Commit graph

15 commits

Author SHA1 Message Date
Jon McCune
24d5934daa Fix double-free introduced by commit 33d02a42d6
To reproduce the problem, make sure you have a GPG public key available, build and install GRUB:
grub-install --debug --debug-image="all" --pubkey=/boot/pubkey.gpg --modules="serial terminfo gzio search search_label search_fs_uuid search_fs_file linux vbe video_fb video mmap relocator verify gcry_rsa gcry_dsa gcry_sha256 hashsum gcry_sha1 mpi echo loadenv boottime" /dev/sda
Sign all the files in /boot/grub/* and reboot.

'make check' results identical before and after this change.

TESTED: In a QEMU VM using an i386 target.
2013-12-17 07:32:07 -08:00
Vladimir Serbinenko
7e47e27bd8 Add gcc_struct to all packed structures when compiling with mingw.
Just "packed" doesn't always pack the way we expect.
2013-12-15 14:14:30 +01:00
Vladimir Serbinenko
7bbb60cfbd * grub-core/commands/verify.c (free_pk): Plug memory leak.
(grub_load_public_key): Likewise.
	(grub_verify_signature_real): Likewise.
	(grub_cmd_verify_signature): Likewise.
2013-11-18 02:40:17 +01:00
Vladimir Serbinenko
4f84ae0ec8 Decrease stack usage in signature verification.
We have only 92K of stack and using over 4K per frame is wasteful

	* grub-core/commands/verify.c (grub_load_public_key): Allocate on heap
	rather than stack.
	(grub_verify_signature_real): Likewise.
2013-11-16 16:34:51 +01:00
Vladimir Serbinenko
1dcb27157d * grub-core/commands/verify.c: Remove variable length arrays.
Load gcry_dsa/gcry_rsa automatically.
2013-11-12 16:07:30 +01:00
Vladimir Serbinenko
1106c3f072 * grub-core/commands/verify.c: Add RSA support. 2013-11-03 18:50:01 +01:00
Vladimir 'phcoder' Serbinenko
0d711431c7 Verify signatures of signatures unless --skip-sig is specified. 2013-10-22 00:24:19 +02:00
Vladimir 'phcoder' Serbinenko
52eab6562d * grub-core/commands/verify.c: Use GRUB_CHAR_BIT. 2013-04-05 10:52:13 +02:00
Vladimir 'phcoder' Serbinenko
1a78d573c7 * grub-core/commands/verify.c: Save verified file to avoid it being
tampered with after verification was done.
2013-04-03 17:32:33 +02:00
Andrey Borzenkov
40f1c0007c * grub-core/commands/verify.c: Fix hash algorithms values for
the first three hashes - they start with 1, not with 0.
2013-04-01 01:43:04 +02:00
Vladimir 'phcoder' Serbinenko
d7a6506e30 * grub-core/commands/verify.c (hashes): Add several hashes
from the spec.
2013-03-20 17:24:39 +01:00
Vladimir 'phcoder' Serbinenko
d2789cf0b8 * grub-core/commands/verify.c (grub_verify_signature): Use unsigned
operations to have intended shifts and not divisions.
2013-03-10 19:39:14 +01:00
Vladimir 'phcoder' Serbinenko
adcc602041 New command list_trusted.
* grub-core/commands/verify.c (grub_cmd_list): New function.
2013-01-13 17:49:05 +01:00
Vladimir 'phcoder' Serbinenko
f8e98fee04 * grub-core/commands/verify.c: Mark messages for translating. 2013-01-12 16:31:17 +01:00
Vladimir 'phcoder' Serbinenko
5e3b8dcbb5 Import gcrypt public-key cryptography and implement signature checking. 2013-01-11 21:32:42 +01:00