Hi all, The "openssl dgst -sha256" is working as well. [configuration] Xcode 9 Openssl 0.9.8zh 14 Jan 2016
Best regards George Liao -----Original Message----- From: Gao, Liming Sent: Tuesday, March 27, 2018 4:49 PM To: Long, Qin <[email protected]>; Zhu, Yonghong <[email protected]>; [email protected] Cc: Kinney, Michael D <[email protected]>; Liao, Jui-pengX <[email protected]> Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options Qin: Thanks for your suggestion. It also work. I agree this style is better. Thanks Liming >-----Original Message----- >From: Long, Qin >Sent: Tuesday, March 27, 2018 4:33 PM >To: Zhu, Yonghong <[email protected]>; Gao, Liming ><[email protected]>; [email protected] >Cc: Kinney, Michael D <[email protected]>; Liao, Jui-pengX ><jui- [email protected]> >Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use >openssl standard options > >This ("sha1 -sha256") looks a little odd. >Could we try "openssl dgst -sha256 ...."? > > >Best Regards & Thanks, >LONG, Qin > >-----Original Message----- >From: edk2-devel [mailto:[email protected]] On Behalf Of >Zhu, Yonghong >Sent: Tuesday, March 27, 2018 3:56 PM >To: Gao, Liming <[email protected]>; [email protected] >Cc: Kinney, Michael D <[email protected]>; Liao, Jui-pengX ><jui- [email protected]> >Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to >use openssl standard options > >Reviewed-by: Yonghong Zhu <[email protected]> > >Best Regards, >Zhu Yonghong > > >-----Original Message----- >From: Gao, Liming >Sent: Tuesday, March 27, 2018 1:48 PM >To: [email protected] >Cc: Liao, Jui-pengX <[email protected]>; Kinney, Michael D ><[email protected]>; Zhu, Yonghong <[email protected]> >Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl >standard options > >sha256 is not the standard option. It should be replaced by sha -sha256. >Otherwise, it doesn't work in MAC OS. > >In V2, update the option to sha1 -sha256. >In late openssl version >= 1.1, there is no sha option, but has sha1,sha256. >In previous openssl version < 1.1, there is no sha256, but has sha,sha1. >To work with all openssl version, use sha1 -sha256 for it. > >Contributed-under: TianoCore Contribution Agreement 1.1 >Signed-off-by: Liao Jui-peng <[email protected]> >Signed-off-by: Liming Gao <[email protected]> >Cc: Michael Kinney <[email protected]> >Cc: Yonghong Zhu <[email protected]> >--- > BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 >++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git >a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >index 1ae6ebb..4188f8e 100644 >--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >@@ -176,7 +176,7 @@ if __name__ == '__main__': > # > # Sign the input file using the specified private key and capture >signature from STDOUT > # >- Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, >args.PrivateKeyFileName), stdin=subprocess.PIPE, >stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) >+ Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' % >(OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, >stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) > Signature = Process.communicate(input=FullInputFileBuffer)[0] > if Process.returncode <> 0: > sys.exit(Process.returncode) >@@ -225,7 +225,7 @@ if __name__ == '__main__': > # > # Verify signature > # >- Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % >(OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), >stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, >shell=True) >+ Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" - >signature %s' % (OpenSslCommand, args.PrivateKeyFileName, >args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, >stderr=subprocess.PIPE, shell=True) > Process.communicate(input=FullInputFileBuffer) > if Process.returncode <> 0: > print 'ERROR: Verification failed' >-- >2.8.0.windows.1 > >_______________________________________________ >edk2-devel mailing list >[email protected] >https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
