From 9b7155d5f3f40a8f096c9f6cdd6666d12e95c77a Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sat, 18 Feb 2017 15:06:38 +0100 Subject: [PATCH] libopkg: remove OpenSSL support Signed-off-by: Jo-Philipp Wich --- libopkg/opkg.c | 2 +- libopkg/opkg_cmd.c | 2 +- libopkg/opkg_conf.c | 4 -- libopkg/opkg_download.c | 144 ---------------------------------------- libopkg/opkg_install.c | 2 +- 5 files changed, 3 insertions(+), 151 deletions(-) diff --git a/libopkg/opkg.c b/libopkg/opkg.c index c58d54d..2e5d01e 100644 --- a/libopkg/opkg.c +++ b/libopkg/opkg.c @@ -588,7 +588,7 @@ opkg_update_package_lists(opkg_progress_callback_t progress_callback, } free(url); -#if defined(HAVE_OPENSSL) || defined(HAVE_USIGN) +#if defined(HAVE_USIGN) if (conf->check_signature) { char *sig_file_name; /* download detached signitures to verify the package lists */ diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c index 427b356..a972553 100644 --- a/libopkg/opkg_cmd.c +++ b/libopkg/opkg_cmd.c @@ -142,7 +142,7 @@ static int opkg_update_cmd(int argc, char **argv) list_file_name); } free(url); -#if defined(HAVE_OPENSSL) || defined(HAVE_USIGN) +#if defined(HAVE_USIGN) if (pkglist_dl_error == 0 && conf->check_signature) { /* download detached signitures to verify the package lists */ /* get the url for the sig file */ diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c index bed4d14..589fc49 100644 --- a/libopkg/opkg_conf.c +++ b/libopkg/opkg_conf.c @@ -70,10 +70,6 @@ opkg_option_t options[] = { {"size", OPKG_OPT_TYPE_BOOL, &_conf.size}, {"tmp_dir", OPKG_OPT_TYPE_STRING, &_conf.tmp_dir}, {"verbosity", OPKG_OPT_TYPE_INT, &_conf.verbosity}, -#if defined(HAVE_OPENSSL) - {"signature_ca_file", OPKG_OPT_TYPE_STRING, &_conf.signature_ca_file}, - {"signature_ca_path", OPKG_OPT_TYPE_STRING, &_conf.signature_ca_path}, -#endif {NULL, 0, NULL} }; diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index f1553ab..148d08b 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -31,29 +31,6 @@ #include "opkg_defines.h" #include "libbb/libbb.h" -#if defined(HAVE_OPENSSL) -#include -#include -#include -#include -#endif - -#if defined(HAVE_OPENSSL) -#include -#include -#include -#include -#include -#endif - -#if defined(HAVE_OPENSSL) -static void openssl_init(void); -#endif - -#ifdef HAVE_OPENSSL -static X509_STORE *setup_verify(char *CAfile, char *CApath); -#endif - static int str_starts_with(const char *str, const char *prefix) { return (strncmp(str, prefix, strlen(prefix)) == 0); @@ -333,57 +310,6 @@ int opkg_verify_file(char *text_file, char *sig_file) return -1; return 0; -#elif defined HAVE_OPENSSL - X509_STORE *store = NULL; - PKCS7 *p7 = NULL; - BIO *in = NULL, *indata = NULL; - - // Sig check failed by default ! - int status = -1; - - openssl_init(); - - // Set-up the key store - if (! - (store = - setup_verify(conf->signature_ca_file, conf->signature_ca_path))) { - opkg_msg(ERROR, "Can't open CA certificates.\n"); - goto verify_file_end; - } - // Open a BIO to read the sig file - if (!(in = BIO_new_file(sig_file, "rb"))) { - opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file); - goto verify_file_end; - } - // Read the PKCS7 block contained in the sig file - p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - if (!p7) { - opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n", - sig_file); - goto verify_file_end; - } - - // Open the Package file to authenticate - if (!(indata = BIO_new_file(text_file, "rb"))) { - opkg_msg(ERROR, "Can't open file %s.\n", text_file); - goto verify_file_end; - } - // Let's verify the autenticity ! - if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1) { - // Get Off My Lawn! - opkg_msg(ERROR, "Verification failure.\n"); - } else { - // Victory ! - status = 0; - } - -verify_file_end: - BIO_free(in); - BIO_free(indata); - PKCS7_free(p7); - X509_STORE_free(store); - - return status; #else /* mute `unused variable' warnings. */ (void)sig_file; @@ -392,73 +318,3 @@ verify_file_end: return 0; #endif } - -#if defined(HAVE_OPENSSL) -static void openssl_init(void) -{ - static int init = 0; - - if (!init) { - OPENSSL_config(NULL); - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - init = 1; - } -} - -#endif - -#if defined HAVE_OPENSSL -static X509_STORE *setup_verify(char *CAfile, char *CApath) -{ - X509_STORE *store = NULL; - X509_LOOKUP *lookup = NULL; - - if (!(store = X509_STORE_new())) { - // Something bad is happening... - goto end; - } - // adds the X509 file lookup method - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (lookup == NULL) { - goto end; - } - // Autenticating against one CA file - if (CAfile) { - if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) { - // Invalid CA => Bye bye - opkg_msg(ERROR, "Error loading file %s.\n", CAfile); - goto end; - } - } else { - X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); - } - - // Now look into CApath directory if supplied - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); - if (lookup == NULL) { - goto end; - } - - if (CApath) { - if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) { - opkg_msg(ERROR, "Error loading directory %s.\n", - CApath); - goto end; - } - } else { - X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); - } - - // All right ! - ERR_clear_error(); - return store; - -end: - - X509_STORE_free(store); - return NULL; - -} - -#endif diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c index 6dd21fe..e18c7c6 100644 --- a/libopkg/opkg_install.c +++ b/libopkg/opkg_install.c @@ -1344,7 +1344,7 @@ int opkg_install_pkg(pkg_t * pkg, int from_upgrade) } /* check that the repository is valid */ -#if defined(HAVE_OPENSSL) || defined(HAVE_USIGN) +#if defined(HAVE_USIGN) char *list_file_name, *sig_file_name, *lists_dir; /* check to ensure the package has come from a repository */ -- 2.25.1