[PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7
Dhananjay Phadke
dphadke at linux.microsoft.com
Fri Mar 18 15:10:43 CET 2022
On 3/18/2022 12:44 AM, Ilias Apalodimas wrote:
> +cc Akashi-san who initially ported those.
>
>
> On Tue, 15 Mar 2022 at 19:19, Dhananjay Phadke
> <dphadke at linux.microsoft.com> wrote:
>>
>> Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
>> (not set by ported linux code, but needed by __UBOOT__ part).
>>
>> EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
>> correctness if certificates contain sha384WithRSAEncryption or
>> sha512WithRSAEncryption OIDs.
>>
>
> Does the rest of the code parse those? Or expects -ENOPKG for the
> unsupported certificates?
Yes these OIDs are parsed by Linux code, see x509_note_pkey_algo().
U-Boot code allocates digest buf for invoking hash_calculate(), that
needs this digest_size.
I've verified such certs (chain) with pkcs7_verify_one().
Thanks,
Dhananjay
More information about the U-Boot
mailing list