From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BD26221F85E6F for ; Tue, 27 Mar 2018 01:42:30 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Mar 2018 01:49:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,366,1517904000"; d="scan'208";a="29202486" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga006.jf.intel.com with ESMTP; 27 Mar 2018 01:49:07 -0700 Received: from fmsmsx101.amr.corp.intel.com (10.18.124.199) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 27 Mar 2018 01:49:06 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx101.amr.corp.intel.com (10.18.124.199) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 27 Mar 2018 01:49:06 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.226]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.108]) with mapi id 14.03.0319.002; Tue, 27 Mar 2018 16:49:04 +0800 From: "Gao, Liming" To: "Long, Qin" , "Zhu, Yonghong" , "edk2-devel@lists.01.org" CC: "Kinney, Michael D" , "Liao, Jui-pengX" Thread-Topic: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options Thread-Index: AQHTxaEXEGBPz8mojEKQX6cRF8d/tqPjOyWAgACKROA= Date: Tue, 27 Mar 2018 08:49:03 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E1EE5E7@SHSMSX104.ccr.corp.intel.com> References: <1522129682-14304-1-git-send-email-liming.gao@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2018 08:42:31 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Qin: Thanks for your suggestion. It also work. I agree this style is better.=20 Thanks Liming >-----Original Message----- >From: Long, Qin >Sent: Tuesday, March 27, 2018 4:33 PM >To: Zhu, Yonghong ; Gao, Liming >; edk2-devel@lists.01.org >Cc: Kinney, Michael D ; Liao, Jui-pengX pengx.liao@intel.com> >Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl >standard options > >This ("sha1 -sha256") looks a little odd. >Could we try "openssl dgst -sha256 ...."? > > >Best Regards & Thanks, >LONG, Qin > >-----Original Message----- >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhu= , >Yonghong >Sent: Tuesday, March 27, 2018 3:56 PM >To: Gao, Liming ; edk2-devel@lists.01.org >Cc: Kinney, Michael D ; Liao, Jui-pengX pengx.liao@intel.com> >Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use >openssl standard options > >Reviewed-by: Yonghong Zhu > >Best Regards, >Zhu Yonghong > > >-----Original Message----- >From: Gao, Liming >Sent: Tuesday, March 27, 2018 1:48 PM >To: edk2-devel@lists.01.org >Cc: Liao, Jui-pengX ; Kinney, Michael D >; Zhu, Yonghong >Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl >standard options > >sha256 is not the standard option. It should be replaced by sha -sha256. >Otherwise, it doesn't work in MAC OS. > >In V2, update the option to sha1 -sha256. >In late openssl version >=3D 1.1, there is no sha option, but has sha1,sha= 256. >In previous openssl version < 1.1, there is no sha256, but has sha,sha1. >To work with all openssl version, use sha1 -sha256 for it. > >Contributed-under: TianoCore Contribution Agreement 1.1 >Signed-off-by: Liao Jui-peng >Signed-off-by: Liming Gao >Cc: Michael Kinney >Cc: Yonghong Zhu >--- > BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git >a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >index 1ae6ebb..4188f8e 100644 >--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >@@ -176,7 +176,7 @@ if __name__ =3D=3D '__main__': > # > # Sign the input file using the specified private key and capture sig= nature >from STDOUT > # >- Process =3D subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand= , >args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIP= E, >stderr=3Dsubprocess.PIPE, shell=3DTrue) >+ Process =3D subprocess.Popen('%s sha1 -sha256 -sign "%s"' % >(OpenSslCommand, args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, >stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue) > Signature =3D Process.communicate(input=3DFullInputFileBuffer)[0] > if Process.returncode <> 0: > sys.exit(Process.returncode) >@@ -225,7 +225,7 @@ if __name__ =3D=3D '__main__': > # > # Verify signature > # >- Process =3D subprocess.Popen('%s sha256 -prverify "%s" -signature %s'= % >(OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), >stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIP= E, >shell=3DTrue) >+ Process =3D subprocess.Popen('%s sha1 -sha256 -prverify "%s" - >signature %s' % (OpenSslCommand, args.PrivateKeyFileName, >args.OutputFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, >stderr=3Dsubprocess.PIPE, shell=3DTrue) > Process.communicate(input=3DFullInputFileBuffer) > if Process.returncode <> 0: > print 'ERROR: Verification failed' >-- >2.8.0.windows.1 > >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.01.org >https://lists.01.org/mailman/listinfo/edk2-devel