On Mon, 29 Jul 2024 at 09:20, Ilias Apalodimas <ilias.apalodi...@linaro.org> wrote:
> Hi Raymond > > > > > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) > > +/* Backup of part of the parsing context */ > > I am not sure I understand the comment > > We can remove this comment line. > > +struct x509_cert_mbedtls_ctx { > > + void *tbs; /* Signed data */ > > + void *raw_serial; /* Raw serial number in ASN.1 */ > > + void *raw_issuer; /* Raw issuer name in ASN.1 */ > > + void *raw_subject; /* Raw subject name in ASN.1 */ > > + void *raw_skid; /* Raw subjectKeyId in ASN.1 */ > > +}; > > +#endif > > + > > +/* > > + * MbedTLS integration Notes: > > + * > > + * Fields we don't need to populate from MbedTLS: > > You mean *for* mbedTLS? > > > + * 'raw_sig' and 'raw_sig_size' are buffer for x509_parse_context, > > 'raw_sig' and 'raw_sig_size' are used in x509_parse_context(), which > in turn is not used in mbedTLS? > > Both are used by the U-Boot ASN1 library when parsing the x509. But for MbedTLS, we removed "struct x509_parse_context ", since all parsing is done under MbedTLS and we don't need to expose them at all. > + * not needed for MbedTLS. > > + * 'signer' and 'seen' are used internally by pkcs7_verify. > > + * 'verified' is not inuse. > > either 'unsued' or 'not in use' > A typo. will fix it. Regards, Raymond