[crypto] Support SHA-{224,384,512} in X.509 certificates

Add support for SHA-224, SHA-384, and SHA-512 as digest algorithms in X.509 certificates, and allow the choice of public-key, cipher, and digest algorithms to be configured at build time via config/crypto.h. Originally-implemented-by: Tufan Karadere <tufank@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-28 10:32:52 +03:00 · 2015-08-02 16:54:24 +01:00
parent 93370488ac
commit b1caa48e4b
16 changed files with 613 additions and 146 deletions
--- a/src/config/crypto.h
+++ b/src/config/crypto.h
@@ -9,6 +9,39 @@

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );

+/** RSA public-key algorithm */
+#define CRYPTO_PUBKEY_RSA
+
+/** AES-CBC block cipher */
+#define CRYPTO_CIPHER_AES_CBC
+
+/** MD5 digest algorithm
+ *
+ * Note that use of MD5 is implicit when using TLSv1.1 or earlier.
+ */
+#define CRYPTO_DIGEST_MD5
+
+/** SHA-1 digest algorithm
+ *
+ * Note that use of SHA-1 is implicit when using TLSv1.1 or earlier.
+ */
+#define CRYPTO_DIGEST_SHA1
+
+/** SHA-224 digest algorithm */
+#define CRYPTO_DIGEST_SHA224
+
+/** SHA-256 digest algorithm
+ *
+ * Note that use of SHA-256 is implicit when using TLSv1.2.
+ */
+#define CRYPTO_DIGEST_SHA256
+
+/** SHA-384 digest algorithm */
+#define CRYPTO_DIGEST_SHA384
+
+/** SHA-512 digest algorithm */
+#define CRYPTO_DIGEST_SHA512
+
 /** Margin of error (in seconds) allowed in signed timestamps
 *
 * We default to allowing a reasonable margin of error: 12 hours to