[PATCH v4 20/29] lib/crypto: Adapt x509_cert_parser to MbedTLS

Raymond Mao raymond.mao at linaro.org
Mon Jul 29 15:55:16 CEST 2024


On Mon, 29 Jul 2024 at 09:20, Ilias Apalodimas <ilias.apalodimas at linaro.org>
wrote:

> Hi Raymond
>
> >
> > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
> > +/* Backup of part of the parsing context */
>
> I am not sure I understand the comment
>
> We can remove this comment line.


> > +struct x509_cert_mbedtls_ctx {
> > +       void    *tbs;                   /* Signed data */
> > +       void    *raw_serial;            /* Raw serial number in ASN.1 */
> > +       void    *raw_issuer;            /* Raw issuer name in ASN.1 */
> > +       void    *raw_subject;           /* Raw subject name in ASN.1 */
> > +       void    *raw_skid;              /* Raw subjectKeyId in ASN.1 */
> > +};
> > +#endif
> > +
> > +/*
> > + * MbedTLS integration Notes:
> > + *
> > + * Fields we don't need to populate from MbedTLS:
>
> You mean *for* mbedTLS?
>
> > + * 'raw_sig' and 'raw_sig_size' are buffer for x509_parse_context,
>
> 'raw_sig' and 'raw_sig_size' are used in x509_parse_context(), which
> in turn is not used in mbedTLS?
>
> Both are used by the U-Boot ASN1 library when parsing the x509.
But for MbedTLS, we removed "struct x509_parse_context ", since all
parsing is done under MbedTLS and we don't need to expose them at all.

> + * not needed for MbedTLS.
> > + * 'signer' and 'seen' are used internally by pkcs7_verify.
> > + * 'verified' is not inuse.
>
> either 'unsued' or 'not in use'
>
A typo. will fix it.

Regards,
Raymond


More information about the U-Boot mailing list