mirror of https://github.com/acidanthera/audk.git
BaseTools: Update Rsa2048Sha256Sign to use openssl standard options
sha256 is not the standard option. It should be replaced by sha -sha256. Otherwise, it doesn't work in MAC OS. In V2, update the option to sha1 -sha256. In late openssl version >= 1.1, there is no sha option, but has sha1,sha256. In previous openssl version < 1.1, there is no sha256, but has sha,sha1. To work with all openssl version, use sha1 -sha256 for it. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liao Jui-peng <jui-pengx.liao@intel.com> Signed-off-by: Liming Gao <liming.gao@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Yonghong Zhu <yonghong.zhu@intel.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com>
This commit is contained in:
parent
b24e99f7c4
commit
1d574dfc15
|
@ -176,7 +176,7 @@ if __name__ == '__main__':
|
||||||
#
|
#
|
||||||
# Sign the input file using the specified private key and capture signature from STDOUT
|
# Sign the input file using the specified private key and capture signature from STDOUT
|
||||||
#
|
#
|
||||||
Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
|
Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
|
||||||
Signature = Process.communicate(input=FullInputFileBuffer)[0]
|
Signature = Process.communicate(input=FullInputFileBuffer)[0]
|
||||||
if Process.returncode <> 0:
|
if Process.returncode <> 0:
|
||||||
sys.exit(Process.returncode)
|
sys.exit(Process.returncode)
|
||||||
|
@ -225,7 +225,7 @@ if __name__ == '__main__':
|
||||||
#
|
#
|
||||||
# Verify signature
|
# Verify signature
|
||||||
#
|
#
|
||||||
Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
|
Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
|
||||||
Process.communicate(input=FullInputFileBuffer)
|
Process.communicate(input=FullInputFileBuffer)
|
||||||
if Process.returncode <> 0:
|
if Process.returncode <> 0:
|
||||||
print 'ERROR: Verification failed'
|
print 'ERROR: Verification failed'
|
||||||
|
|
Loading…
Reference in New Issue