On Mon, 29 Jul 2024 at 09:20, Ilias Apalodimas <ilias.apalodi...@linaro.org>
wrote:
> Hi Raymond
>
> >
> > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
> > +/* Backup of part of the parsing context */
>
> I am not sure I understand the comment
>
> We can remove this comment line.
> > +struct x509_cert_mbedtls_ctx {
> > + void *tbs; /* Signed data */
> > + void *raw_serial; /* Raw serial number in ASN.1 */
> > + void *raw_issuer; /* Raw issuer name in ASN.1 */
> > + void *raw_subject; /* Raw subject name in ASN.1 */
> > + void *raw_skid; /* Raw subjectKeyId in ASN.1 */
> > +};
> > +#endif
> > +
> > +/*
> > + * MbedTLS integration Notes:
> > + *
> > + * Fields we don't need to populate from MbedTLS:
>
> You mean *for* mbedTLS?
>
> > + * 'raw_sig' and 'raw_sig_size' are buffer for x509_parse_context,
>
> 'raw_sig' and 'raw_sig_size' are used in x509_parse_context(), which
> in turn is not used in mbedTLS?
>
> Both are used by the U-Boot ASN1 library when parsing the x509.
But for MbedTLS, we removed "struct x509_parse_context ", since all
parsing is done under MbedTLS and we don't need to expose them at all.
> + * not needed for MbedTLS.
> > + * 'signer' and 'seen' are used internally by pkcs7_verify.
> > + * 'verified' is not inuse.
>
> either 'unsued' or 'not in use'
>
A typo. will fix it.
Regards,
Raymond
