| d6759e4ce635fabf01e7919ef070e114d54b455b |
|
01-Apr-2015 |
Adam Langley <agl@google.com> |
vboot: fix name-collision with OpenSSL.
vboot currently uses the |SHA256_CTX| name, which is claimed by OpenSSL.
To work around this, it defines OPENSSL_NO_SHA, but that can't be done
at compile time:
The OPENSSL_NO_* defines are set by OpenSSL to reflect the configuration
that it was built with so that users of OpenSSL can disable features as
needed. They can affect the contents of structures any thus the ABI of
the library.
If these defines are set outside of OpenSSL, then the library and the
code that uses it will have incompatible ABIs. At that point it's only
functioning by blind luck.
This change renames the name-collisions so that this hack isn't needed.
This is the same change as was made internally in cl/85758149.
Change-Id: I709da2507f341896d89d50129ce30ffb111a20d1
/external/vboot_reference/host/lib/host_signature.c
|
| 4e4c19602edf3834b50d66d3ba067e895aca6fa0 |
|
04-Feb-2015 |
Bill Richardson <wfrichar@chromium.org> |
futility: Add create command to make keypairs from RSA files
This command reads a single .pem file and emits the public and
private keys generated from it. It can produce both the old-style
vboot 1.0 keys (.vbpubk and .vbprivk), or the new vboot 2.1
format keys (.vbpubk2 and .vbprik2). The default is the new
format, but you can give futility the --vb1 arg to force the old
format.
A test is included.
BUG=chromium:231547
BRANCH=ToT
TEST=make runtests
Change-Id: I4713dc5bf34151052870f88ba52ddccf9d4dab50
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246766
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/host/lib/host_signature.c
|
| 2500185a83b453580f187087fffc6376f19f8ff0 |
|
16-Aug-2013 |
Simon Glass <sjg@chromium.org> |
Add memory leak checking
Add checks that the vboot library does not leak memory. This works by
tracking VbExMalloc() calls and making sure that they have an associated
VbExFree().
Adjust host_signature to use VbExFree() instead of free(), so that this
scheme works correctly for existing code.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=FEATURES=test emerge-peach_pit vboot_reference
Change-Id: I6ccccfbcc162fc43fb75862cd0eddad78ce8b18a
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/66175
/external/vboot_reference/host/lib/host_signature.c
|
| 2448d3b3bc8e80232e7943c16b41eaab19faa1a2 |
|
03-May-2012 |
Bill Richardson <wfrichar@chromium.org> |
Create vbutil_ec tool for signing EC firmware.
This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).
BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual
make
make runtests
Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
/external/vboot_reference/host/lib/host_signature.c
|
| 32a6526d25d4bf9a1c137fc3d275d1c68935d184 |
|
27-Jun-2011 |
Randall Spangler <rspangler@chromium.org> |
Verified boot wrapper - add stub implementations for host
This is part 2 of the wrapper API refactor. It adds stub
implementations for the host, and changes the host-side utilities to
use them. Firmware implementation is unchanged in this CL (other than
a few updates to macros).
BUG=chromium_os:16997
TEST=make && make runtests
Change-Id: I63989bd11de1f2239ddae256beaccd31bfb5acef
Reviewed-on: http://gerrit.chromium.org/gerrit/3256
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/host/lib/host_signature.c
|
| 0688025c7e37ec21d8e59ffdc414e9ac54a536c9 |
|
03-Nov-2010 |
Gaurav Shah <gauravsh@chromium.org> |
Fix the maximum output size in the call to the external signer.
Maximum output size is the signature size.
BUG=7676
TEST=manual
1) Verified that earlier outbufsize value was more than what the external signer would return.
2) Re-ran run_vbutil_tests.sh
Change-Id: I180cfea7625ee09a51709d8f7735884c32b8b409
Review URL: http://codereview.chromium.org/4251006
/external/vboot_reference/host/lib/host_signature.c
|
| 068fc6f251bc80190ad976d18ffe4726a3f33026 |
|
29-Oct-2010 |
Gaurav Shah <gauravsh@chromium.org> |
Add support for using external signing application and .pem private key files to vbutil_keyblock.
This allows signing using a .pem file using an external program.
It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program.
Example usage:
vbutil_keyblock --pack 4096.keyblock \
--datapubkey 4096.vbpubk \
--signprivate_pem 4096.pem \
--pem_algorithm 8 \
--externalsigner "external_rsa_signer.sh"
I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface).
BUG=7576
TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer.
To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh)
Review URL: http://codereview.chromium.org/4194003
Change-Id: I7cc52c8293c04ef9ba074794d046c9a4f19f6bdd
/external/vboot_reference/host/lib/host_signature.c
|
| abf055045802cb06c57ff2d7b187736bdcb3b138 |
|
01-Jul-2010 |
Bill Richardson <wfrichar@chromium.org> |
Switch to using .vbprivk for signing everything now.
This makes it much simpler to keep track of what we're doing.
vbutil_key can now wrap both .keyb and .pem keys. It figures out which is
which by trying both and just using the one that works.
vbutil_keyblock and vbutil_kernel now use .vbprivk files for signing.
replace debug() with VBDEBUG(()) in host-side sources, too.
rename PrivateKeyRead to PrivateKeyReadPem
Add real PrivateKeyRead and PrivateKeyWrite for .vbprivk files.
Review URL: http://codereview.chromium.org/2871033
/external/vboot_reference/host/lib/host_signature.c
|
| d183644564ec27c106a3eb1931f565fae167a058 |
|
10-Jun-2010 |
Randall Spangler <rspangler@chromium.org> |
Major refactoring of structures, with unit tests. This matches the doc I sent out earlier.
Firmware-side code for LoadKernel() is in place now. LoadFirmware() replacement coming soon.
The new functions are implemented in parallel to the existing ones (i.e., everything that used to work still does).
Review URL: http://codereview.chromium.org/2745007
/external/vboot_reference/host/lib/host_signature.c
|