From 61d97b9e3faf0cb199293139879eff77b9731b41 Mon Sep 17 00:00:00 2001 From: Vivek Kumar Dutta Date: Thu, 28 Dec 2023 16:05:34 +0530 Subject: [PATCH] Removed mbedtls and wolfssl support --- libbbfdm/CMakeLists.txt | 28 +------ libbbfdm/dmcommon.c | 43 ---------- libbbfdm/dmtree/tr181/device.c | 2 - libbbfdm/dmtree/tr181/security.c | 140 +------------------------------ libbbfdm/dmtree/tr181/security.h | 2 - 5 files changed, 2 insertions(+), 213 deletions(-) diff --git a/libbbfdm/CMakeLists.txt b/libbbfdm/CMakeLists.txt index 920b9eea..dd988c06 100644 --- a/libbbfdm/CMakeLists.txt +++ b/libbbfdm/CMakeLists.txt @@ -13,14 +13,6 @@ OPTION(BBF_TR143 "build with tr143 datamodel" ON) OPTION(BBF_TR471 "build with tr471 datamodel" ON) OPTION(BBF_VENDOR_EXTENSION "build with vendor extension enabled" ON) OPTION(BBF_WIFI_DATAELEMENTS "build with wifi dataelements datamodel" ON) -OPTION(WITH_WOLFSSL "build with lib wolfssl" OFF) -OPTION(WITH_OPENSSL "build with lib openssl" OFF) -OPTION(WITH_MBEDTLS "build with lib mbedtls" OFF) - -IF(NOT WITH_WOLFSSL AND NOT WITH_OPENSSL AND NOT WITH_MBEDTLS) - MESSAGE(WARNING "NO SSL library selected: {'WOLFSSL','OPENSSL','MBEDTLS'}, proceeding with OPENSSL") - SET(WITH_OPENSSL ON) -ENDIF() SET(BBF_DM_SOURCES dmcommon.c) @@ -49,24 +41,6 @@ IF(BBF_TR471) add_compile_definitions(BBF_TR471) ENDIF(BBF_TR471) -IF(WITH_WOLFSSL) - SET(SSL_LIBS wolfssl) - SET(CRYPTO_LIBS crypto) - add_compile_definitions(LWOLFSSL) -ENDIF(WITH_WOLFSSL) - -IF(WITH_OPENSSL) - SET(SSL_LIBS ssl) - SET(CRYPTO_LIBS crypto) - add_compile_definitions(LOPENSSL) -ENDIF(WITH_OPENSSL) - -IF(WITH_MBEDTLS) - SET(SSL_LIBS mbedtls) - SET(CRYPTO_LIBS mbedcrypto) - add_compile_definitions(LMBEDTLS) -ENDIF(WITH_MBEDTLS) - IF(BBF_VENDOR_EXTENSION) SET(BBF_VENDOR_EXTENSION_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/dmtree/vendor/vendor.c) ADD_DEFINITIONS(-DBBF_VENDOR_LIST="${BBF_VENDOR_LIST}") @@ -87,7 +61,7 @@ ENDIF(BBF_VENDOR_EXTENSION) ADD_LIBRARY(bbfdm SHARED ${BBF_DM_SOURCES} ${BBF_TR181_SOURCES} ${BBF_TR143_SOURCES} ${BBF_TR471_SOURCES} ${BBF_VENDOR_EXTENSION_SOURCES}) -TARGET_LINK_LIBRARIES(bbfdm uci ubus ubox json-c blobmsg_json curl m bbfdm-api ${SSL_LIBS} ${CRYPTO_LIBS}) +TARGET_LINK_LIBRARIES(bbfdm uci ubus ubox json-c blobmsg_json curl m bbfdm-api ssl crypto) INSTALL(TARGETS bbfdm LIBRARY DESTINATION usr/lib) diff --git a/libbbfdm/dmcommon.c b/libbbfdm/dmcommon.c index 5702ffe8..57a7103d 100644 --- a/libbbfdm/dmcommon.c +++ b/libbbfdm/dmcommon.c @@ -12,20 +12,8 @@ #include #include -#ifdef LOPENSSL #include #include -#endif - -#ifdef LWOLFSSL -#include -#include -#include -#endif - -#ifdef LMBEDTLS -#include -#endif #include "dmcommon.h" @@ -233,54 +221,27 @@ const bool validate_hash_value(const char *algo, const char *file_path, const ch unsigned int bytes = 0; FILE *file; -#ifdef LMBEDTLS - mbedtls_md_context_t enpctx; - mbedtls_md_context_t *mdctx = &enpctx; - const mbedtls_md_info_t *md; - unsigned char md_value[MBEDTLS_MD_MAX_SIZE]; -#else EVP_MD_CTX *mdctx; const EVP_MD *md; unsigned char md_value[EVP_MAX_MD_SIZE]; -#endif file = fopen(file_path, "rb"); if (!file) return false; -#ifndef LMBEDTLS - // makes all algorithms available to the EVP* routines - OpenSSL_add_all_algorithms(); -#endif - -#ifdef LMBEDTLS - md = mbedtls_md_info_from_string(algo); - mbedtls_md_init(mdctx); - mbedtls_md_init_ctx(mdctx, md); -#else md = EVP_get_digestbyname(algo); mdctx = EVP_MD_CTX_create(); EVP_DigestInit_ex(mdctx, md, NULL); -#endif if (md == NULL) goto end; while ((bytes = fread (buffer, 1, sizeof(buffer), file))) { -#ifdef LMBEDTLS - mbedtls_md_update(mdctx, buffer, bytes); -#else EVP_DigestUpdate(mdctx, buffer, bytes); -#endif } -#ifdef LMBEDTLS - mbedtls_md_finish(mdctx, md_value); - bytes = mbedtls_md_get_size(md); -#else bytes = 0; EVP_DigestFinal_ex(mdctx, md_value, &bytes); -#endif for (int i = 0; i < bytes; i++) snprintf(&hash[i * 2], sizeof(hash) - (i * 2), "%02x", md_value[i]); @@ -289,12 +250,8 @@ const bool validate_hash_value(const char *algo, const char *file_path, const ch res = true; end: -#ifdef LMBEDTLS - mbedtls_md_free(mdctx); -#else EVP_MD_CTX_destroy(mdctx); EVP_cleanup(); -#endif fclose(file); return res; diff --git a/libbbfdm/dmtree/tr181/device.c b/libbbfdm/dmtree/tr181/device.c index 9b34bf01..f12791e6 100644 --- a/libbbfdm/dmtree/tr181/device.c +++ b/libbbfdm/dmtree/tr181/device.c @@ -122,9 +122,7 @@ DMOBJ tDeviceObj[] = { {"DynamicDNS", &DMREAD, NULL, NULL, "file:/etc/config/ddns", NULL, NULL, NULL, tDynamicDNSObj, tDynamicDNSParams, NULL, BBFDM_BOTH, NULL}, {"QoS", &DMREAD, NULL, NULL, "file:/etc/config/qos", NULL, NULL, NULL, tQoSObj, tQoSParams, NULL, BBFDM_BOTH, NULL}, {"LANConfigSecurity", &DMREAD, NULL, NULL, "file:/etc/config/users", NULL, NULL, NULL, NULL, tLANConfigSecurityParams, NULL, BBFDM_BOTH, NULL}, -#if defined(LOPENSSL) || defined(LMBEDTLS) || defined(LWOLFSSL) {"Security", &DMREAD, NULL, NULL, NULL, NULL, NULL, NULL, tSecurityObj, tSecurityParams, NULL, BBFDM_BOTH, NULL}, -#endif {"RouterAdvertisement", &DMREAD, NULL, NULL, "file:/etc/config/dhcp", NULL, NULL, NULL, tRouterAdvertisementObj, tRouterAdvertisementParams, NULL, BBFDM_BOTH, NULL}, {"Services", &DMREAD, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, BBFDM_BOTH, NULL}, {"GatewayInfo", &DMREAD, NULL, NULL, NULL, NULL, NULL, NULL, NULL, tGatewayInfoParams, NULL, BBFDM_CWMP, NULL}, diff --git a/libbbfdm/dmtree/tr181/security.c b/libbbfdm/dmtree/tr181/security.c index a22038f9..e685eaa3 100644 --- a/libbbfdm/dmtree/tr181/security.c +++ b/libbbfdm/dmtree/tr181/security.c @@ -10,47 +10,25 @@ #include "security.h" -#if defined(LOPENSSL) || defined(LWOLFSSL) || defined(LMBEDTLS) #define DATE_LEN 128 #define CERT_PATH_LEN 512 #define MAX_CERT 256 -#ifdef LMBEDTLS -#include -#include -#endif -#ifdef LOPENSSL #include #include -#endif -#ifdef LWOLFSSL -#include -#include -#include -#endif static char certifcates_paths[MAX_CERT][CERT_PATH_LEN]; struct certificate_profile { char *path; -#ifdef LMBEDTLS - mbedtls_x509_crt cert; -#else X509 *cert; -#endif struct uci_section *dmmap_sect; }; /************************************************************* * INIT **************************************************************/ -void init_certificate(char *path, -#ifdef LMBEDTLS -mbedtls_x509_crt cert, -#else -X509 *cert, -#endif -struct uci_section *dmsect, struct certificate_profile *certprofile) +void init_certificate(char *path, X509 *cert, struct uci_section *dmsect, struct certificate_profile *certprofile) { certprofile->path = path; certprofile->cert = cert; @@ -60,55 +38,6 @@ struct uci_section *dmsect, struct certificate_profile *certprofile) /************************************************************* * COMMON FUNCTIONS **************************************************************/ -#ifdef LMBEDTLS -static char *get_certificate_md(mbedtls_md_type_t sig_md) -{ - switch(sig_md) { - case MBEDTLS_MD_MD2: - return "md2"; - case MBEDTLS_MD_MD4: - return "md4"; - case MBEDTLS_MD_MD5: - return "md5"; - case MBEDTLS_MD_SHA1: - return "sha1"; - case MBEDTLS_MD_SHA224: - return "sha224"; - case MBEDTLS_MD_SHA256: - return "sha256"; - case MBEDTLS_MD_SHA384: - return "sha384"; - case MBEDTLS_MD_SHA512: - return "sha512"; - case MBEDTLS_MD_RIPEMD160: - return "ripemd160"; - default: - return ""; - } - return ""; -} - -static char *get_certificate_pk(mbedtls_pk_type_t sig_pk) -{ - switch(sig_pk) { - case MBEDTLS_PK_RSA: - return "RSA"; - case MBEDTLS_PK_ECKEY: - return "ECKEY"; - case MBEDTLS_PK_ECKEY_DH: - return "ECKEYDH"; - case MBEDTLS_PK_ECDSA: - return "ECDSA"; - case MBEDTLS_PK_RSA_ALT: - return "RSAALT"; - case MBEDTLS_PK_RSASSA_PSS: - return "RSASSAPSS"; - default: - return ""; - } - return ""; -} -#else static char *get_certificate_sig_alg(int sig_nid) { switch(sig_nid) { @@ -129,7 +58,6 @@ static char *get_certificate_sig_alg(int sig_nid) } return ""; } -#endif static char *generate_serial_number(char *text, int length) { @@ -226,13 +154,6 @@ static int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_nod if(!DM_STRLEN(certifcates_paths[i])) break; -#ifdef LMBEDTLS - mbedtls_x509_crt cert; - - mbedtls_x509_crt_init(&cert); - if (mbedtls_x509_crt_parse_file(&cert, certifcates_paths[i]) < 0) - continue; -#else FILE *fp = fopen(certifcates_paths[i], "r"); if (fp == NULL) continue; @@ -242,7 +163,6 @@ static int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_nod fclose(fp); continue; } -#endif if ((dmmap_sect = get_dup_section_in_dmmap_opt("dmmap_security", "security_certificate", "path", certifcates_paths[i])) == NULL) { dmuci_add_section_bbfdm("dmmap_security", "security_certificate", &dmmap_sect); @@ -255,14 +175,10 @@ static int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_nod status = DM_LINK_INST_OBJ(dmctx, parent_node, (void *)&certificateprofile, inst); -#ifdef LMBEDTLS - mbedtls_x509_crt_free(&cert); -#else X509_free(cert); cert = NULL; fclose(fp); fp = NULL; -#endif } return 0; } @@ -294,12 +210,8 @@ static int get_SecurityCertificate_SerialNumber(char *refparam, struct dmctx *ct { struct certificate_profile *cert_profile = (struct certificate_profile *)data; -#ifdef LMBEDTLS - *value = generate_serial_number((char *)cert_profile->cert.serial.p, cert_profile->cert.serial.len); -#else ASN1_INTEGER *serial = X509_get_serialNumber(cert_profile->cert); *value = generate_serial_number((char *)serial->data, serial->length); -#endif return 0; } @@ -309,18 +221,11 @@ static int get_SecurityCertificate_Issuer(char *refparam, struct dmctx *ctx, voi struct certificate_profile *cert_profile = (struct certificate_profile *)data; char buf[256] = {0}; -#ifdef LMBEDTLS - if (mbedtls_x509_dn_gets(buf, sizeof(buf), &cert_profile->cert.issuer) < 0) - return -1; - - *value = dmstrdup(buf); -#else X509_NAME_oneline(X509_get_issuer_name(cert_profile->cert), buf, sizeof(buf)); *value = dmstrdup(buf); if (*value[0] == '/') (*value)++; *value = replace_char(*value, '/', ' '); -#endif return 0; } @@ -329,30 +234,15 @@ static int get_SecurityCertificate_NotBefore(char *refparam, struct dmctx *ctx, { struct certificate_profile *cert_profile = (struct certificate_profile *)data; -#ifdef LMBEDTLS - dmasprintf(value, "%04d-%02d-%02dT%02d:%02d:%02dZ", cert_profile->cert.valid_from.year, - cert_profile->cert.valid_from.mon, - cert_profile->cert.valid_from.day, - cert_profile->cert.valid_from.hour, - cert_profile->cert.valid_from.min, - cert_profile->cert.valid_from.sec); -#else char not_before_str[DATE_LEN]; struct tm tm; const ASN1_TIME *not_before = X509_get0_notBefore(cert_profile->cert); -#ifdef LWOLFSSL - ASN1_TIME_to_string((ASN1_TIME *)not_before, not_before_str, DATE_LEN); - if (!strptime(not_before_str, "%b %d %H:%M:%S %Y", &tm)) - return -1; -#else ASN1_TIME_to_tm(not_before, &tm); -#endif strftime(not_before_str, sizeof(not_before_str), "%Y-%m-%dT%H:%M:%SZ", &tm); *value = dmstrdup(not_before_str); -#endif return 0; } @@ -361,30 +251,15 @@ static int get_SecurityCertificate_NotAfter(char *refparam, struct dmctx *ctx, v { struct certificate_profile *cert_profile = (struct certificate_profile *)data; -#ifdef LMBEDTLS - dmasprintf(value, "%04d-%02d-%02dT%02d:%02d:%02dZ", cert_profile->cert.valid_to.year, - cert_profile->cert.valid_to.mon, - cert_profile->cert.valid_to.day, - cert_profile->cert.valid_to.hour, - cert_profile->cert.valid_to.min, - cert_profile->cert.valid_to.sec); -#else char not_after_str[DATE_LEN]; struct tm tm; const ASN1_TIME *not_after = X509_get0_notAfter(cert_profile->cert); -#ifdef LWOLFSSL - ASN1_TIME_to_string((ASN1_TIME *)not_after, not_after_str, DATE_LEN); - if (!strptime(not_after_str, "%b %d %H:%M:%S %Y", &tm)) - return -1; -#else ASN1_TIME_to_tm((ASN1_TIME *)not_after, &tm); -#endif strftime(not_after_str, sizeof(not_after_str), "%Y-%m-%dT%H:%M:%SZ", &tm); *value = dmstrdup(not_after_str); -#endif return 0; } @@ -394,18 +269,11 @@ static int get_SecurityCertificate_Subject(char *refparam, struct dmctx *ctx, vo struct certificate_profile *cert_profile = (struct certificate_profile *)data; char buf[256] = {0}; -#if LMBEDTLS - if (mbedtls_x509_dn_gets(buf, sizeof(buf), &cert_profile->cert.subject) < 0) - return -1; - - *value = dmstrdup(buf); -#else X509_NAME_oneline(X509_get_subject_name(cert_profile->cert), buf, sizeof(buf)); *value = dmstrdup(buf); if (*value[0] == '/') (*value)++; *value = replace_char(*value, '/', ' '); -#endif return 0; } @@ -414,11 +282,7 @@ static int get_SecurityCertificate_SignatureAlgorithm(char *refparam, struct dmc { struct certificate_profile *cert_profile = (struct certificate_profile *)data; -#ifdef LMBEDTLS - dmasprintf(value, "%sWith%sEncryption", get_certificate_md(cert_profile->cert.sig_md), get_certificate_pk(cert_profile->cert.sig_pk)); -#else *value = dmstrdup(get_certificate_sig_alg(X509_get_signature_nid(cert_profile->cert))); -#endif return 0; } @@ -453,5 +317,3 @@ DMLEAF tSecurityCertificateParams[] = { {"SignatureAlgorithm", &DMREAD, DMT_STRING, get_SecurityCertificate_SignatureAlgorithm, NULL, BBFDM_BOTH}, {0} }; - -#endif diff --git a/libbbfdm/dmtree/tr181/security.h b/libbbfdm/dmtree/tr181/security.h index ff2aed2c..94f7403f 100644 --- a/libbbfdm/dmtree/tr181/security.h +++ b/libbbfdm/dmtree/tr181/security.h @@ -11,7 +11,6 @@ #ifndef __SECURITY_H #define __SECURITY_H -#if defined(LOPENSSL) || defined(LWOLFSSL) || defined(LMBEDTLS) #include "libbbfdm-api/dmcommon.h" extern DMOBJ tSecurityObj[]; @@ -19,5 +18,4 @@ extern DMLEAF tSecurityParams[]; extern DMLEAF tSecurityCertificateParams[]; #endif -#endif //__SECURITY_H