From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 88EECC433EF for ; Fri, 18 Mar 2022 14:10:51 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 597B58395D; Fri, 18 Mar 2022 15:10:49 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="PgmMg+Oc"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9211C839BD; Fri, 18 Mar 2022 15:10:47 +0100 (CET) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by phobos.denx.de (Postfix) with ESMTP id A7CED8363B for ; Fri, 18 Mar 2022 15:10:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=dphadke@linux.microsoft.com Received: from [192.168.87.85] (unknown [50.47.106.53]) by linux.microsoft.com (Postfix) with ESMTPSA id 4D27F20D5F29; Fri, 18 Mar 2022 07:10:43 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 4D27F20D5F29 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1647612643; bh=/+xYzJ2TiKDq4cXiAHE3B8M+PvPx+Mx6BWuW/Jvebi8=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=PgmMg+OcqNUDkosRdBx0J82JIxX3IatWIal0XwXARyLgO4hiQxf3KiQYBXfrMGdrz 1duoA0RlrBaebFm7oy9a2OIeguAaVvjAX0JmUyx3xQLdbQvtl/a8CGQLnOJ5rznVEH eTuCbvai8jCs8YxPlYnpo24dFET/7GabdBRvyTCs= Message-ID: <1cf53107-f696-e722-69fd-0b20a0705d54@linux.microsoft.com> Date: Fri, 18 Mar 2022 07:10:43 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7 Content-Language: en-US To: Ilias Apalodimas Cc: u-boot@lists.denx.de, Simon Glass , Alexandru Gagniuc , Takahiro Akashi References: <20220315171932.3662368-1-dphadke@linux.microsoft.com> From: Dhananjay Phadke In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean On 3/18/2022 12:44 AM, Ilias Apalodimas wrote: > +cc Akashi-san who initially ported those. > > > On Tue, 15 Mar 2022 at 19:19, Dhananjay Phadke > wrote: >> >> Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509, >> (not set by ported linux code, but needed by __UBOOT__ part). >> >> EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for >> correctness if certificates contain sha384WithRSAEncryption or >> sha512WithRSAEncryption OIDs. >> > > Does the rest of the code parse those? Or expects -ENOPKG for the > unsupported certificates? Yes these OIDs are parsed by Linux code, see x509_note_pkey_algo(). U-Boot code allocates digest buf for invoking hash_calculate(), that needs this digest_size. I've verified such certs (chain) with pkcs7_verify_one(). Thanks, Dhananjay