Jeremy Kerr
17f77a9aab
sbverify: clean up openssl init
...
Remove a duplicate call to ERR_load_crypto_strings, and move the digest
init earlier.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:53:26 +08:00
Jeremy Kerr
c48e3922ca
sbverify: add check for invalid PKCS7 data
...
Make sure d2i_PKCS7 returned a PKCS7 structure.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:52:03 +08:00
Jeremy Kerr
e3d6afbd61
sbverify: Add certificate chain verification
...
Add an option (--cert <file>) to specify a root certificate (or
certificates) to use as a trusted CA.
Verification can be disabled with --no-verify.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:48:30 +08:00
Jeremy Kerr
e404a4d412
verify: move idc-related parsing to idc.c
...
Extract the IDC-parsing code from IDC_check_hash, and use it to
initialise a BIO. This BIO can then be used to perform the PKCS7
verification.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 23:12:18 -07:00
Jeremy Kerr
d5f1a61b99
sbsign: fix incorrect check for certificate load
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:35:09 -07:00
Jeremy Kerr
ef7966087d
image: reformat gap warnings
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:32:23 -07:00
Jeremy Kerr
f7f7ad00a3
image: add cert table to image size
...
Don't warn when the certificate table is the only un-hashed data.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:31:43 -07:00
Jeremy Kerr
4e89b9a1ee
sbverify: Add check for image hash
...
Add a check to match the calculated image's hash against the one found
in the PKCS7 IndirectDataContext
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:21:20 -07:00
Jeremy Kerr
b929aaa655
sbverify: check for presence of signature table
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 10:47:21 -07:00
Jeremy Kerr
7c256bc407
Makefile: add $(tools) var
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:48:51 -07:00
Jeremy Kerr
902cb928b6
sbsigntool -> sbsign
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:45:22 -07:00
Jeremy Kerr
b3dc6529eb
image: open output file with O_TRUNC
...
Prevents weirdness when overwriting old files.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:44:17 -07:00
Jeremy Kerr
fcf663b560
sbsigntooL: expand usage info
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-24 09:09:57 +08:00
Jeremy Kerr
0e9c5f7496
Add GPLv3 text in COPYING
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-24 09:01:05 +08:00
Jeremy Kerr
348a43e3f1
coff: remove unneeded coff includes
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-24 08:38:57 +08:00
Jeremy Kerr
1d3ebb7b24
Add copyright comments
...
GPLv3; the sources include parts of binutils, include parts of ccan,
and have been partially based of osslsigntool.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 18:14:42 +08:00
Jeremy Kerr
da5568e8ff
image: warn about potential checksum differences
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:42:45 +08:00
Jeremy Kerr
d8eadfcc24
idc: allocate using the image context
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:36:08 +08:00
Jeremy Kerr
3b802fe3da
Initial commit
...
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:25:19 +08:00