[PATCH v4 3/7] lib: crypto: import pkcs7_verify.c from linux
Heinrich Schuchardt
xypron.glpk at gmx.de
Sun Jul 19 10:29:55 CEST 2020
On 7/17/20 9:16 AM, AKASHI Takahiro wrote:
> The file, pkcs7_verify.c, will now be imported from linux code
> (crypto/asymmetric_keys/pkcs7_verify.c)
> and modified to fit into U-Boot environment.
>
> In particular, pkcs7_verify_one() function will be used in a later patch
> to rework signature verification logic aiming to support intermediate
> certificates in "chain of trust."
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> ---
> lib/crypto/Kconfig | 3 +
> lib/crypto/Makefile | 1 +
> lib/crypto/pkcs7_verify.c | 521 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 525 insertions(+)
> create mode 100644 lib/crypto/pkcs7_verify.c
>
> diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
> index 2b221b915aa6..6369bafac07b 100644
> --- a/lib/crypto/Kconfig
> +++ b/lib/crypto/Kconfig
> @@ -49,4 +49,7 @@ config PKCS7_MESSAGE_PARSER
> This option provides support for parsing PKCS#7 format messages for
> signature data and provides the ability to verify the signature.
>
> +config PKCS7_VERIFY
> + bool
> +
> endif # ASYMMETRIC_KEY_TYPE
> diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
> index 8267fee0a7b8..f3a414525d2a 100644
> --- a/lib/crypto/Makefile
> +++ b/lib/crypto/Makefile
> @@ -44,6 +44,7 @@ obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o
> pkcs7_message-y := \
> pkcs7.asn1.o \
> pkcs7_parser.o
> +obj-$(CONFIG_PKCS7_VERIFY) += pkcs7_verify.o
>
> $(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h
> $(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h
> diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c
> new file mode 100644
> index 000000000000..a893fa3b586b
> --- /dev/null
> +++ b/lib/crypto/pkcs7_verify.c
> @@ -0,0 +1,521 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/* Verify the signature on a PKCS#7 message.
> + *
> + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
> + * Written by David Howells (dhowells at redhat.com)
Please, state here from which Linux file and which version you have been
copying, e.g.
* Based on Linux v5.8-rc5 lib/crypto/pkcs7_verify.c
Best regards
Heinrich
More information about the U-Boot
mailing list