From 2f9b0ea9fac8c45a15b357b5dd5dbf0fc7ee99bf Mon Sep 17 00:00:00 2001 From: Vivek Kumar Dutta Date: Thu, 28 Dec 2023 16:08:50 +0530 Subject: [PATCH] Removed mbedtls and wolfssl support --- README.md | 1 - docs/arch/design.md | 2 +- src/CMakeLists.txt | 28 +------------ src/download.c | 6 ++- src/ssl_utils.c | 95 +-------------------------------------------- src/ssl_utils.h | 15 ------- 6 files changed, 7 insertions(+), 140 deletions(-) diff --git a/README.md b/README.md index 2bffe0a..26ea3e3 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,6 @@ To successfully build icwmp, the following libraries are needed: | libubox | https://git.openwrt.org/project/libubox.git | BSD | | libubus | https://git.openwrt.org/project/ubus.git | LGPL 2.1 | | libjson-c | https://s3.amazonaws.com/json-c_releases | MIT | -| libwolfssl | https://github.com/wolfSSL/wolfssl | GPL-2.0 | | libcurl | https://dl.uxnr.de/mirror/curl | MIT | | mxml | https://github.com/michaelrsweet/mxml | GPL-2.0 | diff --git a/docs/arch/design.md b/docs/arch/design.md index 5565112..8ab8e3d 100755 --- a/docs/arch/design.md +++ b/docs/arch/design.md @@ -13,7 +13,7 @@ As described in TR-069 standard, the CWMP stack comprises several components tha | RPC Methods | rpc.c | Handling of both acs and cwmp rpc methods as defined in TR069 | | SOAP | xml.c |A standard XML-based syntax used here to encode remote procedure calls along with SOAP handling | |HTTP |http.c, digauth.c | Responsible to send SOAP messages over HTTP using libcurl library. | -| SSL/TLS | ssl_utils.c | Provides SSL/TLS functionality over HTTP with OpenSSL/mbedtls/wolfssl | +| SSL/TLS | ssl_utils.c | Provides SSL/TLS functionality over HTTP with OpenSSL | | Common source files | diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 86938e4..bedcb0f 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -7,37 +7,11 @@ ADD_DEFINITIONS(-D_GNU_SOURCE) SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -I${PROJECT_SOURCE_DIR}") -OPTION(WITH_WOLFSSL "build with lib wolfssl" OFF) -OPTION(WITH_OPENSSL "build with lib openssl" OFF) -OPTION(WITH_MBEDTLS "build with lib mbedtls" OFF) - -IF(NOT WITH_WOLFSSL AND NOT WITH_OPENSSL AND NOT WITH_MBEDTLS) - MESSAGE(FATAL_ERROR "You must enable one of the SSL libraries: {'WOLFSSL','OPENSSL','MBEDTLS'}") -ENDIF() - FILE(GLOB ICWMP_SOURCES *.c) -IF(WITH_WOLFSSL) - SET(SSL_LIBS wolfssl) - SET(SSL_LIBS crypto) - add_compile_definitions(LWOLFSSL) -ENDIF(WITH_WOLFSSL) - -IF(WITH_OPENSSL) - SET(SSL_LIBS ssl) - SET(SSL_LIBS crypto) - add_compile_definitions(LOPENSSL) -ENDIF(WITH_OPENSSL) - -IF(WITH_MBEDTLS) - SET(SSL_LIBS mbedtls) - SET(SSL_LIBS mbedcrypto) - add_compile_definitions(LMBEDTLS) -ENDIF(WITH_MBEDTLS) - # Compile and install icwmpd ADD_EXECUTABLE(icwmpd ${ICWMP_SOURCES}) -TARGET_LINK_LIBRARIES(icwmpd pthread z m json-c uci ubox ubus blobmsg_json curl mxml uuid ${SSL_LIBS} ${CRYPTO_LIBS}) +TARGET_LINK_LIBRARIES(icwmpd pthread z m json-c uci ubox ubus blobmsg_json curl mxml uuid ssl crypto) INSTALL(FILES icwmpd PERMISSIONS OWNER_EXECUTE DESTINATION usr/sbin) INSTALL(DIRECTORY DESTINATION etc/icwmpd) INSTALL(DIRECTORY DESTINATION var/run/icwmpd) diff --git a/src/download.c b/src/download.c index 3d580ca..ea39b2c 100644 --- a/src/download.c +++ b/src/download.c @@ -457,7 +457,9 @@ int cwmp_launch_download(struct download *pdownload, char *download_file_name, e } if (CWMP_STRCMP(pdownload->file_type, FIRMWARE_UPGRADE_IMAGE_FILE_TYPE) == 0 || CWMP_STRCMP(pdownload->file_type, STORED_FIRMWARE_IMAGE_FILE_TYPE) == 0) { rename(ICWMP_DOWNLOAD_FILE, FIRMWARE_UPGRADE_IMAGE); - if (cwmp_check_image() == 0) { + int ret = cwmp_check_image(); + + if (ret == 0) { unsigned int file_size = get_file_size(FIRMWARE_UPGRADE_IMAGE); if (file_size > flashsize) { error = FAULT_CPE_DOWNLOAD_FAILURE; @@ -470,7 +472,7 @@ int cwmp_launch_download(struct download *pdownload, char *download_file_name, e } } else { error = FAULT_CPE_DOWNLOAD_FAIL_FILE_CORRUPTED; - snprintf(err_msg, sizeof(err_msg), "Downloaded file is not a valid firmware image"); + snprintf(err_msg, sizeof(err_msg), "Failed validation with %d of Downloaded file", ret); remove(FIRMWARE_UPGRADE_IMAGE); } } else if (CWMP_STRCMP(pdownload->file_type, WEB_CONTENT_FILE_TYPE) == 0) { diff --git a/src/ssl_utils.c b/src/ssl_utils.c index 3905d09..fd7f45b 100644 --- a/src/ssl_utils.c +++ b/src/ssl_utils.c @@ -6,21 +6,8 @@ * See LICENSE file for license related information. */ -#ifdef LMBEDTLS -#include -#include -#include -#endif -#ifdef LOPENSSL #include #include -#endif - -#ifdef LWOLFSSL -#include -#include -#include -#endif #include #include @@ -31,48 +18,7 @@ static int rand_bytes(unsigned char *output, size_t len) { -#ifdef LMBEDTLS - mbedtls_entropy_context ec = {0}; - mbedtls_ctr_drbg_context cd_ctx = {0}; - int res = 1; - - union { - uint64_t seed; - uint8_t buffer[8]; - } rand_buffer; - - FILE *urand = fopen("/dev/urandom", "r"); - if (urand) { - size_t bytes = fread(&rand_buffer.seed, 1, sizeof(rand_buffer.seed), urand); - fclose(urand); - if (bytes < sizeof(rand_buffer.seed)) { - CWMP_LOG(INFO, "Failed to seed random [%d::%d]", sizeof(rand_buffer.seed), bytes); - } - } else { - rand_buffer.seed = (uint64_t)clock(); - } - - mbedtls_entropy_init(&ec); - mbedtls_ctr_drbg_init(&cd_ctx); - - if (mbedtls_ctr_drbg_seed(&cd_ctx, mbedtls_entropy_func, &ec, (const unsigned char *)rand_buffer.buffer, 8) != 0) { - CWMP_LOG(ERROR, "Failed to initialize random generator"); - res = -1; - goto end; - } - - if (mbedtls_ctr_drbg_random(&cd_ctx, output, len) != 0) { - CWMP_LOG(ERROR, "Failed to generate random bytes"); - res = -1; - } - -end: - mbedtls_ctr_drbg_free(&cd_ctx); - mbedtls_entropy_free(&ec); - return res; -#else return RAND_bytes(output, len); -#endif } char *generate_random_string(size_t size) @@ -107,18 +53,10 @@ void message_compute_signature(char *msg_out, char *signature, size_t len) { int result_len = 20; struct config *conf; - conf = &(cwmp_main->conf); - -#ifdef LMBEDTLS - unsigned char result[MBEDTLS_MD_MAX_SIZE] = {0}; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); - - mbedtls_md_hmac(md_info, (unsigned char *)conf->acs_passwd, CWMP_STRLEN(conf->acs_passwd), (unsigned char *)msg_out, CWMP_STRLEN(msg_out), result); -#else unsigned char result[EVP_MAX_MD_SIZE] = {0}; + conf = &(cwmp_main->conf); HMAC(EVP_sha1(), conf->acs_passwd, CWMP_STRLEN(conf->acs_passwd), (unsigned char *)msg_out, CWMP_STRLEN(msg_out), result, NULL); -#endif for (int i = 0; i < result_len; i++) { if (len - CWMP_STRLEN(signature) < 3) // each time 2 hex chars + '\0' at end so needed space is 3 bytes @@ -133,63 +71,32 @@ void calulate_md5_hash(struct list_head *buff_list, uint8_t *output, size_t outl { unsigned int bytes = 0; -#ifdef LMBEDTLS - mbedtls_md_context_t enpctx; - mbedtls_md_context_t *mdctx = &enpctx; - const mbedtls_md_info_t *md; - unsigned char md_value[MBEDTLS_MD_MAX_SIZE]; -#else EVP_MD_CTX *mdctx; const EVP_MD *md; unsigned char md_value[EVP_MAX_MD_SIZE]; -#endif if (!buff_list || !output) return; -#ifndef LMBEDTLS - // makes all algorithms available to the EVP* routines - OpenSSL_add_all_algorithms(); -#endif - -#ifdef LMBEDTLS - md = mbedtls_md_info_from_string("MD5"); - mbedtls_md_init(mdctx); - mbedtls_md_init_ctx(mdctx, md); -#else md = EVP_get_digestbyname("MD5"); mdctx = EVP_MD_CTX_create(); EVP_DigestInit_ex(mdctx, md, NULL); -#endif if (md == NULL) goto end; bin_list_t *iter; list_for_each_entry(iter, buff_list, list) { -#ifdef LMBEDTLS - mbedtls_md_update(mdctx, iter->bin, iter->len); -#else EVP_DigestUpdate(mdctx, iter->bin, iter->len); -#endif } -#ifdef LMBEDTLS - mbedtls_md_finish(mdctx, md_value); - bytes = mbedtls_md_get_size(md); -#else bytes = 0; EVP_DigestFinal_ex(mdctx, md_value, &bytes); -#endif CWMP_MEMCPY(output, &md_value, ((bytes -#include -#endif - -#ifdef LWOLFSSL -#include -#include -#include -#endif - -#ifdef LMBEDTLS -#include -#endif - #include char *generate_random_string(size_t size);