@@ -64,13 +64,13 @@ err:
int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile)
{
BIO *in = NULL, *out = NULL;
- CMS_ContentInfo *cms = NULL;
+ PKCS7 *pkcs7 = NULL;
int ret = 0;
if (!dgst || !infile || !outfile)
return 1;
- /* Open CMS message to decrypt */
+ /* Open message to decrypt */
in = BIO_new_file(infile, "rb");
if (!in) {
ERROR("%s cannot be opened", infile);
@@ -79,9 +79,9 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
}
/* Parse message */
- cms = d2i_CMS_bio(in, NULL);
- if (!cms) {
- ERROR("%s cannot be parsed as DER-encoded CMS blob", infile);
+ pkcs7 = d2i_PKCS7_bio(in, NULL);
+ if (!pkcs7) {
+ ERROR("%s cannot be parsed as DER-encoded PKCS#7 blob", infile);
ret = 1;
goto err;
}
@@ -99,8 +99,8 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
goto err;
}
- /* Decrypt CMS message */
- if (!CMS_decrypt(cms, dgst->asym_decryption_key, dgst->asym_decryption_cert, NULL, out, 0)) {
+ /* Decrypt message */
+ if (!PKCS7_decrypt(pkcs7, dgst->asym_decryption_key, dgst->asym_decryption_cert, out, 0)) {
ERR_print_errors_fp(stderr);
ERROR("Decrypting %s failed", infile);
ret = 1;
@@ -110,6 +110,6 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
err:
BIO_free(in);
BIO_free(out);
- CMS_ContentInfo_free(cms);
+ PKCS7_free(pkcs7);
return ret;
}
Instead of applying CMS functions for the asymmetric decryption, use the corresponding PKCS7 functions, which are mostly supported by wolfSSL as well. The only missing function is PKCS7_decrypt. Link: https://github.com/wolfSSL/wolfssl/issues/7672 Signed-off-by: Bastian Germann <bage@debian.org> --- corelib/swupdate_cms_decrypt.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)