From 1cf64e210f3699af57310478179dcc4108825c58 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 9 Jan 2017 14:28:43 +0100 Subject: [PATCH] px5g: remove legacy polarssl support The old polarssl 1.3 branch is EOL since end of 2016, and the package for it will be removed soon. Signed-off-by: Felix Fietkau --- package/utils/px5g/Makefile | 23 +++--------- package/utils/px5g/px5g.c | 71 +++++++++++++++---------------------- 2 files changed, 33 insertions(+), 61 deletions(-) diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile index c5de03a02c..23fb0e1b1f 100644 --- a/package/utils/px5g/Makefile +++ b/package/utils/px5g/Makefile @@ -16,48 +16,35 @@ PKG_USE_MIPS16:=0 include $(INCLUDE_DIR)/package.mk -define Package/px5g/Template +define Package/px5g-mbedtls SECTION:=utils CATEGORY:=Utilities SUBMENU:=Encryption - TITLE:=X.509 certificate generator (using $(1)) + TITLE:=X.509 certificate generator (using mbedtls) MAINTAINER:=Jo-Philipp Wich - DEPENDS:=+lib$(1) + DEPENDS:=+libmbedtls PROVIDES:=px5g - VARIANT:=$(1) endef -define Package/px5g-polarssl/description +define Package/px5g-mbedtls/description Px5g is a tiny standalone X.509 certificate generator. It suitable to create key files and certificates in DER and PEM format for use with stunnel, uhttpd and others. endef -Package/px5g-mbedtls=$(call Package/px5g/Template,mbedtls) -Package/px5g-polarssl=$(call Package/px5g/Template,polarssl) -Package/px5g-mbedtls/description=$(Package/px5g-polarssl/description) - define Build/Prepare mkdir -p $(PKG_BUILD_DIR) endef -ifeq ($(BUILD_VARIANT),mbedtls) -TARGET_CFLAGS += -DMBEDTLS TARGET_LDFLAGS := -lmbedtls -lmbedx509 -lmbedcrypto -else -TARGET_LDFLAGS := -lpolarssl -endif define Build/Compile $(TARGET_CC) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g.c $(TARGET_LDFLAGS) endef -define Package/px5g-polarssl/install +define Package/px5g-mbedtls/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g endef -Package/px5g-mbedtls/install=$(Package/px5g-polarssl/install) - -$(eval $(call BuildPackage,px5g-polarssl)) $(eval $(call BuildPackage,px5g-mbedtls)) diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c index af8a5da87f..f0fe4dcfd3 100644 --- a/package/utils/px5g/px5g.c +++ b/package/utils/px5g/px5g.c @@ -30,20 +30,10 @@ #include #include -#ifdef MBEDTLS #include #include #include #include -#define lib_wrapper(x) mbedtls_##x -#define MD_SHA256 MBEDTLS_MD_SHA256 -#else -#include -#include -#include -#define lib_wrapper(x) x -#define MD_SHA256 POLARSSL_MD_SHA256 -#endif #define PX5G_VERSION "0.2" #define PX5G_COPY "Copyright (c) 2009 Steven Barth " @@ -83,15 +73,15 @@ static void write_file(const char *path, int len, bool pem) fclose(f); } -static void write_key(lib_wrapper(pk_context) *key, const char *path, bool pem) +static void write_key(mbedtls_pk_context *key, const char *path, bool pem) { int len = 0; if (pem) { - if (lib_wrapper(pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0)) + if (mbedtls_pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0) len = strlen(buf); } else { - len = lib_wrapper(pk_write_key_der(key, (void *) buf, sizeof(buf))); + len = mbedtls_pk_write_key_der(key, (void *) buf, sizeof(buf)); if (len < 0) len = 0; } @@ -99,17 +89,12 @@ static void write_key(lib_wrapper(pk_context) *key, const char *path, bool pem) write_file(path, len, pem); } -static void gen_key(lib_wrapper(pk_context) *key, int ksize, int exp, bool pem) +static void gen_key(mbedtls_pk_context *key, int ksize, int exp, bool pem) { - lib_wrapper(pk_init(key)); + mbedtls_pk_init(key); fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize); -#ifdef MBEDTLS mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) { -#else - pk_init_ctx(key, lib_wrapper(pk_info_from_type(POLARSSL_PK_RSA))); - if (rsa_gen_key(pk_rsa(*key), _urandom, NULL, ksize, exp)) { -#endif fprintf(stderr, "error: key generation failed\n"); exit(1); } @@ -117,7 +102,7 @@ static void gen_key(lib_wrapper(pk_context) *key, int ksize, int exp, bool pem) int rsakey(char **arg) { - lib_wrapper(pk_context) key; + mbedtls_pk_context key; unsigned int ksize = 512; int exp = 65537; char *path = NULL; @@ -141,16 +126,16 @@ int rsakey(char **arg) gen_key(&key, ksize, exp, pem); write_key(&key, path, pem); - lib_wrapper(pk_free(&key)); + mbedtls_pk_free(&key); return 0; } int selfsigned(char **arg) { - lib_wrapper(pk_context) key; - lib_wrapper(x509write_cert) cert; - lib_wrapper(mpi) serial; + mbedtls_pk_context key; + mbedtls_x509write_cert cert; + mbedtls_mpi serial; char *subject = ""; unsigned int ksize = 512; @@ -227,34 +212,34 @@ int selfsigned(char **arg) fprintf(stderr, "Generating selfsigned certificate with subject '%s'" " and validity %s-%s\n", subject, fstr, tstr); - lib_wrapper(x509write_crt_init(&cert)); - lib_wrapper(x509write_crt_set_md_alg(&cert, MD_SHA256)); - lib_wrapper(x509write_crt_set_issuer_key(&cert, &key)); - lib_wrapper(x509write_crt_set_subject_key(&cert, &key)); - lib_wrapper(x509write_crt_set_subject_name(&cert, subject)); - lib_wrapper(x509write_crt_set_issuer_name(&cert, subject)); - lib_wrapper(x509write_crt_set_validity(&cert, fstr, tstr)); - lib_wrapper(x509write_crt_set_basic_constraints(&cert, 0, -1)); - lib_wrapper(x509write_crt_set_subject_key_identifier(&cert)); - lib_wrapper(x509write_crt_set_authority_key_identifier(&cert)); + mbedtls_x509write_crt_init(&cert); + mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA256); + mbedtls_x509write_crt_set_issuer_key(&cert, &key); + mbedtls_x509write_crt_set_subject_key(&cert, &key); + mbedtls_x509write_crt_set_subject_name(&cert, subject); + mbedtls_x509write_crt_set_issuer_name(&cert, subject); + mbedtls_x509write_crt_set_validity(&cert, fstr, tstr); + mbedtls_x509write_crt_set_basic_constraints(&cert, 0, -1); + mbedtls_x509write_crt_set_subject_key_identifier(&cert); + mbedtls_x509write_crt_set_authority_key_identifier(&cert); _urandom(NULL, buf, 8); for (len = 0; len < 8; len++) sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]); - lib_wrapper(mpi_init(&serial)); - lib_wrapper(mpi_read_string(&serial, 16, sstr)); - lib_wrapper(x509write_crt_set_serial(&cert, &serial)); + mbedtls_mpi_init(&serial); + mbedtls_mpi_read_string(&serial, 16, sstr); + mbedtls_x509write_crt_set_serial(&cert, &serial); if (pem) { - if (lib_wrapper(x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0)) { + if (mbedtls_x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0) { fprintf(stderr, "Failed to generate certificate\n"); return 1; } len = strlen(buf); } else { - len = lib_wrapper(x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL)); + len = mbedtls_x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL); if (len < 0) { fprintf(stderr, "Failed to generate certificate: %d\n", len); return 1; @@ -262,9 +247,9 @@ int selfsigned(char **arg) } write_file(certpath, len, pem); - lib_wrapper(x509write_crt_free(&cert)); - lib_wrapper(mpi_free(&serial)); - lib_wrapper(pk_free(&key)); + mbedtls_x509write_crt_free(&cert); + mbedtls_mpi_free(&serial); + mbedtls_pk_free(&key); return 0; } -- 2.30.2