[PATCH] Re: Grub verify module failed to verify a signed file

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Re: Grub verify module failed to verify a signed file

From:	Andrey Borzenkov
Subject:	[PATCH] Re: Grub verify module failed to verify a signed file
Date:	Sun, 31 Mar 2013 18:02:45 +0400

В Sun, 31 Mar 2013 17:38:58 +0400
Andrey Borzenkov <address@hidden> пишет:

> В Sun, 31 Mar 2013 14:25:35 +0200
> Vladimir 'φ-coder/phcoder' Serbinenko <address@hidden> пишет:
> 
> > Only DSA is supported for now and your key is RSA.
> > 
> 
> I have exactly the same problem with DSA key:
> 
> address@hidden:~> gpg --list-keys DA5DF78C 
> pub   1024D/DA5DF78C 2002-02-07
> uid                  Andrey Borzenkov <address@hidden>
> uid                  Andrey Borzenkov <address@hidden>
> uid                  Andrey Borzenkov <address@hidden>
> uid                  Andrej Borsenkow <address@hidden>
> sub   1024g/3C88F322 2002-02-07
> address@hidden:~> LC_ALL=C gpg --verify --verbose /tmp/test/myfile.txt.sig
> gpg: assuming signed data in `/tmp/test/myfile.txt'
> gpg: Signature made Sat Mar 30 17:23:57 2013 MSK using DSA key ID DA5DF78C
> gpg: using classic trust model
> gpg: Good signature from "Andrey Borzenkov <address@hidden>"
> gpg:                 aka "Andrey Borzenkov <address@hidden>"
> gpg:                 aka "Andrey Borzenkov <address@hidden>"
> gpg:                 aka "Andrej Borsenkow <address@hidden>"
> gpg: binary signature, digest algorithm SHA1
> 
> This file and signature fail verification in grub.

Fixed with patch below. BTW, while testing I noticed that gcry_dsa is
not autoloaded when running verify_detached. Need to look into it.


From: Andrey Borzenkov <address@hidden>
Subject: [PATCH] fix hash numbers in verify.c

Hash numbers start with 1, not with 0. Make numbers explicit like
the rest.

Signed-off-by: Andrey Borzenkov <address@hidden>

---
 ChangeLog                   | 5 +++++
 grub-core/commands/verify.c | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 58c2242..672aa74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-03-31  Andrey Borzenkov <address@hidden>
+
+       * grub-core/commands/verify.c: Fix hash algorithms values for
+       the first three hashes - they start with 1, not with 0.
+
 2013-03-26  Vladimir Serbinenko  <address@hidden>
 
        * grub-core/kern/efi/mm.c (grub_efi_finish_boot_services):
diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c
index 6c0b580..b4d5e7b 100644
--- a/grub-core/commands/verify.c
+++ b/grub-core/commands/verify.c
@@ -123,7 +123,9 @@ struct signature_v4_header
 } __attribute__ ((packed));
 
 const char *hashes[] = {
-  "md5", "sha1", "ripemd160",
+  [0x01] = "md5",
+  [0x02] = "sha1",
+  [0x03] = "ripemd160",
   [0x08] = "sha256",
   [0x09] = "sha384",
   [0x0a] = "sha512",
-- 
tg: (c643afe..) u/hash-numbers (depends on: master)

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Grub verify module failed to verify a signed file, Wei Hu, 2013/03/28
- Re: Grub verify module failed to verify a signed file, Andrey Borzenkov, 2013/03/30
- Re: Grub verify module failed to verify a signed file, Vladimir 'φ-coder/phcoder' Serbinenko, 2013/03/31
  - Re: Grub verify module failed to verify a signed file, Andrey Borzenkov, 2013/03/31
    - [PATCH] Re: Grub verify module failed to verify a signed file, Andrey Borzenkov <=

Prev by Date: Re: Grub verify module failed to verify a signed file
Next by Date: Re: [PATCH] reset LC_MESSAGES to C too
Previous by thread: Re: Grub verify module failed to verify a signed file
Next by thread: GRUB_CRYPTODISK_ENABLE undocumented
Index(es):
- Date
- Thread