Merge pull request #99 from openwrtdiy/openwrt-23.05

Openwrt 23.05

package/utils/px5g-mbedtls/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g-mbedtls
-PKG_RELEASE:=9
+PKG_RELEASE:=10
 PKG_LICENSE:=LGPL-2.1
 
 PKG_BUILD_FLAGS:=no-mips16

package/utils/px5g-mbedtls/px5g-mbedtls.c

@@ -30,6 +30,7 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <stdbool.h>
+#include <errno.h>
 
 #include <mbedtls/bignum.h>
 #include <mbedtls/entropy.h>
@@ -55,10 +56,13 @@ static int _urandom(void *ctx, unsigned char *out, size_t len)
 	return 0;
 }
 
-static void write_file(const char *path, int len, bool pem)
+static void write_file(const char *path, size_t len, bool pem, bool cert)
 {
-	FILE *f = stdout;
+	mode_t mode = S_IRUSR | S_IWUSR;
 	const char *buf_start = buf;
+	int fd = STDERR_FILENO;
+	ssize_t written;
+	int err;
 
 	if (!pem)
 		buf_start += sizeof(buf) - len;
@@ -67,17 +71,30 @@ static void write_file(const char *path, int len, bool pem)
 		fprintf(stderr, "No data to write\n");
 		exit(1);
 	}
+
+	if (cert)
+		mode |= S_IRGRP | S_IROTH;
 
-	if (!f) {
+	if (path)
+		fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, mode);
+
+	if (fd < 0) {
 		fprintf(stderr, "error: I/O error\n");
 		exit(1);
 	}
 
+	written = write(fd, buf_start, len);
+	if (written != len) {
+		fprintf(stderr, "writing key failed with: %s\n", strerror(errno));
+		exit(1);
+	}
+	err = fsync(fd);
+	if (err < 0) {
+		fprintf(stderr, "syncing key failed with: %s\n", strerror(errno));
+		exit(1);
+	}
 	if (path)
-		f = fopen(path, "w");
-
-	fwrite(buf_start, 1, len, f);
-	fclose(f);
+		close(fd);
 }
 
 static mbedtls_ecp_group_id ecp_curve(const char *name)
@@ -110,7 +127,7 @@ static void write_key(mbedtls_pk_context *key, const char *path, bool pem)
 			len = 0;
 	}
 
-	write_file(path, len, pem);
+	write_file(path, len, pem, false);
 }
 
 static void gen_key(mbedtls_pk_context *key, bool rsa, int ksize, int exp,
@@ -301,7 +318,7 @@ int selfsigned(char **arg)
 			return 1;
 		}
 	}
-	write_file(certpath, len, pem);
+	write_file(certpath, len, pem, true);
 
 	mbedtls_x509write_crt_free(&cert);
 	mbedtls_mpi_free(&serial);

package/utils/px5g-wolfssl/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g-wolfssl
-PKG_RELEASE:=8.2
+PKG_RELEASE:=9
 PKG_LICENSE:=GPL-2.0-or-later
 
 PKG_BUILD_FLAGS:=no-mips16

package/utils/px5g-wolfssl/px5g-wolfssl.c

@@ -7,6 +7,8 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
 #include <wolfssl/options.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
@@ -24,27 +26,38 @@ enum {
   RSA_KEY_TYPE = 1,
 };
 
-int write_file(byte *buf, int bufSz, char *path) {
-  int ret;
-  FILE *file;
+int write_file(byte *buf, int bufSz, char *path, bool cert) {
+  mode_t mode = S_IRUSR | S_IWUSR;
+  ssize_t written;
+  int err;
+  int fd;
+
+  if (cert)
+    mode |= S_IRGRP | S_IROTH;
+
   if (path) {
-    file = fopen(path, "wb");
-    if (file == NULL) {
+    fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, mode);
+    if (fd < 0) {
       perror("Error opening file");
       exit(1);
     }
   } else {
-    file = stdout;
+    fd = STDERR_FILENO;
   }
-  ret = (int)fwrite(buf, 1, bufSz, file);
-  if (path) {
-    fclose(file);
+  written = write(fd, buf, bufSz);
+  if (written != bufSz) {
+    perror("Error write file");
+    exit(1);
   }
-  if (ret > 0) {
-    /* ret > 0 indicates a successful file write, set to zero for return */
-    ret = 0;
+  err = fsync(fd);
+  if (err < 0) {
+    perror("Error fsync file");
+    exit(1);
   }
-  return ret;
+  if (path) {
+    close(fd);
+  }
+  return 0;
 }
 
 int write_key(ecc_key *ecKey, RsaKey *rsaKey, int type, int keySz, char *fName,
@@ -73,9 +86,9 @@ int write_key(ecc_key *ecKey, RsaKey *rsaKey, int type, int keySz, char *fName,
       fprintf(stderr, "DER to PEM failed: %d\n", ret);
     }
     pemSz = ret;
-    ret = write_file(pem, pemSz, fName);
+    ret = write_file(pem, pemSz, fName, false);
   } else {
-    ret = write_file(der, derSz, fName);
+    ret = write_file(der, derSz, fName, false);
   }
   return ret;
 }
@@ -281,7 +294,7 @@ int selfsigned(WC_RNG *rng, char **arg) {
   }
   pemSz = ret;
 
-  ret = write_file(pemBuf, pemSz, certpath);
+  ret = write_file(pemBuf, pemSz, certpath, true);
   if (ret != 0) {
     fprintf(stderr, "Write Cert failed: %d\n", ret);
     return ret;