Check the first 4 bytes of the certificate - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Gary Ching-Pang Lin <glin@suse.com>	2014-06-25 09:55:49 -0400
committer	Peter Jones <pjones@redhat.com>	2014-06-25 09:55:49 -0400
commit	b8070380eef2596837916358393fa789bfa883f3 (patch)
tree	e5d62e5274b7a19b88f604a3836a719af16beb0d /Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c
parent	da49ac6d699f2a91bd088fc66ba31c42803ade3e (diff)
download	efi-boot-shim-b8070380eef2596837916358393fa789bfa883f3.tar.gz efi-boot-shim-b8070380eef2596837916358393fa789bfa883f3.zip

Check the first 4 bytes of the certificate

A non-DER encoding x509 certificate may be mistakenly enrolled into db or MokList. This commit checks the first 4 bytes of the certificate to ensure that it's DER encoding. This commit also removes the iteration of the x509 signature list. Per UEFI SPEC, each x509 signature list contains only one x509 certificate. Besides, the size of certificate is incorrect. The size of the header must be substracted from the signature size. Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

Diffstat (limited to 'Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: