[pkg-wpa-devel] r1510 - /crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch
kelmo-guest at users.alioth.debian.org
kelmo-guest at users.alioth.debian.org
Fri Mar 5 01:32:40 UTC 2010
Author: kelmo-guest
Date: Fri Mar 5 01:32:40 2010
New Revision: 1510
URL: http://svn.debian.org/wsvn/pkg-wpa/?sc=1&rev=1510
Log:
new version of openssl redux patch.
Modified:
crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch
Modified: crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch
URL: http://svn.debian.org/wsvn/pkg-wpa/crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch?rev=1510&op=diff
==============================================================================
--- crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch (original)
+++ crda/trunk/debian/patches/openssl_runtime_verification_tuneup.patch Fri Mar 5 01:32:40 2010
@@ -6,11 +6,6 @@
This allows wireless-regdb to be built from source and upgraded independently
of crda and is _crucial_ for distributions who want to build their own
regulatory.bin.
-
-This change does remove support for alternate runtime pubkey dir
-/etc/wireless-regdb/pubkeys, but wireless-regdb does not currently install
-custom pubkeys to /etc/wireless-regdb/pubkeys, and I couldn't care less
-about that feature atm :)
When verification fails provide information about the PUBKEY_DIR variable.
@@ -34,13 +29,15 @@
CFLAGS += -Wall -g
all: all_noverify verify
-@@ -30,17 +23,22 @@ all: all_noverify verify
+@@ -30,17 +23,24 @@ all: all_noverify verify
all_noverify: crda intersect regdbdump
ifeq ($(USE_OPENSSL),1)
-CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
+PUBKEY_DIR?=$(PREFIX)/lib/crda/pubkeys
-+CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(PUBKEY_DIR)\" `pkg-config --cflags openssl`
++RUNTIME_PUBKEY_DIR?=/etc/wireless-regdb/pubkeys
++CFLAGS += -DUSE_OPENSSL `pkg-config --cflags openssl`
++CFLAGS += -DPUBKEY_DIR=\"$(PUBKEY_DIR)\" -DALT_PUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\"
LDLIBS += `pkg-config --libs openssl`
-reglib.o: keys-ssl.c
@@ -60,7 +57,7 @@
endif
MKDIR ?= mkdir -p
INSTALL ?= install
-@@ -82,15 +80,10 @@ $(REG_BIN):
+@@ -82,15 +82,10 @@ $(REG_BIN):
$(NQ) $(REG_GIT)
$(NQ)
$(NQ) "Once cloned (no need to build) cp regulatory.bin to $(REG_BIN)"
@@ -77,7 +74,7 @@
%.o: %.c regdb.h
$(NQ) ' CC ' $@
$(Q)$(CC) -c $(CPPFLAGS) $(CFLAGS) -o $@ $<
-@@ -109,7 +102,15 @@ intersect: reglib.o intersect.o print-re
+@@ -109,7 +104,15 @@ intersect: reglib.o intersect.o print-re
verify: $(REG_BIN) regdbdump
$(NQ) ' CHK $(REG_BIN)'
@@ -115,7 +112,7 @@
int ok = 0;
DIR *pubkey_dir;
struct dirent *nextfile;
-@@ -61,24 +56,7 @@ int crda_verify_db_signature(__u8 *db, i
+@@ -61,26 +56,26 @@ int crda_verify_db_signature(__u8 *db, i
goto out;
}
@@ -124,7 +121,20 @@
- if (!rsa) {
- fprintf(stderr, "Failed to create RSA key.\n");
- goto out;
-- }
++ if ((pubkey_dir = opendir(PUBKEY_DIR))) {
++ while (!ok && (nextfile = readdir(pubkey_dir))) {
++ snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR,
++ nextfile->d_name);
++ if ((keyfile = fopen(filename, "rb"))) {
++ rsa = PEM_read_RSA_PUBKEY(keyfile,
++ NULL, NULL, NULL);
++ if (rsa)
++ ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
++ db + dblen, siglen, rsa) == 1;
++ RSA_free(rsa);
++ fclose(keyfile);
++ }
+ }
-
- rsa->e = &keys[i].e;
- rsa->n = &keys[i].n;
@@ -135,12 +145,17 @@
- rsa->e = NULL;
- rsa->n = NULL;
- RSA_free(rsa);
-- }
++ closedir(pubkey_dir);
+ }
- if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
-+ if ((pubkey_dir = opendir(PUBKEY_DIR))) {
++
++ if (!ok && (pubkey_dir = opendir(ALT_PUBKEY_DIR))) {
while (!ok && (nextfile = readdir(pubkey_dir))) {
- snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR,
+- snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR,
++ snprintf(filename, PATH_MAX, "%s/%s", ALT_PUBKEY_DIR,
nextfile->d_name);
+ if ((keyfile = fopen(filename, "rb"))) {
+ rsa = PEM_read_RSA_PUBKEY(keyfile,
--- a/utils/key2pub.py
+++ b/utils/key2pub.py
@@ -9,81 +9,6 @@ except ImportError, e:
More information about the Pkg-wpa-devel
mailing list