From 2e6a433811fb09e644d8105d4654bcce27f84905 Mon Sep 17 00:00:00 2001 From: "Stephen J. Kiernan" Date: Sun, 16 Apr 2023 19:25:27 -0400 Subject: [PATCH] veriexec: allow sha512 fingerprint in manifest parser MAC/veriexec already supports SHA512 fingerprints, therefore the veriexec program should also. Reviewed by: sjg --- sbin/veriexec/manifest_parser.y | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/veriexec/manifest_parser.y b/sbin/veriexec/manifest_parser.y index 5889650f824..5e024d97f0d 100644 --- a/sbin/veriexec/manifest_parser.y +++ b/sbin/veriexec/manifest_parser.y @@ -56,6 +56,7 @@ static struct verified_exec_params *params = &oparams; # define SHA_DIGEST_LENGTH br_sha1_SIZE # define SHA256_DIGEST_LENGTH br_sha256_SIZE # define SHA384_DIGEST_LENGTH br_sha384_SIZE +# define SHA512_DIGEST_LENGTH br_sha512_SIZE #endif static int fmode; @@ -72,9 +73,8 @@ struct fingerprint_type { static const struct fingerprint_type fingerprint_table[] = { { "sha1", SHA_DIGEST_LENGTH }, { "sha256", SHA256_DIGEST_LENGTH }, -#if MAXFINGERPRINTLEN > 32 { "sha384", SHA384_DIGEST_LENGTH }, -#endif + { "sha512", SHA512_DIGEST_LENGTH }, { NULL, 0 } };