Message ID | 20200301115130.913-1-bastiangermann@fishpost.de |
---|---|
State | Changes Requested |
Headers | show |
Series | [1/2] Replace SURICATTA_SSL with CHANNEL_CURL_SSL | expand |
Hi Bastian. On 01.03.20 12:51, Bastian Germann wrote: > Suricatta's SSL does not depend on OpenSSL directly. > Use the CHANNEL_CURL_SSL config to activate it. > Enable it in the example configs with DOWNLOAD_SSL. > I understand the issue but not the solution. Suricatta SSL should enable the CHANNEL_CURL_SSL instead of to be replaced. See for the other subsystems, for example download: config DOWNLOAD_SSL bool "Enable SSL support for image downloading" default n depends on DOWNLOAD depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS select CHANNEL_CURL_SSL That is, should not be enough this one: diff --git a/suricatta/Config.in b/suricatta/Config.in index 20ac038..2e46f06 100644 --- a/suricatta/Config.in +++ b/suricatta/Config.in @@ -23,6 +23,7 @@ config SURICATTA_SSL default n depends on HAVE_LIBSSL depends on HAVE_LIBCRYPTO + select CHANNEL_CURL_SSL help Enable SSL and checksum verification support in suricatta. Best regards, Stefano Babic > Signed-off-by: Bastian Germann <bastiangermann@fishpost.de> > --- > configs/all_handlers_defconfig | 2 +- > configs/debian_defconfig | 1 - > configs/swuforwarder_defconfig | 2 +- > configs/with_ucfw_defconfig | 2 +- > corelib/channel_curl.c | 2 +- > include/sslapi.h | 2 +- > suricatta/Config.in | 11 ----------- > suricatta/server_hawkbit.c | 6 +++--- > test/test_server_hawkbit.c | 10 +++++----- > 9 files changed, 13 insertions(+), 25 deletions(-) > > diff --git a/configs/all_handlers_defconfig b/configs/all_handlers_defconfig > index 4260267..2dc6428 100644 > --- a/configs/all_handlers_defconfig > +++ b/configs/all_handlers_defconfig > @@ -2,10 +2,10 @@ CONFIG_HW_COMPATIBILITY=y > CONFIG_LUAPKG="lua5.2" > CONFIG_EXTRA_CFLAGS="-g" > CONFIG_DOWNLOAD=y > +CONFIG_DOWNLOAD_SSL=y > CONFIG_HASH_VERIFY=y > CONFIG_ENCRYPTED_IMAGES=y > CONFIG_SURICATTA=y > -CONFIG_SURICATTA_SSL=y > CONFIG_WEBSERVER=y > CONFIG_MONGOOSESSL=y > CONFIG_LUAEXTERNAL=y > diff --git a/configs/debian_defconfig b/configs/debian_defconfig > index d81d223..4bbfc86 100644 > --- a/configs/debian_defconfig > +++ b/configs/debian_defconfig > @@ -8,7 +8,6 @@ CONFIG_DOWNLOAD_SSL=y > CONFIG_SIGNED_IMAGES=y > CONFIG_ENCRYPTED_IMAGES=y > CONFIG_SURICATTA=y > -CONFIG_SURICATTA_SSL=y > CONFIG_WEBSERVER=y > CONFIG_MONGOOSESSL=y > CONFIG_UBIVOL=y > diff --git a/configs/swuforwarder_defconfig b/configs/swuforwarder_defconfig > index f6dc631..1251a8e 100644 > --- a/configs/swuforwarder_defconfig > +++ b/configs/swuforwarder_defconfig > @@ -4,10 +4,10 @@ CONFIG_LUAPKG="lua5.2" > CONFIG_EXTRA_CFLAGS="-g" > CONFIG_BOOTLOADER_NONE=y > CONFIG_DOWNLOAD=y > +CONFIG_DOWNLOAD_SSL=y > CONFIG_HASH_VERIFY=y > CONFIG_ENCRYPTED_IMAGES=y > CONFIG_SURICATTA=y > -CONFIG_SURICATTA_SSL=y > CONFIG_WEBSERVER=y > CONFIG_MONGOOSESSL=y > CONFIG_LUAEXTERNAL=y > diff --git a/configs/with_ucfw_defconfig b/configs/with_ucfw_defconfig > index 6ab9ef5..f4fc107 100644 > --- a/configs/with_ucfw_defconfig > +++ b/configs/with_ucfw_defconfig > @@ -4,10 +4,10 @@ CONFIG_LUAPKG="lua5.2" > CONFIG_EXTRA_CFLAGS="-g" > CONFIG_BOOTLOADER_NONE=y > CONFIG_DOWNLOAD=y > +CONFIG_DOWNLOAD_SSL=y > CONFIG_HASH_VERIFY=y > CONFIG_ENCRYPTED_IMAGES=y > CONFIG_SURICATTA=y > -CONFIG_SURICATTA_SSL=y > CONFIG_WEBSERVER=y > CONFIG_MONGOOSESSL=y > CONFIG_LUAEXTERNAL=y > diff --git a/corelib/channel_curl.c b/corelib/channel_curl.c > index c00e994..2785f99 100644 > --- a/corelib/channel_curl.c > +++ b/corelib/channel_curl.c > @@ -77,7 +77,7 @@ channel_t *channel_new(void); > > channel_op_res_t channel_curl_init(void) > { > -#if defined(CONFIG_SURICATTA_SSL) || defined(CONFIG_CHANNEL_CURL_SSL) > +#if defined(CONFIG_CHANNEL_CURL_SSL) > #define CURL_FLAGS CURL_GLOBAL_SSL > #else > #define CURL_FLAGS CURL_GLOBAL_NOTHING > diff --git a/include/sslapi.h b/include/sslapi.h > index 17b6d31..12591a3 100644 > --- a/include/sslapi.h > +++ b/include/sslapi.h > @@ -17,7 +17,7 @@ > * Let compile when openSSL is not activated > */ > #if defined(CONFIG_HASH_VERIFY) || defined(CONFIG_ENCRYPTED_IMAGES) || \ > - defined(CONFIG_SURICATTA_SSL) || defined(CONFIG_CHANNEL_CURL_SSL) > + defined(CONFIG_CHANNEL_CURL_SSL) > #if defined(CONFIG_SSL_IMPL_OPENSSL) > #include <openssl/bio.h> > #include <openssl/objects.h> > diff --git a/suricatta/Config.in b/suricatta/Config.in > index 20ac038..8185cc9 100644 > --- a/suricatta/Config.in > +++ b/suricatta/Config.in > @@ -18,17 +18,6 @@ if SURICATTA > > menu "Features" > > -config SURICATTA_SSL > - bool "SSL support" > - default n > - depends on HAVE_LIBSSL > - depends on HAVE_LIBCRYPTO > - help > - Enable SSL and checksum verification support in suricatta. > - > -comment "SSL support needs libcrypto, libssl" > - depends on !HAVE_LIBSSL || !HAVE_LIBCRYPTO > - > choice > prompt "Update Status Storage" > help > diff --git a/suricatta/server_hawkbit.c b/suricatta/server_hawkbit.c > index 55f1431..8b5dd70 100644 > --- a/suricatta/server_hawkbit.c > +++ b/suricatta/server_hawkbit.c > @@ -116,7 +116,7 @@ static channel_data_t channel_data_defaults = {.debug = false, > .retries = CHANNEL_DEFAULT_RESUME_TRIES, > .retry_sleep = > CHANNEL_DEFAULT_RESUME_DELAY, > -#ifdef CONFIG_SURICATTA_SSL > +#ifdef CONFIG_CHANNEL_CURL_SSL > .usessl = true, > #endif > .format = CHANNEL_PARSE_JSON, > @@ -946,7 +946,7 @@ server_op_res_t server_process_update_artifact(int action_id, > json_object *json_data_artifact_url_http = json_get_path_key( > json_data_artifact_item, > (const char *[]){"_links", "download-http", "href", NULL}); > -#ifndef CONFIG_SURICATTA_SSL > +#ifndef CONFIG_CHANNEL_CURL_SSL > if (json_data_artifact_url_http == NULL) { > server_hawkbit_error("No artifact download HTTP URL reported by " > "server."); > @@ -1044,7 +1044,7 @@ server_op_res_t server_process_update_artifact(int action_id, > goto cleanup_loop; > } > > -#ifdef CONFIG_SURICATTA_SSL > +#ifdef CONFIG_CHANNEL_CURL_SSL > if (strncmp((char *)&channel_data.sha1hash, > json_object_get_string(json_data_artifact_sha1hash), > SWUPDATE_SHA_DIGEST_LENGTH) != 0) { > diff --git a/test/test_server_hawkbit.c b/test/test_server_hawkbit.c > index 69976e5..c927563 100644 > --- a/test/test_server_hawkbit.c > +++ b/test/test_server_hawkbit.c > @@ -91,7 +91,7 @@ extern channel_op_res_t __real_channel_get_file(channel_t *this, void *data); > channel_op_res_t __wrap_channel_get_file(channel_t *this, void *data); > channel_op_res_t __wrap_channel_get_file(channel_t *this, void *data) > { > -#ifdef CONFIG_SURICATTA_SSL > +#ifdef CONFIG_CHANNEL_CURL_SSL > channel_data_t *channel_data = (channel_data_t *)data; > strncpy(channel_data->sha1hash, mock_type(char *), > SWUPDATE_SHA_DIGEST_LENGTH * 2 + 1); > @@ -365,7 +365,7 @@ static void test_server_process_update_artifact(void **state) > ); > /* clang-format on */ > > -#ifndef CONFIG_SURICATTA_SSL > +#ifndef CONFIG_CHANNEL_CURL_SSL > /* Test Case: No HTTP download URL given in JSON. */ > json_object *json_data_artifact = json_tokener_parse(json_artifact); > assert_int_equal(SERVER_EERR, > @@ -374,7 +374,7 @@ static void test_server_process_update_artifact(void **state) > "update action", "part", "version", "name")); > #endif > > -#ifdef CONFIG_SURICATTA_SSL > +#ifdef CONFIG_CHANNEL_CURL_SSL > /* Test Case: Artifact installed successfully. */ > json_object *json_data_artifact = json_tokener_parse(json_artifact); > will_return(__wrap_channel_get_file, "CAFFEE"); > @@ -516,7 +516,7 @@ static void test_server_install_update(void **state) > /* Test Case: Update works. */ > json_data_update_available = > json_tokener_parse(json_reply_update_available); > -#ifdef CONFIG_SURICATTA_SSL > +#ifdef CONFIG_CHANNEL_CURL_SSL > json_data_update_details_valid = > json_tokener_parse(json_reply_update_valid_data_https); > (void)json_reply_update_valid_data_http; > @@ -530,7 +530,7 @@ static void test_server_install_update(void **state) > will_return(__wrap_channel_get, json_data_update_details_valid); > will_return(__wrap_channel_get, CHANNEL_OK); > will_return(__wrap_channel_put, CHANNEL_OK); > -#ifdef CONFIG_SURICATTA_SSL > +#ifdef CONFIG_CHANNEL_CURL_SSL > will_return(__wrap_channel_get_file, "CAFFEE"); > #endif > will_return(__wrap_channel_get_file, CHANNEL_OK); >
diff --git a/configs/all_handlers_defconfig b/configs/all_handlers_defconfig index 4260267..2dc6428 100644 --- a/configs/all_handlers_defconfig +++ b/configs/all_handlers_defconfig @@ -2,10 +2,10 @@ CONFIG_HW_COMPATIBILITY=y CONFIG_LUAPKG="lua5.2" CONFIG_EXTRA_CFLAGS="-g" CONFIG_DOWNLOAD=y +CONFIG_DOWNLOAD_SSL=y CONFIG_HASH_VERIFY=y CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y -CONFIG_SURICATTA_SSL=y CONFIG_WEBSERVER=y CONFIG_MONGOOSESSL=y CONFIG_LUAEXTERNAL=y diff --git a/configs/debian_defconfig b/configs/debian_defconfig index d81d223..4bbfc86 100644 --- a/configs/debian_defconfig +++ b/configs/debian_defconfig @@ -8,7 +8,6 @@ CONFIG_DOWNLOAD_SSL=y CONFIG_SIGNED_IMAGES=y CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y -CONFIG_SURICATTA_SSL=y CONFIG_WEBSERVER=y CONFIG_MONGOOSESSL=y CONFIG_UBIVOL=y diff --git a/configs/swuforwarder_defconfig b/configs/swuforwarder_defconfig index f6dc631..1251a8e 100644 --- a/configs/swuforwarder_defconfig +++ b/configs/swuforwarder_defconfig @@ -4,10 +4,10 @@ CONFIG_LUAPKG="lua5.2" CONFIG_EXTRA_CFLAGS="-g" CONFIG_BOOTLOADER_NONE=y CONFIG_DOWNLOAD=y +CONFIG_DOWNLOAD_SSL=y CONFIG_HASH_VERIFY=y CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y -CONFIG_SURICATTA_SSL=y CONFIG_WEBSERVER=y CONFIG_MONGOOSESSL=y CONFIG_LUAEXTERNAL=y diff --git a/configs/with_ucfw_defconfig b/configs/with_ucfw_defconfig index 6ab9ef5..f4fc107 100644 --- a/configs/with_ucfw_defconfig +++ b/configs/with_ucfw_defconfig @@ -4,10 +4,10 @@ CONFIG_LUAPKG="lua5.2" CONFIG_EXTRA_CFLAGS="-g" CONFIG_BOOTLOADER_NONE=y CONFIG_DOWNLOAD=y +CONFIG_DOWNLOAD_SSL=y CONFIG_HASH_VERIFY=y CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y -CONFIG_SURICATTA_SSL=y CONFIG_WEBSERVER=y CONFIG_MONGOOSESSL=y CONFIG_LUAEXTERNAL=y diff --git a/corelib/channel_curl.c b/corelib/channel_curl.c index c00e994..2785f99 100644 --- a/corelib/channel_curl.c +++ b/corelib/channel_curl.c @@ -77,7 +77,7 @@ channel_t *channel_new(void); channel_op_res_t channel_curl_init(void) { -#if defined(CONFIG_SURICATTA_SSL) || defined(CONFIG_CHANNEL_CURL_SSL) +#if defined(CONFIG_CHANNEL_CURL_SSL) #define CURL_FLAGS CURL_GLOBAL_SSL #else #define CURL_FLAGS CURL_GLOBAL_NOTHING diff --git a/include/sslapi.h b/include/sslapi.h index 17b6d31..12591a3 100644 --- a/include/sslapi.h +++ b/include/sslapi.h @@ -17,7 +17,7 @@ * Let compile when openSSL is not activated */ #if defined(CONFIG_HASH_VERIFY) || defined(CONFIG_ENCRYPTED_IMAGES) || \ - defined(CONFIG_SURICATTA_SSL) || defined(CONFIG_CHANNEL_CURL_SSL) + defined(CONFIG_CHANNEL_CURL_SSL) #if defined(CONFIG_SSL_IMPL_OPENSSL) #include <openssl/bio.h> #include <openssl/objects.h> diff --git a/suricatta/Config.in b/suricatta/Config.in index 20ac038..8185cc9 100644 --- a/suricatta/Config.in +++ b/suricatta/Config.in @@ -18,17 +18,6 @@ if SURICATTA menu "Features" -config SURICATTA_SSL - bool "SSL support" - default n - depends on HAVE_LIBSSL - depends on HAVE_LIBCRYPTO - help - Enable SSL and checksum verification support in suricatta. - -comment "SSL support needs libcrypto, libssl" - depends on !HAVE_LIBSSL || !HAVE_LIBCRYPTO - choice prompt "Update Status Storage" help diff --git a/suricatta/server_hawkbit.c b/suricatta/server_hawkbit.c index 55f1431..8b5dd70 100644 --- a/suricatta/server_hawkbit.c +++ b/suricatta/server_hawkbit.c @@ -116,7 +116,7 @@ static channel_data_t channel_data_defaults = {.debug = false, .retries = CHANNEL_DEFAULT_RESUME_TRIES, .retry_sleep = CHANNEL_DEFAULT_RESUME_DELAY, -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL .usessl = true, #endif .format = CHANNEL_PARSE_JSON, @@ -946,7 +946,7 @@ server_op_res_t server_process_update_artifact(int action_id, json_object *json_data_artifact_url_http = json_get_path_key( json_data_artifact_item, (const char *[]){"_links", "download-http", "href", NULL}); -#ifndef CONFIG_SURICATTA_SSL +#ifndef CONFIG_CHANNEL_CURL_SSL if (json_data_artifact_url_http == NULL) { server_hawkbit_error("No artifact download HTTP URL reported by " "server."); @@ -1044,7 +1044,7 @@ server_op_res_t server_process_update_artifact(int action_id, goto cleanup_loop; } -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL if (strncmp((char *)&channel_data.sha1hash, json_object_get_string(json_data_artifact_sha1hash), SWUPDATE_SHA_DIGEST_LENGTH) != 0) { diff --git a/test/test_server_hawkbit.c b/test/test_server_hawkbit.c index 69976e5..c927563 100644 --- a/test/test_server_hawkbit.c +++ b/test/test_server_hawkbit.c @@ -91,7 +91,7 @@ extern channel_op_res_t __real_channel_get_file(channel_t *this, void *data); channel_op_res_t __wrap_channel_get_file(channel_t *this, void *data); channel_op_res_t __wrap_channel_get_file(channel_t *this, void *data) { -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL channel_data_t *channel_data = (channel_data_t *)data; strncpy(channel_data->sha1hash, mock_type(char *), SWUPDATE_SHA_DIGEST_LENGTH * 2 + 1); @@ -365,7 +365,7 @@ static void test_server_process_update_artifact(void **state) ); /* clang-format on */ -#ifndef CONFIG_SURICATTA_SSL +#ifndef CONFIG_CHANNEL_CURL_SSL /* Test Case: No HTTP download URL given in JSON. */ json_object *json_data_artifact = json_tokener_parse(json_artifact); assert_int_equal(SERVER_EERR, @@ -374,7 +374,7 @@ static void test_server_process_update_artifact(void **state) "update action", "part", "version", "name")); #endif -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL /* Test Case: Artifact installed successfully. */ json_object *json_data_artifact = json_tokener_parse(json_artifact); will_return(__wrap_channel_get_file, "CAFFEE"); @@ -516,7 +516,7 @@ static void test_server_install_update(void **state) /* Test Case: Update works. */ json_data_update_available = json_tokener_parse(json_reply_update_available); -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL json_data_update_details_valid = json_tokener_parse(json_reply_update_valid_data_https); (void)json_reply_update_valid_data_http; @@ -530,7 +530,7 @@ static void test_server_install_update(void **state) will_return(__wrap_channel_get, json_data_update_details_valid); will_return(__wrap_channel_get, CHANNEL_OK); will_return(__wrap_channel_put, CHANNEL_OK); -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL will_return(__wrap_channel_get_file, "CAFFEE"); #endif will_return(__wrap_channel_get_file, CHANNEL_OK);
Suricatta's SSL does not depend on OpenSSL directly. Use the CHANNEL_CURL_SSL config to activate it. Enable it in the example configs with DOWNLOAD_SSL. Signed-off-by: Bastian Germann <bastiangermann@fishpost.de> --- configs/all_handlers_defconfig | 2 +- configs/debian_defconfig | 1 - configs/swuforwarder_defconfig | 2 +- configs/with_ucfw_defconfig | 2 +- corelib/channel_curl.c | 2 +- include/sslapi.h | 2 +- suricatta/Config.in | 11 ----------- suricatta/server_hawkbit.c | 6 +++--- test/test_server_hawkbit.c | 10 +++++----- 9 files changed, 13 insertions(+), 25 deletions(-)