Don't call AuthenticodeVerify if vendor_cert_size is 0. - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Peter Jones <pjones@redhat.com>	2014-09-19 11:48:56 -0400
committer	Peter Jones <pjones@redhat.com>	2014-09-21 16:25:27 -0400
commit	3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045 (patch)
tree	20dd3b710f0cfdde65ec102fa68638a142b73dfa /Cryptlib/OpenSSL/crypto/stack/stack.c
parent	f04d50b74770f5c7f7e0a1c3c24b7713fbec0802 (diff)
download	efi-boot-shim-3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045.tar.gz efi-boot-shim-3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045.zip

Don't call AuthenticodeVerify if vendor_cert_size is 0.

Actually check the size of our vendor cert quite early, so that there's no confusion as to what's going on. This isn't strictly necessary, in that in all cases if vendor_cert_size is 0, then AuthenticodeVerify -> Pkcs7Verify() -> d2i_X509() will result in a NULL "Cert", and it will return FALSE, and we'll reject the signature, but better to avoid all that code in the first place. Belt and suspenders and whatnot. Based on a patch from https://github.com/TBOpen . Signed-off-by: Peter Jones <pjones@redhat.com>

Diffstat (limited to 'Cryptlib/OpenSSL/crypto/stack/stack.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: