Commit 3609ff64 authored by Lukas Wunner's avatar Lukas Wunner Committed by Johannes Berg
Browse files

wifi: cfg80211: Deduplicate certificate loading 



load_keys_from_buffer() in net/wireless/reg.c duplicates
x509_load_certificate_list() in crypto/asymmetric_keys/x509_loader.c
for no apparent reason.

Deduplicate it.  No functional change intended.

Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
Acked-by: default avatarDavid Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/e7280be84acda02634bc7cb52c97656182b9c700.1673197326.git.lukas@wunner.de


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent e2192de5

crypto/asymmetric_keys/x509_loader.c

+1 −0
Original line number Diff line number Diff line
@@ -55,3 +55,4 @@ int x509_load_certificate_list(const u8 cert_list[], 
	pr_err("Problem parsing in-kernel X.509 certificate list\n");

	return 0;

}

EXPORT_SYMBOL_GPL(x509_load_certificate_list);

net/wireless/reg.c

+8 −46
Original line number Diff line number Diff line
@@ -737,51 +737,9 @@ static bool valid_country(const u8 *data, unsigned int size, 
}



#ifdef CONFIG_CFG80211_REQUIRE_SIGNED_REGDB

static struct key *builtin_regdb_keys;



static void __init load_keys_from_buffer(const u8 *p, unsigned int buflen)

{

	const u8 *end = p + buflen;

	size_t plen;

	key_ref_t key;

#include <keys/asymmetric-type.h>



	while (p < end) {

		/* Each cert begins with an ASN.1 SEQUENCE tag and must be more

		 * than 256 bytes in size.

		 */

		if (end - p < 4)

			goto dodgy_cert;

		if (p[0] != 0x30 &&

		    p[1] != 0x82)

			goto dodgy_cert;

		plen = (p[2] << 8) | p[3];

		plen += 4;

		if (plen > end - p)

			goto dodgy_cert;



		key = key_create_or_update(make_key_ref(builtin_regdb_keys, 1),

					   "asymmetric", NULL, p, plen,

					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |

					    KEY_USR_VIEW | KEY_USR_READ),

					   KEY_ALLOC_NOT_IN_QUOTA |

					   KEY_ALLOC_BUILT_IN |

					   KEY_ALLOC_BYPASS_RESTRICTION);

		if (IS_ERR(key)) {

			pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",

			       PTR_ERR(key));

		} else {

			pr_notice("Loaded X.509 cert '%s'\n",

				  key_ref_to_ptr(key)->description);

			key_ref_put(key);

		}

		p += plen;

	}



	return;



dodgy_cert:

	pr_err("Problem parsing in-kernel X.509 certificate list\n");

}

static struct key *builtin_regdb_keys;



static int __init load_builtin_regdb_keys(void)

{
@@ -797,11 +755,15 @@ static int __init load_builtin_regdb_keys(void) 
	pr_notice("Loading compiled-in X.509 certificates for regulatory database\n");



#ifdef CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS

	load_keys_from_buffer(shipped_regdb_certs, shipped_regdb_certs_len);

	x509_load_certificate_list(shipped_regdb_certs,

				   shipped_regdb_certs_len,

				   builtin_regdb_keys);

#endif

#ifdef CONFIG_CFG80211_EXTRA_REGDB_KEYDIR

	if (CONFIG_CFG80211_EXTRA_REGDB_KEYDIR[0] != '\0')

		load_keys_from_buffer(extra_regdb_certs, extra_regdb_certs_len);

		x509_load_certificate_list(extra_regdb_certs,

					   extra_regdb_certs_len,

					   builtin_regdb_keys);

#endif



	return 0;