Page MenuHomeFreeBSD
Files F108159364

D48546.diff
No OneTemporary
Actions

D48546.diff
View Options

diff --git a/lib/libsecureboot/Makefile.inc b/lib/libsecureboot/Makefile.inc
--- a/lib/libsecureboot/Makefile.inc
+++ b/lib/libsecureboot/Makefile.inc
@@ -77,12 +77,16 @@
# needs to be yes for FIPS 140-2 compliance
VE_SELF_TESTS?= no
+CFLAGS+= -I.
+
+.if ${VE_SIGNATURE_EXT_LIST:M*sig} != ""
# this is what we use as our trust anchor
-CFLAGS+= -I. -DTRUST_ANCHOR_STR=ta_PEM
+CFLAGS+= -DTRUST_ANCHOR_STR=ta_PEM
.if ${VE_SELF_TESTS} != "no"
XCFLAGS.vets+= -DVERIFY_CERTS_STR=vc_PEM
.endif
+.endif
# clean these up
VE_HASH_LIST:= ${VE_HASH_LIST:tu:O:u}
diff --git a/lib/libsecureboot/openpgp/opgp_sig.c b/lib/libsecureboot/openpgp/opgp_sig.c
--- a/lib/libsecureboot/openpgp/opgp_sig.c
+++ b/lib/libsecureboot/openpgp/opgp_sig.c
@@ -339,6 +339,16 @@
mlen = br_sha256_SIZE;
hash_oid = BR_HASH_OID_SHA256;
break;
+ case 9: /* sha384 */
+ md = &br_sha384_vtable;
+ mlen = br_sha384_SIZE;
+ hash_oid = BR_HASH_OID_SHA384;
+ break;
+ case 10: /* sha512 */
+ md = &br_sha512_vtable;
+ mlen = br_sha512_SIZE;
+ hash_oid = BR_HASH_OID_SHA512;
+ break;
default:
warnx("unsupported hash algorithm: %s", hname);
rc = -1;
diff --git a/lib/libsecureboot/vets.c b/lib/libsecureboot/vets.c
--- a/lib/libsecureboot/vets.c
+++ b/lib/libsecureboot/vets.c
@@ -200,11 +200,13 @@
}
}
+#ifdef VERIFY_CERTS_STR
static void
free_cert_contents(br_x509_certificate *xc)
{
xfree(xc->data);
}
+#endif
/*
* a bit of a dance to get commonName from a certificate
@@ -372,13 +374,15 @@
size_t num;
num = 0;
- xcs = parse_certificates(buf, len, &num);
- if (xcs != NULL) {
- num = ve_trust_anchors_add(xcs, num);
+ if (len > 0) {
+ xcs = parse_certificates(buf, len, &num);
+ if (xcs != NULL) {
+ num = ve_trust_anchors_add(xcs, num);
#ifdef VE_OPENPGP_SUPPORT
- } else {
- num = openpgp_trust_add_buf(buf, len);
+ } else {
+ num = openpgp_trust_add_buf(buf, len);
#endif
+ }
}
return (num);
}
@@ -398,15 +402,17 @@
size_t num;
num = 0;
- xcs = parse_certificates(buf, len, &num);
- if (xcs != NULL) {
- num = ve_forbidden_anchors_add(xcs, num);
+ if (len > 0) {
+ xcs = parse_certificates(buf, len, &num);
+ if (xcs != NULL) {
+ num = ve_forbidden_anchors_add(xcs, num);
#ifdef VE_OPENPGP_SUPPORT
- } else {
- if (buf[len - 1] == '\n')
- buf[len - 1] = '\0';
- num = openpgp_trust_revoke((char *)buf);
+ } else {
+ if (buf[len - 1] == '\n')
+ buf[len - 1] = '\0';
+ num = openpgp_trust_revoke((char *)buf);
#endif
+ }
}
return (num);
}

File Metadata

Mime Type
text/plain
Expires
Thu, Jan 23, 12:44 AM (19 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16043977
Default Alt Text
D48546.diff (2 KB)

Event Timeline