aboutsummaryrefslogtreecommitdiff
path: root/lib/libsecureboot/openpgp/opgp_key.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libsecureboot/openpgp/opgp_key.c')
-rw-r--r--lib/libsecureboot/openpgp/opgp_key.c67
1 files changed, 42 insertions, 25 deletions
diff --git a/lib/libsecureboot/openpgp/opgp_key.c b/lib/libsecureboot/openpgp/opgp_key.c
index 1a8e06b1d677..0a064b5a008e 100644
--- a/lib/libsecureboot/openpgp/opgp_key.c
+++ b/lib/libsecureboot/openpgp/opgp_key.c
@@ -289,32 +289,47 @@ load_trusted_key_id(const char *keyID)
OpenPGP_key *
load_key_id(const char *keyID)
{
- static int once = 0;
OpenPGP_key *key;
- if (!once) {
+ key = openpgp_trust_get(keyID);
+#ifndef _STANDALONE
+ if (!key)
+ key = load_trusted_key_id(keyID);
+#endif
+ return (key);
+}
+
+/**
+ * @brief initialize our internal trust store if any
+ */
+int
+openpgp_trust_init(void)
+{
+ static int once = -1;
#ifdef HAVE_TA_ASC
- const char **tp;
- char *cp;
- size_t n;
+ OpenPGP_key *key;
+ const char **tp;
+ char *cp;
+ size_t n;
+#endif
+ if (once < 0) {
+ once = 0;
+#ifdef HAVE_TA_ASC
for (tp = ta_ASC; *tp; tp++) {
if ((cp = strdup(*tp))) {
n = strlen(cp);
key = load_key_buf((unsigned char *)cp, n);
free(cp);
- openpgp_trust_add(key);
+ if (key) {
+ openpgp_trust_add(key);
+ once++;
+ }
}
}
-#endif
- once = 1;
}
- key = openpgp_trust_get(keyID);
-#ifndef _STANDALONE
- if (!key)
- key = load_trusted_key_id(keyID);
#endif
- return (key);
+ return (once);
}
/**
@@ -333,19 +348,21 @@ openpgp_self_tests(void)
char *fdata, *sdata = NULL;
size_t fbytes, sbytes;
- for (tp = ta_ASC, vp = vc_ASC; *tp && *vp && rc; tp++, vp++) {
- if ((fdata = strdup(*tp)) &&
- (sdata = strdup(*vp))) {
- fbytes = strlen(fdata);
- sbytes = strlen(sdata);
- rc = openpgp_verify("ta_ASC",
- (unsigned char *)fdata, fbytes,
- (unsigned char *)sdata, sbytes, 0);
- printf("Testing verify OpenPGP signature:\t\t%s\n",
- rc ? "Failed" : "Passed");
+ if (openpgp_trust_init() > 0) {
+ for (tp = ta_ASC, vp = vc_ASC; *tp && *vp && rc; tp++, vp++) {
+ if ((fdata = strdup(*tp)) &&
+ (sdata = strdup(*vp))) {
+ fbytes = strlen(fdata);
+ sbytes = strlen(sdata);
+ rc = openpgp_verify("ta_ASC",
+ (unsigned char *)fdata, fbytes,
+ (unsigned char *)sdata, sbytes, 0);
+ printf("Testing verify OpenPGP signature:\t\t%s\n",
+ rc ? "Failed" : "Passed");
+ }
+ free(fdata);
+ free(sdata);
}
- free(fdata);
- free(sdata);
}
#endif
return (rc);
generated by cgit v1.3 (git 2.53.0) at 2026-05-12 19:57:54 +0000