Removed mbedtls and wolfssl support

README.md

@@ -81,7 +81,6 @@ To successfully build icwmp, the following libraries are needed:
 | libubox     | https://git.openwrt.org/project/libubox.git | BSD            |
 | libubus     | https://git.openwrt.org/project/ubus.git    | LGPL 2.1       |
 | libjson-c   | https://s3.amazonaws.com/json-c_releases    | MIT            |
-| libwolfssl  | https://github.com/wolfSSL/wolfssl          | GPL-2.0        |
 | libcurl     | https://dl.uxnr.de/mirror/curl              | MIT            |
 | mxml        | https://github.com/michaelrsweet/mxml       | GPL-2.0       |
 

docs/arch/design.md

@@ -13,7 +13,7 @@ As described in TR-069 standard, the CWMP stack comprises several components tha
 | RPC Methods | rpc.c | Handling of both acs and cwmp rpc methods as defined in TR069 |
 | SOAP | xml.c |A standard XML-based syntax used here to encode remote procedure calls along with SOAP handling |
 |HTTP |http.c, digauth.c | Responsible to send SOAP messages over HTTP using libcurl library. |
-| SSL/TLS | ssl_utils.c | Provides SSL/TLS functionality over HTTP with OpenSSL/mbedtls/wolfssl |
+| SSL/TLS | ssl_utils.c | Provides SSL/TLS functionality over HTTP with OpenSSL |
 
 
 | Common source files |

src/CMakeLists.txt

@@ -7,37 +7,11 @@ ADD_DEFINITIONS(-D_GNU_SOURCE)
 
 SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -I${PROJECT_SOURCE_DIR}")
 
-OPTION(WITH_WOLFSSL "build with lib wolfssl" OFF)
-OPTION(WITH_OPENSSL "build with lib openssl" OFF)
-OPTION(WITH_MBEDTLS "build with lib mbedtls" OFF)
-
-IF(NOT WITH_WOLFSSL AND NOT WITH_OPENSSL AND NOT WITH_MBEDTLS)
-	MESSAGE(FATAL_ERROR "You must enable one of the SSL libraries: {'WOLFSSL','OPENSSL','MBEDTLS'}")
-ENDIF()
-
 FILE(GLOB ICWMP_SOURCES *.c)
 
-IF(WITH_WOLFSSL)
-	SET(SSL_LIBS wolfssl)
-	SET(SSL_LIBS crypto)
-	add_compile_definitions(LWOLFSSL)
-ENDIF(WITH_WOLFSSL)
-
-IF(WITH_OPENSSL)
-	SET(SSL_LIBS ssl)
-	SET(SSL_LIBS crypto)
-	add_compile_definitions(LOPENSSL)
-ENDIF(WITH_OPENSSL)
-
-IF(WITH_MBEDTLS)
-	SET(SSL_LIBS mbedtls)
-	SET(SSL_LIBS mbedcrypto)
-	add_compile_definitions(LMBEDTLS)
-ENDIF(WITH_MBEDTLS)
-
 # Compile and install icwmpd
 ADD_EXECUTABLE(icwmpd ${ICWMP_SOURCES})
-TARGET_LINK_LIBRARIES(icwmpd pthread z m json-c uci ubox ubus blobmsg_json curl mxml uuid ${SSL_LIBS} ${CRYPTO_LIBS})
+TARGET_LINK_LIBRARIES(icwmpd pthread z m json-c uci ubox ubus blobmsg_json curl mxml uuid ssl crypto)
 INSTALL(FILES icwmpd PERMISSIONS OWNER_EXECUTE DESTINATION usr/sbin)
 INSTALL(DIRECTORY DESTINATION etc/icwmpd)
 INSTALL(DIRECTORY DESTINATION var/run/icwmpd)

src/download.c

@@ -457,7 +457,9 @@ int cwmp_launch_download(struct download *pdownload, char *download_file_name, e
 	}
 	if (CWMP_STRCMP(pdownload->file_type, FIRMWARE_UPGRADE_IMAGE_FILE_TYPE) == 0 || CWMP_STRCMP(pdownload->file_type, STORED_FIRMWARE_IMAGE_FILE_TYPE) == 0) {
 		rename(ICWMP_DOWNLOAD_FILE, FIRMWARE_UPGRADE_IMAGE);
-		if (cwmp_check_image() == 0) {
+		int ret = cwmp_check_image();
+
+		if (ret == 0) {
 			unsigned int file_size = get_file_size(FIRMWARE_UPGRADE_IMAGE);
 			if (file_size > flashsize) {
 				error = FAULT_CPE_DOWNLOAD_FAILURE;
@@ -470,7 +472,7 @@ int cwmp_launch_download(struct download *pdownload, char *download_file_name, e
 			}
 		} else {
 			error = FAULT_CPE_DOWNLOAD_FAIL_FILE_CORRUPTED;
-			snprintf(err_msg, sizeof(err_msg), "Downloaded file is not a valid firmware image");
+			snprintf(err_msg, sizeof(err_msg), "Failed validation with %d of Downloaded file", ret);
 			remove(FIRMWARE_UPGRADE_IMAGE);
 		}
 	} else if (CWMP_STRCMP(pdownload->file_type, WEB_CONTENT_FILE_TYPE) == 0) {

src/ssl_utils.c

@@ -6,21 +6,8 @@
  * See LICENSE file for license related information.
  */
 
-#ifdef LMBEDTLS
-#include <mbedtls/md.h>
-#include <mbedtls/entropy.h>
-#include <mbedtls/ctr_drbg.h>
-#endif
-#ifdef LOPENSSL
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
-#endif
-
-#ifdef LWOLFSSL
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/hmac.h>
-#include <wolfssl/openssl/rand.h>
-#endif
 
 #include <string.h>
 #include <stdlib.h>
@@ -31,48 +18,7 @@
 
 static int rand_bytes(unsigned char *output, size_t len)
 {
-#ifdef LMBEDTLS
-	mbedtls_entropy_context ec = {0};
-	mbedtls_ctr_drbg_context cd_ctx = {0};
-	int res = 1;
-
-	union {
-		uint64_t seed;
-		uint8_t buffer[8];
-	} rand_buffer;
-
-	FILE *urand = fopen("/dev/urandom", "r");
-	if (urand) {
-		size_t bytes = fread(&rand_buffer.seed, 1, sizeof(rand_buffer.seed), urand);
-		fclose(urand);
-		if (bytes < sizeof(rand_buffer.seed)) {
-			CWMP_LOG(INFO, "Failed to seed random [%d::%d]", sizeof(rand_buffer.seed), bytes);
-		}
-	} else {
-		rand_buffer.seed = (uint64_t)clock();
-	}
-
-	mbedtls_entropy_init(&ec);
-	mbedtls_ctr_drbg_init(&cd_ctx);
-
-	if (mbedtls_ctr_drbg_seed(&cd_ctx, mbedtls_entropy_func, &ec, (const unsigned char *)rand_buffer.buffer, 8) != 0) {
-		CWMP_LOG(ERROR, "Failed to initialize random generator");
-		res = -1;
-		goto end;
-	}
-
-	if (mbedtls_ctr_drbg_random(&cd_ctx, output, len) != 0) {
-		CWMP_LOG(ERROR, "Failed to generate random bytes");
-		res = -1;
-	}
-
-end:
-	mbedtls_ctr_drbg_free(&cd_ctx);
-	mbedtls_entropy_free(&ec);
-	return res;
-#else
 	return RAND_bytes(output, len);
-#endif
 }
 
 char *generate_random_string(size_t size)
@@ -107,18 +53,10 @@ void message_compute_signature(char *msg_out, char *signature, size_t len)
 {
 	int result_len = 20;
 	struct config *conf;
-	conf = &(cwmp_main->conf);
-
-#ifdef LMBEDTLS
-	unsigned char result[MBEDTLS_MD_MAX_SIZE] = {0};
-	const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
-
-	mbedtls_md_hmac(md_info, (unsigned char *)conf->acs_passwd, CWMP_STRLEN(conf->acs_passwd), (unsigned char *)msg_out, CWMP_STRLEN(msg_out), result);
-#else
 	unsigned char result[EVP_MAX_MD_SIZE] = {0};
 
+	conf = &(cwmp_main->conf);
 	HMAC(EVP_sha1(), conf->acs_passwd, CWMP_STRLEN(conf->acs_passwd), (unsigned char *)msg_out, CWMP_STRLEN(msg_out), result, NULL);
-#endif
 
 	for (int i = 0; i < result_len; i++) {
 		if (len - CWMP_STRLEN(signature) < 3) // each time 2 hex chars + '\0' at end so needed space is 3 bytes
@@ -133,63 +71,32 @@ void calulate_md5_hash(struct list_head *buff_list, uint8_t *output, size_t outl
 {
 	unsigned int bytes = 0;
 
-#ifdef LMBEDTLS
-	mbedtls_md_context_t enpctx;
-	mbedtls_md_context_t *mdctx = &enpctx;
-	const mbedtls_md_info_t *md;
-	unsigned char md_value[MBEDTLS_MD_MAX_SIZE];
-#else
 	EVP_MD_CTX *mdctx;
 	const EVP_MD *md;
 	unsigned char md_value[EVP_MAX_MD_SIZE];
-#endif
 
 	if (!buff_list || !output)
 		return;
 
-#ifndef LMBEDTLS
-	// makes all algorithms available to the EVP* routines
-	OpenSSL_add_all_algorithms();
-#endif
-
-#ifdef LMBEDTLS
-	md = mbedtls_md_info_from_string("MD5");
-	mbedtls_md_init(mdctx);
-	mbedtls_md_init_ctx(mdctx, md);
-#else
 	md = EVP_get_digestbyname("MD5");
 	mdctx = EVP_MD_CTX_create();
 	EVP_DigestInit_ex(mdctx, md, NULL);
-#endif
 
 	if (md == NULL)
 		goto end;
 
 	bin_list_t *iter;
 	list_for_each_entry(iter, buff_list, list) {
-#ifdef LMBEDTLS
-		mbedtls_md_update(mdctx, iter->bin, iter->len);
-#else
 		EVP_DigestUpdate(mdctx, iter->bin, iter->len);
-#endif
 	}
 
-#ifdef LMBEDTLS
-	mbedtls_md_finish(mdctx, md_value);
-	bytes = mbedtls_md_get_size(md);
-#else
 	bytes = 0;
 	EVP_DigestFinal_ex(mdctx, md_value, &bytes);
-#endif
 
 	CWMP_MEMCPY(output, &md_value, ((bytes<outlen)?bytes:outlen));
 
 end:
-#ifdef LMBEDTLS
-	mbedtls_md_free(mdctx);
-#else
 	EVP_MD_CTX_destroy(mdctx);
 	EVP_cleanup();
-#endif
 }
 

src/ssl_utils.h

@@ -9,21 +9,6 @@
 #ifndef _SSL_UTILS
 #define _SSL_UTILS
 
-#ifdef LOPENSSL
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#endif
-
-#ifdef LWOLFSSL
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/sha.h>
-#include <wolfssl/openssl/evp.h>
-#endif
-
-#ifdef LMBEDTLS
-#include <mbedtls/md.h>
-#endif
-
 #include <libubox/list.h>
 
 char *generate_random_string(size_t size);