ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2025-01-28 22:53:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

parseEfiSignature: Don't rely on type of error code

Browse Source 
The specific error type is not part of x509.ParseCertificate documented
API. So we shouldn't rely on it for this workaround.

Signed-off-by: Joe Richey <joerichey@google.com>
This commit is contained in:
Joe Richey 2022-03-23 19:50:52 -07:00 committed by Joseph Richey
parent df6b91cbdb
commit 0961a88d7c
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
attest/internal/events.go
View File

@ -3,7 +3,6 @@ package internal
import (
"bytes"
"crypto/x509"
"encoding/asn1"
"encoding/binary"
"errors"
"fmt"
@ -443,13 +442,11 @@ func parseEfiSignature(b []byte) ([]x509.Certificate, error) {
} else {
// A bug in shim may cause an event to be missing the SignatureOwner GUID.
// We handle this, but signal back to the caller using ErrSigMissingGUID.
if _, isStructuralErr := err.(asn1.StructuralError); isStructuralErr {
var err2 error
cert, err2 = x509.ParseCertificate(b)
if err2 == nil {
certificates = append(certificates, *cert)
err = ErrSigMissingGUID
}
var err2 error
cert, err2 = x509.ParseCertificate(b)
if err2 == nil {
certificates = append(certificates, *cert)
err = ErrSigMissingGUID
}
}
return certificates, err