From e146a2c12ff1e9138f564ae6815a131bd850d8ef Mon Sep 17 00:00:00 2001 From: Dhananjay Phadke Date: Tue, 15 Mar 2022 10:19:32 -0700 Subject: lib/crypto: support sha384/sha512 in x509/pkcs7 Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509, (not set by ported linux code, but needed by __UBOOT__ part). EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for correctness if certificates contain sha384WithRSAEncryption or sha512WithRSAEncryption OIDs. Signed-off-by: Dhananjay Phadke Reviewed-by: Ilias Apalodimas --- lib/crypto/pkcs7_verify.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/crypto/pkcs7_verify.c') diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c index 82c5c745d49..b832f013566 100644 --- a/lib/crypto/pkcs7_verify.c +++ b/lib/crypto/pkcs7_verify.c @@ -65,6 +65,10 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7, return -ENOPKG; if (!strcmp(sinfo->sig->hash_algo, "sha256")) sig->digest_size = SHA256_SUM_LEN; + else if (!strcmp(sinfo->sig->hash_algo, "sha384")) + sig->digest_size = SHA384_SUM_LEN; + else if (!strcmp(sinfo->sig->hash_algo, "sha512")) + sig->digest_size = SHA512_SUM_LEN; else if (!strcmp(sinfo->sig->hash_algo, "sha1")) sig->digest_size = SHA1_SUM_LEN; else -- cgit v1.2.3