vbatts
/
grub
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
grub/include/grub/pubkey.h

39 lines
1.2 KiB
C
Raw Permalink Normal View History

Import gcrypt public-key cryptography and implement signature checking.
2013-01-11 20:32:42 +00:00
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2013 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GRUB_PUBKEY_HEADER
#define GRUB_PUBKEY_HEADER 1
#include <grub/crypto.h>
struct grub_public_key *
grub_load_public_key (grub_file_t f);
grub_err_t
verifiers: fix double close on pgp's sig file descriptor An error emerged as when I was testing the verifiers branch, so instead of putting it in pgp prefix, the verifiers is used to reflect what the patch is based on. While running verify_detached, grub aborts with error. verify_detached /@/.snapshots/1/snapshot/boot/grub/grub.cfg /@/.snapshots/1/snapshot/boot/grub/grub.cfg.sig alloc magic is broken at 0x7beea660: 0 Aborted. Press any key to exit. The error is caused by sig file descriptor been closed twice, first time in grub_verify_signature() to which it is passed as parameter. Second in grub_cmd_verify_signature() or in whichever opens the sig file descriptor. The second close is not consider as bug to me either, as in common rule of what opens a file has to close it to avoid file descriptor leakage. After all the design of grub_verify_signature() makes it difficult to keep a good trace on opened file descriptor from it's caller. Let's refine the application interface to accept file path rather than descriptor, in this way the caller doesn't have to care about closing the descriptor by delegating it to grub_verify_signature() with full tracing to opened file descriptor by itself. Also making it clear that sig descriptor is not referenced in error returning path of grub_verify_signature_init(), so it can be closed directly by it's caller. This also makes delegating it to grub_pubkey_close() infeasible to help in relieving file descriptor leakage as it has to depend on uncertainty of ctxt fields in error returning path. Signed-off-by: Michael Chang <mchang@suse.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-11-20 11:15:37 +00:00
grub_verify_signature (grub_file_t f, const char *fsig,
Import gcrypt public-key cryptography and implement signature checking.
2013-01-11 20:32:42 +00:00
struct grub_public_key *pk);
struct grub_public_subkey *
grub_crypto_pk_locate_subkey (grub_uint64_t keyid, struct grub_public_key *pkey);
struct grub_public_subkey *
grub_crypto_pk_locate_subkey_in_trustdb (grub_uint64_t keyid);
#endif