Add signature algo check for cert

DMTF / libspdm

BSD 3-Clause "New" or "Revised" License

104 stars 100 forks source link

Add signature algo check for cert #2713

Closed Wenxing-hou closed 3 months ago

Wenxing-hou commented 4 months ago

Fix: #2658

Zhiqiang520 commented 4 months ago

It looks good to me.

steven-bellock commented 4 months ago

@jyao1 this is a breaking change and so would have to wait for 4.0 or it would need a macro.

jyao1 commented 4 months ago

Why this is a breaking change?

steven-bellock commented 4 months ago

While it doesn't break the libspdm library build, libspdm now requires an implementation of libspdm_x509_get_signature_algorithm. Linking of cryptlibs that don't have this implementation will fail.

jyao1 commented 4 months ago

libspdm_x509_get_signature_algorithm is already implemented.

jyao1 commented 4 months ago

Since this is just to add additional check, I dont mind to add MACRO around /* 3. Verify signature algorithm. */

Wenxing-hou commented 3 months ago

Since this is just to add additional check, I dont mind to add MACRO around /* 3. Verify signature algorithm. */

Thanks. I have added the MACRO: LIBSPDM_ADDITIONAL_CHECK_CERT.