Bastian Germann
unread,Mar 21, 2023, 9:07:27 AM3/21/23Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to swup...@googlegroups.com, Bastian Germann
SWUpdate's wolfSSL crypto implementation lacks CMS support currently.
CMS is the same as PKCS#7 for the most part and wolfSSL supports
PKCS#7. Implement the signature verification based on the OpenSSL
compatibility layer and use some wolfSSL-specific data structures where
the current API situation does not provide the needed abstractions.
I had a hard time with getting the X.509 common name from the
certificate, so I have left this part for some other time (or person)
to implement.
By the way, mbedTLS also has some PKCS#7 support in the latest 3.3.0
release, so maybe it is possible to add support for it as well.
Bastian Germann (2):
Add PKCS#7 verification for wolfSSL
Hide forced-signer-name from non-CMS and wolfSSL
Kconfig | 13 +-
core/swupdate.c | 4 +
corelib/Makefile | 4 +-
corelib/swupdate_cms_verify.c | 2 +
corelib/swupdate_pkcs7_verify.c | 173 +++++++++++++++++++++++++
corelib/swupdate_verify_private.h | 2 +
corelib/verify_signature.c | 3 +
include/sslapi.h | 3 +-
scripts/acceptance-tests/CheckImage.mk | 2 +
9 files changed, 200 insertions(+), 6 deletions(-)
create mode 100644 corelib/swupdate_pkcs7_verify.c
--
2.39.2