New swupdate_decrypt backend
18 views
Skip to first unread message
Guillaume Villat
Jul 1, 2024, 11:40:23 AM (2 days ago) Jul 1
to swupdate
Hello ,
I want to use a custom openssl engine to decrypt.
How can I update sslapi.h to do this please?
At the moment I've used defines to replace the swupdate_DECRYPT_* functions with my own, but I'm afraid it won't be correct.
Thanks
Guillaume
I want to use a custom openssl engine to decrypt.
How can I update sslapi.h to do this please?
At the moment I've used defines to replace the swupdate_DECRYPT_* functions with my own, but I'm afraid it won't be correct.
Thanks
Guillaume
Stefano Babic
Jul 1, 2024, 12:29:33 PM (2 days ago) Jul 1
to Guillaume Villat, swupdate
Hi Guillaume,
This is an open issue and there is not yet a nice way. Topic was
discussed in previous threads (i.e.
https://groups.google.com/g/swupdate/c/z4oYcaJv5Rs/m/_usTySxwAAAJ). The
current implementation in SWUpdate does not allow to easy add further
providers for decryption / verification, and this leads to have just
quirks in the code, as in sslapi.h.
In the thread and in documentation you can read which should be focus
for next development. It should be possible to have crypto modules, and
also to have multiple of them at run time, and adding a crypto backend
should be then easy like to add a new handler (see
improvement_proposals.rst in documentation). A crypte backend should
provide services, and it should register itself with SWUpdate's core.
Then adding a new backend will be very easy.
I have the design ready and have started to check for implementation,
but I am looking for sponsors. So I cannot say when this work could be done.
Best regards,
Stefano Babic
> Thanks
>
> Guillaume
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/87932924-ac39-4886-9647-b63f0fef60c1n%40googlegroups.com <https://groups.google.com/d/msgid/swupdate/87932924-ac39-4886-9647-b63f0fef60c1n%40googlegroups.com?utm_medium=email&utm_source=footer>.
discussed in previous threads (i.e.
https://groups.google.com/g/swupdate/c/z4oYcaJv5Rs/m/_usTySxwAAAJ). The
current implementation in SWUpdate does not allow to easy add further
providers for decryption / verification, and this leads to have just
quirks in the code, as in sslapi.h.
In the thread and in documentation you can read which should be focus
for next development. It should be possible to have crypto modules, and
also to have multiple of them at run time, and adding a crypto backend
should be then easy like to add a new handler (see
improvement_proposals.rst in documentation). A crypte backend should
provide services, and it should register itself with SWUpdate's core.
Then adding a new backend will be very easy.
I have the design ready and have started to check for implementation,
but I am looking for sponsors. So I cannot say when this work could be done.
Best regards,
Stefano Babic
> Thanks
>
> Guillaume
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/87932924-ac39-4886-9647-b63f0fef60c1n%40googlegroups.com <https://groups.google.com/d/msgid/swupdate/87932924-ac39-4886-9647-b63f0fef60c1n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages