From: "Gao, Liming" <liming.gao@intel.com>
To: "Zhu, Yonghong" <yonghong.zhu@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True
Date: Wed, 29 Mar 2017 07:29:35 +0000 [thread overview]
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14D706036@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <1490693858-47496-1-git-send-email-yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Yonghong Zhu
> Sent: Tuesday, March 28, 2017 5:38 PM
> To: edk2-devel@lists.01.org
> Cc: Gao, Liming <liming.gao@intel.com>
> Subject: [edk2] [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True
>
> Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work
> on Linux. It needs to be changed with shell=True.
>
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
> ---
> BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py | 4 ++--
> .../Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py | 6 +++---
> BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 6 +++---
> 3 files changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
> index 6412587..ef79f80 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
> +++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
> @@ -201,11 +201,11 @@ if __name__ == '__main__':
> FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
>
> #
> # Sign the input file using the specified private key and capture signature from STDOUT
> #
> - Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand,
> args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)
> + Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand,
> args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, shell=True)
> Signature = Process.communicate(input=FullInputFileBuffer)[0]
> if Process.returncode <> 0:
> sys.exit(Process.returncode)
>
> #
> @@ -270,11 +270,11 @@ if __name__ == '__main__':
> open(args.OutputFileName, 'wb').write(FullInputFileBuffer)
>
> #
> # Verify signature
> #
> - Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName,
> args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
> + Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName,
> args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
> Process.communicate(input=args.SignatureBuffer)[0]
> if Process.returncode <> 0:
> print 'ERROR: Verification failed'
> os.remove (args.OutputFileName)
> sys.exit(Process.returncode)
> diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
> b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
> index 2dd6c20..df2d989 100644
> --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
> +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
> @@ -96,11 +96,11 @@ if __name__ == '__main__':
> Item.close()
>
> #
> # Generate private key and save it to output file in a PEM file format
> #
> - Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)
> + Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, shell=True)
> Process.communicate()
> if Process.returncode <> 0:
> print 'ERROR: RSA 2048 key generation failed'
> sys.exit(Process.returncode)
>
> @@ -118,11 +118,11 @@ if __name__ == '__main__':
> PublicKeyHash = ''
> for Item in args.PemFileName:
> #
> # Extract public key from private key into STDOUT
> #
> - Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)
> + Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, shell=True)
> PublicKeyHexString = Process.communicate()[0].split('=')[1].strip()
> if Process.returncode <> 0:
> print 'ERROR: Unable to extract public key from private key'
> sys.exit(Process.returncode)
> PublicKey = ''
> @@ -130,11 +130,11 @@ if __name__ == '__main__':
> PublicKey = PublicKey + chr(int(PublicKeyHexString[Index:Index + 2], 16))
>
> #
> # Generate SHA 256 hash of RSA 2048 bit public key into STDOUT
> #
> - Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)
> + Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, shell=True)
> Process.stdin.write (PublicKey)
> PublicKeyHash = PublicKeyHash + Process.communicate()[0]
> if Process.returncode <> 0:
> print 'ERROR: Unable to extract SHA 256 hash of public key'
> sys.exit(Process.returncode)
> diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
> b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
> index 952583c..4367194 100644
> --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
> +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
> @@ -146,11 +146,11 @@ if __name__ == '__main__':
> sys.exit(1)
>
> #
> # Extract public key from private key into STDOUT
> #
> - Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName),
> stdout=subprocess.PIPE, stderr=subprocess.PIPE)
> + Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName),
> stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
> PublicKeyHexString = Process.communicate()[0].split('=')[1].strip()
> PublicKey = ''
> while len(PublicKeyHexString) > 0:
> PublicKey = PublicKey + chr(int(PublicKeyHexString[0:2],16))
> PublicKeyHexString=PublicKeyHexString[2:]
> @@ -172,11 +172,11 @@ if __name__ == '__main__':
> format = "%dsQ" % len(args.InputFileBuffer)
> FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
> #
> # Sign the input file using the specified private key and capture signature from STDOUT
> #
> - Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE,
> stdout=subprocess.PIPE, stderr=subprocess.PIPE)
> + Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE,
> stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
> Signature = Process.communicate(input=FullInputFileBuffer)[0]
> if Process.returncode <> 0:
> sys.exit(Process.returncode)
>
> #
> @@ -221,11 +221,11 @@ if __name__ == '__main__':
> open(args.OutputFileName, 'wb').write(Header.Signature)
>
> #
> # Verify signature
> #
> - Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName,
> args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
> + Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName,
> args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
> Process.communicate(input=FullInputFileBuffer)
> if Process.returncode <> 0:
> print 'ERROR: Verification failed'
> os.remove (args.OutputFileName)
> sys.exit(Process.returncode)
> --
> 2.6.1.windows.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
prev parent reply other threads:[~2017-03-29 7:29 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-28 9:37 [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True Yonghong Zhu
2017-03-29 7:29 ` Gao, Liming [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A89E2EF3DFEDB4C8BFDE51014F606A14D706036@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox