From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Dhananjay Phadke <dphadke@linux.microsoft.com>
Cc: u-boot@lists.denx.de, Simon Glass <sjg@chromium.org>,
Alexandru Gagniuc <mr.nuke.me@gmail.com>,
Takahiro Akashi <takahiro.akashi@linaro.org>
Subject: Re: [PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7
Date: Fri, 18 Mar 2022 16:37:59 +0200 [thread overview]
Message-ID: <YjSZRxGICjnihwFI@hades> (raw)
In-Reply-To: <1cf53107-f696-e722-69fd-0b20a0705d54@linux.microsoft.com>
On Fri, Mar 18, 2022 at 07:10:43AM -0700, Dhananjay Phadke wrote:
> On 3/18/2022 12:44 AM, Ilias Apalodimas wrote:
> > +cc Akashi-san who initially ported those.
> >
> >
> > On Tue, 15 Mar 2022 at 19:19, Dhananjay Phadke
> > <dphadke@linux.microsoft.com> wrote:
> > >
> > > Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
> > > (not set by ported linux code, but needed by __UBOOT__ part).
> > >
> > > EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
> > > correctness if certificates contain sha384WithRSAEncryption or
> > > sha512WithRSAEncryption OIDs.
> > >
> >
> > Does the rest of the code parse those? Or expects -ENOPKG for the
> > unsupported certificates?
>
> Yes these OIDs are parsed by Linux code, see x509_note_pkey_algo().
> U-Boot code allocates digest buf for invoking hash_calculate(), that
> needs this digest_size.
>
> I've verified such certs (chain) with pkcs7_verify_one().
Ah right, I probably missed that as well when I sent
8699af63b8a5 ("lib/crypto: Enable more algorithms in cert verification")
Thanks!
>
> Thanks,
> Dhananjay
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
next prev parent reply other threads:[~2022-03-18 14:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-15 17:19 [PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7 Dhananjay Phadke
2022-03-18 7:44 ` Ilias Apalodimas
2022-03-18 14:10 ` Dhananjay Phadke
2022-03-18 14:37 ` Ilias Apalodimas [this message]
2022-04-11 20:14 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YjSZRxGICjnihwFI@hades \
--to=ilias.apalodimas@linaro.org \
--cc=dphadke@linux.microsoft.com \
--cc=mr.nuke.me@gmail.com \
--cc=sjg@chromium.org \
--cc=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.