Commit Graph

7 Commits

Author SHA1 Message Date
Hauke Mehrtens
3941633dd7 uencrypt: Fix compile warnings
keylen and ivlen are of type long and not size_t.

(cherry picked from commit 0fd9acb471)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-08 21:13:26 +02:00
Eneas U de Queiroz
1781e7408a
uencrypt: split common and library-specific code
This splits the code in 4 files:
 - uencrypt.h
 - uencrypt.c - main program
 - uencrypt-openssl.c - OpenSSL/wolfSSL implementation
 - uencrypt-mbedtls - mbedTLS implementation

Other changes, accounting for ~400 bytes increase in ipk size:
 - more error condition checking and reporting,
 - hide key and iv command line arguments

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-17 17:22:54 -03:00
Eneas U de Queiroz
4662adef2a
uencrypt: add support for mbedtls
This commit includes some additional changes:
 - better handling of iv and keys in openssl/wolfssl variants
 - fix compiler warnings and whitespace
 - build all 3 variants as separate packages
 - adjust the new package name in targets' DEVICE_PACKAGES
 - remove PKG_FLAGS:=nonshared

[Beeline SmartBox Flash - OK]
Tested-by: Mikhail Zhilkin <csharper2005@gmail.com>
[after test: replaced a hardcoded IV size of 16 by cipher_info->iv_size]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-17 17:22:53 -03:00
Hauke Mehrtens
ee47a28cec treewide: Trigger reinstall of all wolfssl dependencies
The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-01 21:06:54 +01:00
Petr Štetiar
f1b7e1434f treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-03 17:52:06 +02:00
Nick French
764600648f
uencrypt: support all available ciphers
Modify uencrypt to support any cipher provided by ssl library.

Original tool supported only AES-128-CBC to decrypt the config
mtd of Arcadyan WG430223/WG443223.

TP-Link Deco S4 has mtd configuration encrypted with DES-ECB,
so make the cipher generic to support both routers.

Signed-off-by: Nick French <nickfrench@gmail.com>
Reviewed-by: Eneas U de Queiroz >cotequeiroz@gmail.com>
2022-08-19 22:20:00 +02:00
Eneas U de Queiroz
bc43ad88ed
uencrypt: add package to decrypt WG4хх223 config
This adds a simple AES-128-CBC encryption/decryption program using
either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223
configuration partitions.  The ipk size is 3,355 bytes.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-07-19 14:53:29 +02:00