mbedtls: add support for pkcs7 PKCS7 signing format is used by OpenPOWER Key Management, which is using mbedtls as its crypto library. This patch adds the limited support of pkcs7 parser and verification to the mbedtls. The limitations are: * Only signed data is supported. * CRLs are not currently handled. * Single signer is supported. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Eric Richter <erichte@linux.ibm.com> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>

commit: c9deb184b0bf5e72d5761d06af0db165676e0f8a [log] [tgz]
author: Nayna Jain <nayna@linux.ibm.com> Mon Nov 16 19:03:12 2020 +0000
committer: Nick Child <nick.child@ibm.com> Thu Sep 01 19:45:33 2022 -0500
tree: 58e6f98e9854bdbd7ea22fc088568f7072210f0c
parent: e00d6d6b55130c905aee5d1a7fca9b9afa9e53f2 [diff] [blame]
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index e9487b2..45dd274 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -2661,6 +2661,21 @@
 #define MBEDTLS_PKCS5_C
 
 /**
+ * \def MBEDTLS_PKCS7_C
+ *
+ * Enable PKCS7 core for using PKCS7 formatted signatures.
+ * RFC Link - https://tools.ietf.org/html/rfc2315
+ *
+ * Module:  library/pkcs7.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
+ *           MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, MBEDTLS_BIGNUM_C
+ *
+ * This module is required for the PKCS7 parsing modules.
+ */
+#define MBEDTLS_PKCS7_C
+
+/**
  * \def MBEDTLS_PKCS12_C
  *
  * Enable PKCS#12 PBE functions.
commit	c9deb184b0bf5e72d5761d06af0db165676e0f8a	[log] [tgz]
author	Nayna Jain <nayna@linux.ibm.com>	Mon Nov 16 19:03:12 2020 +0000
committer	Nick Child <nick.child@ibm.com>	Thu Sep 01 19:45:33 2022 -0500
tree	58e6f98e9854bdbd7ea22fc088568f7072210f0c
parent	e00d6d6b55130c905aee5d1a7fca9b9afa9e53f2 [diff] [blame]