diff --git a/.gitignore b/.gitignore
index f6a1bd0517..856e69bc5c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -264,6 +264,7 @@ widthspec.bin
/stamp-h1
/syslinux_test
/tar_test
+/test_asn1
/test_sha512sum
/test_unset
/tests/syslinux/ubuntu10.04_grub.cfg
@@ -275,3 +276,155 @@ widthspec.bin
/xfs_test
/xzcompress_test
/zfs_test
+=======
+# things ./autogen.sh will create
+/Makefile.utilgcry.def
+/ABOUT-NLS
+/aclocal.m4
+/autom4te.cache
+/build-aux
+/configure
+/gnulib
+/grub-core/lib/gnulib/
+/Makefile
+
+# things very common editors create that we never want
+*~
+.*.sw?
+*.patch
+
+# stuff you're likely to make while building test trees
+grub.cfg
+/build*/
+
+# built objects across the whole tree
+Makefile.in
+*.a
+*.am
+*.efi
+*.exec
+*.image
+*.img
+*.info
+*.lst
+*.marker
+/m4
+*.mod
+*.module
+*.o
+*.pf2
+*.yy.[ch]
+.deps/
+.deps-core/
+.deps-util/
+.dirstamp
+
+# next are things you get if you do ./configure in the topdir (for e.g.
+# "make dist" invocation.
+/config-util.h
+/config.h
+/include/grub/cpu
+/include/grub/machine
+/INSTALL
+/INSTALL.grub
+/po/Makefile.in.in
+/po/Makevars
+/po/Makevars.template
+/po/POTFILES
+/po/Rules-quot
+/stamp-h
+/stamp-h1
+bootstrap.log
+config.log
+config.status
+
+# stuff "make dist" creates
+ChangeLog
+grub-*.tar
+grub-*.tar.*
+
+# stuff "make" creates
+/[[:digit:]][[:digit:]]_?*
+/ascii.h
+/build-grub-gen-asciih
+/build-grub-gen-widthspec
+/build-grub-mkfont
+/config-util.h.in
+/garbage-gen
+/grub*-bios-setup
+/grub*-bios-setup.8
+/grub*-editenv
+/grub*-editenv.1
+/grub*-file
+/grub*-file.1
+/grub*-fs-tester
+/grub*-fstest
+/grub*-fstest.1
+/grub*-get-kernel-settings
+/grub*-get-kernel-settings.3
+/grub*-glue-efi
+/grub*-glue-efi.1
+/grub*-install
+/grub*-install.8
+/grub*-kbdcomp
+/grub*-kbdcomp.1
+/grub*-macbless
+/grub*-macbless.8
+/grub*-menulst2cfg
+/grub*-menulst2cfg.1
+/grub*-mount
+/grub*-mount.1
+/grub*-mkconfig
+/grub*-mkconfig.8
+/grub*-mkconfig_lib
+/grub*-mkfont
+/grub*-mkfont.1
+/grub*-mkimage
+/grub*-mkimage.1
+/grub*-mklayout
+/grub*-mklayout.1
+/grub*-mknetdir
+/grub*-mknetdir.1
+/grub*-mkpasswd-pbkdf2
+/grub*-mkpasswd-pbkdf2.1
+/grub*-mkrelpath
+/grub*-mkrelpath.1
+/grub*-mkrescue
+/grub*-mkrescue.1
+/grub*-mkstandalone
+/grub*-mkstandalone.1
+/grub*-ofpathname
+/grub*-ofpathname.8
+/grub*-probe
+/grub*-probe.8
+/grub*-reboot
+/grub*-reboot.8
+/grub*-render-label
+/grub*-render-label.1
+/grub*-rpm-sort
+/grub*-rpm-sort.8
+/grub*-script-check
+/grub*-script-check.1
+/grub*-set-bootflag
+/grub*-set-bootflag.1
+/grub*-set-default
+/grub*-set-default.8
+/grub*-set-password
+/grub*-set-password.8
+/grub*-shell
+/grub*-shell-tester
+/grub*-sparc64-setup
+/grub*-sparc64-setup.8
+/grub*-syslinux2cfg
+/grub*-syslinux2cfg.1
+/grub*-switch-to-blscfg
+/grub*-switch-to-blscfg.8
+/grub_fstest.pp
+/grub_fstest_init.c
+/grub_fstest_init.lst
+/grub_script.tab.[ch]
+/libgrub.pp
+/libgrub_a_init.c
+/libgrub_a_init.lst
+/stamp-h.in
+/widthspec.h
diff --git a/Makefile.util.def b/Makefile.util.def
index f8b356cc1f..3f191aa809 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -51,6 +51,12 @@ library = {
common = grub-core/partmap/msdos.c;
common = grub-core/fs/proc.c;
common = grub-core/fs/archelp.c;
+ common = grub-core/kern/backtrace.c;
+
+ x86 = grub-core/kern/i386/backtrace.c;
+ i386_xen = grub-core/kern/i386/backtrace.c;
+ x86_64_xen = grub-core/kern/i386/backtrace.c;
+ arm64 = grub-core/kern/arm64/backtrace.c;
};
library = {
@@ -452,6 +458,30 @@ script = {
installdir = grubconf;
};
+script = {
+ name = '08_fallback_counting';
+ common = util/grub.d/08_fallback_counting.in;
+ installdir = grubconf;
+};
+
+script = {
+ name = '12_menu_auto_hide';
+ common = util/grub.d/12_menu_auto_hide.in;
+ installdir = grubconf;
+};
+
+script = {
+ name = '14_menu_show_once';
+ common = util/grub.d/14_menu_show_once.in;
+ installdir = grubconf;
+};
+
+script = {
+ name = '01_users';
+ common = util/grub.d/01_users.in;
+ installdir = grubconf;
+};
+
script = {
name = '10_windows';
common = util/grub.d/10_windows.in;
@@ -494,6 +524,12 @@ script = {
condition = COND_HOST_LINUX;
};
+script = {
+ name = '10_reset_boot_success';
+ common = util/grub.d/10_reset_boot_success.in;
+ installdir = grubconf;
+};
+
script = {
name = '10_xnu';
common = util/grub.d/10_xnu.in;
@@ -508,6 +544,13 @@ script = {
condition = COND_HOST_LINUX;
};
+script = {
+ name = '20_ppc_terminfo';
+ common = util/grub.d/20_ppc_terminfo.in;
+ installdir = grubconf;
+ condition = COND_HOST_LINUX;
+};
+
script = {
name = '30_os-prober';
common = util/grub.d/30_os-prober.in;
@@ -532,6 +575,27 @@ script = {
installdir = grubconf;
};
+script = {
+ name = 'grub-systemd-integration.service';
+ common = util/systemd/grub-systemd-integration.service.in;
+ installdir = systemdunit;
+ condition = COND_HOST_LINUX;
+};
+
+script = {
+ name = 'systemd-integration.sh';
+ common = util/systemd/systemd-integration.sh.in;
+ installdir = grublibexec;
+ condition = COND_HOST_LINUX;
+};
+
+script = {
+ name = '10-grub-logind-service.conf';
+ common = util/systemd/10-grub-logind-service.conf.in;
+ installdir = systemd_logind_service_d;
+ condition = COND_HOST_LINUX;
+};
+
program = {
mansection = 1;
name = grub-mkrescue;
@@ -696,6 +760,23 @@ program = {
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
};
+program = {
+ name = grub-rpm-sort;
+ mansection = 8;
+ installdir = sbin;
+
+ common = grub-core/kern/emu/misc.c;
+ common = grub-core/kern/emu/argp_common.c;
+ common = grub-core/osdep/init.c;
+ common = util/misc.c;
+ common = util/grub-rpm-sort.c;
+
+ ldadd = libgrubkern.a;
+ ldadd = grub-core/lib/gnulib/libgnu.a;
+ ldadd = '$(LIBDEVMAPPER) $(LIBRPM)';
+ condition = COND_GRUB_RPM_SORT;
+};
+
script = {
name = grub-mkconfig;
common = util/grub-mkconfig.in;
@@ -703,6 +784,13 @@ script = {
installdir = sbin;
};
+script = {
+ name = grub-get-kernel-settings;
+ common = util/grub-get-kernel-settings.in;
+ mansection = 3;
+ installdir = sbin;
+};
+
script = {
name = grub-set-default;
common = util/grub-set-default.in;
@@ -717,6 +805,13 @@ script = {
installdir = sbin;
};
+script = {
+ name = grub-set-password;
+ common = util/grub-set-password.in;
+ mansection = 8;
+ installdir = sbin;
+};
+
script = {
name = grub-mkconfig_lib;
common = util/grub-mkconfig_lib.in;
@@ -1211,6 +1306,12 @@ script = {
common = tests/syslinux_test.in;
};
+script = {
+ testcase;
+ name = test_asn1;
+ common = tests/test_asn1.in;
+};
+
program = {
testcase;
name = example_unit_test;
@@ -1321,6 +1422,13 @@ program = {
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
};
+script = {
+ name = grub-switch-to-blscfg;
+ common = util/grub-switch-to-blscfg.in;
+ mansection = 8;
+ installdir = sbin;
+};
+
program = {
name = grub-glue-efi;
mansection = 1;
@@ -1383,3 +1491,10 @@ program = {
ldadd = grub-core/lib/gnulib/libgnu.a;
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
};
+
+program = {
+ name = grub-set-bootflag;
+ installdir = sbin;
+ mansection = 1;
+ common = util/grub-set-bootflag.c;
+};
diff --git a/NEWS b/NEWS
index 73b8492bc4..618c3cdcde 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,9 @@ New in 2.06:
* BootHole and BootHole2 fixes.
* ...and tons of other fixes and cleanups...
+* New/improved platform support:
+ * New `eficonnect' command on EFI platforms.
+
New in 2.04:
* GCC 8 and 9 support.
@@ -98,7 +101,7 @@ New in 2.02:
* Prefer pmtimer for TSC calibration.
* New/improved platform support:
- * New `efifwsetup' and `lsefi' commands on EFI platforms.
+ * New `efifwsetup', `lsefi' commands on EFI platforms.
* New `cmosdump' and `cmosset' commands on platforms with CMOS support.
* New command `pcidump' for PCI platforms.
* Improve opcode parsing in ACPI halt implementation.
diff --git a/acinclude.m4 b/acinclude.m4
index 6e14bb553c..21238fcfd0 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -136,6 +136,25 @@ if test "x$grub_cv_prog_ld_build_id_none" = xyes; then
fi
])
+dnl Supply --build-id=sha1 to ld if building modules.
+dnl This suppresses warnings from ld on some systems
+AC_DEFUN([grub_PROG_LD_BUILD_ID_SHA1],
+[AC_MSG_CHECKING([whether linker accepts --build-id=sha1])
+AC_CACHE_VAL(grub_cv_prog_ld_build_id_sha1,
+[save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS -Wl,--build-id=sha1"
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [grub_cv_prog_ld_build_id_sha1=yes],
+ [grub_cv_prog_ld_build_id_sha1=no])
+LDFLAGS="$save_LDFLAGS"
+])
+AC_MSG_RESULT([$grub_cv_prog_ld_build_id_sha1])
+
+if test "x$grub_cv_prog_ld_build_id_sha1" = xyes; then
+ TARGET_LDFLAGS="$TARGET_LDFLAGS -Wl,--build-id=sha1"
+fi
+])
+
dnl Check nm
AC_DEFUN([grub_PROG_NM_WORKS],
[AC_MSG_CHECKING([whether nm works])
diff --git a/bootstrap.conf b/bootstrap.conf
index 6b043fc354..03f1093023 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -16,7 +16,13 @@
# along with this program. If not, see .
-GNULIB_REVISION=d271f868a8df9bbec29049d01e056481b7a1a263
+# GNULIB_REVISION=d271f868a8df9bbec29049d01e056481b7a1a263
+if [[ -z "${GNULIB_REVISION}" ]] ;then
+ GNULIB_REVISION=fixes
+fi
+if [[ -z "${GNULIB_URL}" ]] ;then
+ GNULIB_URL=https://github.com/rhboot/gnulib.git
+fi
# gnulib modules used by this package.
# mbswidth is used by gnulib-fix-width.diff's changes to argp rather than
@@ -79,11 +85,6 @@ cp -a INSTALL INSTALL.grub
bootstrap_post_import_hook () {
set -e
- for patchname in fix-base64 fix-null-deref fix-null-state-deref fix-regcomp-uninit-token \
- fix-regexec-null-deref fix-uninit-structure fix-unused-value fix-width no-abort; do
- patch -d grub-core/lib/gnulib -p2 \
- < "grub-core/lib/gnulib-patches/$patchname.patch"
- done
for patchname in \
0001-Support-POTFILES-shell \
0002-Handle-gettext_printf-shell-function \
@@ -92,7 +93,7 @@ bootstrap_post_import_hook () {
patch -d po -p3 \
< "po/gettext-patches/$patchname.patch"
done
- FROM_BOOTSTRAP=1 ./autogen.sh
+ PYTHON=python3 FROM_BOOTSTRAP=1 ./autogen.sh
set +e # bootstrap expects this
}
diff --git a/conf/Makefile.common b/conf/Makefile.common
index 2a1a886f6d..9fe5863b2d 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -38,34 +38,38 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding
LDFLAGS_KERNEL = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC)
CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1
CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
-STRIPFLAGS_KERNEL = -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx
+STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -R .note.gnu.property -R .gnu.build.attributes
-CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding
-LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
-CPPFLAGS_MODULE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
-CCASFLAGS_MODULE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
+CFLAGS_MODULE = $(TARGET_CFLAGS) $(CFLAGS_PLATFORM) -ffreestanding
+LDFLAGS_MODULE = $(TARGET_LDFLAGS) $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d
+CPPFLAGS_MODULE = $(TARGET_CPPFLAGS) $(CPPFLAGS_DEFAULT) $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
+CCASFLAGS_MODULE = $(TARGET_CCASFLAGS) $(CCASFLAGS_DEFAULT) $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
CFLAGS_IMAGE = $(CFLAGS_PLATFORM) -fno-builtin
LDFLAGS_IMAGE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-S
CPPFLAGS_IMAGE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
CCASFLAGS_IMAGE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
-CFLAGS_PROGRAM =
-LDFLAGS_PROGRAM =
-CPPFLAGS_PROGRAM =
-CCASFLAGS_PROGRAM =
+CFLAGS_PROGRAM = $(UTILS_CFLAGS)
+LDFLAGS_PROGRAM = $(UTILS_LDFLAGS)
+CPPFLAGS_PROGRAM = $(UTILS_CPPFLAGS)
+CCASFLAGS_PROGRAM = $(UTILS_CCASFLAGS)
-CFLAGS_LIBRARY =
-CPPFLAGS_LIBRARY =
-CCASFLAGS_LIBRARY =
+CFLAGS_LIBRARY = $(UTILS_CFLAGS)
+LDFLAGS_LIBRARY = $(UTILS_LDFLAGS)
+CPPFLAGS_LIBRARY = $(UTILS_CPPFLAGS)
+CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS)
# Other variables
grubconfdir = $(sysconfdir)/grub.d
+grublibexecdir = $(libexecdir)/$(grubdirname)
platformdir = $(pkglibdir)/$(target_cpu)-$(platform)
starfielddir = $(pkgdatadir)/themes/starfield
+systemdunitdir = ${prefix}/lib/systemd/system
+systemd_logind_service_ddir = $(systemdunitdir)/systemd-logind.service.d
-CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion
+CFLAGS_GNULIB = -Wno-undef -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Werror=trampolines -fno-trampolines
CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib
CFLAGS_POSIX = -fno-builtin
@@ -120,6 +124,9 @@ noinst_LIBRARIES =
dist_noinst_DATA =
platform_SCRIPTS =
platform_PROGRAMS =
+grublibexec_SCRIPTS =
+systemdunit_SCRIPTS =
+systemd_logind_service_d_SCRIPTS =
TESTS =
EXTRA_DIST =
diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index 8f1485d52a..8ddf22e6c9 100644
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -11,10 +11,12 @@ EXTRA_DIST += unicode
EXTRA_DIST += util/import_gcry.py
EXTRA_DIST += util/import_unicode.py
-EXTRA_DIST += docs/man
EXTRA_DIST += docs/autoiso.cfg
EXTRA_DIST += docs/grub.cfg
EXTRA_DIST += docs/osdetect.cfg
+EXTRA_DIST += docs/org.gnu.grub.policy
+EXTRA_DIST += docs/grub-boot-success.service
+EXTRA_DIST += docs/grub-boot-success.timer
EXTRA_DIST += conf/i386-cygwin-img-ld.sc
@@ -28,16 +30,6 @@ EXTRA_DIST += grub-core/gensymlist.sh
EXTRA_DIST += grub-core/genemuinit.sh
EXTRA_DIST += grub-core/genemuinitheader.sh
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-base64.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
-EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch
-
EXTRA_DIST += grub-core/lib/libgcrypt
EXTRA_DIST += grub-core/lib/libgcrypt-grub/mpi/generic
EXTRA_DIST += $(shell find $(top_srcdir)/include -name '*.h')
diff --git a/config.h.in b/config.h.in
index 9e8f9911b1..c80e3e0aba 100644
--- a/config.h.in
+++ b/config.h.in
@@ -12,6 +12,7 @@
/* Define to 1 to enable disk cache statistics. */
#define DISK_CACHE_STATS @DISK_CACHE_STATS@
#define BOOT_TIME_STATS @BOOT_TIME_STATS@
+#define DEBUG_WITH_TIMESTAMPS @DEBUG_WITH_TIMESTAMPS@
/* We don't need those. */
#define MINILZO_CFG_SKIP_LZO_PTR 1
@@ -59,6 +60,7 @@
#define GRUB_TARGET_CPU "@GRUB_TARGET_CPU@"
#define GRUB_PLATFORM "@GRUB_PLATFORM@"
+#define GRUB_RPM_VERSION "@GRUB_RPM_VERSION@"
#define RE_ENABLE_I18N 1
diff --git a/configure.ac b/configure.ac
index 7517fc49d9..3c808a7223 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-install])
grub_TRANSFORM([grub-mkconfig])
grub_TRANSFORM([grub-mkfont])
grub_TRANSFORM([grub-mkimage])
+grub_TRANSFORM([grub-get-kernel-settings])
grub_TRANSFORM([grub-glue-efi])
grub_TRANSFORM([grub-mklayout])
grub_TRANSFORM([grub-mkpasswd-pbkdf2])
@@ -72,11 +73,40 @@ grub_TRANSFORM([grub-mkrelpath])
grub_TRANSFORM([grub-mkrescue])
grub_TRANSFORM([grub-probe])
grub_TRANSFORM([grub-reboot])
+grub_TRANSFORM([grub-set-password])
+grub_TRANSFORM([grub-rpm-sort])
grub_TRANSFORM([grub-script-check])
grub_TRANSFORM([grub-set-default])
grub_TRANSFORM([grub-sparc64-setup])
grub_TRANSFORM([grub-render-label])
grub_TRANSFORM([grub-file])
+grub_TRANSFORM([grub-bios-setup.3])
+grub_TRANSFORM([grub-editenv.1])
+grub_TRANSFORM([grub-fstest.3])
+grub_TRANSFORM([grub-get-kernel-settings.3])
+grub_TRANSFORM([grub-glue-efi.3])
+grub_TRANSFORM([grub-install.1])
+grub_TRANSFORM([grub-kbdcomp.3])
+grub_TRANSFORM([grub-macbless.8])
+grub_TRANSFORM([grub-menulst2cfg.1])
+grub_TRANSFORM([grub-mkconfig.1])
+grub_TRANSFORM([grub-mkfont.3])
+grub_TRANSFORM([grub-mkimage.1])
+grub_TRANSFORM([grub-mklayout.3])
+grub_TRANSFORM([grub-mknetdir.3])
+grub_TRANSFORM([grub-mkpasswd-pbkdf2.3])
+grub_TRANSFORM([grub-mkrelpath.3])
+grub_TRANSFORM([grub-mkrescue.1])
+grub_TRANSFORM([grub-mkstandalone.3])
+grub_TRANSFORM([grub-ofpathname.3])
+grub_TRANSFORM([grub-probe.3])
+grub_TRANSFORM([grub-rpm-sort.8])
+grub_TRANSFORM([grub-reboot.3])
+grub_TRANSFORM([grub-render-label.3])
+grub_TRANSFORM([grub-script-check.3])
+grub_TRANSFORM([grub-set-default.1])
+grub_TRANSFORM([grub-sparc64-setup.3])
+grub_TRANSFORM([grub-syslinux2cfg.1])
# Optimization flag. Allow user to override.
if test "x$TARGET_CFLAGS" = x; then
@@ -282,6 +312,19 @@ AC_SUBST(target_cpu)
AC_SUBST(platform)
# Define default variables
+have_with_rpm_version=n
+AC_ARG_WITH([rpm_version],
+ AS_HELP_STRING([--with-rpm-version=VERSION],
+ [set the rpm package version [[guessed]]]),
+ [have_with_rpm_version=y],
+ [have_with_rpm_version=n])
+if test x$have_with_rpm_version = xy; then
+ rpm_version="$with_rpm_version"
+else
+ rpm_version=""
+fi
+GRUB_RPM_VERSION="$rpm_version"
+AC_SUBST(GRUB_RPM_VERSION)
have_with_bootdir=n
AC_ARG_WITH([bootdir],
@@ -314,6 +357,14 @@ AC_SUBST(grubdirname)
AC_DEFINE_UNQUOTED(GRUB_DIR_NAME, "$grubdirname",
[Default grub directory name])
+PKG_PROG_PKG_CONFIG
+AS_IF([$($PKG_CONFIG --exists bash-completion)], [
+ bashcompletiondir=$($PKG_CONFIG --variable=completionsdir bash-completion)
+] , [
+ bashcompletiondir=${datadir}/bash-completion/completions
+])
+AC_SUBST(bashcompletiondir)
+
#
# Checks for build programs.
#
@@ -525,6 +576,9 @@ HOST_CFLAGS="$HOST_CFLAGS $grub_cv_cc_w_extra_flags"
# Check for target programs.
#
+# This makes sure pkg.m4 is available.
+m4_pattern_forbid([^_?PKG_[A-Z_]+$],[*** pkg.m4 missing, please install pkg-config])
+
# Find tools for the target.
if test "x$target_alias" != x && test "x$host_alias" != "x$target_alias"; then
tmp_ac_tool_prefix="$ac_tool_prefix"
@@ -836,11 +890,23 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p
TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow"
fi
+# Should grub utils get the host CFLAGS, or the target CFLAGS?
+AC_ARG_WITH([utils],
+ AS_HELP_STRING([--with-utils=host|target|build],
+ [choose which flags to build utilities with. (default=target)]),
+ [have_with_utils=y],
+ [have_with_utils=n])
+if test x"$have_with_utils" = xy ; then
+ with_utils="$withval"
+else
+ with_utils=target
+fi
+
# GRUB doesn't use float or doubles at all. Yet some toolchains may decide
# that floats are a good fit to run instead of what's written in the code.
# Given that floating point unit is disabled (if present to begin with)
# when GRUB is running which may result in various hard crashes.
-if test x"$platform" != xemu ; then
+if test x"$platform" != xemu -a x"$with_utils" == xtarget ; then
AC_CACHE_CHECK([for options to get soft-float], grub_cv_target_cc_soft_float, [
grub_cv_target_cc_soft_float=no
if test "x$target_cpu" = xarm64; then
@@ -1235,6 +1301,26 @@ if test "x$target_cpu" = xarm; then
done
])
+ AC_CACHE_CHECK([for options to disable movt and movw relocations],
+ grub_cv_target_cc_mword_relocations,
+ [grub_cv_target_cc_mword_relocations=no
+ for cand in "-mword-relocations" ; do
+ if test x"$grub_cv_target_cc_mword_relocations" != xno ; then
+ break
+ fi
+ CFLAGS="$TARGET_CFLAGS $cand -Werror"
+ CPPFLAGS="$TARGET_CPPFLAGS"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [grub_cv_target_cc_mword_relocations="$cand"],
+ [])
+ done
+ ])
+ if test x"$grub_cv_target_cc_mword_relocations" = xno ; then
+ AC_MSG_ERROR(["your compiler doesn't support disabling movw/movt relocations"])
+ else
+ TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mword_relocations"
+ fi
+
if test x"$grub_cv_target_cc_mno_movt" != xno ; then
# A trick so that clang doesn't see it on link stage
TARGET_CPPFLAGS="$TARGET_CPPFLAGS $grub_cv_target_cc_mno_movt"
@@ -1394,11 +1480,11 @@ fi
# Set them to their new values for the tests below.
CC="$TARGET_CC"
if test x"$platform" = xemu ; then
-CFLAGS="$TARGET_CFLAGS -Wno-error"
+CFLAGS="$TARGET_CFLAGS"
elif test "x$TARGET_APPLE_LINKER" = x1 ; then
-CFLAGS="$TARGET_CFLAGS -nostdlib -static -Wno-error"
+CFLAGS="$TARGET_CFLAGS -nostdlib -static"
else
-CFLAGS="$TARGET_CFLAGS -nostdlib -Wno-error"
+CFLAGS="$TARGET_CFLAGS -nostdlib"
fi
CPPFLAGS="$TARGET_CPPFLAGS"
@@ -1429,7 +1515,15 @@ grub_PROG_TARGET_CC
if test "x$TARGET_APPLE_LINKER" != x1 ; then
grub_PROG_OBJCOPY_ABSOLUTE
fi
+
+AC_ARG_ENABLE([build-id],
+ [AS_HELP_STRING([--enable-build-id],
+ [ask the linker to supply build-id notes (default=no)])])
+if test x$enable_build_id = xyes; then
+grub_PROG_LD_BUILD_ID_SHA1
+else
grub_PROG_LD_BUILD_ID_NONE
+fi
if test "x$target_cpu" = xi386; then
if test "$platform" != emu && test "x$TARGET_APPLE_LINKER" != x1 ; then
if test ! -z "$TARGET_IMG_LDSCRIPT"; then
@@ -1519,6 +1613,17 @@ else
fi
AC_SUBST([BOOT_TIME_STATS])
+AC_ARG_WITH([debug-timestamps],
+ AS_HELP_STRING([--with-debug-timestamps],
+ [prepend debug traces with absolute and relative timestamps]))
+
+if test x$with_debug_timestamps = xyes; then
+ DEBUG_WITH_TIMESTAMPS=1
+else
+ DEBUG_WITH_TIMESTAMPS=0
+fi
+AC_SUBST([DEBUG_WITH_TIMESTAMPS])
+
AC_ARG_ENABLE([grub-emu-sdl],
[AS_HELP_STRING([--enable-grub-emu-sdl],
[build and install the `grub-emu' debugging utility with SDL support (default=guessed)])])
@@ -1826,6 +1931,35 @@ fi
AC_SUBST([LIBDEVMAPPER])
+AC_ARG_ENABLE([rpm-sort],
+ [AS_HELP_STRING([--enable-rpm-sort],
+ [enable native rpm sorting of kernels in grub (default=guessed)])])
+if test x"$enable_rpm_sort" = xno ; then
+ rpm_sort_excuse="explicitly disabled"
+else
+ enable_rpm_sort=yes
+fi
+
+if test x"$rpm_sort_excuse" = x ; then
+ # Check for rpmlib header.
+ AC_CHECK_HEADER([rpm/rpmlib.h], [],
+ [rpm_sort_excuse="need rpm/rpmlib header"])
+fi
+
+if test x"$rpm_sort_excuse" = x ; then
+ # Check for rpmio library.
+ AC_CHECK_LIB([rpmio], [rpmvercmp], [],
+ [rpm_sort_excuse="rpmio missing rpmvercmp"])
+fi
+
+if test x"$rpm_sort_excuse" = x ; then
+ LIBRPM="-lrpmio";
+ AC_DEFINE([HAVE_RPMIO], [1],
+ [Define to 1 if you have the rpmio library.])
+fi
+
+AC_SUBST([LIBRPM])
+
LIBGEOM=
if test x$host_kernel = xkfreebsd; then
AC_CHECK_LIB([geom], [geom_gettree], [],
@@ -1924,6 +2058,17 @@ if test x"$enable_werror" != xno ; then
HOST_CFLAGS="$HOST_CFLAGS -Werror"
fi
+AC_ARG_ENABLE([wextra],
+ [AS_HELP_STRING([--disable-wextra],
+ [do not use -Wextra when building GRUB])])
+if test x"$enable_wextra" != xno ; then
+ TARGET_CFLAGS="$TARGET_CFLAGS -Wextra"
+ HOST_CFLAGS="$HOST_CFLAGS -Wextra"
+fi
+
+TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines"
+HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines"
+
TARGET_CPP="$TARGET_CC -E"
TARGET_CCAS=$TARGET_CC
@@ -1933,6 +2078,41 @@ HOST_CPPFLAGS="$HOST_CPPFLAGS -I\$(top_builddir)/include"
TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_srcdir)/include"
TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_builddir)/include"
+case "$with_utils" in
+ host)
+ UTILS_CFLAGS=$HOST_CFLAGS
+ UTILS_CPPFLAGS=$HOST_CPPFLAGS
+ UTILS_CCASFLAGS=$HOST_CCASFLAGS
+ UTILS_LDFLAGS=$HOST_LDFLAGS
+ ;;
+ target)
+ UTILS_CFLAGS=$TARGET_CFLAGS
+ UTILS_CPPFLAGS=$TARGET_CPPFLAGS
+ UTILS_CCASFLAGS=$TARGET_CCASFLAGS
+ UTILS_LDFLAGS=$TARGET_LDFLAGS
+ ;;
+ build)
+ UTILS_CFLAGS=$BUILD_CFLAGS
+ UTILS_CPPFLAGS=$BUILD_CPPFLAGS
+ UTILS_CCASFLAGS=$BUILD_CCASFLAGS
+ UTILS_LDFLAGS=$BUILD_LDFLAGS
+ ;;
+ *)
+ AC_MSG_ERROR([--with-utils must be either host, target, or build])
+ ;;
+esac
+AC_MSG_NOTICE([Using $with_utils flags for utilities.])
+
+unset CFLAGS
+unset CPPFLAGS
+unset CCASFLAGS
+unset LDFLAGS
+
+AC_SUBST(UTILS_CFLAGS)
+AC_SUBST(UTILS_CPPFLAGS)
+AC_SUBST(UTILS_CCASFLAGS)
+AC_SUBST(UTILS_LDFLAGS)
+
GRUB_TARGET_CPU="${target_cpu}"
GRUB_PLATFORM="${platform}"
@@ -2013,6 +2193,7 @@ AM_CONDITIONAL([COND_GRUB_EMU_SDL], [test x$enable_grub_emu_sdl = xyes])
AM_CONDITIONAL([COND_GRUB_EMU_PCI], [test x$enable_grub_emu_pci = xyes])
AM_CONDITIONAL([COND_GRUB_MKFONT], [test x$enable_grub_mkfont = xyes])
AM_CONDITIONAL([COND_GRUB_MOUNT], [test x$enable_grub_mount = xyes])
+AM_CONDITIONAL([COND_GRUB_RPM_SORT], [test x$enable_rpm_sort = xyes])
AM_CONDITIONAL([COND_HAVE_FONT_SOURCE], [test x$FONT_SOURCE != x])
if test x$FONT_SOURCE != x ; then
HAVE_FONT_SOURCE=1
@@ -2024,6 +2205,7 @@ AM_CONDITIONAL([COND_APPLE_LINKER], [test x$TARGET_APPLE_LINKER = x1])
AM_CONDITIONAL([COND_ENABLE_EFIEMU], [test x$enable_efiemu = xyes])
AM_CONDITIONAL([COND_ENABLE_CACHE_STATS], [test x$DISK_CACHE_STATS = x1])
AM_CONDITIONAL([COND_ENABLE_BOOT_TIME_STATS], [test x$BOOT_TIME_STATS = x1])
+AM_CONDITIONAL([COND_DEBUG_WITH_TIMESTAMPS], [test x$DEBUG_WITH_TIMESTAMPS = x1])
AM_CONDITIONAL([COND_HAVE_CXX], [test x$HAVE_CXX = xyes])
@@ -2119,6 +2301,12 @@ else
echo With boot time statistics: No
fi
+if [ x"$with_debug_timestamps" = xyes ]; then
+echo Debug traces with timestamps: Yes
+else
+echo Debug traces with timestamps: No
+fi
+
if [ x"$efiemu_excuse" = x ]; then
echo efiemu runtime: Yes
else
@@ -2134,6 +2322,11 @@ echo grub-mount: Yes
else
echo grub-mount: No "($grub_mount_excuse)"
fi
+if [ x"$rpm_sort_excuse" = x ]; then
+echo grub-rpm-sort: Yes
+else
+echo grub-rpm-sort: No "($rpm_sort_excuse)"
+fi
if [ x"$starfield_excuse" = x ]; then
echo starfield theme: Yes
echo With DejaVuSans font from $DJVU_FONT_SOURCE
diff --git a/docs/.gitignore b/docs/.gitignore
new file mode 100644
index 0000000000..e1d849ef95
--- /dev/null
+++ b/docs/.gitignore
@@ -0,0 +1,5 @@
+/*.in
+/Makefile
+/stamp-1
+/stamp-vti
+/version*.texi
diff --git a/docs/Makefile.am b/docs/Makefile.am
index 93eb396276..ab28f19969 100644
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -5,5 +5,3 @@ info_TEXINFOS = grub.texi grub-dev.texi
grub_TEXINFOS = fdl.texi
EXTRA_DIST = font_char_metrics.png font_char_metrics.txt
-
-
diff --git a/docs/grub-boot-indeterminate.service b/docs/grub-boot-indeterminate.service
new file mode 100644
index 0000000000..6c8dcb186b
--- /dev/null
+++ b/docs/grub-boot-indeterminate.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Mark boot as indeterminate
+DefaultDependencies=false
+Requires=sysinit.target
+After=sysinit.target
+Wants=system-update-pre.target
+Before=system-update-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/grub2-editenv - incr boot_indeterminate
diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service
new file mode 100644
index 0000000000..80e79584c9
--- /dev/null
+++ b/docs/grub-boot-success.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Mark boot as successful
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/grub2-set-bootflag boot_success
diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
new file mode 100644
index 0000000000..406f172005
--- /dev/null
+++ b/docs/grub-boot-success.timer
@@ -0,0 +1,7 @@
+[Unit]
+Description=Mark boot as successful after the user session has run 2 minutes
+ConditionUser=!@system
+ConditionVirtualization=!container
+
+[Timer]
+OnActiveSec=2min
diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
index 6c629a23e2..c23ba313dc 100644
--- a/docs/grub-dev.texi
+++ b/docs/grub-dev.texi
@@ -1,7 +1,7 @@
\input texinfo
@c -*-texinfo-*-
@c %**start of header
-@setfilename grub-dev.info
+@setfilename grub2-dev.info
@include version-dev.texi
@settitle GNU GRUB Developers Manual @value{VERSION}
@c Unify all our little indices for now.
@@ -32,7 +32,7 @@ Invariant Sections.
@dircategory Kernel
@direntry
-* grub-dev: (grub-dev). The GRand Unified Bootloader Dev
+* grub2-dev: (grub2-dev). The GRand Unified Bootloader Dev
@end direntry
@setchapternewpage odd
@@ -755,9 +755,9 @@ declare startup asm file ($cpu_$platform_startup) as well as any other files
(e.g. init.c and callwrap.S) (e.g. $cpu_$platform = kern/$cpu/$platform/init.c).
At this stage you will also need to add dummy dl.c and cache.S with functions
grub_err_t grub_arch_dl_check_header (void *ehdr), grub_err_t
-grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c) and
-void grub_arch_sync_caches (void *address, grub_size_t len) (cache.S). They
-won't be used for now.
+grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c), grub_uint32_t
+grub_arch_dl_min_alignment (void), and void grub_arch_sync_caches (void
+*address, grub_size_t len) (cache.S). They won't be used for now.
You will need to create directory include/$cpu/$platform and a file
include/$cpu/types.h. The later folowing this template:
@@ -1047,7 +1047,9 @@ space is limited to 4GiB. GRUB allocates pages from EFI for its heap, at most
1.6 GiB.
On i386-ieee1275 and powerpc-ieee1275 GRUB uses same stack as IEEE1275.
-It allocates at most 32MiB for its heap.
+
+On i386-ieee1275, GRUB allocates at most 32MiB for its heap. On
+powerpc-ieee1275, GRUB allocates up to 1GiB.
On sparc64-ieee1275 stack is 256KiB and heap is 2MiB.
@@ -1075,7 +1077,7 @@ In short:
@item i386-qemu @tab 60 KiB @tab < 4 GiB
@item *-efi @tab ? @tab < 1.6 GiB
@item i386-ieee1275 @tab ? @tab < 32 MiB
-@item powerpc-ieee1275 @tab ? @tab < 32 MiB
+@item powerpc-ieee1275 @tab ? @tab < 1 GiB
@item sparc64-ieee1275 @tab 256KiB @tab 2 MiB
@item arm-uboot @tab 256KiB @tab 2 MiB
@item mips(el)-qemu_mips @tab 2MiB @tab 253 MiB
diff --git a/docs/grub.texi b/docs/grub.texi
index f8b4b3b21a..c433240f34 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1,7 +1,7 @@
\input texinfo
@c -*-texinfo-*-
@c %**start of header
-@setfilename grub.info
+@setfilename grub2.info
@include version.texi
@settitle GNU GRUB Manual @value{VERSION}
@c Unify all our little indices for now.
@@ -32,15 +32,15 @@ Invariant Sections.
@dircategory Kernel
@direntry
-* GRUB: (grub). The GRand Unified Bootloader
-* grub-install: (grub)Invoking grub-install. Install GRUB on your drive
-* grub-mkconfig: (grub)Invoking grub-mkconfig. Generate GRUB configuration
-* grub-mkpasswd-pbkdf2: (grub)Invoking grub-mkpasswd-pbkdf2.
-* grub-mkrelpath: (grub)Invoking grub-mkrelpath.
-* grub-mkrescue: (grub)Invoking grub-mkrescue. Make a GRUB rescue image
-* grub-mount: (grub)Invoking grub-mount. Mount a file system using GRUB
-* grub-probe: (grub)Invoking grub-probe. Probe device information
-* grub-script-check: (grub)Invoking grub-script-check.
+* GRUB2: (grub2). The GRand Unified Bootloader
+* grub2-install: (grub2)Invoking grub2-install. Install GRUB on your drive
+* grub2-mkconfig: (grub2)Invoking grub2-mkconfig. Generate GRUB configuration
+* grub2-mkpasswd-pbkdf2: (grub2)Invoking grub2-mkpasswd-pbkdf2.
+* grub2-mkrelpath: (grub2)Invoking grub2-mkrelpath.
+* grub2-mkrescue: (grub2)Invoking grub2-mkrescue. Make a GRUB rescue image
+* grub2-mount: (grub2)Invoking grub2-mount. Mount a file system using GRUB
+* grub2-probe: (grub2)Invoking grub2-probe. Probe device information
+* grub2-script-check: (grub2)Invoking grub2-script-check.
@end direntry
@setchapternewpage odd
@@ -103,15 +103,15 @@ This edition documents version @value{VERSION}.
* Platform-specific operations:: Platform-specific operations
* Supported kernels:: The list of supported kernels
* Troubleshooting:: Error messages produced by GRUB
-* Invoking grub-install:: How to use the GRUB installer
-* Invoking grub-mkconfig:: Generate a GRUB configuration file
-* Invoking grub-mkpasswd-pbkdf2::
+* Invoking grub2-install:: How to use the GRUB installer
+* Invoking grub2-mkconfig:: Generate a GRUB configuration file
+* Invoking grub2-mkpasswd-pbkdf2::
Generate GRUB password hashes
-* Invoking grub-mkrelpath:: Make system path relative to its root
-* Invoking grub-mkrescue:: Make a GRUB rescue image
-* Invoking grub-mount:: Mount a file system using GRUB
-* Invoking grub-probe:: Probe device information for GRUB
-* Invoking grub-script-check:: Check GRUB script file for syntax errors
+* Invoking grub2-mkrelpath:: Make system path relative to its root
+* Invoking grub2-mkrescue:: Make a GRUB rescue image
+* Invoking grub2-mount:: Mount a file system using GRUB
+* Invoking grub2-probe:: Probe device information for GRUB
+* Invoking grub2-script-check:: Check GRUB script file for syntax errors
* Obtaining and Building GRUB:: How to obtain and build GRUB
* Reporting bugs:: Where you should send a bug report
* Future:: Some future plans on GRUB
@@ -230,7 +230,7 @@ surprising.
@item
@file{grub.cfg} is typically automatically generated by
-@command{grub-mkconfig} (@pxref{Simple configuration}). This makes it
+@command{grub2-mkconfig} (@pxref{Simple configuration}). This makes it
easier to handle versioned kernel upgrades.
@item
@@ -244,7 +244,7 @@ scripting language: variables, conditionals, and loops are available.
@item
A small amount of persistent storage is available across reboots, using the
@command{save_env} and @command{load_env} commands in GRUB and the
-@command{grub-editenv} utility. This is not available in all configurations
+@command{grub2-editenv} utility. This is not available in all configurations
(@pxref{Environment block}).
@item
@@ -549,7 +549,7 @@ On OS which have device nodes similar to Unix-like OS GRUB tools use the
OS name. E.g. for GNU/Linux:
@example
-# @kbd{grub-install /dev/sda}
+# @kbd{grub2-install /dev/sda}
@end example
On AROS we use another syntax. For volumes:
@@ -572,7 +572,7 @@ For disks we use syntax:
E.g.
@example
-# @kbd{grub-install //:ata.device/0/0}
+# @kbd{grub2-install //:ata.device/0/0}
@end example
On Windows we use UNC path. For volumes it's typically
@@ -599,7 +599,7 @@ For disks it's
E.g.
@example
-# @kbd{grub-install \\?\PhysicalDrive0}
+# @kbd{grub2-install \\?\PhysicalDrive0}
@end example
Beware that you may need to further escape the backslashes depending on your
@@ -609,7 +609,7 @@ When compiled with cygwin support then cygwin drive names are automatically
when needed. E.g.
@example
-# @kbd{grub-install /dev/sda}
+# @kbd{grub2-install /dev/sda}
@end example
@node Installation
@@ -622,7 +622,7 @@ from the source tarball, or as a package for your OS.
After you have done that, you need to install the boot loader on a
drive (floppy or hard disk) by using the utility
-@command{grub-install} (@pxref{Invoking grub-install}) on a UNIX-like OS.
+@command{grub2-install} (@pxref{Invoking grub2-install}) on a UNIX-like OS.
GRUB comes with boot images, which are normally put in the directory
@file{/usr/lib/grub/-} (for BIOS-based machines
@@ -633,22 +633,22 @@ loader needs to find them (usually @file{/boot}) will be called
the @dfn{boot directory}.
@menu
-* Installing GRUB using grub-install::
+* Installing GRUB using grub2-install::
* Making a GRUB bootable CD-ROM::
* Device map::
* BIOS installation::
@end menu
-@node Installing GRUB using grub-install
-@section Installing GRUB using grub-install
+@node Installing GRUB using grub2-install
+@section Installing GRUB using grub2-install
For information on where GRUB should be installed on PC BIOS platforms,
@pxref{BIOS installation}.
In order to install GRUB under a UNIX-like OS (such
-as @sc{gnu}), invoke the program @command{grub-install} (@pxref{Invoking
-grub-install}) as the superuser (@dfn{root}).
+as @sc{gnu}), invoke the program @command{grub2-install} (@pxref{Invoking
+grub2-install}) as the superuser (@dfn{root}).
The usage is basically very simple. You only need to specify one
argument to the program, namely, where to install the boot loader. The
@@ -657,13 +657,13 @@ For example, under Linux the following will install GRUB into the MBR
of the first IDE disk:
@example
-# @kbd{grub-install /dev/sda}
+# @kbd{grub2-install /dev/sda}
@end example
Likewise, under GNU/Hurd, this has the same effect:
@example
-# @kbd{grub-install /dev/hd0}
+# @kbd{grub2-install /dev/hd0}
@end example
But all the above examples assume that GRUB should put images under
@@ -677,7 +677,7 @@ boot floppy with a filesystem. Here is an example:
# @kbd{mke2fs /dev/fd0}
# @kbd{mount -t ext2 /dev/fd0 /mnt}
# @kbd{mkdir /mnt/boot}
-# @kbd{grub-install --boot-directory=/mnt/boot /dev/fd0}
+# @kbd{grub2-install --boot-directory=/mnt/boot /dev/fd0}
# @kbd{umount /mnt}
@end group
@end example
@@ -689,30 +689,37 @@ floppy instead of exposing the USB drive as a hard disk (they call it
@example
# @kbd{losetup /dev/loop0 /dev/sdb1}
# @kbd{mount /dev/loop0 /mnt/usb}
-# @kbd{grub-install --boot-directory=/mnt/usb/bugbios --force --allow-floppy /dev/loop0}
+# @kbd{grub2-install --boot-directory=/mnt/usb/bugbios --force --allow-floppy /dev/loop0}
@end example
This install doesn't conflict with standard install as long as they are in
separate directories.
+Note that @command{grub2-install} is actually just a shell script and the
+real task is done by other tools such as @command{grub2-mkimage}. Therefore,
+you may run those commands directly to install GRUB, without using
+@command{grub2-install}. Don't do that, however, unless you are very familiar
+with the internals of GRUB. Installing a boot loader on a running OS may be
+extremely dangerous.
+
On EFI systems for fixed disk install you have to mount EFI System Partition.
If you mount it at @file{/boot/efi} then you don't need any special arguments:
@example
-# @kbd{grub-install}
+# @kbd{grub2-install}
@end example
Otherwise you need to specify where your EFI System partition is mounted:
@example
-# @kbd{grub-install --efi-directory=/mnt/efi}
+# @kbd{grub2-install --efi-directory=/mnt/efi}
@end example
For removable installs you have to use @option{--removable} and specify both
@option{--boot-directory} and @option{--efi-directory}:
@example
-# @kbd{grub-install --efi-directory=/mnt/usb --boot-directory=/mnt/usb/boot --removable}
+# @kbd{grub2-install --efi-directory=/mnt/usb --boot-directory=/mnt/usb/boot --removable}
@end example
@node Making a GRUB bootable CD-ROM
@@ -732,10 +739,10 @@ usually also need to include a configuration file @file{grub.cfg} and some
other GRUB modules.
To make a simple generic GRUB rescue CD, you can use the
-@command{grub-mkrescue} program (@pxref{Invoking grub-mkrescue}):
+@command{grub2-mkrescue} program (@pxref{Invoking grub2-mkrescue}):
@example
-$ @kbd{grub-mkrescue -o grub.iso}
+$ @kbd{grub2-mkrescue -o grub.iso}
@end example
You will often need to include other files in your image. To do this, first
@@ -758,7 +765,7 @@ directory @file{iso/}.
Finally, make the image:
@example
-$ @kbd{grub-mkrescue -o grub.iso iso}
+$ @kbd{grub2-mkrescue -o grub.iso iso}
@end example
This produces a file named @file{grub.iso}, which then can be burned
@@ -774,7 +781,7 @@ storage devices.
@node Device map
@section The map between BIOS drives and OS devices
-If the device map file exists, the GRUB utilities (@command{grub-probe},
+If the device map file exists, the GRUB utilities (@command{grub2-probe},
etc.) read it to map BIOS drives to OS devices. This file consists of lines
like this:
@@ -1254,23 +1261,23 @@ need to write the whole thing by hand.
@node Simple configuration
@section Simple configuration handling
-The program @command{grub-mkconfig} (@pxref{Invoking grub-mkconfig})
+The program @command{grub2-mkconfig} (@pxref{Invoking grub2-mkconfig})
generates @file{grub.cfg} files suitable for most cases. It is suitable for
use when upgrading a distribution, and will discover available kernels and
attempt to generate menu entries for them.
-@command{grub-mkconfig} does have some limitations. While adding extra
+@command{grub2-mkconfig} does have some limitations. While adding extra
custom menu entries to the end of the list can be done by editing
-@file{/etc/grub.d/40_custom} or creating @file{/boot/grub/custom.cfg},
+@file{/etc/grub.d/40_custom} or creating @file{/boot/grub2/custom.cfg},
changing the order of menu entries or changing their titles may require
making complex changes to shell scripts stored in @file{/etc/grub.d/}. This
may be improved in the future. In the meantime, those who feel that it
would be easier to write @file{grub.cfg} directly are encouraged to do so
(@pxref{Booting}, and @ref{Shell-like scripting}), and to disable any system
-provided by their distribution to automatically run @command{grub-mkconfig}.
+provided by their distribution to automatically run @command{grub2-mkconfig}.
The file @file{/etc/default/grub} controls the operation of
-@command{grub-mkconfig}. It is sourced by a shell script, and so must be
+@command{grub2-mkconfig}. It is sourced by a shell script, and so must be
valid POSIX shell input; normally, it will just be a sequence of
@samp{KEY=value} lines, but if the value contains spaces or other special
characters then it must be quoted. For example:
@@ -1308,7 +1315,7 @@ works it's not recommended since titles often contain unstable device names
and may be translated
If you set this to @samp{saved}, then the default menu entry will be that
-saved by @samp{GRUB_SAVEDEFAULT} or @command{grub-set-default}. This relies on
+saved by @samp{GRUB_SAVEDEFAULT} or @command{grub2-set-default}. This relies on
the environment block, which may not be available in all situations
(@pxref{Environment block}).
@@ -1319,7 +1326,7 @@ If this option is set to @samp{true}, then, when an entry is selected, save
it as a new default entry for use by future runs of GRUB. This is only
useful if @samp{GRUB_DEFAULT=saved}; it is a separate option because
@samp{GRUB_DEFAULT=saved} is useful without this option, in conjunction with
-@command{grub-set-default}. Unset by default.
+@command{grub2-set-default}. Unset by default.
This option relies on the environment block, which may not be available in
all situations (@pxref{Environment block}).
@@ -1449,7 +1456,7 @@ intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode
@end example
@item GRUB_DISABLE_LINUX_UUID
-Normally, @command{grub-mkconfig} will generate menu entries that use
+Normally, @command{grub2-mkconfig} will generate menu entries that use
universally-unique identifiers (UUIDs) to identify the root filesystem to
the Linux kernel, using a @samp{root=UUID=...} kernel parameter. This is
usually more reliable, but in some cases it may not be appropriate. To
@@ -1471,7 +1478,7 @@ If this option is set to @samp{true}, disable the generation of recovery
mode menu entries.
@item GRUB_DISABLE_UUID
-Normally, @command{grub-mkconfig} will generate menu entries that use
+Normally, @command{grub2-mkconfig} will generate menu entries that use
universally-unique identifiers (UUIDs) to identify various filesystems to
search for files. This is usually more reliable, but in some cases it may
not be appropriate. To disable this use of UUIDs, set this option to
@@ -1482,12 +1489,12 @@ not be appropriate. To disable this use of UUIDs, set this option to
@item GRUB_VIDEO_BACKEND
If graphical video support is required, either because the @samp{gfxterm}
graphical terminal is in use or because @samp{GRUB_GFXPAYLOAD_LINUX} is set,
-then @command{grub-mkconfig} will normally load all available GRUB video
+then @command{grub2-mkconfig} will normally load all available GRUB video
drivers and use the one most appropriate for your hardware. If you need to
override this for some reason, then you can set this option.
-After @command{grub-install} has been run, the available video drivers are
-listed in @file{/boot/grub/video.lst}.
+After @command{grub2-install} has been run, the available video drivers are
+listed in @file{/boot/grub2/video.lst}.
@item GRUB_GFXMODE
Set the resolution used on the @samp{gfxterm} graphical terminal. Note that
@@ -1519,20 +1526,17 @@ boot sequence. If you have problems, set this option to @samp{text} and
GRUB will tell Linux to boot in normal text mode.
@item GRUB_DISABLE_OS_PROBER
-The @command{grub-mkconfig} has a feature to use the external
-@command{os-prober} program to discover other operating systems installed on
-the same machine and generate appropriate menu entries for them. It is disabled
-by default since automatic and silent execution of @command{os-prober}, and
-creating boot entries based on that data, is a potential attack vector. Set
-this option to @samp{false} to enable this feature in the
-@command{grub-mkconfig} command.
+Normally, @command{grub2-mkconfig} will try to use the external
+@command{os-prober} program, if installed, to discover other operating
+systems installed on the same system and generate appropriate menu entries
+for them. Set this option to @samp{true} to disable this.
@item GRUB_OS_PROBER_SKIP_LIST
List of space-separated FS UUIDs of filesystems to be ignored from os-prober
output. For efi chainloaders it's @@
@item GRUB_DISABLE_SUBMENU
-Normally, @command{grub-mkconfig} will generate top level menu entry for
+Normally, @command{grub2-mkconfig} will generate top level menu entry for
the kernel with highest version number and put all other found kernels
or alternative menu entries for recovery mode in submenu. For entries returned
by @command{os-prober} first entry will be put on top level and all others
@@ -1540,11 +1544,11 @@ in submenu. If this option is set to @samp{true}, flat menu with all entries
on top level will be generated instead. Changing this option will require
changing existing values of @samp{GRUB_DEFAULT}, @samp{fallback} (@pxref{fallback})
and @samp{default} (@pxref{default}) environment variables as well as saved
-default entry using @command{grub-set-default} and value used with
-@command{grub-reboot}.
+default entry using @command{grub2-set-default} and value used with
+@command{grub2-reboot}.
@item GRUB_ENABLE_CRYPTODISK
-If set to @samp{y}, @command{grub-mkconfig} and @command{grub-install} will
+If set to @samp{y}, @command{grub2-mkconfig} and @command{grub2-install} will
check for encrypted disks and generate additional commands needed to access
them during boot. Note that in this case unattended boot is not possible
because GRUB will wait for passphrase to unlock encrypted container.
@@ -1603,7 +1607,7 @@ confusing @samp{GRUB_TIMEOUT_STYLE=countdown} or
@end table
-For more detailed customisation of @command{grub-mkconfig}'s output, you may
+For more detailed customisation of @command{grub2-mkconfig}'s output, you may
edit the scripts in @file{/etc/grub.d} directly.
@file{/etc/grub.d/40_custom} is particularly useful for adding entire custom
menu entries; simply type the menu entries you want to add at the end of
@@ -1853,9 +1857,10 @@ than zero; otherwise 0.
@section Multi-boot manual config
Currently autogenerating config files for multi-boot environments depends on
-os-prober and has several shortcomings. Due to that it is disabled by default.
-It is advised to use the power of GRUB syntax and do it yourself. A possible
-configuration is detailed here, feel free to adjust to your needs.
+os-prober and has several shortcomings. While fixing it is scheduled for the
+next release, meanwhile you can make use of the power of GRUB syntax and do it
+yourself. A possible configuration is detailed here, feel free to adjust to your
+needs.
First create a separate GRUB partition, big enough to hold GRUB. Some of the
following entries show how to load OS installer images from this same partition,
@@ -1864,7 +1869,7 @@ images as well.
Mount this partition on/mnt/boot and disable GRUB in all OSes and manually
install self-compiled latest GRUB with:
-@code{grub-install --boot-directory=/mnt/boot /dev/sda}
+@code{grub2-install --boot-directory=/mnt/boot /dev/sda}
In all the OSes install GRUB tools but disable installing GRUB in bootsector,
so you'll have menu.lst and grub.cfg available for use. Also disable os-prober
@@ -1874,20 +1879,20 @@ use by setting:
in /etc/default/grub
-Then write a grub.cfg (/mnt/boot/grub/grub.cfg):
+Then write a grub.cfg (/mnt/boot/grub2/grub.cfg):
@example
menuentry "OS using grub2" @{
insmod xfs
search --set=root --label OS1 --hint hd0,msdos8
- configfile /boot/grub/grub.cfg
+ configfile /boot/grub2/grub.cfg
@}
menuentry "OS using grub2-legacy" @{
insmod ext2
search --set=root --label OS2 --hint hd0,msdos6
- legacy_configfile /boot/grub/menu.lst
+ legacy_configfile /boot/grub2/menu.lst
@}
menuentry "Windows XP" @{
@@ -1950,15 +1955,15 @@ GRUB supports embedding a configuration file directly into the core image,
so that it is loaded before entering normal mode. This is useful, for
example, when it is not straightforward to find the real configuration file,
or when you need to debug problems with loading that file.
-@command{grub-install} uses this feature when it is not using BIOS disk
+@command{grub2-install} uses this feature when it is not using BIOS disk
functions or when installing to a different disk from the one containing
@file{/boot/grub}, in which case it needs to use the @command{search}
command (@pxref{search}) to find @file{/boot/grub}.
To embed a configuration file, use the @option{-c} option to
-@command{grub-mkimage}. The file is copied into the core image, so it may
+@command{grub2-mkimage}. The file is copied into the core image, so it may
reside anywhere on the file system, and may be removed after running
-@command{grub-mkimage}.
+@command{grub2-mkimage}.
After the embedded configuration file (if any) is executed, GRUB will load
the @samp{normal} module (@pxref{normal}), which will then read the real
@@ -1993,13 +1998,13 @@ included in the core image:
@example
@group
search.fs_label grub root
-if [ -e /boot/grub/example/test1.cfg ]; then
+if [ -e /boot/grub2/example/test1.cfg ]; then
set prefix=($root)/boot/grub
- configfile /boot/grub/example/test1.cfg
+ configfile /boot/grub2/example/test1.cfg
else
- if [ -e /boot/grub/example/test2.cfg ]; then
+ if [ -e /boot/grub2/example/test2.cfg ]; then
set prefix=($root)/boot/grub
- configfile /boot/grub/example/test2.cfg
+ configfile /boot/grub2/example/test2.cfg
else
echo "Could not find an example configuration file!"
fi
@@ -2523,7 +2528,7 @@ grub-mknetdir --net-directory=/srv/tftp --subdir=/boot/grub -d /usr/lib/grub/i38
@end group
@end example
-Then follow instructions printed out by grub-mknetdir on configuring your DHCP
+Then follow instructions printed out by grub2-mknetdir on configuring your DHCP
server.
The grub.cfg file is placed in the same directory as the path output by
@@ -2717,7 +2722,7 @@ team are:
@end table
To take full advantage of this function, install GRUB into the MBR
-(@pxref{Installing GRUB using grub-install}).
+(@pxref{Installing GRUB using grub2-install}).
If you have a laptop which has a similar feature and not in the above list
could you figure your address and contribute?
@@ -2778,7 +2783,7 @@ bytes.
The sole function of @file{boot.img} is to read the first sector of the core
image from a local disk and jump to it. Because of the size restriction,
@file{boot.img} cannot understand any file system structure, so
-@command{grub-install} hardcodes the location of the first sector of the
+@command{grub2-install} hardcodes the location of the first sector of the
core image into @file{boot.img} when installing GRUB.
@item diskboot.img
@@ -2808,7 +2813,7 @@ images.
@item core.img
This is the core image of GRUB. It is built dynamically from the kernel
-image and an arbitrary list of modules by the @command{grub-mkimage}
+image and an arbitrary list of modules by the @command{grub2-mkimage}
program. Usually, it contains enough modules to access @file{/boot/grub},
and loads everything else (including menu handling, the ability to load
target operating systems, and so on) from the file system at run-time. The
@@ -2860,7 +2865,7 @@ GRUB 2 has no single Stage 2 image. Instead, it loads modules from
In GRUB 2, images for booting from CD-ROM drives are now constructed using
@file{cdboot.img} and @file{core.img}, making sure that the core image
contains the @samp{iso9660} module. It is usually best to use the
-@command{grub-mkrescue} program for this.
+@command{grub2-mkrescue} program for this.
@item nbgrub
There is as yet no equivalent for @file{nbgrub} in GRUB 2; it was used by
@@ -3016,8 +3021,8 @@ There are two ways to specify files, by @dfn{absolute file name} and by
An absolute file name resembles a Unix absolute file name, using
@samp{/} for the directory separator (not @samp{\} as in DOS). One
-example is @samp{(hd0,1)/boot/grub/grub.cfg}. This means the file
-@file{/boot/grub/grub.cfg} in the first partition of the first hard
+example is @samp{(hd0,1)/boot/grub2/grub.cfg}. This means the file
+@file{/boot/grub2/grub.cfg} in the first partition of the first hard
disk. If you omit the device name in an absolute file name, GRUB uses
GRUB's @dfn{root device} implicitly. So if you set the root device to,
say, @samp{(hd1,1)} by the command @samp{set root=(hd1,1)} (@pxref{set}),
@@ -3025,8 +3030,8 @@ then @code{/boot/kernel} is the same as @code{(hd1,1)/boot/kernel}.
On ZFS filesystem the first path component must be
@var{volume}@samp{@@}[@var{snapshot}].
-So @samp{/rootvol@@snap-129/boot/grub/grub.cfg} refers to file
-@samp{/boot/grub/grub.cfg} in snapshot of volume @samp{rootvol} with name
+So @samp{/rootvol@@snap-129/boot/grub2/grub.cfg} refers to file
+@samp{/boot/grub2/grub.cfg} in snapshot of volume @samp{rootvol} with name
@samp{snap-129}. Trailing @samp{@@} after volume name is mandatory even if
snapshot name is omitted.
@@ -3209,6 +3214,7 @@ These variables have special meaning to GRUB.
@menu
* biosnum::
+* check_appended_signatures::
* check_signatures::
* chosen::
* cmdpath::
@@ -3268,11 +3274,18 @@ For an alternative approach which also changes BIOS drive mappings for the
chain-loaded system, @pxref{drivemap}.
+@node check_appended_signatures
+@subsection check_appended_signatures
+
+This variable controls whether GRUB enforces appended signature validation on
+certain loaded files. @xref{Using appended signatures}.
+
+
@node check_signatures
@subsection check_signatures
-This variable controls whether GRUB enforces digital signature
-validation on loaded files. @xref{Using digital signatures}.
+This variable controls whether GRUB enforces GPG-style digital signature
+validation on loaded files. @xref{Using GPG-style digital signatures}.
@node chosen
@subsection chosen
@@ -3429,7 +3442,7 @@ The more recent release of Minix would then be identified as
@samp{other>minix>minix-3.4.0}.
This variable is often set by @samp{GRUB_DEFAULT} (@pxref{Simple
-configuration}), @command{grub-set-default}, or @command{grub-reboot}.
+configuration}), @command{grub2-set-default}, or @command{grub2-reboot}.
@node fallback
@@ -3519,7 +3532,7 @@ If this variable is set, it names the language code that the
example, French would be named as @samp{fr}, and Simplified Chinese as
@samp{zh_CN}.
-@command{grub-mkconfig} (@pxref{Simple configuration}) will try to set a
+@command{grub2-mkconfig} (@pxref{Simple configuration}) will try to set a
reasonable default for this variable based on the system locale.
@@ -3527,10 +3540,10 @@ reasonable default for this variable based on the system locale.
@subsection locale_dir
If this variable is set, it names the directory where translation files may
-be found (@pxref{gettext}), usually @file{/boot/grub/locale}. Otherwise,
+be found (@pxref{gettext}), usually @file{/boot/grub2/locale}. Otherwise,
internationalization is disabled.
-@command{grub-mkconfig} (@pxref{Simple configuration}) will set a reasonable
+@command{grub2-mkconfig} (@pxref{Simple configuration}) will set a reasonable
default for this variable if internationalization is needed and any
translation files are available.
@@ -3648,7 +3661,7 @@ input. The default is not to pause output.
The location of the @samp{/boot/grub} directory as an absolute file name
(@pxref{File name syntax}). This is normally set by GRUB at startup based
-on information provided by @command{grub-install}. GRUB modules are
+on information provided by @command{grub2-install}. GRUB modules are
dynamically loaded from this directory, so it must be set correctly in order
for many parts of GRUB to work.
@@ -3739,17 +3752,17 @@ GRUB provides an ``environment block'' which can be used to save a small
amount of state.
The environment block is a preallocated 1024-byte file, which normally lives
-in @file{/boot/grub/grubenv} (although you should not assume this). At boot
+in @file{/boot/grub2/grubenv} (although you should not assume this). At boot
time, the @command{load_env} command (@pxref{load_env}) loads environment
variables from it, and the @command{save_env} (@pxref{save_env}) command
saves environment variables to it. From a running system, the
-@command{grub-editenv} utility can be used to edit the environment block.
+@command{grub2-editenv} utility can be used to edit the environment block.
For safety reasons, this storage is only available when installed on a plain
disk (no LVM or RAID), using a non-checksumming filesystem (no ZFS), and
using BIOS or EFI functions (no ATA, USB or IEEE1275).
-@command{grub-mkconfig} uses this facility to implement
+@command{grub2-mkconfig} uses this facility to implement
@samp{GRUB_SAVEDEFAULT} (@pxref{Simple configuration}).
@@ -3989,6 +4002,7 @@ you forget a command, you can run the command @command{help}
* date:: Display or set current date and time
* devicetree:: Load a device tree blob
* distrust:: Remove a pubkey from trusted keys
+* distrust_certificate:: Remove a certificate from the list of trusted certificates
* drivemap:: Map a drive to another
* echo:: Display a line of text
* eval:: Evaluate agruments as GRUB commands
@@ -4005,6 +4019,7 @@ you forget a command, you can run the command @command{help}
* keystatus:: Check key modifier status
* linux:: Load a Linux kernel
* linux16:: Load a Linux kernel (16-bit mode)
+* list_certificates:: List trusted certificates
* list_env:: List variables in environment block
* list_trusted:: List trusted public keys
* load_env:: Load variables from environment block
@@ -4042,8 +4057,10 @@ you forget a command, you can run the command @command{help}
* test:: Check file types and compare values
* true:: Do nothing, successfully
* trust:: Add public key to list of trusted keys
+* trust_certificate:: Add an x509 certificate to the list of trusted certificates
* unset:: Unset an environment variable
@comment * vbeinfo:: List available video modes
+* verify_appended:: Verify appended digital signature
* verify_detached:: Verify detached digital signature
* videoinfo:: List available video modes
@comment * xen_*:: Xen boot commands for AArch64
@@ -4371,9 +4388,28 @@ These keys are used to validate signatures when environment variable
@code{check_signatures} is set to @code{enforce}
(@pxref{check_signatures}), and by some invocations of
@command{verify_detached} (@pxref{verify_detached}). @xref{Using
-digital signatures}, for more information.
+GPG-style digital signatures}, for more information.
@end deffn
+
+@node distrust_certificate
+@subsection distrust_certificate
+
+@deffn Command distrust_certificate cert_number
+Remove the x509 certificate numbered @var{cert_number} from GRUB's keyring of
+trusted x509 certificates for verifying appended signatures.
+
+@var{cert_number} is the certificate number as listed by
+@command{list_certificates} (@pxref{list_certificates}).
+
+These certificates are used to validate appended signatures when environment
+variable @code{check_appended_signatures} is set to @code{enforce} or
+@code{forced} (@pxref{check_appended_signatures}), and by
+@command{verify_appended} (@pxref{verify_appended}). See
+@xref{Using appended signatures} for more information.
+@end deffn
+
+
@node drivemap
@subsection drivemap
@@ -4478,7 +4514,7 @@ Translate @var{string} into the current language.
The current language code is stored in the @samp{lang} variable in GRUB's
environment (@pxref{lang}). Translation files in MO format are read from
-@samp{locale_dir} (@pxref{locale_dir}), usually @file{/boot/grub/locale}.
+@samp{locale_dir} (@pxref{locale_dir}), usually @file{/boot/grub2/locale}.
@end deffn
@@ -4631,6 +4667,21 @@ This command is only available on x86 systems.
@end deffn
+@node list_certificates
+@subsection list_certificates
+
+@deffn Command list_certificates
+List all x509 certificates trusted by GRUB for validating appended signatures.
+The output is a numbered list of certificates, showing the certificate's serial
+number and Common Name.
+
+The certificate number can be used as an argument to
+@command{distrust_certificate} (@pxref{distrust_certificate}).
+
+See @xref{Using appended signatures} for more information.
+@end deffn
+
+
@node list_env
@subsection list_env
@@ -4650,7 +4701,7 @@ The output is in GPG's v4 key fingerprint format (i.e., the output of
@code{gpg --fingerprint}). The least significant four bytes (last
eight hexadecimal digits) can be used as an argument to
@command{distrust} (@pxref{distrust}).
-@xref{Using digital signatures}, for more information about uses for
+@xref{Using GPG-style digital signatures}, for more information about uses for
these keys.
@end deffn
@@ -4685,8 +4736,13 @@ When used with care, @option{--skip-sig} and the whitelist enable an
administrator to configure a system to boot only signed
configurations, but to allow the user to select from among multiple
configurations, and to enable ``one-shot'' boot attempts and
-``savedefault'' behavior. @xref{Using digital signatures}, for more
+``savedefault'' behavior. @xref{Using GPG-style digital signatures}, for more
information.
+
+Extra care should be taken when combining this command with appended signatures
+(@pxref{Using appended signatures}), as this file is not validated by an
+appended signature and could set @code{check_appended_signatures=no} if GRUB is
+not in @pxref{Lockdown} mode.
@end deffn
@@ -4873,7 +4929,7 @@ Define a user named @var{user} with password @var{clear-password}.
@deffn Command password_pbkdf2 user hashed-password
Define a user named @var{user} with password hash @var{hashed-password}.
-Use @command{grub-mkpasswd-pbkdf2} (@pxref{Invoking grub-mkpasswd-pbkdf2})
+Use @command{grub2-mkpasswd-pbkdf2} (@pxref{Invoking grub2-mkpasswd-pbkdf2})
to generate password hashes. @xref{Security}.
@end deffn
@@ -4982,7 +5038,7 @@ read. It is possible to modify a digitally signed environment block
file from within GRUB using this command, such that its signature will
no longer be valid on subsequent boots. Care should be taken in such
advanced configurations to avoid rendering the system
-unbootable. @xref{Using digital signatures}, for more information.
+unbootable. @xref{Using GPG-style digital signatures}, for more information.
@end deffn
@@ -5382,11 +5438,32 @@ signatures when environment variable @code{check_signatures} is set to
must itself be properly signed. The @option{--skip-sig} option can be
used to disable signature-checking when reading @var{pubkey_file}
itself. It is expected that @option{--skip-sig} is useful for testing
-and manual booting. @xref{Using digital signatures}, for more
+and manual booting. @xref{Using GPG-style digital signatures}, for more
information.
@end deffn
+@node trust_certificate
+@subsection trust_certificate
+
+@deffn Command trust_certificate x509_certificate
+Read an DER-formatted x509 certificate from the file @var{x509_certificate}
+and add it to GRUB's internal list of trusted x509 certificates. These
+certificates are used to validate appended signatures when the environment
+variable @code{check_appended_signatures} is set to @code{enforce} or
+@code{forced}.
+
+Note that if @code{check_appended_signatures} is set to @code{enforce} or
+@code{forced} when @command{trust_certificate} is executed, then
+@var{x509_certificate} must itself bear an appended signature. (It is not
+sufficient that @var{x509_certificate} be signed by a trusted certificate
+according to the x509 rules: grub does not include support for validating
+signatures within x509 certificates themselves.)
+
+See @xref{Using appended signatures} for more information.
+@end deffn
+
+
@node unset
@subsection unset
@@ -5405,6 +5482,18 @@ only on PC BIOS platforms.
@end deffn
@end ignore
+@node verify_appended
+@subsection verify_appended
+
+@deffn Command verify_appended file
+Verifies an appended signature on @var{file} against the trusted certificates
+known to GRUB (See @pxref{list_certificates}, @pxref{trust_certificate}, and
+@pxref{distrust_certificate}).
+
+Exit code @code{$?} is set to 0 if the signature validates
+successfully. If validation fails, it is set to a non-zero value.
+See @xref{Using appended signatures}, for more information.
+@end deffn
@node verify_detached
@subsection verify_detached
@@ -5423,7 +5512,7 @@ tried.
Exit code @code{$?} is set to 0 if the signature validates
successfully. If validation fails, it is set to a non-zero value.
-@xref{Using digital signatures}, for more information.
+@xref{Using GPG-style digital signatures}, for more information.
@end deffn
@node videoinfo
@@ -5482,6 +5571,7 @@ This command is only available on AArch64 systems.
* net_add_dns:: Add a DNS server
* net_add_route:: Add routing entry
* net_bootp:: Perform a bootp/DHCP autoconfiguration
+* net_bootp6:: Perform a DHCPv6 autoconfiguration
* net_del_addr:: Remove IP address from interface
* net_del_dns:: Remove a DNS server
* net_del_route:: Remove a route entry
@@ -5606,6 +5696,22 @@ Sets environment variable @samp{net_}@var{}@samp{_boot_file}
@end deffn
+@node net_bootp6
+@subsection net_bootp6
+
+@deffn Command net_bootp6 [@var{card}]
+Perform configuration of @var{card} using DHCPv6 protocol. If no card name is
+specified, try to configure all existing cards. If configuration was
+successful, interface with name @var{card}@samp{:dhcp6} and configured address
+is added to @var{card}.
+
+@table @samp
+@item 1 (Domain Name Server)
+Adds all servers from option value to the list of servers used during name
+resolution.
+@end table
+
+@end deffn
@node net_get_dhcp_option
@subsection net_get_dhcp_option
@@ -5789,12 +5895,14 @@ environment variables and commands are listed in the same order.
@chapter Security
@menu
-* Authentication and authorisation:: Users and access control
-* Using digital signatures:: Booting digitally signed code
-* UEFI secure boot and shim:: Booting digitally signed PE files
-* Secure Boot Advanced Targeting:: Embedded information for generation number based revocation
-* Measured Boot:: Measuring boot components
-* Lockdown:: Lockdown when booting on a secure setup
+* Authentication and authorisation:: Users and access control
+* Using GPG-style digital signatures:: Booting digitally signed code
+* Using appended signatures:: An alternative approach to booting digitally signed code
+* UEFI secure boot and shim:: Booting digitally signed PE files
+* Secure Boot Advanced Targeting:: Embedded information for generation number based revocation
+* Measured Boot:: Measuring boot components
+* Lockdown:: Lockdown when booting on a secure setup
+* Signing GRUB itself:: Ensuring the integrity of the GRUB core image
@end menu
@node Authentication and authorisation
@@ -5816,8 +5924,8 @@ The @samp{password} (@pxref{password}) and @samp{password_pbkdf2}
which has an associated password. @samp{password} sets the password in
plain text, requiring @file{grub.cfg} to be secure; @samp{password_pbkdf2}
sets the password hashed using the Password-Based Key Derivation Function
-(RFC 2898), requiring the use of @command{grub-mkpasswd-pbkdf2}
-(@pxref{Invoking grub-mkpasswd-pbkdf2}) to generate password hashes.
+(RFC 2898), requiring the use of @command{grub2-mkpasswd-pbkdf2}
+(@pxref{Invoking grub2-mkpasswd-pbkdf2}) to generate password hashes.
In order to enable authentication support, the @samp{superusers} environment
variable must be set to a list of usernames, separated by any of spaces,
@@ -5862,18 +5970,18 @@ menuentry "May be run by user1 or a superuser" --users user1 @{
@end group
@end example
-The @command{grub-mkconfig} program does not yet have built-in support for
+The @command{grub2-mkconfig} program does not yet have built-in support for
generating configuration files with authentication. You can use
@file{/etc/grub.d/40_custom} to add simple superuser authentication, by
adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2}
commands.
-@node Using digital signatures
-@section Using digital signatures in GRUB
+@node Using GPG-style digital signatures
+@section Using GPG-style digital signatures in GRUB
GRUB's @file{core.img} can optionally provide enforcement that all files
subsequently read from disk are covered by a valid digital signature.
-This document does @strong{not} cover how to ensure that your
+This section does @strong{not} cover how to ensure that your
platform's firmware (e.g., Coreboot) validates @file{core.img}.
If environment variable @code{check_signatures}
@@ -5889,7 +5997,17 @@ may halt or otherwise impact the boot process.
An initial trusted public key can be embedded within the GRUB @file{core.img}
using the @code{--pubkey} option to @command{grub-install}
-(@pxref{Invoking grub-install}).
+(@pxref{Invoking grub2-install}).
+
+@comment Unfortunately --pubkey is not yet supported by grub2-install,
+@comment but we should not bring up internal detail grub2-mkimage here
+@comment in the user guide (as opposed to developer's manual).
+
+@comment An initial trusted public key can be embedded within the GRUB
+@comment @file{core.img} using the @code{--pubkey} option to
+@comment @command{grub2-mkimage} (@pxref{Invoking grub2-install}). Presently it
+@comment is necessary to write a custom wrapper around @command{grub2-mkimage}
+@comment using the @code{--grub-mkimage} flag to @command{grub2-install}.
GRUB uses GPG-style detached signatures (meaning that a file
@file{foo.sig} will be produced when file @file{foo} is signed), and
@@ -5909,8 +6027,8 @@ gpg --detach-sign /path/to/file
For successful validation of all of GRUB's subcomponents and the
loaded OS kernel, they must all be signed. One way to accomplish this
is the following (after having already produced the desired
-@file{grub.cfg} file, e.g., by running @command{grub-mkconfig}
-(@pxref{Invoking grub-mkconfig}):
+@file{grub.cfg} file, e.g., by running @command{grub2-mkconfig}
+(@pxref{Invoking grub2-mkconfig}):
@example
@group
@@ -5932,7 +6050,7 @@ See also: @ref{check_signatures}, @ref{verify_detached}, @ref{trust},
Note that internally signature enforcement is controlled by setting
the environment variable @code{check_signatures} equal to
@code{enforce}. Passing one or more @code{--pubkey} options to
-@command{grub-mkimage} implicitly defines @code{check_signatures}
+@command{grub2-mkimage} implicitly defines @code{check_signatures}
equal to @code{enforce} in @file{core.img} prior to processing any
configuration files.
@@ -5952,6 +6070,86 @@ or BIOS) configuration to cause the machine to boot from a different
(attacker-controlled) device. GRUB is at best only one link in a
secure boot chain.
+@node Using appended signatures
+@section Using appended signatures in GRUB
+
+GRUB supports verifying Linux-style 'appended signatures' for secure boot.
+Appended signatures are PKCS#7 messages containing a signature over the
+contents of a file, plus some metadata, appended to the end of a file. A file
+with an appended signature ends with the magic string:
+
+@example
+~Module signature appended~\n
+@end example
+
+where @code{\n} represents the line-feed character, @code{0x0a}.
+
+Certificates can be managed at boot time using the @pxref{trust_certificate},
+@pxref{distrust_certificate} and @pxref{list_certificates} commands.
+Certificates can also be built in to the core image using the @code{--x509}
+parameter to @command{grub-install} or @command{grub-mkimage}.
+
+A file can be explictly verified using the @pxref{verify_appended} command.
+
+Only signatures made with the SHA-256 or SHA-512 hash algorithm are supported,
+and only RSA signatures are supported.
+
+A file can be signed with the @command{sign-file} utility supplied with the
+Linux kernel source. For example, if you have @code{signing.key} as the private
+key and @code{certificate.der} as the x509 certificate containing the public key:
+
+@example
+sign-file SHA256 signing.key certificate.der vmlinux vmlinux.signed
+@end example
+
+Enforcement of signature verification is controlled by the
+@code{check_appended_signatures} variable.
+
+@itemize
+@item @samp{no}: no verification is performed. This is the default when GRUB
+ is not in @pxref{Lockdown} mode.
+@item @samp{enforce}: verification is performed. Verification can be disabled
+ by setting the variable back to @samp{no}.
+@item @samp{forced}: verification is performed and cannot be disabled. This is
+ set when GRUB is in Lockdown when the appendedsig module is loaded.
+@end itemize
+
+Unlike GPG-style signatures, not all files loaded by GRUB are required to be
+signed. Once verification is turned on, the following file types will have
+appended signatures verified:
+
+@itemize
+@item Linux kernels
+@item GRUB modules, except those built into the core image
+@item Any new certificate files to be trusted
+@end itemize
+
+ACPI tables and Device Tree images will not be checked for appended signatures
+but must be verified by another mechanism such as GPG-style signatures before
+they will be loaded.
+
+Unless lockdown mode is enabled, signature checking does @strong{not}
+stop an attacker with console access from dropping manually to the GRUB
+console and executing:
+
+@example
+set check_appended_signatures=no
+@end example
+
+Refer to the section on password-protecting GRUB (@pxref{Authentication
+and authorisation}) for more information on preventing this.
+
+Additionally, unless lockdown mode is enabled:
+
+@itemize
+@item Special care must be taken around the @command{loadenv} command, which
+ can be used to turn off @code{check_appended_signature}.
+
+@item If the grub configuration file is loaded from the disk, anyone who can
+ modify the file on disk can turn off @code{check_appended_signature}.
+ Consider embedding the configuration into the core grub image.
+@end itemize
+
@node UEFI secure boot and shim
@section UEFI secure boot and shim support
@@ -6023,18 +6221,80 @@ tpm module is loaded. As such it is recommended that the tpm module be built
into @file{core.img} in order to avoid a potential gap in measurement between
@file{core.img} being loaded and the tpm module being loaded.
-Measured boot is currently only supported on EFI platforms.
+Measured boot is currently only supported on EFI and IBM IEEE1275 PowerPC
+platforms.
@node Lockdown
@section Lockdown when booting on a secure setup
The GRUB can be locked down when booted on a secure boot environment, for example
-if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
-be restricted and some operations/commands cannot be executed.
+if UEFI or Power secure boot is enabled. On a locked down configuration, the
+GRUB will be restricted and some operations/commands cannot be executed.
The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
Otherwise it does not exit.
+@node Signing GRUB itself
+@section Signing GRUB itself
+
+To ensure a complete secure-boot chain, there must be a way for the code that
+loads GRUB to verify the integrity of the core image.
+
+This is ultimately platform-specific and individual platforms can define their
+own mechanisms. However, there are general-purpose mechanisms that can be used
+with GRUB.
+
+@section Signing GRUB for UEFI secure boot
+
+On UEFI platforms, @file{core.img} is a PE binary. Therefore, it can be signed
+with a tool such as @command{pesign} or @command{sbsign}. Refer to the
+suggestions in @pxref{UEFI secure boot and shim} to ensure that the final
+image works under UEFI secure boot and can maintain the secure-boot chain. It
+will also be necessary to enrol the public key used into a relevant firmware
+key database.
+
+@section Signing GRUB with an appended signature
+
+The @file{core.elf} itself can be signed with a Linux kernel module-style
+appended signature.
+
+To support IEEE1275 platforms where the boot image is often loaded directly
+from a disk partition rather than from a file system, the @file{core.elf}
+can specify the size and location of the appended signature with an ELF
+note added by @command{grub-install}.
+
+An image can be signed this way using the @command{sign-file} command from
+the Linux kernel:
+
+@example
+@group
+# grub.key is your private key and certificate.der is your public key
+
+# Determine the size of the appended signature. It depends on the signing
+# certificate and the hash algorithm
+touch empty
+sign-file SHA256 grub.key certificate.der empty empty.sig
+SIG_SIZE=`stat -c '%s' empty.sig`
+rm empty empty.sig
+
+# Build a grub image with $SIG_SIZE reserved for the signature
+grub-install --appended-signature-size $SIG_SIZE --modules="..." ...
+
+# Replace the reserved size with a signature:
+# cut off the last $SIG_SIZE bytes with truncate's minus modifier
+truncate -s -$SIG_SIZE /boot/grub/powerpc-ieee1275/core.elf core.elf.unsigned
+# sign the trimmed file with an appended signature, restoring the correct size
+sign-file SHA256 grub.key certificate.der core.elf.unsigned core.elf.signed
+
+# Don't forget to install the signed image as required
+# (e.g. on powerpc-ieee1275, to the PReP partition)
+@end group
+@end example
+
+As with UEFI secure boot, it is necessary to build in the required modules,
+or sign them separately.
+
+
@node Platform limitations
@chapter Platform limitations
@@ -6390,10 +6650,10 @@ Required files are:
GRUB's normal start-up procedure involves setting the @samp{prefix}
environment variable to a value set in the core image by
-@command{grub-install}, setting the @samp{root} variable to match, loading
+@command{grub2-install}, setting the @samp{root} variable to match, loading
the @samp{normal} module from the prefix, and running the @samp{normal}
command (@pxref{normal}). This command is responsible for reading
-@file{/boot/grub/grub.cfg}, running the menu, and doing all the useful
+@file{/boot/grub2/grub.cfg}, running the menu, and doing all the useful
things GRUB is supposed to do.
If, instead, you only get a rescue shell, this usually means that GRUB
@@ -6419,8 +6679,8 @@ normal
However, any problem that leaves you in the rescue shell probably means that
GRUB was not correctly installed. It may be more useful to try to reinstall
-it properly using @kbd{grub-install @var{device}} (@pxref{Invoking
-grub-install}). When doing this, there are a few things to remember:
+it properly using @kbd{grub2-install @var{device}} (@pxref{Invoking
+grub2-install}). When doing this, there are a few things to remember:
@itemize @bullet{}
@item
@@ -6432,7 +6692,7 @@ is usually better to use UUIDs or file system labels and avoid depending on
drive ordering entirely.
@item
-At least on BIOS systems, if you tell @command{grub-install} to install GRUB
+At least on BIOS systems, if you tell @command{grub2-install} to install GRUB
to a partition but GRUB has already been installed in the master boot
record, then the GRUB installation in the partition will be ignored.
@@ -6463,21 +6723,28 @@ entry which claims partition start at block 0. This change will not hamper
bootability on other machines.
-@node Invoking grub-install
-@chapter Invoking grub-install
+@node Invoking grub2-install
+@chapter Invoking grub2-install
-The program @command{grub-install} generates a GRUB core image using
-@command{grub-mkimage} and installs it on your system. You must specify the
+The program @command{grub2-install} generates a GRUB core image using
+@command{grub2-mkimage} and installs it on your system. You must specify the
device name on which you want to install GRUB, like this:
@example
-grub-install @var{install_device}
+grub2-install @var{install_device}
@end example
The device name @var{install_device} is an OS device name or a GRUB
device name.
-@command{grub-install} accepts the following options:
+In order to support UEFI Secure Boot, the resulting GRUB EFI binary must
+be signed by a recognized private key. For this reason, for EFI
+platforms, most distributions also ship prebuilt GRUB EFI binaries
+signed by a distribution-specific private key. In this case, however,
+@command{grub2-install} should not be used because it would overwrite
+the signed EFI binary.
+
+@command{grub2-install} accepts the following options:
@table @option
@item --help
@@ -6493,13 +6760,13 @@ separate partition or a removable disk.
If this option is not specified then it defaults to @file{/boot}, so
@example
-@kbd{grub-install /dev/sda}
+@kbd{grub2-install /dev/sda}
@end example
is equivalent to
@example
-@kbd{grub-install --boot-directory=/boot/ /dev/sda}
+@kbd{grub2-install --boot-directory=/boot/ /dev/sda}
@end example
Here is an example in which you have a separate @dfn{boot} partition which is
@@ -6507,16 +6774,16 @@ mounted on
@file{/mnt/boot}:
@example
-@kbd{grub-install --boot-directory=/mnt/boot /dev/sdb}
+@kbd{grub2-install --boot-directory=/mnt/boot /dev/sdb}
@end example
@item --recheck
-Recheck the device map, even if @file{/boot/grub/device.map} already
+Recheck the device map, even if @file{/boot/grub2/device.map} already
exists. You should use this option whenever you add/remove a disk
into/from your computer.
@item --no-rs-codes
-By default on x86 BIOS systems, @command{grub-install} will use some
+By default on x86 BIOS systems, @command{grub2-install} will use some
extra space in the bootloader embedding area for Reed-Solomon
error-correcting codes. This enables GRUB to still boot successfully
if some blocks are corrupted. The exact amount of protection offered
@@ -6529,17 +6796,17 @@ installation}) where GRUB does not reside in any unpartitioned space
outside of the MBR. Disable the Reed-Solomon codes with this option.
@end table
-@node Invoking grub-mkconfig
-@chapter Invoking grub-mkconfig
+@node Invoking grub2-mkconfig
+@chapter Invoking grub2-mkconfig
-The program @command{grub-mkconfig} generates a configuration file for GRUB
+The program @command{grub2-mkconfig} generates a configuration file for GRUB
(@pxref{Simple configuration}).
@example
-grub-mkconfig -o /boot/grub/grub.cfg
+grub-mkconfig -o /boot/grub2/grub.cfg
@end example
-@command{grub-mkconfig} accepts the following options:
+@command{grub2-mkconfig} accepts the following options:
@table @option
@item --help
@@ -6555,17 +6822,17 @@ it to standard output.
@end table
-@node Invoking grub-mkpasswd-pbkdf2
-@chapter Invoking grub-mkpasswd-pbkdf2
+@node Invoking grub2-mkpasswd-pbkdf2
+@chapter Invoking grub2-mkpasswd-pbkdf2
-The program @command{grub-mkpasswd-pbkdf2} generates password hashes for
+The program @command{grub2-mkpasswd-pbkdf2} generates password hashes for
GRUB (@pxref{Security}).
@example
grub-mkpasswd-pbkdf2
@end example
-@command{grub-mkpasswd-pbkdf2} accepts the following options:
+@command{grub2-mkpasswd-pbkdf2} accepts the following options:
@table @option
@item -c @var{number}
@@ -6583,23 +6850,23 @@ Length of the salt. Defaults to 64.
@end table
-@node Invoking grub-mkrelpath
-@chapter Invoking grub-mkrelpath
+@node Invoking grub2-mkrelpath
+@chapter Invoking grub2-mkrelpath
-The program @command{grub-mkrelpath} makes a file system path relative to
+The program @command{grub2-mkrelpath} makes a file system path relative to
the root of its containing file system. For instance, if @file{/usr} is a
mount point, then:
@example
-$ @kbd{grub-mkrelpath /usr/share/grub/unicode.pf2}
+$ @kbd{grub2-mkrelpath /usr/share/grub/unicode.pf2}
@samp{/share/grub/unicode.pf2}
@end example
This is mainly used internally by other GRUB utilities such as
-@command{grub-mkconfig} (@pxref{Invoking grub-mkconfig}), but may
+@command{grub2-mkconfig} (@pxref{Invoking grub2-mkconfig}), but may
occasionally also be useful for debugging.
-@command{grub-mkrelpath} accepts the following options:
+@command{grub2-mkrelpath} accepts the following options:
@table @option
@item --help
@@ -6610,17 +6877,17 @@ Print the version number of GRUB and exit.
@end table
-@node Invoking grub-mkrescue
-@chapter Invoking grub-mkrescue
+@node Invoking grub2-mkrescue
+@chapter Invoking grub2-mkrescue
-The program @command{grub-mkrescue} generates a bootable GRUB rescue image
+The program @command{grub2-mkrescue} generates a bootable GRUB rescue image
(@pxref{Making a GRUB bootable CD-ROM}).
@example
grub-mkrescue -o grub.iso
@end example
-All arguments not explicitly listed as @command{grub-mkrescue} options are
+All arguments not explicitly listed as @command{grub2-mkrescue} options are
passed on directly to @command{xorriso} in @command{mkisofs} emulation mode.
Options passed to @command{xorriso} will normally be interpreted as
@command{mkisofs} options; if the option @samp{--} is used, then anything
@@ -6635,7 +6902,7 @@ mkdir -p disk/boot/grub
grub-mkrescue -o grub.iso disk
@end example
-@command{grub-mkrescue} accepts the following options:
+@command{grub2-mkrescue} accepts the following options:
@table @option
@item --help
@@ -6663,15 +6930,15 @@ Use @var{file} as the @command{xorriso} program, rather than the built-in
default.
@item --grub-mkimage=@var{file}
-Use @var{file} as the @command{grub-mkimage} program, rather than the
+Use @var{file} as the @command{grub2-mkimage} program, rather than the
built-in default.
@end table
-@node Invoking grub-mount
-@chapter Invoking grub-mount
+@node Invoking grub2-mount
+@chapter Invoking grub2-mount
-The program @command{grub-mount} performs a read-only mount of any file
+The program @command{grub2-mount} performs a read-only mount of any file
system or file system image that GRUB understands, using GRUB's file system
drivers via FUSE. (It is only available if FUSE development files were
present when GRUB was built.) This has a number of uses:
@@ -6703,13 +6970,13 @@ even if nobody has yet written a FUSE module specifically for that file
system type.
@end itemize
-Using @command{grub-mount} is normally as simple as:
+Using @command{grub2-mount} is normally as simple as:
@example
grub-mount /dev/sda1 /mnt
@end example
-@command{grub-mount} must be given one or more images and a mount point as
+@command{grub2-mount} must be given one or more images and a mount point as
non-option arguments (if it is given more than one image, it will treat them
as a RAID set), and also accepts the following options:
@@ -6731,13 +6998,13 @@ Show debugging output for conditions matching @var{string}.
@item -K prompt|@var{file}
@itemx --zfs-key=prompt|@var{file}
Load a ZFS encryption key. If you use @samp{prompt} as the argument,
-@command{grub-mount} will read a passphrase from the terminal; otherwise, it
+@command{grub2-mount} will read a passphrase from the terminal; otherwise, it
will read key material from the specified file.
@item -r @var{device}
@itemx --root=@var{device}
Set the GRUB root device to @var{device}. You do not normally need to set
-this; @command{grub-mount} will automatically set the root device to the
+this; @command{grub2-mount} will automatically set the root device to the
root of the supplied file system.
If @var{device} is just a number, then it will be treated as a partition
@@ -6755,10 +7022,10 @@ Print verbose messages.
@end table
-@node Invoking grub-probe
-@chapter Invoking grub-probe
+@node Invoking grub2-probe
+@chapter Invoking grub2-probe
-The program @command{grub-probe} probes device information for a given path
+The program @command{grub2-probe} probes device information for a given path
or device.
@example
@@ -6766,7 +7033,7 @@ grub-probe --target=fs /boot/grub
grub-probe --target=drive --device /dev/sda1
@end example
-@command{grub-probe} must be given a path or device as a non-option
+@command{grub2-probe} must be given a path or device as a non-option
argument, and also accepts the following options:
@table @option
@@ -6779,16 +7046,16 @@ Print the version number of GRUB and exit.
@item -d
@itemx --device
If this option is given, then the non-option argument is a system device
-name (such as @samp{/dev/sda1}), and @command{grub-probe} will print
+name (such as @samp{/dev/sda1}), and @command{grub2-probe} will print
information about that device. If it is not given, then the non-option
argument is a filesystem path (such as @samp{/boot/grub}), and
-@command{grub-probe} will print information about the device containing that
+@command{grub2-probe} will print information about the device containing that
part of the filesystem.
@item -m @var{file}
@itemx --device-map=@var{file}
Use @var{file} as the device map (@pxref{Device map}) rather than the
-default, usually @samp{/boot/grub/device.map}.
+default, usually @samp{/boot/grub2/device.map}.
@item -t @var{target}
@itemx --target=@var{target}
@@ -6841,19 +7108,19 @@ Print verbose messages.
@end table
-@node Invoking grub-script-check
-@chapter Invoking grub-script-check
+@node Invoking grub2-script-check
+@chapter Invoking grub2-script-check
-The program @command{grub-script-check} takes a GRUB script file
+The program @command{grub2-script-check} takes a GRUB script file
(@pxref{Shell-like scripting}) and checks it for syntax errors, similar to
commands such as @command{sh -n}. It may take a @var{path} as a non-option
argument; if none is supplied, it will read from standard input.
@example
-grub-script-check /boot/grub/grub.cfg
+grub-script-check /boot/grub2/grub.cfg
@end example
-@command{grub-script-check} accepts the following options:
+@command{grub2-script-check} accepts the following options:
@table @option
@item --help
diff --git a/docs/man/grub-bios-setup.h2m b/docs/man/grub-bios-setup.h2m
deleted file mode 100644
index ac6ede3629..0000000000
--- a/docs/man/grub-bios-setup.h2m
+++ /dev/null
@@ -1,6 +0,0 @@
-[NAME]
-grub-bios-setup \- set up a device to boot using GRUB
-[SEE ALSO]
-.BR grub-install (8),
-.BR grub-mkimage (1),
-.BR grub-mkrescue (1)
diff --git a/docs/man/grub-editenv.h2m b/docs/man/grub-editenv.h2m
deleted file mode 100644
index 3859d3d4c4..0000000000
--- a/docs/man/grub-editenv.h2m
+++ /dev/null
@@ -1,5 +0,0 @@
-[NAME]
-grub-editenv \- edit GRUB environment block
-[SEE ALSO]
-.BR grub-reboot (8),
-.BR grub-set-default (8)
diff --git a/docs/man/grub-emu.h2m b/docs/man/grub-emu.h2m
deleted file mode 100644
index ef1c000656..0000000000
--- a/docs/man/grub-emu.h2m
+++ /dev/null
@@ -1,6 +0,0 @@
-[NAME]
-grub-emu \- GRUB emulator
-[SEE ALSO]
-If you are trying to install GRUB, then you should use
-.BR grub-install (8)
-rather than this program.
diff --git a/docs/man/grub-file.h2m b/docs/man/grub-file.h2m
deleted file mode 100644
index e09bb4d310..0000000000
--- a/docs/man/grub-file.h2m
+++ /dev/null
@@ -1,2 +0,0 @@
-[NAME]
-grub-file \- check file type
diff --git a/docs/man/grub-fstest.h2m b/docs/man/grub-fstest.h2m
deleted file mode 100644
index 9676b159af..0000000000
--- a/docs/man/grub-fstest.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-fstest \- debug tool for GRUB filesystem drivers
-[SEE ALSO]
-.BR grub-probe (8)
diff --git a/docs/man/grub-glue-efi.h2m b/docs/man/grub-glue-efi.h2m
deleted file mode 100644
index c1c6ded49f..0000000000
--- a/docs/man/grub-glue-efi.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-glue-efi \- generate a fat binary for EFI
-[DESCRIPTION]
-grub-glue-efi processes ia32 and amd64 EFI images and glues them according to Apple format.
diff --git a/docs/man/grub-install.h2m b/docs/man/grub-install.h2m
deleted file mode 100644
index 8cbbc87a0f..0000000000
--- a/docs/man/grub-install.h2m
+++ /dev/null
@@ -1,6 +0,0 @@
-[NAME]
-grub-install \- install GRUB to a device
-[SEE ALSO]
-.BR grub-mkconfig (8),
-.BR grub-mkimage (1),
-.BR grub-mkrescue (1)
diff --git a/docs/man/grub-kbdcomp.h2m b/docs/man/grub-kbdcomp.h2m
deleted file mode 100644
index d81f9157e0..0000000000
--- a/docs/man/grub-kbdcomp.h2m
+++ /dev/null
@@ -1,10 +0,0 @@
-[NAME]
-grub-kbdcomp \- generate a GRUB keyboard layout file
-[DESCRIPTION]
-grub-kbdcomp processes a X keyboard layout description in
-.BR keymaps (5)
-format into a format that can be used by GRUB's
-.B keymap
-command.
-[SEE ALSO]
-.BR grub-mklayout (8)
diff --git a/docs/man/grub-macbless.h2m b/docs/man/grub-macbless.h2m
deleted file mode 100644
index 0197c0087d..0000000000
--- a/docs/man/grub-macbless.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-macbless \- bless a mac file/directory
-[SEE ALSO]
-.BR grub-install (1)
diff --git a/docs/man/grub-macho2img.h2m b/docs/man/grub-macho2img.h2m
deleted file mode 100644
index d79aaeed8f..0000000000
--- a/docs/man/grub-macho2img.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-macho2img \- convert Mach-O to raw image
-[SEE ALSO]
-.BR grub-mkimage (1)
diff --git a/docs/man/grub-menulst2cfg.h2m b/docs/man/grub-menulst2cfg.h2m
deleted file mode 100644
index c2e0055ed7..0000000000
--- a/docs/man/grub-menulst2cfg.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-menulst2cfg \- transform legacy menu.lst into grub.cfg
-[SEE ALSO]
-.BR grub-mkconfig (8)
diff --git a/docs/man/grub-mkconfig.h2m b/docs/man/grub-mkconfig.h2m
deleted file mode 100644
index 9b42f81301..0000000000
--- a/docs/man/grub-mkconfig.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-mkconfig \- generate a GRUB configuration file
-[SEE ALSO]
-.BR grub-install (8)
diff --git a/docs/man/grub-mkfont.h2m b/docs/man/grub-mkfont.h2m
deleted file mode 100644
index d46fe600ec..0000000000
--- a/docs/man/grub-mkfont.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-mkfont \- make GRUB font files
-[SEE ALSO]
-.BR grub-mkconfig (8)
diff --git a/docs/man/grub-mkimage.h2m b/docs/man/grub-mkimage.h2m
deleted file mode 100644
index f0fbc2bb19..0000000000
--- a/docs/man/grub-mkimage.h2m
+++ /dev/null
@@ -1,6 +0,0 @@
-[NAME]
-grub-mkimage \- make a bootable image of GRUB
-[SEE ALSO]
-.BR grub-install (8),
-.BR grub-mkrescue (1),
-.BR grub-mknetdir (8)
diff --git a/docs/man/grub-mklayout.h2m b/docs/man/grub-mklayout.h2m
deleted file mode 100644
index 1e43409c0a..0000000000
--- a/docs/man/grub-mklayout.h2m
+++ /dev/null
@@ -1,10 +0,0 @@
-[NAME]
-grub-mklayout \- generate a GRUB keyboard layout file
-[DESCRIPTION]
-grub-mklayout processes a keyboard layout description in
-.BR keymaps (5)
-format into a format that can be used by GRUB's
-.B keymap
-command.
-[SEE ALSO]
-.BR grub-mkconfig (8)
diff --git a/docs/man/grub-mknetdir.h2m b/docs/man/grub-mknetdir.h2m
deleted file mode 100644
index a2ef13ec11..0000000000
--- a/docs/man/grub-mknetdir.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-mknetdir \- prepare a GRUB netboot directory.
-[SEE ALSO]
-.BR grub-mkimage (1)
diff --git a/docs/man/grub-mkpasswd-pbkdf2.h2m b/docs/man/grub-mkpasswd-pbkdf2.h2m
deleted file mode 100644
index 4d202f3da7..0000000000
--- a/docs/man/grub-mkpasswd-pbkdf2.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-mkpasswd-pbkdf2 \- generate hashed password for GRUB
-[SEE ALSO]
-.BR grub-mkconfig (8)
diff --git a/docs/man/grub-mkrelpath.h2m b/docs/man/grub-mkrelpath.h2m
deleted file mode 100644
index d01f3961e3..0000000000
--- a/docs/man/grub-mkrelpath.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-mkrelpath \- make a system path relative to its root
-[SEE ALSO]
-.BR grub-probe (8)
diff --git a/docs/man/grub-mkrescue.h2m b/docs/man/grub-mkrescue.h2m
deleted file mode 100644
index a427f02e3c..0000000000
--- a/docs/man/grub-mkrescue.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-mkrescue \- make a GRUB rescue image
-[SEE ALSO]
-.BR grub-mkimage (1)
diff --git a/docs/man/grub-mkstandalone.h2m b/docs/man/grub-mkstandalone.h2m
deleted file mode 100644
index c77313978a..0000000000
--- a/docs/man/grub-mkstandalone.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-mkstandalone \- make a memdisk-based GRUB image
-[SEE ALSO]
-.BR grub-mkimage (1)
diff --git a/docs/man/grub-mount.h2m b/docs/man/grub-mount.h2m
deleted file mode 100644
index 8d168982d7..0000000000
--- a/docs/man/grub-mount.h2m
+++ /dev/null
@@ -1,2 +0,0 @@
-[NAME]
-grub-mount \- export GRUB filesystem with FUSE
diff --git a/docs/man/grub-ofpathname.h2m b/docs/man/grub-ofpathname.h2m
deleted file mode 100644
index 74b43eea03..0000000000
--- a/docs/man/grub-ofpathname.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-ofpathname \- find OpenBOOT path for a device
-[SEE ALSO]
-.BR grub-probe (8)
diff --git a/docs/man/grub-pe2elf.h2m b/docs/man/grub-pe2elf.h2m
deleted file mode 100644
index 7ca29bd703..0000000000
--- a/docs/man/grub-pe2elf.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-pe2elf \- convert PE image to ELF
-[SEE ALSO]
-.BR grub-mkimage (1)
diff --git a/docs/man/grub-probe.h2m b/docs/man/grub-probe.h2m
deleted file mode 100644
index 6e1ffdcf93..0000000000
--- a/docs/man/grub-probe.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-probe \- probe device information for GRUB
-[SEE ALSO]
-.BR grub-fstest (1)
diff --git a/docs/man/grub-reboot.h2m b/docs/man/grub-reboot.h2m
deleted file mode 100644
index e4acace65c..0000000000
--- a/docs/man/grub-reboot.h2m
+++ /dev/null
@@ -1,5 +0,0 @@
-[NAME]
-grub-reboot \- set the default boot entry for GRUB, for the next boot only
-[SEE ALSO]
-.BR grub-set-default (8),
-.BR grub-editenv (1)
diff --git a/docs/man/grub-render-label.h2m b/docs/man/grub-render-label.h2m
deleted file mode 100644
index 50ae5247c0..0000000000
--- a/docs/man/grub-render-label.h2m
+++ /dev/null
@@ -1,3 +0,0 @@
-[NAME]
-grub-render-label \- generate a .disk_label for Apple Macs.
-
diff --git a/docs/man/grub-script-check.h2m b/docs/man/grub-script-check.h2m
deleted file mode 100644
index 3653682671..0000000000
--- a/docs/man/grub-script-check.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-script-check \- check grub.cfg for syntax errors
-[SEE ALSO]
-.BR grub-mkconfig (8)
diff --git a/docs/man/grub-set-default.h2m b/docs/man/grub-set-default.h2m
deleted file mode 100644
index 7945001c15..0000000000
--- a/docs/man/grub-set-default.h2m
+++ /dev/null
@@ -1,5 +0,0 @@
-[NAME]
-grub-set-default \- set the saved default boot entry for GRUB
-[SEE ALSO]
-.BR grub-reboot (8),
-.BR grub-editenv (1)
diff --git a/docs/man/grub-sparc64-setup.h2m b/docs/man/grub-sparc64-setup.h2m
deleted file mode 100644
index 18f803a50d..0000000000
--- a/docs/man/grub-sparc64-setup.h2m
+++ /dev/null
@@ -1,6 +0,0 @@
-[NAME]
-grub-sparc64-setup \- set up a device to boot using GRUB
-[SEE ALSO]
-.BR grub-install (8),
-.BR grub-mkimage (1),
-.BR grub-mkrescue (1)
diff --git a/docs/man/grub-syslinux2cfg.h2m b/docs/man/grub-syslinux2cfg.h2m
deleted file mode 100644
index ad25c8ab75..0000000000
--- a/docs/man/grub-syslinux2cfg.h2m
+++ /dev/null
@@ -1,4 +0,0 @@
-[NAME]
-grub-syslinux2cfg \- transform syslinux config into grub.cfg
-[SEE ALSO]
-.BR grub-menulst2cfg (8)
diff --git a/gentpl.py b/gentpl.py
index c86550d4f9..59f62ef952 100644
--- a/gentpl.py
+++ b/gentpl.py
@@ -51,6 +51,7 @@
GROUPS["riscv64"] = [ "riscv64_efi" ]
# Groups based on firmware
+GROUPS["pc"] = [ "i386_pc" ]
GROUPS["efi"] = [ "i386_efi", "x86_64_efi", "ia64_efi", "arm_efi", "arm64_efi",
"riscv32_efi", "riscv64_efi" ]
GROUPS["ieee1275"] = [ "i386_ieee1275", "sparc64_ieee1275", "powerpc_ieee1275" ]
@@ -592,11 +593,21 @@ def platform_conditional(platform, closure):
# };
#
def foreach_enabled_platform(defn, closure):
+ enabled = False
+ disabled = False
if 'enable' in defn:
+ enabled = True
for platform in GRUB_PLATFORMS:
if platform_tagged(defn, platform, "enable"):
platform_conditional(platform, closure)
- else:
+
+ if 'disable' in defn:
+ disabled = True
+ for platform in GRUB_PLATFORMS:
+ if not platform_tagged(defn, platform, "disable"):
+ platform_conditional(platform, closure)
+
+ if not enabled and not disabled:
for platform in GRUB_PLATFORMS:
platform_conditional(platform, closure)
@@ -655,6 +666,8 @@ def first_time(defn, snippet):
def is_platform_independent(defn):
if 'enable' in defn:
return False
+ if 'disable' in defn:
+ return False
for suffix in [ "", "_nodist" ]:
template = platform_values(defn, GRUB_PLATFORMS[0], suffix)
for platform in GRUB_PLATFORMS[1:]:
@@ -684,10 +697,10 @@ def module(defn, platform):
var_set(cname(defn) + "_SOURCES", platform_sources(defn, platform) + " ## platform sources")
var_set("nodist_" + cname(defn) + "_SOURCES", platform_nodist_sources(defn, platform) + " ## platform nodist sources")
var_set(cname(defn) + "_LDADD", platform_ldadd(defn, platform))
- var_set(cname(defn) + "_CFLAGS", "$(AM_CFLAGS) $(CFLAGS_MODULE) " + platform_cflags(defn, platform))
- var_set(cname(defn) + "_LDFLAGS", "$(AM_LDFLAGS) $(LDFLAGS_MODULE) " + platform_ldflags(defn, platform))
- var_set(cname(defn) + "_CPPFLAGS", "$(AM_CPPFLAGS) $(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform))
- var_set(cname(defn) + "_CCASFLAGS", "$(AM_CCASFLAGS) $(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform))
+ var_set(cname(defn) + "_CFLAGS", "$(CFLAGS_MODULE) " + platform_cflags(defn, platform))
+ var_set(cname(defn) + "_LDFLAGS", "$(LDFLAGS_MODULE) " + platform_ldflags(defn, platform))
+ var_set(cname(defn) + "_CPPFLAGS", "$(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform))
+ var_set(cname(defn) + "_CCASFLAGS", "$(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform))
var_set(cname(defn) + "_DEPENDENCIES", "$(TARGET_OBJ2ELF) " + platform_dependencies(defn, platform))
gvar_add("dist_noinst_DATA", extra_dist(defn))
@@ -805,10 +818,7 @@ def manpage(defn, adddeps):
output("if COND_MAN_PAGES\n")
gvar_add("man_MANS", name + "." + mansection)
- rule(name + "." + mansection, name + " " + adddeps, """
-chmod a+x """ + name + """
-PATH=$(builddir):$$PATH pkgdatadir=$(builddir) $(HELP2MAN) --section=""" + mansection + """ -i $(top_srcdir)/docs/man/""" + name + """.h2m -o $@ """ + name + """
-""")
+ rule(name + "." + mansection, name + " " + adddeps, "cat $(top_srcdir)/util/" + name + "." + mansection + " | $(top_builddir)/config.status --file=$@:-")
gvar_add("CLEANFILES", name + "." + mansection)
output("endif\n")
diff --git a/grub-core/.gitignore b/grub-core/.gitignore
new file mode 100644
index 0000000000..2acce28115
--- /dev/null
+++ b/grub-core/.gitignore
@@ -0,0 +1,16 @@
+/*.lst
+/Makefile
+/Makefile.gcry.def
+/unidata.c
+/build-grub-module-verifier
+/gdb_grub
+/genmod.sh
+/gensyminfo.sh
+/gentrigtables
+/gmodule.pl
+/grub_script.tab.[ch]
+/modinfo.sh
+/rs_decoder.h
+/symlist.c
+/symlist.h
+/trigtables.c
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index ee88e44e97..dd49939aaa 100644
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@@ -66,6 +66,7 @@ CLEANFILES += grub_script.yy.c grub_script.yy.h
include $(srcdir)/Makefile.core.am
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/backtrace.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/cache.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h
@@ -75,6 +76,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdt.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/file.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h
@@ -307,6 +309,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/net.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostdisk.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostfile.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/extcmd.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/exec.h
if COND_GRUB_EMU_SDL
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/sdl.h
endif
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 8022e1c0a7..b869596418 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -89,7 +89,7 @@ kernel = {
i386_xen_pvh_ldflags = '$(TARGET_IMG_BASE_LDOPT),0x100000';
mips_loongson_ldflags = '-Wl,-Ttext,0x80200000';
- powerpc_ieee1275_ldflags = '-Wl,-Ttext,0x200000';
+ powerpc_ieee1275_ldflags = '-Wl,-Ttext,0x400000';
sparc64_ieee1275_ldflags = '-Wl,-Ttext,0x4400';
mips_arc_ldflags = '-Wl,-Ttext,$(TARGET_LINK_ADDR)';
mips_qemu_mips_ldflags = '-Wl,-Ttext,0x80200000';
@@ -142,6 +142,12 @@ kernel = {
common = kern/rescue_reader.c;
common = kern/term.c;
common = kern/verifiers.c;
+ common = kern/backtrace.c;
+
+ x86 = kern/i386/backtrace.c;
+ i386_xen = kern/i386/backtrace.c;
+ x86_64_xen = kern/i386/backtrace.c;
+ arm64 = kern/arm64/backtrace.c;
noemu = kern/compiler-rt.c;
noemu = kern/mm.c;
@@ -171,7 +177,6 @@ kernel = {
arm_coreboot = kern/arm/coreboot/init.c;
arm_coreboot = kern/arm/coreboot/timer.c;
arm_coreboot = kern/arm/coreboot/coreboot.S;
- arm_coreboot = lib/fdt.c;
arm_coreboot = bus/fdt.c;
arm_coreboot = term/ps2.c;
arm_coreboot = term/arm/pl050.c;
@@ -207,6 +212,7 @@ kernel = {
efi = kern/efi/acpi.c;
efi = kern/efi/sb.c;
efi = kern/lockdown.c;
+ efi = lib/envblk.c;
i386_coreboot = kern/i386/pc/acpi.c;
i386_multiboot = kern/i386/pc/acpi.c;
i386_coreboot = kern/acpi.c;
@@ -317,6 +323,7 @@ kernel = {
powerpc_ieee1275 = kern/powerpc/cache.S;
powerpc_ieee1275 = kern/powerpc/dl.c;
powerpc_ieee1275 = kern/powerpc/compiler-rt.S;
+ powerpc_ieee1275 = kern/lockdown.c;
sparc64_ieee1275 = kern/sparc64/cache.S;
sparc64_ieee1275 = kern/sparc64/dl.c;
@@ -344,6 +351,8 @@ kernel = {
riscv64 = kern/riscv/cache_flush.S;
riscv64 = kern/riscv/dl.c;
+ fdt = lib/fdt.c;
+
emu = disk/host.c;
emu = kern/emu/cache_s.S;
emu = kern/emu/hostdisk.c;
@@ -390,6 +399,11 @@ kernel = {
extra_dist = kern/mips/cache_flush.S;
};
+module = {
+ name = increment;
+ common = commands/increment.c;
+};
+
program = {
name = grub-emu;
mansection = 1;
@@ -571,6 +585,11 @@ image = {
enable = mips_loongson;
};
+module = {
+ name = version;
+ common = commands/version.c;
+};
+
module = {
name = disk;
common = lib/disk.c;
@@ -802,17 +821,39 @@ module = {
enable = efi;
};
+module = {
+ name = efienv;
+ common = commands/efi/env.c;
+ enable = efi;
+};
+
module = {
name = efifwsetup;
efi = commands/efi/efifwsetup.c;
enable = efi;
};
+module = {
+ name = eficonnect;
+ efi = commands/efi/eficonnect.c;
+ enable = efi;
+};
+
module = {
name = blocklist;
common = commands/blocklist.c;
};
+module = {
+ name = blscfg;
+ common = commands/blscfg.c;
+ common = commands/loadenv.h;
+ enable = powerpc_ieee1275;
+ enable = efi;
+ enable = i386_pc;
+ enable = emu;
+};
+
module = {
name = boot;
common = commands/boot.c;
@@ -946,6 +987,18 @@ module = {
cppflags = '-I$(srcdir)/lib/posix_wrap';
};
+module = {
+ name = appendedsig;
+ common = commands/appendedsig/appendedsig.c;
+ common = commands/appendedsig/x509.c;
+ common = commands/appendedsig/pkcs7.c;
+ common = commands/appendedsig/asn1util.c;
+ common = commands/appendedsig/gnutls_asn1_tab.c;
+ common = commands/appendedsig/pkix_asn1_tab.c;
+ cflags = '$(CFLAGS_POSIX)';
+ cppflags = '-I$(srcdir)/lib/posix_wrap';
+};
+
module = {
name = hdparm;
common = commands/hdparm.c;
@@ -979,6 +1032,7 @@ module = {
module = {
name = loadenv;
common = commands/loadenv.c;
+ common = commands/loadenv.h;
common = lib/envblk.c;
};
@@ -1118,6 +1172,13 @@ module = {
enable = powerpc_ieee1275;
};
+module = {
+ name = tpm;
+ common = commands/tpm.c;
+ ieee1275 = commands/ieee1275/ibmvtpm.c;
+ enable = powerpc_ieee1275;
+};
+
module = {
name = terminal;
common = commands/terminal.c;
@@ -1734,13 +1795,6 @@ module = {
enable = i386_pc;
};
-
-module = {
- name = linux16;
- common = loader/i386/pc/linux.c;
- enable = x86;
-};
-
module = {
name = ntldr;
i386_pc = loader/i386/pc/ntldr.c;
@@ -1796,7 +1850,9 @@ module = {
module = {
name = linux;
- x86 = loader/i386/linux.c;
+ i386_pc = loader/i386/pc/linux.c;
+ x86_64_efi = loader/i386/efi/linux.c;
+ i386_efi = loader/i386/efi/linux.c;
i386_xen_pvh = loader/i386/linux.c;
xen = loader/i386/xen.c;
i386_pc = lib/i386/pc/vesa_modes_table.c;
@@ -1811,15 +1867,17 @@ module = {
arm64 = loader/arm64/linux.c;
riscv32 = loader/riscv/linux.c;
riscv64 = loader/riscv/linux.c;
+ emu = loader/emu/linux.c;
+
common = loader/linux.c;
common = lib/cmdline.c;
- enable = noemu;
+
+ efi = loader/efi/linux.c;
};
module = {
name = fdt;
efi = loader/efi/fdt.c;
- common = lib/fdt.c;
enable = fdt;
};
@@ -2117,6 +2175,12 @@ module = {
common = tests/setjmp_test.c;
};
+module = {
+ name = appended_signature_test;
+ common = tests/appended_signature_test.c;
+ common = tests/appended_signatures.h;
+};
+
module = {
name = signature_test;
common = tests/signature_test.c;
@@ -2282,6 +2346,12 @@ module = {
common = hook/datehook.c;
};
+module = {
+ name = efi_netfs;
+ common = net/efi/efi_netfs.c;
+ enable = efi;
+};
+
module = {
name = net;
common = net/net.c;
@@ -2295,6 +2365,12 @@ module = {
common = net/ethernet.c;
common = net/arp.c;
common = net/netbuff.c;
+ efi = net/efi/net.c;
+ efi = net/efi/http.c;
+ efi = net/efi/pxe.c;
+ efi = net/efi/ip4_config.c;
+ efi = net/efi/ip6_config.c;
+ efi = net/efi/dhcp.c;
};
module = {
@@ -2384,15 +2460,12 @@ module = {
module = {
name = backtrace;
- x86 = lib/i386/backtrace.c;
- i386_xen_pvh = lib/i386/backtrace.c;
- i386_xen = lib/i386/backtrace.c;
- x86_64_xen = lib/i386/backtrace.c;
- common = lib/backtrace.c;
+ common = commands/backtrace.c;
enable = x86;
enable = i386_xen_pvh;
enable = i386_xen;
enable = x86_64_xen;
+ enable = arm64;
};
module = {
@@ -2469,6 +2542,14 @@ module = {
cppflags = '$(CPPFLAGS_GCRY)';
};
+module = {
+ name = pkcs1_v15;
+ common = lib/pkcs1_v15.c;
+
+ cflags = '$(CFLAGS_GCRY) -Wno-redundant-decls -Wno-sign-compare';
+ cppflags = '$(CPPFLAGS_GCRY)';
+};
+
module = {
name = all_video;
common = lib/fake_module.c;
@@ -2527,3 +2608,31 @@ module = {
common = commands/i386/wrmsr.c;
enable = x86;
};
+
+module = {
+ name = asn1;
+ common = lib/libtasn1/lib/decoding.c;
+ common = lib/libtasn1/lib/coding.c;
+ common = lib/libtasn1/lib/element.c;
+ common = lib/libtasn1/lib/structure.c;
+ common = lib/libtasn1/lib/parser_aux.c;
+ common = lib/libtasn1/lib/gstr.c;
+ common = lib/libtasn1/lib/errors.c;
+ common = lib/libtasn1_wrap/wrap.c;
+ cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
+ // -Wno-type-limits comes from libtasn1's configure.ac
+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/libtasn1/lib -Wno-type-limits';
+};
+
+module = {
+ name = test_asn1;
+ common = lib/libtasn1_wrap/tests/CVE-2018-1000654.c;
+ common = lib/libtasn1_wrap/tests/object-id-decoding.c;
+ common = lib/libtasn1_wrap/tests/object-id-encoding.c;
+ common = lib/libtasn1_wrap/tests/octet-string.c;
+ common = lib/libtasn1_wrap/tests/reproducers.c;
+ common = lib/libtasn1_wrap/tests/Test_overflow.c;
+ common = lib/libtasn1_wrap/tests/Test_simple.c;
+ common = lib/libtasn1_wrap/tests/Test_strings.c;
+ common = lib/libtasn1_wrap/wrap_tests.c;
+};
diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
index 2bd0b2d286..ea167fe120 100644
--- a/grub-core/boot/i386/pc/boot.S
+++ b/grub-core/boot/i386/pc/boot.S
@@ -249,9 +249,6 @@ real_start:
/* save drive reference first thing! */
pushw %dx
- /* print a notification message on the screen */
- MSG(notification_string)
-
/* set %si to the disk address packet */
movw $disk_address_packet, %si
diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S
index c1addc0df2..68d31de0c4 100644
--- a/grub-core/boot/i386/pc/diskboot.S
+++ b/grub-core/boot/i386/pc/diskboot.S
@@ -50,11 +50,6 @@ _start:
/* save drive reference first thing! */
pushw %dx
- /* print a notification message on the screen */
- pushw %si
- MSG(notification_string)
- popw %si
-
/* this sets up for the first run through "bootloop" */
movw $LOCAL(firstlist), %di
diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c
new file mode 100644
index 0000000000..dc294cd339
--- /dev/null
+++ b/grub-core/commands/appendedsig/appendedsig.c
@@ -0,0 +1,645 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020-2021 IBM Corporation.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "appendedsig.h"
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+const char magic[] = "~Module signature appended~\n";
+
+/*
+ * This structure is extracted from scripts/sign-file.c in the linux kernel
+ * source. It was licensed as LGPLv2.1+, which is GPLv3+ compatible.
+ */
+struct module_signature
+{
+ grub_uint8_t algo; /* Public-key crypto algorithm [0] */
+ grub_uint8_t hash; /* Digest algorithm [0] */
+ grub_uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */
+ grub_uint8_t signer_len; /* Length of signer's name [0] */
+ grub_uint8_t key_id_len; /* Length of key identifier [0] */
+ grub_uint8_t __pad[3];
+ grub_uint32_t sig_len; /* Length of signature data */
+} GRUB_PACKED;
+
+
+/* This represents an entire, parsed, appended signature */
+struct grub_appended_signature
+{
+ grub_size_t signature_len; /* Length of PKCS#7 data +
+ * metadata + magic */
+
+ struct module_signature sig_metadata; /* Module signature metadata */
+ struct pkcs7_signedData pkcs7; /* Parsed PKCS#7 data */
+};
+
+/* Trusted certificates for verifying appended signatures */
+struct x509_certificate *grub_trusted_key;
+
+/*
+ * Force gcry_rsa to be a module dependency.
+ *
+ * If we use grub_crypto_pk_rsa, then then the gcry_rsa module won't be built
+ * in if you add 'appendedsig' to grub-install --modules. You would need to
+ * add 'gcry_rsa' too. That's confusing and seems suboptimal, especially when
+ * we only support RSA.
+ *
+ * Dynamic loading also causes some concerns. We can't load gcry_rsa from the
+ * the filesystem after we install the verifier - we won't be able to verify
+ * it without having it already present. We also shouldn't load it before we
+ * install the verifier, because that would mean it wouldn't be verified - an
+ * attacker could insert any code they wanted into the module.
+ *
+ * So instead, reference the internal symbol from gcry_rsa. That creates a
+ * direct dependency on gcry_rsa, so it will be built in when this module
+ * is built in. Being built in (assuming the core image is itself signed!)
+ * also resolves our concerns about loading from the filesystem.
+ */
+extern gcry_pk_spec_t _gcry_pubkey_spec_rsa;
+
+static int check_sigs = 0;
+
+static const char *
+grub_env_read_sec (struct grub_env_var *var __attribute__ ((unused)),
+ const char *val __attribute__ ((unused)))
+{
+ if (check_sigs == 2)
+ return "forced";
+ else if (check_sigs == 1)
+ return "enforce";
+ else
+ return "no";
+}
+
+static char *
+grub_env_write_sec (struct grub_env_var *var __attribute__((unused)),
+ const char *val)
+{
+ /* Do not allow the value to be changed if set to forced */
+ if (check_sigs == 2)
+ return grub_strdup ("forced");
+
+ if ((*val == '2') || (*val == 'f'))
+ check_sigs = 2;
+ else if ((*val == '1') || (*val == 'e'))
+ check_sigs = 1;
+ else if ((*val == '0') || (*val == 'n'))
+ check_sigs = 0;
+
+ return grub_strdup (grub_env_read_sec (NULL, NULL));
+}
+
+static grub_err_t
+read_cert_from_file (grub_file_t f, struct x509_certificate *certificate)
+{
+ grub_err_t err;
+ grub_uint8_t *buf = NULL;
+ grub_ssize_t read_size;
+ grub_off_t total_read_size = 0;
+ grub_off_t file_size = grub_file_size (f);
+
+
+ if (file_size == GRUB_FILE_SIZE_UNKNOWN)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("Cannot parse a certificate file of unknown size"));
+
+ buf = grub_zalloc (file_size);
+ if (!buf)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("Could not allocate buffer for certificate file contents"));
+
+ while (total_read_size < file_size)
+ {
+ read_size =
+ grub_file_read (f, &buf[total_read_size],
+ file_size - total_read_size);
+ if (read_size < 0)
+ {
+ err = grub_error (GRUB_ERR_READ_ERROR,
+ N_("Error reading certificate file"));
+ goto cleanup_buf;
+ }
+ total_read_size += read_size;
+ }
+
+ err = certificate_import (buf, total_read_size, certificate);
+ if (err != GRUB_ERR_NONE)
+ goto cleanup_buf;
+
+ return GRUB_ERR_NONE;
+
+cleanup_buf:
+ grub_free (buf);
+ return err;
+}
+
+static grub_err_t
+extract_appended_signature (grub_uint8_t * buf, grub_size_t bufsize,
+ struct grub_appended_signature *sig)
+{
+ grub_err_t err;
+ grub_size_t pkcs7_size;
+ grub_size_t remaining_len;
+ grub_uint8_t *appsigdata = buf + bufsize - grub_strlen (magic);
+
+ if (bufsize < grub_strlen (magic))
+ return grub_error (GRUB_ERR_BAD_SIGNATURE,
+ N_("File too short for signature magic"));
+
+ if (grub_memcmp (appsigdata, (grub_uint8_t *) magic, grub_strlen (magic)))
+ return grub_error (GRUB_ERR_BAD_SIGNATURE,
+ N_("Missing or invalid signature magic"));
+
+ remaining_len = bufsize - grub_strlen (magic);
+
+ if (remaining_len < sizeof (struct module_signature))
+ return grub_error (GRUB_ERR_BAD_SIGNATURE,
+ N_("File too short for signature metadata"));
+
+ appsigdata -= sizeof (struct module_signature);
+
+ /* extract the metadata */
+ grub_memcpy (&(sig->sig_metadata), appsigdata,
+ sizeof (struct module_signature));
+
+ remaining_len -= sizeof (struct module_signature);
+
+ if (sig->sig_metadata.id_type != 2)
+ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("Wrong signature type"));
+
+#ifdef GRUB_TARGET_WORDS_BIGENDIAN
+ pkcs7_size = sig->sig_metadata.sig_len;
+#else
+ pkcs7_size = __builtin_bswap32 (sig->sig_metadata.sig_len);
+#endif
+
+ if (pkcs7_size > remaining_len)
+ return grub_error (GRUB_ERR_BAD_SIGNATURE,
+ N_("File too short for PKCS#7 message"));
+
+ grub_dprintf ("appendedsig", "sig len %" PRIuGRUB_SIZE "\n", pkcs7_size);
+
+ sig->signature_len =
+ grub_strlen (magic) + sizeof (struct module_signature) + pkcs7_size;
+
+ /* rewind pointer and parse pkcs7 data */
+ appsigdata -= pkcs7_size;
+
+ err = parse_pkcs7_signedData (appsigdata, pkcs7_size, &sig->pkcs7);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_verify_appended_signature (grub_uint8_t * buf, grub_size_t bufsize)
+{
+ grub_err_t err = GRUB_ERR_NONE;
+ grub_size_t datasize;
+ void *context;
+ unsigned char *hash;
+ gcry_mpi_t hashmpi;
+ gcry_err_code_t rc;
+ struct x509_certificate *pk;
+ struct grub_appended_signature sig;
+
+ if (!grub_trusted_key)
+ return grub_error (GRUB_ERR_BAD_SIGNATURE,
+ N_("No trusted keys to verify against"));
+
+ err = extract_appended_signature (buf, bufsize, &sig);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
+ datasize = bufsize - sig.signature_len;
+
+ context = grub_zalloc (sig.pkcs7.hash->contextsize);
+ if (!context)
+ return grub_errno;
+
+ sig.pkcs7.hash->init (context);
+ sig.pkcs7.hash->write (context, buf, datasize);
+ sig.pkcs7.hash->final (context);
+ hash = sig.pkcs7.hash->read (context);
+ grub_dprintf ("appendedsig",
+ "data size %" PRIxGRUB_SIZE ", hash %02x%02x%02x%02x...\n",
+ datasize, hash[0], hash[1], hash[2], hash[3]);
+
+ err = GRUB_ERR_BAD_SIGNATURE;
+ for (pk = grub_trusted_key; pk; pk = pk->next)
+ {
+ rc = grub_crypto_rsa_pad (&hashmpi, hash, sig.pkcs7.hash, pk->mpis[0]);
+ if (rc)
+ {
+ err = grub_error (GRUB_ERR_BAD_SIGNATURE,
+ N_("Error padding hash for RSA verification: %d"),
+ rc);
+ goto cleanup;
+ }
+
+ rc = _gcry_pubkey_spec_rsa.verify (0, hashmpi, &sig.pkcs7.sig_mpi,
+ pk->mpis, NULL, NULL);
+ gcry_mpi_release (hashmpi);
+
+ if (rc == 0)
+ {
+ grub_dprintf ("appendedsig", "verify with key '%s' succeeded\n",
+ pk->subject);
+ err = GRUB_ERR_NONE;
+ break;
+ }
+
+ grub_dprintf ("appendedsig", "verify with key '%s' failed with %d\n",
+ pk->subject, rc);
+ }
+
+ /* If we didn't verify, provide a neat message */
+ if (err != GRUB_ERR_NONE)
+ err = grub_error (GRUB_ERR_BAD_SIGNATURE,
+ N_("Failed to verify signature against a trusted key"));
+
+cleanup:
+ grub_free (context);
+ pkcs7_signedData_release (&sig.pkcs7);
+
+ return err;
+}
+
+static grub_err_t
+grub_cmd_verify_signature (grub_command_t cmd __attribute__((unused)),
+ int argc, char **args)
+{
+ grub_file_t f;
+ grub_err_t err = GRUB_ERR_NONE;
+ grub_uint8_t *data;
+ grub_ssize_t read_size;
+ grub_off_t file_size, total_read_size = 0;
+
+ if (argc < 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+
+ grub_dprintf ("appendedsig", "verifying %s\n", args[0]);
+
+ f = grub_file_open (args[0], GRUB_FILE_TYPE_VERIFY_SIGNATURE);
+ if (!f)
+ {
+ err = grub_errno;
+ goto cleanup;
+ }
+
+ file_size = grub_file_size (f);
+ if (file_size == GRUB_FILE_SIZE_UNKNOWN)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("Cannot verify the signature of a file of unknown size"));
+
+ data = grub_malloc (file_size);
+ if (!data)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("Could not allocate data buffer size "
+ PRIuGRUB_UINT64_T " for verification"), file_size);
+
+ while (total_read_size < file_size)
+ {
+ read_size =
+ grub_file_read (f, &data[total_read_size],
+ file_size - total_read_size);
+ if (read_size < 0)
+ {
+ err = grub_error (GRUB_ERR_READ_ERROR,
+ N_("Error reading file to verify"));
+ goto cleanup_data;
+ }
+ total_read_size += read_size;
+ }
+
+ err = grub_verify_appended_signature (data, file_size);
+
+cleanup_data:
+ grub_free (data);
+cleanup:
+ if (f)
+ grub_file_close (f);
+ return err;
+}
+
+static grub_err_t
+grub_cmd_distrust (grub_command_t cmd __attribute__((unused)),
+ int argc, char **args)
+{
+ unsigned long cert_num, i;
+ struct x509_certificate *cert, *prev;
+
+ if (argc != 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("One argument expected"));
+
+ grub_errno = GRUB_ERR_NONE;
+ cert_num = grub_strtoul (args[0], NULL, 10);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
+
+ if (cert_num < 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("Certificate number too small - numbers start at 1"));
+
+ if (cert_num == 1)
+ {
+ cert = grub_trusted_key;
+ grub_trusted_key = cert->next;
+
+ certificate_release (cert);
+ grub_free (cert);
+ return GRUB_ERR_NONE;
+ }
+ i = 2;
+ prev = grub_trusted_key;
+ cert = grub_trusted_key->next;
+ while (cert)
+ {
+ if (i == cert_num)
+ {
+ prev->next = cert->next;
+ certificate_release (cert);
+ grub_free (cert);
+ return GRUB_ERR_NONE;
+ }
+ i++;
+ prev = cert;
+ cert = cert->next;
+ }
+
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("No certificate number %d found - only %d certificates in the store"),
+ cert_num, i - 1);
+}
+
+static grub_err_t
+grub_cmd_trust (grub_command_t cmd __attribute__((unused)),
+ int argc, char **args)
+{
+ grub_file_t certf;
+ struct x509_certificate *cert = NULL;
+ grub_err_t err;
+
+ if (argc != 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+
+ certf = grub_file_open (args[0],
+ GRUB_FILE_TYPE_CERTIFICATE_TRUST
+ | GRUB_FILE_TYPE_NO_DECOMPRESS);
+ if (!certf)
+ return grub_errno;
+
+
+ cert = grub_zalloc (sizeof (struct x509_certificate));
+ if (!cert)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("Could not allocate memory for certificate"));
+
+ err = read_cert_from_file (certf, cert);
+ grub_file_close (certf);
+ if (err != GRUB_ERR_NONE)
+ {
+ grub_free (cert);
+ return err;
+ }
+ grub_dprintf ("appendedsig", "Loaded certificate with CN: %s\n",
+ cert->subject);
+
+ cert->next = grub_trusted_key;
+ grub_trusted_key = cert;
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_cmd_list (grub_command_t cmd __attribute__((unused)),
+ int argc __attribute__((unused)),
+ char **args __attribute__((unused)))
+{
+ struct x509_certificate *cert;
+ int cert_num = 1;
+ grub_size_t i;
+
+ for (cert = grub_trusted_key; cert; cert = cert->next)
+ {
+ grub_printf (N_("Certificate %d:\n"), cert_num);
+
+ grub_printf (N_("\tSerial: "));
+ for (i = 0; i < cert->serial_len - 1; i++)
+ {
+ grub_printf ("%02x:", cert->serial[i]);
+ }
+ grub_printf ("%02x\n", cert->serial[cert->serial_len - 1]);
+
+ grub_printf ("\tCN: %s\n\n", cert->subject);
+ cert_num++;
+
+ }
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+appendedsig_init (grub_file_t io __attribute__((unused)),
+ enum grub_file_type type,
+ void **context __attribute__((unused)),
+ enum grub_verify_flags *flags)
+{
+ if (!check_sigs)
+ {
+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ return GRUB_ERR_NONE;
+ }
+
+ switch (type & GRUB_FILE_TYPE_MASK)
+ {
+ case GRUB_FILE_TYPE_CERTIFICATE_TRUST:
+ /*
+ * This is a certificate to add to trusted keychain.
+ *
+ * This needs to be verified or blocked. Ideally we'd write an x509
+ * verifier, but we lack the hubris required to take this on. Instead,
+ * require that it have an appended signature.
+ */
+
+ /* Fall through */
+
+ case GRUB_FILE_TYPE_LINUX_KERNEL:
+ case GRUB_FILE_TYPE_GRUB_MODULE:
+ /*
+ * Appended signatures are only defined for ELF binaries.
+ * Out of an abundance of caution, we only verify Linux kernels and
+ * GRUB modules at this point.
+ */
+ *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
+ return GRUB_ERR_NONE;
+
+ case GRUB_FILE_TYPE_ACPI_TABLE:
+ case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
+ /*
+ * It is possible to use appended signature verification without
+ * lockdown - like the PGP verifier. When combined with an embedded
+ * config file in a signed grub binary, this could still be a meaningful
+ * secure-boot chain - so long as it isn't subverted by something like a
+ * rouge ACPI table or DT image. Defer them explicitly.
+ */
+ *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
+ return GRUB_ERR_NONE;
+
+ default:
+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ return GRUB_ERR_NONE;
+ }
+}
+
+static grub_err_t
+appendedsig_write (void *ctxt __attribute__((unused)),
+ void *buf, grub_size_t size)
+{
+ return grub_verify_appended_signature (buf, size);
+}
+
+struct grub_file_verifier grub_appendedsig_verifier = {
+ .name = "appendedsig",
+ .init = appendedsig_init,
+ .write = appendedsig_write,
+};
+
+static grub_ssize_t
+pseudo_read (struct grub_file *file, char *buf, grub_size_t len)
+{
+ grub_memcpy (buf, (grub_uint8_t *) file->data + file->offset, len);
+ return len;
+}
+
+/* Filesystem descriptor. */
+static struct grub_fs pseudo_fs = {
+ .name = "pseudo",
+ .fs_read = pseudo_read
+};
+
+static grub_command_t cmd_verify, cmd_list, cmd_distrust, cmd_trust;
+
+GRUB_MOD_INIT (appendedsig)
+{
+ int rc;
+ struct grub_module_header *header;
+
+ /* If in lockdown, immediately enter forced mode */
+ if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED)
+ check_sigs = 2;
+
+ grub_trusted_key = NULL;
+
+ grub_register_variable_hook ("check_appended_signatures",
+ grub_env_read_sec,
+ grub_env_write_sec);
+ grub_env_export ("check_appended_signatures");
+
+ rc = asn1_init ();
+ if (rc)
+ grub_fatal ("Error initing ASN.1 data structures: %d: %s\n", rc,
+ asn1_strerror (rc));
+
+ FOR_MODULES (header)
+ {
+ struct grub_file pseudo_file;
+ struct x509_certificate *pk = NULL;
+ grub_err_t err;
+
+ /* Not an ELF module, skip. */
+ if (header->type != OBJ_TYPE_X509_PUBKEY)
+ continue;
+
+ grub_memset (&pseudo_file, 0, sizeof (pseudo_file));
+ pseudo_file.fs = &pseudo_fs;
+ pseudo_file.size = header->size - sizeof (struct grub_module_header);
+ pseudo_file.data = (char *) header + sizeof (struct grub_module_header);
+
+ grub_dprintf ("appendedsig",
+ "Found an x509 key, size=%" PRIuGRUB_UINT64_T "\n",
+ pseudo_file.size);
+
+ pk = grub_zalloc (sizeof (struct x509_certificate));
+ if (!pk)
+ {
+ grub_fatal ("Out of memory loading initial certificates");
+ }
+
+ err = read_cert_from_file (&pseudo_file, pk);
+ if (err != GRUB_ERR_NONE)
+ grub_fatal ("Error loading initial key: %s", grub_errmsg);
+
+ grub_dprintf ("appendedsig", "loaded certificate CN='%s'\n", pk->subject);
+
+ pk->next = grub_trusted_key;
+ grub_trusted_key = pk;
+ }
+
+ cmd_trust =
+ grub_register_command ("trust_certificate", grub_cmd_trust,
+ N_("X509_CERTIFICATE"),
+ N_("Add X509_CERTIFICATE to trusted certificates."));
+ cmd_list =
+ grub_register_command ("list_certificates", grub_cmd_list, 0,
+ N_("Show the list of trusted x509 certificates."));
+ cmd_verify =
+ grub_register_command ("verify_appended", grub_cmd_verify_signature,
+ N_("FILE"),
+ N_("Verify FILE against the trusted x509 certificates."));
+ cmd_distrust =
+ grub_register_command ("distrust_certificate", grub_cmd_distrust,
+ N_("CERT_NUMBER"),
+ N_("Remove CERT_NUMBER (as listed by list_certificates) from trusted certificates."));
+
+ grub_verifier_register (&grub_appendedsig_verifier);
+ grub_dl_set_persistent (mod);
+}
+
+GRUB_MOD_FINI (appendedsig)
+{
+ /*
+ * grub_dl_set_persistent should prevent this from actually running, but
+ * it does still run under emu.
+ */
+
+ grub_verifier_unregister (&grub_appendedsig_verifier);
+ grub_unregister_command (cmd_verify);
+ grub_unregister_command (cmd_list);
+ grub_unregister_command (cmd_trust);
+ grub_unregister_command (cmd_distrust);
+}
diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h
new file mode 100644
index 0000000000..9792ef3901
--- /dev/null
+++ b/grub-core/commands/appendedsig/appendedsig.h
@@ -0,0 +1,110 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 IBM Corporation.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+
+extern asn1_node _gnutls_gnutls_asn;
+extern asn1_node _gnutls_pkix_asn;
+
+#define MAX_OID_LEN 32
+
+/*
+ * One or more x509 certificates.
+ *
+ * We do limited parsing: extracting only the serial, CN and RSA public key.
+ */
+struct x509_certificate
+{
+ struct x509_certificate *next;
+
+ grub_uint8_t *serial;
+ grub_size_t serial_len;
+
+ char *subject;
+ grub_size_t subject_len;
+
+ /* We only support RSA public keys. This encodes [modulus, publicExponent] */
+ gcry_mpi_t mpis[2];
+};
+
+/*
+ * A PKCS#7 signedData message.
+ *
+ * We make no attempt to match intelligently, so we don't save any info about
+ * the signer. We also support only 1 signerInfo, so we only store a single
+ * MPI for the signature.
+ */
+struct pkcs7_signedData
+{
+ const gcry_md_spec_t *hash;
+ gcry_mpi_t sig_mpi;
+};
+
+
+/* Do libtasn1 init */
+int asn1_init (void);
+
+/*
+ * Import a DER-encoded certificate at 'data', of size 'size'.
+ *
+ * Place the results into 'results', which must be already allocated.
+ */
+grub_err_t
+certificate_import (void *data, grub_size_t size,
+ struct x509_certificate *results);
+
+/*
+ * Release all the storage associated with the x509 certificate.
+ * If the caller dynamically allocated the certificate, it must free it.
+ * The caller is also responsible for maintenance of the linked list.
+ */
+void certificate_release (struct x509_certificate *cert);
+
+/*
+ * Parse a PKCS#7 message, which must be a signedData message.
+ *
+ * The message must be in 'sigbuf' and of size 'data_size'. The result is
+ * placed in 'msg', which must already be allocated.
+ */
+grub_err_t
+parse_pkcs7_signedData (void *sigbuf, grub_size_t data_size,
+ struct pkcs7_signedData *msg);
+
+/*
+ * Release all the storage associated with the PKCS#7 message.
+ * If the caller dynamically allocated the message, it must free it.
+ */
+void pkcs7_signedData_release (struct pkcs7_signedData *msg);
+
+/*
+ * Read a value from an ASN1 node, allocating memory to store it.
+ *
+ * It will work for anything where the size libtasn1 returns is right:
+ * - Integers
+ * - Octet strings
+ * - DER encoding of other structures
+ * It will _not_ work for things where libtasn1 size requires adjustment:
+ * - Strings that require an extra NULL byte at the end
+ * - Bit strings because libtasn1 returns the length in bits, not bytes.
+ *
+ * If the function returns a non-NULL value, the caller must free it.
+ */
+void *grub_asn1_allocate_and_read (asn1_node node, const char *name,
+ const char *friendly_name,
+ int *content_size);
diff --git a/grub-core/commands/appendedsig/asn1util.c b/grub-core/commands/appendedsig/asn1util.c
new file mode 100644
index 0000000000..eff095a9df
--- /dev/null
+++ b/grub-core/commands/appendedsig/asn1util.c
@@ -0,0 +1,102 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 IBM Corporation.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "appendedsig.h"
+
+asn1_node _gnutls_gnutls_asn = ASN1_TYPE_EMPTY;
+asn1_node _gnutls_pkix_asn = ASN1_TYPE_EMPTY;
+
+extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[];
+extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
+
+/*
+ * Read a value from an ASN1 node, allocating memory to store it.
+ *
+ * It will work for anything where the size libtasn1 returns is right:
+ * - Integers
+ * - Octet strings
+ * - DER encoding of other structures
+ * It will _not_ work for things where libtasn1 size requires adjustment:
+ * - Strings that require an extra NULL byte at the end
+ * - Bit strings because libtasn1 returns the length in bits, not bytes.
+ *
+ * If the function returns a non-NULL value, the caller must free it.
+ */
+void *
+grub_asn1_allocate_and_read (asn1_node node, const char *name,
+ const char *friendly_name, int *content_size)
+{
+ int result;
+ grub_uint8_t *tmpstr = NULL;
+ int tmpstr_size = 0;
+
+ result = asn1_read_value (node, name, NULL, &tmpstr_size);
+ if (result != ASN1_MEM_ERROR)
+ {
+ grub_snprintf (grub_errmsg, sizeof (grub_errmsg),
+ _
+ ("Reading size of %s did not return expected status: %s"),
+ friendly_name, asn1_strerror (result));
+ grub_errno = GRUB_ERR_BAD_FILE_TYPE;
+ return NULL;
+ }
+
+ tmpstr = grub_malloc (tmpstr_size);
+ if (tmpstr == NULL)
+ {
+ grub_snprintf (grub_errmsg, sizeof (grub_errmsg),
+ "Could not allocate memory to store %s", friendly_name);
+ grub_errno = GRUB_ERR_OUT_OF_MEMORY;
+ return NULL;
+ }
+
+ result = asn1_read_value (node, name, tmpstr, &tmpstr_size);
+ if (result != ASN1_SUCCESS)
+ {
+ grub_free (tmpstr);
+ grub_snprintf (grub_errmsg, sizeof (grub_errmsg),
+ "Error reading %s: %s",
+ friendly_name, asn1_strerror (result));
+ grub_errno = GRUB_ERR_BAD_FILE_TYPE;
+ return NULL;
+ }
+
+ *content_size = tmpstr_size;
+
+ return tmpstr;
+}
+
+int
+asn1_init (void)
+{
+ int res;
+ res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
+ if (res != ASN1_SUCCESS)
+ {
+ return res;
+ }
+ res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix_asn, NULL);
+ return res;
+}
diff --git a/grub-core/commands/appendedsig/gnutls_asn1_tab.c b/grub-core/commands/appendedsig/gnutls_asn1_tab.c
new file mode 100644
index 0000000000..ddd1314e63
--- /dev/null
+++ b/grub-core/commands/appendedsig/gnutls_asn1_tab.c
@@ -0,0 +1,121 @@
+#include
+#include
+
+const asn1_static_node gnutls_asn1_tab[] = {
+ { "GNUTLS", 536872976, NULL },
+ { NULL, 1073741836, NULL },
+ { "RSAPublicKey", 1610612741, NULL },
+ { "modulus", 1073741827, NULL },
+ { "publicExponent", 3, NULL },
+ { "RSAPrivateKey", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "modulus", 1073741827, NULL },
+ { "publicExponent", 1073741827, NULL },
+ { "privateExponent", 1073741827, NULL },
+ { "prime1", 1073741827, NULL },
+ { "prime2", 1073741827, NULL },
+ { "exponent1", 1073741827, NULL },
+ { "exponent2", 1073741827, NULL },
+ { "coefficient", 1073741827, NULL },
+ { "otherPrimeInfos", 16386, "OtherPrimeInfos"},
+ { "ProvableSeed", 1610612741, NULL },
+ { "algorithm", 1073741836, NULL },
+ { "seed", 7, NULL },
+ { "OtherPrimeInfos", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "OtherPrimeInfo"},
+ { "OtherPrimeInfo", 1610612741, NULL },
+ { "prime", 1073741827, NULL },
+ { "exponent", 1073741827, NULL },
+ { "coefficient", 3, NULL },
+ { "AlgorithmIdentifier", 1610612741, NULL },
+ { "algorithm", 1073741836, NULL },
+ { "parameters", 541081613, NULL },
+ { "algorithm", 1, NULL },
+ { "DigestInfo", 1610612741, NULL },
+ { "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
+ { "digest", 7, NULL },
+ { "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
+ { "DSAPublicKey", 1073741827, NULL },
+ { "DSAParameters", 1610612741, NULL },
+ { "p", 1073741827, NULL },
+ { "q", 1073741827, NULL },
+ { "g", 3, NULL },
+ { "DSASignatureValue", 1610612741, NULL },
+ { "r", 1073741827, NULL },
+ { "s", 3, NULL },
+ { "DSAPrivateKey", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "p", 1073741827, NULL },
+ { "q", 1073741827, NULL },
+ { "g", 1073741827, NULL },
+ { "Y", 1073741827, NULL },
+ { "priv", 3, NULL },
+ { "DHParameter", 1610612741, NULL },
+ { "prime", 1073741827, NULL },
+ { "base", 1073741827, NULL },
+ { "privateValueLength", 16387, NULL },
+ { "ECParameters", 1610612754, NULL },
+ { "namedCurve", 12, NULL },
+ { "ECPrivateKey", 1610612741, NULL },
+ { "Version", 1073741827, NULL },
+ { "privateKey", 1073741831, NULL },
+ { "parameters", 1610637314, "ECParameters"},
+ { NULL, 2056, "0"},
+ { "publicKey", 536895494, NULL },
+ { NULL, 2056, "1"},
+ { "PrincipalName", 1610612741, NULL },
+ { "name-type", 1610620931, NULL },
+ { NULL, 2056, "0"},
+ { "name-string", 536879115, NULL },
+ { NULL, 1073743880, "1"},
+ { NULL, 27, NULL },
+ { "KRB5PrincipalName", 1610612741, NULL },
+ { "realm", 1610620955, NULL },
+ { NULL, 2056, "0"},
+ { "principalName", 536879106, "PrincipalName"},
+ { NULL, 2056, "1"},
+ { "RSAPSSParameters", 1610612741, NULL },
+ { "hashAlgorithm", 1610637314, "AlgorithmIdentifier"},
+ { NULL, 2056, "0"},
+ { "maskGenAlgorithm", 1610637314, "AlgorithmIdentifier"},
+ { NULL, 2056, "1"},
+ { "saltLength", 1610653699, NULL },
+ { NULL, 1073741833, "20"},
+ { NULL, 2056, "2"},
+ { "trailerField", 536911875, NULL },
+ { NULL, 1073741833, "1"},
+ { NULL, 2056, "3"},
+ { "GOSTParameters", 1610612741, NULL },
+ { "publicKeyParamSet", 1073741836, NULL },
+ { "digestParamSet", 16396, NULL },
+ { "GOSTParametersOld", 1610612741, NULL },
+ { "publicKeyParamSet", 1073741836, NULL },
+ { "digestParamSet", 1073741836, NULL },
+ { "encryptionParamSet", 16396, NULL },
+ { "GOSTPrivateKey", 1073741831, NULL },
+ { "GOSTPrivateKeyOld", 1073741827, NULL },
+ { "IssuerSignTool", 1610612741, NULL },
+ { "signTool", 1073741858, NULL },
+ { "cATool", 1073741858, NULL },
+ { "signToolCert", 1073741858, NULL },
+ { "cAToolCert", 34, NULL },
+ { "Gost28147-89-EncryptedKey", 1610612741, NULL },
+ { "encryptedKey", 1073741831, NULL },
+ { "maskKey", 1610637319, NULL },
+ { NULL, 4104, "0"},
+ { "macKey", 7, NULL },
+ { "SubjectPublicKeyInfo", 1610612741, NULL },
+ { "algorithm", 1073741826, "AlgorithmIdentifier"},
+ { "subjectPublicKey", 6, NULL },
+ { "GostR3410-TransportParameters", 1610612741, NULL },
+ { "encryptionParamSet", 1073741836, NULL },
+ { "ephemeralPublicKey", 1610637314, "SubjectPublicKeyInfo"},
+ { NULL, 4104, "0"},
+ { "ukm", 7, NULL },
+ { "GostR3410-KeyTransport", 536870917, NULL },
+ { "sessionEncryptedKey", 1073741826, "Gost28147-89-EncryptedKey"},
+ { "transportParameters", 536895490, "GostR3410-TransportParameters"},
+ { NULL, 4104, "0"},
+ { NULL, 0, NULL }
+};
diff --git a/grub-core/commands/appendedsig/pkcs7.c b/grub-core/commands/appendedsig/pkcs7.c
new file mode 100644
index 0000000000..dc6afe203f
--- /dev/null
+++ b/grub-core/commands/appendedsig/pkcs7.c
@@ -0,0 +1,305 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 IBM Corporation.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include "appendedsig.h"
+#include
+#include
+#include
+
+
+static char asn1_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+/*
+ * RFC 5652 s 5.1
+ */
+const char *signedData_oid = "1.2.840.113549.1.7.2";
+
+/*
+ * RFC 4055 s 2.1
+ */
+const char *sha256_oid = "2.16.840.1.101.3.4.2.1";
+const char *sha512_oid = "2.16.840.1.101.3.4.2.3";
+
+static grub_err_t
+process_content (grub_uint8_t * content, int size,
+ struct pkcs7_signedData *msg)
+{
+ int res;
+ asn1_node signed_part;
+ grub_err_t err = GRUB_ERR_NONE;
+ char algo_oid[MAX_OID_LEN];
+ int algo_oid_size = sizeof (algo_oid);
+ int algo_count;
+ char version;
+ int version_size = sizeof (version);
+ grub_uint8_t *result_buf;
+ int result_size = 0;
+ int crls_size = 0;
+ gcry_error_t gcry_err;
+
+ res = asn1_create_element (_gnutls_pkix_asn, "PKIX1.pkcs-7-SignedData",
+ &signed_part);
+ if (res != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not create ASN.1 structure for PKCS#7 signed part.");
+ }
+
+ res = asn1_der_decoding2 (&signed_part, content, &size,
+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
+ if (res != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Error reading PKCS#7 signed data: %s", asn1_error);
+ goto cleanup_signed_part;
+ }
+
+ /* SignedData ::= SEQUENCE {
+ * version CMSVersion,
+ * digestAlgorithms DigestAlgorithmIdentifiers,
+ * encapContentInfo EncapsulatedContentInfo,
+ * certificates [0] IMPLICIT CertificateSet OPTIONAL,
+ * crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+ * signerInfos SignerInfos }
+ */
+
+ /* version per the algo in 5.1, must be 1 */
+ res = asn1_read_value (signed_part, "version", &version, &version_size);
+ if (res != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Error reading signedData version: %s",
+ asn1_strerror (res));
+ goto cleanup_signed_part;
+ }
+
+ if (version != 1)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Unexpected signature version v%d, only v1 supported",
+ version);
+ goto cleanup_signed_part;
+ }
+
+ /*
+ * digestAlgorithms DigestAlgorithmIdentifiers
+ *
+ * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+ * DigestAlgorithmIdentifer is an X.509 AlgorithmIdentifier (10.1.1)
+ *
+ * RFC 4055 s 2.1:
+ * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL }
+ * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL }
+ *
+ * We only support 1 element in the set, and we do not check parameters atm.
+ */
+ res =
+ asn1_number_of_elements (signed_part, "digestAlgorithms", &algo_count);
+ if (res != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Error counting number of digest algorithms: %s",
+ asn1_strerror (res));
+ goto cleanup_signed_part;
+ }
+
+ if (algo_count != 1)
+ {
+ err =
+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ "Only 1 digest algorithm is supported");
+ goto cleanup_signed_part;
+ }
+
+ res =
+ asn1_read_value (signed_part, "digestAlgorithms.?1.algorithm", algo_oid,
+ &algo_oid_size);
+ if (res != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Error reading digest algorithm: %s",
+ asn1_strerror (res));
+ goto cleanup_signed_part;
+ }
+
+ if (grub_strncmp (sha512_oid, algo_oid, algo_oid_size) == 0)
+ {
+ msg->hash = grub_crypto_lookup_md_by_name ("sha512");
+ }
+ else if (grub_strncmp (sha256_oid, algo_oid, algo_oid_size) == 0)
+ {
+ msg->hash = grub_crypto_lookup_md_by_name ("sha256");
+ }
+ else
+ {
+ err =
+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ "Only SHA-256 and SHA-512 hashes are supported, found OID %s",
+ algo_oid);
+ goto cleanup_signed_part;
+ }
+
+ if (!msg->hash)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Hash algorithm for OID %s not loaded", algo_oid);
+ goto cleanup_signed_part;
+ }
+
+ /*
+ * We ignore the certificates, but we don't permit CRLs.
+ * A CRL entry might be revoking the certificate we're using, and we have
+ * no way of dealing with that at the moment.
+ */
+ res = asn1_read_value (signed_part, "crls", NULL, &crls_size);
+ if (res != ASN1_ELEMENT_NOT_FOUND)
+ {
+ err =
+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ "PKCS#7 messages with embedded CRLs are not supported");
+ goto cleanup_signed_part;
+ }
+
+ /* read the signature */
+ result_buf =
+ grub_asn1_allocate_and_read (signed_part, "signerInfos.?1.signature",
+ "signature data", &result_size);
+ if (!result_buf)
+ {
+ err = grub_errno;
+ goto cleanup_signed_part;
+ }
+
+ gcry_err =
+ gcry_mpi_scan (&(msg->sig_mpi), GCRYMPI_FMT_USG, result_buf, result_size,
+ NULL);
+ if (gcry_err != GPG_ERR_NO_ERROR)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Error loading signature into MPI structure: %d",
+ gcry_err);
+ goto cleanup_result;
+ }
+
+cleanup_result:
+ grub_free (result_buf);
+cleanup_signed_part:
+ asn1_delete_structure (&signed_part);
+
+ return err;
+}
+
+grub_err_t
+parse_pkcs7_signedData (void *sigbuf, grub_size_t data_size,
+ struct pkcs7_signedData *msg)
+{
+ int res;
+ asn1_node content_info;
+ grub_err_t err = GRUB_ERR_NONE;
+ char content_oid[MAX_OID_LEN];
+ grub_uint8_t *content;
+ int content_size;
+ int content_oid_size = sizeof (content_oid);
+ int size;
+
+ if (data_size > GRUB_INT_MAX)
+ return grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "Cannot parse a PKCS#7 message where data size > INT_MAX");
+ size = (int) data_size;
+
+ res = asn1_create_element (_gnutls_pkix_asn,
+ "PKIX1.pkcs-7-ContentInfo", &content_info);
+ if (res != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not create ASN.1 structure for PKCS#7 data: %s",
+ asn1_strerror (res));
+ }
+
+ res = asn1_der_decoding2 (&content_info, sigbuf, &size,
+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
+ if (res != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Error decoding PKCS#7 message DER: %s", asn1_error);
+ goto cleanup;
+ }
+
+ /*
+ * ContentInfo ::= SEQUENCE {
+ * contentType ContentType,
+ * content [0] EXPLICIT ANY DEFINED BY contentType }
+ *
+ * ContentType ::= OBJECT IDENTIFIER
+ */
+ res =
+ asn1_read_value (content_info, "contentType", content_oid,
+ &content_oid_size);
+ if (res != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Error reading PKCS#7 content type: %s",
+ asn1_strerror (res));
+ goto cleanup;
+ }
+
+ /* OID for SignedData defined in 5.1 */
+ if (grub_strncmp (signedData_oid, content_oid, content_oid_size) != 0)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_SIGNATURE,
+ "Unexpected content type in PKCS#7 message: OID %s",
+ content_oid);
+ goto cleanup;
+ }
+
+ content =
+ grub_asn1_allocate_and_read (content_info, "content",
+ "PKCS#7 message content", &content_size);
+ if (!content)
+ {
+ err = grub_errno;
+ goto cleanup;
+ }
+
+ err = process_content (content, content_size, msg);
+ grub_free (content);
+
+cleanup:
+ asn1_delete_structure (&content_info);
+ return err;
+}
+
+/*
+ * Release all the storage associated with the PKCS#7 message.
+ * If the caller dynamically allocated the message, it must free it.
+ */
+void
+pkcs7_signedData_release (struct pkcs7_signedData *msg)
+{
+ gcry_mpi_release (msg->sig_mpi);
+}
diff --git a/grub-core/commands/appendedsig/pkix_asn1_tab.c b/grub-core/commands/appendedsig/pkix_asn1_tab.c
new file mode 100644
index 0000000000..adef69d95c
--- /dev/null
+++ b/grub-core/commands/appendedsig/pkix_asn1_tab.c
@@ -0,0 +1,484 @@
+#include
+#include
+
+const asn1_static_node pkix_asn1_tab[] = {
+ { "PKIX1", 536875024, NULL },
+ { NULL, 1073741836, NULL },
+ { "PrivateKeyUsagePeriod", 1610612741, NULL },
+ { "notBefore", 1610637349, NULL },
+ { NULL, 4104, "0"},
+ { "notAfter", 536895525, NULL },
+ { NULL, 4104, "1"},
+ { "AuthorityKeyIdentifier", 1610612741, NULL },
+ { "keyIdentifier", 1610637319, NULL },
+ { NULL, 4104, "0"},
+ { "authorityCertIssuer", 1610637314, "GeneralNames"},
+ { NULL, 4104, "1"},
+ { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"},
+ { NULL, 4104, "2"},
+ { "SubjectKeyIdentifier", 1073741831, NULL },
+ { "KeyUsage", 1073741830, NULL },
+ { "DirectoryString", 1610612754, NULL },
+ { "teletexString", 1612709918, NULL },
+ { "MAX", 524298, "1"},
+ { "printableString", 1612709919, NULL },
+ { "MAX", 524298, "1"},
+ { "universalString", 1612709920, NULL },
+ { "MAX", 524298, "1"},
+ { "utf8String", 1612709922, NULL },
+ { "MAX", 524298, "1"},
+ { "bmpString", 1612709921, NULL },
+ { "MAX", 524298, "1"},
+ { "ia5String", 538968093, NULL },
+ { "MAX", 524298, "1"},
+ { "SubjectAltName", 1073741826, "GeneralNames"},
+ { "GeneralNames", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "GeneralName"},
+ { "GeneralName", 1610612754, NULL },
+ { "otherName", 1610620930, "AnotherName"},
+ { NULL, 4104, "0"},
+ { "rfc822Name", 1610620957, NULL },
+ { NULL, 4104, "1"},
+ { "dNSName", 1610620957, NULL },
+ { NULL, 4104, "2"},
+ { "x400Address", 1610620941, NULL },
+ { NULL, 4104, "3"},
+ { "directoryName", 1610620939, NULL },
+ { NULL, 1073743880, "4"},
+ { NULL, 2, "RelativeDistinguishedName"},
+ { "ediPartyName", 1610620941, NULL },
+ { NULL, 4104, "5"},
+ { "uniformResourceIdentifier", 1610620957, NULL },
+ { NULL, 4104, "6"},
+ { "iPAddress", 1610620935, NULL },
+ { NULL, 4104, "7"},
+ { "registeredID", 536879116, NULL },
+ { NULL, 4104, "8"},
+ { "AnotherName", 1610612741, NULL },
+ { "type-id", 1073741836, NULL },
+ { "value", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "type-id", 1, NULL },
+ { "IssuerAltName", 1073741826, "GeneralNames"},
+ { "BasicConstraints", 1610612741, NULL },
+ { "cA", 1610645508, NULL },
+ { NULL, 131081, NULL },
+ { "pathLenConstraint", 537411587, NULL },
+ { "0", 10, "MAX"},
+ { "CRLDistributionPoints", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "DistributionPoint"},
+ { "DistributionPoint", 1610612741, NULL },
+ { "distributionPoint", 1610637314, "DistributionPointName"},
+ { NULL, 2056, "0"},
+ { "reasons", 1610637314, "ReasonFlags"},
+ { NULL, 4104, "1"},
+ { "cRLIssuer", 536895490, "GeneralNames"},
+ { NULL, 4104, "2"},
+ { "DistributionPointName", 1610612754, NULL },
+ { "fullName", 1610620930, "GeneralNames"},
+ { NULL, 4104, "0"},
+ { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"},
+ { NULL, 4104, "1"},
+ { "ReasonFlags", 1073741830, NULL },
+ { "ExtKeyUsageSyntax", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 12, NULL },
+ { "AuthorityInfoAccessSyntax", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "AccessDescription"},
+ { "AccessDescription", 1610612741, NULL },
+ { "accessMethod", 1073741836, NULL },
+ { "accessLocation", 2, "GeneralName"},
+ { "Attribute", 1610612741, NULL },
+ { "type", 1073741836, NULL },
+ { "values", 536870927, NULL },
+ { NULL, 13, NULL },
+ { "AttributeTypeAndValue", 1610612741, NULL },
+ { "type", 1073741836, NULL },
+ { "value", 13, NULL },
+ { "Name", 1610612754, NULL },
+ { "rdnSequence", 536870923, NULL },
+ { NULL, 2, "RelativeDistinguishedName"},
+ { "DistinguishedName", 1610612747, NULL },
+ { NULL, 2, "RelativeDistinguishedName"},
+ { "RelativeDistinguishedName", 1612709903, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "AttributeTypeAndValue"},
+ { "Certificate", 1610612741, NULL },
+ { "tbsCertificate", 1073741826, "TBSCertificate"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 6, NULL },
+ { "TBSCertificate", 1610612741, NULL },
+ { "version", 1610653699, NULL },
+ { NULL, 1073741833, "0"},
+ { NULL, 2056, "0"},
+ { "serialNumber", 1073741826, "CertificateSerialNumber"},
+ { "signature", 1073741826, "AlgorithmIdentifier"},
+ { "issuer", 1073741826, "Name"},
+ { "validity", 1073741826, "Validity"},
+ { "subject", 1073741826, "Name"},
+ { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"},
+ { "issuerUniqueID", 1610637314, "UniqueIdentifier"},
+ { NULL, 4104, "1"},
+ { "subjectUniqueID", 1610637314, "UniqueIdentifier"},
+ { NULL, 4104, "2"},
+ { "extensions", 536895490, "Extensions"},
+ { NULL, 2056, "3"},
+ { "CertificateSerialNumber", 1073741827, NULL },
+ { "Validity", 1610612741, NULL },
+ { "notBefore", 1073741826, "Time"},
+ { "notAfter", 2, "Time"},
+ { "Time", 1610612754, NULL },
+ { "utcTime", 1073741860, NULL },
+ { "generalTime", 37, NULL },
+ { "UniqueIdentifier", 1073741830, NULL },
+ { "SubjectPublicKeyInfo", 1610612741, NULL },
+ { "algorithm", 1073741826, "AlgorithmIdentifier"},
+ { "subjectPublicKey", 6, NULL },
+ { "Extensions", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "Extension"},
+ { "Extension", 1610612741, NULL },
+ { "extnID", 1073741836, NULL },
+ { "critical", 1610645508, NULL },
+ { NULL, 131081, NULL },
+ { "extnValue", 7, NULL },
+ { "CertificateList", 1610612741, NULL },
+ { "tbsCertList", 1073741826, "TBSCertList"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 6, NULL },
+ { "TBSCertList", 1610612741, NULL },
+ { "version", 1073758211, NULL },
+ { "signature", 1073741826, "AlgorithmIdentifier"},
+ { "issuer", 1073741826, "Name"},
+ { "thisUpdate", 1073741826, "Time"},
+ { "nextUpdate", 1073758210, "Time"},
+ { "revokedCertificates", 1610629131, NULL },
+ { NULL, 536870917, NULL },
+ { "userCertificate", 1073741826, "CertificateSerialNumber"},
+ { "revocationDate", 1073741826, "Time"},
+ { "crlEntryExtensions", 16386, "Extensions"},
+ { "crlExtensions", 536895490, "Extensions"},
+ { NULL, 2056, "0"},
+ { "AlgorithmIdentifier", 1610612741, NULL },
+ { "algorithm", 1073741836, NULL },
+ { "parameters", 541081613, NULL },
+ { "algorithm", 1, NULL },
+ { "Dss-Sig-Value", 1610612741, NULL },
+ { "r", 1073741827, NULL },
+ { "s", 3, NULL },
+ { "Dss-Parms", 1610612741, NULL },
+ { "p", 1073741827, NULL },
+ { "q", 1073741827, NULL },
+ { "g", 3, NULL },
+ { "pkcs-7-ContentInfo", 1610612741, NULL },
+ { "contentType", 1073741836, NULL },
+ { "content", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "contentType", 1, NULL },
+ { "pkcs-7-DigestInfo", 1610612741, NULL },
+ { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "digest", 7, NULL },
+ { "pkcs-7-SignedData", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"},
+ { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"},
+ { "certificates", 1610637314, "pkcs-7-CertificateSet"},
+ { NULL, 4104, "0"},
+ { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"},
+ { NULL, 4104, "1"},
+ { "signerInfos", 2, "pkcs-7-SignerInfos"},
+ { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL },
+ { NULL, 2, "AlgorithmIdentifier"},
+ { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL },
+ { "eContentType", 1073741836, NULL },
+ { "eContent", 536895501, NULL },
+ { NULL, 2056, "0"},
+ { "pkcs-7-CertificateRevocationLists", 1610612751, NULL },
+ { NULL, 13, NULL },
+ { "pkcs-7-CertificateChoices", 1610612754, NULL },
+ { "certificate", 13, NULL },
+ { "pkcs-7-CertificateSet", 1610612751, NULL },
+ { NULL, 2, "pkcs-7-CertificateChoices"},
+ { "IssuerAndSerialNumber", 1610612741, NULL },
+ { "issuer", 1073741826, "Name"},
+ { "serialNumber", 2, "CertificateSerialNumber"},
+ { "pkcs-7-SignerInfo", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "sid", 1073741826, "SignerIdentifier"},
+ { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signedAttrs", 1610637314, "SignedAttributes"},
+ { NULL, 4104, "0"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 1073741831, NULL },
+ { "unsignedAttrs", 536895490, "SignedAttributes"},
+ { NULL, 4104, "1"},
+ { "SignedAttributes", 1612709903, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "Attribute"},
+ { "SignerIdentifier", 1610612754, NULL },
+ { "issuerAndSerialNumber", 1073741826, "IssuerAndSerialNumber"},
+ { "subjectKeyIdentifier", 536879111, NULL },
+ { NULL, 4104, "0"},
+ { "pkcs-7-SignerInfos", 1610612751, NULL },
+ { NULL, 2, "pkcs-7-SignerInfo"},
+ { "pkcs-10-CertificationRequestInfo", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "subject", 1073741826, "Name"},
+ { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"},
+ { "attributes", 536879106, "Attributes"},
+ { NULL, 4104, "0"},
+ { "Attributes", 1610612751, NULL },
+ { NULL, 2, "Attribute"},
+ { "pkcs-10-CertificationRequest", 1610612741, NULL },
+ { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 6, NULL },
+ { "pkcs-9-at-challengePassword", 1879048204, NULL },
+ { "iso", 1073741825, "1"},
+ { "member-body", 1073741825, "2"},
+ { "us", 1073741825, "840"},
+ { "rsadsi", 1073741825, "113549"},
+ { "pkcs", 1073741825, "1"},
+ { NULL, 1073741825, "9"},
+ { NULL, 1, "7"},
+ { "pkcs-9-challengePassword", 1610612754, NULL },
+ { "printableString", 1073741855, NULL },
+ { "utf8String", 34, NULL },
+ { "pkcs-9-localKeyId", 1073741831, NULL },
+ { "pkcs-8-PrivateKeyInfo", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "privateKey", 1073741831, NULL },
+ { "attributes", 536895490, "Attributes"},
+ { NULL, 4104, "0"},
+ { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL },
+ { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "encryptedData", 2, "pkcs-8-EncryptedData"},
+ { "pkcs-8-EncryptedData", 1073741831, NULL },
+ { "pkcs-5-des-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "8"},
+ { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "8"},
+ { "pkcs-5-aes128-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "16"},
+ { "pkcs-5-aes192-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "16"},
+ { "pkcs-5-aes256-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "16"},
+ { "Gost28147-89-Parameters", 1610612741, NULL },
+ { "iv", 1073741831, NULL },
+ { "encryptionParamSet", 12, NULL },
+ { "pkcs-5-PBE-params", 1610612741, NULL },
+ { "salt", 1073741831, NULL },
+ { "iterationCount", 3, NULL },
+ { "pkcs-5-PBES2-params", 1610612741, NULL },
+ { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"},
+ { "encryptionScheme", 2, "AlgorithmIdentifier"},
+ { "pkcs-5-PBKDF2-params", 1610612741, NULL },
+ { "salt", 1610612754, NULL },
+ { "specified", 1073741831, NULL },
+ { "otherSource", 2, "AlgorithmIdentifier"},
+ { "iterationCount", 1611137027, NULL },
+ { "1", 10, "MAX"},
+ { "keyLength", 1611153411, NULL },
+ { "1", 10, "MAX"},
+ { "prf", 16386, "AlgorithmIdentifier"},
+ { "pkcs-12-PFX", 1610612741, NULL },
+ { "version", 1610874883, NULL },
+ { "v3", 1, "3"},
+ { "authSafe", 1073741826, "pkcs-7-ContentInfo"},
+ { "macData", 16386, "pkcs-12-MacData"},
+ { "pkcs-12-PbeParams", 1610612741, NULL },
+ { "salt", 1073741831, NULL },
+ { "iterations", 3, NULL },
+ { "pkcs-12-MacData", 1610612741, NULL },
+ { "mac", 1073741826, "pkcs-7-DigestInfo"},
+ { "macSalt", 1073741831, NULL },
+ { "iterations", 536903683, NULL },
+ { NULL, 9, "1"},
+ { "pkcs-12-AuthenticatedSafe", 1610612747, NULL },
+ { NULL, 2, "pkcs-7-ContentInfo"},
+ { "pkcs-12-SafeContents", 1610612747, NULL },
+ { NULL, 2, "pkcs-12-SafeBag"},
+ { "pkcs-12-SafeBag", 1610612741, NULL },
+ { "bagId", 1073741836, NULL },
+ { "bagValue", 1614815245, NULL },
+ { NULL, 1073743880, "0"},
+ { "badId", 1, NULL },
+ { "bagAttributes", 536887311, NULL },
+ { NULL, 2, "Attribute"},
+ { "pkcs-12-CertBag", 1610612741, NULL },
+ { "certId", 1073741836, NULL },
+ { "certValue", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "certId", 1, NULL },
+ { "pkcs-12-CRLBag", 1610612741, NULL },
+ { "crlId", 1073741836, NULL },
+ { "crlValue", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "crlId", 1, NULL },
+ { "pkcs-12-SecretBag", 1610612741, NULL },
+ { "secretTypeId", 1073741836, NULL },
+ { "secretValue", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "secretTypeId", 1, NULL },
+ { "pkcs-7-Data", 1073741831, NULL },
+ { "pkcs-7-EncryptedData", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"},
+ { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"},
+ { NULL, 4104, "1"},
+ { "pkcs-7-EncryptedContentInfo", 1610612741, NULL },
+ { "contentType", 1073741836, NULL },
+ { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"},
+ { "encryptedContent", 536895495, NULL },
+ { NULL, 4104, "0"},
+ { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
+ { "pkcs-7-UnprotectedAttributes", 1612709903, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "Attribute"},
+ { "ProxyCertInfo", 1610612741, NULL },
+ { "pCPathLenConstraint", 1611153411, NULL },
+ { "0", 10, "MAX"},
+ { "proxyPolicy", 2, "ProxyPolicy"},
+ { "ProxyPolicy", 1610612741, NULL },
+ { "policyLanguage", 1073741836, NULL },
+ { "policy", 16391, NULL },
+ { "certificatePolicies", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "PolicyInformation"},
+ { "PolicyInformation", 1610612741, NULL },
+ { "policyIdentifier", 1073741836, NULL },
+ { "policyQualifiers", 538984459, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "PolicyQualifierInfo"},
+ { "PolicyQualifierInfo", 1610612741, NULL },
+ { "policyQualifierId", 1073741836, NULL },
+ { "qualifier", 541065229, NULL },
+ { "policyQualifierId", 1, NULL },
+ { "CPSuri", 1073741853, NULL },
+ { "UserNotice", 1610612741, NULL },
+ { "noticeRef", 1073758210, "NoticeReference"},
+ { "explicitText", 16386, "DisplayText"},
+ { "NoticeReference", 1610612741, NULL },
+ { "organization", 1073741826, "DisplayText"},
+ { "noticeNumbers", 536870923, NULL },
+ { NULL, 3, NULL },
+ { "DisplayText", 1610612754, NULL },
+ { "ia5String", 1612709917, NULL },
+ { "200", 524298, "1"},
+ { "visibleString", 1612709923, NULL },
+ { "200", 524298, "1"},
+ { "bmpString", 1612709921, NULL },
+ { "200", 524298, "1"},
+ { "utf8String", 538968098, NULL },
+ { "200", 524298, "1"},
+ { "OCSPRequest", 1610612741, NULL },
+ { "tbsRequest", 1073741826, "TBSRequest"},
+ { "optionalSignature", 536895490, "Signature"},
+ { NULL, 2056, "0"},
+ { "TBSRequest", 1610612741, NULL },
+ { "version", 1610653699, NULL },
+ { NULL, 1073741833, "0"},
+ { NULL, 2056, "0"},
+ { "requestorName", 1610637314, "GeneralName"},
+ { NULL, 2056, "1"},
+ { "requestList", 1610612747, NULL },
+ { NULL, 2, "Request"},
+ { "requestExtensions", 536895490, "Extensions"},
+ { NULL, 2056, "2"},
+ { "Signature", 1610612741, NULL },
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 1073741830, NULL },
+ { "certs", 536895499, NULL },
+ { NULL, 1073743880, "0"},
+ { NULL, 2, "Certificate"},
+ { "Request", 1610612741, NULL },
+ { "reqCert", 1073741826, "CertID"},
+ { "singleRequestExtensions", 536895490, "Extensions"},
+ { NULL, 2056, "0"},
+ { "CertID", 1610612741, NULL },
+ { "hashAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "issuerNameHash", 1073741831, NULL },
+ { "issuerKeyHash", 1073741831, NULL },
+ { "serialNumber", 2, "CertificateSerialNumber"},
+ { "OCSPResponse", 1610612741, NULL },
+ { "responseStatus", 1073741826, "OCSPResponseStatus"},
+ { "responseBytes", 536895490, "ResponseBytes"},
+ { NULL, 2056, "0"},
+ { "OCSPResponseStatus", 1610874901, NULL },
+ { "successful", 1073741825, "0"},
+ { "malformedRequest", 1073741825, "1"},
+ { "internalError", 1073741825, "2"},
+ { "tryLater", 1073741825, "3"},
+ { "sigRequired", 1073741825, "5"},
+ { "unauthorized", 1, "6"},
+ { "ResponseBytes", 1610612741, NULL },
+ { "responseType", 1073741836, NULL },
+ { "response", 7, NULL },
+ { "BasicOCSPResponse", 1610612741, NULL },
+ { "tbsResponseData", 1073741826, "ResponseData"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 1073741830, NULL },
+ { "certs", 536895499, NULL },
+ { NULL, 1073743880, "0"},
+ { NULL, 2, "Certificate"},
+ { "ResponseData", 1610612741, NULL },
+ { "version", 1610653699, NULL },
+ { NULL, 1073741833, "0"},
+ { NULL, 2056, "0"},
+ { "responderID", 1073741826, "ResponderID"},
+ { "producedAt", 1073741861, NULL },
+ { "responses", 1610612747, NULL },
+ { NULL, 2, "SingleResponse"},
+ { "responseExtensions", 536895490, "Extensions"},
+ { NULL, 2056, "1"},
+ { "ResponderID", 1610612754, NULL },
+ { "byName", 1610620939, NULL },
+ { NULL, 1073743880, "1"},
+ { NULL, 2, "RelativeDistinguishedName"},
+ { "byKey", 536879111, NULL },
+ { NULL, 2056, "2"},
+ { "SingleResponse", 1610612741, NULL },
+ { "certID", 1073741826, "CertID"},
+ { "certStatus", 1073741826, "CertStatus"},
+ { "thisUpdate", 1073741861, NULL },
+ { "nextUpdate", 1610637349, NULL },
+ { NULL, 2056, "0"},
+ { "singleExtensions", 536895490, "Extensions"},
+ { NULL, 2056, "1"},
+ { "CertStatus", 1610612754, NULL },
+ { "good", 1610620948, NULL },
+ { NULL, 4104, "0"},
+ { "revoked", 1610620930, "RevokedInfo"},
+ { NULL, 4104, "1"},
+ { "unknown", 536879106, "UnknownInfo"},
+ { NULL, 4104, "2"},
+ { "RevokedInfo", 1610612741, NULL },
+ { "revocationTime", 1073741861, NULL },
+ { "revocationReason", 537157653, NULL },
+ { NULL, 1073743880, "0"},
+ { "unspecified", 1, "0"},
+ { "UnknownInfo", 1073741844, NULL },
+ { "NameConstraints", 1610612741, NULL },
+ { "permittedSubtrees", 1610637314, "GeneralSubtrees"},
+ { NULL, 4104, "0"},
+ { "excludedSubtrees", 536895490, "GeneralSubtrees"},
+ { NULL, 4104, "1"},
+ { "GeneralSubtrees", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "GeneralSubtree"},
+ { "GeneralSubtree", 1610612741, NULL },
+ { "base", 1073741826, "GeneralName"},
+ { "minimum", 1610653699, NULL },
+ { NULL, 1073741833, "0"},
+ { NULL, 4104, "0"},
+ { "maximum", 536895491, NULL },
+ { NULL, 4104, "1"},
+ { "TlsFeatures", 536870923, NULL },
+ { NULL, 3, NULL },
+ { NULL, 0, NULL }
+};
diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c
new file mode 100644
index 0000000000..42ec65c54a
--- /dev/null
+++ b/grub-core/commands/appendedsig/x509.c
@@ -0,0 +1,1050 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 IBM Corporation.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "appendedsig.h"
+
+static char asn1_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+/*
+ * RFC 3279 2.3.1 RSA Keys
+ */
+const char *rsaEncryption_oid = "1.2.840.113549.1.1.1";
+
+/*
+ * RFC 5280 Appendix A
+ */
+const char *commonName_oid = "2.5.4.3";
+
+/*
+ * RFC 5280 4.2.1.3 Key Usage
+ */
+const char *keyUsage_oid = "2.5.29.15";
+
+/*
+ * RFC 5280 4.2.1.9 Basic Constraints
+ */
+const char *basicConstraints_oid = "2.5.29.19";
+
+/*
+ * RFC 5280 4.2.1.12 Extended Key Usage
+ */
+const char *extendedKeyUsage_oid = "2.5.29.37";
+const char *codeSigningUsage_oid = "1.3.6.1.5.5.7.3.3";
+
+/*
+ * RFC 3279 2.3.1
+ *
+ * The RSA public key MUST be encoded using the ASN.1 type RSAPublicKey:
+ *
+ * RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER } -- e
+ *
+ * where modulus is the modulus n, and publicExponent is the public
+ * exponent e.
+ */
+static grub_err_t
+grub_parse_rsa_pubkey (grub_uint8_t * der, int dersize,
+ struct x509_certificate *certificate)
+{
+ int result;
+ asn1_node spk = ASN1_TYPE_EMPTY;
+ grub_uint8_t *m_data, *e_data;
+ int m_size, e_size;
+ grub_err_t err = GRUB_ERR_NONE;
+ gcry_error_t gcry_err;
+
+ result =
+ asn1_create_element (_gnutls_gnutls_asn, "GNUTLS.RSAPublicKey", &spk);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Cannot create storage for public key ASN.1 data");
+ }
+
+ result = asn1_der_decoding2 (&spk, der, &dersize,
+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Cannot decode certificate public key DER: %s",
+ asn1_error);
+ goto cleanup;
+ }
+
+ m_data =
+ grub_asn1_allocate_and_read (spk, "modulus", "RSA modulus", &m_size);
+ if (!m_data)
+ {
+ err = grub_errno;
+ goto cleanup;
+ }
+
+ e_data =
+ grub_asn1_allocate_and_read (spk, "publicExponent", "RSA public exponent",
+ &e_size);
+ if (!e_data)
+ {
+ err = grub_errno;
+ goto cleanup_m_data;
+ }
+
+ /*
+ * convert m, e to mpi
+ *
+ * nscanned is not set for FMT_USG, it's only set for FMT_PGP,
+ * so we can't verify it
+ */
+ gcry_err =
+ gcry_mpi_scan (&certificate->mpis[0], GCRYMPI_FMT_USG, m_data, m_size,
+ NULL);
+ if (gcry_err != GPG_ERR_NO_ERROR)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error loading RSA modulus into MPI structure: %d",
+ gcry_err);
+ goto cleanup_e_data;
+ }
+
+ gcry_err =
+ gcry_mpi_scan (&certificate->mpis[1], GCRYMPI_FMT_USG, e_data, e_size,
+ NULL);
+ if (gcry_err != GPG_ERR_NO_ERROR)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error loading RSA exponent into MPI structure: %d",
+ gcry_err);
+ goto cleanup_m_mpi;
+ }
+
+ grub_free (e_data);
+ grub_free (m_data);
+ asn1_delete_structure (&spk);
+ return GRUB_ERR_NONE;
+
+cleanup_m_mpi:
+ gcry_mpi_release (certificate->mpis[0]);
+cleanup_e_data:
+ grub_free (e_data);
+cleanup_m_data:
+ grub_free (m_data);
+cleanup:
+ asn1_delete_structure (&spk);
+ return err;
+}
+
+
+/*
+ * RFC 5280:
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ *
+ * AlgorithmIdentifiers come from RFC 3279, we are not strictly compilant as we
+ * only support RSA Encryption.
+ */
+
+static grub_err_t
+grub_x509_read_subject_public_key (asn1_node asn,
+ struct x509_certificate *results)
+{
+ int result;
+ grub_err_t err;
+ const char *algo_name =
+ "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm";
+ const char *params_name =
+ "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters";
+ const char *pk_name =
+ "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey";
+ char algo_oid[MAX_OID_LEN];
+ int algo_size = sizeof (algo_oid);
+ char params_value[2];
+ int params_size = sizeof (params_value);
+ grub_uint8_t *key_data = NULL;
+ int key_size = 0;
+ unsigned int key_type;
+
+ /* algorithm: see notes for rsaEncryption_oid */
+ result = asn1_read_value (asn, algo_name, algo_oid, &algo_size);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading x509 public key algorithm: %s",
+ asn1_strerror (result));
+ }
+
+ if (grub_strncmp (algo_oid, rsaEncryption_oid, sizeof (rsaEncryption_oid))
+ != 0)
+ {
+ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ "Unsupported x509 public key algorithm: %s",
+ algo_oid);
+ }
+
+ /*
+ * RFC 3279 2.3.1
+ * The rsaEncryption OID is intended to be used in the algorithm field
+ * of a value of type AlgorithmIdentifier. The parameters field MUST
+ * have ASN.1 type NULL for this algorithm identifier.
+ */
+ result = asn1_read_value (asn, params_name, params_value, ¶ms_size);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading x509 public key parameters: %s",
+ asn1_strerror (result));
+ }
+
+ if (params_value[0] != ASN1_TAG_NULL)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Invalid x509 public key parameters: expected NULL");
+ }
+
+ /*
+ * RFC 3279 2.3.1: The DER encoded RSAPublicKey is the value of the BIT
+ * STRING subjectPublicKey.
+ */
+ result = asn1_read_value_type (asn, pk_name, NULL, &key_size, &key_type);
+ if (result != ASN1_MEM_ERROR)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading size of x509 public key: %s",
+ asn1_strerror (result));
+ }
+ if (key_type != ASN1_ETYPE_BIT_STRING)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Unexpected ASN.1 type when reading x509 public key: %x",
+ key_type);
+ }
+
+ /* length is in bits */
+ key_size = (key_size + 7) / 8;
+
+ key_data = grub_malloc (key_size);
+ if (!key_data)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Out of memory for x509 public key");
+ }
+
+ result = asn1_read_value (asn, pk_name, key_data, &key_size);
+ if (result != ASN1_SUCCESS)
+ {
+ grub_free (key_data);
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading public key data");
+ }
+ key_size = (key_size + 7) / 8;
+
+ err = grub_parse_rsa_pubkey (key_data, key_size, results);
+ grub_free (key_data);
+
+ return err;
+}
+
+/* Decode a string as defined in Appendix A */
+static grub_err_t
+decode_string (char *der, int der_size, char **string,
+ grub_size_t * string_size)
+{
+ asn1_node strasn;
+ int result;
+ char *choice;
+ int choice_size = 0;
+ int tmp_size = 0;
+ grub_err_t err = GRUB_ERR_NONE;
+
+ result =
+ asn1_create_element (_gnutls_pkix_asn, "PKIX1.DirectoryString", &strasn);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not create ASN.1 structure for certificate: %s",
+ asn1_strerror (result));
+ }
+
+ result = asn1_der_decoding2 (&strasn, der, &der_size,
+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Could not parse DER for DirectoryString: %s",
+ asn1_error);
+ goto cleanup;
+ }
+
+ choice =
+ grub_asn1_allocate_and_read (strasn, "", "DirectoryString choice",
+ &choice_size);
+ if (!choice)
+ {
+ err = grub_errno;
+ goto cleanup;
+ }
+
+ if (grub_strncmp ("utf8String", choice, choice_size))
+ {
+ err =
+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ "Only UTF-8 DirectoryStrings are supported, got %s",
+ choice);
+ goto cleanup_choice;
+ }
+
+ result = asn1_read_value (strasn, "utf8String", NULL, &tmp_size);
+ if (result != ASN1_MEM_ERROR)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading size of UTF-8 string: %s",
+ asn1_strerror (result));
+ goto cleanup_choice;
+ }
+
+ /* read size does not include trailing null */
+ tmp_size++;
+
+ *string = grub_malloc (tmp_size);
+ if (!*string)
+ {
+ err =
+ grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Cannot allocate memory for DirectoryString contents");
+ goto cleanup_choice;
+ }
+
+ result = asn1_read_value (strasn, "utf8String", *string, &tmp_size);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading out UTF-8 string in DirectoryString: %s",
+ asn1_strerror (result));
+ grub_free (*string);
+ goto cleanup_choice;
+ }
+ *string_size = tmp_size + 1;
+ (*string)[tmp_size] = '\0';
+
+cleanup_choice:
+ grub_free (choice);
+cleanup:
+ asn1_delete_structure (&strasn);
+ return err;
+}
+
+/*
+ * TBSCertificate ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * ...
+ *
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ */
+static grub_err_t
+check_version (asn1_node certificate)
+{
+ int rc;
+ const char *name = "tbsCertificate.version";
+ grub_uint8_t version;
+ int len = 1;
+
+ rc = asn1_read_value (certificate, name, &version, &len);
+
+ /* require version 3 */
+ if (rc != ASN1_SUCCESS || len != 1)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading certificate version");
+
+ if (version != 0x02)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Invalid x509 certificate version, expected v3 (0x02), got 0x%02x",
+ version);
+
+ return GRUB_ERR_NONE;
+}
+
+/*
+ * This is an X.501 Name, which is complex.
+ *
+ * For simplicity, we extract only the CN.
+ */
+static grub_err_t
+read_name (asn1_node asn, const char *name_path, char **name,
+ grub_size_t * name_size)
+{
+ int seq_components, set_components;
+ int result;
+ int i, j;
+ char *top_path, *set_path, *type_path, *val_path;
+ char type[MAX_OID_LEN];
+ int type_len = sizeof (type);
+ int string_size = 0;
+ char *string_der;
+ grub_err_t err;
+
+ *name = NULL;
+
+ top_path = grub_xasprintf ("%s.rdnSequence", name_path);
+ if (!top_path)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not allocate memory for %s name parsing path",
+ name_path);
+
+ result = asn1_number_of_elements (asn, top_path, &seq_components);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error counting name components: %s",
+ asn1_strerror (result));
+ goto cleanup;
+ }
+
+ for (i = 1; i <= seq_components; i++)
+ {
+ set_path = grub_xasprintf ("%s.?%d", top_path, i);
+ if (!set_path)
+ {
+ err =
+ grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not allocate memory for %s name set parsing path",
+ name_path);
+ goto cleanup_set;
+ }
+ /* this brings us, hopefully, to a set */
+ result = asn1_number_of_elements (asn, set_path, &set_components);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error counting name sub-components components (element %d): %s",
+ i, asn1_strerror (result));
+ goto cleanup_set;
+ }
+ for (j = 1; j <= set_components; j++)
+ {
+ type_path = grub_xasprintf ("%s.?%d.?%d.type", top_path, i, j);
+ if (!type_path)
+ {
+ err =
+ grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not allocate memory for %s name component type path",
+ name_path);
+ goto cleanup_set;
+ }
+ type_len = sizeof (type);
+ result = asn1_read_value (asn, type_path, type, &type_len);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading %s name component type: %s",
+ name_path, asn1_strerror (result));
+ goto cleanup_type;
+ }
+
+ if (grub_strncmp (type, commonName_oid, type_len) != 0)
+ {
+ grub_free (type_path);
+ continue;
+ }
+
+ val_path = grub_xasprintf ("%s.?%d.?%d.value", top_path, i, j);
+ if (!val_path)
+ {
+ err =
+ grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not allocate memory for %s name component value path",
+ name_path);
+ goto cleanup_set;
+ }
+
+ string_der =
+ grub_asn1_allocate_and_read (asn, val_path, name_path,
+ &string_size);
+ if (!string_der)
+ {
+ err = grub_errno;
+ goto cleanup_val_path;
+ }
+
+ err = decode_string (string_der, string_size, name, name_size);
+ if (err)
+ goto cleanup_string;
+
+ grub_free (string_der);
+ grub_free (type_path);
+ grub_free (val_path);
+ break;
+ }
+ grub_free (set_path);
+
+ if (*name)
+ break;
+ }
+
+ return GRUB_ERR_NONE;
+
+cleanup_string:
+ grub_free (string_der);
+cleanup_val_path:
+ grub_free (val_path);
+cleanup_type:
+ grub_free (type_path);
+cleanup_set:
+ grub_free (set_path);
+cleanup:
+ grub_free (top_path);
+ return err;
+}
+
+/*
+ * details here
+ */
+static grub_err_t
+verify_key_usage (grub_uint8_t * value, int value_size)
+{
+ asn1_node usageasn;
+ int result;
+ grub_err_t err = GRUB_ERR_NONE;
+ grub_uint8_t usage = 0xff;
+ int usage_size = 1;
+
+ result =
+ asn1_create_element (_gnutls_pkix_asn, "PKIX1.KeyUsage", &usageasn);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not create ASN.1 structure for key usage");
+ }
+
+ result = asn1_der_decoding2 (&usageasn, value, &value_size,
+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error parsing DER for Key Usage: %s", asn1_error);
+ goto cleanup;
+ }
+
+ result = asn1_read_value (usageasn, "", &usage, &usage_size);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading Key Usage value: %s",
+ asn1_strerror (result));
+ goto cleanup;
+ }
+
+ /* Only the first bit is permitted to be set */
+ if (usage != 0x80)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected Key Usage value: %x",
+ usage);
+ goto cleanup;
+ }
+
+cleanup:
+ asn1_delete_structure (&usageasn);
+ return err;
+}
+
+/*
+ * BasicConstraints ::= SEQUENCE {
+ * cA BOOLEAN DEFAULT FALSE,
+ * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
+ */
+static grub_err_t
+verify_basic_constraints (grub_uint8_t * value, int value_size)
+{
+ asn1_node basicasn;
+ int result;
+ grub_err_t err = GRUB_ERR_NONE;
+ char cA[6]; /* FALSE or TRUE */
+ int cA_size = sizeof (cA);
+
+ result =
+ asn1_create_element (_gnutls_pkix_asn, "PKIX1.BasicConstraints",
+ &basicasn);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not create ASN.1 structure for Basic Constraints");
+ }
+
+ result = asn1_der_decoding2 (&basicasn, value, &value_size,
+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error parsing DER for Basic Constraints: %s",
+ asn1_error);
+ goto cleanup;
+ }
+
+ result = asn1_read_value (basicasn, "cA", cA, &cA_size);
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ /* Not present, default is False, so this is OK */
+ err = GRUB_ERR_NONE;
+ goto cleanup;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading Basic Constraints cA value: %s",
+ asn1_strerror (result));
+ goto cleanup;
+ }
+
+ /* The certificate must not be a CA certificate */
+ if (grub_strncmp ("FALSE", cA, cA_size) != 0)
+ {
+ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected CA value: %s",
+ cA);
+ goto cleanup;
+ }
+
+cleanup:
+ asn1_delete_structure (&basicasn);
+ return err;
+}
+
+/*
+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ */
+static grub_err_t
+verify_extended_key_usage (grub_uint8_t * value, int value_size)
+{
+ asn1_node extendedasn;
+ int result, count;
+ grub_err_t err = GRUB_ERR_NONE;
+ char usage[MAX_OID_LEN];
+ int usage_size = sizeof (usage);
+
+ result =
+ asn1_create_element (_gnutls_pkix_asn, "PKIX1.ExtKeyUsageSyntax",
+ &extendedasn);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not create ASN.1 structure for Extended Key Usage");
+ }
+
+ result = asn1_der_decoding2 (&extendedasn, value, &value_size,
+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error parsing DER for Extended Key Usage: %s",
+ asn1_error);
+ goto cleanup;
+ }
+
+ /*
+ * If EKUs are present, there must be exactly 1 and it must be a
+ * codeSigning usage.
+ */
+ result = asn1_number_of_elements(extendedasn, "", &count);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error counting number of Extended Key Usages: %s",
+ asn1_strerror (result));
+ goto cleanup;
+ }
+
+ result = asn1_read_value (extendedasn, "?1", usage, &usage_size);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading Extended Key Usage: %s",
+ asn1_strerror (result));
+ goto cleanup;
+ }
+
+ if (grub_strncmp (codeSigningUsage_oid, usage, usage_size) != 0)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Unexpected Extended Key Usage OID, got: %s",
+ usage);
+ goto cleanup;
+ }
+
+cleanup:
+ asn1_delete_structure (&extendedasn);
+ return err;
+}
+
+/*
+ * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+ *
+ * Extension ::= SEQUENCE {
+ * extnID OBJECT IDENTIFIER,
+ * critical BOOLEAN DEFAULT FALSE,
+ * extnValue OCTET STRING
+ * -- contains the DER encoding of an ASN.1 value
+ * -- corresponding to the extension type identified
+ * -- by extnID
+ * }
+ *
+ * We require that a certificate:
+ * - contain the Digital Signature usage only
+ * - not be a CA
+ * - MUST not contain any other critical extensions (RFC 5280 s 4.2)
+ */
+static grub_err_t
+verify_extensions (asn1_node cert)
+{
+ int result;
+ int ext, num_extensions = 0;
+ int usage_present = 0, constraints_present = 0, extended_usage_present = 0;
+ char *oid_path, *critical_path, *value_path;
+ char extnID[MAX_OID_LEN];
+ int extnID_size;
+ grub_err_t err;
+ char critical[6]; /* we get either "TRUE" or "FALSE" */
+ int critical_size;
+ grub_uint8_t *value;
+ int value_size;
+
+ result =
+ asn1_number_of_elements (cert, "tbsCertificate.extensions",
+ &num_extensions);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error counting number of extensions: %s",
+ asn1_strerror (result));
+ }
+
+ if (num_extensions < 2)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Insufficient number of extensions for certificate, need at least 2, got %d",
+ num_extensions);
+ }
+
+ for (ext = 1; ext <= num_extensions; ext++)
+ {
+ oid_path = grub_xasprintf ("tbsCertificate.extensions.?%d.extnID", ext);
+
+ extnID_size = sizeof (extnID);
+ result = asn1_read_value (cert, oid_path, extnID, &extnID_size);
+ if (result != GRUB_ERR_NONE)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading extension OID: %s",
+ asn1_strerror (result));
+ goto cleanup_oid_path;
+ }
+
+ critical_path =
+ grub_xasprintf ("tbsCertificate.extensions.?%d.critical", ext);
+ critical_size = sizeof (critical);
+ result =
+ asn1_read_value (cert, critical_path, critical, &critical_size);
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ critical[0] = '\0';
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Error reading extension criticality: %s",
+ asn1_strerror (result));
+ goto cleanup_critical_path;
+ }
+
+ value_path =
+ grub_xasprintf ("tbsCertificate.extensions.?%d.extnValue", ext);
+ value =
+ grub_asn1_allocate_and_read (cert, value_path,
+ "certificate extension value",
+ &value_size);
+ if (!value)
+ {
+ err = grub_errno;
+ goto cleanup_value_path;
+ }
+
+ /*
+ * Now we must see if we recognise the OID.
+ * If we have an unrecognised critical extension we MUST bail.
+ */
+ if (grub_strncmp (keyUsage_oid, extnID, extnID_size) == 0)
+ {
+ err = verify_key_usage (value, value_size);
+ if (err != GRUB_ERR_NONE)
+ {
+ goto cleanup_value;
+ }
+ usage_present++;
+ }
+ else if (grub_strncmp (basicConstraints_oid, extnID, extnID_size) == 0)
+ {
+ err = verify_basic_constraints (value, value_size);
+ if (err != GRUB_ERR_NONE)
+ {
+ goto cleanup_value;
+ }
+ constraints_present++;
+ }
+ else if (grub_strncmp (extendedKeyUsage_oid, extnID, extnID_size) == 0)
+ {
+ err = verify_extended_key_usage (value, value_size);
+ if (err != GRUB_ERR_NONE)
+ {
+ goto cleanup_value;
+ }
+ extended_usage_present++;
+ }
+ else if (grub_strncmp ("TRUE", critical, critical_size) == 0)
+ {
+ /*
+ * per the RFC, we must not process a certificate with
+ * a critical extension we do not understand.
+ */
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Unhandled critical x509 extension with OID %s",
+ extnID);
+ goto cleanup_value;
+ }
+
+ grub_free (value);
+ grub_free (value_path);
+ grub_free (critical_path);
+ grub_free (oid_path);
+ }
+
+ if (usage_present != 1)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Unexpected number of Key Usage extensions - expected 1, got %d",
+ usage_present);
+ }
+ if (constraints_present != 1)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Unexpected number of basic constraints extensions - expected 1, got %d",
+ constraints_present);
+ }
+ if (extended_usage_present > 1)
+ {
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Unexpected number of Extended Key Usage extensions - expected 0 or 1, got %d",
+ extended_usage_present);
+ }
+ return GRUB_ERR_NONE;
+
+cleanup_value:
+ grub_free (value);
+cleanup_value_path:
+ grub_free (value_path);
+cleanup_critical_path:
+ grub_free (critical_path);
+cleanup_oid_path:
+ grub_free (oid_path);
+ return err;
+}
+
+/*
+ * Parse a certificate whose DER-encoded form is in @data, of size @data_size.
+ * Return the results in @results, which must point to an allocated x509 certificate.
+ */
+grub_err_t
+certificate_import (void *data, grub_size_t data_size,
+ struct x509_certificate *results)
+{
+ int result = 0;
+ asn1_node cert;
+ grub_err_t err;
+ int size;
+ int tmp_size;
+
+ if (data_size > GRUB_INT_MAX)
+ return grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "Cannot parse a certificate where data size > INT_MAX");
+ size = (int) data_size;
+
+ result = asn1_create_element (_gnutls_pkix_asn, "PKIX1.Certificate", &cert);
+ if (result != ASN1_SUCCESS)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "Could not create ASN.1 structure for certificate: %s",
+ asn1_strerror (result));
+ }
+
+ result = asn1_der_decoding2 (&cert, data, &size,
+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error);
+ if (result != ASN1_SUCCESS)
+ {
+ err =
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "Could not parse DER for certificate: %s", asn1_error);
+ goto cleanup;
+ }
+
+ /*
+ * TBSCertificate ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1
+ */
+ err = check_version (cert);
+ if (err != GRUB_ERR_NONE)
+ {
+ goto cleanup;
+ }
+
+ /*
+ * serialNumber CertificateSerialNumber,
+ *
+ * CertificateSerialNumber ::= INTEGER
+ */
+ results->serial =
+ grub_asn1_allocate_and_read (cert, "tbsCertificate.serialNumber",
+ "certificate serial number", &tmp_size);
+ if (!results->serial)
+ {
+ err = grub_errno;
+ goto cleanup;
+ }
+ /*
+ * It's safe to cast the signed int to an unsigned here, we know
+ * length is non-negative
+ */
+ results->serial_len = tmp_size;
+
+ /*
+ * signature AlgorithmIdentifier,
+ *
+ * We don't load the signature or issuer at the moment,
+ * as we don't attempt x509 verification.
+ */
+
+ /*
+ * issuer Name,
+ *
+ * The RFC only requires the serial number to be unique within
+ * issuers, so to avoid ambiguity we _technically_ ought to make
+ * this available.
+ */
+
+ /*
+ * validity Validity,
+ *
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time }
+ *
+ * We can't validate this reasonably, we have no true time source on several
+ * platforms. For now we do not parse them.
+ */
+
+ /*
+ * subject Name,
+ *
+ * This is an X501 name, we parse out just the CN.
+ */
+ err =
+ read_name (cert, "tbsCertificate.subject", &results->subject,
+ &results->subject_len);
+ if (err != GRUB_ERR_NONE)
+ goto cleanup_serial;
+
+ /*
+ * TBSCertificate ::= SEQUENCE {
+ * ...
+ * subjectPublicKeyInfo SubjectPublicKeyInfo,
+ * ...
+ */
+ err = grub_x509_read_subject_public_key (cert, results);
+ if (err != GRUB_ERR_NONE)
+ goto cleanup_name;
+
+ /*
+ * TBSCertificate ::= SEQUENCE {
+ * ...
+ * extensions [3] EXPLICIT Extensions OPTIONAL
+ * -- If present, version MUST be v3
+ * }
+ */
+
+ err = verify_extensions (cert);
+ if (err != GRUB_ERR_NONE)
+ goto cleanup_name;
+
+
+ /*
+ * We do not read or check the signature on the certificate:
+ * as discussed we do not try to validate the certificate but trust
+ * it implictly.
+ */
+
+ asn1_delete_structure (&cert);
+ return GRUB_ERR_NONE;
+
+
+cleanup_name:
+ grub_free (results->subject);
+cleanup_serial:
+ grub_free (results->serial);
+cleanup:
+ asn1_delete_structure (&cert);
+ return err;
+}
+
+/*
+ * Release all the storage associated with the x509 certificate.
+ * If the caller dynamically allocated the certificate, it must free it.
+ * The caller is also responsible for maintenance of the linked list.
+ */
+void
+certificate_release (struct x509_certificate *cert)
+{
+ grub_free (cert->subject);
+ grub_free (cert->serial);
+ gcry_mpi_release (cert->mpis[0]);
+ gcry_mpi_release (cert->mpis[1]);
+}
diff --git a/grub-core/lib/backtrace.c b/grub-core/commands/backtrace.c
similarity index 97%
rename from grub-core/lib/backtrace.c
rename to grub-core/commands/backtrace.c
index 825a8800e2..8b5ec3913b 100644
--- a/grub-core/lib/backtrace.c
+++ b/grub-core/commands/backtrace.c
@@ -29,6 +29,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
void
grub_backtrace_print_address (void *addr)
{
+#ifndef GRUB_UTIL
grub_dl_t mod;
FOR_DL_MODULES (mod)
@@ -44,6 +45,7 @@ grub_backtrace_print_address (void *addr)
}
}
+#endif
grub_printf ("%p", addr);
}
@@ -52,7 +54,7 @@ grub_cmd_backtrace (grub_command_t cmd __attribute__ ((unused)),
int argc __attribute__ ((unused)),
char **args __attribute__ ((unused)))
{
- grub_backtrace ();
+ grub_backtrace (1);
return 0;
}
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
new file mode 100644
index 0000000000..e907a6a5d2
--- /dev/null
+++ b/grub-core/commands/blscfg.c
@@ -0,0 +1,1177 @@
+/*-*- Mode: C; c-basic-offset: 2; indent-tabs-mode: t -*-*/
+
+/* bls.c - implementation of the boot loader spec */
+
+/*
+ * GRUB -- GRand Unified Bootloader
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+#include "loadenv.h"
+
+#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
+#ifdef GRUB_MACHINE_EMU
+#define GRUB_BOOT_DEVICE "/boot"
+#else
+#define GRUB_BOOT_DEVICE "($root)"
+#endif
+
+struct keyval
+{
+ const char *key;
+ char *val;
+};
+
+static struct bls_entry *entries = NULL;
+
+#define FOR_BLS_ENTRIES(var) FOR_LIST_ELEMENTS (var, entries)
+
+static int bls_add_keyval(struct bls_entry *entry, char *key, char *val)
+{
+ char *k, *v;
+ struct keyval **kvs, *kv;
+ int new_n = entry->nkeyvals + 1;
+
+ kvs = grub_realloc (entry->keyvals, new_n * sizeof (struct keyval *));
+ if (!kvs)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "couldn't find space for BLS entry");
+ entry->keyvals = kvs;
+
+ kv = grub_malloc (sizeof (struct keyval));
+ if (!kv)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "couldn't find space for BLS entry");
+
+ k = grub_strdup (key);
+ if (!k)
+ {
+ grub_free (kv);
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "couldn't find space for BLS entry");
+ }
+
+ v = grub_strdup (val);
+ if (!v)
+ {
+ grub_free (k);
+ grub_free (kv);
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ "couldn't find space for BLS entry");
+ }
+
+ kv->key = k;
+ kv->val = v;
+
+ entry->keyvals[entry->nkeyvals] = kv;
+ grub_dprintf("blscfg", "new keyval at %p:%s:%s\n", entry->keyvals[entry->nkeyvals], k, v);
+ entry->nkeyvals = new_n;
+
+ return 0;
+}
+
+/* Find they value of the key named by keyname. If there are allowed to be
+ * more than one, pass a pointer to an int set to -1 the first time, and pass
+ * the same pointer through each time after, and it'll return them in sorted
+ * order as defined in the BLS fragment file */
+static char *bls_get_val(struct bls_entry *entry, const char *keyname, int *last)
+{
+ int idx, start = 0;
+ struct keyval *kv = NULL;
+
+ if (last)
+ start = *last + 1;
+
+ for (idx = start; idx < entry->nkeyvals; idx++) {
+ kv = entry->keyvals[idx];
+
+ if (!grub_strcmp (keyname, kv->key))
+ break;
+ }
+
+ if (idx == entry->nkeyvals) {
+ if (last)
+ *last = -1;
+ return NULL;
+ }
+
+ if (last)
+ *last = idx;
+
+ return kv->val;
+}
+
+#define goto_return(x) ({ ret = (x); goto finish; })
+
+/* compare alpha and numeric segments of two versions */
+/* return 1: a is newer than b */
+/* 0: a and b are the same version */
+/* -1: b is newer than a */
+static int vercmp(const char * a, const char * b)
+{
+ char oldch1, oldch2;
+ char *abuf, *bbuf;
+ char *str1, *str2;
+ char * one, * two;
+ int rc;
+ int isnum;
+ int ret = 0;
+
+ grub_dprintf("blscfg", "%s comparing %s and %s\n", __func__, a, b);
+ if (!grub_strcmp(a, b))
+ return 0;
+
+ abuf = grub_malloc(grub_strlen(a) + 1);
+ bbuf = grub_malloc(grub_strlen(b) + 1);
+ str1 = abuf;
+ str2 = bbuf;
+ grub_strcpy(str1, a);
+ grub_strcpy(str2, b);
+
+ one = str1;
+ two = str2;
+
+ /* loop through each version segment of str1 and str2 and compare them */
+ while (*one || *two) {
+ while (*one && !grub_isalnum(*one) && *one != '~' && *one != '+') one++;
+ while (*two && !grub_isalnum(*two) && *two != '~' && *two != '+') two++;
+
+ /* handle the tilde separator, it sorts before everything else */
+ if (*one == '~' || *two == '~') {
+ if (*one != '~') goto_return (1);
+ if (*two != '~') goto_return (-1);
+ one++;
+ two++;
+ continue;
+ }
+
+ /*
+ * Handle plus separator. Concept is the same as tilde,
+ * except that if one of the strings ends (base version),
+ * the other is considered as higher version.
+ */
+ if (*one == '+' || *two == '+') {
+ if (!*one) return -1;
+ if (!*two) return 1;
+ if (*one != '+') goto_return (1);
+ if (*two != '+') goto_return (-1);
+ one++;
+ two++;
+ continue;
+ }
+
+ /* If we ran to the end of either, we are finished with the loop */
+ if (!(*one && *two)) break;
+
+ str1 = one;
+ str2 = two;
+
+ /* grab first completely alpha or completely numeric segment */
+ /* leave one and two pointing to the start of the alpha or numeric */
+ /* segment and walk str1 and str2 to end of segment */
+ if (grub_isdigit(*str1)) {
+ while (*str1 && grub_isdigit(*str1)) str1++;
+ while (*str2 && grub_isdigit(*str2)) str2++;
+ isnum = 1;
+ } else {
+ while (*str1 && grub_isalpha(*str1)) str1++;
+ while (*str2 && grub_isalpha(*str2)) str2++;
+ isnum = 0;
+ }
+
+ /* save character at the end of the alpha or numeric segment */
+ /* so that they can be restored after the comparison */
+ oldch1 = *str1;
+ *str1 = '\0';
+ oldch2 = *str2;
+ *str2 = '\0';
+
+ /* this cannot happen, as we previously tested to make sure that */
+ /* the first string has a non-null segment */
+ if (one == str1) goto_return(-1); /* arbitrary */
+
+ /* take care of the case where the two version segments are */
+ /* different types: one numeric, the other alpha (i.e. empty) */
+ /* numeric segments are always newer than alpha segments */
+ /* XXX See patch #60884 (and details) from bugzilla #50977. */
+ if (two == str2) goto_return (isnum ? 1 : -1);
+
+ if (isnum) {
+ grub_size_t onelen, twolen;
+ /* this used to be done by converting the digit segments */
+ /* to ints using atoi() - it's changed because long */
+ /* digit segments can overflow an int - this should fix that. */
+
+ /* throw away any leading zeros - it's a number, right? */
+ while (*one == '0') one++;
+ while (*two == '0') two++;
+
+ /* whichever number has more digits wins */
+ onelen = grub_strlen(one);
+ twolen = grub_strlen(two);
+ if (onelen > twolen) goto_return (1);
+ if (twolen > onelen) goto_return (-1);
+ }
+
+ /* grub_strcmp will return which one is greater - even if the two */
+ /* segments are alpha or if they are numeric. don't return */
+ /* if they are equal because there might be more segments to */
+ /* compare */
+ rc = grub_strcmp(one, two);
+ if (rc) goto_return (rc < 1 ? -1 : 1);
+
+ /* restore character that was replaced by null above */
+ *str1 = oldch1;
+ one = str1;
+ *str2 = oldch2;
+ two = str2;
+ }
+
+ /* this catches the case where all numeric and alpha segments have */
+ /* compared identically but the segment sepparating characters were */
+ /* different */
+ if ((!*one) && (!*two)) goto_return (0);
+
+ /* whichever version still has characters left over wins */
+ if (!*one) goto_return (-1); else goto_return (1);
+
+finish:
+ grub_free (abuf);
+ grub_free (bbuf);
+ return ret;
+}
+
+/* returns name/version/release */
+/* NULL string pointer returned if nothing found */
+static void
+split_package_string (char *package_string, char **name,
+ char **version, char **release)
+{
+ char *package_version, *package_release;
+
+ /* Release */
+ package_release = grub_strrchr (package_string, '-');
+
+ if (package_release != NULL)
+ *package_release++ = '\0';
+
+ *release = package_release;
+
+ if (name == NULL)
+ {
+ *version = package_string;
+ }
+ else
+ {
+ /* Version */
+ package_version = grub_strrchr(package_string, '-');
+
+ if (package_version != NULL)
+ *package_version++ = '\0';
+
+ *version = package_version;
+ /* Name */
+ *name = package_string;
+ }
+
+ /* Bubble up non-null values from release to name */
+ if (name != NULL && *name == NULL)
+ {
+ *name = (*version == NULL ? *release : *version);
+ *version = *release;
+ *release = NULL;
+ }
+ if (*version == NULL)
+ {
+ *version = *release;
+ *release = NULL;
+ }
+}
+
+static int
+split_cmp(char *nvr0, char *nvr1, int has_name)
+{
+ int ret = 0;
+ char *name0, *version0, *release0;
+ char *name1, *version1, *release1;
+
+ split_package_string(nvr0, has_name ? &name0 : NULL, &version0, &release0);
+ split_package_string(nvr1, has_name ? &name1 : NULL, &version1, &release1);
+
+ if (has_name)
+ {
+ ret = vercmp(name0 == NULL ? "" : name0,
+ name1 == NULL ? "" : name1);
+ if (ret != 0)
+ return ret;
+ }
+
+ ret = vercmp(version0 == NULL ? "" : version0,
+ version1 == NULL ? "" : version1);
+ if (ret != 0)
+ return ret;
+
+ ret = vercmp(release0 == NULL ? "" : release0,
+ release1 == NULL ? "" : release1);
+ return ret;
+}
+
+/* return 1: e0 is newer than e1 */
+/* 0: e0 and e1 are the same version */
+/* -1: e1 is newer than e0 */
+static int bls_cmp(const struct bls_entry *e0, const struct bls_entry *e1)
+{
+ char *id0, *id1;
+ int r;
+
+ id0 = grub_strdup(e0->filename);
+ id1 = grub_strdup(e1->filename);
+
+ r = split_cmp(id0, id1, 1);
+
+ grub_free(id0);
+ grub_free(id1);
+
+ return r;
+}
+
+static void list_add_tail(struct bls_entry *head, struct bls_entry *item)
+{
+ item->next = head;
+ if (head->prev)
+ head->prev->next = item;
+ item->prev = head->prev;
+ head->prev = item;
+}
+
+static int bls_add_entry(struct bls_entry *entry)
+{
+ struct bls_entry *e, *last = NULL;
+ int rc;
+
+ if (!entries) {
+ grub_dprintf ("blscfg", "Add entry with id \"%s\"\n", entry->filename);
+ entries = entry;
+ return 0;
+ }
+
+ FOR_BLS_ENTRIES(e) {
+ rc = bls_cmp(entry, e);
+
+ if (!rc)
+ return GRUB_ERR_BAD_ARGUMENT;
+
+ if (rc == 1) {
+ grub_dprintf ("blscfg", "Add entry with id \"%s\"\n", entry->filename);
+ list_add_tail (e, entry);
+ if (e == entries) {
+ entries = entry;
+ entry->prev = NULL;
+ }
+ return 0;
+ }
+ last = e;
+ }
+
+ if (last) {
+ grub_dprintf ("blscfg", "Add entry with id \"%s\"\n", entry->filename);
+ last->next = entry;
+ entry->prev = last;
+ }
+
+ return 0;
+}
+
+struct read_entry_info {
+ const char *devid;
+ const char *dirname;
+ grub_file_t file;
+};
+
+static int read_entry (
+ const char *filename,
+ const struct grub_dirhook_info *dirhook_info UNUSED,
+ void *data)
+{
+ grub_size_t m = 0, n, clip = 0;
+ int rc = 0;
+ char *p = NULL;
+ grub_file_t f = NULL;
+ struct bls_entry *entry;
+ struct read_entry_info *info = (struct read_entry_info *)data;
+
+ grub_dprintf ("blscfg", "filename: \"%s\"\n", filename);
+
+ n = grub_strlen (filename);
+
+ if (info->file)
+ {
+ f = info->file;
+ }
+ else
+ {
+ if (filename[0] == '.')
+ return 0;
+
+ if (n <= 5)
+ return 0;
+
+ if (grub_strcmp (filename + n - 5, ".conf") != 0)
+ return 0;
+
+ p = grub_xasprintf ("(%s)%s/%s", info->devid, info->dirname, filename);
+
+ f = grub_file_open (p, GRUB_FILE_TYPE_CONFIG);
+ if (!f)
+ goto finish;
+ }
+
+ entry = grub_zalloc (sizeof (*entry));
+ if (!entry)
+ goto finish;
+
+ if (info->file)
+ {
+ char *slash;
+
+ if (n > 5 && !grub_strcmp (filename + n - 5, ".conf") == 0)
+ clip = 5;
+
+ slash = grub_strrchr (filename, '/');
+ if (!slash)
+ slash = grub_strrchr (filename, '\\');
+
+ while (*slash == '/' || *slash == '\\')
+ slash++;
+
+ m = slash ? slash - filename : 0;
+ }
+ else
+ {
+ m = 0;
+ clip = 5;
+ }
+ n -= m;
+
+ entry->filename = grub_strndup(filename + m, n - clip);
+ if (!entry->filename)
+ goto finish;
+
+ entry->filename[n - 5] = '\0';
+
+ for (;;)
+ {
+ char *buf;
+ char *separator;
+
+ buf = grub_file_getline (f);
+ if (!buf)
+ break;
+
+ while (buf && buf[0] && (buf[0] == ' ' || buf[0] == '\t'))
+ buf++;
+ if (buf[0] == '#')
+ continue;
+
+ separator = grub_strchr (buf, ' ');
+
+ if (!separator)
+ separator = grub_strchr (buf, '\t');
+
+ if (!separator || separator[1] == '\0')
+ {
+ grub_free (buf);
+ break;
+ }
+
+ separator[0] = '\0';
+
+ do {
+ separator++;
+ } while (*separator == ' ' || *separator == '\t');
+
+ rc = bls_add_keyval (entry, buf, separator);
+ grub_free (buf);
+ if (rc < 0)
+ break;
+ }
+
+ if (!rc)
+ bls_add_entry(entry);
+
+finish:
+ if (p)
+ grub_free (p);
+
+ if (f)
+ grub_file_close (f);
+
+ return 0;
+}
+
+static grub_envblk_t saved_env = NULL;
+
+static int UNUSED
+save_var (const char *name, const char *value, void *whitelist UNUSED)
+{
+ const char *val = grub_env_get (name);
+ grub_dprintf("blscfg", "saving \"%s\"\n", name);
+
+ if (val)
+ grub_envblk_set (saved_env, name, value);
+
+ return 0;
+}
+
+static int UNUSED
+unset_var (const char *name, const char *value UNUSED, void *whitelist)
+{
+ grub_dprintf("blscfg", "restoring \"%s\"\n", name);
+ if (! whitelist)
+ {
+ grub_env_unset (name);
+ return 0;
+ }
+
+ if (test_whitelist_membership (name,
+ (const grub_env_whitelist_t *) whitelist))
+ grub_env_unset (name);
+
+ return 0;
+}
+
+static char **bls_make_list (struct bls_entry *entry, const char *key, int *num)
+{
+ int last = -1;
+ char *val;
+
+ int nlist = 0;
+ char **list = NULL;
+
+ list = grub_malloc (sizeof (char *));
+ if (!list)
+ return NULL;
+ list[0] = NULL;
+
+ while (1)
+ {
+ char **new;
+
+ val = bls_get_val (entry, key, &last);
+ if (!val)
+ break;
+
+ new = grub_realloc (list, (nlist + 2) * sizeof (char *));
+ if (!new)
+ break;
+
+ list = new;
+ list[nlist++] = val;
+ list[nlist] = NULL;
+ }
+
+ if (!nlist)
+ {
+ grub_free (list);
+ return NULL;
+ }
+
+ if (num)
+ *num = nlist;
+
+ return list;
+}
+
+static char *field_append(bool is_var, char *buffer, const char *start, const char *end)
+{
+ char *tmp = grub_strndup(start, end - start + 1);
+ const char *field = tmp;
+ int term = is_var ? 2 : 1;
+
+ if (is_var) {
+ field = grub_env_get (tmp);
+ if (!field)
+ return buffer;
+ }
+
+ if (!buffer)
+ buffer = grub_zalloc (grub_strlen(field) + term);
+ else
+ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term);
+
+ if (!buffer)
+ return NULL;
+
+ tmp = buffer + grub_strlen(buffer);
+ tmp = grub_stpcpy (tmp, field);
+
+ if (is_var)
+ tmp = grub_stpcpy (tmp, " ");
+
+ return buffer;
+}
+
+static char *expand_val(const char *value)
+{
+ char *buffer = NULL;
+ const char *start = value;
+ const char *end = value;
+ bool is_var = false;
+
+ if (!value)
+ return NULL;
+
+ while (*value) {
+ if (*value == '$') {
+ if (start != end) {
+ buffer = field_append(is_var, buffer, start, end);
+ if (!buffer)
+ return NULL;
+ }
+
+ is_var = true;
+ start = value + 1;
+ } else if (is_var) {
+ if (!grub_isalnum(*value) && *value != '_') {
+ buffer = field_append(is_var, buffer, start, end);
+ is_var = false;
+ start = value;
+ if (*start == ' ')
+ start++;
+ }
+ }
+
+ end = value;
+ value++;
+ }
+
+ if (start != end) {
+ buffer = field_append(is_var, buffer, start, end);
+ if (!buffer)
+ return NULL;
+ }
+
+ return buffer;
+}
+
+static char **early_initrd_list (const char *initrd)
+{
+ int nlist = 0;
+ char **list = NULL;
+ char *separator;
+
+ while ((separator = grub_strchr (initrd, ' ')))
+ {
+ list = grub_realloc (list, (nlist + 2) * sizeof (char *));
+ if (!list)
+ return NULL;
+
+ list[nlist++] = grub_strndup(initrd, separator - initrd);
+ list[nlist] = NULL;
+ initrd = separator + 1;
+ }
+
+ list = grub_realloc (list, (nlist + 2) * sizeof (char *));
+ if (!list)
+ return NULL;
+
+ list[nlist++] = grub_strndup(initrd, grub_strlen(initrd));
+ list[nlist] = NULL;
+
+ return list;
+}
+
+static void create_entry (struct bls_entry *entry)
+{
+ int argc = 0;
+ const char **argv = NULL;
+
+ char *title = NULL;
+ char *clinux = NULL;
+ char *options = NULL;
+ char **initrds = NULL;
+ char *initrd = NULL;
+ const char *early_initrd = NULL;
+ char **early_initrds = NULL;
+ char *initrd_prefix = NULL;
+ char *devicetree = NULL;
+ char *dt = NULL;
+ char *id = entry->filename;
+ char *dotconf = id;
+ char *hotkey = NULL;
+
+ char *users = NULL;
+ char **classes = NULL;
+
+ char **args = NULL;
+
+ char *src = NULL;
+ int i, index;
+ bool add_dt_prefix = false;
+
+ grub_dprintf("blscfg", "%s got here\n", __func__);
+ clinux = bls_get_val (entry, "linux", NULL);
+ if (!clinux)
+ {
+ grub_dprintf ("blscfg", "Skipping file %s with no 'linux' key.\n", entry->filename);
+ goto finish;
+ }
+
+ /*
+ * strip the ".conf" off the end before we make it our "id" field.
+ */
+ do
+ {
+ dotconf = grub_strstr(dotconf, ".conf");
+ } while (dotconf != NULL && dotconf[5] != '\0');
+ if (dotconf)
+ dotconf[0] = '\0';
+
+ title = bls_get_val (entry, "title", NULL);
+ options = expand_val (bls_get_val (entry, "options", NULL));
+
+ if (!options)
+ options = expand_val (grub_env_get("default_kernelopts"));
+
+ initrds = bls_make_list (entry, "initrd", NULL);
+
+ devicetree = expand_val (bls_get_val (entry, "devicetree", NULL));
+
+ if (!devicetree)
+ {
+ devicetree = expand_val (grub_env_get("devicetree"));
+ add_dt_prefix = true;
+ }
+
+ hotkey = bls_get_val (entry, "grub_hotkey", NULL);
+ users = expand_val (bls_get_val (entry, "grub_users", NULL));
+ classes = bls_make_list (entry, "grub_class", NULL);
+ args = bls_make_list (entry, "grub_arg", &argc);
+
+ argc += 1;
+ argv = grub_malloc ((argc + 1) * sizeof (char *));
+ argv[0] = title ? title : clinux;
+ for (i = 1; i < argc; i++)
+ argv[i] = args[i-1];
+ argv[argc] = NULL;
+
+ early_initrd = grub_env_get("early_initrd");
+
+ grub_dprintf ("blscfg", "adding menu entry for \"%s\" with id \"%s\"\n",
+ title, id);
+ if (early_initrd)
+ {
+ early_initrds = early_initrd_list(early_initrd);
+ if (!early_initrds)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto finish;
+ }
+
+ if (initrds != NULL && initrds[0] != NULL)
+ {
+ initrd_prefix = grub_strrchr (initrds[0], '/');
+ initrd_prefix = grub_strndup(initrds[0], initrd_prefix - initrds[0] + 1);
+ }
+ else
+ {
+ initrd_prefix = grub_strrchr (clinux, '/');
+ initrd_prefix = grub_strndup(clinux, initrd_prefix - clinux + 1);
+ }
+
+ if (!initrd_prefix)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto finish;
+ }
+ }
+
+ if (early_initrds || initrds)
+ {
+ int initrd_size = sizeof ("initrd");
+ char *tmp;
+
+ for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++)
+ initrd_size += sizeof (" " GRUB_BOOT_DEVICE) \
+ + grub_strlen(initrd_prefix) \
+ + grub_strlen (early_initrds[i]) + 1;
+
+ for (i = 0; initrds != NULL && initrds[i] != NULL; i++)
+ initrd_size += sizeof (" " GRUB_BOOT_DEVICE) \
+ + grub_strlen (initrds[i]) + 1;
+ initrd_size += 1;
+
+ initrd = grub_malloc (initrd_size);
+ if (!initrd)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto finish;
+ }
+
+ tmp = grub_stpcpy(initrd, "initrd");
+ for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++)
+ {
+ grub_dprintf ("blscfg", "adding early initrd %s\n", early_initrds[i]);
+ tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = grub_stpcpy (tmp, initrd_prefix);
+ tmp = grub_stpcpy (tmp, early_initrds[i]);
+ grub_free(early_initrds[i]);
+ }
+
+ for (i = 0; initrds != NULL && initrds[i] != NULL; i++)
+ {
+ grub_dprintf ("blscfg", "adding initrd %s\n", initrds[i]);
+ tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = grub_stpcpy (tmp, initrds[i]);
+ }
+ tmp = grub_stpcpy (tmp, "\n");
+ }
+
+ if (devicetree)
+ {
+ char *prefix = NULL;
+ int dt_size;
+
+ if (add_dt_prefix)
+ {
+ prefix = grub_strrchr (clinux, '/');
+ prefix = grub_strndup(clinux, prefix - clinux + 1);
+ if (!prefix)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto finish;
+ }
+ }
+
+ dt_size = sizeof("devicetree " GRUB_BOOT_DEVICE) + grub_strlen(devicetree) + 1;
+
+ if (add_dt_prefix)
+ {
+ dt_size += grub_strlen(prefix);
+ }
+
+ dt = grub_malloc (dt_size);
+ if (!dt)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto finish;
+ }
+ char *tmp = dt;
+ tmp = grub_stpcpy (dt, "devicetree");
+ tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ if (add_dt_prefix)
+ tmp = grub_stpcpy (tmp, prefix);
+ tmp = grub_stpcpy (tmp, devicetree);
+ tmp = grub_stpcpy (tmp, "\n");
+
+ grub_free(prefix);
+ }
+
+ grub_dprintf ("blscfg2", "devicetree %s for id:\"%s\"\n", dt, id);
+
+ const char *sdval = grub_env_get("save_default");
+ bool savedefault = ((NULL != sdval) && (grub_strcmp(sdval, "true") == 0));
+ src = grub_xasprintf ("%sload_video\n"
+ "set gfxpayload=keep\n"
+ "insmod gzio\n"
+ "linux %s%s%s%s\n"
+ "%s%s",
+ savedefault ? "savedefault\n" : "",
+ GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "",
+ initrd ? initrd : "", dt ? dt : "");
+
+ grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index, entry);
+ grub_dprintf ("blscfg", "Added entry %d id:\"%s\"\n", index, id);
+
+finish:
+ grub_free (dt);
+ grub_free (initrd);
+ grub_free (initrd_prefix);
+ grub_free (early_initrds);
+ grub_free (devicetree);
+ grub_free (initrds);
+ grub_free (options);
+ grub_free (classes);
+ grub_free (args);
+ grub_free (argv);
+ grub_free (src);
+}
+
+struct find_entry_info {
+ const char *dirname;
+ const char *devid;
+ grub_device_t dev;
+ grub_fs_t fs;
+};
+
+/*
+ * info: the filesystem object the file is on.
+ */
+static int find_entry (struct find_entry_info *info)
+{
+ struct read_entry_info read_entry_info;
+ grub_fs_t blsdir_fs = NULL;
+ grub_device_t blsdir_dev = NULL;
+ const char *blsdir = info->dirname;
+ int fallback = 0;
+ int r = 0;
+
+ if (!blsdir) {
+ blsdir = grub_env_get ("blsdir");
+ if (!blsdir)
+ blsdir = GRUB_BLS_CONFIG_PATH;
+ }
+
+ read_entry_info.file = NULL;
+ read_entry_info.dirname = blsdir;
+
+ grub_dprintf ("blscfg", "scanning blsdir: %s\n", blsdir);
+
+ blsdir_dev = info->dev;
+ blsdir_fs = info->fs;
+ read_entry_info.devid = info->devid;
+
+read_fallback:
+ r = blsdir_fs->fs_dir (blsdir_dev, read_entry_info.dirname, read_entry,
+ &read_entry_info);
+ if (r != 0) {
+ grub_dprintf ("blscfg", "read_entry returned error\n");
+ grub_err_t e;
+ do
+ {
+ e = grub_error_pop();
+ } while (e);
+ }
+
+ if (r && !info->dirname && !fallback) {
+ read_entry_info.dirname = "/boot" GRUB_BLS_CONFIG_PATH;
+ grub_dprintf ("blscfg", "Entries weren't found in %s, fallback to %s\n",
+ blsdir, read_entry_info.dirname);
+ fallback = 1;
+ goto read_fallback;
+ }
+
+ return 0;
+}
+
+static grub_err_t
+bls_load_entries (const char *path)
+{
+ grub_size_t len;
+ grub_fs_t fs;
+ grub_device_t dev;
+ static grub_err_t r;
+ const char *devid = NULL;
+ char *blsdir = NULL;
+ struct find_entry_info info = {
+ .dev = NULL,
+ .fs = NULL,
+ .dirname = NULL,
+ };
+ struct read_entry_info rei = {
+ .devid = NULL,
+ .dirname = NULL,
+ };
+
+ if (path) {
+ len = grub_strlen (path);
+ if (grub_strcmp (path + len - 5, ".conf") == 0) {
+ rei.file = grub_file_open (path, GRUB_FILE_TYPE_CONFIG);
+ if (!rei.file)
+ return grub_errno;
+ /*
+ * read_entry() closes the file
+ */
+ return read_entry(path, NULL, &rei);
+ } else if (path[0] == '(') {
+ devid = path + 1;
+
+ blsdir = grub_strchr (path, ')');
+ if (!blsdir)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Filepath isn't correct"));
+
+ *blsdir = '\0';
+ blsdir = blsdir + 1;
+ }
+ }
+
+ if (!devid) {
+#ifdef GRUB_MACHINE_EMU
+ devid = "host";
+#else
+ devid = grub_env_get ("root");
+#endif
+ if (!devid)
+ return grub_error (GRUB_ERR_FILE_NOT_FOUND,
+ N_("variable `%s' isn't set"), "root");
+ }
+
+ grub_dprintf ("blscfg", "opening %s\n", devid);
+ dev = grub_device_open (devid);
+ if (!dev)
+ return grub_errno;
+
+ grub_dprintf ("blscfg", "probing fs\n");
+ fs = grub_fs_probe (dev);
+ if (!fs)
+ {
+ r = grub_errno;
+ goto finish;
+ }
+
+ info.dirname = blsdir;
+ info.devid = devid;
+ info.dev = dev;
+ info.fs = fs;
+ find_entry(&info);
+
+finish:
+ if (dev)
+ grub_device_close (dev);
+
+ return r;
+}
+
+static bool
+is_default_entry(const char *def_entry, struct bls_entry *entry, int idx)
+{
+ const char *title;
+ int def_idx;
+
+ if (!def_entry)
+ return false;
+
+ if (grub_strcmp(def_entry, entry->filename) == 0)
+ return true;
+
+ title = bls_get_val(entry, "title", NULL);
+
+ if (title && grub_strcmp(def_entry, title) == 0)
+ return true;
+
+ def_idx = (int)grub_strtol(def_entry, NULL, 0);
+ if (grub_errno == GRUB_ERR_BAD_NUMBER) {
+ grub_errno = GRUB_ERR_NONE;
+ return false;
+ }
+
+ if (def_idx == idx)
+ return true;
+
+ return false;
+}
+
+static grub_err_t
+bls_create_entries (bool show_default, bool show_non_default, char *entry_id)
+{
+ const char *def_entry = NULL;
+ struct bls_entry *entry = NULL;
+ int idx = 0;
+
+ def_entry = grub_env_get("default");
+
+ grub_dprintf ("blscfg", "%s Creating entries from bls\n", __func__);
+ FOR_BLS_ENTRIES(entry) {
+ if (entry->visible) {
+ idx++;
+ continue;
+ }
+
+ if ((show_default && is_default_entry(def_entry, entry, idx)) ||
+ (show_non_default && !is_default_entry(def_entry, entry, idx)) ||
+ (entry_id && grub_strcmp(entry_id, entry->filename) == 0)) {
+ create_entry(entry);
+ entry->visible = 1;
+ }
+ idx++;
+ }
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED,
+ int argc, char **args)
+{
+ grub_err_t r;
+ char *path = NULL;
+ char *entry_id = NULL;
+ bool show_default = true;
+ bool show_non_default = true;
+
+ if (argc == 1) {
+ if (grub_strcmp (args[0], "default") == 0) {
+ show_non_default = false;
+ } else if (grub_strcmp (args[0], "non-default") == 0) {
+ show_default = false;
+ } else if (args[0][0] == '(') {
+ path = args[0];
+ } else {
+ entry_id = args[0];
+ show_default = false;
+ show_non_default = false;
+ }
+ }
+
+ r = bls_load_entries(path);
+ if (r)
+ return r;
+
+ return bls_create_entries(show_default, show_non_default, entry_id);
+}
+
+static grub_extcmd_t cmd;
+static grub_extcmd_t oldcmd;
+
+GRUB_MOD_INIT(blscfg)
+{
+ grub_dprintf("blscfg", "%s got here\n", __func__);
+ cmd = grub_register_extcmd ("blscfg",
+ grub_cmd_blscfg,
+ 0,
+ NULL,
+ N_("Import Boot Loader Specification snippets."),
+ NULL);
+ oldcmd = grub_register_extcmd ("bls_import",
+ grub_cmd_blscfg,
+ 0,
+ NULL,
+ N_("Import Boot Loader Specification snippets."),
+ NULL);
+}
+
+GRUB_MOD_FINI(blscfg)
+{
+ grub_unregister_extcmd (cmd);
+ grub_unregister_extcmd (oldcmd);
+}
diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c
index bbca81e947..53691a62d9 100644
--- a/grub-core/commands/boot.c
+++ b/grub-core/commands/boot.c
@@ -27,10 +27,20 @@
GRUB_MOD_LICENSE ("GPLv3+");
-static grub_err_t (*grub_loader_boot_func) (void);
-static grub_err_t (*grub_loader_unload_func) (void);
+static grub_err_t (*grub_loader_boot_func) (void *);
+static grub_err_t (*grub_loader_unload_func) (void *);
+static void *grub_loader_context;
static int grub_loader_flags;
+struct grub_simple_loader_hooks
+{
+ grub_err_t (*boot) (void);
+ grub_err_t (*unload) (void);
+};
+
+/* Don't heap allocate this to avoid making grub_loader_set fallible. */
+static struct grub_simple_loader_hooks simple_loader_hooks;
+
struct grub_preboot
{
grub_err_t (*preboot_func) (int);
@@ -44,6 +54,29 @@ static int grub_loader_loaded;
static struct grub_preboot *preboots_head = 0,
*preboots_tail = 0;
+static grub_err_t
+grub_simple_boot_hook (void *context)
+{
+ struct grub_simple_loader_hooks *hooks;
+
+ hooks = (struct grub_simple_loader_hooks *) context;
+ return hooks->boot ();
+}
+
+static grub_err_t
+grub_simple_unload_hook (void *context)
+{
+ struct grub_simple_loader_hooks *hooks;
+ grub_err_t ret;
+
+ hooks = (struct grub_simple_loader_hooks *) context;
+
+ ret = hooks->unload ();
+ grub_memset (hooks, 0, sizeof (*hooks));
+
+ return ret;
+}
+
int
grub_loader_is_loaded (void)
{
@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd)
}
void
-grub_loader_set (grub_err_t (*boot) (void),
- grub_err_t (*unload) (void),
- int flags)
+grub_loader_set_ex (grub_err_t (*boot) (void *),
+ grub_err_t (*unload) (void *),
+ void *context,
+ int flags)
{
if (grub_loader_loaded && grub_loader_unload_func)
- grub_loader_unload_func ();
+ grub_loader_unload_func (grub_loader_context);
grub_loader_boot_func = boot;
grub_loader_unload_func = unload;
+ grub_loader_context = context;
grub_loader_flags = flags;
grub_loader_loaded = 1;
}
+void
+grub_loader_set (grub_err_t (*boot) (void),
+ grub_err_t (*unload) (void),
+ int flags)
+{
+ grub_loader_set_ex (grub_simple_boot_hook,
+ grub_simple_unload_hook,
+ &simple_loader_hooks,
+ flags);
+
+ simple_loader_hooks.boot = boot;
+ simple_loader_hooks.unload = unload;
+}
+
void
grub_loader_unset(void)
{
if (grub_loader_loaded && grub_loader_unload_func)
- grub_loader_unload_func ();
+ grub_loader_unload_func (grub_loader_context);
grub_loader_boot_func = 0;
grub_loader_unload_func = 0;
+ grub_loader_context = 0;
grub_loader_loaded = 0;
}
@@ -158,7 +208,7 @@ grub_loader_boot (void)
return err;
}
}
- err = (grub_loader_boot_func) ();
+ err = (grub_loader_boot_func) (grub_loader_context);
for (cur = preboots_tail; cur; cur = cur->prev)
if (! err)
diff --git a/grub-core/commands/efi/eficonnect.c b/grub-core/commands/efi/eficonnect.c
new file mode 100644
index 0000000000..360b5b4125
--- /dev/null
+++ b/grub-core/commands/efi/eficonnect.c
@@ -0,0 +1,211 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2022 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+struct grub_efi_already_handled
+{
+ struct grub_efi_already_handled *next;
+ struct grub_efi_already_handled **prev;
+ grub_efi_handle_t handle;
+};
+
+static struct grub_efi_already_handled *already_handled;
+
+static struct grub_efi_already_handled *
+is_in_list (grub_efi_handle_t handle)
+{
+ struct grub_efi_already_handled *e;
+
+ FOR_LIST_ELEMENTS (e, already_handled)
+ if (e->handle == handle)
+ return e;
+
+ return NULL;
+}
+
+static void
+free_handle_list (void)
+{
+ struct grub_efi_already_handled *e;
+ while ((e = already_handled) != NULL)
+ {
+ already_handled = already_handled->next;
+ grub_free (e);
+ }
+}
+
+typedef enum searched_item_flag
+{
+ SEARCHED_ITEM_FLAG_LOOP = 1,
+ SEARCHED_ITEM_FLAG_RECURSIVE = 2
+} searched_item_flags;
+
+typedef struct searched_item
+{
+ grub_efi_guid_t guid;
+ const char *name;
+ searched_item_flags flags;
+} searched_items;
+
+static grub_err_t
+grub_cmd_eficonnect (grub_command_t cmd __attribute__ ((unused)),
+ int argc, char **args)
+{
+ unsigned s;
+ searched_items pciroot_items[] =
+ {
+ { GRUB_EFI_PCI_ROOT_IO_GUID, "PCI root", SEARCHED_ITEM_FLAG_RECURSIVE }
+ };
+ searched_items scsi_items[] =
+ {
+ { GRUB_EFI_PCI_ROOT_IO_GUID, "PCI root", 0 },
+ { GRUB_EFI_PCI_IO_GUID, "PCI", SEARCHED_ITEM_FLAG_LOOP },
+ { GRUB_EFI_SCSI_IO_PROTOCOL_GUID, "SCSI I/O", SEARCHED_ITEM_FLAG_RECURSIVE }
+ };
+ searched_items *items = NULL;
+ unsigned nitems = 0;
+ grub_err_t grub_err = GRUB_ERR_NONE;
+ unsigned total_connected = 0;
+
+ if (argc != 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+
+ if (grub_strcmp(args[0], "pciroot") == 0)
+ {
+ items = pciroot_items;
+ nitems = ARRAY_SIZE (pciroot_items);
+ }
+ else if (grub_strcmp(args[0], "scsi") == 0)
+ {
+ items = scsi_items;
+ nitems = ARRAY_SIZE (scsi_items);
+ }
+ else if (grub_strcmp(args[0], N_("all")) == 0)
+ {
+ items = NULL;
+ nitems = 1;
+ }
+ else
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("unexpected argument `%s'"), args[0]);
+
+ for (s = 0; s < nitems; s++)
+ {
+ grub_efi_handle_t *handles;
+ grub_efi_uintn_t num_handles;
+ unsigned i, connected = 0, loop = 0;
+
+loop:
+ loop++;
+ if (items != NULL)
+ {
+ grub_dprintf ("efi", "step '%s' loop %d:\n", items[s].name, loop);
+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL,
+ &items[s].guid, 0, &num_handles);
+ }
+ else
+ handles = grub_efi_locate_handle (GRUB_EFI_ALL_HANDLES,
+ NULL, NULL, &num_handles);
+
+ if (!handles)
+ continue;
+
+ for (i = 0; i < num_handles; i++)
+ {
+ grub_efi_handle_t handle = handles[i];
+ grub_efi_status_t status;
+ unsigned j;
+
+ /* Skip already handled handles */
+ if (is_in_list (handle) != NULL)
+ {
+ grub_dprintf ("efi", " handle %p: already processed\n",
+ handle);
+ continue;
+ }
+
+ status = grub_efi_connect_controller(handle, NULL, NULL,
+ !items || items[s].flags & SEARCHED_ITEM_FLAG_RECURSIVE ? 1 : 0);
+ if (status == GRUB_EFI_SUCCESS)
+ {
+ connected++;
+ total_connected++;
+ grub_dprintf ("efi", " handle %p: connected\n", handle);
+ }
+ else
+ grub_dprintf ("efi", " handle %p: failed to connect (%d)\n",
+ handle, (grub_efi_int8_t) status);
+
+ struct grub_efi_already_handled *item = grub_malloc(sizeof (*item));
+ if (!item)
+ break; /* fatal */
+ grub_list_push (GRUB_AS_LIST_P (&already_handled), GRUB_AS_LIST (item));
+ item->handle = handle;
+ }
+
+ grub_free (handles);
+ if (grub_err != GRUB_ERR_NONE)
+ break; /* fatal */
+
+ if (items && items[s].flags & SEARCHED_ITEM_FLAG_LOOP && connected)
+ {
+ connected = 0;
+ goto loop;
+ }
+
+ free_handle_list ();
+ }
+
+ free_handle_list ();
+
+ if (total_connected)
+ grub_efidisk_reenumerate_disks ();
+
+ return grub_err;
+}
+
+static grub_command_t cmd;
+
+GRUB_MOD_INIT(eficonnect)
+{
+ cmd = grub_register_command ("eficonnect", grub_cmd_eficonnect,
+ /* TRANSLATORS: only translate 'all' keyword */
+ N_("pciroot|scsi|all"),
+ N_("Connect EFI handles."
+ " If 'pciroot' is specified, connect PCI"
+ " root EFI handles recursively."
+ " If 'scsi' is specified, connect SCSI"
+ " I/O EFI handles recursively."
+ " If 'all' is specified, connect all"
+ " EFI handles recursively."));
+}
+
+GRUB_MOD_FINI(eficonnect)
+{
+ grub_unregister_command (cmd);
+}
diff --git a/grub-core/commands/efi/efifwsetup.c b/grub-core/commands/efi/efifwsetup.c
index eaca032838..328c45e82e 100644
--- a/grub-core/commands/efi/efifwsetup.c
+++ b/grub-core/commands/efi/efifwsetup.c
@@ -27,6 +27,25 @@
GRUB_MOD_LICENSE ("GPLv3+");
+static grub_efi_boolean_t
+efifwsetup_is_supported (void)
+{
+ grub_efi_uint64_t *os_indications_supported = NULL;
+ grub_size_t oi_size = 0;
+ grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
+
+ grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size,
+ (void **) &os_indications_supported);
+
+ if (!os_indications_supported)
+ return 0;
+
+ if (*os_indications_supported & GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI)
+ return 1;
+
+ return 0;
+}
+
static grub_err_t
grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)),
int argc __attribute__ ((unused)),
@@ -38,6 +57,10 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)),
grub_size_t oi_size;
grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
+ if (!efifwsetup_is_supported ())
+ return grub_error (GRUB_ERR_INVALID_COMMAND,
+ N_("Reboot to firmware setup is not supported"));
+
grub_efi_get_variable ("OsIndications", &global, &oi_size,
(void **) &old_os_indications);
@@ -56,28 +79,8 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)),
static grub_command_t cmd = NULL;
-static grub_efi_boolean_t
-efifwsetup_is_supported (void)
-{
- grub_efi_uint64_t *os_indications_supported = NULL;
- grub_size_t oi_size = 0;
- grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
-
- grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size,
- (void **) &os_indications_supported);
-
- if (!os_indications_supported)
- return 0;
-
- if (*os_indications_supported & GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI)
- return 1;
-
- return 0;
-}
-
GRUB_MOD_INIT (efifwsetup)
{
- if (efifwsetup_is_supported ())
cmd = grub_register_command ("fwsetup", grub_cmd_fwsetup, NULL,
N_("Reboot into firmware setup menu."));
diff --git a/grub-core/commands/efi/env.c b/grub-core/commands/efi/env.c
new file mode 100644
index 0000000000..977edb6b06
--- /dev/null
+++ b/grub-core/commands/efi/env.c
@@ -0,0 +1,170 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2012 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static const grub_efi_guid_t grub_env_guid = GRUB_EFI_GRUB_VARIABLE_GUID;
+
+static grub_err_t
+grub_efi_export_env(grub_command_t cmd __attribute__ ((unused)),
+ int argc, char *argv[])
+{
+ const char *value;
+ char *old_value;
+ struct grub_envblk envblk_s = { NULL, 0 };
+ grub_envblk_t envblk = &envblk_s;
+ grub_err_t err;
+ int changed = 1;
+ grub_efi_status_t status;
+
+ grub_dprintf ("efienv", "argc:%d\n", argc);
+ for (int i = 0; i < argc; i++)
+ grub_dprintf ("efienv", "argv[%d]: %s\n", i, argv[i]);
+
+ if (argc != 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("variable name expected"));
+
+ grub_efi_get_variable ("GRUB_ENV", &grub_env_guid, &envblk_s.size,
+ (void **) &envblk_s.buf);
+ if (!envblk_s.buf || envblk_s.size < 1)
+ {
+ char *buf = grub_malloc (1025);
+ if (!buf)
+ return grub_errno;
+
+ grub_memcpy (buf, GRUB_ENVBLK_SIGNATURE, sizeof (GRUB_ENVBLK_SIGNATURE) - 1);
+ grub_memset (buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1, '#',
+ DEFAULT_ENVBLK_SIZE - sizeof (GRUB_ENVBLK_SIGNATURE) + 1);
+ buf[1024] = '\0';
+
+ envblk_s.buf = buf;
+ envblk_s.size = 1024;
+ }
+ else
+ {
+ char *buf = grub_realloc (envblk_s.buf, envblk_s.size + 1);
+ if (!buf)
+ return grub_errno;
+
+ envblk_s.buf = buf;
+ envblk_s.buf[envblk_s.size] = '\0';
+ }
+
+ err = grub_envblk_get(envblk, argv[0], &old_value);
+ if (err != GRUB_ERR_NONE)
+ {
+ grub_dprintf ("efienv", "grub_envblk_get returned %d\n", err);
+ return err;
+ }
+
+ value = grub_env_get(argv[0]);
+ if ((!value && !old_value) ||
+ (value && old_value && !grub_strcmp(old_value, value)))
+ changed = 0;
+
+ if (old_value)
+ grub_free(old_value);
+
+ if (changed == 0)
+ {
+ grub_dprintf ("efienv", "No changes necessary\n");
+ return 0;
+ }
+
+ if (value)
+ {
+ grub_dprintf ("efienv", "setting \"%s\" to \"%s\"\n", argv[0], value);
+ grub_envblk_set(envblk, argv[0], value);
+ }
+ else
+ {
+ grub_dprintf ("efienv", "deleting \"%s\" from envblk\n", argv[0]);
+ grub_envblk_delete(envblk, argv[0]);
+ }
+
+ grub_dprintf ("efienv", "envblk is %lu bytes:\n\"%s\"\n", envblk_s.size, envblk_s.buf);
+
+ grub_dprintf ("efienv", "removing GRUB_ENV\n");
+ status = grub_efi_set_variable ("GRUB_ENV", &grub_env_guid, NULL, 0);
+ if (status != GRUB_EFI_SUCCESS)
+ grub_dprintf ("efienv", "removal returned %ld\n", status);
+
+ grub_dprintf ("efienv", "setting GRUB_ENV\n");
+ status = grub_efi_set_variable ("GRUB_ENV", &grub_env_guid,
+ envblk_s.buf, envblk_s.size);
+ if (status != GRUB_EFI_SUCCESS)
+ grub_dprintf ("efienv", "setting GRUB_ENV returned %ld\n", status);
+
+ return 0;
+}
+
+static int
+set_var (const char *name, const char *value,
+ void *whitelist __attribute__((__unused__)))
+{
+ grub_env_set (name, value);
+ return 0;
+}
+
+static grub_err_t
+grub_efi_load_env(grub_command_t cmd __attribute__ ((unused)),
+ int argc, char *argv[] __attribute__((__unused__)))
+{
+ struct grub_envblk envblk_s = { NULL, 0 };
+ grub_envblk_t envblk = &envblk_s;
+
+ grub_efi_get_variable ("GRUB_ENV", &grub_env_guid, &envblk_s.size,
+ (void **) &envblk_s.buf);
+ if (!envblk_s.buf || envblk_s.size < 1)
+ return 0;
+
+ if (argc > 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unexpected argument"));
+
+ grub_envblk_iterate (envblk, NULL, set_var);
+ grub_free (envblk_s.buf);
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_command_t export_cmd, loadenv_cmd;
+
+GRUB_MOD_INIT(lsefi)
+{
+ export_cmd = grub_register_command ("efi-export-env", grub_efi_export_env,
+ N_("VARIABLE_NAME"), N_("Export environment variable to UEFI."));
+ loadenv_cmd = grub_register_command ("efi-load-env", grub_efi_load_env,
+ NULL, N_("Load the grub environment from UEFI."));
+}
+
+GRUB_MOD_FINI(lsefi)
+{
+ grub_unregister_command (export_cmd);
+ grub_unregister_command (loadenv_cmd);
+}
diff --git a/grub-core/commands/efi/lsefi.c b/grub-core/commands/efi/lsefi.c
index d1ce99af43..f2d2430e66 100644
--- a/grub-core/commands/efi/lsefi.c
+++ b/grub-core/commands/efi/lsefi.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
#include
#include
#include
diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c
new file mode 100644
index 0000000000..e68b8448bc
--- /dev/null
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
@@ -0,0 +1,152 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2021 Free Software Foundation, Inc.
+ * Copyright (C) 2021 IBM Corporation
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ *
+ * IBM vTPM support code.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+static grub_ieee1275_ihandle_t tpm_ihandle;
+static grub_uint8_t tpm_version;
+
+#define IEEE1275_IHANDLE_INVALID ((grub_ieee1275_ihandle_t)0)
+
+static void
+tpm_get_tpm_version (void)
+{
+ grub_ieee1275_phandle_t vtpm;
+ char buffer[20];
+
+ if (!grub_ieee1275_finddevice ("/vdevice/vtpm", &vtpm) &&
+ !grub_ieee1275_get_property (vtpm, "compatible", buffer,
+ sizeof (buffer), NULL) &&
+ !grub_strcmp (buffer, "IBM,vtpm20"))
+ tpm_version = 2;
+}
+
+static grub_err_t
+tpm_init (void)
+{
+ static int init_success = 0;
+
+ if (!init_success)
+ {
+ if (grub_ieee1275_open ("/vdevice/vtpm", &tpm_ihandle) < 0) {
+ tpm_ihandle = IEEE1275_IHANDLE_INVALID;
+ return GRUB_ERR_UNKNOWN_DEVICE;
+ }
+
+ init_success = 1;
+
+ tpm_get_tpm_version ();
+ }
+
+ return GRUB_ERR_NONE;
+}
+
+static int
+ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex,
+ grub_uint32_t eventtype,
+ const char *description,
+ grub_size_t description_size,
+ void *buf, grub_size_t size)
+{
+ struct tpm_2hash_ext_log
+ {
+ struct grub_ieee1275_common_hdr common;
+ grub_ieee1275_cell_t method;
+ grub_ieee1275_cell_t ihandle;
+ grub_ieee1275_cell_t size;
+ grub_ieee1275_cell_t buf;
+ grub_ieee1275_cell_t description_size;
+ grub_ieee1275_cell_t description;
+ grub_ieee1275_cell_t eventtype;
+ grub_ieee1275_cell_t pcrindex;
+ grub_ieee1275_cell_t catch_result;
+ grub_ieee1275_cell_t rc;
+ }
+ args;
+
+ INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 2);
+ args.method = (grub_ieee1275_cell_t) "2hash-ext-log";
+ args.ihandle = tpm_ihandle;
+ args.pcrindex = pcrindex;
+ args.eventtype = eventtype;
+ args.description = (grub_ieee1275_cell_t) description;
+ args.description_size = description_size;
+ args.buf = (grub_ieee1275_cell_t) buf;
+ args.size = (grub_ieee1275_cell_t) size;
+
+ if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
+ return -1;
+
+ /*
+ * catch_result is set if firmware does not support 2hash-ext-log
+ * rc is GRUB_IEEE1275_CELL_FALSE (0) on failure
+ */
+ if ((args.catch_result) || args.rc == GRUB_IEEE1275_CELL_FALSE)
+ return -1;
+
+ return 0;
+}
+
+static grub_err_t
+tpm2_log_event (unsigned char *buf,
+ grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ static int error_displayed = 0;
+ int err;
+
+ err = ibmvtpm_2hash_ext_log (pcr, EV_IPL,
+ description,
+ grub_strlen(description) + 1,
+ buf, size);
+ if (err && !error_displayed)
+ {
+ error_displayed++;
+ return grub_error (GRUB_ERR_BAD_DEVICE,
+ "2HASH-EXT-LOG failed: Firmware is likely too old.\n");
+ }
+
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ grub_err_t err = tpm_init();
+
+ /* Absence of a TPM isn't a failure. */
+ if (err != GRUB_ERR_NONE)
+ return GRUB_ERR_NONE;
+
+ grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
+ pcr, size, description);
+
+ if (tpm_version == 2)
+ return tpm2_log_event (buf, size, pcr, description);
+
+ return GRUB_ERR_NONE;
+}
diff --git a/grub-core/commands/increment.c b/grub-core/commands/increment.c
new file mode 100644
index 0000000000..79cf137656
--- /dev/null
+++ b/grub-core/commands/increment.c
@@ -0,0 +1,105 @@
+/* increment.c - Commands to increment and decrement variables. */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+typedef enum {
+ INCREMENT,
+ DECREMENT,
+} operation;
+
+static grub_err_t
+incr_decr(operation op, int argc, char **args)
+{
+ const char *old;
+ char *new;
+ long value;
+
+ if (argc < 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("no variable specified"));
+ if (argc > 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("too many arguments"));
+
+ old = grub_env_get (*args);
+ if (!old)
+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("No such variable \"%s\""),
+ *args);
+
+ value = grub_strtol (old, NULL, 0);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_errno;
+
+ switch (op)
+ {
+ case INCREMENT:
+ value += 1;
+ break;
+ case DECREMENT:
+ value -= 1;
+ break;
+ }
+
+ new = grub_xasprintf ("%ld", value);
+ if (!new)
+ return grub_errno;
+
+ grub_env_set (*args, new);
+ grub_free (new);
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_cmd_incr(struct grub_command *cmd UNUSED,
+ int argc, char **args)
+{
+ return incr_decr(INCREMENT, argc, args);
+}
+
+static grub_err_t
+grub_cmd_decr(struct grub_command *cmd UNUSED,
+ int argc, char **args)
+{
+ return incr_decr(DECREMENT, argc, args);
+}
+
+static grub_command_t cmd_incr, cmd_decr;
+
+GRUB_MOD_INIT(increment)
+{
+ cmd_incr = grub_register_command ("increment", grub_cmd_incr, N_("VARIABLE"),
+ N_("increment VARIABLE"));
+ cmd_decr = grub_register_command ("decrement", grub_cmd_decr, N_("VARIABLE"),
+ N_("decrement VARIABLE"));
+}
+
+GRUB_MOD_FINI(increment)
+{
+ grub_unregister_command (cmd_incr);
+ grub_unregister_command (cmd_decr);
+}
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
index 584baec8f9..7b2999b14b 100644
--- a/grub-core/commands/iorw.c
+++ b/grub-core/commands/iorw.c
@@ -24,6 +24,7 @@
#include
#include
#include
+#include
GRUB_MOD_LICENSE ("GPLv3+");
@@ -119,6 +120,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
GRUB_MOD_INIT(memrw)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd_read_byte =
grub_register_extcmd ("inb", grub_cmd_read, 0,
N_("PORT"), N_("Read 8-bit value from PORT."),
@@ -147,6 +151,9 @@ GRUB_MOD_INIT(memrw)
GRUB_MOD_FINI(memrw)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_extcmd (cmd_read_byte);
grub_unregister_extcmd (cmd_read_word);
grub_unregister_extcmd (cmd_read_dword);
diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
index cc5971f4db..782761c31a 100644
--- a/grub-core/commands/legacycfg.c
+++ b/grub-core/commands/legacycfg.c
@@ -143,7 +143,7 @@ legacy_file (const char *filename)
args[0] = oldname;
grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy",
NULL, NULL,
- entrysrc, 0);
+ entrysrc, 0, NULL, NULL);
grub_free (args);
entrysrc[0] = 0;
grub_free (oldname);
@@ -205,7 +205,8 @@ legacy_file (const char *filename)
}
args[0] = entryname;
grub_normal_add_menu_entry (1, args, NULL, NULL, NULL,
- NULL, NULL, entrysrc, 0);
+ NULL, NULL, entrysrc, 0, NULL,
+ NULL);
grub_free (args);
}
diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c
index 3fd664aac3..163b9a0904 100644
--- a/grub-core/commands/loadenv.c
+++ b/grub-core/commands/loadenv.c
@@ -28,6 +28,8 @@
#include
#include
+#include "loadenv.h"
+
GRUB_MOD_LICENSE ("GPLv3+");
static const struct grub_arg_option options[] =
@@ -79,81 +81,6 @@ open_envblk_file (char *filename,
return file;
}
-static grub_envblk_t
-read_envblk_file (grub_file_t file)
-{
- grub_off_t offset = 0;
- char *buf;
- grub_size_t size = grub_file_size (file);
- grub_envblk_t envblk;
-
- buf = grub_malloc (size);
- if (! buf)
- return 0;
-
- while (size > 0)
- {
- grub_ssize_t ret;
-
- ret = grub_file_read (file, buf + offset, size);
- if (ret <= 0)
- {
- grub_free (buf);
- return 0;
- }
-
- size -= ret;
- offset += ret;
- }
-
- envblk = grub_envblk_open (buf, offset);
- if (! envblk)
- {
- grub_free (buf);
- grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block");
- return 0;
- }
-
- return envblk;
-}
-
-struct grub_env_whitelist
-{
- grub_size_t len;
- char **list;
-};
-typedef struct grub_env_whitelist grub_env_whitelist_t;
-
-static int
-test_whitelist_membership (const char* name,
- const grub_env_whitelist_t* whitelist)
-{
- grub_size_t i;
-
- for (i = 0; i < whitelist->len; i++)
- if (grub_strcmp (name, whitelist->list[i]) == 0)
- return 1; /* found it */
-
- return 0; /* not found */
-}
-
-/* Helper for grub_cmd_load_env. */
-static int
-set_var (const char *name, const char *value, void *whitelist)
-{
- if (! whitelist)
- {
- grub_env_set (name, value);
- return 0;
- }
-
- if (test_whitelist_membership (name,
- (const grub_env_whitelist_t *) whitelist))
- grub_env_set (name, value);
-
- return 0;
-}
-
static grub_err_t
grub_cmd_load_env (grub_extcmd_context_t ctxt, int argc, char **args)
{
diff --git a/grub-core/commands/loadenv.h b/grub-core/commands/loadenv.h
new file mode 100644
index 0000000000..952f46121b
--- /dev/null
+++ b/grub-core/commands/loadenv.h
@@ -0,0 +1,93 @@
+/* loadenv.c - command to load/save environment variable. */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008,2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+static grub_envblk_t UNUSED
+read_envblk_file (grub_file_t file)
+{
+ grub_off_t offset = 0;
+ char *buf;
+ grub_size_t size = grub_file_size (file);
+ grub_envblk_t envblk;
+
+ buf = grub_malloc (size);
+ if (! buf)
+ return 0;
+
+ while (size > 0)
+ {
+ grub_ssize_t ret;
+
+ ret = grub_file_read (file, buf + offset, size);
+ if (ret <= 0)
+ {
+ grub_free (buf);
+ return 0;
+ }
+
+ size -= ret;
+ offset += ret;
+ }
+
+ envblk = grub_envblk_open (buf, offset);
+ if (! envblk)
+ {
+ grub_free (buf);
+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block");
+ return 0;
+ }
+
+ return envblk;
+}
+
+struct grub_env_whitelist
+{
+ grub_size_t len;
+ char **list;
+};
+typedef struct grub_env_whitelist grub_env_whitelist_t;
+
+static int UNUSED
+test_whitelist_membership (const char* name,
+ const grub_env_whitelist_t* whitelist)
+{
+ grub_size_t i;
+
+ for (i = 0; i < whitelist->len; i++)
+ if (grub_strcmp (name, whitelist->list[i]) == 0)
+ return 1; /* found it */
+
+ return 0; /* not found */
+}
+
+/* Helper for grub_cmd_load_env. */
+static int UNUSED
+set_var (const char *name, const char *value, void *whitelist)
+{
+ if (! whitelist)
+ {
+ grub_env_set (name, value);
+ return 0;
+ }
+
+ if (test_whitelist_membership (name,
+ (const grub_env_whitelist_t *) whitelist))
+ grub_env_set (name, value);
+
+ return 0;
+}
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
index d401a6db0e..39cf3a06db 100644
--- a/grub-core/commands/memrw.c
+++ b/grub-core/commands/memrw.c
@@ -23,6 +23,7 @@
#include
#include
#include
+#include
GRUB_MOD_LICENSE ("GPLv3+");
@@ -121,6 +122,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
GRUB_MOD_INIT(memrw)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd_read_byte =
grub_register_extcmd ("read_byte", grub_cmd_read, 0,
N_("ADDR"), N_("Read 8-bit value from ADDR."),
@@ -149,6 +153,9 @@ GRUB_MOD_INIT(memrw)
GRUB_MOD_FINI(memrw)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_extcmd (cmd_read_byte);
grub_unregister_extcmd (cmd_read_word);
grub_unregister_extcmd (cmd_read_dword);
diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
index 720e6d8ea3..b175a1b43b 100644
--- a/grub-core/commands/menuentry.c
+++ b/grub-core/commands/menuentry.c
@@ -29,7 +29,7 @@ static const struct grub_arg_option options[] =
{
{"class", 1, GRUB_ARG_OPTION_REPEATABLE,
N_("Menu entry type."), N_("STRING"), ARG_TYPE_STRING},
- {"users", 2, 0,
+ {"users", 2, GRUB_ARG_OPTION_OPTIONAL,
N_("List of users allowed to boot this entry."), N_("USERNAME[,USERNAME]"),
ARG_TYPE_STRING},
{"hotkey", 3, 0,
@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
char **classes, const char *id,
const char *users, const char *hotkey,
const char *prefix, const char *sourcecode,
- int submenu)
+ int submenu, int *index, struct bls_entry *bls)
{
int menu_hotkey = 0;
char **menu_args = NULL;
@@ -149,9 +149,12 @@ grub_normal_add_menu_entry (int argc, const char **args,
if (! menu_title)
goto fail;
+ grub_dprintf ("menu", "id:\"%s\"\n", id);
+ grub_dprintf ("menu", "title:\"%s\"\n", menu_title);
menu_id = grub_strdup (id ? : menu_title);
if (! menu_id)
goto fail;
+ grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id);
/* Save argc, args to pass as parameters to block arg later. */
menu_args = grub_calloc (argc + 1, sizeof (char *));
@@ -170,8 +173,12 @@ grub_normal_add_menu_entry (int argc, const char **args,
}
/* Add the menu entry at the end of the list. */
+ int ind=0;
while (*last)
- last = &(*last)->next;
+ {
+ ind++;
+ last = &(*last)->next;
+ }
*last = grub_zalloc (sizeof (**last));
if (! *last)
@@ -188,8 +195,11 @@ grub_normal_add_menu_entry (int argc, const char **args,
(*last)->args = menu_args;
(*last)->sourcecode = menu_sourcecode;
(*last)->submenu = submenu;
+ (*last)->bls = bls;
menu->size++;
+ if (index)
+ *index = ind;
return GRUB_ERR_NONE;
fail:
@@ -271,7 +281,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
if (! ctxt->state[3].set && ! ctxt->script)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition");
- if (ctxt->state[1].set)
+ if (ctxt->state[1].set && ctxt->state[1].arg)
users = ctxt->state[1].arg;
else if (ctxt->state[5].set)
users = NULL;
@@ -286,7 +296,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
users,
ctxt->state[2].arg, 0,
ctxt->state[3].arg,
- ctxt->extcmd->cmd->name[0] == 's');
+ ctxt->extcmd->cmd->name[0] == 's',
+ NULL, NULL);
src = args[argc - 1];
args[argc - 1] = NULL;
@@ -303,7 +314,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
ctxt->state[0].args, ctxt->state[4].arg,
users,
ctxt->state[2].arg, prefix, src + 1,
- ctxt->extcmd->cmd->name[0] == 's');
+ ctxt->extcmd->cmd->name[0] == 's', NULL,
+ NULL);
src[len - 1] = ch;
args[argc - 1] = src;
diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
index fa498931ed..2bd3ac76f2 100644
--- a/grub-core/commands/minicmd.c
+++ b/grub-core/commands/minicmd.c
@@ -182,12 +182,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)),
}
/* exit */
-static grub_err_t __attribute__ ((noreturn))
+static grub_err_t
grub_mini_cmd_exit (struct grub_command *cmd __attribute__ ((unused)),
- int argc __attribute__ ((unused)),
- char *argv[] __attribute__ ((unused)))
+ int argc, char *argv[])
{
- grub_exit ();
+ int retval = -1;
+ unsigned long n;
+
+ if (argc < 0 || argc > 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+
+ if (argc == 1)
+ {
+ n = grub_strtoul (argv[0], 0, 10);
+ if (n != ~0UL)
+ retval = n;
+ }
+
+ grub_exit (retval);
/* Not reached. */
}
diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
index 5daa1e9d00..b81ac0ae46 100644
--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
@@ -24,6 +24,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -146,10 +147,6 @@ const char *hashes[] = {
[0x0b] = "sha224"
};
-struct gcry_pk_spec *grub_crypto_pk_dsa;
-struct gcry_pk_spec *grub_crypto_pk_ecdsa;
-struct gcry_pk_spec *grub_crypto_pk_rsa;
-
static int
dsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval,
const gcry_md_spec_t *hash, struct grub_public_subkey *sk);
@@ -411,32 +408,7 @@ static int
rsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval,
const gcry_md_spec_t *hash, struct grub_public_subkey *sk)
{
- grub_size_t tlen, emlen, fflen;
- grub_uint8_t *em, *emptr;
- unsigned nbits = gcry_mpi_get_nbits (sk->mpis[0]);
- int ret;
- tlen = hash->mdlen + hash->asnlen;
- emlen = (nbits + 7) / 8;
- if (emlen < tlen + 11)
- return 1;
-
- em = grub_malloc (emlen);
- if (!em)
- return 1;
-
- em[0] = 0x00;
- em[1] = 0x01;
- fflen = emlen - tlen - 3;
- for (emptr = em + 2; emptr < em + 2 + fflen; emptr++)
- *emptr = 0xff;
- *emptr++ = 0x00;
- grub_memcpy (emptr, hash->asnoid, hash->asnlen);
- emptr += hash->asnlen;
- grub_memcpy (emptr, hval, hash->mdlen);
-
- ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0);
- grub_free (em);
- return ret;
+ return grub_crypto_rsa_pad(hmpi, hval, hash, sk->mpis[0]);
}
struct grub_pubkey_context
@@ -972,7 +944,7 @@ GRUB_MOD_INIT(pgp)
grub_memset (&pseudo_file, 0, sizeof (pseudo_file));
/* Not an ELF module, skip. */
- if (header->type != OBJ_TYPE_PUBKEY)
+ if (header->type != OBJ_TYPE_GPG_PUBKEY)
continue;
pseudo_file.fs = &pseudo_fs;
diff --git a/grub-core/commands/reboot.c b/grub-core/commands/reboot.c
index 46d364c99a..f5cc228363 100644
--- a/grub-core/commands/reboot.c
+++ b/grub-core/commands/reboot.c
@@ -32,15 +32,18 @@ grub_cmd_reboot (grub_command_t cmd __attribute__ ((unused)),
grub_reboot ();
}
-static grub_command_t cmd;
+static grub_command_t reboot_cmd, reset_cmd;
GRUB_MOD_INIT(reboot)
{
- cmd = grub_register_command ("reboot", grub_cmd_reboot,
- 0, N_("Reboot the computer."));
+ reboot_cmd = grub_register_command ("reboot", grub_cmd_reboot,
+ 0, N_("Reboot the computer."));
+ reset_cmd = grub_register_command ("reset", grub_cmd_reboot,
+ 0, N_("Reboot the computer."));
}
GRUB_MOD_FINI(reboot)
{
- grub_unregister_command (cmd);
+ grub_unregister_command (reboot_cmd);
+ grub_unregister_command (reset_cmd);
}
diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
index ed090b3af8..57d26ced8a 100644
--- a/grub-core/commands/search.c
+++ b/grub-core/commands/search.c
@@ -47,7 +47,7 @@ struct search_ctx
{
const char *key;
const char *var;
- int no_floppy;
+ enum search_flags flags;
char **hints;
unsigned nhints;
int count;
@@ -62,9 +62,28 @@ iterate_device (const char *name, void *data)
int found = 0;
/* Skip floppy drives when requested. */
- if (ctx->no_floppy &&
+ if (ctx->flags & SEARCH_FLAGS_NO_FLOPPY &&
name[0] == 'f' && name[1] == 'd' && name[2] >= '0' && name[2] <= '9')
- return 1;
+ return 0;
+
+ /* Limit to EFI disks when requested. */
+ if (ctx->flags & SEARCH_FLAGS_EFIDISK_ONLY)
+ {
+ grub_device_t dev;
+ dev = grub_device_open (name);
+ if (! dev)
+ {
+ grub_errno = GRUB_ERR_NONE;
+ return 0;
+ }
+ if (! dev->disk || dev->disk->dev->id != GRUB_DISK_DEVICE_EFIDISK_ID)
+ {
+ grub_device_close (dev);
+ grub_errno = GRUB_ERR_NONE;
+ return 0;
+ }
+ grub_device_close (dev);
+ }
#ifdef DO_SEARCH_FS_UUID
#define compare_fn grub_strcasecmp
@@ -261,13 +280,13 @@ try (struct search_ctx *ctx)
}
void
-FUNC_NAME (const char *key, const char *var, int no_floppy,
+FUNC_NAME (const char *key, const char *var, enum search_flags flags,
char **hints, unsigned nhints)
{
struct search_ctx ctx = {
.key = key,
.var = var,
- .no_floppy = no_floppy,
+ .flags = flags,
.hints = hints,
.nhints = nhints,
.count = 0,
diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c
index 47fc8eb996..0b62acf853 100644
--- a/grub-core/commands/search_wrap.c
+++ b/grub-core/commands/search_wrap.c
@@ -40,6 +40,7 @@ static const struct grub_arg_option options[] =
N_("Set a variable to the first device found."), N_("VARNAME"),
ARG_TYPE_STRING},
{"no-floppy", 'n', 0, N_("Do not probe any floppy drive."), 0, 0},
+ {"efidisk-only", 0, 0, N_("Only probe EFI disks."), 0, 0},
{"hint", 'h', GRUB_ARG_OPTION_REPEATABLE,
N_("First try the device HINT. If HINT ends in comma, "
"also try subpartitions"), N_("HINT"), ARG_TYPE_STRING},
@@ -73,6 +74,7 @@ enum options
SEARCH_FS_UUID,
SEARCH_SET,
SEARCH_NO_FLOPPY,
+ SEARCH_EFIDISK_ONLY,
SEARCH_HINT,
SEARCH_HINT_IEEE1275,
SEARCH_HINT_BIOS,
@@ -89,6 +91,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
const char *id = 0;
int i = 0, j = 0, nhints = 0;
char **hints = NULL;
+ enum search_flags flags = 0;
if (state[SEARCH_HINT].set)
for (i = 0; state[SEARCH_HINT].args[i]; i++)
@@ -180,15 +183,18 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
goto out;
}
+ if (state[SEARCH_NO_FLOPPY].set)
+ flags |= SEARCH_FLAGS_NO_FLOPPY;
+
+ if (state[SEARCH_EFIDISK_ONLY].set)
+ flags |= SEARCH_FLAGS_EFIDISK_ONLY;
+
if (state[SEARCH_LABEL].set)
- grub_search_label (id, var, state[SEARCH_NO_FLOPPY].set,
- hints, nhints);
+ grub_search_label (id, var, flags, hints, nhints);
else if (state[SEARCH_FS_UUID].set)
- grub_search_fs_uuid (id, var, state[SEARCH_NO_FLOPPY].set,
- hints, nhints);
+ grub_search_fs_uuid (id, var, flags, hints, nhints);
else if (state[SEARCH_FILE].set)
- grub_search_fs_file (id, var, state[SEARCH_NO_FLOPPY].set,
- hints, nhints);
+ grub_search_fs_file (id, var, flags, hints, nhints);
else
grub_error (GRUB_ERR_INVALID_COMMAND, "unspecified search type");
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
index 2052c36eab..e287d042e6 100644
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -42,7 +42,8 @@ grub_tpm_verify_init (grub_file_t io,
static grub_err_t
grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
{
- return grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
+ grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
+ return GRUB_ERR_NONE;
}
static grub_err_t
@@ -50,7 +51,6 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
{
const char *prefix = NULL;
char *description;
- grub_err_t status;
switch (type)
{
@@ -66,15 +66,15 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
}
description = grub_malloc (grub_strlen (str) + grub_strlen (prefix) + 1);
if (!description)
- return grub_errno;
+ return GRUB_ERR_NONE;
grub_memcpy (description, prefix, grub_strlen (prefix));
grub_memcpy (description + grub_strlen (prefix), str,
grub_strlen (str) + 1);
- status =
- grub_tpm_measure ((unsigned char *) str, grub_strlen (str),
- GRUB_STRING_PCR, description);
+
+ grub_tpm_measure ((unsigned char *) str, grub_strlen (str), GRUB_STRING_PCR,
+ description);
grub_free (description);
- return status;
+ return GRUB_ERR_NONE;
}
struct grub_file_verifier grub_tpm_verifier = {
diff --git a/grub-core/commands/version.c b/grub-core/commands/version.c
new file mode 100644
index 0000000000..f0966a518f
--- /dev/null
+++ b/grub-core/commands/version.c
@@ -0,0 +1,56 @@
+/* version.c - Command to print the grub version and build info. */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static grub_err_t
+grub_cmd_version (grub_command_t cmd UNUSED, int argc, char **args UNUSED)
+{
+ if (argc != 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("no arguments expected"));
+
+ grub_printf (_("GNU GRUB version %s\n"), PACKAGE_VERSION);
+ grub_printf (_("Platform %s-%s\n"), GRUB_TARGET_CPU, GRUB_PLATFORM);
+ if (grub_strlen(GRUB_RPM_VERSION) != 0)
+ grub_printf (_("RPM package version %s\n"), GRUB_RPM_VERSION);
+ grub_printf (_("Compiler version %s\n"), __VERSION__);
+
+ return 0;
+}
+
+static grub_command_t cmd;
+
+GRUB_MOD_INIT(version)
+{
+ cmd = grub_register_command ("version", grub_cmd_version, NULL,
+ N_("Print version and build information."));
+}
+
+GRUB_MOD_FINI(version)
+{
+ grub_unregister_command (cmd);
+}
diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c
index cc3290311f..8f67a4be7f 100644
--- a/grub-core/commands/wildcard.c
+++ b/grub-core/commands/wildcard.c
@@ -488,6 +488,12 @@ check_file (const char *dir, const char *basename)
return ctx.found;
}
+static int
+is_hex(char c)
+{
+ return ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F'));
+}
+
static void
unescape (char *out, const char *in, const char *end)
{
@@ -496,7 +502,15 @@ unescape (char *out, const char *in, const char *end)
for (optr = out, iptr = in; iptr < end;)
{
- if (*iptr == '\\' && iptr + 1 < end)
+ if (*iptr == '\\' && iptr + 3 < end && iptr[1] == 'x' && is_hex(iptr[2]) && is_hex(iptr[3]))
+ {
+ *optr++ = *iptr++;
+ *optr++ = *iptr++;
+ *optr++ = *iptr++;
+ *optr++ = *iptr++;
+ continue;
+ }
+ else if (*iptr == '\\' && iptr + 1 < end)
{
*optr++ = iptr[1];
iptr += 2;
diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
index 0320115662..7cdffe3ebd 100644
--- a/grub-core/disk/diskfilter.c
+++ b/grub-core/disk/diskfilter.c
@@ -188,6 +188,8 @@ scan_disk (const char *name, int accept_diskfilter)
grub_disk_t disk;
static int scan_depth = 0;
+ grub_dprintf ("diskfilter", "scanning %s\n", name);
+
if (!accept_diskfilter && is_valid_diskfilter_name (name))
return 0;
@@ -1212,6 +1214,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id,
the same. */
if (pv->disk && grub_disk_native_sectors (disk) >= pv->part_size)
return GRUB_ERR_NONE;
+ grub_dprintf ("diskfilter", "checking %s\n", disk->name);
pv->disk = grub_disk_open (disk->name);
if (!pv->disk)
return grub_errno;
diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c
index f077b5f553..062143dfff 100644
--- a/grub-core/disk/efi/efidisk.c
+++ b/grub-core/disk/efi/efidisk.c
@@ -396,6 +396,19 @@ enumerate_disks (void)
free_devices (devices);
}
+void
+grub_efidisk_reenumerate_disks (void)
+{
+ free_devices (fd_devices);
+ free_devices (hd_devices);
+ free_devices (cd_devices);
+ fd_devices = 0;
+ hd_devices = 0;
+ cd_devices = 0;
+
+ enumerate_disks ();
+}
+
static int
grub_efidisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data,
grub_disk_pull_t pull)
@@ -855,6 +868,7 @@ grub_efidisk_get_device_name (grub_efi_handle_t *handle)
return 0;
}
+ grub_dprintf ("efidisk", "getting disk for %s\n", device_name);
parent = grub_disk_open (device_name);
grub_free (dup_dp);
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index 03674cb477..55346849d3 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -44,7 +44,7 @@ struct ofdisk_hash_ent
};
static grub_err_t
-grub_ofdisk_get_block_size (const char *device, grub_uint32_t *block_size,
+grub_ofdisk_get_block_size (grub_uint32_t *block_size,
struct ofdisk_hash_ent *op);
#define OFDISK_HASH_SZ 8
@@ -225,7 +225,9 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
char *buf, *bufptr;
unsigned i;
- if (grub_ieee1275_open (alias->path, &ihandle))
+
+ RETRY_IEEE1275_OFDISK_OPEN(alias->path, &ihandle)
+ if (! ihandle)
return;
/* This method doesn't need memory allocation for the table. Open
@@ -305,7 +307,9 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
return;
}
- if (grub_ieee1275_open (alias->path, &ihandle))
+ RETRY_IEEE1275_OFDISK_OPEN(alias->path, &ihandle);
+
+ if (! ihandle)
{
grub_free (buf);
grub_free (table);
@@ -461,6 +465,7 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
grub_ssize_t actual;
grub_uint32_t block_size = 0;
grub_err_t err;
+ struct ofdisk_hash_ent *op;
if (grub_strncmp (name, "ieee1275/", sizeof ("ieee1275/") - 1) != 0)
return grub_error (GRUB_ERR_UNKNOWN_DEVICE,
@@ -471,6 +476,35 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
grub_dprintf ("disk", "Opening `%s'.\n", devpath);
+ op = ofdisk_hash_find (devpath);
+ if (!op)
+ op = ofdisk_hash_add (devpath, NULL);
+ if (!op)
+ {
+ grub_free (devpath);
+ return grub_errno;
+ }
+
+ /* Check if the call to open is the same to the last disk already opened */
+ if (last_devpath && !grub_strcmp(op->open_path,last_devpath))
+ {
+ goto finish;
+ }
+
+ /* If not, we need to close the previous disk and open the new one */
+ else {
+ if (last_ihandle){
+ grub_ieee1275_close (last_ihandle);
+ }
+ last_ihandle = 0;
+ last_devpath = NULL;
+
+ RETRY_IEEE1275_OFDISK_OPEN(op->open_path, &last_ihandle);
+ if (! last_ihandle)
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device");
+ last_devpath = op->open_path;
+ }
+
if (grub_ieee1275_finddevice (devpath, &dev))
{
grub_free (devpath);
@@ -491,25 +525,18 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "not a block device");
}
+
+ finish:
/* XXX: There is no property to read the number of blocks. There
should be a property `#blocks', but it is not there. Perhaps it
is possible to use seek for this. */
disk->total_sectors = GRUB_DISK_SIZE_UNKNOWN;
{
- struct ofdisk_hash_ent *op;
- op = ofdisk_hash_find (devpath);
- if (!op)
- op = ofdisk_hash_add (devpath, NULL);
- if (!op)
- {
- grub_free (devpath);
- return grub_errno;
- }
disk->id = (unsigned long) op;
disk->data = op->open_path;
- err = grub_ofdisk_get_block_size (devpath, &block_size, op);
+ err = grub_ofdisk_get_block_size (&block_size, op);
if (err)
{
grub_free (devpath);
@@ -532,13 +559,6 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
static void
grub_ofdisk_close (grub_disk_t disk)
{
- if (disk->data == last_devpath)
- {
- if (last_ihandle)
- grub_ieee1275_close (last_ihandle);
- last_ihandle = 0;
- last_devpath = NULL;
- }
disk->data = 0;
}
@@ -555,7 +575,7 @@ grub_ofdisk_prepare (grub_disk_t disk, grub_disk_addr_t sector)
last_ihandle = 0;
last_devpath = NULL;
- grub_ieee1275_open (disk->data, &last_ihandle);
+ RETRY_IEEE1275_OFDISK_OPEN(disk->data, &last_ihandle);
if (! last_ihandle)
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device");
last_devpath = disk->data;
@@ -582,12 +602,23 @@ grub_ofdisk_read (grub_disk_t disk, grub_disk_addr_t sector,
return err;
grub_ieee1275_read (last_ihandle, buf, size << disk->log_sector_size,
&actual);
- if (actual != (grub_ssize_t) (size << disk->log_sector_size))
+ int i = 0;
+ while(actual != (grub_ssize_t) (size << disk->log_sector_size)){
+ if (i>MAX_RETRIES){
return grub_error (GRUB_ERR_READ_ERROR, N_("failure reading sector 0x%llx "
"from `%s'"),
(unsigned long long) sector,
disk->name);
+ }
+ last_devpath = NULL;
+ err = grub_ofdisk_prepare (disk, sector);
+ if (err)
+ return err;
+ grub_ieee1275_read (last_ihandle, buf, size << disk->log_sector_size,
+ &actual);
+ i++;
+ }
return 0;
}
@@ -685,7 +716,7 @@ grub_ofdisk_init (void)
}
static grub_err_t
-grub_ofdisk_get_block_size (const char *device, grub_uint32_t *block_size,
+grub_ofdisk_get_block_size (grub_uint32_t *block_size,
struct ofdisk_hash_ent *op)
{
struct size_args_ieee1275
@@ -698,16 +729,6 @@ grub_ofdisk_get_block_size (const char *device, grub_uint32_t *block_size,
grub_ieee1275_cell_t size2;
} args_ieee1275;
- if (last_ihandle)
- grub_ieee1275_close (last_ihandle);
-
- last_ihandle = 0;
- last_devpath = NULL;
-
- grub_ieee1275_open (device, &last_ihandle);
- if (! last_ihandle)
- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device");
-
*block_size = 0;
if (op->block_size_fails >= 2)
diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c
index 41bebd14fe..99f47924ec 100644
--- a/grub-core/disk/loopback.c
+++ b/grub-core/disk/loopback.c
@@ -21,20 +21,13 @@
#include
#include
#include
+#include
#include
#include
#include
GRUB_MOD_LICENSE ("GPLv3+");
-struct grub_loopback
-{
- char *devname;
- grub_file_t file;
- struct grub_loopback *next;
- unsigned long id;
-};
-
static struct grub_loopback *loopback_list;
static unsigned long last_id = 0;
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 63203034df..8ec885a93b 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -38,6 +38,10 @@
#include
#include
#include
+#include
+#include
+#include
+#include
#include
#include
#include
@@ -79,9 +83,11 @@ struct grub_btrfs_superblock
grub_uint64_t generation;
grub_uint64_t root_tree;
grub_uint64_t chunk_tree;
- grub_uint8_t dummy2[0x20];
+ grub_uint8_t dummy2[0x18];
+ grub_uint64_t bytes_used;
grub_uint64_t root_dir_objectid;
- grub_uint8_t dummy3[0x41];
+ grub_uint64_t num_devices;
+ grub_uint8_t dummy3[0x39];
struct grub_btrfs_device this_device;
char label[0x100];
grub_uint8_t dummy4[0x100];
@@ -121,6 +127,7 @@ struct grub_btrfs_data
grub_uint64_t exttree;
grub_size_t extsize;
struct grub_btrfs_extent_data *extent;
+ grub_uint64_t fs_tree;
};
struct grub_btrfs_chunk_item
@@ -191,6 +198,14 @@ struct grub_btrfs_leaf_descriptor
} *data;
};
+struct grub_btrfs_root_ref
+{
+ grub_uint64_t dirid;
+ grub_uint64_t sequence;
+ grub_uint16_t name_len;
+ const char name[0];
+} __attribute__ ((packed));
+
struct grub_btrfs_time
{
grub_int64_t sec;
@@ -203,7 +218,7 @@ struct grub_btrfs_inode
grub_uint64_t size;
grub_uint8_t dummy2[0x70];
struct grub_btrfs_time mtime;
-} GRUB_PACKED;
+} GRUB_PACKED __attribute__ ((aligned(8)));
struct grub_btrfs_extent_data
{
@@ -236,6 +251,14 @@ struct grub_btrfs_extent_data
#define GRUB_BTRFS_OBJECT_ID_CHUNK 0x100
+#define GRUB_BTRFS_ROOT_TREE_OBJECTID 1ULL
+#define GRUB_BTRFS_FS_TREE_OBJECTID 5ULL
+#define GRUB_BTRFS_ROOT_REF_KEY 156
+#define GRUB_BTRFS_ROOT_ITEM_KEY 132
+
+static grub_uint64_t btrfs_default_subvolid = 0;
+static char *btrfs_default_subvol = NULL;
+
static grub_disk_addr_t superblock_sectors[] = { 64 * 2, 64 * 1024 * 2,
256 * 1048576 * 2, 1048576ULL * 1048576ULL * 2
};
@@ -244,6 +267,12 @@ static grub_err_t
grub_btrfs_read_logical (struct grub_btrfs_data *data,
grub_disk_addr_t addr, void *buf, grub_size_t size,
int recursion_depth);
+static grub_err_t
+get_root (struct grub_btrfs_data *data, struct grub_btrfs_key *key,
+ grub_uint64_t *tree, grub_uint8_t *type);
+
+grub_uint64_t
+find_mtab_subvol_tree (const char *path, char **path_in_subvol);
static grub_err_t
read_sblock (grub_disk_t disk, struct grub_btrfs_superblock *sb)
@@ -912,6 +941,23 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr,
return grub_error (GRUB_ERR_BAD_FS,
"couldn't find the chunk descriptor");
+ if (!chsize)
+ {
+ grub_dprintf ("btrfs", "zero-size chunk\n");
+ return grub_error (GRUB_ERR_BAD_FS,
+ "got an invalid zero-size chunk");
+ }
+
+ /*
+ * The space being allocated for a chunk should at least be able to
+ * contain one chunk item.
+ */
+ if (chsize < sizeof (struct grub_btrfs_chunk_item))
+ {
+ grub_dprintf ("btrfs", "chunk-size too small\n");
+ return grub_error (GRUB_ERR_BAD_FS,
+ "got an invalid chunk size");
+ }
chunk = grub_malloc (chsize);
if (!chunk)
return grub_errno;
@@ -970,6 +1016,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr,
stripe_length = grub_divmod64 (grub_le_to_cpu64 (chunk->size),
nstripes,
NULL);
+
+ /* For single, there should be exactly 1 stripe. */
+ if (grub_le_to_cpu16 (chunk->nstripes) != 1)
+ {
+ grub_dprintf ("btrfs", "invalid RAID_SINGLE: nstripes != 1 (%u)\n",
+ grub_le_to_cpu16 (chunk->nstripes));
+ return grub_error (GRUB_ERR_BAD_FS,
+ "invalid RAID_SINGLE: nstripes != 1 (%u)",
+ grub_le_to_cpu16 (chunk->nstripes));
+ }
if (stripe_length == 0)
stripe_length = 512;
stripen = grub_divmod64 (off, stripe_length, &stripe_offset);
@@ -989,6 +1045,19 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr,
stripen = 0;
stripe_offset = off;
csize = grub_le_to_cpu64 (chunk->size) - off;
+
+ /*
+ * Redundancy, and substripes only apply to RAID10, and there
+ * should be exactly 2 sub-stripes.
+ */
+ if (grub_le_to_cpu16 (chunk->nstripes) != redundancy)
+ {
+ grub_dprintf ("btrfs", "invalid RAID1: nstripes != %u (%u)\n",
+ redundancy, grub_le_to_cpu16 (chunk->nstripes));
+ return grub_error (GRUB_ERR_BAD_FS,
+ "invalid RAID1: nstripes != %u (%u)",
+ redundancy, grub_le_to_cpu16 (chunk->nstripes));
+ }
break;
}
case GRUB_BTRFS_CHUNK_TYPE_RAID0:
@@ -1025,6 +1094,20 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr,
stripe_offset = low + chunk_stripe_length
* high;
csize = chunk_stripe_length - low;
+
+ /*
+ * Substripes only apply to RAID10, and there
+ * should be exactly 2 sub-stripes.
+ */
+ if (grub_le_to_cpu16 (chunk->nsubstripes) != 2)
+ {
+ grub_dprintf ("btrfs", "invalid RAID10: nsubstripes != 2 (%u)",
+ grub_le_to_cpu16 (chunk->nsubstripes));
+ return grub_error (GRUB_ERR_BAD_FS,
+ "invalid RAID10: nsubstripes != 2 (%u)",
+ grub_le_to_cpu16 (chunk->nsubstripes));
+ }
+
break;
}
case GRUB_BTRFS_CHUNK_TYPE_RAID5:
@@ -1122,8 +1205,17 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr,
if (csize > (grub_uint64_t) size)
csize = size;
+ /*
+ * The space for a chunk stripe is limited to the space provide in the super-block's
+ * bootstrap mapping with an initial btrfs key at the start of each chunk.
+ */
+ grub_size_t avail_stripes = sizeof (data->sblock.bootstrap_mapping) /
+ (sizeof (struct grub_btrfs_key) + sizeof (struct grub_btrfs_chunk_stripe));
+
for (j = 0; j < 2; j++)
{
+ grub_size_t est_chunk_alloc = 0;
+
grub_dprintf ("btrfs", "chunk 0x%" PRIxGRUB_UINT64_T
"+0x%" PRIxGRUB_UINT64_T
" (%d stripes (%d substripes) of %"
@@ -1136,6 +1228,22 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr,
grub_dprintf ("btrfs", "reading laddr 0x%" PRIxGRUB_UINT64_T "\n",
addr);
+ if (grub_mul (sizeof (struct grub_btrfs_chunk_stripe),
+ grub_le_to_cpu16 (chunk->nstripes), &est_chunk_alloc) ||
+ grub_add (est_chunk_alloc,
+ sizeof (struct grub_btrfs_chunk_item), &est_chunk_alloc) ||
+ est_chunk_alloc > chunk->size)
+ {
+ err = GRUB_ERR_BAD_FS;
+ break;
+ }
+
+ if (grub_le_to_cpu16 (chunk->nstripes) > avail_stripes)
+ {
+ err = GRUB_ERR_BAD_FS;
+ break;
+ }
+
if (is_raid56)
{
err = btrfs_read_from_chunk (data, chunk, stripen,
@@ -1173,11 +1281,115 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr,
return GRUB_ERR_NONE;
}
+static grub_err_t
+get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree,
+ grub_uint64_t objectid, grub_uint64_t offset,
+ grub_uint64_t *fs_root);
+
+static grub_err_t
+lookup_root_by_id(struct grub_btrfs_data *data, grub_uint64_t id)
+{
+ grub_err_t err;
+ grub_uint64_t tree;
+
+ err = get_fs_root(data, data->sblock.root_tree, id, -1, &tree);
+ if (!err)
+ data->fs_tree = tree;
+ return err;
+}
+
+static grub_err_t
+find_path (struct grub_btrfs_data *data,
+ const char *path, struct grub_btrfs_key *key,
+ grub_uint64_t *tree, grub_uint8_t *type);
+
+static grub_err_t
+lookup_root_by_name(struct grub_btrfs_data *data, const char *path)
+{
+ grub_err_t err;
+ grub_uint64_t tree = 0;
+ grub_uint8_t type;
+ grub_uint64_t saved_tree;
+ struct grub_btrfs_key key;
+
+ if (path[0] == '\0')
+ {
+ data->fs_tree = 0;
+ return GRUB_ERR_NONE;
+ }
+
+ err = get_root (data, &key, &tree, &type);
+ if (err)
+ return err;
+
+ saved_tree = data->fs_tree;
+ data->fs_tree = tree;
+
+ err = find_path (data, path, &key, &tree, &type);
+
+ data->fs_tree = saved_tree;
+
+ if (err)
+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path);
+
+ if (key.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0)
+ return grub_error(GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", path);
+
+ data->fs_tree = tree;
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+lookup_root_by_name_fallback(struct grub_btrfs_data *data, const char *path)
+{
+ grub_err_t err;
+ grub_uint64_t tree = 0;
+ grub_uint8_t type;
+ struct grub_btrfs_key key;
+
+ err = find_path (data, path, &key, &tree, &type);
+ if (err)
+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path);
+
+ if (key.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0)
+ return grub_error(GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", path);
+
+ data->fs_tree = tree;
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+btrfs_handle_subvol(struct grub_btrfs_data *data __attribute__ ((unused)))
+{
+ if (btrfs_default_subvol)
+ {
+ grub_err_t err;
+ err = lookup_root_by_name(data, btrfs_default_subvol);
+
+ /* Fallback to old schemes */
+ if (err == GRUB_ERR_FILE_NOT_FOUND)
+ {
+ err = GRUB_ERR_NONE;
+ return lookup_root_by_name_fallback(data, btrfs_default_subvol);
+ }
+ return err;
+ }
+
+ if (btrfs_default_subvolid)
+ return lookup_root_by_id(data, btrfs_default_subvolid);
+
+ data->fs_tree = 0;
+
+ return GRUB_ERR_NONE;
+}
+
+
static struct grub_btrfs_data *
grub_btrfs_mount (grub_device_t dev)
{
struct grub_btrfs_data *data;
grub_err_t err;
+ const char *relpath = grub_env_get ("btrfs_relative_path");
if (!dev->disk)
{
@@ -1208,6 +1420,16 @@ grub_btrfs_mount (grub_device_t dev)
data->devices_attached[0].dev = dev;
data->devices_attached[0].id = data->sblock.this_device.device_id;
+ if (relpath && (relpath[0] == '1' || relpath[0] == 'y'))
+ {
+ err = btrfs_handle_subvol (data);
+ if (err)
+ {
+ grub_free (data);
+ return NULL;
+ }
+ }
+
return data;
}
@@ -1673,6 +1895,91 @@ get_root (struct grub_btrfs_data *data, struct grub_btrfs_key *key,
return GRUB_ERR_NONE;
}
+static grub_err_t
+find_pathname(struct grub_btrfs_data *data, grub_uint64_t objectid,
+ grub_uint64_t fs_root, const char *name, char **pathname)
+{
+ grub_err_t err;
+ struct grub_btrfs_key key = {
+ .object_id = objectid,
+ .type = GRUB_BTRFS_ITEM_TYPE_INODE_REF,
+ .offset = 0,
+ };
+ struct grub_btrfs_key key_out;
+ struct grub_btrfs_leaf_descriptor desc;
+ char *p = grub_strdup (name);
+ grub_disk_addr_t elemaddr;
+ grub_size_t elemsize;
+ grub_size_t alloc = grub_strlen(name) + 1;
+
+ err = lower_bound(data, &key, &key_out, fs_root,
+ &elemaddr, &elemsize, &desc, 0);
+ if (err)
+ return grub_error(err, "lower_bound caught %d\n", err);
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF)
+ next(data, &desc, &elemaddr, &elemsize, &key_out);
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF)
+ {
+ return grub_error(GRUB_ERR_FILE_NOT_FOUND,
+ "Can't find inode ref for {%"PRIuGRUB_UINT64_T
+ ", %u, %"PRIuGRUB_UINT64_T"} %"PRIuGRUB_UINT64_T
+ "/%"PRIuGRUB_SIZE"\n",
+ key_out.object_id, key_out.type,
+ key_out.offset, elemaddr, elemsize);
+ }
+
+
+ while (key_out.type == GRUB_BTRFS_ITEM_TYPE_INODE_REF &&
+ key_out.object_id != key_out.offset) {
+ struct grub_btrfs_inode_ref *inode_ref;
+ char *new;
+
+ inode_ref = grub_malloc(elemsize + 1);
+ if (!inode_ref)
+ return grub_error(GRUB_ERR_OUT_OF_MEMORY,
+ "couldn't allocate memory for inode_ref (%"PRIuGRUB_SIZE")\n", elemsize);
+
+ err = grub_btrfs_read_logical(data, elemaddr, inode_ref, elemsize, 0);
+ if (err)
+ return grub_error(err, "read_logical caught %d\n", err);
+
+ alloc += grub_le_to_cpu16 (inode_ref->n) + 2;
+ new = grub_malloc(alloc);
+ if (!new)
+ return grub_error(GRUB_ERR_OUT_OF_MEMORY,
+ "couldn't allocate memory for name (%"PRIuGRUB_SIZE")\n", alloc);
+
+ grub_memcpy(new, inode_ref->name, grub_le_to_cpu16 (inode_ref->n));
+ if (p)
+ {
+ new[grub_le_to_cpu16 (inode_ref->n)] = '/';
+ grub_strcpy (new + grub_le_to_cpu16 (inode_ref->n) + 1, p);
+ grub_free(p);
+ }
+ else
+ new[grub_le_to_cpu16 (inode_ref->n)] = 0;
+ grub_free(inode_ref);
+
+ p = new;
+
+ key.object_id = key_out.offset;
+
+ err = lower_bound(data, &key, &key_out, fs_root, &elemaddr,
+ &elemsize, &desc, 0);
+ if (err)
+ return grub_error(err, "lower_bound caught %d\n", err);
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF)
+ next(data, &desc, &elemaddr, &elemsize, &key_out);
+
+ }
+
+ *pathname = p;
+ return 0;
+}
+
static grub_err_t
find_path (struct grub_btrfs_data *data,
const char *path, struct grub_btrfs_key *key,
@@ -1685,31 +1992,66 @@ find_path (struct grub_btrfs_data *data,
grub_size_t allocated = 0;
struct grub_btrfs_dir_item *direl = NULL;
struct grub_btrfs_key key_out;
+ int follow_default;
const char *ctoken;
grub_size_t ctokenlen;
char *path_alloc = NULL;
char *origpath = NULL;
unsigned symlinks_max = 32;
+ const char *relpath = grub_env_get ("btrfs_relative_path");
- err = get_root (data, key, tree, type);
- if (err)
- return err;
-
+ follow_default = 0;
origpath = grub_strdup (path);
if (!origpath)
return grub_errno;
+ if (relpath && (relpath[0] == '1' || relpath[0] == 'y'))
+ {
+ if (data->fs_tree)
+ {
+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY;
+ *tree = data->fs_tree;
+ /* This is a tree root, so everything starts at objectid 256 */
+ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK);
+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM;
+ key->offset = 0;
+ }
+ else
+ {
+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY;
+ *tree = data->sblock.root_tree;
+ key->object_id = data->sblock.root_dir_objectid;
+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM;
+ key->offset = 0;
+ follow_default = 1;
+ }
+ }
+ else
+ {
+ err = get_root (data, key, tree, type);
+ if (err)
+ return err;
+ }
+
while (1)
{
- while (path[0] == '/')
- path++;
- if (!path[0])
- break;
- slash = grub_strchr (path, '/');
- if (!slash)
- slash = path + grub_strlen (path);
- ctoken = path;
- ctokenlen = slash - path;
+ if (!follow_default)
+ {
+ while (path[0] == '/')
+ path++;
+ if (!path[0])
+ break;
+ slash = grub_strchr (path, '/');
+ if (!slash)
+ slash = path + grub_strlen (path);
+ ctoken = path;
+ ctokenlen = slash - path;
+ }
+ else
+ {
+ ctoken = "default";
+ ctokenlen = sizeof ("default") - 1;
+ }
if (*type != GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY)
{
@@ -1720,7 +2062,9 @@ find_path (struct grub_btrfs_data *data,
if (ctokenlen == 1 && ctoken[0] == '.')
{
- path = slash;
+ if (!follow_default)
+ path = slash;
+ follow_default = 0;
continue;
}
if (ctokenlen == 2 && ctoken[0] == '.' && ctoken[1] == '.')
@@ -1751,8 +2095,9 @@ find_path (struct grub_btrfs_data *data,
*type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY;
key->object_id = key_out.offset;
- path = slash;
-
+ if (!follow_default)
+ path = slash;
+ follow_default = 0;
continue;
}
@@ -1821,7 +2166,9 @@ find_path (struct grub_btrfs_data *data,
return err;
}
- path = slash;
+ if (!follow_default)
+ path = slash;
+ follow_default = 0;
if (cdirel->type == GRUB_BTRFS_DIR_ITEM_TYPE_SYMLINK)
{
struct grub_btrfs_inode inode;
@@ -1871,9 +2218,33 @@ find_path (struct grub_btrfs_data *data,
path = path_alloc = tmp;
if (path[0] == '/')
{
- err = get_root (data, key, tree, type);
- if (err)
- return err;
+ if (relpath && (relpath[0] == '1' || relpath[0] == 'y'))
+ {
+ if (data->fs_tree)
+ {
+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY;
+ *tree = data->fs_tree;
+ /* This is a tree root, so everything starts at objectid 256 */
+ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK);
+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM;
+ key->offset = 0;
+ }
+ else
+ {
+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY;
+ *tree = data->sblock.root_tree;
+ key->object_id = data->sblock.root_dir_objectid;
+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM;
+ key->offset = 0;
+ follow_default = 1;
+ }
+ }
+ else
+ {
+ err = get_root (data, key, tree, type);
+ if (err)
+ return err;
+ }
}
continue;
}
@@ -1961,11 +2332,21 @@ grub_btrfs_dir (grub_device_t device, const char *path,
int r = 0;
grub_uint64_t tree;
grub_uint8_t type;
+ char *new_path = NULL;
+ grub_size_t est_size = 0;
if (!data)
return grub_errno;
- err = find_path (data, path, &key_in, &tree, &type);
+ tree = find_mtab_subvol_tree (path, &new_path);
+
+ if (tree)
+ data->fs_tree = tree;
+
+ err = find_path (data, new_path ? new_path : path, &key_in, &tree, &type);
+ if (new_path)
+ grub_free (new_path);
+
if (err)
{
grub_btrfs_unmount (data);
@@ -2019,6 +2400,18 @@ grub_btrfs_dir (grub_device_t device, const char *path,
break;
}
+ if (direl == NULL ||
+ grub_add (grub_le_to_cpu16 (direl->n),
+ grub_le_to_cpu16 (direl->m), &est_size) ||
+ grub_add (est_size, sizeof (*direl), &est_size) ||
+ grub_sub (est_size, sizeof (direl->name), &est_size) ||
+ est_size > allocated)
+ {
+ grub_errno = GRUB_ERR_OUT_OF_RANGE;
+ r = -grub_errno;
+ goto out;
+ }
+
for (cdirel = direl;
(grub_uint8_t *) cdirel - (grub_uint8_t *) direl
< (grub_ssize_t) elemsize;
@@ -2029,6 +2422,19 @@ grub_btrfs_dir (grub_device_t device, const char *path,
char c;
struct grub_btrfs_inode inode;
struct grub_dirhook_info info;
+
+ if (cdirel == NULL ||
+ grub_add (grub_le_to_cpu16 (cdirel->n),
+ grub_le_to_cpu16 (cdirel->m), &est_size) ||
+ grub_add (est_size, sizeof (*cdirel), &est_size) ||
+ grub_sub (est_size, sizeof (cdirel->name), &est_size) ||
+ est_size > allocated)
+ {
+ grub_errno = GRUB_ERR_OUT_OF_RANGE;
+ r = -grub_errno;
+ goto out;
+ }
+
err = grub_btrfs_read_inode (data, &inode, cdirel->key.object_id,
tree);
grub_memset (&info, 0, sizeof (info));
@@ -2067,11 +2473,21 @@ grub_btrfs_open (struct grub_file *file, const char *name)
struct grub_btrfs_inode inode;
grub_uint8_t type;
struct grub_btrfs_key key_in;
+ grub_uint64_t tree;
+ char *new_path = NULL;
if (!data)
return grub_errno;
- err = find_path (data, name, &key_in, &data->tree, &type);
+ tree = find_mtab_subvol_tree (name, &new_path);
+
+ if (tree)
+ data->fs_tree = tree;
+
+ err = find_path (data, new_path ? new_path : name, &key_in, &data->tree, &type);
+ if (new_path)
+ grub_free (new_path);
+
if (err)
{
grub_btrfs_unmount (data);
@@ -2114,6 +2530,20 @@ grub_btrfs_read (grub_file_t file, char *buf, grub_size_t len)
data->tree, file->offset, buf, len);
}
+static char *
+btrfs_unparse_uuid(struct grub_btrfs_data *data)
+{
+ return grub_xasprintf ("%04x%04x-%04x-%04x-%04x-%04x%04x%04x",
+ grub_be_to_cpu16 (data->sblock.uuid[0]),
+ grub_be_to_cpu16 (data->sblock.uuid[1]),
+ grub_be_to_cpu16 (data->sblock.uuid[2]),
+ grub_be_to_cpu16 (data->sblock.uuid[3]),
+ grub_be_to_cpu16 (data->sblock.uuid[4]),
+ grub_be_to_cpu16 (data->sblock.uuid[5]),
+ grub_be_to_cpu16 (data->sblock.uuid[6]),
+ grub_be_to_cpu16 (data->sblock.uuid[7]));
+}
+
static grub_err_t
grub_btrfs_uuid (grub_device_t device, char **uuid)
{
@@ -2125,15 +2555,7 @@ grub_btrfs_uuid (grub_device_t device, char **uuid)
if (!data)
return grub_errno;
- *uuid = grub_xasprintf ("%04x%04x-%04x-%04x-%04x-%04x%04x%04x",
- grub_be_to_cpu16 (data->sblock.uuid[0]),
- grub_be_to_cpu16 (data->sblock.uuid[1]),
- grub_be_to_cpu16 (data->sblock.uuid[2]),
- grub_be_to_cpu16 (data->sblock.uuid[3]),
- grub_be_to_cpu16 (data->sblock.uuid[4]),
- grub_be_to_cpu16 (data->sblock.uuid[5]),
- grub_be_to_cpu16 (data->sblock.uuid[6]),
- grub_be_to_cpu16 (data->sblock.uuid[7]));
+ *uuid = btrfs_unparse_uuid(data);
grub_btrfs_unmount (data);
@@ -2190,6 +2612,618 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)),
}
#endif
+static grub_err_t
+grub_cmd_btrfs_info (grub_command_t cmd __attribute__ ((unused)), int argc,
+ char **argv)
+{
+ grub_device_t dev;
+ char *devname;
+ struct grub_btrfs_data *data;
+ char *uuid;
+
+ if (argc < 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
+
+ devname = grub_file_get_device_name(argv[0]);
+
+ if (!devname)
+ return grub_errno;
+
+ dev = grub_device_open (devname);
+ grub_free (devname);
+ if (!dev)
+ return grub_errno;
+
+ data = grub_btrfs_mount (dev);
+ if (!data)
+ {
+ grub_device_close(dev);
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "failed to open fs");
+ }
+
+ if (data->sblock.label)
+ grub_printf("Label: '%s' ", data->sblock.label);
+ else
+ grub_printf("Label: none ");
+
+ uuid = btrfs_unparse_uuid(data);
+
+ grub_printf(" uuid: %s\n\tTotal devices %" PRIuGRUB_UINT64_T
+ " FS bytes used %" PRIuGRUB_UINT64_T "\n",
+ uuid, grub_cpu_to_le64(data->sblock.num_devices),
+ grub_cpu_to_le64(data->sblock.bytes_used));
+
+ grub_btrfs_unmount (data);
+
+ return 0;
+}
+
+struct grub_btrfs_mtab
+{
+ struct grub_btrfs_mtab *next;
+ struct grub_btrfs_mtab **prev;
+ char *path;
+ char *subvol;
+ grub_uint64_t tree;
+};
+
+typedef struct grub_btrfs_mtab* grub_btrfs_mtab_t;
+
+static struct grub_btrfs_mtab *btrfs_mtab;
+
+#define FOR_GRUB_MTAB(var) FOR_LIST_ELEMENTS (var, btrfs_mtab)
+#define FOR_GRUB_MTAB_SAFE(var, next) FOR_LIST_ELEMENTS_SAFE((var), (next), btrfs_mtab)
+
+static void
+add_mountpoint (const char *path, const char *subvol, grub_uint64_t tree)
+{
+ grub_btrfs_mtab_t m = grub_malloc (sizeof (*m));
+
+ m->path = grub_strdup (path);
+ m->subvol = grub_strdup (subvol);
+ m->tree = tree;
+ grub_list_push (GRUB_AS_LIST_P (&btrfs_mtab), GRUB_AS_LIST (m));
+}
+
+static grub_err_t
+grub_cmd_btrfs_mount_subvol (grub_command_t cmd __attribute__ ((unused)), int argc,
+ char **argv)
+{
+ char *devname, *dirname, *subvol;
+ struct grub_btrfs_key key_in;
+ grub_uint8_t type;
+ grub_uint64_t tree;
+ grub_uint64_t saved_tree;
+ grub_err_t err;
+ struct grub_btrfs_data *data = NULL;
+ grub_device_t dev = NULL;
+
+ if (argc < 3)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "required and ");
+
+ devname = grub_file_get_device_name(argv[0]);
+ dev = grub_device_open (devname);
+ grub_free (devname);
+
+ if (!dev)
+ {
+ err = grub_errno;
+ goto err_out;
+ }
+
+ dirname = argv[1];
+ subvol = argv[2];
+
+ data = grub_btrfs_mount (dev);
+ if (!data)
+ {
+ err = grub_errno;
+ goto err_out;
+ }
+
+ err = find_path (data, dirname, &key_in, &tree, &type);
+ if (err)
+ goto err_out;
+
+ if (type != GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY)
+ {
+ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
+ goto err_out;
+ }
+
+ err = get_root (data, &key_in, &tree, &type);
+
+ if (err)
+ goto err_out;
+
+ saved_tree = data->fs_tree;
+ data->fs_tree = tree;
+ err = find_path (data, subvol, &key_in, &tree, &type);
+ data->fs_tree = saved_tree;
+
+ if (err)
+ goto err_out;
+
+ if (key_in.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0)
+ {
+ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", subvol);
+ goto err_out;
+ }
+
+ grub_btrfs_unmount (data);
+ grub_device_close (dev);
+ add_mountpoint (dirname, subvol, tree);
+
+ return GRUB_ERR_NONE;
+
+err_out:
+
+ if (data)
+ grub_btrfs_unmount (data);
+
+ if (dev)
+ grub_device_close (dev);
+
+ return err;
+}
+
+grub_uint64_t
+find_mtab_subvol_tree (const char *path, char **path_in_subvol)
+{
+ grub_btrfs_mtab_t m, cm;
+ grub_uint64_t tree;
+
+ if (!path || !path_in_subvol)
+ return 0;
+
+ *path_in_subvol = NULL;
+ tree = 0;
+ cm = NULL;
+
+ FOR_GRUB_MTAB (m)
+ {
+ if (grub_strncmp (path, m->path, grub_strlen (m->path)) == 0)
+ {
+ if (!cm)
+ cm = m;
+ else
+ if (grub_strcmp (m->path, cm->path) > 0)
+ cm = m;
+ }
+ }
+
+ if (cm)
+ {
+ const char *s = path + grub_strlen (cm->path);
+ *path_in_subvol = (s[0] == '\0') ? grub_strdup ("/") : grub_strdup (s);
+ tree = cm->tree;
+ }
+
+ return tree;
+}
+
+static grub_err_t
+get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree,
+ grub_uint64_t objectid, grub_uint64_t offset,
+ grub_uint64_t *fs_root)
+{
+ grub_err_t err;
+ struct grub_btrfs_key key_in = {
+ .object_id = objectid,
+ .type = GRUB_BTRFS_ROOT_ITEM_KEY,
+ .offset = offset,
+ }, key_out;
+ struct grub_btrfs_leaf_descriptor desc;
+ grub_disk_addr_t elemaddr;
+ grub_size_t elemsize;
+ struct grub_btrfs_root_item ri;
+
+ err = lower_bound(data, &key_in, &key_out, tree,
+ &elemaddr, &elemsize, &desc, 0);
+
+ if (err)
+ return err;
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM || elemaddr == 0)
+ return grub_error(GRUB_ERR_FILE_NOT_FOUND,
+ N_("can't find fs root for subvol %"PRIuGRUB_UINT64_T"\n"),
+ key_in.object_id);
+
+ err = grub_btrfs_read_logical (data, elemaddr, &ri, sizeof (ri), 0);
+ if (err)
+ return err;
+
+ *fs_root = ri.tree;
+
+ return GRUB_ERR_NONE;
+}
+
+static const struct grub_arg_option options[] = {
+ {"output", 'o', 0, N_("Output to a variable instead of the console."),
+ N_("VARNAME"), ARG_TYPE_STRING},
+ {"path-only", 'p', 0, N_("Show only the path of the subvolume."), 0, 0},
+ {"id-only", 'i', 0, N_("Show only the id of the subvolume."), 0, 0},
+ {0, 0, 0, 0, 0, 0}
+};
+
+static grub_err_t
+grub_cmd_btrfs_list_subvols (struct grub_extcmd_context *ctxt,
+ int argc, char **argv)
+{
+ struct grub_btrfs_data *data;
+ grub_device_t dev;
+ char *devname;
+ grub_uint64_t tree;
+ struct grub_btrfs_key key_in = {
+ .object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_FS_TREE_OBJECTID),
+ .type = GRUB_BTRFS_ROOT_REF_KEY,
+ .offset = 0,
+ }, key_out;
+ struct grub_btrfs_leaf_descriptor desc;
+ grub_disk_addr_t elemaddr;
+ grub_uint64_t fs_root = 0;
+ grub_size_t elemsize;
+ grub_size_t allocated = 0;
+ int r = 0;
+ grub_err_t err;
+ char *buf = NULL;
+ int print = 1;
+ int path_only = ctxt->state[1].set;
+ int num_only = ctxt->state[2].set;
+ char *varname = NULL;
+ char *output = NULL;
+
+ if (ctxt->state[0].set) {
+ varname = ctxt->state[0].arg;
+ print = 0;
+ }
+
+ if (argc < 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
+
+ devname = grub_file_get_device_name(argv[0]);
+ if (!devname)
+ return grub_errno;
+
+ dev = grub_device_open (devname);
+ grub_free (devname);
+ if (!dev)
+ return grub_errno;
+
+ data = grub_btrfs_mount(dev);
+ if (!data)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "could not open device");
+
+ tree = data->sblock.root_tree;
+ err = get_fs_root(data, tree, grub_cpu_to_le64_compile_time (GRUB_BTRFS_FS_TREE_OBJECTID),
+ 0, &fs_root);
+ if (err)
+ goto out;
+
+ err = lower_bound(data, &key_in, &key_out, tree,
+ &elemaddr, &elemsize, &desc, 0);
+
+ if (err)
+ {
+ grub_btrfs_unmount(data);
+ return err;
+ }
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF || elemaddr == 0)
+ {
+ r = next(data, &desc, &elemaddr, &elemsize, &key_out);
+ }
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF) {
+ err = GRUB_ERR_FILE_NOT_FOUND;
+ grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("can't find root refs"));
+ goto out;
+ }
+
+ do
+ {
+ struct grub_btrfs_root_ref *ref;
+ char *p = NULL;
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF)
+ {
+ r = 0;
+ break;
+ }
+
+ if (elemsize > allocated)
+ {
+ grub_free(buf);
+ allocated = 2 * elemsize;
+ buf = grub_malloc(allocated + 1);
+ if (!buf)
+ {
+ r = -grub_errno;
+ break;
+ }
+ }
+ ref = (struct grub_btrfs_root_ref *)buf;
+
+ err = grub_btrfs_read_logical(data, elemaddr, buf, elemsize, 0);
+ if (err)
+ {
+ r = -err;
+ break;
+ }
+ buf[elemsize] = 0;
+
+ find_pathname(data, ref->dirid, fs_root, ref->name, &p);
+
+ if (print)
+ {
+ if (num_only)
+ grub_printf("ID %"PRIuGRUB_UINT64_T"\n", key_out.offset);
+ else if (path_only)
+ grub_printf("%s\n", p);
+ else
+ grub_printf("ID %"PRIuGRUB_UINT64_T" path %s\n", key_out.offset, p);
+ } else {
+ char *old = output;
+ if (num_only)
+ output = grub_xasprintf("%s%"PRIuGRUB_UINT64_T"\n",
+ old ?: "", key_out.offset);
+ else if (path_only)
+ output = grub_xasprintf("%s%s\n", old ?: "", p);
+ else
+ output = grub_xasprintf("%sID %"PRIuGRUB_UINT64_T" path %s\n",
+ old ?: "", key_out.offset, p);
+
+ if (old)
+ grub_free(old);
+ }
+
+ r = next(data, &desc, &elemaddr, &elemsize, &key_out);
+ } while(r > 0);
+
+ if (output)
+ grub_env_set(varname, output);
+
+out:
+ free_iterator(&desc);
+ grub_btrfs_unmount(data);
+
+ grub_device_close (dev);
+
+ return 0;
+}
+
+static grub_err_t
+grub_btrfs_get_parent_subvol_path (struct grub_btrfs_data *data,
+ grub_uint64_t child_id,
+ const char *child_path,
+ grub_uint64_t *parent_id,
+ char **path_out)
+{
+ grub_uint64_t fs_root = 0;
+ struct grub_btrfs_key key_in = {
+ .object_id = child_id,
+ .type = GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF,
+ .offset = 0,
+ }, key_out;
+ struct grub_btrfs_root_ref *ref;
+ char *buf;
+ struct grub_btrfs_leaf_descriptor desc;
+ grub_size_t elemsize;
+ grub_disk_addr_t elemaddr;
+ grub_err_t err;
+ char *parent_path;
+
+ *parent_id = 0;
+ *path_out = 0;
+
+ err = lower_bound(data, &key_in, &key_out, data->sblock.root_tree,
+ &elemaddr, &elemsize, &desc, 0);
+ if (err)
+ return err;
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF || elemaddr == 0)
+ next(data, &desc, &elemaddr, &elemsize, &key_out);
+
+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF)
+ {
+ free_iterator(&desc);
+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("can't find root backrefs"));
+ }
+
+ buf = grub_malloc(elemsize + 1);
+ if (!buf)
+ {
+ free_iterator(&desc);
+ return grub_errno;
+ }
+
+ err = grub_btrfs_read_logical(data, elemaddr, buf, elemsize, 0);
+ if (err)
+ {
+ grub_free(buf);
+ free_iterator(&desc);
+ return err;
+ }
+
+ buf[elemsize] = 0;
+ ref = (struct grub_btrfs_root_ref *)buf;
+
+ err = get_fs_root(data, data->sblock.root_tree, grub_le_to_cpu64 (key_out.offset),
+ 0, &fs_root);
+ if (err)
+ {
+ grub_free(buf);
+ free_iterator(&desc);
+ return err;
+ }
+
+ find_pathname(data, grub_le_to_cpu64 (ref->dirid), fs_root, ref->name, &parent_path);
+
+ if (child_path)
+ {
+ *path_out = grub_xasprintf ("%s/%s", parent_path, child_path);
+ grub_free (parent_path);
+ }
+ else
+ *path_out = parent_path;
+
+ *parent_id = grub_le_to_cpu64 (key_out.offset);
+
+ grub_free(buf);
+ free_iterator(&desc);
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_btrfs_get_default_subvolume_id (struct grub_btrfs_data *data, grub_uint64_t *id)
+{
+ grub_err_t err;
+ grub_disk_addr_t elemaddr;
+ grub_size_t elemsize;
+ struct grub_btrfs_key key, key_out;
+ struct grub_btrfs_dir_item *direl = NULL;
+ const char *ctoken = "default";
+ grub_size_t ctokenlen = sizeof ("default") - 1;
+
+ *id = 0;
+ key.object_id = data->sblock.root_dir_objectid;
+ key.type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM;
+ key.offset = grub_cpu_to_le64 (~grub_getcrc32c (1, ctoken, ctokenlen));
+ err = lower_bound (data, &key, &key_out, data->sblock.root_tree, &elemaddr, &elemsize,
+ NULL, 0);
+ if (err)
+ return err;
+
+ if (key_cmp (&key, &key_out) != 0)
+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found"));
+
+ struct grub_btrfs_dir_item *cdirel;
+ direl = grub_malloc (elemsize + 1);
+ err = grub_btrfs_read_logical (data, elemaddr, direl, elemsize, 0);
+ if (err)
+ {
+ grub_free (direl);
+ return err;
+ }
+ for (cdirel = direl;
+ (grub_uint8_t *) cdirel - (grub_uint8_t *) direl
+ < (grub_ssize_t) elemsize;
+ cdirel = (void *) ((grub_uint8_t *) (direl + 1)
+ + grub_le_to_cpu16 (cdirel->n)
+ + grub_le_to_cpu16 (cdirel->m)))
+ {
+ if (ctokenlen == grub_le_to_cpu16 (cdirel->n)
+ && grub_memcmp (cdirel->name, ctoken, ctokenlen) == 0)
+ break;
+ }
+ if ((grub_uint8_t *) cdirel - (grub_uint8_t *) direl
+ >= (grub_ssize_t) elemsize)
+ {
+ grub_free (direl);
+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found"));
+ return err;
+ }
+
+ if (cdirel->key.type != GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM)
+ {
+ grub_free (direl);
+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found"));
+ return err;
+ }
+
+ *id = grub_le_to_cpu64 (cdirel->key.object_id);
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_cmd_btrfs_get_default_subvol (struct grub_extcmd_context *ctxt,
+ int argc, char **argv)
+{
+ char *devname;
+ grub_device_t dev;
+ struct grub_btrfs_data *data;
+ grub_err_t err;
+ grub_uint64_t id;
+ char *subvol = NULL;
+ grub_uint64_t subvolid = 0;
+ char *varname = NULL;
+ char *output = NULL;
+ int path_only = ctxt->state[1].set;
+ int num_only = ctxt->state[2].set;
+
+ if (ctxt->state[0].set)
+ varname = ctxt->state[0].arg;
+
+ if (argc < 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
+
+ devname = grub_file_get_device_name(argv[0]);
+ if (!devname)
+ return grub_errno;
+
+ dev = grub_device_open (devname);
+ grub_free (devname);
+ if (!dev)
+ return grub_errno;
+
+ data = grub_btrfs_mount(dev);
+ if (!data)
+ {
+ grub_device_close (dev);
+ grub_dprintf ("btrfs", "failed to open fs\n");
+ grub_errno = GRUB_ERR_NONE;
+ return 0;
+ }
+
+ err = grub_btrfs_get_default_subvolume_id (data, &subvolid);
+ if (err)
+ {
+ grub_btrfs_unmount (data);
+ grub_device_close (dev);
+ return err;
+ }
+
+ id = subvolid;
+ while (id != GRUB_BTRFS_ROOT_VOL_OBJECTID)
+ {
+ grub_uint64_t parent_id;
+ char *path_out;
+
+ err = grub_btrfs_get_parent_subvol_path (data, grub_cpu_to_le64 (id), subvol, &parent_id, &path_out);
+ if (err)
+ {
+ grub_btrfs_unmount (data);
+ grub_device_close (dev);
+ return err;
+ }
+
+ if (subvol)
+ grub_free (subvol);
+ subvol = path_out;
+ id = parent_id;
+ }
+
+ if (num_only && path_only)
+ output = grub_xasprintf ("%"PRIuGRUB_UINT64_T" /%s", subvolid, subvol);
+ else if (num_only)
+ output = grub_xasprintf ("%"PRIuGRUB_UINT64_T, subvolid);
+ else
+ output = grub_xasprintf ("/%s", subvol);
+
+ if (varname)
+ grub_env_set(varname, output);
+ else
+ grub_printf ("%s\n", output);
+
+ grub_free (output);
+ grub_free (subvol);
+
+ grub_btrfs_unmount (data);
+ grub_device_close (dev);
+
+ return GRUB_ERR_NONE;
+}
+
static struct grub_fs grub_btrfs_fs = {
.name = "btrfs",
.fs_dir = grub_btrfs_dir,
@@ -2205,12 +3239,101 @@ static struct grub_fs grub_btrfs_fs = {
#endif
};
+static grub_command_t cmd_info;
+static grub_command_t cmd_mount_subvol;
+static grub_extcmd_t cmd_list_subvols;
+static grub_extcmd_t cmd_get_default_subvol;
+
+static char *
+subvolid_set_env (struct grub_env_var *var __attribute__ ((unused)),
+ const char *val)
+{
+ unsigned long long result = 0;
+
+ grub_errno = GRUB_ERR_NONE;
+ if (*val)
+ {
+ result = grub_strtoull(val, NULL, 10);
+ if (grub_errno)
+ return NULL;
+ }
+
+ grub_free (btrfs_default_subvol);
+ btrfs_default_subvol = NULL;
+ btrfs_default_subvolid = result;
+ return grub_strdup(val);
+}
+
+static const char *
+subvolid_get_env (struct grub_env_var *var __attribute__ ((unused)),
+ const char *val __attribute__ ((unused)))
+{
+ if (btrfs_default_subvol)
+ return grub_xasprintf("subvol:%s", btrfs_default_subvol);
+ else if (btrfs_default_subvolid)
+ return grub_xasprintf("%"PRIuGRUB_UINT64_T, btrfs_default_subvolid);
+ else
+ return "";
+}
+
+static char *
+subvol_set_env (struct grub_env_var *var __attribute__ ((unused)),
+ const char *val)
+{
+ grub_free (btrfs_default_subvol);
+ btrfs_default_subvol = grub_strdup (val);
+ btrfs_default_subvolid = 0;
+ return grub_strdup(val);
+}
+
+static const char *
+subvol_get_env (struct grub_env_var *var __attribute__ ((unused)),
+ const char *val __attribute__ ((unused)))
+{
+ if (btrfs_default_subvol)
+ return btrfs_default_subvol;
+ else if (btrfs_default_subvolid)
+ return grub_xasprintf("subvolid:%" PRIuGRUB_UINT64_T,
+ btrfs_default_subvolid);
+ else
+ return "";
+}
+
GRUB_MOD_INIT (btrfs)
{
grub_fs_register (&grub_btrfs_fs);
+ cmd_info = grub_register_command("btrfs-info", grub_cmd_btrfs_info,
+ "DEVICE",
+ "Print BtrFS info about DEVICE.");
+ cmd_mount_subvol = grub_register_command("btrfs-mount-subvol", grub_cmd_btrfs_mount_subvol,
+ "DEVICE DIRECTORY SUBVOL",
+ "Set btrfs DEVICE the DIRECTORY a mountpoint of SUBVOL.");
+ cmd_list_subvols = grub_register_extcmd("btrfs-list-subvols",
+ grub_cmd_btrfs_list_subvols, 0,
+ "[-p|-n] [-o var] DEVICE",
+ "Print list of BtrFS subvolumes on "
+ "DEVICE.", options);
+ cmd_get_default_subvol = grub_register_extcmd("btrfs-get-default-subvol",
+ grub_cmd_btrfs_get_default_subvol, 0,
+ "[-p|-n] [-o var] DEVICE",
+ "Print default BtrFS subvolume on "
+ "DEVICE.", options);
+ grub_register_variable_hook ("btrfs_subvol", subvol_get_env,
+ subvol_set_env);
+ grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env,
+ subvolid_set_env);
+ grub_env_export ("btrfs_subvol");
+ grub_env_export ("btrfs_subvolid");
+ grub_env_export ("btrfs_relative_path");
}
GRUB_MOD_FINI (btrfs)
{
+ grub_register_variable_hook ("btrfs_subvol", NULL, NULL);
+ grub_register_variable_hook ("btrfs_subvolid", NULL, NULL);
+ grub_unregister_command (cmd_info);
+ grub_unregister_extcmd (cmd_list_subvols);
grub_fs_unregister (&grub_btrfs_fs);
}
+
+// vim: si et sw=2:
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index e7dd78e663..731d346f88 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define EXT4_FEATURE_INCOMPAT_64BIT 0x0080
#define EXT4_FEATURE_INCOMPAT_MMP 0x0100
#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000
#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
/* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -123,9 +124,16 @@ GRUB_MOD_LICENSE ("GPLv3+");
* mmp: Not really back-incompatible - was added as such to
* avoid multiple read-write mounts. Safe to ignore for this
* RO driver.
+ * checksum seed: Not really back-incompatible - was added to allow tools
+ * such as tune2fs to change the UUID on a mounted metadata
+ * checksummed filesystem. Safe to ignore for now since the
+ * driver doesn't support checksum verification. But it must
+ * be removed from this list if that support is added later.
+ *
*/
#define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
- | EXT4_FEATURE_INCOMPAT_MMP)
+ | EXT4_FEATURE_INCOMPAT_MMP \
+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
#define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U
diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index 8a9992ca9e..df6beb544c 100644
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -122,6 +122,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define F2FS_INLINE_DOTS 0x10 /* File having implicit dot dentries. */
#define MAX_VOLUME_NAME 512
+#define MAX_NAT_BITMAP_SIZE 3900
enum FILE_TYPE
{
@@ -183,7 +184,7 @@ struct grub_f2fs_checkpoint
grub_uint32_t checksum_offset;
grub_uint64_t elapsed_time;
grub_uint8_t alloc_type[MAX_ACTIVE_LOGS];
- grub_uint8_t sit_nat_version_bitmap[3900];
+ grub_uint8_t sit_nat_version_bitmap[MAX_NAT_BITMAP_SIZE];
grub_uint32_t checksum;
} GRUB_PACKED;
@@ -302,6 +303,7 @@ struct grub_f2fs_data
struct grub_f2fs_nat_journal nat_j;
char *nat_bitmap;
+ grub_uint32_t nat_bitmap_size;
grub_disk_t disk;
struct grub_f2fs_node *inode;
@@ -377,15 +379,20 @@ sum_blk_addr (struct grub_f2fs_data *data, int base, int type)
}
static void *
-nat_bitmap_ptr (struct grub_f2fs_data *data)
+nat_bitmap_ptr (struct grub_f2fs_data *data, grub_uint32_t *nat_bitmap_size)
{
struct grub_f2fs_checkpoint *ckpt = &data->ckpt;
grub_uint32_t offset;
+ *nat_bitmap_size = MAX_NAT_BITMAP_SIZE;
if (grub_le_to_cpu32 (data->sblock.cp_payload) > 0)
return ckpt->sit_nat_version_bitmap;
offset = grub_le_to_cpu32 (ckpt->sit_ver_bitmap_bytesize);
+ if (offset >= MAX_NAT_BITMAP_SIZE)
+ return NULL;
+
+ *nat_bitmap_size = *nat_bitmap_size - offset;
return ckpt->sit_nat_version_bitmap + offset;
}
@@ -438,11 +445,15 @@ grub_f2fs_crc_valid (grub_uint32_t blk_crc, void *buf, const grub_uint32_t len)
}
static int
-grub_f2fs_test_bit (grub_uint32_t nr, const char *p)
+grub_f2fs_test_bit (grub_uint32_t nr, const char *p, grub_uint32_t len)
{
int mask;
+ grub_uint32_t shifted_nr = (nr >> 3);
+
+ if (shifted_nr >= len)
+ return -1;
- p += (nr >> 3);
+ p += shifted_nr;
mask = 1 << (7 - (nr & 0x07));
return mask & *p;
@@ -632,23 +643,27 @@ get_nat_journal (struct grub_f2fs_data *data)
return err;
}
-static grub_uint32_t
-get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid)
+static grub_err_t
+get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid,
+ grub_uint32_t *blkaddr)
{
grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats);
- grub_uint32_t blkaddr = 0;
grub_uint16_t i;
+ if (n >= NAT_JOURNAL_ENTRIES)
+ return grub_error (GRUB_ERR_BAD_FS,
+ "invalid number of nat journal entries");
+
for (i = 0; i < n; i++)
{
if (grub_le_to_cpu32 (data->nat_j.entries[i].nid) == nid)
{
- blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr);
+ *blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr);
break;
}
}
- return blkaddr;
+ return GRUB_ERR_NONE;
}
static grub_uint32_t
@@ -656,10 +671,14 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid)
{
struct grub_f2fs_nat_block *nat_block;
grub_uint32_t seg_off, block_off, entry_off, block_addr;
- grub_uint32_t blkaddr;
+ grub_uint32_t blkaddr = 0;
grub_err_t err;
+ int result_bit;
+
+ err = get_blkaddr_from_nat_journal (data, nid, &blkaddr);
+ if (err != GRUB_ERR_NONE)
+ return 0;
- blkaddr = get_blkaddr_from_nat_journal (data, nid);
if (blkaddr)
return blkaddr;
@@ -675,8 +694,15 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid)
((seg_off * data->blocks_per_seg) << 1) +
(block_off & (data->blocks_per_seg - 1));
- if (grub_f2fs_test_bit (block_off, data->nat_bitmap))
+ result_bit = grub_f2fs_test_bit (block_off, data->nat_bitmap,
+ data->nat_bitmap_size);
+ if (result_bit > 0)
block_addr += data->blocks_per_seg;
+ else if (result_bit == -1)
+ {
+ grub_free (nat_block);
+ return 0;
+ }
err = grub_f2fs_block_read (data, block_addr, nat_block);
if (err)
@@ -826,7 +852,9 @@ grub_f2fs_mount (grub_disk_t disk)
if (err)
goto fail;
- data->nat_bitmap = nat_bitmap_ptr (data);
+ data->nat_bitmap = nat_bitmap_ptr (data, &data->nat_bitmap_size);
+ if (data->nat_bitmap == NULL)
+ goto fail;
err = get_nat_journal (data);
if (err)
@@ -975,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx)
ftype = ctx->dentry[i].file_type;
name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len);
+
+ if (name_len >= F2FS_NAME_LEN)
+ return 0;
+
filename = grub_malloc (name_len + 1);
if (!filename)
return 0;
diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c
index af6a226a7f..b8253da7fe 100644
--- a/grub-core/fs/reiserfs.c
+++ b/grub-core/fs/reiserfs.c
@@ -42,16 +42,6 @@
GRUB_MOD_LICENSE ("GPLv3+");
-#define MIN(a, b) \
- ({ typeof (a) _a = (a); \
- typeof (b) _b = (b); \
- _a < _b ? _a : _b; })
-
-#define MAX(a, b) \
- ({ typeof (a) _a = (a); \
- typeof (b) _b = (b); \
- _a > _b ? _a : _b; })
-
#define REISERFS_SUPER_BLOCK_OFFSET 0x10000
#define REISERFS_MAGIC_LEN 12
#define REISERFS_MAGIC_STRING "ReIsEr"
@@ -1076,7 +1066,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node,
grub_reiserfs_set_key_type (&key, GRUB_REISERFS_ANY, 2);
initial_position = off;
current_position = 0;
- final_position = MIN (len + initial_position, node->size);
+ final_position = grub_min (len + initial_position, node->size);
grub_dprintf ("reiserfs",
"Reading from %lld to %lld (%lld instead of requested %ld)\n",
(unsigned long long) initial_position,
@@ -1115,8 +1105,8 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node,
grub_dprintf ("reiserfs_blocktype", "D: %u\n", (unsigned) block);
if (initial_position < current_position + item_size)
{
- offset = MAX ((signed) (initial_position - current_position), 0);
- length = (MIN (item_size, final_position - current_position)
+ offset = grub_max ((signed) (initial_position - current_position), 0);
+ length = (grub_min (item_size, final_position - current_position)
- offset);
grub_dprintf ("reiserfs",
"Reading direct block %u from %u to %u...\n",
@@ -1161,9 +1151,9 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node,
grub_dprintf ("reiserfs_blocktype", "I: %u\n", (unsigned) block);
if (current_position + block_size >= initial_position)
{
- offset = MAX ((signed) (initial_position - current_position),
- 0);
- length = (MIN (block_size, final_position - current_position)
+ offset = grub_max ((signed) (initial_position - current_position),
+ 0);
+ length = (grub_min (block_size, final_position - current_position)
- offset);
grub_dprintf ("reiserfs",
"Reading indirect block %u from %u to %u...\n",
@@ -1205,7 +1195,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node,
switch (found.type)
{
case GRUB_REISERFS_DIRECT:
- read_length = MIN (len, item_size - file->offset);
+ read_length = grub_min (len, item_size - file->offset);
grub_disk_read (found.data->disk,
(found.block_number * block_size) / GRUB_DISK_SECTOR_SIZE,
grub_le_to_cpu16 (found.header.item_location) + file->offset,
@@ -1224,12 +1214,12 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node,
item_size, (char *) indirect_block_ptr);
if (grub_errno)
goto fail;
- len = MIN (len, file->size - file->offset);
+ len = grub_min (len, file->size - file->offset);
for (indirect_block = file->offset / block_size;
indirect_block < indirect_block_count && read_length < len;
indirect_block++)
{
- read = MIN (block_size, len - read_length);
+ read = grub_min (block_size, len - read_length);
grub_disk_read (found.data->disk,
(grub_le_to_cpu32 (indirect_block_ptr[indirect_block]) * block_size) / GRUB_DISK_SECTOR_SIZE,
file->offset % block_size, read,
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index 0f524c3a8a..e3816d1ec4 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -192,6 +192,11 @@ struct grub_xfs_time_legacy
grub_uint32_t nanosec;
} GRUB_PACKED;
+/*
+ * The struct grub_xfs_inode layout was taken from the
+ * struct xfs_dinode_core which is described here:
+ * https://mirrors.edge.kernel.org/pub/linux/utils/fs/xfs/docs/xfs_filesystem_structure.pdf
+ */
struct grub_xfs_inode
{
grub_uint8_t magic[2];
@@ -208,14 +213,15 @@ struct grub_xfs_inode
grub_uint32_t nextents;
grub_uint16_t unused3;
grub_uint8_t fork_offset;
- grub_uint8_t unused4[37];
+ grub_uint8_t unused4[17]; /* Last member of inode v2. */
+ grub_uint8_t unused5[20]; /* First member of inode v3. */
grub_uint64_t flags2;
- grub_uint8_t unused5[48];
+ grub_uint8_t unused6[48]; /* Last member of inode v3. */
} GRUB_PACKED;
#define XFS_V3_INODE_SIZE sizeof(struct grub_xfs_inode)
-/* Size of struct grub_xfs_inode until fork_offset (included). */
-#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 92)
+/* Size of struct grub_xfs_inode v2, up to unused4 member included. */
+#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76)
struct grub_xfs_dirblock_tail
{
diff --git a/grub-core/gdb/cstub.c b/grub-core/gdb/cstub.c
index b64acd70fe..99281472d3 100644
--- a/grub-core/gdb/cstub.c
+++ b/grub-core/gdb/cstub.c
@@ -215,7 +215,6 @@ grub_gdb_trap (int trap_no)
grub_printf ("Unhandled exception 0x%x at ", trap_no);
grub_backtrace_print_address ((void *) grub_gdb_regs[PC]);
grub_printf ("\n");
- grub_backtrace_pointer ((void *) grub_gdb_regs[EBP]);
grub_fatal ("Unhandled exception");
}
diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in
index 1250589b3f..c2c5280d75 100644
--- a/grub-core/genmod.sh.in
+++ b/grub-core/genmod.sh.in
@@ -57,8 +57,11 @@ if test x@TARGET_APPLE_LINKER@ != x1; then
@TARGET_STRIP@ --strip-unneeded \
-K grub_mod_init -K grub_mod_fini \
-K _grub_mod_init -K _grub_mod_fini \
- -R .note.gnu.gold-version -R .note.GNU-stack \
+ -R .note.GNU-stack \
+ -R .note.gnu.gold-version \
+ -R .note.gnu.property \
-R .gnu.build.attributes \
+ -R '.llvm*' \
-R .rel.gnu.build.attributes \
-R .rela.gnu.build.attributes \
-R .eh_frame -R .rela.eh_frame -R .rel.eh_frame \
diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
index 4d02e62c10..87a912ac6e 100644
--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
@@ -424,6 +424,13 @@ grub_gettext_init_ext (struct grub_gettext_context *ctx,
grub_free (lang);
}
+ /* If no translations are available, fall back to untranslated text. */
+ if (err == GRUB_ERR_FILE_NOT_FOUND)
+ {
+ grub_errno = GRUB_ERR_NONE;
+ return 0;
+ }
+
if (locale[0] == 'e' && locale[1] == 'n'
&& (locale[2] == '\0' || locale[2] == '_'))
grub_errno = err = GRUB_ERR_NONE;
@@ -434,16 +441,12 @@ static char *
grub_gettext_env_write_lang (struct grub_env_var *var
__attribute__ ((unused)), const char *val)
{
- grub_err_t err;
+ grub_err_t __attribute__((__unused__)) err;
err = grub_gettext_init_ext (&main_context, val, grub_env_get ("locale_dir"),
grub_env_get ("prefix"));
- if (err)
- grub_print_error ();
err = grub_gettext_init_ext (&secondary_context, val,
grub_env_get ("secondary_locale_dir"), 0);
- if (err)
- grub_print_error ();
return grub_strdup (val);
}
@@ -451,23 +454,19 @@ grub_gettext_env_write_lang (struct grub_env_var *var
void
grub_gettext_reread_prefix (const char *val)
{
- grub_err_t err;
+ grub_err_t __attribute__((__unused__)) err;
err = grub_gettext_init_ext (&main_context, grub_env_get ("lang"),
grub_env_get ("locale_dir"),
val);
- if (err)
- grub_print_error ();
}
static char *
read_main (struct grub_env_var *var
__attribute__ ((unused)), const char *val)
{
- grub_err_t err;
+ grub_err_t __attribute__((__unused__)) err;
err = grub_gettext_init_ext (&main_context, grub_env_get ("lang"), val,
grub_env_get ("prefix"));
- if (err)
- grub_print_error ();
return grub_strdup (val);
}
@@ -475,12 +474,9 @@ static char *
read_secondary (struct grub_env_var *var
__attribute__ ((unused)), const char *val)
{
- grub_err_t err;
+ grub_err_t __attribute__((__unused__)) err;
err = grub_gettext_init_ext (&secondary_context, grub_env_get ("lang"), val,
0);
- if (err)
- grub_print_error ();
-
return grub_strdup (val);
}
@@ -500,18 +496,14 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)),
GRUB_MOD_INIT (gettext)
{
const char *lang;
- grub_err_t err;
+ grub_err_t __attribute__((__unused__)) err;
lang = grub_env_get ("lang");
err = grub_gettext_init_ext (&main_context, lang, grub_env_get ("locale_dir"),
grub_env_get ("prefix"));
- if (err)
- grub_print_error ();
err = grub_gettext_init_ext (&secondary_context, lang,
grub_env_get ("secondary_locale_dir"), 0);
- if (err)
- grub_print_error ();
grub_register_variable_hook ("locale_dir", NULL, read_main);
grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary);
diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c
index a458c3aca7..1637731535 100644
--- a/grub-core/io/bufio.c
+++ b/grub-core/io/bufio.c
@@ -139,7 +139,7 @@ grub_bufio_read (grub_file_t file, char *buf, grub_size_t len)
return res;
/* Need to read some more. */
- next_buf = (file->offset + res + len - 1) & ~((grub_off_t) bufio->block_size - 1);
+ next_buf = (grub_divmod64 (file->offset + res + len - 1, bufio->block_size, NULL)) * bufio->block_size;
/* Now read between file->offset + res and bufio->buffer_at. */
if (file->offset + res < next_buf)
{
diff --git a/grub-core/kern/arm/dl.c b/grub-core/kern/arm/dl.c
index eab9d17ff2..9260737936 100644
--- a/grub-core/kern/arm/dl.c
+++ b/grub-core/kern/arm/dl.c
@@ -278,3 +278,16 @@ grub_arch_dl_check_header (void *ehdr)
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ return 4096;
+#else
+ return 1;
+#endif
+}
diff --git a/grub-core/kern/arm/efi/startup.S b/grub-core/kern/arm/efi/startup.S
index 9f8265315a..f3bc41f9d0 100644
--- a/grub-core/kern/arm/efi/startup.S
+++ b/grub-core/kern/arm/efi/startup.S
@@ -23,6 +23,8 @@
.file "startup.S"
.text
.arm
+ .globl start, _start
+FUNCTION(start)
FUNCTION(_start)
/*
* EFI_SYSTEM_TABLE and EFI_HANDLE are passed in r1/r0.
diff --git a/grub-core/kern/arm/startup.S b/grub-core/kern/arm/startup.S
index 3946fe8e18..5679a1d00a 100644
--- a/grub-core/kern/arm/startup.S
+++ b/grub-core/kern/arm/startup.S
@@ -48,6 +48,8 @@
.text
.arm
+ .globl start, _start
+FUNCTION(start)
FUNCTION(_start)
b codestart
diff --git a/grub-core/kern/arm64/backtrace.c b/grub-core/kern/arm64/backtrace.c
new file mode 100644
index 0000000000..019c6fdfef
--- /dev/null
+++ b/grub-core/kern/arm64/backtrace.c
@@ -0,0 +1,94 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#define MAX_STACK_FRAME 102400
+
+struct fplr
+{
+ void *lr;
+ struct fplr *fp;
+};
+
+void
+grub_backtrace_pointer (void *frame, unsigned int skip)
+{
+ unsigned int x = 0;
+ struct fplr *fplr = (struct fplr *)frame;
+
+ while (fplr)
+ {
+ const char *name = NULL;
+ char *addr = NULL;
+
+ grub_dprintf("backtrace", "fp is %p next_fp is %p\n",
+ fplr, fplr->fp);
+
+ if (x >= skip)
+ {
+ name = grub_get_symbol_by_addr (fplr->lr, 1);
+ if (name)
+ addr = grub_resolve_symbol (name);
+ grub_backtrace_print_address (fplr->lr);
+
+ if (addr && addr != fplr->lr)
+ grub_printf (" %s() %p+%p \n", name ? name : "unknown", addr,
+ (void *)((grub_uint64_t)fplr->lr - (grub_uint64_t)addr));
+ else
+ grub_printf(" %s() %p \n", name ? name : "unknown", addr);
+
+ }
+
+ x += 1;
+
+ if (fplr->fp < fplr ||
+ (grub_uint64_t)fplr->fp - (grub_uint64_t)fplr > MAX_STACK_FRAME ||
+ fplr->fp == fplr)
+ {
+ break;
+ }
+ fplr = fplr->fp;
+ }
+}
+
+asm ("\t.global \"_text\"\n"
+ "_text:\n"
+ "\t.quad .text\n"
+ "\t.global \"_data\"\n"
+ "_data:\n"
+ "\t.quad .data\n"
+ );
+
+extern grub_uint64_t _text;
+extern grub_uint64_t _data;
+
+void
+grub_backtrace_arch (unsigned int skip)
+{
+ grub_printf ("Backtrace (.text %p .data %p):\n",
+ (void *)_text, (void *)_data);
+ skip += 1;
+ grub_backtrace_pointer(__builtin_frame_address(0), skip);
+}
diff --git a/grub-core/kern/arm64/dl.c b/grub-core/kern/arm64/dl.c
index 512e5a80b0..0d4a26857f 100644
--- a/grub-core/kern/arm64/dl.c
+++ b/grub-core/kern/arm64/dl.c
@@ -196,3 +196,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ return 4096;
+#else
+ return 1;
+#endif
+}
diff --git a/grub-core/kern/arm64/efi/startup.S b/grub-core/kern/arm64/efi/startup.S
index 666a7ee3c9..41676bdb2b 100644
--- a/grub-core/kern/arm64/efi/startup.S
+++ b/grub-core/kern/arm64/efi/startup.S
@@ -19,7 +19,9 @@
#include
.file "startup.S"
+ .globl start, _start
.text
+FUNCTION(start)
FUNCTION(_start)
/*
* EFI_SYSTEM_TABLE and EFI_HANDLE are passed in x1/x0.
diff --git a/grub-core/kern/backtrace.c b/grub-core/kern/backtrace.c
new file mode 100644
index 0000000000..4a82e865cc
--- /dev/null
+++ b/grub-core/kern/backtrace.c
@@ -0,0 +1,97 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static void
+grub_backtrace_print_address_default (void *addr)
+{
+#ifndef GRUB_UTIL
+ grub_dl_t mod;
+ void *start_addr;
+
+ FOR_DL_MODULES (mod)
+ {
+ grub_dl_segment_t segment;
+ for (segment = mod->segment; segment; segment = segment->next)
+ if (segment->addr <= addr && (grub_uint8_t *) segment->addr
+ + segment->size > (grub_uint8_t *) addr)
+ {
+ grub_printf ("%s.%x+%" PRIxGRUB_SIZE, mod->name,
+ segment->section,
+ (grub_size_t)
+ ((grub_uint8_t *)addr - (grub_uint8_t *)segment->addr));
+ return;
+ }
+ }
+
+ start_addr = grub_resolve_symbol ("_start");
+ if (start_addr && start_addr < addr)
+ grub_printf ("kernel+%" PRIxGRUB_SIZE,
+ (grub_size_t)
+ ((grub_uint8_t *)addr - (grub_uint8_t *)start_addr));
+ else
+#endif
+ grub_printf ("%p", addr);
+}
+
+static void
+grub_backtrace_pointer_default (void *frame __attribute__((__unused__)),
+ unsigned int skip __attribute__((__unused__)))
+{
+ return;
+}
+
+void
+grub_backtrace_pointer (void *frame, unsigned int skip)
+ __attribute__((__weak__,
+ __alias__(("grub_backtrace_pointer_default"))));
+
+void
+grub_backtrace_print_address (void *addr)
+ __attribute__((__weak__,
+ __alias__(("grub_backtrace_print_address_default"))));
+
+static void
+grub_backtrace_arch_default(unsigned int skip)
+{
+ grub_backtrace_pointer(__builtin_frame_address(0), skip + 1);
+}
+
+void grub_backtrace_arch (unsigned int skip)
+ __attribute__((__weak__, __alias__(("grub_backtrace_arch_default"))));
+
+void grub_backtrace (unsigned int skip)
+{
+ grub_backtrace_arch(skip + 1);
+}
+
+void grub_debug_backtrace (const char * const debug,
+ unsigned int skip)
+{
+ if (grub_debug_enabled (debug))
+ grub_backtrace (skip + 1);
+}
diff --git a/grub-core/kern/device.c b/grub-core/kern/device.c
index 73b8ecc0c0..f58b58c89d 100644
--- a/grub-core/kern/device.c
+++ b/grub-core/kern/device.c
@@ -34,6 +34,7 @@ grub_device_open (const char *name)
{
grub_device_t dev = 0;
+ grub_dprintf ("device", "opening device %s\n", name);
if (! name)
{
name = grub_env_get ("root");
diff --git a/grub-core/kern/disk.c b/grub-core/kern/disk.c
index e1b0e073e0..05a28ab142 100644
--- a/grub-core/kern/disk.c
+++ b/grub-core/kern/disk.c
@@ -285,6 +285,8 @@ grub_disk_open (const char *name)
return 0;
}
+ grub_dprintf ("disk", "Opening `%s' succeeded.\n", name);
+
return disk;
}
@@ -292,7 +294,7 @@ void
grub_disk_close (grub_disk_t disk)
{
grub_partition_t part;
- grub_dprintf ("disk", "Closing `%s'.\n", disk->name);
+ grub_dprintf ("disk", "Closing `%s'...\n", disk->name);
if (disk->dev && disk->dev->disk_close)
(disk->dev->disk_close) (disk);
@@ -306,8 +308,10 @@ grub_disk_close (grub_disk_t disk)
grub_free (disk->partition);
disk->partition = part;
}
+ grub_dprintf ("disk", "Closing `%s' succeeded.\n", disk->name);
grub_free ((void *) disk->name);
grub_free (disk);
+
}
/* Small read (less than cache size and not pass across cache unit boundaries).
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 48f8a79073..d5de80186f 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -32,12 +32,21 @@
#include
#include
#include
+#include
/* Platforms where modules are in a readonly area of memory. */
#if defined(GRUB_MACHINE_QEMU)
#define GRUB_MODULES_MACHINE_READONLY
#endif
+#ifdef GRUB_MACHINE_EMU
+#include
+#endif
+
+#ifdef GRUB_MACHINE_EFI
+#include
+#endif
+
#pragma GCC diagnostic ignored "-Wcast-align"
@@ -115,6 +124,50 @@ grub_dl_resolve_symbol (const char *name)
return 0;
}
+void *
+grub_resolve_symbol (const char *name)
+{
+ grub_symbol_t sym;
+
+ sym = grub_dl_resolve_symbol (name);
+ if (sym)
+ return sym->addr;
+ return NULL;
+}
+
+const char *
+grub_get_symbol_by_addr(const void *addr, int isfunc)
+{
+ unsigned int i;
+ grub_symbol_t before = NULL, after = NULL;
+ for (i = 0; i < GRUB_SYMTAB_SIZE; i++)
+ {
+ grub_symbol_t sym;
+ for (sym = grub_symtab[i]; sym; sym = sym->next)
+ {
+ //grub_printf ("addr 0x%08llx symbol %s\n", (unsigned long long)sym->addr, sym->name);
+ if (sym->addr > addr)
+ {
+ if (!after || sym->addr > after->addr)
+ after = sym;
+ }
+
+ if (isfunc != sym->isfunc)
+ continue;
+ if (sym->addr > addr)
+ continue;
+
+ if ((!before && sym->addr <= addr) || (before && before->addr <= sym->addr))
+ before = sym;
+ }
+ }
+
+ if (before && addr < after->addr)
+ return before->name;
+
+ return NULL;
+}
+
/* Register a symbol with the name NAME and the address ADDR. */
grub_err_t
grub_dl_register_symbol (const char *name, void *addr, int isfunc,
@@ -224,7 +277,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
{
unsigned i;
const Elf_Shdr *s;
- grub_size_t tsize = 0, talign = 1;
+ grub_size_t tsize = 0, talign = 1, arch_addralign = 1;
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
grub_size_t tramp;
grub_size_t got;
@@ -232,13 +285,26 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
#endif
char *ptr;
+ grub_dprintf ("modules", "loading segments for \"%s\"\n", mod->name);
+
+ arch_addralign = grub_arch_dl_min_alignment ();
+
for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff);
i < e->e_shnum;
i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize))
{
- tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size;
- if (talign < s->sh_addralign)
- talign = s->sh_addralign;
+ grub_size_t sh_addralign;
+ grub_size_t sh_size;
+
+ if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC))
+ continue;
+
+ sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign);
+ sh_size = ALIGN_UP(s->sh_size, sh_addralign);
+
+ tsize = ALIGN_UP (tsize, sh_addralign) + sh_size;
+ if (talign < sh_addralign)
+ talign = sh_addralign;
}
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
@@ -267,6 +333,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
i < e->e_shnum;
i++, s = (Elf_Shdr *)((char *) s + e->e_shentsize))
{
+ grub_size_t sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign);
+ grub_size_t sh_size = ALIGN_UP(s->sh_size, sh_addralign);
+
if (s->sh_flags & SHF_ALLOC)
{
grub_dl_segment_t seg;
@@ -279,17 +348,19 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
{
void *addr;
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, s->sh_addralign);
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, sh_addralign);
addr = ptr;
- ptr += s->sh_size;
+ ptr += sh_size;
switch (s->sh_type)
{
case SHT_PROGBITS:
grub_memcpy (addr, (char *) e + s->sh_offset, s->sh_size);
+ grub_memset ((char *)addr + s->sh_size, 0,
+ sh_size - s->sh_size);
break;
case SHT_NOBITS:
- grub_memset (addr, 0, s->sh_size);
+ grub_memset (addr, 0, sh_size);
break;
}
@@ -298,7 +369,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
else
seg->addr = 0;
- seg->size = s->sh_size;
+ seg->size = sh_size;
seg->section = i;
seg->next = mod->segment;
mod->segment = seg;
@@ -315,6 +386,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
ptr += got;
#endif
+ grub_dprintf ("modules", "done loading segments for \"%s\"\n", mod->name);
return GRUB_ERR_NONE;
}
@@ -327,6 +399,7 @@ grub_dl_resolve_symbols (grub_dl_t mod, Elf_Ehdr *e)
const char *str;
Elf_Word size, entsize;
+ grub_dprintf ("modules", "Resolving symbols for \"%s\"\n", mod->name);
for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff);
i < e->e_shnum;
i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize))
@@ -457,14 +530,16 @@ grub_dl_find_section (Elf_Ehdr *e, const char *name)
Be sure to understand your license obligations.
*/
static grub_err_t
-grub_dl_check_license (Elf_Ehdr *e)
+grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
{
Elf_Shdr *s = grub_dl_find_section (e, ".module_license");
if (s && (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0
|| grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0
|| grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0))
return GRUB_ERR_NONE;
- return grub_error (GRUB_ERR_BAD_MODULE, "incompatible license");
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "incompatible license in module %s: %s", mod->name,
+ (char *) e + s->sh_offset);
}
static grub_err_t
@@ -573,6 +648,7 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr)
Elf_Shdr *s;
unsigned i;
+ grub_dprintf ("modules", "relocating symbols for \"%s\"\n", mod->name);
for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff);
i < e->e_shnum;
i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize))
@@ -581,25 +657,127 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr)
grub_dl_segment_t seg;
grub_err_t err;
- /* Find the target segment. */
- for (seg = mod->segment; seg; seg = seg->next)
- if (seg->section == s->sh_info)
- break;
+ seg = grub_dl_find_segment(mod, s->sh_info);
+ if (!seg)
+ continue;
- if (seg)
- {
- if (!mod->symtab)
- return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table");
+ if (!mod->symtab)
+ return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table");
- err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg);
- if (err)
- return err;
- }
+ err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg);
+ if (err)
+ return err;
}
+ grub_dprintf ("modules", "done relocating symbols for \"%s\"\n", mod->name);
return GRUB_ERR_NONE;
}
+static grub_err_t
+grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
+{
+ unsigned i;
+ const Elf_Shdr *s;
+ const Elf_Ehdr *e = ehdr;
+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
+ grub_size_t arch_addralign = grub_arch_dl_min_alignment ();
+ grub_addr_t tgaddr;
+ grub_uint64_t tgsz;
+#endif
+
+ grub_dprintf ("modules", "updating memory attributes for \"%s\"\n",
+ mod->name);
+ for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff);
+ i < e->e_shnum;
+ i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize))
+ {
+ grub_dl_segment_t seg;
+ grub_uint64_t set_attrs = GRUB_MEM_ATTR_R;
+ grub_uint64_t clear_attrs = GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X;
+
+ seg = grub_dl_find_segment(mod, i);
+ if (!seg)
+ continue;
+
+ if (seg->size == 0 || !(s->sh_flags & SHF_ALLOC))
+ continue;
+
+ if (s->sh_flags & SHF_WRITE)
+ {
+ set_attrs |= GRUB_MEM_ATTR_W;
+ clear_attrs &= ~GRUB_MEM_ATTR_W;
+ }
+
+ if (s->sh_flags & SHF_EXECINSTR)
+ {
+ set_attrs |= GRUB_MEM_ATTR_X;
+ clear_attrs &= ~GRUB_MEM_ATTR_X;
+ }
+
+ grub_dprintf ("modules", "setting memory attrs for section \"%s\" to -%s%s%s+%s%s%s\n",
+ grub_dl_get_section_name(e, s),
+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "",
+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "");
+ grub_update_mem_attrs ((grub_addr_t)(seg->addr), seg->size, set_attrs, clear_attrs);
+ }
+
+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
+ tgaddr = grub_min((grub_addr_t)mod->tramp, (grub_addr_t)mod->got);
+ tgsz = grub_max((grub_addr_t)mod->trampptr, (grub_addr_t)mod->gotptr) - tgaddr;
+
+ if (tgsz)
+ {
+ tgsz = ALIGN_UP(tgsz, arch_addralign);
+
+ grub_dprintf ("modules", "updating attributes for GOT and trampolines\n",
+ mod->name);
+ grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X,
+ GRUB_MEM_ATTR_W);
+ }
+#endif
+
+ grub_dprintf ("modules", "done updating module memory attributes for \"%s\"\n",
+ mod->name);
+
+ return GRUB_ERR_NONE;
+}
+
+static void
+grub_dl_print_gdb_info (grub_dl_t mod, Elf_Ehdr *e)
+{
+ void *text, *data = NULL;
+ long idx;
+
+ idx = grub_dl_find_section_index (e, ".text");
+ if (idx < 0)
+ return;
+
+ text = grub_dl_get_section_addr (mod, idx);
+ if (!text)
+ return;
+
+ idx = grub_dl_find_section_index (e, ".data");
+ if (idx >= 0)
+ data = grub_dl_get_section_addr (mod, idx);
+
+ if (data)
+ grub_qdprintf ("gdb", "add-symbol-file \\\n"
+ "/usr/lib/debug/usr/lib/grub/%s-%s/%s.debug "
+ "\\\n %p -s .data %p\n",
+ GRUB_TARGET_CPU, GRUB_PLATFORM,
+ mod->name, text, data);
+ else
+ grub_qdprintf ("gdb", "add-symbol-file \\\n"
+ "/usr/lib/debug/usr/lib/grub/%s-%s/%s.debug "
+ "\\\n%p\n",
+ GRUB_TARGET_CPU, GRUB_PLATFORM,
+ mod->name, text);
+}
+
/* Load a module from core memory. */
grub_dl_t
grub_dl_load_core_noinit (void *addr, grub_size_t size)
@@ -633,6 +811,7 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size)
mod->ref_count = 1;
grub_dprintf ("modules", "relocating to %p\n", mod);
+
/* Me, Vladimir Serbinenko, hereby I add this module check as per new
GNU module policy. Note that this license check is informative only.
Modules have to be licensed under GPLv3 or GPLv3+ (optionally
@@ -641,12 +820,13 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size)
constitutes linking) and GRUB core being licensed under GPLv3+.
Be sure to understand your license obligations.
*/
- if (grub_dl_check_license (e)
- || grub_dl_resolve_name (mod, e)
+ if (grub_dl_resolve_name (mod, e)
+ || grub_dl_check_license (mod, e)
|| grub_dl_resolve_dependencies (mod, e)
|| grub_dl_load_segments (mod, e)
|| grub_dl_resolve_symbols (mod, e)
- || grub_dl_relocate_symbols (mod, e))
+ || grub_dl_relocate_symbols (mod, e)
+ || grub_dl_set_mem_attrs (mod, e))
{
mod->fini = 0;
grub_dl_unload (mod);
@@ -658,6 +838,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size)
grub_dprintf ("modules", "module name: %s\n", mod->name);
grub_dprintf ("modules", "init function: %p\n", mod->init);
+ grub_dl_print_gdb_info (mod, e);
+
if (grub_dl_add (mod))
{
grub_dl_unload (mod);
@@ -695,6 +877,19 @@ grub_dl_load_file (const char *filename)
void *core = 0;
grub_dl_t mod = 0;
+#ifdef GRUB_MACHINE_EFI
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ {
+#if 0
+ /* This is an error, but grub2-mkconfig still generates a pile of
+ * insmod commands, so emitting it would be mostly just obnoxious. */
+ grub_error (GRUB_ERR_ACCESS_DENIED,
+ "Secure Boot forbids loading module from %s", filename);
+#endif
+ return 0;
+ }
+#endif
+
grub_boot_time ("Loading module %s", filename);
file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE);
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index 8cff7be028..4ac2b2754e 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -95,6 +95,19 @@ grub_efi_locate_handle (grub_efi_locate_search_type_t search_type,
return buffer;
}
+grub_efi_status_t
+grub_efi_connect_controller (grub_efi_handle_t controller_handle,
+ grub_efi_handle_t *driver_image_handle,
+ grub_efi_device_path_protocol_t *remaining_device_path,
+ grub_efi_boolean_t recursive)
+{
+ grub_efi_boot_services_t *b;
+
+ b = grub_efi_system_table->boot_services;
+ return efi_call_4 (b->connect_controller, controller_handle,
+ driver_image_handle, remaining_device_path, recursive);
+}
+
void *
grub_efi_open_protocol (grub_efi_handle_t handle,
grub_efi_guid_t *protocol,
@@ -165,11 +178,16 @@ grub_reboot (void)
}
void
-grub_exit (void)
+grub_exit (int retval)
{
+ grub_efi_status_t rc = GRUB_EFI_LOAD_ERROR;
+
+ if (retval == 0)
+ rc = GRUB_EFI_SUCCESS;
+
grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
efi_call_4 (grub_efi_system_table->boot_services->exit,
- grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0);
+ grub_efi_image_handle, rc, 0, 0);
for (;;) ;
}
@@ -220,6 +238,9 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid,
if (status == GRUB_EFI_SUCCESS)
return GRUB_ERR_NONE;
+ if (status == GRUB_EFI_NOT_FOUND && datasize == 0)
+ return GRUB_ERR_NONE;
+
return grub_error (GRUB_ERR_IO, "could not set EFI variable `%s'", var);
}
@@ -291,7 +312,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
/* Search the mods section from the PE32/PE32+ image. This code uses
a PE32 header, but should work with PE32+ as well. */
grub_addr_t
-grub_efi_modules_addr (void)
+grub_efi_section_addr (const char *section_name)
{
grub_efi_loaded_image_t *image;
struct grub_pe32_header *header;
@@ -316,7 +337,7 @@ grub_efi_modules_addr (void)
i < coff_header->num_sections;
i++, section++)
{
- if (grub_strcmp (section->name, "mods") == 0)
+ if (grub_strcmp (section->name, section_name) == 0)
break;
}
@@ -750,7 +771,7 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
{
grub_efi_ipv4_device_path_t *ipv4
= (grub_efi_ipv4_device_path_t *) dp;
- grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x)",
+ grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x",
(unsigned) ipv4->local_ip_address[0],
(unsigned) ipv4->local_ip_address[1],
(unsigned) ipv4->local_ip_address[2],
@@ -763,33 +784,60 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
(unsigned) ipv4->remote_port,
(unsigned) ipv4->protocol,
(unsigned) ipv4->static_ip_address);
+ if (len == sizeof (*ipv4))
+ {
+ grub_printf (",%u.%u.%u.%u,%u.%u.%u.%u",
+ (unsigned) ipv4->gateway_ip_address[0],
+ (unsigned) ipv4->gateway_ip_address[1],
+ (unsigned) ipv4->gateway_ip_address[2],
+ (unsigned) ipv4->gateway_ip_address[3],
+ (unsigned) ipv4->subnet_mask[0],
+ (unsigned) ipv4->subnet_mask[1],
+ (unsigned) ipv4->subnet_mask[2],
+ (unsigned) ipv4->subnet_mask[3]);
+ }
+ grub_printf (")");
}
break;
case GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE:
{
grub_efi_ipv6_device_path_t *ipv6
= (grub_efi_ipv6_device_path_t *) dp;
- grub_printf ("/IPv6(%x:%x:%x:%x:%x:%x:%x:%x,%x:%x:%x:%x:%x:%x:%x:%x,%u,%u,%x,%x)",
- (unsigned) ipv6->local_ip_address[0],
- (unsigned) ipv6->local_ip_address[1],
- (unsigned) ipv6->local_ip_address[2],
- (unsigned) ipv6->local_ip_address[3],
- (unsigned) ipv6->local_ip_address[4],
- (unsigned) ipv6->local_ip_address[5],
- (unsigned) ipv6->local_ip_address[6],
- (unsigned) ipv6->local_ip_address[7],
- (unsigned) ipv6->remote_ip_address[0],
- (unsigned) ipv6->remote_ip_address[1],
- (unsigned) ipv6->remote_ip_address[2],
- (unsigned) ipv6->remote_ip_address[3],
- (unsigned) ipv6->remote_ip_address[4],
- (unsigned) ipv6->remote_ip_address[5],
- (unsigned) ipv6->remote_ip_address[6],
- (unsigned) ipv6->remote_ip_address[7],
+ grub_printf ("/IPv6(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x,%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x,%u,%u,%x,%x",
+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[0]),
+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[1]),
+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[2]),
+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[3]),
+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[4]),
+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[5]),
+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[6]),
+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[7]),
+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[0]),
+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[1]),
+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[2]),
+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[3]),
+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[4]),
+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[5]),
+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[6]),
+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[7]),
(unsigned) ipv6->local_port,
(unsigned) ipv6->remote_port,
(unsigned) ipv6->protocol,
(unsigned) ipv6->static_ip_address);
+ if (len == sizeof (*ipv6))
+ {
+ grub_printf (",%u,%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x",
+ (unsigned) ipv6->prefix_length,
+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[0]),
+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[1]),
+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[2]),
+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[3]),
+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[4]),
+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[5]),
+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[6]),
+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[7]));
+ }
+ grub_printf (")");
}
break;
case GRUB_EFI_INFINIBAND_DEVICE_PATH_SUBTYPE:
@@ -829,6 +877,39 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
dump_vendor_path ("Messaging",
(grub_efi_vendor_device_path_t *) dp);
break;
+ case GRUB_EFI_URI_DEVICE_PATH_SUBTYPE:
+ {
+ grub_efi_uri_device_path_t *uri
+ = (grub_efi_uri_device_path_t *) dp;
+ grub_printf ("/URI(%s)", uri->uri);
+ }
+ break;
+ case GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE:
+ {
+ grub_efi_dns_device_path_t *dns
+ = (grub_efi_dns_device_path_t *) dp;
+ if (dns->is_ipv6)
+ {
+ grub_printf ("/DNS(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x)",
+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[0]) >> 16),
+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[0])),
+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[1]) >> 16),
+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[1])),
+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[2]) >> 16),
+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[2])),
+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[3]) >> 16),
+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[3])));
+ }
+ else
+ {
+ grub_printf ("/DNS(%d.%d.%d.%d)",
+ dns->dns_server_ip[0].v4.addr[0],
+ dns->dns_server_ip[0].v4.addr[1],
+ dns->dns_server_ip[0].v4.addr[2],
+ dns->dns_server_ip[0].v4.addr[3]);
+ }
+ }
+ break;
default:
grub_printf ("/UnknownMessaging(%x)", (unsigned) subtype);
break;
@@ -1015,3 +1096,39 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
return 0;
}
+
+grub_err_t
+grub_efi_status_to_err (grub_efi_status_t status)
+{
+ grub_err_t err;
+ switch (status)
+ {
+ case GRUB_EFI_SUCCESS:
+ err = GRUB_ERR_NONE;
+ break;
+ case GRUB_EFI_INVALID_PARAMETER:
+ default:
+ err = GRUB_ERR_BAD_ARGUMENT;
+ break;
+ case GRUB_EFI_OUT_OF_RESOURCES:
+ err = GRUB_ERR_OUT_OF_MEMORY;
+ break;
+ case GRUB_EFI_DEVICE_ERROR:
+ err = GRUB_ERR_IO;
+ break;
+ case GRUB_EFI_WRITE_PROTECTED:
+ err = GRUB_ERR_WRITE_ERROR;
+ break;
+ case GRUB_EFI_SECURITY_VIOLATION:
+ err = GRUB_ERR_ACCESS_DENIED;
+ break;
+ case GRUB_EFI_NOT_FOUND:
+ err = GRUB_ERR_FILE_NOT_FOUND;
+ break;
+ case GRUB_EFI_ABORTED:
+ err = GRUB_ERR_WAIT;
+ break;
+ }
+
+ return err;
+}
diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index 7facacf09c..0574d8d621 100644
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -27,8 +27,11 @@
#include
#include
#include
+
#include
+#include
+
#ifdef GRUB_STACK_PROTECTOR
static grub_efi_guid_t rng_protocol_guid = GRUB_EFI_RNG_PROTOCOL_GUID;
@@ -82,10 +85,58 @@ stack_protector_init (void)
grub_addr_t grub_modbase;
+/* Helper for grub_efi_env_init */
+static int
+set_var (const char *name, const char *value,
+ void *whitelist __attribute__((__unused__)))
+{
+ grub_env_set (name, value);
+ return 0;
+}
+
+static void
+grub_efi_env_init (void)
+{
+ grub_efi_guid_t efi_grub_guid = GRUB_EFI_GRUB_VARIABLE_GUID;
+ struct grub_envblk envblk_s = { NULL, 0 };
+ grub_envblk_t envblk = &envblk_s;
+
+ grub_efi_get_variable ("GRUB_ENV", &efi_grub_guid, &envblk_s.size,
+ (void **) &envblk_s.buf);
+ if (!envblk_s.buf || envblk_s.size < 1)
+ return;
+
+ grub_envblk_iterate (envblk, NULL, set_var);
+ grub_free (envblk_s.buf);
+}
+
+static void
+grub_efi_print_gdb_info (void)
+{
+ grub_addr_t text;
+ grub_addr_t data;
+
+ text = grub_efi_section_addr (".text");
+ if (!text)
+ return;
+
+ data = grub_efi_section_addr (".data");
+ if (data)
+ grub_qdprintf ("gdb",
+ "add-symbol-file /usr/lib/debug/usr/lib/grub/%s-%s/"
+ "kernel.exec %p -s .data %p\n",
+ GRUB_TARGET_CPU, GRUB_PLATFORM, (void *)text, (void *)data);
+ else
+ grub_qdprintf ("gdb",
+ "add-symbol-file /usr/lib/debug/usr/lib/grub/%s-%s/"
+ "kernel.exec %p\n",
+ GRUB_TARGET_CPU, GRUB_PLATFORM, (void *)text);
+}
+
void
grub_efi_init (void)
{
- grub_modbase = grub_efi_modules_addr ();
+ grub_modbase = grub_efi_section_addr ("mods");
/* First of all, initialize the console so that GRUB can display
messages. */
grub_console_init ();
@@ -108,10 +159,12 @@ grub_efi_init (void)
efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer,
0, 0, 0, NULL);
+ grub_efi_env_init ();
+ grub_efi_print_gdb_info ();
grub_efidisk_init ();
}
-void (*grub_efi_net_config) (grub_efi_handle_t hnd,
+void (*grub_efi_net_config) (grub_efi_handle_t hnd,
char **device,
char **path);
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 9838fb2f50..0288eab361 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address,
}
}
+/* Allocate pages below a specified address */
+void *
+grub_efi_allocate_pages_max (grub_efi_physical_address_t max,
+ grub_efi_uintn_t pages)
+{
+ grub_efi_status_t status;
+ grub_efi_boot_services_t *b;
+ grub_efi_physical_address_t address = max;
+
+ if (max > GRUB_EFI_MAX_USABLE_ADDRESS)
+ return 0;
+
+ b = grub_efi_system_table->boot_services;
+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address);
+
+ if (status != GRUB_EFI_SUCCESS)
+ return 0;
+
+ if (address == 0)
+ {
+ /* Uggh, the address 0 was allocated... This is too annoying,
+ so reallocate another one. */
+ address = max;
+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address);
+ grub_efi_free_pages (0, pages);
+ if (status != GRUB_EFI_SUCCESS)
+ return 0;
+ }
+
+ return (void *) ((grub_addr_t) address);
+}
+
/* Allocate pages. Return the pointer to the first of allocated pages. */
void *
grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
@@ -122,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
{
grub_efi_status_t status;
grub_efi_boot_services_t *b;
+ grub_efi_physical_address_t ret = address;
/* Limit the memory access to less than 4GB for 32-bit platforms. */
if (address > GRUB_EFI_MAX_USABLE_ADDRESS)
@@ -138,19 +171,22 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
}
b = grub_efi_system_table->boot_services;
- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret);
if (status != GRUB_EFI_SUCCESS)
{
+ grub_dprintf ("efi",
+ "allocate_pages(%d, %d, 0x%0lx, 0x%016lx) = 0x%016lx\n",
+ alloctype, memtype, pages, address, status);
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
return NULL;
}
- if (address == 0)
+ if (ret == 0)
{
/* Uggh, the address 0 was allocated... This is too annoying,
so reallocate another one. */
- address = GRUB_EFI_MAX_USABLE_ADDRESS;
- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address);
+ ret = address;
+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret);
grub_efi_free_pages (0, pages);
if (status != GRUB_EFI_SUCCESS)
{
@@ -159,9 +195,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
}
}
- grub_efi_store_alloc (address, pages);
+ grub_efi_store_alloc (ret, pages);
- return (void *) ((grub_addr_t) address);
+ return (void *) ((grub_addr_t) ret);
}
void *
@@ -444,7 +480,7 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map,
{
if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY
#if 1
- && desc->physical_start <= GRUB_EFI_MAX_USABLE_ADDRESS
+ && desc->physical_start <= GRUB_EFI_MAX_ALLOCATION_ADDRESS
#endif
&& desc->physical_start + PAGES_TO_BYTES (desc->num_pages) > 0x100000
&& desc->num_pages != 0)
@@ -462,9 +498,9 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map,
#if 1
if (BYTES_TO_PAGES (filtered_desc->physical_start)
+ filtered_desc->num_pages
- > BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_USABLE_ADDRESS))
+ > BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_ALLOCATION_ADDRESS))
filtered_desc->num_pages
- = (BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_USABLE_ADDRESS)
+ = (BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_ALLOCATION_ADDRESS)
- BYTES_TO_PAGES (filtered_desc->physical_start));
#endif
@@ -574,6 +610,82 @@ print_memory_map (grub_efi_memory_descriptor_t *memory_map,
}
#endif
+grub_addr_t grub_stack_addr = (grub_addr_t)-1ll;
+grub_size_t grub_stack_size = 0;
+
+static void
+grub_nx_init (void)
+{
+ grub_uint64_t attrs, stack_attrs;
+ grub_err_t err;
+ grub_addr_t stack_current, stack_end;
+ const grub_uint64_t page_size = 4096;
+ const grub_uint64_t page_mask = ~(page_size - 1);
+
+ /*
+ * These are to confirm that the flags are working as expected when
+ * debugging.
+ */
+ attrs = 0;
+ stack_current = (grub_addr_t)grub_nx_init & page_mask;
+ err = grub_get_mem_attrs (stack_current, page_size, &attrs);
+ if (err)
+ {
+ grub_dprintf ("nx",
+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n",
+ stack_current, err);
+ grub_error_pop ();
+ }
+ else
+ grub_dprintf ("nx", "page attrs for grub_nx_init (%p) are %c%c%c\n",
+ grub_dl_load_core,
+ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-',
+ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-',
+ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-');
+
+ stack_current = (grub_addr_t)&stack_current & page_mask;
+ err = grub_get_mem_attrs (stack_current, page_size, &stack_attrs);
+ if (err)
+ {
+ grub_dprintf ("nx",
+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n",
+ stack_current, err);
+ grub_error_pop ();
+ }
+ else
+ {
+ attrs = stack_attrs;
+ grub_dprintf ("nx", "page attrs for stack (%p) are %c%c%c\n",
+ &attrs,
+ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-',
+ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-',
+ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-');
+ }
+
+ for (stack_end = stack_current + page_size ;
+ !(attrs & GRUB_MEM_ATTR_R);
+ stack_end += page_size)
+ {
+ err = grub_get_mem_attrs (stack_current, page_size, &attrs);
+ if (err)
+ {
+ grub_dprintf ("nx",
+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n",
+ stack_current, err);
+ grub_error_pop ();
+ break;
+ }
+ }
+ if (stack_end > stack_current)
+ {
+ grub_stack_addr = stack_current;
+ grub_stack_size = stack_end - stack_current;
+ grub_dprintf ("nx",
+ "detected stack from 0x%"PRIxGRUB_ADDR" to 0x%"PRIxGRUB_ADDR"\n",
+ grub_stack_addr, grub_stack_addr + grub_stack_size - 1);
+ }
+}
+
void
grub_efi_mm_init (void)
{
@@ -587,6 +699,8 @@ grub_efi_mm_init (void)
grub_efi_uint64_t required_pages;
int mm_status;
+ grub_nx_init ();
+
/* Prepare a memory region to store two memory maps. */
memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE));
if (! memory_map)
@@ -624,10 +738,10 @@ grub_efi_mm_init (void)
filtered_memory_map_end = filter_memory_map (memory_map, filtered_memory_map,
desc_size, memory_map_end);
- /* By default, request a quarter of the available memory. */
+ /* By default, request three quarters of the available memory. */
total_pages = get_total_pages (filtered_memory_map, desc_size,
filtered_memory_map_end);
- required_pages = (total_pages >> 2);
+ required_pages = (total_pages >> 1) + (total_pages >> 2);
if (required_pages < BYTES_TO_PAGES (MIN_HEAP_SIZE))
required_pages = BYTES_TO_PAGES (MIN_HEAP_SIZE);
else if (required_pages > BYTES_TO_PAGES (MAX_HEAP_SIZE))
@@ -681,11 +795,155 @@ grub_efi_get_ram_base(grub_addr_t *base_addr)
for (desc = memory_map, *base_addr = GRUB_EFI_MAX_USABLE_ADDRESS;
(grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size);
desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size))
- if (desc->attribute & GRUB_EFI_MEMORY_WB)
- *base_addr = grub_min (*base_addr, desc->physical_start);
+ {
+ if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY &&
+ (desc->attribute & GRUB_EFI_MEMORY_WB))
+ {
+ *base_addr = grub_min (*base_addr, desc->physical_start);
+ grub_dprintf ("efi", "setting base_addr=0x%016lx\n", *base_addr);
+ }
+ else
+ {
+ grub_dprintf ("efi", "ignoring address 0x%016lx\n", desc->physical_start);
+ }
+ }
+
+ if (*base_addr == GRUB_EFI_MAX_USABLE_ADDRESS)
+ grub_dprintf ("efi", "base_addr 0x%016lx is probably wrong.\n", *base_addr);
grub_free(memory_map);
return GRUB_ERR_NONE;
}
#endif
+
+static inline grub_uint64_t
+grub_mem_attrs_to_uefi_mem_attrs (grub_uint64_t attrs)
+{
+ grub_uint64_t ret = GRUB_EFI_MEMORY_RP |
+ GRUB_EFI_MEMORY_RO |
+ GRUB_EFI_MEMORY_XP;
+
+ if (attrs & GRUB_MEM_ATTR_R)
+ ret &= ~GRUB_EFI_MEMORY_RP;
+
+ if (attrs & GRUB_MEM_ATTR_W)
+ ret &= ~GRUB_EFI_MEMORY_RO;
+
+ if (attrs & GRUB_MEM_ATTR_X)
+ ret &= ~GRUB_EFI_MEMORY_XP;
+
+ return ret;
+}
+
+static inline grub_uint64_t
+uefi_mem_attrs_to_grub_mem_attrs (grub_uint64_t attrs)
+{
+ grub_uint64_t ret = GRUB_MEM_ATTR_R |
+ GRUB_MEM_ATTR_W |
+ GRUB_MEM_ATTR_X;
+
+ if (attrs & GRUB_EFI_MEMORY_RP)
+ ret &= ~GRUB_MEM_ATTR_R;
+
+ if (attrs & GRUB_EFI_MEMORY_RO)
+ ret &= ~GRUB_MEM_ATTR_W;
+
+ if (attrs & GRUB_EFI_MEMORY_XP)
+ ret &= ~GRUB_MEM_ATTR_X;
+
+ return ret;
+}
+
+grub_err_t
+grub_get_mem_attrs (grub_addr_t addr, grub_size_t size, grub_uint64_t *attrs)
+{
+ grub_efi_memory_attribute_protocol_t *proto;
+ grub_efi_physical_address_t physaddr = addr;
+ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
+ grub_efi_status_t efi_status;
+
+ proto = grub_efi_locate_protocol (&protocol_guid, 0);
+ if (!proto)
+ return GRUB_ERR_NOT_IMPLEMENTED_YET;
+
+ if (physaddr & 0xfff || size & 0xfff || size == 0 || attrs == NULL)
+ {
+ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" and attrs %p\n",
+ __func__, physaddr, physaddr+size-1, attrs);
+ return 0;
+ }
+
+ efi_status = efi_call_4(proto->get_memory_attributes,
+ proto, physaddr, size, attrs);
+ *attrs = uefi_mem_attrs_to_grub_mem_attrs (*attrs);
+
+ return grub_efi_status_to_err (efi_status);
+}
+
+grub_err_t
+grub_update_mem_attrs (grub_addr_t addr, grub_size_t size,
+ grub_uint64_t set_attrs, grub_uint64_t clear_attrs)
+{
+ grub_efi_memory_attribute_protocol_t *proto;
+ grub_efi_physical_address_t physaddr = addr;
+ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
+ grub_efi_status_t efi_status = GRUB_EFI_SUCCESS;
+ grub_uint64_t before = 0, after = 0, uefi_set_attrs, uefi_clear_attrs;
+ grub_err_t err;
+
+ proto = grub_efi_locate_protocol (&protocol_guid, 0);
+ if (!proto)
+ return GRUB_ERR_NONE;
+
+ err = grub_get_mem_attrs (addr, size, &before);
+ if (err)
+ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n",
+ addr, size, &before, err);
+
+ if (physaddr & 0xfff || size & 0xfff || size == 0)
+ {
+ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" +%s%s%s -%s%s%s\n",
+ __func__, physaddr, physaddr + size - 1,
+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "",
+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "");
+ return 0;
+ }
+
+ uefi_set_attrs = grub_mem_attrs_to_uefi_mem_attrs (set_attrs);
+ grub_dprintf ("nx", "translating set_attrs from 0x%lx to 0x%lx\n", set_attrs, uefi_set_attrs);
+ uefi_clear_attrs = grub_mem_attrs_to_uefi_mem_attrs (clear_attrs);
+ grub_dprintf ("nx", "translating clear_attrs from 0x%lx to 0x%lx\n", clear_attrs, uefi_clear_attrs);
+ if (uefi_set_attrs)
+ efi_status = efi_call_4(proto->set_memory_attributes,
+ proto, physaddr, size, uefi_set_attrs);
+ if (efi_status == GRUB_EFI_SUCCESS && uefi_clear_attrs)
+ efi_status = efi_call_4(proto->clear_memory_attributes,
+ proto, physaddr, size, uefi_clear_attrs);
+
+ err = grub_get_mem_attrs (addr, size, &after);
+ if (err)
+ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n",
+ addr, size, &after, err);
+
+ grub_dprintf ("nx", "set +%s%s%s -%s%s%s on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" before:%c%c%c after:%c%c%c\n",
+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "",
+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "",
+ addr, addr + size - 1,
+ (before & GRUB_MEM_ATTR_R) ? 'r' : '-',
+ (before & GRUB_MEM_ATTR_W) ? 'w' : '-',
+ (before & GRUB_MEM_ATTR_X) ? 'x' : '-',
+ (after & GRUB_MEM_ATTR_R) ? 'r' : '-',
+ (after & GRUB_MEM_ATTR_W) ? 'w' : '-',
+ (after & GRUB_MEM_ATTR_X) ? 'x' : '-');
+
+ return grub_efi_status_to_err (efi_status);
+}
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index c52ec6226a..89c4bb3fd1 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
void **context __attribute__ ((unused)),
enum grub_verify_flags *flags)
{
- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ *flags = GRUB_VERIFY_FLAGS_NONE;
switch (type & GRUB_FILE_TYPE_MASK)
{
+ /* Files we check. */
case GRUB_FILE_TYPE_LINUX_KERNEL:
case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
case GRUB_FILE_TYPE_BSD_KERNEL:
@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
case GRUB_FILE_TYPE_PLAN9_KERNEL:
case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
*flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
+ return GRUB_ERR_NONE;
- /* Fall through. */
+ /* Files that do not affect secureboot state. */
+ case GRUB_FILE_TYPE_NONE:
+ case GRUB_FILE_TYPE_LOOPBACK:
+ case GRUB_FILE_TYPE_LINUX_INITRD:
+ case GRUB_FILE_TYPE_OPENBSD_RAMDISK:
+ case GRUB_FILE_TYPE_XNU_RAMDISK:
+ case GRUB_FILE_TYPE_SIGNATURE:
+ case GRUB_FILE_TYPE_PUBLIC_KEY:
+ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST:
+ case GRUB_FILE_TYPE_PRINT_BLOCKLIST:
+ case GRUB_FILE_TYPE_TESTLOAD:
+ case GRUB_FILE_TYPE_GET_SIZE:
+ case GRUB_FILE_TYPE_FONT:
+ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY:
+ case GRUB_FILE_TYPE_CAT:
+ case GRUB_FILE_TYPE_HEXCAT:
+ case GRUB_FILE_TYPE_CMP:
+ case GRUB_FILE_TYPE_HASHLIST:
+ case GRUB_FILE_TYPE_TO_HASH:
+ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT:
+ case GRUB_FILE_TYPE_PIXMAP:
+ case GRUB_FILE_TYPE_GRUB_MODULE_LIST:
+ case GRUB_FILE_TYPE_CONFIG:
+ case GRUB_FILE_TYPE_THEME:
+ case GRUB_FILE_TYPE_GETTEXT_CATALOG:
+ case GRUB_FILE_TYPE_FS_SEARCH:
+ case GRUB_FILE_TYPE_LOADENV:
+ case GRUB_FILE_TYPE_SAVEENV:
+ case GRUB_FILE_TYPE_VERIFY_SIGNATURE:
+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ return GRUB_ERR_NONE;
+ /* Other files. */
default:
- return GRUB_ERR_NONE;
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy"));
}
}
diff --git a/grub-core/kern/emu/full.c b/grub-core/kern/emu/full.c
index e8d63b1f5f..1de1c28eb0 100644
--- a/grub-core/kern/emu/full.c
+++ b/grub-core/kern/emu/full.c
@@ -67,3 +67,16 @@ grub_arch_dl_init_linker (void)
}
#endif
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ return 4096;
+#else
+ return 1;
+#endif
+}
diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
index 425bb96034..846fe9715e 100644
--- a/grub-core/kern/emu/main.c
+++ b/grub-core/kern/emu/main.c
@@ -67,7 +67,7 @@ grub_reboot (void)
}
void
-grub_exit (void)
+grub_exit (int retval __attribute__((unused)))
{
grub_reboot ();
}
@@ -107,6 +107,7 @@ static struct argp_option options[] = {
N_("use GRUB files in the directory DIR [default=%s]"), 0},
{"verbose", 'v', 0, 0, N_("print verbose messages."), 0},
{"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a debugger will attach"), 0},
+ {"kexec", 'X', 0, 0, N_("try the untryable."), 0},
{ 0, 0, 0, 0, 0, 0 }
};
@@ -164,6 +165,9 @@ argp_parser (int key, char *arg, struct argp_state *state)
case 'v':
verbosity++;
break;
+ case 'X':
+ grub_util_set_kexecute();
+ break;
case ARGP_KEY_ARG:
{
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index dfd8a8ec48..f08a1bb841 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -39,6 +39,7 @@
#include
int verbosity;
+int kexecute;
void
grub_util_warn (const char *fmt, ...)
@@ -82,7 +83,7 @@ grub_util_error (const char *fmt, ...)
vfprintf (stderr, fmt, ap);
va_end (ap);
fprintf (stderr, ".\n");
- exit (1);
+ grub_exit (1);
}
void *
@@ -151,9 +152,13 @@ xasprintf (const char *fmt, ...)
#if !defined (GRUB_MACHINE_EMU) || defined (GRUB_UTIL)
void
-grub_exit (void)
+__attribute__ ((noreturn))
+grub_exit (int rc)
{
- exit (1);
+#if defined (GRUB_KERNEL)
+ grub_reboot();
+#endif
+ exit (rc < 0 ? 1 : rc);
}
#endif
@@ -184,7 +189,7 @@ grub_util_get_image_size (const char *path)
sz = ftello (f);
if (sz < 0)
grub_util_error (_("cannot open `%s': %s"), path, strerror (errno));
- if (sz != (size_t) sz)
+ if (sz > (off_t)(GRUB_SIZE_MAX >> 1))
grub_util_error (_("file `%s' is too big"), path);
ret = (size_t) sz;
@@ -214,3 +219,15 @@ grub_util_load_image (const char *path, char *buf)
fclose (fp);
}
+
+void
+grub_util_set_kexecute(void)
+{
+ kexecute++;
+}
+
+int
+grub_util_get_kexecute(void)
+{
+ return kexecute;
+}
diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c
index 53c734de70..aebfe0cf83 100644
--- a/grub-core/kern/err.c
+++ b/grub-core/kern/err.c
@@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE];
static int grub_error_stack_pos;
static int grub_error_stack_assert;
+#ifdef grub_error
+#undef grub_error
+#endif
+
grub_err_t
-grub_error (grub_err_t n, const char *fmt, ...)
+grub_error (grub_err_t n, const char *file, const int line, const char *fmt, ...)
{
va_list ap;
+ int m;
grub_errno = n;
+ m = grub_snprintf (grub_errmsg, sizeof (grub_errmsg), "%s:%d:", file, line);
+ if (m < 0)
+ m = 0;
+
va_start (ap, fmt);
- grub_vsnprintf (grub_errmsg, sizeof (grub_errmsg), _(fmt), ap);
+ grub_vsnprintf (grub_errmsg + m, sizeof (grub_errmsg) - m, _(fmt), ap);
va_end (ap);
return n;
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
index 58454458c4..3f175630ea 100644
--- a/grub-core/kern/file.c
+++ b/grub-core/kern/file.c
@@ -30,6 +30,14 @@ void (*EXPORT_VAR (grub_grubnet_fini)) (void);
grub_file_filter_t grub_file_filters[GRUB_FILE_FILTER_MAX];
+static char *filter_names[] = {
+ [GRUB_FILE_FILTER_VERIFY] = "GRUB_FILE_FILTER_VERIFY",
+ [GRUB_FILE_FILTER_GZIO] = "GRUB_FILE_FILTER_GZIO",
+ [GRUB_FILE_FILTER_XZIO] = "GRUB_FILE_FILTER_XZIO",
+ [GRUB_FILE_FILTER_LZOPIO] = "GRUB_FILE_FILTER_LZOPIO",
+ [GRUB_FILE_FILTER_MAX] = "GRUB_FILE_FILTER_MAX"
+};
+
/* Get the device part of the filename NAME. It is enclosed by parentheses. */
char *
grub_file_get_device_name (const char *name)
@@ -66,6 +74,8 @@ grub_file_open (const char *name, enum grub_file_type type)
const char *file_name;
grub_file_filter_id_t filter;
+ grub_dprintf ("file", "Opening `%s' ...\n", name);
+
device_name = grub_file_get_device_name (name);
if (grub_errno)
goto fail;
@@ -79,6 +89,7 @@ grub_file_open (const char *name, enum grub_file_type type)
device = grub_device_open (device_name);
grub_free (device_name);
+ device_name = NULL;
if (! device)
goto fail;
@@ -118,6 +129,9 @@ grub_file_open (const char *name, enum grub_file_type type)
if (grub_file_filters[filter])
{
last_file = file;
+ if (filter < GRUB_FILE_FILTER_MAX)
+ grub_dprintf ("file", "Running %s file filter\n",
+ filter_names[filter]);
file = grub_file_filters[filter] (file, type);
if (file && file != last_file)
{
@@ -128,9 +142,12 @@ grub_file_open (const char *name, enum grub_file_type type)
if (!file)
grub_file_close (last_file);
+ grub_dprintf ("file", "Opening `%s' succeeded.\n", name);
+
return file;
fail:
+ grub_free (device_name);
if (device)
grub_device_close (device);
@@ -138,6 +155,8 @@ grub_file_open (const char *name, enum grub_file_type type)
grub_free (file);
+ grub_dprintf ("file", "Opening `%s' failed.\n", name);
+
return 0;
}
@@ -169,6 +188,7 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
if (len == 0)
return 0;
+
read_hook = file->read_hook;
read_hook_data = file->read_hook_data;
if (!file->read_hook)
@@ -189,11 +209,18 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
grub_err_t
grub_file_close (grub_file_t file)
{
+ grub_dprintf ("file", "Closing `%s' ...\n", file->name);
if (file->fs->fs_close)
(file->fs->fs_close) (file);
if (file->device)
grub_device_close (file->device);
+
+ if (grub_errno == GRUB_ERR_NONE)
+ grub_dprintf ("file", "Closing `%s' succeeded.\n", file->name);
+ else
+ grub_dprintf ("file", "Closing `%s' failed with %d.\n", file->name, grub_errno);
+
grub_free (file->name);
grub_free (file);
return grub_errno;
diff --git a/grub-core/kern/i386/backtrace.c b/grub-core/kern/i386/backtrace.c
new file mode 100644
index 0000000000..2413f9a57d
--- /dev/null
+++ b/grub-core/kern/i386/backtrace.c
@@ -0,0 +1,125 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#define MAX_STACK_FRAME 102400
+
+void
+grub_backtrace_pointer (void *frame, unsigned int skip)
+{
+ void **ebp = (void **)frame;
+ unsigned long x = 0;
+
+ while (ebp)
+ {
+ void **next_ebp = (void **)ebp[0];
+ const char *name = NULL;
+ char *addr = NULL;
+
+ grub_dprintf("backtrace", "ebp is %p next_ebp is %p\n", ebp, next_ebp);
+
+ if (x >= skip)
+ {
+ name = grub_get_symbol_by_addr (ebp[1], 1);
+ if (name)
+ addr = grub_resolve_symbol (name);
+ grub_backtrace_print_address (ebp[1]);
+
+ if (addr && addr != ebp[1])
+ grub_printf (" %s() %p+%p \n", name ? name : "unknown", addr,
+ (char *)((char *)ebp[1] - addr));
+ else
+ grub_printf(" %s() %p \n", name ? name : "unknown", addr);
+
+#if 0
+ grub_printf ("(");
+ for (i = 0, arg = ebp[2]; arg != next_ebp && i < 12; arg++, i++)
+ grub_printf ("%p,", arg);
+ grub_printf (")\n");
+#endif
+ }
+
+ x += 1;
+
+ if (next_ebp < ebp || next_ebp - ebp > MAX_STACK_FRAME || next_ebp == ebp)
+ {
+ //grub_printf ("Invalid stack frame at %p (%p)\n", ebp, next_ebp);
+ break;
+ }
+ ebp = next_ebp;
+ }
+}
+
+#if defined (__x86_64__)
+asm ("\t.global \"_text\"\n"
+ "_text:\n"
+ "\t.quad .text\n"
+ "\t.global \"_data\"\n"
+ "_data:\n"
+ "\t.quad .data\n"
+ );
+#elif defined(__i386__)
+asm ("\t.global \"_text\"\n"
+ "_text:\n"
+ "\t.long .text\n"
+ "\t.global \"_data\"\n"
+ "_data:\n"
+ "\t.long .data\n"
+ );
+#else
+#warning I dunno...
+#endif
+
+extern unsigned long _text;
+extern unsigned long _data;
+
+#ifdef GRUB_UTIL
+#define EXT_C(x) x
+#endif
+
+void
+grub_backtrace_arch (unsigned int skip)
+{
+ grub_printf ("Backtrace (.text %p .data %p):\n",
+ (void *)_text, (void *)_data);
+ skip += 1;
+#if defined (__x86_64__)
+ asm volatile ("movq %%rbp, %%rdi\n"
+ "movq 0, %%rsi\n"
+ "movl %0, %%esi\n"
+ "call " EXT_C("grub_backtrace_pointer")
+ :
+ : "r" (skip));
+#elif defined(__i386__)
+ asm volatile ("addl $8, %%esp\n"
+ "pushl %0\n"
+ "pushl %%ebp\n"
+ "call " EXT_C("grub_backtrace_pointer")
+ :
+ : "r" (skip));
+#else
+ grub_backtrace_pointer(__builtin_frame_address(0), skip);
+#endif
+}
diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c
index 3314f027fe..36f9134b7b 100644
--- a/grub-core/kern/i386/coreboot/init.c
+++ b/grub-core/kern/i386/coreboot/init.c
@@ -41,7 +41,7 @@ extern grub_uint8_t _end[];
extern grub_uint8_t _edata[];
void __attribute__ ((noreturn))
-grub_exit (void)
+grub_exit (int rc __attribute__((unused)))
{
/* We can't use grub_fatal() in this function. This would create an infinite
loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */
diff --git a/grub-core/kern/i386/dl.c b/grub-core/kern/i386/dl.c
index 1346da5cc9..d6b4681fc9 100644
--- a/grub-core/kern/i386/dl.c
+++ b/grub-core/kern/i386/dl.c
@@ -79,3 +79,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ return 4096;
+#else
+ return 1;
+#endif
+}
diff --git a/grub-core/kern/i386/pc/init.c b/grub-core/kern/i386/pc/init.c
index 27bc68b8a5..b51d0abfa6 100644
--- a/grub-core/kern/i386/pc/init.c
+++ b/grub-core/kern/i386/pc/init.c
@@ -153,7 +153,7 @@ compact_mem_regions (void)
}
grub_addr_t grub_modbase;
-extern grub_uint8_t _start[], _edata[];
+extern grub_uint8_t _edata[];
/* Helper for grub_machine_init. */
static int
@@ -217,7 +217,7 @@ grub_machine_init (void)
/* This has to happen before any BIOS calls. */
grub_via_workaround_init ();
- grub_modbase = GRUB_MEMORY_MACHINE_DECOMPRESSION_ADDR + (_edata - _start);
+ grub_modbase = GRUB_MEMORY_MACHINE_DECOMPRESSION_ADDR + (_edata - (grub_uint8_t *)_start);
/* Initialize the console as early as possible. */
grub_console_init ();
diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c
index 271b6fbfab..9fafe98f01 100644
--- a/grub-core/kern/i386/qemu/init.c
+++ b/grub-core/kern/i386/qemu/init.c
@@ -42,7 +42,7 @@ extern grub_uint8_t _end[];
extern grub_uint8_t _edata[];
void __attribute__ ((noreturn))
-grub_exit (void)
+grub_exit (int rc __attribute__((unused)))
{
/* We can't use grub_fatal() in this function. This would create an infinite
loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */
diff --git a/grub-core/kern/i386/qemu/startup.S b/grub-core/kern/i386/qemu/startup.S
index 0d89858d9b..939f182fc7 100644
--- a/grub-core/kern/i386/qemu/startup.S
+++ b/grub-core/kern/i386/qemu/startup.S
@@ -24,7 +24,8 @@
.text
.code32
- .globl _start
+ .globl start, _start
+start:
_start:
jmp codestart
diff --git a/grub-core/kern/i386/tsc_pmtimer.c b/grub-core/kern/i386/tsc_pmtimer.c
index c9c3616997..ca15c3aacd 100644
--- a/grub-core/kern/i386/tsc_pmtimer.c
+++ b/grub-core/kern/i386/tsc_pmtimer.c
@@ -28,40 +28,101 @@
#include
#include
+/*
+ * Define GRUB_PMTIMER_IGNORE_BAD_READS if you're trying to test a timer that's
+ * present but doesn't keep time well.
+ */
+// #define GRUB_PMTIMER_IGNORE_BAD_READS
+
grub_uint64_t
grub_pmtimer_wait_count_tsc (grub_port_t pmtimer,
grub_uint16_t num_pm_ticks)
{
grub_uint32_t start;
- grub_uint32_t last;
- grub_uint32_t cur, end;
+ grub_uint64_t cur, end;
grub_uint64_t start_tsc;
grub_uint64_t end_tsc;
- int num_iter = 0;
+ unsigned int num_iter = 0;
+#ifndef GRUB_PMTIMER_IGNORE_BAD_READS
+ int bad_reads = 0;
+#endif
- start = grub_inl (pmtimer) & 0xffffff;
- last = start;
+ /*
+ * Some timers are 24-bit and some are 32-bit, but it doesn't make much
+ * difference to us. Caring which one we have isn't really worth it since
+ * the low-order digits will give us enough data to calibrate TSC. So just
+ * mask the top-order byte off.
+ */
+ cur = start = grub_inl (pmtimer) & 0xffffffUL;
end = start + num_pm_ticks;
start_tsc = grub_get_tsc ();
while (1)
{
- cur = grub_inl (pmtimer) & 0xffffff;
- if (cur < last)
- cur |= 0x1000000;
- num_iter++;
+ cur &= 0xffffffffff000000ULL;
+ cur |= grub_inl (pmtimer) & 0xffffffUL;
+
+ end_tsc = grub_get_tsc();
+
+#ifndef GRUB_PMTIMER_IGNORE_BAD_READS
+ /*
+ * If we get 10 reads in a row that are obviously dead pins, there's no
+ * reason to do this thousands of times.
+ */
+ if (cur == 0xffffffUL || cur == 0)
+ {
+ bad_reads++;
+ grub_dprintf ("pmtimer",
+ "pmtimer: 0x%"PRIxGRUB_UINT64_T" bad_reads: %d\n",
+ cur, bad_reads);
+ grub_dprintf ("pmtimer", "timer is broken; giving up.\n");
+
+ if (bad_reads == 10)
+ return 0;
+ }
+#endif
+
+ if (cur < start)
+ cur += 0x1000000;
+
if (cur >= end)
{
- end_tsc = grub_get_tsc ();
+ grub_dprintf ("pmtimer", "pmtimer delta is 0x%"PRIxGRUB_UINT64_T"\n",
+ cur - start);
+ grub_dprintf ("pmtimer", "tsc delta is 0x%"PRIxGRUB_UINT64_T"\n",
+ end_tsc - start_tsc);
return end_tsc - start_tsc;
}
- /* Check for broken PM timer.
- 50000000 TSCs is between 5 ms (10GHz) and 200 ms (250 MHz)
- if after this time we still don't have 1 ms on pmtimer, then
- pmtimer is broken.
+
+ /*
+ * Check for broken PM timer. 1ms at 10GHz should be 1E+7 TSCs; at
+ * 250MHz it should be 2.5E6. So if after 4E+7 TSCs on a 10GHz machine,
+ * we should have seen pmtimer show 4ms of change (i.e. cur =~
+ * start+14320); on a 250MHz machine that should be 16ms (start+57280).
+ * If after this a time we still don't have 1ms on pmtimer, then pmtimer
+ * is broken.
+ *
+ * Likewise, if our code is perfectly efficient and introduces no delays
+ * whatsoever, on a 10GHz system we should see a TSC delta of 3580 in
+ * ~3580 iterations. On a 250MHz machine that should be ~900 iterations.
+ *
+ * With those factors in mind, there are two limits here. There's a hard
+ * limit here at 8x our desired pm timer delta, picked as an arbitrarily
+ * large value that's still not a lot of time to humans, because if we
+ * get that far this is either an implausibly fast machine or the pmtimer
+ * is not running. And there's another limit on 4x our 10GHz tsc delta
+ * without seeing cur converge on our target value.
*/
- if ((num_iter & 0xffffff) == 0 && grub_get_tsc () - start_tsc > 5000000) {
- return 0;
- }
+ if ((++num_iter > (grub_uint32_t)num_pm_ticks << 3UL) ||
+ end_tsc - start_tsc > 40000000)
+ {
+ grub_dprintf ("pmtimer",
+ "pmtimer delta is 0x%"PRIxGRUB_UINT64_T" (%u iterations)\n",
+ cur - start, num_iter);
+ grub_dprintf ("pmtimer",
+ "tsc delta is implausible: 0x%"PRIxGRUB_UINT64_T"\n",
+ end_tsc - start_tsc);
+ return 0;
+ }
}
}
@@ -74,12 +135,20 @@ grub_tsc_calibrate_from_pmtimer (void)
fadt = grub_acpi_find_fadt ();
if (!fadt)
- return 0;
+ {
+ grub_dprintf ("pmtimer", "No FADT found; not using pmtimer.\n");
+ return 0;
+ }
pmtimer = fadt->pmtimer;
if (!pmtimer)
- return 0;
+ {
+ grub_dprintf ("pmtimer", "FADT does not specify pmtimer; skipping.\n");
+ return 0;
+ }
- /* It's 3.579545 MHz clock. Wait 1 ms. */
+ /*
+ * It's 3.579545 MHz clock. Wait 1 ms.
+ */
tsc_diff = grub_pmtimer_wait_count_tsc (pmtimer, 3580);
if (tsc_diff == 0)
return 0;
diff --git a/grub-core/kern/ia64/dl.c b/grub-core/kern/ia64/dl.c
index db59300fea..92d82c5750 100644
--- a/grub-core/kern/ia64/dl.c
+++ b/grub-core/kern/ia64/dl.c
@@ -148,3 +148,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
}
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+ return 1;
+}
diff --git a/grub-core/kern/ia64/efi/startup.S b/grub-core/kern/ia64/efi/startup.S
index d75c6d7cc7..8f2a593e52 100644
--- a/grub-core/kern/ia64/efi/startup.S
+++ b/grub-core/kern/ia64/efi/startup.S
@@ -24,8 +24,9 @@
.psr lsb
.lsb
- .global _start
+ .global start, _start
.proc _start
+start:
_start:
alloc loc0=ar.pfs,2,4,0,0
mov loc1=rp
diff --git a/grub-core/kern/ieee1275/cmain.c b/grub-core/kern/ieee1275/cmain.c
index 20cbbd761e..6435628ec5 100644
--- a/grub-core/kern/ieee1275/cmain.c
+++ b/grub-core/kern/ieee1275/cmain.c
@@ -90,7 +90,10 @@ grub_ieee1275_find_options (void)
}
if (rc >= 0 && grub_strncmp (tmp, "IBM", 3) == 0)
- grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_NO_TREE_SCANNING_FOR_DISKS);
+ {
+ grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_NO_TREE_SCANNING_FOR_DISKS);
+ grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT);
+ }
/* Old Macs have no key repeat, newer ones have fully working one.
The ones inbetween when repeated key generates an escaoe sequence
@@ -124,6 +127,9 @@ grub_ieee1275_find_options (void)
break;
}
}
+
+ if (grub_strncmp (tmp, "IBM,", 4) == 0)
+ grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY);
}
if (is_smartfirmware)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index d483e35eed..6a51c9efab 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -44,26 +44,16 @@
#ifdef __sparc__
#include
#endif
+#include
-/* The minimal heap size we can live with. */
-#define HEAP_MIN_SIZE (unsigned long) (2 * 1024 * 1024)
-
-/* The maximum heap size we're going to claim */
+/* The maximum heap size we're going to claim. Not used by sparc.
+ We allocate 1/4 of the available memory under 4G, up to this limit. */
#ifdef __i386__
#define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024)
-#else
-#define HEAP_MAX_SIZE (unsigned long) (32 * 1024 * 1024)
+#else // __powerpc__
+#define HEAP_MAX_SIZE (unsigned long) (1 * 1024 * 1024 * 1024)
#endif
-/* If possible, we will avoid claiming heap above this address, because it
- seems to cause relocation problems with OSes that link at 4 MiB */
-#ifdef __i386__
-#define HEAP_MAX_ADDR (unsigned long) (64 * 1024 * 1024)
-#else
-#define HEAP_MAX_ADDR (unsigned long) (32 * 1024 * 1024)
-#endif
-
-extern char _start[];
extern char _end[];
#ifdef __sparc__
@@ -71,7 +61,7 @@ grub_addr_t grub_ieee1275_original_stack;
#endif
void
-grub_exit (void)
+grub_exit (int rc __attribute__((unused)))
{
grub_ieee1275_exit ();
}
@@ -127,23 +117,25 @@ grub_machine_get_bootlocation (char **device, char **path)
grub_free (canon);
}
else
- *device = grub_ieee1275_encode_devname (bootpath);
- grub_free (type);
-
- filename = grub_ieee1275_get_filename (bootpath);
- if (filename)
{
- char *lastslash = grub_strrchr (filename, '\\');
-
- /* Truncate at last directory. */
- if (lastslash)
+ filename = grub_ieee1275_get_filename (bootpath);
+ if (filename)
{
- *lastslash = '\0';
- grub_translate_ieee1275_path (filename);
-
- *path = filename;
- }
+ char *lastslash = grub_strrchr (filename, '\\');
+
+ /* Truncate at last directory. */
+ if (lastslash)
+ {
+ *lastslash = '\0';
+ grub_translate_ieee1275_path (filename);
+
+ *path = filename;
+ }
+ }
+ *device = grub_ieee1275_encode_devname (bootpath);
}
+
+ grub_free (type);
grub_free (bootpath);
}
@@ -156,16 +148,45 @@ grub_claim_heap (void)
+ GRUB_KERNEL_MACHINE_STACK_SIZE), 0x200000);
}
#else
-/* Helper for grub_claim_heap. */
+/* Helper for grub_claim_heap on powerpc. */
+static int
+heap_size (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
+ void *data)
+{
+ grub_uint32_t total = *(grub_uint32_t *)data;
+
+ if (type != GRUB_MEMORY_AVAILABLE)
+ return 0;
+
+ /* Do not consider memory beyond 4GB */
+ if (addr > 0xffffffffUL)
+ return 0;
+
+ if (addr + len > 0xffffffffUL)
+ len = 0xffffffffUL - addr;
+
+ total += len;
+ *(grub_uint32_t *)data = total;
+
+ return 0;
+}
+
static int
heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
void *data)
{
- unsigned long *total = data;
+ grub_uint32_t total = *(grub_uint32_t *)data;
if (type != GRUB_MEMORY_AVAILABLE)
return 0;
+ /* Do not consider memory beyond 4GB */
+ if (addr > 0xffffffffUL)
+ return 0;
+
+ if (addr + len > 0xffffffffUL)
+ len = 0xffffffffUL - addr;
+
if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_NO_PRE1_5M_CLAIM))
{
if (addr + len <= 0x180000)
@@ -179,16 +200,6 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
}
len -= 1; /* Required for some firmware. */
- /* Never exceed HEAP_MAX_SIZE */
- if (*total + len > HEAP_MAX_SIZE)
- len = HEAP_MAX_SIZE - *total;
-
- /* Avoid claiming anything above HEAP_MAX_ADDR, if possible. */
- if ((addr < HEAP_MAX_ADDR) && /* if it's too late, don't bother */
- (addr + len > HEAP_MAX_ADDR) && /* if it wasn't available anyway, don't bother */
- (*total + (HEAP_MAX_ADDR - addr) > HEAP_MIN_SIZE)) /* only limit ourselves when we can afford to */
- len = HEAP_MAX_ADDR - addr;
-
/* In theory, firmware should already prevent this from happening by not
listing our own image in /memory/available. The check below is intended
as a safeguard in case that doesn't happen. However, it doesn't protect
@@ -200,6 +211,18 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
len = 0;
}
+ /* If this block contains 0x30000000 (768MB), do not claim below that.
+ Linux likes to claim memory at min(RMO top, 768MB) and works down
+ without reference to /memory/available. */
+ if ((addr < 0x30000000) && ((addr + len) > 0x30000000))
+ {
+ len = len - (0x30000000 - addr);
+ addr = 0x30000000;
+ }
+
+ if (len > total)
+ len = total;
+
if (len)
{
grub_err_t err;
@@ -208,25 +231,202 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type,
if (err)
return err;
grub_mm_init_region ((void *) (grub_addr_t) addr, len);
+ total -= len;
}
- *total += len;
- if (*total >= HEAP_MAX_SIZE)
+ *(grub_uint32_t *)data = total;
+
+ if (total == 0)
return 1;
return 0;
}
+/* How much memory does OF believe it has? (regardless of whether
+ it's accessible or not) */
+static grub_err_t
+grub_ieee1275_total_mem (grub_uint64_t *total)
+{
+ grub_ieee1275_phandle_t root;
+ grub_ieee1275_phandle_t memory;
+ grub_uint32_t reg[4];
+ grub_ssize_t reg_size;
+ grub_uint32_t address_cells = 1;
+ grub_uint32_t size_cells = 1;
+ grub_uint64_t size;
+
+ /* If we fail to get to the end, report 0. */
+ *total = 0;
+
+ /* Determine the format of each entry in `reg'. */
+ grub_ieee1275_finddevice ("/", &root);
+ grub_ieee1275_get_integer_property (root, "#address-cells", &address_cells,
+ sizeof address_cells, 0);
+ grub_ieee1275_get_integer_property (root, "#size-cells", &size_cells,
+ sizeof size_cells, 0);
+
+ if (size_cells > address_cells)
+ address_cells = size_cells;
+
+ /* Load `/memory/reg'. */
+ if (grub_ieee1275_finddevice ("/memory", &memory))
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE,
+ "couldn't find /memory node");
+ if (grub_ieee1275_get_integer_property (memory, "reg", reg,
+ sizeof reg, ®_size))
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE,
+ "couldn't examine /memory/reg property");
+ if (reg_size < 0 || (grub_size_t) reg_size > sizeof (reg))
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE,
+ "/memory response buffer exceeded");
+
+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_BROKEN_ADDRESS_CELLS))
+ {
+ address_cells = 1;
+ size_cells = 1;
+ }
+
+ /* Decode only the size */
+ size = reg[address_cells];
+ if (size_cells == 2)
+ size = (size << 32) | reg[address_cells + 1];
+
+ *total = size;
+
+ return grub_errno;
+}
+
+/* Based on linux - arch/powerpc/kernel/prom_init.c */
+struct option_vector2 {
+ grub_uint8_t byte1;
+ grub_uint16_t reserved;
+ grub_uint32_t real_base;
+ grub_uint32_t real_size;
+ grub_uint32_t virt_base;
+ grub_uint32_t virt_size;
+ grub_uint32_t load_base;
+ grub_uint32_t min_rma;
+ grub_uint32_t min_load;
+ grub_uint8_t min_rma_percent;
+ grub_uint8_t max_pft_size;
+} __attribute__((packed));
+
+struct option_vector5 {
+ grub_uint8_t byte1;
+ grub_uint8_t byte2;
+ grub_uint8_t byte3;
+ grub_uint8_t cmo;
+ grub_uint8_t associativity;
+ grub_uint8_t bin_opts;
+ grub_uint8_t micro_checkpoint;
+ grub_uint8_t reserved0;
+ grub_uint32_t max_cpus;
+} __attribute__((packed));
+
+struct pvr_entry {
+ grub_uint32_t mask;
+ grub_uint32_t entry;
+};
+
+struct cas_vector {
+ struct {
+ struct pvr_entry terminal;
+ } pvr_list;
+ grub_uint8_t num_vecs;
+ grub_uint8_t vec1_size;
+ grub_uint8_t vec1;
+ grub_uint8_t vec2_size;
+ struct option_vector2 vec2;
+ grub_uint8_t vec3_size;
+ grub_uint16_t vec3;
+ grub_uint8_t vec4_size;
+ grub_uint16_t vec4;
+ grub_uint8_t vec5_size;
+ struct option_vector5 vec5;
+} __attribute__((packed));
+
+/* Call ibm,client-architecture-support to try to get more RMA.
+ We ask for 512MB which should be enough to verify a distro kernel.
+ We ignore most errors: if we don't succeed we'll proceed with whatever
+ memory we have. */
+static void
+grub_ieee1275_ibm_cas (void)
+{
+ int rc;
+ grub_ieee1275_ihandle_t root;
+ struct cas_args {
+ struct grub_ieee1275_common_hdr common;
+ grub_ieee1275_cell_t method;
+ grub_ieee1275_ihandle_t ihandle;
+ grub_ieee1275_cell_t cas_addr;
+ grub_ieee1275_cell_t result;
+ } args;
+ struct cas_vector vector = {
+ .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */
+ .num_vecs = 5 - 1,
+ .vec1_size = 0,
+ .vec1 = 0x80, /* ignore */
+ .vec2_size = 1 + sizeof(struct option_vector2) - 2,
+ .vec2 = {
+ 0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48
+ },
+ .vec3_size = 2 - 1,
+ .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied
+ .vec4_size = 2 - 1,
+ .vec4 = 0x0001, // set required minimum capacity % to the lowest value
+ .vec5_size = 1 + sizeof(struct option_vector5) - 2,
+ .vec5 = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 256
+ }
+ };
+
+ INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2);
+ args.method = (grub_ieee1275_cell_t)"ibm,client-architecture-support";
+ rc = grub_ieee1275_open("/", &root);
+ if (rc) {
+ grub_error (GRUB_ERR_IO, "could not open root when trying to call CAS");
+ return;
+ }
+ args.ihandle = root;
+ args.cas_addr = (grub_ieee1275_cell_t)&vector;
+
+ grub_printf("Calling ibm,client-architecture-support from grub...");
+ IEEE1275_CALL_ENTRY_FN (&args);
+ grub_printf("done\n");
+
+ grub_ieee1275_close(root);
+}
+
static void
grub_claim_heap (void)
{
- unsigned long total = 0;
+ grub_uint32_t total = 0;
if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_FORCE_CLAIM))
- heap_init (GRUB_IEEE1275_STATIC_HEAP_START, GRUB_IEEE1275_STATIC_HEAP_LEN,
- 1, &total);
- else
- grub_machine_mmap_iterate (heap_init, &total);
+ {
+ heap_init (GRUB_IEEE1275_STATIC_HEAP_START,
+ GRUB_IEEE1275_STATIC_HEAP_LEN, 1, &total);
+ return;
+ }
+
+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY))
+ {
+ grub_uint64_t rma_size;
+ grub_err_t err;
+
+ err = grub_ieee1275_total_mem (&rma_size);
+ /* if we have an error, don't call CAS, just hope for the best */
+ if (!err && rma_size < (512 * 1024 * 1024))
+ grub_ieee1275_ibm_cas();
+ }
+
+ grub_machine_mmap_iterate (heap_size, &total);
+
+ total = total / 4;
+ if (total > HEAP_MAX_SIZE)
+ total = HEAP_MAX_SIZE;
+
+ grub_machine_mmap_iterate (heap_init, &total);
}
#endif
@@ -270,6 +470,30 @@ grub_parse_cmdline (void)
}
}
+static void
+grub_get_ieee1275_secure_boot (void)
+{
+ grub_ieee1275_phandle_t root;
+ int rc;
+ grub_uint32_t is_sb;
+
+ grub_ieee1275_finddevice ("/", &root);
+
+ rc = grub_ieee1275_get_integer_property (root, "ibm,secure-boot", &is_sb,
+ sizeof (is_sb), 0);
+
+ /* ibm,secure-boot:
+ * 0 - disabled
+ * 1 - audit
+ * 2 - enforce
+ * 3 - enforce + OS-specific behaviour
+ *
+ * We only support enforce.
+ */
+ if (rc >= 0 && is_sb >= 2)
+ grub_lockdown ();
+}
+
grub_addr_t grub_modbase;
void
@@ -295,6 +519,8 @@ grub_machine_init (void)
#else
grub_install_get_time_ms (grub_rtc_get_time_ms);
#endif
+
+ grub_get_ieee1275_secure_boot ();
}
void
diff --git a/grub-core/kern/ieee1275/openfw.c b/grub-core/kern/ieee1275/openfw.c
index 4d493ab766..3a6689abb1 100644
--- a/grub-core/kern/ieee1275/openfw.c
+++ b/grub-core/kern/ieee1275/openfw.c
@@ -591,3 +591,66 @@ grub_ieee1275_get_boot_dev (void)
return bootpath;
}
+
+/* Check if it's a CAS reboot. If so, set the script to be executed. */
+int
+grub_ieee1275_cas_reboot (char *script)
+{
+ grub_uint32_t ibm_ca_support_reboot;
+ grub_uint32_t ibm_fw_nbr_reboots;
+ char property_value[10];
+ grub_ssize_t actual;
+ grub_ieee1275_ihandle_t options;
+
+ if (grub_ieee1275_finddevice ("/options", &options) < 0)
+ return -1;
+
+ /* Check two properties, one is enough to get cas reboot value */
+ ibm_ca_support_reboot = 0;
+ if (grub_ieee1275_get_integer_property (grub_ieee1275_chosen,
+ "ibm,client-architecture-support-reboot",
+ &ibm_ca_support_reboot,
+ sizeof (ibm_ca_support_reboot),
+ &actual) >= 0)
+ grub_dprintf("ieee1275", "ibm,client-architecture-support-reboot: %u\n",
+ ibm_ca_support_reboot);
+
+ ibm_fw_nbr_reboots = 0;
+ if (grub_ieee1275_get_property (options, "ibm,fw-nbr-reboots",
+ property_value, sizeof (property_value),
+ &actual) >= 0)
+ {
+ property_value[sizeof (property_value) - 1] = 0;
+ ibm_fw_nbr_reboots = (grub_uint8_t) grub_strtoul (property_value, 0, 10);
+ grub_dprintf("ieee1275", "ibm,fw-nbr-reboots: %u\n", ibm_fw_nbr_reboots);
+ }
+
+ if (ibm_ca_support_reboot || ibm_fw_nbr_reboots)
+ {
+ if (! grub_ieee1275_get_property_length (options, "boot-last-label", &actual))
+ {
+ if (actual > 1024)
+ script = grub_realloc (script, actual + 1);
+ grub_ieee1275_get_property (options, "boot-last-label", script, actual,
+ &actual);
+ return 0;
+ }
+ }
+
+ grub_ieee1275_set_boot_last_label ("");
+
+ return -1;
+}
+
+int grub_ieee1275_set_boot_last_label (const char *text)
+{
+ grub_ieee1275_ihandle_t options;
+ grub_ssize_t actual;
+
+ grub_dprintf("ieee1275", "set boot_last_label (size: %u)\n", grub_strlen(text));
+ if (! grub_ieee1275_finddevice ("/options", &options) &&
+ options != (grub_ieee1275_ihandle_t) -1)
+ grub_ieee1275_set_property (options, "boot-last-label", text,
+ grub_strlen (text), &actual);
+ return 0;
+}
diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
index 73967e2f5b..4c4e6912f9 100644
--- a/grub-core/kern/main.c
+++ b/grub-core/kern/main.c
@@ -128,16 +128,24 @@ grub_set_prefix_and_root (void)
grub_machine_get_bootlocation (&fwdevice, &fwpath);
- if (fwdevice)
+ if (fwdevice && fwpath)
{
- char *cmdpath;
+ char *fw_path;
+ char separator[3] = ")";
- cmdpath = grub_xasprintf ("(%s)%s", fwdevice, fwpath ? : "");
- if (cmdpath)
+ grub_dprintf ("fw_path", "\n");
+ grub_dprintf ("fw_path", "fwdevice:\"%s\" fwpath:\"%s\"\n", fwdevice, fwpath);
+
+ if (!grub_strncmp(fwdevice, "http", 4) && fwpath[0] != '/')
+ grub_strcpy(separator, ")/");
+
+ fw_path = grub_xasprintf ("(%s%s%s", fwdevice, separator, fwpath);
+ if (fw_path)
{
- grub_env_set ("cmdpath", cmdpath);
- grub_env_export ("cmdpath");
- grub_free (cmdpath);
+ grub_env_set ("fw_path", fw_path);
+ grub_env_export ("fw_path");
+ grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path);
+ grub_free (fw_path);
}
}
@@ -208,13 +216,67 @@ grub_set_prefix_and_root (void)
if (device)
{
char *prefix_set;
-
- prefix_set = grub_xasprintf ("(%s)%s", device, path ? : "");
- if (prefix_set)
+
+#ifdef __powerpc__
+ /* We have to be careful here on powerpc-ieee1275 + signed grub. We
+ will have signed something with a prefix that doesn't have a device
+ because we cannot know in advance what partition we're on.
+
+ We will have had !device earlier, so we will have set device=fwdevice
+ However, we want to make sure we do not end up setting prefix to be
+ ($fwdevice)/path, because we will then end up trying to boot or search
+ based on a prefix of (ieee1275/disk)/path, which will not work because
+ it's missing a partition.
+
+ Also:
+ - You can end up with a device with an FS directly on it, without
+ a partition, e.g. ieee1275/cdrom.
+
+ - powerpc-ieee1275 + grub-install sets e.g. prefix=(,gpt2)/path,
+ which will have now been extended to device=$fwdisk,partition
+ and path=/path
+
+ - PowerVM will give us device names like
+ ieee1275//vdevice/v-scsi@3000006c/disk@8100000000000000
+ and we don't want to try to encode some sort of truth table about
+ what sorts of paths represent disks with partition tables and those
+ without partition tables.
+
+ - Frustratingly, the device name itself can contain an embedded comma:
+ /pci@800000020000015/pci1014,034A@0/sas/disk@5000c50098a0ee8b
+ So we cannot even rely upon the presence of a comma to say that a
+ partition has been specified!
+
+ If we only have a path in $prefix, the code in normal to discover
+ config files will try all disks, both without partitions and then with
+ any partitions so we will cover both CDs and HDs.
+
+ However, it doesn't then set the prefix to be something like
+ (discovered partition)/path, and so it is fragile against runtime
+ changes to $root. For example some of the stuff done in 10_linux to
+ reload $root sets root differently and then uses search to find it
+ again. If the search module is not built in, when we change root, grub
+ will look in (new root)/path/powerpc-ieee1275, that won't work, and we
+ will not be able to load the search module and the boot will fail.
+
+ This is particularly likely to hit us in the grub-install
+ (,msdos2)/grub2 case, so we act unless the supplied prefix starts with
+ '(', which would likely indicate a partition has already been
+ specified.
+ */
+ if (prefix && prefix[0] != '(')
+ grub_env_set ("prefix", path);
+ else
+#endif
{
- grub_env_set ("prefix", prefix_set);
- grub_free (prefix_set);
+ prefix_set = grub_xasprintf ("(%s)%s", device, path ? : "");
+ if (prefix_set)
+ {
+ grub_env_set ("prefix", prefix_set);
+ grub_free (prefix_set);
+ }
}
+
grub_env_set ("root", device);
}
@@ -270,11 +332,6 @@ grub_main (void)
grub_boot_time ("After machine init.");
- /* Hello. */
- grub_setcolorstate (GRUB_TERM_COLOR_HIGHLIGHT);
- grub_printf ("Welcome to GRUB!\n\n");
- grub_setcolorstate (GRUB_TERM_COLOR_STANDARD);
-
/* Init verifiers API. */
grub_verifiers_init ();
diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c
index 2ed3ff3191..5c40c34078 100644
--- a/grub-core/kern/mips/arc/init.c
+++ b/grub-core/kern/mips/arc/init.c
@@ -276,7 +276,7 @@ grub_halt (void)
}
void
-grub_exit (void)
+grub_exit (int rc __attribute__((unused)))
{
GRUB_ARC_FIRMWARE_VECTOR->exit ();
diff --git a/grub-core/kern/mips/dl.c b/grub-core/kern/mips/dl.c
index 5d7d299c74..6d83bd71e9 100644
--- a/grub-core/kern/mips/dl.c
+++ b/grub-core/kern/mips/dl.c
@@ -272,3 +272,11 @@ grub_arch_dl_init_linker (void)
grub_dl_register_symbol ("_gp_disp", &_gp_disp_dummy, 0, 0);
}
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+ return 1;
+}
diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c
index 7b96531b98..dff598ca7b 100644
--- a/grub-core/kern/mips/loongson/init.c
+++ b/grub-core/kern/mips/loongson/init.c
@@ -304,7 +304,7 @@ grub_halt (void)
}
void
-grub_exit (void)
+grub_exit (int rc __attribute__((unused)))
{
grub_halt ();
}
diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c
index be88b77d22..8b6c55ffc0 100644
--- a/grub-core/kern/mips/qemu_mips/init.c
+++ b/grub-core/kern/mips/qemu_mips/init.c
@@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused)))
}
void
-grub_exit (void)
+grub_exit (int rc __attribute__((unused)))
{
grub_halt ();
}
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 3af336ee22..cb45461402 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -24,6 +24,10 @@
#include
#include
#include
+#include
+#if DEBUG_WITH_TIMESTAMPS
+#include
+#endif
union printf_arg
{
@@ -159,16 +163,41 @@ int grub_err_printf (const char *fmt, ...)
__attribute__ ((alias("grub_printf")));
#endif
+/* Return 1 if 'debug' is set and not empty */
+int
+grub_debug_is_enabled (void)
+{
+ const char *debug;
+
+ debug = grub_env_get ("debug");
+ if (!debug || debug[0] == '\0')
+ return 0;
+
+ return 1;
+}
+
int
grub_debug_enabled (const char * condition)
{
const char *debug;
+ char *negcond;
+ int negated = 0;
debug = grub_env_get ("debug");
if (!debug)
return 0;
- if (grub_strword (debug, "all") || grub_strword (debug, condition))
+ negcond = grub_zalloc (grub_strlen (condition) + 2);
+ if (negcond)
+ {
+ grub_strcpy (negcond, "-");
+ grub_strcpy (negcond+1, condition);
+ negated = grub_strword (debug, negcond);
+ grub_free (negcond);
+ }
+
+ if (!negated &&
+ (grub_strword (debug, "all") || grub_strword (debug, condition)))
return 1;
return 0;
@@ -179,9 +208,26 @@ grub_real_dprintf (const char *file, const int line, const char *condition,
const char *fmt, ...)
{
va_list args;
+#if DEBUG_WITH_TIMESTAMPS
+ static long unsigned int last_time = 0;
+ static int last_had_cr = 1;
+#endif
if (grub_debug_enabled (condition))
{
+#if DEBUG_WITH_TIMESTAMPS
+ /* Don't print timestamp if last printed message isn't terminated yet */
+ if (last_had_cr) {
+ long unsigned int tmabs = (long unsigned int) grub_get_time_ms();
+ long unsigned int tmrel = tmabs - last_time;
+ last_time = tmabs;
+ grub_printf ("%3lu.%03lus +%2lu.%03lus ", tmabs / 1000, tmabs % 1000, tmrel / 1000, tmrel % 1000);
+ }
+ if (fmt[grub_strlen(fmt)-1] == '\n')
+ last_had_cr = 1;
+ else
+ last_had_cr = 0;
+#endif
grub_printf ("%s:%d: ", file, line);
va_start (args, fmt);
grub_vprintf (fmt, args);
@@ -190,6 +236,24 @@ grub_real_dprintf (const char *file, const int line, const char *condition,
}
}
+void
+grub_qdprintf (const char *condition, const char *fmt, ...)
+{
+ va_list args;
+ const char *debug = grub_env_get ("debug");
+
+ if (! debug)
+ return;
+
+ if (grub_strword (debug, "all") || grub_strword (debug, condition))
+ {
+ va_start (args, fmt);
+ grub_vprintf (fmt, args);
+ va_end (args);
+ grub_refresh ();
+ }
+}
+
#define PREALLOC_SIZE 255
int
@@ -1196,11 +1260,16 @@ grub_printf_fmt_check (const char *fmt, const char *fmt_expected)
/* Abort GRUB. This function does not return. */
-static void __attribute__ ((noreturn))
+static inline void __attribute__ ((noreturn))
grub_abort (void)
{
- grub_printf ("\nAborted.");
-
+#if !defined(GRUB_MACHINE_EMU) && !defined(GRUB_UTIL)
+ grub_backtrace (1);
+#else
+ grub_printf ("\n");
+#endif
+ grub_printf ("Aborted.");
+
#ifndef GRUB_UTIL
if (grub_term_inputs)
#endif
@@ -1209,14 +1278,24 @@ grub_abort (void)
grub_getkey ();
}
- grub_exit ();
+ grub_exit (1);
}
+#if defined (__clang__) && !defined (GRUB_UTIL)
+/* clang emits references to abort(). */
+void __attribute__ ((noreturn))
+abort (void)
+{
+ grub_abort ();
+}
+#endif
+
void
grub_fatal (const char *fmt, ...)
{
va_list ap;
+ grub_printf ("\n");
va_start (ap, fmt);
grub_vprintf (_(fmt), ap);
va_end (ap);
@@ -1255,7 +1334,8 @@ grub_real_boot_time (const char *file,
n->next = 0;
va_start (args, fmt);
- n->msg = grub_xvasprintf (fmt, args);
+ n->msg = grub_xvasprintf (fmt, args);
+ grub_dprintf ("boot", "%s\n", n->msg);
va_end (args);
*boot_time_last = n;
diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
index c070afc621..d8c8377578 100644
--- a/grub-core/kern/mm.c
+++ b/grub-core/kern/mm.c
@@ -97,13 +97,13 @@ get_header_from_pointer (void *ptr, grub_mm_header_t *p, grub_mm_region_t *r)
break;
if (! *r)
- grub_fatal ("out of range pointer %p", ptr);
+ grub_fatal ("out of range pointer %p\n", ptr);
*p = (grub_mm_header_t) ptr - 1;
if ((*p)->magic == GRUB_MM_FREE_MAGIC)
- grub_fatal ("double free at %p", *p);
+ grub_fatal ("double free at %p\n", *p);
if ((*p)->magic != GRUB_MM_ALLOC_MAGIC)
- grub_fatal ("alloc magic is broken at %p: %lx", *p,
+ grub_fatal ("alloc magic is broken at %p: %lx\n", *p,
(unsigned long) (*p)->magic);
}
diff --git a/grub-core/kern/powerpc/dl.c b/grub-core/kern/powerpc/dl.c
index cdd61b305f..5d9ba2e158 100644
--- a/grub-core/kern/powerpc/dl.c
+++ b/grub-core/kern/powerpc/dl.c
@@ -167,3 +167,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+ return 1;
+}
diff --git a/grub-core/kern/riscv/dl.c b/grub-core/kern/riscv/dl.c
index f26b12aaa4..aa18f9e990 100644
--- a/grub-core/kern/riscv/dl.c
+++ b/grub-core/kern/riscv/dl.c
@@ -343,3 +343,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ return 4096;
+#else
+ return 1;
+#endif
+}
diff --git a/grub-core/kern/riscv/efi/startup.S b/grub-core/kern/riscv/efi/startup.S
index f2a7b2b1ed..781773136e 100644
--- a/grub-core/kern/riscv/efi/startup.S
+++ b/grub-core/kern/riscv/efi/startup.S
@@ -29,6 +29,7 @@
.file "startup.S"
.text
+FUNCTION(start)
FUNCTION(_start)
/*
* EFI_SYSTEM_TABLE and EFI_HANDLE are passed in a1/a0.
diff --git a/grub-core/kern/sparc64/dl.c b/grub-core/kern/sparc64/dl.c
index f3d960186b..f054f08241 100644
--- a/grub-core/kern/sparc64/dl.c
+++ b/grub-core/kern/sparc64/dl.c
@@ -189,3 +189,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+ return 1;
+}
diff --git a/grub-core/kern/sparc64/ieee1275/crt0.S b/grub-core/kern/sparc64/ieee1275/crt0.S
index 03b916f053..701bf63abc 100644
--- a/grub-core/kern/sparc64/ieee1275/crt0.S
+++ b/grub-core/kern/sparc64/ieee1275/crt0.S
@@ -22,7 +22,8 @@
.text
.align 4
- .globl _start
+ .globl start, _start
+start:
_start:
ba codestart
mov %o4, %o0
diff --git a/grub-core/kern/term.c b/grub-core/kern/term.c
index 14d5964983..4d61f4e979 100644
--- a/grub-core/kern/term.c
+++ b/grub-core/kern/term.c
@@ -144,9 +144,10 @@ grub_key_is_interrupt (int key)
/*
* ESC sometimes is the BIOS setup hotkey and may be hard to discover, also
* check F4, which was chosen because is not used as a hotkey to enter the
- * BIOS setup by any vendor.
+ * BIOS setup by any vendor. Also, F8 which was the key to get the Windows
+ * bootmenu for a long time.
*/
- if (key == GRUB_TERM_ESC || key == GRUB_TERM_KEY_F4)
+ if (key == GRUB_TERM_ESC || key == GRUB_TERM_KEY_F4 || key == GRUB_TERM_KEY_F8)
return 1;
/*
diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c
index 3e338645c5..be2a5be1d0 100644
--- a/grub-core/kern/uboot/init.c
+++ b/grub-core/kern/uboot/init.c
@@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size;
static unsigned long timer_start;
void
-grub_exit (void)
+grub_exit (int rc)
{
- grub_uboot_return (0);
+ grub_uboot_return (rc < 0 ? 1 : rc);
}
static grub_uint64_t
@@ -78,7 +78,7 @@ grub_machine_init (void)
if (!ver)
{
/* Don't even have a console to log errors to... */
- grub_exit ();
+ grub_exit (-1);
}
else if (ver > API_SIG_VERSION)
{
diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c
index e5a8bdcf4f..a105dc50ce 100644
--- a/grub-core/kern/x86_64/dl.c
+++ b/grub-core/kern/x86_64/dl.c
@@ -119,3 +119,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ return 4096;
+#else
+ return 1;
+#endif
+}
diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c
index 782ca72952..708b060f32 100644
--- a/grub-core/kern/xen/init.c
+++ b/grub-core/kern/xen/init.c
@@ -584,7 +584,7 @@ grub_machine_init (void)
}
void
-grub_exit (void)
+grub_exit (int rc __attribute__((unused)))
{
struct sched_shutdown arg;
diff --git a/grub-core/lib/.gitignore b/grub-core/lib/.gitignore
new file mode 100644
index 0000000000..6815459140
--- /dev/null
+++ b/grub-core/lib/.gitignore
@@ -0,0 +1 @@
+/libgcrypt-grub/
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
index ed0b149dca..8e2294d8ff 100644
--- a/grub-core/lib/cmdline.c
+++ b/grub-core/lib/cmdline.c
@@ -20,6 +20,12 @@
#include
#include
+static int
+is_hex(char c)
+{
+ return ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F'));
+}
+
static unsigned int check_arg (char *c, int *has_space)
{
int space = 0;
@@ -27,7 +33,13 @@ static unsigned int check_arg (char *c, int *has_space)
while (*c)
{
- if (*c == '\\' || *c == '\'' || *c == '"')
+ if (*c == '\\' && *(c+1) == 'x' && is_hex(*(c+2)) && is_hex(*(c+3)))
+ {
+ size += 4;
+ c += 4;
+ continue;
+ }
+ else if (*c == '\\' || *c == '\'' || *c == '"')
size++;
else if (*c == ' ')
space = 1;
@@ -86,7 +98,16 @@ grub_create_loader_cmdline (int argc, char *argv[], char *buf,
while (*c)
{
- if (*c == '\\' || *c == '\'' || *c == '"')
+ if (*c == '\\' && *(c+1) == 'x' &&
+ is_hex(*(c+2)) && is_hex(*(c+3)))
+ {
+ *buf++ = *c++;
+ *buf++ = *c++;
+ *buf++ = *c++;
+ *buf++ = *c++;
+ continue;
+ }
+ else if (*c == '\\' || *c == '\'' || *c == '"')
*buf++ = '\\';
*buf++ = *c;
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index ca334d5a40..c578128a59 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -121,6 +121,10 @@ grub_md_unregister (gcry_md_spec_t *cipher)
}
}
+struct gcry_pk_spec *grub_crypto_pk_dsa;
+struct gcry_pk_spec *grub_crypto_pk_ecdsa;
+struct gcry_pk_spec *grub_crypto_pk_rsa;
+
void
grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in,
grub_size_t inlen)
diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c
index 2e4e78b132..874506da16 100644
--- a/grub-core/lib/envblk.c
+++ b/grub-core/lib/envblk.c
@@ -223,6 +223,49 @@ grub_envblk_delete (grub_envblk_t envblk, const char *name)
}
}
+struct get_var_state {
+ const char * const name;
+ char * value;
+ int found;
+};
+
+static int
+get_var (const char * const name, const char * const value, void *statep)
+{
+ struct get_var_state *state = (struct get_var_state *)statep;
+
+ if (!grub_strcmp(state->name, name))
+ {
+ state->found = 1;
+ state->value = grub_strdup(value);
+ if (!state->value)
+ grub_errno = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+
+ return 1;
+ }
+
+ return 0;
+}
+
+grub_err_t
+grub_envblk_get (grub_envblk_t envblk, const char * const name, char ** const value)
+{
+ struct get_var_state state = {
+ .name = name,
+ .value = NULL,
+ .found = 0,
+ };
+
+ grub_envblk_iterate(envblk, (void *)&state, get_var);
+
+ *value = state.value;
+
+ if (state.found && !state.value)
+ return grub_errno;
+
+ return GRUB_ERR_NONE;
+}
+
void
grub_envblk_iterate (grub_envblk_t envblk,
void *hook_data,
diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c
index 0d371c5633..37e04bd69e 100644
--- a/grub-core/lib/fdt.c
+++ b/grub-core/lib/fdt.c
@@ -21,8 +21,6 @@
#include
#include
-GRUB_MOD_LICENSE ("GPLv3+");
-
#define FDT_SUPPORTED_VERSION 17
#define FDT_BEGIN_NODE 0x00000001
diff --git a/grub-core/lib/gnulib-patches/fix-base64.patch b/grub-core/lib/gnulib-patches/fix-base64.patch
deleted file mode 100644
index 985db12797..0000000000
--- a/grub-core/lib/gnulib-patches/fix-base64.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/lib/base64.h b/lib/base64.h
-index 9cd0183b8..185a2afa1 100644
---- a/lib/base64.h
-+++ b/lib/base64.h
-@@ -21,8 +21,14 @@
- /* Get size_t. */
- # include
-
--/* Get bool. */
--# include
-+#ifndef GRUB_POSIX_BOOL_DEFINED
-+typedef enum { false = 0, true = 1 } bool;
-+#define GRUB_POSIX_BOOL_DEFINED 1
-+#endif
-+
-+#ifndef _GL_ATTRIBUTE_CONST
-+# define _GL_ATTRIBUTE_CONST /* empty */
-+#endif
-
- # ifdef __cplusplus
- extern "C" {
diff --git a/grub-core/lib/gnulib-patches/fix-null-deref.patch b/grub-core/lib/gnulib-patches/fix-null-deref.patch
deleted file mode 100644
index 8fafa153a4..0000000000
--- a/grub-core/lib/gnulib-patches/fix-null-deref.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/lib/argp-parse.c b/lib/argp-parse.c
-index 6dec57310..900adad54 100644
---- a/lib/argp-parse.c
-+++ b/lib/argp-parse.c
-@@ -940,7 +940,7 @@ weak_alias (__argp_parse, argp_parse)
- void *
- __argp_input (const struct argp *argp, const struct argp_state *state)
- {
-- if (state)
-+ if (state && state->pstate)
- {
- struct group *group;
- struct parser *parser = state->pstate;
diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
deleted file mode 100644
index 813ec09c8a..0000000000
--- a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/lib/argp-help.c 2020-10-28 14:32:19.189215988 +0000
-+++ b/lib/argp-help.c 2020-10-28 14:38:21.204673940 +0000
-@@ -145,7 +145,8 @@
- if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin)
- {
- __argp_failure (state, 0, 0,
-- dgettext (state->root_argp->argp_domain,
-+ dgettext (state == NULL ? NULL
-+ : state->root_argp->argp_domain,
- "\
- ARGP_HELP_FMT: %s value is less than or equal to %s"),
- "rmargin", up->name);
diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
deleted file mode 100644
index 02e06315df..0000000000
--- a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/lib/regcomp.c 2020-11-24 17:06:08.159223858 +0000
-+++ b/lib/regcomp.c 2020-11-24 17:06:15.630253923 +0000
-@@ -3808,11 +3808,7 @@
- create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right,
- re_token_type_t type)
- {
-- re_token_t t;
--#if defined GCC_LINT || defined lint
-- memset (&t, 0, sizeof t);
--#endif
-- t.type = type;
-+ re_token_t t = { .type = type };
- return create_token_tree (dfa, left, right, &t);
- }
-
diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
deleted file mode 100644
index db6dac9c9e..0000000000
--- a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/lib/regexec.c 2020-10-21 14:25:35.310195912 +0000
-+++ b/lib/regexec.c 2020-11-05 10:55:09.621542984 +0000
-@@ -1692,6 +1692,9 @@
- {
- Idx top = mctx->state_log_top;
-
-+ if (mctx->state_log == NULL)
-+ return REG_NOERROR;
-+
- if ((next_state_log_idx >= mctx->input.bufs_len
- && mctx->input.bufs_len < mctx->input.len)
- || (next_state_log_idx >= mctx->input.valid_len
diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
deleted file mode 100644
index 7b4d9f67af..0000000000
--- a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/lib/regcomp.c 2020-10-22 13:49:06.770168928 +0000
-+++ b/lib/regcomp.c 2020-10-22 13:50:37.026528298 +0000
-@@ -3662,7 +3662,7 @@
- Idx alloc = 0;
- #endif /* not RE_ENABLE_I18N */
- reg_errcode_t ret;
-- re_token_t br_token;
-+ re_token_t br_token = {0};
- bin_tree_t *tree;
-
- sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch b/grub-core/lib/gnulib-patches/fix-unused-value.patch
deleted file mode 100644
index ba51f1bf22..0000000000
--- a/grub-core/lib/gnulib-patches/fix-unused-value.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- a/lib/regexec.c 2020-10-21 14:25:35.310195912 +0000
-+++ b/lib/regexec.c 2020-10-21 14:32:07.961765604 +0000
-@@ -828,7 +828,11 @@
- break;
- if (__glibc_unlikely (err != REG_NOMATCH))
- goto free_return;
-+#ifdef DEBUG
-+ /* Only used for assertion below when DEBUG is set, otherwise
-+ it will be over-written when we loop around. */
- match_last = -1;
-+#endif
- }
- else
- break; /* We found a match. */
diff --git a/grub-core/lib/gnulib-patches/fix-width.patch b/grub-core/lib/gnulib-patches/fix-width.patch
deleted file mode 100644
index 0a208ad08b..0000000000
--- a/grub-core/lib/gnulib-patches/fix-width.patch
+++ /dev/null
@@ -1,217 +0,0 @@
-diff --git a/lib/argp-fmtstream.c b/lib/argp-fmtstream.c
-index ba6a407f7..d0685b3d4 100644
---- a/lib/argp-fmtstream.c
-+++ b/lib/argp-fmtstream.c
-@@ -28,9 +28,11 @@
- #include
- #include
- #include
-+#include
-
- #include "argp-fmtstream.h"
- #include "argp-namefrob.h"
-+#include "mbswidth.h"
-
- #ifndef ARGP_FMTSTREAM_USE_LINEWRAP
-
-@@ -115,6 +117,51 @@ weak_alias (__argp_fmtstream_free, argp_fmtstream_free)
- #endif
- #endif
-
-+
-+/* Return the pointer to the first character that doesn't fit in l columns. */
-+static inline const ptrdiff_t
-+add_width (const char *ptr, const char *end, size_t l)
-+{
-+ mbstate_t ps;
-+ const char *ptr0 = ptr;
-+
-+ memset (&ps, 0, sizeof (ps));
-+
-+ while (ptr < end)
-+ {
-+ wchar_t wc;
-+ size_t s, k;
-+
-+ s = mbrtowc (&wc, ptr, end - ptr, &ps);
-+ if (s == (size_t) -1)
-+ break;
-+ if (s == (size_t) -2)
-+ {
-+ if (1 >= l)
-+ break;
-+ l--;
-+ ptr++;
-+ continue;
-+ }
-+
-+ if (wc == '\e' && ptr + 3 < end
-+ && ptr[1] == '[' && (ptr[2] == '0' || ptr[2] == '1')
-+ && ptr[3] == 'm')
-+ {
-+ ptr += 4;
-+ continue;
-+ }
-+
-+ k = wcwidth (wc);
-+
-+ if (k >= l)
-+ break;
-+ l -= k;
-+ ptr += s;
-+ }
-+ return ptr - ptr0;
-+}
-+
- /* Process FS's buffer so that line wrapping is done from POINT_OFFS to the
- end of its buffer. This code is mostly from glibc stdio/linewrap.c. */
- void
-@@ -168,13 +215,15 @@ __argp_fmtstream_update (argp_fmtstream_t fs)
- if (!nl)
- {
- /* The buffer ends in a partial line. */
-+ size_t display_width = mbsnwidth (buf, fs->p - buf,
-+ MBSW_STOP_AT_NUL);
-
-- if (fs->point_col + len < fs->rmargin)
-+ if (fs->point_col + display_width < fs->rmargin)
- {
- /* The remaining buffer text is a partial line and fits
- within the maximum line width. Advance point for the
- characters to be written and stop scanning. */
-- fs->point_col += len;
-+ fs->point_col += display_width;
- break;
- }
- else
-@@ -182,14 +231,18 @@ __argp_fmtstream_update (argp_fmtstream_t fs)
- the end of the buffer. */
- nl = fs->p;
- }
-- else if (fs->point_col + (nl - buf) < (ssize_t) fs->rmargin)
-- {
-- /* The buffer contains a full line that fits within the maximum
-- line width. Reset point and scan the next line. */
-- fs->point_col = 0;
-- buf = nl + 1;
-- continue;
-- }
-+ else
-+ {
-+ size_t display_width = mbsnwidth (buf, nl - buf, MBSW_STOP_AT_NUL);
-+ if (display_width < (ssize_t) fs->rmargin)
-+ {
-+ /* The buffer contains a full line that fits within the maximum
-+ line width. Reset point and scan the next line. */
-+ fs->point_col = 0;
-+ buf = nl + 1;
-+ continue;
-+ }
-+ }
-
- /* This line is too long. */
- r = fs->rmargin - 1;
-@@ -225,7 +278,7 @@ __argp_fmtstream_update (argp_fmtstream_t fs)
- char *p, *nextline;
- int i;
-
-- p = buf + (r + 1 - fs->point_col);
-+ p = buf + add_width (buf, fs->p, (r + 1 - fs->point_col));
- while (p >= buf && !isblank ((unsigned char) *p))
- --p;
- nextline = p + 1; /* This will begin the next line. */
-@@ -243,7 +296,7 @@ __argp_fmtstream_update (argp_fmtstream_t fs)
- {
- /* A single word that is greater than the maximum line width.
- Oh well. Put it on an overlong line by itself. */
-- p = buf + (r + 1 - fs->point_col);
-+ p = buf + add_width (buf, fs->p, (r + 1 - fs->point_col));
- /* Find the end of the long word. */
- if (p < nl)
- do
-@@ -277,7 +330,8 @@ __argp_fmtstream_update (argp_fmtstream_t fs)
- && fs->p > nextline)
- {
- /* The margin needs more blanks than we removed. */
-- if (fs->end - fs->p > fs->wmargin + 1)
-+ if (mbsnwidth (fs->p, fs->end - fs->p, MBSW_STOP_AT_NUL)
-+ > fs->wmargin + 1)
- /* Make some space for them. */
- {
- size_t mv = fs->p - nextline;
-diff --git a/lib/argp-help.c b/lib/argp-help.c
-index e5375a0f0..5d8f451ec 100644
---- a/lib/argp-help.c
-+++ b/lib/argp-help.c
-@@ -51,6 +51,7 @@
- #include "argp.h"
- #include "argp-fmtstream.h"
- #include "argp-namefrob.h"
-+#include "mbswidth.h"
-
- #ifndef SIZE_MAX
- # define SIZE_MAX ((size_t) -1)
-@@ -1432,7 +1433,7 @@ argp_args_usage (const struct argp *argp, const struct argp_state *state,
-
- /* Manually do line wrapping so that it (probably) won't get wrapped at
- any embedded spaces. */
-- space (stream, 1 + nl - cp);
-+ space (stream, 1 + mbsnwidth (cp, nl - cp, MBSW_STOP_AT_NUL));
-
- __argp_fmtstream_write (stream, cp, nl - cp);
- }
-diff --git a/lib/mbswidth.c b/lib/mbswidth.c
-index 408a15e34..b3fb7f83a 100644
---- a/lib/mbswidth.c
-+++ b/lib/mbswidth.c
-@@ -38,6 +38,14 @@
- /* Get INT_MAX. */
- #include
-
-+#ifndef FALLTHROUGH
-+# if __GNUC__ < 7
-+# define FALLTHROUGH ((void) 0)
-+# else
-+# define FALLTHROUGH __attribute__ ((__fallthrough__))
-+# endif
-+#endif
-+
- /* Returns the number of columns needed to represent the multibyte
- character string pointed to by STRING. If a non-printable character
- occurs, and MBSW_REJECT_UNPRINTABLE is specified, -1 is returned.
-@@ -90,6 +98,10 @@ mbsnwidth (const char *string, size_t nbytes, int flags)
- p++;
- width++;
- break;
-+ case '\0':
-+ if (flags & MBSW_STOP_AT_NUL)
-+ return width;
-+ FALLTHROUGH;
- default:
- /* If we have a multibyte sequence, scan it up to its end. */
- {
-@@ -168,6 +180,9 @@ mbsnwidth (const char *string, size_t nbytes, int flags)
- {
- unsigned char c = (unsigned char) *p++;
-
-+ if (c == 0 && (flags & MBSW_STOP_AT_NUL))
-+ return width;
-+
- if (isprint (c))
- {
- if (width == INT_MAX)
-diff --git a/lib/mbswidth.h b/lib/mbswidth.h
-index 2b5c53c37..45a123e63 100644
---- a/lib/mbswidth.h
-+++ b/lib/mbswidth.h
-@@ -45,6 +45,10 @@ extern "C" {
- control characters and 1 otherwise. */
- #define MBSW_REJECT_UNPRINTABLE 2
-
-+/* If this bit is set \0 is treated as the end of string.
-+ Otherwise it's treated as a normal one column width character. */
-+#define MBSW_STOP_AT_NUL 4
-+
-
- /* Returns the number of screen columns needed for STRING. */
- #define mbswidth gnu_mbswidth /* avoid clash with UnixWare 7.1.1 function */
diff --git a/grub-core/lib/gnulib-patches/no-abort.patch b/grub-core/lib/gnulib-patches/no-abort.patch
deleted file mode 100644
index e469c4762e..0000000000
--- a/grub-core/lib/gnulib-patches/no-abort.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/lib/regcomp.c b/lib/regcomp.c
-index cc85f35ac..de45ebb5c 100644
---- a/lib/regcomp.c
-+++ b/lib/regcomp.c
-@@ -528,9 +528,9 @@ regerror (int errcode, const regex_t *__restrict preg, char *__restrict errbuf,
- to this routine. If we are given anything else, or if other regex
- code generates an invalid error code, then the program has a bug.
- Dump core so we can fix it. */
-- abort ();
--
-- msg = gettext (__re_error_msgid + __re_error_msgid_idx[errcode]);
-+ msg = gettext ("unknown regexp error");
-+ else
-+ msg = gettext (__re_error_msgid + __re_error_msgid_idx[errcode]);
-
- msg_size = strlen (msg) + 1; /* Includes the null. */
-
-@@ -1136,7 +1136,7 @@ optimize_utf8 (re_dfa_t *dfa)
- }
- break;
- default:
-- abort ();
-+ break;
- }
-
- if (mb_chars || has_period)
diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c
deleted file mode 100644
index c3e03c7275..0000000000
--- a/grub-core/lib/i386/backtrace.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * GRUB -- GRand Unified Bootloader
- * Copyright (C) 2009 Free Software Foundation, Inc.
- *
- * GRUB is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * GRUB is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with GRUB. If not, see .
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#define MAX_STACK_FRAME 102400
-
-void
-grub_backtrace_pointer (void *ebp)
-{
- void *ptr, *nptr;
- unsigned i;
-
- ptr = ebp;
- while (1)
- {
- grub_printf ("%p: ", ptr);
- grub_backtrace_print_address (((void **) ptr)[1]);
- grub_printf (" (");
- for (i = 0; i < 2; i++)
- grub_printf ("%p,", ((void **)ptr) [i + 2]);
- grub_printf ("%p)\n", ((void **)ptr) [i + 2]);
- nptr = *(void **)ptr;
- if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME
- || nptr == ptr)
- {
- grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr);
- break;
- }
- ptr = nptr;
- }
-}
-
-void
-grub_backtrace (void)
-{
-#ifdef __x86_64__
- asm volatile ("movq %%rbp, %%rdi\n"
- "callq *%%rax": :"a"(grub_backtrace_pointer));
-#else
- asm volatile ("movl %%ebp, %%eax\n"
- "calll *%%ecx": :"c"(grub_backtrace_pointer));
-#endif
-}
-
diff --git a/grub-core/lib/libtasn1/LICENSE b/grub-core/lib/libtasn1/LICENSE
new file mode 100644
index 0000000000..e8b3628db9
--- /dev/null
+++ b/grub-core/lib/libtasn1/LICENSE
@@ -0,0 +1,16 @@
+LICENSING
+=========
+
+The libtasn1 library is released under the GNU Lesser General Public
+License (LGPL) version 2.1 or later; see [COPYING.LESSER](doc/COPYING.LESSER)
+for the license terms.
+
+The GNU LGPL applies to the main libtasn1 library, while the
+included applications library are under the GNU GPL version 3.
+The libtasn1 library is located in the lib directory, while the applications
+in src/.
+
+The documentation in doc/ is under the GNU FDL license 1.3.
+
+For any copyright year range specified as YYYY-ZZZZ in this package
+note that the range specifies every single year in that closed interval.
diff --git a/grub-core/lib/libtasn1/README.md b/grub-core/lib/libtasn1/README.md
new file mode 100644
index 0000000000..50a8642296
--- /dev/null
+++ b/grub-core/lib/libtasn1/README.md
@@ -0,0 +1,91 @@
+|Branch|CI system|Status|
+|:----:|:-------:|-----:|
+|Master|Gitlab|[![build status](https://gitlab.com/gnutls/libtasn1/badges/master/pipeline.svg)](https://gitlab.com/gnutls/libtasn1/commits/master)[![coverage report](https://gitlab.com/gnutls/libtasn1/badges/master/coverage.svg)](https://gnutls.gitlab.io/libtasn1/coverage)|
+
+# libtasn1
+
+This is GNU Libtasn1, a small ASN.1 library.
+
+The C library (libtasn1.*) is licensed under the GNU Lesser General
+Public License version 2.1 or later. See the file COPYING.LIB.
+
+The command line tool, self tests, examples, and other auxilliary
+files, are licensed under the GNU General Public License version 3.0
+or later. See the file COPYING.
+
+## Building the library
+
+We require several tools to build the software, including:
+
+* [Make](https://www.gnu.org/software/make/)
+* [Automake](https://www.gnu.org/software/automake/) (use 1.11.3 or later)
+* [Autoconf](https://www.gnu.org/software/autoconf/)
+* [Libtool](https://www.gnu.org/software/libtool/)
+* [Texinfo](https://www.gnu.org/software/texinfo/)
+* [help2man](http://www.gnu.org/software/help2man/)
+* [Tar](https://www.gnu.org/software/tar/)
+* [Gzip](https://www.gnu.org/software/gzip/)
+* [bison](https://www.gnu.org/software/bison/)
+* [Texlive & epsf](https://www.tug.org/texlive/) (for PDF manual)
+* [GTK-DOC](https://www.gtk.org/gtk-doc/) (for API manual)
+* [Git](https://git-scm.com/)
+* [libabigail](https://pagure.io/libabigail/) (for abi comparison in make dist)
+* [Valgrind](https://valgrind.org/) (optional)
+
+The required software is typically distributed with your operating
+system, and the instructions for installing them differ. Here are
+some hints:
+
+gNewSense/Debian/Ubuntu:
+```
+sudo apt-get install make git-core autoconf automake libtool
+sudo apt-get install texinfo texlive texlive-generic-recommended texlive-extra-utils
+sudo apt-get install help2man gtk-doc-tools valgrind abigail-tools
+```
+
+The next step is to run autoreconf, ./configure, etc:
+
+```
+$ ./bootstrap
+```
+
+Then build the project normally:
+
+```
+$ make
+$ make check
+```
+
+Happy hacking!
+
+
+## Manual
+
+The manual is in the `doc/` directory of the release. You can also browse
+the manual online at:
+
+ - https://gnutls.gitlab.io/libtasn1/
+
+
+## Code coverage report
+
+The coverage report is at:
+
+ - https://gnutls.gitlab.io/libtasn1/coverage
+
+
+## Issue trackers
+
+ - [Main issue tracker](https://gitlab.com/gnutls/libtasn1/issues)
+ - [oss-fuzz found issues](https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libtasn1&can=2)
+
+
+## Homepage
+
+The project homepage at the gnu site is at:
+
+http://www.gnu.org/software/libtasn1/
+
+
+For any copyright year range specified as YYYY-ZZZZ in this package
+note that the range specifies every single year in that closed interval.
diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c
new file mode 100644
index 0000000000..52def59836
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/coding.c
@@ -0,0 +1,1423 @@
+/*
+ * Copyright (C) 2002-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+
+/*****************************************************/
+/* File: coding.c */
+/* Description: Functions to create a DER coding of */
+/* an ASN1 type. */
+/*****************************************************/
+
+#include
+#include "parser_aux.h"
+#include
+#include "element.h"
+#include
+
+#define MAX_TAG_LEN 16
+
+#if 0
+/******************************************************/
+/* Function : _asn1_error_description_value_not_found */
+/* Description: creates the ErrorDescription string */
+/* for the ASN1_VALUE_NOT_FOUND error. */
+/* Parameters: */
+/* node: node of the tree where the value is NULL. */
+/* ErrorDescription: string returned. */
+/* Return: */
+/******************************************************/
+static void
+_asn1_error_description_value_not_found (asn1_node node,
+ char *ErrorDescription)
+{
+
+ if (ErrorDescription == NULL)
+ return;
+
+ Estrcpy (ErrorDescription, ":: value of element '");
+ _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription),
+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
+ Estrcat (ErrorDescription, "' not found");
+
+}
+#endif
+
+/**
+ * asn1_length_der:
+ * @len: value to convert.
+ * @der: buffer to hold the returned encoding (may be %NULL).
+ * @der_len: number of meaningful bytes of ANS (der[0]..der[der_len-1]).
+ *
+ * Creates the DER encoding of the provided length value.
+ * The @der buffer must have enough room for the output. The maximum
+ * length this function will encode is %ASN1_MAX_LENGTH_SIZE.
+ *
+ * To know the size of the DER encoding use a %NULL value for @der.
+ **/
+void
+asn1_length_der (unsigned long int len, unsigned char *der, int *der_len)
+{
+ int k;
+ unsigned char temp[ASN1_MAX_LENGTH_SIZE];
+#if SIZEOF_UNSIGNED_LONG_INT > 8
+ len &= 0xFFFFFFFFFFFFFFFF;
+#endif
+
+ if (len < 128)
+ {
+ /* short form */
+ if (der != NULL)
+ der[0] = (unsigned char) len;
+ *der_len = 1;
+ }
+ else
+ {
+ /* Long form */
+ k = 0;
+ while (len)
+ {
+ temp[k++] = len & 0xFF;
+ len = len >> 8;
+ }
+ *der_len = k + 1;
+ if (der != NULL)
+ {
+ der[0] = ((unsigned char) k & 0x7F) + 128;
+ while (k--)
+ der[*der_len - 1 - k] = temp[k];
+ }
+ }
+}
+
+/******************************************************/
+/* Function : _asn1_tag_der */
+/* Description: creates the DER coding for the CLASS */
+/* and TAG parameters. */
+/* It is limited by the ASN1_MAX_TAG_SIZE variable */
+/* Parameters: */
+/* class: value to convert. */
+/* tag_value: value to convert. */
+/* ans: string returned. */
+/* ans_len: number of meaningful bytes of ANS */
+/* (ans[0]..ans[ans_len-1]). */
+/* Return: */
+/******************************************************/
+static void
+_asn1_tag_der (unsigned char class, unsigned int tag_value,
+ unsigned char ans[ASN1_MAX_TAG_SIZE], int *ans_len)
+{
+ int k;
+ unsigned char temp[ASN1_MAX_TAG_SIZE];
+
+ if (tag_value < 31)
+ {
+ /* short form */
+ ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F));
+ *ans_len = 1;
+ }
+ else
+ {
+ /* Long form */
+ ans[0] = (class & 0xE0) + 31;
+ k = 0;
+ while (tag_value != 0)
+ {
+ temp[k++] = tag_value & 0x7F;
+ tag_value >>= 7;
+
+ if (k > ASN1_MAX_TAG_SIZE - 1)
+ break; /* will not encode larger tags */
+ }
+ *ans_len = k + 1;
+ while (k--)
+ ans[*ans_len - 1 - k] = temp[k] + 128;
+ ans[*ans_len - 1] -= 128;
+ }
+}
+
+/**
+ * asn1_octet_der:
+ * @str: the input data.
+ * @str_len: STR length (str[0]..str[*str_len-1]).
+ * @der: encoded string returned.
+ * @der_len: number of meaningful bytes of DER (der[0]..der[der_len-1]).
+ *
+ * Creates a length-value DER encoding for the input data.
+ * The DER encoding of the input data will be placed in the @der variable.
+ *
+ * Note that the OCTET STRING tag is not included in the output.
+ *
+ * This function does not return any value because it is expected
+ * that @der_len will contain enough bytes to store the string
+ * plus the DER encoding. The DER encoding size can be obtained using
+ * asn1_length_der().
+ **/
+void
+asn1_octet_der (const unsigned char *str, int str_len,
+ unsigned char *der, int *der_len)
+{
+ int len_len;
+
+ if (der == NULL || str_len < 0)
+ return;
+
+ asn1_length_der (str_len, der, &len_len);
+ memcpy (der + len_len, str, str_len);
+ *der_len = str_len + len_len;
+}
+
+
+/**
+ * asn1_encode_simple_der:
+ * @etype: The type of the string to be encoded (ASN1_ETYPE_)
+ * @str: the string data.
+ * @str_len: the string length
+ * @tl: the encoded tag and length
+ * @tl_len: the bytes of the @tl field
+ *
+ * Creates the DER encoding for various simple ASN.1 types like strings etc.
+ * It stores the tag and length in @tl, which should have space for at least
+ * %ASN1_MAX_TL_SIZE bytes. Initially @tl_len should contain the size of @tl.
+ *
+ * The complete DER encoding should consist of the value in @tl appended
+ * with the provided @str.
+ *
+ * Returns: %ASN1_SUCCESS if successful or an error value.
+ **/
+int
+asn1_encode_simple_der (unsigned int etype, const unsigned char *str,
+ unsigned int str_len, unsigned char *tl,
+ unsigned int *tl_len)
+{
+ int tag_len, len_len;
+ unsigned tlen;
+ unsigned char der_tag[ASN1_MAX_TAG_SIZE];
+ unsigned char der_length[ASN1_MAX_LENGTH_SIZE];
+ unsigned char *p;
+
+ if (str == NULL)
+ return ASN1_VALUE_NOT_VALID;
+
+ if (ETYPE_OK (etype) == 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ /* doesn't handle constructed classes */
+ if (ETYPE_CLASS (etype) != ASN1_CLASS_UNIVERSAL)
+ return ASN1_VALUE_NOT_VALID;
+
+ _asn1_tag_der (ETYPE_CLASS (etype), ETYPE_TAG (etype), der_tag, &tag_len);
+
+ asn1_length_der (str_len, der_length, &len_len);
+
+ if (tag_len <= 0 || len_len <= 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ tlen = tag_len + len_len;
+
+ if (*tl_len < tlen)
+ return ASN1_MEM_ERROR;
+
+ p = tl;
+ memcpy (p, der_tag, tag_len);
+ p += tag_len;
+ memcpy (p, der_length, len_len);
+
+ *tl_len = tlen;
+
+ return ASN1_SUCCESS;
+}
+
+#if 0
+/******************************************************/
+/* Function : _asn1_time_der */
+/* Description: creates the DER coding for a TIME */
+/* type (length included). */
+/* Parameters: */
+/* str: TIME null-terminated string. */
+/* der: string returned. */
+/* der_len: number of meaningful bytes of DER */
+/* (der[0]..der[ans_len-1]). Initially it */
+/* if must store the lenght of DER. */
+/* Return: */
+/* ASN1_MEM_ERROR when DER isn't big enough */
+/* ASN1_SUCCESS otherwise */
+/******************************************************/
+static int
+_asn1_time_der (unsigned char *str, int str_len, unsigned char *der,
+ int *der_len)
+{
+ int len_len;
+ int max_len;
+
+ if (der == NULL)
+ return ASN1_VALUE_NOT_VALID;
+
+ max_len = *der_len;
+
+ asn1_length_der (str_len, (max_len > 0) ? der : NULL, &len_len);
+
+ if ((len_len + str_len) <= max_len)
+ memcpy (der + len_len, str, str_len);
+ *der_len = len_len + str_len;
+
+ if ((*der_len) > max_len)
+ return ASN1_MEM_ERROR;
+
+ return ASN1_SUCCESS;
+}
+#endif
+
+/*
+void
+_asn1_get_utctime_der(unsigned char *der,int *der_len,unsigned char *str)
+{
+ int len_len,str_len;
+ char temp[20];
+
+ if(str==NULL) return;
+ str_len=asn1_get_length_der(der,*der_len,&len_len);
+ if (str_len<0) return;
+ memcpy(temp,der+len_len,str_len);
+ *der_len=str_len+len_len;
+ switch(str_len)
+ {
+ case 11:
+ temp[10]=0;
+ strcat(temp,"00+0000");
+ break;
+ case 13:
+ temp[12]=0;
+ strcat(temp,"+0000");
+ break;
+ case 15:
+ temp[15]=0;
+ memmove(temp+12,temp+10,6);
+ temp[10]=temp[11]='0';
+ break;
+ case 17:
+ temp[17]=0;
+ break;
+ default:
+ return;
+ }
+ strcpy(str,temp);
+}
+*/
+
+static
+void encode_val(uint64_t val, unsigned char *der, int max_len, int *der_len)
+{
+ int first, k;
+ unsigned char bit7;
+
+ first = 0;
+ for (k = sizeof(val); k >= 0; k--)
+ {
+ bit7 = (val >> (k * 7)) & 0x7F;
+ if (bit7 || first || !k)
+ {
+ if (k)
+ bit7 |= 0x80;
+ if (max_len > (*der_len))
+ der[*der_len] = bit7;
+ (*der_len)++;
+ first = 1;
+ }
+ }
+}
+
+/******************************************************/
+/* Function : _asn1_object_id_der */
+/* Description: creates the DER coding for an */
+/* OBJECT IDENTIFIER type (length included). */
+/* Parameters: */
+/* str: OBJECT IDENTIFIER null-terminated string. */
+/* der: string returned. */
+/* der_len: number of meaningful bytes of DER */
+/* (der[0]..der[ans_len-1]). Initially it */
+/* must store the length of DER. */
+/* Return: */
+/* ASN1_MEM_ERROR when DER isn't big enough */
+/* ASN1_SUCCESS if succesful */
+/* or an error value. */
+/******************************************************/
+static int
+_asn1_object_id_der (const char *str, unsigned char *der, int *der_len)
+{
+ int len_len, counter, max_len;
+ char *temp, *n_end, *n_start;
+ uint64_t val, val1 = 0;
+ int str_len = _asn1_strlen (str);
+
+ max_len = *der_len;
+ *der_len = 0;
+
+ if (der == NULL && max_len > 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ temp = malloc (str_len + 2);
+ if (temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ memcpy (temp, str, str_len);
+ temp[str_len] = '.';
+ temp[str_len + 1] = 0;
+
+ counter = 0;
+ n_start = temp;
+ while ((n_end = strchr (n_start, '.')))
+ {
+ *n_end = 0;
+ val = _asn1_strtou64 (n_start, NULL, 10);
+ counter++;
+
+ if (counter == 1)
+ {
+ val1 = val;
+ }
+ else if (counter == 2)
+ {
+ uint64_t val0;
+
+ if (val1 > 2)
+ {
+ free(temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ else if ((val1 == 0 || val1 == 1) && val > 39)
+ {
+ free(temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+
+ val0 = 40 * val1 + val;
+ encode_val(val0, der, max_len, der_len);
+ }
+ else
+ {
+ encode_val(val, der, max_len, der_len);
+ }
+ n_start = n_end + 1;
+ }
+
+ asn1_length_der (*der_len, NULL, &len_len);
+ if (max_len >= (*der_len + len_len))
+ {
+ memmove (der + len_len, der, *der_len);
+ asn1_length_der (*der_len, der, &len_len);
+ }
+ *der_len += len_len;
+
+ free (temp);
+
+ if (max_len < (*der_len))
+ return ASN1_MEM_ERROR;
+
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_object_id_der:
+ * @str: An object identifier in numeric, dot format.
+ * @der: buffer to hold the returned encoding (may be %NULL).
+ * @der_len: initially the size of @der; will hold the final size.
+ * @flags: must be zero
+ *
+ * Creates the DER encoding of the provided object identifier.
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding was OK, %ASN1_VALUE_NOT_VALID
+ * if @str is not a valid OID, %ASN1_MEM_ERROR if the @der
+ * vector isn't big enough and in this case @der_len will contain the
+ * length needed.
+ **/
+int asn1_object_id_der(const char *str, unsigned char *der, int *der_len, unsigned flags)
+{
+ unsigned char tag_der[MAX_TAG_LEN];
+ int tag_len = 0, r;
+ int max_len = *der_len;
+
+ *der_len = 0;
+
+ _asn1_tag_der (ETYPE_CLASS (ASN1_ETYPE_OBJECT_ID), ETYPE_TAG (ASN1_ETYPE_OBJECT_ID),
+ tag_der, &tag_len);
+
+ if (max_len > tag_len)
+ {
+ memcpy(der, tag_der, tag_len);
+ }
+ max_len -= tag_len;
+ der += tag_len;
+
+ r = _asn1_object_id_der (str, der, &max_len);
+ if (r == ASN1_MEM_ERROR || r == ASN1_SUCCESS)
+ {
+ *der_len = max_len + tag_len;
+ }
+
+ return r;
+}
+
+static const unsigned char bit_mask[] =
+ { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
+
+/**
+ * asn1_bit_der:
+ * @str: BIT string.
+ * @bit_len: number of meaningful bits in STR.
+ * @der: string returned.
+ * @der_len: number of meaningful bytes of DER
+ * (der[0]..der[ans_len-1]).
+ *
+ * Creates a length-value DER encoding for the input data
+ * as it would have been for a BIT STRING.
+ * The DER encoded data will be copied in @der.
+ *
+ * Note that the BIT STRING tag is not included in the output.
+ *
+ * This function does not return any value because it is expected
+ * that @der_len will contain enough bytes to store the string
+ * plus the DER encoding. The DER encoding size can be obtained using
+ * asn1_length_der().
+ **/
+void
+asn1_bit_der (const unsigned char *str, int bit_len,
+ unsigned char *der, int *der_len)
+{
+ int len_len, len_byte, len_pad;
+
+ if (der == NULL)
+ return;
+
+ len_byte = bit_len >> 3;
+ len_pad = 8 - (bit_len & 7);
+ if (len_pad == 8)
+ len_pad = 0;
+ else
+ len_byte++;
+ asn1_length_der (len_byte + 1, der, &len_len);
+ der[len_len] = len_pad;
+
+ if (str)
+ memcpy (der + len_len + 1, str, len_byte);
+ der[len_len + len_byte] &= bit_mask[len_pad];
+ *der_len = len_byte + len_len + 1;
+}
+
+
+#if 0
+/******************************************************/
+/* Function : _asn1_complete_explicit_tag */
+/* Description: add the length coding to the EXPLICIT */
+/* tags. */
+/* Parameters: */
+/* node: pointer to the tree element. */
+/* der: string with the DER coding of the whole tree*/
+/* counter: number of meaningful bytes of DER */
+/* (der[0]..der[*counter-1]). */
+/* max_len: size of der vector */
+/* Return: */
+/* ASN1_MEM_ERROR if der vector isn't big enough, */
+/* otherwise ASN1_SUCCESS. */
+/******************************************************/
+static int
+_asn1_complete_explicit_tag (asn1_node node, unsigned char *der,
+ int *counter, int *max_len)
+{
+ asn1_node p;
+ int is_tag_implicit, len2, len3;
+ unsigned char temp[SIZEOF_UNSIGNED_INT];
+
+ if (der == NULL && *max_len > 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG)
+ {
+ p = node->down;
+ if (p == NULL)
+ return ASN1_DER_ERROR;
+ /* When there are nested tags we must complete them reverse to
+ the order they were created. This is because completing a tag
+ modifies all data within it, including the incomplete tags
+ which store buffer positions -- simon@josefsson.org 2002-09-06
+ */
+ while (p->right)
+ p = p->right;
+ while (p && p != node->down->left)
+ {
+ if (type_field (p->type) == ASN1_ETYPE_TAG)
+ {
+ if (p->type & CONST_EXPLICIT)
+ {
+ len2 = strtol (p->name, NULL, 10);
+ _asn1_set_name (p, NULL);
+
+ asn1_length_der (*counter - len2, temp, &len3);
+ if (len3 <= (*max_len))
+ {
+ memmove (der + len2 + len3, der + len2,
+ *counter - len2);
+ memcpy (der + len2, temp, len3);
+ }
+ *max_len -= len3;
+ *counter += len3;
+ is_tag_implicit = 0;
+ }
+ else
+ { /* CONST_IMPLICIT */
+ if (!is_tag_implicit)
+ {
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->left;
+ }
+ }
+
+ if (*max_len < 0)
+ return ASN1_MEM_ERROR;
+
+ return ASN1_SUCCESS;
+}
+#endif
+
+const tag_and_class_st _asn1_tags[] = {
+ [ASN1_ETYPE_GENERALSTRING] =
+ {ASN1_TAG_GENERALSTRING, ASN1_CLASS_UNIVERSAL, "type:GENERALSTRING"},
+ [ASN1_ETYPE_NUMERIC_STRING] =
+ {ASN1_TAG_NUMERIC_STRING, ASN1_CLASS_UNIVERSAL, "type:NUMERIC_STR"},
+ [ASN1_ETYPE_IA5_STRING] =
+ {ASN1_TAG_IA5_STRING, ASN1_CLASS_UNIVERSAL, "type:IA5_STR"},
+ [ASN1_ETYPE_TELETEX_STRING] =
+ {ASN1_TAG_TELETEX_STRING, ASN1_CLASS_UNIVERSAL, "type:TELETEX_STR"},
+ [ASN1_ETYPE_PRINTABLE_STRING] =
+ {ASN1_TAG_PRINTABLE_STRING, ASN1_CLASS_UNIVERSAL, "type:PRINTABLE_STR"},
+ [ASN1_ETYPE_UNIVERSAL_STRING] =
+ {ASN1_TAG_UNIVERSAL_STRING, ASN1_CLASS_UNIVERSAL, "type:UNIVERSAL_STR"},
+ [ASN1_ETYPE_BMP_STRING] =
+ {ASN1_TAG_BMP_STRING, ASN1_CLASS_UNIVERSAL, "type:BMP_STR"},
+ [ASN1_ETYPE_UTF8_STRING] =
+ {ASN1_TAG_UTF8_STRING, ASN1_CLASS_UNIVERSAL, "type:UTF8_STR"},
+ [ASN1_ETYPE_VISIBLE_STRING] =
+ {ASN1_TAG_VISIBLE_STRING, ASN1_CLASS_UNIVERSAL, "type:VISIBLE_STR"},
+ [ASN1_ETYPE_OCTET_STRING] =
+ {ASN1_TAG_OCTET_STRING, ASN1_CLASS_UNIVERSAL, "type:OCT_STR"},
+ [ASN1_ETYPE_BIT_STRING] =
+ {ASN1_TAG_BIT_STRING, ASN1_CLASS_UNIVERSAL, "type:BIT_STR"},
+ [ASN1_ETYPE_OBJECT_ID] =
+ {ASN1_TAG_OBJECT_ID, ASN1_CLASS_UNIVERSAL, "type:OBJ_ID"},
+ [ASN1_ETYPE_NULL] = {ASN1_TAG_NULL, ASN1_CLASS_UNIVERSAL, "type:NULL"},
+ [ASN1_ETYPE_BOOLEAN] =
+ {ASN1_TAG_BOOLEAN, ASN1_CLASS_UNIVERSAL, "type:BOOLEAN"},
+ [ASN1_ETYPE_INTEGER] =
+ {ASN1_TAG_INTEGER, ASN1_CLASS_UNIVERSAL, "type:INTEGER"},
+ [ASN1_ETYPE_ENUMERATED] =
+ {ASN1_TAG_ENUMERATED, ASN1_CLASS_UNIVERSAL, "type:ENUMERATED"},
+ [ASN1_ETYPE_SEQUENCE] =
+ {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SEQUENCE"},
+ [ASN1_ETYPE_SEQUENCE_OF] =
+ {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SEQ_OF"},
+ [ASN1_ETYPE_SET] =
+ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SET"},
+ [ASN1_ETYPE_SET_OF] =
+ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SET_OF"},
+ [ASN1_ETYPE_GENERALIZED_TIME] =
+ {ASN1_TAG_GENERALIZEDTime, ASN1_CLASS_UNIVERSAL, "type:GENERALIZED_TIME"},
+ [ASN1_ETYPE_UTC_TIME] =
+ {ASN1_TAG_UTCTime, ASN1_CLASS_UNIVERSAL, "type:UTC_TIME"},
+};
+
+unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof (_asn1_tags[0]);
+
+
+#if 0
+/******************************************************/
+/* Function : _asn1_insert_tag_der */
+/* Description: creates the DER coding of tags of one */
+/* NODE. */
+/* Parameters: */
+/* node: pointer to the tree element. */
+/* der: string returned */
+/* counter: number of meaningful bytes of DER */
+/* (counter[0]..der[*counter-1]). */
+/* max_len: size of der vector */
+/* Return: */
+/* ASN1_GENERIC_ERROR if the type is unknown, */
+/* ASN1_MEM_ERROR if der vector isn't big enough, */
+/* otherwise ASN1_SUCCESS. */
+/******************************************************/
+static int
+_asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter,
+ int *max_len)
+{
+ asn1_node p;
+ int tag_len, is_tag_implicit;
+ unsigned char class, class_implicit = 0, temp[MAX(SIZEOF_UNSIGNED_INT * 3 + 1, LTOSTR_MAX_SIZE)];
+ unsigned long tag_implicit = 0;
+ unsigned char tag_der[MAX_TAG_LEN];
+
+ is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG)
+ {
+ p = node->down;
+ while (p)
+ {
+ if (type_field (p->type) == ASN1_ETYPE_TAG)
+ {
+ if (p->type & CONST_APPLICATION)
+ class = ASN1_CLASS_APPLICATION;
+ else if (p->type & CONST_UNIVERSAL)
+ class = ASN1_CLASS_UNIVERSAL;
+ else if (p->type & CONST_PRIVATE)
+ class = ASN1_CLASS_PRIVATE;
+ else
+ class = ASN1_CLASS_CONTEXT_SPECIFIC;
+
+ if (p->type & CONST_EXPLICIT)
+ {
+ if (is_tag_implicit)
+ _asn1_tag_der (class_implicit, tag_implicit, tag_der,
+ &tag_len);
+ else
+ _asn1_tag_der (class | ASN1_CLASS_STRUCTURED,
+ _asn1_strtoul (p->value, NULL, 10),
+ tag_der, &tag_len);
+
+ *max_len -= tag_len;
+ if (der && *max_len >= 0)
+ memcpy (der + *counter, tag_der, tag_len);
+ *counter += tag_len;
+
+ _asn1_ltostr (*counter, (char *) temp);
+ _asn1_set_name (p, (const char *) temp);
+
+ is_tag_implicit = 0;
+ }
+ else
+ { /* CONST_IMPLICIT */
+ if (!is_tag_implicit)
+ {
+ if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) ||
+ (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF)
+ || (type_field (node->type) == ASN1_ETYPE_SET)
+ || (type_field (node->type) == ASN1_ETYPE_SET_OF))
+ class |= ASN1_CLASS_STRUCTURED;
+ class_implicit = class;
+ tag_implicit = _asn1_strtoul (p->value, NULL, 10);
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->right;
+ }
+ }
+
+ if (is_tag_implicit)
+ {
+ _asn1_tag_der (class_implicit, tag_implicit, tag_der, &tag_len);
+ }
+ else
+ {
+ unsigned type = type_field (node->type);
+ switch (type)
+ {
+ CASE_HANDLED_ETYPES:
+ _asn1_tag_der (_asn1_tags[type].class, _asn1_tags[type].tag,
+ tag_der, &tag_len);
+ break;
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_ANY:
+ tag_len = 0;
+ break;
+ default:
+ return ASN1_GENERIC_ERROR;
+ }
+ }
+
+ *max_len -= tag_len;
+ if (der && *max_len >= 0)
+ memcpy (der + *counter, tag_der, tag_len);
+ *counter += tag_len;
+
+ if (*max_len < 0)
+ return ASN1_MEM_ERROR;
+
+ return ASN1_SUCCESS;
+}
+
+/******************************************************/
+/* Function : _asn1_ordering_set */
+/* Description: puts the elements of a SET type in */
+/* the correct order according to DER rules. */
+/* Parameters: */
+/* der: string with the DER coding. */
+/* node: pointer to the SET element. */
+/* Return: */
+/* ASN1_SUCCESS if successful */
+/* or an error value. */
+/******************************************************/
+static int
+_asn1_ordering_set (unsigned char *der, int der_len, asn1_node node)
+{
+ struct vet
+ {
+ int end;
+ unsigned long value;
+ struct vet *next, *prev;
+ };
+
+ int counter, len, len2;
+ struct vet *first, *last, *p_vet, *p2_vet;
+ asn1_node p;
+ unsigned char class, *temp;
+ unsigned long tag, t;
+ int err;
+
+ counter = 0;
+
+ if (type_field (node->type) != ASN1_ETYPE_SET)
+ return ASN1_VALUE_NOT_VALID;
+
+ p = node->down;
+ while (p && ((type_field (p->type) == ASN1_ETYPE_TAG) ||
+ (type_field (p->type) == ASN1_ETYPE_SIZE)))
+ p = p->right;
+
+ if ((p == NULL) || (p->right == NULL))
+ return ASN1_SUCCESS;
+
+ first = last = NULL;
+ while (p)
+ {
+ p_vet = malloc (sizeof (struct vet));
+ if (p_vet == NULL)
+ {
+ err = ASN1_MEM_ALLOC_ERROR;
+ goto error;
+ }
+
+ p_vet->next = NULL;
+ p_vet->prev = last;
+ if (first == NULL)
+ first = p_vet;
+ else
+ last->next = p_vet;
+ last = p_vet;
+
+ /* tag value calculation */
+ err = asn1_get_tag_der (der + counter, der_len - counter, &class, &len2,
+ &tag);
+ if (err != ASN1_SUCCESS)
+ goto error;
+
+ t = ((unsigned int)class) << 24;
+ p_vet->value = t | tag;
+ counter += len2;
+
+ /* extraction and length */
+ len2 = asn1_get_length_der (der + counter, der_len - counter, &len);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ counter += len + len2;
+
+ p_vet->end = counter;
+ p = p->right;
+ }
+
+ p_vet = first;
+
+ while (p_vet)
+ {
+ p2_vet = p_vet->next;
+ counter = 0;
+ while (p2_vet)
+ {
+ if (p_vet->value > p2_vet->value)
+ {
+ /* change position */
+ temp = malloc (p_vet->end - counter);
+ if (temp == NULL)
+ {
+ err = ASN1_MEM_ALLOC_ERROR;
+ goto error;
+ }
+
+ memcpy (temp, der + counter, p_vet->end - counter);
+ memcpy (der + counter, der + p_vet->end,
+ p2_vet->end - p_vet->end);
+ memcpy (der + counter + p2_vet->end - p_vet->end, temp,
+ p_vet->end - counter);
+ free (temp);
+
+ tag = p_vet->value;
+ p_vet->value = p2_vet->value;
+ p2_vet->value = tag;
+
+ p_vet->end = counter + (p2_vet->end - p_vet->end);
+ }
+ counter = p_vet->end;
+
+ p2_vet = p2_vet->next;
+ p_vet = p_vet->next;
+ }
+
+ if (p_vet != first)
+ p_vet->prev->next = NULL;
+ else
+ first = NULL;
+ free (p_vet);
+ p_vet = first;
+ }
+ return ASN1_SUCCESS;
+
+error:
+ while (first != NULL)
+ {
+ p_vet = first;
+ first = first->next;
+ free(p_vet);
+ }
+ return err;
+}
+
+struct vet
+{
+ unsigned char *ptr;
+ int size;
+};
+
+static int setof_compar(const void *_e1, const void *_e2)
+{
+ unsigned length;
+ const struct vet *e1 = _e1, *e2 = _e2;
+ int rval;
+
+ /* The encodings of the component values of a set-of value shall
+ * appear in ascending order, the encodings being compared
+ * as octet strings with the shorter components being
+ * padded at their trailing end with 0-octets.
+ * The padding octets are for comparison purposes and
+ * do not appear in the encodings.
+ */
+ length = MIN(e1->size, e2->size);
+
+ rval = memcmp(e1->ptr, e2->ptr, length);
+ if (rval == 0 && e1->size != e2->size)
+ {
+ if (e1->size > e2->size)
+ rval = 1;
+ else if (e2->size > e1->size)
+ rval = -1;
+ }
+
+ return rval;
+}
+
+/******************************************************/
+/* Function : _asn1_ordering_set_of */
+/* Description: puts the elements of a SET OF type in */
+/* the correct order according to DER rules. */
+/* Parameters: */
+/* der: string with the DER coding. */
+/* node: pointer to the SET OF element. */
+/* Return: */
+/* ASN1_SUCCESS if successful */
+/* or an error value. */
+/******************************************************/
+static int
+_asn1_ordering_set_of (unsigned char *der, int der_len, asn1_node node)
+{
+ int counter, len, len2;
+ struct vet *list = NULL, *tlist;
+ unsigned list_size = 0;
+ struct vet *p_vet;
+ asn1_node p;
+ unsigned char class;
+ unsigned i;
+ unsigned char *out = NULL;
+ int err;
+
+ if (der == NULL)
+ return ASN1_VALUE_NOT_VALID;
+
+ counter = 0;
+
+ if (type_field (node->type) != ASN1_ETYPE_SET_OF)
+ return ASN1_VALUE_NOT_VALID;
+
+ p = node->down;
+ while (p && ((type_field (p->type) == ASN1_ETYPE_TAG) ||
+ (type_field (p->type) == ASN1_ETYPE_SIZE)))
+ p = p->right;
+ if (p == NULL)
+ return ASN1_VALUE_NOT_VALID;
+ p = p->right;
+
+ if ((p == NULL) || (p->right == NULL))
+ return ASN1_SUCCESS;
+
+ while (p)
+ {
+ list_size++;
+ tlist = realloc (list, list_size*sizeof(struct vet));
+ if (tlist == NULL)
+ {
+ err = ASN1_MEM_ALLOC_ERROR;
+ goto error;
+ }
+ list = tlist;
+ p_vet = &list[list_size-1];
+
+ p_vet->ptr = der+counter;
+ p_vet->size = 0;
+
+ /* extraction of tag and length */
+ if (der_len - counter > 0)
+ {
+ err = asn1_get_tag_der (der + counter, der_len - counter, &class,
+ &len, NULL);
+ if (err != ASN1_SUCCESS)
+ goto error;
+ counter += len;
+ p_vet->size += len;
+
+ len2 = asn1_get_length_der (der + counter, der_len - counter, &len);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ counter += len + len2;
+ p_vet->size += len + len2;
+
+ }
+ else
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ p = p->right;
+ }
+
+ if (counter > der_len)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+
+ qsort(list, list_size, sizeof(struct vet), setof_compar);
+
+ out = malloc(der_len);
+ if (out == NULL)
+ {
+ err = ASN1_MEM_ERROR;
+ goto error;
+ }
+
+ /* the sum of p_vet->size == der_len */
+ counter = 0;
+ for (i = 0; i < list_size; i++)
+ {
+ p_vet = &list[i];
+ memcpy(out+counter, p_vet->ptr, p_vet->size);
+ counter += p_vet->size;
+ }
+ memcpy(der, out, der_len);
+ free(out);
+
+ err = ASN1_SUCCESS;
+
+error:
+ free(list);
+ return err;
+}
+
+/**
+ * asn1_der_coding:
+ * @element: pointer to an ASN1 element
+ * @name: the name of the structure you want to encode (it must be
+ * inside *POINTER).
+ * @ider: vector that will contain the DER encoding. DER must be a
+ * pointer to memory cells already allocated.
+ * @len: number of bytes of *@ider: @ider[0]..@ider[len-1], Initialy
+ * holds the sizeof of der vector.
+ * @ErrorDescription: return the error description or an empty
+ * string if success.
+ *
+ * Creates the DER encoding for the NAME structure (inside *POINTER
+ * structure).
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND
+ * if @name is not a valid element, %ASN1_VALUE_NOT_FOUND if there
+ * is an element without a value, %ASN1_MEM_ERROR if the @ider
+ * vector isn't big enough and in this case @len will contain the
+ * length needed.
+ **/
+int
+asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len,
+ char *ErrorDescription)
+{
+ asn1_node node, p, p2;
+ unsigned char temp[MAX(LTOSTR_MAX_SIZE, SIZEOF_UNSIGNED_LONG_INT * 3 + 1)];
+ int counter, counter_old, len2, len3, move, max_len, max_len_old;
+ int err;
+ unsigned char *der = ider;
+
+ if (ErrorDescription)
+ ErrorDescription[0] = 0;
+
+ node = asn1_find_node (element, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ /* Node is now a locally allocated variable.
+ * That is because in some point we modify the
+ * structure, and I don't know why! --nmav
+ */
+ node = _asn1_copy_structure3 (node);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ max_len = *len;
+
+ if (der == NULL && max_len > 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+
+ while (1)
+ {
+
+ counter_old = counter;
+ max_len_old = max_len;
+ if (move != UP)
+ {
+ p->start = counter;
+ err = _asn1_insert_tag_der (p, der, &counter, &max_len);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+ }
+ switch (type_field (p->type))
+ {
+ case ASN1_ETYPE_NULL:
+ max_len--;
+ if (der != NULL && max_len >= 0)
+ der[counter] = 0;
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if ((p->type & CONST_DEFAULT) && (p->value == NULL))
+ {
+ counter = counter_old;
+ max_len = max_len_old;
+ }
+ else
+ {
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ max_len -= 2;
+ if (der != NULL && max_len >= 0)
+ {
+ der[counter++] = 1;
+ if (p->value[0] == 'F')
+ der[counter++] = 0;
+ else
+ der[counter++] = 0xFF;
+ }
+ else
+ counter += 2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if ((p->type & CONST_DEFAULT) && (p->value == NULL))
+ {
+ counter = counter_old;
+ max_len = max_len_old;
+ }
+ else
+ {
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (der != NULL && max_len >= 0)
+ memcpy (der + counter, p->value, len3 + len2);
+ counter += len3 + len2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if ((p->type & CONST_DEFAULT) && (p->value == NULL))
+ {
+ counter = counter_old;
+ max_len = max_len_old;
+ }
+ else
+ {
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = max_len;
+ err = _asn1_object_id_der ((char*)p->value, der + counter, &len2);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+
+ max_len -= len2;
+ counter += len2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = max_len;
+ err = _asn1_time_der (p->value, p->value_len, der + counter, &len2);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+
+ max_len -= len2;
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (der != NULL && max_len >= 0)
+ memcpy (der + counter, p->value, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move != UP)
+ {
+ p->tmp_ival = counter;
+ if (p->down == NULL)
+ {
+ move = UP;
+ continue;
+ }
+ else
+ {
+ p2 = p->down;
+ while (p2 && (type_field (p2->type) == ASN1_ETYPE_TAG))
+ p2 = p2->right;
+ if (p2)
+ {
+ p = p2;
+ move = RIGHT;
+ continue;
+ }
+ move = UP;
+ continue;
+ }
+ }
+ else
+ { /* move==UP */
+ len2 = p->tmp_ival;
+ p->tmp_ival = 0;
+ if ((type_field (p->type) == ASN1_ETYPE_SET) && (max_len >= 0))
+ {
+ err = _asn1_ordering_set (der + len2, counter - len2, p);
+ if (err != ASN1_SUCCESS)
+ goto error;
+ }
+ asn1_length_der (counter - len2, temp, &len3);
+ max_len -= len3;
+ if (der != NULL && max_len >= 0)
+ {
+ memmove (der + len2 + len3, der + len2, counter - len2);
+ memcpy (der + len2, temp, len3);
+ }
+ counter += len3;
+ move = RIGHT;
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move != UP)
+ {
+ p->tmp_ival = counter;
+ p = p->down;
+ while ((type_field (p->type) == ASN1_ETYPE_TAG)
+ || (type_field (p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+ if (p->right)
+ {
+ p = p->right;
+ move = RIGHT;
+ continue;
+ }
+ else
+ p = _asn1_find_up (p);
+ move = UP;
+ }
+ if (move == UP)
+ {
+ len2 = p->tmp_ival;
+ p->tmp_ival = 0;
+ if ((type_field (p->type) == ASN1_ETYPE_SET_OF)
+ && (counter - len2 > 0) && (max_len >= 0))
+ {
+ err = _asn1_ordering_set_of (der + len2, counter - len2, p);
+ if (err != ASN1_SUCCESS)
+ goto error;
+ }
+ asn1_length_der (counter - len2, temp, &len3);
+ max_len -= len3;
+ if (der != NULL && max_len >= 0)
+ {
+ memmove (der + len2 + len3, der + len2, counter - len2);
+ memcpy (der + len2, temp, len3);
+ }
+ counter += len3;
+ move = RIGHT;
+ }
+ break;
+ case ASN1_ETYPE_ANY:
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2;
+ if (der != NULL && max_len >= 0)
+ memcpy (der + counter, p->value + len3, len2);
+ counter += len2;
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
+ }
+
+ if ((move != DOWN) && (counter != counter_old))
+ {
+ p->end = counter - 1;
+ err = _asn1_complete_explicit_tag (p, der, &counter, &max_len);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+ }
+
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ *len = counter;
+
+ if (max_len < 0)
+ {
+ err = ASN1_MEM_ERROR;
+ goto error;
+ }
+
+ err = ASN1_SUCCESS;
+
+error:
+ asn1_delete_structure (&node);
+ return err;
+}
+
+#endif
\ No newline at end of file
diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c
new file mode 100644
index 0000000000..7856858b27
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/decoding.c
@@ -0,0 +1,2481 @@
+/*
+ * Copyright (C) 2002-2016 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+
+/*****************************************************/
+/* File: decoding.c */
+/* Description: Functions to manage DER decoding */
+/*****************************************************/
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#define c_isdigit grub_isdigit
+
+#ifdef DEBUG
+# define warn() fprintf(stderr, "%s: %d\n", __func__, __LINE__)
+#else
+# define warn()
+#endif
+
+#define IS_ERR(len, flags) (len < -1 || ((flags & ASN1_DECODE_FLAG_STRICT_DER) && len < 0))
+
+#define HAVE_TWO(x) (x>=2?1:0)
+
+/* Decoding flags (dflags) used in several decoding functions.
+ * DECODE_FLAG_HAVE_TAG: The provided buffer includes a tag
+ * DECODE_FLAG_CONSTRUCTED: The provided buffer is of indefinite encoding (useful
+ * when no tags are present).
+ * DECODE_FLAG_LEVEL1: Internal flag to indicate a level of recursion for BER strings.
+ * DECODE_FLAG_LEVEL2: Internal flag to indicate two levels of recursion for BER strings.
+ * DECODE_FLAG_LEVEL3: Internal flag to indicate three levels of recursion for BER strings.
+ * This is the maximum levels of recursion possible to prevent stack
+ * exhaustion.
+ */
+
+#define DECODE_FLAG_HAVE_TAG 1
+#define DECODE_FLAG_CONSTRUCTED (1<<1)
+#define DECODE_FLAG_LEVEL1 (1<<2)
+#define DECODE_FLAG_LEVEL2 (1<<3)
+#define DECODE_FLAG_LEVEL3 (1<<4)
+
+#define DECR_LEN(l, s) do { \
+ l -= s; \
+ if (l < 0) { \
+ warn(); \
+ result = ASN1_DER_ERROR; \
+ goto cleanup; \
+ } \
+ } while (0)
+
+static int
+_asn1_get_indefinite_length_string (const unsigned char *der, int der_len, int *len);
+
+static int
+_asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
+ unsigned int _der_len, unsigned char **str,
+ unsigned int *str_len, unsigned int *ber_len,
+ unsigned dflags);
+
+static int
+_asn1_decode_simple_der (unsigned int etype, const unsigned char *der,
+ unsigned int _der_len, const unsigned char **str,
+ unsigned int *str_len, unsigned dflags);
+
+static void
+_asn1_error_description_tag_error (asn1_node node, char *ErrorDescription)
+{
+
+ Estrcpy (ErrorDescription, ":: tag error near element '");
+ _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription),
+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
+ Estrcat (ErrorDescription, "'");
+
+}
+
+/**
+ * asn1_get_length_der:
+ * @der: DER data to decode.
+ * @der_len: Length of DER data to decode.
+ * @len: Output variable containing the length of the DER length field.
+ *
+ * Extract a length field from DER data.
+ *
+ * Returns: Return the decoded length value, or -1 on indefinite
+ * length, or -2 when the value was too big to fit in a int, or -4
+ * when the decoded length value plus @len would exceed @der_len.
+ **/
+long
+asn1_get_length_der (const unsigned char *der, int der_len, int *len)
+{
+ unsigned int ans;
+ int k, punt, sum;
+
+ *len = 0;
+ if (der_len <= 0)
+ return 0;
+
+ if (!(der[0] & 128))
+ {
+ /* short form */
+ *len = 1;
+ ans = der[0];
+ }
+ else
+ {
+ /* Long form */
+ k = der[0] & 0x7F;
+ punt = 1;
+ if (k)
+ { /* definite length method */
+ ans = 0;
+ while (punt <= k && punt < der_len)
+ {
+ if (INT_MULTIPLY_OVERFLOW (ans, 256))
+ return -2;
+ ans *= 256;
+
+ if (INT_ADD_OVERFLOW (ans, ((unsigned) der[punt])))
+ return -2;
+ ans += der[punt];
+ punt++;
+ }
+ }
+ else
+ { /* indefinite length method */
+ *len = punt;
+ return -1;
+ }
+
+ *len = punt;
+ }
+
+ sum = ans;
+ if (ans >= INT_MAX || INT_ADD_OVERFLOW (sum, (*len)))
+ return -2;
+ sum += *len;
+
+ if (sum > der_len)
+ return -4;
+
+ return ans;
+}
+
+/**
+ * asn1_get_tag_der:
+ * @der: DER data to decode.
+ * @der_len: Length of DER data to decode.
+ * @cls: Output variable containing decoded class.
+ * @len: Output variable containing the length of the DER TAG data.
+ * @tag: Output variable containing the decoded tag (may be %NULL).
+ *
+ * Decode the class and TAG from DER code.
+ *
+ * Returns: Returns %ASN1_SUCCESS on success, or an error.
+ **/
+int
+asn1_get_tag_der (const unsigned char *der, int der_len,
+ unsigned char *cls, int *len, unsigned long *tag)
+{
+ unsigned int ris;
+ int punt;
+
+ if (der == NULL || der_len < 2 || len == NULL)
+ return ASN1_DER_ERROR;
+
+ *cls = der[0] & 0xE0;
+ if ((der[0] & 0x1F) != 0x1F)
+ {
+ /* short form */
+ *len = 1;
+ ris = der[0] & 0x1F;
+ }
+ else
+ {
+ /* Long form */
+ punt = 1;
+ ris = 0;
+ while (punt < der_len && der[punt] & 128)
+ {
+
+ if (INT_MULTIPLY_OVERFLOW (ris, 128))
+ return ASN1_DER_ERROR;
+ ris *= 128;
+
+ if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F))))
+ return ASN1_DER_ERROR;
+ ris += (der[punt] & 0x7F);
+ punt++;
+ }
+
+ if (punt >= der_len)
+ return ASN1_DER_ERROR;
+
+ if (INT_MULTIPLY_OVERFLOW (ris, 128))
+ return ASN1_DER_ERROR;
+ ris *= 128;
+
+ if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F))))
+ return ASN1_DER_ERROR;
+ ris += (der[punt] & 0x7F);
+ punt++;
+
+ *len = punt;
+ }
+
+ if (tag)
+ *tag = ris;
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_get_length_ber:
+ * @ber: BER data to decode.
+ * @ber_len: Length of BER data to decode.
+ * @len: Output variable containing the length of the BER length field.
+ *
+ * Extract a length field from BER data. The difference to
+ * asn1_get_length_der() is that this function will return a length
+ * even if the value has indefinite encoding.
+ *
+ * Returns: Return the decoded length value, or negative value when
+ * the value was too big.
+ *
+ * Since: 2.0
+ **/
+long
+asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len)
+{
+ int ret;
+ long err;
+
+ ret = asn1_get_length_der (ber, ber_len, len);
+
+ if (ret == -1 && ber_len > 1)
+ { /* indefinite length method */
+ err = _asn1_get_indefinite_length_string (ber + 1, ber_len-1, &ret);
+ if (err != ASN1_SUCCESS)
+ return -3;
+ }
+
+ return ret;
+}
+
+/**
+ * asn1_get_octet_der:
+ * @der: DER data to decode containing the OCTET SEQUENCE.
+ * @der_len: The length of the @der data to decode.
+ * @ret_len: Output variable containing the encoded length of the DER data.
+ * @str: Pre-allocated output buffer to put decoded OCTET SEQUENCE in.
+ * @str_size: Length of pre-allocated output buffer.
+ * @str_len: Output variable containing the length of the contents of the OCTET SEQUENCE.
+ *
+ * Extract an OCTET SEQUENCE from DER data. Note that this function
+ * expects the DER data past the tag field, i.e., the length and
+ * content octets.
+ *
+ * Returns: Returns %ASN1_SUCCESS on success, or an error.
+ **/
+int
+asn1_get_octet_der (const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str, int str_size,
+ int *str_len)
+{
+ int len_len = 0;
+
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+ *str_len = asn1_get_length_der (der, der_len, &len_len);
+
+ if (*str_len < 0)
+ return ASN1_DER_ERROR;
+
+ *ret_len = *str_len + len_len;
+ if (str_size >= *str_len)
+ {
+ if (*str_len > 0 && str != NULL)
+ memcpy (str, der + len_len, *str_len);
+ }
+ else
+ {
+ return ASN1_MEM_ERROR;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/*-
+ * _asn1_get_time_der:
+ * @type: %ASN1_ETYPE_GENERALIZED_TIME or %ASN1_ETYPE_UTC_TIME
+ * @der: DER data to decode containing the time
+ * @der_len: Length of DER data to decode.
+ * @ret_len: Output variable containing the length of the DER data.
+ * @str: Pre-allocated output buffer to put the textual time in.
+ * @str_size: Length of pre-allocated output buffer.
+ * @flags: Zero or %ASN1_DECODE_FLAG_STRICT_DER
+ *
+ * Performs basic checks in the DER encoded time object and returns its textual form.
+ * The textual form will be in the YYYYMMDD000000Z format for GeneralizedTime
+ * and YYMMDD000000Z for UTCTime.
+ *
+ * Returns: %ASN1_SUCCESS on success, or an error.
+ -*/
+static int
+_asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *ret_len,
+ char *str, int str_size, unsigned flags)
+{
+ int len_len, str_len;
+ unsigned i;
+ unsigned sign_count = 0;
+ unsigned dot_count = 0;
+ const unsigned char *p;
+
+ if (der_len <= 0 || str == NULL)
+ return ASN1_DER_ERROR;
+
+ str_len = asn1_get_length_der (der, der_len, &len_len);
+ if (str_len <= 0 || str_size < str_len)
+ return ASN1_DER_ERROR;
+
+ /* perform some sanity checks on the data */
+ if (str_len < 8)
+ {
+ warn();
+ return ASN1_TIME_ENCODING_ERROR;
+ }
+
+ if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME))
+ {
+ p = &der[len_len];
+ for (i=0;i<(unsigned)(str_len-1);i++)
+ {
+ if (c_isdigit(p[i]) == 0)
+ {
+ if (type == ASN1_ETYPE_GENERALIZED_TIME)
+ {
+ /* tolerate lax encodings */
+ if (p[i] == '.' && dot_count == 0)
+ {
+ dot_count++;
+ continue;
+ }
+
+ /* This is not really valid DER, but there are
+ * structures using that */
+ if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) &&
+ (p[i] == '+' || p[i] == '-') && sign_count == 0)
+ {
+ sign_count++;
+ continue;
+ }
+ }
+
+ warn();
+ return ASN1_TIME_ENCODING_ERROR;
+ }
+ }
+
+ if (sign_count == 0 && p[str_len-1] != 'Z')
+ {
+ warn();
+ return ASN1_TIME_ENCODING_ERROR;
+ }
+ }
+ memcpy (str, der + len_len, str_len);
+ str[str_len] = 0;
+ *ret_len = str_len + len_len;
+
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_get_object_id_der:
+ * @der: DER data to decode containing the OBJECT IDENTIFIER
+ * @der_len: Length of DER data to decode.
+ * @ret_len: Output variable containing the length of the DER data.
+ * @str: Pre-allocated output buffer to put the textual object id in.
+ * @str_size: Length of pre-allocated output buffer.
+ *
+ * Converts a DER encoded object identifier to its textual form. This
+ * function expects the DER object identifier without the tag.
+ *
+ * Returns: %ASN1_SUCCESS on success, or an error.
+ **/
+int
+asn1_get_object_id_der (const unsigned char *der, int der_len, int *ret_len,
+ char *str, int str_size)
+{
+ int len_len, len, k;
+ int leading, parsed;
+ char temp[LTOSTR_MAX_SIZE];
+ uint64_t val, val1, val0;
+
+ *ret_len = 0;
+ if (str && str_size > 0)
+ str[0] = 0; /* no oid */
+
+ if (str == NULL || der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+ len = asn1_get_length_der (der, der_len, &len_len);
+
+ if (len <= 0 || len + len_len > der_len)
+ return ASN1_DER_ERROR;
+
+ /* leading octet can never be 0x80 */
+ if (der[len_len] == 0x80)
+ return ASN1_DER_ERROR;
+
+ val0 = 0;
+
+ for (k = 0; k < len; k++)
+ {
+ if (INT_LEFT_SHIFT_OVERFLOW (val0, 7))
+ return ASN1_DER_ERROR;
+
+ val0 <<= 7;
+ val0 |= der[len_len + k] & 0x7F;
+ if (!(der[len_len + k] & 0x80))
+ break;
+ }
+ parsed = ++k;
+
+ /* val0 = (X*40) + Y, X={0,1,2}, Y<=39 when X={0,1} */
+ /* X = val, Y = val1 */
+
+ /* check if X == 0 */
+ val = 0;
+ val1 = val0;
+ if (val1 > 39)
+ {
+ val = 1;
+ val1 = val0 - 40;
+ if (val1 > 39)
+ {
+ val = 2;
+ val1 = val0 - 80;
+ }
+ }
+
+ _asn1_str_cpy (str, str_size, _asn1_ltostr (val, temp));
+ _asn1_str_cat (str, str_size, ".");
+ _asn1_str_cat (str, str_size, _asn1_ltostr (val1, temp));
+
+ val = 0;
+ leading = 1;
+ for (k = parsed; k < len; k++)
+ {
+ /* X.690 mandates that the leading byte must never be 0x80
+ */
+ if (leading != 0 && der[len_len + k] == 0x80)
+ return ASN1_DER_ERROR;
+ leading = 0;
+
+ /* check for wrap around */
+ if (INT_LEFT_SHIFT_OVERFLOW (val, 7))
+ return ASN1_DER_ERROR;
+
+ val = val << 7;
+ val |= der[len_len + k] & 0x7F;
+
+ if (!(der[len_len + k] & 0x80))
+ {
+ _asn1_str_cat (str, str_size, ".");
+ _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp));
+ val = 0;
+ leading = 1;
+ }
+ }
+
+ if (INT_ADD_OVERFLOW (len, len_len))
+ return ASN1_DER_ERROR;
+
+ *ret_len = len + len_len;
+
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_get_bit_der:
+ * @der: DER data to decode containing the BIT SEQUENCE.
+ * @der_len: Length of DER data to decode.
+ * @ret_len: Output variable containing the length of the DER data.
+ * @str: Pre-allocated output buffer to put decoded BIT SEQUENCE in.
+ * @str_size: Length of pre-allocated output buffer.
+ * @bit_len: Output variable containing the size of the BIT SEQUENCE.
+ *
+ * Extract a BIT SEQUENCE from DER data.
+ *
+ * Returns: %ASN1_SUCCESS on success, or an error.
+ **/
+int
+asn1_get_bit_der (const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str, int str_size,
+ int *bit_len)
+{
+ int len_len = 0, len_byte;
+
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+ len_byte = asn1_get_length_der (der, der_len, &len_len) - 1;
+ if (len_byte < 0)
+ return ASN1_DER_ERROR;
+
+ *ret_len = len_byte + len_len + 1;
+ *bit_len = len_byte * 8 - der[len_len];
+
+ if (*bit_len < 0)
+ return ASN1_DER_ERROR;
+
+ if (str_size >= len_byte)
+ {
+ if (len_byte > 0 && str)
+ memcpy (str, der + len_len + 1, len_byte);
+ }
+ else
+ {
+ return ASN1_MEM_ERROR;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+/* tag_len: the total tag length (explicit+inner)
+ * inner_tag_len: the inner_tag length
+ */
+static int
+_asn1_extract_tag_der (asn1_node node, const unsigned char *der, int der_len,
+ int *tag_len, int *inner_tag_len, unsigned flags)
+{
+ asn1_node p;
+ int counter, len2, len3, is_tag_implicit;
+ int result;
+ unsigned long tag, tag_implicit = 0;
+ unsigned char class, class2, class_implicit = 0;
+
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+ counter = is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG)
+ {
+ p = node->down;
+ while (p)
+ {
+ if (type_field (p->type) == ASN1_ETYPE_TAG)
+ {
+ if (p->type & CONST_APPLICATION)
+ class2 = ASN1_CLASS_APPLICATION;
+ else if (p->type & CONST_UNIVERSAL)
+ class2 = ASN1_CLASS_UNIVERSAL;
+ else if (p->type & CONST_PRIVATE)
+ class2 = ASN1_CLASS_PRIVATE;
+ else
+ class2 = ASN1_CLASS_CONTEXT_SPECIFIC;
+
+ if (p->type & CONST_EXPLICIT)
+ {
+ if (asn1_get_tag_der
+ (der + counter, der_len, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+
+ DECR_LEN(der_len, len2);
+ counter += len2;
+
+ if (flags & ASN1_DECODE_FLAG_STRICT_DER)
+ len3 =
+ asn1_get_length_der (der + counter, der_len,
+ &len2);
+ else
+ len3 =
+ asn1_get_length_ber (der + counter, der_len,
+ &len2);
+ if (len3 < 0)
+ return ASN1_DER_ERROR;
+
+ DECR_LEN(der_len, len2);
+ counter += len2;
+
+ if (!is_tag_implicit)
+ {
+ if ((class != (class2 | ASN1_CLASS_STRUCTURED)) ||
+ (tag != strtoul ((char *) p->value, NULL, 10)))
+ return ASN1_TAG_ERROR;
+ }
+ else
+ { /* ASN1_TAG_IMPLICIT */
+ if ((class != class_implicit) || (tag != tag_implicit))
+ return ASN1_TAG_ERROR;
+ }
+ is_tag_implicit = 0;
+ }
+ else
+ { /* ASN1_TAG_IMPLICIT */
+ if (!is_tag_implicit)
+ {
+ if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) ||
+ (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF)
+ || (type_field (node->type) == ASN1_ETYPE_SET)
+ || (type_field (node->type) == ASN1_ETYPE_SET_OF))
+ class2 |= ASN1_CLASS_STRUCTURED;
+ class_implicit = class2;
+ tag_implicit = strtoul ((char *) p->value, NULL, 10);
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->right;
+ }
+ }
+
+ if (is_tag_implicit)
+ {
+ if (asn1_get_tag_der
+ (der + counter, der_len, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+
+ DECR_LEN(der_len, len2);
+
+ if ((class != class_implicit) || (tag != tag_implicit))
+ {
+ if (type_field (node->type) == ASN1_ETYPE_OCTET_STRING)
+ {
+ class_implicit |= ASN1_CLASS_STRUCTURED;
+ if ((class != class_implicit) || (tag != tag_implicit))
+ return ASN1_TAG_ERROR;
+ }
+ else
+ return ASN1_TAG_ERROR;
+ }
+ }
+ else
+ {
+ unsigned type = type_field (node->type);
+ if (type == ASN1_ETYPE_TAG)
+ {
+ *tag_len = 0;
+ if (inner_tag_len)
+ *inner_tag_len = 0;
+ return ASN1_SUCCESS;
+ }
+
+ if (asn1_get_tag_der
+ (der + counter, der_len, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+
+ DECR_LEN(der_len, len2);
+
+ switch (type)
+ {
+ case ASN1_ETYPE_NULL:
+ case ASN1_ETYPE_BOOLEAN:
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ case ASN1_ETYPE_OBJECT_ID:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET:
+ case ASN1_ETYPE_SET_OF:
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if ((class != _asn1_tags[type].class)
+ || (tag != _asn1_tags[type].tag))
+ return ASN1_DER_ERROR;
+ break;
+
+ case ASN1_ETYPE_OCTET_STRING:
+ /* OCTET STRING is handled differently to allow
+ * BER encodings (structured class). */
+ if (((class != ASN1_CLASS_UNIVERSAL)
+ && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)))
+ || (tag != ASN1_TAG_OCTET_STRING))
+ return ASN1_DER_ERROR;
+ break;
+ case ASN1_ETYPE_ANY:
+ counter -= len2;
+ break;
+ case ASN1_ETYPE_CHOICE:
+ counter -= len2;
+ break;
+ default:
+ return ASN1_DER_ERROR;
+ break;
+ }
+ }
+
+ counter += len2;
+ *tag_len = counter;
+ if (inner_tag_len)
+ *inner_tag_len = len2;
+ return ASN1_SUCCESS;
+
+cleanup:
+ return result;
+}
+
+static int
+extract_tag_der_recursive(asn1_node node, const unsigned char *der, int der_len,
+ int *ret_len, int *inner_len, unsigned flags)
+{
+asn1_node p;
+int ris = ASN1_DER_ERROR;
+
+ if (type_field (node->type) == ASN1_ETYPE_CHOICE)
+ {
+ p = node->down;
+ while (p)
+ {
+ ris = _asn1_extract_tag_der (p, der, der_len, ret_len, inner_len, flags);
+ if (ris == ASN1_SUCCESS)
+ break;
+ p = p->right;
+ }
+
+ *ret_len = 0;
+ return ris;
+ }
+ else
+ return _asn1_extract_tag_der (node, der, der_len, ret_len, inner_len, flags);
+}
+
+static int
+_asn1_delete_not_used (asn1_node node)
+{
+ asn1_node p, p2;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p)
+ {
+ if (p->type & CONST_NOT_USED)
+ {
+ p2 = NULL;
+ if (p != node)
+ {
+ p2 = _asn1_find_left (p);
+ if (!p2)
+ p2 = _asn1_find_up (p);
+ }
+ asn1_delete_structure (&p);
+ p = p2;
+ }
+
+ if (!p)
+ break; /* reach node */
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else
+ {
+ if (p == node)
+ p = NULL;
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == node)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+ }
+ return ASN1_SUCCESS;
+}
+
+static int
+_asn1_get_indefinite_length_string (const unsigned char *der,
+ int der_len, int *len)
+{
+ int len2, len3, counter, indefinite;
+ int result;
+ unsigned long tag;
+ unsigned char class;
+
+ counter = indefinite = 0;
+
+ while (1)
+ {
+ if (HAVE_TWO(der_len) && (der[counter] == 0) && (der[counter + 1] == 0))
+ {
+ counter += 2;
+ DECR_LEN(der_len, 2);
+
+ indefinite--;
+ if (indefinite <= 0)
+ break;
+ else
+ continue;
+ }
+
+ if (asn1_get_tag_der
+ (der + counter, der_len, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+
+ DECR_LEN(der_len, len2);
+ counter += len2;
+
+ len2 = asn1_get_length_der (der + counter, der_len, &len3);
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
+
+ if (len2 == -1)
+ {
+ indefinite++;
+ counter += 1;
+ DECR_LEN(der_len, 1);
+ }
+ else
+ {
+ counter += len2 + len3;
+ DECR_LEN(der_len, len2+len3);
+ }
+ }
+
+ *len = counter;
+ return ASN1_SUCCESS;
+
+cleanup:
+ return result;
+}
+
+static void delete_unneeded_choice_fields(asn1_node p)
+{
+ asn1_node p2;
+
+ while (p->right)
+ {
+ p2 = p->right;
+ asn1_delete_structure (&p2);
+ }
+}
+
+
+/**
+ * asn1_der_decoding2
+ * @element: pointer to an ASN1 structure.
+ * @ider: vector that contains the DER encoding.
+ * @max_ider_len: pointer to an integer giving the information about the
+ * maximal number of bytes occupied by *@ider. The real size of the DER
+ * encoding is returned through this pointer.
+ * @flags: flags controlling the behaviour of the function.
+ * @errorDescription: null-terminated string contains details when an
+ * error occurred.
+ *
+ * Fill the structure *@element with values of a DER encoding string. The
+ * structure must just be created with function asn1_create_element().
+ *
+ * If %ASN1_DECODE_FLAG_ALLOW_PADDING flag is set then the function will ignore
+ * padding after the decoded DER data. Upon a successful return the value of
+ * *@max_ider_len will be set to the number of bytes decoded.
+ *
+ * If %ASN1_DECODE_FLAG_STRICT_DER flag is set then the function will
+ * not decode any BER-encoded elements.
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND
+ * if @ELEMENT is %NULL, and %ASN1_TAG_ERROR or
+ * %ASN1_DER_ERROR if the der encoding doesn't match the structure
+ * name (*@ELEMENT deleted).
+ **/
+int
+asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len,
+ unsigned int flags, char *errorDescription)
+{
+ asn1_node node, p, p2, p3;
+ char temp[128];
+ int counter, len2, len3, len4, move, ris, tlen;
+ struct node_tail_cache_st tcache = {NULL, NULL};
+ unsigned char class;
+ unsigned long tag;
+ int tag_len;
+ int indefinite, result, total_len = *max_ider_len, ider_len = *max_ider_len;
+ int inner_tag_len;
+ unsigned char *ptmp;
+ const unsigned char *ptag;
+ const unsigned char *der = ider;
+
+ node = *element;
+
+ if (errorDescription != NULL)
+ errorDescription[0] = 0;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (node->type & CONST_OPTION)
+ {
+ result = ASN1_GENERIC_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1)
+ {
+ tag_len = 0;
+ inner_tag_len = 0;
+ ris = ASN1_SUCCESS;
+ if (move != UP)
+ {
+ if (p->type & CONST_SET)
+ {
+ p2 = _asn1_find_up (p);
+ len2 = p2->tmp_ival;
+ if (len2 == -1)
+ {
+ if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1])
+ {
+ p = p2;
+ move = UP;
+ counter += 2;
+ DECR_LEN(ider_len, 2);
+ continue;
+ }
+ }
+ else if (counter == len2)
+ {
+ p = p2;
+ move = UP;
+ continue;
+ }
+ else if (counter > len2)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ p2 = p2->down;
+ while (p2)
+ {
+ if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
+ {
+ ris =
+ extract_tag_der_recursive (p2, der + counter,
+ ider_len, &len2, NULL, flags);
+ if (ris == ASN1_SUCCESS)
+ {
+ p2->type &= ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ }
+
+ /* the position in the DER structure this starts */
+ p->start = counter;
+ p->end = total_len - 1;
+
+ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
+ {
+ p2 = _asn1_find_up (p);
+ len2 = p2->tmp_ival;
+ if (counter == len2)
+ {
+ if (p->right)
+ {
+ p2 = p->right;
+ move = RIGHT;
+ }
+ else
+ move = UP;
+
+ if (p->type & CONST_OPTION)
+ asn1_delete_structure (&p);
+
+ p = p2;
+ continue;
+ }
+ }
+
+ if (type_field (p->type) == ASN1_ETYPE_CHOICE)
+ {
+ while (p->down)
+ {
+ ris =
+ extract_tag_der_recursive (p->down, der + counter,
+ ider_len, &len2, NULL, flags);
+
+ if (ris == ASN1_SUCCESS)
+ {
+ delete_unneeded_choice_fields(p->down);
+ break;
+ }
+ else if (ris == ASN1_ERROR_TYPE_ANY)
+ {
+ result = ASN1_ERROR_TYPE_ANY;
+ warn();
+ goto cleanup;
+ }
+ else
+ {
+ p2 = p->down;
+ asn1_delete_structure (&p2);
+ }
+ }
+
+ if (p->down == NULL)
+ {
+ if (!(p->type & CONST_OPTION))
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ }
+ else if (type_field (p->type) != ASN1_ETYPE_CHOICE)
+ p = p->down;
+
+ p->start = counter;
+ }
+
+ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
+ {
+ p2 = _asn1_find_up (p);
+ len2 = p2->tmp_ival;
+
+ if ((len2 != -1) && (counter > len2))
+ ris = ASN1_TAG_ERROR;
+ }
+
+ if (ris == ASN1_SUCCESS)
+ ris =
+ extract_tag_der_recursive (p, der + counter, ider_len,
+ &tag_len, &inner_tag_len, flags);
+
+ if (ris != ASN1_SUCCESS)
+ {
+ if (p->type & CONST_OPTION)
+ {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ }
+ else if (p->type & CONST_DEFAULT)
+ {
+ _asn1_set_value (p, NULL, 0);
+ move = RIGHT;
+ }
+ else
+ {
+ if (errorDescription != NULL)
+ _asn1_error_description_tag_error (p, errorDescription);
+
+ result = ASN1_TAG_ERROR;
+ warn();
+ goto cleanup;
+ }
+ }
+ else
+ {
+ DECR_LEN(ider_len, tag_len);
+ counter += tag_len;
+ }
+ }
+
+ if (ris == ASN1_SUCCESS)
+ {
+ switch (type_field (p->type))
+ {
+ case ASN1_ETYPE_NULL:
+ DECR_LEN(ider_len, 1);
+ if (der[counter])
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ DECR_LEN(ider_len, 2);
+
+ if (der[counter++] != 1)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ if (der[counter++] == 0)
+ _asn1_set_value (p, "F", 1);
+ else
+ _asn1_set_value (p, "T", 1);
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ len2 =
+ asn1_get_length_der (der + counter, ider_len, &len3);
+ if (len2 < 0)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len3+len2);
+
+ _asn1_set_value (p, der + counter, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ result =
+ asn1_get_object_id_der (der + counter, ider_len, &len2,
+ temp, sizeof (temp));
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len2);
+
+ tlen = strlen (temp);
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ result =
+ _asn1_get_time_der (type_field (p->type), der + counter, ider_len, &len2, temp,
+ sizeof (temp) - 1, flags);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len2);
+
+ tlen = strlen (temp);
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen);
+
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ if (counter < inner_tag_len)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ ptag = der + counter - inner_tag_len;
+ if ((flags & ASN1_DECODE_FLAG_STRICT_DER) || !(ptag[0] & ASN1_CLASS_STRUCTURED))
+ {
+ if (ptag[0] & ASN1_CLASS_STRUCTURED)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ len2 =
+ asn1_get_length_der (der + counter, ider_len, &len3);
+ if (len2 < 0)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len3+len2);
+
+ _asn1_set_value (p, der + counter, len3 + len2);
+ counter += len3 + len2;
+ }
+ else
+ {
+ unsigned dflags = 0, vlen, ber_len;
+
+ if (ptag[0] & ASN1_CLASS_STRUCTURED)
+ dflags |= DECODE_FLAG_CONSTRUCTED;
+
+ result = _asn1_decode_simple_ber(type_field (p->type), der+counter, ider_len, &ptmp, &vlen, &ber_len, dflags);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, ber_len);
+
+ _asn1_set_value_lv (p, ptmp, vlen);
+
+ counter += ber_len;
+ free(ptmp);
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der (der + counter, ider_len, &len3);
+ if (len2 < 0)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len3+len2);
+
+ _asn1_set_value (p, der + counter, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move == UP)
+ {
+ len2 = p->tmp_ival;
+ p->tmp_ival = 0;
+ if (len2 == -1)
+ { /* indefinite length method */
+ DECR_LEN(ider_len, 2);
+ if ((der[counter]) || der[counter + 1])
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ counter += 2;
+ }
+ else
+ { /* definite length method */
+ if (len2 != counter)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ }
+ move = RIGHT;
+ }
+ else
+ { /* move==DOWN || move==RIGHT */
+ len3 =
+ asn1_get_length_der (der + counter, ider_len, &len2);
+ if (IS_ERR(len3, flags))
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len2);
+ counter += len2;
+
+ if (len3 > 0)
+ {
+ p->tmp_ival = counter + len3;
+ move = DOWN;
+ }
+ else if (len3 == 0)
+ {
+ p2 = p->down;
+ while (p2)
+ {
+ if (type_field (p2->type) != ASN1_ETYPE_TAG)
+ {
+ p3 = p2->right;
+ asn1_delete_structure (&p2);
+ p2 = p3;
+ }
+ else
+ p2 = p2->right;
+ }
+ move = RIGHT;
+ }
+ else
+ { /* indefinite length method */
+ p->tmp_ival = -1;
+ move = DOWN;
+ }
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move == UP)
+ {
+ len2 = p->tmp_ival;
+ if (len2 == -1)
+ { /* indefinite length method */
+ if (!HAVE_TWO(ider_len) || ((der[counter]) || der[counter + 1]))
+ {
+ result = _asn1_append_sequence_set (p, &tcache);
+ if (result != 0)
+ {
+ warn();
+ goto cleanup;
+ }
+ p = tcache.tail;
+ move = RIGHT;
+ continue;
+ }
+
+ p->tmp_ival = 0;
+ tcache.tail = NULL; /* finished decoding this structure */
+ tcache.head = NULL;
+ DECR_LEN(ider_len, 2);
+ counter += 2;
+ }
+ else
+ { /* definite length method */
+ if (len2 > counter)
+ {
+ result = _asn1_append_sequence_set (p, &tcache);
+ if (result != 0)
+ {
+ warn();
+ goto cleanup;
+ }
+ p = tcache.tail;
+ move = RIGHT;
+ continue;
+ }
+
+ p->tmp_ival = 0;
+ tcache.tail = NULL; /* finished decoding this structure */
+ tcache.head = NULL;
+
+ if (len2 != counter)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ }
+ }
+ else
+ { /* move==DOWN || move==RIGHT */
+ len3 =
+ asn1_get_length_der (der + counter, ider_len, &len2);
+ if (IS_ERR(len3, flags))
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len2);
+ counter += len2;
+ if (len3)
+ {
+ if (len3 > 0)
+ { /* definite length method */
+ p->tmp_ival = counter + len3;
+ }
+ else
+ { /* indefinite length method */
+ p->tmp_ival = -1;
+ }
+
+ p2 = p->down;
+ if (p2 == NULL)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ while ((type_field (p2->type) == ASN1_ETYPE_TAG)
+ || (type_field (p2->type) == ASN1_ETYPE_SIZE))
+ p2 = p2->right;
+ if (p2->right == NULL)
+ {
+ result = _asn1_append_sequence_set (p, &tcache);
+ if (result != 0)
+ {
+ warn();
+ goto cleanup;
+ }
+ }
+ p = p2;
+ }
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_ANY:
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+
+ if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && (p->type & CONST_TAG) &&
+ tag_len == 2 && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ if (asn1_get_tag_der
+ (der + counter, ider_len, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len2);
+
+ len4 =
+ asn1_get_length_der (der + counter + len2,
+ ider_len, &len3);
+ if (IS_ERR(len4, flags))
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ if (len4 != -1) /* definite */
+ {
+ len2 += len4;
+
+ DECR_LEN(ider_len, len4+len3);
+ _asn1_set_value_lv (p, der + counter, len2 + len3);
+ counter += len2 + len3;
+ }
+ else /* == -1 */
+ { /* indefinite length */
+ ider_len += len2; /* undo DECR_LEN */
+
+ if (counter == 0)
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+
+ result =
+ _asn1_get_indefinite_length_string (der + counter, ider_len, &len2);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ DECR_LEN(ider_len, len2);
+ _asn1_set_value_lv (p, der + counter, len2);
+ counter += len2;
+
+ }
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite)
+ {
+ DECR_LEN(ider_len, 2);
+ if (!der[counter] && !der[counter + 1])
+ {
+ counter += 2;
+ }
+ else
+ {
+ result = ASN1_DER_ERROR;
+ warn();
+ goto cleanup;
+ }
+ }
+
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
+ }
+ }
+
+ if (p)
+ {
+ p->end = counter - 1;
+ }
+
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+ if ((move == RIGHT) && !(p->type & CONST_SET))
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ _asn1_delete_not_used (*element);
+
+ if ((ider_len < 0) ||
+ (!(flags & ASN1_DECODE_FLAG_ALLOW_PADDING) && (ider_len != 0)))
+ {
+ warn();
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ *max_ider_len = total_len - ider_len;
+
+ return ASN1_SUCCESS;
+
+cleanup:
+ asn1_delete_structure (element);
+ return result;
+}
+
+
+/**
+ * asn1_der_decoding:
+ * @element: pointer to an ASN1 structure.
+ * @ider: vector that contains the DER encoding.
+ * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1].
+ * @errorDescription: null-terminated string contains details when an
+ * error occurred.
+ *
+ * Fill the structure *@element with values of a DER encoding
+ * string. The structure must just be created with function
+ * asn1_create_element().
+ *
+ * Note that the *@element variable is provided as a pointer for
+ * historical reasons.
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND
+ * if @ELEMENT is %NULL, and %ASN1_TAG_ERROR or
+ * %ASN1_DER_ERROR if the der encoding doesn't match the structure
+ * name (*@ELEMENT deleted).
+ **/
+int
+asn1_der_decoding (asn1_node * element, const void *ider, int ider_len,
+ char *errorDescription)
+{
+ return asn1_der_decoding2 (element, ider, &ider_len, 0, errorDescription);
+}
+
+#if 0
+/**
+ * asn1_der_decoding_element:
+ * @structure: pointer to an ASN1 structure
+ * @elementName: name of the element to fill
+ * @ider: vector that contains the DER encoding of the whole structure.
+ * @len: number of bytes of *der: der[0]..der[len-1]
+ * @errorDescription: null-terminated string contains details when an
+ * error occurred.
+ *
+ * Fill the element named @ELEMENTNAME with values of a DER encoding
+ * string. The structure must just be created with function
+ * asn1_create_element(). The DER vector must contain the encoding
+ * string of the whole @STRUCTURE. If an error occurs during the
+ * decoding procedure, the *@STRUCTURE is deleted and set equal to
+ * %NULL.
+ *
+ * This function is deprecated and may just be an alias to asn1_der_decoding
+ * in future versions. Use asn1_der_decoding() instead.
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND
+ * if ELEMENT is %NULL or @elementName == NULL, and
+ * %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding doesn't
+ * match the structure @structure (*ELEMENT deleted).
+ **/
+int
+asn1_der_decoding_element (asn1_node * structure, const char *elementName,
+ const void *ider, int len, char *errorDescription)
+{
+ return asn1_der_decoding(structure, ider, len, errorDescription);
+}
+#endif
+
+/**
+ * asn1_der_decoding_startEnd:
+ * @element: pointer to an ASN1 element
+ * @ider: vector that contains the DER encoding.
+ * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1]
+ * @name_element: an element of NAME structure.
+ * @start: the position of the first byte of NAME_ELEMENT decoding
+ * (@ider[*start])
+ * @end: the position of the last byte of NAME_ELEMENT decoding
+ * (@ider[*end])
+ *
+ * Find the start and end point of an element in a DER encoding
+ * string. I mean that if you have a der encoding and you have already
+ * used the function asn1_der_decoding() to fill a structure, it may
+ * happen that you want to find the piece of string concerning an
+ * element of the structure.
+ *
+ * One example is the sequence "tbsCertificate" inside an X509
+ * certificate.
+ *
+ * Note that since libtasn1 3.7 the @ider and @ider_len parameters
+ * can be omitted, if the element is already decoded using asn1_der_decoding().
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND
+ * if ELEMENT is %asn1_node EMPTY or @name_element is not a valid
+ * element, %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding
+ * doesn't match the structure ELEMENT.
+ **/
+int
+asn1_der_decoding_startEnd (asn1_node element, const void *ider, int ider_len,
+ const char *name_element, int *start, int *end)
+{
+ asn1_node node, node_to_find;
+ int result = ASN1_DER_ERROR;
+
+ node = element;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ node_to_find = asn1_find_node (node, name_element);
+
+ if (node_to_find == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ *start = node_to_find->start;
+ *end = node_to_find->end;
+
+ if (*start == 0 && *end == 0)
+ {
+ if (ider == NULL || ider_len == 0)
+ return ASN1_GENERIC_ERROR;
+
+ /* it seems asn1_der_decoding() wasn't called before. Do it now */
+ result = asn1_der_decoding (&node, ider, ider_len, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ return result;
+ }
+
+ node_to_find = asn1_find_node (node, name_element);
+ if (node_to_find == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ *start = node_to_find->start;
+ *end = node_to_find->end;
+ }
+
+ if (*end < *start)
+ return ASN1_GENERIC_ERROR;
+
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_expand_any_defined_by:
+ * @definitions: ASN1 definitions
+ * @element: pointer to an ASN1 structure
+ *
+ * Expands every "ANY DEFINED BY" element of a structure created from
+ * a DER decoding process (asn1_der_decoding function). The element
+ * ANY must be defined by an OBJECT IDENTIFIER. The type used to
+ * expand the element ANY is the first one following the definition of
+ * the actual value of the OBJECT IDENTIFIER.
+ *
+ * Returns: %ASN1_SUCCESS if Substitution OK, %ASN1_ERROR_TYPE_ANY if
+ * some "ANY DEFINED BY" element couldn't be expanded due to a
+ * problem in OBJECT_ID -> TYPE association, or other error codes
+ * depending on DER decoding.
+ **/
+int
+asn1_expand_any_defined_by (asn1_node_const definitions, asn1_node * element)
+{
+ char name[2 * ASN1_MAX_NAME_SIZE + 2],
+ value[ASN1_MAX_NAME_SIZE];
+ int retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ asn1_node_const p2;
+ asn1_node p, p3, aux = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+ const char *definitionsName;
+
+ if ((definitions == NULL) || (*element == NULL))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ definitionsName = definitions->name;
+
+ p = *element;
+ while (p)
+ {
+
+ switch (type_field (p->type))
+ {
+ case ASN1_ETYPE_ANY:
+ if ((p->type & CONST_DEFINED_BY) && (p->value))
+ {
+ /* search the "DEF_BY" element */
+ p2 = p->down;
+ while ((p2) && (type_field (p2->type) != ASN1_ETYPE_CONSTANT))
+ p2 = p2->right;
+
+ if (!p2)
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+
+ p3 = _asn1_find_up (p);
+
+ if (!p3)
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+
+ p3 = p3->down;
+ while (p3)
+ {
+ if (!(strcmp (p3->name, p2->name)))
+ break;
+ p3 = p3->right;
+ }
+
+ if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
+ (p3->value == NULL))
+ {
+
+ p3 = _asn1_find_up (p);
+ p3 = _asn1_find_up (p3);
+
+ if (!p3)
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+
+ p3 = p3->down;
+
+ while (p3)
+ {
+ if (!(strcmp (p3->name, p2->name)))
+ break;
+ p3 = p3->right;
+ }
+
+ if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID)
+ || (p3->value == NULL))
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+ }
+
+ /* search the OBJECT_ID into definitions */
+ p2 = definitions->down;
+ while (p2)
+ {
+ if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p2->type & CONST_ASSIGN))
+ {
+ snprintf(name, sizeof(name), "%s.%s", definitionsName, p2->name);
+
+ len = ASN1_MAX_NAME_SIZE;
+ result =
+ asn1_read_value (definitions, name, value, &len);
+
+ if ((result == ASN1_SUCCESS)
+ && (!_asn1_strcmp (p3->value, value)))
+ {
+ p2 = p2->right; /* pointer to the structure to
+ use for expansion */
+ while ((p2) && (p2->type & CONST_ASSIGN))
+ p2 = p2->right;
+
+ if (p2)
+ {
+ snprintf(name, sizeof(name), "%s.%s", definitionsName, p2->name);
+
+ result =
+ asn1_create_element (definitions, name, &aux);
+ if (result == ASN1_SUCCESS)
+ {
+ _asn1_cpy_name (aux, p);
+ len2 =
+ asn1_get_length_der (p->value,
+ p->value_len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+
+ result =
+ asn1_der_decoding (&aux, p->value + len3,
+ len2,
+ errorDescription);
+ if (result == ASN1_SUCCESS)
+ {
+
+ _asn1_set_right (aux, p->right);
+ _asn1_set_right (p, aux);
+
+ result = asn1_delete_structure (&p);
+ if (result == ASN1_SUCCESS)
+ {
+ p = aux;
+ aux = NULL;
+ break;
+ }
+ else
+ { /* error with asn1_delete_structure */
+ asn1_delete_structure (&aux);
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with asn1_der_decoding */
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with asn1_create_element */
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with the pointer to the structure to exapand */
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+ }
+ }
+ p2 = p2->right;
+ } /* end while */
+
+ if (!p2)
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+
+ }
+ break;
+ default:
+ break;
+ }
+
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else if (p == *element)
+ {
+ p = NULL;
+ break;
+ }
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == *element)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+
+ return retCode;
+}
+
+/**
+ * asn1_expand_octet_string:
+ * @definitions: ASN1 definitions
+ * @element: pointer to an ASN1 structure
+ * @octetName: name of the OCTECT STRING field to expand.
+ * @objectName: name of the OBJECT IDENTIFIER field to use to define
+ * the type for expansion.
+ *
+ * Expands an "OCTET STRING" element of a structure created from a DER
+ * decoding process (the asn1_der_decoding() function). The type used
+ * for expansion is the first one following the definition of the
+ * actual value of the OBJECT IDENTIFIER indicated by OBJECTNAME.
+ *
+ * Returns: %ASN1_SUCCESS if substitution OK, %ASN1_ELEMENT_NOT_FOUND
+ * if @objectName or @octetName are not correct,
+ * %ASN1_VALUE_NOT_VALID if it wasn't possible to find the type to
+ * use for expansion, or other errors depending on DER decoding.
+ **/
+int
+asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element,
+ const char *octetName, const char *objectName)
+{
+ char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
+ int retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ asn1_node_const p2;
+ asn1_node aux = NULL;
+ asn1_node octetNode = NULL, objectNode = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ if ((definitions == NULL) || (*element == NULL))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ octetNode = asn1_find_node (*element, octetName);
+ if (octetNode == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+ if (type_field (octetNode->type) != ASN1_ETYPE_OCTET_STRING)
+ return ASN1_ELEMENT_NOT_FOUND;
+ if (octetNode->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+ objectNode = asn1_find_node (*element, objectName);
+ if (objectNode == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (type_field (objectNode->type) != ASN1_ETYPE_OBJECT_ID)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (objectNode->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+
+ /* search the OBJECT_ID into definitions */
+ p2 = definitions->down;
+ while (p2)
+ {
+ if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p2->type & CONST_ASSIGN))
+ {
+ strcpy (name, definitions->name);
+ memcpy (name + strlen(name), ".", sizeof(" . "));
+ memcpy (name + strlen(name), p2->name, strlen(p2->name) + 1);
+
+ len = sizeof (value);
+ result = asn1_read_value (definitions, name, value, &len);
+
+ if ((result == ASN1_SUCCESS)
+ && (!_asn1_strcmp (objectNode->value, value)))
+ {
+
+ p2 = p2->right; /* pointer to the structure to
+ use for expansion */
+ while ((p2) && (p2->type & CONST_ASSIGN))
+ p2 = p2->right;
+
+ if (p2)
+ {
+ strcpy (name, definitions->name);
+ memcpy (name + strlen(name), ".", sizeof(" . "));
+ memcpy (name + strlen(name), p2->name, strlen(p2->name) + 1);
+
+ result = asn1_create_element (definitions, name, &aux);
+ if (result == ASN1_SUCCESS)
+ {
+ _asn1_cpy_name (aux, octetNode);
+ len2 =
+ asn1_get_length_der (octetNode->value,
+ octetNode->value_len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+
+ result =
+ asn1_der_decoding (&aux, octetNode->value + len3,
+ len2, errorDescription);
+ if (result == ASN1_SUCCESS)
+ {
+
+ _asn1_set_right (aux, octetNode->right);
+ _asn1_set_right (octetNode, aux);
+
+ result = asn1_delete_structure (&octetNode);
+ if (result == ASN1_SUCCESS)
+ {
+ aux = NULL;
+ break;
+ }
+ else
+ { /* error with asn1_delete_structure */
+ asn1_delete_structure (&aux);
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with asn1_der_decoding */
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with asn1_create_element */
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with the pointer to the structure to exapand */
+ retCode = ASN1_VALUE_NOT_VALID;
+ break;
+ }
+ }
+ }
+
+ p2 = p2->right;
+
+ }
+
+ if (!p2)
+ retCode = ASN1_VALUE_NOT_VALID;
+
+ return retCode;
+}
+
+/*-
+ * _asn1_decode_simple_der:
+ * @etype: The type of the string to be encoded (ASN1_ETYPE_)
+ * @der: the encoded string
+ * @_der_len: the bytes of the encoded string
+ * @str: a pointer to the data
+ * @str_len: the length of the data
+ * @dflags: DECODE_FLAG_*
+ *
+ * Decodes a simple DER encoded type (e.g. a string, which is not constructed).
+ * The output is a pointer inside the @der.
+ *
+ * Returns: %ASN1_SUCCESS if successful or an error value.
+ -*/
+static int
+_asn1_decode_simple_der (unsigned int etype, const unsigned char *der,
+ unsigned int _der_len, const unsigned char **str,
+ unsigned int *str_len, unsigned dflags)
+{
+ int tag_len, len_len;
+ const unsigned char *p;
+ int der_len = _der_len;
+ unsigned char class;
+ unsigned long tag;
+ long ret;
+
+ if (der == NULL || der_len == 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ if (ETYPE_OK (etype) == 0 || ETYPE_IS_STRING(etype) == 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ /* doesn't handle constructed classes */
+ class = ETYPE_CLASS(etype);
+ if (class != ASN1_CLASS_UNIVERSAL)
+ return ASN1_VALUE_NOT_VALID;
+
+ p = der;
+
+ if (dflags & DECODE_FLAG_HAVE_TAG)
+ {
+ ret = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag);
+ if (ret != ASN1_SUCCESS)
+ return ret;
+
+ if (class != ETYPE_CLASS (etype) || tag != ETYPE_TAG (etype))
+ {
+ warn();
+ return ASN1_DER_ERROR;
+ }
+
+ p += tag_len;
+ der_len -= tag_len;
+ if (der_len <= 0)
+ return ASN1_DER_ERROR;
+ }
+
+ ret = asn1_get_length_der (p, der_len, &len_len);
+ if (ret < 0)
+ return ASN1_DER_ERROR;
+
+ p += len_len;
+ der_len -= len_len;
+ if (der_len <= 0)
+ return ASN1_DER_ERROR;
+
+ *str_len = ret;
+ *str = p;
+
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_decode_simple_der:
+ * @etype: The type of the string to be encoded (ASN1_ETYPE_)
+ * @der: the encoded string
+ * @_der_len: the bytes of the encoded string
+ * @str: a pointer to the data
+ * @str_len: the length of the data
+ *
+ * Decodes a simple DER encoded type (e.g. a string, which is not constructed).
+ * The output is a pointer inside the @der.
+ *
+ * Returns: %ASN1_SUCCESS if successful or an error value.
+ **/
+int
+asn1_decode_simple_der (unsigned int etype, const unsigned char *der,
+ unsigned int _der_len, const unsigned char **str,
+ unsigned int *str_len)
+{
+ return _asn1_decode_simple_der(etype, der, _der_len, str, str_len, DECODE_FLAG_HAVE_TAG);
+}
+
+static int append(uint8_t **dst, unsigned *dst_size, const unsigned char *src, unsigned src_size)
+{
+ if (src_size == 0)
+ return ASN1_SUCCESS;
+
+ *dst = _asn1_realloc(*dst, *dst_size+src_size);
+ if (*dst == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+ memcpy(*dst + *dst_size, src, src_size);
+ *dst_size += src_size;
+ return ASN1_SUCCESS;
+}
+
+/*-
+ * _asn1_decode_simple_ber:
+ * @etype: The type of the string to be encoded (ASN1_ETYPE_)
+ * @der: the encoded string
+ * @_der_len: the bytes of the encoded string
+ * @str: a pointer to the data
+ * @str_len: the length of the data
+ * @ber_len: the total length occupied by BER (may be %NULL)
+ * @have_tag: whether a DER tag is included
+ *
+ * Decodes a BER encoded type. The output is an allocated value
+ * of the data. This decodes BER STRINGS only. Other types are
+ * decoded as DER.
+ *
+ * Returns: %ASN1_SUCCESS if successful or an error value.
+ -*/
+static int
+_asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
+ unsigned int _der_len, unsigned char **str,
+ unsigned int *str_len, unsigned int *ber_len,
+ unsigned dflags)
+{
+ int tag_len, len_len;
+ const unsigned char *p;
+ int der_len = _der_len;
+ uint8_t *total = NULL;
+ unsigned total_size = 0;
+ unsigned char class;
+ unsigned long tag;
+ unsigned char *out = NULL;
+ const unsigned char *cout = NULL;
+ unsigned out_len;
+ long result;
+
+ if (ber_len) *ber_len = 0;
+
+ if (der == NULL || der_len == 0)
+ {
+ warn();
+ return ASN1_VALUE_NOT_VALID;
+ }
+
+ if (ETYPE_OK (etype) == 0)
+ {
+ warn();
+ return ASN1_VALUE_NOT_VALID;
+ }
+
+ /* doesn't handle constructed + definite classes */
+ class = ETYPE_CLASS (etype);
+ if (class != ASN1_CLASS_UNIVERSAL)
+ {
+ warn();
+ return ASN1_VALUE_NOT_VALID;
+ }
+
+ p = der;
+
+ if (dflags & DECODE_FLAG_HAVE_TAG)
+ {
+ result = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ return result;
+ }
+
+ if (tag != ETYPE_TAG (etype))
+ {
+ warn();
+ return ASN1_DER_ERROR;
+ }
+
+ p += tag_len;
+
+ DECR_LEN(der_len, tag_len);
+
+ if (ber_len) *ber_len += tag_len;
+ }
+
+ /* indefinite constructed */
+ if ((((dflags & DECODE_FLAG_CONSTRUCTED) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) &&
+ !(dflags & DECODE_FLAG_LEVEL3))
+ {
+ if (der_len == 0)
+ {
+ warn();
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if (der_len > 0 && p[0] == 0x80) /* indefinite */
+ {
+ len_len = 1;
+ DECR_LEN(der_len, len_len);
+ p += len_len;
+
+ if (ber_len) *ber_len += len_len;
+
+ /* decode the available octet strings */
+ do
+ {
+ unsigned tmp_len;
+ unsigned flags = DECODE_FLAG_HAVE_TAG;
+
+ if (dflags & DECODE_FLAG_LEVEL1)
+ flags |= DECODE_FLAG_LEVEL2;
+ else if (dflags & DECODE_FLAG_LEVEL2)
+ flags |= DECODE_FLAG_LEVEL3;
+ else
+ flags |= DECODE_FLAG_LEVEL1;
+
+ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len,
+ flags);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ p += tmp_len;
+ DECR_LEN(der_len, tmp_len);
+
+ if (ber_len) *ber_len += tmp_len;
+
+ DECR_LEN(der_len, 2); /* we need the EOC */
+
+ result = append(&total, &total_size, out, out_len);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ free(out);
+ out = NULL;
+
+ if (p[0] == 0 && p[1] == 0) /* EOC */
+ {
+ if (ber_len) *ber_len += 2;
+ break;
+ }
+
+ /* no EOC */
+ der_len += 2;
+
+ if (der_len == 2)
+ {
+ warn();
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ while(1);
+ }
+ else /* constructed */
+ {
+ long const_len;
+
+ result = asn1_get_length_ber(p, der_len, &len_len);
+ if (result < 0)
+ {
+ warn();
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ DECR_LEN(der_len, len_len);
+ p += len_len;
+
+ const_len = result;
+
+ if (ber_len) *ber_len += len_len;
+
+ /* decode the available octet strings */
+ while(const_len > 0)
+ {
+ unsigned tmp_len;
+ unsigned flags = DECODE_FLAG_HAVE_TAG;
+
+ if (dflags & DECODE_FLAG_LEVEL1)
+ flags |= DECODE_FLAG_LEVEL2;
+ else if (dflags & DECODE_FLAG_LEVEL2)
+ flags |= DECODE_FLAG_LEVEL3;
+ else
+ flags |= DECODE_FLAG_LEVEL1;
+
+ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len,
+ flags);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ p += tmp_len;
+ DECR_LEN(der_len, tmp_len);
+ DECR_LEN(const_len, tmp_len);
+
+ if (ber_len) *ber_len += tmp_len;
+
+ result = append(&total, &total_size, out, out_len);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ free(out);
+ out = NULL;
+ }
+ }
+ }
+ else if (class == ETYPE_CLASS(etype))
+ {
+ if (ber_len)
+ {
+ result = asn1_get_length_der (p, der_len, &len_len);
+ if (result < 0)
+ {
+ warn();
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ *ber_len += result + len_len;
+ }
+
+ /* non-string values are decoded as DER */
+ result = _asn1_decode_simple_der(etype, der, _der_len, &cout, &out_len, dflags);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+
+ result = append(&total, &total_size, cout, out_len);
+ if (result != ASN1_SUCCESS)
+ {
+ warn();
+ goto cleanup;
+ }
+ }
+ else
+ {
+ warn();
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ *str = total;
+ *str_len = total_size;
+
+ return ASN1_SUCCESS;
+cleanup:
+ free(out);
+ free(total);
+ return result;
+}
+
+/**
+ * asn1_decode_simple_ber:
+ * @etype: The type of the string to be encoded (ASN1_ETYPE_)
+ * @der: the encoded string
+ * @_der_len: the bytes of the encoded string
+ * @str: a pointer to the data
+ * @str_len: the length of the data
+ * @ber_len: the total length occupied by BER (may be %NULL)
+ *
+ * Decodes a BER encoded type. The output is an allocated value
+ * of the data. This decodes BER STRINGS only. Other types are
+ * decoded as DER.
+ *
+ * Returns: %ASN1_SUCCESS if successful or an error value.
+ **/
+int
+asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
+ unsigned int _der_len, unsigned char **str,
+ unsigned int *str_len, unsigned int *ber_len)
+{
+ return _asn1_decode_simple_ber(etype, der, _der_len, str, str_len, ber_len, DECODE_FLAG_HAVE_TAG);
+}
diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c
new file mode 100644
index 0000000000..ed761ff56b
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/element.c
@@ -0,0 +1,1112 @@
+/*
+ * Copyright (C) 2000-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+/*****************************************************/
+/* File: element.c */
+/* Description: Functions with the read and write */
+/* functions. */
+/*****************************************************/
+
+
+#include
+#include "parser_aux.h"
+#include
+#include "structure.h"
+#include "element.h"
+
+#define c_isdigit grub_isdigit
+
+void
+_asn1_hierarchical_name (asn1_node_const node, char *name, int name_size)
+{
+ asn1_node_const p;
+ char tmp_name[64];
+
+ p = node;
+
+ name[0] = 0;
+
+ while (p != NULL)
+ {
+ if (p->name[0] != 0)
+ {
+ _asn1_str_cpy (tmp_name, sizeof (tmp_name), name),
+ _asn1_str_cpy (name, name_size, p->name);
+ _asn1_str_cat (name, name_size, ".");
+ _asn1_str_cat (name, name_size, tmp_name);
+ }
+ p = _asn1_find_up (p);
+ }
+
+ if (name[0] == 0)
+ _asn1_str_cpy (name, name_size, "ROOT");
+}
+
+
+/******************************************************************/
+/* Function : _asn1_convert_integer */
+/* Description: converts an integer from a null terminated string */
+/* to der decoding. The convertion from a null */
+/* terminated string to an integer is made with */
+/* the 'strtol' function. */
+/* Parameters: */
+/* value: null terminated string to convert. */
+/* value_out: convertion result (memory must be already */
+/* allocated). */
+/* value_out_size: number of bytes of value_out. */
+/* len: number of significant byte of value_out. */
+/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */
+/******************************************************************/
+int
+_asn1_convert_integer (const unsigned char *value, unsigned char *value_out,
+ int value_out_size, int *len)
+{
+ char negative;
+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
+ long valtmp;
+ int k, k2;
+
+ valtmp = _asn1_strtol (value, NULL, 10);
+
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
+ {
+ val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF;
+ }
+
+ if (val[0] & 0x80)
+ negative = 1;
+ else
+ negative = 0;
+
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++)
+ {
+ if (negative && (val[k] != 0xFF))
+ break;
+ else if (!negative && val[k])
+ break;
+ }
+
+ if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80)))
+ k--;
+
+ *len = SIZEOF_UNSIGNED_LONG_INT - k;
+
+ if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size)
+ /* VALUE_OUT is too short to contain the value conversion */
+ return ASN1_MEM_ERROR;
+
+ if (value_out != NULL)
+ {
+ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
+ value_out[k2 - k] = val[k2];
+ }
+
+#if 0
+ printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
+ printf (", vOut[%d]=%d", k, value_out[k]);
+ printf ("\n");
+#endif
+
+ return ASN1_SUCCESS;
+}
+
+/* Appends a new element into the sequence (or set) defined by this
+ * node. The new element will have a name of '?number', where number
+ * is a monotonically increased serial number.
+ *
+ * The last element in the list may be provided in @pcache, to avoid
+ * traversing the list, an expensive operation in long lists.
+ *
+ * On success it returns in @pcache the added element (which is the
+ * tail in the list of added elements).
+ */
+int
+_asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
+{
+ asn1_node p, p2;
+ char temp[LTOSTR_MAX_SIZE];
+ long n;
+
+ if (!node || !(node->down))
+ return ASN1_GENERIC_ERROR;
+
+ p = node->down;
+ while ((type_field (p->type) == ASN1_ETYPE_TAG)
+ || (type_field (p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+
+ p2 = _asn1_copy_structure3 (p);
+ if (p2 == NULL)
+ return ASN1_GENERIC_ERROR;
+
+ if (pcache == NULL || pcache->tail == NULL || pcache->head != node)
+ {
+ while (p->right)
+ {
+ p = p->right;
+ }
+ }
+ else
+ {
+ p = pcache->tail;
+ }
+
+ _asn1_set_right (p, p2);
+ if (pcache)
+ {
+ pcache->head = node;
+ pcache->tail = p2;
+ }
+
+ if (p->name[0] == 0)
+ _asn1_str_cpy (temp, sizeof (temp), "?1");
+ else
+ {
+ n = strtol (p->name + 1, NULL, 0);
+ n++;
+ temp[0] = '?';
+ _asn1_ltostr (n, temp + 1);
+ }
+ _asn1_set_name (p2, temp);
+ /* p2->type |= CONST_OPTION; */
+
+ return ASN1_SUCCESS;
+}
+
+#if 0
+/**
+ * asn1_write_value:
+ * @node_root: pointer to a structure
+ * @name: the name of the element inside the structure that you want to set.
+ * @ivalue: vector used to specify the value to set. If len is >0,
+ * VALUE must be a two's complement form integer. if len=0 *VALUE
+ * must be a null terminated string with an integer value.
+ * @len: number of bytes of *value to use to set the value:
+ * value[0]..value[len-1] or 0 if value is a null terminated string
+ *
+ * Set the value of one element inside a structure.
+ *
+ * If an element is OPTIONAL and you want to delete it, you must use
+ * the value=NULL and len=0. Using "pkix.asn":
+ *
+ * result=asn1_write_value(cert, "tbsCertificate.issuerUniqueID",
+ * NULL, 0);
+ *
+ * Description for each type:
+ *
+ * INTEGER: VALUE must contain a two's complement form integer.
+ *
+ * value[0]=0xFF , len=1 -> integer=-1.
+ * value[0]=0xFF value[1]=0xFF , len=2 -> integer=-1.
+ * value[0]=0x01 , len=1 -> integer= 1.
+ * value[0]=0x00 value[1]=0x01 , len=2 -> integer= 1.
+ * value="123" , len=0 -> integer= 123.
+ *
+ * ENUMERATED: As INTEGER (but only with not negative numbers).
+ *
+ * BOOLEAN: VALUE must be the null terminated string "TRUE" or
+ * "FALSE" and LEN != 0.
+ *
+ * value="TRUE" , len=1 -> boolean=TRUE.
+ * value="FALSE" , len=1 -> boolean=FALSE.
+ *
+ * OBJECT IDENTIFIER: VALUE must be a null terminated string with
+ * each number separated by a dot (e.g. "1.2.3.543.1"). LEN != 0.
+ *
+ * value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha.
+ *
+ * UTCTime: VALUE must be a null terminated string in one of these
+ * formats: "YYMMDDhhmmssZ", "YYMMDDhhmmssZ",
+ * "YYMMDDhhmmss+hh'mm'", "YYMMDDhhmmss-hh'mm'",
+ * "YYMMDDhhmm+hh'mm'", or "YYMMDDhhmm-hh'mm'". LEN != 0.
+ *
+ * value="9801011200Z" , len=1 -> time=Jannuary 1st, 1998
+ * at 12h 00m Greenwich Mean Time
+ *
+ * GeneralizedTime: VALUE must be in one of this format:
+ * "YYYYMMDDhhmmss.sZ", "YYYYMMDDhhmmss.sZ",
+ * "YYYYMMDDhhmmss.s+hh'mm'", "YYYYMMDDhhmmss.s-hh'mm'",
+ * "YYYYMMDDhhmm+hh'mm'", or "YYYYMMDDhhmm-hh'mm'" where ss.s
+ * indicates the seconds with any precision like "10.1" or "01.02".
+ * LEN != 0
+ *
+ * value="2001010112001.12-0700" , len=1 -> time=Jannuary
+ * 1st, 2001 at 12h 00m 01.12s Pacific Daylight Time
+ *
+ * OCTET STRING: VALUE contains the octet string and LEN is the
+ * number of octets.
+ *
+ * value="$\backslash$x01$\backslash$x02$\backslash$x03" ,
+ * len=3 -> three bytes octet string
+ *
+ * GeneralString: VALUE contains the generalstring and LEN is the
+ * number of octets.
+ *
+ * value="$\backslash$x01$\backslash$x02$\backslash$x03" ,
+ * len=3 -> three bytes generalstring
+ *
+ * BIT STRING: VALUE contains the bit string organized by bytes and
+ * LEN is the number of bits.
+ *
+ * value="$\backslash$xCF" , len=6 -> bit string="110011" (six
+ * bits)
+ *
+ * CHOICE: if NAME indicates a choice type, VALUE must specify one of
+ * the alternatives with a null terminated string. LEN != 0. Using
+ * "pkix.asn"\:
+ *
+ * result=asn1_write_value(cert,
+ * "certificate1.tbsCertificate.subject", "rdnSequence",
+ * 1);
+ *
+ * ANY: VALUE indicates the der encoding of a structure. LEN != 0.
+ *
+ * SEQUENCE OF: VALUE must be the null terminated string "NEW" and
+ * LEN != 0. With this instruction another element is appended in
+ * the sequence. The name of this element will be "?1" if it's the
+ * first one, "?2" for the second and so on.
+ *
+ * Using "pkix.asn"\:
+ *
+ * result=asn1_write_value(cert,
+ * "certificate1.tbsCertificate.subject.rdnSequence", "NEW", 1);
+ *
+ * SET OF: the same as SEQUENCE OF. Using "pkix.asn":
+ *
+ * result=asn1_write_value(cert,
+ * "tbsCertificate.subject.rdnSequence.?LAST", "NEW", 1);
+ *
+ * Returns: %ASN1_SUCCESS if the value was set,
+ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, and
+ * %ASN1_VALUE_NOT_VALID if @ivalue has a wrong format.
+ **/
+int
+asn1_write_value (asn1_node node_root, const char *name,
+ const void *ivalue, int len)
+{
+ asn1_node node, p, p2;
+ unsigned char *temp, *value_temp = NULL, *default_temp = NULL;
+ int len2, k, k2, negative;
+ size_t i;
+ const unsigned char *value = ivalue;
+ unsigned int type;
+
+ node = asn1_find_node (node_root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0))
+ {
+ asn1_delete_structure (&node);
+ return ASN1_SUCCESS;
+ }
+
+ type = type_field (node->type);
+
+ if ((type == ASN1_ETYPE_SEQUENCE_OF || type == ASN1_ETYPE_SET_OF) && (value == NULL) && (len == 0))
+ {
+ p = node->down;
+ while ((type_field (p->type) == ASN1_ETYPE_TAG)
+ || (type_field (p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+
+ while (p->right)
+ asn1_delete_structure (&p->right);
+
+ return ASN1_SUCCESS;
+ }
+
+ /* Don't allow element deletion for other types */
+ if (value == NULL)
+ {
+ return ASN1_VALUE_NOT_VALID;
+ }
+
+ switch (type)
+ {
+ case ASN1_ETYPE_BOOLEAN:
+ if (!_asn1_strcmp (value, "TRUE"))
+ {
+ if (node->type & CONST_DEFAULT)
+ {
+ p = node->down;
+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_TRUE)
+ _asn1_set_value (node, NULL, 0);
+ else
+ _asn1_set_value (node, "T", 1);
+ }
+ else
+ _asn1_set_value (node, "T", 1);
+ }
+ else if (!_asn1_strcmp (value, "FALSE"))
+ {
+ if (node->type & CONST_DEFAULT)
+ {
+ p = node->down;
+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_FALSE)
+ _asn1_set_value (node, NULL, 0);
+ else
+ _asn1_set_value (node, "F", 1);
+ }
+ else
+ _asn1_set_value (node, "F", 1);
+ }
+ else
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if (len == 0)
+ {
+ if ((c_isdigit (value[0])) || (value[0] == '-'))
+ {
+ value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ _asn1_convert_integer (value, value_temp,
+ SIZEOF_UNSIGNED_LONG_INT, &len);
+ }
+ else
+ { /* is an identifier like v1 */
+ if (!(node->type & CONST_LIST))
+ return ASN1_VALUE_NOT_VALID;
+ p = node->down;
+ while (p)
+ {
+ if (type_field (p->type) == ASN1_ETYPE_CONSTANT)
+ {
+ if (!_asn1_strcmp (p->name, value))
+ {
+ value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ _asn1_convert_integer (p->value,
+ value_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len);
+ break;
+ }
+ }
+ p = p->right;
+ }
+ if (p == NULL)
+ return ASN1_VALUE_NOT_VALID;
+ }
+ }
+ else
+ { /* len != 0 */
+ value_temp = malloc (len);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+ memcpy (value_temp, value, len);
+ }
+
+ if (value_temp[0] & 0x80)
+ negative = 1;
+ else
+ negative = 0;
+
+ if (negative && (type_field (node->type) == ASN1_ETYPE_ENUMERATED))
+ {
+ free (value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+
+ for (k = 0; k < len - 1; k++)
+ if (negative && (value_temp[k] != 0xFF))
+ break;
+ else if (!negative && value_temp[k])
+ break;
+
+ if ((negative && !(value_temp[k] & 0x80)) ||
+ (!negative && (value_temp[k] & 0x80)))
+ k--;
+
+ _asn1_set_value_lv (node, value_temp + k, len - k);
+
+ if (node->type & CONST_DEFAULT)
+ {
+ p = node->down;
+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if ((c_isdigit (p->value[0])) || (p->value[0] == '-'))
+ {
+ default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
+ if (default_temp == NULL)
+ {
+ free (value_temp);
+ return ASN1_MEM_ALLOC_ERROR;
+ }
+
+ _asn1_convert_integer (p->value, default_temp,
+ SIZEOF_UNSIGNED_LONG_INT, &len2);
+ }
+ else
+ { /* is an identifier like v1 */
+ if (!(node->type & CONST_LIST))
+ {
+ free (value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ p2 = node->down;
+ while (p2)
+ {
+ if (type_field (p2->type) == ASN1_ETYPE_CONSTANT)
+ {
+ if (!_asn1_strcmp (p2->name, p->value))
+ {
+ default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
+ if (default_temp == NULL)
+ {
+ free (value_temp);
+ return ASN1_MEM_ALLOC_ERROR;
+ }
+
+ _asn1_convert_integer (p2->value,
+ default_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len2);
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL)
+ {
+ free (value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ }
+
+
+ if ((len - k) == len2)
+ {
+ for (k2 = 0; k2 < len2; k2++)
+ if (value_temp[k + k2] != default_temp[k2])
+ {
+ break;
+ }
+ if (k2 == len2)
+ _asn1_set_value (node, NULL, 0);
+ }
+ free (default_temp);
+ }
+ free (value_temp);
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ for (i = 0; i < _asn1_strlen (value); i++)
+ if ((!c_isdigit (value[i])) && (value[i] != '.') && (value[i] != '+'))
+ return ASN1_VALUE_NOT_VALID;
+ if (node->type & CONST_DEFAULT)
+ {
+ p = node->down;
+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (!_asn1_strcmp (value, p->value))
+ {
+ _asn1_set_value (node, NULL, 0);
+ break;
+ }
+ }
+ _asn1_set_value (node, value, _asn1_strlen (value) + 1);
+ break;
+ case ASN1_ETYPE_UTC_TIME:
+ {
+ len = _asn1_strlen (value);
+ if (len < 11)
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 0; k < 10; k++)
+ if (!c_isdigit (value[k]))
+ return ASN1_VALUE_NOT_VALID;
+ switch (len)
+ {
+ case 11:
+ if (value[10] != 'Z')
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 13:
+ if ((!c_isdigit (value[10])) || (!c_isdigit (value[11])) ||
+ (value[12] != 'Z'))
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 15:
+ if ((value[10] != '+') && (value[10] != '-'))
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 11; k < 15; k++)
+ if (!c_isdigit (value[k]))
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 17:
+ if ((!c_isdigit (value[10])) || (!c_isdigit (value[11])))
+ return ASN1_VALUE_NOT_VALID;
+ if ((value[12] != '+') && (value[12] != '-'))
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 13; k < 17; k++)
+ if (!c_isdigit (value[k]))
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ default:
+ return ASN1_VALUE_NOT_FOUND;
+ }
+ _asn1_set_value (node, value, len);
+ }
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ len = _asn1_strlen (value);
+ _asn1_set_value (node, value, len);
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ if (len == 0)
+ len = _asn1_strlen (value);
+ _asn1_set_value_lv (node, value, len);
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ if (len == 0)
+ len = _asn1_strlen (value);
+ asn1_length_der ((len >> 3) + 2, NULL, &len2);
+ temp = malloc ((len >> 3) + 2 + len2);
+ if (temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ asn1_bit_der (value, len, temp, &len2);
+ _asn1_set_value_m (node, temp, len2);
+ temp = NULL;
+ break;
+ case ASN1_ETYPE_CHOICE:
+ p = node->down;
+ while (p)
+ {
+ if (!_asn1_strcmp (p->name, value))
+ {
+ p2 = node->down;
+ while (p2)
+ {
+ if (p2 != p)
+ {
+ asn1_delete_structure (&p2);
+ p2 = node->down;
+ }
+ else
+ p2 = p2->right;
+ }
+ break;
+ }
+ p = p->right;
+ }
+ if (!p)
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
+ case ASN1_ETYPE_ANY:
+ _asn1_set_value_lv (node, value, len);
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (_asn1_strcmp (value, "NEW"))
+ return ASN1_VALUE_NOT_VALID;
+ _asn1_append_sequence_set (node, NULL);
+ break;
+ default:
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
+ }
+
+ return ASN1_SUCCESS;
+}
+#endif
+
+#define PUT_VALUE( ptr, ptr_size, data, data_size) \
+ *len = data_size; \
+ if (ptr_size < data_size) { \
+ return ASN1_MEM_ERROR; \
+ } else { \
+ if (ptr && data_size > 0) \
+ memcpy (ptr, data, data_size); \
+ }
+
+#define PUT_STR_VALUE( ptr, ptr_size, data) \
+ *len = _asn1_strlen (data) + 1; \
+ if (ptr_size < *len) { \
+ return ASN1_MEM_ERROR; \
+ } else { \
+ /* this strcpy is checked */ \
+ if (ptr) { \
+ _asn1_strcpy (ptr, data); \
+ } \
+ }
+
+#define PUT_AS_STR_VALUE( ptr, ptr_size, data, data_size) \
+ *len = data_size + 1; \
+ if (ptr_size < *len) { \
+ return ASN1_MEM_ERROR; \
+ } else { \
+ /* this strcpy is checked */ \
+ if (ptr) { \
+ if (data_size > 0) \
+ memcpy (ptr, data, data_size); \
+ ptr[data_size] = 0; \
+ } \
+ }
+
+#define ADD_STR_VALUE( ptr, ptr_size, data) \
+ *len += _asn1_strlen(data); \
+ if (ptr_size < (int) *len) { \
+ (*len)++; \
+ return ASN1_MEM_ERROR; \
+ } else { \
+ /* this strcat is checked */ \
+ if (ptr) _asn1_strcat (ptr, data); \
+ }
+
+/**
+ * asn1_read_value:
+ * @root: pointer to a structure.
+ * @name: the name of the element inside a structure that you want to read.
+ * @ivalue: vector that will contain the element's content, must be a
+ * pointer to memory cells already allocated (may be %NULL).
+ * @len: number of bytes of *value: value[0]..value[len-1]. Initialy
+ * holds the sizeof value.
+ *
+ * Returns the value of one element inside a structure.
+ * If an element is OPTIONAL and this returns
+ * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present
+ * in the der encoding that created the structure. The first element
+ * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and
+ * so on. If the @root provided is a node to specific sequence element,
+ * then the keyword "?CURRENT" is also acceptable and indicates the
+ * current sequence element of this node.
+ *
+ * Note that there can be valid values with length zero. In these case
+ * this function will succeed and @len will be zero.
+ *
+ * INTEGER: VALUE will contain a two's complement form integer.
+ *
+ * integer=-1 -> value[0]=0xFF , len=1.
+ * integer=1 -> value[0]=0x01 , len=1.
+ *
+ * ENUMERATED: As INTEGER (but only with not negative numbers).
+ *
+ * BOOLEAN: VALUE will be the null terminated string "TRUE" or
+ * "FALSE" and LEN=5 or LEN=6.
+ *
+ * OBJECT IDENTIFIER: VALUE will be a null terminated string with
+ * each number separated by a dot (i.e. "1.2.3.543.1").
+ *
+ * LEN = strlen(VALUE)+1
+ *
+ * UTCTime: VALUE will be a null terminated string in one of these
+ * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'".
+ * LEN=strlen(VALUE)+1.
+ *
+ * GeneralizedTime: VALUE will be a null terminated string in the
+ * same format used to set the value.
+ *
+ * OCTET STRING: VALUE will contain the octet string and LEN will be
+ * the number of octets.
+ *
+ * GeneralString: VALUE will contain the generalstring and LEN will
+ * be the number of octets.
+ *
+ * BIT STRING: VALUE will contain the bit string organized by bytes
+ * and LEN will be the number of bits.
+ *
+ * CHOICE: If NAME indicates a choice type, VALUE will specify the
+ * alternative selected.
+ *
+ * ANY: If NAME indicates an any type, VALUE will indicate the DER
+ * encoding of the structure actually used.
+ *
+ * Returns: %ASN1_SUCCESS if value is returned,
+ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element,
+ * %ASN1_VALUE_NOT_FOUND if there isn't any value for the element
+ * selected, and %ASN1_MEM_ERROR if The value vector isn't big enough
+ * to store the result, and in this case @len will contain the number of
+ * bytes needed. On the occasion that the stored data are of zero-length
+ * this function may return %ASN1_SUCCESS even if the provided @len is zero.
+ **/
+int
+asn1_read_value (asn1_node_const root, const char *name, void *ivalue, int *len)
+{
+ return asn1_read_value_type (root, name, ivalue, len, NULL);
+}
+
+/**
+ * asn1_read_value_type:
+ * @root: pointer to a structure.
+ * @name: the name of the element inside a structure that you want to read.
+ * @ivalue: vector that will contain the element's content, must be a
+ * pointer to memory cells already allocated (may be %NULL).
+ * @len: number of bytes of *value: value[0]..value[len-1]. Initialy
+ * holds the sizeof value.
+ * @etype: The type of the value read (ASN1_ETYPE)
+ *
+ * Returns the type and value of one element inside a structure.
+ * If an element is OPTIONAL and this returns
+ * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present
+ * in the der encoding that created the structure. The first element
+ * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and
+ * so on. If the @root provided is a node to specific sequence element,
+ * then the keyword "?CURRENT" is also acceptable and indicates the
+ * current sequence element of this node.
+ *
+ * Note that there can be valid values with length zero. In these case
+ * this function will succeed and @len will be zero.
+ *
+ *
+ * INTEGER: VALUE will contain a two's complement form integer.
+ *
+ * integer=-1 -> value[0]=0xFF , len=1.
+ * integer=1 -> value[0]=0x01 , len=1.
+ *
+ * ENUMERATED: As INTEGER (but only with not negative numbers).
+ *
+ * BOOLEAN: VALUE will be the null terminated string "TRUE" or
+ * "FALSE" and LEN=5 or LEN=6.
+ *
+ * OBJECT IDENTIFIER: VALUE will be a null terminated string with
+ * each number separated by a dot (i.e. "1.2.3.543.1").
+ *
+ * LEN = strlen(VALUE)+1
+ *
+ * UTCTime: VALUE will be a null terminated string in one of these
+ * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'".
+ * LEN=strlen(VALUE)+1.
+ *
+ * GeneralizedTime: VALUE will be a null terminated string in the
+ * same format used to set the value.
+ *
+ * OCTET STRING: VALUE will contain the octet string and LEN will be
+ * the number of octets.
+ *
+ * GeneralString: VALUE will contain the generalstring and LEN will
+ * be the number of octets.
+ *
+ * BIT STRING: VALUE will contain the bit string organized by bytes
+ * and LEN will be the number of bits.
+ *
+ * CHOICE: If NAME indicates a choice type, VALUE will specify the
+ * alternative selected.
+ *
+ * ANY: If NAME indicates an any type, VALUE will indicate the DER
+ * encoding of the structure actually used.
+ *
+ * Returns: %ASN1_SUCCESS if value is returned,
+ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element,
+ * %ASN1_VALUE_NOT_FOUND if there isn't any value for the element
+ * selected, and %ASN1_MEM_ERROR if The value vector isn't big enough
+ * to store the result, and in this case @len will contain the number of
+ * bytes needed. On the occasion that the stored data are of zero-length
+ * this function may return %ASN1_SUCCESS even if the provided @len is zero.
+ **/
+int
+asn1_read_value_type (asn1_node_const root, const char *name, void *ivalue,
+ int *len, unsigned int *etype)
+{
+ asn1_node_const node, p, p2;
+ int len2, len3, result;
+ int value_size = *len;
+ unsigned char *value = ivalue;
+ unsigned type;
+
+ node = asn1_find_node (root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ type = type_field (node->type);
+
+ if ((type != ASN1_ETYPE_NULL) &&
+ (type != ASN1_ETYPE_CHOICE) &&
+ !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) &&
+ (node->value == NULL))
+ return ASN1_VALUE_NOT_FOUND;
+
+ if (etype)
+ *etype = type;
+ switch (type)
+ {
+ case ASN1_ETYPE_NULL:
+ PUT_STR_VALUE (value, value_size, "NULL");
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if ((node->type & CONST_DEFAULT) && (node->value == NULL))
+ {
+ p = node->down;
+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_TRUE)
+ {
+ PUT_STR_VALUE (value, value_size, "TRUE");
+ }
+ else
+ {
+ PUT_STR_VALUE (value, value_size, "FALSE");
+ }
+ }
+ else if (node->value[0] == 'T')
+ {
+ PUT_STR_VALUE (value, value_size, "TRUE");
+ }
+ else
+ {
+ PUT_STR_VALUE (value, value_size, "FALSE");
+ }
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if ((node->type & CONST_DEFAULT) && (node->value == NULL))
+ {
+ p = node->down;
+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if ((c_isdigit (p->value[0])) || (p->value[0] == '-')
+ || (p->value[0] == '+'))
+ {
+ result = _asn1_convert_integer
+ (p->value, value, value_size, len);
+ if (result != ASN1_SUCCESS)
+ return result;
+ }
+ else
+ { /* is an identifier like v1 */
+ p2 = node->down;
+ while (p2)
+ {
+ if (type_field (p2->type) == ASN1_ETYPE_CONSTANT)
+ {
+ if (!_asn1_strcmp (p2->name, p->value))
+ {
+ result = _asn1_convert_integer
+ (p2->value, value, value_size,
+ len);
+ if (result != ASN1_SUCCESS)
+ return result;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ }
+ }
+ else
+ {
+ len2 = -1;
+ result = asn1_get_octet_der
+ (node->value, node->value_len, &len2, value, value_size,
+ len);
+ if (result != ASN1_SUCCESS)
+ return result;
+ }
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (node->type & CONST_ASSIGN)
+ {
+ *len = 0;
+ if (value)
+ value[0] = 0;
+ p = node->down;
+ while (p)
+ {
+ if (type_field (p->type) == ASN1_ETYPE_CONSTANT)
+ {
+ ADD_STR_VALUE (value, value_size, p->value);
+ if (p->right)
+ {
+ ADD_STR_VALUE (value, value_size, ".");
+ }
+ }
+ p = p->right;
+ }
+ (*len)++;
+ }
+ else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
+ {
+ p = node->down;
+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ PUT_STR_VALUE (value, value_size, p->value);
+ }
+ else
+ {
+ PUT_STR_VALUE (value, value_size, node->value);
+ }
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ PUT_AS_STR_VALUE (value, value_size, node->value, node->value_len);
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ len2 = -1;
+ result = asn1_get_octet_der
+ (node->value, node->value_len, &len2, value, value_size,
+ len);
+ if (result != ASN1_SUCCESS)
+ return result;
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ len2 = -1;
+ result = asn1_get_bit_der
+ (node->value, node->value_len, &len2, value, value_size,
+ len);
+ if (result != ASN1_SUCCESS)
+ return result;
+ break;
+ case ASN1_ETYPE_CHOICE:
+ PUT_STR_VALUE (value, value_size, node->down->name);
+ break;
+ case ASN1_ETYPE_ANY:
+ len3 = -1;
+ len2 = asn1_get_length_der (node->value, node->value_len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ PUT_VALUE (value, value_size, node->value + len3, len2);
+ break;
+ default:
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
+ }
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_read_tag:
+ * @root: pointer to a structure
+ * @name: the name of the element inside a structure.
+ * @tagValue: variable that will contain the TAG value.
+ * @classValue: variable that will specify the TAG type.
+ *
+ * Returns the TAG and the CLASS of one element inside a structure.
+ * CLASS can have one of these constants: %ASN1_CLASS_APPLICATION,
+ * %ASN1_CLASS_UNIVERSAL, %ASN1_CLASS_PRIVATE or
+ * %ASN1_CLASS_CONTEXT_SPECIFIC.
+ *
+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
+ * @name is not a valid element.
+ **/
+int
+asn1_read_tag (asn1_node_const root, const char *name, int *tagValue,
+ int *classValue)
+{
+ asn1_node node, p, pTag;
+
+ node = asn1_find_node (root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node->down;
+
+ /* pTag will points to the IMPLICIT TAG */
+ pTag = NULL;
+ if (node->type & CONST_TAG)
+ {
+ while (p)
+ {
+ if (type_field (p->type) == ASN1_ETYPE_TAG)
+ {
+ if ((p->type & CONST_IMPLICIT) && (pTag == NULL))
+ pTag = p;
+ else if (p->type & CONST_EXPLICIT)
+ pTag = NULL;
+ }
+ p = p->right;
+ }
+ }
+
+ if (pTag)
+ {
+ *tagValue = _asn1_strtoul (pTag->value, NULL, 10);
+
+ if (pTag->type & CONST_APPLICATION)
+ *classValue = ASN1_CLASS_APPLICATION;
+ else if (pTag->type & CONST_UNIVERSAL)
+ *classValue = ASN1_CLASS_UNIVERSAL;
+ else if (pTag->type & CONST_PRIVATE)
+ *classValue = ASN1_CLASS_PRIVATE;
+ else
+ *classValue = ASN1_CLASS_CONTEXT_SPECIFIC;
+ }
+ else
+ {
+ unsigned type = type_field (node->type);
+ *classValue = ASN1_CLASS_UNIVERSAL;
+
+ switch (type)
+ {
+ CASE_HANDLED_ETYPES:
+ *tagValue = _asn1_tags[type].tag;
+ break;
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_ANY:
+ *tagValue = -1;
+ break;
+ default:
+ break;
+ }
+ }
+
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_read_node_value:
+ * @node: pointer to a node.
+ * @data: a point to a asn1_data_node_st
+ *
+ * Returns the value a data node inside a asn1_node structure.
+ * The data returned should be handled as constant values.
+ *
+ * Returns: %ASN1_SUCCESS if the node exists.
+ **/
+int
+asn1_read_node_value (asn1_node_const node, asn1_data_node_st * data)
+{
+ data->name = node->name;
+ data->value = node->value;
+ data->value_len = node->value_len;
+ data->type = type_field (node->type);
+
+ return ASN1_SUCCESS;
+}
diff --git a/grub-core/lib/libtasn1/lib/element.h b/grub-core/lib/libtasn1/lib/element.h
new file mode 100644
index 0000000000..440a33f4bb
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/element.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2000-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#ifndef _ELEMENT_H
+#define _ELEMENT_H
+
+
+struct node_tail_cache_st
+{
+ asn1_node head; /* the first element of the sequence */
+ asn1_node tail;
+};
+
+int _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcached);
+
+int _asn1_convert_integer (const unsigned char *value,
+ unsigned char *value_out,
+ int value_out_size, int *len);
+
+void _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size);
+
+#endif
diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c
new file mode 100644
index 0000000000..42785e8622
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/errors.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2002-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#include
+#ifdef STDC_HEADERS
+#include
+#endif
+
+#define LIBTASN1_ERROR_ENTRY(name) { #name, name }
+
+struct libtasn1_error_entry
+{
+ const char *name;
+ int number;
+};
+typedef struct libtasn1_error_entry libtasn1_error_entry;
+
+static const libtasn1_error_entry error_algorithms[] = {
+ LIBTASN1_ERROR_ENTRY (ASN1_SUCCESS),
+ LIBTASN1_ERROR_ENTRY (ASN1_FILE_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY (ASN1_IDENTIFIER_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY (ASN1_DER_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY (ASN1_GENERIC_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_VALID),
+ LIBTASN1_ERROR_ENTRY (ASN1_TAG_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_TAG_IMPLICIT),
+ LIBTASN1_ERROR_ENTRY (ASN1_ERROR_TYPE_ANY),
+ LIBTASN1_ERROR_ENTRY (ASN1_SYNTAX_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_MEM_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_MEM_ALLOC_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_DER_OVERFLOW),
+ LIBTASN1_ERROR_ENTRY (ASN1_NAME_TOO_LONG),
+ LIBTASN1_ERROR_ENTRY (ASN1_ARRAY_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_EMPTY),
+ LIBTASN1_ERROR_ENTRY (ASN1_TIME_ENCODING_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_RECURSION),
+ {0, 0}
+};
+
+
+#if 0
+/**
+ * asn1_perror:
+ * @error: is an error returned by a libtasn1 function.
+ *
+ * Prints a string to stderr with a description of an error. This
+ * function is like perror(). The only difference is that it accepts
+ * an error returned by a libtasn1 function.
+ *
+ * Since: 1.6
+ **/
+void
+asn1_perror (int error)
+{
+ const char *str = asn1_strerror (error);
+ fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
+}
+#endif
+
+/**
+ * asn1_strerror:
+ * @error: is an error returned by a libtasn1 function.
+ *
+ * Returns a string with a description of an error. This function is
+ * similar to strerror. The only difference is that it accepts an
+ * error (number) returned by a libtasn1 function.
+ *
+ * Returns: Pointer to static zero-terminated string describing error
+ * code.
+ *
+ * Since: 1.6
+ **/
+const char *
+asn1_strerror (int error)
+{
+ const libtasn1_error_entry *p;
+
+ for (p = error_algorithms; p->name != NULL; p++)
+ if (p->number == error)
+ return p->name + sizeof ("ASN1_") - 1;
+
+ return NULL;
+}
diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c
new file mode 100644
index 0000000000..e33875c2c7
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/gstr.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2002-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#include
+#include "gstr.h"
+
+/* These function are like strcat, strcpy. They only
+ * do bounds checking (they shouldn't cause buffer overruns),
+ * and they always produce null terminated strings.
+ *
+ * They should be used only with null terminated strings.
+ */
+void
+_asn1_str_cat (char *dest, size_t dest_tot_size, const char *src)
+{
+ size_t str_size = strlen (src);
+ size_t dest_size = strlen (dest);
+
+ if (dest_tot_size - dest_size > str_size)
+ {
+ memcpy (dest + dest_size, src, str_size + 1);
+ }
+ else
+ {
+ if (dest_tot_size - dest_size > 0)
+ {
+ memcpy (dest + dest_size, src, (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
+}
+
+/* Returns the bytes copied (not including the null terminator) */
+unsigned int
+_asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src)
+{
+ size_t str_size = strlen (src);
+
+ if (dest_tot_size > str_size)
+ {
+ strcpy (dest, src);
+ return str_size;
+ }
+ else
+ {
+ if (dest_tot_size > 0)
+ {
+ str_size = dest_tot_size - 1;
+ memcpy (dest, src, str_size);
+ dest[str_size] = 0;
+ return str_size;
+ }
+ else
+ return 0;
+ }
+}
diff --git a/grub-core/lib/libtasn1/lib/gstr.h b/grub-core/lib/libtasn1/lib/gstr.h
new file mode 100644
index 0000000000..48229844ff
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/gstr.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2002-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#ifndef GSTR_H
+# define GSTR_H
+
+unsigned int _asn1_str_cpy (char *dest, size_t dest_tot_size,
+ const char *src);
+void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src);
+
+#define Estrcpy(x,y) _asn1_str_cpy(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y)
+#define Estrcat(x,y) _asn1_str_cat(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y)
+
+inline static
+void safe_memset(void *data, int c, size_t size)
+{
+ volatile unsigned volatile_zero = 0;
+ volatile char *vdata = (volatile char*)data;
+
+ /* This is based on a nice trick for safe memset,
+ * sent by David Jacobson in the openssl-dev mailing list.
+ */
+
+ if (size > 0) do {
+ memset(data, c, size);
+ } while(vdata[volatile_zero] != c);
+}
+
+#endif /* GSTR_H */
diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h
new file mode 100644
index 0000000000..4a568efee9
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/int.h
@@ -0,0 +1,221 @@
+/*
+ * Copyright (C) 2002-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#ifndef INT_H
+#define INT_H
+
+#ifdef HAVE_CONFIG_H
+#include
+#endif
+
+#include
+#include
+#include
+#include
+
+#ifdef HAVE_SYS_TYPES_H
+#include
+#endif
+
+#include "grub/libtasn1.h"
+
+#define ASN1_SMALL_VALUE_SIZE 16
+
+/* This structure is also in libtasn1.h, but then contains less
+ fields. You cannot make any modifications to these first fields
+ without breaking ABI. */
+struct asn1_node_st
+{
+ /* public fields: */
+ char name[ASN1_MAX_NAME_SIZE + 1]; /* Node name */
+ unsigned int name_hash;
+ unsigned int type; /* Node type */
+ unsigned char *value; /* Node value */
+ int value_len;
+ asn1_node down; /* Pointer to the son node */
+ asn1_node right; /* Pointer to the brother node */
+ asn1_node left; /* Pointer to the next list element */
+ /* private fields: */
+ unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */
+
+ /* values used during decoding/coding */
+ int tmp_ival;
+ unsigned start; /* the start of the DER sequence - if decoded */
+ unsigned end; /* the end of the DER sequence - if decoded */
+};
+
+typedef struct tag_and_class_st
+{
+ unsigned tag;
+ unsigned class;
+ const char *desc;
+} tag_and_class_st;
+
+/* the types that are handled in _asn1_tags */
+#define CASE_HANDLED_ETYPES \
+ case ASN1_ETYPE_NULL: \
+ case ASN1_ETYPE_BOOLEAN: \
+ case ASN1_ETYPE_INTEGER: \
+ case ASN1_ETYPE_ENUMERATED: \
+ case ASN1_ETYPE_OBJECT_ID: \
+ case ASN1_ETYPE_OCTET_STRING: \
+ case ASN1_ETYPE_GENERALSTRING: \
+ case ASN1_ETYPE_NUMERIC_STRING: \
+ case ASN1_ETYPE_IA5_STRING: \
+ case ASN1_ETYPE_TELETEX_STRING: \
+ case ASN1_ETYPE_PRINTABLE_STRING: \
+ case ASN1_ETYPE_UNIVERSAL_STRING: \
+ case ASN1_ETYPE_BMP_STRING: \
+ case ASN1_ETYPE_UTF8_STRING: \
+ case ASN1_ETYPE_VISIBLE_STRING: \
+ case ASN1_ETYPE_BIT_STRING: \
+ case ASN1_ETYPE_SEQUENCE: \
+ case ASN1_ETYPE_SEQUENCE_OF: \
+ case ASN1_ETYPE_SET: \
+ case ASN1_ETYPE_UTC_TIME: \
+ case ASN1_ETYPE_GENERALIZED_TIME: \
+ case ASN1_ETYPE_SET_OF
+
+#define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+#define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+#define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+ (etype) <= _asn1_tags_size && \
+ _asn1_tags[(etype)].desc != NULL)?1:0)
+
+#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+ etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \
+ etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \
+ etype == ASN1_ETYPE_UNIVERSAL_STRING || etype == ASN1_ETYPE_BMP_STRING || \
+ etype == ASN1_ETYPE_UTF8_STRING || etype == ASN1_ETYPE_VISIBLE_STRING || \
+ etype == ASN1_ETYPE_OCTET_STRING)?1:0)
+
+extern unsigned int _asn1_tags_size;
+extern const tag_and_class_st _asn1_tags[];
+
+#define _asn1_strlen(s) strlen((const char *) s)
+#define _asn1_strtol(n,e,b) strtol((const char *) n, e, b)
+#define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b)
+#define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b)
+#define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b)
+#define _asn1_strcat(a,b) memcpy((char *)a + strlen((const char *)a), (const char *)b, strlen((const char *)b) + 1)
+
+#if SIZEOF_UNSIGNED_LONG_INT == 8
+# define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b)
+#else
+# define _asn1_strtou64(n,e,b) strtoull((const char *) n, e, b)
+#endif
+
+#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */
+
+/* Define used for visiting trees. */
+#define UP 1
+#define RIGHT 2
+#define DOWN 3
+
+/***********************************************************************/
+/* List of constants to better specify the type of typedef asn1_node_st. */
+/***********************************************************************/
+/* Used with TYPE_TAG */
+#define CONST_UNIVERSAL (1U<<8)
+#define CONST_PRIVATE (1U<<9)
+#define CONST_APPLICATION (1U<<10)
+#define CONST_EXPLICIT (1U<<11)
+#define CONST_IMPLICIT (1U<<12)
+
+#define CONST_TAG (1U<<13) /* Used in ASN.1 assignement */
+#define CONST_OPTION (1U<<14)
+#define CONST_DEFAULT (1U<<15)
+#define CONST_TRUE (1U<<16)
+#define CONST_FALSE (1U<<17)
+
+#define CONST_LIST (1U<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */
+#define CONST_MIN_MAX (1U<<19)
+
+#define CONST_1_PARAM (1U<<20)
+
+#define CONST_SIZE (1U<<21)
+
+#define CONST_DEFINED_BY (1U<<22)
+
+/* Those two are deprecated and used for backwards compatibility */
+#define CONST_GENERALIZED (1U<<23)
+#define CONST_UTC (1U<<24)
+
+/* #define CONST_IMPORTS (1U<<25) */
+
+#define CONST_NOT_USED (1U<<26)
+#define CONST_SET (1U<<27)
+#define CONST_ASSIGN (1U<<28)
+
+#define CONST_DOWN (1U<<29)
+#define CONST_RIGHT (1U<<30)
+
+
+#define ASN1_ETYPE_TIME 17
+/****************************************/
+/* Returns the first 8 bits. */
+/* Used with the field type of asn1_node_st */
+/****************************************/
+inline static unsigned int
+type_field (unsigned int ntype)
+{
+ return (ntype & 0xff);
+}
+
+/* To convert old types from a static structure */
+inline static unsigned int
+convert_old_type (unsigned int ntype)
+{
+ unsigned int type = ntype & 0xff;
+ if (type == ASN1_ETYPE_TIME)
+ {
+ if (ntype & CONST_UTC)
+ type = ASN1_ETYPE_UTC_TIME;
+ else
+ type = ASN1_ETYPE_GENERALIZED_TIME;
+
+ ntype &= ~(CONST_UTC | CONST_GENERALIZED);
+ ntype &= 0xffffff00;
+ ntype |= type;
+
+ return ntype;
+ }
+ else
+ return ntype;
+}
+
+static inline
+void *_asn1_realloc(void *ptr, size_t size)
+{
+ void *ret;
+
+ if (size == 0)
+ return ptr;
+
+ ret = realloc(ptr, size);
+ if (ret == NULL)
+ {
+ free(ptr);
+ }
+ return ret;
+}
+
+#endif /* INT_H */
diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c
new file mode 100644
index 0000000000..89c9be69dc
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/parser_aux.c
@@ -0,0 +1,1174 @@
+/*
+ * Copyright (C) 2000-2016 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#include // WORD_BIT
+
+#include "int.h"
+#include "parser_aux.h"
+#include "gstr.h"
+#include "structure.h"
+#include "element.h"
+
+#define c_isdigit grub_isdigit
+
+char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */
+
+/* Return a hash of the N bytes of X using the method described by
+ Bruno Haible in https://www.haible.de/bruno/hashfunc.html.
+ Note that while many hash functions reduce their result via modulo
+ to a 0..table_size-1 range, this function does not do that.
+
+ This implementation has been changed from size_t -> unsigned int. */
+
+#ifdef __clang__
+__attribute__((no_sanitize("integer")))
+#endif
+__attribute__((__pure__))
+static unsigned int
+_asn1_hash_name (const char *x)
+{
+ const unsigned char *s = (unsigned char *) x;
+ unsigned h = 0;
+
+ while (*s)
+ h = (*s++) + ((h << 9) | (h >> (WORD_BIT - 9)));
+
+ return h;
+}
+
+/******************************************************/
+/* Function : _asn1_add_static_node */
+/* Description: creates a new NODE_ASN element and */
+/* puts it in the list pointed by e_list. */
+/* Parameters: */
+/* e_list: of type list_type; must be NULL initially */
+/* type: type of the new element (see ASN1_ETYPE_ */
+/* and CONST_ constants). */
+/* Return: pointer to the new element. */
+/******************************************************/
+asn1_node
+_asn1_add_static_node (list_type **e_list, unsigned int type)
+{
+ list_type *p;
+ asn1_node punt;
+
+ punt = calloc (1, sizeof (struct asn1_node_st));
+ if (punt == NULL)
+ return NULL;
+
+ p = malloc (sizeof (list_type));
+ if (p == NULL)
+ {
+ free (punt);
+ return NULL;
+ }
+
+ p->node = punt;
+ p->next = *e_list;
+ *e_list = p;
+
+ punt->type = type;
+
+ return punt;
+}
+
+static
+int _asn1_add_static_node2 (list_type **e_list, asn1_node node)
+{
+ list_type *p;
+
+ p = malloc (sizeof (list_type));
+ if (p == NULL)
+ {
+ return -1;
+ }
+
+ p->node = node;
+ p->next = *e_list;
+ *e_list = p;
+
+ return 0;
+}
+
+/**
+ * asn1_find_node:
+ * @pointer: NODE_ASN element pointer.
+ * @name: null terminated string with the element's name to find.
+ *
+ * Searches for an element called @name starting from @pointer. The
+ * name is composed by different identifiers separated by dots. When
+ * *@pointer has a name, the first identifier must be the name of
+ * *@pointer, otherwise it must be the name of one child of *@pointer.
+ *
+ * Returns: the search result, or %NULL if not found.
+ **/
+asn1_node
+asn1_find_node (asn1_node_const pointer, const char *name)
+{
+ asn1_node_const p;
+ char *n_end, n[ASN1_MAX_NAME_SIZE + 1];
+ const char *n_start;
+ unsigned int nsize;
+ unsigned int nhash;
+
+ if (pointer == NULL)
+ return NULL;
+
+ if (name == NULL)
+ return NULL;
+
+ p = pointer;
+ n_start = name;
+
+ if (name[0] == '?' && name[1] == 'C' && p->name[0] == '?')
+ { /* ?CURRENT */
+ n_start = strchr(n_start, '.');
+ if (n_start)
+ n_start++;
+ }
+ else if (p->name[0] != 0)
+ { /* has *pointer got a name ? */
+ n_end = strchr (n_start, '.'); /* search the first dot */
+ if (n_end)
+ {
+ nsize = n_end - n_start;
+ if (nsize >= sizeof(n))
+ return NULL;
+
+ memcpy (n, n_start, nsize);
+ n[nsize] = 0;
+ n_start = n_end;
+ n_start++;
+
+ nhash = _asn1_hash_name (n);
+ }
+ else
+ {
+ _asn1_str_cpy (n, sizeof (n), n_start);
+ nhash = _asn1_hash_name (n);
+
+ n_start = NULL;
+ }
+
+ while (p)
+ {
+ if (nhash == p->name_hash && (!strcmp (p->name, n)))
+ break;
+ else
+ p = p->right;
+ } /* while */
+
+ if (p == NULL)
+ return NULL;
+ }
+ else
+ { /* *pointer doesn't have a name */
+ if (n_start[0] == 0)
+ return (asn1_node) p;
+ }
+
+ while (n_start)
+ { /* Has the end of NAME been reached? */
+ n_end = strchr (n_start, '.'); /* search the next dot */
+ if (n_end)
+ {
+ nsize = n_end - n_start;
+ if (nsize >= sizeof(n))
+ return NULL;
+
+ memcpy (n, n_start, nsize);
+ n[nsize] = 0;
+ n_start = n_end;
+ n_start++;
+
+ nhash = _asn1_hash_name (n);
+ }
+ else
+ {
+ _asn1_str_cpy (n, sizeof (n), n_start);
+ nhash = _asn1_hash_name (n);
+ n_start = NULL;
+ }
+
+ if (p->down == NULL)
+ return NULL;
+
+ p = p->down;
+ if (p == NULL)
+ return NULL;
+
+ /* The identifier "?LAST" indicates the last element
+ in the right chain. */
+ if (n[0] == '?' && n[1] == 'L') /* ?LAST */
+ {
+ while (p->right)
+ p = p->right;
+ }
+ else
+ { /* no "?LAST" */
+ while (p)
+ {
+ if (p->name_hash == nhash && !strcmp (p->name, n))
+ break;
+ else
+ p = p->right;
+ }
+ }
+ if (p == NULL)
+ return NULL;
+ } /* while */
+
+ return (asn1_node) p;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_set_value */
+/* Description: sets the field VALUE in a NODE_ASN element. The */
+/* previous value (if exist) will be lost */
+/* Parameters: */
+/* node: element pointer. */
+/* value: pointer to the value that you want to set. */
+/* len: character number of value. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+asn1_node
+_asn1_set_value (asn1_node node, const void *value, unsigned int len)
+{
+ if (node == NULL)
+ return node;
+ if (node->value)
+ {
+ if (node->value != node->small_value)
+ free (node->value);
+ node->value = NULL;
+ node->value_len = 0;
+ }
+
+ if (!len)
+ return node;
+
+ if (len < sizeof (node->small_value))
+ {
+ node->value = node->small_value;
+ }
+ else
+ {
+ node->value = malloc (len);
+ if (node->value == NULL)
+ return NULL;
+ }
+ node->value_len = len;
+
+ memcpy (node->value, value, len);
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_set_value_lv */
+/* Description: sets the field VALUE in a NODE_ASN element. The */
+/* previous value (if exist) will be lost. The value */
+/* given is stored as an length-value format (LV */
+/* Parameters: */
+/* node: element pointer. */
+/* value: pointer to the value that you want to set. */
+/* len: character number of value. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+asn1_node
+_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len)
+{
+ int len2;
+ void *temp;
+
+ if (node == NULL)
+ return node;
+
+ asn1_length_der (len, NULL, &len2);
+ temp = malloc (len + len2);
+ if (temp == NULL)
+ return NULL;
+
+ asn1_octet_der (value, len, temp, &len2);
+ return _asn1_set_value_m (node, temp, len2);
+}
+
+/* the same as _asn1_set_value except that it sets an already malloc'ed
+ * value.
+ */
+asn1_node
+_asn1_set_value_m (asn1_node node, void *value, unsigned int len)
+{
+ if (node == NULL)
+ return node;
+
+ if (node->value)
+ {
+ if (node->value != node->small_value)
+ free (node->value);
+ node->value = NULL;
+ node->value_len = 0;
+ }
+
+ if (!len)
+ return node;
+
+ node->value = value;
+ node->value_len = len;
+
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_append_value */
+/* Description: appends to the field VALUE in a NODE_ASN element. */
+/* */
+/* Parameters: */
+/* node: element pointer. */
+/* value: pointer to the value that you want to be appended. */
+/* len: character number of value. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+asn1_node
+_asn1_append_value (asn1_node node, const void *value, unsigned int len)
+{
+ if (node == NULL)
+ return node;
+
+ if (node->value == NULL)
+ return _asn1_set_value (node, value, len);
+
+ if (len == 0)
+ return node;
+
+ if (node->value == node->small_value)
+ {
+ /* value is in node */
+ int prev_len = node->value_len;
+ node->value_len += len;
+ node->value = malloc (node->value_len);
+ if (node->value == NULL)
+ {
+ node->value_len = 0;
+ return NULL;
+ }
+
+ if (prev_len > 0)
+ memcpy (node->value, node->small_value, prev_len);
+
+ memcpy (&node->value[prev_len], value, len);
+
+ return node;
+ }
+ else /* if (node->value != NULL && node->value != node->small_value) */
+ {
+ /* value is allocated */
+ int prev_len = node->value_len;
+ node->value_len += len;
+
+ node->value = _asn1_realloc (node->value, node->value_len);
+ if (node->value == NULL)
+ {
+ node->value_len = 0;
+ return NULL;
+ }
+
+ memcpy (&node->value[prev_len], value, len);
+
+ return node;
+ }
+}
+
+/******************************************************************/
+/* Function : _asn1_set_name */
+/* Description: sets the field NAME in a NODE_ASN element. The */
+/* previous value (if exist) will be lost */
+/* Parameters: */
+/* node: element pointer. */
+/* name: a null terminated string with the name that you want */
+/* to set. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+asn1_node
+_asn1_set_name (asn1_node node, const char *name)
+{
+ if (node == NULL)
+ return node;
+
+ _asn1_str_cpy (node->name, sizeof (node->name), name ? name : "");
+ node->name_hash = _asn1_hash_name (node->name);
+
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_cpy_name */
+/* Description: copies the field NAME in a NODE_ASN element. */
+/* Parameters: */
+/* dst: a dest element pointer. */
+/* src: a source element pointer. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+asn1_node
+_asn1_cpy_name (asn1_node dst, asn1_node_const src)
+{
+ if (dst == NULL)
+ return dst;
+
+ if (src == NULL)
+ {
+ dst->name[0] = 0;
+ dst->name_hash = _asn1_hash_name (dst->name);
+ return dst;
+ }
+
+ _asn1_str_cpy (dst->name, sizeof (dst->name), src->name);
+ dst->name_hash = src->name_hash;
+
+ return dst;
+}
+
+/******************************************************************/
+/* Function : _asn1_set_right */
+/* Description: sets the field RIGHT in a NODE_ASN element. */
+/* Parameters: */
+/* node: element pointer. */
+/* right: pointer to a NODE_ASN element that you want be pointed*/
+/* by NODE. */
+/* Return: pointer to *NODE. */
+/******************************************************************/
+asn1_node
+_asn1_set_right (asn1_node node, asn1_node right)
+{
+ if (node == NULL)
+ return node;
+ node->right = right;
+ if (right)
+ right->left = node;
+ return node;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_get_last_right */
+/* Description: return the last element along the right chain. */
+/* Parameters: */
+/* node: starting element pointer. */
+/* Return: pointer to the last element along the right chain. */
+/******************************************************************/
+asn1_node
+_asn1_get_last_right (asn1_node_const node)
+{
+ asn1_node_const p;
+
+ if (node == NULL)
+ return NULL;
+ p = node;
+ while (p->right)
+ p = p->right;
+ return (asn1_node) p;
+}
+
+/******************************************************************/
+/* Function : _asn1_remove_node */
+/* Description: gets free the memory allocated for an NODE_ASN */
+/* element (not the elements pointed by it). */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* flags: ASN1_DELETE_FLAG_* */
+/******************************************************************/
+void
+_asn1_remove_node (asn1_node node, unsigned int flags)
+{
+ if (node == NULL)
+ return;
+
+ if (node->value != NULL)
+ {
+ if (flags & ASN1_DELETE_FLAG_ZEROIZE)
+ {
+ safe_memset(node->value, 0, node->value_len);
+ }
+
+ if (node->value != node->small_value)
+ free (node->value);
+ }
+ free (node);
+}
+
+/******************************************************************/
+/* Function : _asn1_find_up */
+/* Description: return the father of the NODE_ASN element. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: Null if not found. */
+/******************************************************************/
+asn1_node
+_asn1_find_up (asn1_node_const node)
+{
+ asn1_node_const p;
+
+ if (node == NULL)
+ return NULL;
+
+ p = node;
+
+ while ((p->left != NULL) && (p->left->right == p))
+ p = p->left;
+
+ return p->left;
+}
+
+static
+unsigned _asn1_is_up (asn1_node_const up_cand, asn1_node_const down)
+{
+ asn1_node_const d, u;
+
+ if (up_cand == NULL || down == NULL)
+ return 0;
+
+ d = down;
+
+ while ((u = _asn1_find_up(d)) != NULL && u != d)
+ {
+ if (u == up_cand)
+ return 1;
+ d = u;
+ }
+
+ return 0;
+}
+
+/******************************************************************/
+/* Function : _asn1_delete_node_from_list */
+/* Description: deletes the list element given */
+/******************************************************************/
+void
+_asn1_delete_node_from_list (list_type *list, asn1_node node)
+{
+ list_type *p = list;
+
+ while (p)
+ {
+ if (p->node == node)
+ p->node = NULL;
+ p = p->next;
+ }
+}
+
+/******************************************************************/
+/* Function : _asn1_delete_list */
+/* Description: deletes the list elements (not the elements */
+/* pointed by them). */
+/******************************************************************/
+void
+_asn1_delete_list (list_type *e_list)
+{
+ list_type *p;
+
+ while (e_list)
+ {
+ p = e_list;
+ e_list = e_list->next;
+ free (p);
+ }
+}
+
+/******************************************************************/
+/* Function : _asn1_delete_list_and nodes */
+/* Description: deletes the list elements and the elements */
+/* pointed by them. */
+/******************************************************************/
+void
+_asn1_delete_list_and_nodes (list_type *e_list)
+{
+ list_type *p;
+
+ while (e_list)
+ {
+ p = e_list;
+ e_list = e_list->next;
+ _asn1_remove_node (p->node, 0);
+ free (p);
+ }
+}
+
+
+char *
+_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE])
+{
+ uint64_t d, r;
+ char temp[LTOSTR_MAX_SIZE];
+ int count, k, start;
+ uint64_t val;
+
+ if (v < 0)
+ {
+ str[0] = '-';
+ start = 1;
+ val = -((uint64_t)v);
+ }
+ else
+ {
+ val = v;
+ start = 0;
+ }
+
+ count = 0;
+ do
+ {
+ d = grub_divmod64(val, 10, NULL);
+ r = val - d * 10;
+ temp[start + count] = '0' + (char) r;
+ count++;
+ val = d;
+ }
+ while (val && ((start+count) < LTOSTR_MAX_SIZE-1));
+
+ for (k = 0; k < count; k++)
+ str[k + start] = temp[start + count - k - 1];
+ str[count + start] = 0;
+ return str;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_change_integer_value */
+/* Description: converts into DER coding the value assign to an */
+/* INTEGER constant. */
+/* Parameters: */
+/* node: root of an ASN1element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+int
+_asn1_change_integer_value (asn1_node node)
+{
+ asn1_node p;
+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
+ unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1];
+ int len;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p)
+ {
+ if ((type_field (p->type) == ASN1_ETYPE_INTEGER)
+ && (p->type & CONST_ASSIGN))
+ {
+ if (p->value)
+ {
+ _asn1_convert_integer (p->value, val, sizeof (val), &len);
+ asn1_octet_der (val, len, val2, &len);
+ _asn1_set_value (p, val2, len);
+ }
+ }
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else
+ {
+ if (p == node)
+ p = NULL;
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == node)
+ {
+ p = NULL;
+ break;
+ }
+ if (p && p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ return ASN1_SUCCESS;
+}
+
+#define MAX_CONSTANTS 1024
+/******************************************************************/
+/* Function : _asn1_expand_object_id */
+/* Description: expand the IDs of an OBJECT IDENTIFIER constant. */
+/* Parameters: */
+/* list: root of an object list */
+/* node: root of an ASN1 element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+int
+_asn1_expand_object_id (list_type **list, asn1_node node)
+{
+ asn1_node p, p2, p3, p4, p5;
+ char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1];
+ int move, tlen, tries;
+ unsigned max_constants;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ _asn1_str_cpy (name_root, sizeof (name_root), node->name);
+
+ p = node;
+ move = DOWN;
+ tries = 0;
+
+ while (!((p == node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID)
+ && (p->type & CONST_ASSIGN))
+ {
+ p2 = p->down;
+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT))
+ {
+ if (p2->value && !c_isdigit (p2->value[0]))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), name_root);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+ p3 = asn1_find_node (node, name2);
+ if (!p3 || _asn1_is_up(p2, p3) ||
+ (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
+ !(p3->type & CONST_ASSIGN))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ _asn1_set_down (p, p2->right);
+ if (p2->down)
+ _asn1_delete_structure (*list, &p2->down, 0);
+ _asn1_delete_node_from_list(*list, p2);
+ _asn1_remove_node (p2, 0);
+ p2 = p;
+ p4 = p3->down;
+ max_constants = 0;
+ while (p4)
+ {
+ if (type_field (p4->type) == ASN1_ETYPE_CONSTANT)
+ {
+ max_constants++;
+ if (max_constants == MAX_CONSTANTS)
+ return ASN1_RECURSION;
+
+ p5 =
+ _asn1_add_single_node (ASN1_ETYPE_CONSTANT);
+ _asn1_set_name (p5, p4->name);
+ if (p4->value)
+ {
+ tlen = _asn1_strlen (p4->value);
+ if (tlen > 0)
+ _asn1_set_value (p5, p4->value, tlen + 1);
+ }
+ _asn1_add_static_node2(list, p5);
+
+ if (p2 == p)
+ {
+ _asn1_set_right (p5, p->down);
+ _asn1_set_down (p, p5);
+ }
+ else
+ {
+ _asn1_set_right (p5, p2->right);
+ _asn1_set_right (p2, p5);
+ }
+ p2 = p5;
+ }
+ p4 = p4->right;
+ }
+ move = DOWN;
+
+ tries++;
+ if (tries >= EXPAND_OBJECT_ID_MAX_RECURSION)
+ return ASN1_RECURSION;
+
+ continue;
+ }
+ }
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ tries = 0;
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p && p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ /*******************************/
+ /* expand DEFAULT */
+ /*******************************/
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_DEFAULT))
+ {
+ p2 = p->down;
+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), name_root);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ if (p2->value)
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+ p3 = asn1_find_node (node, name2);
+ if (!p3 || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID)
+ || !(p3->type & CONST_ASSIGN))
+ return ASN1_ELEMENT_NOT_FOUND;
+ p4 = p3->down;
+ name2[0] = 0;
+ while (p4)
+ {
+ if (type_field (p4->type) == ASN1_ETYPE_CONSTANT)
+ {
+ if (p4->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+ if (name2[0])
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2),
+ (char *) p4->value);
+ }
+ p4 = p4->right;
+ }
+ tlen = strlen (name2);
+ if (tlen > 0)
+ _asn1_set_value (p2, name2, tlen + 1);
+ }
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p && p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_type_set_config */
+/* Description: sets the CONST_SET and CONST_NOT_USED properties */
+/* in the fields of the SET elements. */
+/* Parameters: */
+/* node: root of an ASN1 element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+int
+_asn1_type_set_config (asn1_node node)
+{
+ asn1_node p, p2;
+ int move;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if (type_field (p->type) == ASN1_ETYPE_SET)
+ {
+ p2 = p->down;
+ while (p2)
+ {
+ if (type_field (p2->type) != ASN1_ETYPE_TAG)
+ p2->type |= CONST_SET | CONST_NOT_USED;
+ p2 = p2->right;
+ }
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p && p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_check_identifier */
+/* Description: checks the definitions of all the identifiers */
+/* and the first element of an OBJECT_ID (e.g. {pkix 0 4}). */
+/* The _asn1_identifierMissing global variable is filled if */
+/* necessary. */
+/* Parameters: */
+/* node: root of an ASN1 element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
+/* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+int
+_asn1_check_identifier (asn1_node_const node)
+{
+ asn1_node_const p, p2;
+ char name2[ASN1_MAX_NAME_SIZE * 2 + 2];
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p)
+ {
+ if (p->value && type_field (p->type) == ASN1_ETYPE_IDENTIFIER)
+ {
+ _asn1_str_cpy (name2, sizeof (name2), node->name);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), (char *) p->value);
+ p2 = asn1_find_node (node, name2);
+ if (p2 == NULL)
+ {
+ if (p->value)
+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
+ else
+ _asn1_strcpy (_asn1_identifierMissing, "(null)");
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ }
+ }
+ else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_DEFAULT))
+ {
+ p2 = p->down;
+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), node->name);
+ if (p2->value)
+ {
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
+ }
+ else
+ _asn1_strcpy (_asn1_identifierMissing, "(null)");
+
+ p2 = asn1_find_node (node, name2);
+ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
+ !(p2->type & CONST_ASSIGN))
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ else
+ _asn1_identifierMissing[0] = 0;
+ }
+ }
+ else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_ASSIGN))
+ {
+ p2 = p->down;
+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT))
+ {
+ if (p2->value && !c_isdigit (p2->value[0]))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), node->name);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
+
+ p2 = asn1_find_node (node, name2);
+ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
+ || !(p2->type & CONST_ASSIGN))
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ else
+ _asn1_identifierMissing[0] = 0;
+ }
+ }
+ }
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (p)
+ {
+ p = _asn1_find_up (p);
+ if (p == node)
+ {
+ p = NULL;
+ break;
+ }
+ if (p && p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_set_default_tag */
+/* Description: sets the default IMPLICIT or EXPLICIT property in */
+/* the tagged elements that don't have this declaration. */
+/* Parameters: */
+/* node: pointer to a DEFINITIONS element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL or not a pointer to */
+/* a DEFINITIONS element, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+int
+_asn1_set_default_tag (asn1_node node)
+{
+ asn1_node p;
+
+ if ((node == NULL) || (type_field (node->type) != ASN1_ETYPE_DEFINITIONS))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p)
+ {
+ if ((type_field (p->type) == ASN1_ETYPE_TAG) &&
+ !(p->type & CONST_EXPLICIT) && !(p->type & CONST_IMPLICIT))
+ {
+ if (node->type & CONST_EXPLICIT)
+ p->type |= CONST_EXPLICIT;
+ else
+ p->type |= CONST_IMPLICIT;
+ }
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == node)
+ {
+ p = NULL;
+ break;
+ }
+ if (p && p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+
+ return ASN1_SUCCESS;
+}
diff --git a/grub-core/lib/libtasn1/lib/parser_aux.h b/grub-core/lib/libtasn1/lib/parser_aux.h
new file mode 100644
index 0000000000..598e684b35
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/parser_aux.h
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2000-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#ifndef _PARSER_AUX_H
+#define _PARSER_AUX_H
+
+/***********************************************/
+/* Type: list_type */
+/* Description: type used in the list during */
+/* the structure creation. */
+/***********************************************/
+typedef struct list_struct
+{
+ asn1_node node;
+ struct list_struct *next;
+} list_type;
+
+/***************************************/
+/* Functions used by ASN.1 parser */
+/***************************************/
+asn1_node _asn1_add_static_node (list_type **e_list, unsigned int type);
+
+void _asn1_delete_list (list_type *e_list);
+
+void _asn1_delete_list_and_nodes (list_type *e_list);
+
+void _asn1_delete_node_from_list (list_type *list, asn1_node node);
+
+asn1_node
+_asn1_set_value (asn1_node node, const void *value, unsigned int len);
+
+asn1_node _asn1_set_value_m (asn1_node node, void *value, unsigned int len);
+
+asn1_node
+_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len);
+
+asn1_node
+_asn1_append_value (asn1_node node, const void *value, unsigned int len);
+
+asn1_node _asn1_set_name (asn1_node node, const char *name);
+
+asn1_node _asn1_cpy_name (asn1_node dst, asn1_node_const src);
+
+asn1_node _asn1_set_right (asn1_node node, asn1_node right);
+
+asn1_node _asn1_get_last_right (asn1_node_const node);
+
+void _asn1_remove_node (asn1_node node, unsigned int flags);
+
+/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */
+#define LTOSTR_MAX_SIZE 22
+char *_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]);
+
+asn1_node _asn1_find_up (asn1_node_const node);
+
+int _asn1_change_integer_value (asn1_node node);
+
+#define EXPAND_OBJECT_ID_MAX_RECURSION 16
+int _asn1_expand_object_id (list_type **list, asn1_node node);
+
+int _asn1_type_set_config (asn1_node node);
+
+int _asn1_check_identifier (asn1_node_const node);
+
+int _asn1_set_default_tag (asn1_node node);
+
+/******************************************************************/
+/* Function : _asn1_get_right */
+/* Description: returns the element pointed by the RIGHT field of */
+/* a NODE_ASN element. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: field RIGHT of NODE. */
+/******************************************************************/
+inline static asn1_node
+_asn1_get_right (asn1_node_const node)
+{
+ if (node == NULL)
+ return NULL;
+ return node->right;
+}
+
+/******************************************************************/
+/* Function : _asn1_set_down */
+/* Description: sets the field DOWN in a NODE_ASN element. */
+/* Parameters: */
+/* node: element pointer. */
+/* down: pointer to a NODE_ASN element that you want be pointed */
+/* by NODE. */
+/* Return: pointer to *NODE. */
+/******************************************************************/
+inline static asn1_node
+_asn1_set_down (asn1_node node, asn1_node down)
+{
+ if (node == NULL)
+ return node;
+ node->down = down;
+ if (down)
+ down->left = node;
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_get_down */
+/* Description: returns the element pointed by the DOWN field of */
+/* a NODE_ASN element. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: field DOWN of NODE. */
+/******************************************************************/
+inline static asn1_node
+_asn1_get_down (asn1_node_const node)
+{
+ if (node == NULL)
+ return NULL;
+ return node->down;
+}
+
+/******************************************************************/
+/* Function : _asn1_get_name */
+/* Description: returns the name of a NODE_ASN element. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: a null terminated string. */
+/******************************************************************/
+inline static char *
+_asn1_get_name (asn1_node_const node)
+{
+ if (node == NULL)
+ return NULL;
+ return (char *) node->name;
+}
+
+/******************************************************************/
+/* Function : _asn1_mod_type */
+/* Description: change the field TYPE of an NODE_ASN element. */
+/* The new value is the old one | (bitwise or) the */
+/* paramener VALUE. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* value: the integer value that must be or-ed with the current */
+/* value of field TYPE. */
+/* Return: NODE pointer. */
+/******************************************************************/
+inline static asn1_node
+_asn1_mod_type (asn1_node node, unsigned int value)
+{
+ if (node == NULL)
+ return node;
+ node->type |= value;
+ return node;
+}
+
+#endif
diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c
new file mode 100644
index 0000000000..fcfde01a39
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/structure.c
@@ -0,0 +1,1222 @@
+/*
+ * Copyright (C) 2002-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+
+/*****************************************************/
+/* File: structure.c */
+/* Description: Functions to create and delete an */
+/* ASN1 tree. */
+/*****************************************************/
+
+
+#include
+#include
+#include "parser_aux.h"
+#include
+
+
+extern char _asn1_identifierMissing[];
+
+
+/******************************************************/
+/* Function : _asn1_add_single_node */
+/* Description: creates a new NODE_ASN element. */
+/* Parameters: */
+/* type: type of the new element (see ASN1_ETYPE_ */
+/* and CONST_ constants). */
+/* Return: pointer to the new element. */
+/******************************************************/
+asn1_node
+_asn1_add_single_node (unsigned int type)
+{
+ asn1_node punt;
+
+ punt = calloc (1, sizeof (struct asn1_node_st));
+ if (punt == NULL)
+ return NULL;
+
+ punt->type = type;
+
+ return punt;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_find_left */
+/* Description: returns the NODE_ASN element with RIGHT field that*/
+/* points the element NODE. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: NULL if not found. */
+/******************************************************************/
+asn1_node
+_asn1_find_left (asn1_node_const node)
+{
+ if ((node == NULL) || (node->left == NULL) || (node->left->down == node))
+ return NULL;
+
+ return node->left;
+}
+
+#if 0
+int
+_asn1_create_static_structure (asn1_node_const pointer, char *output_file_name,
+ char *vector_name)
+{
+ FILE *file;
+ asn1_node_const p;
+ unsigned long t;
+
+ file = fopen (output_file_name, "w");
+
+ if (file == NULL)
+ return ASN1_FILE_NOT_FOUND;
+
+ fprintf (file, "#if HAVE_CONFIG_H\n");
+ fprintf (file, "# include \"config.h\"\n");
+ fprintf (file, "#endif\n\n");
+
+ fprintf (file, "#include \n\n");
+
+ fprintf (file, "const asn1_static_node %s[] = {\n", vector_name);
+
+ p = pointer;
+
+ while (p)
+ {
+ fprintf (file, " { ");
+
+ if (p->name[0] != 0)
+ fprintf (file, "\"%s\", ", p->name);
+ else
+ fprintf (file, "NULL, ");
+
+ t = p->type;
+ if (p->down)
+ t |= CONST_DOWN;
+ if (p->right)
+ t |= CONST_RIGHT;
+
+ fprintf (file, "%lu, ", t);
+
+ if (p->value)
+ fprintf (file, "\"%s\"},\n", p->value);
+ else
+ fprintf (file, "NULL },\n");
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else if (p->right)
+ {
+ p = p->right;
+ }
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == pointer)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+
+ fprintf (file, " { NULL, 0, NULL }\n};\n");
+
+ fclose (file);
+
+ return ASN1_SUCCESS;
+}
+#endif
+
+/**
+ * asn1_array2tree:
+ * @array: specify the array that contains ASN.1 declarations
+ * @definitions: return the pointer to the structure created by
+ * *ARRAY ASN.1 declarations
+ * @errorDescription: return the error description.
+ *
+ * Creates the structures needed to manage the ASN.1 definitions.
+ * @array is a vector created by asn1_parser2array().
+ *
+ * Returns: %ASN1_SUCCESS if structure was created correctly,
+ * %ASN1_ELEMENT_NOT_EMPTY if *@definitions not NULL,
+ * %ASN1_IDENTIFIER_NOT_FOUND if in the file there is an identifier
+ * that is not defined (see @errorDescription for more information),
+ * %ASN1_ARRAY_ERROR if the array pointed by @array is wrong.
+ **/
+int
+asn1_array2tree (const asn1_static_node * array, asn1_node * definitions,
+ char *errorDescription)
+{
+ asn1_node p, p_last = NULL;
+ unsigned long k;
+ int move;
+ int result;
+ unsigned int type;
+ list_type *e_list = NULL;
+
+ if (errorDescription)
+ errorDescription[0] = 0;
+
+ if (*definitions != NULL)
+ return ASN1_ELEMENT_NOT_EMPTY;
+
+ move = UP;
+
+ for (k = 0; array[k].value || array[k].type || array[k].name; k++)
+ {
+ type = convert_old_type (array[k].type);
+
+ p = _asn1_add_static_node (&e_list, type & (~CONST_DOWN));
+ if (array[k].name)
+ _asn1_set_name (p, array[k].name);
+ if (array[k].value)
+ _asn1_set_value (p, array[k].value, strlen (array[k].value) + 1);
+
+ if (*definitions == NULL)
+ *definitions = p;
+
+ if (move == DOWN)
+ {
+ if (p_last && p_last->down)
+ _asn1_delete_structure (e_list, &p_last->down, 0);
+ _asn1_set_down (p_last, p);
+ }
+ else if (move == RIGHT)
+ {
+ if (p_last && p_last->right)
+ _asn1_delete_structure (e_list, &p_last->right, 0);
+ _asn1_set_right (p_last, p);
+ }
+
+ p_last = p;
+
+ if (type & CONST_DOWN)
+ move = DOWN;
+ else if (type & CONST_RIGHT)
+ move = RIGHT;
+ else
+ {
+ while (p_last != *definitions)
+ {
+ p_last = _asn1_find_up (p_last);
+
+ if (p_last == NULL)
+ break;
+
+ if (p_last->type & CONST_RIGHT)
+ {
+ p_last->type &= ~CONST_RIGHT;
+ move = RIGHT;
+ break;
+ }
+ } /* while */
+ }
+ } /* while */
+
+ if (p_last == *definitions)
+ {
+ result = _asn1_check_identifier (*definitions);
+ if (result == ASN1_SUCCESS)
+ {
+ _asn1_change_integer_value (*definitions);
+ result = _asn1_expand_object_id (&e_list, *definitions);
+ }
+ }
+ else
+ {
+ result = ASN1_ARRAY_ERROR;
+ }
+
+ if (errorDescription != NULL)
+ {
+ if (result == ASN1_IDENTIFIER_NOT_FOUND)
+ {
+ Estrcpy (errorDescription, ":: identifier '");
+ Estrcat (errorDescription, _asn1_identifierMissing);
+ Estrcat (errorDescription, "' not found");
+ }
+ else
+ errorDescription[0] = 0;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ _asn1_delete_list_and_nodes (e_list);
+ *definitions = NULL;
+ }
+ else
+ _asn1_delete_list (e_list);
+
+ return result;
+}
+
+/**
+ * asn1_delete_structure:
+ * @structure: pointer to the structure that you want to delete.
+ *
+ * Deletes the structure *@structure. At the end, *@structure is set
+ * to NULL.
+ *
+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
+ * *@structure was NULL.
+ **/
+int
+asn1_delete_structure (asn1_node * structure)
+{
+ return _asn1_delete_structure (NULL, structure, 0);
+}
+
+/**
+ * asn1_delete_structure2:
+ * @structure: pointer to the structure that you want to delete.
+ * @flags: additional flags (see %ASN1_DELETE_FLAG)
+ *
+ * Deletes the structure *@structure. At the end, *@structure is set
+ * to NULL.
+ *
+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
+ * *@structure was NULL.
+ **/
+int
+asn1_delete_structure2 (asn1_node * structure, unsigned int flags)
+{
+ return _asn1_delete_structure (NULL, structure, flags);
+}
+
+int
+_asn1_delete_structure (list_type *e_list, asn1_node * structure, unsigned int flags)
+{
+ asn1_node p, p2, p3;
+
+ if (*structure == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = *structure;
+ while (p)
+ {
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else
+ { /* no down */
+ p2 = p->right;
+ if (p != *structure)
+ {
+ p3 = _asn1_find_up (p);
+ _asn1_set_down (p3, p2);
+ if (e_list)
+ _asn1_delete_node_from_list (e_list, p);
+ _asn1_remove_node (p, flags);
+ p = p3;
+ }
+ else
+ { /* p==root */
+ p3 = _asn1_find_left (p);
+ if (!p3)
+ {
+ p3 = _asn1_find_up (p);
+ if (p3)
+ _asn1_set_down (p3, p2);
+ else
+ {
+ if (p->right)
+ p->right->left = NULL;
+ }
+ }
+ else
+ _asn1_set_right (p3, p2);
+ if (e_list)
+ _asn1_delete_node_from_list (e_list, p);
+ _asn1_remove_node (p, flags);
+ p = NULL;
+ }
+ }
+ }
+
+ *structure = NULL;
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_delete_element:
+ * @structure: pointer to the structure that contains the element you
+ * want to delete.
+ * @element_name: element's name you want to delete.
+ *
+ * Deletes the element named *@element_name inside *@structure.
+ *
+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
+ * the @element_name was not found.
+ **/
+int
+asn1_delete_element (asn1_node structure, const char *element_name)
+{
+ asn1_node p2, p3, source_node;
+
+ source_node = asn1_find_node (structure, element_name);
+
+ if (source_node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p2 = source_node->right;
+ p3 = _asn1_find_left (source_node);
+ if (!p3)
+ {
+ p3 = _asn1_find_up (source_node);
+ if (p3)
+ _asn1_set_down (p3, p2);
+ else if (source_node->right)
+ source_node->right->left = NULL;
+ }
+ else
+ _asn1_set_right (p3, p2);
+
+ return asn1_delete_structure (&source_node);
+}
+
+#ifndef __clang_analyzer__
+asn1_node
+_asn1_copy_structure3 (asn1_node_const source_node)
+{
+ asn1_node_const p_s;
+ asn1_node dest_node, p_d, p_d_prev;
+ int move;
+
+ if (source_node == NULL)
+ return NULL;
+
+ dest_node = _asn1_add_single_node (source_node->type);
+
+ p_s = source_node;
+ p_d = dest_node;
+
+ move = DOWN;
+
+ do
+ {
+ if (move != UP)
+ {
+ if (p_s->name[0] != 0)
+ _asn1_cpy_name (p_d, p_s);
+ if (p_s->value)
+ _asn1_set_value (p_d, p_s->value, p_s->value_len);
+ if (p_s->down)
+ {
+ p_s = p_s->down;
+ p_d_prev = p_d;
+ p_d = _asn1_add_single_node (p_s->type);
+ _asn1_set_down (p_d_prev, p_d);
+ continue;
+ }
+ p_d->start = p_s->start;
+ p_d->end = p_s->end;
+ }
+
+ if (p_s == source_node)
+ break;
+
+ if (p_s->right)
+ {
+ move = RIGHT;
+ p_s = p_s->right;
+ p_d_prev = p_d;
+ p_d = _asn1_add_single_node (p_s->type);
+ _asn1_set_right (p_d_prev, p_d);
+ }
+ else
+ {
+ move = UP;
+ p_s = _asn1_find_up (p_s);
+ p_d = _asn1_find_up (p_d);
+ }
+ }
+ while (p_s != source_node);
+ return dest_node;
+}
+#else
+
+/* Non-production code */
+asn1_node
+_asn1_copy_structure3 (asn1_node_const source_node)
+{
+ return NULL;
+}
+#endif /* __clang_analyzer__ */
+
+
+static asn1_node
+_asn1_copy_structure2 (asn1_node_const root, const char *source_name)
+{
+ asn1_node source_node;
+
+ source_node = asn1_find_node (root, source_name);
+
+ return _asn1_copy_structure3 (source_node);
+
+}
+
+
+static int
+_asn1_type_choice_config (asn1_node node)
+{
+ asn1_node p, p2, p3, p4;
+ int move, tlen;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if ((type_field (p->type) == ASN1_ETYPE_CHOICE)
+ && (p->type & CONST_TAG))
+ {
+ p2 = p->down;
+ while (p2)
+ {
+ if (type_field (p2->type) != ASN1_ETYPE_TAG)
+ {
+ p2->type |= CONST_TAG;
+ p3 = _asn1_find_left (p2);
+ while (p3)
+ {
+ if (type_field (p3->type) == ASN1_ETYPE_TAG)
+ {
+ p4 = _asn1_add_single_node (p3->type);
+ tlen = _asn1_strlen (p3->value);
+ if (tlen > 0)
+ _asn1_set_value (p4, p3->value, tlen + 1);
+ _asn1_set_right (p4, p2->down);
+ _asn1_set_down (p2, p4);
+ }
+ p3 = _asn1_find_left (p3);
+ }
+ }
+ p2 = p2->right;
+ }
+ p->type &= ~(CONST_TAG);
+ p2 = p->down;
+ while (p2)
+ {
+ p3 = p2->right;
+ if (type_field (p2->type) == ASN1_ETYPE_TAG)
+ asn1_delete_structure (&p2);
+ p2 = p3;
+ }
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+static int
+_asn1_expand_identifier (asn1_node * node, asn1_node_const root)
+{
+ asn1_node p, p2, p3;
+ char name2[ASN1_MAX_NAME_SIZE + 2];
+ int move;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = *node;
+ move = DOWN;
+
+ while (!((p == *node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if (type_field (p->type) == ASN1_ETYPE_IDENTIFIER)
+ {
+ snprintf (name2, sizeof (name2), "%s.%s", root->name, p->value);
+ p2 = _asn1_copy_structure2 (root, name2);
+ if (p2 == NULL)
+ {
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ }
+ _asn1_cpy_name (p2, p);
+ p2->right = p->right;
+ p2->left = p->left;
+ if (p->right)
+ p->right->left = p2;
+ p3 = p->down;
+ if (p3)
+ {
+ while (p3->right)
+ p3 = p3->right;
+ _asn1_set_right (p3, p2->down);
+ _asn1_set_down (p2, p->down);
+ }
+
+ p3 = _asn1_find_left (p);
+ if (p3)
+ _asn1_set_right (p3, p2);
+ else
+ {
+ p3 = _asn1_find_up (p);
+ if (p3)
+ _asn1_set_down (p3, p2);
+ else
+ {
+ p2->left = NULL;
+ }
+ }
+
+ if (p->type & CONST_SIZE)
+ p2->type |= CONST_SIZE;
+ if (p->type & CONST_TAG)
+ p2->type |= CONST_TAG;
+ if (p->type & CONST_OPTION)
+ p2->type |= CONST_OPTION;
+ if (p->type & CONST_DEFAULT)
+ p2->type |= CONST_DEFAULT;
+ if (p->type & CONST_SET)
+ p2->type |= CONST_SET;
+ if (p->type & CONST_NOT_USED)
+ p2->type |= CONST_NOT_USED;
+
+ if (p == *node)
+ *node = p2;
+ _asn1_remove_node (p, 0);
+ p = p2;
+ move = DOWN;
+ continue;
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == *node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_create_element:
+ * @definitions: pointer to the structure returned by "parser_asn1" function
+ * @source_name: the name of the type of the new structure (must be
+ * inside p_structure).
+ * @element: pointer to the structure created.
+ *
+ * Creates a structure of type @source_name. Example using
+ * "pkix.asn":
+ *
+ * rc = asn1_create_element(cert_def, "PKIX1.Certificate", certptr);
+ *
+ * Returns: %ASN1_SUCCESS if creation OK, %ASN1_ELEMENT_NOT_FOUND if
+ * @source_name is not known.
+ **/
+int
+asn1_create_element (asn1_node_const definitions, const char *source_name,
+ asn1_node * element)
+{
+ asn1_node dest_node;
+ int res;
+
+ dest_node = _asn1_copy_structure2 (definitions, source_name);
+
+ if (dest_node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ _asn1_set_name (dest_node, "");
+
+ res = _asn1_expand_identifier (&dest_node, definitions);
+ _asn1_type_choice_config (dest_node);
+
+ *element = dest_node;
+
+ return res;
+}
+
+#if 0
+/**
+ * asn1_print_structure:
+ * @out: pointer to the output file (e.g. stdout).
+ * @structure: pointer to the structure that you want to visit.
+ * @name: an element of the structure
+ * @mode: specify how much of the structure to print, can be
+ * %ASN1_PRINT_NAME, %ASN1_PRINT_NAME_TYPE,
+ * %ASN1_PRINT_NAME_TYPE_VALUE, or %ASN1_PRINT_ALL.
+ *
+ * Prints on the @out file descriptor the structure's tree starting
+ * from the @name element inside the structure @structure.
+ **/
+void
+asn1_print_structure (FILE * out, asn1_node_const structure, const char *name,
+ int mode)
+{
+ asn1_node_const p, root;
+ int k, indent = 0, len, len2, len3;
+
+ if (out == NULL)
+ return;
+
+ root = asn1_find_node (structure, name);
+
+ if (root == NULL)
+ return;
+
+ p = root;
+ while (p)
+ {
+ if (mode == ASN1_PRINT_ALL)
+ {
+ for (k = 0; k < indent; k++)
+ fprintf (out, " ");
+ fprintf (out, "name:");
+ if (p->name[0] != 0)
+ fprintf (out, "%s ", p->name);
+ else
+ fprintf (out, "NULL ");
+ }
+ else
+ {
+ switch (type_field (p->type))
+ {
+ case ASN1_ETYPE_CONSTANT:
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_SIZE:
+ break;
+ default:
+ for (k = 0; k < indent; k++)
+ fprintf (out, " ");
+ fprintf (out, "name:");
+ if (p->name[0] != 0)
+ fprintf (out, "%s ", p->name);
+ else
+ fprintf (out, "NULL ");
+ }
+ }
+
+ if (mode != ASN1_PRINT_NAME)
+ {
+ unsigned type = type_field (p->type);
+ switch (type)
+ {
+ case ASN1_ETYPE_CONSTANT:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf (out, "type:CONST");
+ break;
+ case ASN1_ETYPE_TAG:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf (out, "type:TAG");
+ break;
+ case ASN1_ETYPE_SIZE:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf (out, "type:SIZE");
+ break;
+ case ASN1_ETYPE_DEFAULT:
+ fprintf (out, "type:DEFAULT");
+ break;
+ case ASN1_ETYPE_IDENTIFIER:
+ fprintf (out, "type:IDENTIFIER");
+ break;
+ case ASN1_ETYPE_ANY:
+ fprintf (out, "type:ANY");
+ break;
+ case ASN1_ETYPE_CHOICE:
+ fprintf (out, "type:CHOICE");
+ break;
+ case ASN1_ETYPE_DEFINITIONS:
+ fprintf (out, "type:DEFINITIONS");
+ break;
+ CASE_HANDLED_ETYPES:
+ fprintf (out, "%s", _asn1_tags[type].desc);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if ((mode == ASN1_PRINT_NAME_TYPE_VALUE) || (mode == ASN1_PRINT_ALL))
+ {
+ switch (type_field (p->type))
+ {
+ case ASN1_ETYPE_CONSTANT:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case ASN1_ETYPE_TAG:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case ASN1_ETYPE_SIZE:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case ASN1_ETYPE_DEFAULT:
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ else if (p->type & CONST_TRUE)
+ fprintf (out, " value:TRUE");
+ else if (p->type & CONST_FALSE)
+ fprintf (out, " value:FALSE");
+ break;
+ case ASN1_ETYPE_IDENTIFIER:
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case ASN1_ETYPE_INTEGER:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ fprintf (out, " value:0x");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]);
+ }
+ break;
+ case ASN1_ETYPE_ENUMERATED:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ fprintf (out, " value:0x");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]);
+ }
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (p->value)
+ {
+ if (p->value[0] == 'T')
+ fprintf (out, " value:TRUE");
+ else if (p->value[0] == 'F')
+ fprintf (out, " value:FALSE");
+ }
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ if (len > 0)
+ {
+ fprintf (out, " value(%i):",
+ (len - 1) * 8 - (p->value[len2]));
+ for (k = 1; k < len; k++)
+ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]);
+ }
+ }
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if (p->value)
+ {
+ fprintf (out, " value:");
+ for (k = 0; k < p->value_len; k++)
+ fprintf (out, "%c", (p->value)[k]);
+ }
+ break;
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ fprintf (out, " value:");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf (out, "%c", (p->value)[k + len2]);
+ }
+ break;
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_OCTET_STRING:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ fprintf (out, " value:");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]);
+ }
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case ASN1_ETYPE_ANY:
+ if (p->value)
+ {
+ len3 = -1;
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ fprintf (out, " value:");
+ if (len2 > 0)
+ for (k = 0; k < len2; k++)
+ fprintf (out, "%02x", (unsigned) (p->value)[k + len3]);
+ }
+ break;
+ case ASN1_ETYPE_SET:
+ case ASN1_ETYPE_SET_OF:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_DEFINITIONS:
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_NULL:
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (mode == ASN1_PRINT_ALL)
+ {
+ if (p->type & 0x1FFFFF00)
+ {
+ fprintf (out, " attr:");
+ if (p->type & CONST_UNIVERSAL)
+ fprintf (out, "UNIVERSAL,");
+ if (p->type & CONST_PRIVATE)
+ fprintf (out, "PRIVATE,");
+ if (p->type & CONST_APPLICATION)
+ fprintf (out, "APPLICATION,");
+ if (p->type & CONST_EXPLICIT)
+ fprintf (out, "EXPLICIT,");
+ if (p->type & CONST_IMPLICIT)
+ fprintf (out, "IMPLICIT,");
+ if (p->type & CONST_TAG)
+ fprintf (out, "TAG,");
+ if (p->type & CONST_DEFAULT)
+ fprintf (out, "DEFAULT,");
+ if (p->type & CONST_TRUE)
+ fprintf (out, "TRUE,");
+ if (p->type & CONST_FALSE)
+ fprintf (out, "FALSE,");
+ if (p->type & CONST_LIST)
+ fprintf (out, "LIST,");
+ if (p->type & CONST_MIN_MAX)
+ fprintf (out, "MIN_MAX,");
+ if (p->type & CONST_OPTION)
+ fprintf (out, "OPTION,");
+ if (p->type & CONST_1_PARAM)
+ fprintf (out, "1_PARAM,");
+ if (p->type & CONST_SIZE)
+ fprintf (out, "SIZE,");
+ if (p->type & CONST_DEFINED_BY)
+ fprintf (out, "DEF_BY,");
+ if (p->type & CONST_GENERALIZED)
+ fprintf (out, "GENERALIZED,");
+ if (p->type & CONST_UTC)
+ fprintf (out, "UTC,");
+ if (p->type & CONST_SET)
+ fprintf (out, "SET,");
+ if (p->type & CONST_NOT_USED)
+ fprintf (out, "NOT_USED,");
+ if (p->type & CONST_ASSIGN)
+ fprintf (out, "ASSIGNMENT,");
+ }
+ }
+
+ if (mode == ASN1_PRINT_ALL)
+ {
+ fprintf (out, "\n");
+ }
+ else
+ {
+ switch (type_field (p->type))
+ {
+ case ASN1_ETYPE_CONSTANT:
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_SIZE:
+ break;
+ default:
+ fprintf (out, "\n");
+ }
+ }
+
+ if (p->down)
+ {
+ p = p->down;
+ indent += 2;
+ }
+ else if (p == root)
+ {
+ p = NULL;
+ break;
+ }
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == root)
+ {
+ p = NULL;
+ break;
+ }
+ indent -= 2;
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+}
+#endif
+
+
+/**
+ * asn1_number_of_elements:
+ * @element: pointer to the root of an ASN1 structure.
+ * @name: the name of a sub-structure of ROOT.
+ * @num: pointer to an integer where the result will be stored
+ *
+ * Counts the number of elements of a sub-structure called NAME with
+ * names equal to "?1","?2", ...
+ *
+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
+ * @name is not known, %ASN1_GENERIC_ERROR if pointer @num is %NULL.
+ **/
+int
+asn1_number_of_elements (asn1_node_const element, const char *name, int *num)
+{
+ asn1_node_const node, p;
+
+ if (num == NULL)
+ return ASN1_GENERIC_ERROR;
+
+ *num = 0;
+
+ node = asn1_find_node (element, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node->down;
+
+ while (p)
+ {
+ if (p->name[0] == '?')
+ (*num)++;
+ p = p->right;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_find_structure_from_oid:
+ * @definitions: ASN1 definitions
+ * @oidValue: value of the OID to search (e.g. "1.2.3.4").
+ *
+ * Search the structure that is defined just after an OID definition.
+ *
+ * Returns: %NULL when @oidValue not found, otherwise the pointer to a
+ * constant string that contains the element name defined just after
+ * the OID.
+ **/
+const char *
+asn1_find_structure_from_oid (asn1_node_const definitions, const char *oidValue)
+{
+ char name[2 * ASN1_MAX_NAME_SIZE + 2];
+ char value[ASN1_MAX_NAME_SIZE];
+ asn1_node p;
+ int len;
+ int result;
+ const char *definitionsName;
+
+ if ((definitions == NULL) || (oidValue == NULL))
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+
+ definitionsName = definitions->name;
+
+ /* search the OBJECT_ID into definitions */
+ p = definitions->down;
+ while (p)
+ {
+ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_ASSIGN))
+ {
+ snprintf(name, sizeof(name), "%s.%s", definitionsName, p->name);
+
+ len = ASN1_MAX_NAME_SIZE;
+ result = asn1_read_value (definitions, name, value, &len);
+
+ if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value)))
+ {
+ p = p->right;
+ if (p == NULL) /* reach the end of ASN1 definitions */
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+
+ return p->name;
+ }
+ }
+ p = p->right;
+ }
+
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+}
+
+#if 0
+/**
+ * asn1_copy_node:
+ * @dst: Destination asn1 node.
+ * @dst_name: Field name in destination node.
+ * @src: Source asn1 node.
+ * @src_name: Field name in source node.
+ *
+ * Create a deep copy of a asn1_node variable. That
+ * function requires @dst to be expanded using asn1_create_element().
+ *
+ * Returns: Return %ASN1_SUCCESS on success.
+ **/
+int
+asn1_copy_node (asn1_node dst, const char *dst_name,
+ asn1_node_const src, const char *src_name)
+{
+ int result;
+ asn1_node dst_node;
+ void *data = NULL;
+ int size = 0;
+
+ result = asn1_der_coding (src, src_name, NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR)
+ return result;
+
+ data = malloc (size);
+ if (data == NULL)
+ return ASN1_MEM_ERROR;
+
+ result = asn1_der_coding (src, src_name, data, &size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ free (data);
+ return result;
+ }
+
+ dst_node = asn1_find_node (dst, dst_name);
+ if (dst_node == NULL)
+ {
+ free (data);
+ return ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ result = asn1_der_decoding (&dst_node, data, size, NULL);
+
+ free (data);
+
+ return result;
+}
+#endif
+
+/**
+ * asn1_dup_node:
+ * @src: Source asn1 node.
+ * @src_name: Field name in source node.
+ *
+ * Create a deep copy of a asn1_node variable. This function
+ * will return an exact copy of the provided structure.
+ *
+ * Returns: Return %NULL on failure.
+ **/
+asn1_node
+asn1_dup_node (asn1_node_const src, const char *src_name)
+{
+ return _asn1_copy_structure2(src, src_name);
+}
diff --git a/grub-core/lib/libtasn1/lib/structure.h b/grub-core/lib/libtasn1/lib/structure.h
new file mode 100644
index 0000000000..99e685da07
--- /dev/null
+++ b/grub-core/lib/libtasn1/lib/structure.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2002-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+/*************************************************/
+/* File: structure.h */
+/* Description: list of exported object by */
+/* "structure.c" */
+/*************************************************/
+
+#ifndef _STRUCTURE_H
+#define _STRUCTURE_H
+
+#include "parser_aux.h" // list_type
+
+int _asn1_create_static_structure (asn1_node_const pointer,
+ char *output_file_name, char *vector_name);
+
+asn1_node _asn1_copy_structure3 (asn1_node_const source_node);
+
+asn1_node _asn1_add_single_node (unsigned int type);
+
+asn1_node _asn1_find_left (asn1_node_const node);
+
+int
+_asn1_delete_structure (list_type *e_list, asn1_node *structure, unsigned int flags);
+
+#endif
diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h
new file mode 100644
index 0000000000..1e7d3d64f5
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h
@@ -0,0 +1,32 @@
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include
+
+const asn1_static_node CVE_2018_1000654_1_asn1_tab[] = {
+ { "TEST_TREE", 536875024, NULL },
+ { NULL, 1610612748, NULL },
+ { "iso", 1073741825, "1"},
+ { "identified-organization", 1073741825, "3"},
+ { "dod", 1073741825, "6"},
+ { "internet", 1073741825, "1"},
+ { "security", 1073741825, "5"},
+ { "mechanisms", 1073741825, "5"},
+ { "pkix", 1073741825, "7"},
+ { "id-mod", 1073741825, "0"},
+ { "id-pkix1-implicit-88", 1, "2"},
+ { "id-xnyTest", 1879048204, NULL },
+ { NULL, 1073741825, "id-ix"},
+ { NULL, 1073741825, "29"},
+ { NULL, 1, "1"},
+ { "id-ix", 1880096780, "OBJECR"},
+ { NULL, 1073741825, "id-ix"},
+ { NULL, 1073741825, "29"},
+ { NULL, 1, "2"},
+ { "id-xnyTest", 805306380, NULL },
+ { NULL, 1073741825, "id-ix"},
+ { NULL, 1073741825, "29"},
+ { NULL, 1, "1"},
+ { NULL, 0, NULL }
+};
diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h
new file mode 100644
index 0000000000..e2561e5ec6
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h
@@ -0,0 +1,36 @@
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include
+
+const asn1_static_node CVE_2018_1000654_2_asn1_tab[] = {
+ { "TEST_TREE", 536875024, NULL },
+ { NULL, 1610612748, NULL },
+ { "iso", 1073741825, "1"},
+ { "identified-organization", 1073741825, "3"},
+ { "dod", 1073741825, "6"},
+ { "internet", 1073741825, "1"},
+ { "security", 1073741825, "5"},
+ { "mechanisms", 1073741825, "5"},
+ { "pkix", 1073741825, "7"},
+ { "id-mod", 1073741825, "0"},
+ { "id-pkix1-implicit-88", 1, "2"},
+ { "id-oneTest", 1879048204, NULL },
+ { NULL, 1073741825, "id-two"},
+ { NULL, 1073741825, "9"},
+ { NULL, 1, "1"},
+ { "id-two", 1879048204, NULL },
+ { NULL, 1073741825, "id-three"},
+ { NULL, 1073741825, "2"},
+ { NULL, 1, "2"},
+ { "id-three", 1879048204, NULL },
+ { NULL, 1073741825, "id-four"},
+ { NULL, 1073741825, "3"},
+ { NULL, 1, "3"},
+ { "id-four", 805306380, NULL },
+ { NULL, 1073741825, "id-two"},
+ { NULL, 1073741825, "3"},
+ { NULL, 1, "3"},
+ { NULL, 0, NULL }
+};
diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c
new file mode 100644
index 0000000000..534e304521
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2002-2018 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ */
+
+/****************************************************************/
+/* Description: reproducer for CVE-2018-1000654 */
+/****************************************************************/
+
+#include
+#include
+#include
+#include
+#include
+#include "../wrap_tests.h"
+
+#include "CVE-2018-1000654-1_asn1_tab.h"
+#include "CVE-2018-1000654-2_asn1_tab.h"
+
+void
+test_CVE_2018_1000654 (void)
+{
+ int result;
+ asn1_node definitions = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ result = asn1_array2tree (CVE_2018_1000654_1_asn1_tab, &definitions, errorDescription);
+ if (result != ASN1_RECURSION)
+ {
+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
+ asn1_strerror (result), errorDescription);
+ return;
+ }
+
+ asn1_delete_structure (&definitions);
+
+ result = asn1_array2tree (CVE_2018_1000654_2_asn1_tab, &definitions, errorDescription);
+ if (result != ASN1_RECURSION)
+ {
+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
+ asn1_strerror (result), errorDescription);
+ return;
+ }
+
+ asn1_delete_structure (&definitions);
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c
new file mode 100644
index 0000000000..f48aea0ef8
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2012-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ */
+
+/* Written by Simon Josefsson */
+
+#include
+#include
+#include
+#include
+#include
+#include "../wrap_tests.h"
+
+void
+test_overflow(void)
+{
+ /* Test that values larger than long are rejected. This has worked
+ fine with all versions of libtasn1. */
+
+ {
+ unsigned char der[] = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF";
+ long l;
+ int len;
+
+ l = asn1_get_length_der (der, sizeof der, &len);
+
+ if (l != -2L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der bignum (l %ld len %d)\n", l, len);
+ return;
+ }
+ }
+
+ /* Test that values larger than int but smaller than long are
+ rejected. This limitation was introduced with libtasn1 2.12. */
+#if (GRUB_LONG_MAX > GRUB_INT_MAX)
+ {
+ unsigned long num = ((long) GRUB_UINT_MAX) << 2;
+ unsigned char der[20];
+ int der_len;
+ long l;
+ int len;
+
+ asn1_length_der (num, der, &der_len);
+
+ l = asn1_get_length_der (der, der_len, &len);
+
+ if (l != -2L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der intnum (l %ld len %d)\n", l,
+ len);
+ return;
+ }
+ }
+#endif
+
+ /* Test that values larger than would fit in the input string are
+ rejected. This problem was fixed in libtasn1 2.12. */
+ {
+ unsigned long num = 64;
+ unsigned char der[20];
+ int der_len;
+ long l;
+ int len;
+
+ asn1_length_der (num, der, &der_len);
+
+ der_len = sizeof (der);
+ l = asn1_get_length_der (der, der_len, &len);
+
+ if (l != -4L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der overflow-small (l %ld len %d)\n",
+ l, len);
+ return;
+ }
+ }
+
+ /* Test that values larger than would fit in the input string are
+ rejected. This problem was fixed in libtasn1 2.12. */
+ {
+ unsigned long num = 1073741824;
+ unsigned char der[20];
+ int der_len;
+ long l;
+ int len;
+
+ asn1_length_der (num, der, &der_len);
+
+ der_len = sizeof (der);
+ l = asn1_get_length_der (der, der_len, &len);
+
+ if (l != -4L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der overflow-large1 (l %ld len %d)\n",
+ l, len);
+ return;
+ }
+ }
+
+ /* Test that values larger than would fit in the input string are
+ rejected. This problem was fixed in libtasn1 2.12. */
+ {
+ unsigned long num = 2147483649;
+ unsigned char der[20];
+ int der_len;
+ long l;
+ int len;
+
+ asn1_length_der (num, der, &der_len);
+
+ der_len = sizeof (der);
+ l = asn1_get_length_der (der, der_len, &len);
+
+ if (l != -2L)
+ {
+ grub_fatal ("ERROR: asn1_get_length_der overflow-large2 (l %ld len %d)\n",
+ l, len);
+ return;
+ }
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_simple.c b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c
new file mode 100644
index 0000000000..9f01006ddf
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright (C) 2011-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * Written by Simon Josefsson
+ *
+ */
+
+#include
+#include
+#include
+#include
+#include "../wrap_tests.h"
+
+struct tv
+{
+ int bitlen;
+ const char *bitstr;
+ int derlen;
+ const char *der;
+};
+
+static const struct tv tv[] = {
+ {0, "", 2, "\x01\x00"},
+ {1, "\x00", 3, "\x02\x07\x00"},
+ {2, "\x00", 3, "\x02\x06\x00"},
+ {3, "\x00", 3, "\x02\x05\x00"},
+ {4, "\x00", 3, "\x02\x04\x00"},
+ {5, "\x00", 3, "\x02\x03\x00"},
+ {6, "\x00", 3, "\x02\x02\x00"},
+ {7, "\x00", 3, "\x02\x01\x00"},
+ {8, "\x00\x00", 3, "\x02\x00\x00"},
+ {9, "\x00\x00", 4, "\x03\x07\x00\x00"},
+ {10, "\x00\x00", 4, "\x03\x06\x00\x00"},
+ {11, "\x00\x00", 4, "\x03\x05\x00\x00"},
+ {12, "\x00\x00", 4, "\x03\x04\x00\x00"},
+ {13, "\x00\x00", 4, "\x03\x03\x00\x00"},
+ {14, "\x00\x00", 4, "\x03\x02\x00\x00"},
+ {15, "\x00\x00", 4, "\x03\x01\x00\x00"},
+ {16, "\x00\x00", 4, "\x03\x00\x00\x00"},
+ {17, "\x00\x00\x00", 5, "\x04\x07\x00\x00\x00"},
+ {18, "\x00\x00\x00", 5, "\x04\x06\x00\x00\x00"},
+ {19, "\x00\x00\x00", 5, "\x04\x05\x00\x00\x00"},
+ {1, "\xFF", 3, "\x02\x07\x80"},
+ {2, "\xFF", 3, "\x02\x06\xc0"},
+ {3, "\xFF", 3, "\x02\x05\xe0"},
+ {4, "\xFF", 3, "\x02\x04\xf0"},
+ {5, "\xFF", 3, "\x02\x03\xf8"},
+ {6, "\xFF", 3, "\x02\x02\xfc"},
+ {7, "\xFF", 3, "\x02\x01\xfe"},
+ {8, "\xFF\xFF", 3, "\x02\x00\xff"},
+ {9, "\xFF\xFF", 4, "\x03\x07\xff\x80"},
+ {10, "\xFF\xFF", 4, "\x03\x06\xff\xc0"},
+ {11, "\xFF\xFF", 4, "\x03\x05\xff\xe0"},
+ {12, "\xFF\xFF", 4, "\x03\x04\xff\xf0"},
+ {13, "\xFF\xFF", 4, "\x03\x03\xff\xf8"},
+ {14, "\xFF\xFF", 4, "\x03\x02\xff\xfc"},
+ {15, "\xFF\xFF", 4, "\x03\x01\xff\xfe"},
+ {16, "\xFF\xFF", 4, "\x03\x00\xff\xff"},
+ {17, "\xFF\xFF\xFF", 5, "\x04\x07\xff\xff\x80"},
+ {18, "\xFF\xFF\xFF", 5, "\x04\x06\xff\xff\xc0"},
+ {19, "\xFF\xFF\xFF", 5, "\x04\x05\xff\xff\xe0"},
+};
+
+void
+test_simple (void)
+{
+ int result;
+ unsigned char der[100];
+ unsigned char str[100];
+ int der_len = sizeof (der);
+ int str_size = sizeof (str);
+ int ret_len, bit_len;
+ grub_size_t i;
+
+ /* Dummy test */
+
+ asn1_bit_der (NULL, 0, der, &der_len);
+ result = asn1_get_bit_der (der, 0, &ret_len, str, str_size, &bit_len);
+ if (result != ASN1_GENERIC_ERROR)
+ {
+ grub_fatal ("asn1_get_bit_der zero\n");
+ return;
+ }
+
+ /* Encode short strings with increasing bit lengths */
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ /* Encode */
+
+ asn1_bit_der ((const unsigned char *) tv[i].bitstr, tv[i].bitlen,
+ der, &der_len);
+
+#if 0
+ {
+ size_t j;
+ for (j = 0; j < der_len; j++)
+ printf ("\\x%02x", der[j]);
+ printf ("\n");
+ }
+#endif
+
+ if (der_len != tv[i].derlen || grub_memcmp (der, tv[i].der, der_len) != 0)
+ {
+ grub_fatal ("asn1_bit_der iter %lu\n", (unsigned long) i);
+ return;
+ }
+
+ /* Decode it */
+
+ result = asn1_get_bit_der (der, der_len, &ret_len, str,
+ str_size, &bit_len);
+ if (result != ASN1_SUCCESS || ret_len != tv[i].derlen
+ || bit_len != tv[i].bitlen)
+ {
+ grub_fatal ("asn1_get_bit_der iter %lu, err: %d\n", (unsigned long) i, result);
+ return;
+ }
+ }
+
+
+ /* Decode sample from "A Layman's Guide to a Subset of ASN.1, BER,
+ and DER" section 5.4 "BIT STRING": "The BER encoding of the BIT
+ STRING value "011011100101110111" can be any of the following,
+ among others, depending on the choice of padding bits, the form
+ of length octets [...]".
+ */
+
+ /* 03 04 06 6e 5d c0 DER encoding */
+
+ grub_memcpy (der, "\x04\x06\x6e\x5d\xc0", 5);
+ der_len = 5;
+
+ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len);
+ if (result != ASN1_SUCCESS || ret_len != 5
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xc0", 3) != 0)
+ {
+ grub_fatal ("asn1_get_bit_der example\n");
+ return;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
+ grub_fatal ("asn1_bit_der example roundtrip\n");
+ return;
+ }
+
+ /* 03 04 06 6e 5d e0 padded with "100000" */
+
+ grub_memcpy (der, "\x04\x06\x6e\x5d\xe0", 5);
+ der_len = 5;
+
+ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len);
+ if (result != ASN1_SUCCESS || ret_len != 5
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xe0", 3) != 0)
+ {
+ grub_fatal ("asn1_get_bit_der example padded\n");
+ return;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
+ grub_fatal ("asn1_bit_der example roundtrip\n");
+ return;
+ }
+
+ /* 03 81 04 06 6e 5d c0 long form of length octets */
+
+ grub_memcpy (der, "\x81\x04\x06\x6e\x5d\xc0", 6);
+ der_len = 6;
+
+ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len);
+
+ if (result != ASN1_SUCCESS || ret_len != 6
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xc0", 3) != 0)
+ {
+ grub_fatal ("asn1_get_bit_der example long form\n");
+ return;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
+ grub_fatal ("asn1_bit_der example roundtrip\n");
+ return;
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_strings.c b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c
new file mode 100644
index 0000000000..dbe1474b20
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (C) 2012-2014 Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * Written by Simon Josefsson
+ *
+ */
+
+#include
+#include
+#include
+#include
+#include "../wrap_tests.h"
+
+struct tv
+{
+ unsigned int etype;
+ unsigned int str_len;
+ const void *str;
+ unsigned int der_len;
+ const void *der;
+};
+
+static const struct tv tv[] = {
+ {ASN1_ETYPE_IA5_STRING, 20,
+ "\x63\x73\x63\x61\x40\x70\x61\x73\x73\x70\x6f\x72\x74\x2e\x67\x6f\x76\x2e\x67\x72",
+ 22,
+ "\x16\x14\x63\x73\x63\x61\x40\x70\x61\x73\x73\x70\x6f\x72\x74\x2e\x67\x6f\x76\x2e\x67\x72"},
+ {ASN1_ETYPE_PRINTABLE_STRING, 5, "\x4e\x69\x6b\x6f\x73",
+ 7, "\x13\x05\x4e\x69\x6b\x6f\x73"},
+ {ASN1_ETYPE_UTF8_STRING, 12, "Αττική",
+ 14, "\x0c\x0c\xce\x91\xcf\x84\xcf\x84\xce\xb9\xce\xba\xce\xae"},
+ {ASN1_ETYPE_TELETEX_STRING, 15,
+ "\x53\x69\x6d\x6f\x6e\x20\x4a\x6f\x73\x65\x66\x73\x73\x6f\x6e",
+ 17,
+ "\x14\x0f\x53\x69\x6d\x6f\x6e\x20\x4a\x6f\x73\x65\x66\x73\x73\x6f\x6e"},
+ {ASN1_ETYPE_OCTET_STRING, 36,
+ "\x30\x22\x80\x0F\x32\x30\x31\x31\x30\x38\x32\x31\x30\x38\x30\x30\x30\x36\x5A\x81\x0F\x32\x30\x31\x31\x30\x38\x32\x33\x32\x30\x35\x39\x35\x39\x5A",
+ 38,
+ "\x04\x24\x30\x22\x80\x0F\x32\x30\x31\x31\x30\x38\x32\x31\x30\x38\x30\x30\x30\x36\x5A\x81\x0F\x32\x30\x31\x31\x30\x38\x32\x33\x32\x30\x35\x39\x35\x39\x5A"}
+};
+
+#define SSTR(x) sizeof(x)-1,x
+static const struct tv ber[] = {
+ {ASN1_ETYPE_OCTET_STRING,
+ SSTR("\xa0\xa0"),
+ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x00\x00")},
+ {ASN1_ETYPE_OCTET_STRING,
+ SSTR("\xa0\xa0\xb0\xb0\xb0"),
+ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x00\x00")},
+ {ASN1_ETYPE_OCTET_STRING,
+ SSTR("\xa0\xa0\xb0\xb0\xb0\xa1\xa1"),
+ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x24\x80\x04\x82\x00\x02\xa1\xa1\x00\x00\x00\x00")},
+ {ASN1_ETYPE_OCTET_STRING,
+ SSTR("\xa0\xa0\xb0\xb0\xb0\xa1\xa1\xc1"),
+ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x24\x80\x04\x82\x00\x02\xa1\xa1\x04\x82\x00\x01\xc1\x00\x00\x00\x00")},
+};
+
+void
+test_strings ()
+{
+ int ret;
+ unsigned char tl[ASN1_MAX_TL_SIZE];
+ unsigned int tl_len, der_len, str_len;
+ const unsigned char *str;
+ unsigned char *b;
+ unsigned int i;
+
+ /* Dummy test */
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ /* Encode */
+ tl_len = sizeof (tl);
+ ret = asn1_encode_simple_der (tv[i].etype, tv[i].str, tv[i].str_len,
+ tl, &tl_len);
+ if (ret != ASN1_SUCCESS)
+ {
+ grub_fatal ("Encoding error in %u: %s\n", i,
+ asn1_strerror (ret));
+ return;
+ }
+ der_len = tl_len + tv[i].str_len;
+
+ if (der_len != tv[i].der_len || grub_memcmp (tl, tv[i].der, tl_len) != 0)
+ {
+ grub_fatal (
+ "DER encoding differs in %u! (size: %u, expected: %u)\n",
+ i, der_len, tv[i].der_len);
+ return;
+ }
+
+ /* decoding */
+ ret =
+ asn1_decode_simple_der (tv[i].etype, tv[i].der, tv[i].der_len, &str,
+ &str_len);
+ if (ret != ASN1_SUCCESS)
+ {
+ grub_fatal ("Decoding error in %u: %s\n", i,
+ asn1_strerror (ret));
+ return;
+ }
+
+ if (str_len != tv[i].str_len || grub_memcmp (str, tv[i].str, str_len) != 0)
+ {
+ grub_fatal (
+ "DER decoded data differ in %u! (size: %u, expected: %u)\n",
+ i, der_len, tv[i].str_len);
+ return;
+ }
+ }
+
+ /* BER decoding */
+ for (i = 0; i < sizeof (ber) / sizeof (ber[0]); i++)
+ {
+ /* decoding */
+ ret =
+ asn1_decode_simple_ber (ber[i].etype, ber[i].der, ber[i].der_len, &b,
+ &str_len, NULL);
+ if (ret != ASN1_SUCCESS)
+ {
+ grub_fatal ("BER decoding error in %u: %s\n", i,
+ asn1_strerror (ret));
+ return;
+ }
+
+ if (str_len != ber[i].str_len || grub_memcmp (b, ber[i].str, str_len) != 0)
+ {
+ grub_fatal (
+ "BER decoded data differ in %u! (size: %u, expected: %u)\n",
+ i, str_len, ber[i].str_len);
+ return;
+ }
+ grub_free(b);
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c
new file mode 100644
index 0000000000..d367bbfb5a
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2016 Red Hat, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ */
+
+#include
+#include
+#include
+#include
+#include "../wrap_tests.h"
+
+struct tv
+{
+ int der_len;
+ const unsigned char *der;
+ const char *oid;
+ int expected_error;
+};
+
+static const struct tv tv[] = {
+ {.der_len = 5,
+ .der = (void *) "\x06\x03\x80\x37\x03",
+ .oid = "2.999.3",
+ .expected_error = ASN1_DER_ERROR /* leading 0x80 */
+ },
+ {.der_len = 12,
+ .der = (void *) "\x06\x0a\x2b\x06\x01\x80\x01\x92\x08\x09\x05\x01",
+ .oid = "1.3.6.1.4.1.2312.9.5.1",
+ .expected_error = ASN1_DER_ERROR /* leading 0x80 */
+ },
+ {.der_len = 6,
+ .der = (void *) "\x06\x04\x01\x02\x03\x04",
+ .oid = "0.1.2.3.4",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 5,
+ .der = (void *) "\x06\x03\x51\x02\x03",
+ .oid = "2.1.2.3",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 5,
+ .der = (void *) "\x06\x03\x88\x37\x03",
+ .oid = "2.999.3",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 12,
+ .der = (void *) "\x06\x0a\x2b\x06\x01\x04\x01\x92\x08\x09\x05\x01",
+ .oid = "1.3.6.1.4.1.2312.9.5.1",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 19,
+ .der = (void *) "\x06\x11\xfa\x80\x00\x00\x00\x0e\x01\x0e\xfa\x80\x00\x00\x00\x0e\x63\x6f\x6d",
+ .oid = "2.1998768.0.0.14.1.14.1998848.0.0.14.99.111.109",
+ .expected_error = ASN1_SUCCESS},
+ {.der_len = 19,
+ .der =
+ (void *)
+ "\x06\x11\x2b\x06\x01\x04\x01\x92\x08\x09\x02\xaa\xda\xbe\xbe\xfa\x72\x01\x07",
+ .oid = "1.3.6.1.4.1.2312.9.2.1467399257458.1.7",
+ .expected_error = ASN1_SUCCESS},
+};
+
+void
+test_object_id_decoding (void)
+{
+ char str[128];
+ int ret, ret_len;
+ grub_size_t i;
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ /* decode */
+ ret =
+ asn1_get_object_id_der (tv[i].der+1,
+ tv[i].der_len-1, &ret_len, str,
+ sizeof (str));
+ if (ret != tv[i].expected_error)
+ {
+ grub_fatal (
+ "%d: asn1_get_object_id_der iter %lu: got '%s' expected %d\n",
+ __LINE__, (unsigned long) i, asn1_strerror(ret), tv[i].expected_error);
+ return;
+ }
+
+ if (tv[i].expected_error != ASN1_SUCCESS)
+ continue;
+
+ if (ret_len != tv[i].der_len-1)
+ {
+ grub_fatal (
+ "%d: iter %lu: error in DER, length returned is %d, had %d\n",
+ __LINE__, (unsigned long)i, ret_len, tv[i].der_len-1);
+ return;
+ }
+
+ if (grub_strcmp (tv[i].oid, str) != 0)
+ {
+ grub_fatal (
+ "%d: strcmp iter %lu: got invalid OID: %s, expected: %s\n",
+ __LINE__, (unsigned long) i, str, tv[i].oid);
+ return;
+ }
+
+ }
+}
diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c
new file mode 100644
index 0000000000..3a83b58c59
--- /dev/null
+++ b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2019 Nikos Mavrogiannopoulos
+ *
+ * This file is part of LIBTASN1.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ */
+
+#include
+#include