From: Dhananjay Phadke <dphadke@linux.microsoft.com>
To: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: u-boot@lists.denx.de, Simon Glass <sjg@chromium.org>,
Alexandru Gagniuc <mr.nuke.me@gmail.com>,
Takahiro Akashi <takahiro.akashi@linaro.org>
Subject: Re: [PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7
Date: Fri, 18 Mar 2022 07:10:43 -0700 [thread overview]
Message-ID: <1cf53107-f696-e722-69fd-0b20a0705d54@linux.microsoft.com> (raw)
In-Reply-To: <CAC_iWj+J-DSXunfVRHmwxdRQc3JRAbS8xdhJWZ8aqb+QHEb+JA@mail.gmail.com>
On 3/18/2022 12:44 AM, Ilias Apalodimas wrote:
> +cc Akashi-san who initially ported those.
>
>
> On Tue, 15 Mar 2022 at 19:19, Dhananjay Phadke
> <dphadke@linux.microsoft.com> wrote:
>>
>> Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
>> (not set by ported linux code, but needed by __UBOOT__ part).
>>
>> EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
>> correctness if certificates contain sha384WithRSAEncryption or
>> sha512WithRSAEncryption OIDs.
>>
>
> Does the rest of the code parse those? Or expects -ENOPKG for the
> unsupported certificates?
Yes these OIDs are parsed by Linux code, see x509_note_pkey_algo().
U-Boot code allocates digest buf for invoking hash_calculate(), that
needs this digest_size.
I've verified such certs (chain) with pkcs7_verify_one().
Thanks,
Dhananjay
next prev parent reply other threads:[~2022-03-18 14:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-15 17:19 [PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7 Dhananjay Phadke
2022-03-18 7:44 ` Ilias Apalodimas
2022-03-18 14:10 ` Dhananjay Phadke [this message]
2022-03-18 14:37 ` Ilias Apalodimas
2022-04-11 20:14 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1cf53107-f696-e722-69fd-0b20a0705d54@linux.microsoft.com \
--to=dphadke@linux.microsoft.com \
--cc=ilias.apalodimas@linaro.org \
--cc=mr.nuke.me@gmail.com \
--cc=sjg@chromium.org \
--cc=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.