{"id":2175909,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2175909/?format=json","project":{"id":58,"url":"http://patchwork.ozlabs.org/api/1.0/projects/58/?format=json","name":"swupdate development","link_name":"swupdate","list_id":"swupdate.googlegroups.com","list_email":"swupdate@googlegroups.com","web_url":"https://github.com/sbabic/swupdate","scm_url":"git://github.com/sbabic/swupdate","webscm_url":""},"msgid":"<20251219112215.103862-4-bage@debian.org>","date":"2025-12-19T11:21:58","name":"[3/5] crypto: Make the p11-kit based module a decrypt provider","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"894647510307845a954b7ddeffd691d2e9e3210f","submitter":{"id":84118,"url":"http://patchwork.ozlabs.org/api/1.0/people/84118/?format=json","name":"Bastian Germann","email":"bage@debian.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/swupdate/patch/20251219112215.103862-4-bage@debian.org/mbox/","series":[{"id":485984,"url":"http://patchwork.ozlabs.org/api/1.0/series/485984/?format=json","date":"2025-12-19T11:22:00","name":"pkcs11 decrypt provider based on p11-kit","version":1,"mbox":"http://patchwork.ozlabs.org/series/485984/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2175909/checks/","tags":{},"headers":{"Return-Path":"<swupdate+bncBCN5N5NJZ4BBB37KSTFAMGQEPOMXZWA@googlegroups.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=googlegroups.com header.i=@googlegroups.com\n header.a=rsa-sha256 header.s=20230601 header.b=PKZuqNG1;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com\n (client-ip=2a00:1450:4864:20::340; helo=mail-wm1-x340.google.com;\n envelope-from=swupdate+bncbcn5n5njz4bbb37kstfamgqepomxzwa@googlegroups.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from mail-wm1-x340.google.com (mail-wm1-x340.google.com\n [IPv6:2a00:1450:4864:20::340])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4dXlW967dDz1y3t\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 19 Dec 2025 22:22:28 +1100 (AEDT)","by mail-wm1-x340.google.com with SMTP id\n 5b1f17b1804b1-477a0ddd1d4sf16013265e9.0\n        for <incoming@patchwork.ozlabs.org>;\n Fri, 19 Dec 2025 03:22:28 -0800 (PST)","by 2002:a05:6000:144d:b0:42b:52c4:6640 with SMTP id\n ffacd0b85a97d-42fb2c86417ls5159187f8f.1.-pod-prod-05-eu; Fri, 19 Dec 2025\n 03:22:21 -0800 (PST)","from stravinsky.debian.org (stravinsky.debian.org.\n [2001:41b8:202:deb::311:108])\n        by gmr-mx.google.com with ESMTPS id\n ffacd0b85a97d-4324ea18f2fsi34454f8f.1.2025.12.19.03.22.20\n        for <swupdate@googlegroups.com>\n        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n        Fri, 19 Dec 2025 03:22:20 -0800 (PST)","from authenticated user\n\tby stravinsky.debian.org with esmtpsa\n (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)\n\t(Exim 4.94.2)\n\t(envelope-from <bage@debian.org>)\n\tid 1vWYYv-003BY1-0J; Fri, 19 Dec 2025 11:22:20 +0000"],"ARC-Seal":["i=2; a=rsa-sha256; t=1766143345; cv=pass;\n        d=google.com; s=arc-20240605;\n        b=Ysvc3+FZADd2xK/HZbBLWGiAGyRldIBUm6CSRHWMw24OrUeGlLzsXM1c2bkxmpZvfd\n         t/X8uH3JyqmYKOZtEOhLY/zG3Faiq5Fxt9SZqUio3sLcAW9Rcdy1vDOH9patllO3hp8A\n         GUq6oZOo17HvyMsdQh0EG4Q+3wAxJSHIzcVf5wR0xBu+SUVOs2zhKRTV/1zk85hCU0rU\n         8rroJO8jyvdUa6iSqd/kVZ4Ev/oiZF2uhWyE03e5y6ci6HLYSd8mmXSIoNiLKFH900D/\n         cUxl9ekwhK2LSupiUjCe0K3AGf7OZyghuqYOxfirS4l5X09O51bKSwc+iRovw2OmaFvz\n         ykGQ==","i=1; a=rsa-sha256; t=1766143340; cv=none;\n        d=google.com; s=arc-20240605;\n        b=NdPWEB5YQOAtW5Q/NhDN+LgPjAo8t5gmscDjJBlOWz8KhD4Ahg4uMKF7omkPWlZ2Qq\n         eclhL1aEFgyqe+vNXyKA6oJuZhn3jI6yLZisrYziiwYimN/FGpX37vJOqMNGbSG3zYZi\n         wVa1cvRhoOAy9GyPhf5Pdo6RYVw6V3oNnsvRXpSt05Z6Z3AfvngGLzoVXgXZ8xpEAsrH\n         +/72IprLJRAcetP+PdcxQ6Xg5ULHZFQDI48uITPwMOVTeVGPbfTLQQAcngKXBI9fKtyU\n         g94guq9Bsaz2u2Ol9mlNIVT7gukN+rACTi3jhHJJBNZdAASE5NKQsegqjsOgTA1c/lTj\n         Fx1Q=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n         :list-id:mailing-list:precedence:mime-version:references:in-reply-to\n         :message-id:date:subject:cc:to:from:sender:dkim-signature;\n        bh=bRmD8S2JGHlKU15cdn7xy3Zc/BWyJ6pLe9RKSU6ltyU=;\n        fh=PJ3X7swHq13FjcyENdy6A7Gl2W/Mk09QsM2lSmMatU0=;\n        b=f1UGV1z4XGV1Da1hOSm/ABWrQYvtCNtzGe+6bhZTQrm7FL8jU8s45oJGXCxRld/UJa\n         8oybN0NwRKIIPgyP3ZoTiJv0sXvir3jq1tZVYOnn/5pripXLaC6nNbp+G4nrAjKh5vGK\n         e6nDemIi2zLs+x0Cjh9xvbTnIxbNSv3AlI/yrK9tCv0mMwcWMzeeQIraPh+gtU98uHSo\n         AUUwbPjMD2jqpYdsx3fg29EjYlA96FrTORILrXZu5D4AsSwtRJ1S8CW8lQAp3JNdlfek\n         1Lv7F9JzeZHRRcb4smqk75miyUsYnkjCzeo0LR4NbKlV1vB09x/+jWw/uTiqV7RmiFN8\n         IlTw==;\n        darn=patchwork.ozlabs.org","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n        h=content-transfer-encoding:mime-version:references:in-reply-to\n         :message-id:date:subject:cc:to:from:dkim-signature;\n        bh=/AU2RJInUOkPRUBKJINDyayOQtfU9TM1/eAdVjkYlNo=;\n        fh=uhIbdHOwgcqt5kz5/YMvH8NrIswTHi9fiDBkOU8HgOo=;\n        b=Ni51s+CRqUYsSaFsQN7Q687nCNx5v41+P0Y+9mWOIxm6OJQbD1IqbE9RoZol6q+TvK\n         RVyVLi2gKSP55UJlnvtWCb1pOhUBdVkTuW8yd0sEqQbHksSUvfBEWy33M1MfRP0dCcet\n         ZSJzlAuUvf6ZW+YL7ru5inmP2CHpP7nXh38Dae9VtPUnzyiWdeXFV9E4nU/m4F5iArQM\n         Y3PiZvnbYF9a65ij+XefIZpGJQjTpib2/RA4R6d+GZLZN+h/tWf8/C8RWDzZxNdoajT3\n         TQDLBOd+V2m47DI7Fptq7+ddJiyo1YBT65C1FV8ITTgTGRJF8vMs71rnpB7LYhIUrCQ/\n         +gVg==;\n        dara=google.com"],"ARC-Authentication-Results":["i=2; gmr-mx.google.com;\n       dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky\n header.b=Z9xyIxPm;\n       spf=none (google.com: bage@debian.org does not designate permitted\n sender hosts) smtp.mailfrom=bage@debian.org","i=1; gmr-mx.google.com;\n       dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky\n header.b=Z9xyIxPm;\n       spf=none (google.com: bage@debian.org does not designate permitted\n sender hosts) smtp.mailfrom=bage@debian.org"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=googlegroups.com; s=20230601; t=1766143345; x=1766748145;\n darn=patchwork.ozlabs.org;\n        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n         :list-id:mailing-list:precedence:x-original-authentication-results\n         :x-original-sender:mime-version:references:in-reply-to:message-id\n         :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id\n         :reply-to;\n        bh=bRmD8S2JGHlKU15cdn7xy3Zc/BWyJ6pLe9RKSU6ltyU=;\n        b=PKZuqNG1q8WapcFqkpjbb7Ux2ClMTFvxekKxfjGtrADgUG+G5+jTft3unTJamJ2NwR\n         FlqlbnX6Dp0rXSeJgwfEDbKPkjuH5oaWZddo8mN+x5QnF9WSDbp6c+plhkm0fDrKfhnX\n         GTR7PtZO6ZObLc6K7lcONy0Ug329qnOTLJy5f90tJxIWJGdK3TRB9o953WadI2dt9hAT\n         y3NbZ1MWQiW9kt2SGvftI+gACAlUO/yU1DUsFNUrs1OEINwiQIzpuAIwiICEOeNeDo9b\n         g4q+bGc45xbype7L8FA6DRqRzmNgra1dYXMIaE0k7G+P9ZuY/BlclNul3G0V6kMQoJ7h\n         +VVQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20230601; t=1766143345; x=1766748145;\n        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n         :x-spam-checked-in-group:list-id:mailing-list:precedence\n         :x-original-authentication-results:x-original-sender:mime-version\n         :references:in-reply-to:message-id:date:subject:cc:to:from\n         :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date\n         :message-id:reply-to;\n        bh=bRmD8S2JGHlKU15cdn7xy3Zc/BWyJ6pLe9RKSU6ltyU=;\n        b=SX5iah/VsbnPXBdEpcbnAf0unJ9KnxcF3/HWYs7bQUPl+nSdddk806ayxEt3cafV4g\n         9EFU9YdYMMli+cwI0kC5iJr2F023zs99ZdwTPyeORdNT0yHSCj6HQEk2q4cmPdcwlJ9q\n         e3h5pPc382Xn33/MwZ2VRLg3F82/fvo6wLqCtS6XgzltcZ3wjN7bcat7u9LlWHwLtk0r\n         w6gMOBANyAUHEjYmH5HiRis7seHDxs4ARnCViZv4/Lge0eGPqnEkmqSirUshtxjqUgjf\n         4WFF/3VQJtEDsZ2NagESXxtorXPmq9jt48YPrt2dfMtpLsPdfDJKLwhhE4kOI21UolpM\n         /F9g==","Sender":"swupdate@googlegroups.com","X-Forwarded-Encrypted":"i=2;\n AJvYcCW3ZbFmBUYPegUExASnnwrxZqoXecOyHwZ3z9N3dUwnXjG293LIQ5m4XIoXommobOq2cIlXsY3WMg==@patchwork.ozlabs.org","X-Gm-Message-State":"AOJu0YwnhVengzcqfsRQxi8sSmJ4p1h94uMeT9lqPHgdnvMGejGNtiWT\n\tAVzIOQnlM35AKaFNNTtYOowmh/Qto50WY7C2HFdZVUiJloNGxNQNtIah","X-Google-Smtp-Source":"\n AGHT+IHE2CD9X88LMVyGPzDc0douW2H37ADR3LmdyzCntJC225q3Fq+VmDNHdgQvqXmpqmRS+kQb3g==","X-Received":["by 2002:a05:600c:310e:b0:479:2a3c:f31a with SMTP id\n 5b1f17b1804b1-47d1956eb70mr23481145e9.1.1766143345073;\n        Fri, 19 Dec 2025 03:22:25 -0800 (PST)","by 2002:a05:6000:1845:b0:430:f5ed:83e3 with SMTP id\n ffacd0b85a97d-4324e4c737bmr2171568f8f.6.1766143340720;\n        Fri, 19 Dec 2025 03:22:20 -0800 (PST)"],"X-BeenThere":"swupdate@googlegroups.com;\n h=\"AWVwgWaZsur4q6dH8X023aT9eE+2iss5jQ3Mi6X1vR2vuwCPnw==\"","Received-SPF":"none (google.com: bage@debian.org does not designate permitted\n sender hosts) client-ip=2001:41b8:202:deb::311:108;","From":"Bastian Germann <bage@debian.org>","To":"swupdate@googlegroups.com","Cc":"Bastian Germann <bage@debian.org>,\n\tzachar.matej@gmail.com","Subject":"[swupdate] [PATCH 3/5] crypto: Make the p11-kit based module a\n decrypt provider","Date":"Fri, 19 Dec 2025 12:21:58 +0100","Message-ID":"<20251219112215.103862-4-bage@debian.org>","X-Mailer":"git-send-email 2.51.0","In-Reply-To":"<20251219112215.103862-1-bage@debian.org>","References":"<20251219112215.103862-1-bage@debian.org>","MIME-Version":"1.0","X-Debian-User":"bage","X-Original-Sender":"bage@debian.org","X-Original-Authentication-Results":"gmr-mx.google.com;       dkim=pass\n header.i=@debian.org header.s=smtpauto.stravinsky header.b=Z9xyIxPm;\n       spf=none (google.com: bage@debian.org does not designate permitted\n sender hosts) smtp.mailfrom=bage@debian.org","Content-Type":"text/plain; charset=\"UTF-8\"","Precedence":"list","Mailing-list":"list swupdate@googlegroups.com;\n contact swupdate+owners@googlegroups.com","List-ID":"<swupdate.googlegroups.com>","X-Spam-Checked-In-Group":"swupdate@googlegroups.com","X-Google-Group-Id":"605343134186","List-Post":"<https://groups.google.com/group/swupdate/post>,\n <mailto:swupdate@googlegroups.com>","List-Help":"<https://groups.google.com/support/>,\n <mailto:swupdate+help@googlegroups.com>","List-Archive":"<https://groups.google.com/group/swupdate","List-Subscribe":"<https://groups.google.com/group/swupdate/subscribe>,\n <mailto:swupdate+subscribe@googlegroups.com>","List-Unsubscribe":"\n <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,\n <https://groups.google.com/group/swupdate/subscribe>"},"content":"Signed-off-by: Bastian Germann <bage@debian.org>\n---\n crypto/swupdate_decrypt_pkcs11_p11kit.c | 25 ++++++++++++++++++++-----\n 1 file changed, 20 insertions(+), 5 deletions(-)","diff":"diff --git a/crypto/swupdate_decrypt_pkcs11_p11kit.c b/crypto/swupdate_decrypt_pkcs11_p11kit.c\nindex f66426bc..429c397a 100644\n--- a/crypto/swupdate_decrypt_pkcs11_p11kit.c\n+++ b/crypto/swupdate_decrypt_pkcs11_p11kit.c\n@@ -13,6 +13,8 @@\n #include \"swupdate_pkcs11.h\"\n #include \"util.h\"\n \n+static swupdate_decrypt_lib pkcs11;\n+\n static CK_SLOT_ID find_slot(CK_FUNCTION_LIST_PTR module, P11KitUri *uri)\n {\n \tCK_RV rv;\n@@ -78,8 +80,8 @@ static CK_RV find_key(CK_FUNCTION_LIST_PTR module, CK_SESSION_HANDLE session,\n \treturn CKR_OK;\n }\n \n-struct pkcs11_digest *pkcs11_DECRYPT_init(unsigned char *uri,\n-\tchar __attribute__ ((__unused__)) keylen, unsigned char *iv, cipher_t cipher)\n+static void *pkcs11_DECRYPT_init(unsigned char *uri,\n+\tchar __attribute__ ((__unused__)) keylen, unsigned char *iv, cipher_t __attribute__ ((__unused__)) cipher)\n {\n \tstruct pkcs11_digest *dgst;\n \tCK_SLOT_ID slot_id;\n@@ -185,9 +187,10 @@ free_digest:\n \treturn NULL;\n }\n \n-int pkcs11_DECRYPT_update(struct pkcs11_digest *dgst, unsigned char *buf,\n+static int pkcs11_DECRYPT_update(void *ctx, unsigned char *buf,\n \tint *outlen, const unsigned char *cryptbuf, int inlen)\n {\n+\tstruct pkcs11_digest *dgst = (struct pkcs11_digest *)ctx;\n \t// precondition: len(buf) >= inlen + AES_BLK_SIZE\n \tunsigned long buf_len = inlen + AES_BLK_SIZE;\n \tCK_RV rv;\n@@ -224,8 +227,9 @@ int pkcs11_DECRYPT_update(struct pkcs11_digest *dgst, unsigned char *buf,\n \treturn 0;\n }\n \n-int pkcs11_DECRYPT_final(struct pkcs11_digest *dgst, unsigned char *buf, int *outlen)\n+static int pkcs11_DECRYPT_final(void *ctx, unsigned char *buf, int *outlen)\n {\n+\tstruct pkcs11_digest *dgst = (struct pkcs11_digest *)ctx;\n \tCK_RV rv;\n \tunsigned long extra_len = 0;\n \n@@ -270,8 +274,9 @@ int pkcs11_DECRYPT_final(struct pkcs11_digest *dgst, unsigned char *buf, int *ou\n \treturn 0;\n }\n \n-void pkcs11_DECRYPT_cleanup(struct pkcs11_digest *dgst)\n+static void pkcs11_DECRYPT_cleanup(void *ctx)\n {\n+\tstruct pkcs11_digest *dgst = (struct pkcs11_digest *)ctx;\n \tif (dgst) {\n \t\tif (dgst->uri)\n \t\t\tp11_kit_uri_free(dgst->uri);\n@@ -288,3 +293,13 @@ void pkcs11_DECRYPT_cleanup(struct pkcs11_digest *dgst)\n \t\tdgst = NULL;\n \t}\n }\n+\n+__attribute__((constructor))\n+static void pkcs11_probe(void)\n+{\n+\tpkcs11.DECRYPT_init = pkcs11_DECRYPT_init;\n+\tpkcs11.DECRYPT_update = pkcs11_DECRYPT_update;\n+\tpkcs11.DECRYPT_final = pkcs11_DECRYPT_final;\n+\tpkcs11.DECRYPT_cleanup = pkcs11_DECRYPT_cleanup;\n+\t(void)register_cryptolib(\"pkcs11\", &pkcs11);\n+}\n","prefixes":["3/5"]}