From patchwork Sun Mar 1 11:51:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastian Germann X-Patchwork-Id: 1247271 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::53a; helo=mail-ed1-x53a.google.com; envelope-from=swupdate+bncbcoztveauabbbswd53zakgqektmlu4q@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=fishpost.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20161025 header.b=jXs+KtXO; dkim-atps=neutral Received: from mail-ed1-x53a.google.com (mail-ed1-x53a.google.com [IPv6:2a00:1450:4864:20::53a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48VhSt4ZyZz9sSH for ; Sun, 1 Mar 2020 22:51:42 +1100 (AEDT) Received: by mail-ed1-x53a.google.com with SMTP id p21sf5610125edr.22 for ; Sun, 01 Mar 2020 03:51:42 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1583063498; cv=pass; d=google.com; s=arc-20160816; b=0vdo/OsKHfhwO9SlWs20K8TT8zOj5u1yGzre4SAdLoU8ycgZ5oAioKWLiIbZjf6QEy JSsjMZy7z8fcU85iz/SnRPfhnnfWtiAVPgX2tJnIb1TDjklKRuncFeNNK08QdNGLzG70 ZV+TMzOas6TtjiJbJqCDZeK8NdO9QaAG3JKKtajYg7kmd0A1v7xwJFpoGJ3lMPSme21f WwQH1orFu4nKm17QO1IoS8pe9rW3Ex9ybiMb6/QoDaAj4YMvwNr/Jcq4fa7ZXuy44Wm+ ZUZCTq+7QK6Un9pXwWC14XD+33lY8gPeqm5V2ZojkWeRE9itixsqqcolAxZw9uVKeq9k 5DDA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature; bh=KwSthAA3U1TUzaBbbpj5cecxX7fNzD97d2ZjJhBdPys=; b=B4D2njS79TKlvDp4VHa/IfmxECRNBIfz4Xbbv7k8MnSNKnh7VTKkLji3BITaw6Wvbt mMZJNm+AWVuiMBhcAf26LeTuSIGhJOFHOX/DPS6KrxI8kkLyBei0Td3VjsP8cenFP8YI +mszX1PwFKYiPXOYh/TPvxO1Hl0kNYnYSaRUfRQFGI5OLXEplyuQmYfX7BwpIysOSKS3 Vrp550/ie/c2S39rEY6/jJoOYzRFKXwikfJLf3VIb3Qqx2K6nKKoJXvbqrsHJJXH6gIk XUrK9/3w7soayAriK8/hIx186u1pEs+DamcQR8dqTp2xMr9hf2E0+e6f7W9lUcBYwvvk H6Vg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@fishpost-de.20150623.gappssmtp.com header.s=20150623 header.b=UR9JyL+7; spf=neutral (google.com: 2a00:1450:4864:20::444 is neither permitted nor denied by best guess record for domain of bastiangermann@fishpost.de) smtp.mailfrom=bastiangermann@fishpost.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=KwSthAA3U1TUzaBbbpj5cecxX7fNzD97d2ZjJhBdPys=; b=jXs+KtXOi7bW27pnPGWTrdyUo/jR6JzMVC/4s4jFAZwFzsy9G0NpyYbOpiFOOcWssn s/QnVKbO8OAoLPM8TbeoQQ5GcYWMR54StWDHS61ib7morPR5l5ji4BvfDvsXC1Upu5ew BKELXrGQFcSp6Phue/3lVpmG4n1fy8PCpvBaKxsxC/6TpPRzJjNBh5zZ7YB2FuO5LsRf 4hKBbcvcKtTazZ7AoPqEFTW/fMjsWxTXCF5pZl4IS9RCFlim8X0c/Qw3W6/qI8o8bJxI 6pg7mO8EDp8jkJ8I3TSTp7ED5oSoCHhEOFafWSDiDQCQYCK56EPpiylOF689jBEnBySV 70Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=KwSthAA3U1TUzaBbbpj5cecxX7fNzD97d2ZjJhBdPys=; b=Xo0hkCYe0h5IY7m/Tv+yPa8Ch50wzeUTehmKMc25hTUt2MawviQ+XPwHVa98fxfTow SzVTx4kZGc/jiW5d7axjdrrh7KvvAkS4Brt5MKsdxrGnltXu9aJGod7m6aVPvBES1gE6 lJNPufIgDXlhz6qNQDoGcwGl+KaltCch5lFc5AI4OJED/PylZHQNf2zyBCPPvRuaGdq/ OQOLBYXyK9VLW7NdAQ8OBBmyfp0M0HCcsBlcZM3kDK88NbTCcc3XgSjg+lqm0Vtdjzel V82s/e6q6uOtJer/au3zWtHeK+xiLGC17QIQoPP8G1myuevBy6XGd9YSpaRiIb24u6Yl icdA== Sender: swupdate@googlegroups.com X-Gm-Message-State: APjAAAVw5lkvrkhb0/16V+g4zr3qM/yrY+/aR7gpwFQAhz9p2KVZb0Zy lmjuERFeSiGXTiUglGD4bYA= X-Google-Smtp-Source: APXvYqxIFHC99bpreLDyhB3ZX3BqfhLd/HHP+40hmighSfovFj3Hf4mwI5KJxt6O4U0u2UOOdhsInA== X-Received: by 2002:a17:906:489:: with SMTP id f9mr10686417eja.27.1583063498547; Sun, 01 Mar 2020 03:51:38 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a50:9d0b:: with SMTP id v11ls2218083ede.11.gmail; Sun, 01 Mar 2020 03:51:37 -0800 (PST) X-Received: by 2002:a50:93e6:: with SMTP id o93mr12470555eda.153.1583063497743; Sun, 01 Mar 2020 03:51:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583063497; cv=none; d=google.com; s=arc-20160816; b=jVTMdIP+h8vUlI/PHTt/rNrW05nZy2PgwI94W7dQzeVWC7/TG/azGf8oCqmdpAyt9y BBd4HFvlaHElergH+yUMX8OLZBTKEQY+tXffJB6v7H4Lr3xGQ2XqzNBLHIrfnj+zl5wg vcisC8CEsNFE+wGAMkmDR4haGAF853DFYhWTBnkKraZKXAuL8BF15M4m+Q3T8FYenLt5 LjvPrGBKreM5rB1Aw8DVN4qapFa+O7yqbZNc0zYyriNIBRSqA8Mj8DPfVCt8AtZGFt3b 1U8Q0phqNsNhiQ5UdsRcDzhJFEaASZrCqoXb1hJ642AqZ42SbCdBXRYjHDR0Jdg6BDD/ lnLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=RZ/i0BTlvqtNwuBPoeKNFTUfeRQaVJdBuv5I3GKHMsk=; b=FoLA8DPSmUwR02u3IexCRGXqNIaVb8a4KqDqmntMDAB3HqQMJ3/kJPA2LErYaHwyaF uIwR/UDbnhdLfC+lPRiyoBz/ryOaRYzQROd92Fex1GzEVHwE750VJthx/2tDnd4EPHIT N7xEs2mK3blWnjDKlevx+xYfjJ+XVCIn7C94y7meKSGCnWxzlYg4GykVAB2hNFmZn9tq lfe4GDX6WSdh4pw8bBHNxEK8k72HX0nQV6T3P19Klph0bSP2rJYFooDXfL69uVstkC1O L5LI6CXI5spU7RVUeIuPUo7zkWRRGEAXO6SYmBM+nHYjOCgOcaBOTfJQSS5+yLShtRtE ohLA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@fishpost-de.20150623.gappssmtp.com header.s=20150623 header.b=UR9JyL+7; spf=neutral (google.com: 2a00:1450:4864:20::444 is neither permitted nor denied by best guess record for domain of bastiangermann@fishpost.de) smtp.mailfrom=bastiangermann@fishpost.de Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com. [2a00:1450:4864:20::444]) by gmr-mx.google.com with ESMTPS id n1si666164edw.4.2020.03.01.03.51.37 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 01 Mar 2020 03:51:37 -0800 (PST) Received-SPF: neutral (google.com: 2a00:1450:4864:20::444 is neither permitted nor denied by best guess record for domain of bastiangermann@fishpost.de) client-ip=2a00:1450:4864:20::444; Received: by mail-wr1-x444.google.com with SMTP id t11so2518885wrw.5 for ; Sun, 01 Mar 2020 03:51:37 -0800 (PST) X-Received: by 2002:adf:fa05:: with SMTP id m5mr16469582wrr.352.1583063496937; Sun, 01 Mar 2020 03:51:36 -0800 (PST) Received: from thinkbage.fritz.box (dslb-084-059-208-037.084.059.pools.vodafone-ip.de. [84.59.208.37]) by smtp.gmail.com with ESMTPSA id g7sm16311726wrm.72.2020.03.01.03.51.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Mar 2020 03:51:36 -0800 (PST) From: Bastian Germann To: swupdate@googlegroups.com Cc: Bastian Germann Subject: [swupdate] [PATCH 1/2] Replace SURICATTA_SSL with CHANNEL_CURL_SSL Date: Sun, 1 Mar 2020 12:51:29 +0100 Message-Id: <20200301115130.913-1-bastiangermann@fishpost.de> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Original-Sender: bastiangermann@fishpost.de X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@fishpost-de.20150623.gappssmtp.com header.s=20150623 header.b=UR9JyL+7; spf=neutral (google.com: 2a00:1450:4864:20::444 is neither permitted nor denied by best guess record for domain of bastiangermann@fishpost.de) smtp.mailfrom=bastiangermann@fishpost.de Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Suricatta's SSL does not depend on OpenSSL directly. Use the CHANNEL_CURL_SSL config to activate it. Enable it in the example configs with DOWNLOAD_SSL. Signed-off-by: Bastian Germann --- configs/all_handlers_defconfig | 2 +- configs/debian_defconfig | 1 - configs/swuforwarder_defconfig | 2 +- configs/with_ucfw_defconfig | 2 +- corelib/channel_curl.c | 2 +- include/sslapi.h | 2 +- suricatta/Config.in | 11 ----------- suricatta/server_hawkbit.c | 6 +++--- test/test_server_hawkbit.c | 10 +++++----- 9 files changed, 13 insertions(+), 25 deletions(-) diff --git a/configs/all_handlers_defconfig b/configs/all_handlers_defconfig index 4260267..2dc6428 100644 --- a/configs/all_handlers_defconfig +++ b/configs/all_handlers_defconfig @@ -2,10 +2,10 @@ CONFIG_HW_COMPATIBILITY=y CONFIG_LUAPKG="lua5.2" CONFIG_EXTRA_CFLAGS="-g" CONFIG_DOWNLOAD=y +CONFIG_DOWNLOAD_SSL=y CONFIG_HASH_VERIFY=y CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y -CONFIG_SURICATTA_SSL=y CONFIG_WEBSERVER=y CONFIG_MONGOOSESSL=y CONFIG_LUAEXTERNAL=y diff --git a/configs/debian_defconfig b/configs/debian_defconfig index d81d223..4bbfc86 100644 --- a/configs/debian_defconfig +++ b/configs/debian_defconfig @@ -8,7 +8,6 @@ CONFIG_DOWNLOAD_SSL=y CONFIG_SIGNED_IMAGES=y CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y -CONFIG_SURICATTA_SSL=y CONFIG_WEBSERVER=y CONFIG_MONGOOSESSL=y CONFIG_UBIVOL=y diff --git a/configs/swuforwarder_defconfig b/configs/swuforwarder_defconfig index f6dc631..1251a8e 100644 --- a/configs/swuforwarder_defconfig +++ b/configs/swuforwarder_defconfig @@ -4,10 +4,10 @@ CONFIG_LUAPKG="lua5.2" CONFIG_EXTRA_CFLAGS="-g" CONFIG_BOOTLOADER_NONE=y CONFIG_DOWNLOAD=y +CONFIG_DOWNLOAD_SSL=y CONFIG_HASH_VERIFY=y CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y -CONFIG_SURICATTA_SSL=y CONFIG_WEBSERVER=y CONFIG_MONGOOSESSL=y CONFIG_LUAEXTERNAL=y diff --git a/configs/with_ucfw_defconfig b/configs/with_ucfw_defconfig index 6ab9ef5..f4fc107 100644 --- a/configs/with_ucfw_defconfig +++ b/configs/with_ucfw_defconfig @@ -4,10 +4,10 @@ CONFIG_LUAPKG="lua5.2" CONFIG_EXTRA_CFLAGS="-g" CONFIG_BOOTLOADER_NONE=y CONFIG_DOWNLOAD=y +CONFIG_DOWNLOAD_SSL=y CONFIG_HASH_VERIFY=y CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y -CONFIG_SURICATTA_SSL=y CONFIG_WEBSERVER=y CONFIG_MONGOOSESSL=y CONFIG_LUAEXTERNAL=y diff --git a/corelib/channel_curl.c b/corelib/channel_curl.c index c00e994..2785f99 100644 --- a/corelib/channel_curl.c +++ b/corelib/channel_curl.c @@ -77,7 +77,7 @@ channel_t *channel_new(void); channel_op_res_t channel_curl_init(void) { -#if defined(CONFIG_SURICATTA_SSL) || defined(CONFIG_CHANNEL_CURL_SSL) +#if defined(CONFIG_CHANNEL_CURL_SSL) #define CURL_FLAGS CURL_GLOBAL_SSL #else #define CURL_FLAGS CURL_GLOBAL_NOTHING diff --git a/include/sslapi.h b/include/sslapi.h index 17b6d31..12591a3 100644 --- a/include/sslapi.h +++ b/include/sslapi.h @@ -17,7 +17,7 @@ * Let compile when openSSL is not activated */ #if defined(CONFIG_HASH_VERIFY) || defined(CONFIG_ENCRYPTED_IMAGES) || \ - defined(CONFIG_SURICATTA_SSL) || defined(CONFIG_CHANNEL_CURL_SSL) + defined(CONFIG_CHANNEL_CURL_SSL) #if defined(CONFIG_SSL_IMPL_OPENSSL) #include #include diff --git a/suricatta/Config.in b/suricatta/Config.in index 20ac038..8185cc9 100644 --- a/suricatta/Config.in +++ b/suricatta/Config.in @@ -18,17 +18,6 @@ if SURICATTA menu "Features" -config SURICATTA_SSL - bool "SSL support" - default n - depends on HAVE_LIBSSL - depends on HAVE_LIBCRYPTO - help - Enable SSL and checksum verification support in suricatta. - -comment "SSL support needs libcrypto, libssl" - depends on !HAVE_LIBSSL || !HAVE_LIBCRYPTO - choice prompt "Update Status Storage" help diff --git a/suricatta/server_hawkbit.c b/suricatta/server_hawkbit.c index 55f1431..8b5dd70 100644 --- a/suricatta/server_hawkbit.c +++ b/suricatta/server_hawkbit.c @@ -116,7 +116,7 @@ static channel_data_t channel_data_defaults = {.debug = false, .retries = CHANNEL_DEFAULT_RESUME_TRIES, .retry_sleep = CHANNEL_DEFAULT_RESUME_DELAY, -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL .usessl = true, #endif .format = CHANNEL_PARSE_JSON, @@ -946,7 +946,7 @@ server_op_res_t server_process_update_artifact(int action_id, json_object *json_data_artifact_url_http = json_get_path_key( json_data_artifact_item, (const char *[]){"_links", "download-http", "href", NULL}); -#ifndef CONFIG_SURICATTA_SSL +#ifndef CONFIG_CHANNEL_CURL_SSL if (json_data_artifact_url_http == NULL) { server_hawkbit_error("No artifact download HTTP URL reported by " "server."); @@ -1044,7 +1044,7 @@ server_op_res_t server_process_update_artifact(int action_id, goto cleanup_loop; } -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL if (strncmp((char *)&channel_data.sha1hash, json_object_get_string(json_data_artifact_sha1hash), SWUPDATE_SHA_DIGEST_LENGTH) != 0) { diff --git a/test/test_server_hawkbit.c b/test/test_server_hawkbit.c index 69976e5..c927563 100644 --- a/test/test_server_hawkbit.c +++ b/test/test_server_hawkbit.c @@ -91,7 +91,7 @@ extern channel_op_res_t __real_channel_get_file(channel_t *this, void *data); channel_op_res_t __wrap_channel_get_file(channel_t *this, void *data); channel_op_res_t __wrap_channel_get_file(channel_t *this, void *data) { -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL channel_data_t *channel_data = (channel_data_t *)data; strncpy(channel_data->sha1hash, mock_type(char *), SWUPDATE_SHA_DIGEST_LENGTH * 2 + 1); @@ -365,7 +365,7 @@ static void test_server_process_update_artifact(void **state) ); /* clang-format on */ -#ifndef CONFIG_SURICATTA_SSL +#ifndef CONFIG_CHANNEL_CURL_SSL /* Test Case: No HTTP download URL given in JSON. */ json_object *json_data_artifact = json_tokener_parse(json_artifact); assert_int_equal(SERVER_EERR, @@ -374,7 +374,7 @@ static void test_server_process_update_artifact(void **state) "update action", "part", "version", "name")); #endif -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL /* Test Case: Artifact installed successfully. */ json_object *json_data_artifact = json_tokener_parse(json_artifact); will_return(__wrap_channel_get_file, "CAFFEE"); @@ -516,7 +516,7 @@ static void test_server_install_update(void **state) /* Test Case: Update works. */ json_data_update_available = json_tokener_parse(json_reply_update_available); -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL json_data_update_details_valid = json_tokener_parse(json_reply_update_valid_data_https); (void)json_reply_update_valid_data_http; @@ -530,7 +530,7 @@ static void test_server_install_update(void **state) will_return(__wrap_channel_get, json_data_update_details_valid); will_return(__wrap_channel_get, CHANNEL_OK); will_return(__wrap_channel_put, CHANNEL_OK); -#ifdef CONFIG_SURICATTA_SSL +#ifdef CONFIG_CHANNEL_CURL_SSL will_return(__wrap_channel_get_file, "CAFFEE"); #endif will_return(__wrap_channel_get_file, CHANNEL_OK);