Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 9664f522dc27780cd53c4267cfc2c237dadb1738^! / .
commit9664f522dc27780cd53c4267cfc2c237dadb1738[log] [tgz]
authorDhananjay Phadke <dphadke@linux.microsoft.com>Tue Mar 15 10:19:32 2022 -0700
committerTom Rini <trini@konsulko.com>Mon Apr 11 11:39:19 2022 -0400
treedb1784dcb98974b8f70e8126c0d02e68571d41be
parent78a18f6daeec74318ec7f2a0d5819e5f78bd1b80 [diff]
lib/crypto: support sha384/sha512 in x509/pkcs7

Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
(not set by ported linux code, but needed by __UBOOT__ part).

EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
correctness if certificates contain sha384WithRSAEncryption or
sha512WithRSAEncryption OIDs.

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c
index 82c5c74..b832f01 100644
--- a/lib/crypto/pkcs7_verify.c
+++ b/lib/crypto/pkcs7_verify.c

@@ -65,6 +65,10 @@
 		return -ENOPKG;
 	if (!strcmp(sinfo->sig->hash_algo, "sha256"))
 		sig->digest_size = SHA256_SUM_LEN;
+	else if (!strcmp(sinfo->sig->hash_algo, "sha384"))
+		sig->digest_size = SHA384_SUM_LEN;
+	else if (!strcmp(sinfo->sig->hash_algo, "sha512"))
+		sig->digest_size = SHA512_SUM_LEN;
 	else if (!strcmp(sinfo->sig->hash_algo, "sha1"))
 		sig->digest_size = SHA1_SUM_LEN;
 	else

diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c
index d557ab2..5c0e2b6 100644
--- a/lib/crypto/x509_public_key.c
+++ b/lib/crypto/x509_public_key.c

@@ -71,6 +71,10 @@
 		return -ENOPKG;
 	if (!strcmp(sig->hash_algo, "sha256"))
 		sig->digest_size = SHA256_SUM_LEN;
+	else if (!strcmp(sig->hash_algo, "sha384"))
+		sig->digest_size = SHA384_SUM_LEN;
+	else if (!strcmp(sig->hash_algo, "sha512"))
+		sig->digest_size = SHA512_SUM_LEN;
 	else if (!strcmp(sig->hash_algo, "sha1"))
 		sig->digest_size = SHA1_SUM_LEN;
 	else