git: 2e6a433811fb - main - veriexec: allow sha512 fingerprint in manifest parser

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Stephen J. Kiernan <stevek_at_FreeBSD.org>
Date: Mon, 17 Apr 2023 00:25:48 UTC

The branch main has been updated by stevek:

URL: https://cgit.FreeBSD.org/src/commit/?id=2e6a433811fb09e644d8105d4654bcce27f84905

commit 2e6a433811fb09e644d8105d4654bcce27f84905
Author:     Stephen J. Kiernan <stevek@FreeBSD.org>
AuthorDate: 2023-04-16 23:25:27 +0000
Commit:     Stephen J. Kiernan <stevek@FreeBSD.org>
CommitDate: 2023-04-16 23:25:27 +0000

    veriexec: allow sha512 fingerprint in manifest parser
    
    MAC/veriexec already supports SHA512 fingerprints, therefore the
    veriexec program should also.
    
    Reviewed by:    sjg
---
 sbin/veriexec/manifest_parser.y | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sbin/veriexec/manifest_parser.y b/sbin/veriexec/manifest_parser.y
index 5889650f824b..5e024d97f0dc 100644
--- a/sbin/veriexec/manifest_parser.y
+++ b/sbin/veriexec/manifest_parser.y
@@ -56,6 +56,7 @@ static struct verified_exec_params *params = &oparams;
 # define SHA_DIGEST_LENGTH br_sha1_SIZE
 # define SHA256_DIGEST_LENGTH br_sha256_SIZE
 # define SHA384_DIGEST_LENGTH br_sha384_SIZE
+# define SHA512_DIGEST_LENGTH br_sha512_SIZE
 #endif
 
 static int fmode;
@@ -72,9 +73,8 @@ struct fingerprint_type {
 static const struct fingerprint_type fingerprint_table[] = {
 	{ "sha1", SHA_DIGEST_LENGTH },
 	{ "sha256", SHA256_DIGEST_LENGTH },
-#if MAXFINGERPRINTLEN > 32
 	{ "sha384", SHA384_DIGEST_LENGTH },
-#endif
+	{ "sha512", SHA512_DIGEST_LENGTH },
 	{ NULL, 0 }
 };