diff mbox series

crypto: Add WolfSSLRSA[PSS] providers

Message ID 20260115171130.112460-1-bage@debian.org
State Accepted
Headers show
Series crypto: Add WolfSSLRSA[PSS] providers | expand

Commit Message

Bastian Germann Jan. 15, 2026, 5:11 p.m. UTC 
When the crypto framework was restructured the wolfSSL implementation
lost the ability to provide RSA decryption. Add the RSA and RSAPSS
flavors similar to swupdate_HASH_wolfssl.

The Kconfig symbols still depend on SSL_IMPL_WOLFSSL.

Signed-off-by: Bastian Germann <bage@debian.org>
---
 crypto/Makefile                      |  2 ++
 crypto/swupdate_rsa_verify_openssl.c |  7 ++++---
 crypto/swupdate_rsa_verify_wolfssl.c | 24 ++++++++++++++++++++++++
 3 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100644 crypto/swupdate_rsa_verify_wolfssl.c

Comments

Stefano Babic Jan. 27, 2026, 1:38 p.m. UTC | #1 
Hi Bastian,

On 1/15/26 18:11, Bastian Germann wrote:
> When the crypto framework was restructured the wolfSSL implementation
> lost the ability to provide RSA decryption. Add the RSA and RSAPSS
> flavors similar to swupdate_HASH_wolfssl.
> 
> The Kconfig symbols still depend on SSL_IMPL_WOLFSSL.
> 
> Signed-off-by: Bastian Germann <bage@debian.org>
> ---
>   crypto/Makefile                      |  2 ++
>   crypto/swupdate_rsa_verify_openssl.c |  7 ++++---
>   crypto/swupdate_rsa_verify_wolfssl.c | 24 ++++++++++++++++++++++++
>   3 files changed, 30 insertions(+), 3 deletions(-)
>   create mode 100644 crypto/swupdate_rsa_verify_wolfssl.c
> 
> diff --git a/crypto/Makefile b/crypto/Makefile
> index b591ff57..58952c10 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -13,6 +13,8 @@ endif
>   
>   ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
>   obj-$(CONFIG_HASH_VERIFY)	+= swupdate_HASH_wolfssl.o
> +obj-$(CONFIG_SIGALG_RAWRSA)	+= swupdate_rsa_verify_wolfssl.o
> +obj-$(CONFIG_SIGALG_RSAPSS)	+= swupdate_rsa_verify_wolfssl.o
>   obj-$(CONFIG_SIGALG_CMS)	+= swupdate_pkcs7_verify_wolfssl.o
>   obj-$(CONFIG_ENCRYPTED_IMAGES)	+= swupdate_decrypt_wolfssl.o
>   endif
> diff --git a/crypto/swupdate_rsa_verify_openssl.c b/crypto/swupdate_rsa_verify_openssl.c
> index 8ac52d0d..2e02eec1 100644
> --- a/crypto/swupdate_rsa_verify_openssl.c
> +++ b/crypto/swupdate_rsa_verify_openssl.c
> @@ -14,12 +14,13 @@
>   #include "swupdate.h"
>   #include "util.h"
>   #include "swupdate_crypto.h"
> +#if !defined(NO_INCLUDE_OPENSSL)
>   #include "swupdate_openssl.h"
> -
> -#define BUFSIZE	(1024 * 8)
> -
>   #define MODNAME	"opensslRSA"
>   #define MODNAME_PSS	"opensslRSAPSS"
> +#endif
> +
> +#define BUFSIZE	(1024 * 8)
>   
>   static swupdate_dgst_lib	libs;
>   
> diff --git a/crypto/swupdate_rsa_verify_wolfssl.c b/crypto/swupdate_rsa_verify_wolfssl.c
> new file mode 100644
> index 00000000..f41a342a
> --- /dev/null
> +++ b/crypto/swupdate_rsa_verify_wolfssl.c
> @@ -0,0 +1,24 @@
> +/*
> + * (C) Copyright 2024
> + * Stefano Babic, stefano.babic@swupdate.org.
> + *
> + * SPDX-License-Identifier:     GPL-2.0-only
> + */
> +
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <stdbool.h>
> +#include "swupdate.h"
> +#include "swupdate_wolfssl.h"
> +
> +/*
> + * Switch to WolfSSL in module
> + */
> +#define NO_INCLUDE_OPENSSL
> +#define MODNAME	"WolfSSLRSA"
> +#define MODNAME_PSS	"WolfSSLRSAPSS"
> +
> +#include "swupdate_rsa_verify_openssl.c"
> +
> 

Applied to -master, thanks !

Best regards,
Stefano Babic
diff mbox series

Patch

diff --git a/crypto/Makefile b/crypto/Makefile
index b591ff57..58952c10 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -13,6 +13,8 @@  endif
 
 ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
 obj-$(CONFIG_HASH_VERIFY)	+= swupdate_HASH_wolfssl.o
+obj-$(CONFIG_SIGALG_RAWRSA)	+= swupdate_rsa_verify_wolfssl.o
+obj-$(CONFIG_SIGALG_RSAPSS)	+= swupdate_rsa_verify_wolfssl.o
 obj-$(CONFIG_SIGALG_CMS)	+= swupdate_pkcs7_verify_wolfssl.o
 obj-$(CONFIG_ENCRYPTED_IMAGES)	+= swupdate_decrypt_wolfssl.o
 endif
diff --git a/crypto/swupdate_rsa_verify_openssl.c b/crypto/swupdate_rsa_verify_openssl.c
index 8ac52d0d..2e02eec1 100644
--- a/crypto/swupdate_rsa_verify_openssl.c
+++ b/crypto/swupdate_rsa_verify_openssl.c
@@ -14,12 +14,13 @@ 
 #include "swupdate.h"
 #include "util.h"
 #include "swupdate_crypto.h"
+#if !defined(NO_INCLUDE_OPENSSL)
 #include "swupdate_openssl.h"
-
-#define BUFSIZE	(1024 * 8)
-
 #define MODNAME	"opensslRSA"
 #define MODNAME_PSS	"opensslRSAPSS"
+#endif
+
+#define BUFSIZE	(1024 * 8)
 
 static swupdate_dgst_lib	libs;
 
diff --git a/crypto/swupdate_rsa_verify_wolfssl.c b/crypto/swupdate_rsa_verify_wolfssl.c
new file mode 100644
index 00000000..f41a342a
--- /dev/null
+++ b/crypto/swupdate_rsa_verify_wolfssl.c
@@ -0,0 +1,24 @@ 
+/*
+ * (C) Copyright 2024
+ * Stefano Babic, stefano.babic@swupdate.org.
+ *
+ * SPDX-License-Identifier:     GPL-2.0-only
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+#include "swupdate.h"
+#include "swupdate_wolfssl.h"
+
+/*
+ * Switch to WolfSSL in module
+ */
+#define NO_INCLUDE_OPENSSL
+#define MODNAME	"WolfSSLRSA"
+#define MODNAME_PSS	"WolfSSLRSAPSS"
+
+#include "swupdate_rsa_verify_openssl.c"
+