29 Jul
2024
29 Jul
'24
3:55 p.m.
On Mon, 29 Jul 2024 at 09:20, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +/* Backup of part of the parsing context */
I am not sure I understand the comment
We can remove this comment line.
+struct x509_cert_mbedtls_ctx {
void *tbs; /* Signed data */void *raw_serial; /* Raw serial number in ASN.1 */void *raw_issuer; /* Raw issuer name in ASN.1 */void *raw_subject; /* Raw subject name in ASN.1 */void *raw_skid; /* Raw subjectKeyId in ASN.1 */+}; +#endif
+/*
- MbedTLS integration Notes:
- Fields we don't need to populate from MbedTLS:
You mean *for* mbedTLS?
- 'raw_sig' and 'raw_sig_size' are buffer for x509_parse_context,
'raw_sig' and 'raw_sig_size' are used in x509_parse_context(), which in turn is not used in mbedTLS?
Both are used by the U-Boot ASN1 library when parsing the x509.
But for MbedTLS, we removed "struct x509_parse_context ", since all parsing is done under MbedTLS and we don't need to expose them at all.
- not needed for MbedTLS.
- 'signer' and 'seen' are used internally by pkcs7_verify.
- 'verified' is not inuse.
either 'unsued' or 'not in use'
A typo. will fix it.
Regards, Raymond