Merge tag 'keys-next-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd (24f772de) · Commits · git / linux-net

MAINTAINERS

+1 −0

Original line number	Diff line number	Diff line
		@@ -5215,6 +5215,7 @@ S: Maintained
		F: Documentation/admin-guide/module-signing.rst
		F: certs/
		F: scripts/sign-file.c
		F: scripts/ssl-common.h
		F: tools/certs/

		CFAG12864B LCD DRIVER

certs/Makefile

+1 −1

Original line number	Diff line number	Diff line
		@@ -84,5 +84,5 @@ targets += x509_revocation_list

		hostprogs := extract-cert

		HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
		HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) -I$(srctree)/scripts
		HOSTLDLIBS_extract-cert = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null \|\| echo -lcrypto)

certs/extract-cert.c

+74 −64

Original line number	Diff line number	Diff line
		@@ -21,14 +21,17 @@
		#include <openssl/bio.h>
		#include <openssl/pem.h>
		#include <openssl/err.h>
		#if OPENSSL_VERSION_MAJOR >= 3
		# define USE_PKCS11_PROVIDER
		# include <openssl/provider.h>
		# include <openssl/store.h>
		#else
		# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
		# define USE_PKCS11_ENGINE
		# include <openssl/engine.h>

		/*
		* OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
		*
		* Remove this if/when that API is no longer used
		*/
		#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
		# endif
		#endif
		#include "ssl-common.h"

		#define PKEY_ID_PKCS7 2

		@@ -40,41 +43,6 @@ void format(void)
		exit(2);
		}

		static void display_openssl_errors(int l)
		{
		const char *file;
		char buf[120];
		int e, line;

		if (ERR_peek_error() == 0)
		return;
		fprintf(stderr, "At main.c:%d:\n", l);

		while ((e = ERR_get_error_line(&file, &line))) {
		ERR_error_string(e, buf);
		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
		}
		}

		static void drain_openssl_errors(void)
		{
		const char *file;
		int line;

		if (ERR_peek_error() == 0)
		return;
		while (ERR_get_error_line(&file, &line)) {}
		}

		#define ERR(cond, fmt, ...) \
		do { \
		bool __cond = (cond); \
		display_openssl_errors(__LINE__); \
		if (__cond) { \
		err(1, fmt, ## __VA_ARGS__); \
		} \
		} while(0)

		static const char *key_pass;
		static BIO *wb;
		static char *cert_dst;
		@@ -94,6 +62,66 @@ static void write_cert(X509 *x509)
		fprintf(stderr, "Extracted cert: %s\n", buf);
		}

		static X509 load_cert_pkcs11(const char cert_src)
		{
		X509 *cert = NULL;
		#ifdef USE_PKCS11_PROVIDER
		OSSL_STORE_CTX *store;

		if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
		ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
		if (!OSSL_PROVIDER_try_load(NULL, "default", true))
		ERR(1, "OSSL_PROVIDER_try_load(default)");

		store = OSSL_STORE_open(cert_src, NULL, NULL, NULL, NULL);
		ERR(!store, "OSSL_STORE_open");

		while (!OSSL_STORE_eof(store)) {
		OSSL_STORE_INFO *info = OSSL_STORE_load(store);

		if (!info) {
		drain_openssl_errors(__LINE__, 0);
		continue;
		}
		if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_CERT) {
		cert = OSSL_STORE_INFO_get1_CERT(info);
		ERR(!cert, "OSSL_STORE_INFO_get1_CERT");
		}
		OSSL_STORE_INFO_free(info);
		if (cert)
		break;
		}
		OSSL_STORE_close(store);
		#elif defined(USE_PKCS11_ENGINE)
		ENGINE *e;
		struct {
		const char *cert_id;
		X509 *cert;
		} parms;

		parms.cert_id = cert_src;
		parms.cert = NULL;

		ENGINE_load_builtin_engines();
		drain_openssl_errors(__LINE__, 1);
		e = ENGINE_by_id("pkcs11");
		ERR(!e, "Load PKCS#11 ENGINE");
		if (ENGINE_init(e))
		drain_openssl_errors(__LINE__, 1);
		else
		ERR(1, "ENGINE_init");
		if (key_pass)
		ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
		ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
		ERR(!parms.cert, "Get X.509 from PKCS#11");
		cert = parms.cert;
		#else
		fprintf(stderr, "no pkcs11 engine/provider available\n");
		exit(1);
		#endif
		return cert;
		}

		int main(int argc, char **argv)
		{
		char *cert_src;
		@@ -122,28 +150,10 @@ int main(int argc, char **argv)
		fclose(f);
		exit(0);
		} else if (!strncmp(cert_src, "pkcs11:", 7)) {
		ENGINE *e;
		struct {
		const char *cert_id;
		X509 *cert;
		} parms;

		parms.cert_id = cert_src;
		parms.cert = NULL;
		X509 *cert = load_cert_pkcs11(cert_src);

		ENGINE_load_builtin_engines();
		drain_openssl_errors();
		e = ENGINE_by_id("pkcs11");
		ERR(!e, "Load PKCS#11 ENGINE");
		if (ENGINE_init(e))
		drain_openssl_errors();
		else
		ERR(1, "ENGINE_init");
		if (key_pass)
		ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
		ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
		ERR(!parms.cert, "Get X.509 from PKCS#11");
		write_cert(parms.cert);
		ERR(!cert, "load_cert_pkcs11 failed");
		write_cert(cert);
		} else {
		BIO *b;
		X509 *x509;

crypto/asymmetric_keys/asymmetric_type.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -60,17 +60,18 @@ struct key find_asymmetric_key(struct key keyring,
		char req, p;
		int len;

		WARN_ON(!id_0 && !id_1 && !id_2);

		if (id_0) {
		lookup = id_0->data;
		len = id_0->len;
		} else if (id_1) {
		lookup = id_1->data;
		len = id_1->len;
		} else {
		} else if (id_2) {
		lookup = id_2->data;
		len = id_2->len;
		} else {
		WARN_ON(1);
		return ERR_PTR(-EINVAL);
		}

		/* Construct an identifier "id:<keyid>". */

include/keys/dns_resolver-type.h

+0 −4

Original line number	Diff line number	Diff line
		@@ -12,8 +12,4 @@

		extern struct key_type key_type_dns_resolver;

		extern int request_dns_resolver_key(const char *description,
		const char *callout_info,
		char **data);

		#endif /* _KEYS_DNS_RESOLVER_TYPE_H */