ich777/linux_media
1
0
Fork 0
mirror of https://github.com/tbsdtv/linux_media.git synced 2025-07-23 12:43:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

wifi: cfg80211: Deduplicate certificate loading

Browse Source 
load_keys_from_buffer() in net/wireless/reg.c duplicates
x509_load_certificate_list() in crypto/asymmetric_keys/x509_loader.c
for no apparent reason.

Deduplicate it.  No functional change intended.

Signed-off-by: Lukas Wunner <lukas@wunner.de>
Acked-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/e7280be84acda02634bc7cb52c97656182b9c700.1673197326.git.lukas@wunner.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Lukas Wunner
2023-01-08 18:08:08 +01:00
committed by Johannes Berg
parent e2192de59e
commit 3609ff6401
2 changed files with 9 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/asymmetric_keys/x509_loader.c
View File

@@ -55,3 +55,4 @@ dodgy_cert:
pr_err("Problem parsing in-kernel X.509 certificate list\n"); pr_err("Problem parsing in-kernel X.509 certificate list\n");
return 0; return 0;
} }
EXPORT_SYMBOL_GPL(x509_load_certificate_list);

54
net/wireless/reg.c
View File

@@ -737,52 +737,10 @@ static bool valid_country(const u8 *data, unsigned int size,
} }
#ifdef CONFIG_CFG80211_REQUIRE_SIGNED_REGDB #ifdef CONFIG_CFG80211_REQUIRE_SIGNED_REGDB
#include <keys/asymmetric-type.h>
static struct key *builtin_regdb_keys; static struct key *builtin_regdb_keys;
static void __init load_keys_from_buffer(const u8 *p, unsigned int buflen)
{
const u8 *end = p + buflen;
size_t plen;
key_ref_t key;
while (p < end) {
/* Each cert begins with an ASN.1 SEQUENCE tag and must be more
* than 256 bytes in size.
*/
if (end - p < 4)
goto dodgy_cert;
if (p[0] != 0x30 &&
p[1] != 0x82)
goto dodgy_cert;
plen = (p[2] << 8) | p[3];
plen += 4;
if (plen > end - p)
goto dodgy_cert;
key = key_create_or_update(make_key_ref(builtin_regdb_keys, 1),
"asymmetric", NULL, p, plen,
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ),
KEY_ALLOC_NOT_IN_QUOTA |
KEY_ALLOC_BUILT_IN |
KEY_ALLOC_BYPASS_RESTRICTION);
if (IS_ERR(key)) {
pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
PTR_ERR(key));
} else {
pr_notice("Loaded X.509 cert '%s'\n",
key_ref_to_ptr(key)->description);
key_ref_put(key);
}
p += plen;
}
return;
dodgy_cert:
pr_err("Problem parsing in-kernel X.509 certificate list\n");
}
static int __init load_builtin_regdb_keys(void) static int __init load_builtin_regdb_keys(void)
{ {
builtin_regdb_keys = builtin_regdb_keys =
@@ -797,11 +755,15 @@ static int __init load_builtin_regdb_keys(void)
pr_notice("Loading compiled-in X.509 certificates for regulatory database\n"); pr_notice("Loading compiled-in X.509 certificates for regulatory database\n");
#ifdef CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS #ifdef CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS
load_keys_from_buffer(shipped_regdb_certs, shipped_regdb_certs_len); x509_load_certificate_list(shipped_regdb_certs,
shipped_regdb_certs_len,
builtin_regdb_keys);
#endif #endif
#ifdef CONFIG_CFG80211_EXTRA_REGDB_KEYDIR #ifdef CONFIG_CFG80211_EXTRA_REGDB_KEYDIR
if (CONFIG_CFG80211_EXTRA_REGDB_KEYDIR[0] != '\0') if (CONFIG_CFG80211_EXTRA_REGDB_KEYDIR[0] != '\0')
load_keys_from_buffer(extra_regdb_certs, extra_regdb_certs_len); x509_load_certificate_list(extra_regdb_certs,
extra_regdb_certs_len,
builtin_regdb_keys);
#endif #endif
return 0; return 0;