From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=qin.long@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4F3ED2035BA3F for ; Tue, 27 Mar 2018 01:26:45 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Mar 2018 01:33:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,366,1517904000"; d="scan'208";a="37129611" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by FMSMGA003.fm.intel.com with ESMTP; 27 Mar 2018 01:33:21 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 27 Mar 2018 01:33:21 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.235]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.226]) with mapi id 14.03.0319.002; Tue, 27 Mar 2018 16:33:20 +0800 From: "Long, Qin" To: "Zhu, Yonghong" , "Gao, Liming" , "edk2-devel@lists.01.org" CC: "Kinney, Michael D" , "Liao, Jui-pengX" Thread-Topic: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options Thread-Index: AQHTxaFN8es+hG5AvEOYVUv9DshbJqPjwHpA Date: Tue, 27 Mar 2018 08:33:19 +0000 Message-ID: References: <1522129682-14304-1-git-send-email-liming.gao@intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2018 08:26:46 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable This ("sha1 -sha256") looks a little odd.=20 Could we try "openssl dgst -sha256 ...."? Best Regards & Thanks, LONG, Qin -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhu,= Yonghong Sent: Tuesday, March 27, 2018 3:56 PM To: Gao, Liming ; edk2-devel@lists.01.org Cc: Kinney, Michael D ; Liao, Jui-pengX Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use o= penssl standard options Reviewed-by: Yonghong Zhu =20 Best Regards, Zhu Yonghong -----Original Message----- From: Gao, Liming=20 Sent: Tuesday, March 27, 2018 1:48 PM To: edk2-devel@lists.01.org Cc: Liao, Jui-pengX ; Kinney, Michael D ; Zhu, Yonghong Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl stan= dard options sha256 is not the standard option. It should be replaced by sha -sha256. Otherwise, it doesn't work in MAC OS. In V2, update the option to sha1 -sha256. In late openssl version >=3D 1.1, there is no sha option, but has sha1,sha2= 56. In previous openssl version < 1.1, there is no sha256, but has sha,sha1. To work with all openssl version, use sha1 -sha256 for it. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liao Jui-peng Signed-off-by: Liming Gao Cc: Michael Kinney Cc: Yonghong Zhu --- BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py= b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py index 1ae6ebb..4188f8e 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py @@ -176,7 +176,7 @@ if __name__ =3D=3D '__main__': #=20 # Sign the input file using the specified private key and capture sign= ature from STDOUT # - Process =3D subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand,= args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIP= E, stderr=3Dsubprocess.PIPE, shell=3DTrue) + Process =3D subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCo= mmand, args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubproce= ss.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue) Signature =3D Process.communicate(input=3DFullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) @@ -225,7 +225,7 @@ if __name__ =3D=3D '__main__': # # Verify signature # =20 - Process =3D subprocess.Popen('%s sha256 -prverify "%s" -signature %s' = % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=3Ds= ubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell= =3DTrue) + Process =3D subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signatur= e %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), std= in=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, s= hell=3DTrue) Process.communicate(input=3DFullInputFileBuffer) if Process.returncode <> 0: print 'ERROR: Verification failed' --=20 2.8.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel