KEY(e), KEY(n), }
-+
-+__attribute__((unused)) static struct pubkey keys[] = {
-+	KEYS(e_0, n_0),
-+	KEYS(e_1, n_1),
-+};
diff --git a/patches/crda-3.18/0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch b/patches/crda-3.18/0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch
new file mode 100644
index 000000000..5a55618e6
--- /dev/null
+++ b/patches/crda-3.18/0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch
@@ -0,0 +1,66 @@
+From: Kel Modderman <kel@otaku42.de>
+Date: Fri, 16 Nov 2018 16:50:45 +0100
+Subject: [PATCH] Allow build without embedding pubkey data into crda/regdbdump
+ binaries
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ Makefile | 5 +++++
+ reglib.c | 6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index b74d3b544bd9..9ce318484001 100644
+--- a/Makefile
++++ b/Makefile
+@@ -42,7 +42,12 @@ ifeq ($(USE_OPENSSL),1)
+ CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
+ LIBREGLIBS += `pkg-config --libs openssl`
+ 
++ifeq ($(RUNTIME_PUBKEY_ONLY),1)
++CFLAGS += -DRUNTIME_PUBKEY_ONLY
++else
++CFLAGS += -DHAVE_KEYS_SSL
+ $(LIBREG): keys-ssl.c
++endif
+ 
+ else
+ CFLAGS += -DUSE_GCRYPT
+diff --git a/reglib.c b/reglib.c
+index e00e9b8d4b44..87691022f9e7 100644
+--- a/reglib.c
++++ b/reglib.c
+@@ -30,7 +30,7 @@
+ 
+ #include "reglib.h"
+ 
+-#ifdef USE_OPENSSL
++#if defined(USE_OPENSSL) && defined(HAVE_KEYS_SSL)
+ #include "keys-ssl.c"
+ #endif
+ 
+@@ -83,7 +83,6 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
+ {
+ 	RSA *rsa;
+ 	uint8_t hash[SHA_DIGEST_LENGTH];
+-	unsigned int i;
+ 	int ok = 0;
+ 	DIR *pubkey_dir;
+ 	struct dirent *nextfile;
+@@ -95,6 +94,8 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
+ 		goto out;
+ 	}
+ 
++#ifdef HAVE_KEYS_SSL
++	unsigned int i;
+ 	for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
+ 		rsa = RSA_new();
+ 		if (!rsa) {
+@@ -112,6 +113,7 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
+ 		rsa->n = NULL;
+ 		RSA_free(rsa);
+ 	}
++#endif
+ 	if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
+ 		while (!ok && (nextfile = readdir(pubkey_dir))) {
+ 			snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR,
diff --git a/patches/crda-3.18/0004-Makefile-Fix-libreg-build.patch b/patches/crda-3.18/0004-Makefile-Fix-libreg-build.patch
deleted file mode 100644
index bb0708365..000000000
--- a/patches/crda-3.18/0004-Makefile-Fix-libreg-build.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Markus Pargmann <mpa@pengutronix.de>
-Date: Thu, 17 Apr 2014 15:34:35 +0200
-Subject: [PATCH] Makefile: Fix libreg build
-
-Signed-off-by: Markus Pargmann <mpa@pengutronix.de>
----
- Makefile | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index a3ead30371c9..60a3182474e6 100644
---- a/Makefile
-+++ b/Makefile
-@@ -5,8 +5,8 @@ REG_GIT?=git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.g
- 
- PREFIX ?= /usr/
- MANDIR ?= $(PREFIX)/share/man/
--INCLUDE_DIR ?= $(PREFIX)/include/reglib/
--LIBDIR ?= $(PREFIX)/lib
-+INCLUDE_DIR ?= /include/reglib/
-+LIBDIR ?= /lib/
- 
- SBINDIR ?= /sbin/
- 
-@@ -120,14 +120,14 @@ $(LIBREG): regdb.h reglib.h reglib.c
- 
- install-libreg-headers:
- 	$(NQ) '  INSTALL  libreg-headers'
--	$(Q)mkdir -p $(DESTDIR)/$(INCLUDE_DIR)
--	$(Q)cp *.h $(DESTDIR)/$(INCLUDE_DIR)/
-+	$(Q)$(MKDIR) $(DESTDIR)/$(INCLUDE_DIR)
-+	$(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(INCLUDE_DIR) *.h
- 
- install-libreg:
- 	$(NQ) '  INSTALL  libreg'
--	$(Q)mkdir -p $(DESTDIR)/$(LIBDIR)
--	$(Q)cp $(LIBREG) $(DESTDIR)/$(LIBDIR)/
--	$(Q)ldconfig
-+	$(Q)$(MKDIR) $(LIBDIR)
-+	$(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(LIBDIR) $(LIBREG)
-+#	$(Q)ldconfig
- 
- %.o: %.c regdb.h $(LIBREG)
- 	$(NQ) '  CC  ' $@
diff --git a/patches/crda-3.18/0003-udev-Fix-rule-for-initial-setup.patch b/patches/crda-3.18/0004-udev-Fix-rule-for-initial-setup.patch
index 551b84bf6..551b84bf6 100644
--- a/patches/crda-3.18/0003-udev-Fix-rule-for-initial-setup.patch
+++ b/patches/crda-3.18/0004-udev-Fix-rule-for-initial-setup.patch
diff --git a/patches/crda-3.18/series b/patches/crda-3.18/series
index b9a852d35..fdaa19478 100644
--- a/patches/crda-3.18/series
+++ b/patches/crda-3.18/series
@@ -1,8 +1,7 @@
 # generated by git-ptx-patches
 #tag:base --start-number 1
-0001-key2pub-Fix-ssl-keys.c-generation.patch
-0002-Pregenerate-keys-ssl.c.patch
-0003-udev-Fix-rule-for-initial-setup.patch
-0004-Makefile-Fix-libreg-build.patch
-0005-fix-linking-libreg.patch
-# 9dcc6620d08511a73c701d4068e90869  - git-ptx-patches magic
+0001-fix-linking-libreg.patch
+0002-Do-not-run-ldconfig-if-DESTDIR-is-set.patch
+0003-Allow-build-without-embedding-pubkey-data-into-crda-.patch
+0004-udev-Fix-rule-for-initial-setup.patch
+# dd65795471004db85b4dbc56ca3ee99c  - git-ptx-patches magic