+cc Akashi-san who initially ported those.
On Tue, 15 Mar 2022 at 19:19, Dhananjay Phadke <dpha...@linux.microsoft.com> wrote: > > Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509, > (not set by ported linux code, but needed by __UBOOT__ part). > > EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for > correctness if certificates contain sha384WithRSAEncryption or > sha512WithRSAEncryption OIDs. > Does the rest of the code parse those? Or expects -ENOPKG for the unsupported certificates? Thanks /Ilias > Signed-off-by: Dhananjay Phadke <dpha...@linux.microsoft.com> > --- > lib/crypto/pkcs7_verify.c | 4 ++++ > lib/crypto/x509_public_key.c | 4 ++++ > 2 files changed, 8 insertions(+) > > diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c > index 82c5c745d4..b832f01356 100644 > --- a/lib/crypto/pkcs7_verify.c > +++ b/lib/crypto/pkcs7_verify.c > @@ -65,6 +65,10 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7, > return -ENOPKG; > if (!strcmp(sinfo->sig->hash_algo, "sha256")) > sig->digest_size = SHA256_SUM_LEN; > + else if (!strcmp(sinfo->sig->hash_algo, "sha384")) > + sig->digest_size = SHA384_SUM_LEN; > + else if (!strcmp(sinfo->sig->hash_algo, "sha512")) > + sig->digest_size = SHA512_SUM_LEN; > else if (!strcmp(sinfo->sig->hash_algo, "sha1")) > sig->digest_size = SHA1_SUM_LEN; > else > diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c > index d557ab27ae..5c0e2b622d 100644 > --- a/lib/crypto/x509_public_key.c > +++ b/lib/crypto/x509_public_key.c > @@ -71,6 +71,10 @@ int x509_get_sig_params(struct x509_certificate *cert) > return -ENOPKG; > if (!strcmp(sig->hash_algo, "sha256")) > sig->digest_size = SHA256_SUM_LEN; > + else if (!strcmp(sig->hash_algo, "sha384")) > + sig->digest_size = SHA384_SUM_LEN; > + else if (!strcmp(sig->hash_algo, "sha512")) > + sig->digest_size = SHA512_SUM_LEN; > else if (!strcmp(sig->hash_algo, "sha1")) > sig->digest_size = SHA1_SUM_LEN; > else > -- > 2.25.1 >
