Openwrt-EcoNet/kernel-49
1
0
Fork 0
Code Activity
Files
kernel-49/scripts/extract-cert.c
Greg Kroah-Hartman c1beaea421 Merge 4.9.334 into android-4.9-q 
Changes in 4.9.334
	HID: hyperv: fix possible memory leak in mousevsc_probe()
	net: gso: fix panic on frag_list with mixed head alloc types
	bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
	net: fman: Unregister ethernet device on removal
	capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
	net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
	hamradio: fix issue of dev reference count leakage in bpq_device_event()
	ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
	tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
	dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
	drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
	net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
	ethernet: s2io: disable napi when start nic failed in s2io_card_up()
	net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
	net: macvlan: fix memory leaks of macvlan_common_newlink
	ALSA: hda: fix potential memleak in 'add_widget_node'
	ALSA: usb-audio: Add quirk entry for M-Audio Micro
	nilfs2: fix deadlock in nilfs_count_free_blocks()
	platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
	btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
	udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
	cert host tools: Stop complaining about deprecated OpenSSL functions
	dmaengine: at_hdmac: Fix at_lli struct definition
	dmaengine: at_hdmac: Don't start transactions at tx_submit level
	dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
	dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
	dmaengine: at_hdmac: Fix impossible condition
	dmaengine: at_hdmac: Check return code of dma_async_device_register
	x86/cpu: Restore AMD's DE_CFG MSR after resume
	drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
	Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
	ASoC: core: Fix use-after-free in snd_soc_exit()
	serial: 8250_omap: remove wait loop from Errata i202 workaround
	serial: 8250: omap: Flush PM QOS work on remove
	tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
	ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
	parport_pc: Avoid FIFO port location truncation
	pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
	mISDN: fix possible memory leak in mISDN_dsp_element_register()
	mISDN: fix misuse of put_device() in mISDN_register_device()
	net: caif: fix double disconnect client in chnl_net_open()
	xen/pcpu: fix possible memory leak in register_pcpu()
	net/x25: Fix skb leak in x25_lapb_receive_frame()
	cifs: Fix wrong return value checking when GETFLAGS
	ftrace: Fix the possible incorrect kernel message
	ftrace: Optimize the allocation for mcount entries
	ring_buffer: Do not deactivate non-existant pages
	ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
	USB: serial: option: add Sierra Wireless EM9191
	USB: serial: option: remove old LARA-R6 PID
	USB: serial: option: add u-blox LARA-R6 00B modem
	USB: serial: option: add u-blox LARA-L6 modem
	USB: serial: option: add Fibocom FM160 0x0111 composition
	usb: add NO_LPM quirk for Realforce 87U Keyboard
	usb: chipidea: fix deadlock in ci_otg_del_timer
	iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
	iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
	iio: pressure: ms5611: changed hardcoded SPI speed to value limited
	dm ioctl: fix misbehavior if list_versions races with module loading
	serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
	serial: 8250_lpss: Configure DMA also w/o DMA filter
	mmc: core: properly select voltage range without power cycle
	misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
	nilfs2: fix use-after-free bug of ns_writer on remount
	serial: 8250: Flush DMA Rx on RLSI
	tcp: cdg: allow tcp_cdg_release() to be called multiple times
	kcm: avoid potential race in kcm_tx_work
	9p: trans_fd/p9_conn_cancel: drop client lock earlier
	gfs2: Check sb_bsize_shift after reading superblock
	gfs2: Switch from strlcpy to strscpy
	9p/trans_fd: always use O_NONBLOCK read/write
	mm: fs: initialize fsdata passed to write_begin/write_end interface
	ntfs: fix use-after-free in ntfs_attr_find()
	ntfs: fix out-of-bounds read in ntfs_attr_find()
	ntfs: check overflow when iterating ATTR_RECORDs
	Linux 4.9.334

Change-Id: I9e6e907e472831b20a849c7765c0eb2a62694347
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2022-11-28 21:40:54 +03:00

170 lines
3.6 KiB
C
Raw Permalink Blame History

/* Extract X.509 certificate in DER form from PKCS#11 or PEM.
*
* Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved.
* Copyright © 2015 Intel Corporation.
*
* Authors: David Howells <dhowells@redhat.com>
* David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1
* of the licence, or (at your option) any later version.
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <err.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/engine.h>
/*
* OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
*
* Remove this if/when that API is no longer used
*/
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#define PKEY_ID_PKCS7 2
static __attribute__((noreturn))
void format(void)
{
fprintf(stderr,
"Usage: scripts/extract-cert <source> <dest>\n");
exit(2);
}
static void display_openssl_errors(int l)
{
const char *file;
char buf[120];
int e, line;
if (ERR_peek_error() == 0)
return;
fprintf(stderr, "At main.c:%d:\n", l);
while ((e = ERR_get_error_line(&file, &line))) {
ERR_error_string(e, buf);
fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
}
}
static void drain_openssl_errors(void)
{
const char *file;
int line;
if (ERR_peek_error() == 0)
return;
while (ERR_get_error_line(&file, &line)) {}
}
#define ERR(cond, fmt, ...) \
do { \
bool __cond = (cond); \
display_openssl_errors(__LINE__); \
if (__cond) { \
err(1, fmt, ## __VA_ARGS__); \
} \
} while(0)
static const char *key_pass;
static BIO *wb;
static char *cert_dst;
int kbuild_verbose;
static void write_cert(X509 *x509)
{
char buf[200];
if (!wb) {
wb = BIO_new_file(cert_dst, "wb");
ERR(!wb, "%s", cert_dst);
}
X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf));
ERR(!i2d_X509_bio(wb, x509), "%s", cert_dst);
if (kbuild_verbose)
fprintf(stderr, "Extracted cert: %s\n", buf);
}
int main(int argc, char **argv)
{
char *cert_src;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_clear_error();
kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0");
key_pass = getenv("KBUILD_SIGN_PIN");
if (argc != 3)
format();
cert_src = argv[1];
cert_dst = argv[2];
if (!cert_src[0]) {
/* Invoked with no input; create empty file */
FILE *f = fopen(cert_dst, "wb");
ERR(!f, "%s", cert_dst);
fclose(f);
exit(0);
} else if (!strncmp(cert_src, "pkcs11:", 7)) {
ENGINE *e;
struct {
const char *cert_id;
X509 *cert;
} parms;
parms.cert_id = cert_src;
parms.cert = NULL;
ENGINE_load_builtin_engines();
drain_openssl_errors();
e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE");
if (ENGINE_init(e))
drain_openssl_errors();
else
ERR(1, "ENGINE_init");
if (key_pass)
ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
ERR(!parms.cert, "Get X.509 from PKCS#11");
write_cert(parms.cert);
} else {
BIO *b;
X509 *x509;
b = BIO_new_file(cert_src, "rb");
ERR(!b, "%s", cert_src);
while (1) {
x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);
if (wb && !x509) {
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
ERR_clear_error();
break;
}
}
ERR(!x509, "%s", cert_src);
write_cert(x509);
}
}
BIO_free(wb);
return 0;
}
View Git Blame Copy Permalink