From: Dhananjay Phadke <dphadke@linux.microsoft.com>
To: u-boot@lists.denx.de
Cc: Simon Glass <sjg@chromium.org>,
Alexandru Gagniuc <mr.nuke.me@gmail.com>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Dhananjay Phadke <dphadke@linux.microsoft.com>
Subject: [PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7
Date: Tue, 15 Mar 2022 10:19:32 -0700 [thread overview]
Message-ID: <20220315171932.3662368-1-dphadke@linux.microsoft.com> (raw)
Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
(not set by ported linux code, but needed by __UBOOT__ part).
EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
correctness if certificates contain sha384WithRSAEncryption or
sha512WithRSAEncryption OIDs.
Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
---
lib/crypto/pkcs7_verify.c | 4 ++++
lib/crypto/x509_public_key.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c
index 82c5c745d4..b832f01356 100644
--- a/lib/crypto/pkcs7_verify.c
+++ b/lib/crypto/pkcs7_verify.c
@@ -65,6 +65,10 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
return -ENOPKG;
if (!strcmp(sinfo->sig->hash_algo, "sha256"))
sig->digest_size = SHA256_SUM_LEN;
+ else if (!strcmp(sinfo->sig->hash_algo, "sha384"))
+ sig->digest_size = SHA384_SUM_LEN;
+ else if (!strcmp(sinfo->sig->hash_algo, "sha512"))
+ sig->digest_size = SHA512_SUM_LEN;
else if (!strcmp(sinfo->sig->hash_algo, "sha1"))
sig->digest_size = SHA1_SUM_LEN;
else
diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c
index d557ab27ae..5c0e2b622d 100644
--- a/lib/crypto/x509_public_key.c
+++ b/lib/crypto/x509_public_key.c
@@ -71,6 +71,10 @@ int x509_get_sig_params(struct x509_certificate *cert)
return -ENOPKG;
if (!strcmp(sig->hash_algo, "sha256"))
sig->digest_size = SHA256_SUM_LEN;
+ else if (!strcmp(sig->hash_algo, "sha384"))
+ sig->digest_size = SHA384_SUM_LEN;
+ else if (!strcmp(sig->hash_algo, "sha512"))
+ sig->digest_size = SHA512_SUM_LEN;
else if (!strcmp(sig->hash_algo, "sha1"))
sig->digest_size = SHA1_SUM_LEN;
else
--
2.25.1
next reply other threads:[~2022-03-15 17:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-15 17:19 Dhananjay Phadke [this message]
2022-03-18 7:44 ` [PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7 Ilias Apalodimas
2022-03-18 14:10 ` Dhananjay Phadke
2022-03-18 14:37 ` Ilias Apalodimas
2022-04-11 20:14 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220315171932.3662368-1-dphadke@linux.microsoft.com \
--to=dphadke@linux.microsoft.com \
--cc=ilias.apalodimas@linaro.org \
--cc=mr.nuke.me@gmail.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.