From 3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045 Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Fri, 19 Sep 2014 11:48:56 -0400

Subject: [PATCH 58/74] Don't call AuthenticodeVerify if vendor_cert_size is 0.

Actually check the size of our vendor cert quite early, so that there's

no confusion as to what's going on.

This isn't strictly necessary, in that in all cases if vendor_cert_size

is 0, then AuthenticodeVerify -> Pkcs7Verify() -> d2i_X509() will result

in a NULL "Cert", and it will return FALSE, and we'll reject the

signature, but better to avoid all that code in the first place.  Belt

and suspenders and whatnot.

Based on a patch from https://github.com/TBOpen .

Signed-off-by: Peter Jones <pjones@redhat.com>

---

 shim.c | 9 ++++-----

 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/shim.c b/shim.c

index cfa90d1..caa05d8 100644

--- a/shim.c

+++ b/shim.c

@@ -923,14 +923,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize,

 			return status;

 		}

-

 		/*

 		 * And finally, check against shim's built-in key

 		 */

-		if (AuthenticodeVerify(cert->CertData,

-			       context->SecDir->Size - sizeof(cert->Hdr),

-			       vendor_cert, vendor_cert_size, sha256hash,

-			       SHA256_DIGEST_SIZE)) {

+		if (vendor_cert_size && AuthenticodeVerify(cert->CertData,

+							context->SecDir->Size - sizeof(cert->Hdr),

+							vendor_cert, vendor_cert_size, sha256hash,

+							SHA256_DIGEST_SIZE)) {

 			status = EFI_SUCCESS;

 			return status;

 		}

-- 

1.9.3