public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Liao, Jui-pengX" <jui-pengx.liao@intel.com>
To: "Gao, Liming" <liming.gao@intel.com>,
	"Long, Qin" <qin.long@intel.com>,
	"Zhu, Yonghong" <yonghong.zhu@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
	"Liao, Jui-pengX" <jui-pengx.liao@intel.com>
Subject: Re: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options
Date: Tue, 27 Mar 2018 09:16:12 +0000	[thread overview]
Message-ID: <8388C294C3367C4BAAE68AB495490AF333D295AE@PGSMSX102.gar.corp.intel.com> (raw)
In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E1EE5E7@SHSMSX104.ccr.corp.intel.com>

Hi all,
The "openssl dgst -sha256" is working as well.

[configuration]
Xcode 9
Openssl 0.9.8zh 14 Jan 2016

Best regards
George Liao
-----Original Message-----
From: Gao, Liming 
Sent: Tuesday, March 27, 2018 4:49 PM
To: Long, Qin <qin.long@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>; edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX <jui-pengx.liao@intel.com>
Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options

Qin:
  Thanks for your suggestion. It also work. I agree this style is better. 

Thanks
Liming
>-----Original Message-----
>From: Long, Qin
>Sent: Tuesday, March 27, 2018 4:33 PM
>To: Zhu, Yonghong <yonghong.zhu@intel.com>; Gao, Liming 
><liming.gao@intel.com>; edk2-devel@lists.01.org
>Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX 
><jui- pengx.liao@intel.com>
>Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use 
>openssl standard options
>
>This ("sha1 -sha256") looks a little odd.
>Could we try "openssl dgst -sha256 ...."?
>
>
>Best Regards & Thanks,
>LONG, Qin
>
>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of 
>Zhu, Yonghong
>Sent: Tuesday, March 27, 2018 3:56 PM
>To: Gao, Liming <liming.gao@intel.com>; edk2-devel@lists.01.org
>Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX 
><jui- pengx.liao@intel.com>
>Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to 
>use openssl standard options
>
>Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
>
>Best Regards,
>Zhu Yonghong
>
>
>-----Original Message-----
>From: Gao, Liming
>Sent: Tuesday, March 27, 2018 1:48 PM
>To: edk2-devel@lists.01.org
>Cc: Liao, Jui-pengX <jui-pengx.liao@intel.com>; Kinney, Michael D 
><michael.d.kinney@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>
>Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl 
>standard options
>
>sha256 is not the standard option. It should be replaced by sha -sha256.
>Otherwise, it doesn't work in MAC OS.
>
>In V2, update the option to sha1 -sha256.
>In late openssl version >= 1.1, there is no sha option, but has sha1,sha256.
>In previous openssl version < 1.1, there is no sha256, but has sha,sha1.
>To work with all openssl version, use sha1 -sha256 for it.
>
>Contributed-under: TianoCore Contribution Agreement 1.1
>Signed-off-by: Liao Jui-peng <jui-pengx.liao@intel.com>
>Signed-off-by: Liming Gao <liming.gao@intel.com>
>Cc: Michael Kinney <michael.d.kinney@intel.com>
>Cc: Yonghong Zhu <yonghong.zhu@intel.com>
>---
> BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 
>++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git
>a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>index 1ae6ebb..4188f8e 100644
>--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>@@ -176,7 +176,7 @@ if __name__ == '__main__':
>     #
>     # Sign the input file using the specified private key and capture 
>signature from STDOUT
>     #
>-    Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand,
>args.PrivateKeyFileName), stdin=subprocess.PIPE, 
>stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
>+    Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' %
>(OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, 
>stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
>     Signature = Process.communicate(input=FullInputFileBuffer)[0]
>     if Process.returncode <> 0:
>       sys.exit(Process.returncode)
>@@ -225,7 +225,7 @@ if __name__ == '__main__':
>     #
>     # Verify signature
>     #
>-    Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' %
>(OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), 
>stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
>shell=True)
>+    Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -
>signature %s' % (OpenSslCommand, args.PrivateKeyFileName, 
>args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, 
>stderr=subprocess.PIPE, shell=True)
>     Process.communicate(input=FullInputFileBuffer)
>     if Process.returncode <> 0:
>       print 'ERROR: Verification failed'
>--
>2.8.0.windows.1
>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel


      reply	other threads:[~2018-03-27  9:09 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-27  5:48 [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options Liming Gao
2018-03-27  7:56 ` Zhu, Yonghong
2018-03-27  8:33   ` Long, Qin
2018-03-27  8:49     ` Gao, Liming
2018-03-27  9:16       ` Liao, Jui-pengX [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8388C294C3367C4BAAE68AB495490AF333D295AE@PGSMSX102.gar.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox