BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
sha256 is not the standard option. It should be replaced by sha -sha256.
Otherwise, it doesn't work in MAC OS.
In V2, update the option to sha1 -sha256.
In late openssl version >= 1.1, there is no sha option, but has sha1,sha256.
In previous openssl version < 1.1, there is no sha256, but has sha,sha1.
To work with all openssl version, use sha1 -sha256 for it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liao Jui-peng <jui-pengx.liao@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
---
BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 1ae6ebb..4188f8e 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
@@ -176,7 +176,7 @@ if __name__ == '__main__':
#
# Sign the input file using the specified private key and capture signature from STDOUT
#
- Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+ Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
Signature = Process.communicate(input=FullInputFileBuffer)[0]
if Process.returncode <> 0:
sys.exit(Process.returncode)
@@ -225,7 +225,7 @@ if __name__ == '__main__':
#
# Verify signature
#
- Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+ Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
Process.communicate(input=FullInputFileBuffer)
if Process.returncode <> 0:
print 'ERROR: Verification failed'
--
2.8.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
Best Regards,
Zhu Yonghong
-----Original Message-----
From: Gao, Liming
Sent: Tuesday, March 27, 2018 1:48 PM
To: edk2-devel@lists.01.org
Cc: Liao, Jui-pengX <jui-pengx.liao@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>
Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options
sha256 is not the standard option. It should be replaced by sha -sha256.
Otherwise, it doesn't work in MAC OS.
In V2, update the option to sha1 -sha256.
In late openssl version >= 1.1, there is no sha option, but has sha1,sha256.
In previous openssl version < 1.1, there is no sha256, but has sha,sha1.
To work with all openssl version, use sha1 -sha256 for it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liao Jui-peng <jui-pengx.liao@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
---
BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 1ae6ebb..4188f8e 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
@@ -176,7 +176,7 @@ if __name__ == '__main__':
#
# Sign the input file using the specified private key and capture signature from STDOUT
#
- Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+ Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
Signature = Process.communicate(input=FullInputFileBuffer)[0]
if Process.returncode <> 0:
sys.exit(Process.returncode)
@@ -225,7 +225,7 @@ if __name__ == '__main__':
#
# Verify signature
#
- Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+ Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
Process.communicate(input=FullInputFileBuffer)
if Process.returncode <> 0:
print 'ERROR: Verification failed'
--
2.8.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
This ("sha1 -sha256") looks a little odd.
Could we try "openssl dgst -sha256 ...."?
Best Regards & Thanks,
LONG, Qin
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhu, Yonghong
Sent: Tuesday, March 27, 2018 3:56 PM
To: Gao, Liming <liming.gao@intel.com>; edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX <jui-pengx.liao@intel.com>
Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options
Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
Best Regards,
Zhu Yonghong
-----Original Message-----
From: Gao, Liming
Sent: Tuesday, March 27, 2018 1:48 PM
To: edk2-devel@lists.01.org
Cc: Liao, Jui-pengX <jui-pengx.liao@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>
Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options
sha256 is not the standard option. It should be replaced by sha -sha256.
Otherwise, it doesn't work in MAC OS.
In V2, update the option to sha1 -sha256.
In late openssl version >= 1.1, there is no sha option, but has sha1,sha256.
In previous openssl version < 1.1, there is no sha256, but has sha,sha1.
To work with all openssl version, use sha1 -sha256 for it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liao Jui-peng <jui-pengx.liao@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
---
BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 1ae6ebb..4188f8e 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
@@ -176,7 +176,7 @@ if __name__ == '__main__':
#
# Sign the input file using the specified private key and capture signature from STDOUT
#
- Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+ Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
Signature = Process.communicate(input=FullInputFileBuffer)[0]
if Process.returncode <> 0:
sys.exit(Process.returncode)
@@ -225,7 +225,7 @@ if __name__ == '__main__':
#
# Verify signature
#
- Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+ Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
Process.communicate(input=FullInputFileBuffer)
if Process.returncode <> 0:
print 'ERROR: Verification failed'
--
2.8.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Qin:
Thanks for your suggestion. It also work. I agree this style is better.
Thanks
Liming
>-----Original Message-----
>From: Long, Qin
>Sent: Tuesday, March 27, 2018 4:33 PM
>To: Zhu, Yonghong <yonghong.zhu@intel.com>; Gao, Liming
><liming.gao@intel.com>; edk2-devel@lists.01.org
>Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX <jui-
>pengx.liao@intel.com>
>Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl
>standard options
>
>This ("sha1 -sha256") looks a little odd.
>Could we try "openssl dgst -sha256 ...."?
>
>
>Best Regards & Thanks,
>LONG, Qin
>
>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhu,
>Yonghong
>Sent: Tuesday, March 27, 2018 3:56 PM
>To: Gao, Liming <liming.gao@intel.com>; edk2-devel@lists.01.org
>Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX <jui-
>pengx.liao@intel.com>
>Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use
>openssl standard options
>
>Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
>
>Best Regards,
>Zhu Yonghong
>
>
>-----Original Message-----
>From: Gao, Liming
>Sent: Tuesday, March 27, 2018 1:48 PM
>To: edk2-devel@lists.01.org
>Cc: Liao, Jui-pengX <jui-pengx.liao@intel.com>; Kinney, Michael D
><michael.d.kinney@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>
>Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl
>standard options
>
>sha256 is not the standard option. It should be replaced by sha -sha256.
>Otherwise, it doesn't work in MAC OS.
>
>In V2, update the option to sha1 -sha256.
>In late openssl version >= 1.1, there is no sha option, but has sha1,sha256.
>In previous openssl version < 1.1, there is no sha256, but has sha,sha1.
>To work with all openssl version, use sha1 -sha256 for it.
>
>Contributed-under: TianoCore Contribution Agreement 1.1
>Signed-off-by: Liao Jui-peng <jui-pengx.liao@intel.com>
>Signed-off-by: Liming Gao <liming.gao@intel.com>
>Cc: Michael Kinney <michael.d.kinney@intel.com>
>Cc: Yonghong Zhu <yonghong.zhu@intel.com>
>---
> BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git
>a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>index 1ae6ebb..4188f8e 100644
>--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>@@ -176,7 +176,7 @@ if __name__ == '__main__':
> #
> # Sign the input file using the specified private key and capture signature
>from STDOUT
> #
>- Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand,
>args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
>stderr=subprocess.PIPE, shell=True)
>+ Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' %
>(OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE,
>stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
> Signature = Process.communicate(input=FullInputFileBuffer)[0]
> if Process.returncode <> 0:
> sys.exit(Process.returncode)
>@@ -225,7 +225,7 @@ if __name__ == '__main__':
> #
> # Verify signature
> #
>- Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' %
>(OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName),
>stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
>shell=True)
>+ Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -
>signature %s' % (OpenSslCommand, args.PrivateKeyFileName,
>args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
>stderr=subprocess.PIPE, shell=True)
> Process.communicate(input=FullInputFileBuffer)
> if Process.returncode <> 0:
> print 'ERROR: Verification failed'
>--
>2.8.0.windows.1
>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Hi all,
The "openssl dgst -sha256" is working as well.
[configuration]
Xcode 9
Openssl 0.9.8zh 14 Jan 2016
Best regards
George Liao
-----Original Message-----
From: Gao, Liming
Sent: Tuesday, March 27, 2018 4:49 PM
To: Long, Qin <qin.long@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>; edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX <jui-pengx.liao@intel.com>
Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options
Qin:
Thanks for your suggestion. It also work. I agree this style is better.
Thanks
Liming
>-----Original Message-----
>From: Long, Qin
>Sent: Tuesday, March 27, 2018 4:33 PM
>To: Zhu, Yonghong <yonghong.zhu@intel.com>; Gao, Liming
><liming.gao@intel.com>; edk2-devel@lists.01.org
>Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX
><jui- pengx.liao@intel.com>
>Subject: RE: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use
>openssl standard options
>
>This ("sha1 -sha256") looks a little odd.
>Could we try "openssl dgst -sha256 ...."?
>
>
>Best Regards & Thanks,
>LONG, Qin
>
>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>Zhu, Yonghong
>Sent: Tuesday, March 27, 2018 3:56 PM
>To: Gao, Liming <liming.gao@intel.com>; edk2-devel@lists.01.org
>Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Liao, Jui-pengX
><jui- pengx.liao@intel.com>
>Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to
>use openssl standard options
>
>Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
>
>Best Regards,
>Zhu Yonghong
>
>
>-----Original Message-----
>From: Gao, Liming
>Sent: Tuesday, March 27, 2018 1:48 PM
>To: edk2-devel@lists.01.org
>Cc: Liao, Jui-pengX <jui-pengx.liao@intel.com>; Kinney, Michael D
><michael.d.kinney@intel.com>; Zhu, Yonghong <yonghong.zhu@intel.com>
>Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl
>standard options
>
>sha256 is not the standard option. It should be replaced by sha -sha256.
>Otherwise, it doesn't work in MAC OS.
>
>In V2, update the option to sha1 -sha256.
>In late openssl version >= 1.1, there is no sha option, but has sha1,sha256.
>In previous openssl version < 1.1, there is no sha256, but has sha,sha1.
>To work with all openssl version, use sha1 -sha256 for it.
>
>Contributed-under: TianoCore Contribution Agreement 1.1
>Signed-off-by: Liao Jui-peng <jui-pengx.liao@intel.com>
>Signed-off-by: Liming Gao <liming.gao@intel.com>
>Cc: Michael Kinney <michael.d.kinney@intel.com>
>Cc: Yonghong Zhu <yonghong.zhu@intel.com>
>---
> BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4
>++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git
>a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>index 1ae6ebb..4188f8e 100644
>--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
>@@ -176,7 +176,7 @@ if __name__ == '__main__':
> #
> # Sign the input file using the specified private key and capture
>signature from STDOUT
> #
>- Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand,
>args.PrivateKeyFileName), stdin=subprocess.PIPE,
>stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
>+ Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' %
>(OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE,
>stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
> Signature = Process.communicate(input=FullInputFileBuffer)[0]
> if Process.returncode <> 0:
> sys.exit(Process.returncode)
>@@ -225,7 +225,7 @@ if __name__ == '__main__':
> #
> # Verify signature
> #
>- Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' %
>(OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName),
>stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
>shell=True)
>+ Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -
>signature %s' % (OpenSslCommand, args.PrivateKeyFileName,
>args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
>stderr=subprocess.PIPE, shell=True)
> Process.communicate(input=FullInputFileBuffer)
> if Process.returncode <> 0:
> print 'ERROR: Verification failed'
>--
>2.8.0.windows.1
>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.