[PATCH] crypto: Add WolfSSLRSA[PSS] providers
4 views
Skip to first unread message
Bastian Germann
Jan 15, 2026, 12:11:41 PMJan 15
to swup...@googlegroups.com, Bastian Germann
When the crypto framework was restructured the wolfSSL implementation
lost the ability to provide RSA decryption. Add the RSA and RSAPSS
flavors similar to swupdate_HASH_wolfssl.
The Kconfig symbols still depend on SSL_IMPL_WOLFSSL.
Signed-off-by: Bastian Germann <ba...@debian.org>
---
crypto/Makefile | 2 ++
crypto/swupdate_rsa_verify_openssl.c | 7 ++++---
crypto/swupdate_rsa_verify_wolfssl.c | 24 ++++++++++++++++++++++++
3 files changed, 30 insertions(+), 3 deletions(-)
create mode 100644 crypto/swupdate_rsa_verify_wolfssl.c
diff --git a/crypto/Makefile b/crypto/Makefile
index b591ff57..58952c10 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -13,6 +13,8 @@ endif
ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
obj-$(CONFIG_HASH_VERIFY) += swupdate_HASH_wolfssl.o
+obj-$(CONFIG_SIGALG_RAWRSA) += swupdate_rsa_verify_wolfssl.o
+obj-$(CONFIG_SIGALG_RSAPSS) += swupdate_rsa_verify_wolfssl.o
obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify_wolfssl.o
obj-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt_wolfssl.o
endif
diff --git a/crypto/swupdate_rsa_verify_openssl.c b/crypto/swupdate_rsa_verify_openssl.c
index 8ac52d0d..2e02eec1 100644
--- a/crypto/swupdate_rsa_verify_openssl.c
+++ b/crypto/swupdate_rsa_verify_openssl.c
@@ -14,12 +14,13 @@
#include "swupdate.h"
#include "util.h"
#include "swupdate_crypto.h"
+#if !defined(NO_INCLUDE_OPENSSL)
#include "swupdate_openssl.h"
-
-#define BUFSIZE (1024 * 8)
-
#define MODNAME "opensslRSA"
#define MODNAME_PSS "opensslRSAPSS"
+#endif
+
+#define BUFSIZE (1024 * 8)
static swupdate_dgst_lib libs;
diff --git a/crypto/swupdate_rsa_verify_wolfssl.c b/crypto/swupdate_rsa_verify_wolfssl.c
new file mode 100644
index 00000000..f41a342a
--- /dev/null
+++ b/crypto/swupdate_rsa_verify_wolfssl.c
@@ -0,0 +1,24 @@
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefan...@swupdate.org.
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+#include "swupdate.h"
+#include "swupdate_wolfssl.h"
+
+/*
+ * Switch to WolfSSL in module
+ */
+#define NO_INCLUDE_OPENSSL
+#define MODNAME "WolfSSLRSA"
+#define MODNAME_PSS "WolfSSLRSAPSS"
+
+#include "swupdate_rsa_verify_openssl.c"
+
lost the ability to provide RSA decryption. Add the RSA and RSAPSS
flavors similar to swupdate_HASH_wolfssl.
The Kconfig symbols still depend on SSL_IMPL_WOLFSSL.
Signed-off-by: Bastian Germann <ba...@debian.org>
---
crypto/Makefile | 2 ++
crypto/swupdate_rsa_verify_openssl.c | 7 ++++---
crypto/swupdate_rsa_verify_wolfssl.c | 24 ++++++++++++++++++++++++
3 files changed, 30 insertions(+), 3 deletions(-)
create mode 100644 crypto/swupdate_rsa_verify_wolfssl.c
diff --git a/crypto/Makefile b/crypto/Makefile
index b591ff57..58952c10 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -13,6 +13,8 @@ endif
ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
obj-$(CONFIG_HASH_VERIFY) += swupdate_HASH_wolfssl.o
+obj-$(CONFIG_SIGALG_RAWRSA) += swupdate_rsa_verify_wolfssl.o
+obj-$(CONFIG_SIGALG_RSAPSS) += swupdate_rsa_verify_wolfssl.o
obj-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify_wolfssl.o
obj-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt_wolfssl.o
endif
diff --git a/crypto/swupdate_rsa_verify_openssl.c b/crypto/swupdate_rsa_verify_openssl.c
index 8ac52d0d..2e02eec1 100644
--- a/crypto/swupdate_rsa_verify_openssl.c
+++ b/crypto/swupdate_rsa_verify_openssl.c
@@ -14,12 +14,13 @@
#include "swupdate.h"
#include "util.h"
#include "swupdate_crypto.h"
+#if !defined(NO_INCLUDE_OPENSSL)
#include "swupdate_openssl.h"
-
-#define BUFSIZE (1024 * 8)
-
#define MODNAME "opensslRSA"
#define MODNAME_PSS "opensslRSAPSS"
+#endif
+
+#define BUFSIZE (1024 * 8)
static swupdate_dgst_lib libs;
diff --git a/crypto/swupdate_rsa_verify_wolfssl.c b/crypto/swupdate_rsa_verify_wolfssl.c
new file mode 100644
index 00000000..f41a342a
--- /dev/null
+++ b/crypto/swupdate_rsa_verify_wolfssl.c
@@ -0,0 +1,24 @@
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefan...@swupdate.org.
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+#include "swupdate.h"
+#include "swupdate_wolfssl.h"
+
+/*
+ * Switch to WolfSSL in module
+ */
+#define NO_INCLUDE_OPENSSL
+#define MODNAME "WolfSSLRSA"
+#define MODNAME_PSS "WolfSSLRSAPSS"
+
+#include "swupdate_rsa_verify_openssl.c"
+
Stefano Babic
Jan 27, 2026, 8:38:11 AM (6 days ago) Jan 27
to Bastian Germann, swup...@googlegroups.com
Hi Bastian,
Applied to -master, thanks !
Best regards,
Stefano Babic
Best regards,
Stefano Babic
Reply all
Reply to author
Forward
0 new messages