Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-19 11:24:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

lib/crypto: support sha384/sha512 in x509/pkcs7

Browse source 
Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
(not set by ported linux code, but needed by __UBOOT__ part).

EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
correctness if certificates contain sha384WithRSAEncryption or
sha512WithRSAEncryption OIDs.

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit is contained in:
Dhananjay Phadke 2022-03-15 10:19:32 -07:00 committed by Tom Rini
parent 067cfc1c2e
commit e146a2c12f
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/crypto/pkcs7_verify.c
View file

@ -65,6 +65,10 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
return -ENOPKG;
if (!strcmp(sinfo->sig->hash_algo, "sha256"))
sig->digest_size = SHA256_SUM_LEN;
else if (!strcmp(sinfo->sig->hash_algo, "sha384"))
sig->digest_size = SHA384_SUM_LEN;
else if (!strcmp(sinfo->sig->hash_algo, "sha512"))
sig->digest_size = SHA512_SUM_LEN;
else if (!strcmp(sinfo->sig->hash_algo, "sha1"))
sig->digest_size = SHA1_SUM_LEN;
else

4
lib/crypto/x509_public_key.c
View file

@ -71,6 +71,10 @@ int x509_get_sig_params(struct x509_certificate *cert)
return -ENOPKG;
if (!strcmp(sig->hash_algo, "sha256"))
sig->digest_size = SHA256_SUM_LEN;
else if (!strcmp(sig->hash_algo, "sha384"))
sig->digest_size = SHA384_SUM_LEN;
else if (!strcmp(sig->hash_algo, "sha512"))
sig->digest_size = SHA512_SUM_LEN;
else if (!strcmp(sig->hash_algo, "sha1"))
sig->digest_size = SHA1_SUM_LEN;
else