Jon McCune
24d5934daa
Fix double-free introduced by commit 33d02a42d6
...
To reproduce the problem, make sure you have a GPG public key available, build and install GRUB:
grub-install --debug --debug-image="all" --pubkey=/boot/pubkey.gpg --modules="serial terminfo gzio search search_label search_fs_uuid search_fs_file linux vbe video_fb video mmap relocator verify gcry_rsa gcry_dsa gcry_sha256 hashsum gcry_sha1 mpi echo loadenv boottime" /dev/sda
Sign all the files in /boot/grub/* and reboot.
'make check' results identical before and after this change.
TESTED: In a QEMU VM using an i386 target.
2013-12-17 07:32:07 -08:00
Vladimir Serbinenko
7e47e27bd8
Add gcc_struct to all packed structures when compiling with mingw.
...
Just "packed" doesn't always pack the way we expect.
2013-12-15 14:14:30 +01:00
Vladimir Serbinenko
7bbb60cfbd
* grub-core/commands/verify.c (free_pk): Plug memory leak.
...
(grub_load_public_key): Likewise.
(grub_verify_signature_real): Likewise.
(grub_cmd_verify_signature): Likewise.
2013-11-18 02:40:17 +01:00
Vladimir Serbinenko
4f84ae0ec8
Decrease stack usage in signature verification.
...
We have only 92K of stack and using over 4K per frame is wasteful
* grub-core/commands/verify.c (grub_load_public_key): Allocate on heap
rather than stack.
(grub_verify_signature_real): Likewise.
2013-11-16 16:34:51 +01:00
Vladimir Serbinenko
1dcb27157d
* grub-core/commands/verify.c: Remove variable length arrays.
...
Load gcry_dsa/gcry_rsa automatically.
2013-11-12 16:07:30 +01:00
Vladimir Serbinenko
1106c3f072
* grub-core/commands/verify.c: Add RSA support.
2013-11-03 18:50:01 +01:00
Vladimir 'phcoder' Serbinenko
0d711431c7
Verify signatures of signatures unless --skip-sig is specified.
2013-10-22 00:24:19 +02:00
Vladimir 'phcoder' Serbinenko
52eab6562d
* grub-core/commands/verify.c: Use GRUB_CHAR_BIT.
2013-04-05 10:52:13 +02:00
Vladimir 'phcoder' Serbinenko
1a78d573c7
* grub-core/commands/verify.c: Save verified file to avoid it being
...
tampered with after verification was done.
2013-04-03 17:32:33 +02:00
Andrey Borzenkov
40f1c0007c
* grub-core/commands/verify.c: Fix hash algorithms values for
...
the first three hashes - they start with 1, not with 0.
2013-04-01 01:43:04 +02:00
Vladimir 'phcoder' Serbinenko
d7a6506e30
* grub-core/commands/verify.c (hashes): Add several hashes
...
from the spec.
2013-03-20 17:24:39 +01:00
Vladimir 'phcoder' Serbinenko
d2789cf0b8
* grub-core/commands/verify.c (grub_verify_signature): Use unsigned
...
operations to have intended shifts and not divisions.
2013-03-10 19:39:14 +01:00
Vladimir 'phcoder' Serbinenko
adcc602041
New command list_trusted.
...
* grub-core/commands/verify.c (grub_cmd_list): New function.
2013-01-13 17:49:05 +01:00
Vladimir 'phcoder' Serbinenko
f8e98fee04
* grub-core/commands/verify.c: Mark messages for translating.
2013-01-12 16:31:17 +01:00
Vladimir 'phcoder' Serbinenko
5e3b8dcbb5
Import gcrypt public-key cryptography and implement signature checking.
2013-01-11 21:32:42 +01:00