diff mbox series

[1/1] Use PKCS#7 for asymmetric decryption

Message ID 20240621175723.32684-2-bage@debian.org
State New
Delegated to: Stefano Babic
Headers show
Series Add support for asymmetric decryption | expand

Commit Message

Bastian Germann June 21, 2024, 5:57 p.m. UTC
Instead of applying CMS functions for the asymmetric decryption, use the
corresponding PKCS7 functions, which are mostly supported by wolfSSL as
well. The only missing function is PKCS7_decrypt.

Link: https://github.com/wolfSSL/wolfssl/issues/7672
Signed-off-by: Bastian Germann <bage@debian.org>
---
 corelib/swupdate_cms_decrypt.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
diff mbox series

Patch

diff --git a/corelib/swupdate_cms_decrypt.c b/corelib/swupdate_cms_decrypt.c
index 45aa596f..72ac744c 100644
--- a/corelib/swupdate_cms_decrypt.c
+++ b/corelib/swupdate_cms_decrypt.c
@@ -64,13 +64,13 @@  err:
 int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile)
 {
 	BIO *in = NULL, *out = NULL;
-	CMS_ContentInfo *cms = NULL;
+	PKCS7 *pkcs7 = NULL;
 	int ret = 0;
 
 	if (!dgst || !infile || !outfile)
 		return 1;
 
-	/* Open CMS message to decrypt */
+	/* Open message to decrypt */
 	in = BIO_new_file(infile, "rb");
 	if (!in) {
 		ERROR("%s cannot be opened", infile);
@@ -79,9 +79,9 @@  int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
 	}
 
 	/* Parse message */
-	cms = d2i_CMS_bio(in, NULL);
-	if (!cms) {
-		ERROR("%s cannot be parsed as DER-encoded CMS blob", infile);
+	pkcs7 = d2i_PKCS7_bio(in, NULL);
+	if (!pkcs7) {
+		ERROR("%s cannot be parsed as DER-encoded PKCS#7 blob", infile);
 		ret = 1;
 		goto err;
 	}
@@ -99,8 +99,8 @@  int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
 		goto err;
 	}
 
-	/* Decrypt CMS message */
-	if (!CMS_decrypt(cms, dgst->asym_decryption_key, dgst->asym_decryption_cert, NULL, out, 0)) {
+	/* Decrypt message */
+	if (!PKCS7_decrypt(pkcs7, dgst->asym_decryption_key, dgst->asym_decryption_cert, out, 0)) {
 		ERR_print_errors_fp(stderr);
 		ERROR("Decrypting %s failed", infile);
 		ret = 1;
@@ -110,6 +110,6 @@  int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
 err:
 	BIO_free(in);
 	BIO_free(out);
-	CMS_ContentInfo_free(cms);
+	PKCS7_free(pkcs7);
 	return ret;
 }