[PATCH 08/41] Drop verify_signature_mbedtls.c

66 views
Skip to first unread message

Stefano Babic

unread,
Jul 22, 2025, 2:00:34 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/verify_signature_mbedtls.c | 141 ------------------------------
1 file changed, 141 deletions(-)
delete mode 100644 crypto/verify_signature_mbedtls.c

diff --git a/crypto/verify_signature_mbedtls.c b/crypto/verify_signature_mbedtls.c
deleted file mode 100644
index 607ac46f..00000000
--- a/crypto/verify_signature_mbedtls.c
+++ /dev/null
@@ -1,141 +0,0 @@
-// SPDX-FileCopyrightText: 2019 Laszlo Ashin <las...@ashin.hu>
-//
-// SPDX-License-Identifier: GPL-2.0-only
-
-#include <ctype.h>
-#include <errno.h>
-#include <mbedtls/version.h>
-#include <stdlib.h>
-
-#include "sslapi.h"
-#include "util.h"
-#include "swupdate.h"
-
-static char *algo_upper(const char *algo)
-{
- static char result[16];
- unsigned i;
-
- for (i = 0; algo[i] && (i < sizeof(result) - 1); ++i) {
- result[i] = toupper(algo[i]);
- }
- result[i] = '\0';
- return result;
-}
-
-struct swupdate_digest *swupdate_HASH_init(const char *algo)
-{
- struct swupdate_digest *dgst;
- int error;
-
- const mbedtls_md_info_t *info = mbedtls_md_info_from_string(algo_upper(algo));
- if (!info) {
- ERROR("mbedtls_md_info_from_string(\"%s\")", algo);
- return NULL;
- }
-
- dgst = calloc(1, sizeof(*dgst));
- if (!dgst) {
- return NULL;
- }
-
- mbedtls_md_init(&dgst->mbedtls_md_context);
-
- error = mbedtls_md_setup(&dgst->mbedtls_md_context, info, 0);
- if (error) {
- ERROR("mbedtls_md_setup: %d", error);
- goto fail;
- }
-
- error = mbedtls_md_starts(&dgst->mbedtls_md_context);
- if (error) {
- ERROR("mbedtls_md_starts: %d", error);
- goto fail;
- }
-
- return dgst;
-
-fail:
- free(dgst);
- return 0;
-}
-
-int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
- size_t len)
-{
- if (!dgst) {
- return -EFAULT;
- }
-
- const int error = mbedtls_md_update(&dgst->mbedtls_md_context, buf, len);
- if (error) {
- ERROR("mbedtls_md_update: %d", error);
- return -EIO;
- }
-
- return 0;
-}
-
-int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
- unsigned int *md_len)
-{
- if (!dgst) {
- return -EFAULT;
- }
-
- int error = mbedtls_md_finish(&dgst->mbedtls_md_context, md_value);
- if (error) {
- return -EINVAL;
- }
- if (md_len) {
-#if MBEDTLS_VERSION_NUMBER >= 0x03020000
- *md_len = mbedtls_md_get_size(mbedtls_md_info_from_ctx(&dgst->mbedtls_md_context));
-#else
- *md_len = mbedtls_md_get_size(dgst->mbedtls_md_context.md_info);
-#endif
- }
- return 1;
-
-}
-
-void swupdate_HASH_cleanup(struct swupdate_digest *dgst)
-{
- if (!dgst) {
- return;
- }
-
- mbedtls_md_free(&dgst->mbedtls_md_context);
- free(dgst);
-}
-
-/*
- * Just a wrap function to memcmp
- */
-int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
-{
- return memcmp(hash1, hash2, SHA256_HASH_LENGTH) ? -1 : 0;
-}
-
-int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
-{
- struct swupdate_digest *dgst;
-
- dgst = calloc(1, sizeof(*dgst));
- if (!dgst) {
- return -ENOMEM;
- }
-
-#ifdef CONFIG_SIGNED_IMAGES
- mbedtls_pk_init(&dgst->mbedtls_pk_context);
-
- int error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile);
- if (error) {
- ERROR("mbedtls_pk_parse_public_keyfile: %d", error);
- free(dgst);
- return -EIO;
- }
-#endif
-
- sw->dgst = dgst;
- return 0;
-}
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:35 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
It is current possible to select one crypto library between mbedTLS,
openSSL and WolfSSL, but they are mixing up the algorithms that can be
used. Setting pkcs#11 constraints to use WolfSSL, but it should be
possible to introduce same method to retrieve the key for other
libraries. This starts to cleanup the crypto functions in SWUpdate, and
allows to register different crypto libraries, later at the same time.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
core/Makefile | 1 +
core/crypto.c | 257 ++++++++++++++++++++++++++++++++++++++
include/swupdate_crypto.h | 78 ++++++++++++
3 files changed, 336 insertions(+)
create mode 100644 core/crypto.c
create mode 100644 include/swupdate_crypto.h

diff --git a/core/Makefile b/core/Makefile
index 666e1dd5..1ef31136 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -10,6 +10,7 @@

obj-y += swupdate.o \
cpio_utils.o \
+ crypto.o \
notifier.o \
handler.o \
bootloader.o \
diff --git a/core/crypto.c b/core/crypto.c
new file mode 100644
index 00000000..cce6884e
--- /dev/null
+++ b/core/crypto.c
@@ -0,0 +1,257 @@
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefan...@swupdate.org.
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ *
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <util.h>
+#include "swupdate_crypto.h"
+
+typedef enum {
+ DECRYPTLIB,
+ HASHLIB,
+ DGSTLIB
+} crypto_lib_t;
+
+#define NUMLIBS (DGSTLIB + 1)
+
+const char *libdesc[] = {
+ "decrypt",
+ "hash",
+ "verify"
+};
+
+/*
+ * Reused from bootloader
+ */
+typedef struct {
+ const char *name;
+ void *lib;
+} entry;
+
+static entry *current[NUMLIBS] = {NULL, NULL, NULL};
+static entry *available[NUMLIBS] = {NULL, NULL, NULL};
+static unsigned int num_available [] = {0 , 0, 0};
+
+static int register_lib(const char *name, crypto_lib_t type, void *lib)
+{
+ int num = num_available[type];
+ entry *avail = available[type];
+ entry *tmp = realloc(avail, (num + 1) * sizeof(entry));
+ if (!tmp) {
+ return -ENOMEM;
+ }
+ tmp[num].name = (char*)name;
+ tmp[num].lib = lib;
+ num_available[type]++;
+ available[type] = tmp;
+ current[type] = available[type];
+ return 0;
+}
+
+static int setlib(const char *name, crypto_lib_t type)
+{
+ int num = num_available[type];
+ entry *elem;
+
+ if (!name) {
+ return -ENOENT;
+ }
+ elem = available[type];
+ for (unsigned int i = 0; i < num; i++) {
+ if (elem[i].lib &&
+ (strcmp(elem[i].name, name) == 0)) {
+ current[type] = &elem[i];
+ return 0;
+ }
+ }
+ return -ENOENT;
+}
+
+static const char* getlib(crypto_lib_t type)
+{
+ return current[type] ? current[type]->name : NULL;
+}
+
+int register_cryptolib(const char *name, swupdate_decrypt_lib *lib)
+{
+ return register_lib(name, DECRYPTLIB, lib);
+}
+
+int register_hashlib(const char *name, swupdate_HASH_lib *lib)
+{
+ return register_lib(name, HASHLIB, lib);
+}
+
+int register_dgstlib(const char *name, swupdate_dgst_lib *lib)
+{
+ return register_lib(name, DGSTLIB, lib);
+}
+
+int set_cryptolib(const char *name)
+{
+ return setlib(name, DECRYPTLIB);
+}
+
+int set_HASHlib(const char *name)
+{
+ return setlib(name, HASHLIB);
+}
+
+int set_dgstlib(const char *name)
+{
+ return setlib(name, DGSTLIB);
+}
+
+const char* get_cryptolib(void)
+{
+ return getlib(DECRYPTLIB);
+}
+
+const char* get_HASHlib(void)
+{
+ return getlib(HASHLIB);
+}
+
+const char* get_dgstlib(void)
+{
+ return getlib(DGSTLIB);
+}
+
+void print_registered_cryptolib(void)
+{
+ INFO("Registered Crypto Providers:");
+
+ for (int type = 0; type < NUMLIBS; type++) {
+ int num = num_available[type];
+ entry *elem = available[type];
+ entry *cur = current[type];
+ if (num > 0) {
+ INFO("\tProvider for %s", libdesc[type]);
+ }
+ for (unsigned int i = 0; i < num; i++) {
+ INFO("\t\t%s%s", elem[i].name, cur == &elem[i] ? "*" : "");
+ }
+ }
+}
+
+struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv)
+{
+ swupdate_decrypt_lib *lib;
+ if (!get_cryptolib())
+ return NULL;
+
+ lib = (swupdate_decrypt_lib *)current[DECRYPTLIB]->lib;
+ return lib->DECRYPT_init(key, keylen, iv);
+}
+
+int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
+ int *outlen, const unsigned char *cryptbuf, int inlen)
+{
+ swupdate_decrypt_lib *lib;
+ if (!get_cryptolib())
+ return -EINVAL;
+
+ lib = (swupdate_decrypt_lib *)current[DECRYPTLIB]->lib;
+ return lib->DECRYPT_update(dgst, buf, outlen, cryptbuf, inlen);
+}
+
+int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf, int *outlen)
+{
+ swupdate_decrypt_lib *lib;
+ if (!get_cryptolib())
+ return -EINVAL;
+ lib = (swupdate_decrypt_lib *)current[DECRYPTLIB]->lib;
+ return lib->DECRYPT_final(dgst, buf, outlen);
+}
+
+void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst)
+{
+ swupdate_decrypt_lib *lib;
+ if (!get_cryptolib())
+ return;
+ lib = (swupdate_decrypt_lib *)current[DECRYPTLIB]->lib;
+ return lib->DECRYPT_cleanup(dgst);
+}
+
+struct swupdate_digest *swupdate_HASH_init(const char *SHAlength)
+{
+ swupdate_HASH_lib *lib;
+
+ if (!get_HASHlib())
+ return NULL;
+ lib = (swupdate_HASH_lib *)current[HASHLIB]->lib;
+
+ return lib->HASH_init(SHAlength);
+}
+
+int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf, size_t len)
+{
+ swupdate_HASH_lib *lib;
+
+ if (!get_HASHlib())
+ return -EFAULT;
+ lib = (swupdate_HASH_lib *)current[HASHLIB]->lib;
+
+ return lib->HASH_update(dgst, buf, len);
+}
+
+int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value, unsigned int *md_len)
+{
+ swupdate_HASH_lib *lib;
+
+ if (!get_HASHlib())
+ return -EFAULT;
+ lib = (swupdate_HASH_lib *)current[HASHLIB]->lib;
+
+ return lib->HASH_final(dgst, md_value, md_len);
+}
+
+int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
+{
+ swupdate_HASH_lib *lib;
+
+ if (!get_HASHlib())
+ return -EFAULT;
+ lib = (swupdate_HASH_lib *)current[HASHLIB]->lib;
+
+ return lib->HASH_compare(hash1, hash2);
+}
+
+void swupdate_HASH_cleanup(struct swupdate_digest *dgst)
+{
+ swupdate_HASH_lib *lib;
+
+ if (!get_HASHlib())
+ return;
+ lib = (swupdate_HASH_lib *)current[HASHLIB]->lib;
+
+ lib->HASH_cleanup(dgst);
+}
+
+int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ swupdate_dgst_lib *lib;
+
+ if (!get_dgstlib())
+ return -EFAULT;
+ lib = (swupdate_dgst_lib *)current[DGSTLIB]->lib;
+
+ return lib->dgst_init(sw, keyfile);
+}
+
+int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+ const char *file, const char *signer_name)
+{
+ swupdate_dgst_lib *lib;
+
+ if (!get_dgstlib())
+ return -EFAULT;
+ lib = (swupdate_dgst_lib *)current[DGSTLIB]->lib;
+
+ return lib->verify_file(dgst, sigfile, file, signer_name);
+}
diff --git a/include/swupdate_crypto.h b/include/swupdate_crypto.h
new file mode 100644
index 00000000..d379251b
--- /dev/null
+++ b/include/swupdate_crypto.h
@@ -0,0 +1,78 @@
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefan...@swupdate.org.
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ *
+ */
+
+#pragma once
+#include <stdbool.h>
+#include "sslapi.h"
+
+typedef struct {
+ struct swupdate_digest *(*DECRYPT_init)(unsigned char *key, char keylen, unsigned char *iv);
+ int (*DECRYPT_update)(struct swupdate_digest *dgst, unsigned char *buf,
+ int *outlen, const unsigned char *cryptbuf, int inlen);
+
+ int (*DECRYPT_final)(struct swupdate_digest *dgst, unsigned char *buf, int *outlen);
+ void (*DECRYPT_cleanup)(struct swupdate_digest *dgst);
+} swupdate_decrypt_lib;
+
+typedef struct {
+ struct swupdate_digest *(*HASH_init)(const char *SHAlength);
+ int (*HASH_update)(struct swupdate_digest *dgst, const unsigned char *buf, size_t len);
+ int (*HASH_final)(struct swupdate_digest *dgst, unsigned char *md_value, unsigned int *md_len);
+ int (*HASH_compare)(const unsigned char *hash1, const unsigned char *hash2);
+ void (*HASH_cleanup)(struct swupdate_digest *dgst);
+} swupdate_HASH_lib;
+
+typedef struct {
+ int (*dgst_init)(struct swupdate_cfg *sw, const char *keyfile);
+ int (*verify_file)(struct swupdate_digest *dgst, const char *sigfile, const char *file, const char *signer_name);
+} swupdate_dgst_lib;
+
+/*
+ * register_cryptolib - register a crypto engine / library
+ *
+ * @name : cryptolib's name to register.
+ * @swupdate_crypto_lib : structure with crypto engine functions
+ *
+ * Return:
+ * 0 on success, -ENOMEM on error.
+ */
+
+int register_cryptolib(const char *name, swupdate_decrypt_lib *lib);
+int register_hashlib(const char *name, swupdate_HASH_lib *lib);
+int register_dgstlib(const char *name, swupdate_dgst_lib *lib);
+
+/*
+ * set_cryptolib - set current crypto library
+ *
+ * @name : cryptolib's name to register.
+ *
+ * Return:
+ * 0 on success, -ENOENT on error.
+ */
+int set_cryptolib(const char *name);
+int set_HASHlib(const char *name);
+int set_dgstlib(const char *name);
+
+/*
+ * get_cryptolib - return name of current cryptolib
+ *
+ *
+ * Return:
+ * 0 on success, NULL on error.
+ */
+const char* get_cryptolib(void);
+const char* get_HASHlib(void);
+const char* get_dgstlib(void);
+
+/*
+ * print_registered_cryptolib - list supported crypto libraries
+ *
+ *
+ * Return:
+ */
+void print_registered_cryptolib(void);
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:35 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
This series refactors support for crypto engines in SWUpdate.

Currently, access to crypto functions is hard-coded and
configured via CONFIG_ switches at compile time. This forbids
to add more support from other libraries and to use any type of
crypto libraries in combination with an algorythm. CMS can be
used when openSSL is enabled, while PKCS#11 only with WolfSSL.

Introduce a generic concept with crypto "providers", SWUpdate's
crypto services and modules.

A provider is a library that allows to build services.

SWUpdate defines three type of services : Verification, Hashing and Decryption.

The modules are the specific implementation of one of the services with
an algorythm supported by the provided. It can be CMS, AES, pkcs#11, etc.
The series convert current implementation in modules that can be loaded or not.
Multiple modules can be installed, and the choice can be done at runtime
dropping most of nasty #ifdef CONFIG_ in code.

Daniel Braunwarth (1):
rsa_verify_mbedtls: fix md_info access

Stefano Babic (40):
Find p11-kit options via pkg-config
Prepare to use multiple crypto engines
Group all cryptographic functions
Print registered crypto engines at startup
RSA: drop dependency from dgst_init
Move openssl HASH functions in an own module
Do not initialize verification if SIGNED_IMAGE is not set
Drop verify_signature_mbedtls.c
Move mbedTLS HASH functions in an own module
Rename RSA with openSSL
Renamed CMS with the name of used cryptolib
Removed obsolete swupdate_verify_private.h
Convert dsgt function to new structure
sslapi, remove ifdef not needed anymnore
parser: drop unused header
Use swupdate_crypto.h instead of sslapi.h
Add library name to pkcs#7 module
Move inline function inside CMS module
fix pkcs#7 wolfssl build
Abstract X.509 purpose from configuration
Drop dependencies between crypto libraries
Drop sslapi.h
Make SWUpdate core unaware of internal digest structures
GPG: add command line parameters
Support for multiple crypto libraries and algs
Drop #ifdef PKCS11 in set_aes_key
IPC: drop #ifdef PKCS11
Move crypto setup in own Kconfig
cms_defconfig: fix build
Support runtime selection of crypto provider
Fix warnings in swupdate_decrypt_pkcs11
Rename swupdate_decrypt_pkcs11
Fix warnings in swupdate_crypto_wolfssl
configs: add test to enable all crypto libs
Test: fix error by selecting openssl as CMS provider
Fix warning : MG_TLS redefined
cpio: opaque pointer for digest structure
CI: add wolfssl lib
CI: added p11
doc: describe crypto architecture

Kconfig | 125 +--------
Makefile | 2 +-
Makefile.deps | 4 +
Makefile.flags | 19 +-
ci/setup.sh | 3 +-
configs/cms_defconfig | 9 +-
configs/crypto_all_defconfig | 42 +++
core/Makefile | 1 +
core/cpio_utils.c | 6 +-
core/crypto.c | 257 ++++++++++++++++++
core/network_thread.c | 10 +-
core/parser.c | 2 +-
core/swupdate.c | 95 ++++++-
core/util.c | 59 ++--
corelib/Makefile | 27 --
corelib/channel_curl.c | 2 +-
corelib/swupdate_verify_private.h | 25 --
crypto/Kconfig | 120 ++++++++
crypto/Makefile | 29 ++
.../swupdate_HASH_mbedtls.c | 51 ++--
crypto/swupdate_HASH_openssl.c | 124 +++++++++
crypto/swupdate_HASH_wolfssl.c | 25 ++
.../swupdate_cms_verify_openssl.c | 121 ++++++++-
.../swupdate_decrypt_mbedtls.c | 29 +-
.../swupdate_decrypt_openssl.c | 33 ++-
.../swupdate_decrypt_wolfssl.c | 43 ++-
crypto/swupdate_gpg.h | 17 ++
{corelib => crypto}/swupdate_gpg_verify.c | 49 +++-
crypto/swupdate_mbedtls.h | 24 ++
crypto/swupdate_openssl.h | 52 ++++
.../swupdate_pkcs7_verify_wolfssl.c | 73 ++++-
.../swupdate_rsa_verify_mbedtls.c | 41 ++-
.../swupdate_rsa_verify_openssl.c | 86 +++++-
crypto/swupdate_wolfssl.h | 56 ++++
{corelib => crypto}/verify_signature.c | 91 -------
doc/source/images/crypto_architecture.png | Bin 0 -> 66934 bytes
doc/source/signed_images.rst | 14 +
doc/source/swupdate.rst | 21 ++
examples/configuration/swupdate.cfg | 14 +
include/channel_curl.h | 2 +-
include/sslapi.h | 231 ----------------
include/swupdate.h | 7 +
include/swupdate_crypto.h | 124 +++++++++
include/util.h | 2 +-
mongoose/Makefile | 8 +-
scripts/acceptance-tests/CheckImage.mk | 2 +-
test/test_crypt.c | 4 +-
test/test_hash.c | 4 +-
test/test_verify.c | 2 +-
49 files changed, 1546 insertions(+), 641 deletions(-)
create mode 100644 configs/crypto_all_defconfig
create mode 100644 core/crypto.c
delete mode 100644 corelib/swupdate_verify_private.h
create mode 100644 crypto/Kconfig
create mode 100644 crypto/Makefile
rename corelib/verify_signature_mbedtls.c => crypto/swupdate_HASH_mbedtls.c (66%)
create mode 100644 crypto/swupdate_HASH_openssl.c
create mode 100644 crypto/swupdate_HASH_wolfssl.c
rename corelib/swupdate_cms_verify.c => crypto/swupdate_cms_verify_openssl.c (72%)
rename {corelib => crypto}/swupdate_decrypt_mbedtls.c (74%)
rename {corelib => crypto}/swupdate_decrypt_openssl.c (71%)
rename corelib/swupdate_decrypt_pkcs11.c => crypto/swupdate_decrypt_wolfssl.c (79%)
create mode 100644 crypto/swupdate_gpg.h
rename {corelib => crypto}/swupdate_gpg_verify.c (80%)
create mode 100644 crypto/swupdate_mbedtls.h
create mode 100644 crypto/swupdate_openssl.h
rename corelib/swupdate_pkcs7_verify.c => crypto/swupdate_pkcs7_verify_wolfssl.c (73%)
rename {corelib => crypto}/swupdate_rsa_verify_mbedtls.c (66%)
rename corelib/swupdate_rsa_verify.c => crypto/swupdate_rsa_verify_openssl.c (63%)
create mode 100644 crypto/swupdate_wolfssl.h
rename {corelib => crypto}/verify_signature.c (59%)
create mode 100644 doc/source/images/crypto_architecture.png
delete mode 100644 include/sslapi.h
create mode 100644 include/swupdate_crypto.h

--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:35 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/Makefile | 2 +-
crypto/swupdate_HASH_mbedtls.c | 125 +++++++++++++++++++++++++++
crypto/swupdate_rsa_verify_mbedtls.c | 25 ++++++
3 files changed, 151 insertions(+), 1 deletion(-)
create mode 100644 crypto/swupdate_HASH_mbedtls.c

diff --git a/crypto/Makefile b/crypto/Makefile
index a96bf0ce..9a70ca38 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -19,7 +19,7 @@ ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify.o
endif
ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
-obj-$(CONFIG_HASH_VERIFY) += verify_signature_mbedtls.o
+obj-$(CONFIG_HASH_VERIFY) += swupdate_HASH_mbedtls.o
ifeq ($(CONFIG_PKCS11),y)
obj-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt_pkcs11.o
else
diff --git a/crypto/swupdate_HASH_mbedtls.c b/crypto/swupdate_HASH_mbedtls.c
new file mode 100644
index 00000000..efe7e4cc
--- /dev/null
+++ b/crypto/swupdate_HASH_mbedtls.c
@@ -0,0 +1,125 @@
+// SPDX-FileCopyrightText: 2019 Laszlo Ashin <las...@ashin.hu>
+//
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdlib.h>
+
+#include "sslapi.h"
+#include "util.h"
+#include "swupdate_crypto.h"
+
+static swupdate_HASH_lib hash;
+
+static char *algo_upper(const char *algo)
+{
+ static char result[16];
+ unsigned i;
+
+ for (i = 0; algo[i] && (i < sizeof(result) - 1); ++i) {
+ result[i] = toupper(algo[i]);
+ }
+ result[i] = '\0';
+ return result;
+}
+
+static struct swupdate_digest *mbedtls_HASH_init(const char *algo)
+{
+ struct swupdate_digest *dgst;
+ int error;
+
+ const mbedtls_md_info_t *info = mbedtls_md_info_from_string(algo_upper(algo));
+ if (!info) {
+ ERROR("mbedtls_md_info_from_string(\"%s\")", algo);
+ return NULL;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ return NULL;
+ }
+
+ mbedtls_md_init(&dgst->mbedtls_md_context);
+
+ error = mbedtls_md_setup(&dgst->mbedtls_md_context, info, 0);
+ if (error) {
+ ERROR("mbedtls_md_setup: %d", error);
+ goto fail;
+ }
+
+ error = mbedtls_md_starts(&dgst->mbedtls_md_context);
+ if (error) {
+ ERROR("mbedtls_md_starts: %d", error);
+ goto fail;
+ }
+
+ return dgst;
+
+fail:
+ free(dgst);
+ return 0;
+}
+
+static int mbedtls_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
+ size_t len)
+{
+ if (!dgst) {
+ return -EFAULT;
+ }
+
+ const int error = mbedtls_md_update(&dgst->mbedtls_md_context, buf, len);
+ if (error) {
+ ERROR("mbedtls_md_update: %d", error);
+ return -EIO;
+ }
+
+ return 0;
+}
+
+static int mbedtls_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
+ unsigned int *md_len)
+{
+ if (!dgst) {
+ return -EFAULT;
+ }
+
+ int error = mbedtls_md_finish(&dgst->mbedtls_md_context, md_value);
+ if (error) {
+ return -EINVAL;
+ }
+ if (md_len) {
+ *md_len = mbedtls_md_get_size(dgst->mbedtls_md_context.md_info);
+ }
+ return 1;
+
+}
+
+static void mbedtls_HASH_cleanup(struct swupdate_digest *dgst)
+{
+ if (!dgst) {
+ return;
+ }
+
+ mbedtls_md_free(&dgst->mbedtls_md_context);
+ free(dgst);
+}
+
+/*
+ * Just a wrap function to memcmp
+ */
+static int mbedtls_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
+{
+ return memcmp(hash1, hash2, SHA256_HASH_LENGTH) ? -1 : 0;
+}
+
+__attribute__((constructor))
+static void openssl_hash(void)
+{
+ hash.HASH_init = mbedtls_HASH_init;
+ hash.HASH_update = mbedtls_HASH_update;
+ hash.HASH_final = mbedtls_HASH_final;
+ hash.HASH_compare = mbedtls_HASH_compare;
+ hash.HASH_cleanup = mbedtls_HASH_cleanup;
+ (void)register_hashlib("mbedTLS", &hash);
+}
diff --git a/crypto/swupdate_rsa_verify_mbedtls.c b/crypto/swupdate_rsa_verify_mbedtls.c
index 2c3111c6..c145948f 100644
--- a/crypto/swupdate_rsa_verify_mbedtls.c
+++ b/crypto/swupdate_rsa_verify_mbedtls.c
@@ -15,6 +15,7 @@

#include "sslapi.h"
#include "util.h"
+#include "swupdate.h"

static int read_file_into_buffer(uint8_t *buffer, int size, const char *filename)
{
@@ -88,3 +89,27 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
signature, sizeof(signature)
);
}
+
+int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ return -ENOMEM;
+ }
+
+#ifdef CONFIG_SIGNED_IMAGES
+ mbedtls_pk_init(&dgst->mbedtls_pk_context);
+
+ int error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile);
+ if (error) {
+ ERROR("mbedtls_pk_parse_public_keyfile: %d", error);
+ free(dgst);
+ return -EIO;
+ }
+#endif
+
+ sw->dgst = dgst;
+ return 0;
+}
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:36 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
core/swupdate.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/core/swupdate.c b/core/swupdate.c
index f8ee00b3..34e0bc1b 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c
@@ -52,6 +52,7 @@
#include "versions.h"
#include "hw-compatibility.h"
#include "swupdate_vars.h"
+#include "swupdate_crypto.h"

#ifdef CONFIG_SYSTEMD
#include <systemd/sd-daemon.h>
@@ -965,6 +966,7 @@ int main(int argc, char **argv)
}

print_registered_updatetypes(&swcfg);
+ print_registered_cryptolib();

/*
* Install a child handler to check if a subprocess
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:36 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
include/sslapi.h | 14 --------------
1 file changed, 14 deletions(-)

diff --git a/include/sslapi.h b/include/sslapi.h
index 36762b93..4b2dc7bb 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -203,26 +203,12 @@ int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2
#define swupdate_HASH_compare(hash1,hash2) (0)
#endif

-#ifdef CONFIG_ENCRYPTED_IMAGES
struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv);
int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
int *outlen, const unsigned char *cryptbuf, int inlen);
int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf,
int *outlen);
void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst);
-#else
-UNUSED static inline struct swupdate_digest *swupdate_DECRYPT_init(
- unsigned char UNUSED *key,
- char UNUSED keylen,
- unsigned char UNUSED *iv)
-{
- ERROR("SWUpdate was built without support for encrypted images");
- return NULL;
-}
-#define swupdate_DECRYPT_update(p, buf, len, cbuf, inlen) (-1)
-#define swupdate_DECRYPT_final(p, buf, len) (-1)
-#define swupdate_DECRYPT_cleanup(p)
-#endif

#ifndef SSL_PURPOSE_DEFAULT
#define SSL_PURPOSE_EMAIL_PROT -1
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:36 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
sslapi.h contains a lot of details that are required just by the
function for decrypting and digesting. Other components want just to
call these function, and including sslapi.h generates conflicts.

Move the prototypes into swupdate_crypto.h and include this header
accordingly.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
core/cpio_utils.c | 2 +-
core/parser.c | 1 +
corelib/channel_curl.c | 2 +-
include/sslapi.h | 40 ---------------------------------------
include/swupdate_crypto.h | 32 ++++++++++++++++++++++++++++++-
test/test_crypt.c | 1 +
test/test_hash.c | 2 +-
test/test_verify.c | 1 +
8 files changed, 37 insertions(+), 44 deletions(-)

diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index f4c61b0f..1eeb7165 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -27,7 +27,7 @@
#include "cpiohdr.h"
#include "swupdate.h"
#include "util.h"
-#include "sslapi.h"
+#include "swupdate_crypto.h"
#include "progress.h"

#define MODULE_NAME "cpio"
diff --git a/core/parser.c b/core/parser.c
index 10a998b6..74b39d07 100644
--- a/core/parser.c
+++ b/core/parser.c
@@ -16,6 +16,7 @@
#include "util.h"
#include "progress.h"
#include "handler.h"
+#include "swupdate_crypto.h"

static parser_fn parsers[] = {
parse_cfg,
diff --git a/corelib/channel_curl.c b/corelib/channel_curl.c
index 77591509..3f5db861 100644
--- a/corelib/channel_curl.c
+++ b/corelib/channel_curl.c
@@ -23,7 +23,7 @@
#include <network_ipc.h>
#include <util.h>
#include "channel_op_res.h"
-#include "sslapi.h"
+#include "swupdate_crypto.h"
#include "channel.h"
#include "channel_curl.h"
#include "progress.h"
diff --git a/include/sslapi.h b/include/sslapi.h
index 4b2dc7bb..0bbcb4fc 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -10,8 +10,6 @@
#include <stdint.h>
#include "util.h"

-#define SHA_DEFAULT "sha256"
-
/*
* openSSL is not mandatory
* Let compile when openSSL is not activated
@@ -177,41 +175,3 @@ struct swupdate_digest {
#else
#define swupdate_crypto_init()
#endif
-
-#if defined(CONFIG_HASH_VERIFY)
-struct swupdate_cfg;
-
-int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile);
-struct swupdate_digest *swupdate_HASH_init(const char *SHALength);
-int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
- size_t len);
-int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
- unsigned int *md_len);
-void swupdate_HASH_cleanup(struct swupdate_digest *dgst);
-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
- const char *file, const char *signer_name);
-int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2);
-
-
-#else
-#define swupdate_dgst_init(sw, keyfile) ( 0 )
-#define swupdate_HASH_init(p) ( NULL )
-#define swupdate_verify_file(dgst, sigfile, file) ( 0 )
-#define swupdate_HASH_update(p, buf, len) (-1)
-#define swupdate_HASH_final(p, result, len) (-1)
-#define swupdate_HASH_cleanup(sw)
-#define swupdate_HASH_compare(hash1,hash2) (0)
-#endif
-
-struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv);
-int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
- int *outlen, const unsigned char *cryptbuf, int inlen);
-int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf,
- int *outlen);
-void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst);
-
-#ifndef SSL_PURPOSE_DEFAULT
-#define SSL_PURPOSE_EMAIL_PROT -1
-#define SSL_PURPOSE_CODE_SIGN -1
-#define SSL_PURPOSE_DEFAULT -1
-#endif
diff --git a/include/swupdate_crypto.h b/include/swupdate_crypto.h
index d379251b..349f9ef9 100644
--- a/include/swupdate_crypto.h
+++ b/include/swupdate_crypto.h
@@ -8,7 +8,16 @@

#pragma once
#include <stdbool.h>
-#include "sslapi.h"
+
+#define SHA_DEFAULT "sha256"
+
+#ifndef SSL_PURPOSE_DEFAULT
+#define SSL_PURPOSE_EMAIL_PROT -1
+#define SSL_PURPOSE_CODE_SIGN -1
+#define SSL_PURPOSE_DEFAULT -1
+#endif
+
+struct swupdate_cfg;

typedef struct {
struct swupdate_digest *(*DECRYPT_init)(unsigned char *key, char keylen, unsigned char *iv);
@@ -76,3 +85,24 @@ const char* get_dgstlib(void);
* Return:
*/
void print_registered_cryptolib(void);
+
+struct swupdate_cfg;
+
+int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile);
+struct swupdate_digest *swupdate_HASH_init(const char *SHALength);
+int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
+ size_t len);
+int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
+ unsigned int *md_len);
+void swupdate_HASH_cleanup(struct swupdate_digest *dgst);
+int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+ const char *file, const char *signer_name);
+int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2);
+
+
+struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv);
+int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
+ int *outlen, const unsigned char *cryptbuf, int inlen);
+int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf,
+ int *outlen);
+void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst);
diff --git a/test/test_crypt.c b/test/test_crypt.c
index f232b283..1de86802 100644
--- a/test/test_crypt.c
+++ b/test/test_crypt.c
@@ -25,6 +25,7 @@
#include <setjmp.h>
#include <cmocka.h>
#include <util.h>
+#include <swupdate_crypto.h>
#include <sslapi.h>

struct cryptdata {
diff --git a/test/test_hash.c b/test/test_hash.c
index 33258dc4..4d62b03a 100644
--- a/test/test_hash.c
+++ b/test/test_hash.c
@@ -24,7 +24,7 @@
#include <cmocka.h>
#include <string.h>

-#include "sslapi.h"
+#include "swupdate_crypto.h"
#include "util.h"

struct testvector {
diff --git a/test/test_verify.c b/test/test_verify.c
index f92acc3b..337e692e 100644
--- a/test/test_verify.c
+++ b/test/test_verify.c
@@ -23,6 +23,7 @@
#include <stddef.h>
#include <cmocka.h>

+#include "swupdate_crypto.h"
#include "sslapi.h"
#include "swupdate.h"

--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:36 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/Makefile | 2 +-
...{swupdate_pkcs7_verify.c => swupdate_pkcs7_verify_wolfssl.c} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
rename crypto/{swupdate_pkcs7_verify.c => swupdate_pkcs7_verify_wolfssl.c} (100%)

diff --git a/crypto/Makefile b/crypto/Makefile
index c18bfaf9..1961c3bf 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -16,7 +16,7 @@ ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
obj-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify_openssl.o
endif
ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
-obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify.o
+obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify_wolfssl.o
endif
ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
obj-$(CONFIG_HASH_VERIFY) += swupdate_HASH_mbedtls.o
diff --git a/crypto/swupdate_pkcs7_verify.c b/crypto/swupdate_pkcs7_verify_wolfssl.c
similarity index 100%
rename from crypto/swupdate_pkcs7_verify.c
rename to crypto/swupdate_pkcs7_verify_wolfssl.c
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:37 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
SSL_X509_get_extension_flags() and SSL_X509_get_extended_key_usage() are
just used inside CMS module, move them from sslapi.h

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/swupdate_cms_verify_openssl.c | 18 ++++++++++++++++++
include/sslapi.h | 22 ----------------------
2 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/crypto/swupdate_cms_verify_openssl.c b/crypto/swupdate_cms_verify_openssl.c
index 22913339..13f0ce22 100644
--- a/crypto/swupdate_cms_verify_openssl.c
+++ b/crypto/swupdate_cms_verify_openssl.c
@@ -24,6 +24,24 @@

static swupdate_dgst_lib libs;

+static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ return x->ex_flags;
+#else
+ return X509_get_extension_flags(x);
+#endif
+}
+
+static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ return x->ex_xkusage;
+#else
+ return X509_get_extended_key_usage(x);
+#endif
+}
+
#ifndef CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE
static int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca)
{
diff --git a/include/sslapi.h b/include/sslapi.h
index 0bbcb4fc..8564373c 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -56,28 +56,6 @@

#if defined(CONFIG_SSL_IMPL_OPENSSL) || defined(CONFIG_SSL_IMPL_WOLFSSL)

-#ifdef CONFIG_SIGALG_CMS
-
-static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
-{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- return x->ex_flags;
-#else
- return X509_get_extension_flags(x);
-#endif
-}
-
-static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
-{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- return x->ex_xkusage;
-#else
- return X509_get_extended_key_usage(x);
-#endif
-}
-
-#endif /* CONFIG_SIGALG_CMS */
-
#ifdef CONFIG_SSL_IMPL_WOLFSSL
#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) (1)

--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:37 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
There is a common funtion between modules that it is just a wrapper to
the EVP_DigestInit_ex() function. Call directly the openSSL function in
RSA module to avoid this dependency.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/swupdate_rsa_verify.c | 9 ++++++++-
crypto/swupdate_verify_private.h | 3 ---
crypto/verify_signature.c | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/swupdate_rsa_verify.c b/crypto/swupdate_rsa_verify.c
index 32338c30..8df5274c 100644
--- a/crypto/swupdate_rsa_verify.c
+++ b/crypto/swupdate_rsa_verify.c
@@ -142,7 +142,14 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
goto out;
}

- if ((dgst_init(dgst, EVP_sha256()) < 0) || (dgst_verify_init(dgst) < 0)) {
+ ERR_clear_error();
+ if (EVP_DigestInit_ex(dgst->ctx, EVP_sha256(), NULL) != 1) {
+ ERROR("EVP_DigestInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
+ status = -ENOKEY;
+ goto out;
+ }
+
+ if (dgst_verify_init(dgst) < 0) {
status = -ENOKEY;
goto out;
}
diff --git a/crypto/swupdate_verify_private.h b/crypto/swupdate_verify_private.h
index 1717ba35..aa8955eb 100644
--- a/crypto/swupdate_verify_private.h
+++ b/crypto/swupdate_verify_private.h
@@ -8,9 +8,6 @@
#ifndef _SWUPDATE_VERIFY_H
#define _SWUPDATE_VERIFY_H

-struct swupdate_digest;
-int dgst_init(struct swupdate_digest *dgst, const EVP_MD *md);
-
#if defined(CONFIG_SIGALG_RAWRSA) || defined(CONFIG_SIGALG_RSAPSS)
EVP_PKEY *load_pubkey(const char *file);
#endif
diff --git a/crypto/verify_signature.c b/crypto/verify_signature.c
index 0eed7e86..def7d0ff 100644
--- a/crypto/verify_signature.c
+++ b/crypto/verify_signature.c
@@ -17,7 +17,7 @@
#include "compat.h"
#include "swupdate_verify_private.h"

-int dgst_init(struct swupdate_digest *dgst, const EVP_MD *md)
+static int dgst_init(struct swupdate_digest *dgst, const EVP_MD *md)
{
int rc;

--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:37 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
Crypto libraries can be instantiated and selected at runtime. Add
registration method to the digest functions used to verify
sw-description.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/swupdate_cms_verify_openssl.c | 88 ++++++++++++++++++++++++++--
crypto/swupdate_gpg_verify.c | 56 +++++++++++++++++-
crypto/swupdate_pkcs7_verify.c | 66 ++++++++++++++++++++-
crypto/swupdate_rsa_verify_mbedtls.c | 15 ++++-
crypto/swupdate_rsa_verify_openssl.c | 68 ++++++++++++++++++++-
5 files changed, 280 insertions(+), 13 deletions(-)

diff --git a/crypto/swupdate_cms_verify_openssl.c b/crypto/swupdate_cms_verify_openssl.c
index 15f113b5..22913339 100644
--- a/crypto/swupdate_cms_verify_openssl.c
+++ b/crypto/swupdate_cms_verify_openssl.c
@@ -14,7 +14,7 @@
#include "swupdate.h"
#include "sslapi.h"
#include "util.h"
-#include "swupdate_verify_private.h"
+#include "swupdate_crypto.h"

#if defined(CONFIG_CMS_SKIP_UNKNOWN_SIGNERS)
#define VERIFY_UNKNOWN_SIGNER_FLAGS (CMS_NO_SIGNER_CERT_VERIFY)
@@ -22,8 +22,10 @@
#define VERIFY_UNKNOWN_SIGNER_FLAGS (0)
#endif

+static swupdate_dgst_lib libs;
+
#ifndef CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE
-int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca)
+static int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca)
{
X509 *x = (X509 *)crt;
uint32_t ex_flags = SSL_X509_get_extension_flags(x);
@@ -74,7 +76,7 @@ static int cms_verify_callback(int ok, X509_STORE_CTX *ctx) {
return ok;
}

-X509_STORE *load_cert_chain(const char *file)
+static X509_STORE *load_cert_chain(const char *file)
{
X509_STORE *castore = X509_STORE_new();
if (!castore) {
@@ -231,7 +233,77 @@ static int check_verified_signer(CMS_ContentInfo* cms, X509_STORE* store)
}
#endif

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int openssl_cms_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+ int ret;
+
+ /*
+ * Check that it was not called before
+ */
+ if (sw->dgst) {
+ return -EBUSY;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ /*
+ * Load certificate chain
+ */
+ dgst->certs = load_cert_chain(keyfile);
+ if (!dgst->certs) {
+ ERROR("Error loading certificate chain from %s", keyfile);
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }
+
+#ifndef CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE
+ {
+ static char code_sign_name[] = "Code signing";
+ static char code_sign_sname[] = "codesign";
+
+ if (!X509_PURPOSE_add(X509_PURPOSE_CODE_SIGN, X509_TRUST_EMAIL,
+ 0, check_code_sign, code_sign_name,
+ code_sign_sname, NULL)) {
+ ERROR("failed to add code sign purpose");
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }
+ }
+
+ if (!X509_STORE_set_purpose(dgst->certs, sw->cert_purpose)) {
+ ERROR("failed to set purpose");
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }
+#endif
+
+ /*
+ * Create context
+ */
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ sw->dgst = dgst;
+
+ return 0;
+
+dgst_init_error:
+ if (dgst)
+ free(dgst);
+
+ return ret;
+}
+
+static int openssl_cms_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
int status = -EFAULT;
@@ -303,3 +375,11 @@ out:
}
return status;
}
+
+__attribute__((constructor))
+static void openssl_dgst(void)
+{
+ libs.dgst_init = openssl_cms_dgst_init;
+ libs.verify_file = openssl_cms_verify_file;
+ (void)register_dgstlib("opensslCMS", &libs);
+}
diff --git a/crypto/swupdate_gpg_verify.c b/crypto/swupdate_gpg_verify.c
index 5e1a061d..a44735ec 100644
--- a/crypto/swupdate_gpg_verify.c
+++ b/crypto/swupdate_gpg_verify.c
@@ -15,6 +15,9 @@
#include <errno.h>
#include <locale.h>
#include <gpgme.h>
+#include "swupdate_crypto.h"
+
+static swupdate_dgst_lib libs;

static gpg_error_t
status_cb(void *opaque, const char *keyword, const char *value)
@@ -26,7 +29,50 @@ status_cb(void *opaque, const char *keyword, const char *value)

#define MSGBUF_LEN 256

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int gpg_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+ int ret;
+
+ /*
+ * Check that it was not called before
+ */
+ if (sw->dgst) {
+ return -EBUSY;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ dgst->gpg_home_directory = sw->gpg_home_directory;
+ dgst->gpgme_protocol = sw->gpgme_protocol;
+ dgst->verbose = sw->verbose;
+
+ /*
+ * Create context
+ */
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ sw->dgst = dgst;
+
+ return 0;
+
+dgst_init_error:
+ if (dgst)
+ free(dgst);
+
+ return ret;
+}
+
+static int gpg_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
gpgme_ctx_t ctx;
@@ -169,3 +215,11 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,

return status;
}
+
+__attribute__((constructor))
+static void gpg_dgst(void)
+{
+ libs.dgst_init = gpg_dgst_init;
+ libs.verify_file = gpg_verify_file;
+ (void)register_dgstlib("GPG", &libs);
+}
diff --git a/crypto/swupdate_pkcs7_verify.c b/crypto/swupdate_pkcs7_verify.c
index ce4c4b45..bffd1a91 100644
--- a/crypto/swupdate_pkcs7_verify.c
+++ b/crypto/swupdate_pkcs7_verify.c
@@ -16,7 +16,10 @@
#include "swupdate.h"
#include "sslapi.h"
#include "util.h"
-#include "swupdate_verify_private.h"
+#include "swupdate_crypto.h"
+#include <wolfssl/openssl/pkcs7.h>
+
+static swupdate_dgst_lib libs;

static int store_verify_callback(int ok, X509_STORE_CTX *ctx) {
int cert_error = X509_STORE_CTX_get_error(ctx);
@@ -42,7 +45,7 @@ static int store_verify_callback(int ok, X509_STORE_CTX *ctx) {
return ok;
}

-X509_STORE *load_cert_chain(const char *file)
+static X509_STORE *load_cert_chain(const char *file)
{
X509_STORE *castore = X509_STORE_new();
if (!castore) {
@@ -98,7 +101,56 @@ static int check_signer_name(const char *name)
return 0;
}

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int wolfssl_pkcs7_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+ int ret;
+
+ /*
+ * Check that it was not called before
+ */
+ if (sw->dgst) {
+ return -EBUSY;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ /*
+ * Load certificate chain
+ */
+ dgst->certs = load_cert_chain(keyfile);
+ if (!dgst->certs) {
+ ERROR("Error loading certificate chain from %s", keyfile);
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }
+
+ /*
+ * Create context
+ */
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ sw->dgst = dgst;
+
+ return 0;
+
+dgst_init_error:
+ if (dgst)
+ free(dgst);
+
+ return ret;
+}
+
+static int wolfssl_pkcs7_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
int status = -EFAULT;
@@ -171,3 +223,11 @@ out:
}
return status;
}
+
+__attribute__((constructor))
+static void wolfssl_dgst(void)
+{
+ libs.dgst_init = wolfssl_pkcs7_dgst_init;
+ libs.verify_file = wolfssl_pkcs7_verify_file;
+ (void)register_dgstlib("pkcs#7WolfSSL", &libs);
+}
diff --git a/crypto/swupdate_rsa_verify_mbedtls.c b/crypto/swupdate_rsa_verify_mbedtls.c
index c145948f..2ddd7d99 100644
--- a/crypto/swupdate_rsa_verify_mbedtls.c
+++ b/crypto/swupdate_rsa_verify_mbedtls.c
@@ -16,6 +16,9 @@
#include "sslapi.h"
#include "util.h"
#include "swupdate.h"
+#include "swupdate_crypto.h"
+
+static swupdate_dgst_lib libs;

static int read_file_into_buffer(uint8_t *buffer, int size, const char *filename)
{
@@ -43,7 +46,7 @@ exit:
return result;
}

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int mbedtls_rsa_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
int error;
@@ -90,7 +93,7 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
);
}

-int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+static int mbedtls_rsa_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
{
struct swupdate_digest *dgst;

@@ -113,3 +116,11 @@ int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
sw->dgst = dgst;
return 0;
}
+
+__attribute__((constructor))
+static void mbedtls_rsa_dgst(void)
+{
+ libs.dgst_init = mbedtls_rsa_dgst_init;
+ libs.verify_file = mbedtls_rsa_verify_file;
+ (void)register_dgstlib("mbedTLSRSA", &libs);
+}
diff --git a/crypto/swupdate_rsa_verify_openssl.c b/crypto/swupdate_rsa_verify_openssl.c
index 8df5274c..417921f0 100644
--- a/crypto/swupdate_rsa_verify_openssl.c
+++ b/crypto/swupdate_rsa_verify_openssl.c
@@ -14,11 +14,13 @@
#include "swupdate.h"
#include "sslapi.h"
#include "util.h"
-#include "swupdate_verify_private.h"
+#include "swupdate_crypto.h"

#define BUFSIZE (1024 * 8)

-EVP_PKEY *load_pubkey(const char *file)
+static swupdate_dgst_lib libs;
+
+static EVP_PKEY *load_pubkey(const char *file)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
@@ -103,7 +105,7 @@ static int verify_final(struct swupdate_digest *dgst, unsigned char *sig, unsign
return rc;
}

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int openssl_rsa_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
FILE *fp = NULL;
@@ -197,5 +199,65 @@ out:
return status;
}

+static int openssl_rsa_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+ int ret;
+
+ /*
+ * Check that it was not called before
+ */
+ if (sw->dgst) {
+ return -EBUSY;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ /*
+ * Load public key
+ */
+ dgst->pkey = load_pubkey(keyfile);
+ if (!dgst->pkey) {
+ ERROR("Error loading pub key from %s", keyfile);
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }
+ dgst->ckey = EVP_PKEY_CTX_new(dgst->pkey, NULL);
+ if (!dgst->ckey) {
+ ERROR("Error creating context key for %s", keyfile);
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }
+
+ /*
+ * Create context
+ */
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ sw->dgst = dgst;
+
+ return 0;

+dgst_init_error:
+ if (dgst)
+ free(dgst);

+ return ret;
+}
+
+__attribute__((constructor))
+static void openssl_dgst(void)
+{
+ libs.dgst_init = openssl_rsa_dgst_init;
+ libs.verify_file = openssl_rsa_verify_file;
+ (void)register_dgstlib("opensslRSA", &libs);
+}
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:38 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
Initialize function from main just in case it is really needed. This
fixes build error in case swupdate_dgst_init() is not set.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
core/swupdate.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/core/swupdate.c b/core/swupdate.c
index 34e0bc1b..2370f939 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c
@@ -939,6 +939,7 @@ int main(int argc, char **argv)

swupdate_crypto_init();

+#ifdef CONFIG_SIGNED_IMAGES
if (strlen(swcfg.publickeyfname) || strlen(swcfg.gpg_home_directory)) {
if (swupdate_dgst_init(&swcfg, swcfg.publickeyfname)) {
fprintf(stderr,
@@ -946,6 +947,7 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
}
+#endif

printf("%s\n\n", BANNER);
printf("Licensed under GPLv2. See source distribution for detailed "
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:38 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/Makefile | 4 ++--
.../{swupdate_cms_verify.c => swupdate_cms_verify_openssl.c} | 0
2 files changed, 2 insertions(+), 2 deletions(-)
rename crypto/{swupdate_cms_verify.c => swupdate_cms_verify_openssl.c} (100%)

diff --git a/crypto/Makefile b/crypto/Makefile
index 0d1d0b6a..c18bfaf9 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-2.0-only

ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
-obj-$(CONFIG_HASH_VERIFY) += verify_signature.o swupdate_HASH_openssl.o
+obj-$(CONFIG_HASH_VERIFY) += swupdate_HASH_openssl.o
ifeq ($(CONFIG_PKCS11),y)
obj-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt_pkcs11.o
else
@@ -13,7 +13,7 @@ obj-$(CONFIG_SIGALG_RAWRSA) += swupdate_rsa_verify_openssl.o
obj-$(CONFIG_SIGALG_RSAPSS) += swupdate_rsa_verify_openssl.o
endif
ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
-obj-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify.o
+obj-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify_openssl.o
endif
ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify.o
diff --git a/crypto/swupdate_cms_verify.c b/crypto/swupdate_cms_verify_openssl.c
similarity index 100%
rename from crypto/swupdate_cms_verify.c
rename to crypto/swupdate_cms_verify_openssl.c
--
2.43.0

Stefano Babic

unread,
Jul 22, 2025, 2:00:46 AM7/22/25
to swup...@googlegroups.com, Daniel Braunwarth, Stefano Babic
From: Daniel Braunwarth <o...@braunwarth.dev>

Mbed TLS introduced mbedtls_md_info_from_ctx() in version 3.2.0 and made
direct access to the md_info field private.

Signed-off-by: Daniel Braunwarth <o...@braunwarth.dev>
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/swupdate_HASH_mbedtls.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/crypto/swupdate_HASH_mbedtls.c b/crypto/swupdate_HASH_mbedtls.c
index efe7e4cc..dda108d8 100644
--- a/crypto/swupdate_HASH_mbedtls.c
+++ b/crypto/swupdate_HASH_mbedtls.c
@@ -89,7 +89,11 @@ static int mbedtls_HASH_final(struct swupdate_digest *dgst, unsigned char *md_va
return -EINVAL;
}
if (md_len) {
+#if MBEDTLS_VERSION_NUMBER >= 0x03020000
+ *md_len = mbedtls_md_get_size(mbedtls_md_info_from_ctx(&dgst->mbedtls_md_context));
+#else
*md_len = mbedtls_md_get_size(dgst->mbedtls_md_context.md_info);
+#endif
}
return 1;

--
2.43.0

Lisandro Pérez Meyer

unread,
Jul 22, 2025, 10:44:06 AM7/22/25
to Stefano Babic, swup...@googlegroups.com
On Tue, Jul 22, 2025 at 3:00 AM Stefano Babic
<stefan...@swupdate.org> wrote:
>
> This series refactors support for crypto engines in SWUpdate.
>
> Currently, access to crypto functions is hard-coded and
> configured via CONFIG_ switches at compile time. This forbids
> to add more support from other libraries and to use any type of
> crypto libraries in combination with an algorythm. CMS can be
> used when openSSL is enabled, while PKCS#11 only with WolfSSL.
>
> Introduce a generic concept with crypto "providers", SWUpdate's
> crypto services and modules.
>
> A provider is a library that allows to build services.
>
> SWUpdate defines three type of services : Verification, Hashing and Decryption.
>
> The modules are the specific implementation of one of the services with
> an algorythm supported by the provided. It can be CMS, AES, pkcs#11, etc.
> The series convert current implementation in modules that can be loaded or not.
> Multiple modules can be installed, and the choice can be done at runtime
> dropping most of nasty #ifdef CONFIG_ in code.

**Thanks**

Michael Glembotzki

unread,
Jul 24, 2025, 5:56:37 AM7/24/25
to swupdate
Hi Stefano,

Stefano Babic schrieb am Dienstag, 22. Juli 2025 um 08:00:36 UTC+2:
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
core/swupdate.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/core/swupdate.c b/core/swupdate.c
index f8ee00b3..34e0bc1b 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c
@@ -52,6 +52,7 @@
#include "versions.h"
#include "hw-compatibility.h"
#include "swupdate_vars.h"
+#include "swupdate_crypto.h"

#ifdef CONFIG_SYSTEMD
#include <systemd/sd-daemon.h>
@@ -965,6 +966,7 @@ int main(int argc, char **argv)
}

print_registered_updatetypes(&swcfg);
+ print_registered_cryptolib();

Gives me:

[INFO ] : SWUPDATE running :  [print_registered_cryptolib] : Registered Crypto Providers:
[INFO ] : SWUPDATE running :  [print_registered_cryptolib] :    Provider for decrypt
[INFO ] : SWUPDATE running :  [print_registered_cryptolib] :            openssl*
[INFO ] : SWUPDATE running :  [print_registered_cryptolib] :    Provider for hash
[INFO ] : SWUPDATE running :  [print_registered_cryptolib] :            openSSL*                                                                                                                                    
[INFO ] : SWUPDATE running :  [print_registered_cryptolib] :    Provider for verify                                                                                                                                
[INFO ] : SWUPDATE running :  [print_registered_cryptolib] :            opensslCMS*
 
Either use openssl or openSSL.



/*
* Install a child handler to check if a subprocess
--
2.43.0


Best regards,
Michael 

Michael Glembotzki

unread,
Jul 24, 2025, 6:04:05 AM7/24/25
to swupdate
Hi Stefano,

thanks for the great work. I tested our setup with openssl only (sym. encryption and verification with openssl cms).
Everthing still works as expected! Not sure, if the tested by tag is needed on all patch files. Anyway here it is:

Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>

---

Some patches creates Whitespace errors. Please see the following:

Wende an: Find p11-kit options via pkg-config
Wende an: Prepare to use multiple crypto engines
.git/rebase-apply/patch:178: trailing whitespace.

int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
.git/rebase-apply/patch:304: trailing whitespace.
int (*DECRYPT_update)(struct swupdate_digest *dgst, unsigned char *buf,
Warnung: 2 Zeilen fügen Whitespace-Fehler hinzu.
Wende an: Group all cryptographic functions
.git/rebase-apply/patch:217: trailing whitespace.
static int openssl_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
Warnung: 1 Zeile fügt Whitespace-Fehler hinzu.
Wende an: Print registered crypto engines at startup
Wende an: RSA: drop dependency from dgst_init
Wende an: Move openssl HASH functions in an own module
.git/rebase-apply/patch:78: space before tab in indent.
  dgst->ctx = EVP_MD_CTX_create();
Warnung: 1 Zeile fügt Whitespace-Fehler hinzu.
Wende an: Do not initialize verification if SIGNED_IMAGE is not set
Wende an: Drop verify_signature_mbedtls.c
Wende an: Move mbedTLS HASH functions in an own module
Wende an: rsa_verify_mbedtls: fix md_info access
Wende an: Rename RSA with openSSL
Wende an: Renamed CMS with the name of used cryptolib
Wende an: Removed obsolete swupdate_verify_private.h
Wende an: Convert dsgt function to new structure
Wende an: sslapi, remove ifdef not needed anymnore
Wende an: parser: drop unused header
Wende an: Use swupdate_crypto.h instead of sslapi.h
.git/rebase-apply/patch:139: space before tab in indent.
        unsigned int *md_len);
.git/rebase-apply/patch:147: trailing whitespace.

int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
Warnung: 2 Zeilen fügen Whitespace-Fehler hinzu.
Wende an: Add library name to pkcs#7 module
Wende an: Move inline function inside CMS module
Wende an: fix pkcs#7 wolfssl build
Wende an: Abstract X.509 purpose from configuration
Wende an: Drop dependencies between crypto libraries
.git/rebase-apply/patch:131: new blank line at EOF.
+
.git/rebase-apply/patch:309: new blank line at EOF.
+
Warnung: 2 Zeilen fügen Whitespace-Fehler hinzu.
Wende an: Drop sslapi.h
Wende an: Make SWUpdate core unaware of internal digest structures
.git/rebase-apply/patch:41: trailing whitespace.
int swupdate_DECRYPT_update(void *dgst, unsigned char *buf,
.git/rebase-apply/patch:324: trailing whitespace.
static int openssl_DECRYPT_update(void *ctx, unsigned char *buf,
.git/rebase-apply/patch:623: trailing whitespace.
int (*DECRYPT_update)(void *ctx, unsigned char *buf,
.git/rebase-apply/patch:674: trailing whitespace.
int swupdate_DECRYPT_update(void *ctx, unsigned char *buf,
Warnung: 4 Zeilen fügen Whitespace-Fehler hinzu.
Wende an: GPG: add command line parameters
Wende an: Support for multiple crypto libraries and algs
Wende an: Drop #ifdef PKCS11 in set_aes_key
Wende an: IPC: drop #ifdef PKCS11
Wende an: Move crypto setup in own Kconfig
.git/rebase-apply/patch:263: new blank line at EOF.
+
Warnung: 1 Zeile fügt Whitespace-Fehler hinzu.
Wende an: cms_defconfig: fix build
Wende an: Support runtime selection of crypto provider
Wende an: Fix warnings in swupdate_decrypt_pkcs11
Wende an: Rename swupdate_decrypt_pkcs11
Wende an: Fix warnings in swupdate_crypto_wolfssl
Wende an: configs: add test to enable all crypto libs
Wende an: Test: fix error by selecting openssl as CMS provider
Wende an: Fix warning : MG_TLS redefined
Wende an: cpio: opaque pointer for digest structure
Wende an: CI: add wolfssl lib
Wende an: CI: added p11
Wende an: doc: describe crypto architecture
.git/rebase-apply/patch:1207: trailing whitespace.
like openSSL. Modules will use one of the provider to implement one service.
Warnung: 1 Zeile fügt Whitespace-Fehler hinzu

Best regards,
Michael

Stefano Babic

unread,
Jul 24, 2025, 6:07:04 AM7/24/25
to Michael Glembotzki, swupdate
Hi Michael,
I see, it is quite a trademark in my code to not be consistent with the
names - thanks, I will fix as "opensssl". According to the current
implementation, my suggestion for the names will be "opensslAES",
"opensslSHA256", and "opensslCMS" (1/3 was correct...).

Best regards,
Stefano

>
>
>
> /*
> * Install a child handler to check if a subprocess
> --
> 2.43.0
>
>
> Best regards,
> Michael
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/
> swupdate/945d912c-200d-40e0-8d8d-f2e0da6aa90cn%40googlegroups.com
> <https://groups.google.com/d/msgid/swupdate/945d912c-200d-40e0-8d8d-
> f2e0da6aa90cn%40googlegroups.com?utm_medium=email&utm_source=footer>.

Michael Glembotzki

unread,
Jul 24, 2025, 6:07:19 AM7/24/25
to swupdate
PATCH 08/41 Drop verify_signature_mbedtls.c and PATCH 09/41 Move mbedTLS HASH functions in an own module might be squashed.

Stefano Babic

unread,
Jul 24, 2025, 6:08:29 AM7/24/25
to Michael Glembotzki, swupdate
On 7/24/25 12:04, Michael Glembotzki wrote:
> Hi Stefano,
>
> thanks for the great work. I tested our setup with openssl only (sym.
> encryption and verification with openssl cms).
> Everthing still works as expected! Not sure, if the tested by tag is
> needed on all patch files. Anyway here it is:

Thanks - it is not needed, but it is nice to track your work and to
report someone has succeffully tested. I will add it to the commit messages.

Regards,
Stefano
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/
> swupdate/79bb9437-2fc9-4f8a-8021-2a2927776503n%40googlegroups.com
> <https://groups.google.com/d/msgid/
> swupdate/79bb9437-2fc9-4f8a-8021-2a2927776503n%40googlegroups.com?
> utm_medium=email&utm_source=footer>.

Stefano Babic

unread,
Jul 24, 2025, 9:21:15 AM7/24/25
to swup...@googlegroups.com, Stefano Babic
This series refactors support for crypto engines in SWUpdate.

Currently, access to crypto functions is hard-coded and
configured via CONFIG_ switches at compile time. This forbids
to add more support from other libraries and to use any type of
crypto libraries in combination with an algorythm. CMS can be
used when openSSL is enabled, while PKCS#11 only with WolfSSL.

Introduce a generic concept with crypto "providers", SWUpdate's
crypto services and modules.

A provider is a library that allows to build services.

SWUpdate defines three type of services : Verification, Hashing and Decryption.

The modules are the specific implementation of one of the services with
an algorythm supported by the provided. It can be CMS, AES, pkcs#11, etc.
The series convert current implementation in modules that can be loaded or not.
Multiple modules can be installed, and the choice can be done at runtime
dropping most of nasty #ifdef CONFIG_ in code.

V2 sets names for modules consistent, and squash previous 1/8 and 1/9

Daniel Braunwarth (1):
rsa_verify_mbedtls: fix md_info access

Stefano Babic (39):
Find p11-kit options via pkg-config
Prepare to use multiple crypto engines
Group all cryptographic functions
Print registered crypto engines at startup
RSA: drop dependency from dgst_init
Move openssl HASH functions in an own module
Do not initialize verification if SIGNED_IMAGE is not set
.../swupdate_HASH_mbedtls.c | 53 ++--
crypto/swupdate_HASH_openssl.c | 124 +++++++++
crypto/swupdate_HASH_wolfssl.c | 25 ++
.../swupdate_cms_verify_openssl.c | 123 ++++++++-
.../swupdate_decrypt_mbedtls.c | 31 ++-
.../swupdate_decrypt_openssl.c | 35 ++-
.../swupdate_decrypt_wolfssl.c | 43 ++-
crypto/swupdate_gpg.h | 17 ++
{corelib => crypto}/swupdate_gpg_verify.c | 49 +++-
crypto/swupdate_mbedtls.h | 24 ++
crypto/swupdate_openssl.h | 52 ++++
.../swupdate_pkcs7_verify_wolfssl.c | 73 ++++-
.../swupdate_rsa_verify_mbedtls.c | 43 ++-
.../swupdate_rsa_verify_openssl.c | 88 +++++-
crypto/swupdate_wolfssl.h | 56 ++++
{corelib => crypto}/verify_signature.c | 91 -------
doc/source/images/crypto_architecture.png | Bin 0 -> 66934 bytes
doc/source/signed_images.rst | 14 +
doc/source/swupdate.rst | 21 ++
examples/configuration/swupdate.cfg | 14 +
include/channel_curl.h | 2 +-
include/sslapi.h | 231 ----------------
include/swupdate.h | 7 +
include/swupdate_crypto.h | 124 +++++++++
include/util.h | 2 +-
mongoose/Makefile | 8 +-
scripts/acceptance-tests/CheckImage.mk | 2 +-
test/test_crypt.c | 4 +-
test/test_hash.c | 4 +-
test/test_verify.c | 2 +-
49 files changed, 1558 insertions(+), 641 deletions(-)
create mode 100644 configs/crypto_all_defconfig
create mode 100644 core/crypto.c
delete mode 100644 corelib/swupdate_verify_private.h
create mode 100644 crypto/Kconfig
create mode 100644 crypto/Makefile
rename corelib/verify_signature_mbedtls.c => crypto/swupdate_HASH_mbedtls.c (65%)
create mode 100644 crypto/swupdate_HASH_openssl.c
create mode 100644 crypto/swupdate_HASH_wolfssl.c
rename corelib/swupdate_cms_verify.c => crypto/swupdate_cms_verify_openssl.c (72%)
rename {corelib => crypto}/swupdate_decrypt_mbedtls.c (73%)
rename {corelib => crypto}/swupdate_decrypt_openssl.c (71%)
rename corelib/swupdate_decrypt_pkcs11.c => crypto/swupdate_decrypt_wolfssl.c (79%)
create mode 100644 crypto/swupdate_gpg.h
rename {corelib => crypto}/swupdate_gpg_verify.c (80%)
create mode 100644 crypto/swupdate_mbedtls.h
create mode 100644 crypto/swupdate_openssl.h
rename corelib/swupdate_pkcs7_verify.c => crypto/swupdate_pkcs7_verify_wolfssl.c (73%)
rename {corelib => crypto}/swupdate_rsa_verify_mbedtls.c (65%)
rename corelib/swupdate_rsa_verify.c => crypto/swupdate_rsa_verify_openssl.c (63%)

Stefano Babic

unread,
Jul 24, 2025, 9:21:19 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
It is current possible to select one crypto library between mbedTLS,
openSSL and WolfSSL, but they are mixing up the algorithms that can be
used. Setting pkcs#11 constraints to use WolfSSL, but it should be
possible to introduce same method to retrieve the key for other
libraries. This starts to cleanup the crypto functions in SWUpdate, and
allows to register different crypto libraries, later at the same time.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
core/Makefile | 1 +
core/crypto.c | 257 ++++++++++++++++++++++++++++++++++++++
include/swupdate_crypto.h | 78 ++++++++++++
3 files changed, 336 insertions(+)
create mode 100644 core/crypto.c
create mode 100644 include/swupdate_crypto.h

diff --git a/core/Makefile b/core/Makefile
index 666e1dd5..1ef31136 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -10,6 +10,7 @@

obj-y += swupdate.o \
cpio_utils.o \
+ crypto.o \
notifier.o \
handler.o \
bootloader.o \
diff --git a/core/crypto.c b/core/crypto.c
new file mode 100644
index 00000000..cce6884e
--- /dev/null
+++ b/core/crypto.c
@@ -0,0 +1,257 @@
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefan...@swupdate.org.
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ *
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <util.h>
+#include "swupdate_crypto.h"
+
+typedef enum {
+ DECRYPTLIB,
+ HASHLIB,
+ DGSTLIB
+} crypto_lib_t;
+
+#define NUMLIBS (DGSTLIB + 1)
+
+const char *libdesc[] = {
+ "decrypt",
+ "hash",
+ "verify"
+};
+
+/*
+ * Reused from bootloader
+ */
+typedef struct {
+ const char *name;
+ void *lib;
+} entry;
+
+static entry *current[NUMLIBS] = {NULL, NULL, NULL};
+static entry *available[NUMLIBS] = {NULL, NULL, NULL};
+static unsigned int num_available [] = {0 , 0, 0};
+
+static int register_lib(const char *name, crypto_lib_t type, void *lib)
+{
+ int num = num_available[type];
+ entry *avail = available[type];
+ entry *tmp = realloc(avail, (num + 1) * sizeof(entry));
+ if (!tmp) {
+ return -ENOMEM;
+ }
+ tmp[num].name = (char*)name;
+ tmp[num].lib = lib;
+ num_available[type]++;
+ available[type] = tmp;
+ current[type] = available[type];
+ return 0;
+}
+
+static int setlib(const char *name, crypto_lib_t type)
+{
+ int num = num_available[type];
+ entry *elem;
+
+ if (!name) {
+ return -ENOENT;
+ }
+ elem = available[type];
+ for (unsigned int i = 0; i < num; i++) {
+ if (elem[i].lib &&
+ (strcmp(elem[i].name, name) == 0)) {
+ current[type] = &elem[i];
+ return 0;
+ }
+ }
+}
+
+struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv)
+{
+ swupdate_decrypt_lib *lib;
+ if (!get_cryptolib())
+ return NULL;
+
+ lib = (swupdate_decrypt_lib *)current[DECRYPTLIB]->lib;
+ return lib->DECRYPT_init(key, keylen, iv);
+}
+
+int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
+ int *outlen, const unsigned char *cryptbuf, int inlen)
+{
+ swupdate_decrypt_lib *lib;
+ if (!get_cryptolib())
+ return -EINVAL;
+
+int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value, unsigned int *md_len)
+{
new file mode 100644
index 00000000..d379251b
--- /dev/null
+++ b/include/swupdate_crypto.h
@@ -0,0 +1,78 @@
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefan...@swupdate.org.
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ *
+ */
+
+#pragma once
+#include <stdbool.h>
+#include "sslapi.h"
+
+typedef struct {
+ struct swupdate_digest *(*DECRYPT_init)(unsigned char *key, char keylen, unsigned char *iv);
+ int (*DECRYPT_update)(struct swupdate_digest *dgst, unsigned char *buf,
+ int *outlen, const unsigned char *cryptbuf, int inlen);
+

Stefano Babic

unread,
Jul 24, 2025, 9:21:25 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
core/swupdate.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/core/swupdate.c b/core/swupdate.c
index f8ee00b3..34e0bc1b 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c
@@ -52,6 +52,7 @@
#include "versions.h"
#include "hw-compatibility.h"
#include "swupdate_vars.h"
+#include "swupdate_crypto.h"

#ifdef CONFIG_SYSTEMD
#include <systemd/sd-daemon.h>
@@ -965,6 +966,7 @@ int main(int argc, char **argv)
}

print_registered_updatetypes(&swcfg);
+ print_registered_cryptolib();

Stefano Babic

unread,
Jul 24, 2025, 9:21:30 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
There is a common funtion between modules that it is just a wrapper to
the EVP_DigestInit_ex() function. Call directly the openSSL function in
RSA module to avoid this dependency.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---

Stefano Babic

unread,
Jul 24, 2025, 9:21:35 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
crypto/Makefile | 2 +-
...ture_mbedtls.c => swupdate_HASH_mbedtls.c} | 50 +++++++------------
crypto/swupdate_rsa_verify_mbedtls.c | 25 ++++++++++
3 files changed, 44 insertions(+), 33 deletions(-)
rename crypto/{verify_signature_mbedtls.c => swupdate_HASH_mbedtls.c} (63%)

diff --git a/crypto/Makefile b/crypto/Makefile
index a96bf0ce..9a70ca38 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -19,7 +19,7 @@ ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify.o
endif
ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
-obj-$(CONFIG_HASH_VERIFY) += verify_signature_mbedtls.o
+obj-$(CONFIG_HASH_VERIFY) += swupdate_HASH_mbedtls.o
ifeq ($(CONFIG_PKCS11),y)
obj-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt_pkcs11.o
else
diff --git a/crypto/verify_signature_mbedtls.c b/crypto/swupdate_HASH_mbedtls.c
similarity index 63%
rename from crypto/verify_signature_mbedtls.c
rename to crypto/swupdate_HASH_mbedtls.c
index 607ac46f..28ec7f5d 100644
--- a/crypto/verify_signature_mbedtls.c
+++ b/crypto/swupdate_HASH_mbedtls.c
@@ -4,12 +4,15 @@

#include <ctype.h>
#include <errno.h>
-#include <mbedtls/version.h>
#include <stdlib.h>

#include "sslapi.h"
#include "util.h"
-#include "swupdate.h"
+#include "swupdate_crypto.h"
+
+#define MODNAME "mbedtlsSHA256"
+
+static swupdate_HASH_lib hash;

static char *algo_upper(const char *algo)
{
@@ -23,7 +26,7 @@ static char *algo_upper(const char *algo)
return result;
}

-struct swupdate_digest *swupdate_HASH_init(const char *algo)
+static struct swupdate_digest *mbedtls_HASH_init(const char *algo)
{
struct swupdate_digest *dgst;
int error;
@@ -60,7 +63,7 @@ fail:
return 0;
}

-int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
+static int mbedtls_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
size_t len)
{
if (!dgst) {
@@ -76,7 +79,7 @@ int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
return 0;
}

-int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
+static int mbedtls_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
unsigned int *md_len)
{
if (!dgst) {
@@ -88,17 +91,13 @@ int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
return -EINVAL;
}
if (md_len) {
-#if MBEDTLS_VERSION_NUMBER >= 0x03020000
- *md_len = mbedtls_md_get_size(mbedtls_md_info_from_ctx(&dgst->mbedtls_md_context));
-#else
*md_len = mbedtls_md_get_size(dgst->mbedtls_md_context.md_info);
-#endif
}
return 1;

}

-void swupdate_HASH_cleanup(struct swupdate_digest *dgst)
+static void mbedtls_HASH_cleanup(struct swupdate_digest *dgst)
{
if (!dgst) {
return;
@@ -111,31 +110,18 @@ void swupdate_HASH_cleanup(struct swupdate_digest *dgst)
/*
* Just a wrap function to memcmp
*/
-int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
+static int mbedtls_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
{
return memcmp(hash1, hash2, SHA256_HASH_LENGTH) ? -1 : 0;
}

-int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+__attribute__((constructor))
+static void openssl_hash(void)
{
- struct swupdate_digest *dgst;
-
- dgst = calloc(1, sizeof(*dgst));
- if (!dgst) {
- return -ENOMEM;
- }
-
-#ifdef CONFIG_SIGNED_IMAGES
- mbedtls_pk_init(&dgst->mbedtls_pk_context);
-
- int error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile);
- if (error) {
- ERROR("mbedtls_pk_parse_public_keyfile: %d", error);
- free(dgst);
- return -EIO;
- }
-#endif
-
- sw->dgst = dgst;
- return 0;
+ hash.HASH_init = mbedtls_HASH_init;
+ hash.HASH_update = mbedtls_HASH_update;
+ hash.HASH_final = mbedtls_HASH_final;
+ hash.HASH_compare = mbedtls_HASH_compare;
+ hash.HASH_cleanup = mbedtls_HASH_cleanup;
+ (void)register_hashlib(MODNAME, &hash);
}
diff --git a/crypto/swupdate_rsa_verify_mbedtls.c b/crypto/swupdate_rsa_verify_mbedtls.c
index 2c3111c6..c145948f 100644
--- a/crypto/swupdate_rsa_verify_mbedtls.c
+++ b/crypto/swupdate_rsa_verify_mbedtls.c
@@ -15,6 +15,7 @@

#include "sslapi.h"
#include "util.h"
+#include "swupdate.h"

static int read_file_into_buffer(uint8_t *buffer, int size, const char *filename)
{
@@ -88,3 +89,27 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
signature, sizeof(signature)
);
}
+
+int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ return -ENOMEM;
+ }
+
+#ifdef CONFIG_SIGNED_IMAGES
+ mbedtls_pk_init(&dgst->mbedtls_pk_context);
+
+ int error = mbedtls_pk_parse_public_keyfile(&dgst->mbedtls_pk_context, keyfile);
+ if (error) {
+ ERROR("mbedtls_pk_parse_public_keyfile: %d", error);
+ free(dgst);
+ return -EIO;
+ }
+#endif
+
+ sw->dgst = dgst;

Stefano Babic

unread,
Jul 24, 2025, 9:21:35 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
Initialize function from main just in case it is really needed. This
fixes build error in case swupdate_dgst_init() is not set.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
core/swupdate.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/core/swupdate.c b/core/swupdate.c
index 34e0bc1b..2370f939 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c

Stefano Babic

unread,
Jul 24, 2025, 9:21:43 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
crypto/Makefile | 4 ++--
.../{swupdate_cms_verify.c => swupdate_cms_verify_openssl.c} | 0
2 files changed, 2 insertions(+), 2 deletions(-)
rename crypto/{swupdate_cms_verify.c => swupdate_cms_verify_openssl.c} (100%)

diff --git a/crypto/Makefile b/crypto/Makefile
index 0d1d0b6a..c18bfaf9 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-2.0-only

ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
-obj-$(CONFIG_HASH_VERIFY) += verify_signature.o swupdate_HASH_openssl.o
+obj-$(CONFIG_HASH_VERIFY) += swupdate_HASH_openssl.o
ifeq ($(CONFIG_PKCS11),y)
obj-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt_pkcs11.o
else
@@ -13,7 +13,7 @@ obj-$(CONFIG_SIGALG_RAWRSA) += swupdate_rsa_verify_openssl.o
obj-$(CONFIG_SIGALG_RSAPSS) += swupdate_rsa_verify_openssl.o
endif
ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
-obj-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify.o
+obj-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify_openssl.o
endif
ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify.o

Stefano Babic

unread,
Jul 24, 2025, 9:21:49 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
Crypto libraries can be instantiated and selected at runtime. Add
registration method to the digest functions used to verify
sw-description.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
crypto/swupdate_cms_verify_openssl.c | 90 ++++++++++++++++++++++++++--
crypto/swupdate_gpg_verify.c | 56 ++++++++++++++++-
crypto/swupdate_pkcs7_verify.c | 66 +++++++++++++++++++-
crypto/swupdate_rsa_verify_mbedtls.c | 17 +++++-
crypto/swupdate_rsa_verify_openssl.c | 70 +++++++++++++++++++++-
5 files changed, 286 insertions(+), 13 deletions(-)

diff --git a/crypto/swupdate_cms_verify_openssl.c b/crypto/swupdate_cms_verify_openssl.c
index 15f113b5..41f894c2 100644
--- a/crypto/swupdate_cms_verify_openssl.c
+++ b/crypto/swupdate_cms_verify_openssl.c
@@ -14,7 +14,7 @@
#include "swupdate.h"
#include "sslapi.h"
#include "util.h"
-#include "swupdate_verify_private.h"
+#include "swupdate_crypto.h"

#if defined(CONFIG_CMS_SKIP_UNKNOWN_SIGNERS)
#define VERIFY_UNKNOWN_SIGNER_FLAGS (CMS_NO_SIGNER_CERT_VERIFY)
@@ -22,8 +22,12 @@
#define VERIFY_UNKNOWN_SIGNER_FLAGS (0)
#endif

+#define MODNAME "opensslCMS"
+
+static swupdate_dgst_lib libs;
+
#ifndef CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE
-int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca)
+static int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca)
{
X509 *x = (X509 *)crt;
uint32_t ex_flags = SSL_X509_get_extension_flags(x);
@@ -74,7 +78,7 @@ static int cms_verify_callback(int ok, X509_STORE_CTX *ctx) {
return ok;
}

-X509_STORE *load_cert_chain(const char *file)
+static X509_STORE *load_cert_chain(const char *file)
{
X509_STORE *castore = X509_STORE_new();
if (!castore) {
@@ -231,7 +235,77 @@ static int check_verified_signer(CMS_ContentInfo* cms, X509_STORE* store)
}
#endif

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int openssl_cms_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+ int ret;
+
+ /*
+ * Check that it was not called before
+ */
+ if (sw->dgst) {
+ return -EBUSY;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+
+ sw->dgst = dgst;
+
+ return 0;
+
+dgst_init_error:
+ if (dgst)
+ free(dgst);
+
+ return ret;
+}
+
+static int openssl_cms_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
int status = -EFAULT;
@@ -303,3 +377,11 @@ out:
}
return status;
}
+
+__attribute__((constructor))
+static void openssl_dgst(void)
+{
+ libs.dgst_init = openssl_cms_dgst_init;
+ libs.verify_file = openssl_cms_verify_file;
+ (void)register_dgstlib(MODNAME, &libs);
+}
diff --git a/crypto/swupdate_gpg_verify.c b/crypto/swupdate_gpg_verify.c
index 5e1a061d..a44735ec 100644
--- a/crypto/swupdate_gpg_verify.c
+++ b/crypto/swupdate_gpg_verify.c
@@ -15,6 +15,9 @@
#include <errno.h>
#include <locale.h>
#include <gpgme.h>
+#include "swupdate_crypto.h"
+
+static swupdate_dgst_lib libs;

static gpg_error_t
status_cb(void *opaque, const char *keyword, const char *value)
@@ -26,7 +29,50 @@ status_cb(void *opaque, const char *keyword, const char *value)

#define MSGBUF_LEN 256

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int gpg_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+ int ret;
+
+ /*
+ * Check that it was not called before
+ */
+ if (sw->dgst) {
+ return -EBUSY;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ dgst->gpg_home_directory = sw->gpg_home_directory;
+ dgst->gpgme_protocol = sw->gpgme_protocol;
+ dgst->verbose = sw->verbose;
+
+ /*
+ * Create context
+ */
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ sw->dgst = dgst;
+
+ return 0;
+
+dgst_init_error:
+ if (dgst)
+ free(dgst);
+
+ return ret;
+}
+
+static int gpg_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
gpgme_ctx_t ctx;
@@ -169,3 +215,11 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,

return status;
}
+
+__attribute__((constructor))
+static void gpg_dgst(void)
+{
+ libs.dgst_init = gpg_dgst_init;
+ libs.verify_file = gpg_verify_file;
+ (void)register_dgstlib("GPG", &libs);
+}
diff --git a/crypto/swupdate_pkcs7_verify.c b/crypto/swupdate_pkcs7_verify.c
index ce4c4b45..bffd1a91 100644
--- a/crypto/swupdate_pkcs7_verify.c
+++ b/crypto/swupdate_pkcs7_verify.c
@@ -16,7 +16,10 @@
#include "swupdate.h"
#include "sslapi.h"
#include "util.h"
-#include "swupdate_verify_private.h"
+#include "swupdate_crypto.h"
+#include <wolfssl/openssl/pkcs7.h>
+
+static swupdate_dgst_lib libs;

static int store_verify_callback(int ok, X509_STORE_CTX *ctx) {
int cert_error = X509_STORE_CTX_get_error(ctx);
@@ -42,7 +45,7 @@ static int store_verify_callback(int ok, X509_STORE_CTX *ctx) {
return ok;
}

-X509_STORE *load_cert_chain(const char *file)
+static X509_STORE *load_cert_chain(const char *file)
{
X509_STORE *castore = X509_STORE_new();
if (!castore) {
@@ -98,7 +101,56 @@ static int check_signer_name(const char *name)
return 0;
}

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int wolfssl_pkcs7_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+ int ret;
+
+ /*
+ * Check that it was not called before
+ */
+ if (sw->dgst) {
+ return -EBUSY;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ /*
+ * Load certificate chain
+ */
+ dgst->certs = load_cert_chain(keyfile);
+ if (!dgst->certs) {
+ ERROR("Error loading certificate chain from %s", keyfile);
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }
+
+ /*
+ * Create context
+ */
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ sw->dgst = dgst;
+
+ return 0;
+
+dgst_init_error:
+ if (dgst)
+ free(dgst);
+
+ return ret;
+}
+
+static int wolfssl_pkcs7_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
int status = -EFAULT;
@@ -171,3 +223,11 @@ out:
}
return status;
}
+
+__attribute__((constructor))
+static void wolfssl_dgst(void)
+{
+ libs.dgst_init = wolfssl_pkcs7_dgst_init;
+ libs.verify_file = wolfssl_pkcs7_verify_file;
+ (void)register_dgstlib("pkcs#7WolfSSL", &libs);
+}
diff --git a/crypto/swupdate_rsa_verify_mbedtls.c b/crypto/swupdate_rsa_verify_mbedtls.c
index c145948f..58ffef70 100644
--- a/crypto/swupdate_rsa_verify_mbedtls.c
+++ b/crypto/swupdate_rsa_verify_mbedtls.c
@@ -16,6 +16,11 @@
#include "sslapi.h"
#include "util.h"
#include "swupdate.h"
+#include "swupdate_crypto.h"
+
+#define MODNAME "mbedtlsRSA"
+
+static swupdate_dgst_lib libs;

static int read_file_into_buffer(uint8_t *buffer, int size, const char *filename)
{
@@ -43,7 +48,7 @@ exit:
return result;
}

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int mbedtls_rsa_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
int error;
@@ -90,7 +95,7 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
);
}

-int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+static int mbedtls_rsa_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
{
struct swupdate_digest *dgst;

@@ -113,3 +118,11 @@ int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
sw->dgst = dgst;
return 0;
}
+
+__attribute__((constructor))
+static void mbedtls_rsa_dgst(void)
+{
+ libs.dgst_init = mbedtls_rsa_dgst_init;
+ libs.verify_file = mbedtls_rsa_verify_file;
+ (void)register_dgstlib(MODNAME, &libs);
+}
diff --git a/crypto/swupdate_rsa_verify_openssl.c b/crypto/swupdate_rsa_verify_openssl.c
index 8df5274c..f783ac10 100644
--- a/crypto/swupdate_rsa_verify_openssl.c
+++ b/crypto/swupdate_rsa_verify_openssl.c
@@ -14,11 +14,15 @@
#include "swupdate.h"
#include "sslapi.h"
#include "util.h"
-#include "swupdate_verify_private.h"
+#include "swupdate_crypto.h"

#define BUFSIZE (1024 * 8)

-EVP_PKEY *load_pubkey(const char *file)
+#define MODNAME "opensslRSA"
+
+static swupdate_dgst_lib libs;
+
+static EVP_PKEY *load_pubkey(const char *file)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
@@ -103,7 +107,7 @@ static int verify_final(struct swupdate_digest *dgst, unsigned char *sig, unsign
return rc;
}

-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+static int openssl_rsa_verify_file(struct swupdate_digest *dgst, const char *sigfile,
const char *file, const char *signer_name)
{
FILE *fp = NULL;
@@ -197,5 +201,65 @@ out:
return status;
}

+static int openssl_rsa_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
+{
+ struct swupdate_digest *dgst;
+ int ret;
+
+ /*
+ * Check that it was not called before
+ */
+ if (sw->dgst) {
+ return -EBUSY;
+ }
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }

+ /*
+ * Load public key
+ */
+ dgst->pkey = load_pubkey(keyfile);
+ if (!dgst->pkey) {
+ ERROR("Error loading pub key from %s", keyfile);
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }
+ dgst->ckey = EVP_PKEY_CTX_new(dgst->pkey, NULL);
+ if (!dgst->ckey) {
+ ERROR("Error creating context key for %s", keyfile);
+ ret = -EINVAL;
+ goto dgst_init_error;
+ }

+ /*
+ * Create context
+ */
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ ret = -ENOMEM;
+ goto dgst_init_error;
+ }
+
+ sw->dgst = dgst;
+
+ return 0;
+
+dgst_init_error:
+ if (dgst)
+ free(dgst);
+
+ return ret;
+}
+
+__attribute__((constructor))
+static void openssl_dgst(void)
+{
+ libs.dgst_init = openssl_rsa_dgst_init;
+ libs.verify_file = openssl_rsa_verify_file;
+ (void)register_dgstlib(MODNAME, &libs);
+}
--
2.43.0

Stefano Babic

unread,
Jul 24, 2025, 9:21:49 AM7/24/25
to swup...@googlegroups.com, Daniel Braunwarth, Stefano Babic, Michael Glembotzki
From: Daniel Braunwarth <o...@braunwarth.dev>

Mbed TLS introduced mbedtls_md_info_from_ctx() in version 3.2.0 and made
direct access to the md_info field private.

Signed-off-by: Daniel Braunwarth <o...@braunwarth.dev>
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
crypto/swupdate_HASH_mbedtls.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/crypto/swupdate_HASH_mbedtls.c b/crypto/swupdate_HASH_mbedtls.c
index 28ec7f5d..3317eb77 100644
--- a/crypto/swupdate_HASH_mbedtls.c
+++ b/crypto/swupdate_HASH_mbedtls.c
@@ -91,7 +91,11 @@ static int mbedtls_HASH_final(struct swupdate_digest *dgst, unsigned char *md_va

Stefano Babic

unread,
Jul 24, 2025, 9:21:52 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
include/sslapi.h | 14 --------------
1 file changed, 14 deletions(-)

diff --git a/include/sslapi.h b/include/sslapi.h
index 36762b93..4b2dc7bb 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -203,26 +203,12 @@ int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2
#define swupdate_HASH_compare(hash1,hash2) (0)
#endif

-#ifdef CONFIG_ENCRYPTED_IMAGES
struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv);
int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
int *outlen, const unsigned char *cryptbuf, int inlen);
int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf,

Stefano Babic

unread,
Jul 24, 2025, 9:21:56 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
sslapi.h contains a lot of details that are required just by the
function for decrypting and digesting. Other components want just to
call these function, and including sslapi.h generates conflicts.

Move the prototypes into swupdate_crypto.h and include this header
accordingly.

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
diff --git a/include/sslapi.h b/include/sslapi.h
index 4b2dc7bb..0bbcb4fc 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -10,8 +10,6 @@
#include <stdint.h>
#include "util.h"

-#define SHA_DEFAULT "sha256"
-
/*
* openSSL is not mandatory
* Let compile when openSSL is not activated
@@ -177,41 +175,3 @@ struct swupdate_digest {
#else
#define swupdate_crypto_init()
#endif
-
-#if defined(CONFIG_HASH_VERIFY)
-struct swupdate_cfg;
-
-int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile);
-struct swupdate_digest *swupdate_HASH_init(const char *SHALength);
-int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
- size_t len);
-int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
- unsigned int *md_len);
-void swupdate_HASH_cleanup(struct swupdate_digest *dgst);
-int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,

Stefano Babic

unread,
Jul 24, 2025, 9:21:59 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
crypto/Makefile | 2 +-
...{swupdate_pkcs7_verify.c => swupdate_pkcs7_verify_wolfssl.c} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
rename crypto/{swupdate_pkcs7_verify.c => swupdate_pkcs7_verify_wolfssl.c} (100%)

diff --git a/crypto/Makefile b/crypto/Makefile
index c18bfaf9..1961c3bf 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -16,7 +16,7 @@ ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
obj-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify_openssl.o
endif
ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
-obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify.o
+obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify_wolfssl.o
endif
ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
obj-$(CONFIG_HASH_VERIFY) += swupdate_HASH_mbedtls.o
diff --git a/crypto/swupdate_pkcs7_verify.c b/crypto/swupdate_pkcs7_verify_wolfssl.c
similarity index 100%

Stefano Babic

unread,
Jul 24, 2025, 9:22:03 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
SSL_X509_get_extension_flags() and SSL_X509_get_extended_key_usage() are
just used inside CMS module, move them from sslapi.h

Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
crypto/swupdate_cms_verify_openssl.c | 18 ++++++++++++++++++
include/sslapi.h | 22 ----------------------
2 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/crypto/swupdate_cms_verify_openssl.c b/crypto/swupdate_cms_verify_openssl.c
index 41f894c2..dd0a72bd 100644
--- a/crypto/swupdate_cms_verify_openssl.c
+++ b/crypto/swupdate_cms_verify_openssl.c
@@ -26,6 +26,24 @@

static swupdate_dgst_lib libs;

+static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ return x->ex_flags;
+#else
+ return X509_get_extension_flags(x);
+#endif
+}
+
+static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ return x->ex_xkusage;
+#else
+ return X509_get_extended_key_usage(x);
+#endif
+}
+
#ifndef CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE
static int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca)
{
diff --git a/include/sslapi.h b/include/sslapi.h
index 0bbcb4fc..8564373c 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h

Dominique MARTINET

unread,
Jul 24, 2025, 9:40:04 AM7/24/25
to Stefano Babic, swup...@googlegroups.com
Stefano Babic wrote on Thu, Jul 24, 2025 at 03:21:08PM +0200:
> This series refactors support for crypto engines in SWUpdate.

Thank you for this thankless work!

> Currently, access to crypto functions is hard-coded and
> configured via CONFIG_ switches at compile time. This forbids
> to add more support from other libraries and to use any type of
> crypto libraries in combination with an algorythm. CMS can be
> used when openSSL is enabled, while PKCS#11 only with WolfSSL.
>
> Introduce a generic concept with crypto "providers", SWUpdate's
> crypto services and modules.
>
> A provider is a library that allows to build services.
>
> SWUpdate defines three type of services : Verification, Hashing and Decryption.
>
> The modules are the specific implementation of one of the services with
> an algorythm supported by the provided. It can be CMS, AES, pkcs#11, etc.
> The series convert current implementation in modules that can be loaded or not.
> Multiple modules can be installed, and the choice can be done at runtime
> dropping most of nasty #ifdef CONFIG_ in code.
>
> V2 sets names for modules consistent, and squash previous 1/8 and 1/9

Please, either keep all the mails in a single thread so any client can
pull the thread out to apply with a single git am command, or also
provide a branch to pull from in the cover letter.
It's a lot of patches so I'd rather review from the applied code (not
that I have much time to review anyway, but it's a rework that a few
other works have been waiting on so I'd like to at least try)

--
Dominique

Stefano Babic

unread,
Jul 24, 2025, 9:42:47 AM7/24/25
to Dominique MARTINET, swup...@googlegroups.com
On 7/24/25 15:39, Dominique MARTINET wrote:
> Stefano Babic wrote on Thu, Jul 24, 2025 at 03:21:08PM +0200:
>> This series refactors support for crypto engines in SWUpdate.
>
> Thank you for this thankless work!
>
>> Currently, access to crypto functions is hard-coded and
>> configured via CONFIG_ switches at compile time. This forbids
>> to add more support from other libraries and to use any type of
>> crypto libraries in combination with an algorythm. CMS can be
>> used when openSSL is enabled, while PKCS#11 only with WolfSSL.
>>
>> Introduce a generic concept with crypto "providers", SWUpdate's
>> crypto services and modules.
>>
>> A provider is a library that allows to build services.
>>
>> SWUpdate defines three type of services : Verification, Hashing and Decryption.
>>
>> The modules are the specific implementation of one of the services with
>> an algorythm supported by the provided. It can be CMS, AES, pkcs#11, etc.
>> The series convert current implementation in modules that can be loaded or not.
>> Multiple modules can be installed, and the choice can be done at runtime
>> dropping most of nasty #ifdef CONFIG_ in code.
>>
>> V2 sets names for modules consistent, and squash previous 1/8 and 1/9
>
> Please, either keep all the mails in a single thread so any client can
> pull the thread out to apply with a single git am command, or also
> provide a branch to pull from in the cover letter.

It is a workaround....

The mailserver complains and accepts just 20 patches, then it denies.
Not wanted from my side.

Best regards,
Stefano

Dominique MARTINET

unread,
Jul 24, 2025, 9:56:46 AM7/24/25
to Stefano Babic, swup...@googlegroups.com
Stefano Babic wrote on Thu, Jul 24, 2025 at 03:42:41PM +0200:
> > Please, either keep all the mails in a single thread so any client can
> > pull the thread out to apply with a single git am command, or also
> > provide a branch to pull from in the cover letter.
>
> It is a workaround....
>
> The mailserver complains and accepts just 20 patches, then it denies. Not
> wanted from my side.

Thanks for the explanation, this makes more sense with how the v1 was
split!
I think it's ok as you did V2 if there is an easy way to grab the
patches otherwise -- it's not difficult to find the proper mail to reply
to afterwards
Could you push this to a non-master branch of
https://github.com/sbabic/swupdate or another public repo?

Thank you,
--
Dominique

Stefano Babic

unread,
Jul 24, 2025, 10:00:29 AM7/24/25
to Dominique MARTINET, Stefano Babic, swup...@googlegroups.com
https://gitlab.nabladev.com/stefano/swupdate/-/tree/crypto-cleanup?ref_type=heads

Regards,
Stefano

Fabio Estevam

unread,
Jul 24, 2025, 10:03:30 AM7/24/25
to Dominique MARTINET, Stefano Babic, swup...@googlegroups.com
Hi Dominique,

On Thu, Jul 24, 2025 at 10:56 AM Dominique MARTINET
<dominique...@atmark-techno.com> wrote:

> Thanks for the explanation, this makes more sense with how the v1 was
> split!
> I think it's ok as you did V2 if there is an easy way to grab the
> patches otherwise -- it's not difficult to find the proper mail to reply

An easy way to grab the series is via patchwork:

https://patchwork.ozlabs.org/project/swupdate/patch/20250724132110.846...@swupdate.org/

Click on the 'series' button, and the patch series will be downloaded.
Then, run "git am
~/Downloads/V2-01-40-Find-p11-kit-options-via-pkg-config.patch" to
apply.

Dominique MARTINET

unread,
Jul 24, 2025, 10:09:22 AM7/24/25
to Stefano Babic, Fabio Estevam, swup...@googlegroups.com
Stefano Babic wrote on Thu, Jul 24, 2025 at 04:00:21PM +0200:
> https://gitlab.nabladev.com/stefano/swupdate/-/tree/crypto-cleanup?ref_type=heads

Thank you!

Fabio Estevam wrote on Thu, Jul 24, 2025 at 11:03:11AM -0300:
> An easy way to grab the series is via patchwork:
>
> https://patchwork.ozlabs.org/project/swupdate/patch/20250724132110.846...@swupdate.org/
>
> Click on the 'series' button, and the patch series will be downloaded.

Interesting, I had expected patchwork to be fooled by the lack of thread
as well but I'm happy to be wrong here; I'll remember to check patchwork
next time if there's one, thank you as well.

I've added Stefano's gitlab as a remote for now, that's even less work
:)


It's getting late here, I'll try to have a proper look tomorrow or
Monday
--
Dominique

Storm, Christian

unread,
Jul 24, 2025, 10:33:15 AM7/24/25
to swup...@googlegroups.com

>> This series refactors support for crypto engines in SWUpdate.
>
> Thank you for this thankless work!

I can only second that, very welcomed!


Christian

--
Dr. Christian Storm
Siemens AG, FT RPD CED
Friedrich-Ludwig-Bauer-Str. 3, 85748 Garching, Germany

Reply all
Reply to author
Forward
0 new messages