[PATCH 06/41] Move openssl HASH functions in an own module
3 views
Skip to first unread message
Stefano Babic
Jul 22, 2025, 2:00:34 AM7/22/25
to swup...@googlegroups.com, Stefano Babic
This is to prepare support for multiple cryptolibraries. HASH function
can be registered independently from other ones like decryption.
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/Makefile | 2 +-
crypto/swupdate_HASH_openssl.c | 119 +++++++++++++++++++++++++++++++++
crypto/verify_signature.c | 91 -------------------------
3 files changed, 120 insertions(+), 92 deletions(-)
create mode 100644 crypto/swupdate_HASH_openssl.c
diff --git a/crypto/Makefile b/crypto/Makefile
index 6ee3b4d0..a96bf0ce 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-2.0-only
ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
-obj-$(CONFIG_HASH_VERIFY) += verify_signature.o
+obj-$(CONFIG_HASH_VERIFY) += verify_signature.o swupdate_HASH_openssl.o
ifeq ($(CONFIG_PKCS11),y)
obj-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt_pkcs11.o
else
diff --git a/crypto/swupdate_HASH_openssl.c b/crypto/swupdate_HASH_openssl.c
new file mode 100644
index 00000000..8da9d1bc
--- /dev/null
+++ b/crypto/swupdate_HASH_openssl.c
@@ -0,0 +1,119 @@
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefan...@swupdate.org.
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ *
+ * Code mostly taken from openssl examples
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+#include "swupdate.h"
+#include "sslapi.h"
+#include "util.h"
+#include "compat.h"
+#include "swupdate_crypto.h"
+
+static swupdate_HASH_lib hash;
+
+static int dgst_init(struct swupdate_digest *dgst, const EVP_MD *md)
+{
+ int rc;
+
+ ERR_clear_error();
+ rc = EVP_DigestInit_ex(dgst->ctx, md, NULL);
+ if (rc != 1) {
+ ERROR("EVP_DigestInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
+ return -EINVAL; /* failed */
+ }
+
+ return 0;
+}
+
+static struct swupdate_digest *openssl_HASH_init(const char *SHAlength)
+{
+ struct swupdate_digest *dgst;
+ const EVP_MD *md;
+ int ret;
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ return NULL;
+ }
+
+ if ((!SHAlength) || strcmp(SHAlength, "sha1"))
+ md = EVP_sha256();
+ else
+ md = EVP_sha1();
+
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ free(dgst);
+ return NULL;
+ }
+
+ ret = dgst_init(dgst, md);
+ if (ret) {
+ free(dgst);
+ return NULL;
+ }
+
+ return dgst;
+}
+
+static int openssl_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
+ size_t len)
+{
+ if (!dgst)
+ return -EFAULT;
+
+ if (EVP_DigestUpdate (dgst->ctx, buf, len) != 1)
+ return -EIO;
+
+ return 0;
+}
+
+static int openssl_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
+ unsigned int *md_len)
+{
+ if (!dgst)
+ return -EFAULT;
+
+ return EVP_DigestFinal_ex (dgst->ctx, md_value, md_len);
+
+}
+
+static void openssl_HASH_cleanup(struct swupdate_digest *dgst)
+{
+ if (dgst) {
+ EVP_MD_CTX_destroy(dgst->ctx);
+ free(dgst);
+ dgst = NULL;
+ }
+}
+
+static int openssl_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
+{
+ int i;
+
+ for (i = 0; i < SHA256_HASH_LENGTH; i++)
+ if (hash1[i] != hash2[i])
+ return -1;
+
+ return 0;
+}
+
+__attribute__((constructor))
+static void openssl_hash(void)
+{
+ hash.HASH_init = openssl_HASH_init;
+ hash.HASH_update = openssl_HASH_update;
+ hash.HASH_final = openssl_HASH_final;
+ hash.HASH_compare = openssl_HASH_compare;
+ hash.HASH_cleanup = openssl_HASH_cleanup;
+ (void)register_hashlib("opensslHASH", &hash);
+}
diff --git a/crypto/verify_signature.c b/crypto/verify_signature.c
index def7d0ff..1d841a23 100644
--- a/crypto/verify_signature.c
+++ b/crypto/verify_signature.c
@@ -17,97 +17,6 @@
#include "compat.h"
#include "swupdate_verify_private.h"
-static int dgst_init(struct swupdate_digest *dgst, const EVP_MD *md)
-{
- int rc;
-
- ERR_clear_error();
- rc = EVP_DigestInit_ex(dgst->ctx, md, NULL);
- if (rc != 1) {
- ERROR("EVP_DigestInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
- return -EINVAL; /* failed */
- }
-
- return 0;
-}
-
-struct swupdate_digest *swupdate_HASH_init(const char *SHAlength)
-{
- struct swupdate_digest *dgst;
- const EVP_MD *md;
- int ret;
-
- dgst = calloc(1, sizeof(*dgst));
- if (!dgst) {
- return NULL;
- }
-
- if ((!SHAlength) || strcmp(SHAlength, "sha1"))
- md = EVP_sha256();
- else
- md = EVP_sha1();
-
- dgst->ctx = EVP_MD_CTX_create();
- if(dgst->ctx == NULL) {
- ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
- free(dgst);
- return NULL;
- }
-
- ret = dgst_init(dgst, md);
- if (ret) {
- free(dgst);
- return NULL;
- }
-
- return dgst;
-}
-
-int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
- size_t len)
-{
- if (!dgst)
- return -EFAULT;
-
- if (EVP_DigestUpdate (dgst->ctx, buf, len) != 1)
- return -EIO;
-
- return 0;
-}
-
-int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
- unsigned int *md_len)
-{
- if (!dgst)
- return -EFAULT;
-
- return EVP_DigestFinal_ex (dgst->ctx, md_value, md_len);
-
-}
-
-void swupdate_HASH_cleanup(struct swupdate_digest *dgst)
-{
- if (dgst) {
- EVP_MD_CTX_destroy(dgst->ctx);
- free(dgst);
- dgst = NULL;
- }
-}
-
-/*
- * Just a wrap function to memcmp
- */
-int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
-{
- int i;
-
- for (i = 0; i < SHA256_HASH_LENGTH; i++)
- if (hash1[i] != hash2[i])
- return -1;
-
- return 0;
-}
-
int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
{
struct swupdate_digest *dgst;
--
2.43.0
can be registered independently from other ones like decryption.
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/Makefile | 2 +-
crypto/swupdate_HASH_openssl.c | 119 +++++++++++++++++++++++++++++++++
crypto/verify_signature.c | 91 -------------------------
3 files changed, 120 insertions(+), 92 deletions(-)
create mode 100644 crypto/swupdate_HASH_openssl.c
diff --git a/crypto/Makefile b/crypto/Makefile
index 6ee3b4d0..a96bf0ce 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-2.0-only
ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
-obj-$(CONFIG_HASH_VERIFY) += verify_signature.o
+obj-$(CONFIG_HASH_VERIFY) += verify_signature.o swupdate_HASH_openssl.o
ifeq ($(CONFIG_PKCS11),y)
obj-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt_pkcs11.o
else
diff --git a/crypto/swupdate_HASH_openssl.c b/crypto/swupdate_HASH_openssl.c
new file mode 100644
index 00000000..8da9d1bc
--- /dev/null
+++ b/crypto/swupdate_HASH_openssl.c
@@ -0,0 +1,119 @@
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefan...@swupdate.org.
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ *
+ * Code mostly taken from openssl examples
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+#include "swupdate.h"
+#include "sslapi.h"
+#include "util.h"
+#include "compat.h"
+#include "swupdate_crypto.h"
+
+static swupdate_HASH_lib hash;
+
+static int dgst_init(struct swupdate_digest *dgst, const EVP_MD *md)
+{
+ int rc;
+
+ ERR_clear_error();
+ rc = EVP_DigestInit_ex(dgst->ctx, md, NULL);
+ if (rc != 1) {
+ ERROR("EVP_DigestInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
+ return -EINVAL; /* failed */
+ }
+
+ return 0;
+}
+
+static struct swupdate_digest *openssl_HASH_init(const char *SHAlength)
+{
+ struct swupdate_digest *dgst;
+ const EVP_MD *md;
+ int ret;
+
+ dgst = calloc(1, sizeof(*dgst));
+ if (!dgst) {
+ return NULL;
+ }
+
+ if ((!SHAlength) || strcmp(SHAlength, "sha1"))
+ md = EVP_sha256();
+ else
+ md = EVP_sha1();
+
+ dgst->ctx = EVP_MD_CTX_create();
+ if(dgst->ctx == NULL) {
+ ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
+ free(dgst);
+ return NULL;
+ }
+
+ ret = dgst_init(dgst, md);
+ if (ret) {
+ free(dgst);
+ return NULL;
+ }
+
+ return dgst;
+}
+
+static int openssl_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
+ size_t len)
+{
+ if (!dgst)
+ return -EFAULT;
+
+ if (EVP_DigestUpdate (dgst->ctx, buf, len) != 1)
+ return -EIO;
+
+ return 0;
+}
+
+static int openssl_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
+ unsigned int *md_len)
+{
+ if (!dgst)
+ return -EFAULT;
+
+ return EVP_DigestFinal_ex (dgst->ctx, md_value, md_len);
+
+}
+
+static void openssl_HASH_cleanup(struct swupdate_digest *dgst)
+{
+ if (dgst) {
+ EVP_MD_CTX_destroy(dgst->ctx);
+ free(dgst);
+ dgst = NULL;
+ }
+}
+
+static int openssl_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
+{
+ int i;
+
+ for (i = 0; i < SHA256_HASH_LENGTH; i++)
+ if (hash1[i] != hash2[i])
+ return -1;
+
+ return 0;
+}
+
+__attribute__((constructor))
+static void openssl_hash(void)
+{
+ hash.HASH_init = openssl_HASH_init;
+ hash.HASH_update = openssl_HASH_update;
+ hash.HASH_final = openssl_HASH_final;
+ hash.HASH_compare = openssl_HASH_compare;
+ hash.HASH_cleanup = openssl_HASH_cleanup;
+ (void)register_hashlib("opensslHASH", &hash);
+}
diff --git a/crypto/verify_signature.c b/crypto/verify_signature.c
index def7d0ff..1d841a23 100644
--- a/crypto/verify_signature.c
+++ b/crypto/verify_signature.c
@@ -17,97 +17,6 @@
#include "compat.h"
#include "swupdate_verify_private.h"
-static int dgst_init(struct swupdate_digest *dgst, const EVP_MD *md)
-{
- int rc;
-
- ERR_clear_error();
- rc = EVP_DigestInit_ex(dgst->ctx, md, NULL);
- if (rc != 1) {
- ERROR("EVP_DigestInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL));
- return -EINVAL; /* failed */
- }
-
- return 0;
-}
-
-struct swupdate_digest *swupdate_HASH_init(const char *SHAlength)
-{
- struct swupdate_digest *dgst;
- const EVP_MD *md;
- int ret;
-
- dgst = calloc(1, sizeof(*dgst));
- if (!dgst) {
- return NULL;
- }
-
- if ((!SHAlength) || strcmp(SHAlength, "sha1"))
- md = EVP_sha256();
- else
- md = EVP_sha1();
-
- dgst->ctx = EVP_MD_CTX_create();
- if(dgst->ctx == NULL) {
- ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
- free(dgst);
- return NULL;
- }
-
- ret = dgst_init(dgst, md);
- if (ret) {
- free(dgst);
- return NULL;
- }
-
- return dgst;
-}
-
-int swupdate_HASH_update(struct swupdate_digest *dgst, const unsigned char *buf,
- size_t len)
-{
- if (!dgst)
- return -EFAULT;
-
- if (EVP_DigestUpdate (dgst->ctx, buf, len) != 1)
- return -EIO;
-
- return 0;
-}
-
-int swupdate_HASH_final(struct swupdate_digest *dgst, unsigned char *md_value,
- unsigned int *md_len)
-{
- if (!dgst)
- return -EFAULT;
-
- return EVP_DigestFinal_ex (dgst->ctx, md_value, md_len);
-
-}
-
-void swupdate_HASH_cleanup(struct swupdate_digest *dgst)
-{
- if (dgst) {
- EVP_MD_CTX_destroy(dgst->ctx);
- free(dgst);
- dgst = NULL;
- }
-}
-
-/*
- * Just a wrap function to memcmp
- */
-int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2)
-{
- int i;
-
- for (i = 0; i < SHA256_HASH_LENGTH; i++)
- if (hash1[i] != hash2[i])
- return -1;
-
- return 0;
-}
-
int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
{
struct swupdate_digest *dgst;
--
2.43.0
Stefano Babic
Jul 24, 2025, 9:21:30 AM7/24/25
to swup...@googlegroups.com, Stefano Babic, Michael Glembotzki
This is to prepare support for multiple cryptolibraries. HASH function
can be registered independently from other ones like decryption.
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Tested-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
can be registered independently from other ones like decryption.
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
Reply all
Reply to author
Forward
0 new messages