[v4,3/4] ipa: ipa-sign: Sign IPA according to the signature algorithm of the key
diff mbox series

Message ID 20260701040721.145659-4-hpa@redhat.com
State New
Headers show
Series
  • Implement ML-DSA-65 for Post-Quantum Cryptographic compliance
Related show

Commit Message

Kate Hsuan July 1, 2026, 4:07 a.m. UTC
Sign IPA according to the signature algorithm of the key.

Signed-off-by: Kate Hsuan <hpa@redhat.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
---
 src/ipa/ipa-sign.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Barnabás Pőcze July 1, 2026, 8:56 a.m. UTC | #1
2026. 07. 01. 6:07 keltezéssel, Kate Hsuan írta:
> Sign IPA according to the signature algorithm of the key.
> 
> Signed-off-by: Kate Hsuan <hpa@redhat.com>
> Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
> ---
>   src/ipa/ipa-sign.sh | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh
> index 69024213..b7c7c47b 100755
> --- a/src/ipa/ipa-sign.sh
> +++ b/src/ipa/ipa-sign.sh
> @@ -10,4 +10,4 @@ key="$1"
>   input="$2"
>   output="$3"
>   
> -openssl dgst -sha256 -sign "${key}" -out "${output}" "${input}"
> +openssl pkeyutl -sign -inkey "${key}" -rawin -in "${input}" -out "${output}"

`-rawin` is not supported by the version on debian 11:

$ podman run --rm -it registry.freedesktop.org/camera/libcamera/debian/bullseye:2026-04-05.0 openssl pkeyutl -rawin
pkeyutl: Option unknown option -rawin
pkeyutl: Use -help for summary.

But we will drop it in August at the latest, so I think this is fine.

Reviewed-by: Barnabás Pőcze <barnabas.pocze@ideasonboard.com>

Patch
diff mbox series

diff --git a/src/ipa/ipa-sign.sh b/src/ipa/ipa-sign.sh
index 69024213..b7c7c47b 100755
--- a/src/ipa/ipa-sign.sh
+++ b/src/ipa/ipa-sign.sh
@@ -10,4 +10,4 @@  key="$1"
 input="$2"
 output="$3"
 
-openssl dgst -sha256 -sign "${key}" -out "${output}" "${input}"
+openssl pkeyutl -sign -inkey "${key}" -rawin -in "${input}" -out "${output}"