Removed mbedtls and wolfssl support

2025-12-10 07:44:41 +01:00 · 2023-12-28 16:08:50 +05:30 · 2023-12-28 16:08:50 +05:30 · 2f9b0ea9fa
commit 2f9b0ea9fa
parent 9deb2c51d5
6 changed files with 7 additions and 140 deletions
--- a/README.md
+++ b/README.md
@ -81,7 +81,6 @@ To successfully build icwmp, the following libraries are needed:
 | libubox     | https://git.openwrt.org/project/libubox.git | BSD            |
 | libubus     | https://git.openwrt.org/project/ubus.git    | LGPL 2.1       |
 | libjson-c   | https://s3.amazonaws.com/json-c_releases    | MIT            |
 | libwolfssl  | https://github.com/wolfSSL/wolfssl          | GPL-2.0        |
 | libcurl     | https://dl.uxnr.de/mirror/curl              | MIT            |
 | mxml        | https://github.com/michaelrsweet/mxml       | GPL-2.0       |
--- a/docs/arch/design.md
+++ b/docs/arch/design.md
@ -13,7 +13,7 @@ As described in TR-069 standard, the CWMP stack comprises several components tha
 | RPC Methods | rpc.c | Handling of both acs and cwmp rpc methods as defined in TR069 |
 | SOAP | xml.c |A standard XML-based syntax used here to encode remote procedure calls along with SOAP handling |
 |HTTP |http.c, digauth.c | Responsible to send SOAP messages over HTTP using libcurl library. |
-| SSL/TLS | ssl_utils.c | Provides SSL/TLS functionality over HTTP with OpenSSL/mbedtls/wolfssl |
+| SSL/TLS | ssl_utils.c | Provides SSL/TLS functionality over HTTP with OpenSSL |
 | Common source files |
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -7,37 +7,11 @@ ADD_DEFINITIONS(-D_GNU_SOURCE)
 SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -I${PROJECT_SOURCE_DIR}")
 OPTION(WITH_WOLFSSL "build with lib wolfssl" OFF)
 OPTION(WITH_OPENSSL "build with lib openssl" OFF)
 OPTION(WITH_MBEDTLS "build with lib mbedtls" OFF)
 IF(NOT WITH_WOLFSSL AND NOT WITH_OPENSSL AND NOT WITH_MBEDTLS)
 	MESSAGE(FATAL_ERROR "You must enable one of the SSL libraries: {'WOLFSSL','OPENSSL','MBEDTLS'}")
 ENDIF()
 FILE(GLOB ICWMP_SOURCES *.c)
 IF(WITH_WOLFSSL)
 	SET(SSL_LIBS wolfssl)
 	SET(SSL_LIBS crypto)
 	add_compile_definitions(LWOLFSSL)
 ENDIF(WITH_WOLFSSL)
 IF(WITH_OPENSSL)
 	SET(SSL_LIBS ssl)
 	SET(SSL_LIBS crypto)
 	add_compile_definitions(LOPENSSL)
 ENDIF(WITH_OPENSSL)
 IF(WITH_MBEDTLS)
 	SET(SSL_LIBS mbedtls)
 	SET(SSL_LIBS mbedcrypto)
 	add_compile_definitions(LMBEDTLS)
 ENDIF(WITH_MBEDTLS)
 # Compile and install icwmpd
 ADD_EXECUTABLE(icwmpd ${ICWMP_SOURCES})
-TARGET_LINK_LIBRARIES(icwmpd pthread z m json-c uci ubox ubus blobmsg_json curl mxml uuid ${SSL_LIBS} ${CRYPTO_LIBS})
+TARGET_LINK_LIBRARIES(icwmpd pthread z m json-c uci ubox ubus blobmsg_json curl mxml uuid ssl crypto)
 INSTALL(FILES icwmpd PERMISSIONS OWNER_EXECUTE DESTINATION usr/sbin)
 INSTALL(DIRECTORY DESTINATION etc/icwmpd)
 INSTALL(DIRECTORY DESTINATION var/run/icwmpd)
--- a/src/download.c
+++ b/src/download.c
@ -457,7 +457,9 @@ int cwmp_launch_download(struct download *pdownload, char *download_file_name, e
 	}
 	if (CWMP_STRCMP(pdownload->file_type, FIRMWARE_UPGRADE_IMAGE_FILE_TYPE) == 0 || CWMP_STRCMP(pdownload->file_type, STORED_FIRMWARE_IMAGE_FILE_TYPE) == 0) {
 		rename(ICWMP_DOWNLOAD_FILE, FIRMWARE_UPGRADE_IMAGE);
-		if (cwmp_check_image() == 0) {
+		int ret = cwmp_check_image();
 		if (ret == 0) {
 			unsigned int file_size = get_file_size(FIRMWARE_UPGRADE_IMAGE);
 			if (file_size > flashsize) {
 				error = FAULT_CPE_DOWNLOAD_FAILURE;
@ -470,7 +472,7 @@ int cwmp_launch_download(struct download *pdownload, char *download_file_name, e
 			}
 		} else {
 			error = FAULT_CPE_DOWNLOAD_FAIL_FILE_CORRUPTED;
-			snprintf(err_msg, sizeof(err_msg), "Downloaded file is not a valid firmware image");
+			snprintf(err_msg, sizeof(err_msg), "Failed validation with %d of Downloaded file", ret);
 			remove(FIRMWARE_UPGRADE_IMAGE);
 		}
 	} else if (CWMP_STRCMP(pdownload->file_type, WEB_CONTENT_FILE_TYPE) == 0) {
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@ -6,21 +6,8 @@
 * See LICENSE file for license related information.
 */
 #ifdef LMBEDTLS
 #include <mbedtls/md.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
 #endif
 #ifdef LOPENSSL
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
 #endif
 #ifdef LWOLFSSL
 #include <wolfssl/options.h>
 #include <wolfssl/openssl/hmac.h>
 #include <wolfssl/openssl/rand.h>
 #endif
 #include <string.h>
 #include <stdlib.h>
@ -31,48 +18,7 @@
 static int rand_bytes(unsigned char *output, size_t len)
 {
 #ifdef LMBEDTLS
 	mbedtls_entropy_context ec = {0};
 	mbedtls_ctr_drbg_context cd_ctx = {0};
 	int res = 1;
 	union {
 		uint64_t seed;
 		uint8_t buffer[8];
 	} rand_buffer;
 	FILE *urand = fopen("/dev/urandom", "r");
 	if (urand) {
 		size_t bytes = fread(&rand_buffer.seed, 1, sizeof(rand_buffer.seed), urand);
 		fclose(urand);
 		if (bytes < sizeof(rand_buffer.seed)) {
 			CWMP_LOG(INFO, "Failed to seed random [%d::%d]", sizeof(rand_buffer.seed), bytes);
 		}
 	} else {
 		rand_buffer.seed = (uint64_t)clock();
 	}
 	mbedtls_entropy_init(&ec);
 	mbedtls_ctr_drbg_init(&cd_ctx);
 	if (mbedtls_ctr_drbg_seed(&cd_ctx, mbedtls_entropy_func, &ec, (const unsigned char *)rand_buffer.buffer, 8) != 0) {
 		CWMP_LOG(ERROR, "Failed to initialize random generator");
 		res = -1;
 		goto end;
 	}
 	if (mbedtls_ctr_drbg_random(&cd_ctx, output, len) != 0) {
 		CWMP_LOG(ERROR, "Failed to generate random bytes");
 		res = -1;
 	}
 end:
 	mbedtls_ctr_drbg_free(&cd_ctx);
 	mbedtls_entropy_free(&ec);
 	return res;
 #else
 	return RAND_bytes(output, len);
 #endif
 }
 char *generate_random_string(size_t size)
@ -107,18 +53,10 @@ void message_compute_signature(char *msg_out, char *signature, size_t len)
 {
 	int result_len = 20;
 	struct config *conf;
 	conf = &(cwmp_main->conf);
 #ifdef LMBEDTLS
 	unsigned char result[MBEDTLS_MD_MAX_SIZE] = {0};
 	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
 	mbedtls_md_hmac(md_info, (unsigned char *)conf->acs_passwd, CWMP_STRLEN(conf->acs_passwd), (unsigned char *)msg_out, CWMP_STRLEN(msg_out), result);
 #else
 	unsigned char result[EVP_MAX_MD_SIZE] = {0};
 	conf = &(cwmp_main->conf);
 	HMAC(EVP_sha1(), conf->acs_passwd, CWMP_STRLEN(conf->acs_passwd), (unsigned char *)msg_out, CWMP_STRLEN(msg_out), result, NULL);
 #endif
 	for (int i = 0; i < result_len; i++) {
 		if (len - CWMP_STRLEN(signature) < 3) // each time 2 hex chars + '\0' at end so needed space is 3 bytes
@ -133,63 +71,32 @@ void calulate_md5_hash(struct list_head *buff_list, uint8_t *output, size_t outl
 {
 	unsigned int bytes = 0;
 #ifdef LMBEDTLS
 	mbedtls_md_context_t enpctx;
 	mbedtls_md_context_t *mdctx = &enpctx;
 	const mbedtls_md_info_t *md;
 	unsigned char md_value[MBEDTLS_MD_MAX_SIZE];
 #else
 	EVP_MD_CTX *mdctx;
 	const EVP_MD *md;
 	unsigned char md_value[EVP_MAX_MD_SIZE];
 #endif
 	if (!buff_list || !output)
 		return;
 #ifndef LMBEDTLS
 	// makes all algorithms available to the EVP* routines
 	OpenSSL_add_all_algorithms();
 #endif
 #ifdef LMBEDTLS
 	md = mbedtls_md_info_from_string("MD5");
 	mbedtls_md_init(mdctx);
 	mbedtls_md_init_ctx(mdctx, md);
 #else
 	md = EVP_get_digestbyname("MD5");
 	mdctx = EVP_MD_CTX_create();
 	EVP_DigestInit_ex(mdctx, md, NULL);
 #endif
 	if (md == NULL)
 		goto end;
 	bin_list_t *iter;
 	list_for_each_entry(iter, buff_list, list) {
 #ifdef LMBEDTLS
 		mbedtls_md_update(mdctx, iter->bin, iter->len);
 #else
 		EVP_DigestUpdate(mdctx, iter->bin, iter->len);
 #endif
 	}
 #ifdef LMBEDTLS
 	mbedtls_md_finish(mdctx, md_value);
 	bytes = mbedtls_md_get_size(md);
 #else
 	bytes = 0;
 	EVP_DigestFinal_ex(mdctx, md_value, &bytes);
 #endif
 	CWMP_MEMCPY(output, &md_value, ((bytes<outlen)?bytes:outlen));
 end:
 #ifdef LMBEDTLS
 	mbedtls_md_free(mdctx);
 #else
 	EVP_MD_CTX_destroy(mdctx);
 	EVP_cleanup();
 #endif
 }
--- a/src/ssl_utils.h
+++ b/src/ssl_utils.h
@ -9,21 +9,6 @@
 #ifndef _SSL_UTILS
 #define _SSL_UTILS
 #ifdef LOPENSSL
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #endif
 #ifdef LWOLFSSL
 #include <wolfssl/options.h>
 #include <wolfssl/openssl/sha.h>
 #include <wolfssl/openssl/evp.h>
 #endif
 #ifdef LMBEDTLS
 #include <mbedtls/md.h>
 #endif
 #include <libubox/list.h>
 char *generate_random_string(size_t size);