1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
From: Kel Modderman <kel@otaku42.de>
Date: Fri, 16 Nov 2018 16:50:45 +0100
Subject: [PATCH] Allow build without embedding pubkey data into crda/regdbdump
binaries
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
---
Makefile | 5 +++++
reglib.c | 6 ++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index b74d3b544bd9..9ce318484001 100644
--- a/Makefile
+++ b/Makefile
@@ -42,7 +42,12 @@ ifeq ($(USE_OPENSSL),1)
CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
LIBREGLIBS += `pkg-config --libs openssl`
+ifeq ($(RUNTIME_PUBKEY_ONLY),1)
+CFLAGS += -DRUNTIME_PUBKEY_ONLY
+else
+CFLAGS += -DHAVE_KEYS_SSL
$(LIBREG): keys-ssl.c
+endif
else
CFLAGS += -DUSE_GCRYPT
diff --git a/reglib.c b/reglib.c
index e00e9b8d4b44..87691022f9e7 100644
--- a/reglib.c
+++ b/reglib.c
@@ -30,7 +30,7 @@
#include "reglib.h"
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) && defined(HAVE_KEYS_SSL)
#include "keys-ssl.c"
#endif
@@ -83,7 +83,6 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
{
RSA *rsa;
uint8_t hash[SHA_DIGEST_LENGTH];
- unsigned int i;
int ok = 0;
DIR *pubkey_dir;
struct dirent *nextfile;
@@ -95,6 +94,8 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
goto out;
}
+#ifdef HAVE_KEYS_SSL
+ unsigned int i;
for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
rsa = RSA_new();
if (!rsa) {
@@ -112,6 +113,7 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
rsa->n = NULL;
RSA_free(rsa);
}
+#endif
if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
while (!ok && (nextfile = readdir(pubkey_dir))) {
snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR,
|