Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.0/patches/2175911/?format=api
{ "id": 2175911, "url": "http://patchwork.ozlabs.org/api/1.0/patches/2175911/?format=api", "project": { "id": 58, "url": "http://patchwork.ozlabs.org/api/1.0/projects/58/?format=api", "name": "swupdate development", "link_name": "swupdate", "list_id": "swupdate.googlegroups.com", "list_email": "swupdate@googlegroups.com", "web_url": "https://github.com/sbabic/swupdate", "scm_url": "git://github.com/sbabic/swupdate", "webscm_url": "" }, "msgid": "<20251219112215.103862-5-bage@debian.org>", "date": "2025-12-19T11:21:59", "name": "[4/5] crypto: Make WolfSSL decrypt provider non-PKCS#11", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "981f017cf291652df1fdf9652f7757626b41e1f0", "submitter": { "id": 84118, "url": "http://patchwork.ozlabs.org/api/1.0/people/84118/?format=api", "name": "Bastian Germann", "email": "bage@debian.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/swupdate/patch/20251219112215.103862-5-bage@debian.org/mbox/", "series": [ { "id": 485984, "url": "http://patchwork.ozlabs.org/api/1.0/series/485984/?format=api", "date": "2025-12-19T11:22:00", "name": "pkcs11 decrypt provider based on p11-kit", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/485984/mbox/" } ], "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2175911/checks/", "tags": {}, "headers": { "Return-Path": "<swupdate+bncBCN5N5NJZ4BBB4HKSTFAMGQENMY63PI@googlegroups.com>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=googlegroups.com header.i=@googlegroups.com\n header.a=rsa-sha256 header.s=20230601 header.b=suQzieMr;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com\n (client-ip=2a00:1450:4864:20::13d; helo=mail-lf1-x13d.google.com;\n envelope-from=swupdate+bncbcn5n5njz4bbb4hkstfamgqenmy63pi@googlegroups.com;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from mail-lf1-x13d.google.com (mail-lf1-x13d.google.com\n [IPv6:2a00:1450:4864:20::13d])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4dXlWB3z4lz1y3x\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 19 Dec 2025 22:22:30 +1100 (AEDT)", "by mail-lf1-x13d.google.com with SMTP id\n 2adb3069b0e04-597d5b80d55sf2109264e87.2\n for <incoming@patchwork.ozlabs.org>;\n Fri, 19 Dec 2025 03:22:30 -0800 (PST)", "by 2002:a05:6512:3d22:b0:598:ec8d:f528 with SMTP id\n 2adb3069b0e04-598fa4095ddls845008e87.2.-pod-prod-03-eu; Fri, 19 Dec 2025\n 03:22:22 -0800 (PST)", "from stravinsky.debian.org (stravinsky.debian.org.\n [2001:41b8:202:deb::311:108])\n by gmr-mx.google.com with ESMTPS id\n 2adb3069b0e04-59a186137b6si40408e87.5.2025.12.19.03.22.21\n for <swupdate@googlegroups.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 19 Dec 2025 03:22:21 -0800 (PST)", "from authenticated user\n\tby stravinsky.debian.org with esmtpsa\n (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)\n\t(Exim 4.94.2)\n\t(envelope-from <bage@debian.org>)\n\tid 1vWYYv-003BY6-I3; Fri, 19 Dec 2025 11:22:21 +0000" ], "ARC-Seal": [ "i=2; a=rsa-sha256; t=1766143347; cv=pass;\n d=google.com; s=arc-20240605;\n b=ZY8i/v7uA9uXodWebWg/RRCrdyi9HYcl0CCgkvteBVc3ueQqqGCtw54RpoMofyIUHS\n bchFXLDwOyBIyBwq/FkvlWX1RH/WChQSYIdrtqfqR+oZMHJPpGUO/Nb/O0hHPhniD+hC\n 4FPzpr383dNssNVdY5sRMPe6gAe8UBmY63CF2B9+79RfZQuhEO3mrZziBSy7jD36NsWe\n qjpyyiZDMI4MTp6Lg+YA8YCaSf0NTMy/qwHv/ihsODsaRzU2p7B2dB1UcrY4+6A4MelC\n ifXjNymDRbDcCvHFN0+guMq7ZzwwWDyqmqSkG+l40eAyjEKl/mjq4vvOUE4qKPC9chZe\n bWCA==", "i=1; a=rsa-sha256; t=1766143341; cv=none;\n d=google.com; s=arc-20240605;\n b=eys6PKjLaoUvN1O6ibBA5h9iAloGaeqqeQdvDOCqJhTO/ikm/ZfCLejC92aGQhy/ao\n WSyj96Hh0DujfZdmVWgn85mIxQNOxUUiILjgk6yGFNBgFE4Vi3m61EW7saqanF5Xe781\n gYezNjb05XQ7sw06KMq+ANMW5q4/SGgULJrK8mYFX6aDCXVAUTWelVcusfU7xF/tmu3H\n HbMXkrTYGaz6rn4xcovU7bQSFs3KAAyftEIOWGxI2SBjmVDV452pzZqiZzeHE9JRdJEa\n 09gTFJYhyFV6CzcDgbxLUA2JJ2ULJJDgNHURvjMLg9AnPNcoM1HSrs+bVOl+KXmNHhqE\n eAxg==" ], "ARC-Message-Signature": [ "i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n :list-id:mailing-list:precedence:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:sender:dkim-signature;\n bh=R4EOoD1KXDS8zME8VZwLa/rfkGBR9yDaEhsDEdGiq3Q=;\n fh=B1IxTyQWTDHKSavLt9y8JWuERTYe36ltwqqWyNqhG0U=;\n b=izXtEUGt80hVbBsaESfBOqNpEw/86rOS68kJEUqfviSAVBwH+ECxpXoHoUMtnu7aiV\n dAVoDeHSHxZF6oTcqNixRreNcz5lo95mUE1YdtxPex0cOQQTzk725st/+SI5EE3jM2ev\n z+YE5zLCiyJbjnLjpucVBoQKksS7ovd92VHeuqR/5YXlOplOG6wpUgI4oqfgyzGY6/Mv\n Ke302A3Ug9Uc7dGyjKtkg3vWl7skdA6pCZeqG9jn2oIFdxdZtfXHGxxq+WdEqueihnin\n EAqevsnWHof5+zlHENNfK2Ac5z4EmLkn6ptn0s879fSr0/pVwsnnPanlQQ1hH3kTjukv\n vN8A==;\n darn=patchwork.ozlabs.org", "i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:dkim-signature;\n bh=tDPSxrSt93thxrliLlOQS3V4RIRAjWpoSbfpwBxt/80=;\n fh=uhIbdHOwgcqt5kz5/YMvH8NrIswTHi9fiDBkOU8HgOo=;\n b=VQDOvosAUCL+SJo4IuolAY60MHjlc1rx0hB2FPGJ3wWD/xSHJMowoa9jam1iAXM4pJ\n vmZB7xTDqgIZujHZyWUqKTCsaLxN7jtH6VOWR8wHBsgP4HHCBaHeLMmG13l2EmRIRYHi\n mgtG552+Y8GMPE+PK5Ka5ei1t4KlHOW/y5ocq0kHAKNPOu9gxUjVDvSgPms862+kZUqG\n pmegZCyMhfrh+2ecN1f4o3Cpbx6r5rdZz1at7Yry1Y29o/sWNjsheaR4JQR2ZpeSKGZJ\n hQ2egEidQubgF0UrLhEBCuxSh5QumlCw1k/Bl5gFRzYyPLplUTCSvJFf2GFX2YZOB8BL\n 3KOw==;\n dara=google.com" ], "ARC-Authentication-Results": [ "i=2; gmr-mx.google.com;\n dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky\n header.b=TbaU1yhs;\n spf=none (google.com: bage@debian.org does not designate permitted\n sender hosts) smtp.mailfrom=bage@debian.org", "i=1; gmr-mx.google.com;\n dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky\n header.b=TbaU1yhs;\n spf=none (google.com: bage@debian.org does not designate permitted\n sender hosts) smtp.mailfrom=bage@debian.org" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=googlegroups.com; s=20230601; t=1766143347; x=1766748147;\n darn=patchwork.ozlabs.org;\n h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n :list-id:mailing-list:precedence:x-original-authentication-results\n :x-original-sender:mime-version:references:in-reply-to:message-id\n :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id\n :reply-to;\n bh=R4EOoD1KXDS8zME8VZwLa/rfkGBR9yDaEhsDEdGiq3Q=;\n b=suQzieMrsfOAzVk8qerDtk5jt66sps2sv6+hocLDXpZKVnpV9ZQ6JUA2mAr5ZmpqyB\n LbJupTcTioyx01c6p6w33Ftx36QqUVDPisnX1R03949mIx3WOBJGAROorkLcIW0Wb01c\n fkDbN7ps8V+SmH8EHozz4aCRiTctieucCLG/Khr1WZmWfpA977LjGNv24Z3vi1rhO2mv\n C1qKzZCEqfzkYH4kF4FRkje+eponeDxevYw0QkNsAuAJ7QkAEOXpD4IfNA3YmW27dFzb\n dSY5dZ5zSt8u5V0kRa4J0QijJTWUR1CioZvR0PDsJS1YG4CjjwgHi6PfrDgcOla7SaLr\n pUBw==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1766143347; x=1766748147;\n h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n :x-spam-checked-in-group:list-id:mailing-list:precedence\n :x-original-authentication-results:x-original-sender:mime-version\n :references:in-reply-to:message-id:date:subject:cc:to:from\n :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date\n :message-id:reply-to;\n bh=R4EOoD1KXDS8zME8VZwLa/rfkGBR9yDaEhsDEdGiq3Q=;\n b=lzAo4mCjPr0qHBz/h4FT+wMW/O84tMndlx4he+KZLHuccM6mw0lM8A6oYw4GRwus3s\n FmhS9cCDed2+vIWRNIFUhiK7dZ4BJlULiFwZ73lLAQIigpsLKBGrK65rm/o0yhrYoUCm\n Per4kNY65aH4PPE8kkNnEZzC9lIDmpxbTOU0eh9oBKkD/CI/DRHvaGTZlok8vnTgZ2vq\n zShgKwqAvMJZiHeK7pg3ekq3nJSENhGrXlnox5dtodNhssPBQRPV675ug8tEsE+RjkgA\n iu/FUxu9wpHFaKep9GN8PRXxEEgETJPUBWpoVVZ1KqhXYUughjElKS25I6n8YJUll3Vy\n OHIg==", "Sender": "swupdate@googlegroups.com", "X-Forwarded-Encrypted": "i=2;\n AJvYcCWltpM3OooDJQdzTJpKKxI44Hmj24SIMk3LN4d90hOHp1FGubiloTPl1X7f1EiDpfkJYtDG0IxPXA==@patchwork.ozlabs.org", "X-Gm-Message-State": "AOJu0Yw2D1HqyjBfFMvkxGIsFvDLaNThlvuZNKoFvvpgmLQcu2/d0HJf\n\tfe3uREm4Ok3oQ/J1ao9n3OzglQd2WPRugCc3mUFf3PeHgGS3o1WIi2KD", "X-Google-Smtp-Source": "\n AGHT+IFC9PMupX2y4C649Nr9b83M6a/Yn34JQhCerAnGgclEAAi0z5J4QqarzEW7ssBe5vXen4NIhw==", "X-Received": [ "by 2002:a05:6512:33ce:b0:598:eecb:c891 with SMTP id\n 2adb3069b0e04-59a17d5affemr975723e87.52.1766143346733;\n Fri, 19 Dec 2025 03:22:26 -0800 (PST)", "by 2002:a05:6512:8017:20b0:598:efa4:d7aa with SMTP id\n 2adb3069b0e04-59a17d58fcamr694657e87.51.1766143341699;\n Fri, 19 Dec 2025 03:22:21 -0800 (PST)" ], "X-BeenThere": "swupdate@googlegroups.com;\n h=\"AWVwgWZTFQeTbq1syyFR85UZIGuAHTdLCJCQ2mfb4+zcBgCZeg==\"", "Received-SPF": "none (google.com: bage@debian.org does not designate permitted\n sender hosts) client-ip=2001:41b8:202:deb::311:108;", "From": "Bastian Germann <bage@debian.org>", "To": "swupdate@googlegroups.com", "Cc": "Bastian Germann <bage@debian.org>,\n\tzachar.matej@gmail.com", "Subject": "[swupdate] [PATCH 4/5] crypto: Make WolfSSL decrypt provider\n non-PKCS#11", "Date": "Fri, 19 Dec 2025 12:21:59 +0100", "Message-ID": "<20251219112215.103862-5-bage@debian.org>", "X-Mailer": "git-send-email 2.51.0", "In-Reply-To": "<20251219112215.103862-1-bage@debian.org>", "References": "<20251219112215.103862-1-bage@debian.org>", "MIME-Version": "1.0", "X-Debian-User": "bage", "X-Original-Sender": "bage@debian.org", "X-Original-Authentication-Results": "gmr-mx.google.com; dkim=pass\n header.i=@debian.org header.s=smtpauto.stravinsky header.b=TbaU1yhs;\n spf=none (google.com: bage@debian.org does not designate permitted\n sender hosts) smtp.mailfrom=bage@debian.org", "Content-Type": "text/plain; charset=\"UTF-8\"", "Precedence": "list", "Mailing-list": "list swupdate@googlegroups.com;\n contact swupdate+owners@googlegroups.com", "List-ID": "<swupdate.googlegroups.com>", "X-Spam-Checked-In-Group": "swupdate@googlegroups.com", "X-Google-Group-Id": "605343134186", "List-Post": "<https://groups.google.com/group/swupdate/post>,\n <mailto:swupdate@googlegroups.com>", "List-Help": "<https://groups.google.com/support/>,\n <mailto:swupdate+help@googlegroups.com>", "List-Archive": "<https://groups.google.com/group/swupdate", "List-Subscribe": "<https://groups.google.com/group/swupdate/subscribe>,\n <mailto:swupdate+subscribe@googlegroups.com>", "List-Unsubscribe": "\n <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,\n <https://groups.google.com/group/swupdate/subscribe>" }, "content": "The WolfSSL decrypt provider offers AES decryption via file-based\nkeys now by including the corresponding openssl module similar to\nswupdate_HASH_wolfssl.\n\nAlign the name (previously lowercase) with the other WolfSSL providers.\n\nSigned-off-by: Bastian Germann <bage@debian.org>\n---\n crypto/swupdate_decrypt_openssl.c | 5 +-\n crypto/swupdate_decrypt_wolfssl.c | 211 ++----------------------------\n crypto/swupdate_wolfssl.h | 20 +--\n 3 files changed, 14 insertions(+), 222 deletions(-)", "diff": "diff --git a/crypto/swupdate_decrypt_openssl.c b/crypto/swupdate_decrypt_openssl.c\nindex e6ea3ffd..5edf150f 100644\n--- a/crypto/swupdate_decrypt_openssl.c\n+++ b/crypto/swupdate_decrypt_openssl.c\n@@ -13,12 +13,13 @@\n #include <stdbool.h>\n #include <unistd.h>\n #include \"swupdate.h\"\n+#if !defined(NO_INCLUDE_OPENSSL)\n+#define MODNAME\t\"opensslAES\"\n #include \"swupdate_openssl.h\"\n+#endif\n #include \"util.h\"\n #include \"swupdate_crypto.h\"\n \n-#define MODNAME\t\"opensslAES\"\n-\n static void openssl_probe(void);\n \n static swupdate_decrypt_lib openssl;\ndiff --git a/crypto/swupdate_decrypt_wolfssl.c b/crypto/swupdate_decrypt_wolfssl.c\nindex 015fcd3c..0ecc953f 100644\n--- a/crypto/swupdate_decrypt_wolfssl.c\n+++ b/crypto/swupdate_decrypt_wolfssl.c\n@@ -1,212 +1,19 @@\n /*\n- * (C) Copyright 2020, Linutronix GmbH\n- * Author: Bastian Germann\n+ * (C) Copyright 2024\n+ * Stefano Babic, stefano.babic@swupdate.org.\n *\n * SPDX-License-Identifier: GPL-2.0-only\n */\n \n-#include <errno.h>\n-#include <stdio.h>\n-#include <stdlib.h>\n-#include <string.h>\n+\n #include \"swupdate.h\"\n #include \"swupdate_wolfssl.h\"\n-#include \"util.h\"\n-#include <wolfssl/wolfcrypt/error-crypt.h>\n-#include <wolfssl/wolfcrypt/logging.h>\n-#include \"swupdate_crypto.h\"\n-\n-static swupdate_decrypt_lib wolfssl;\n-\n-#ifdef DEBUG_WOLFSSL\n-static void wolfssl_debug(int __attribute__ ((__unused__)) level, const char *const msg)\n-{\n-\tDEBUG(\"%s\", msg);\n-}\n-#endif\n-\n-static void *wolfssl_DECRYPT_init(unsigned char *key,\n-\t\t\t\t\tchar __attribute__ ((__unused__)) keylen, unsigned char *iv,\n-\t\t\t\t\tcipher_t cipher)\n-{\n-\tstruct wolfssl_digest *dgst;\n-\tconst char *library;\n-\tconst char *pin;\n-\tconst char *msg;\n-\tCK_ATTRIBUTE_PTR key_id;\n-\tint slot_id;\n-\tint err = 0;\n-\tint dev_id = 1;\n-\n-\tconst char *uri = (const char *)key;\n-\tif ((uri == NULL) || (iv == NULL)) {\n-\t\tERROR(\"PKCS#11 URI or AES IV missing for decryption!\");\n-\t\treturn NULL;\n-\t}\n-\n-\t/* Temporary to remove warning */\n-\tcipher = cipher;\n-\n-\tdgst = calloc(1, sizeof(*dgst));\n-\tif (!dgst) {\n-\t\treturn NULL;\n-\t}\n-\n-\tdgst->p11uri = p11_kit_uri_new();\n-\terr = p11_kit_uri_parse(uri, P11_KIT_URI_FOR_ANY, dgst->p11uri);\n-\tif (err) {\n-\t\tmsg = p11_kit_uri_message(err);\n-\t\tERROR(\"PKCS#11 URI: %s\", msg);\n-\t\tfree(dgst);\n-\t\treturn NULL;\n-\t}\n-\n-\tslot_id = p11_kit_uri_get_slot_id(dgst->p11uri);\n-\tkey_id = p11_kit_uri_get_attribute(dgst->p11uri, CKA_ID);\n-\tpin = p11_kit_uri_get_pin_value(dgst->p11uri);\n-\tlibrary = p11_kit_uri_get_module_path(dgst->p11uri);\n-\tif (slot_id == -1 || key_id == NULL || pin == NULL || library == NULL) {\n-\t\tERROR(\"PKCS#11 URI must contain slot-id, id, pin-value, and module-path.\");\n-\t\tgoto err_free;\n-\t}\n-\n-\t// Set up a valid PKCS#7 block plus one state octet\n-\tfor (int i = 0; i <= AES_BLK_SIZE; i++) {\n-\t\tdgst->last_decr[i] = AES_BLK_SIZE;\n-\t}\n-\n-#ifdef DEBUG_WOLFSSL\n-\twolfSSL_SetLoggingCb(wolfssl_debug);\n-\twolfSSL_Debugging_ON();\n-#endif\n-\twolfCrypt_Init();\n-\terr = wc_Pkcs11_Initialize(&dgst->pkdev, library, NULL);\n-\tif (err)\n-\t\tgoto err_msg;\n-\n-\terr = wc_Pkcs11Token_Init(&dgst->pktoken, &dgst->pkdev, slot_id,\n-\t\t\t\t\t\"unspecified\", (unsigned char *)pin, strlen(pin));\n-\tif (err)\n-\t\tgoto err_msg;\n-\n-\terr = wc_Pkcs11Token_Open(&dgst->pktoken, 0);\n-\tif (err)\n-\t\tgoto err_msg;\n-\n-\terr = wc_CryptoCb_RegisterDevice(dev_id, wc_Pkcs11_CryptoDevCb, &dgst->pktoken);\n-\tif (err)\n-\t\tgoto err_msg;\n-\n-\terr = wc_AesInit_Id(&dgst->ctxdec, key_id->pValue, key_id->ulValueLen, NULL, dev_id);\n-\tif (err)\n-\t\tgoto err_msg;\n-\n-\terr = wc_AesSetIV(&dgst->ctxdec, iv);\n-\tif (err)\n-\t\tgoto err_msg;\n-\n-\tINFO(\"PKCS#11 key set up successfully.\");\n-\treturn dgst;\n \n-err_msg:\n-\tmsg = wc_GetErrorString(err);\n-\tERROR(\"PKCS#11 initialization failed: %s\", msg);\n-\n-err_free:\n-\twc_Pkcs11Token_Final(&dgst->pktoken);\n-\twc_Pkcs11_Finalize(&dgst->pkdev);\n-\n-\tp11_kit_uri_free(dgst->p11uri);\n-\tfree(dgst);\n-\n-\treturn NULL;\n-}\n-\n-static int wolfssl_DECRYPT_update(void *ctx, unsigned char *buf,\n-\t\t\t\tint *outlen, const unsigned char *cryptbuf, int inlen)\n-{\n-\tstruct wolfssl_digest *dgst = (struct wolfssl_digest *)ctx;\n-\t// precondition: len(buf) >= inlen + AES_BLK_SIZE\n-\tunsigned char *pad_buf = &buf[AES_BLK_SIZE];\n-\tconst char *msg;\n-\tint err;\n-\tint one_off_sz = inlen - AES_BLK_SIZE;\n-\n-\tif (inlen < AES_BLK_SIZE)\n-\t\treturn -EFAULT;\n-\n-\tif (dgst->last_decr[AES_BLK_SIZE]) {\n-\t\t// This is for the first decryption operation\n-\t\tpad_buf = buf;\n-\t\tdgst->last_decr[AES_BLK_SIZE] = 0;\n-\t\t*outlen = one_off_sz;\n-\t} else {\n-\t\tmemcpy(buf, dgst->last_decr, AES_BLK_SIZE);\n-\t\t*outlen = inlen;\n-\t}\n-\n-\terr = wc_AesCbcDecrypt(&dgst->ctxdec, pad_buf, cryptbuf, inlen);\n-\tif (err) {\n-\t\tmsg = wc_GetErrorString(err);\n-\t\tERROR(\"PKCS#11 AES decryption failed: %s\", msg);\n-\t\treturn -EFAULT;\n-\t}\n-\t// Remember the last decrypted block which might contain padding\n-\tmemcpy(dgst->last_decr, &pad_buf[one_off_sz], AES_BLK_SIZE);\n-\n-\twc_AesSetIV(&dgst->ctxdec, &cryptbuf[one_off_sz]);\n-\n-\treturn 0;\n-}\n-\n-// Gets rid of PKCS#7 padding\n-static int wolfssl_DECRYPT_final(void *ctx, unsigned char *buf, int *outlen)\n-{\n-\tstruct wolfssl_digest *dgst = (struct wolfssl_digest *)ctx;\n-\tunsigned char last_oct = dgst->last_decr[AES_BLK_SIZE - 1];\n-\tif (last_oct > AES_BLK_SIZE || last_oct == 0) {\n-#ifndef CONFIG_ENCRYPTED_IMAGES_HARDEN_LOGGING\n-\t\tERROR(\"AES: Invalid PKCS#7 padding.\");\n-#endif\n-\t\treturn -EFAULT;\n-\t}\n-\n-\tfor (int i = 2; i <= last_oct; i++) {\n-\t\tif (dgst->last_decr[AES_BLK_SIZE - i] != last_oct) {\n-#ifndef CONFIG_ENCRYPTED_IMAGES_HARDEN_LOGGING\n-\t\t\tERROR(\"AES: Invalid PKCS#7 padding.\");\n-#endif\n-\t\t\treturn -EFAULT;\n-\t\t}\n-\t}\n-\n-\t*outlen = AES_BLK_SIZE - last_oct;\n-\tmemcpy(buf, dgst->last_decr, *outlen);\n-\n-\treturn 0;\n-}\n-\n-static void wolfssl_DECRYPT_cleanup(void *ctx)\n-{\n-\tstruct wolfssl_digest *dgst = (struct wolfssl_digest *)ctx;\n-\tif (dgst) {\n-\t\twc_Pkcs11Token_Final(&dgst->pktoken);\n-\t\twc_Pkcs11_Finalize(&dgst->pkdev);\n-\t\tp11_kit_uri_free(dgst->p11uri);\n-\n-\t\tfree(dgst);\n-\t\tdgst = NULL;\n-\t}\n+/*\n+ * Switch to WolfSSL in module\n+ */\n+#define NO_INCLUDE_OPENSSL\n+#define MODNAME\t\"WolfSSL\"\n \n-\twolfCrypt_Cleanup();\n-}\n+#include \"swupdate_decrypt_openssl.c\"\n \n-__attribute__((constructor))\n-static void wolfssl_probe(void)\n-{\n-\twolfssl.DECRYPT_init = wolfssl_DECRYPT_init;\n-\twolfssl.DECRYPT_update = wolfssl_DECRYPT_update;\n-\twolfssl.DECRYPT_final = wolfssl_DECRYPT_final;\n-\twolfssl.DECRYPT_cleanup = wolfssl_DECRYPT_cleanup;\n-\t(void)register_cryptolib(\"wolfssl\", &wolfssl);\n-}\ndiff --git a/crypto/swupdate_wolfssl.h b/crypto/swupdate_wolfssl.h\nindex 00f18714..73e4c57e 100644\n--- a/crypto/swupdate_wolfssl.h\n+++ b/crypto/swupdate_wolfssl.h\n@@ -10,16 +10,6 @@\n #include <stdint.h>\n #include \"util.h\"\n \n-#ifdef CONFIG_PKCS11\n-#include <wolfssl/options.h>\n-#include <wolfssl/ssl.h>\n-#include <wolfssl/wolfcrypt/aes.h>\n-#include <wolfssl/wolfcrypt/wc_pkcs11.h>\n-// Exclude p11-kit's pkcs11.h to prevent conflicting with wolfssl's\n-#define PKCS11_H 1\n-#include <p11-kit/uri.h>\n-#endif\n-\n #include <wolfssl/options.h>\n #include <wolfssl/ssl.h>\n #include <wolfssl/openssl/bio.h>\n@@ -34,7 +24,7 @@\n #include <wolfssl/openssl/opensslv.h>\n #include <wolfssl/openssl/pkcs7.h>\n \n-#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) (1)\n+#define SSL_GET_CTXDEC(dgst) dgst->ctxdec\n \n #define X509_PURPOSE_CODE_SIGN EXTKEYUSE_CODESIGN\n #define SSL_PURPOSE_EMAIL_PROT EXTKEYUSE_EMAILPROT\n@@ -46,11 +36,5 @@ struct wolfssl_digest {\n \tEVP_PKEY_CTX *ckey;\t/* this is used for RSA key */\n \tX509_STORE *certs;\t/* this is used if CMS is set */\n \tEVP_MD_CTX *ctx;\n-#ifdef CONFIG_PKCS11\n-\tunsigned char last_decr[AES_BLOCK_SIZE + 1];\n-\tP11KitUri *p11uri;\n-\tAes ctxdec;\n-\tPkcs11Dev pkdev;\n-\tPkcs11Token pktoken;\n-#endif\n+\tEVP_CIPHER_CTX *ctxdec;\n };\n", "prefixes": [ "4/5" ] }