From cc4c5e295f5467edf91bb355e3cd525b3279be31 Mon Sep 17 00:00:00 2001
From: Richard Weinberger <richard@nod.at>
Date: Thu, 18 Oct 2018 16:37:16 +0200
Subject: mkfs.ubifs: Enable support for building without crypto

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 Makefile.am                         |  4 +++
 configure.ac                        | 27 +++++++++++++--
 ubifs-utils/Makemodule.am           | 10 ++++--
 ubifs-utils/mkfs.ubifs/crypto.h     | 11 +++----
 ubifs-utils/mkfs.ubifs/fscrypt.h    | 65 ++++++++++++++++++++++++++++++++-----
 ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 56 +++++++++++++++++++++++++++++---
 6 files changed, 148 insertions(+), 25 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 391edef..1bc4684 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,6 +14,10 @@ if WITH_SELINUX
 AM_CPPFLAGS += -DWITH_SELINUX
 endif
 
+if WITH_CRYPTO
+AM_CPPFLAGS += -DWITH_CRYPTO
+endif
+
 sbin_PROGRAMS =
 sbin_SCRIPTS =
 check_PROGRAMS =
diff --git a/configure.ac b/configure.ac
index 346fcbd..d5abb14 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,7 +69,7 @@ need_lzo="no"
 need_xattr="no"
 need_cmocka="no"
 need_selinux="no"
-
+need_openssl="no"
 
 AM_COND_IF([UNIT_TESTS], [
 	need_cmocka="yes"
@@ -115,8 +115,6 @@ AC_ARG_ENABLE([lsmtd],
 	esac],
 	[AM_CONDITIONAL([BUILD_LSMTD], [true])])
 
-AC_CHECK_HEADER(openssl/rand.h)
-
 AC_ARG_WITH([jffs],
 	[AS_HELP_STRING([--without-jffs], [Disable jffsX utilities])],
 	[case "${withval}" in
@@ -140,6 +138,7 @@ AM_COND_IF([BUILD_UBIFS], [
 	need_xattr="yes"
 	need_zlib="yes"
 	need_lzo="yes"
+	need_openssl="yes"
 ])
 
 AM_COND_IF([BUILD_JFFSX], [
@@ -174,6 +173,15 @@ AC_ARG_WITH([selinux],
 	*) AC_MSG_ERROR([bad value ${withval} for --with-selinux]) ;;
 	esac])
 
+AC_ARG_WITH([crypto],
+	[AS_HELP_STRING([--without-crypto],
+		[Disable support for UBIFS crypto features])],
+	[case "${withval}" in
+	yes) ;;
+	no) need_openssl="no";;
+	*) AC_MSG_ERROR([bad value ${withval} for --without-crypto]) ;;
+	esac])
+
 ##### search for dependencies #####
 
 clock_gettime_missing="no"
@@ -184,6 +192,7 @@ lzo_missing="no"
 xattr_missing="no"
 cmocka_missing="no"
 selinux_missing="no"
+openssl_missing="no"
 
 if test "x$need_zlib" = "xyes"; then
 	PKG_CHECK_MODULES(ZLIB, [zlib], [], [zlib_missing="yes"])
@@ -226,6 +235,11 @@ if test "x$need_selinux" = "xyes"; then
 	AC_CHECK_HEADERS([selinux/label.h], [], [selinux_missing="yes"])
 fi
 
+if test "x$need_openssl" = "xyes"; then
+	AC_CHECK_HEADER(openssl/rand.h)
+	PKG_CHECK_MODULES(OPENSSL, [openssl], [], [openssl_missing="yes"])
+fi
+
 if test "x$need_cmocka" = "xyes"; then
 	PKG_CHECK_MODULES(CMOCKA, [cmocka], [], [cmocka_missing="yes"])
 fi
@@ -281,6 +295,12 @@ if test "x$selinux_missing" = "xyes"; then
 	need_selinux="no"
 fi
 
+if test "x$openssl_missing" = "xyes"; then
+	AC_MSG_WARN([cannot find headers for OpenSSL library])
+	AC_MSG_WARN([disabling OpenSSL support])
+	need_openssl="no"
+fi
+
 if test "x$cmocka_missing" = "xyes"; then
 	AC_MSG_WARN([cannot find CMocka library required for unit tests])
 	AC_MSG_NOTICE([unit tests can optionally be disabled])
@@ -296,6 +316,7 @@ fi
 AM_CONDITIONAL([WITHOUT_LZO], [test "x$need_lzo" != "xyes"])
 AM_CONDITIONAL([WITHOUT_XATTR], [test "x$need_xattr" != "xyes"])
 AM_CONDITIONAL([WITH_SELINUX], [test "x$need_selinux" == "xyes"])
+AM_CONDITIONAL([WITH_CRYPTO], [test "x$need_openssl" == "xyes"])
 
 AC_CHECK_SIZEOF([off_t])
 AC_CHECK_SIZEOF([loff_t])
diff --git a/ubifs-utils/Makemodule.am b/ubifs-utils/Makemodule.am
index 5905a2b..b8e4075 100644
--- a/ubifs-utils/Makemodule.am
+++ b/ubifs-utils/Makemodule.am
@@ -10,15 +10,19 @@ mkfs_ubifs_SOURCES = \
 	ubifs-utils/mkfs.ubifs/crc16.c \
 	ubifs-utils/mkfs.ubifs/lpt.c \
 	ubifs-utils/mkfs.ubifs/compr.c \
-	ubifs-utils/mkfs.ubifs/crypto.c \
-	ubifs-utils/mkfs.ubifs/fscrypt.c \
 	ubifs-utils/mkfs.ubifs/hashtable/hashtable.h \
 	ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.h \
 	ubifs-utils/mkfs.ubifs/hashtable/hashtable_private.h \
 	ubifs-utils/mkfs.ubifs/hashtable/hashtable.c \
 	ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.c \
 	ubifs-utils/mkfs.ubifs/devtable.c
-mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) -lm -lssl -lcrypto
+
+if WITH_CRYPTO
+mkfs_ubifs_SOURCES += ubifs-utils/mkfs.ubifs/crypto.c \
+		ubifs-utils/mkfs.ubifs/fscrypt.c
+endif
+
+mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) $(OPENSSL_LIBS) -lm
 mkfs_ubifs_CPPFLAGS = $(AM_CPPFLAGS) $(ZLIB_CFLAGS) $(LZO_CFLAGS) $(UUID_CFLAGS) $(LIBSELINUX_CFLAGS)\
 	-I$(top_srcdir)/ubi-utils/include -I$(top_srcdir)/ubifs-utils/mkfs.ubifs/
 
diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h
index f275839..b6ffad1 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.h
+++ b/ubifs-utils/mkfs.ubifs/crypto.h
@@ -41,19 +41,18 @@ struct cipher {
 	unsigned int fscrypt_fname_mode;
 };
 
-
+#ifdef WITH_CRYPTO
 int crypto_init(void);
-
 void crypto_cleanup(void);
-
 ssize_t derive_key_aes(const void *deriving_key, const void *source_key,
 		       size_t source_key_len, void *derived_key);
-
 int derive_key_descriptor(const void *source_key, void *descriptor);
-
 struct cipher *get_cipher(const char *name);
-
 void list_ciphers(FILE *fp);
+#else
+static inline int crypto_init(void) { return 0;}
+static inline void crypto_cleanup(void) {}
+#endif /* WITH_CRYPTO */
 
 #endif /* UBIFS_CRYPTO_H */
 
diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h
index e3cfee5..3b717b4 100644
--- a/ubifs-utils/mkfs.ubifs/fscrypt.h
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.h
@@ -97,27 +97,76 @@ struct fscrypt_symlink_data {
 #define FS_IV_SIZE 16
 #endif
 
+#ifdef WITH_CRYPTO
 unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx);
-
 struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx);
-
 void free_fscrypt_context(struct fscrypt_context *fctx);
-
 void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx);
-
 unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx,
 					  unsigned int ilen);
-
 int encrypt_path(void **outbuf, void *data, unsigned int data_len,
 		 unsigned int max_namelen, struct fscrypt_context *fctx);
-
 int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no,
 		      struct ubifs_data_node *dn, size_t length);
-
 struct fscrypt_context *init_fscrypt_context(const char *cipher_name,
 					     unsigned int flags,
 					     const char *key_file,
 					     const char *key_descriptor);
-
+#else
+static inline struct fscrypt_context *init_fscrypt_context(
+					const char *cipher_name,
+					unsigned int flags,
+					const char *key_file,
+					const char *key_descriptor)
+{
+	(void)cipher_name;
+	(void)flags;
+	(void)key_file;
+	(void)key_descriptor;
+
+	assert(0);
+	return NULL;
+}
+
+static inline void free_fscrypt_context(struct fscrypt_context *fctx)
+{
+	(void)fctx;
+
+	assert(0);
+}
+
+static inline int encrypt_path(void **outbuf, void *data, unsigned int data_len,
+		 unsigned int max_namelen, struct fscrypt_context *fctx)
+{
+	(void)outbuf;
+	(void)data;
+	(void)data_len;
+	(void)max_namelen;
+	(void)fctx;
+
+	assert(0);
+	return -1;
+}
+
+static inline int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no,
+		      struct ubifs_data_node *dn, size_t length)
+{
+	(void)fctx;
+	(void)block_no;
+	(void)dn;
+	(void)length;
+
+	assert(0);
+	return -1;
+}
+
+static inline struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx)
+{
+	(void)fctx;
+
+	assert(0);
+	return NULL;
+}
+#endif /* WITH_CRYPTO */
 #endif /* FSCRYPT_H */
 
diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
index e4204da..7073bf0 100644
--- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
+++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
@@ -508,9 +508,12 @@ static int get_options(int argc, char**argv)
 {
 	int opt, i, fscrypt_flags = FS_POLICY_FLAGS_PAD_4;
 	const char *key_file = NULL, *key_desc = NULL;
-	const char *tbl_file = NULL, *cipher_name = "AES-128-CBC";
+	const char *tbl_file = NULL;
 	struct stat st;
 	char *endp;
+#ifdef WITH_CRYPTO
+	const char *cipher_name;
+#endif
 
 	c->fanout = 8;
 	c->orph_lebs = 1;
@@ -587,8 +590,10 @@ static int get_options(int argc, char**argv)
 			exit(EXIT_SUCCESS);
 		case '?':
 			printf("%s", helptext);
+#ifdef WITH_CRYPTO
 			printf("\n\nSupported ciphers:\n");
 			list_ciphers(stdout);
+#endif
 			exit(-1);
 		case 'v':
 			verbose = 1;
@@ -729,7 +734,11 @@ static int get_options(int argc, char**argv)
 			break;
 		}
 		case 'C':
+#ifdef WITH_CRYPTO
 			cipher_name = optarg;
+#else
+			return err_msg("mkfs.ubifs was built without crypto support.");
+#endif
 			break;
 		}
 	}
@@ -748,20 +757,26 @@ static int get_options(int argc, char**argv)
 		if (c->max_leb_cnt == -1)
 			c->max_leb_cnt = c->vi.rsvd_lebs;
 	}
-
 	if (key_file || key_desc) {
+#ifdef WITH_CRYPTO
 		if (!key_file)
 			return err_msg("no key file specified");
 
 		c->double_hash = 1;
 		c->encrypted = 1;
 
+		if (cipher_name == NULL)
+			cipher_name = "AES-128-CBC";
+
 		root_fctx = init_fscrypt_context(cipher_name, fscrypt_flags,
 						key_file, key_desc);
 		if (!root_fctx)
 			return -1;
 
 		print_fscrypt_master_key_descriptor(root_fctx);
+#else
+		return err_msg("mkfs.ubifs was built without crypto support.");
+#endif
 	}
 
 	if (c->min_io_size == -1)
@@ -1385,6 +1400,7 @@ static inline int inode_add_selinux_xattr(struct ubifs_ino_node *host_ino,
 }
 #endif
 
+#ifdef WITH_CRYPTO
 static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum,
 			       struct stat *host_st,
 			       struct fscrypt_context *fctx)
@@ -1421,6 +1437,31 @@ static int encrypt_symlink(void *dst, void *data, unsigned int data_len,
 	free(sd);
 	return link_disk_len;
 }
+#else
+static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum,
+			       struct stat *host_st,
+			       struct fscrypt_context *fctx)
+{
+	(void)host_ino;
+	(void)inum;
+	(void)host_st;
+	(void)fctx;
+
+	assert(0);
+	return -1;
+}
+static int encrypt_symlink(void *dst, void *data, unsigned int data_len,
+			   struct fscrypt_context *fctx)
+{
+	(void)dst;
+	(void)data;
+	(void)data_len;
+	(void)fctx;
+
+	assert(0);
+	return -1;
+}
+#endif
 
 /**
  * add_inode - write an inode.
@@ -1582,9 +1623,11 @@ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum,
 
 static void set_dent_cookie(struct ubifs_dent_node *dent)
 {
+#ifdef WITH_CRYPTO
 	if (c->double_hash)
 		RAND_bytes((void *)&dent->cookie, sizeof(dent->cookie));
 	else
+#endif
 		dent->cookie = 0;
 }
 
@@ -1981,7 +2024,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st,
 
 		inum = ++c->highest_inum;
 
-		new_fctx = inherit_fscrypt_context(fctx);
+		if (fctx)
+			new_fctx = inherit_fscrypt_context(fctx);
 
 		if (S_ISDIR(dent_st.st_mode)) {
 			err = add_directory(name, inum, &dent_st, 1, new_fctx);
@@ -2006,7 +2050,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st,
 		size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(entry->d_name) + 1,
 			      8);
 
-		free_fscrypt_context(new_fctx);
+		if (new_fctx)
+			free_fscrypt_context(new_fctx);
 	}
 
 	/*
@@ -2068,7 +2113,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st,
 		size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(nh_elt->name) + 1, 8);
 
 		nh_elt = next_name_htbl_element(ph_elt, &itr);
-		free_fscrypt_context(new_fctx);
+		if (new_fctx)
+			free_fscrypt_context(new_fctx);
 	}
 
 	creat_sqnum = dir_creat_sqnum;
-- 
cgit v1.2.3