From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=jui-pengx.liao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E0D6321F85E8A for ; Tue, 27 Mar 2018 02:09:37 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Mar 2018 02:16:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,366,1517904000"; d="scan'208";a="29208801" Received: from pgsmsx112.gar.corp.intel.com ([10.108.55.201]) by orsmga006.jf.intel.com with ESMTP; 27 Mar 2018 02:16:13 -0700 Received: from pgsmsx102.gar.corp.intel.com ([169.254.6.102]) by PGSMSX112.gar.corp.intel.com ([169.254.3.227]) with mapi id 14.03.0319.002; Tue, 27 Mar 2018 17:16:12 +0800 From: "Liao, Jui-pengX" To: "Gao, Liming" , "Long, Qin" , "Zhu, Yonghong" , "edk2-devel@lists.01.org" CC: "Kinney, Michael D" , "Liao, Jui-pengX" Thread-Topic: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options Thread-Index: AQHTxY8ymR+IfrsxH0GIIdJDPbvVfKPjMPOAgAAKVoCAAARmgIAAjNeA Date: Tue, 27 Mar 2018 09:16:12 +0000 Message-ID: <8388C294C3367C4BAAE68AB495490AF333D295AE@PGSMSX102.gar.corp.intel.com> References: <1522129682-14304-1-git-send-email-liming.gao@intel.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14E1EE5E7@SHSMSX104.ccr.corp.intel.com> In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E1EE5E7@SHSMSX104.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzVhNzc1MmQtN2YwNS00MmNiLWFkMGEtZTNhNGYzZjhlYjlkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJYWWpFZ0ZFZmdhc1E1UHh2Rk5MczZsa0RCYTFUN3ZXQ1RIb3RQTldvRDBPYXNCaDhrb25kbFgwdDZNbW8rdlwvdiJ9 x-originating-ip: [172.30.20.205] MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 27 Mar 2018 03:26:03 -0700 Subject: Re: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2018 09:09:38 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, The "openssl dgst -sha256" is working as well. [configuration] Xcode 9 Openssl 0.9.8zh 14 Jan 2016 Best regards George Liao -----Original Message----- From: Gao, Liming=20 Sent: Tuesday, March 27, 2018 4:49 PM To: Long, Qin ; Zhu, Yonghong ;= edk2-devel@lists.01.org Cc: Kinney, Michael D ; Liao, Jui-pengX Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl = standard options Qin: Thanks for your suggestion. It also work. I agree this style is better.=20 Thanks Liming >-----Original Message----- >From: Long, Qin >Sent: Tuesday, March 27, 2018 4:33 PM >To: Zhu, Yonghong ; Gao, Liming=20 >; edk2-devel@lists.01.org >Cc: Kinney, Michael D ; Liao, Jui-pengX=20 > >Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use=20 >openssl standard options > >This ("sha1 -sha256") looks a little odd. >Could we try "openssl dgst -sha256 ...."? > > >Best Regards & Thanks, >LONG, Qin > >-----Original Message----- >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of=20 >Zhu, Yonghong >Sent: Tuesday, March 27, 2018 3:56 PM >To: Gao, Liming ; edk2-devel@lists.01.org >Cc: Kinney, Michael D ; Liao, Jui-pengX=20 > >Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to=20 >use openssl standard options > >Reviewed-by: Yonghong Zhu > >Best Regards, >Zhu Yonghong > > >-----Original Message----- >From: Gao, Liming >Sent: Tuesday, March 27, 2018 1:48 PM >To: edk2-devel@lists.01.org >Cc: Liao, Jui-pengX ; Kinney, Michael D=20 >; Zhu, Yonghong >Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl=20 >standard options > >sha256 is not the standard option. It should be replaced by sha -sha256. >Otherwise, it doesn't work in MAC OS. > >In V2, update the option to sha1 -sha256. >In late openssl version >=3D 1.1, there is no sha option, but has sha1,sha= 256. >In previous openssl version < 1.1, there is no sha256, but has sha,sha1. >To work with all openssl version, use sha1 -sha256 for it. > >Contributed-under: TianoCore Contribution Agreement 1.1 >Signed-off-by: Liao Jui-peng >Signed-off-by: Liming Gao >Cc: Michael Kinney >Cc: Yonghong Zhu >--- > BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4=20 >++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git >a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >index 1ae6ebb..4188f8e 100644 >--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py >@@ -176,7 +176,7 @@ if __name__ =3D=3D '__main__': > # > # Sign the input file using the specified private key and capture=20 >signature from STDOUT > # >- Process =3D subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand= , >args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE,=20 >stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue) >+ Process =3D subprocess.Popen('%s sha1 -sha256 -sign "%s"' % >(OpenSslCommand, args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE,=20 >stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue) > Signature =3D Process.communicate(input=3DFullInputFileBuffer)[0] > if Process.returncode <> 0: > sys.exit(Process.returncode) >@@ -225,7 +225,7 @@ if __name__ =3D=3D '__main__': > # > # Verify signature > # >- Process =3D subprocess.Popen('%s sha256 -prverify "%s" -signature %s'= % >(OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName),=20 >stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIP= E, >shell=3DTrue) >+ Process =3D subprocess.Popen('%s sha1 -sha256 -prverify "%s" - >signature %s' % (OpenSslCommand, args.PrivateKeyFileName,=20 >args.OutputFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE,=20 >stderr=3Dsubprocess.PIPE, shell=3DTrue) > Process.communicate(input=3DFullInputFileBuffer) > if Process.returncode <> 0: > print 'ERROR: Verification failed' >-- >2.8.0.windows.1 > >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.01.org >https://lists.01.org/mailman/listinfo/edk2-devel