[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v9 00/22] Automatic Disk Unlock with TPM2
|
From: |
Gary Lin |
|
Subject: |
[PATCH v9 00/22] Automatic Disk Unlock with TPM2 |
|
Date: |
Mon, 5 Feb 2024 15:39:33 +0800 |
GIT repo for v9: https://github.com/lcp/grub2/tree/tpm2-unlock-v9
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encryption.
To support TPM 2.0 Key File format(*2), patch 1~6 are grabbed from
Daniel Axtens's "appended signature secure boot support" (*3) to import
libtasn1 into grub2. Besides, the libtasn1 version is upgraded to
4.19.0 instead of 4.16.0 in the original patch.
Patch 7 adds the document for libtasn1 and the steps to upgrade the
library.
Patch 8~12 are Hernan Gatta's patches with the follow-up fixes and
improvements:
- Converting 8 spaces into 1 tab
- Merging the minor build fix from Michael Chang
- Replacing "lu" with "PRIuGRUB_SIZE" for grub_dprintf
- Adding "enable = efi" to the tpm2 module in grub-core/Makefile.core.def
- Rebasing "cryptodisk: Support key protectors" to the git master
- Removing the measurement on the sealed key
- Based on the patch from Olaf Kirch <OKir@suse.com>
- Adjusting the input parameters of TPM2_EvictControl to match the order
in "TCG TPM2 Part3 Commands"
- Declaring the input arguments of TPM2 functions as const
- Resending TPM2 commands on TPM_RC_RETRY
- Adding checks for the parameters of TPM2 commands
- Packing the missing authorization command for TPM2_PCR_Read
- Tweaking the TPM2 command functions to allow some parameters to be
NULL so that we don't have to declare empty variables
- Only enabling grub-protect for "efi" since the TPM2 stack currently
relies on the EFI TCG2 protocol to send TPM2 commands
- Using grub_cpu_to_be*() in the TPM2 stack instead of grub_swap_bytes*()
which may cause problems in big-indian machines
- Changing the short name of "--protector" of "cryptomount" from "-k" to
"-P" to avoid the conflict with "--key-file"
- Supporting TPM 2.0 Key File Format besides the raw sealed key
- Adding the external libtasn1 dependency to grub-protect to write the
TPM 2.0 Key files
Patch 13~16 implement the authorized policy support.
Patch 17 implements the missing NV index mode. (Thanks to Patrick Colp)
Patch 18 improves the 'cryptomount' command to fall back to the
passphrase mode when the key protector fails to unlock the encrypted
partition. (Another patch from Patrick Colp)
Patch 19~20 fix the potential security issues spotted by Fabian Vogt.
Patch 21~22 add the TPM key unsealing testcase.
To utilize the TPM2 key protector to unlock the encrypted partition
(sdb1), here are the sample steps:
1. Add an extra random key for LUKS (luks-key)
$ dd if=/dev/urandom of=luks-key bs=1 count=32
$ sudo cryptsetup luksAddKey /dev/sdb1 luks-key --pbkdf=pbkdf2
2. Seal the key
$ sudo grub-protect --action=add \
--protector=tpm2 \
--tpm2key \
--tpm2-keyfile=luks-key \
--tpm2-outfile=/boot/efi/boot/grub2/sealed.tpm
3. Unseal the key with the proper commands in grub.cfg:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u <SDB1_UUID> -P tpm2
(*1) https://lists.gnu.org/archive/html/grub-devel/2022-02/msg00006.html
(*2) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
(*3) https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00044.html
v9:
- Introducing c-ctype.h to posix_wrap and implementing strncat
- Adding the descriptive comments to the disabled code in libtasn1
- Replacing strcat with the bound-checked _asn1_str_cat in libtasn1 and
including c-ctype.h directly
- Integrating the asn1 testcases into "functional_test"
- Updating the libtasn1 patches mentioned in the documentation
- Moving the key protector to a module
- Amending configure.ac to enable/disable grub-protect
- Fixing an timeout issue in the tpm2_test script by feeding the config
through stdin
v8:
- https://lists.gnu.org/archive/html/grub-devel/2024-01/msg00013.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v8
- Introducing TPM device support to grub-emu and adding the TPM key
unsealing testcase
v7:
- https://lists.gnu.org/archive/html/grub-devel/2023-11/msg00127.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v7
- Stopping reading SRK from the well-known persistent handle (TPM2_SRK_HANDLE,
i.e. 0x81000001) by default since the persistent handle may be created
by other OS and causes unsealing failure due to SRK mismatching
- The user now has to specify the persistent handle with "--srk"
explicitly.
- Utilizing grub_error() to print more error messages
- Unifying the format of the error messages from TPM2 commands
v6:
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00026.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v6
- Supporting more SRK types than RSA2048 and ECC_NIST_P256
- Documenting SHA512 as the supported PCR bank type in the tpm2
protector
- Removing the redundant error message for grub_tpm2_protector_srk_get()
since it may overwrite the real error message.
- Updating the supported SRK types and PCR bank types in grub-protect
- Removing the unused type: TPM2_ECC_CURVE
v5:
- https://lists.gnu.org/archive/html/grub-devel/2023-08/msg00113.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v5
- Rebasing to the latest git HEAD and improving the commit messages
- Implementing authorized poilcy support
- Implementing NV index mode
- Improving the 'cryptomount' command to fall back to the passphrase
mode when the key protector fails to unlock the encrypted partition
- Fixing the potential security issues
v4:
- https://lists.gnu.org/archive/html/grub-devel/2023-04/msg00104.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v4
- Improving the error condition checks in cryptodisk.c
- Moving the code to unseal with the standalone policy sequence below
the code for authpolicy sequence
- The standalone policy sequence was mistakenly prepended to to the
authpolicy sequence with grub_list_push() while it should be
appended.
- Pushing the error messages from the authpolicy sequence into the
grub_error stack so that we can list all errors from the sequence
- Improving the error messages in the TPM2 protector
- Amending the calculation of the max string lengths of 'Policy',
'CommandCode' and 'CommandPolicy'
- Skipping the error path in grub_tpm2key_get_authpolicy_seq() on
success to avoid freeing the authpolicy sequence
v3:
- https://lists.gnu.org/archive/html/grub-devel/2023-04/msg00055.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v3
- Adding the document for libtasn1
- Improving the error condition checks
ex: "if (!ptr)" ==> "if (ptr == NULL)"
"if (err)" ==> "if (err != GRUB_ERR_NONE)"
"if (rc)" ==> "if (rc != TPM_RC_SUCCESS)"
- Supporting the "TPMPolicy" and "TPMAuthPolicy" sequence in the TPM 2.0
key File
- Refactoring the key recover function to support "TPMPolicy" and
"TPMAuthPolicy" sequence
- Using TPMS_PCR_SELECTION_SelectPCR() to set the PCR bit mask
- Also dropping TPM2_PCR_TO_SELECT() and TPM2_PCR_TO_BIT() which are
not necessary anymore
- Removing the redundant variable, 'crd', from
grub_cryptodisk_scan_device_real()
- Fixing the spaces/tabs in cryptodisk.c
- Fixing the comment format in cryptodisk.h
- Adding the defensive check for "cargs->protectors" in
grub_cryptodisk_scan_device()
- Improving 'grub-protect' for the better support of TPM 2.0 Key File
- Adding more comments
v2:
- https://lists.gnu.org/archive/html/grub-devel/2023-03/msg00094.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v2
v1:
- https://lists.gnu.org/archive/html/grub-devel/2023-02/msg00130.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock
Daniel Axtens (6):
posix_wrap: tweaks in preparation for libtasn1
libtasn1: import libtasn1-4.19.0
libtasn1: disable code not needed in grub
libtasn1: changes for grub compatibility
libtasn1: compile into asn1 module
asn1_test: test module for libtasn1
Gary Lin (9):
libtasn1: Add the documentation
tpm2: Add TPM2 types, structures, and command constants
tpm2: Add more marshal/unmarshal functions
tpm2: Implement more TPM2 commands
tpm2: Support authorized policy
cryptodisk: wipe out the cached keys from protectors
diskfilter: look up cryptodisk devices first
tpm2: Enable tpm2 module for grub-emu
tests: Add tpm2_test
Hernan Gatta (5):
key_protector: Add key protectors framework
tpm2: Add TPM Software Stack (TSS)
key_protector: Add TPM2 Key Protector
cryptodisk: Support key protectors
util/grub-protect: Add new tool
Patrick Colp (2):
tpm2: Implement NV index
cryptodisk: Fallback to passphrase
.gitignore | 2 +
Makefile.util.def | 35 +
configure.ac | 30 +
docs/grub-dev.texi | 27 +
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def | 48 +
grub-core/disk/cryptodisk.c | 183 +-
grub-core/disk/diskfilter.c | 35 +-
grub-core/disk/key_protector.c | 78 +
grub-core/kern/emu/main.c | 11 +-
grub-core/kern/emu/misc.c | 51 +
...asn1-disable-code-not-needed-in-grub.patch | 319 +++
...tasn1-changes-for-grub-compatibility.patch | 142 +
grub-core/lib/libtasn1/COPYING | 16 +
grub-core/lib/libtasn1/README.md | 98 +
grub-core/lib/libtasn1/lib/coding.c | 1433 ++++++++++
grub-core/lib/libtasn1/lib/decoding.c | 2503 +++++++++++++++++
grub-core/lib/libtasn1/lib/element.c | 1109 ++++++++
grub-core/lib/libtasn1/lib/element.h | 42 +
grub-core/lib/libtasn1/lib/errors.c | 103 +
grub-core/lib/libtasn1/lib/gstr.c | 74 +
grub-core/lib/libtasn1/lib/gstr.h | 50 +
grub-core/lib/libtasn1/lib/int.h | 220 ++
grub-core/lib/libtasn1/lib/parser_aux.c | 1178 ++++++++
grub-core/lib/libtasn1/lib/parser_aux.h | 172 ++
grub-core/lib/libtasn1/lib/structure.c | 1227 ++++++++
grub-core/lib/libtasn1/lib/structure.h | 46 +
grub-core/lib/libtasn1_wrap/wrap.c | 26 +
grub-core/lib/posix_wrap/c-ctype.h | 114 +
grub-core/lib/posix_wrap/limits.h | 1 +
grub-core/lib/posix_wrap/stdlib.h | 8 +
grub-core/lib/posix_wrap/string.h | 21 +
grub-core/lib/posix_wrap/sys/types.h | 1 +
.../tests/asn1/CVE-2018-1000654-1_asn1_tab.h | 32 +
.../tests/asn1/CVE-2018-1000654-2_asn1_tab.h | 36 +
grub-core/tests/asn1/CVE-2018-1000654.c | 58 +
grub-core/tests/asn1/Test_overflow.c | 134 +
grub-core/tests/asn1/Test_simple.c | 205 ++
grub-core/tests/asn1/Test_strings.c | 142 +
grub-core/tests/asn1/asn1_test.c | 49 +
grub-core/tests/asn1/asn1_test.h | 44 +
grub-core/tests/asn1/object-id-decoding.c | 109 +
grub-core/tests/asn1/object-id-encoding.c | 114 +
grub-core/tests/asn1/octet-string.c | 199 ++
grub-core/tests/asn1/reproducers.c | 80 +
grub-core/tests/lib/functional_test.c | 1 +
grub-core/tpm2/args.c | 177 ++
grub-core/tpm2/buffer.c | 145 +
grub-core/tpm2/module.c | 1127 ++++++++
grub-core/tpm2/mu.c | 1069 +++++++
grub-core/tpm2/tcg2-emu.c | 52 +
grub-core/tpm2/tcg2.c | 143 +
grub-core/tpm2/tpm2.c | 1185 ++++++++
grub-core/tpm2/tpm2key.asn | 31 +
grub-core/tpm2/tpm2key.c | 447 +++
grub-core/tpm2/tpm2key_asn1_tab.c | 41 +
include/grub/cryptodisk.h | 16 +
include/grub/emu/misc.h | 5 +
include/grub/key_protector.h | 46 +
include/grub/libtasn1.h | 657 +++++
include/grub/tpm2/buffer.h | 65 +
include/grub/tpm2/internal/args.h | 41 +
include/grub/tpm2/internal/functions.h | 174 ++
include/grub/tpm2/internal/structs.h | 761 +++++
include/grub/tpm2/internal/types.h | 384 +++
include/grub/tpm2/mu.h | 367 +++
include/grub/tpm2/tcg2.h | 34 +
include/grub/tpm2/tpm2.h | 34 +
include/grub/tpm2/tpm2key.h | 83 +
tests/asn1_test.in | 12 +
tests/tpm2_test.in | 179 ++
tests/util/grub-shell.in | 6 +-
util/grub-protect.c | 1492 ++++++++++
73 files changed, 19337 insertions(+), 43 deletions(-)
create mode 100644 grub-core/disk/key_protector.c
create mode 100644
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
create mode 100644
grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
create mode 100644 grub-core/lib/libtasn1/COPYING
create mode 100644 grub-core/lib/libtasn1/README.md
create mode 100644 grub-core/lib/libtasn1/lib/coding.c
create mode 100644 grub-core/lib/libtasn1/lib/decoding.c
create mode 100644 grub-core/lib/libtasn1/lib/element.c
create mode 100644 grub-core/lib/libtasn1/lib/element.h
create mode 100644 grub-core/lib/libtasn1/lib/errors.c
create mode 100644 grub-core/lib/libtasn1/lib/gstr.c
create mode 100644 grub-core/lib/libtasn1/lib/gstr.h
create mode 100644 grub-core/lib/libtasn1/lib/int.h
create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.c
create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.h
create mode 100644 grub-core/lib/libtasn1/lib/structure.c
create mode 100644 grub-core/lib/libtasn1/lib/structure.h
create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c
create mode 100644 grub-core/lib/posix_wrap/c-ctype.h
create mode 100644 grub-core/tests/asn1/CVE-2018-1000654-1_asn1_tab.h
create mode 100644 grub-core/tests/asn1/CVE-2018-1000654-2_asn1_tab.h
create mode 100644 grub-core/tests/asn1/CVE-2018-1000654.c
create mode 100644 grub-core/tests/asn1/Test_overflow.c
create mode 100644 grub-core/tests/asn1/Test_simple.c
create mode 100644 grub-core/tests/asn1/Test_strings.c
create mode 100644 grub-core/tests/asn1/asn1_test.c
create mode 100644 grub-core/tests/asn1/asn1_test.h
create mode 100644 grub-core/tests/asn1/object-id-decoding.c
create mode 100644 grub-core/tests/asn1/object-id-encoding.c
create mode 100644 grub-core/tests/asn1/octet-string.c
create mode 100644 grub-core/tests/asn1/reproducers.c
create mode 100644 grub-core/tpm2/args.c
create mode 100644 grub-core/tpm2/buffer.c
create mode 100644 grub-core/tpm2/module.c
create mode 100644 grub-core/tpm2/mu.c
create mode 100644 grub-core/tpm2/tcg2-emu.c
create mode 100644 grub-core/tpm2/tcg2.c
create mode 100644 grub-core/tpm2/tpm2.c
create mode 100644 grub-core/tpm2/tpm2key.asn
create mode 100644 grub-core/tpm2/tpm2key.c
create mode 100644 grub-core/tpm2/tpm2key_asn1_tab.c
create mode 100644 include/grub/key_protector.h
create mode 100644 include/grub/libtasn1.h
create mode 100644 include/grub/tpm2/buffer.h
create mode 100644 include/grub/tpm2/internal/args.h
create mode 100644 include/grub/tpm2/internal/functions.h
create mode 100644 include/grub/tpm2/internal/structs.h
create mode 100644 include/grub/tpm2/internal/types.h
create mode 100644 include/grub/tpm2/mu.h
create mode 100644 include/grub/tpm2/tcg2.h
create mode 100644 include/grub/tpm2/tpm2.h
create mode 100644 include/grub/tpm2/tpm2key.h
create mode 100644 tests/asn1_test.in
create mode 100644 tests/tpm2_test.in
create mode 100644 util/grub-protect.c
Range-diff against v8:
1: dcda63b50 < -: --------- posix_wrap: tweaks in preparation for libtasn1
-: --------- > 1: e1b4dca2d posix_wrap: tweaks in preparation for libtasn1
2: 9f3ca3e25 ! 2: 89dc7ef87 libtasn1: import libtasn1-4.19.0
@@ Commit message
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
## grub-core/lib/libtasn1/COPYING (new) ##
@@
3: 543b5b4f7 ! 3: 07f7ff212 libtasn1: disable code not needed in grub
@@ Commit message
which is convenient because it means we don't have to
import it from gnulib.
+ Cc: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Gary Lin <glin@suse.com>
@@ grub-core/lib/libtasn1/lib/coding.c
#define MAX_TAG_LEN 16
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
/******************************************************/
/* Function : _asn1_error_description_value_not_found */
/* Description: creates the ErrorDescription string */
@@ grub-core/lib/libtasn1/lib/coding.c: asn1_encode_simple_der (unsigned
int etype,
return ASN1_SUCCESS;
}
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
/******************************************************/
/* Function : _asn1_time_der */
/* Description: creates the DER coding for a TIME */
@@ grub-core/lib/libtasn1/lib/coding.c: asn1_bit_der (const unsigned char
*str, int
}
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
/******************************************************/
/* Function : _asn1_complete_explicit_tag */
/* Description: add the length coding to the EXPLICIT */
@@ grub-core/lib/libtasn1/lib/coding.c: const tag_and_class_st _asn1_tags[]
= {
unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof
(_asn1_tags[0]);
+
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
/******************************************************/
/* Function : _asn1_insert_tag_der */
/* Description: creates the DER coding of tags of one */
@@ grub-core/lib/libtasn1/lib/coding.c: error:
}
+
+#endif
- \ No newline at end of file
## grub-core/lib/libtasn1/lib/decoding.c ##
@@ grub-core/lib/libtasn1/lib/decoding.c: asn1_der_decoding (asn1_node *
element, const void *ider, int ider_len,
return asn1_der_decoding2 (element, ider, &ider_len, 0,
errorDescription);
}
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
/**
* asn1_der_decoding_element:
* @structure: pointer to an ASN1 structure
@@ grub-core/lib/libtasn1/lib/decoding.c: asn1_der_decoding_element
(asn1_node * st
* asn1_der_decoding_startEnd:
## grub-core/lib/libtasn1/lib/element.c ##
+@@ grub-core/lib/libtasn1/lib/element.c: _asn1_convert_integer (const
unsigned char *value, unsigned char *value_out,
+ value_out[k2 - k] = val[k2];
+ }
+
+-#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
+ printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
+ printf (", vOut[%d]=%d", k, value_out[k]);
@@ grub-core/lib/libtasn1/lib/element.c: _asn1_append_sequence_set
(asn1_node node, struct node_tail_cache_st *pcache)
return ASN1_SUCCESS;
}
@@ grub-core/lib/libtasn1/lib/errors.c: static const libtasn1_error_entry
error_alg
};
+
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
/**
* asn1_perror:
* @error: is an error returned by a libtasn1 function.
@@ grub-core/lib/libtasn1/lib/structure.c: _asn1_find_left (asn1_node_const
node)
}
-
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
int
_asn1_create_static_structure (asn1_node_const pointer,
char *output_file_name, char *vector_name)
@@ grub-core/lib/libtasn1/lib/structure.c: asn1_create_element
(asn1_node_const def
}
-
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
/**
* asn1_print_structure:
* @out: pointer to the output file (e.g. stdout).
@@ grub-core/lib/libtasn1/lib/structure.c: asn1_find_structure_from_oid
(asn1_node_
return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
}
-+#if 0
++#if 0 /* GRUB SKIPPED IMPORTING */
/**
* asn1_copy_node:
* @dst: Destination asn1 node.
@@ include/grub/libtasn1.h: extern "C"
/***********************************/
+/* These functions are not used in grub and should not be referenced. */
-+# if 0
++# if 0 /* GRUB SKIPPED IMPORTING */
extern ASN1_API int
asn1_parser2tree (const char *file,
asn1_node * definitions, char *error_desc);
@@ include/grub/libtasn1.h: extern "C"
asn1_array2tree (const asn1_static_node * array,
asn1_node * definitions, char *errorDescription);
-+# if 0
++# if 0 /* GRUB SKIPPED IMPORTING */
extern ASN1_API void
asn1_print_structure (FILE * out, asn1_node_const structure,
const char *name, int mode);
@@ include/grub/libtasn1.h: extern "C"
extern ASN1_API int
asn1_delete_element (asn1_node structure, const char *element_name);
-+# if 0
++# if 0 /* GRUB SKIPPED IMPORTING */
extern ASN1_API int
asn1_write_value (asn1_node node_root, const char *name,
const void *ivalue, int len);
@@ include/grub/libtasn1.h: extern "C"
asn1_number_of_elements (asn1_node_const element, const char *name,
int *num);
-+# if 0
++# if 0 /* GRUB SKIPPED IMPORTING */
extern ASN1_API int
asn1_der_coding (asn1_node_const element, const char *name,
void *ider, int *len, char *ErrorDescription);
@@ include/grub/libtasn1.h: extern "C"
asn1_der_decoding (asn1_node * element, const void *ider,
int ider_len, char *errorDescription);
-+# if 0
++# if 0 /* GRUB SKIPPED IMPORTING */
/* Do not use. Use asn1_der_decoding() instead. */
extern ASN1_API int
asn1_der_decoding_element (asn1_node * structure,
@@ include/grub/libtasn1.h: extern "C"
const char
*oidValue);
-+# if 0
++# if 0 /* GRUB SKIPPED IMPORTING */
__LIBTASN1_PURE__
extern ASN1_API const char *asn1_check_version (const char
*req_version);
+# endif
__LIBTASN1_PURE__ extern ASN1_API const char *asn1_strerror (int error);
-+# if 0
++# if 0 /* GRUB SKIPPED IMPORTING */
extern ASN1_API void asn1_perror (int error);
+# endif
4: 01c6f8a5e < -: --------- libtasn1: changes for grub compatibility
-: --------- > 4: 0113d1c12 libtasn1: changes for grub compatibility
5: 89cb4a6e8 ! 5: e5e4db9fc libtasn1: compile into asn1 module
@@ Commit message
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
## grub-core/Makefile.core.def ##
@@ grub-core/Makefile.core.def: module = {
6: 95296156f ! 6: a43b4a45e test_asn1: test module for libtasn1
@@ Metadata
Author: Daniel Axtens <dja@axtens.net>
## Commit message ##
- test_asn1: test module for libtasn1
+ asn1_test: test module for libtasn1
Import tests from libtasn1 that don't use functionality we don't
- import. I have put them here rather than in the libtasn1 directory
- because:
-
- - They need much more significant changes to run in the grub
- context.
-
- - I don't expect they will need to be changed when updating
- libtasn1: I expect the old tests will usually continue to pass on
- new versions.
+ import. This test module is integrated into functional_test so that the
+ user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
@@ Commit message
Add testcase target in accordance with
5e10be48e5 tests: Add check-native and check-nonnative make targets
+ Cc: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Gary Lin <glin@suse.com>
@@ Makefile.util.def: script = {
+script = {
+ testcase = native;
-+ name = test_asn1;
-+ common = tests/test_asn1.in;
++ name = asn1_test;
++ common = tests/asn1_test.in;
+};
+
program = {
@@ grub-core/Makefile.core.def: module = {
};
+
+module = {
-+ name = test_asn1;
-+ common = lib/libtasn1_wrap/tests/CVE-2018-1000654.c;
-+ common = lib/libtasn1_wrap/tests/object-id-decoding.c;
-+ common = lib/libtasn1_wrap/tests/object-id-encoding.c;
-+ common = lib/libtasn1_wrap/tests/octet-string.c;
-+ common = lib/libtasn1_wrap/tests/reproducers.c;
-+ common = lib/libtasn1_wrap/tests/Test_overflow.c;
-+ common = lib/libtasn1_wrap/tests/Test_simple.c;
-+ common = lib/libtasn1_wrap/tests/Test_strings.c;
-+ common = lib/libtasn1_wrap/wrap_tests.c;
++ name = asn1_test;
++ common = tests/asn1/CVE-2018-1000654.c;
++ common = tests/asn1/object-id-decoding.c;
++ common = tests/asn1/object-id-encoding.c;
++ common = tests/asn1/octet-string.c;
++ common = tests/asn1/reproducers.c;
++ common = tests/asn1/Test_overflow.c;
++ common = tests/asn1/Test_simple.c;
++ common = tests/asn1/Test_strings.c;
++ common = tests/asn1/asn1_test.c;
+};
- ## grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h (new)
##
+ ## grub-core/tests/asn1/CVE-2018-1000654-1_asn1_tab.h (new) ##
@@
+#if HAVE_CONFIG_H
+# include "config.h"
@@ grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h (new)
+ { NULL, 0, NULL }
+};
- ## grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h (new)
##
+ ## grub-core/tests/asn1/CVE-2018-1000654-2_asn1_tab.h (new) ##
@@
+#if HAVE_CONFIG_H
+# include "config.h"
@@ grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h (new)
+ { NULL, 0, NULL }
+};
- ## grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c (new) ##
+ ## grub-core/tests/asn1/CVE-2018-1000654.c (new) ##
@@
+/*
+ * Copyright (C) 2002-2018 Free Software Foundation, Inc.
@@ grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c (new)
+/* Description: reproducer for CVE-2018-1000654 */
+/****************************************************************/
+
-+#include <grub/libtasn1.h>
-+#include <grub/err.h>
-+#include <grub/mm.h>
-+#include <grub/misc.h>
-+#include <grub/types.h>
-+#include "../wrap_tests.h"
++#include "asn1_test.h"
+
+#include "CVE-2018-1000654-1_asn1_tab.h"
+#include "CVE-2018-1000654-2_asn1_tab.h"
+
-+void
++int
+test_CVE_2018_1000654 (void)
+{
+ int result;
@@ grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c (new)
+ result = asn1_array2tree (CVE_2018_1000654_1_asn1_tab, &definitions,
errorDescription);
+ if (result != ASN1_RECURSION)
+ {
-+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
-+ asn1_strerror (result), errorDescription);
-+ return;
++ grub_printf ("Error: %s\nErrorDescription = %s\n\n",
++ asn1_strerror (result), errorDescription);
++ return 1;
+ }
+
+ asn1_delete_structure (&definitions);
@@ grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c (new)
+ result = asn1_array2tree (CVE_2018_1000654_2_asn1_tab, &definitions,
errorDescription);
+ if (result != ASN1_RECURSION)
+ {
-+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
-+ asn1_strerror (result), errorDescription);
-+ return;
++ grub_printf ("Error: %s\nErrorDescription = %s\n\n",
++ asn1_strerror (result), errorDescription);
++ return 1;
+ }
+
+ asn1_delete_structure (&definitions);
++
++ return 0;
+}
- ## grub-core/lib/libtasn1_wrap/tests/Test_overflow.c (new) ##
+ ## grub-core/tests/asn1/Test_overflow.c (new) ##
@@
+/*
+ * Copyright (C) 2012-2014 Free Software Foundation, Inc.
@@ grub-core/lib/libtasn1_wrap/tests/Test_overflow.c (new)
+
+/* Written by Simon Josefsson */
+
-+#include <grub/libtasn1.h>
-+#include <grub/err.h>
-+#include <grub/mm.h>
-+#include <grub/misc.h>
-+#include <grub/types.h>
-+#include "../wrap_tests.h"
++#include "asn1_test.h"
+
-+void
++int
+test_overflow(void)
+{
+ /* Test that values larger than long are rejected. This has worked
@@ grub-core/lib/libtasn1_wrap/tests/Test_overflow.c (new)
+
+ if (l != -2L)
+ {
-+ grub_fatal ("ERROR: asn1_get_length_der bignum (l %ld len %d)\n", l,
len);
-+ return;
++ grub_printf ("ERROR: asn1_get_length_der bignum (l %ld len %d)\n", l,
len);
++ return 1;
+ }
+ }
+
@@ grub-core/lib/libtasn1_wrap/tests/Test_overflow.c (new)
+
+ if (l != -2L)
+ {
-+ grub_fatal ("ERROR: asn1_get_length_der intnum (l %ld len %d)\n", l,
-+ len);
-+ return;
++ grub_printf ("ERROR: asn1_get_length_der intnum (l %ld len %d)\n", l,
++ len);
++ return 1;
+ }
+ }
+#endif
@@ grub-core/lib/libtasn1_wrap/tests/Test_overflow.c (new)
+
+ if (l != -4L)
+ {
-+ grub_fatal ("ERROR: asn1_get_length_der overflow-small (l %ld len
%d)\n",
-+ l, len);
-+ return;
++ grub_printf ("ERROR: asn1_get_length_der overflow-small (l %ld len
%d)\n",
++ l, len);
++ return 1;
+ }
+ }
+
@@ grub-core/lib/libtasn1_wrap/tests/Test_overflow.c (new)
+
+ if (l != -4L)
+ {
-+ grub_fatal ("ERROR: asn1_get_length_der overflow-large1 (l %ld len
%d)\n",
-+ l, len);
-+ return;
++ grub_printf ("ERROR: asn1_get_length_der overflow-large1 (l %ld len
%d)\n",
++ l, len);
++ return 1;
+ }
+ }
+
@@ grub-core/lib/libtasn1_wrap/tests/Test_overflow.c (new)
+
+ if (l != -2L)
+ {
-+ grub_fatal ("ERROR: asn1_get_length_der overflow-large2 (l %ld len
%d)\n",
-+ l, len);
-+ return;
++ grub_printf ("ERROR: asn1_get_length_der overflow-large2 (l %ld len
%d)\n",
++ l, len);
++ return 1;
+ }
+ }
++ return 0;
+}
- ## grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new) ##
+ ## grub-core/tests/asn1/Test_simple.c (new) ##
@@
+/*
+ * Copyright (C) 2011-2014 Free Software Foundation, Inc.
@@ grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new)
+ *
+ */
+
-+#include <grub/libtasn1.h>
-+#include <grub/mm.h>
-+#include <grub/misc.h>
-+#include <grub/err.h>
-+#include "../wrap_tests.h"
++#include "asn1_test.h"
+
+struct tv
+{
@@ grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new)
+ {19, "\xFF\xFF\xFF", 5, "\x04\x05\xff\xff\xe0"},
+};
+
-+void
++int
+test_simple (void)
+{
+ int result;
@@ grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new)
+ result = asn1_get_bit_der (der, 0, &ret_len, str, str_size, &bit_len);
+ if (result != ASN1_GENERIC_ERROR)
+ {
-+ grub_fatal ("asn1_get_bit_der zero\n");
-+ return;
++ grub_printf ("asn1_get_bit_der zero\n");
++ return 1;
+ }
+
+ /* Encode short strings with increasing bit lengths */
@@ grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new)
+
+ if (der_len != tv[i].derlen || grub_memcmp (der, tv[i].der,
der_len) != 0)
+ {
-+ grub_fatal ("asn1_bit_der iter %lu\n", (unsigned long) i);
-+ return;
++ grub_printf ("asn1_bit_der iter %lu\n", (unsigned long) i);
++ return 1;
+ }
+
+ /* Decode it */
@@ grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new)
+ if (result != ASN1_SUCCESS || ret_len != tv[i].derlen
+ || bit_len != tv[i].bitlen)
+ {
-+ grub_fatal ("asn1_get_bit_der iter %lu, err: %d\n", (unsigned long)
i, result);
-+ return;
++ grub_printf ("asn1_get_bit_der iter %lu, err: %d\n", (unsigned long)
i, result);
++ return 1;
+ }
+ }
+
@@ grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new)
+ if (result != ASN1_SUCCESS || ret_len != 5
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xc0", 3) != 0)
+ {
-+ grub_fatal ("asn1_get_bit_der example\n");
-+ return;
++ grub_printf ("asn1_get_bit_der example\n");
++ return 1;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
-+ grub_fatal ("asn1_bit_der example roundtrip\n");
-+ return;
++ grub_printf ("asn1_bit_der example roundtrip\n");
++ return 1;
+ }
+
+ /* 03 04 06 6e 5d e0 padded with "100000" */
@@ grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new)
+ if (result != ASN1_SUCCESS || ret_len != 5
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xe0", 3) != 0)
+ {
-+ grub_fatal ("asn1_get_bit_der example padded\n");
-+ return;
++ grub_printf ("asn1_get_bit_der example padded\n");
++ return 1;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
-+ grub_fatal ("asn1_bit_der example roundtrip\n");
-+ return;
++ grub_printf ("asn1_bit_der example roundtrip\n");
++ return 1;
+ }
+
+ /* 03 81 04 06 6e 5d c0 long form of length octets */
@@ grub-core/lib/libtasn1_wrap/tests/Test_simple.c (new)
+ if (result != ASN1_SUCCESS || ret_len != 6
+ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xc0", 3) != 0)
+ {
-+ grub_fatal ("asn1_get_bit_der example long form\n");
-+ return;
++ grub_printf ("asn1_get_bit_der example long form\n");
++ return 1;
+ }
+
+ der_len = sizeof (der);
+ asn1_bit_der (str, bit_len, der, &der_len);
+ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0)
+ {
-+ grub_fatal ("asn1_bit_der example roundtrip\n");
-+ return;
++ grub_printf ("asn1_bit_der example roundtrip\n");
++ return 1;
+ }
++
++ return 0;
+}
- ## grub-core/lib/libtasn1_wrap/tests/Test_strings.c (new) ##
+ ## grub-core/tests/asn1/Test_strings.c (new) ##
@@
+/*
+ * Copyright (C) 2012-2014 Free Software Foundation, Inc.
@@ grub-core/lib/libtasn1_wrap/tests/Test_strings.c (new)
+ *
+ */
+
-+#include <grub/mm.h>
-+#include <grub/err.h>
-+#include <grub/misc.h>
-+#include <grub/libtasn1.h>
-+#include "../wrap_tests.h"
++#include "asn1_test.h"
+
+struct tv
+{
@@ grub-core/lib/libtasn1_wrap/tests/Test_strings.c (new)
+
SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x24\x80\x04\x82\x00\x02\xa1\xa1\x04\x82\x00\x01\xc1\x00\x00\x00\x00")},
+};
+
-+void
++int
+test_strings ()
+{
+ int ret;
@@ grub-core/lib/libtasn1_wrap/tests/Test_strings.c (new)
+ tl, &tl_len);
+ if (ret != ASN1_SUCCESS)
+ {
-+ grub_fatal ("Encoding error in %u: %s\n", i,
-+ asn1_strerror (ret));
-+ return;
++ grub_printf ("Encoding error in %u: %s\n", i, asn1_strerror (ret));
++ return 1;
+ }
+ der_len = tl_len + tv[i].str_len;
+
+ if (der_len != tv[i].der_len || grub_memcmp (tl, tv[i].der, tl_len)
!= 0)
+ {
-+ grub_fatal (
-+ "DER encoding differs in %u! (size: %u, expected: %u)\n",
-+ i, der_len, tv[i].der_len);
-+ return;
++ grub_printf ("DER encoding differs in %u! (size: %u, expected: %u)\n",
++ i, der_len, tv[i].der_len);
++ return 1;
+ }
+
+ /* decoding */
@@ grub-core/lib/libtasn1_wrap/tests/Test_strings.c (new)
+ &str_len);
+ if (ret != ASN1_SUCCESS)
+ {
-+ grub_fatal ("Decoding error in %u: %s\n", i,
-+ asn1_strerror (ret));
-+ return;
++ grub_printf ("Decoding error in %u: %s\n", i, asn1_strerror (ret));
++ return 1;
+ }
+
+ if (str_len != tv[i].str_len || grub_memcmp (str, tv[i].str,
str_len) != 0)
+ {
-+ grub_fatal (
-+ "DER decoded data differ in %u! (size: %u, expected: %u)\n",
-+ i, der_len, tv[i].str_len);
-+ return;
++ grub_printf ("DER decoded data differ in %u! (size: %u, expected:
%u)\n",
++ i, der_len, tv[i].str_len);
++ return 1;
+ }
+ }
+
@@ grub-core/lib/libtasn1_wrap/tests/Test_strings.c (new)
+ &str_len, NULL);
+ if (ret != ASN1_SUCCESS)
+ {
-+ grub_fatal ("BER decoding error in %u: %s\n", i,
-+ asn1_strerror (ret));
-+ return;
++ grub_printf ("BER decoding error in %u: %s\n", i, asn1_strerror
(ret));
++ return 1;
+ }
+
+ if (str_len != ber[i].str_len || grub_memcmp (b, ber[i].str,
str_len) != 0)
+ {
-+ grub_fatal (
-+ "BER decoded data differ in %u! (size: %u, expected: %u)\n",
-+ i, str_len, ber[i].str_len);
-+ return;
++ grub_printf ("BER decoded data differ in %u! (size: %u, expected:
%u)\n",
++ i, str_len, ber[i].str_len);
++ return 1;
+ }
+ grub_free(b);
+ }
++
++ return 0;
++}
+
+ ## grub-core/tests/asn1/asn1_test.c (new) ##
+@@
++/*
++ * GRUB -- GRand Unified Bootloader
++ * Copyright (C) 2020 IBM Corporation
++ *
++ * GRUB is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GRUB is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <grub/test.h>
++#include <grub/dl.h>
++#include "asn1_test.h"
++
++/*
++ * libtasn1 tests - from which this is derived - are provided under GPL3+.
++ */
++GRUB_MOD_LICENSE ("GPLv3+");
++
++static void
++asn1_test (void)
++{
++ grub_test_assert (test_CVE_2018_1000654 () == 0, "CVE-2018-1000654 test
failed");
++
++ grub_test_assert (test_object_id_encoding () == 0, "ASN.1 object ID
encoding test failed");
++
++ grub_test_assert (test_object_id_decoding () == 0, "ASN.1 object ID
decoding test failed");
++
++ grub_test_assert (test_octet_string () == 0, "ASN.1 octet string test
failed");
++
++ grub_test_assert (test_overflow () == 0, "ASN.1 overflow test failed");
++
++ grub_test_assert (test_reproducers () == 0, "ASN.1 reproducers test
failed");
++
++ grub_test_assert (test_simple () == 0, "ASN.1 simple test failed");
++
++ grub_test_assert (test_strings () == 0, "ASN.1 strings test fail" );
+}
++
++/* Register asn1_test method as a functional test. */
++GRUB_FUNCTIONAL_TEST (asn1_test, asn1_test);
+
+ ## grub-core/tests/asn1/asn1_test.h (new) ##
+@@
++/*
++ * GRUB -- GRand Unified Bootloader
++ * Copyright (C) 2020 IBM Corporation
++ *
++ * GRUB is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GRUB is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef LIBTASN1_WRAP_TESTS_H
++#define LIBTASN1_WRAP_TESTS_H
++
++#include <grub/libtasn1.h>
++#include <grub/err.h>
++#include <grub/mm.h>
++#include <grub/misc.h>
++#include <grub/types.h>
++
++int test_CVE_2018_1000654 (void);
++
++int test_object_id_encoding (void);
++
++int test_object_id_decoding (void);
++
++int test_octet_string (void);
++
++int test_overflow (void);
++
++int test_reproducers (void);
++
++int test_simple (void);
++
++int test_strings (void);
++
++#endif
- ## grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c (new) ##
+ ## grub-core/tests/asn1/object-id-decoding.c (new) ##
@@
+/*
+ * Copyright (C) 2016 Red Hat, Inc.
@@ grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c (new)
+ *
+ */
+
-+#include <grub/libtasn1.h>
-+#include <grub/types.h>
-+#include <grub/misc.h>
-+#include <grub/err.h>
-+#include "../wrap_tests.h"
++#include "asn1_test.h"
+
+struct tv
+{
@@ grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c (new)
+ .expected_error = ASN1_SUCCESS},
+};
+
-+void
++int
+test_object_id_decoding (void)
+{
+ char str[128];
@@ grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c (new)
+ sizeof (str));
+ if (ret != tv[i].expected_error)
+ {
-+ grub_fatal (
-+ "%d: asn1_get_object_id_der iter %lu: got '%s' expected
%d\n",
-+ __LINE__, (unsigned long) i, asn1_strerror(ret),
tv[i].expected_error);
-+ return;
++ grub_printf ("%d: asn1_get_object_id_der iter %lu: got '%s' expected
%d\n",
++ __LINE__, (unsigned long) i, asn1_strerror(ret),
tv[i].expected_error);
++ return 1;
+ }
+
+ if (tv[i].expected_error != ASN1_SUCCESS)
@@ grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c (new)
+
+ if (ret_len != tv[i].der_len-1)
+ {
-+ grub_fatal (
-+ "%d: iter %lu: error in DER, length returned is %d, had
%d\n",
-+ __LINE__, (unsigned long)i, ret_len, tv[i].der_len-1);
-+ return;
++ grub_printf ("%d: iter %lu: error in DER, length returned is %d, had
%d\n",
++ __LINE__, (unsigned long)i, ret_len, tv[i].der_len-1);
++ return 1;
+ }
+
+ if (grub_strcmp (tv[i].oid, str) != 0)
+ {
-+ grub_fatal (
-+ "%d: strcmp iter %lu: got invalid OID: %s, expected: %s\n",
-+ __LINE__, (unsigned long) i, str, tv[i].oid);
-+ return;
++ grub_printf ("%d: strcmp iter %lu: got invalid OID: %s, expected:
%s\n",
++ __LINE__, (unsigned long) i, str, tv[i].oid);
++ return 1;
+ }
-+
+ }
++ return 0;
+}
- ## grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c (new) ##
+ ## grub-core/tests/asn1/object-id-encoding.c (new) ##
@@
+/*
+ * Copyright (C) 2019 Nikos Mavrogiannopoulos
@@ grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c (new)
+ *
+ */
+
-+#include <grub/libtasn1.h>
-+#include <grub/types.h>
-+#include <grub/misc.h>
-+#include <grub/err.h>
-+#include "../wrap_tests.h"
++#include "asn1_test.h"
+
+struct tv
+{
@@ grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c (new)
+ .expected_error = ASN1_SUCCESS},
+};
+
-+void
++int
+test_object_id_encoding(void)
+{
+ unsigned char der[128];
@@ grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c (new)
+ {
+ if (ret == tv[i].expected_error)
+ continue;
-+ grub_fatal (
-+ "%d: iter %lu, encoding of OID failed: %s\n",
-+ __LINE__, (unsigned long) i, asn1_strerror(ret));
-+ return;
++ grub_printf ("%d: iter %lu, encoding of OID failed: %s\n",
++ __LINE__, (unsigned long) i, asn1_strerror(ret));
++ return 1;
+ }
+ else if (ret != tv[i].expected_error)
+ {
-+ grub_fatal (
-+ "%d: iter %lu, encoding of OID %s succeeded when expecting
failure\n",
-+ __LINE__, (unsigned long) i, tv[i].oid);
-+ return;
++ grub_printf ("%d: iter %lu, encoding of OID %s succeeded when
expecting failure\n",
++ __LINE__, (unsigned long) i, tv[i].oid);
++ return 1;
+ }
+
+ if (der_len != tv[i].der_len || grub_memcmp(der, tv[i].der,
der_len) != 0)
+ {
-+ grub_fatal (
-+ "%d: iter %lu, re-encoding of OID %s resulted to different
string (%d vs %d bytes)\n",
-+ __LINE__, (unsigned long) i, tv[i].oid, der_len,
tv[i].der_len);
++ grub_printf ("%d: iter %lu, re-encoding of OID %s resulted to
different string (%d vs %d bytes)\n",
++ __LINE__, (unsigned long) i, tv[i].oid, der_len,
tv[i].der_len);
+
-+ return;
++ return 1;
+ }
+ }
++ return 0;
+}
- ## grub-core/lib/libtasn1_wrap/tests/octet-string.c (new) ##
+ ## grub-core/tests/asn1/octet-string.c (new) ##
@@
+/*
+ * Copyright (C) 2011-2020 Free Software Foundation, Inc.
@@ grub-core/lib/libtasn1_wrap/tests/octet-string.c (new)
+ *
+ */
+
-+#include <grub/libtasn1.h>
-+#include <grub/err.h>
-+#include <grub/mm.h>
-+#include <grub/misc.h>
-+#include "../wrap_tests.h"
++#include "asn1_test.h"
+
+
+struct tv
@@ grub-core/lib/libtasn1_wrap/tests/octet-string.c (new)
+ }
+};
+
-+void
++int
+test_octet_string (void)
+{
+ unsigned char str[100];
@@ grub-core/lib/libtasn1_wrap/tests/octet-string.c (new)
+ sizeof (str), &str_size);
+ if (ret != tv[i].expected_error)
+ {
-+ grub_fatal (
-+ "%d: asn1_get_octet_der: %s: got %d expected %d\n",
-+ __LINE__, tv[i].name, ret,
-+ tv[i].expected_error);
-+ return;
++ grub_printf ("%d: asn1_get_octet_der: %s: got %d expected %d\n",
++ __LINE__, tv[i].name, ret, tv[i].expected_error);
++ return 1;
+ }
+ if (tv[i].expected_error)
+ continue;
+
+ if (ret_len != tv[i].der_len - 1)
+ {
-+ grub_fatal (
-+ "%d: error in DER, length returned is %d, had %d\n",
-+ __LINE__, ret_len, tv[i].der_len - 1);
-+ return;
++ grub_printf ("%d: error in DER, length returned is %d, had %d\n",
++ __LINE__, ret_len, tv[i].der_len - 1);
++ return 1;
+ }
+
+ if (str_size != tv[i].len
+ || grub_memcmp (tv[i].string, str, tv[i].len) != 0)
+ {
-+ grub_fatal (
-+ "%d: memcmp: %s: got invalid decoding\n",
-+ __LINE__, tv[i].name);
++ grub_printf ("%d: memcmp: %s: got invalid decoding\n",
++ __LINE__, tv[i].name);
+
-+ return;
++ return 1;
+ }
+
+ /* Encode */
@@ grub-core/lib/libtasn1_wrap/tests/octet-string.c (new)
+ if (der_len != tv[i].der_len - 1
+ || grub_memcmp (tv[i].der_str + 1, der, tv[i].der_len - 1) != 0)
+ {
-+ grub_fatal (
-+ "encoding: %s: got invalid encoding\n",
-+ tv[i].name);
-+ return;
++ grub_printf ("encoding: %s: got invalid encoding\n", tv[i].name);
++ return 1;
+ }
+ }
+
@@ grub-core/lib/libtasn1_wrap/tests/octet-string.c (new)
+ &tmp, (unsigned int*)&str_size, (unsigned
int*)&der_len);
+ if (ret != tv[i].expected_error)
+ {
-+ grub_fatal (
-+ "%d: asn1_decode_simple_ber: %s: got %s expected %s\n",
-+ __LINE__, tv[i].name, asn1_strerror(ret),
asn1_strerror(tv[i].expected_error));
-+ return;
++ grub_printf ("%d: asn1_decode_simple_ber: %s: got %s expected %s\n",
++ __LINE__, tv[i].name, asn1_strerror(ret),
++ asn1_strerror(tv[i].expected_error));
++ return 1;
+ }
+ if (tv[i].expected_error)
+ continue;
+
+ if (der_len != tv[i].der_len)
+ {
-+ grub_fatal (
-+ "%d: error: %s: DER, length returned is %d, had %d\n",
-+ __LINE__, tv[i].name, der_len, tv[i].der_len);
-+ return;
++ grub_printf ("%d: error: %s: DER, length returned is %d, had %d\n",
++ __LINE__, tv[i].name, der_len, tv[i].der_len);
++ return 1;
+ }
+
+ if (str_size != tv[i].len || grub_memcmp (tv[i].string, tmp,
tv[i].len) != 0)
+ {
-+ grub_fatal (
-+ "%d: memcmp: %s: got invalid decoding\n",
-+ __LINE__, tv[i].name);
-+ return;
++ grub_printf ("%d: memcmp: %s: got invalid decoding\n", __LINE__,
tv[i].name);
++ return 1;
+ }
+ grub_free (tmp);
+ tmp = NULL;
+
+ }
++ return 0;
+}
- ## grub-core/lib/libtasn1_wrap/tests/reproducers.c (new) ##
+ ## grub-core/tests/asn1/reproducers.c (new) ##
@@
+/*
+ * Copyright (C) 2019 Free Software Foundation, Inc.
@@ grub-core/lib/libtasn1_wrap/tests/reproducers.c (new)
+/* Description: run reproducers for several fixed issues */
+/****************************************************************/
+
-+#include <grub/libtasn1.h>
-+#include <grub/err.h>
-+#include <grub/mm.h>
-+#include "../wrap_tests.h"
++#include "asn1_test.h"
+
+#define CONST_DOWN (1U<<29)
+
@@ grub-core/lib/libtasn1_wrap/tests/reproducers.c (new)
+{ NULL, 0, NULL }
+};
+
-+void
++int
+test_reproducers (void)
+{
+ int result;
@@ grub-core/lib/libtasn1_wrap/tests/reproducers.c (new)
+ result = asn1_array2tree (endless_asn1_tab, &definitions,
errorDescription);
+ if (result != ASN1_SUCCESS)
+ {
-+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
-+ asn1_strerror (result), errorDescription);
-+ return;
++ grub_printf ("Error: %s\nErrorDescription = %s\n\n",
++ asn1_strerror (result), errorDescription);
++ return 1;
+ }
+
+ asn1_delete_structure (&definitions);
@@ grub-core/lib/libtasn1_wrap/tests/reproducers.c (new)
+ result = asn1_array2tree (tab, &definitions, errorDescription);
+ if (result != ASN1_SUCCESS)
+ {
-+ grub_fatal ("Error: %s\nErrorDescription = %s\n\n",
-+ asn1_strerror (result), errorDescription);
-+ return;
++ grub_printf ("Error: %s\nErrorDescription = %s\n\n",
++ asn1_strerror (result), errorDescription);
++ return 1;
+ }
+
+ asn1_delete_structure (&definitions);
-+}
-
- ## grub-core/lib/libtasn1_wrap/wrap_tests.c (new) ##
-@@
-+/*
-+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2020 IBM Corporation
-+ *
-+ * GRUB is free software: you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation, either version 3 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * GRUB is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#include <grub/dl.h>
-+#include <grub/command.h>
-+#include <grub/mm.h>
-+#include "wrap_tests.h"
-+
-+/*
-+ * libtasn1 tests - from which this is derived - are provided under GPL3+.
-+ */
-+GRUB_MOD_LICENSE ("GPLv3+");
-+
-+static grub_command_t cmd;
-+
-+static grub_err_t
-+grub_cmd_asn1test (grub_command_t cmdd __attribute__((unused)),
-+ int argc __attribute__((unused)),
-+ char **args __attribute__((unused)))
-+{
-+ grub_printf ("test_CVE_2018_1000654\n");
-+ test_CVE_2018_1000654 ();
-+
-+ grub_printf ("test_object_id_decoding\n");
-+ test_object_id_decoding ();
-+
-+ grub_printf ("test_object_id_encoding\n");
-+ test_object_id_encoding ();
-+
-+ grub_printf ("test_octet_string\n");
-+ test_octet_string ();
-+
-+ grub_printf ("test_overflow\n");
-+ test_overflow ();
-+
-+ grub_printf ("test_reproducers\n");
-+ test_overflow ();
-+
-+ grub_printf ("test_simple\n");
-+ test_simple ();
-+
-+ grub_printf ("test_strings\n");
-+ test_strings ();
-+
-+ grub_printf ("ASN.1 self-tests passed\n");
-+
-+ return GRUB_ERR_NONE;
-+}
-+
+
-+GRUB_MOD_INIT(test_asn1)
-+{
-+ cmd = grub_register_command ("test_asn1", grub_cmd_asn1test, NULL,
-+ "Run self-tests for the ASN.1 parser.");
-+}
-+
-+GRUB_MOD_FINI(test_asn1)
-+{
-+ grub_unregister_command (cmd);
++ return 0;
+}
- ## grub-core/lib/libtasn1_wrap/wrap_tests.h (new) ##
-@@
-+/*
-+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2020 IBM Corporation
-+ *
-+ * GRUB is free software: you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation, either version 3 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * GRUB is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#ifndef LIBTASN1_WRAP_TESTS_H
-+#define LIBTASN1_WRAP_TESTS_H
-+
-+void test_CVE_2018_1000654 (void);
-+
-+void test_object_id_encoding (void);
-+
-+void test_object_id_decoding (void);
-+
-+void test_octet_string (void);
-+
-+void test_overflow (void);
-+
-+void test_reproducers (void);
-+
-+void test_simple (void);
-+
-+void test_strings (void);
-+
-+#endif
+ ## grub-core/tests/lib/functional_test.c ##
+@@ grub-core/tests/lib/functional_test.c: grub_functional_all_tests
(grub_extcmd_context_t ctxt __attribute__ ((unused)),
+ grub_dl_load ("cmp_test");
+ grub_dl_load ("mul_test");
+ grub_dl_load ("shift_test");
++ grub_dl_load ("asn1_test");
+
+ FOR_LIST_ELEMENTS (test, grub_test_list)
+ ok = !grub_test_run (test) && ok;
- ## tests/test_asn1.in (new) ##
+ ## tests/asn1_test.in (new) ##
@@
+#! @BUILD_SHEBANG@
+set -e
+
+. "@builddir@/grub-core/modinfo.sh"
+
-+out=`echo test_asn1 | @builddir@/grub-shell`
++out=`echo functional_test asn1_test | @builddir@/grub-shell`
+
-+if [ "$(echo "$out" | tail -n 1)" != "ASN.1 self-tests passed" ]; then
++if [ "$(echo "$out" | tail -n 1)" != "ALL TESTS PASSED" ]; then
+ echo "ASN.1 test failure: $out"
+ exit 1
+fi
7: 1de592e66 ! 7: 3f1368c63 libtasn1: Add the documentation
@@ Commit message
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
## docs/grub-dev.texi ##
@@ docs/grub-dev.texi: cp minilzo-2.10/*.[hc] grub-core/lib/minilzo
@@ docs/grub-dev.texi: cp minilzo-2.10/*.[hc] grub-core/lib/minilzo
##
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
(new) ##
@@
-+From c1c3459159d5d84e0d6da6eec6b86df5ccee1417 Mon Sep 17 00:00:00 2001
++From 210923227f4b366afa1104f62e82836587a8a753 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 1 May 2020 17:12:23 +1000
+Subject: [PATCH 1/2] libtasn1: disable code not needed in grub
@@
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.pat
+---
+ grub-core/lib/libtasn1/lib/coding.c | 12 ++++++++++--
+ grub-core/lib/libtasn1/lib/decoding.c | 2 ++
-+ grub-core/lib/libtasn1/lib/element.c | 4 ++--
++ grub-core/lib/libtasn1/lib/element.c | 6 +++---
+ grub-core/lib/libtasn1/lib/errors.c | 3 +++
+ grub-core/lib/libtasn1/lib/structure.c | 10 ++++++----
+ include/grub/libtasn1.h | 15 +++++++++++++++
-+ 6 files changed, 38 insertions(+), 8 deletions(-)
++ 6 files changed, 39 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/lib/libtasn1/lib/coding.c
b/grub-core/lib/libtasn1/lib/coding.c
-+index ea5bc370e..841fe47a9 100644
++index ea5bc370e..5d03bca9d 100644
+--- a/grub-core/lib/libtasn1/lib/coding.c
++++ b/grub-core/lib/libtasn1/lib/coding.c
+@@ -30,11 +30,11 @@
@@ -30,11 +30,11 @@
+
+ #define MAX_TAG_LEN 16
+
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ /******************************************************/
+ /* Function : _asn1_error_description_value_not_found */
+ /* Description: creates the ErrorDescription string */
@@ -244,6 +245,7 @@ asn1_encode_simple_der (unsigned int etype, const
unsigned char
+ return ASN1_SUCCESS;
+ }
+
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ /******************************************************/
+ /* Function : _asn1_time_der */
+ /* Description: creates the DER coding for a TIME */
@@ -519,6 +521,7 @@ asn1_bit_der (const unsigned char *str, int bit_len,
+ }
+
+
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ /******************************************************/
+ /* Function : _asn1_complete_explicit_tag */
+ /* Description: add the length coding to the EXPLICIT */
@@ -647,6 +651,8 @@ const tag_and_class_st _asn1_tags[] = {
+ unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof
(_asn1_tags[0]);
+
++
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ /******************************************************/
+ /* Function : _asn1_insert_tag_der */
+ /* Description: creates the DER coding of tags of one */
@@ -1423,3 +1429,5 @@ error:
+ }
++
++#endif
-+\ No newline at end of file
+diff --git a/grub-core/lib/libtasn1/lib/decoding.c
b/grub-core/lib/libtasn1/lib/decoding.c
-+index b9245c486..92fc87c23 100644
++index b9245c486..bf9cb13ac 100644
+--- a/grub-core/lib/libtasn1/lib/decoding.c
++++ b/grub-core/lib/libtasn1/lib/decoding.c
+@@ -1620,6 +1620,7 @@ asn1_der_decoding (asn1_node * element, const void
*ider, int ider_len,
+ return asn1_der_decoding2 (element, ider, &ider_len, 0,
errorDescription);
+ }
+
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ /**
+ * asn1_der_decoding_element:
+ * @structure: pointer to an ASN1 structure
@@ -1650,6 +1651,7 @@ asn1_der_decoding_element (asn1_node * structure,
const char
+ /**
+ * asn1_der_decoding_startEnd:
+diff --git a/grub-core/lib/libtasn1/lib/element.c
b/grub-core/lib/libtasn1/lib/element.c
-+index d4c558e10..5c7941e53 100644
++index d4c558e10..bc4c3c8d7 100644
+--- a/grub-core/lib/libtasn1/lib/element.c
++++ b/grub-core/lib/libtasn1/lib/element.c
++@@ -118,7 +118,7 @@ _asn1_convert_integer (const unsigned char *value,
unsigned char *value_out,
++ value_out[k2 - k] = val[k2];
++ }
++
++-#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
++ printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
++ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
++ printf (", vOut[%d]=%d", k, value_out[k]);
+@@ -191,7 +191,7 @@ _asn1_append_sequence_set (asn1_node node, struct
node_tail_cache_st *pcache)
+ return ASN1_SUCCESS;
+ }
@@ -646,7 +646,7 @@ asn1_write_value (asn1_node node_root, const char *name,
+ #define PUT_VALUE( ptr, ptr_size, data, data_size) \
+ *len = data_size; \
+diff --git a/grub-core/lib/libtasn1/lib/errors.c
b/grub-core/lib/libtasn1/lib/errors.c
-+index aef5dfe6f..0175ddedb 100644
++index aef5dfe6f..2b2322152 100644
+--- a/grub-core/lib/libtasn1/lib/errors.c
++++ b/grub-core/lib/libtasn1/lib/errors.c
+@@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = {
@@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = {
+ };
+
++
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ /**
+ * asn1_perror:
+ * @error: is an error returned by a libtasn1 function.
@@ -73,6 +75,7 @@ asn1_perror (int error)
+ /**
+ * asn1_strerror:
+diff --git a/grub-core/lib/libtasn1/lib/structure.c
b/grub-core/lib/libtasn1/lib/structure.c
-+index 512dd601f..3e1e35ba5 100644
++index 512dd601f..f5a947d57 100644
+--- a/grub-core/lib/libtasn1/lib/structure.c
++++ b/grub-core/lib/libtasn1/lib/structure.c
+@@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node)
@@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node)
+ }
+
+-
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ int
+ _asn1_create_static_structure (asn1_node_const pointer,
+ char *output_file_name, char *vector_name)
@@ -721,7 +721,7 @@ asn1_create_element (asn1_node_const definitions, const
char *s
+ }
+
+-
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ /**
+ * asn1_print_structure:
+ * @out: pointer to the output file (e.g. stdout).
@@ -1158,6 +1158,7 @@ asn1_find_structure_from_oid (asn1_node_const
definitions,
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+ }
+
-++#if 0
+++#if 0 /* GRUB SKIPPED IMPORTING */
+ /**
+ * asn1_copy_node:
+ * @dst: Destination asn1 node.
@@ -1207,6 +1208,7 @@ asn1_copy_node (asn1_node dst, const char *dst_name,
+ /**
+ * asn1_dup_node:
+diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h
-+index 51cc7879f..507e0679e 100644
++index 51cc7879f..058ab27b0 100644
+--- a/include/grub/libtasn1.h
++++ b/include/grub/libtasn1.h
+@@ -318,6 +318,8 @@ extern "C"
@@ -318,6 +318,8 @@ extern "C"
+ /***********************************/
+
++/* These functions are not used in grub and should not be referenced. */
-++# if 0
+++# if 0 /* GRUB SKIPPED IMPORTING */
+ extern ASN1_API int
+ asn1_parser2tree (const char *file,
+ asn1_node * definitions, char *error_desc);
@@ -326,14 +328,17 @@ extern "C"
+ asn1_array2tree (const asn1_static_node * array,
+ asn1_node * definitions, char *errorDescription);
+
-++# if 0
+++# if 0 /* GRUB SKIPPED IMPORTING */
+ extern ASN1_API void
+ asn1_print_structure (FILE * out, asn1_node_const structure,
+ const char *name, int mode);
@@ -347,9 +352,11 @@ extern "C"
+ extern ASN1_API int
+ asn1_delete_element (asn1_node structure, const char *element_name);
+
-++# if 0
+++# if 0 /* GRUB SKIPPED IMPORTING */
+ extern ASN1_API int
+ asn1_write_value (asn1_node node_root, const char *name,
+ const void *ivalue, int len);
@@ -366,9 +373,11 @@ extern "C"
+ asn1_number_of_elements (asn1_node_const element, const char *name,
+ int *num);
+
-++# if 0
+++# if 0 /* GRUB SKIPPED IMPORTING */
+ extern ASN1_API int
+ asn1_der_coding (asn1_node_const element, const char *name,
+ void *ider, int *len, char *ErrorDescription);
@@ -379,6 +388,7 @@ extern "C"
+ asn1_der_decoding (asn1_node * element, const void *ider,
+ int ider_len, char *errorDescription);
+
-++# if 0
+++# if 0 /* GRUB SKIPPED IMPORTING */
+ /* Do not use. Use asn1_der_decoding() instead. */
+ extern ASN1_API int
+ asn1_der_decoding_element (asn1_node * structure,
@@ -411,12 +422,16 @@ extern "C"
+ const char
+ *oidValue);
+
-++# if 0
+++# if 0 /* GRUB SKIPPED IMPORTING */
+ __LIBTASN1_PURE__
+ extern ASN1_API const char *asn1_check_version (const char
*req_version);
++# endif
+
+ __LIBTASN1_PURE__ extern ASN1_API const char *asn1_strerror (int
error);
+
-++# if 0
+++# if 0 /* GRUB SKIPPED IMPORTING */
+ extern ASN1_API void asn1_perror (int error);
++# endif
+
@@ -411,12 +422,16 @@ extern "C"
##
grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
(new) ##
@@
-+From 5d84feb27c073056739514bc0cb578fdf7cc5a90 Mon Sep 17 00:00:00 2001
++From 6ace81543a3c716a15ac92e825e90a5f949b9faf Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 1 May 2020 20:44:29 +1000
+Subject: [PATCH 2/2] libtasn1: changes for grub compatibility
+
+Do a few things to make libtasn1 compile as part of grub:
+
-+ - redefine _asn1_strcat. grub removed strcat so replace it with the
-+ appropriate calls to memcpy and strlen. Use this internally where
-+ strcat was used.
-+
-+ - replace c_isdigit with grub_isdigit (and don't import c-ctype from
-+ gnulib) grub_isdigit provides the same functionality as c_isdigit: it
-+ determines if the input is an ASCII digit without regard for locale.
++ - remove _asn1_strcat and replace strcat with the bound-checked
++ _asn1_str_cat except the one inside _asn1_str_cat. That strcat is
++ replaced with strcpy.
+
-+ - replace GL_ATTRIBUTE_PURE with __attribute__((pure)) which been
-+ supported since gcc-2.96. This avoids messing around with gnulib.
-+
-+ - adjust libtasn1.h: drop the ASN1_API logic, it's not needed for our
-+ modules. Unconditionally support const and pure attributes and adjust
-+ header paths.
++ - adjust header paths in libtasn1.h
+
+ - adjust header paths to "grub/libtasn1.h".
+
@@
grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patc
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Gary Lin <glin@suse.com>
++
++libtasn1: get rid of strcat
++
++- Replace strcat and memcpy in _asn1_str_cat with strcpy and strncat
++- Replace strcat with the bound-checking _asn1_str_cat
++- Remove _asn1_strcat
++
++Signed-off-by: Gary Lin <glin@suse.com>
+---
-+ grub-core/lib/libtasn1/lib/decoding.c | 11 +++++-----
-+ grub-core/lib/libtasn1/lib/element.c | 3 ++-
-+ grub-core/lib/libtasn1/lib/gstr.c | 4 ++--
-+ grub-core/lib/libtasn1/lib/int.h | 4 ++--
-+ grub-core/lib/libtasn1/lib/parser_aux.c | 7 +++---
-+ include/grub/libtasn1.h | 29 +++++++------------------
-+ 6 files changed, 24 insertions(+), 34 deletions(-)
++ grub-core/lib/libtasn1/lib/decoding.c | 8 ++++----
++ grub-core/lib/libtasn1/lib/element.c | 2 +-
++ grub-core/lib/libtasn1/lib/gstr.c | 2 +-
++ grub-core/lib/libtasn1/lib/int.h | 3 +--
++ grub-core/lib/libtasn1/lib/parser_aux.c | 2 +-
++ include/grub/libtasn1.h | 5 ++---
++ 6 files changed, 10 insertions(+), 12 deletions(-)
+
+diff --git a/grub-core/lib/libtasn1/lib/decoding.c
b/grub-core/lib/libtasn1/lib/decoding.c
-+index 92fc87c23..4fd5f0ce6 100644
++index bf9cb13ac..51859fe36 100644
+--- a/grub-core/lib/libtasn1/lib/decoding.c
++++ b/grub-core/lib/libtasn1/lib/decoding.c
-+@@ -32,7 +32,8 @@
-+ #include <element.h>
-+ #include <limits.h>
-+ #include <intprops.h>
-+-#include "c-ctype.h"
-++
-++#define c_isdigit grub_isdigit
-+
-+ #ifdef DEBUG
-+ # define warn() fprintf(stderr, "%s: %d\n", __func__, __LINE__)
-+@@ -2016,8 +2017,8 @@ asn1_expand_octet_string (asn1_node_const
definitions, asn1_node * element,
++@@ -2016,8 +2016,8 @@ asn1_expand_octet_string (asn1_node_const
definitions, asn1_node * element,
+ (p2->type & CONST_ASSIGN))
+ {
+ strcpy (name, definitions->name);
+- strcat (name, ".");
+- strcat (name, p2->name);
-++ _asn1_strcat (name, ".");
-++ _asn1_strcat (name, p2->name);
+++ _asn1_str_cat (name, sizeof (name), ".");
+++ _asn1_str_cat (name, sizeof (name), p2->name);
+
+ len = sizeof (value);
+ result = asn1_read_value (definitions, name, value, &len);
-+@@ -2034,8 +2035,8 @@ asn1_expand_octet_string (asn1_node_const
definitions, asn1_node * element,
++@@ -2034,8 +2034,8 @@ asn1_expand_octet_string (asn1_node_const
definitions, asn1_node * element,
+ if (p2)
+ {
+ strcpy (name, definitions->name);
+- strcat (name, ".");
+- strcat (name, p2->name);
-++ _asn1_strcat (name, ".");
-++ _asn1_strcat (name, p2->name);
+++ _asn1_str_cat (name, sizeof (name), ".");
+++ _asn1_str_cat (name, sizeof (name), p2->name);
+
+ result = asn1_create_element (definitions, name, &aux);
+ if (result == ASN1_SUCCESS)
+diff --git a/grub-core/lib/libtasn1/lib/element.c
b/grub-core/lib/libtasn1/lib/element.c
-+index 5c7941e53..822a1b6ab 100644
++index bc4c3c8d7..8694fecb9 100644
+--- a/grub-core/lib/libtasn1/lib/element.c
++++ b/grub-core/lib/libtasn1/lib/element.c
-+@@ -30,9 +30,10 @@
-+ #include "parser_aux.h"
-+ #include <gstr.h>
-+ #include "structure.h"
-+-#include "c-ctype.h"
-+ #include "element.h"
++@@ -688,7 +688,7 @@ asn1_write_value (asn1_node node_root, const char
*name,
++ return ASN1_MEM_ERROR; \
++ } else { \
++ /* this strcat is checked */ \
++- if (ptr) _asn1_strcat (ptr, data); \
+++ if (ptr) _asn1_str_cat ((char *)ptr, ptr_size, (const
char *)data); \
++ }
+
-++#define c_isdigit grub_isdigit
-++
-+ void
-+ _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size)
-+ {
++ /**
+diff --git a/grub-core/lib/libtasn1/lib/gstr.c
b/grub-core/lib/libtasn1/lib/gstr.c
-+index eef419554..bc507d3d8 100644
++index eef419554..a9c16f5d3 100644
+--- a/grub-core/lib/libtasn1/lib/gstr.c
++++ b/grub-core/lib/libtasn1/lib/gstr.c
-+@@ -36,13 +36,13 @@ _asn1_str_cat (char *dest, size_t dest_tot_size,
const char *src)
++@@ -36,7 +36,7 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const
char *src)
+
+ if (dest_tot_size - dest_size > str_size)
+ {
+- strcat (dest, src);
-++ _asn1_strcat (dest, src);
+++ strcpy (dest + dest_size, src);
+ }
+ else
+ {
-+ if (dest_tot_size > dest_size)
-+ {
-+- strncat (dest, src, (dest_tot_size - dest_size) - 1);
-++ memcpy (dest + dest_size, src, (dest_tot_size - dest_size) - 1);
-+ dest[dest_tot_size - 1] = 0;
-+ }
-+ }
+diff --git a/grub-core/lib/libtasn1/lib/int.h
b/grub-core/lib/libtasn1/lib/int.h
-+index d94d51c8c..07dd669ac 100644
++index d94d51c8c..7409c7655 100644
+--- a/grub-core/lib/libtasn1/lib/int.h
++++ b/grub-core/lib/libtasn1/lib/int.h
+@@ -35,7 +35,7 @@
@@ -35,7 +35,7 @@
+
+ # define ASN1_SMALL_VALUE_SIZE 16
+
-+@@ -115,7 +115,7 @@ extern const tag_and_class_st _asn1_tags[];
++@@ -115,7 +115,6 @@ extern const tag_and_class_st _asn1_tags[];
+ # define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b)
+ # define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b)
+ # define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b)
+-# define _asn1_strcat(a,b) strcat((char *)a, (const char *)b)
-++# define _asn1_strcat(a,b) memcpy((char *)a + strlen((const char *)a),
(const char *)b, strlen((const char *)b) + 1)
+
+ # if SIZEOF_UNSIGNED_LONG_INT == 8
+ # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b)
+diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c
b/grub-core/lib/libtasn1/lib/parser_aux.c
-+index c05bd2339..8bdc42ae3 100644
++index c05bd2339..e4e4c0556 100644
+--- a/grub-core/lib/libtasn1/lib/parser_aux.c
++++ b/grub-core/lib/libtasn1/lib/parser_aux.c
-+@@ -26,7 +26,8 @@
-+ #include "gstr.h"
-+ #include "structure.h"
-+ #include "element.h"
-+-#include "c-ctype.h"
-++
-++#define c_isdigit grub_isdigit
-+
-+ char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier
name not found */
-+
-+@@ -40,7 +41,7 @@ char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1];
/* identifier name not fou
-+ #ifdef __clang__
-+ __attribute__((no_sanitize ("integer")))
-+ #endif
-+- _GL_ATTRIBUTE_PURE static unsigned int _asn1_hash_name (const char
*x)
-++ __attribute__((__pure__)) static unsigned int _asn1_hash_name
(const char *x)
-+ {
-+ const unsigned char *s = (unsigned char *) x;
-+ unsigned h = 0;
-+@@ -632,7 +633,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE])
++@@ -632,7 +632,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE])
+ count = 0;
+ do
+ {
@@ -632,7 +633,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE])
+ temp[start + count] = '0' + (char) r;
+ count++;
+diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h
-+index 507e0679e..201089c11 100644
++index 058ab27b0..7d64b6ab7 100644
+--- a/include/grub/libtasn1.h
++++ b/include/grub/libtasn1.h
-+@@ -34,29 +34,16 @@
-+ #ifndef LIBTASN1_H
-+ # define LIBTASN1_H
-+
-+-# ifndef ASN1_API
-+-# if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY
-+-# define ASN1_API __attribute__((__visibility__("default")))
-+-# elif defined ASN1_BUILDING && defined _MSC_VER && ! defined
ASN1_STATIC
-+-# define ASN1_API __declspec(dllexport)
-+-# elif defined _MSC_VER && ! defined ASN1_STATIC
-+-# define ASN1_API __declspec(dllimport)
-+-# else
-+-# define ASN1_API
-+-# endif
-+-# endif
-++/* grub: ASN1_API is not used */
-++# define ASN1_API
-++
-++/* grub: all our supported compilers support these attributes */
-++# define __LIBTASN1_CONST__ __attribute__((const))
-++# define __LIBTASN1_PURE__ __attribute__((pure))
-+
-+-# ifdef __GNUC__
-+-# define __LIBTASN1_CONST__ __attribute__((const))
-+-# define __LIBTASN1_PURE__ __attribute__((pure))
-+-# else
-+-# define __LIBTASN1_CONST__
-+-# define __LIBTASN1_PURE__
-+-# endif
++@@ -54,9 +54,8 @@
++ # define __LIBTASN1_PURE__
++ # endif
+
+-# include <sys/types.h>
+-# include <time.h>
8: f9e763584 ! 8: b9282e8db protectors: Add key protectors framework
@@ Metadata
Author: Hernan Gatta <hegatta@linux.microsoft.com>
## Commit message ##
- protectors: Add key protectors framework
+ key_protector: Add key protectors framework
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
@@ Commit message
name exists and if an unlocking key is successfully retrieved by it,
the
function returns to the caller the retrieved key and its length.
+ Cc: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Signed-off-by: Gary Lin <glin@suse.com>
@@ grub-core/Makefile.am: endif
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h
-+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/protector.h
++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/key_protector.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h
## grub-core/Makefile.core.def ##
-@@ grub-core/Makefile.core.def: kernel = {
- common = kern/misc.c;
- common = kern/parser.c;
- common = kern/partition.c;
-+ common = kern/protectors.c;
- common = kern/rescue_parser.c;
- common = kern/rescue_reader.c;
- common = kern/term.c;
+@@ grub-core/Makefile.core.def: module = {
+ common = disk/raid6_recover.c;
+ };
+
++module = {
++ name = key_protector;
++ common = disk/key_protector.c;
++};
++
+ module = {
+ name = scsi;
+ common = disk/scsi.c;
- ## grub-core/kern/protectors.c (new) ##
+ ## grub-core/disk/key_protector.c (new) ##
@@
+/*
+ * GRUB -- GRand Unified Bootloader
@@ grub-core/kern/protectors.c (new)
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
++#include <grub/dl.h>
+#include <grub/list.h>
+#include <grub/misc.h>
+#include <grub/mm.h>
-+#include <grub/protector.h>
++#include <grub/key_protector.h>
++
++GRUB_MOD_LICENSE ("GPLv3+");
+
+struct grub_key_protector *grub_key_protectors = NULL;
+
@@ grub-core/kern/protectors.c (new)
+ return kp->recover_key (key, key_size);
+}
- ## include/grub/protector.h (new) ##
+ ## include/grub/key_protector.h (new) ##
@@
+/*
+ * GRUB -- GRand Unified Bootloader
@@ include/grub/protector.h (new)
+ grub_err_t (*recover_key) (grub_uint8_t **key, grub_size_t *key_size);
+};
+
-+extern struct grub_key_protector *EXPORT_VAR (grub_key_protectors);
-+
+grub_err_t
-+EXPORT_FUNC (grub_key_protector_register) (struct grub_key_protector
*protector);
++grub_key_protector_register (struct grub_key_protector *protector);
+
+grub_err_t
-+EXPORT_FUNC (grub_key_protector_unregister) (struct grub_key_protector
*protector);
++grub_key_protector_unregister (struct grub_key_protector *protector);
+
+grub_err_t
-+EXPORT_FUNC (grub_key_protector_recover_key) (const char *protector,
-+ grub_uint8_t **key,
-+ grub_size_t *key_size);
++grub_key_protector_recover_key (const char *protector,
++ grub_uint8_t **key,
++ grub_size_t *key_size);
+
+#endif /* ! GRUB_PROTECTOR_HEADER */
9: 675137af0 = 9: ad404454c tpm2: Add TPM Software Stack (TSS)
10: 62866697f ! 10: 5602679b9 protectors: Add TPM2 Key Protector
@@ Metadata
Author: Hernan Gatta <hegatta@linux.microsoft.com>
## Commit message ##
- protectors: Add TPM2 Key Protector
+ key_protector: Add TPM2 Key Protector
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
@@ grub-core/tpm2/module.c (new)
+#include <grub/list.h>
+#include <grub/misc.h>
+#include <grub/mm.h>
-+#include <grub/protector.h>
++#include <grub/key_protector.h>
+#include <grub/tpm2/buffer.h>
+#include <grub/tpm2/internal/args.h>
+#include <grub/tpm2/internal/types.h>
11: 526e31f28 ! 11: b280029ad cryptodisk: Support key protectors
@@ Commit message
## Makefile.util.def ##
@@ Makefile.util.def: library = {
- common = grub-core/kern/list.c;
- common = grub-core/kern/misc.c;
- common = grub-core/kern/partition.c;
-+ common = grub-core/kern/protectors.c;
- common = grub-core/lib/crypto.c;
- common = grub-core/lib/json/json.c;
common = grub-core/disk/luks.c;
+ common = grub-core/disk/luks2.c;
+ common = grub-core/disk/geli.c;
++ common = grub-core/disk/key_protector.c;
+ common = grub-core/disk/cryptodisk.c;
+ common = grub-core/disk/AFSplitter.c;
+ common = grub-core/lib/pbkdf2.c;
## grub-core/disk/cryptodisk.c ##
@@
#include <grub/file.h>
#include <grub/procfs.h>
#include <grub/partition.h>
-+#include <grub/protector.h>
++#include <grub/key_protector.h>
#ifdef GRUB_UTIL
#include <grub/emu/hostdisk.h>
12: b5a5f3648 ! 12: 1cceb47a6 util/grub-protect: Add new tool
@@ Makefile.util.def: program = {
+ ldadd = '$(LIBTASN1)';
+ ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR)
$(LIBGEOM)';
+
-+ enable = efi;
++ condition = COND_GRUB_PROTECT;
+};
+
program = {
@@ configure.ac: fi
AC_SUBST([LIBZFS])
AC_SUBST([LIBNVPAIR])
++AC_ARG_ENABLE([grub-protect],
++ [AS_HELP_STRING([--enable-grub-protect],
++ [build and install the `grub-protect'
utility (default=guessed)])])
++if test x"$enable_grub_protect" = xno ; then
++ grub_protect_excuse="explicitly disabled"
++fi
++
+LIBTASN1=
-+if test x"$platform" = xefi; then
-+ AC_CHECK_LIB([tasn1], [asn1_write_value], [],
-+ [AC_MSG_ERROR([Your platform requires libtasn1])])
-+ LIBTASN1="-ltasn1"
++if test x"$grub_protect_excuse" = x ; then
++ AC_CHECK_LIB([tasn1], [asn1_write_value], [LIBTASN1="-ltasn1"],
[grub_protect_excuse="need libtasn1 library"])
+fi
+AC_SUBST([LIBTASN1])
++
++if test x"$enable_grub_protect" = xyes && test x"$grub_protect_excuse" !=
x ; then
++ AC_MSG_ERROR([grub-protect was explicitly requested but can't be
compiled ($grub_protect_excuse)])
++fi
++if test x"$grub_protect_excuse" = x ; then
++enable_grub_protect=yes
++else
++enable_grub_protect=no
++fi
++AC_SUBST([enable_grub_protect])
+
LIBS=""
AC_SUBST([FONT_SOURCE])
+@@ configure.ac: AM_CONDITIONAL([COND_GRUB_EMU_SDL], [test
x$enable_grub_emu_sdl = xyes])
+ AM_CONDITIONAL([COND_GRUB_EMU_PCI], [test x$enable_grub_emu_pci = xyes])
+ AM_CONDITIONAL([COND_GRUB_MKFONT], [test x$enable_grub_mkfont = xyes])
+ AM_CONDITIONAL([COND_GRUB_MOUNT], [test x$enable_grub_mount = xyes])
++AM_CONDITIONAL([COND_GRUB_PROTECT], [test x$enable_grub_protect = xyes])
+ AM_CONDITIONAL([COND_HAVE_FONT_SOURCE], [test x$FONT_SOURCE != x])
+ if test x$FONT_SOURCE != x ; then
+ HAVE_FONT_SOURCE=1
+@@ configure.ac: echo grub-mount: Yes
+ else
+ echo grub-mount: No "($grub_mount_excuse)"
+ fi
++if [ x"$grub_protect_excuse" = x ]; then
++echo grub-protect: Yes
++else
++echo grub-protect: No "($grub_protect_excuse)"
++fi
+ if [ x"$starfield_excuse" = x ]; then
+ echo starfield theme: Yes
+ echo With DejaVuSans font from $DJVU_FONT_SOURCE
## util/grub-protect.c (new) ##
@@
13: 3258119bb = 13: 7aa196b17 tpm2: Add TPM2 types, structures, and command
constants
14: 369fba234 = 14: 843a0cb76 tpm2: Add more marshal/unmarshal functions
15: dfa4668f2 = 15: 043c77591 tpm2: Implement more TPM2 commands
16: 0c47dd034 = 16: 9e1565125 tpm2: Support authorized policy
17: 3f07bcb61 ! 17: cb501a8a6 protectors: Implement NV index
@@ Metadata
Author: Patrick Colp <patrick.colp@oracle.com>
## Commit message ##
- protectors: Implement NV index
+ tpm2: Implement NV index
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
18: af122d6af = 18: f360a6676 cryptodisk: Fallback to passphrase
19: 8ef3bab8c = 19: 60058fd98 cryptodisk: wipe out the cached keys from
protectors
20: 4e1a6ead5 = 20: 25709b60c diskfilter: look up cryptodisk devices first
21: 59df654a0 = 21: 35854d3cd tpm2: Enable tpm2 module for grub-emu
22: 8b8c69b95 ! 22: 626435733 tests: Add tpm2_test
@@ Commit message
## Makefile.util.def ##
@@ Makefile.util.def: script = {
- common = tests/test_asn1.in;
+ common = tests/asn1_test.in;
};
+script = {
@@ tests/tpm2_test.in (new)
+EOF
+
+# Test TPM unsealing with the same PCR
-+${grubshell} --timeout=$timeout --grub-emu-opts="-t ${tpm2dev}"
${tpm2testdir}/testcase.cfg > ${testoutput} || ret=$?
++${grubshell} --timeout=$timeout --grub-emu-opts="-t ${tpm2dev}" <
${tpm2testdir}/testcase.cfg > ${testoutput} || ret=$?
+
+if [ "$ret" -eq 0 ]; then
+ if ! grep -q "^${vtext}$" "$testoutput"; then
--
2.35.3
- [PATCH v9 00/22] Automatic Disk Unlock with TPM2,
Gary Lin <=
- [PATCH v9 01/22] posix_wrap: tweaks in preparation for libtasn1, Gary Lin, 2024/02/05
- [PATCH v9 04/22] libtasn1: changes for grub compatibility, Gary Lin, 2024/02/05
- [PATCH v9 02/22] libtasn1: import libtasn1-4.19.0, Gary Lin, 2024/02/05
- [PATCH v9 05/22] libtasn1: compile into asn1 module, Gary Lin, 2024/02/05
- [PATCH v9 03/22] libtasn1: disable code not needed in grub, Gary Lin, 2024/02/05
- [PATCH v9 07/22] libtasn1: Add the documentation, Gary Lin, 2024/02/05
- [PATCH v9 06/22] asn1_test: test module for libtasn1, Gary Lin, 2024/02/05
- [PATCH v9 08/22] key_protector: Add key protectors framework, Gary Lin, 2024/02/05
- [PATCH v9 09/22] tpm2: Add TPM Software Stack (TSS), Gary Lin, 2024/02/05
- [PATCH v9 11/22] cryptodisk: Support key protectors, Gary Lin, 2024/02/05