Commit graph

8 commits

Author SHA1 Message Date
Jeremy Kerr
17f77a9aab sbverify: clean up openssl init
Remove a duplicate call to ERR_load_crypto_strings, and move the digest
init earlier.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:53:26 +08:00
Jeremy Kerr
c48e3922ca sbverify: add check for invalid PKCS7 data
Make sure d2i_PKCS7 returned a PKCS7 structure.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:52:03 +08:00
Jeremy Kerr
e3d6afbd61 sbverify: Add certificate chain verification
Add an option (--cert <file>) to specify a root certificate (or
certificates) to use as a trusted CA.

Verification can be disabled with --no-verify.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:48:30 +08:00
Jeremy Kerr
e404a4d412 verify: move idc-related parsing to idc.c
Extract the IDC-parsing code from IDC_check_hash, and use it to
initialise a BIO. This BIO can then be used to perform the PKCS7
verification.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 23:12:18 -07:00
Jeremy Kerr
4e89b9a1ee sbverify: Add check for image hash
Add a check to match the calculated image's hash against the one found
in the PKCS7 IndirectDataContext

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:21:20 -07:00
Jeremy Kerr
b929aaa655 sbverify: check for presence of signature table
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 10:47:21 -07:00
Jeremy Kerr
1d3ebb7b24 Add copyright comments
GPLv3; the sources include parts of binutils, include parts of ccan,
and have been partially based of osslsigntool.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 18:14:42 +08:00
Jeremy Kerr
3b802fe3da Initial commit
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:25:19 +08:00