Google Git
Sign in
fuchsia / third_party / edk2 / 3e72ffe8afdd03f1f89eba65c921cbdcb004cfee^! / .
commit3e72ffe8afdd03f1f89eba65c921cbdcb004cfee[log] [tgz]
authorLiming Gao <liming.gao@intel.com>Tue Mar 27 20:55:27 2018 +0800
committerLiming Gao <liming.gao@intel.com>Wed Mar 28 14:39:17 2018 +0800
tree3ffd688a8d1baa42ca9678a354634ab58a736223
parent89b2d05780e08e386ff47db8c944f654c76d94b6 [diff]
BaseTools: Update Rsa2048Sha256Sign to use openssl dgst option

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Qin Long <qin.long@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
(cherry picked from commit d1b777440bc616f1e6da9204f3eec9f7a5a6f2e2)

diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 4188f8e..d36a14f 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py

@@ -4,7 +4,7 @@
 #   {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf}}

 # This tool has been tested with OpenSSL 1.0.1e 11 Feb 2013

 #

-# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>

+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>

 # This program and the accompanying materials

 # are licensed and made available under the terms and conditions of the BSD License

 # which accompanies this distribution.  The full text of the license may be found at

@@ -176,7 +176,7 @@
     # 

     # Sign the input file using the specified private key and capture signature from STDOUT

     #

-    Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

+    Process = subprocess.Popen('%s dgst -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

     Signature = Process.communicate(input=FullInputFileBuffer)[0]

     if Process.returncode <> 0:

       sys.exit(Process.returncode)

@@ -225,7 +225,7 @@
     #

     # Verify signature

     #    

-    Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

+    Process = subprocess.Popen('%s dgst -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

     Process.communicate(input=FullInputFileBuffer)

     if Process.returncode <> 0:

       print 'ERROR: Verification failed'