-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCS7: Add support for authenticated attributes #8072
base: development
Are you sure you want to change the base?
Conversation
24be9c3
to
088f71d
Compare
Fixed some coding style issues and a memory leak caught by the CI runs. |
Hey @dave-rodgman , any chance someone can give some feedback on this? Thanks. |
e6138f3
to
6b93b44
Compare
Hi Beni, Thanks for doing these. I saw that you've intentionally broken your PKCS #7 work up into multiple smaller PRs - this is definitely the right thing to do and should help with review. Please could you let us know the use-case and urgency/desired timeline for these PRs? We are aiming for 3.6 LTS at the end of the year, so the timing may be difficult for us to get into 3.6 - a strong use-case would help here. |
Hi Dave, Thanks for the info. The main use-case here for PKCS7 would be part of a secure boot implementation. As you know, the current mbedtls implementation is very limited and cannot be used in a more "real world" scenario, so adding some key missing features should open the door to that. As for timeline, while it would be nice to get it in 3.6, it's not an urgent matter, as we can use in house patches and switch to upstream when that is available. |
947110c
to
c804075
Compare
Add support for authenticated attributes as per RFC2315. Section 9.2: authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL If authenticated attributes are present, it must contain at minimum two attributes: - A PKCS9 content-type attribute having as its value the content type of the ContentInfo value being signed. - A PKCS9 message-digest attribute, having as its value the message digest of the content. Section 9.3: When they are present, the result of the message digesting process is the digest of the complete DER encoding of the section, and the expected leading tag is SET OF and not the IMPLICIT [0] tag. Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
c804075
to
8b1c9f5
Compare
Description
Add support for authenticated attributes as per RFC2315.
PR checklist