diff options
author | Sebastian Leske <sebastian.leske@sleske.name> | 2017-11-02 08:04:10 +0100 |
---|---|---|
committer | Sebastian Leske <sebastian.leske@sleske.name> | 2017-11-03 00:04:24 +0100 |
commit | 0621e4d79f5d89518d451969cc6b4b280ff0ab79 (patch) | |
tree | 77880f61bee039d7be05f618002248346b5ad6a8 | |
parent | 2b6c039494b54c4ef88f69e2b89388a1050912e3 (diff) | |
download | navit-0621e4d79f5d89518d451969cc6b4b280ff0ab79.tar.gz |
Fix:core:Remove binfile map encryption support
Remove support for decrypting an encrypted binfile map. The feature is
not used, and removing it will let us remove the problematic dependency
on OpenSSL (see trac 1350).
-rw-r--r-- | navit/attr_def.h | 2 | ||||
-rw-r--r-- | navit/file.c | 83 | ||||
-rw-r--r-- | navit/file.h | 1 | ||||
-rw-r--r-- | navit/map/binfile/binfile.c | 24 | ||||
-rw-r--r-- | navit/maptool/zip.c | 89 |
5 files changed, 4 insertions, 195 deletions
diff --git a/navit/attr_def.h b/navit/attr_def.h index 7e66ac3d2..9276e4d60 100644 --- a/navit/attr_def.h +++ b/navit/attr_def.h @@ -348,7 +348,7 @@ ATTR_UNUSED ATTR_UNUSED ATTR(status_text) ATTR(log_gpx_desc) -ATTR(map_pass) +ATTR_UNUSED ATTR_UNUSED ATTR(socket) /* These attributes for house number interpolation are only written by diff --git a/navit/file.c b/navit/file.c index 6764eafe1..8363b6a8b 100644 --- a/navit/file.c +++ b/navit/file.c @@ -46,14 +46,6 @@ extern char *version; -#ifdef HAVE_LIBCRYPTO -#include <openssl/sha.h> -#include <openssl/hmac.h> -#include <openssl/aes.h> -#include <openssl/evp.h> -#include <openssl/rand.h> -#endif - #ifdef CACHE_SIZE static GHashTable *file_name_hash; #endif @@ -555,81 +547,6 @@ file_data_read_compressed(struct file *file, long long offset, int size, int siz return ret; } -unsigned char * -file_data_read_encrypted(struct file *file, long long offset, int size, int size_uncomp, int compressed, char *passwd) -{ -#ifdef HAVE_LIBCRYPTO - void *ret; - unsigned char *buffer = 0; - uLongf destLen=size_uncomp; - - if (file->cache) { - struct file_cache_id id={offset,size,file->name_id,1}; - ret=cache_lookup(file_cache,&id); - if (ret) - return ret; - ret=cache_insert_new(file_cache,&id,size_uncomp); - } else - ret=g_malloc(size_uncomp); - lseek(file->fd, offset, SEEK_SET); - - buffer = (unsigned char *)g_malloc(size); - if (read(file->fd, buffer, size) != size) { - g_free(ret); - ret=NULL; - } else { - unsigned char key[34], salt[8], verify[2], counter[16], xor[16], mac[10], *datap; - int overhead=sizeof(salt)+sizeof(verify)+sizeof(mac); - int esize=size-overhead; - PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), (unsigned char *)buffer, 8, 1000, 34, key); - if (key[32] == buffer[8] && key[33] == buffer[9] && esize >= 0) { - AES_KEY aeskey; - AES_set_encrypt_key(key, 128, &aeskey); - datap=buffer+sizeof(salt)+sizeof(verify); - memset(counter, 0, sizeof(counter)); - while (esize > 0) { - int i,curr_size,idx=0; - do { - counter[idx]++; - } while (!counter[idx++]); - AES_encrypt(counter, xor, &aeskey); - curr_size=esize; - if (curr_size > sizeof(xor)) - curr_size=sizeof(xor); - for (i = 0 ; i < curr_size ; i++) - *datap++^=xor[i]; - esize-=curr_size; - } - size-=overhead; - datap=buffer+sizeof(salt)+sizeof(verify); - if (compressed) { - if (uncompress_int(ret, &destLen, (Bytef *)datap, size) != Z_OK) { - dbg(lvl_error,"uncompress failed\n"); - g_free(ret); - ret=NULL; - } - } else { - if (size == destLen) - memcpy(ret, buffer, destLen); - else { - dbg(lvl_error,"memcpy failed\n"); - g_free(ret); - ret=NULL; - } - } - } else { - g_free(ret); - ret=NULL; - } - } - g_free(buffer); - - return ret; -#else - return NULL; -#endif -} - void file_data_free(struct file *file, unsigned char *data) { diff --git a/navit/file.h b/navit/file.h index bb8b8bdd8..46dbc4c99 100644 --- a/navit/file.h +++ b/navit/file.h @@ -76,7 +76,6 @@ void file_data_flush(struct file *file, long long offset, int size); int file_data_write(struct file *file, long long offset, int size, const void *data); int file_get_contents(char *name, unsigned char **buffer, int *size); unsigned char *file_data_read_compressed(struct file *file, long long offset, int size, int size_uncomp); -unsigned char *file_data_read_encrypted(struct file *file, long long offset, int size, int size_uncomp, int compressed, char *passwd); void file_data_free(struct file *file, unsigned char *data); int file_exists(char const *name); void file_remap_readonly(struct file *f); diff --git a/navit/map/binfile/binfile.c b/navit/map/binfile/binfile.c index 9c6d9a2ef..93cbbd466 100644 --- a/navit/map/binfile/binfile.c +++ b/navit/map/binfile/binfile.c @@ -121,7 +121,6 @@ struct map_priv { int check_version; int map_version; GHashTable *changes; - char *passwd; char *map_release; int flags; char *url; @@ -363,7 +362,6 @@ binfile_read_lfh(struct file *fi, long long offset) static unsigned char * binfile_read_content(struct map_priv *m, struct file *fi, long long offset, struct zip_lfh *lfh) { - struct zip_enc *enc; unsigned char *ret=NULL; offset+=sizeof(struct zip_lfh)+lfh->zipfnln; @@ -376,23 +374,6 @@ binfile_read_content(struct map_priv *m, struct file *fi, long long offset, stru offset+=lfh->zipxtraln; ret=file_data_read_compressed(fi,offset, lfh->zipsize, lfh->zipuncmp); break; - case 99: - if (!m->passwd) - break; - enc=(struct zip_enc *)file_data_read(fi, offset, sizeof(*enc)); - offset+=lfh->zipxtraln; - switch (enc->compress_method) { - case 0: - ret=file_data_read_encrypted(fi, offset, lfh->zipsize, lfh->zipuncmp, 0, m->passwd); - break; - case 8: - ret=file_data_read_encrypted(fi, offset, lfh->zipsize, lfh->zipuncmp, 1, m->passwd); - break; - default: - dbg(lvl_error,"map file %s: unknown encrypted compression method %d\n", fi->name, enc->compress_method); - } - file_data_free(fi, (unsigned char *)enc); - break; default: dbg(lvl_error,"map file %s: unknown compression method %d\n", fi->name, lfh->zipmthd); } @@ -2822,7 +2803,7 @@ map_new_binfile(struct map_methods *meth, struct attr **attrs, struct callback_l { struct map_priv *m; struct attr *data=attr_search(attrs, NULL, attr_data); - struct attr *check_version,*map_pass,*flags,*url,*download_enabled; + struct attr *check_version,*flags,*url,*download_enabled; struct file_wordexp *wexp; char **wexp_data; if (! data) @@ -2841,9 +2822,6 @@ map_new_binfile(struct map_methods *meth, struct attr **attrs, struct callback_l check_version=attr_search(attrs, NULL, attr_check_version); if (check_version) m->check_version=check_version->u.num; - map_pass=attr_search(attrs, NULL, attr_map_pass); - if (map_pass) - m->passwd=g_strdup(map_pass->u.str); flags=attr_search(attrs, NULL, attr_flags); if (flags) m->flags=flags->u.num; diff --git a/navit/maptool/zip.c b/navit/maptool/zip.c index f352e6353..1a66e083a 100644 --- a/navit/maptool/zip.c +++ b/navit/maptool/zip.c @@ -26,11 +26,6 @@ #include "zipfile.h" #ifdef HAVE_LIBCRYPTO -#include <openssl/sha.h> -#include <openssl/hmac.h> -#include <openssl/aes.h> -#include <openssl/evp.h> -#include <openssl/rand.h> #include <openssl/md5.h> #endif @@ -43,7 +38,6 @@ struct zip_info { int zip64; short date; short time; - char *passwd; FILE *res2; FILE *index; FILE *dir; @@ -139,17 +133,6 @@ write_zipmember(struct zip_info *zip_info, char *name, int filelen, char *data, 0x8, zip_info->offset, }; -#ifdef HAVE_LIBCRYPTO - struct zip_enc enc = { - 0x9901, - 0x7, - 0x2, - 'A','E', - 0x1, - 0x0, - }; - unsigned char salt[8], key[34], verify[2], mac[10]; -#endif char *filename; int crc=0,len,comp_size=data_size; uLongf destlen=data_size+data_size/500+12; @@ -160,19 +143,8 @@ write_zipmember(struct zip_info *zip_info, char *name, int filelen, char *data, fprintf(stderr, "No more memory.\n"); exit (1); } -#ifdef HAVE_LIBCRYPTO - if (zip_info->passwd) { - RAND_bytes(salt, sizeof(salt)); - PKCS5_PBKDF2_HMAC_SHA1(zip_info->passwd, strlen(zip_info->passwd), salt, sizeof(salt), 1000, sizeof(key), key); - verify[0]=key[32]; - verify[1]=key[33]; - } else { -#endif - crc=crc32(0, NULL, 0); - crc=crc32(crc, (unsigned char *)data, data_size); -#ifdef HAVE_LIBCRYPTO - } -#endif + crc=crc32(0, NULL, 0); + crc=crc32(crc, (unsigned char *)data, data_size); lfh.zipmthd=zip_info->compression_level ? 8:0; #ifdef HAVE_ZLIB if (zip_info->compression_level) { @@ -191,15 +163,6 @@ write_zipmember(struct zip_info *zip_info, char *name, int filelen, char *data, lfh.zipcrc=crc; lfh.zipsize=comp_size; lfh.zipuncmp=data_size; -#ifdef HAVE_LIBCRYPTO - if (zip_info->passwd) { - enc.compress_method=lfh.zipmthd; - lfh.zipmthd=99; - lfh.zipxtraln+=sizeof(enc); - lfh.zipgenfld|=1; - lfh.zipsize+=sizeof(salt)+sizeof(verify)+sizeof(mac); - } -#endif cd.zipccrc=crc; cd.zipcsiz=lfh.zipsize; cd.zipcunc=data_size; @@ -208,13 +171,6 @@ write_zipmember(struct zip_info *zip_info, char *name, int filelen, char *data, cd.zipofst=0xffffffff; cd.zipcxtl+=sizeof(cd_ext); } -#ifdef HAVE_LIBCRYPTO - if (zip_info->passwd) { - cd.zipcmthd=99; - cd.zipcxtl+=sizeof(enc); - cd.zipcflg|=1; - } -#endif filename=g_alloca(filelen+1); strcpy(filename, name); len=strlen(filename); @@ -225,43 +181,8 @@ write_zipmember(struct zip_info *zip_info, char *name, int filelen, char *data, zip_write(zip_info, &lfh, sizeof(lfh)); zip_write(zip_info, filename, filelen); zip_info->offset+=sizeof(lfh)+filelen; -#ifdef HAVE_LIBCRYPTO - if (zip_info->passwd) { - unsigned char counter[16], xor[16], *datap=(unsigned char *)data; - int size=comp_size; - AES_KEY aeskey; - zip_write(zip_info, &enc, sizeof(enc)); - zip_write(zip_info, salt, sizeof(salt)); - zip_write(zip_info, verify, sizeof(verify)); - zip_info->offset+=sizeof(enc)+sizeof(salt)+sizeof(verify); - AES_set_encrypt_key(key, 128, &aeskey); - memset(counter, 0, sizeof(counter)); - while (size > 0) { - int i,curr_size,idx=0; - do { - counter[idx]++; - } while (!counter[idx++]); - AES_encrypt(counter, xor, &aeskey); - curr_size=size; - if (curr_size > sizeof(xor)) - curr_size=sizeof(xor); - for (i = 0 ; i < curr_size ; i++) - *datap++^=xor[i]; - size-=curr_size; - } - } -#endif zip_write(zip_info, data, comp_size); zip_info->offset+=comp_size; -#ifdef HAVE_LIBCRYPTO - if (zip_info->passwd) { - unsigned int maclen=sizeof(mac); - unsigned char mactmp[maclen*2]; - HMAC(EVP_sha1(), key+16, 16, (unsigned char *)data, comp_size, mactmp, &maclen); - zip_write(zip_info, mactmp, sizeof(mac)); - zip_info->offset+=sizeof(mac); - } -#endif dbg_assert(fwrite(&cd, sizeof(cd), 1, zip_info->dir)==1); dbg_assert(fwrite(filename, filelen, 1, zip_info->dir)==1); zip_info->dir_size+=sizeof(cd)+filelen; @@ -269,12 +190,6 @@ write_zipmember(struct zip_info *zip_info, char *name, int filelen, char *data, dbg_assert(fwrite(&cd_ext, sizeof(cd_ext), 1, zip_info->dir)==1); zip_info->dir_size+=sizeof(cd_ext); } -#ifdef HAVE_LIBCRYPTO - if (zip_info->passwd) { - dbg_assert(fwrite(&enc, sizeof(enc), 1, zip_info->dir)==1); - zip_info->dir_size+=sizeof(enc); - } -#endif free(compbuffer); } |