[PATCH] lib/crypto: support sha384/sha512 in x509/pkcs7

15 Mar 2022

Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
(not set by ported linux code, but needed by __UBOOT__ part).
EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
correctness if certificates contain sha384WithRSAEncryption or
sha512WithRSAEncryption OIDs.
Signed-off-by: Dhananjay Phadke dphadke@linux.microsoft.com
---
 lib/crypto/pkcs7_verify.c    | 4 ++++
 lib/crypto/x509_public_key.c | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c
index 82c5c745d4..b832f01356 100644
--- a/lib/crypto/pkcs7_verify.c
+++ b/lib/crypto/pkcs7_verify.c
@@ -65,6 +65,10 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
    	return -ENOPKG;
    if (!strcmp(sinfo->sig->hash_algo, "sha256"))
    	sig->digest_size = SHA256_SUM_LEN;
+	else if (!strcmp(sinfo->sig->hash_algo, "sha384"))
+		sig->digest_size = SHA384_SUM_LEN;
+	else if (!strcmp(sinfo->sig->hash_algo, "sha512"))
+		sig->digest_size = SHA512_SUM_LEN;
    else if (!strcmp(sinfo->sig->hash_algo, "sha1"))
    	sig->digest_size = SHA1_SUM_LEN;
    else
diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c
index d557ab27ae..5c0e2b622d 100644
--- a/lib/crypto/x509_public_key.c
+++ b/lib/crypto/x509_public_key.c
@@ -71,6 +71,10 @@ int x509_get_sig_params(struct x509_certificate *cert)
    	return -ENOPKG;
    if (!strcmp(sig->hash_algo, "sha256"))
    	sig->digest_size = SHA256_SUM_LEN;
+	else if (!strcmp(sig->hash_algo, "sha384"))
+		sig->digest_size = SHA384_SUM_LEN;
+	else if (!strcmp(sig->hash_algo, "sha512"))
+		sig->digest_size = SHA512_SUM_LEN;
    else if (!strcmp(sig->hash_algo, "sha1"))
    	sig->digest_size = SHA1_SUM_LEN;
    else
-- 
2.25.1


    

Dhananjay Phadke

Ilias Apalodimas

Signed-off-by: Dhananjay Phadke dphadke@linux.microsoft.com

Dhananjay Phadke

Ilias Apalodimas

Tom Rini

tags (0)

participants (3)