mbedtls: add support for pkcs7

PKCS7 signing format is used by OpenPOWER Key Management, which is using mbedtls as its crypto library. This patch adds the limited support of pkcs7 parser and verification to the mbedtls. The limitations are: * Only signed data is supported. * CRLs are not currently handled. * Single signer is supported. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Eric Richter <erichte@linux.ibm.com> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2020-11-16 19:03:12 +00:00 · 2020-11-16 19:03:12 +00:00 · c9deb184b0
commit c9deb184b0
parent e00d6d6b55
12 changed files with 1388 additions and 1 deletions
--- a/scripts/config.py
+++ b/scripts/config.py
@ -306,6 +306,7 @@ def include_in_crypto(name):
    if name in [
            'MBEDTLS_DEBUG_C', # part of libmbedtls
            'MBEDTLS_NET_C', # part of libmbedtls
+            'MBEDTLS_PKCS7_C', # part of libmbedx509
    ]:
        return False
    return True