From patchwork Fri Jun 21 17:57:21 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@debian.org>
X-Patchwork-Id: 1950914
X-Patchwork-Delegate: sbabic@denx.de
Return-Path: <swupdate+bncBCN5N5NJZ4BBBRUC26ZQMGQECM5FV2I@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20230601 header.b=LLhqT/nS;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2607:f8b0:4864:20::33e; helo=mail-ot1-x33e.google.com;
 envelope-from=swupdate+bncbcn5n5njz4bbbruc26zqmgqecm5fv2i@googlegroups.com;
 receiver=patchwork.ozlabs.org)
Received: from mail-ot1-x33e.google.com (mail-ot1-x33e.google.com
 [IPv6:2607:f8b0:4864:20::33e])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4W5QL862Fhz20Wb
	for <incoming@patchwork.ozlabs.org>; Sat, 22 Jun 2024 04:07:11 +1000 (AEST)
Received: by mail-ot1-x33e.google.com with SMTP id
 46e09a7af769-7008833284esf2478057a34.0
        for <incoming@patchwork.ozlabs.org>;
 Fri, 21 Jun 2024 11:07:11 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1718993224; cv=pass;
        d=google.com; s=arc-20160816;
        b=euLjmfXDk/UEB4yah0m8E3Li9hbN9SuUfcxKudUXlaM/bklmSUq7w22Pn7f7Kx3fyn
         SkEPpDPVZlIqm73qxapdvIn7xWRijPJvvKH1BnPwvYacnzbA0Fv2zfJ2amx8iccIQ1Ws
         t39u5QpAN8ALZXQ1sSTmymjH77rI2Iu9xl3LL1E2JQBN28aIhcS9GnwG5ayLrVHQ2ePP
         9niDJC2Dbi3vM3v7LDOGbYMt34UgknoaeocpiZzLk5zAqLkJaru5rSrFDpPQsp6pUofb
         q1+PveBN6a7LNoDNrxl43kR/aR7jRSYaNYxp/0mge+Q0L5NjdBD9nZGoxq8WOxadO+Et
         fh/A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=rGTEM7Nd/NexxDAuV0g++RPVtRkj+DmVD5zpq+O4fek=;
        fh=fyWv92CzlQOS+63mDmovkUiYVVcGhE1D+trwArQcnIY=;
        b=uL/wp/PgC/2ZdJ5adeXYLO+p/gjc8IcCJOPimom39VIArMXM7FrTJGnhOBx8DBfMSY
         cDENOiJeVMXw22JHCvtO5whb9KS2U5yZ+OIucSBZPKVmMKRI0lzJxLIA0uiKAlyODq+j
         2EfvTz8nPEL14YN5oRAVTPZMqFKM8Sku3PQHae8Kl0BmA3+rMOhtlGpQf0/zvid0naPY
         IwIdoZ8DYVZ0IZo5de0GlpttAHJdV1k4tw54uFU9HgD1cYSxmeD1Bf60wUqrR0/+KigF
         bkvE6DZQjdIeDQJvzwo4YMVAj9XAZZnlazGIY3K+1f6szRg62hJnEoeVSS4GytSUALz2
         5XbA==;
        darn=patchwork.ozlabs.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky
 header.b=EG46+TYB;
       spf=none (google.com: debian.org does not designate permitted sender
 hosts) smtp.mailfrom=bage@debian.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1718993224; x=1719598024;
 darn=patchwork.ozlabs.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=rGTEM7Nd/NexxDAuV0g++RPVtRkj+DmVD5zpq+O4fek=;
        b=LLhqT/nSseYV76ZiJnnGmYeESUDG56OegGAkDosqTT6OZifpqZS3lSE4ueSVSHUCOy
         4VYJQ/mjBGFGzAJuNXEsNixdCxEPpBYK5AugPJRhL6W3D9ikS7H/EIGH6I9tkKO1MG/S
         z7ejejT9htpE+pHCn7IvkLpH6QbN2joCNrBplmDUNNcgyCrGUvaDmqoNx2GsXeEhLlKV
         iHYS8EfQLAqro1te/7EBAXOBtgnqHdMqkrhPymfnmDrHEkdQ6VtVx/kxy8VgnAwpBYvc
         baxVlSNXLIi/wDvLecgrnVky2TvSnrNDrCi3pXJeL815ISIU1f7rJYDyyKBvNGRcrK4V
         /Ytw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718993224; x=1719598024;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:x-beenthere:x-gm-message-state:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=rGTEM7Nd/NexxDAuV0g++RPVtRkj+DmVD5zpq+O4fek=;
        b=JNNjSJSKPzzimL8JJNL1T8dx9FChNYqX3uyG2pP4k8SfDwGmeHWb5jvX1AKPbJI8by
         56vyBQUgVpm9fUZW/jNL8KKHAwFx3aaTZx+ZDLS+1E/Iw5WrV3Lg+HigNiWu/TUMEUUm
         o/6NdpwIv7j+iKF46wPple9PwAw70qAhb4ehV1Lyo44NVG8tm2wYP/LuBhYzf1t5iQXZ
         fqqw5aiP0AgQ2VwMhBuhmaqZIt4fdUfsv2R9QmE3Lo71RZcysulIdRh+a3Yf9OtYadSk
         T8QTFXo3VODVI6OYblN5ZgmYtD4mbqjkiOsNBo+PVz+yuBlarziHPcXLF2bYGEsabpXi
         Lnlg==
Sender: swupdate@googlegroups.com
X-Forwarded-Encrypted: i=2;
 AJvYcCVfhoOkBAgGrqm+HEvBrDgIyiBjhijzMgQUYXe0tnSbv83KI4eep5Sc0v89MqzKR6rIFD/Zoho7wdJeovQPEK2X+2UMzyNTVaEr43WFSA==
X-Gm-Message-State: AOJu0YzmVXjbfOSK3AJM0A1fjkw+Xo8ZQQdFmxc0Mst+l+Fk7fF+J/lp
	lL/p5URXf1Z6uMnT6tGbtcZ5DkUVGBDfh0vn5r1/3/4QypF8ASHX
X-Google-Smtp-Source: 
 AGHT+IEwcegzyOcwZnqkW/7oeR32WKyfeKhXOh/hu71DWN3ZiseGzCTPzXptquyugl1y0ivY7DHjlQ==
X-Received: by 2002:a9d:6385:0:b0:6f9:f231:3909 with SMTP id
 46e09a7af769-7007558dd58mr9709710a34.29.1718993224041;
        Fri, 21 Jun 2024 11:07:04 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:6214:3113:b0:6ab:8f81:8496 with SMTP id
 6a1803df08f44-6b51032d628ls28192656d6.2.-pod-prod-01-us; Fri, 21 Jun 2024
 11:07:02 -0700 (PDT)
X-Received: by 2002:a05:6214:43c3:b0:6b0:7c57:26da with SMTP id
 6a1803df08f44-6b501e4e73cmr4652146d6.3.1718993222529;
        Fri, 21 Jun 2024 11:07:02 -0700 (PDT)
Received: by 2002:a05:620a:9353:b0:795:5d5b:11d3 with SMTP id
 af79cd13be357-79bce2e7137ms85a;
        Fri, 21 Jun 2024 10:57:30 -0700 (PDT)
X-Received: by 2002:a05:600c:4651:b0:422:683b:df54 with SMTP id
 5b1f17b1804b1-42475296a41mr70670405e9.32.1718992647915;
        Fri, 21 Jun 2024 10:57:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1718992647; cv=none;
        d=google.com; s=arc-20160816;
        b=WBGGYE3dUopui1FzBUj8cF0UrxI7uYd3N5Bj8MhgOKZ8e2DItv2mfX8K0ybuvR1NJF
         DdVjuClG1cz4USvO155GUBRJcRgOcycoeTGEgl+YyfOULq2H+E92McG3Zi+57Vy0uTDV
         BU4AsUIPGr9pJiHyIWgh35shT34ZIs43rzxgJBZHg56pnm8kWiKjS+AWVaVQZU3bxmrq
         gC9AbhmaZoerlzXXKkar4BEzClcjRxjGdgd95pGSmy16bVBmAl1/MpXdn36ts5BO9KMz
         ALHIB2s9bkI/b9h8RvLsCsbcpx1HAbr93DTMj6Cgx0gBF6cWtnlai+b+EyRu519TfhB7
         g7cA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=43rKdh4TeUD03UBKupb0icoAD8TG1Iqxrk9wTrF5fjI=;
        fh=SFxTw2b8Ua4x6rX/X3nCP9DI7uKEJI/JZJzSqwai/LQ=;
        b=QZQm3Z4tGVx4kKOVFUR5i5xlpD0PhECezb64I+EwsDK/vwuyw4TqsS5N17j/wl6vFN
         HrOJWJmdlAavchwntXI8ALtQWSTqrHbag83/qMofa/fpTqEgDFH/Gnl80eLZgG4SRwCQ
         3Pb7fNYyWzYDrJE9Ev02tGskGI5UXDmNcuvY3ybzld345OM9lKaYg3qj3Z/vrBItOAPw
         ED6zHRg0krk8BSEe90iWo9yITPIaMZSU1tjt1XWWUKJdCQtNkTusz+IU2iPMaFPgjTvZ
         O264fY1o5dF5O+UIgl+DjUUvyHHb1tS6SHKV3wrmnXc8mQEiPNDAppYss+F1crMVJ1FN
         13kw==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky
 header.b=EG46+TYB;
       spf=none (google.com: debian.org does not designate permitted sender
 hosts) smtp.mailfrom=bage@debian.org
Received: from stravinsky.debian.org (stravinsky.debian.org.
 [2001:41b8:202:deb::311:108])
        by gmr-mx.google.com with ESMTPS id
 5b1f17b1804b1-42471e66007si6387855e9.1.2024.06.21.10.57.27
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 21 Jun 2024 10:57:27 -0700 (PDT)
Received-SPF: none (google.com: debian.org does not designate permitted sender
 hosts) client-ip=2001:41b8:202:deb::311:108;
Received: from authenticated user
	by stravinsky.debian.org with esmtpsa
 (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.94.2)
	(envelope-from <bage@debian.org>)
	id 1sKiVr-00Fv5f-Dm; Fri, 21 Jun 2024 17:57:27 +0000
From: Bastian Germann <bage@debian.org>
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@debian.org>
Subject: [swupdate] [PATCH 1/1] Use PKCS#7 for asymmetric decryption
Date: Fri, 21 Jun 2024 19:57:21 +0200
Message-ID: <20240621175723.32684-2-bage@debian.org>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240621175723.32684-1-bage@debian.org>
References: <20240621175723.32684-1-bage@debian.org>
MIME-Version: 1.0
X-Debian-User: bage
X-Original-Sender: bage@debian.org
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@debian.org header.s=smtpauto.stravinsky header.b=EG46+TYB;
       spf=none (google.com: debian.org does not designate permitted sender
 hosts) smtp.mailfrom=bage@debian.org
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

Instead of applying CMS functions for the asymmetric decryption, use the
corresponding PKCS7 functions, which are mostly supported by wolfSSL as
well. The only missing function is PKCS7_decrypt.

Link: https://github.com/wolfSSL/wolfssl/issues/7672
Signed-off-by: Bastian Germann <bage@debian.org>
---
 corelib/swupdate_cms_decrypt.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/corelib/swupdate_cms_decrypt.c b/corelib/swupdate_cms_decrypt.c
index 45aa596f..72ac744c 100644
--- a/corelib/swupdate_cms_decrypt.c
+++ b/corelib/swupdate_cms_decrypt.c
@@ -64,13 +64,13 @@ err:
 int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile)
 {
 	BIO *in = NULL, *out = NULL;
-	CMS_ContentInfo *cms = NULL;
+	PKCS7 *pkcs7 = NULL;
 	int ret = 0;
 
 	if (!dgst || !infile || !outfile)
 		return 1;
 
-	/* Open CMS message to decrypt */
+	/* Open message to decrypt */
 	in = BIO_new_file(infile, "rb");
 	if (!in) {
 		ERROR("%s cannot be opened", infile);
@@ -79,9 +79,9 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
 	}
 
 	/* Parse message */
-	cms = d2i_CMS_bio(in, NULL);
-	if (!cms) {
-		ERROR("%s cannot be parsed as DER-encoded CMS blob", infile);
+	pkcs7 = d2i_PKCS7_bio(in, NULL);
+	if (!pkcs7) {
+		ERROR("%s cannot be parsed as DER-encoded PKCS#7 blob", infile);
 		ret = 1;
 		goto err;
 	}
@@ -99,8 +99,8 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
 		goto err;
 	}
 
-	/* Decrypt CMS message */
-	if (!CMS_decrypt(cms, dgst->asym_decryption_key, dgst->asym_decryption_cert, NULL, out, 0)) {
+	/* Decrypt message */
+	if (!PKCS7_decrypt(pkcs7, dgst->asym_decryption_key, dgst->asym_decryption_cert, out, 0)) {
 		ERR_print_errors_fp(stderr);
 		ERROR("Decrypting %s failed", infile);
 		ret = 1;
@@ -110,6 +110,6 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
 err:
 	BIO_free(in);
 	BIO_free(out);
-	CMS_ContentInfo_free(cms);
+	PKCS7_free(pkcs7);
 	return ret;
 }