On Fri, Mar 18, 2022 at 07:10:43AM -0700, Dhananjay Phadke wrote:
On 3/18/2022 12:44 AM, Ilias Apalodimas wrote:
+cc Akashi-san who initially ported those.
On Tue, 15 Mar 2022 at 19:19, Dhananjay Phadke dphadke@linux.microsoft.com wrote:
Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509, (not set by ported linux code, but needed by __UBOOT__ part).
EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for correctness if certificates contain sha384WithRSAEncryption or sha512WithRSAEncryption OIDs.
Does the rest of the code parse those? Or expects -ENOPKG for the unsupported certificates?
Yes these OIDs are parsed by Linux code, see x509_note_pkey_algo(). U-Boot code allocates digest buf for invoking hash_calculate(), that needs this digest_size.
I've verified such certs (chain) with pkcs7_verify_one().
Ah right, I probably missed that as well when I sent 8699af63b8a5 ("lib/crypto: Enable more algorithms in cert verification")
Thanks!
Thanks, Dhananjay
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org