From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yonghong.zhu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.31; helo=mga06.intel.com;
 envelope-from=yonghong.zhu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 73E1721CF1D05
 for <edk2-devel@lists.01.org>; Tue, 27 Mar 2018 00:50:57 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 27 Mar 2018 00:57:33 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.48,366,1517904000"; d="scan'208";a="211615345"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
 by orsmga005.jf.intel.com with ESMTP; 27 Mar 2018 00:57:32 -0700
Received: from fmsmsx119.amr.corp.intel.com (10.18.124.207) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 27 Mar 2018 00:57:09 -0700
Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by
 FMSMSX119.amr.corp.intel.com (10.18.124.207) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 27 Mar 2018 00:57:08 -0700
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.235]) by
 SHSMSX152.ccr.corp.intel.com ([169.254.6.129]) with mapi id 14.03.0319.002;
 Tue, 27 Mar 2018 15:56:20 +0800
From: "Zhu, Yonghong" <yonghong.zhu@intel.com>
To: "Gao, Liming" <liming.gao@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Liao, Jui-pengX" <jui-pengx.liao@intel.com>, "Kinney, Michael D"
 <michael.d.kinney@intel.com>, "Zhu, Yonghong" <yonghong.zhu@intel.com>
Thread-Topic: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl
 standard options
Thread-Index: AQHTxY8xMcVkgac/b0Sdib1eRFB3DqPjttgA
Date: Tue, 27 Mar 2018 07:56:19 +0000
Message-ID: <B9726D6DCCFB8B4CA276A9169B02216D51FBE3DC@SHSMSX103.ccr.corp.intel.com>
References: <1522129682-14304-1-git-send-email-liming.gao@intel.com>
In-Reply-To: <1522129682-14304-1-git-send-email-liming.gao@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 07:50:57 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>=20

Best Regards,
Zhu Yonghong


-----Original Message-----
From: Gao, Liming=20
Sent: Tuesday, March 27, 2018 1:48 PM
To: edk2-devel@lists.01.org
Cc: Liao, Jui-pengX <jui-pengx.liao@intel.com>; Kinney, Michael D <michael.=
d.kinney@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>
Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl stan=
dard options

sha256 is not the standard option. It should be replaced by sha -sha256.
Otherwise, it doesn't work in MAC OS.

In V2, update the option to sha1 -sha256.
In late openssl version >=3D 1.1, there is no sha option, but has sha1,sha2=
56.
In previous openssl version < 1.1, there is no sha256, but has sha,sha1.
To work with all openssl version, use sha1 -sha256 for it.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liao Jui-peng <jui-pengx.liao@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py=
 b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 1ae6ebb..4188f8e 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
@@ -176,7 +176,7 @@ if __name__ =3D=3D '__main__':
     #=20
     # Sign the input file using the specified private key and capture sign=
ature from STDOUT
     #
-    Process =3D subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand,=
 args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIP=
E, stderr=3Dsubprocess.PIPE, shell=3DTrue)
+    Process =3D subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCo=
mmand, args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubproce=
ss.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue)
     Signature =3D Process.communicate(input=3DFullInputFileBuffer)[0]
     if Process.returncode <> 0:
       sys.exit(Process.returncode)
@@ -225,7 +225,7 @@ if __name__ =3D=3D '__main__':
     #
     # Verify signature
     #   =20
-    Process =3D subprocess.Popen('%s sha256 -prverify "%s" -signature %s' =
% (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=3Ds=
ubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell=
=3DTrue)
+    Process =3D subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signatur=
e %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), std=
in=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, s=
hell=3DTrue)
     Process.communicate(input=3DFullInputFileBuffer)
     if Process.returncode <> 0:
       print 'ERROR: Verification failed'
--=20
2.8.0.windows.1