dumalogiya
/
openwrt
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

px5g: remove legacy polarssl support

Browse Source 
The old polarssl 1.3 branch is EOL since end of 2016, and the package
for it will be removed soon.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
v19.07.3_mercusys_ac12_duma
Felix Fietkau 8 years ago
parent 018d80007e
commit 1cf64e210f
2 changed files with 33 additions and 61 deletions
Show Stats Download Patch File Download Diff File

23
package/utils/px5g/Makefile
Unescape Escape View File

@ -16,48 +16,35 @@ PKG_USE_MIPS16:=0
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
define Package/px5g/Template define Package/px5g-mbedtls
SECTION:=utils SECTION:=utils
CATEGORY:=Utilities CATEGORY:=Utilities
SUBMENU:=Encryption SUBMENU:=Encryption
TITLE:=X.509 certificate generator (using $(1)) TITLE:=X.509 certificate generator (using mbedtls)
MAINTAINER:=Jo-Philipp Wich <jo@mein.io> MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
DEPENDS:=+lib$(1) DEPENDS:=+libmbedtls
PROVIDES:=px5g PROVIDES:=px5g
VARIANT:=$(1)
endef endef
define Package/px5g-polarssl/description define Package/px5g-mbedtls/description
Px5g is a tiny standalone X.509 certificate generator. Px5g is a tiny standalone X.509 certificate generator.
It suitable to create key files and certificates in DER It suitable to create key files and certificates in DER
and PEM format for use with stunnel, uhttpd and others. and PEM format for use with stunnel, uhttpd and others.
endef endef
Package/px5g-mbedtls=$(call Package/px5g/Template,mbedtls)
Package/px5g-polarssl=$(call Package/px5g/Template,polarssl)
Package/px5g-mbedtls/description=$(Package/px5g-polarssl/description)
define Build/Prepare define Build/Prepare
mkdir -p $(PKG_BUILD_DIR) mkdir -p $(PKG_BUILD_DIR)
endef endef
ifeq ($(BUILD_VARIANT),mbedtls)
TARGET_CFLAGS += -DMBEDTLS
TARGET_LDFLAGS := -lmbedtls -lmbedx509 -lmbedcrypto TARGET_LDFLAGS := -lmbedtls -lmbedx509 -lmbedcrypto
else
TARGET_LDFLAGS := -lpolarssl
endif
define Build/Compile define Build/Compile
$(TARGET_CC) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g.c $(TARGET_LDFLAGS) $(TARGET_CC) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g.c $(TARGET_LDFLAGS)
endef endef
define Package/px5g-polarssl/install define Package/px5g-mbedtls/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g $(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g
endef endef
Package/px5g-mbedtls/install=$(Package/px5g-polarssl/install)
$(eval $(call BuildPackage,px5g-polarssl))
$(eval $(call BuildPackage,px5g-mbedtls)) $(eval $(call BuildPackage,px5g-mbedtls))

71
package/utils/px5g/px5g.c
Unescape Escape View File

@ -30,20 +30,10 @@
#include <fcntl.h> #include <fcntl.h>
#include <stdbool.h> #include <stdbool.h>
#ifdef MBEDTLS
#include <mbedtls/bignum.h> #include <mbedtls/bignum.h>
#include <mbedtls/x509_crt.h> #include <mbedtls/x509_crt.h>
#include <mbedtls/rsa.h> #include <mbedtls/rsa.h>
#include <mbedtls/pk.h> #include <mbedtls/pk.h>
#define lib_wrapper(x) mbedtls_##x
#define MD_SHA256 MBEDTLS_MD_SHA256
#else
#include <polarssl/bignum.h>
#include <polarssl/x509_crt.h>
#include <polarssl/rsa.h>
#define lib_wrapper(x) x
#define MD_SHA256 POLARSSL_MD_SHA256
#endif
#define PX5G_VERSION "0.2" #define PX5G_VERSION "0.2"
#define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven@midlink.org>" #define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven@midlink.org>"
@ -83,15 +73,15 @@ static void write_file(const char *path, int len, bool pem)
fclose(f); fclose(f);
} }
static void write_key(lib_wrapper(pk_context) *key, const char *path, bool pem) static void write_key(mbedtls_pk_context *key, const char *path, bool pem)
{ {
int len = 0; int len = 0;
if (pem) { if (pem) {
if (lib_wrapper(pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0)) if (mbedtls_pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0)
len = strlen(buf); len = strlen(buf);
} else { } else {
len = lib_wrapper(pk_write_key_der(key, (void *) buf, sizeof(buf))); len = mbedtls_pk_write_key_der(key, (void *) buf, sizeof(buf));
if (len < 0) if (len < 0)
len = 0; len = 0;
} }
@ -99,17 +89,12 @@ static void write_key(lib_wrapper(pk_context) *key, const char *path, bool pem)
write_file(path, len, pem); write_file(path, len, pem);
} }
static void gen_key(lib_wrapper(pk_context) *key, int ksize, int exp, bool pem) static void gen_key(mbedtls_pk_context *key, int ksize, int exp, bool pem)
{ {
lib_wrapper(pk_init(key)); mbedtls_pk_init(key);
fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize); fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
#ifdef MBEDTLS
mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) { if (mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) {
#else
pk_init_ctx(key, lib_wrapper(pk_info_from_type(POLARSSL_PK_RSA)));
if (rsa_gen_key(pk_rsa(*key), _urandom, NULL, ksize, exp)) {
#endif
fprintf(stderr, "error: key generation failed\n"); fprintf(stderr, "error: key generation failed\n");
exit(1); exit(1);
} }
@ -117,7 +102,7 @@ static void gen_key(lib_wrapper(pk_context) *key, int ksize, int exp, bool pem)
int rsakey(char **arg) int rsakey(char **arg)
{ {
lib_wrapper(pk_context) key; mbedtls_pk_context key;
unsigned int ksize = 512; unsigned int ksize = 512;
int exp = 65537; int exp = 65537;
char *path = NULL; char *path = NULL;
@ -141,16 +126,16 @@ int rsakey(char **arg)
gen_key(&key, ksize, exp, pem); gen_key(&key, ksize, exp, pem);
write_key(&key, path, pem); write_key(&key, path, pem);
lib_wrapper(pk_free(&key)); mbedtls_pk_free(&key);
return 0; return 0;
} }
int selfsigned(char **arg) int selfsigned(char **arg)
{ {
lib_wrapper(pk_context) key; mbedtls_pk_context key;
lib_wrapper(x509write_cert) cert; mbedtls_x509write_cert cert;
lib_wrapper(mpi) serial; mbedtls_mpi serial;
char *subject = ""; char *subject = "";
unsigned int ksize = 512; unsigned int ksize = 512;
@ -227,34 +212,34 @@ int selfsigned(char **arg)
fprintf(stderr, "Generating selfsigned certificate with subject '%s'" fprintf(stderr, "Generating selfsigned certificate with subject '%s'"
" and validity %s-%s\n", subject, fstr, tstr); " and validity %s-%s\n", subject, fstr, tstr);
lib_wrapper(x509write_crt_init(&cert)); mbedtls_x509write_crt_init(&cert);
lib_wrapper(x509write_crt_set_md_alg(&cert, MD_SHA256)); mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA256);
lib_wrapper(x509write_crt_set_issuer_key(&cert, &key)); mbedtls_x509write_crt_set_issuer_key(&cert, &key);
lib_wrapper(x509write_crt_set_subject_key(&cert, &key)); mbedtls_x509write_crt_set_subject_key(&cert, &key);
lib_wrapper(x509write_crt_set_subject_name(&cert, subject)); mbedtls_x509write_crt_set_subject_name(&cert, subject);
lib_wrapper(x509write_crt_set_issuer_name(&cert, subject)); mbedtls_x509write_crt_set_issuer_name(&cert, subject);
lib_wrapper(x509write_crt_set_validity(&cert, fstr, tstr)); mbedtls_x509write_crt_set_validity(&cert, fstr, tstr);
lib_wrapper(x509write_crt_set_basic_constraints(&cert, 0, -1)); mbedtls_x509write_crt_set_basic_constraints(&cert, 0, -1);
lib_wrapper(x509write_crt_set_subject_key_identifier(&cert)); mbedtls_x509write_crt_set_subject_key_identifier(&cert);
lib_wrapper(x509write_crt_set_authority_key_identifier(&cert)); mbedtls_x509write_crt_set_authority_key_identifier(&cert);
_urandom(NULL, buf, 8); _urandom(NULL, buf, 8);
for (len = 0; len < 8; len++) for (len = 0; len < 8; len++)
sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]); sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
lib_wrapper(mpi_init(&serial)); mbedtls_mpi_init(&serial);
lib_wrapper(mpi_read_string(&serial, 16, sstr)); mbedtls_mpi_read_string(&serial, 16, sstr);
lib_wrapper(x509write_crt_set_serial(&cert, &serial)); mbedtls_x509write_crt_set_serial(&cert, &serial);
if (pem) { if (pem) {
if (lib_wrapper(x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0)) { if (mbedtls_x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0) {
fprintf(stderr, "Failed to generate certificate\n"); fprintf(stderr, "Failed to generate certificate\n");
return 1; return 1;
} }
len = strlen(buf); len = strlen(buf);
} else { } else {
len = lib_wrapper(x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL)); len = mbedtls_x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL);
if (len < 0) { if (len < 0) {
fprintf(stderr, "Failed to generate certificate: %d\n", len); fprintf(stderr, "Failed to generate certificate: %d\n", len);
return 1; return 1;
@ -262,9 +247,9 @@ int selfsigned(char **arg)
} }
write_file(certpath, len, pem); write_file(certpath, len, pem);
lib_wrapper(x509write_crt_free(&cert)); mbedtls_x509write_crt_free(&cert);
lib_wrapper(mpi_free(&serial)); mbedtls_mpi_free(&serial);
lib_wrapper(pk_free(&key)); mbedtls_pk_free(&key);
return 0; return 0;
} }

Write Preview
Loading…
Cancel
Save