mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity

Merge 51121dcf37 into eb35a3be13

This commit is contained in:
qosmio 2024-04-18 10:43:17 -04:00 committed by GitHub
parent eb35a3be13 51121dcf37
commit 6d1ca39b9c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 59 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
net/nginx-util/Makefile
View File

@ -1,8 +1,8 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=nginx-util PKG_NAME:=nginx-util
PKG_VERSION:=1.6 PKG_VERSION:=1.7
PKG_RELEASE:=20 PKG_RELEASE:=1
PKG_MAINTAINER:=Peter Stadler <peter.stadler@student.uibk.ac.at> PKG_MAINTAINER:=Peter Stadler <peter.stadler@student.uibk.ac.at>
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
@ -11,8 +11,6 @@ include $(INCLUDE_DIR)/cmake.mk
CMAKE_OPTIONS+= -DUBUS=y CMAKE_OPTIONS+= -DUBUS=y
CMAKE_OPTIONS+= -DVERSION=$(PKG_VERSION) CMAKE_OPTIONS+= -DVERSION=$(PKG_VERSION)
TARGET_CFLAGS+= -Wno-error=deprecated-declarations
define Package/nginx-ssl-util/default define Package/nginx-ssl-util/default
SECTION:=net SECTION:=net
CATEGORY:=Network CATEGORY:=Network

168
net/nginx-util/src/px5g-openssl.hpp
View File

@ -7,6 +7,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/evp.h>
#include <unistd.h> #include <unistd.h>
#include <memory> #include <memory>
#include <stdexcept> #include <stdexcept>
@ -22,7 +23,7 @@ auto checkend(const std::string& crtpath, time_t seconds = 0, bool use_pem = tru
auto gen_eckey(int curve) -> EVP_PKEY_ptr; auto gen_eckey(int curve) -> EVP_PKEY_ptr;
auto gen_rsakey(int keysize, BN_ULONG exponent = RSA_F4) -> EVP_PKEY_ptr; auto gen_rsakey(int keysize) -> EVP_PKEY_ptr;
void write_key(const EVP_PKEY_ptr& pkey, const std::string& keypath = "", bool use_pem = true); void write_key(const EVP_PKEY_ptr& pkey, const std::string& keypath = "", bool use_pem = true);
@ -88,42 +89,45 @@ auto gen_eckey(const int curve) -> EVP_PKEY_ptr
} }
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED); EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
auto* eckey = EC_KEY_new(); EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr);
if (eckey != nullptr) { if (!EVP_PKEY_paramgen_init(ctx)) {
if ((EC_KEY_set_group(eckey, group) == 0) || (EC_KEY_generate_key(eckey) == 0)) { throw std::runtime_error("Could not init paramgen");
EC_KEY_free(eckey);
eckey = nullptr;
}
} }
EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, curve);
EVP_PKEY* params = nullptr;
EVP_PKEY_paramgen(ctx, &params);
EVP_PKEY_CTX* key_gen_ctx = EVP_PKEY_CTX_new(params, nullptr);
if (EVP_PKEY_keygen_init(key_gen_ctx) <= 0) {
std::string errmsg{"gen_eckey error: cannot initialize key generation context\n"};
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
EVP_PKEY* pkey = nullptr;
if (!EVP_PKEY_keygen(key_gen_ctx, &pkey)) {
EVP_PKEY_CTX_free(key_gen_ctx);
EC_GROUP_free(group);
std::string errmsg{"gen_eckey error: cannot generate key pair\n"};
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
EVP_PKEY_CTX_free(ctx);
EC_GROUP_free(group); EC_GROUP_free(group);
if (eckey == nullptr) { EVP_PKEY_ptr pkey_ptr{pkey, ::EVP_PKEY_free};
std::string errmsg{"gen_eckey error: cannot build key with curve id "};
errmsg += std::to_string(curve) + "\n";
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
EVP_PKEY_ptr pkey{EVP_PKEY_new(), ::EVP_PKEY_free}; return pkey_ptr;
// EVP_PKEY_assign_EC_KEY is a macro casting eckey to char *:
// NOLINTNEXTLINE(cppcoreguidelines-pro-type-cstyle-cast)
if (!EVP_PKEY_assign_EC_KEY(pkey.get(), eckey)) {
EC_KEY_free(eckey);
std::string errmsg{"gen_eckey error: cannot assign EC key to EVP\n"};
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
return pkey;
} }
auto gen_rsakey(const int keysize, const BN_ULONG exponent) -> EVP_PKEY_ptr auto gen_rsakey(const int keysize) -> EVP_PKEY_ptr
{ {
if (keysize < rsa_min_modulus_bits || keysize > OPENSSL_RSA_MAX_MODULUS_BITS) { if (keysize < rsa_min_modulus_bits || keysize > OPENSSL_RSA_MAX_MODULUS_BITS) {
std::string errmsg{"gen_rsakey error: RSA keysize ("}; std::string errmsg{"gen_rsakey error: RSA keysize ("};
@ -131,42 +135,12 @@ auto gen_rsakey(const int keysize, const BN_ULONG exponent) -> EVP_PKEY_ptr
errmsg += std::to_string(OPENSSL_RSA_MAX_MODULUS_BITS) + "]"; errmsg += std::to_string(OPENSSL_RSA_MAX_MODULUS_BITS) + "]";
throw std::runtime_error(errmsg); throw std::runtime_error(errmsg);
} }
auto* bignum = BN_new();
if (bignum == nullptr) { EVP_PKEY_ptr pkey = {EVP_RSA_gen(keysize), EVP_PKEY_free};
std::string errmsg{"gen_rsakey error: cannot get big number struct\n"};
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
auto* rsa = RSA_new(); if (!pkey) {
std::string errmsg{"gen_rsakey error: unable to generate RSA key with size: "};
if (rsa != nullptr) { errmsg += std::to_string(keysize);
if ((BN_set_word(bignum, exponent) == 0) ||
(RSA_generate_key_ex(rsa, keysize, bignum, nullptr) == 0))
{
RSA_free(rsa);
rsa = nullptr;
}
}
BN_free(bignum);
if (rsa == nullptr) {
std::string errmsg{"gen_rsakey error: cannot create RSA key with size"};
errmsg += std::to_string(keysize) + " and exponent ";
errmsg += std::to_string(exponent) + "\n";
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
EVP_PKEY_ptr pkey{EVP_PKEY_new(), ::EVP_PKEY_free};
// EVP_PKEY_assign_RSA is a macro casting rsa to char *:
// NOLINTNEXTLINE(cppcoreguidelines-pro-type-cstyle-cast)
if (!EVP_PKEY_assign_RSA(pkey.get(), rsa)) {
RSA_free(rsa);
std::string errmsg{"gen_rsakey error: cannot assign RSA key to EVP\n"};
ERR_print_errors_cb(print_error, &errmsg); ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg); throw std::runtime_error(errmsg);
} }
@ -179,31 +153,10 @@ void write_key(const EVP_PKEY_ptr& pkey, const std::string& keypath, const bool
BIO* bio = nullptr; BIO* bio = nullptr;
if (keypath.empty()) { if (keypath.empty()) {
bio = _BIO_new_fp(stdout, use_pem); bio = BIO_new_fp(stdout, BIO_NOCLOSE);
} }
else {
else { // BIO_new_file(keypath.c_str(), (use_pem ? "w" : "wb") ); bio = BIO_new_file(keypath.c_str(), use_pem ? "w" : "wb");
static constexpr auto mask = 0600;
// auto fd = open(keypath.c_str(), O_WRONLY | O_CREAT | O_TRUNC, mask);
// creat has no cloexec, alt. triggers cppcoreguidelines-pro-type-vararg
// NOLINTNEXTLINE(android-cloexec-creat)
auto fd = creat(keypath.c_str(), mask); // the same without va_args.
if (fd >= 0) {
auto* fp = fdopen(fd, (use_pem ? "w" : "wb"));
if (fp != nullptr) {
bio = _BIO_new_fp(fp, use_pem, true);
if (bio == nullptr) {
// NOLINTNEXTLINE(cppcoreguidelines-owning-memory) fp owns fd:
fclose(fp);
}
}
else {
close(fd);
}
}
} }
if (bio == nullptr) { if (bio == nullptr) {
@ -214,35 +167,28 @@ void write_key(const EVP_PKEY_ptr& pkey, const std::string& keypath, const bool
throw std::runtime_error(errmsg); throw std::runtime_error(errmsg);
} }
int len = 0; if (use_pem) {
if (PEM_write_bio_PrivateKey(bio, pkey.get(), nullptr, nullptr, 0, nullptr, nullptr) != 1) {
auto* key = pkey.get(); BIO_free_all(bio);
switch (EVP_PKEY_base_id(key)) { // use same format as px5g: std::string errmsg{"write_key error: cannot write EVP pkey to "};
case EVP_PKEY_EC: errmsg += keypath.empty() ? "stdout" : keypath;
len = use_pem ? PEM_write_bio_ECPrivateKey(bio, EVP_PKEY_get0_EC_KEY(key), nullptr, errmsg += "\n";
nullptr, 0, nullptr, nullptr) ERR_print_errors_cb(print_error, &errmsg);
: i2d_ECPrivateKey_bio(bio, EVP_PKEY_get0_EC_KEY(key)); throw std::runtime_error(errmsg);
break; }
case EVP_PKEY_RSA: }
len = use_pem ? PEM_write_bio_RSAPrivateKey(bio, EVP_PKEY_get0_RSA(key), nullptr, else {
nullptr, 0, nullptr, nullptr) if (i2d_PrivateKey_bio(bio, pkey.get()) != 1) {
: i2d_RSAPrivateKey_bio(bio, EVP_PKEY_get0_RSA(key)); BIO_free_all(bio);
break; std::string errmsg{"write_key error: cannot write EVP pkey to "};
default: errmsg += keypath.empty() ? "stdout" : keypath;
len = use_pem errmsg += "\n";
? PEM_write_bio_PrivateKey(bio, key, nullptr, nullptr, 0, nullptr, nullptr) ERR_print_errors_cb(print_error, &errmsg);
: i2d_PrivateKey_bio(bio, key); throw std::runtime_error(errmsg);
}
} }
BIO_free_all(bio); BIO_free_all(bio);
if (len == 0) {
std::string errmsg{"write_key error: cannot write EVP pkey to "};
errmsg += keypath.empty() ? "stdout" : keypath;
errmsg += "\n";
ERR_print_errors_cb(print_error, &errmsg);
throw std::runtime_error(errmsg);
}
} }
auto subject2name(const std::string& subject) -> X509_NAME_ptr auto subject2name(const std::string& subject) -> X509_NAME_ptr