From 4fba475751c98d8f947c4efb3cd96d0c7f7d1b35 Mon Sep 17 00:00:00 2001 From: Nicolas Frayer Date: Thu, 20 Nov 2025 18:17:42 +0100 Subject: [PATCH] ieee1275: Upstream patches for appended signature support Related: #RHEL-24742 Signed-off-by: Nicolas Frayer --- ...-Support-embedding-x509-certificates.patch | 210 + ...-Add-support-for-signing-GRUB-with-a.patch | 267 + ...J_TYPE_PUBKEY-to-OBJ_TYPE_GPG_PUBKEY.patch | 33 + ...-Support-embedding-x509-certificates.patch | 131 + ...res-Import-GNUTLS-s-ASN.1-descriptio.patch | 162 + ...-appended-signatures-Parse-ASN1-node.patch | 263 + ...-signatures-Parse-PKCS-7-signed-data.patch | 590 + ...-signatures-Parse-X.509-certificates.patch | 1209 + ...-Enter-lockdown-based-on-ibm-secure-.patch | 129 + ...res-Support-verifying-appended-signa.patch | 1762 + ...-Read-the-db-and-dbx-secure-boot-var.patch | 1095 + ...res-Introducing-key-management-envir.patch | 144 + 0494-PARTIAL-guid-Unify-GUID-types.patch | 35 + ...types-Split-aligned-and-packed-guids.patch | 45 + ...d-signatures-Create-db-and-dbx-lists.patch | 689 + ...res-Using-db-and-dbx-lists-for-signa.patch | 136 + ...res-GRUB-commands-to-manage-the-cert.patch | 406 + ...res-GRUB-commands-to-manage-the-hash.patch | 382 + ...pended-signatures-Verification-tests.patch | 1270 + ...rub-Document-signing-GRUB-under-UEFI.patch | 44 + ...nt-signing-GRUB-with-an-appended-sig.patch | 124 + ...ocs-grub-Document-appended-signature.patch | 471 + 0504-Appended-sig-Fix-build-after-merge.patch | 124 + ...-Wsign-compare-in-rijndael-do_setkey.patch | 36 + ...id-Wempty-body-in-rijndael-do_setkey.patch | 36 + 0507-lib-Remove-trailing-whitespaces.patch | 1235 + 0508-libgcrypt-Import-libgcrypt-1.11.patch | 261786 +++++++++++++++ ...-b64dec-Import-b64dec-from-gpg-error.patch | 299 + ...ss-for-compilation-in-GRUB-environme.patch | 42 + ...-import-script-definitions-and-API-u.patch | 2241 + 0512-tests-Add-DSA-and-RSA-SEXP-tests.patch | 285 + ...ak-Disable-acceleration-with-SSE-asm.patch | 47 + 0514-libgcrypt-Fix-Coverity-warnings.patch | 79 + ...Remove-now-unneeded-compilation-flag.patch | 40 + ...bgcrypt-Ignore-sign-compare-warnings.patch | 90 + ...gcrypt-Import-blake-family-of-hashes.patch | 217 + ...gcry-Make-compatible-with-Python-3.4.patch | 44 + ...util-import_gcry-Fix-pylint-warnings.patch | 1324 + ...use-64-bit-division-on-platforms-whe.patch | 34 + 0521-libgcrypt-Fix-a-memory-leak.patch | 41 + ...cs-Write-how-to-import-new-libgcrypt.patch | 67 + 0523-Appended-sig-Fix-build.patch | 144 + 0524-docs-fix-some-duplicated-sections.patch | 81 + 0525-mkimage-Remove-duplicates.patch | 43 + grub.macros | 17 +- grub.patches | 43 + grub2.spec | 6 +- 47 files changed, 277989 insertions(+), 9 deletions(-) create mode 100644 0390-grub-install-Support-embedding-x509-certificates.patch create mode 100644 0483-powerpc-ieee1275-Add-support-for-signing-GRUB-with-a.patch create mode 100644 0484-pgp-Rename-OBJ_TYPE_PUBKEY-to-OBJ_TYPE_GPG_PUBKEY.patch create mode 100644 0485-grub-install-Support-embedding-x509-certificates.patch create mode 100644 0486-appended-signatures-Import-GNUTLS-s-ASN.1-descriptio.patch create mode 100644 0487-appended-signatures-Parse-ASN1-node.patch create mode 100644 0488-appended-signatures-Parse-PKCS-7-signed-data.patch create mode 100644 0489-appended-signatures-Parse-X.509-certificates.patch create mode 100644 0490-powerpc-ieee1275-Enter-lockdown-based-on-ibm-secure-.patch create mode 100644 0491-appended-signatures-Support-verifying-appended-signa.patch create mode 100644 0492-powerpc-ieee1275-Read-the-db-and-dbx-secure-boot-var.patch create mode 100644 0493-appended-signatures-Introducing-key-management-envir.patch create mode 100644 0494-PARTIAL-guid-Unify-GUID-types.patch create mode 100644 0495-PARTIAL-types-Split-aligned-and-packed-guids.patch create mode 100644 0496-appended-signatures-Create-db-and-dbx-lists.patch create mode 100644 0497-appended-signatures-Using-db-and-dbx-lists-for-signa.patch create mode 100644 0498-appended-signatures-GRUB-commands-to-manage-the-cert.patch create mode 100644 0499-appended-signatures-GRUB-commands-to-manage-the-hash.patch create mode 100644 0500-appended-signatures-Verification-tests.patch create mode 100644 0501-docs-grub-Document-signing-GRUB-under-UEFI.patch create mode 100644 0502-docs-grub-Document-signing-GRUB-with-an-appended-sig.patch create mode 100644 0503-docs-grub-Document-appended-signature.patch create mode 100644 0504-Appended-sig-Fix-build-after-merge.patch create mode 100644 0505-libgcrypt-Avoid-Wsign-compare-in-rijndael-do_setkey.patch create mode 100644 0506-libgcrypt-Avoid-Wempty-body-in-rijndael-do_setkey.patch create mode 100644 0507-lib-Remove-trailing-whitespaces.patch create mode 100644 0508-libgcrypt-Import-libgcrypt-1.11.patch create mode 100644 0509-b64dec-Import-b64dec-from-gpg-error.patch create mode 100644 0510-b64dec-Add-harness-for-compilation-in-GRUB-environme.patch create mode 100644 0511-libgcrypt-Adjust-import-script-definitions-and-API-u.patch create mode 100644 0512-tests-Add-DSA-and-RSA-SEXP-tests.patch create mode 100644 0513-keccak-Disable-acceleration-with-SSE-asm.patch create mode 100644 0514-libgcrypt-Fix-Coverity-warnings.patch create mode 100644 0515-libgcrypt-Remove-now-unneeded-compilation-flag.patch create mode 100644 0516-libgcrypt-Ignore-sign-compare-warnings.patch create mode 100644 0517-libgcrypt-Import-blake-family-of-hashes.patch create mode 100644 0518-util-import_gcry-Make-compatible-with-Python-3.4.patch create mode 100644 0519-util-import_gcry-Fix-pylint-warnings.patch create mode 100644 0520-libgcrypt-Don-t-use-64-bit-division-on-platforms-whe.patch create mode 100644 0521-libgcrypt-Fix-a-memory-leak.patch create mode 100644 0522-docs-Write-how-to-import-new-libgcrypt.patch create mode 100644 0523-Appended-sig-Fix-build.patch create mode 100644 0524-docs-fix-some-duplicated-sections.patch create mode 100644 0525-mkimage-Remove-duplicates.patch diff --git a/0390-grub-install-Support-embedding-x509-certificates.patch b/0390-grub-install-Support-embedding-x509-certificates.patch new file mode 100644 index 0000000..e4f8127 --- /dev/null +++ b/0390-grub-install-Support-embedding-x509-certificates.patch @@ -0,0 +1,210 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:54:49 +0530 +Subject: [PATCH] grub-install: Support embedding x509 certificates + +To support verification of appended signatures, we need a way to embed the +necessary public keys. Existing appended signature schemes in the Linux kernel +use X.509 certificates, so allow certificates to be embedded in the GRUB core +image in the same way as PGP keys. + +Signed-off-by: Alastair D'Silva +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + include/grub/kernel.h | 2 +- + include/grub/util/install.h | 9 ++++----- + util/grub-install-common.c | 18 ++++++++---------- + util/grub-mkimage.c | 6 +++--- + util/mkimage.c | 38 +++++++++++++++++++++----------------- + 5 files changed, 37 insertions(+), 36 deletions(-) + +diff --git a/include/grub/kernel.h b/include/grub/kernel.h +index 8fdbde2b0613..05f141201c61 100644 +--- a/include/grub/kernel.h ++++ b/include/grub/kernel.h +@@ -29,9 +29,9 @@ enum + OBJ_TYPE_CONFIG, + OBJ_TYPE_PREFIX, + OBJ_TYPE_GPG_PUBKEY, ++ OBJ_TYPE_X509_PUBKEY, + OBJ_TYPE_DTB, + OBJ_TYPE_DISABLE_SHIM_LOCK, +- OBJ_TYPE_X509_PUBKEY, + OBJ_TYPE_DISABLE_CLI + }; + +diff --git a/include/grub/util/install.h b/include/grub/util/install.h +index dbf3c216d413..93c1f0ed4e0d 100644 +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -67,13 +67,12 @@ + N_("SBAT metadata"), 0 }, \ + { "disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, \ + N_("disable shim_lock verifier"), 0 }, \ +- { "x509key", 'x', N_("FILE"), 0, \ +- N_("embed FILE as an x509 certificate for signature checking"), 0}, \ +- { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE,\ +- "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), \ +- 1}, \ + { "disable-cli", GRUB_INSTALL_OPTIONS_DISABLE_CLI, 0, 0, \ + N_("disabled command line interface access"), 0 }, \ ++ { "x509key", 'x', N_("FILE"), 0, \ ++ N_("embed FILE as an x509 certificate for appended signature checking"), 0}, \ ++ { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE, \ ++ "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), 1}, \ + { "verbose", 'v', 0, 0, \ + N_("print verbose messages."), 1 } + +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 42aec141e444..41251cee798b 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -463,10 +463,10 @@ handle_install_list (struct install_list *il, const char *val, + + static char **pubkeys; + static size_t npubkeys; +-static char *sbat; +-static int disable_shim_lock; + static char **x509keys; + static size_t nx509keys; ++static char *sbat; ++static int disable_shim_lock; + static grub_compression_t compression; + static size_t appsig_size; + static int disable_cli; +@@ -509,15 +509,13 @@ grub_install_parse (int key, char *arg) + case GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK: + disable_shim_lock = 1; + return 1; +- case 'x': +- x509keys = xrealloc (x509keys, +- sizeof (x509keys[0]) +- * (nx509keys + 1)); +- x509keys[nx509keys++] = xstrdup (arg); +- return 1; + case GRUB_INSTALL_OPTIONS_DISABLE_CLI: + disable_cli = 1; + return 1; ++ case 'x': ++ x509keys = xrealloc (x509keys, sizeof (x509keys[0]) * (nx509keys + 1)); ++ x509keys[nx509keys++] = xstrdup (arg); ++ return 1; + + case GRUB_INSTALL_OPTIONS_VERBOSITY: + verbosity++; +@@ -649,7 +647,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + slen += sizeof (" --pubkey ''") + grub_strlen (*pk); + + for (pk = x509keys; pk < x509keys + nx509keys; pk++) +- slen += 10 + grub_strlen (*pk); ++ slen += sizeof (" --x509key ''") + grub_strlen (*pk); + + for (md = modules.entries; *md; md++) + slen += sizeof (" ''") + grub_strlen (*md); +@@ -693,7 +691,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + + for (pk = x509keys; pk < x509keys + nx509keys; pk++) + { +- p = grub_stpcpy (p, "--x509 '"); ++ p = grub_stpcpy (p, "--x509key '"); + p = grub_stpcpy (p, *pk); + *p++ = '\''; + *p++ = ' '; +diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c +index 13bdc6cf0397..89ca81ce6b10 100644 +--- a/util/grub-mkimage.c ++++ b/util/grub-mkimage.c +@@ -76,7 +76,7 @@ static struct argp_option options[] = { + {"config", 'c', N_("FILE"), 0, N_("embed FILE as an early config"), 0}, + /* TRANSLATORS: "embed" is a verb (command description). "*/ + {"pubkey", 'k', N_("FILE"), 0, N_("embed FILE as public key for PGP signature checking"), 0}, +- {"x509", 'x', N_("FILE"), 0, N_("embed FILE as an x509 certificate for appended signature checking"), 0}, ++ {"x509key", 'x', N_("FILE"), 0, N_("embed FILE as an x509 certificate for appended signature checking"), 0}, + /* TRANSLATORS: NOTE is a name of segment. */ + {"note", 'n', 0, 0, N_("add NOTE segment for CHRP IEEE1275"), 0}, + {"output", 'o', N_("FILE"), 0, N_("output a generated image to FILE [default=stdout]"), 0}, +@@ -213,11 +213,11 @@ argp_parser (int key, char *arg, struct argp_state *state) + + case 'x': + arguments->x509keys = xrealloc (arguments->x509keys, +- sizeof (arguments->x509keys[0]) +- * (arguments->nx509keys + 1)); ++ sizeof (arguments->x509keys[0]) * (arguments->nx509keys + 1)); + arguments->x509keys[arguments->nx509keys++] = xstrdup (arg); + break; + ++ + case 'c': + if (arguments->config) + free (arguments->config); +diff --git a/util/mkimage.c b/util/mkimage.c +index f92949d1df25..8ae58ccef868 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -930,16 +930,21 @@ grub_install_generate_image (const char *dir, const char *prefix, + } + } + ++ if (nx509keys != 0 && image_target->id != IMAGE_PPC) ++ grub_util_error (_("x509 public key can be support only to appended signature" ++ " with powerpc-ieee1275 images")); ++ + { + size_t i; ++ + for (i = 0; i < nx509keys; i++) + { +- size_t curs; +- curs = ALIGN_ADDR (grub_util_get_image_size (x509key_paths[i])); +- grub_util_info ("the size of x509 public key %u is 0x%" +- GRUB_HOST_PRIxLONG_LONG, +- (unsigned) i, (unsigned long long) curs); +- total_module_size += curs + sizeof (struct grub_module_header); ++ size_t curs; ++ ++ curs = ALIGN_ADDR (grub_util_get_image_size (x509key_paths[i])); ++ grub_util_info ("the size of x509 public key %u is 0x%" GRUB_HOST_PRIxLONG_LONG, ++ (unsigned) i, (unsigned long long) curs); ++ total_module_size += curs + sizeof (struct grub_module_header); + } + } + +@@ -1078,24 +1083,23 @@ grub_install_generate_image (const char *dir, const char *prefix, + + { + size_t i; ++ + for (i = 0; i < nx509keys; i++) + { +- size_t curs; +- struct grub_module_header *header; ++ size_t curs; ++ struct grub_module_header *header; + +- curs = grub_util_get_image_size (x509key_paths[i]); ++ curs = grub_util_get_image_size (x509key_paths[i]); ++ header = (struct grub_module_header *) (kernel_img + offset); ++ header->type = grub_host_to_target32 (OBJ_TYPE_X509_PUBKEY); ++ header->size = grub_host_to_target32 (curs + sizeof (*header)); + +- header = (struct grub_module_header *) (kernel_img + offset); +- header->type = grub_host_to_target32 (OBJ_TYPE_X509_PUBKEY); +- header->size = grub_host_to_target32 (curs + sizeof (*header)); +- offset += sizeof (*header); +- +- grub_util_load_image (x509key_paths[i], kernel_img + offset); +- offset += ALIGN_ADDR (curs); ++ offset += sizeof (*header); ++ grub_util_load_image (x509key_paths[i], kernel_img + offset); ++ offset += ALIGN_ADDR (curs); + } + } + +- + if (memdisk_path) + { + struct grub_module_header *header; diff --git a/0483-powerpc-ieee1275-Add-support-for-signing-GRUB-with-a.patch b/0483-powerpc-ieee1275-Add-support-for-signing-GRUB-with-a.patch new file mode 100644 index 0000000..5a5b934 --- /dev/null +++ b/0483-powerpc-ieee1275-Add-support-for-signing-GRUB-with-a.patch @@ -0,0 +1,267 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:54:46 +0530 +Subject: [PATCH] powerpc/ieee1275: Add support for signing GRUB with an + appended signature + +Add infrastructure to allow firmware to verify the integrity of GRUB +by use of a Linux-kernel-module-style appended signature. We initially +target powerpc-ieee1275, but the code should be extensible to other +platforms. + +Usually these signatures are appended to a file without modifying the +ELF file itself. (This is what the 'sign-file' tool does, for example.) +The verifier loads the signed file from the file system and looks at the +end of the file for the appended signature. However, on powerpc-ieee1275 +platforms, the bootloader is often stored directly in the PReP partition +as raw bytes without a file-system. This makes determining the location +of an appended signature more difficult. + +To address this, we add a new ELF Note. + +The name field of shall be the string "Appended-Signature", zero-padded +to 4 byte alignment. The type field shall be 0x41536967 (the ASCII values +for the string "ASig"). It must be the final section in the ELF binary. + +The description shall contain the appended signature structure as defined +by the Linux kernel. The description will also be padded to be a multiple +of 4 bytes. The padding shall be added before the appended signature +structure (not at the end) so that the final bytes of a signed ELF file +are the appended signature magic. + +A subsequent patch documents how to create a GRUB core.img validly signed +under this scheme. + +Signed-off-by: Rashmica Gupta +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + include/grub/util/install.h | 9 ++++----- + include/grub/util/mkimage.h | 4 ++-- + util/grub-install-common.c | 12 +++++++----- + util/grub-mkimage.c | 12 ++++++++++-- + util/grub-mkimagexx.c | 36 ++++++++++++++++++++++++++++++++++-- + util/mkimage.c | 7 +++++-- + 6 files changed, 62 insertions(+), 18 deletions(-) + +diff --git a/include/grub/util/install.h b/include/grub/util/install.h +index b962718..a0c0881 100644 +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -69,11 +69,10 @@ + N_("disable shim_lock verifier"), 0 }, \ + { "x509key", 'x', N_("FILE"), 0, \ + N_("embed FILE as an x509 certificate for signature checking"), 0}, \ +- { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE,\ +- "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), \ +- 1}, \ + { "disable-cli", GRUB_INSTALL_OPTIONS_DISABLE_CLI, 0, 0, \ + N_("disabled command line interface access"), 0 }, \ ++ { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE, \ ++ "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), 1}, \ + { "verbose", 'v', 0, 0, \ + N_("print verbose messages."), 1 } + +@@ -136,8 +135,8 @@ enum grub_install_options { + GRUB_INSTALL_OPTIONS_DTB, + GRUB_INSTALL_OPTIONS_SBAT, + GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, +- GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE, +- GRUB_INSTALL_OPTIONS_DISABLE_CLI ++ GRUB_INSTALL_OPTIONS_DISABLE_CLI, ++ GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE + }; + + extern char *grub_install_source_directory; +diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h +index 881e303..0d40383 100644 +--- a/include/grub/util/mkimage.h ++++ b/include/grub/util/mkimage.h +@@ -51,12 +51,12 @@ grub_mkimage_load_image64 (const char *kernel_path, + const struct grub_install_image_target_desc *image_target); + void + grub_mkimage_generate_elf32 (const struct grub_install_image_target_desc *image_target, +- int note, size_t appsig_size, char *sbat, char **core_img, size_t *core_size, ++ int note, char *sbat, size_t appsig_size, char **core_img, size_t *core_size, + Elf32_Addr target_addr, + struct grub_mkimage_layout *layout); + void + grub_mkimage_generate_elf64 (const struct grub_install_image_target_desc *image_target, +- int note, size_t appsig_size, char *sbat, char **core_img, size_t *core_size, ++ int note, char *sbat, size_t appsig_size, char **core_img, size_t *core_size, + Elf64_Addr target_addr, + struct grub_mkimage_layout *layout); + +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 221b889..608b8bc 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -463,13 +463,14 @@ static int disable_shim_lock; + static char **x509keys; + static size_t nx509keys; + static grub_compression_t compression; +-static size_t appsig_size; + static int disable_cli; ++static size_t appsig_size; + + int + grub_install_parse (int key, char *arg) + { + const char *end; ++ + switch (key) + { + case 'C': +@@ -577,10 +578,11 @@ grub_install_parse (int key, char *arg) + case GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE: + return 1; + case GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE: +- grub_errno = 0; +- appsig_size = grub_strtol(arg, &end, 10); +- if (grub_errno) +- return 0; ++ appsig_size = grub_strtoul (arg, &end, 10); ++ if (*arg == '\0' || *end != '\0') ++ grub_util_error (_("non-numeric or invalid appended signature size `%s'"), arg); ++ else if (appsig_size == 0) ++ grub_util_error (_("appended signature size `%s', and it should not be zero"), arg); + return 1; + default: + return 0; +diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c +index 13bdc6c..1871ef3 100644 +--- a/util/grub-mkimage.c ++++ b/util/grub-mkimage.c +@@ -85,8 +85,8 @@ static struct argp_option options[] = { + {"sbat", 's', N_("FILE"), 0, N_("SBAT metadata"), 0}, + {"disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, N_("disable shim_lock verifier"), 0}, + {"disable-cli", GRUB_INSTALL_OPTIONS_DISABLE_CLI, 0, 0, N_("disable command line interface access"), 0}, +- {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, + {"appended-signature-size", 'S', N_("SIZE"), 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), 0}, ++ {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, + { 0, 0, 0, 0, 0, 0 } + }; + +@@ -133,8 +133,8 @@ struct arguments + char *sbat; + int note; + int disable_shim_lock; +- size_t appsig_size; + int disable_cli; ++ size_t appsig_size; + const struct grub_install_image_target_desc *image_target; + grub_compression_t comp; + }; +@@ -185,6 +185,14 @@ argp_parser (int key, char *arg, struct argp_state *state) + return 0; + break; + ++ case 'S': ++ arguments->appsig_size = grub_strtoul (arg, &end, 10); ++ if (*arg == '\0' || *end != '\0') ++ grub_util_error (_("non-numeric or invalid appended signature size `%s'"), arg); ++ else if (arguments->appsig_size == 0) ++ grub_util_error (_("appended signature size `%s', and it should not be zero"), arg); ++ break; ++ + case 'm': + if (arguments->memdisk) + free (arguments->memdisk); +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index 3609015..ca25b2d 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -123,6 +123,14 @@ struct grub_sbat_note { + char name[ALIGN_UP(sizeof(GRUB_SBAT_NOTE_NAME), 4)]; + }; + ++#define GRUB_APPENDED_SIGNATURE_NOTE_NAME "Appended-Signature" ++#define GRUB_APPENDED_SIGNATURE_NOTE_TYPE 0x41536967 /* "ASig" */ ++struct grub_appended_signature_note ++{ ++ Elf32_Nhdr header; ++ char name[ALIGN_UP (sizeof (GRUB_APPENDED_SIGNATURE_NOTE_NAME), 4)]; ++}; ++ + static int + is_relocatable (const struct grub_install_image_target_desc *image_target) + { +@@ -224,7 +232,7 @@ grub_arm_reloc_jump24 (grub_uint32_t *target, Elf32_Addr sym_addr) + + void + SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc *image_target, +- int note, size_t appsig_size, char *sbat, char **core_img, size_t *core_size, ++ int note, char *sbat, size_t appsig_size, char **core_img, size_t *core_size, + Elf_Addr target_addr, + struct grub_mkimage_layout *layout) + { +@@ -248,7 +256,7 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + if (appsig_size) + { + phnum++; +- footer_size += ALIGN_UP(sizeof (struct grub_appended_signature_note) + appsig_size, 4); ++ footer_size += ALIGN_UP (sizeof (struct grub_appended_signature_note), 4); + } + + if (image_target->id != IMAGE_LOONGSON_ELF) +@@ -532,6 +540,30 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + memcpy (note_ptr->name, GRUB_SBAT_NOTE_NAME, sizeof (GRUB_SBAT_NOTE_NAME)); + memcpy ((char *)(note_ptr + 1), sbat, layout->sbat_size); + ++ phdr++; ++ phdr->p_type = grub_host_to_target32 (PT_NOTE); ++ phdr->p_flags = grub_host_to_target32 (PF_R); ++ phdr->p_align = grub_host_to_target32 (image_target->voidp_sizeof); ++ phdr->p_vaddr = 0; ++ phdr->p_paddr = 0; ++ phdr->p_filesz = grub_host_to_target32 (note_size); ++ phdr->p_memsz = 0; ++ phdr->p_offset = grub_host_to_target32 (header_size + program_size + footer_offset); ++ footer += note_size; ++ footer_offset += note_size; ++ } ++ ++ if (appsig_size) ++ { ++ int note_size = ALIGN_UP (sizeof (struct grub_appended_signature_note) + appsig_size, 4); ++ struct grub_appended_signature_note *note_ptr = (struct grub_appended_signature_note *) footer; ++ ++ note_ptr->header.n_namesz = grub_host_to_target32 (sizeof (GRUB_APPENDED_SIGNATURE_NOTE_NAME)); ++ /* Needs to sit at the end, so we round this up and sign some zero padding. */ ++ note_ptr->header.n_descsz = grub_host_to_target32 (ALIGN_UP (appsig_size, 4)); ++ note_ptr->header.n_type = grub_host_to_target32 (GRUB_APPENDED_SIGNATURE_NOTE_TYPE); ++ strcpy (note_ptr->name, GRUB_APPENDED_SIGNATURE_NOTE_NAME); ++ + phdr++; + phdr->p_type = grub_host_to_target32 (PT_NOTE); + phdr->p_flags = grub_host_to_target32 (PF_R); +diff --git a/util/mkimage.c b/util/mkimage.c +index eaa382b..96f0c82 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -944,6 +944,9 @@ grub_install_generate_image (const char *dir, const char *prefix, + if (sbat_path != NULL && (image_target->id != IMAGE_EFI && image_target->id != IMAGE_PPC)) + grub_util_error (_("SBAT data can be added only to EFI or powerpc-ieee1275 images")); + ++ if (appsig_size != 0 && image_target->id != IMAGE_PPC) ++ grub_util_error (_("appended signature can be support only to powerpc-ieee1275 images")); ++ + if (disable_shim_lock) + total_module_size += sizeof (struct grub_module_header); + +@@ -1830,10 +1833,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + else + target_addr = image_target->link_addr; + if (image_target->voidp_sizeof == 4) +- grub_mkimage_generate_elf32 (image_target, note, appsig_size, sbat, &core_img, ++ grub_mkimage_generate_elf32 (image_target, note, sbat, appsig_size, &core_img, + &core_size, target_addr, &layout); + else +- grub_mkimage_generate_elf64 (image_target, note, appsig_size, sbat, &core_img, ++ grub_mkimage_generate_elf64 (image_target, note, sbat, appsig_size, &core_img, + &core_size, target_addr, &layout); + } + break; diff --git a/0484-pgp-Rename-OBJ_TYPE_PUBKEY-to-OBJ_TYPE_GPG_PUBKEY.patch b/0484-pgp-Rename-OBJ_TYPE_PUBKEY-to-OBJ_TYPE_GPG_PUBKEY.patch new file mode 100644 index 0000000..f444337 --- /dev/null +++ b/0484-pgp-Rename-OBJ_TYPE_PUBKEY-to-OBJ_TYPE_GPG_PUBKEY.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:54:48 +0530 +Subject: [PATCH] pgp: Rename OBJ_TYPE_PUBKEY to OBJ_TYPE_GPG_PUBKEY + +Prior to the addition of the X.509 public key support for appended signature, +current PGP signature relied on the GPG public key. Changing the enum name +from "OBJ_TYPE_PUBKEY" to "OBJ_TYPE_GPG_PUBKEY" to differentiate between x509 +certificate based appended signature and GPG certificate based PGP signature. + +Signed-off-by: Alastair D'Silva +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + include/grub/kernel.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/grub/kernel.h b/include/grub/kernel.h +index f98a780..973cc1c 100644 +--- a/include/grub/kernel.h ++++ b/include/grub/kernel.h +@@ -28,7 +28,7 @@ enum + OBJ_TYPE_MEMDISK, + OBJ_TYPE_CONFIG, + OBJ_TYPE_PREFIX, +- OBJ_TYPE_PUBKEY, ++ OBJ_TYPE_GPG_PUBKEY, + OBJ_TYPE_DTB, + OBJ_TYPE_DISABLE_SHIM_LOCK, + OBJ_TYPE_GPG_PUBKEY, diff --git a/0485-grub-install-Support-embedding-x509-certificates.patch b/0485-grub-install-Support-embedding-x509-certificates.patch new file mode 100644 index 0000000..8b2a8fc --- /dev/null +++ b/0485-grub-install-Support-embedding-x509-certificates.patch @@ -0,0 +1,131 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:54:49 +0530 +Subject: [PATCH] grub-install: Support embedding x509 certificates + +To support verification of appended signatures, we need a way to embed the +necessary public keys. Existing appended signature schemes in the Linux kernel +use X.509 certificates, so allow certificates to be embedded in the GRUB core +image in the same way as PGP keys. + +Signed-off-by: Alastair D'Silva +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + include/grub/kernel.h | 2 +- + include/grub/util/install.h | 4 ++-- + util/grub-install-common.c | 4 ++++ + util/grub-mkimage.c | 6 +++--- + util/mkimage.c | 17 +++++++++++------ + 5 files changed, 21 insertions(+), 12 deletions(-) + +diff --git a/include/grub/kernel.h b/include/grub/kernel.h +index 973cc1c4e4ab..0ada6008c68b 100644 +--- a/include/grub/kernel.h ++++ b/include/grub/kernel.h +@@ -29,10 +29,10 @@ enum + OBJ_TYPE_CONFIG, + OBJ_TYPE_PREFIX, + OBJ_TYPE_GPG_PUBKEY, ++ OBJ_TYPE_X509_PUBKEY, + OBJ_TYPE_DTB, + OBJ_TYPE_DISABLE_SHIM_LOCK, + OBJ_TYPE_GPG_PUBKEY, +- OBJ_TYPE_X509_PUBKEY, + OBJ_TYPE_DISABLE_CLI + }; + +diff --git a/include/grub/util/install.h b/include/grub/util/install.h +index a0c08813586e..ccf799ff7169 100644 +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -67,10 +67,10 @@ + N_("SBAT metadata"), 0 }, \ + { "disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, \ + N_("disable shim_lock verifier"), 0 }, \ +- { "x509key", 'x', N_("FILE"), 0, \ +- N_("embed FILE as an x509 certificate for signature checking"), 0}, \ + { "disable-cli", GRUB_INSTALL_OPTIONS_DISABLE_CLI, 0, 0, \ + N_("disabled command line interface access"), 0 }, \ ++ { "x509key", 'x', N_("FILE"), 0, \ ++ N_("embed FILE as an x509 certificate for appended signature checking"), 0}, \ + { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE, \ + "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), 1}, \ + { "verbose", 'v', 0, 0, \ +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 608b8bc64a2b..7f0aedb0582c 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -514,6 +514,10 @@ grub_install_parse (int key, char *arg) + case GRUB_INSTALL_OPTIONS_DISABLE_CLI: + disable_cli = 1; + return 1; ++ case 'x': ++ x509keys = xrealloc (x509keys, sizeof (x509keys[0]) * (nx509keys + 1)); ++ x509keys[nx509keys++] = xstrdup (arg); ++ return 1; + + case GRUB_INSTALL_OPTIONS_VERBOSITY: + verbosity++; +diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c +index 1871ef3a114c..55f3eaa49f78 100644 +--- a/util/grub-mkimage.c ++++ b/util/grub-mkimage.c +@@ -76,7 +76,7 @@ static struct argp_option options[] = { + {"config", 'c', N_("FILE"), 0, N_("embed FILE as an early config"), 0}, + /* TRANSLATORS: "embed" is a verb (command description). "*/ + {"pubkey", 'k', N_("FILE"), 0, N_("embed FILE as public key for PGP signature checking"), 0}, +- {"x509", 'x', N_("FILE"), 0, N_("embed FILE as an x509 certificate for appended signature checking"), 0}, ++ {"x509key", 'x', N_("FILE"), 0, N_("embed FILE as an x509 certificate for appended signature checking"), 0}, + /* TRANSLATORS: NOTE is a name of segment. */ + {"note", 'n', 0, 0, N_("add NOTE segment for CHRP IEEE1275"), 0}, + {"output", 'o', N_("FILE"), 0, N_("output a generated image to FILE [default=stdout]"), 0}, +@@ -221,11 +221,11 @@ argp_parser (int key, char *arg, struct argp_state *state) + + case 'x': + arguments->x509keys = xrealloc (arguments->x509keys, +- sizeof (arguments->x509keys[0]) +- * (arguments->nx509keys + 1)); ++ sizeof (arguments->x509keys[0]) * (arguments->nx509keys + 1)); + arguments->x509keys[arguments->nx509keys++] = xstrdup (arg); + break; + ++ + case 'c': + if (arguments->config) + free (arguments->config); +diff --git a/util/mkimage.c b/util/mkimage.c +index 96f0c82a09e9..004e71182afb 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -914,16 +914,21 @@ grub_install_generate_image (const char *dir, const char *prefix, + } + } + ++ if (nx509keys != 0 && image_target->id != IMAGE_PPC) ++ grub_util_error (_("x509 public key can be support only to appended signature" ++ " with powerpc-ieee1275 images")); ++ + { + size_t i; ++ + for (i = 0; i < nx509keys; i++) + { +- size_t curs; +- curs = ALIGN_ADDR (grub_util_get_image_size (x509key_paths[i])); +- grub_util_info ("the size of x509 public key %u is 0x%" +- GRUB_HOST_PRIxLONG_LONG, +- (unsigned) i, (unsigned long long) curs); +- total_module_size += curs + sizeof (struct grub_module_header); ++ size_t curs; ++ ++ curs = ALIGN_ADDR (grub_util_get_image_size (x509key_paths[i])); ++ grub_util_info ("the size of x509 public key %u is 0x%" GRUB_HOST_PRIxLONG_LONG, ++ (unsigned) i, (unsigned long long) curs); ++ total_module_size += curs + sizeof (struct grub_module_header); + } + } + diff --git a/0486-appended-signatures-Import-GNUTLS-s-ASN.1-descriptio.patch b/0486-appended-signatures-Import-GNUTLS-s-ASN.1-descriptio.patch new file mode 100644 index 0000000..496a177 --- /dev/null +++ b/0486-appended-signatures-Import-GNUTLS-s-ASN.1-descriptio.patch @@ -0,0 +1,162 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 12 Nov 2025 13:47:50 -0500 +Subject: [PATCH] appended signatures: Import GNUTLS's ASN.1 description files + +In order to parse PKCS#7 messages and X.509 certificates with libtasn1, we need +some information about how they are encoded. We get these from GNUTLS, which has +the benefit that they support the features we need and are well tested. + +The GNUTLS files are from: + +- https://github.com/gnutls/gnutls/blob/master/lib/gnutls.asn +- https://github.com/gnutls/gnutls/blob/master/lib/pkix.asn + +The GNUTLS license is LGPLv2.1+, which is GPLv3 compatible, allowing us to import +it without issue. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/gnutls_asn1_tab.c | 33 +++++++++++++++++++++--- + grub-core/commands/appendedsig/pkix_asn1_tab.c | 27 +++++++++---------- + 2 files changed, 44 insertions(+), 16 deletions(-) + +diff --git a/grub-core/commands/appendedsig/gnutls_asn1_tab.c b/grub-core/commands/appendedsig/gnutls_asn1_tab.c +index ddd1314..efc0c14 100644 +--- a/grub-core/commands/appendedsig/gnutls_asn1_tab.c ++++ b/grub-core/commands/appendedsig/gnutls_asn1_tab.c +@@ -1,7 +1,11 @@ + #include +-#include ++#include + +-const asn1_static_node gnutls_asn1_tab[] = { ++/* ++ * Imported from gnutls.asn. ++ * https://github.com/gnutls/gnutls/blob/master/lib/gnutls.asn ++ */ ++const asn1_static_node grub_gnutls_asn1_tab[] = { + { "GNUTLS", 536872976, NULL }, + { NULL, 1073741836, NULL }, + { "RSAPublicKey", 1610612741, NULL }, +@@ -55,6 +59,9 @@ const asn1_static_node gnutls_asn1_tab[] = { + { "prime", 1073741827, NULL }, + { "base", 1073741827, NULL }, + { "privateValueLength", 16387, NULL }, ++ { "pkcs-11-ec-Parameters", 1610612754, NULL }, ++ { "oId", 1073741836, NULL }, ++ { "curveName", 31, NULL }, + { "ECParameters", 1610612754, NULL }, + { "namedCurve", 12, NULL }, + { "ECPrivateKey", 1610612741, NULL }, +@@ -86,6 +93,13 @@ const asn1_static_node gnutls_asn1_tab[] = { + { "trailerField", 536911875, NULL }, + { NULL, 1073741833, "1"}, + { NULL, 2056, "3"}, ++ { "RSAOAEPParameters", 1610612741, NULL }, ++ { "hashAlgorithm", 1610637314, "AlgorithmIdentifier"}, ++ { NULL, 2056, "0"}, ++ { "maskGenAlgorithm", 1610637314, "AlgorithmIdentifier"}, ++ { NULL, 2056, "1"}, ++ { "pSourceFunc", 536895490, "AlgorithmIdentifier"}, ++ { NULL, 2056, "2"}, + { "GOSTParameters", 1610612741, NULL }, + { "publicKeyParamSet", 1073741836, NULL }, + { "digestParamSet", 16396, NULL }, +@@ -113,9 +127,22 @@ const asn1_static_node gnutls_asn1_tab[] = { + { "ephemeralPublicKey", 1610637314, "SubjectPublicKeyInfo"}, + { NULL, 4104, "0"}, + { "ukm", 7, NULL }, +- { "GostR3410-KeyTransport", 536870917, NULL }, ++ { "GostR3410-KeyTransport", 1610612741, NULL }, + { "sessionEncryptedKey", 1073741826, "Gost28147-89-EncryptedKey"}, + { "transportParameters", 536895490, "GostR3410-TransportParameters"}, + { NULL, 4104, "0"}, ++ { "TPMKey", 1610612741, NULL }, ++ { "type", 1073741836, NULL }, ++ { "emptyAuth", 1610637316, NULL }, ++ { NULL, 2056, "0"}, ++ { "parent", 1073741827, NULL }, ++ { "pubkey", 1073741831, NULL }, ++ { "privkey", 7, NULL }, ++ { "MLDSAPrivateKey", 536870917, NULL }, ++ { "version", 1073741827, NULL }, ++ { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "privateKey", 1073741831, NULL }, ++ { "publicKey", 536895495, NULL }, ++ { NULL, 2056, "1"}, + { NULL, 0, NULL } + }; +diff --git a/grub-core/commands/appendedsig/pkix_asn1_tab.c b/grub-core/commands/appendedsig/pkix_asn1_tab.c +index adef69d..ec5f87b 100644 +--- a/grub-core/commands/appendedsig/pkix_asn1_tab.c ++++ b/grub-core/commands/appendedsig/pkix_asn1_tab.c +@@ -1,7 +1,11 @@ + #include +-#include ++#include + +-const asn1_static_node pkix_asn1_tab[] = { ++/* ++ * Imported from pkix.asn. ++ * https://github.com/gnutls/gnutls/blob/master/lib/pkix.asn ++ */ ++const asn1_static_node grub_pkix_asn1_tab[] = { + { "PKIX1", 536875024, NULL }, + { NULL, 1073741836, NULL }, + { "PrivateKeyUsagePeriod", 1610612741, NULL }, +@@ -27,9 +31,7 @@ const asn1_static_node pkix_asn1_tab[] = { + { "MAX", 524298, "1"}, + { "utf8String", 1612709922, NULL }, + { "MAX", 524298, "1"}, +- { "bmpString", 1612709921, NULL }, +- { "MAX", 524298, "1"}, +- { "ia5String", 538968093, NULL }, ++ { "bmpString", 538968097, NULL }, + { "MAX", 524298, "1"}, + { "SubjectAltName", 1073741826, "GeneralNames"}, + { "GeneralNames", 1612709899, NULL }, +@@ -64,8 +66,7 @@ const asn1_static_node pkix_asn1_tab[] = { + { "BasicConstraints", 1610612741, NULL }, + { "cA", 1610645508, NULL }, + { NULL, 131081, NULL }, +- { "pathLenConstraint", 537411587, NULL }, +- { "0", 10, "MAX"}, ++ { "pathLenConstraint", 16387, NULL }, + { "CRLDistributionPoints", 1612709899, NULL }, + { "MAX", 1074266122, "1"}, + { NULL, 2, "DistributionPoint"}, +@@ -277,14 +278,15 @@ const asn1_static_node pkix_asn1_tab[] = { + { "pkcs-5-PBES2-params", 1610612741, NULL }, + { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, + { "encryptionScheme", 2, "AlgorithmIdentifier"}, ++ { "pkcs-5-PBMAC1-params", 1610612741, NULL }, ++ { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, ++ { "messageAuthScheme", 2, "AlgorithmIdentifier"}, + { "pkcs-5-PBKDF2-params", 1610612741, NULL }, + { "salt", 1610612754, NULL }, + { "specified", 1073741831, NULL }, + { "otherSource", 2, "AlgorithmIdentifier"}, +- { "iterationCount", 1611137027, NULL }, +- { "1", 10, "MAX"}, +- { "keyLength", 1611153411, NULL }, +- { "1", 10, "MAX"}, ++ { "iterationCount", 1073741827, NULL }, ++ { "keyLength", 1073758211, NULL }, + { "prf", 16386, "AlgorithmIdentifier"}, + { "pkcs-12-PFX", 1610612741, NULL }, + { "version", 1610874883, NULL }, +@@ -341,8 +343,7 @@ const asn1_static_node pkix_asn1_tab[] = { + { "MAX", 1074266122, "1"}, + { NULL, 2, "Attribute"}, + { "ProxyCertInfo", 1610612741, NULL }, +- { "pCPathLenConstraint", 1611153411, NULL }, +- { "0", 10, "MAX"}, ++ { "pCPathLenConstraint", 1073758211, NULL }, + { "proxyPolicy", 2, "ProxyPolicy"}, + { "ProxyPolicy", 1610612741, NULL }, + { "policyLanguage", 1073741836, NULL }, diff --git a/0487-appended-signatures-Parse-ASN1-node.patch b/0487-appended-signatures-Parse-ASN1-node.patch new file mode 100644 index 0000000..3c80726 --- /dev/null +++ b/0487-appended-signatures-Parse-ASN1-node.patch @@ -0,0 +1,263 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 12 Nov 2025 13:51:29 -0500 +Subject: [PATCH] appended signatures: Parse ASN1 node + +This code allows us to parse ASN1 node and allocating memory to store it. +It will work for anything where the size libtasn1 returns is right: + - Integers + - Octet strings + - DER encoding of other structures + +It will _not_ work for things where libtasn1 size requires adjustment: + - Strings that require an extra NULL byte at the end + - Bit strings because libtasn1 returns the length in bits, not bytes. + +If the function returns a non-NULL value, the caller must free it. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/appendedsig.h | 92 ++++------------------------ + grub-core/commands/appendedsig/asn1util.c | 49 +++++++-------- + 2 files changed, 38 insertions(+), 103 deletions(-) + +diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h +index 3f4d700..601d616 100644 +--- a/grub-core/commands/appendedsig/appendedsig.h ++++ b/grub-core/commands/appendedsig/appendedsig.h +@@ -1,7 +1,7 @@ + /* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2020, 2022 Free Software Foundation, Inc. +- * Copyright (C) 2020, 2022 IBM Corporation ++ * Copyright (C) 2020, 2022, 2025 IBM Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -17,94 +17,28 @@ + * along with GRUB. If not, see . + */ + +-#include +-#include ++#include + +-extern asn1_node _gnutls_gnutls_asn; +-extern asn1_node _gnutls_pkix_asn; ++extern asn1_node grub_gnutls_gnutls_asn; ++extern asn1_node grub_gnutls_pkix_asn; + +-#define MAX_OID_LEN 32 ++/* Do libtasn1 init. */ ++extern int ++grub_asn1_init (void); + + /* +- * One or more x509 certificates. +- * We do limited parsing: extracting only the serial, CN and RSA public key. +- */ +-struct x509_certificate +-{ +- struct x509_certificate *next; +- grub_uint8_t *serial; +- grub_size_t serial_len; +- char *subject; +- grub_size_t subject_len; +- /* We only support RSA public keys. This encodes [modulus, publicExponent] */ +- gcry_mpi_t mpis[2]; +-}; +- +-/* +- * A PKCS#7 signedData signerInfo. +- */ +-struct pkcs7_signerInfo +-{ +- const gcry_md_spec_t *hash; +- gcry_mpi_t sig_mpi; +-}; +- +-/* +- * A PKCS#7 signedData message. +- * We make no attempt to match intelligently, so we don't save any info about +- * the signer. +- */ +-struct pkcs7_signedData +-{ +- int signerInfo_count; +- struct pkcs7_signerInfo *signerInfos; +-}; +- +-/* Do libtasn1 init */ +-int +-asn1_init (void); +- +-/* +- * Import a DER-encoded certificate at 'data', of size 'size'. +- * Place the results into 'results', which must be already allocated. +- */ +-grub_err_t +-parse_x509_certificate (const void *data, grub_size_t size, struct x509_certificate *results); +- +-/* +- * Release all the storage associated with the x509 certificate. +- * If the caller dynamically allocated the certificate, it must free it. +- * The caller is also responsible for maintenance of the linked list. +- */ +-void +-certificate_release (struct x509_certificate *cert); +- +-/* +- * Parse a PKCS#7 message, which must be a signedData message. +- * The message must be in 'sigbuf' and of size 'data_size'. The result is +- * placed in 'msg', which must already be allocated. +- */ +-grub_err_t +-parse_pkcs7_signedData (const void *sigbuf, grub_size_t data_size, struct pkcs7_signedData *msg); +- +-/* +- * Release all the storage associated with the PKCS#7 message. +- * If the caller dynamically allocated the message, it must free it. +- */ +-void +-pkcs7_signedData_release (struct pkcs7_signedData *msg); +- +-/* +- * Read a value from an ASN1 node, allocating memory to store it. +- * It will work for anything where the size libtasn1 returns is right: ++ * Read a value from an ASN1 node, allocating memory to store it. It will work ++ * for anything where the size libtasn1 returns is right: + * - Integers + * - Octet strings + * - DER encoding of other structures ++ * + * It will _not_ work for things where libtasn1 size requires adjustment: + * - Strings that require an extra null byte at the end + * - Bit strings because libtasn1 returns the length in bits, not bytes. + * + * If the function returns a non-NULL value, the caller must free it. + */ +-void * +-grub_asn1_allocate_and_read (asn1_node node, const char *name, const char *friendly_name, int *content_size); ++extern void * ++grub_asn1_allocate_and_read (asn1_node node, const char *name, const char *friendly_name, ++ grub_int32_t *content_size); +diff --git a/grub-core/commands/appendedsig/asn1util.c b/grub-core/commands/appendedsig/asn1util.c +index 06c3b61..9dd7898 100644 +--- a/grub-core/commands/appendedsig/asn1util.c ++++ b/grub-core/commands/appendedsig/asn1util.c +@@ -1,7 +1,7 @@ + /* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2020, 2022 Free Software Foundation, Inc. +- * Copyright (C) 2020, 2022 IBM Corporation ++ * Copyright (C) 2020, 2022, 2025 IBM Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -17,7 +17,7 @@ + * along with GRUB. If not, see . + */ + +-#include ++#include + #include + #include + #include +@@ -27,46 +27,46 @@ + + #include "appendedsig.h" + +-asn1_node _gnutls_gnutls_asn = NULL; +-asn1_node _gnutls_pkix_asn = NULL; ++asn1_node grub_gnutls_gnutls_asn = NULL; ++asn1_node grub_gnutls_pkix_asn = NULL; + +-extern const asn1_static_node gnutls_asn1_tab[]; +-extern const asn1_static_node pkix_asn1_tab[]; ++extern const asn1_static_node grub_gnutls_asn1_tab[]; ++extern const asn1_static_node grub_pkix_asn1_tab[]; + + /* +- * Read a value from an ASN1 node, allocating memory to store it. +- * It will work for anything where the size libtasn1 returns is right: ++ * Read a value from an ASN1 node, allocating memory to store it. It will work ++ * for anything where the size libtasn1 returns is right: + * - Integers + * - Octet strings + * - DER encoding of other structures ++ * + * It will _not_ work for things where libtasn1 size requires adjustment: + * - Strings that require an extra NULL byte at the end + * - Bit strings because libtasn1 returns the length in bits, not bytes. ++ * + * If the function returns a non-NULL value, the caller must free it. + */ + void * +-grub_asn1_allocate_and_read (asn1_node node, const char *name, const char *friendly_name, int *content_size) ++grub_asn1_allocate_and_read (asn1_node node, const char *name, const char *friendly_name, ++ grub_int32_t *content_size) + { +- int result; ++ grub_int32_t result; + grub_uint8_t *tmpstr = NULL; +- int tmpstr_size = 0; ++ grub_int32_t tmpstr_size = 0; + + result = asn1_read_value (node, name, NULL, &tmpstr_size); + if (result != ASN1_MEM_ERROR) + { +- grub_snprintf (grub_errmsg, sizeof (grub_errmsg), +- _("Reading size of %s did not return expected status: %s"), +- friendly_name, asn1_strerror (result)); +- grub_errno = GRUB_ERR_BAD_FILE_TYPE; ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "reading size of %s did not return expected status: %s", ++ friendly_name, asn1_strerror (result)) ; + return NULL; + } + + tmpstr = grub_malloc (tmpstr_size); + if (tmpstr == NULL) + { +- grub_snprintf (grub_errmsg, sizeof (grub_errmsg), +- "Could not allocate memory to store %s", friendly_name); +- grub_errno = GRUB_ERR_OUT_OF_MEMORY; ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "could not allocate memory to store %s", ++ friendly_name) ; + return NULL; + } + +@@ -74,9 +74,8 @@ grub_asn1_allocate_and_read (asn1_node node, const char *name, const char *frien + if (result != ASN1_SUCCESS) + { + grub_free (tmpstr); +- grub_snprintf (grub_errmsg, sizeof (grub_errmsg), "Error reading %s: %s", +- friendly_name, asn1_strerror (result)); +- grub_errno = GRUB_ERR_BAD_FILE_TYPE; ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading %s: %s", friendly_name, ++ asn1_strerror (result)) ; + return NULL; + } + +@@ -86,13 +85,15 @@ grub_asn1_allocate_and_read (asn1_node node, const char *name, const char *frien + } + + int +-asn1_init (void) ++grub_asn1_init (void) + { + int res; +- res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); ++ ++ res = asn1_array2tree (grub_gnutls_asn1_tab, &grub_gnutls_gnutls_asn, NULL); + if (res != ASN1_SUCCESS) + return res; + +- res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix_asn, NULL); ++ res = asn1_array2tree (grub_pkix_asn1_tab, &grub_gnutls_pkix_asn, NULL); ++ + return res; + } diff --git a/0488-appended-signatures-Parse-PKCS-7-signed-data.patch b/0488-appended-signatures-Parse-PKCS-7-signed-data.patch new file mode 100644 index 0000000..82012b7 --- /dev/null +++ b/0488-appended-signatures-Parse-PKCS-7-signed-data.patch @@ -0,0 +1,590 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 12 Nov 2025 13:57:10 -0500 +Subject: [PATCH] appended signatures: Parse PKCS#7 signed data + +This code allows us to parse: + + - PKCS#7 signed data messages. Only a single signer info is supported, which + is all that the Linux sign-file utility supports creating out-of-the-box. + Only RSA, SHA-256 and SHA-512 are supported. Any certificate embedded in + the PKCS#7 message will be ignored. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/appendedsig.h | 37 +++++ + grub-core/commands/appendedsig/pkcs7.c | 224 +++++++++++++-------------- + 2 files changed, 145 insertions(+), 116 deletions(-) + +diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h +index 601d616..b0beb89 100644 +--- a/grub-core/commands/appendedsig/appendedsig.h ++++ b/grub-core/commands/appendedsig/appendedsig.h +@@ -17,11 +17,48 @@ + * along with GRUB. If not, see . + */ + ++#include + #include + + extern asn1_node grub_gnutls_gnutls_asn; + extern asn1_node grub_gnutls_pkix_asn; + ++#define GRUB_MAX_OID_LEN 32 ++ ++/* A PKCS#7 signed data signer info. */ ++struct pkcs7_signer ++{ ++ const gcry_md_spec_t *hash; ++ gcry_mpi_t sig_mpi; ++}; ++typedef struct pkcs7_signer grub_pkcs7_signer_t; ++ ++/* ++ * A PKCS#7 signed data message. We make no attempt to match intelligently, so ++ * we don't save any info about the signer. ++ */ ++struct pkcs7_data ++{ ++ grub_int32_t signer_count; ++ grub_pkcs7_signer_t *signers; ++}; ++typedef struct pkcs7_data grub_pkcs7_data_t; ++ ++/* ++ * Parse a PKCS#7 message, which must be a signed data message. The message must ++ * be in 'sigbuf' and of size 'data_size'. The result is placed in 'msg', which ++ * must already be allocated. ++ */ ++extern grub_err_t ++grub_pkcs7_data_parse (const void *sigbuf, grub_size_t data_size, grub_pkcs7_data_t *msg); ++ ++/* ++ * Release all the storage associated with the PKCS#7 message. If the caller ++ * dynamically allocated the message, it must free it. ++ */ ++extern void ++grub_pkcs7_data_release (grub_pkcs7_data_t *msg); ++ + /* Do libtasn1 init. */ + extern int + grub_asn1_init (void); +diff --git a/grub-core/commands/appendedsig/pkcs7.c b/grub-core/commands/appendedsig/pkcs7.c +index 31a5eab..b8e2720 100644 +--- a/grub-core/commands/appendedsig/pkcs7.c ++++ b/grub-core/commands/appendedsig/pkcs7.c +@@ -1,7 +1,7 @@ + /* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2020, 2022 Free Software Foundation, Inc. +- * Copyright (C) 2020, 2022 IBM Corporation ++ * Copyright (C) 2020, 2022, 2025 IBM Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -25,50 +25,46 @@ + + static char asn1_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + +-/* +- * RFC 5652 s 5.1 +- */ ++/* RFC 5652 s 5.1. */ + static const char *signedData_oid = "1.2.840.113549.1.7.2"; + +-/* +- * RFC 4055 s 2.1 +- */ ++/* RFC 4055 s 2.1. */ + static const char *sha256_oid = "2.16.840.1.101.3.4.2.1"; + static const char *sha512_oid = "2.16.840.1.101.3.4.2.3"; + + static grub_err_t +-process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) ++process_content (grub_uint8_t *content, grub_int32_t size, grub_pkcs7_data_t *msg) + { +- int res; ++ grub_int32_t res; + asn1_node signed_part; + grub_err_t err = GRUB_ERR_NONE; +- char algo_oid[MAX_OID_LEN]; +- int algo_oid_size = sizeof (algo_oid); +- int algo_count; +- int signer_count; +- int i; ++ char algo_oid[GRUB_MAX_OID_LEN]; ++ grub_int32_t algo_oid_size; ++ grub_int32_t algo_count; ++ grub_int32_t signer_count; ++ grub_int32_t i; + char version; +- int version_size = sizeof (version); ++ grub_int32_t version_size = sizeof (version); + grub_uint8_t *result_buf; +- int result_size = 0; +- int crls_size = 0; ++ grub_int32_t result_size = 0; ++ grub_int32_t crls_size = 0; + gcry_error_t gcry_err; + bool sha256_in_da, sha256_in_si, sha512_in_da, sha512_in_si; + char *da_path; + char *si_sig_path; + char *si_da_path; + +- res = asn1_create_element (_gnutls_pkix_asn, "PKIX1.pkcs-7-SignedData", &signed_part); ++ res = asn1_create_element (grub_gnutls_pkix_asn, "PKIX1.pkcs-7-SignedData", &signed_part); + if (res != ASN1_SUCCESS) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not create ASN.1 structure for PKCS#7 signed part."); ++ "could not create ASN.1 structure for PKCS#7 signed part"); + + res = asn1_der_decoding2 (&signed_part, content, &size, + ASN1_DECODE_FLAG_STRICT_DER, asn1_error); + if (res != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "Error reading PKCS#7 signed data: %s", asn1_error); ++ "error reading PKCS#7 signed data: %s", asn1_error); + goto cleanup_signed_part; + } + +@@ -82,19 +78,19 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + * signerInfos SignerInfos } + */ + +- /* version per the algo in 5.1, must be 1 */ + res = asn1_read_value (signed_part, "version", &version, &version_size); + if (res != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_SIGNATURE, "Error reading signedData version: %s", ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, "error reading signedData version: %s", + asn1_strerror (res)); + goto cleanup_signed_part; + } + ++ /* Signature version must be 1 because appended signature only support v1. */ + if (version != 1) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "Unexpected signature version v%d, only v1 supported", version); ++ "unexpected signature version v%d, only v1 supported", version); + goto cleanup_signed_part; + } + +@@ -113,22 +109,20 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + res = asn1_number_of_elements (signed_part, "digestAlgorithms", &algo_count); + if (res != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_SIGNATURE, "Error counting number of digest algorithms: %s", ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, "error counting number of digest algorithms: %s", + asn1_strerror (res)); + goto cleanup_signed_part; + } + + if (algo_count <= 0) + { +- err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "A minimum of 1 digest algorithm is required"); ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, "a minimum of 1 digest algorithm is required"); + goto cleanup_signed_part; + } + + if (algo_count > 2) + { +- err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, +- "A maximum of 2 digest algorithms is supported"); ++ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "a maximum of 2 digest algorithms is supported"); + goto cleanup_signed_part; + } + +@@ -138,11 +132,10 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + for (i = 0; i < algo_count; i++) + { + da_path = grub_xasprintf ("digestAlgorithms.?%d.algorithm", i + 1); +- if (!da_path) ++ if (da_path == NULL) + { + err = grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not allocate path for digest algorithm " +- "parsing path"); ++ "could not allocate path for digest algorithm parsing path"); + goto cleanup_signed_part; + } + +@@ -150,7 +143,7 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + res = asn1_read_value (signed_part, da_path, algo_oid, &algo_oid_size); + if (res != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_SIGNATURE, "Error reading digest algorithm: %s", ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, "error reading digest algorithm: %s", + asn1_strerror (res)); + grub_free (da_path); + goto cleanup_signed_part; +@@ -158,7 +151,7 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + + if (grub_strncmp (sha512_oid, algo_oid, algo_oid_size) == 0) + { +- if (!sha512_in_da) ++ if (sha512_in_da == false) + sha512_in_da = true; + else + { +@@ -170,7 +163,7 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + } + else if (grub_strncmp (sha256_oid, algo_oid, algo_oid_size) == 0) + { +- if (!sha256_in_da) ++ if (sha256_in_da == false) + sha256_in_da = true; + else + { +@@ -182,7 +175,8 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + } + else + { +- err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "Only SHA-256 and SHA-512 hashes are supported, found OID %s", ++ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ "only SHA-256 and SHA-512 hashes are supported, found OID %s", + algo_oid); + grub_free (da_path); + goto cleanup_signed_part; +@@ -191,12 +185,12 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + grub_free (da_path); + } + +- /* at this point, at least one of sha{256,512}_in_da must be true */ ++ /* At this point, at least one of sha{256,512}_in_da must be true. */ + + /* +- * We ignore the certificates, but we don't permit CRLs. +- * A CRL entry might be revoking the certificate we're using, and we have +- * no way of dealing with that at the moment. ++ * We ignore the certificates, but we don't permit CRLs. A CRL entry might be ++ * revoking the certificate we're using, and we have no way of dealing with ++ * that at the moment. + */ + res = asn1_read_value (signed_part, "crls", NULL, &crls_size); + if (res != ASN1_ELEMENT_NOT_FOUND) +@@ -206,37 +200,37 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + goto cleanup_signed_part; + } + +- /* read the signatures */ +- ++ /* Read the signatures */ + res = asn1_number_of_elements (signed_part, "signerInfos", &signer_count); + if (res != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_SIGNATURE, "Error counting number of signers: %s", ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, "error counting number of signers: %s", + asn1_strerror (res)); + goto cleanup_signed_part; + } + + if (signer_count <= 0) + { +- err = grub_error (GRUB_ERR_BAD_SIGNATURE, "A minimum of 1 signer is required"); ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, "a minimum of 1 signer is required"); + goto cleanup_signed_part; + } + +- msg->signerInfos = grub_calloc (signer_count, sizeof (struct pkcs7_signerInfo)); +- if (!msg->signerInfos) ++ msg->signers = grub_calloc (signer_count, sizeof (grub_pkcs7_signer_t)); ++ if (msg->signers == NULL) + { + err = grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not allocate space for %d signers", signer_count); ++ "could not allocate space for %d signers", signer_count); + goto cleanup_signed_part; + } + +- msg->signerInfo_count = 0; ++ msg->signer_count = 0; + for (i = 0; i < signer_count; i++) + { + si_da_path = grub_xasprintf ("signerInfos.?%d.digestAlgorithm.algorithm", i + 1); +- if (!si_da_path) ++ if (si_da_path == NULL) + { +- err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "Could not allocate path for signer %d's digest algorithm parsing path", ++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "could not allocate path for signer %d's digest algorithm parsing path", + i); + goto cleanup_signerInfos; + } +@@ -246,8 +240,7 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + if (res != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "Error reading signer %d's digest algorithm: %s", i, +- asn1_strerror (res)); ++ "error reading signer %d's digest algorithm: %s", i, asn1_strerror (res)); + grub_free (si_da_path); + goto cleanup_signerInfos; + } +@@ -256,43 +249,43 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + + if (grub_strncmp (sha512_oid, algo_oid, algo_oid_size) == 0) + { +- if (!sha512_in_da) ++ if (sha512_in_da == false) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "Signer %d claims a SHA-512 signature which was not specified in the outer DigestAlgorithms", +- i); ++ "signer %d claims a SHA-512 signature which was not " ++ "specified in the outer DigestAlgorithms", i); + goto cleanup_signerInfos; + } + else + { + sha512_in_si = true; +- msg->signerInfos[i].hash = grub_crypto_lookup_md_by_name ("sha512"); ++ msg->signers[i].hash = grub_crypto_lookup_md_by_name ("sha512"); + } + } + else if (grub_strncmp (sha256_oid, algo_oid, algo_oid_size) == 0) + { +- if (!sha256_in_da) ++ if (sha256_in_da == false) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "Signer %d claims a SHA-256 signature which was not specified in the outer DigestAlgorithms", +- i); ++ "signer %d claims a SHA-256 signature which was not " ++ "specified in the outer DigestAlgorithms", i); + goto cleanup_signerInfos; + } + else + { + sha256_in_si = true; +- msg->signerInfos[i].hash = grub_crypto_lookup_md_by_name ("sha256"); ++ msg->signers[i].hash = grub_crypto_lookup_md_by_name ("sha256"); + } + } + else + { + err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, +- "Only SHA-256 and SHA-512 hashes are supported, found OID %s", ++ "only SHA-256 and SHA-512 hashes are supported, found OID %s", + algo_oid); + goto cleanup_signerInfos; + } + +- if (!msg->signerInfos[i].hash) ++ if (msg->signers[i].hash == NULL) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, + "Hash algorithm for signer %d (OID %s) not loaded", i, algo_oid); +@@ -300,99 +293,98 @@ process_content (grub_uint8_t *content, int size, struct pkcs7_signedData *msg) + } + + si_sig_path = grub_xasprintf ("signerInfos.?%d.signature", i + 1); +- if (!si_sig_path) ++ if (si_sig_path == NULL) + { + err = grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not allocate path for signer %d's signature parsing path", i); ++ "could not allocate path for signer %d's signature parsing path", i); + goto cleanup_signerInfos; + } + +- result_buf = grub_asn1_allocate_and_read (signed_part, si_sig_path, +- "signature data", &result_size); ++ result_buf = grub_asn1_allocate_and_read (signed_part, si_sig_path, "signature data", &result_size); + grub_free (si_sig_path); + +- if (!result_buf) ++ if (result_buf == NULL) + { + err = grub_errno; + goto cleanup_signerInfos; + } + +- gcry_err = gcry_mpi_scan (&(msg->signerInfos[i].sig_mpi), GCRYMPI_FMT_USG, +- result_buf, result_size, NULL); +- ++ gcry_err = _gcry_mpi_scan (&(msg->signers[i].sig_mpi), GCRYMPI_FMT_USG, ++ result_buf, result_size, NULL); + grub_free (result_buf); + + if (gcry_err != GPG_ERR_NO_ERROR) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "Error loading signature %d into MPI structure: %d", ++ "error loading signature %d into MPI structure: %d", + i, gcry_err); + goto cleanup_signerInfos; + } + + /* +- * use msg->signerInfo_count to track fully populated signerInfos so we +- * know how many we need to clean up ++ * Use msg->signer_count to track fully populated signerInfos so we know ++ * how many we need to clean up. + */ +- msg->signerInfo_count++; ++ msg->signer_count++; + } + + /* +- * Final consistency check of signerInfo.*.digestAlgorithm vs +- * digestAlgorithms.*.algorithm. An algorithm must be present in both +- * digestAlgorithms and signerInfo or in neither. We have already checked +- * for an algorithm in signerInfo that is not in digestAlgorithms, here we +- * check for algorithms in digestAlgorithms but not in signerInfos. ++ * Final consistency check of signerInfo.*.digestAlgorithm vs digestAlgorithms ++ * .*.algorithm. An algorithm must be present in both digestAlgorithms and ++ * signerInfo or in neither. We have already checked for an algorithm in ++ * signerInfo that is not in digestAlgorithms, here we check for algorithms in ++ * digestAlgorithms but not in signerInfos. + */ +- if (sha512_in_da && !sha512_in_si) ++ if (sha512_in_da == true && sha512_in_si == false) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "SHA-512 specified in DigestAlgorithms but did not " +- "appear in SignerInfos"); ++ "SHA-512 specified in DigestAlgorithms but did not appear in SignerInfos"); + goto cleanup_signerInfos; + } + +- if (sha256_in_da && !sha256_in_si) ++ if (sha256_in_da == true && sha256_in_si == false) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "SHA-256 specified in DigestAlgorithms but did not " +- "appear in SignerInfos"); ++ "SHA-256 specified in DigestAlgorithms but did not appear in SignerInfos"); + goto cleanup_signerInfos; + } + + asn1_delete_structure (&signed_part); ++ + return GRUB_ERR_NONE; + +-cleanup_signerInfos: +- for (i = 0; i < msg->signerInfo_count; i++) +- gcry_mpi_release (msg->signerInfos[i].sig_mpi); +- grub_free (msg->signerInfos); +-cleanup_signed_part: ++ cleanup_signerInfos: ++ for (i = 0; i < msg->signer_count; i++) ++ _gcry_mpi_release (msg->signers[i].sig_mpi); ++ ++ grub_free (msg->signers); ++ ++ cleanup_signed_part: + asn1_delete_structure (&signed_part); ++ + return err; + } + + grub_err_t +-parse_pkcs7_signedData (const void *sigbuf, grub_size_t data_size, struct pkcs7_signedData *msg) ++grub_pkcs7_data_parse (const void *sigbuf, grub_size_t data_size, grub_pkcs7_data_t *msg) + { +- int res; ++ grub_int32_t res; + asn1_node content_info; + grub_err_t err = GRUB_ERR_NONE; +- char content_oid[MAX_OID_LEN]; ++ char content_oid[GRUB_MAX_OID_LEN]; + grub_uint8_t *content; +- int content_size; +- int content_oid_size = sizeof (content_oid); +- int size; ++ grub_int32_t content_size; ++ grub_int32_t content_oid_size = sizeof (content_oid); ++ grub_int32_t size = (grub_int32_t) data_size; + +- if (data_size > GRUB_INT_MAX) +- return grub_error (GRUB_ERR_OUT_OF_RANGE, "Cannot parse a PKCS#7 message " +- "where data size > INT_MAX"); +- size = (int) data_size; ++ if (data_size > GRUB_UINT_MAX) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "cannot parse a PKCS#7 message where data size > GRUB_UINT_MAX"); + +- res = asn1_create_element (_gnutls_pkix_asn, "PKIX1.pkcs-7-ContentInfo", &content_info); ++ res = asn1_create_element (grub_gnutls_pkix_asn, "PKIX1.pkcs-7-ContentInfo", &content_info); + if (res != ASN1_SUCCESS) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not create ASN.1 structure for PKCS#7 data: %s", ++ "could not create ASN.1 structure for PKCS#7 data: %s", + asn1_strerror (res)); + + res = asn1_der_decoding2 (&content_info, sigbuf, &size, +@@ -401,7 +393,7 @@ parse_pkcs7_signedData (const void *sigbuf, grub_size_t data_size, struct pkcs7_ + if (res != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "Error decoding PKCS#7 message DER: %s", asn1_error); ++ "error decoding PKCS#7 message DER: %s", asn1_error); + goto cleanup; + } + +@@ -415,22 +407,21 @@ parse_pkcs7_signedData (const void *sigbuf, grub_size_t data_size, struct pkcs7_ + res = asn1_read_value (content_info, "contentType", content_oid, &content_oid_size); + if (res != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_SIGNATURE, "Error reading PKCS#7 content type: %s", ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, "error reading PKCS#7 content type: %s", + asn1_strerror (res)); + goto cleanup; + } + +- /* OID for SignedData defined in 5.1 */ ++ /* OID for SignedData defined in 5.1. */ + if (grub_strncmp (signedData_oid, content_oid, content_oid_size) != 0) + { + err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- "Unexpected content type in PKCS#7 message: OID %s", content_oid); ++ "unexpected content type in PKCS#7 message: OID %s", content_oid); + goto cleanup; + } + +- content = grub_asn1_allocate_and_read (content_info, "content", +- "PKCS#7 message content", &content_size); +- if (!content) ++ content = grub_asn1_allocate_and_read (content_info, "content", "PKCS#7 message content", &content_size); ++ if (content == NULL) + { + err = grub_errno; + goto cleanup; +@@ -439,22 +430,23 @@ parse_pkcs7_signedData (const void *sigbuf, grub_size_t data_size, struct pkcs7_ + err = process_content (content, content_size, msg); + grub_free (content); + +-cleanup: ++ cleanup: + asn1_delete_structure (&content_info); ++ + return err; + } + + /* +- * Release all the storage associated with the PKCS#7 message. +- * If the caller dynamically allocated the message, it must free it. ++ * Release all the storage associated with the PKCS#7 message. If the caller ++ * dynamically allocated the message, it must free it. + */ + void +-pkcs7_signedData_release (struct pkcs7_signedData *msg) ++grub_pkcs7_data_release (grub_pkcs7_data_t *msg) + { +- grub_ssize_t i; ++ grub_int32_t i; + +- for (i = 0; i < msg->signerInfo_count; i++) +- gcry_mpi_release (msg->signerInfos[i].sig_mpi); ++ for (i = 0; i < msg->signer_count; i++) ++ _gcry_mpi_release (msg->signers[i].sig_mpi); + +- grub_free (msg->signerInfos); ++ grub_free (msg->signers); + } diff --git a/0489-appended-signatures-Parse-X.509-certificates.patch b/0489-appended-signatures-Parse-X.509-certificates.patch new file mode 100644 index 0000000..d5ebe2d --- /dev/null +++ b/0489-appended-signatures-Parse-X.509-certificates.patch @@ -0,0 +1,1209 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 12 Nov 2025 13:58:42 -0500 +Subject: [PATCH] appended signatures: Parse X.509 certificates + +This code allows us to parse: + + - X.509 certificates: at least enough to verify the signatures on the PKCS#7 + messages. We expect that the certificates embedded in GRUB will be leaf + certificates, not CA certificates. The parser enforces this. + + - X.509 certificates support the Extended Key Usage extension and handle it by + verifying that the certificate has a Code Signing usage. + +Signed-off-by: Javier Martinez Canillas # EKU support +Reported-by: Michal Suchanek # key usage issue +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/appendedsig.h | 52 +++ + grub-core/commands/appendedsig/x509.c | 493 ++++++++++++++------------- + include/grub/crypto.h | 1 + + 3 files changed, 308 insertions(+), 238 deletions(-) + +diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h +index b0beb89..c874654 100644 +--- a/grub-core/commands/appendedsig/appendedsig.h ++++ b/grub-core/commands/appendedsig/appendedsig.h +@@ -25,6 +25,43 @@ extern asn1_node grub_gnutls_pkix_asn; + + #define GRUB_MAX_OID_LEN 32 + ++/* RSA public key. */ ++#define GRUB_MAX_MPI 2 ++#define GRUB_RSA_PK_MODULUS 0 ++#define GRUB_RSA_PK_EXPONENT 1 ++ ++/* Certificate fingerprint. */ ++#define GRUB_MAX_FINGERPRINT 3 ++#define GRUB_FINGERPRINT_SHA256 0 ++#define GRUB_FINGERPRINT_SHA384 1 ++#define GRUB_FINGERPRINT_SHA512 2 ++ ++/* Max size of hash data. */ ++#define GRUB_MAX_HASH_LEN 64 ++ ++/* ++ * One or more x509 certificates. We do limited parsing: ++ * extracting only the version, serial, issuer, subject, RSA public key ++ * and key size. ++ * Also, hold the sha256, sha384, and sha512 fingerprint of the certificate. ++ */ ++struct x509_certificate ++{ ++ struct x509_certificate *next; ++ grub_uint8_t version; ++ grub_uint8_t *serial; ++ grub_size_t serial_len; ++ char *issuer; ++ grub_size_t issuer_len; ++ char *subject; ++ grub_size_t subject_len; ++ /* We only support RSA public keys. This encodes [modulus, publicExponent]. */ ++ gcry_mpi_t mpis[GRUB_MAX_MPI]; ++ grub_int32_t modulus_size; ++ grub_uint8_t fingerprint[GRUB_MAX_FINGERPRINT][GRUB_MAX_HASH_LEN]; ++}; ++typedef struct x509_certificate grub_x509_cert_t; ++ + /* A PKCS#7 signed data signer info. */ + struct pkcs7_signer + { +@@ -44,6 +81,21 @@ struct pkcs7_data + }; + typedef struct pkcs7_data grub_pkcs7_data_t; + ++/* ++ * Import a DER-encoded certificate at 'data', of size 'size'. Place the results ++ * into 'results', which must be already allocated. ++ */ ++extern grub_err_t ++grub_x509_cert_parse (const void *data, grub_size_t size, grub_x509_cert_t *results); ++ ++/* ++ * Release all the storage associated with the x509 certificate. If the caller ++ * dynamically allocated the certificate, it must free it. The caller is also ++ * responsible for maintenance of the linked list. ++ */ ++extern void ++grub_x509_cert_release (grub_x509_cert_t *cert); ++ + /* + * Parse a PKCS#7 message, which must be a signed data message. The message must + * be in 'sigbuf' and of size 'data_size'. The result is placed in 'msg', which +diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c +index eb87025..bc15266 100644 +--- a/grub-core/commands/appendedsig/x509.c ++++ b/grub-core/commands/appendedsig/x509.c +@@ -1,7 +1,7 @@ + /* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2020, 2022 Free Software Foundation, Inc. +- * Copyright (C) 2020, 2022 IBM Corporation ++ * Copyright (C) 2020, 2022, 2025 IBM Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -17,7 +17,7 @@ + * along with GRUB. If not, see . + */ + +-#include ++#include + #include + #include + #include +@@ -29,31 +29,22 @@ + + static char asn1_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + +-/* +- * RFC 3279 2.3.1 RSA Keys +- */ ++ ++/* RFC 3279 2.3.1 RSA Keys. */ + static const char *rsaEncryption_oid = "1.2.840.113549.1.1.1"; + +-/* +- * RFC 5280 Appendix A +- */ ++/* RFC 5280 Appendix A. */ + static const char *commonName_oid = "2.5.4.3"; + +-/* +- * RFC 5280 4.2.1.3 Key Usage +- */ ++/* RFC 5280 4.2.1.3 Key Usage. */ + static const char *keyUsage_oid = "2.5.29.15"; + + static const grub_uint8_t digitalSignatureUsage = 0x80; + +-/* +- * RFC 5280 4.2.1.9 Basic Constraints +- */ ++/* RFC 5280 4.2.1.9 Basic Constraints. */ + static const char *basicConstraints_oid = "2.5.29.19"; + +-/* +- * RFC 5280 4.2.1.12 Extended Key Usage +- */ ++/* RFC 5280 4.2.1.12 Extended Key Usage. */ + static const char *extendedKeyUsage_oid = "2.5.29.37"; + static const char *codeSigningUsage_oid = "1.3.6.1.5.5.7.3.3"; + +@@ -66,82 +57,85 @@ static const char *codeSigningUsage_oid = "1.3.6.1.5.5.7.3.3"; + * modulus INTEGER, -- n + * publicExponent INTEGER } -- e + * +- * where modulus is the modulus n, and publicExponent is the public +- * exponent e. ++ * where modulus is the modulus n, and publicExponent is the public exponent e. + */ + static grub_err_t +-grub_parse_rsa_pubkey (grub_uint8_t *der, int dersize, struct x509_certificate *certificate) ++grub_parse_rsa_pubkey (grub_uint8_t *der, grub_int32_t dersize, grub_x509_cert_t *certificate) + { +- int result; ++ grub_int32_t result; + asn1_node spk = NULL; + grub_uint8_t *m_data, *e_data; +- int m_size, e_size; ++ grub_int32_t m_size, e_size; + grub_err_t err = GRUB_ERR_NONE; + gcry_error_t gcry_err; + +- result = asn1_create_element (_gnutls_gnutls_asn, "GNUTLS.RSAPublicKey", &spk); ++ result = asn1_create_element (grub_gnutls_gnutls_asn, "GNUTLS.RSAPublicKey", &spk); + if (result != ASN1_SUCCESS) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Cannot create storage for public key ASN.1 data"); ++ "cannot create storage for public key ASN.1 data"); + + result = asn1_der_decoding2 (&spk, der, &dersize, ASN1_DECODE_FLAG_STRICT_DER, asn1_error); + if (result != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Cannot decode certificate public key DER: %s", asn1_error); ++ "cannot decode certificate public key DER: %s", asn1_error); + goto cleanup; + } + + m_data = grub_asn1_allocate_and_read (spk, "modulus", "RSA modulus", &m_size); +- if (!m_data) ++ if (m_data == NULL) + { + err = grub_errno; + goto cleanup; + } + +- e_data = grub_asn1_allocate_and_read (spk, "publicExponent", +- "RSA public exponent", &e_size); +- if (!e_data) ++ e_data = grub_asn1_allocate_and_read (spk, "publicExponent", "RSA public exponent", &e_size); ++ if (e_data == NULL) + { + err = grub_errno; + goto cleanup_m_data; + } + + /* +- * convert m, e to mpi ++ * Convert m, e to mpi + * +- * nscanned is not set for FMT_USG, it's only set for FMT_PGP, +- * so we can't verify it ++ * nscanned is not set for FMT_USG, it's only set for FMT_PGP, so we can't ++ * verify it. + */ +- gcry_err = gcry_mpi_scan (&certificate->mpis[0], GCRYMPI_FMT_USG, m_data, m_size, NULL); ++ gcry_err = _gcry_mpi_scan (&certificate->mpis[0], GCRYMPI_FMT_USG, m_data, m_size, NULL); + if (gcry_err != GPG_ERR_NO_ERROR) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Error loading RSA modulus into MPI structure: %d", gcry_err); ++ "error loading RSA modulus into MPI structure: %d", gcry_err); + goto cleanup_e_data; + } + +- gcry_err = gcry_mpi_scan (&certificate->mpis[1], GCRYMPI_FMT_USG, e_data, e_size, NULL); ++ gcry_err = _gcry_mpi_scan (&certificate->mpis[1], GCRYMPI_FMT_USG, e_data, e_size, NULL); + if (gcry_err != GPG_ERR_NO_ERROR) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Error loading RSA exponent into MPI structure: %d", gcry_err); ++ "error loading RSA exponent into MPI structure: %d", gcry_err); + goto cleanup_m_mpi; + } + ++ /* RSA key size in bits. */ ++ certificate->modulus_size = (m_size * 8) - 8; ++ + grub_free (e_data); + grub_free (m_data); + asn1_delete_structure (&spk); ++ + return GRUB_ERR_NONE; + +-cleanup_m_mpi: +- gcry_mpi_release (certificate->mpis[0]); +-cleanup_e_data: ++ cleanup_m_mpi: ++ _gcry_mpi_release (certificate->mpis[0]); ++ cleanup_e_data: + grub_free (e_data); +-cleanup_m_data: ++ cleanup_m_data: + grub_free (m_data); +-cleanup: ++ cleanup: + asn1_delete_structure (&spk); ++ + return err; + } + +@@ -154,49 +148,45 @@ cleanup: + * AlgorithmIdentifiers come from RFC 3279, we are not strictly compilant as we + * only support RSA Encryption. + */ +- + static grub_err_t +-grub_x509_read_subject_public_key (asn1_node asn, struct x509_certificate *results) ++grub_x509_read_subject_public_key (asn1_node asn, grub_x509_cert_t *results) + { +- int result; ++ grub_int32_t result; + grub_err_t err; +- const char *algo_name = +- "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm"; +- const char *params_name = +- "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters"; ++ const char *algo_name = "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm"; ++ const char *params_name = "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters"; + const char *pk_name = "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey"; +- char algo_oid[MAX_OID_LEN]; +- int algo_size = sizeof (algo_oid); ++ char algo_oid[GRUB_MAX_OID_LEN]; ++ grub_int32_t algo_size = sizeof (algo_oid); + char params_value[2]; +- int params_size = sizeof (params_value); ++ grub_int32_t params_size = sizeof (params_value); + grub_uint8_t *key_data = NULL; +- int key_size = 0; +- unsigned int key_type; ++ grub_int32_t key_size = 0; ++ grub_uint32_t key_type; + +- /* algorithm: see notes for rsaEncryption_oid */ ++ /* Algorithm: see notes for rsaEncryption_oid. */ + result = asn1_read_value (asn, algo_name, algo_oid, &algo_size); + if (result != ASN1_SUCCESS) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading x509 public key algorithm: %s", ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading x509 public key algorithm: %s", + asn1_strerror (result)); + + if (grub_strncmp (algo_oid, rsaEncryption_oid, sizeof (rsaEncryption_oid)) != 0) + return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, +- "Unsupported x509 public key algorithm: %s", algo_oid); ++ "unsupported x509 public key algorithm: %s", algo_oid); + + /* +- * RFC 3279 2.3.1 +- * The rsaEncryption OID is intended to be used in the algorithm field +- * of a value of type AlgorithmIdentifier. The parameters field MUST +- * have ASN.1 type NULL for this algorithm identifier. ++ * RFC 3279 2.3.1 : The rsaEncryption OID is intended to be used in the ++ * algorithm field of a value of type AlgorithmIdentifier. The parameters ++ * field MUST have ASN.1 type NULL for this algorithm identifier. + */ + result = asn1_read_value (asn, params_name, params_value, ¶ms_size); + if (result != ASN1_SUCCESS) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading x509 public key parameters: %s", ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading x509 public key parameters: %s", + asn1_strerror (result)); + + if (params_value[0] != ASN1_TAG_NULL) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Invalid x509 public key parameters: expected NULL"); ++ "invalid x509 public key parameters: expected NULL"); + + /* + * RFC 3279 2.3.1: The DER encoded RSAPublicKey is the value of the BIT +@@ -204,62 +194,60 @@ grub_x509_read_subject_public_key (asn1_node asn, struct x509_certificate *resul + */ + result = asn1_read_value_type (asn, pk_name, NULL, &key_size, &key_type); + if (result != ASN1_MEM_ERROR) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading size of x509 public key: %s", ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading size of x509 public key: %s", + asn1_strerror (result)); + if (key_type != ASN1_ETYPE_BIT_STRING) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected ASN.1 type when reading x509 public key: %x", ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "unexpected ASN.1 type when reading x509 public key: %x", + key_type); + +- /* length is in bits */ ++ /* Length is in bits. */ + key_size = (key_size + 7) / 8; + + key_data = grub_malloc (key_size); +- if (!key_data) +- return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Out of memory for x509 public key"); ++ if (key_data == NULL) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory for x509 public key"); + + result = asn1_read_value (asn, pk_name, key_data, &key_size); + if (result != ASN1_SUCCESS) + { + grub_free (key_data); +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Error reading public key data"); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading public key data"); + } +- key_size = (key_size + 7) / 8; + ++ key_size = (key_size + 7) / 8; + err = grub_parse_rsa_pubkey (key_data, key_size, results); + grub_free (key_data); + + return err; + } + +-/* Decode a string as defined in Appendix A */ ++/* Decode a string as defined in Appendix A. */ + static grub_err_t +-decode_string (char *der, int der_size, char **string, grub_size_t *string_size) ++decode_string (char *der, grub_int32_t der_size, char **string, grub_size_t *string_size) + { + asn1_node strasn; +- int result; ++ grub_int32_t result; + char *choice; +- int choice_size = 0; +- int tmp_size = 0; ++ grub_int32_t choice_size = 0; ++ grub_int32_t tmp_size = 0; + grub_err_t err = GRUB_ERR_NONE; + +- result = asn1_create_element (_gnutls_pkix_asn, "PKIX1.DirectoryString", &strasn); ++ result = asn1_create_element (grub_gnutls_pkix_asn, "PKIX1.DirectoryString", &strasn); + if (result != ASN1_SUCCESS) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not create ASN.1 structure for certificate: %s", ++ "could not create ASN.1 structure for certificate: %s", + asn1_strerror (result)); + + result = asn1_der_decoding2 (&strasn, der, &der_size, ASN1_DECODE_FLAG_STRICT_DER, asn1_error); + if (result != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Could not parse DER for DirectoryString: %s", asn1_error); ++ "could not parse DER for DirectoryString: %s", asn1_error); + goto cleanup; + } + + choice = grub_asn1_allocate_and_read (strasn, "", "DirectoryString choice", &choice_size); +- if (!choice) ++ if (choice == NULL) + { + err = grub_errno; + goto cleanup; +@@ -270,7 +258,7 @@ decode_string (char *der, int der_size, char **string, grub_size_t *string_size) + result = asn1_read_value (strasn, "utf8String", NULL, &tmp_size); + if (result != ASN1_MEM_ERROR) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading size of UTF-8 string: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading size of UTF-8 string: %s", + asn1_strerror (result)); + goto cleanup_choice; + } +@@ -280,45 +268,48 @@ decode_string (char *der, int der_size, char **string, grub_size_t *string_size) + result = asn1_read_value (strasn, "printableString", NULL, &tmp_size); + if (result != ASN1_MEM_ERROR) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading size of UTF-8 string: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading size of printableString: %s", + asn1_strerror (result)); + goto cleanup_choice; + } + } + else + { +- err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "Only UTF-8 and printable DirectoryStrings are supported, got %s", ++ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ "only UTF-8 and printable DirectoryStrings are supported, got %s", + choice); + goto cleanup_choice; + } + +- /* read size does not include trailing null */ ++ /* Read size does not include trailing NUL. */ + tmp_size++; + + *string = grub_malloc (tmp_size); +- if (!*string) ++ if (*string == NULL) + { + err = grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Cannot allocate memory for DirectoryString contents"); ++ "cannot allocate memory for DirectoryString contents"); + goto cleanup_choice; + } + + result = asn1_read_value (strasn, choice, *string, &tmp_size); + if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading out %s in DirectoryString: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading out %s in DirectoryString: %s", + choice, asn1_strerror (result)); + grub_free (*string); + *string = NULL; + goto cleanup_choice; + } ++ + *string_size = tmp_size + 1; + (*string)[tmp_size] = '\0'; + +-cleanup_choice: ++ cleanup_choice: + grub_free (choice); +-cleanup: ++ cleanup: + asn1_delete_structure (&strasn); ++ + return err; + } + +@@ -330,56 +321,54 @@ cleanup: + * Version ::= INTEGER { v1(0), v2(1), v3(2) } + */ + static grub_err_t +-check_version (asn1_node certificate) ++check_version (asn1_node certificate, grub_x509_cert_t *results) + { +- int rc; ++ grub_int32_t rc; + const char *name = "tbsCertificate.version"; + grub_uint8_t version; +- int len = sizeof (version); ++ grub_int32_t len = sizeof (version); + + rc = asn1_read_value (certificate, name, &version, &len); + +- /* require version 3 */ ++ /* Require version 3. */ + if (rc != ASN1_SUCCESS || len != 1) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Error reading certificate version"); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading certificate version"); + + if (version != 0x02) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Invalid x509 certificate version, expected v3 (0x02), got 0x%02x", ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "invalid x509 certificate version, expected v3 (0x02), got 0x%02x.", + version); + ++ results->version = version; ++ + return GRUB_ERR_NONE; + } + +-/* +- * This is an X.501 Name, which is complex. +- * +- * For simplicity, we extract only the CN. +- */ ++/* we extract only the CN and issuer. */ + static grub_err_t + read_name (asn1_node asn, const char *name_path, char **name, grub_size_t *name_size) + { +- int seq_components, set_components; +- int result; +- int i, j; ++ grub_int32_t seq_components, set_components; ++ grub_int32_t result; ++ grub_int32_t i, j; + char *top_path, *set_path, *type_path, *val_path; +- char type[MAX_OID_LEN]; +- int type_len = sizeof (type); +- int string_size = 0; ++ char type[GRUB_MAX_OID_LEN]; ++ grub_int32_t type_len = sizeof (type); ++ grub_int32_t string_size = 0; + char *string_der; + grub_err_t err; + + *name = NULL; + + top_path = grub_xasprintf ("%s.rdnSequence", name_path); +- if (!top_path) ++ if (top_path == NULL) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not allocate memory for %s name parsing path", name_path); ++ "could not allocate memory for %s name parsing path", name_path); + + result = asn1_number_of_elements (asn, top_path, &seq_components); + if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error counting name components: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error counting name components: %s", + asn1_strerror (result)); + goto cleanup; + } +@@ -387,26 +376,29 @@ read_name (asn1_node asn, const char *name_path, char **name, grub_size_t *name_ + for (i = 1; i <= seq_components; i++) + { + set_path = grub_xasprintf ("%s.?%d", top_path, i); +- if (!set_path) ++ if (set_path == NULL) + { +- err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "Could not allocate memory for %s name set parsing path", ++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "could not allocate memory for %s name set parsing path", + name_path); + goto cleanup_set; + } +- /* this brings us, hopefully, to a set */ ++ /* This brings us, hopefully, to a set. */ + result = asn1_number_of_elements (asn, set_path, &set_components); + if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error counting name sub-components components (element %d): %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "error counting name sub-components components (element %d): %s", + i, asn1_strerror (result)); + goto cleanup_set; + } + for (j = 1; j <= set_components; j++) + { + type_path = grub_xasprintf ("%s.?%d.?%d.type", top_path, i, j); +- if (!type_path) ++ if (type_path == NULL) + { +- err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "Could not allocate memory for %s name component type path", ++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "could not allocate memory for %s name component type path", + name_path); + goto cleanup_set; + } +@@ -414,7 +406,7 @@ read_name (asn1_node asn, const char *name_path, char **name, grub_size_t *name_ + result = asn1_read_value (asn, type_path, type, &type_len); + if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading %s name component type: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading %s name component type: %s", + name_path, asn1_strerror (result)); + goto cleanup_type; + } +@@ -426,15 +418,16 @@ read_name (asn1_node asn, const char *name_path, char **name, grub_size_t *name_ + } + + val_path = grub_xasprintf ("%s.?%d.?%d.value", top_path, i, j); +- if (!val_path) ++ if (val_path == NULL) + { +- err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "Could not allocate memory for %s name component value path", ++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "could not allocate memory for %s name component value path", + name_path); + goto cleanup_type; + } + + string_der = grub_asn1_allocate_and_read (asn, val_path, name_path, &string_size); +- if (!string_der) ++ if (string_der == NULL) + { + err = grub_errno; + goto cleanup_val_path; +@@ -449,8 +442,8 @@ read_name (asn1_node asn, const char *name_path, char **name, grub_size_t *name_ + grub_free (val_path); + break; + } ++ + grub_free (set_path); +- + if (*name) + break; + } +@@ -459,50 +452,48 @@ read_name (asn1_node asn, const char *name_path, char **name, grub_size_t *name_ + + return GRUB_ERR_NONE; + +-cleanup_string: ++ cleanup_string: + grub_free (string_der); +-cleanup_val_path: ++ cleanup_val_path: + grub_free (val_path); +-cleanup_type: ++ cleanup_type: + grub_free (type_path); +-cleanup_set: ++ cleanup_set: + grub_free (set_path); +-cleanup: ++ cleanup: + grub_free (top_path); ++ + return err; + } + +-/* +- * Verify the Key Usage extension. +- * We require the Digital Signature usage. +- */ ++/* Verify the Key Usage extension. We require the Digital Signature usage. */ + static grub_err_t +-verify_key_usage (grub_uint8_t *value, int value_size) ++verify_key_usage (grub_uint8_t *value, grub_int32_t value_size) + { + asn1_node usageasn; +- int result; ++ grub_int32_t result; + grub_err_t err = GRUB_ERR_NONE; + grub_uint8_t usage = 0xff; +- int usage_size = sizeof (usage_size); ++ grub_int32_t usage_size = sizeof (usage_size); + +- result = asn1_create_element (_gnutls_pkix_asn, "PKIX1.KeyUsage", &usageasn); ++ result = asn1_create_element (grub_gnutls_pkix_asn, "PKIX1.KeyUsage", &usageasn); + if (result != ASN1_SUCCESS) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not create ASN.1 structure for key usage"); ++ "could not create ASN.1 structure for key usage"); + + result = asn1_der_decoding2 (&usageasn, value, &value_size, + ASN1_DECODE_FLAG_STRICT_DER, asn1_error); + if (result != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Error parsing DER for Key Usage: %s", asn1_error); ++ "error parsing DER for Key Usage: %s", asn1_error); + goto cleanup; + } + + result = asn1_read_value (usageasn, "", &usage, &usage_size); + if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading Key Usage value: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading Key Usage value: %s", + asn1_strerror (result)); + goto cleanup; + } +@@ -510,12 +501,13 @@ verify_key_usage (grub_uint8_t *value, int value_size) + if (!(usage & digitalSignatureUsage)) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Key Usage (0x%x) missing Digital Signature usage", usage); ++ "key usage (0x%x) missing Digital Signature usage", usage); + goto cleanup; + } + +-cleanup: ++ cleanup: + asn1_delete_structure (&usageasn); ++ + return err; + } + +@@ -525,95 +517,94 @@ cleanup: + * pathLenConstraint INTEGER (0..MAX) OPTIONAL } + */ + static grub_err_t +-verify_basic_constraints (grub_uint8_t *value, int value_size) ++verify_basic_constraints (grub_uint8_t *value, grub_int32_t value_size) + { + asn1_node basicasn; +- int result; ++ grub_int32_t result; + grub_err_t err = GRUB_ERR_NONE; +- char cA[6]; /* FALSE or TRUE */ +- int cA_size = sizeof (cA); ++ char cA[6]; /* FALSE or TRUE. */ ++ grub_int32_t cA_size = sizeof (cA); + +- result = asn1_create_element (_gnutls_pkix_asn, "PKIX1.BasicConstraints", &basicasn); ++ result = asn1_create_element (grub_gnutls_pkix_asn, "PKIX1.BasicConstraints", &basicasn); + if (result != ASN1_SUCCESS) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not create ASN.1 structure for Basic Constraints"); ++ "could not create ASN.1 structure for Basic Constraints"); + + result = asn1_der_decoding2 (&basicasn, value, &value_size, + ASN1_DECODE_FLAG_STRICT_DER, asn1_error); + if (result != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Error parsing DER for Basic Constraints: %s", asn1_error); ++ "error parsing DER for Basic Constraints: %s", asn1_error); + goto cleanup; + } + + result = asn1_read_value (basicasn, "cA", cA, &cA_size); + if (result == ASN1_ELEMENT_NOT_FOUND) + { +- /* Not present, default is False, so this is OK */ ++ /* Not present, default is False, so this is OK. */ + err = GRUB_ERR_NONE; + goto cleanup; + } + else if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading Basic Constraints cA value: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading Basic Constraints cA value: %s", + asn1_strerror (result)); + goto cleanup; + } + +- /* The certificate must not be a CA certificate */ ++ /* The certificate must not be a CA certificate. */ + if (grub_strncmp ("FALSE", cA, cA_size) != 0) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected CA value: %s", cA); ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "unexpected CA value: %s", cA); + goto cleanup; + } + +-cleanup: ++ cleanup: + asn1_delete_structure (&basicasn); ++ + return err; + } + + /* +- * Verify the Extended Key Usage extension. +- * We require the Code Signing usage. ++ * Verify the Extended Key Usage extension. We require the Code Signing usage. + * + * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId + * + * KeyPurposeId ::= OBJECT IDENTIFIER + */ + static grub_err_t +-verify_extended_key_usage (grub_uint8_t *value, int value_size) ++verify_extended_key_usage (grub_uint8_t *value, grub_int32_t value_size) + { + asn1_node extendedasn; +- int result, count, i = 0; ++ grub_int32_t result, count, i = 0; + grub_err_t err = GRUB_ERR_NONE; +- char usage[MAX_OID_LEN], name[3]; +- int usage_size = sizeof (usage); ++ char usage[GRUB_MAX_OID_LEN], name[3]; ++ grub_int32_t usage_size = sizeof (usage); + +- result = asn1_create_element (_gnutls_pkix_asn, "PKIX1.ExtKeyUsageSyntax", &extendedasn); ++ result = asn1_create_element (grub_gnutls_pkix_asn, "PKIX1.ExtKeyUsageSyntax", &extendedasn); + if (result != ASN1_SUCCESS) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not create ASN.1 structure for Extended Key Usage"); ++ "could not create ASN.1 structure for Extended Key Usage"); + + result = asn1_der_decoding2 (&extendedasn, value, &value_size, + ASN1_DECODE_FLAG_STRICT_DER, asn1_error); + if (result != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Error parsing DER for Extended Key Usage: %s", asn1_error); ++ "error parsing DER for Extended Key Usage: %s", asn1_error); + goto cleanup; + } + +- /* If EKUs are present, it checks the presents of Code Signing usage */ ++ /* If EKUs are present, it checks the presents of Code Signing usage. */ + result = asn1_number_of_elements (extendedasn, "", &count); + if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error counting number of Extended Key Usages: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error counting number of Extended Key Usages: %s", + asn1_strerror (result)); + goto cleanup; + } + +- + for (i = 1; i < count + 1; i++) + { + grub_memset (name, 0, sizeof (name)); +@@ -621,7 +612,7 @@ verify_extended_key_usage (grub_uint8_t *value, int value_size) + result = asn1_read_value (extendedasn, name, usage, &usage_size); + if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading Extended Key Usage: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading Extended Key Usage: %s", + asn1_strerror (result)); + goto cleanup; + } +@@ -630,10 +621,11 @@ verify_extended_key_usage (grub_uint8_t *value, int value_size) + goto cleanup; + } + +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Extended Key Usage missing Code Signing usage"); +-cleanup: ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "extended key usage missing Code Signing usage"); ++ ++ cleanup: + asn1_delete_structure (&extendedasn); ++ + return err; + } + +@@ -658,34 +650,34 @@ cleanup: + static grub_err_t + verify_extensions (asn1_node cert) + { +- int result; +- int ext, num_extensions = 0; +- int usage_present = 0, constraints_present = 0, extended_usage_present = 0; ++ grub_int32_t result; ++ grub_int32_t ext, num_extensions = 0; ++ grub_int32_t usage_present = 0, constraints_present = 0, extended_usage_present = 0; + char *oid_path, *critical_path, *value_path; +- char extnID[MAX_OID_LEN]; +- int extnID_size; ++ char extnID[GRUB_MAX_OID_LEN]; ++ grub_int32_t extnID_size; + grub_err_t err; +- char critical[6]; /* we get either "TRUE" or "FALSE" */ +- int critical_size; ++ char critical[6]; /* We get either "TRUE" or "FALSE". */ ++ grub_int32_t critical_size; + grub_uint8_t *value; +- int value_size; ++ grub_int32_t value_size; + + result = asn1_number_of_elements (cert, "tbsCertificate.extensions", &num_extensions); + if (result != ASN1_SUCCESS) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error counting number of extensions: %s", ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "error counting number of extensions: %s", + asn1_strerror (result)); + + if (num_extensions < 2) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Insufficient number of extensions for certificate, need at least 2, got %d", ++ "insufficient number of extensions for certificate, need at least 2, got %d", + num_extensions); + + for (ext = 1; ext <= num_extensions; ext++) + { + oid_path = grub_xasprintf ("tbsCertificate.extensions.?%d.extnID", ext); +- if (!oid_path) ++ if (oid_path == NULL) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error extension OID path is empty"); ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error extension OID path is empty"); + return err; + } + +@@ -693,15 +685,15 @@ verify_extensions (asn1_node cert) + result = asn1_read_value (cert, oid_path, extnID, &extnID_size); + if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading extension OID: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading extension OID: %s", + asn1_strerror (result)); + goto cleanup_oid_path; + } + + critical_path = grub_xasprintf ("tbsCertificate.extensions.?%d.critical", ext); +- if (!critical_path) ++ if (critical_path == NULL) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error critical path is empty"); ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error critical path is empty"); + goto cleanup_oid_path; + } + +@@ -711,29 +703,29 @@ verify_extensions (asn1_node cert) + critical[0] = '\0'; + else if (result != ASN1_SUCCESS) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error reading extension criticality: %s", ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error reading extension criticality: %s", + asn1_strerror (result)); + goto cleanup_critical_path; + } + + value_path = grub_xasprintf ("tbsCertificate.extensions.?%d.extnValue", ext); +- if (!value_path) ++ if (value_path == NULL) + { +- err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Error extnValue path is empty"); ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "error extnValue path is empty"); + goto cleanup_critical_path; + } + + value = grub_asn1_allocate_and_read (cert, value_path, + "certificate extension value", &value_size); +- if (!value) ++ if (value == NULL) + { + err = grub_errno; + goto cleanup_value_path; + } + + /* +- * Now we must see if we recognise the OID. +- * If we have an unrecognised critical extension we MUST bail. ++ * Now we must see if we recognise the OID. If we have an unrecognised ++ * critical extension we MUST bail. + */ + if (grub_strncmp (keyUsage_oid, extnID, extnID_size) == 0) + { +@@ -762,11 +754,11 @@ verify_extensions (asn1_node cert) + else if (grub_strncmp ("TRUE", critical, critical_size) == 0) + { + /* +- * per the RFC, we must not process a certificate with +- * a critical extension we do not understand. ++ * Per the RFC, we must not process a certificate with a critical ++ * extension we do not understand. + */ + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Unhandled critical x509 extension with OID %s", extnID); ++ "unhandled critical x509 extension with OID %s", extnID); + goto cleanup_value; + } + +@@ -777,60 +769,78 @@ verify_extensions (asn1_node cert) + } + + if (usage_present != 1) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected number of Key Usage extensions " +- "- expected 1, got %d", usage_present); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "unexpected number of Key Usage extensions - expected 1, got %d", ++ usage_present); + + if (constraints_present != 1) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected number of basic constraints extensions " +- "- expected 1, got %d", constraints_present); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "unexpected number of basic constraints extensions - expected 1, got %d", ++ constraints_present); + + if (extended_usage_present > 1) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected number of Extended Key Usage extensions " +- "- expected 0 or 1, got %d", extended_usage_present); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "unexpected number of Extended Key Usage extensions - expected 0 or 1, got %d", ++ extended_usage_present); + + return GRUB_ERR_NONE; + +-cleanup_value: ++ cleanup_value: + grub_free (value); +-cleanup_value_path: ++ cleanup_value_path: + grub_free (value_path); +-cleanup_critical_path: ++ cleanup_critical_path: + grub_free (critical_path); +-cleanup_oid_path: ++ cleanup_oid_path: + grub_free (oid_path); + + return err; + } + ++static void ++add_cert_fingerprint (const void *data, const grub_size_t data_size, ++ grub_x509_cert_t *const cert) ++{ ++ /* Add SHA256 hash of certificate. */ ++ grub_crypto_hash ((gcry_md_spec_t *) &_gcry_digest_spec_sha256, ++ &cert->fingerprint[GRUB_FINGERPRINT_SHA256], data, data_size); ++ /* Add SHA384 hash of certificate. */ ++ grub_crypto_hash ((gcry_md_spec_t *) &_gcry_digest_spec_sha384, ++ &cert->fingerprint[GRUB_FINGERPRINT_SHA384], data, data_size); ++ /* Add SHA512 hash of certificate. */ ++ grub_crypto_hash ((gcry_md_spec_t *) &_gcry_digest_spec_sha512, ++ &cert->fingerprint[GRUB_FINGERPRINT_SHA512], data, data_size); ++} ++ + /* + * Parse a certificate whose DER-encoded form is in @data, of size @data_size. +- * Return the results in @results, which must point to an allocated x509 certificate. ++ * Return the results in @results, which must point to an allocated x509 ++ * certificate. + */ + grub_err_t +-parse_x509_certificate (const void *data, grub_size_t data_size, struct x509_certificate *results) ++grub_x509_cert_parse (const void *data, grub_size_t data_size, grub_x509_cert_t *results) + { +- int result = 0; ++ grub_int32_t result = 0; + asn1_node cert; + grub_err_t err; +- int size; +- int tmp_size; ++ grub_int32_t tmp_size; ++ grub_int32_t size = (grub_int32_t) data_size; + +- if (data_size > GRUB_INT_MAX) ++ if (data_size > GRUB_UINT_MAX) + return grub_error (GRUB_ERR_OUT_OF_RANGE, +- "Cannot parse a certificate where data size > INT_MAX"); +- size = (int) data_size; ++ "cannot parse a certificate where data size > GRUB_UINT_MAX"); + +- result = asn1_create_element (_gnutls_pkix_asn, "PKIX1.Certificate", &cert); ++ result = asn1_create_element (grub_gnutls_pkix_asn, "PKIX1.Certificate", &cert); + if (result != ASN1_SUCCESS) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- "Could not create ASN.1 structure for certificate: %s", ++ "could not create ASN.1 structure for certificate: %s", + asn1_strerror (result)); + + result = asn1_der_decoding2 (&cert, data, &size, ASN1_DECODE_FLAG_STRICT_DER, asn1_error); + if (result != ASN1_SUCCESS) + { + err = grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "Could not parse DER for certificate: %s", asn1_error); ++ "could not parse DER for certificate: %s", asn1_error); + goto cleanup; + } + +@@ -838,7 +848,7 @@ parse_x509_certificate (const void *data, grub_size_t data_size, struct x509_cer + * TBSCertificate ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1 + */ +- err = check_version (cert); ++ err = check_version (cert, results); + if (err != GRUB_ERR_NONE) + goto cleanup; + +@@ -849,14 +859,14 @@ parse_x509_certificate (const void *data, grub_size_t data_size, struct x509_cer + */ + results->serial = grub_asn1_allocate_and_read (cert, "tbsCertificate.serialNumber", + "certificate serial number", &tmp_size); +- if (!results->serial) ++ if (results->serial == NULL) + { + err = grub_errno; + goto cleanup; + } + /* + * It's safe to cast the signed int to an unsigned here, we know +- * length is non-negative ++ * length is non-negative. + */ + results->serial_len = tmp_size; + +@@ -867,14 +877,6 @@ parse_x509_certificate (const void *data, grub_size_t data_size, struct x509_cer + * as we don't attempt x509 verification. + */ + +- /* +- * issuer Name, +- * +- * The RFC only requires the serial number to be unique within +- * issuers, so to avoid ambiguity we _technically_ ought to make +- * this available. +- */ +- + /* + * validity Validity, + * +@@ -886,6 +888,15 @@ parse_x509_certificate (const void *data, grub_size_t data_size, struct x509_cer + * platforms. For now we do not parse them. + */ + ++ /* ++ * issuer Name, ++ * ++ * This is an X501 name, we parse out just the issuer. ++ */ ++ err = read_name (cert, "tbsCertificate.issuer", &results->issuer, &results->issuer_len); ++ if (err != GRUB_ERR_NONE) ++ goto cleanup_serial; ++ + /* + * subject Name, + * +@@ -893,7 +904,7 @@ parse_x509_certificate (const void *data, grub_size_t data_size, struct x509_cer + */ + err = read_name (cert, "tbsCertificate.subject", &results->subject, &results->subject_len); + if (err != GRUB_ERR_NONE) +- goto cleanup_serial; ++ goto cleanup_issuer; + + /* + * TBSCertificate ::= SEQUENCE { +@@ -912,7 +923,6 @@ parse_x509_certificate (const void *data, grub_size_t data_size, struct x509_cer + * -- If present, version MUST be v3 + * } + */ +- + err = verify_extensions (cert); + if (err != GRUB_ERR_NONE) + goto cleanup_mpis; +@@ -922,32 +932,39 @@ parse_x509_certificate (const void *data, grub_size_t data_size, struct x509_cer + * as discussed we do not try to validate the certificate but trust + * it implictly. + */ +- + asn1_delete_structure (&cert); ++ ++ /* Add the fingerprint of the certificate. */ ++ add_cert_fingerprint (data, data_size, results); ++ + return GRUB_ERR_NONE; + +-cleanup_mpis: +- gcry_mpi_release (results->mpis[0]); +- gcry_mpi_release (results->mpis[1]); +-cleanup_name: ++ cleanup_mpis: ++ _gcry_mpi_release (results->mpis[GRUB_RSA_PK_MODULUS]); ++ _gcry_mpi_release (results->mpis[GRUB_RSA_PK_EXPONENT]); ++ cleanup_name: + grub_free (results->subject); +-cleanup_serial: ++ cleanup_issuer: ++ grub_free (results->issuer); ++ cleanup_serial: + grub_free (results->serial); +-cleanup: ++ cleanup: + asn1_delete_structure (&cert); ++ + return err; + } + + /* +- * Release all the storage associated with the x509 certificate. +- * If the caller dynamically allocated the certificate, it must free it. +- * The caller is also responsible for maintenance of the linked list. ++ * Release all the storage associated with the x509 certificate. If the caller ++ * dynamically allocated the certificate, it must free it. The caller is also ++ * responsible for maintenance of the linked list. + */ + void +-certificate_release (struct x509_certificate *cert) ++grub_x509_cert_release (grub_x509_cert_t *cert) + { ++ grub_free (cert->issuer); + grub_free (cert->subject); + grub_free (cert->serial); +- gcry_mpi_release (cert->mpis[0]); +- gcry_mpi_release (cert->mpis[1]); ++ _gcry_mpi_release (cert->mpis[GRUB_RSA_PK_MODULUS]); ++ _gcry_mpi_release (cert->mpis[GRUB_RSA_PK_EXPONENT]); + } +diff --git a/include/grub/crypto.h b/include/grub/crypto.h +index 21cd1f7..f047743 100644 +--- a/include/grub/crypto.h ++++ b/include/grub/crypto.h +@@ -369,6 +369,7 @@ grub_crypto_hmac_buffer (const struct gcry_md_spec *md, + extern gcry_md_spec_t _gcry_digest_spec_md5; + extern gcry_md_spec_t _gcry_digest_spec_sha1; + extern gcry_md_spec_t _gcry_digest_spec_sha256; ++extern gcry_md_spec_t _gcry_digest_spec_sha384; + extern gcry_md_spec_t _gcry_digest_spec_sha512; + extern gcry_md_spec_t _gcry_digest_spec_crc32; + extern gcry_cipher_spec_t _gcry_cipher_spec_aes; diff --git a/0490-powerpc-ieee1275-Enter-lockdown-based-on-ibm-secure-.patch b/0490-powerpc-ieee1275-Enter-lockdown-based-on-ibm-secure-.patch new file mode 100644 index 0000000..2ce4869 --- /dev/null +++ b/0490-powerpc-ieee1275-Enter-lockdown-based-on-ibm-secure-.patch @@ -0,0 +1,129 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:54:54 +0530 +Subject: [PATCH] powerpc/ieee1275: Enter lockdown based on /ibm, secure-boot + +Read secure boot mode from 'ibm,secure-boot' property and if the secure boot +mode is set to 2 (enforce), enter lockdown. Else it is considered as disabled. +There are three secure boot modes. They are + +0 - disabled + No signature verification is performed. This is the default. +1 - audit + Signature verification is performed and if signature verification fails, + display the errors and allow the boot to continue. +2 - enforce + Lockdown the GRUB. Signature verification is performed and if signature + verification fails, display the errors and stop the boot. + +Now, only support disabled and enforce. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/kern/ieee1275/init.c | 56 ++++++++++++++++++++++++++++-------------- + 1 file changed, 37 insertions(+), 19 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index b853f04..244d86c 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -46,9 +46,16 @@ + #ifdef __sparc__ + #include + #endif ++#if defined(__powerpc__) + #include + #include + #include ++#endif ++ ++#ifdef __powerpc__ ++#define GRUB_SB_DISABLED ((grub_uint32_t) 0) ++#define GRUB_SB_ENFORCE ((grub_uint32_t) 2) ++#endif + + /* The maximum heap size we're going to claim at boot. Not used by sparc. */ + #ifdef __i386__ +@@ -952,40 +959,49 @@ grub_parse_cmdline (void) + } + } + } +- ++#ifdef __powerpc__ + static void +-grub_get_ieee1275_secure_boot (void) ++grub_ieee1275_get_secure_boot (void) + { + grub_ieee1275_phandle_t root; +- int rc; +- grub_uint32_t is_sb = 0; ++ grub_uint32_t sb_mode = GRUB_SB_DISABLED; ++ grub_int32_t rc; + +- grub_ieee1275_finddevice ("/", &root); ++ rc = grub_ieee1275_finddevice ("/", &root); ++ if (rc != 0) ++ { ++ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "couldn't find / node"); ++ return; ++ } + +- rc = grub_ieee1275_get_integer_property (root, "ibm,secure-boot", &is_sb, +- sizeof (is_sb), 0); +- +- /* ibm,secure-boot: ++ rc = grub_ieee1275_get_integer_property (root, "ibm,secure-boot", &sb_mode, sizeof (sb_mode), 0); ++ if (rc != 0) ++ { ++ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "couldn't examine /ibm,secure-boot property"); ++ return; ++ } ++ /* ++ * Secure Boot Mode: + * 0 - disabled ++ * No signature verification is performed. This is the default. + * 1 - audit ++ * Signature verification is performed and if signature verification ++ * fails, display the errors and allow the boot to continue. + * 2 - enforce +- * 3 - enforce + OS-specific behaviour ++ * Lockdown the GRUB. Signature verification is performed and If ++ * signature verification fails, display the errors and stop the boot. + * +- * We only support enforce. ++ * Now, only support disabled and enforce. + */ +- if (rc >= 0 && is_sb >= 2) ++ if (sb_mode == GRUB_SB_ENFORCE) + { + grub_dprintf ("ieee1275", "Secure Boot Enabled\n"); +- rc = grub_pks_keystore_init (); +- if (rc != GRUB_ERR_NONE) +- grub_error (rc, "Initialization of the Platform Keystore failed!\n"); +- + grub_lockdown (); + } + else +- grub_dprintf ("ieee1275", "Secure Boot Disabled\n"); ++ grub_dprintf ("ieee1275", "Secure Boot Disabled\n"); + } +- ++#endif /* __powerpc__ */ + grub_addr_t grub_modbase; + + void +@@ -1012,7 +1028,9 @@ grub_machine_init (void) + grub_install_get_time_ms (grub_rtc_get_time_ms); + #endif + +- grub_get_ieee1275_secure_boot (); ++#ifdef __powerpc__ ++ grub_ieee1275_get_secure_boot (); ++#endif + } + + void diff --git a/0491-appended-signatures-Support-verifying-appended-signa.patch b/0491-appended-signatures-Support-verifying-appended-signa.patch new file mode 100644 index 0000000..ded332d --- /dev/null +++ b/0491-appended-signatures-Support-verifying-appended-signa.patch @@ -0,0 +1,1762 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 12 Nov 2025 14:19:31 -0500 +Subject: [PATCH] appended signatures: Support verifying appended signatures + +Building on the parsers and the ability to embed X.509 certificates, as well +as the existing gcrypt functionality, add a module for verifying appended +signatures. + +This includes a signature verifier that requires that the Linux kernel and +GRUB modules have appended signatures for verification. + +Signature verification must be enabled by setting check_appended_signatures. +If secure boot is enabled with enforce mode when the appendedsig module is +loaded, signature verification will be enabled, and trusted keys will be +extracted from the GRUB ELF Note and stored in the db and locked automatically. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/Makefile.core.def | 7 +- + grub-core/commands/appendedsig/appendedsig.c | 1492 ++++++-------------------- + include/grub/err.h | 3 +- + 3 files changed, 338 insertions(+), 1164 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 4588fa7..f6adec2 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1006,8 +1006,11 @@ module = { + common = commands/appendedsig/asn1util.c; + common = commands/appendedsig/gnutls_asn1_tab.c; + common = commands/appendedsig/pkix_asn1_tab.c; +- cflags = '$(CFLAGS_POSIX)'; +- cppflags = '-I$(srcdir)/lib/posix_wrap'; ++ enable = emu; ++ enable = powerpc_ieee1275; ++ cflags = '$(CFLAGS_GCRY) -Wno-redundant-decls'; ++ cppflags = '$(CPPFLAGS_GCRY) -I$(srcdir)/lib/libtasn1-grub'; ++ depends = crypto, gcry_rsa, gcry_sha256, gcry_sha512, mpi, asn1; + }; + + module = { +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +index b8548f8..e53efd2 100644 +--- a/grub-core/commands/appendedsig/appendedsig.c ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -1,7 +1,7 @@ + /* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2020, 2021, 2022 Free Software Foundation, Inc. +- * Copyright (C) 2020, 2021, 2022 IBM Corporation ++ * Copyright (C) 2020, 2021, 2022, 2025 IBM Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -25,21 +25,25 @@ + #include + #include + #include +-#include + #include + #include + #include + #include + #include +-#include ++#include + #include + #include +-#include ++ + #include "appendedsig.h" + + GRUB_MOD_LICENSE ("GPLv3+"); + +-const char magic[] = "~Module signature appended~\n"; ++/* Public key type. */ ++#define PKEY_ID_PKCS7 2 ++ ++/* Appended signature magic string and size. */ ++#define SIG_MAGIC "~Module signature appended~\n" ++#define SIG_MAGIC_SIZE ((sizeof(SIG_MAGIC) - 1)) + + /* + * This structure is extracted from scripts/sign-file.c in the linux kernel +@@ -47,899 +51,429 @@ const char magic[] = "~Module signature appended~\n"; + */ + struct module_signature + { +- grub_uint8_t algo; /* Public-key crypto algorithm [0] */ +- grub_uint8_t hash; /* Digest algorithm [0] */ +- grub_uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */ +- grub_uint8_t signer_len; /* Length of signer's name [0] */ +- grub_uint8_t key_id_len; /* Length of key identifier [0] */ ++ grub_uint8_t algo; /* Public-key crypto algorithm [0]. */ ++ grub_uint8_t hash; /* Digest algorithm [0]. */ ++ grub_uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7]. */ ++ grub_uint8_t signer_len; /* Length of signer's name [0]. */ ++ grub_uint8_t key_id_len; /* Length of key identifier [0]. */ + grub_uint8_t __pad[3]; +- grub_uint32_t sig_len; /* Length of signature data */ ++ grub_uint32_t sig_len; /* Length of signature data. */ + } GRUB_PACKED; + +-/* This represents an entire, parsed, appended signature */ +-struct grub_appended_signature +-{ +- grub_size_t signature_len; /* Length of PKCS#7 data + metadata + magic */ +- struct module_signature sig_metadata; /* Module signature metadata */ +- struct pkcs7_signedData pkcs7; /* Parsed PKCS#7 data */ +-}; ++#define SIG_METADATA_SIZE (sizeof (struct module_signature)) ++#define APPENDED_SIG_SIZE(pkcs7_data_size) \ ++ (pkcs7_data_size + SIG_MAGIC_SIZE + SIG_METADATA_SIZE) + +-/* This represents a trusted/distrusted list*/ +-struct grub_database ++/* This represents an entire, parsed, appended signature. */ ++struct appended_signature + { +- struct x509_certificate *keys; /* Certificates */ +- grub_size_t key_entries; /* Number of certificates */ +- grub_uint8_t **signatures; /* Certificate/binary hashes */ +- grub_size_t *signature_size; /* Size of certificate/binary hashes */ +- grub_size_t signature_entries; /* Number of certificate/binary hashes */ ++ struct module_signature sig_metadata; /* Module signature metadata. */ ++ grub_pkcs7_data_t pkcs7; /* Parsed PKCS#7 data. */ ++ grub_size_t signature_len; /* Length of PKCS#7 data + metadata + magic. */ + }; ++typedef struct appended_signature sb_appendedsig_t; + +-/* Trusted list */ +-struct grub_database db = {.keys = NULL, .key_entries = 0, .signatures = NULL, +- .signature_size = NULL, .signature_entries = 0}; +- +-/* Distrusted list */ +-struct grub_database dbx = {.signatures = NULL, .signature_size = NULL, +- .signature_entries = 0}; +- +-/* +- * Force gcry_rsa to be a module dependency. +- * +- * If we use grub_crypto_pk_rsa, then then the gcry_rsa module won't be built +- * in if you add 'appendedsig' to grub-install --modules. You would need to +- * add 'gcry_rsa' too. That's confusing and seems suboptimal, especially when +- * we only support RSA. +- * +- * Dynamic loading also causes some concerns. We can't load gcry_rsa from the +- * the filesystem after we install the verifier - we won't be able to verify +- * it without having it already present. We also shouldn't load it before we +- * install the verifier, because that would mean it wouldn't be verified - an +- * attacker could insert any code they wanted into the module. +- * +- * So instead, reference the internal symbol from gcry_rsa. That creates a +- * direct dependency on gcry_rsa, so it will be built in when this module +- * is built in. Being built in (assuming the core image is itself signed!) +- * also resolves our concerns about loading from the filesystem. +- */ +-extern gcry_pk_spec_t _gcry_pubkey_spec_rsa; +-extern gcry_md_spec_t _gcry_digest_spec_sha224; +-extern gcry_md_spec_t _gcry_digest_spec_sha384; +- +-/* Free trusted list memory */ +-static void free_trusted_list (void); +-/* Free distrusted list memory */ +-static void free_distrusted_list (void); +- +-static enum ++/* This represents a trusted certificates. */ ++struct sb_database + { +- check_sigs_no = 0, +- check_sigs_enforce = 1, +- check_sigs_forced = 2 +-} check_sigs = check_sigs_no; +- +-enum +-{ +- OPTION_BINARY_HASH = 0, +- OPTION_CERT_HASH = 1 ++ grub_x509_cert_t *certs; /* Certificates. */ ++ grub_uint32_t cert_entries; /* Number of certificates. */ + }; ++typedef struct sb_database sb_database_t; + +-static const struct grub_arg_option options[] = +-{ +- {"binary-hash", 'b', 0, N_("hash file of the binary."), 0, ARG_TYPE_NONE}, +- {"cert-hash", 'c', 1, N_("hash file of the certificate."), 0, ARG_TYPE_NONE}, +- {0, 0, 0, 0, 0, 0} +-}; +- +-static void +-print_hex (const grub_uint8_t *data, const grub_size_t length) +-{ +- grub_size_t i, count = 0; +- for (i = 0; i < length-1; i++) +- { +- grub_printf ("%02x:", data[i]); +- count++; +- if (count == 16) +- { +- grub_printf ("\n\t "); +- count = 0; +- } +- } +- grub_printf ("%02x\n", data[i]); +-} ++/* The db list is used to validate appended signatures. */ ++static sb_database_t db = {.certs = NULL, .cert_entries = 0}; + + /* +- * GUID can be used to determine the hashing function and +- * generate the hash using determined hashing function. ++ * Signature verification flag (check_sigs). ++ * check_sigs: false ++ * - No signature verification. This is the default. ++ * check_sigs: true ++ * - Enforce signature verification, and if signature verification fails, post ++ * the errors and stop the boot. + */ +-static grub_err_t +-get_hash (const grub_uuid_t *guid, const grub_uint8_t *data, const grub_size_t data_size, +- grub_uint8_t *hash, grub_size_t *hash_size) +-{ +- gcry_md_spec_t *hash_func = NULL; +- +- if (guid == NULL) +- return grub_error (GRUB_ERR_OUT_OF_RANGE, "GUID is null"); +- +- if (grub_memcmp (guid, &GRUB_PKS_CERT_SHA256_GUID, GRUB_UUID_SIZE) == 0 || +- grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA256_GUID, GRUB_UUID_SIZE) == 0) +- hash_func = &_gcry_digest_spec_sha256; +- else if (grub_memcmp (guid, &GRUB_PKS_CERT_SHA384_GUID, GRUB_UUID_SIZE) == 0 || +- grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA384_GUID, GRUB_UUID_SIZE) == 0) +- hash_func = &_gcry_digest_spec_sha384; +- else if (grub_memcmp (guid, &GRUB_PKS_CERT_SHA512_GUID, GRUB_UUID_SIZE) == 0 || +- grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA512_GUID, GRUB_UUID_SIZE) == 0) +- hash_func = &_gcry_digest_spec_sha512; +- else +- return grub_error (GRUB_ERR_OUT_OF_RANGE, "Unsupported GUID for hash"); +- +- grub_memset (hash, 0, GRUB_MAX_HASH_SIZE); +- grub_crypto_hash (hash_func, hash, data, data_size); +- *hash_size = hash_func->mdlen; +- +- return GRUB_ERR_NONE; +-} ++static bool check_sigs = false; + +-/* Add the certificate/binary hash into the trusted/distrusted list */ +-static grub_err_t +-add_hash (const grub_uint8_t **data, const grub_size_t data_size, +- grub_uint8_t ***signature_list, grub_size_t **signature_size_list, +- grub_size_t *signature_list_entries) ++static grub_ssize_t ++pseudo_read (struct grub_file *file, char *buf, grub_size_t len) + { +- grub_uint8_t **signatures = *signature_list; +- grub_size_t *signature_size = *signature_size_list; +- grub_size_t signature_entries = *signature_list_entries; +- +- if (*data == NULL || data_size == 0) +- return grub_error (GRUB_ERR_OUT_OF_RANGE, "certificate/binary hash data/size is null"); +- +- signatures = grub_realloc (signatures, sizeof (grub_uint8_t *) * (signature_entries + 1)); +- signature_size = grub_realloc (signature_size, +- sizeof (grub_size_t) * (signature_entries + 1)); +- +- if (signatures == NULL || signature_size == NULL) +- { +- /* +- * allocated memory will be freed by +- * free_trusted_list/free_distrusted_list +- */ +- if (signatures != NULL) +- { +- *signature_list = signatures; +- *signature_list_entries = signature_entries + 1; +- } +- +- if (signature_size != NULL) +- *signature_size_list = signature_size; +- +- return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); +- } +- +- signatures[signature_entries] = (grub_uint8_t *) *data; +- signature_size[signature_entries] = data_size; +- signature_entries++; +- *data = NULL; +- +- *signature_list = signatures; +- *signature_size_list = signature_size; +- *signature_list_entries = signature_entries; +- +- return GRUB_ERR_NONE; ++ grub_memcpy (buf, (grub_uint8_t *) file->data + file->offset, len); ++ return len; + } + +-static int +-is_x509 (const grub_uuid_t *guid) +-{ +- if (grub_memcmp (guid, &GRUB_PKS_CERT_X509_GUID, GRUB_UUID_SIZE) == 0) +- return GRUB_ERR_NONE; +- +- return GRUB_ERR_UNKNOWN_COMMAND; +-} ++/* Filesystem descriptor. */ ++static struct grub_fs pseudo_fs = { ++ .name = "pseudo", ++ .fs_read = pseudo_read ++}; + +-static int +-is_cert_match (const struct x509_certificate *distrusted_cert, +- const struct x509_certificate *db_cert) ++static bool ++is_cert_match (const grub_x509_cert_t *cert1, const grub_x509_cert_t *cert2) + { +- +- if (grub_memcmp (distrusted_cert->subject, db_cert->subject, db_cert->subject_len) == 0 +- && grub_memcmp (distrusted_cert->serial, db_cert->serial, db_cert->serial_len) == 0 +- && grub_memcmp (distrusted_cert->mpis[0], db_cert->mpis[0], sizeof (db_cert->mpis[0])) == 0 +- && grub_memcmp (distrusted_cert->mpis[1], db_cert->mpis[1], sizeof (db_cert->mpis[1])) == 0) +- return GRUB_ERR_NONE; +- +- return GRUB_ERR_UNKNOWN_COMMAND; ++ if (grub_memcmp (cert1->subject, cert2->subject, cert2->subject_len) == 0 ++ && grub_memcmp (cert1->issuer, cert2->issuer, cert2->issuer_len) == 0 ++ && grub_memcmp (cert1->serial, cert2->serial, cert2->serial_len) == 0 ++ && grub_memcmp (cert1->mpis[GRUB_RSA_PK_MODULUS], cert2->mpis[GRUB_RSA_PK_MODULUS], ++ sizeof (cert2->mpis[GRUB_RSA_PK_MODULUS])) == 0 ++ && grub_memcmp (cert1->mpis[GRUB_RSA_PK_EXPONENT], cert2->mpis[GRUB_RSA_PK_EXPONENT], ++ sizeof (cert2->mpis[GRUB_RSA_PK_EXPONENT])) == 0 ++ && grub_memcmp (cert1->fingerprint[GRUB_FINGERPRINT_SHA256], ++ cert2->fingerprint[GRUB_FINGERPRINT_SHA256], ++ grub_strlen ((char *) cert2->fingerprint[GRUB_FINGERPRINT_SHA256])) == 0) ++ return true; ++ ++ return false; + } + +-/* +- * Verify the certificate against the certificate from platform keystore buffer's +- * distrusted list. +- */ +-static grub_err_t +-is_distrusted_cert (const struct x509_certificate *db_cert) ++/* Check the certificate presence in the db list. */ ++static bool ++check_cert_presence (const grub_x509_cert_t *cert_in, const sb_database_t *sb_database) + { +- grub_err_t rc = GRUB_ERR_NONE; +- grub_size_t i = 0; +- struct x509_certificate *distrusted_cert = NULL; +- +- for (i = 0; i < grub_pks_keystore.dbx_entries; i++) +- { +- if (grub_pks_keystore.dbx[i].data == NULL) +- continue; +- +- if (is_x509 (&grub_pks_keystore.dbx[i].guid) == GRUB_ERR_NONE) +- { +- distrusted_cert = grub_zalloc (sizeof (struct x509_certificate)); +- if (distrusted_cert == NULL) +- return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); +- +- rc = parse_x509_certificate (grub_pks_keystore.dbx[i].data, +- grub_pks_keystore.dbx[i].data_size, distrusted_cert); +- if (rc != GRUB_ERR_NONE) +- { +- grub_free (distrusted_cert); +- continue; +- } +- +- if (is_cert_match (distrusted_cert, db_cert) == GRUB_ERR_NONE) +- { +- grub_printf ("Warning: a trusted certificate CN='%s' is ignored " +- "because it is on the distrusted list (dbx).\n", db_cert->subject); +- grub_free (grub_pks_keystore.dbx[i].data); +- grub_memset (&grub_pks_keystore.dbx[i], 0, sizeof (grub_pks_sd_t)); +- certificate_release (distrusted_cert); +- grub_free (distrusted_cert); +- return GRUB_ERR_ACCESS_DENIED; +- } ++ grub_x509_cert_t *cert; + +- certificate_release (distrusted_cert); +- grub_free (distrusted_cert); +- } +- } ++ for (cert = sb_database->certs; cert != NULL; cert = cert->next) ++ if (is_cert_match (cert, cert_in) == true) ++ return true; + +- return GRUB_ERR_NONE; ++ return false; + } + +-/* Add the certificate into the trusted/distrusted list */ ++/* Add the certificate into the db list */ + static grub_err_t + add_certificate (const grub_uint8_t *data, const grub_size_t data_size, +- struct grub_database *database, const grub_size_t is_db) ++ sb_database_t *sb_database) + { +- grub_err_t rc = GRUB_ERR_NONE; +- grub_size_t key_entries = database->key_entries; +- struct x509_certificate *cert = NULL; ++ grub_err_t rc; ++ grub_x509_cert_t *cert; + + if (data == NULL || data_size == 0) +- return grub_error (GRUB_ERR_OUT_OF_RANGE, "certificate data/size is null"); ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "certificate data or size is not available"); + +- cert = grub_zalloc (sizeof (struct x509_certificate)); ++ cert = grub_zalloc (sizeof (grub_x509_cert_t)); + if (cert == NULL) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); + +- rc = parse_x509_certificate (data, data_size, cert); ++ rc = grub_x509_cert_parse (data, data_size, cert); + if (rc != GRUB_ERR_NONE) + { +- grub_dprintf ("appendedsig", "skipping %s certificate (%d)\n", +- (is_db ? "trusted":"distrusted"), rc); ++ grub_dprintf ("appendedsig", "cannot add a certificate CN='%s' to the db list\n", ++ cert->subject); + grub_free (cert); + return rc; + } + +- if (is_db) ++ if (check_cert_presence (cert, sb_database) == true) + { +- rc = is_distrusted_cert (cert); +- if (rc != GRUB_ERR_NONE) +- { +- certificate_release (cert); +- grub_free (cert); +- return rc; +- } ++ grub_dprintf ("appendedsig", ++ "cannot add a certificate CN='%s', as it is present in the db list", ++ cert->subject); ++ grub_x509_cert_release (cert); ++ grub_free (cert); ++ ++ return GRUB_ERR_EXISTS; + } + +- grub_dprintf ("appendedsig", "add a %s certificate CN='%s'\n", +- (is_db ? "trusted":"distrusted"), cert->subject); ++ grub_dprintf ("appendedsig", "added a certificate CN='%s' to the db list\n", ++ cert->subject); + +- key_entries++; +- cert->next = database->keys; +- database->keys = cert; +- database->key_entries = key_entries; ++ cert->next = sb_database->certs; ++ sb_database->certs = cert; ++ sb_database->cert_entries++; + + return rc; + } + +-static const char * +-grub_env_read_sec (struct grub_env_var *var __attribute__ ((unused)), +- const char *val __attribute__ ((unused))) ++static grub_err_t ++file_read_whole (grub_file_t file, grub_uint8_t **buf, grub_size_t *len) + { +- if (check_sigs == check_sigs_forced) +- return "forced"; +- else if (check_sigs == check_sigs_enforce) +- return "enforce"; +- else +- return "no"; +-} ++ grub_off_t full_file_size; ++ grub_size_t file_size, total_read_size = 0; ++ grub_ssize_t read_size; + +-static char * +-grub_env_write_sec (struct grub_env_var *var __attribute__ ((unused)), const char *val) +-{ +- /* Do not allow the value to be changed if set to forced */ +- if (check_sigs == check_sigs_forced) +- return grub_strdup ("forced"); ++ full_file_size = grub_file_size (file); ++ if (full_file_size == GRUB_FILE_SIZE_UNKNOWN) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "cannot read a file of unknown size into a buffer"); ++ ++ if (full_file_size > GRUB_SIZE_MAX) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "file is too large to read: %" PRIuGRUB_OFFSET " bytes", ++ full_file_size); ++ ++ file_size = (grub_size_t) full_file_size; ++ *buf = grub_malloc (file_size); ++ if (*buf == NULL) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "could not allocate file data buffer size %" PRIuGRUB_SIZE, ++ file_size); ++ ++ while (total_read_size < file_size) ++ { ++ read_size = grub_file_read (file, *buf + total_read_size, file_size - total_read_size); ++ if (read_size < 0) ++ { ++ grub_free (*buf); ++ return grub_errno; ++ } ++ else if (read_size == 0) ++ { ++ grub_free (*buf); ++ return grub_error (GRUB_ERR_IO, ++ "could not read full file size " ++ "(%" PRIuGRUB_SIZE "), only %" PRIuGRUB_SIZE " bytes read", ++ file_size, total_read_size); ++ } ++ ++ total_read_size += read_size; ++ } + +- if ((*val == '2') || (*val == 'f')) +- check_sigs = check_sigs_forced; +- else if ((*val == '1') || (*val == 'e')) +- check_sigs = check_sigs_enforce; +- else if ((*val == '0') || (*val == 'n')) +- check_sigs = check_sigs_no; ++ *len = file_size; + +- return grub_strdup (grub_env_read_sec (NULL, NULL)); ++ return GRUB_ERR_NONE; + } + + static grub_err_t + extract_appended_signature (const grub_uint8_t *buf, grub_size_t bufsize, +- struct grub_appended_signature *sig) ++ sb_appendedsig_t *sig) + { +- grub_size_t pkcs7_size; +- grub_size_t remaining_len; +- const grub_uint8_t *appsigdata = buf + bufsize - grub_strlen (magic); ++ grub_size_t appendedsig_pkcs7_size; ++ grub_size_t signed_data_size = bufsize; ++ const grub_uint8_t *signed_data = buf; + +- if (bufsize < grub_strlen (magic)) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("File too short for signature magic")); ++ if (signed_data_size < SIG_MAGIC_SIZE) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, "file too short for signature magic"); + +- if (grub_memcmp (appsigdata, (grub_uint8_t *) magic, grub_strlen (magic))) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("Missing or invalid signature magic")); ++ /* Fast-forwarding pointer and get signature magic string. */ ++ signed_data += signed_data_size - SIG_MAGIC_SIZE; ++ if (grub_strncmp ((const char *) signed_data, SIG_MAGIC, SIG_MAGIC_SIZE)) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, "missing or invalid signature magic"); + +- remaining_len = bufsize - grub_strlen (magic); ++ signed_data_size -= SIG_MAGIC_SIZE; ++ if (signed_data_size < SIG_METADATA_SIZE) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, "file too short for signature metadata"); + +- if (remaining_len < sizeof (struct module_signature)) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("File too short for signature metadata")); ++ /* Rewind pointer and extract signature metadata. */ ++ signed_data -= SIG_METADATA_SIZE; ++ grub_memcpy (&(sig->sig_metadata), signed_data, SIG_METADATA_SIZE); + +- appsigdata -= sizeof (struct module_signature); ++ if (sig->sig_metadata.id_type != PKEY_ID_PKCS7) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, "wrong signature type"); + +- /* extract the metadata */ +- grub_memcpy (&(sig->sig_metadata), appsigdata, sizeof (struct module_signature)); ++ appendedsig_pkcs7_size = grub_be_to_cpu32 (sig->sig_metadata.sig_len); + +- remaining_len -= sizeof (struct module_signature); ++ signed_data_size -= SIG_METADATA_SIZE; ++ if (appendedsig_pkcs7_size > signed_data_size) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, "file too short for PKCS#7 message"); + +- if (sig->sig_metadata.id_type != 2) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("Wrong signature type")); ++ grub_dprintf ("appendedsig", "sig len %" PRIuGRUB_SIZE "\n", appendedsig_pkcs7_size); + +- pkcs7_size = grub_be_to_cpu32 (sig->sig_metadata.sig_len); ++ /* Appended signature size. */ ++ sig->signature_len = APPENDED_SIG_SIZE (appendedsig_pkcs7_size); ++ /* Rewind pointer and parse appended pkcs7 data. */ ++ signed_data -= appendedsig_pkcs7_size; + +- if (pkcs7_size > remaining_len) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("File too short for PKCS#7 message")); +- +- grub_dprintf ("appendedsig", "sig len %" PRIuGRUB_SIZE "\n", pkcs7_size); +- +- sig->signature_len = grub_strlen (magic) + sizeof (struct module_signature) + pkcs7_size; +- +- /* rewind pointer and parse pkcs7 data */ +- appsigdata -= pkcs7_size; +- +- return parse_pkcs7_signedData (appsigdata, pkcs7_size, &sig->pkcs7); +-} +- +-static grub_err_t +-get_binary_hash (const grub_size_t binary_hash_size, const grub_uint8_t *data, +- const grub_size_t data_size, grub_uint8_t *hash, grub_size_t *hash_size) +-{ +- grub_uuid_t guid = { 0 }; +- +- /* support SHA256, SHA384 and SHA512 for binary hash */ +- if (binary_hash_size == 32) +- grub_memcpy (&guid, &GRUB_PKS_CERT_SHA256_GUID, GRUB_UUID_SIZE); +- else if (binary_hash_size == 48) +- grub_memcpy (&guid, &GRUB_PKS_CERT_SHA384_GUID, GRUB_UUID_SIZE); +- else if (binary_hash_size == 64) +- grub_memcpy (&guid, &GRUB_PKS_CERT_SHA512_GUID, GRUB_UUID_SIZE); +- else +- { +- grub_dprintf ("appendedsig", "unsupported hash type (%" PRIuGRUB_SIZE ") and skipping binary hash\n", +- binary_hash_size); +- return GRUB_ERR_UNKNOWN_COMMAND; +- } +- +- return get_hash (&guid, data, data_size, hash, hash_size); ++ return grub_pkcs7_data_parse (signed_data, appendedsig_pkcs7_size, &sig->pkcs7); + } + + /* +- * Verify binary hash against the list of binary hashes that are distrusted +- * and trusted. +- * The following errors can occur: +- * - GRUB_ERR_BAD_SIGNATURE: indicates that the hash is distrusted. +- * - GRUB_ERR_NONE: the hash is trusted, since it was found in the trusted hashes list +- * - GRUB_ERR_EOF: the hash could not be found in the hashes list ++ * Given a hash value 'hval', of hash specification 'hash', prepare the ++ * S-expressions (sexp) and perform the signature verification. + */ + static grub_err_t +-verify_binary_hash (const grub_uint8_t *data, const grub_size_t data_size) ++verify_signature (const gcry_mpi_t *pkmpi, const gcry_mpi_t hmpi, ++ const gcry_md_spec_t *hash, const grub_uint8_t *hval) + { +- grub_err_t rc = GRUB_ERR_NONE; +- grub_size_t i = 0, hash_size = 0; +- grub_uint8_t hash[GRUB_MAX_HASH_SIZE] = { 0 }; +- +- for (i = 0; i < dbx.signature_entries; i++) +- { +- rc = get_binary_hash (dbx.signature_size[i], data, data_size, hash, &hash_size); +- if (rc != GRUB_ERR_NONE) +- continue; +- +- if (hash_size == dbx.signature_size[i] && +- grub_memcmp (dbx.signatures[i], hash, hash_size) == 0) +- { +- grub_dprintf ("appendedsig", "the binary hash (%02x%02x%02x%02x) was listed as distrusted\n", +- hash[0], hash[1], hash[2], hash[3]); +- return GRUB_ERR_BAD_SIGNATURE; +- } +- } +- +- for (i = 0; i < db.signature_entries; i++) +- { +- rc = get_binary_hash (db.signature_size[i], data, data_size, hash, &hash_size); +- if (rc != GRUB_ERR_NONE) +- continue; +- +- if (hash_size == db.signature_size[i] && +- grub_memcmp (db.signatures[i], hash, hash_size) == 0) +- { +- grub_dprintf ("appendedsig", "verified with a trusted binary hash (%02x%02x%02x%02x)\n", +- hash[0], hash[1], hash[2], hash[3]); +- return GRUB_ERR_NONE; +- } +- } +- +- return GRUB_ERR_EOF; +-} ++ gcry_sexp_t hsexp, pubkey, sig; ++ grub_size_t errof; + ++ if (_gcry_sexp_build (&hsexp, &errof, "(data (flags %s) (hash %s %b))", "pkcs1", ++ hash->name, hash->mdlen, hval) != GPG_ERR_NO_ERROR) ++ return GRUB_ERR_BAD_SIGNATURE; ++ ++ if (_gcry_sexp_build (&pubkey, &errof, "(public-key (dsa (n %M) (e %M)))", ++ pkmpi[0], pkmpi[1]) != GPG_ERR_NO_ERROR) ++ return GRUB_ERR_BAD_SIGNATURE; ++ ++ if (_gcry_sexp_build (&sig, &errof, "(sig-val (rsa (s %M)))", hmpi) != GPG_ERR_NO_ERROR) ++ return GRUB_ERR_BAD_SIGNATURE; ++ ++ _gcry_sexp_dump (sig); ++ _gcry_sexp_dump (hsexp); ++ _gcry_sexp_dump (pubkey); ++ ++ if (grub_crypto_pk_rsa->verify (sig, hsexp, pubkey) != GPG_ERR_NO_ERROR) ++ return GRUB_ERR_BAD_SIGNATURE; ++ ++ return GRUB_ERR_NONE; ++} + +-/* +- * Verify the kernel's integrity, the trusted key will be used from +- * the trusted key list. If it fails, verify it against the list of binary hashes +- * that are distrusted and trusted. +- */ + static grub_err_t + grub_verify_appended_signature (const grub_uint8_t *buf, grub_size_t bufsize) + { +- grub_err_t err = GRUB_ERR_NONE; ++ grub_err_t err; + grub_size_t datasize; + void *context; +- unsigned char *hash; +- gcry_mpi_t hashmpi; +- gcry_err_code_t rc; +- struct x509_certificate *cert; +- struct grub_appended_signature sig; +- struct pkcs7_signerInfo *si; +- int i; ++ grub_uint8_t *hash; ++ grub_x509_cert_t *pk; ++ sb_appendedsig_t sig; ++ grub_pkcs7_signer_t *si; ++ grub_int32_t i; + +- if (!db.key_entries && !db.signature_entries) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("No trusted keys to verify against")); ++ if (!db.cert_entries) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, "no trusted keys to verify against"); + + err = extract_appended_signature (buf, bufsize, &sig); + if (err != GRUB_ERR_NONE) + return err; + + datasize = bufsize - sig.signature_len; +- err = verify_binary_hash (buf, datasize); +- if (err != GRUB_ERR_EOF && err != GRUB_ERR_NONE) ++ ++ /* Verify signature using trusted keys from db list. */ ++ for (i = 0; i < sig.pkcs7.signer_count; i++) + { +- err = grub_error (err, N_("failed to verify binary-hash/signature with any trusted binary-hash/key\n")); +- pkcs7_signedData_release (&sig.pkcs7); +- return err; +- } +- else if (err == GRUB_ERR_EOF) +- { +- /* Binary hash was not found in trusted and distrusted list: check signature now */ +- for (i = 0; i < sig.pkcs7.signerInfo_count; i++) ++ si = &sig.pkcs7.signers[i]; ++ context = grub_zalloc (si->hash->contextsize); ++ if (context == NULL) ++ return grub_errno; ++ ++ si->hash->init (context, 0); ++ si->hash->write (context, buf, datasize); ++ si->hash->final (context); ++ hash = si->hash->read (context); ++ ++ grub_dprintf ("appendedsig", "data size %" PRIuGRUB_SIZE ", signer %d hash %02x%02x%02x%02x...\n", ++ datasize, i, hash[0], hash[1], hash[2], hash[3]); ++ ++ for (pk = db.certs; pk != NULL; pk = pk->next) + { +- /* +- * This could be optimised in a couple of ways: +- * - we could only compute hashes once per hash type +- * - we could track signer information and only verify where IDs match +- * For now we do the naive O(db.keys * pkcs7 signers) approach. +- */ +- si = &sig.pkcs7.signerInfos[i]; +- context = grub_zalloc (si->hash->contextsize); +- if (context == NULL) +- return grub_errno; +- +- si->hash->init (context); +- si->hash->write (context, buf, datasize); +- si->hash->final (context); +- hash = si->hash->read (context); +- +- grub_dprintf ("appendedsig", +- "data size %" PRIxGRUB_SIZE ", signer %d hash %02x%02x%02x%02x...\n", +- datasize, i, hash[0], hash[1], hash[2], hash[3]); +- +- err = GRUB_ERR_BAD_SIGNATURE; +- for (cert = db.keys; cert; cert = cert->next) +- { +- rc = grub_crypto_rsa_pad (&hashmpi, hash, si->hash, cert->mpis[0]); +- if (rc != 0) +- { +- err = grub_error (GRUB_ERR_BAD_SIGNATURE, +- N_("Error padding hash for RSA verification: %d"), rc); +- grub_free (context); +- pkcs7_signedData_release (&sig.pkcs7); +- return err; +- } +- +- rc = _gcry_pubkey_spec_rsa.verify (0, hashmpi, &si->sig_mpi, cert->mpis, NULL, NULL); +- gcry_mpi_release (hashmpi); +- if (rc == 0) +- { +- grub_dprintf ("appendedsig", "verify signer %d with key '%s' succeeded\n", +- i, cert->subject); +- err = GRUB_ERR_NONE; +- break; +- } +- +- grub_dprintf ("appendedsig", "verify signer %d with key '%s' failed with %d\n", +- i, cert->subject, rc); +- } +- grub_free (context); ++ err = verify_signature (pk->mpis, si->sig_mpi, si->hash, hash); + if (err == GRUB_ERR_NONE) +- break; +- } ++ { ++ grub_dprintf ("appendedsig", "verify signer %d with key '%s' succeeded\n", ++ i, pk->subject); ++ break; ++ } ++ ++ grub_dprintf ("appendedsig", "verify signer %d with key '%s' failed\n", ++ i, pk->subject); ++ } ++ ++ grub_free (context); ++ if (err == GRUB_ERR_NONE) ++ break; + } + +- pkcs7_signedData_release (&sig.pkcs7); ++ grub_pkcs7_data_release (&sig.pkcs7); + + if (err != GRUB_ERR_NONE) +- err = grub_error (err, N_("failed to verify signature with any trusted key\n")); +- else +- grub_dprintf ("appendedsig", "successfully verified the signature with a trusted key\n"); ++ return grub_error (err, "failed to verify signature against a trusted key"); + + return err; + } + +-static grub_err_t +-grub_cmd_verify_signature (grub_command_t cmd __attribute__ ((unused)), int argc, char **args) ++/* ++ * Extract the X.509 certificates from the ELF Note header, parse it, and add ++ * it to the db list. ++ */ ++static void ++load_elf2db (void) + { +- grub_err_t err = GRUB_ERR_NONE; +- grub_file_t signed_file = NULL; +- grub_uint8_t *signed_data = NULL; +- grub_ssize_t signed_data_size = 0; +- +- if (argc != 1) +- { +- grub_printf (N_("a signed file is expected\n" +- "Example:\n\tverify_appended \n")); +- return GRUB_ERR_BAD_ARGUMENT; +- } +- +- grub_dprintf ("appendedsig", "verifying %s\n", args[0]); +- +- signed_file = grub_file_open (args[0], GRUB_FILE_TYPE_VERIFY_SIGNATURE); +- if (signed_file == NULL) +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("unable to open a signed file")); +- +- err = grub_read_file (signed_file, &signed_data, &signed_data_size); +- if (err != GRUB_ERR_NONE) +- { +- grub_file_close (signed_file); +- return err; +- } +- +- grub_file_close (signed_file); +- err = grub_verify_appended_signature (signed_data, signed_data_size); +- grub_free (signed_data); +- +- return err; +-} +- +-static grub_err_t +-grub_cmd_trusted_list (grub_command_t cmd __attribute__((unused)), +- int argc __attribute__((unused)), char **args __attribute__((unused))) +-{ +- struct x509_certificate *cert = NULL; +- grub_size_t i = 0, cert_num = 1; +- +- for (cert = db.keys; cert; cert = cert->next) +- { +- grub_printf (N_("trusted certificate %" PRIuGRUB_SIZE ":\n"), cert_num); +- grub_printf (N_("\tserial: ")); +- +- for (i = 0; i < cert->serial_len - 1; i++) +- grub_printf ("%02x:", cert->serial[i]); +- +- grub_printf ("%02x\n", cert->serial[cert->serial_len - 1]); +- grub_printf ("\tCN: %s\n\n", cert->subject); +- cert_num++; +- } +- +- for (i = 0; i < db.signature_entries; i++) +- { +- grub_printf (N_("trusted binary hash %" PRIuGRUB_SIZE ":\n"), i+1); +- grub_printf (N_("\thash: ")); +- print_hex (db.signatures[i], db.signature_size[i]); +- } +- +- return GRUB_ERR_NONE; +-} +- +-static grub_err_t +-grub_cmd_distrusted_list (grub_command_t cmd __attribute__((unused)), +- int argc __attribute__((unused)), +- char **args __attribute__((unused))) +-{ +- struct x509_certificate *cert = NULL; +- grub_size_t i = 0, cert_num = 1; +- +- for (cert = dbx.keys; cert; cert = cert->next) +- { +- grub_printf (N_("distrusted certificate %" PRIuGRUB_SIZE ":\n"), cert_num); +- grub_printf (N_("\tserial: ")); +- +- for (i = 0; i < cert->serial_len - 1; i++) +- grub_printf ("%02x:", cert->serial[i]); +- +- grub_printf ("%02x\n", cert->serial[cert->serial_len - 1]); +- grub_printf ("\tCN: %s\n\n", cert->subject); +- cert_num++; +- } +- +- for (i = 0; i < dbx.signature_entries; i++) +- { +- grub_printf (N_("distrusted certificate/binary hash %" PRIuGRUB_SIZE ":\n"), i+1); +- grub_printf (N_("\thash: ")); +- print_hex (dbx.signatures[i], dbx.signature_size[i]); +- } +- +- return GRUB_ERR_NONE; +-} +- +-static grub_err_t +-grub_cmd_trusted_cert (grub_command_t cmd __attribute__((unused)), +- int argc, char **args) +-{ +- grub_err_t err = GRUB_ERR_NONE; +- grub_file_t cert_file = NULL; ++ grub_err_t err; ++ struct grub_module_header *header; ++ struct grub_file pseudo_file; + grub_uint8_t *cert_data = NULL; +- grub_ssize_t cert_data_size = 0; ++ grub_size_t cert_data_size = 0; + +- if (argc != 1) ++ FOR_MODULES (header) + { +- grub_printf (N_("a trusted X.509 certificate file is expected\n" +- "Example:\n\ttrusted_certificate \n")); +- return GRUB_ERR_BAD_ARGUMENT; +- } ++ /* Not an X.509 certificate, skip. */ ++ if (header->type != OBJ_TYPE_X509_PUBKEY) ++ continue; + +- if (check_sigs == check_sigs_forced) +- { +- grub_printf ("Warning: since secure boot is enabled, " +- "adding of trusted X.509 certificate is not permitted!\n"); +- return grub_errno; +- } ++ grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); ++ pseudo_file.fs = &pseudo_fs; ++ pseudo_file.size = header->size - sizeof (struct grub_module_header); ++ pseudo_file.data = (char *) header + sizeof (struct grub_module_header); + +- if (grub_strlen (args[0]) == 0) +- return grub_error (GRUB_ERR_BAD_FILENAME, +- N_("missing trusted X.509 certificate file")); ++ grub_dprintf ("appendedsig", "found an X.509 certificate, size=%" PRIuGRUB_UINT64_T "\n", ++ pseudo_file.size); + +- cert_file = grub_file_open (args[0], GRUB_FILE_TYPE_CERTIFICATE_TRUST | +- GRUB_FILE_TYPE_NO_DECOMPRESS); +- if (cert_file == NULL) +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, +- N_("unable to open the trusted X.509 certificate file")); ++ err = file_read_whole (&pseudo_file, &cert_data, &cert_data_size); ++ if (err == GRUB_ERR_OUT_OF_MEMORY) ++ return; ++ else if (err != GRUB_ERR_NONE) ++ continue; + +- err = grub_read_file (cert_file, &cert_data, &cert_data_size); +- if (err != GRUB_ERR_NONE) +- { +- grub_file_close (cert_file); +- return err; +- } +- +- grub_file_close (cert_file); +- err = add_certificate (cert_data, cert_data_size, &db, 1); +- if (err != GRUB_ERR_NONE) +- { +- free_trusted_list (); +- free_distrusted_list (); +- grub_error (err, "adding of trusted certificate failed"); ++ err = add_certificate (cert_data, cert_data_size, &db); ++ grub_free (cert_data); ++ if (err == GRUB_ERR_OUT_OF_MEMORY) ++ return; + } +- +- grub_free (cert_data); +- +- return err; + } + +-static grub_err_t +-grub_cmd_trusted_hash (grub_command_t cmd __attribute__((unused)), int argc, char**args) ++/* Free db list memory */ ++static void ++free_db_list (void) + { +- grub_err_t rc = GRUB_ERR_NONE; +- grub_file_t hash_file = NULL; +- grub_uint8_t *hash_data = NULL; +- grub_ssize_t hash_data_size = 0; ++ grub_x509_cert_t *cert; + +- if (argc != 1) ++ while (db.certs != NULL) + { +- grub_printf (N_("a trusted binary hash file is expected\n" +- "Example:\n\ttrusted_signature \n")); +- return GRUB_ERR_BAD_ARGUMENT; ++ cert = db.certs; ++ db.certs = db.certs->next; ++ grub_x509_cert_release (cert); ++ grub_free (cert); + } + +- if (check_sigs == check_sigs_forced) +- { +- grub_printf ("Warning: since secure boot is enabled, " +- "adding of trusted binary hash is not permitted!\n"); +- return grub_errno; +- } +- +- if (grub_strlen (args[0]) == 0) +- return grub_error (GRUB_ERR_BAD_FILENAME, N_("missing trusted binary hash file")); +- +- hash_file = grub_file_open (args[0], GRUB_FILE_TYPE_TO_HASH | GRUB_FILE_TYPE_NO_DECOMPRESS); +- if (hash_file == NULL) +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, +- N_("unable to open the trusted binary hash file")); +- +- rc = grub_read_file (hash_file, &hash_data, &hash_data_size); +- if (rc != GRUB_ERR_NONE) +- { +- grub_file_close (hash_file); +- return rc; +- } +- +- grub_file_close (hash_file); +- +- grub_dprintf ("appendedsig", "adding a trusted binary hash %s\n with size of %" PRIuGRUB_SIZE "\n", +- hash_data, hash_data_size); +- +- /* only accept SHA256, SHA384 and SHA512 binary hash */ +- if (hash_data_size != 32 && hash_data_size != 48 && hash_data_size != 64) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("unacceptable trusted binary hash type")); +- +- rc = add_hash ((const grub_uint8_t **) &hash_data, hash_data_size, &db.signatures, +- &db.signature_size, &db.signature_entries); +- if (rc != GRUB_ERR_NONE) +- { +- free_trusted_list (); +- free_distrusted_list (); +- grub_error (rc, "adding of trusted binary hash failed"); +- } +- +- grub_free (hash_data); +- +- return rc; ++ grub_memset (&db, 0, sizeof (sb_database_t)); + } + +-static grub_err_t +-grub_cmd_distrusted_cert (grub_command_t cmd __attribute__((unused)), int argc, char **args) ++static const char * ++grub_env_read_sec (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) + { +- grub_size_t cert_num = 0, i = 1; +- struct x509_certificate *current_cert = db.keys; +- struct x509_certificate *previous_cert = db.keys; +- +- if (argc != 1) +- { +- grub_printf (N_("trusted certificate number is expected\n" +- "Example:\n\tdistrusted_certificate \n")); +- return GRUB_ERR_BAD_ARGUMENT; +- } ++ if (check_sigs == true) ++ return "yes"; + +- if (check_sigs == check_sigs_forced) +- { +- grub_printf ("Warning: since secure boot is enabled, " +- "removing of trusted certificate is not permitted!\n"); +- return grub_errno; +- } +- +- cert_num = grub_strtoul (args[0], NULL, 10); +- if (cert_num < 1) +- return grub_error (GRUB_ERR_BAD_ARGUMENT, +- N_("trusted certificate number should to begin with 1")); +- +- if (cert_num > db.key_entries) +- return grub_error (GRUB_ERR_BAD_ARGUMENT, +- N_("trusted certificate number should not exceed %" PRIuGRUB_SIZE ""), +- db.key_entries); +- else if (cert_num < db.key_entries) +- return grub_error (GRUB_ERR_BAD_ARGUMENT, +- N_("there is no certificate on the trusted list. so, not permitted")); +- +- for (i = 1; i < db.key_entries; i++) +- { +- if (cert_num == 1) +- { +- previous_cert = current_cert->next; +- break; +- } +- else if (cert_num == i) +- { +- previous_cert->next = current_cert->next; +- break; +- } +- +- previous_cert = current_cert; +- current_cert = current_cert->next; +- } +- +- certificate_release (current_cert); +- grub_free (current_cert); +- +- return GRUB_ERR_NONE; ++ return "no"; + } + +-static grub_err_t +-grub_cmd_distrusted_hash (grub_extcmd_context_t ctxt, int argc, char **args) ++static char * ++grub_env_write_sec (struct grub_env_var *var __attribute__ ((unused)), const char *val) + { +- grub_err_t rc = GRUB_ERR_NONE; +- grub_file_t hash_file = NULL; +- grub_uint8_t *hash_data = NULL; +- grub_ssize_t hash_data_size = 0; +- +- if (argc != 2) +- { +- grub_printf (N_("a distrusted certificate/binary hash file is expected\n" +- "Example:\n\tdistrusted_signature [option] \n" +- "option:\n[-b|--binary-hash] FILE [BINARY HASH FILE]\n" +- "[-c|--cert-hash] FILE [CERTFICATE HASH FILE]\n")); +- return GRUB_ERR_BAD_ARGUMENT; +- } +- +- if (check_sigs == check_sigs_forced) +- { +- grub_printf ("Warning: since secure boot is enabled, " +- "adding of distrusted certificate/binary hash is not permitted!\n"); +- return grub_errno; +- } +- +- if (!ctxt->state[OPTION_BINARY_HASH].set && !ctxt->state[OPTION_CERT_HASH].set) +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("missing options and use --help to konw")); +- +- if (grub_strlen (args[1]) == 0) +- return grub_error (GRUB_ERR_BAD_FILENAME, +- N_("missing distrusted certificate/binary hash file")); ++ char *ret; + +- hash_file = grub_file_open (args[1], GRUB_FILE_TYPE_TO_HASH | GRUB_FILE_TYPE_NO_DECOMPRESS); +- if (hash_file == NULL) +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, +- N_("unable to open the distrusted certificate/binary hash file")); +- +- rc = grub_read_file (hash_file, &hash_data, &hash_data_size); +- if (rc != GRUB_ERR_NONE) ++ /* ++ * Do not allow the value to be changed if signature verification is enabled ++ * (check_sigs is set to true) and GRUB is locked down. ++ */ ++ if (check_sigs == true && grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) + { +- grub_file_close (hash_file); +- return rc; +- } +- +- grub_file_close (hash_file); ++ ret = grub_strdup ("yes"); ++ if (ret == NULL) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "could not duplicate a string enforce"); + +- grub_dprintf ("appendedsig", "adding a distrusted certificate/binary hash %s\n" +- " with size of %" PRIuGRUB_SIZE "\n", hash_data, hash_data_size); +- +- if (ctxt->state[OPTION_BINARY_HASH].set) +- { +- /* only accept SHA256, SHA384 and SHA512 binary hash */ +- if (hash_data_size != 32 && hash_data_size != 48 && hash_data_size != 64) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, +- N_("unacceptable distrusted binary hash type")); +- } +- else if (ctxt->state[OPTION_CERT_HASH].set) +- { +- /* only accept SHA256, SHA384 and SHA512 certificate hash */ +- if (hash_data_size != 32 && hash_data_size != 48 && hash_data_size != 64) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, +- N_("unacceptable distrusted certificate hash type")); ++ return ret; + } + +- rc = add_hash ((const grub_uint8_t **) &hash_data, hash_data_size, &dbx.signatures, +- &dbx.signature_size, &dbx.signature_entries); +- if (rc != GRUB_ERR_NONE) +- { +- free_trusted_list (); +- free_distrusted_list (); +- grub_error (rc, "adding of distrusted binary/certificate hash failed"); +- } ++ if (grub_strcmp (val, "yes") == 0) ++ check_sigs = true; ++ else if (grub_strcmp (val, "no") == 0) ++ check_sigs = false; + +- grub_free (hash_data); ++ ret = grub_strdup (grub_env_read_sec (NULL, NULL)); ++ if (ret == NULL) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "could not duplicate a string %s", ++ grub_env_read_sec (NULL, NULL)); + +- return rc; ++ return ret; + } + + static grub_err_t + appendedsig_init (grub_file_t io __attribute__ ((unused)), enum grub_file_type type, + void **context __attribute__ ((unused)), enum grub_verify_flags *flags) + { +- if (check_sigs == check_sigs_no) ++ if (check_sigs == false) + { + *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; + return GRUB_ERR_NONE; +@@ -955,15 +489,12 @@ appendedsig_init (grub_file_t io __attribute__ ((unused)), enum grub_file_type t + * verifier, but we lack the hubris required to take this on. Instead, + * require that it have an appended signature. + */ +- +- /* Fall through */ +- + case GRUB_FILE_TYPE_LINUX_KERNEL: + case GRUB_FILE_TYPE_GRUB_MODULE: + /* +- * Appended signatures are only defined for ELF binaries. +- * Out of an abundance of caution, we only verify Linux kernels and +- * GRUB modules at this point. ++ * Appended signatures are only defined for ELF binaries. Out of an ++ * abundance of caution, we only verify Linux kernels and GRUB modules ++ * at this point. + */ + *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; + return GRUB_ERR_NONE; +@@ -973,7 +504,7 @@ appendedsig_init (grub_file_t io __attribute__ ((unused)), enum grub_file_type t + /* + * It is possible to use appended signature verification without + * lockdown - like the PGP verifier. When combined with an embedded +- * config file in a signed grub binary, this could still be a meaningful ++ * config file in a signed GRUB binary, this could still be a meaningful + * secure-boot chain - so long as it isn't subverted by something like a + * rouge ACPI table or DT image. Defer them explicitly. + */ +@@ -998,397 +529,39 @@ struct grub_file_verifier grub_appendedsig_verifier = { + .write = appendedsig_write, + }; + +-static grub_ssize_t +-pseudo_read (struct grub_file *file, char *buf, grub_size_t len) +-{ +- grub_memcpy (buf, (grub_uint8_t *) file->data + file->offset, len); +- return len; +-} +- +-/* Filesystem descriptor. */ +-static struct grub_fs pseudo_fs = { .name = "pseudo", .fs_read = pseudo_read }; +- +-/* +- * Verify the trusted certificate against the certificate hashes from platform keystore buffer's +- * distrusted list. +- */ +-static grub_err_t +-is_distrusted_cert_hash (const grub_uint8_t *data, const grub_size_t data_size) +-{ +- grub_err_t rc = GRUB_ERR_NONE; +- grub_size_t i = 0, cert_hash_size = 0; +- grub_uint8_t cert_hash[GRUB_MAX_HASH_SIZE] = { 0 }; +- +- if (data == NULL || data_size == 0) +- return grub_error (GRUB_ERR_OUT_OF_RANGE, "trusted certificate data/size is null"); +- +- for (i = 0; i < grub_pks_keystore.dbx_entries; i++) +- { +- if (grub_pks_keystore.dbx[i].data == NULL || +- grub_pks_keystore.dbx[i].data_size == 0) +- continue; +- +- rc = get_hash (&grub_pks_keystore.dbx[i].guid, data, data_size, +- cert_hash, &cert_hash_size); +- if (rc != GRUB_ERR_NONE) +- continue; +- +- if (cert_hash_size == grub_pks_keystore.dbx[i].data_size && +- grub_memcmp (grub_pks_keystore.dbx[i].data, cert_hash, cert_hash_size) == 0) +- { +- grub_printf ("Warning: a trusted certificate (%02x%02x%02x%02x) is ignored " +- "because this certificate hash is on the distrusted list (dbx).\n", +- cert_hash[0], cert_hash[1], cert_hash[2], cert_hash[3]); +- grub_free (grub_pks_keystore.dbx[i].data); +- grub_memset (&grub_pks_keystore.dbx[i], 0, sizeof (grub_pks_keystore.dbx[i])); +- return GRUB_ERR_BAD_SIGNATURE; +- } +- } +- +- return GRUB_ERR_NONE; +-} +- +-/* +- * Verify the trusted binary hash against the platform keystore buffer's +- * distrusted list. +- */ +-static grub_err_t +-is_distrusted_binary_hash (const grub_uint8_t *binary_hash, +- const grub_size_t binary_hash_size) +-{ +- grub_size_t i = 0; +- +- for (i = 0; i < grub_pks_keystore.dbx_entries; i++) +- { +- if (grub_pks_keystore.dbx[i].data == NULL || +- grub_pks_keystore.dbx[i].data_size == 0) +- continue; +- +- if (binary_hash_size == grub_pks_keystore.dbx[i].data_size && +- grub_memcmp (grub_pks_keystore.dbx[i].data, binary_hash, binary_hash_size) == 0) +- { +- grub_printf ("Warning: a trusted binary hash (%02x%02x%02x%02x) is ignored" +- " because it is on the distrusted list (dbx).\n", +- binary_hash[0], binary_hash[1], binary_hash[2], binary_hash[3]); +- grub_free (grub_pks_keystore.dbx[i].data); +- grub_memset (&grub_pks_keystore.dbx[i], 0, sizeof(grub_pks_keystore.dbx[i])); +- return GRUB_ERR_BAD_SIGNATURE; +- } +- } +- +- return GRUB_ERR_NONE; +-} +- +-/* +- * Extract the binary hashes from the platform keystore buffer, +- * and add it to the trusted list if it does not exist in the distrusted list. +- */ +-static grub_err_t +-add_trusted_binary_hash (const grub_uint8_t **data, const grub_size_t data_size) +-{ +- grub_err_t rc = GRUB_ERR_NONE; +- +- if (*data == NULL || data_size == 0) +- return grub_error (GRUB_ERR_OUT_OF_RANGE, "trusted binary hash data/size is null"); +- +- rc = is_distrusted_binary_hash (*data, data_size); +- if (rc != GRUB_ERR_NONE) +- return rc; +- +- rc = add_hash (data, data_size, &db.signatures, &db.signature_size, +- &db.signature_entries); +- return rc; +-} +- +-static int +-is_hash (const grub_uuid_t *guid) +-{ +- /* GUID type of the binary hash */ +- if (grub_memcmp (guid, &GRUB_PKS_CERT_SHA256_GUID, GRUB_UUID_SIZE) == 0 || +- grub_memcmp (guid, &GRUB_PKS_CERT_SHA384_GUID, GRUB_UUID_SIZE) == 0 || +- grub_memcmp (guid, &GRUB_PKS_CERT_SHA512_GUID, GRUB_UUID_SIZE) == 0) +- return GRUB_ERR_NONE; +- +- /* GUID type of the certificate hash */ +- if (grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA256_GUID, GRUB_UUID_SIZE) == 0 || +- grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA384_GUID, GRUB_UUID_SIZE) == 0 || +- grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA512_GUID, GRUB_UUID_SIZE) == 0) +- return GRUB_ERR_NONE; +- +- return GRUB_ERR_UNKNOWN_COMMAND; +-} +- +-/* +- * Extract the x509 certificates/binary hashes from the platform keystore buffer, +- * parse it, and add it to the trusted list. +- */ +-static grub_err_t +-create_trusted_list (void) +-{ +- grub_err_t rc = GRUB_ERR_NONE; +- grub_size_t i = 0; +- +- for (i = 0; i < grub_pks_keystore.db_entries; i++) +- { +- if (is_hash (&grub_pks_keystore.db[i].guid) == GRUB_ERR_NONE) +- { +- rc = add_trusted_binary_hash ((const grub_uint8_t **) +- &grub_pks_keystore.db[i].data, +- grub_pks_keystore.db[i].data_size); +- if (rc == GRUB_ERR_OUT_OF_MEMORY) +- return rc; +- } +- else if (is_x509 (&grub_pks_keystore.db[i].guid) == GRUB_ERR_NONE) +- { +- rc = is_distrusted_cert_hash (grub_pks_keystore.db[i].data, +- grub_pks_keystore.db[i].data_size); +- if (rc != GRUB_ERR_NONE) +- continue; +- +- rc = add_certificate (grub_pks_keystore.db[i].data, +- grub_pks_keystore.db[i].data_size, &db, 1); +- if (rc == GRUB_ERR_OUT_OF_MEMORY) +- return rc; +- else if (rc != GRUB_ERR_NONE) +- continue; +- } +- else +- grub_dprintf ("appendedsig", "unsupported signature data type and " +- "skipping trusted data (%" PRIuGRUB_SIZE ")\n", i + 1); +- } +- +- return GRUB_ERR_NONE; +-} +- +-/* +- * Extract the certificates, certificate/binary hashes out of the platform keystore buffer, +- * and add it to the distrusted list. +- */ +-static grub_err_t +-create_distrusted_list (void) +-{ +- grub_err_t rc = GRUB_ERR_NONE; +- grub_size_t i = 0; +- +- for (i = 0; i < grub_pks_keystore.dbx_entries; i++) +- { +- if (grub_pks_keystore.dbx[i].data != NULL || +- grub_pks_keystore.dbx[i].data_size > 0) +- { +- if (is_x509 (&grub_pks_keystore.dbx[i].guid) == GRUB_ERR_NONE) +- { +- rc = add_certificate (grub_pks_keystore.dbx[i].data, +- grub_pks_keystore.dbx[i].data_size, &dbx, 0); +- if (rc == GRUB_ERR_OUT_OF_MEMORY) +- return rc; +- } +- else if (is_hash (&grub_pks_keystore.dbx[i].guid) == GRUB_ERR_NONE) +- { +- rc = add_hash ((const grub_uint8_t **) &grub_pks_keystore.dbx[i].data, +- grub_pks_keystore.dbx[i].data_size, +- &dbx.signatures, &dbx.signature_size, +- &dbx.signature_entries); +- if (rc != GRUB_ERR_NONE) +- return rc; +- } +- else +- grub_dprintf ("appendedsig", "unsupported signature data type and " +- "skipping distrusted data (%" PRIuGRUB_SIZE ")\n", i + 1); +- } +- } +- +- return rc; +-} +- +-/* +- * Extract the x509 certificates from the ELF note header, +- * parse it, and add it to the trusted list. +- */ +-static grub_err_t +-build_static_trusted_list (const struct grub_module_header *header, const grub_bool_t is_pks) +-{ +- grub_err_t err = GRUB_ERR_NONE; +- struct grub_file pseudo_file; +- grub_uint8_t *cert_data = NULL; +- grub_ssize_t cert_data_size = 0; +- +- grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); +- pseudo_file.fs = &pseudo_fs; +- pseudo_file.size = header->size - sizeof (struct grub_module_header); +- pseudo_file.data = (char *) header + sizeof (struct grub_module_header); +- +- grub_dprintf ("appendedsig", "found an x509 key, size=%" PRIuGRUB_UINT64_T "\n", +- pseudo_file.size); +- +- err = grub_read_file (&pseudo_file, &cert_data, &cert_data_size); +- if (err != GRUB_ERR_NONE) +- return err; +- +- if (is_pks) +- { +- err = is_distrusted_cert_hash (cert_data, cert_data_size); +- if (err != GRUB_ERR_NONE) +- return err; +- } +- +- err = add_certificate (cert_data, cert_data_size, &db, 1); +- grub_free (cert_data); +- +- return err; +-} +- +-/* releasing memory */ +-static void +-free_trusted_list (void) +-{ +- struct x509_certificate *cert; +- grub_size_t i = 0; +- +- while (db.keys != NULL) +- { +- cert = db.keys; +- db.keys = db.keys->next; +- certificate_release (cert); +- grub_free (cert); +- } +- +- for (i = 0; i < db.signature_entries; i++) +- grub_free (db.signatures[i]); +- +- grub_free (db.signatures); +- grub_free (db.signature_size); +- grub_memset (&db, 0, sizeof (db)); +-} +- +-/* releasing memory */ +-static void +-free_distrusted_list (void) +-{ +- struct x509_certificate *cert; +- grub_size_t i = 0; +- +- while (dbx.keys != NULL) +- { +- cert = dbx.keys; +- dbx.keys = dbx.keys->next; +- certificate_release (cert); +- grub_free (cert); +- } +- +- for (i = 0; i < dbx.signature_entries; i++) +- grub_free (dbx.signatures[i]); +- +- grub_free (dbx.signatures); +- grub_free (dbx.signature_size); +- grub_memset (&dbx, 0, sizeof (dbx)); +-} +- +-static grub_err_t +-load_static_keys (const struct grub_module_header *header, const grub_bool_t is_pks) +-{ +- int rc = GRUB_ERR_NONE; +- FOR_MODULES (header) +- { +- /* Not an ELF module, skip. */ +- if (header->type != OBJ_TYPE_X509_PUBKEY) +- continue; +- rc = build_static_trusted_list (header, is_pks); +- if (rc != GRUB_ERR_NONE) +- return rc; +- } +- return rc; +-} +- +-static grub_extcmd_t cmd_distrusted_hash; +-static grub_command_t cmd_verify, cmd_trusted_list, cmd_trusted_cert, cmd_trusted_hash, +- cmd_distrusted_list, cmd_distrusted_cert; +- + GRUB_MOD_INIT (appendedsig) + { +- int rc; +- struct grub_module_header *header; ++ grub_int32_t rc; + +- /* If in lockdown, immediately enter forced mode */ ++ /* ++ * If secure boot is enabled with enforce mode and GRUB is locked down, enable ++ * signature verification. ++ */ + if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) +- check_sigs = check_sigs_forced; ++ check_sigs = true; + ++ /* ++ * This is appended signature verification environment variable. It is ++ * automatically set to either "no" or "yes" based on the ’ibm,secure-boot’ ++ * device tree property. ++ * ++ * "no": No signature verification. This is the default. ++ * ++ * "yes": Enforce signature verification. When GRUB is locked down, user cannot ++ * change the value by setting the check_appended_signatures variable ++ * back to ‘no’ ++ */ + grub_register_variable_hook ("check_appended_signatures", grub_env_read_sec, grub_env_write_sec); + grub_env_export ("check_appended_signatures"); + +- rc = asn1_init (); +- if (rc) +- grub_fatal ("Error initing ASN.1 data structures: %d: %s\n", rc, asn1_strerror (rc)); ++ rc = grub_asn1_init (); ++ if (rc != ASN1_SUCCESS) ++ grub_fatal ("error initing ASN.1 data structures: %d: %s\n", rc, asn1_strerror (rc)); + +- if (!grub_pks_use_keystore && check_sigs == check_sigs_forced) +- { +- rc = load_static_keys (header, false); +- if (rc != GRUB_ERR_NONE) +- { +- free_trusted_list (); +- grub_error (rc, "static trusted list creation failed"); +- } +- else +- grub_dprintf ("appendedsig", "the trusted list now has %" PRIuGRUB_SIZE " static keys\n", +- db.key_entries); +- } +- else if (grub_pks_use_keystore && check_sigs == check_sigs_forced) +- { +- if (grub_pks_keystore.use_static_keys) +- { +- grub_printf ("Warning: db variable is not available at PKS and using a static keys " +- "as a default key in trusted list\n"); +- rc = load_static_keys (header, grub_pks_keystore.use_static_keys); +- } +- else +- rc = create_trusted_list (); +- +- if (rc != GRUB_ERR_NONE) +- { +- free_trusted_list (); +- grub_error (rc, "trusted list creation failed"); +- } +- else +- { +- rc = create_distrusted_list (); +- if (rc != GRUB_ERR_NONE) +- { +- free_trusted_list (); +- free_distrusted_list (); +- grub_error (rc, "distrusted list creation failed"); +- } +- else +- grub_dprintf ("appendedsig", "the trusted list now has %" PRIuGRUB_SIZE " keys.\n" +- "the distrusted list now has %" PRIuGRUB_SIZE " keys.\n", +- db.signature_entries + db.key_entries, dbx.signature_entries); +- } +- +- grub_pks_free_keystore (); +- } +- cmd_trusted_cert = grub_register_command ("trusted_certificate", grub_cmd_trusted_cert, +- N_("X509_CERTIFICATE"), +- N_("Add X509_CERTIFICATE to trusted list.")); +- cmd_trusted_hash = grub_register_command ("trusted_signature", grub_cmd_trusted_hash, +- N_("BINARY HASH FILE"), +- N_("Add trusted BINARY HASH to trusted list.")); +- cmd_distrusted_cert = grub_register_command ("distrusted_certificate", grub_cmd_distrusted_cert, +- N_("CERT_NUMBER"), +- N_("Remove CERT_NUMBER (as listed by list_trusted)" +- " from trusted list.")); +- cmd_distrusted_hash = grub_register_extcmd ("distrusted_signature", grub_cmd_distrusted_hash, 0, +- N_("[-b|--binary-hash] FILE [BINARY HASH FILE]\n" +- "[-c|--cert-hash] FILE [CERTFICATE HASH FILE]"), +- N_("Add distrusted CERTFICATE/BINARY HASH " +- "to distrusted list."), +- options); +- cmd_trusted_list = grub_register_command ("trusted_list", grub_cmd_trusted_list, 0, +- N_("Show the list of trusted x509 certificates and" +- " trusted binary hashes.")); +- cmd_distrusted_list = grub_register_command ("distrusted_list", grub_cmd_distrusted_list, 0, +- N_("Show the list of distrusted certificates and" +- " certificate/binary hashes")); +- cmd_verify = grub_register_command ("verify_appended", grub_cmd_verify_signature, N_("FILE"), +- N_("Verify FILE against the trusted x509 certificates/" +- "trusted binary hashes.")); ++ /* Extract trusted keys from ELF Note and store them in the db. */ ++ load_elf2db (); ++ grub_dprintf ("appendedsig", "the db list now has %u static keys\n", ++ db.cert_entries); + + grub_verifier_register (&grub_appendedsig_verifier); + grub_dl_set_persistent (mod); +@@ -1397,15 +570,12 @@ GRUB_MOD_INIT (appendedsig) + GRUB_MOD_FINI (appendedsig) + { + /* +- * grub_dl_set_persistent should prevent this from actually running, but +- * it does still run under emu. ++ * grub_dl_set_persistent should prevent this from actually running, but it ++ * does still run under emu. + */ ++ ++ free_db_list (); ++ grub_register_variable_hook ("check_appended_signatures", NULL, NULL); ++ grub_env_unset ("check_appended_signatures"); + grub_verifier_unregister (&grub_appendedsig_verifier); +- grub_unregister_command (cmd_verify); +- grub_unregister_command (cmd_trusted_list); +- grub_unregister_command (cmd_distrusted_list); +- grub_unregister_command (cmd_trusted_cert); +- grub_unregister_command (cmd_distrusted_cert); +- grub_unregister_command (cmd_trusted_hash); +- grub_unregister_extcmd (cmd_distrusted_hash); + } +diff --git a/include/grub/err.h b/include/grub/err.h +index 7530f58..4703cb3 100644 +--- a/include/grub/err.h ++++ b/include/grub/err.h +@@ -75,7 +75,8 @@ typedef enum + GRUB_ERR_BAD_SIGNATURE, + GRUB_ERR_BAD_FIRMWARE, + GRUB_ERR_STILL_REFERENCED, +- GRUB_ERR_RECURSION_DEPTH ++ GRUB_ERR_RECURSION_DEPTH, ++ GRUB_ERR_EXISTS + } + grub_err_t; + diff --git a/0492-powerpc-ieee1275-Read-the-db-and-dbx-secure-boot-var.patch b/0492-powerpc-ieee1275-Read-the-db-and-dbx-secure-boot-var.patch new file mode 100644 index 0000000..2aacd1b --- /dev/null +++ b/0492-powerpc-ieee1275-Read-the-db-and-dbx-secure-boot-var.patch @@ -0,0 +1,1095 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 12 Nov 2025 14:28:10 -0500 +Subject: [PATCH] powerpc/ieee1275: Read the db and dbx secure boot variables + +Enhancing the infrastructure to enable the Platform Keystore (PKS) feature, +which provides access to the SB_VERSION, db, and dbx secure boot variables +from PKS. + +If PKS is enabled, it will read secure boot variables such as db and dbx +from PKS and extract EFI Signature List (ESL) from it. The ESLs would be +saved in the Platform Keystore buffer, and the appendedsig module would +read it later to extract the certificate's details from ESL. + +In the following scenarios, static key management mode will be activated: + 1. When Secure Boot is enabled with static key management mode + 2. When SB_VERSION is unavailable but Secure Boot is enabled + 3. When PKS support is unavailable but Secure Boot is enabled + +Note: + + SB_VERSION: Key Management Mode + 1 - Enable dynamic key management mode. Read the db and dbx variables from PKS, + and use them for signature verification. + 0 - Enable static key management mode. Read keys from the GRUB ELF Note and + use it for signature verification. + +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/Makefile.am | 1 + + grub-core/Makefile.core.def | 1 + + grub-core/kern/ieee1275/ieee1275.c | 1 - + grub-core/kern/ieee1275/init.c | 2 + + grub-core/kern/powerpc/ieee1275/ieee1275.c | 95 +++--- + .../kern/powerpc/ieee1275/platform_keystore.c | 377 ++++++++++----------- + include/grub/ieee1275/ieee1275.h | 3 + + include/grub/powerpc/ieee1275/ieee1275.h | 42 ++- + include/grub/powerpc/ieee1275/platform_keystore.h | 207 +++-------- + 9 files changed, 319 insertions(+), 410 deletions(-) + +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index a398a04..d5598c5 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -245,6 +245,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/ieee1275/ieee1275.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/terminfo.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/extcmd.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lib/arg.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/powerpc/ieee1275/ieee1275.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/powerpc/ieee1275/platform_keystore.h + endif + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index f6adec2..3961fec 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -325,6 +325,7 @@ kernel = { + powerpc_ieee1275 = kern/powerpc/dl.c; + powerpc_ieee1275 = kern/powerpc/compiler-rt.S; + powerpc_ieee1275 = kern/lockdown.c; ++ powerpc_ieee1275 = kern/powerpc/ieee1275/ieee1275.c; + powerpc_ieee1275 = kern/powerpc/ieee1275/platform_keystore.c; + + sparc64_ieee1275 = kern/sparc64/cache.S; +diff --git a/grub-core/kern/ieee1275/ieee1275.c b/grub-core/kern/ieee1275/ieee1275.c +index 86f81a3..53b24de 100644 +--- a/grub-core/kern/ieee1275/ieee1275.c ++++ b/grub-core/kern/ieee1275/ieee1275.c +@@ -23,7 +23,6 @@ + + #define IEEE1275_PHANDLE_INVALID ((grub_ieee1275_cell_t) -1) + #define IEEE1275_IHANDLE_INVALID ((grub_ieee1275_cell_t) 0) +-#define IEEE1275_CELL_INVALID ((grub_ieee1275_cell_t) -1) + + + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 244d86c..a13e705 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -1000,6 +1000,8 @@ grub_ieee1275_get_secure_boot (void) + } + else + grub_dprintf ("ieee1275", "Secure Boot Disabled\n"); ++ ++ grub_pks_keystore_init (); + } + #endif /* __powerpc__ */ + grub_addr_t grub_modbase; +diff --git a/grub-core/kern/powerpc/ieee1275/ieee1275.c b/grub-core/kern/powerpc/ieee1275/ieee1275.c +index f685afc..20c49e3 100644 +--- a/grub-core/kern/powerpc/ieee1275/ieee1275.c ++++ b/grub-core/kern/powerpc/ieee1275/ieee1275.c +@@ -1,7 +1,8 @@ +-/* of.c - Access the Open Firmware client interface. */ ++/* ieee1275.c - Access the Open Firmware client interface. */ + /* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2003,2004,2005,2007,2008,2009 Free Software Foundation, Inc. ++ * Copyright (C) 2020, 2021, 2022, 2023, 2024, 2025 IBM Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -20,20 +21,18 @@ + #include + #include + +-#define IEEE1275_CELL_INVALID ((grub_ieee1275_cell_t) - 1) +- +-int +-grub_ieee1275_test (const char *name, grub_ieee1275_cell_t *missing) ++grub_int32_t ++grub_ieee1275_test (const char *interface_name) + { + struct test_args + { +- struct grub_ieee1275_common_hdr common; +- grub_ieee1275_cell_t name; ++ struct grub_ieee1275_common_hdr common;/* The header information like interface name, number of inputs and outputs. */ ++ grub_ieee1275_cell_t name; /* The interface name. */ + grub_ieee1275_cell_t missing; + } args; + + INIT_IEEE1275_COMMON (&args.common, "test", 1, 1); +- args.name = (grub_ieee1275_cell_t) name; ++ args.name = (grub_ieee1275_cell_t) interface_name; + + if (IEEE1275_CALL_ENTRY_FN (&args) == -1) + return -1; +@@ -41,26 +40,24 @@ grub_ieee1275_test (const char *name, grub_ieee1275_cell_t *missing) + if (args.missing == IEEE1275_CELL_INVALID) + return -1; + +- *missing = args.missing; +- + return 0; + } + +-int +-grub_ieee1275_pks_max_object_size (grub_size_t *result) ++grub_int32_t ++grub_ieee1275_pks_max_object_size (grub_uint32_t *result) + { + struct mos_args + { +- struct grub_ieee1275_common_hdr common; +- grub_ieee1275_cell_t size; ++ struct grub_ieee1275_common_hdr common;/* The header information like interface name, number of inputs and outputs. */ ++ grub_ieee1275_cell_t size; /* The maximum object size for a PKS object. */ + } args; + +- INIT_IEEE1275_COMMON (&args.common, "pks-max-object-size", 0, 1); ++ INIT_IEEE1275_COMMON (&args.common, GRUB_PKS_MAX_OBJ_INTERFACE, 0, 1); + + if (IEEE1275_CALL_ENTRY_FN (&args) == -1) + return -1; + +- if (args.size == IEEE1275_CELL_INVALID) ++ if (args.size == IEEE1275_CELL_INVALID || args.size == 0) + return -1; + + *result = args.size; +@@ -68,31 +65,31 @@ grub_ieee1275_pks_max_object_size (grub_size_t *result) + return 0; + } + +-int +-grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label, +- grub_size_t label_len, grub_uint8_t *buffer, +- grub_size_t buffer_len, grub_size_t *data_len, ++grub_int32_t ++grub_ieee1275_pks_read_object (const grub_uint32_t consumer, const char *label, ++ const grub_uint32_t label_len, const grub_uint32_t buffer_len, ++ grub_uint8_t *buffer, grub_uint32_t *data_len, + grub_uint32_t *policies) + { + struct pks_read_args + { +- struct grub_ieee1275_common_hdr common; +- grub_ieee1275_cell_t consumer; +- grub_ieee1275_cell_t label; +- grub_ieee1275_cell_t label_len; +- grub_ieee1275_cell_t buffer; +- grub_ieee1275_cell_t buffer_len; +- grub_ieee1275_cell_t data_len; +- grub_ieee1275_cell_t policies; +- grub_ieee1275_cell_t rc; ++ struct grub_ieee1275_common_hdr common; /* The header information like interface name, number of inputs and outputs. */ ++ grub_ieee1275_cell_t consumer; /* The object belonging to consumer with the label. */ ++ grub_ieee1275_cell_t label; /* Object label buffer logical real address. */ ++ grub_ieee1275_cell_t label_len; /* The byte length of the object label. */ ++ grub_ieee1275_cell_t buffer; /* Output buffer logical real address. */ ++ grub_ieee1275_cell_t buffer_len; /* Length of the output buffer. */ ++ grub_ieee1275_cell_t data_len; /* The number of bytes copied to the output buffer. */ ++ grub_ieee1275_cell_t policies; /* The object policies. */ ++ grub_int32_t rc; /* The return code. */ + } args; + +- INIT_IEEE1275_COMMON (&args.common, "pks-read-object", 5, 3); +- args.consumer = (grub_ieee1275_cell_t) consumer; ++ INIT_IEEE1275_COMMON (&args.common, GRUB_PKS_READ_OBJ_INTERFACE, 5, 3); ++ args.consumer = consumer; ++ args.label_len = label_len; ++ args.buffer_len = buffer_len; + args.label = (grub_ieee1275_cell_t) label; +- args.label_len = (grub_ieee1275_cell_t) label_len; + args.buffer = (grub_ieee1275_cell_t) buffer; +- args.buffer_len = (grub_ieee1275_cell_t) buffer_len; + + if (IEEE1275_CALL_ENTRY_FN (&args) == -1) + return -1; +@@ -103,30 +100,30 @@ grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label, + *data_len = args.data_len; + *policies = args.policies; + +- return (int) args.rc; ++ return args.rc; + } + +-int +-grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t sbvartype, +- grub_uint8_t *buffer, grub_size_t buffer_len, ++grub_int32_t ++grub_ieee1275_pks_read_sbvar (const grub_uint32_t sbvar_flags, const grub_uint32_t sbvar_type, ++ const grub_uint32_t buffer_len, grub_uint8_t *buffer, + grub_size_t *data_len) + { + struct pks_read_sbvar_args + { +- struct grub_ieee1275_common_hdr common; +- grub_ieee1275_cell_t sbvarflags; +- grub_ieee1275_cell_t sbvartype; +- grub_ieee1275_cell_t buffer; +- grub_ieee1275_cell_t buffer_len; +- grub_ieee1275_cell_t data_len; +- grub_ieee1275_cell_t rc; ++ struct grub_ieee1275_common_hdr common; /* The header information like interface name, number of inputs and outputs. */ ++ grub_ieee1275_cell_t sbvar_flags; /* The sbvar operation flags. */ ++ grub_ieee1275_cell_t sbvar_type; /* The sbvar being requested. */ ++ grub_ieee1275_cell_t buffer; /* Output buffer logical real address. */ ++ grub_ieee1275_cell_t buffer_len; /* Length of the Output buffer. */ ++ grub_ieee1275_cell_t data_len; /* The number of bytes copied to the output buffer. */ ++ grub_int32_t rc; /* The return code. */ + } args; + +- INIT_IEEE1275_COMMON (&args.common, "pks-read-sbvar", 4, 2); +- args.sbvarflags = (grub_ieee1275_cell_t) sbvarflags; +- args.sbvartype = (grub_ieee1275_cell_t) sbvartype; ++ INIT_IEEE1275_COMMON (&args.common, GRUB_PKS_READ_SBVAR_INTERFACE, 4, 2); ++ args.sbvar_flags = sbvar_flags; ++ args.sbvar_type = sbvar_type; ++ args.buffer_len = buffer_len; + args.buffer = (grub_ieee1275_cell_t) buffer; +- args.buffer_len = (grub_ieee1275_cell_t) buffer_len; + + if (IEEE1275_CALL_ENTRY_FN (&args) == -1) + return -1; +@@ -136,5 +133,5 @@ grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t sbvartype, + + *data_len = args.data_len; + +- return (int) args.rc; ++ return args.rc; + } +diff --git a/grub-core/kern/powerpc/ieee1275/platform_keystore.c b/grub-core/kern/powerpc/ieee1275/platform_keystore.c +index a83fcf7..cc2d493 100644 +--- a/grub-core/kern/powerpc/ieee1275/platform_keystore.c ++++ b/grub-core/kern/powerpc/ieee1275/platform_keystore.c +@@ -1,7 +1,7 @@ + /* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2024 Free Software Foundation, Inc. +- * Copyright (C) 2024 IBM Corporation ++ * Copyright (C) 2022, 2023, 2024, 2025 IBM Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -18,57 +18,43 @@ + */ + + #include +-#include + #include + #include + #include ++#include ++#include + #include + +-#define PKS_CONSUMER_FW 1 +-#define SB_VERSION_KEY_NAME ((grub_uint8_t *) "SB_VERSION") +-#define SB_VERSION_KEY_LEN 10 +-#define DB 1 +-#define DBX 2 +-#define PKS_OBJECT_NOT_FOUND ((grub_err_t) - 7) ++/* PKS object maximum size. */ ++static grub_uint32_t pks_max_object_size = 0; + +-/* Platform Keystore */ +-static grub_size_t pks_max_object_size; +-grub_uint8_t grub_pks_use_keystore = 0; +-grub_pks_t grub_pks_keystore = { .db = NULL, +- .dbx = NULL, +- .db_entries = 0, +- .dbx_entries = 0, +- .use_static_keys = false }; +- +-/* Convert the esl data into the ESL */ +-static grub_esl_t * +-convert_to_esl (const grub_uint8_t *esl_data, const grub_size_t esl_data_size) +-{ +- grub_esl_t *esl = NULL; +- +- if (esl_data_size < sizeof (grub_esl_t) || esl_data == NULL) +- return esl; +- +- esl = (grub_esl_t *) esl_data; +- +- return esl; +-} ++/* Platform KeyStore db and dbx. */ ++static grub_pks_t pks_keystore = { .db = NULL, .dbx = NULL, .db_entries = 0, ++ .dbx_entries = 0, .db_exists = true}; ++/* ++ * pks_use_keystore: Key Management Modes ++ * False: Static key management (use built-in Keys). This is default. ++ * True: Dynamic key management (use Platform KeySotre). ++ */ ++static bool pks_use_keystore = false; + + /* +- * Import the GUID, esd, and its size into the pks sd buffer and +- * pks sd entries from the EFI signature list. ++ * Reads the Globally Unique Identifier (GUID), EFI Signature Database (ESD), ++ * and its size from the Platform KeyStore EFI Signature List (ESL), then ++ * stores them into the PKS Signature Database (SD) (i.e., pks_sd buffer ++ * and pks_sd entries) in the GRUB. + */ + static grub_err_t +-esd_from_esl (const grub_uint8_t *esl_data, grub_size_t esl_size, +- const grub_size_t signature_size, const grub_uuid_t *guid, +- grub_pks_sd_t **pks_sd, grub_size_t *pks_sd_entries) ++_esl_to_esd (const grub_uint8_t *esl_data, grub_size_t esl_size, ++ const grub_size_t signature_size, const grub_packed_guid_t *guid, ++ grub_pks_sd_t **pks_sd, grub_uint32_t *pks_sd_entries) + { +- grub_esd_t *esd = NULL; ++ grub_esd_t *esd; + grub_pks_sd_t *signature = *pks_sd; +- grub_size_t entries = *pks_sd_entries; +- grub_size_t data_size = 0, offset = 0; ++ grub_uint32_t entries = *pks_sd_entries; ++ grub_size_t data_size, offset = 0; + +- /* reads the esd from esl */ ++ /* Reads the ESD from ESL. */ + while (esl_size > 0) + { + esd = (grub_esd_t *) (esl_data + offset); +@@ -81,16 +67,13 @@ esd_from_esl (const grub_uint8_t *esl_data, grub_size_t esl_size, + signature[entries].data = grub_malloc (data_size * sizeof (grub_uint8_t)); + if (signature[entries].data == NULL) + { +- /* +- * allocated memory will be freed by +- * grub_free_platform_keystore +- */ ++ /* Allocated memory will be freed by grub_pks_free_data(). */ + *pks_sd = signature; + *pks_sd_entries = entries + 1; + return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); + } + +- grub_memcpy (signature[entries].data, esd->signaturedata, data_size); ++ grub_memcpy (signature[entries].data, esd->signature_data, data_size); + signature[entries].data_size = data_size; + signature[entries].guid = *guid; + entries++; +@@ -104,26 +87,24 @@ esd_from_esl (const grub_uint8_t *esl_data, grub_size_t esl_size, + return GRUB_ERR_NONE; + } + +-/* +- * Extract the esd after removing the esl header from esl. +- */ ++/* Extract the ESD after removing the ESL header from ESL. */ + static grub_err_t + esl_to_esd (const grub_uint8_t *esl_data, grub_size_t *next_esl, +- grub_pks_sd_t **pks_sd, grub_size_t *pks_sd_entries) ++ grub_pks_sd_t **pks_sd, grub_uint32_t *pks_sd_entries) + { +- grub_uuid_t guid = { 0 }; +- grub_esl_t *esl = NULL; +- grub_size_t offset = 0, esl_size = 0, +- signature_size = 0, signature_header_size = 0; ++ grub_packed_guid_t guid; ++ grub_esl_t *esl; ++ grub_size_t offset, esl_size, signature_size, signature_header_size; + +- esl = convert_to_esl (esl_data, *next_esl); +- if (esl == NULL) ++ /* Convert the ESL data into the ESL. */ ++ esl = (grub_esl_t *) esl_data; ++ if (*next_esl < sizeof (grub_esl_t) || esl == NULL) + return grub_error (GRUB_ERR_BUG, "invalid ESL"); + +- esl_size = grub_le_to_cpu32 (esl->signaturelistsize); +- signature_header_size = grub_le_to_cpu32 (esl->signatureheadersize); +- signature_size = grub_le_to_cpu32 (esl->signaturesize); +- guid = esl->signaturetype; ++ esl_size = grub_le_to_cpu32 (esl->signature_list_size); ++ signature_header_size = grub_le_to_cpu32 (esl->signature_header_size); ++ signature_size = grub_le_to_cpu32 (esl->signature_size); ++ grub_memcpy (&guid, &esl->signature_type, sizeof (grub_packed_guid_t)); + + if (esl_size < sizeof (grub_esl_t) || esl_size > *next_esl) + return grub_error (GRUB_ERR_BUG, "invalid ESL size (%u)\n", esl_size); +@@ -132,19 +113,19 @@ esl_to_esd (const grub_uint8_t *esl_data, grub_size_t *next_esl, + offset = sizeof (grub_esl_t) + signature_header_size; + esl_size = esl_size - offset; + +- return esd_from_esl (esl_data + offset, esl_size, signature_size, &guid, +- pks_sd, pks_sd_entries); ++ return _esl_to_esd (esl_data + offset, esl_size, signature_size, &guid, ++ pks_sd, pks_sd_entries); + } + + /* +- * Import the EFI signature data and the number of esd from the esl +- * into the pks sd buffer and pks sd entries. ++ * Import the EFI Signature Database (ESD) and the number of ESD from the ESL ++ * into the pks_sd buffer and pks_sd entries. + */ + static grub_err_t + pks_sd_from_esl (const grub_uint8_t *esl_data, grub_size_t esl_size, +- grub_pks_sd_t **pks_sd, grub_size_t *pks_sd_entries) ++ grub_pks_sd_t **pks_sd, grub_uint32_t *pks_sd_entries) + { +- grub_err_t rc = GRUB_ERR_NONE; ++ grub_err_t rc; + grub_size_t next_esl = esl_size; + + do +@@ -162,185 +143,191 @@ pks_sd_from_esl (const grub_uint8_t *esl_data, grub_size_t esl_size, + return rc; + } + +-/* +- * Read the secure boot version from PKS as an object. +- * caller must free result +- */ ++/* Read the secure boot version from PKS as an object. Caller must free result. */ + static grub_err_t +-read_sbversion_from_pks (grub_uint8_t **out, grub_size_t *outlen, grub_size_t *policy) ++read_sbversion_from_pks (grub_uint8_t **out) + { +- *out = grub_malloc (pks_max_object_size); +- if (*out == NULL) +- return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); ++ grub_int32_t rc; ++ grub_uint32_t outlen = 0, policy = 0; + +- return grub_ieee1275_pks_read_object (PKS_CONSUMER_FW, SB_VERSION_KEY_NAME, +- SB_VERSION_KEY_LEN, *out, pks_max_object_size, +- outlen, policy); +-} +- +-/* +- * reads the secure boot variable from PKS. +- * caller must free result +- */ +-static grub_err_t +-read_sbvar_from_pks (const grub_uint8_t sbvarflags, const grub_uint8_t sbvartype, +- grub_uint8_t **out, grub_size_t *outlen) +-{ + *out = grub_malloc (pks_max_object_size); + if (*out == NULL) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); + +- return grub_ieee1275_pks_read_sbvar (sbvarflags, sbvartype, *out, +- pks_max_object_size, outlen); +-} +- +-/* Test the availability of PKS support. */ +-static grub_err_t +-is_support_pks (void) +-{ +- grub_err_t rc = GRUB_ERR_NONE; +- grub_ieee1275_cell_t missing = 0; ++ rc = grub_ieee1275_pks_read_object (GRUB_PKS_CONSUMER_FW, GRUB_SB_VERSION_KEY_NAME, ++ GRUB_SB_VERSION_KEY_LEN, pks_max_object_size, *out, ++ &outlen, &policy); ++ if (rc < 0) ++ { ++ grub_free (*out); ++ return grub_error (GRUB_ERR_READ_ERROR, "SB version read failed (%d)\n", rc); ++ } + +- rc = grub_ieee1275_test ("pks-max-object-size", &missing); +- if (rc != GRUB_ERR_NONE || (int) missing == -1) +- rc = grub_error (GRUB_ERR_BAD_FIRMWARE, "Firmware doesn't have PKS support!\n"); +- else ++ if (outlen != 1 || (**out >= 2)) + { +- rc = grub_ieee1275_pks_max_object_size (&pks_max_object_size); +- if (rc != GRUB_ERR_NONE) +- rc = grub_error (GRUB_ERR_BAD_NUMBER, "PKS support is there but it has zero objects!\n"); ++ grub_free (*out); ++ return grub_error (GRUB_ERR_BAD_NUMBER, "found unexpected SB version: %u\n", **out); + } + +- return rc; ++ return GRUB_ERR_NONE; + } + + /* +- * Retrieve the secure boot variable from PKS, unpacks it, read the esd +- * from ESL, and store the information in the pks sd buffer. ++ * Reads the secure boot variable from PKS, unpacks it, read the ESD from ESL, ++ * and store the information in the pks_sd buffer. + */ + static grub_err_t +-read_secure_boot_variables (const grub_uint8_t sbvarflags, const grub_uint8_t sbvartype, +- grub_pks_sd_t **pks_sd, grub_size_t *pks_sd_entries) ++read_sbvar_from_pks (const grub_uint32_t sbvarflags, const grub_uint32_t sbvartype, ++ grub_pks_sd_t **pks_sd, grub_uint32_t *pks_sd_entries) + { +- grub_err_t rc = GRUB_ERR_NONE; ++ grub_int32_t rc; ++ grub_err_t err = GRUB_ERR_NONE; + grub_uint8_t *esl_data = NULL; + grub_size_t esl_data_size = 0; + +- rc = read_sbvar_from_pks (sbvarflags, sbvartype, &esl_data, &esl_data_size); +- /* +- * at this point we have SB_VERSION, so any error is worth +- * at least some user-visible info +- */ +- if (rc != GRUB_ERR_NONE) +- rc = grub_error (rc, "secure boot variable %s reading (%d)", +- (sbvartype == DB ? "db" : "dbx"), rc); +- else if (esl_data_size != 0) +- rc = pks_sd_from_esl ((const grub_uint8_t *) esl_data, esl_data_size, +- pks_sd, pks_sd_entries); ++ esl_data = grub_malloc (pks_max_object_size); ++ if (esl_data == NULL) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); ++ ++ rc = grub_ieee1275_pks_read_sbvar (sbvarflags, sbvartype, pks_max_object_size, ++ esl_data, &esl_data_size); ++ if (rc == IEEE1275_CELL_NOT_FOUND) ++ { ++ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, "secure boot variable %s not found (%d)", ++ (sbvartype == GRUB_PKS_SBVAR_DB) ? "db" : "dbx", rc); ++ goto fail; ++ } ++ else if (rc < 0) ++ { ++ err = grub_error (GRUB_ERR_READ_ERROR, "secure boot variable %s reading (%d)", ++ (sbvartype == GRUB_PKS_SBVAR_DB) ? "db" : "dbx", rc); ++ goto fail; ++ } ++ ++ if (esl_data_size > 0) ++ err = pks_sd_from_esl (esl_data, esl_data_size, pks_sd, pks_sd_entries); ++ else ++ err = GRUB_ERR_BAD_NUMBER; ++ ++ fail: + grub_free (esl_data); + +- return rc; ++ return err; + } + +-/* reads secure boot version (SB_VERSION) and it supports following +- * SB_VERSION +- * 1 - PKS +- * 0 - static key (embeded key) ++/* ++ * Test the availability of PKS support. If PKS support is avaialble and objects ++ * present, it reads the secure boot version (SB_VERSION) from PKS. ++ * ++ * SB_VERSION: Key Management Mode ++ * 1 - Enable dynamic key management mode. Read the db and dbx variables from PKS, ++ * and use them for signature verification. ++ * 0 - Enable static key management mode. Read keys from the GRUB ELF Note and use ++ * it for signature verification. + */ +-static grub_err_t +-get_secure_boot_version (void) ++static bool ++is_pks_present (void) + { +- grub_err_t rc = GRUB_ERR_NONE; ++ grub_err_t err; ++ grub_int32_t rc; + grub_uint8_t *data = NULL; +- grub_size_t len = 0, policy = 0; ++ bool ret = false; + +- rc = read_sbversion_from_pks (&data, &len, &policy); +- if (rc != GRUB_ERR_NONE) +- rc = grub_error (GRUB_ERR_READ_ERROR, "SB version read failed! (%d)\n", rc); +- else if (len != 1 || (*data >= 2)) +- rc = grub_error (GRUB_ERR_BAD_NUMBER, "found unexpected SB version! (%d)\n", *data); +- +- if (rc != GRUB_ERR_NONE) ++ rc = grub_ieee1275_test (GRUB_PKS_MAX_OBJ_INTERFACE); ++ if (rc < 0) + { +- grub_printf ("Switch to Static Key!\n"); +- if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) +- grub_fatal ("Secure Boot locked down"); ++ grub_error (GRUB_ERR_BAD_FIRMWARE, "firmware doesn't have PKS support\n"); ++ return ret; + } + else +- grub_pks_use_keystore = *data; ++ { ++ rc = grub_ieee1275_pks_max_object_size (&pks_max_object_size); ++ if (rc < 0) ++ { ++ grub_error (GRUB_ERR_BAD_NUMBER, "PKS support is there but it has zero objects\n"); ++ return ret; ++ } ++ } ++ ++ err = read_sbversion_from_pks (&data); ++ if (err != GRUB_ERR_NONE) ++ return ret; ++ ++ /* ++ * If *data == 1, use dynamic key management and read the keys from the PKS. ++ * Else, use static key management and read the keys from the GRUB ELF Note. ++ */ ++ ret = ((*data == 1) ? true : false); + + grub_free (data); + +- return rc; ++ return ret; + } + +-/* Free allocated memory */ ++/* Free allocated memory. */ + void +-grub_pks_free_keystore (void) ++grub_pks_free_data (void) + { +- grub_size_t i = 0; ++ grub_size_t i; + +- for (i = 0; i < grub_pks_keystore.db_entries; i++) +- grub_free (grub_pks_keystore.db[i].data); ++ for (i = 0; i < pks_keystore.db_entries; i++) ++ grub_free (pks_keystore.db[i].data); + +- for (i = 0; i < grub_pks_keystore.dbx_entries; i++) +- grub_free (grub_pks_keystore.dbx[i].data); ++ for (i = 0; i < pks_keystore.dbx_entries; i++) ++ grub_free (pks_keystore.dbx[i].data); + +- grub_free (grub_pks_keystore.db); +- grub_free (grub_pks_keystore.dbx); +- grub_memset (&grub_pks_keystore, 0, sizeof (grub_pks_t)); ++ grub_free (pks_keystore.db); ++ grub_free (pks_keystore.dbx); ++ grub_memset (&pks_keystore, 0, sizeof (grub_pks_t)); + } + +-/* Initialization of the Platform Keystore */ +-grub_err_t ++grub_pks_t * ++grub_pks_get_keystore (void) ++{ ++ return (pks_use_keystore == true) ? &pks_keystore : NULL; ++} ++ ++/* Initialization of the Platform KeyStore. */ ++void + grub_pks_keystore_init (void) + { +- grub_err_t rc = GRUB_ERR_NONE; ++ grub_err_t rc_db, rc_dbx; + +- grub_dprintf ("ieee1275", "trying to load Platform Keystore\n"); ++ grub_dprintf ("ieee1275", "trying to load Platform KeyStore\n"); + +- rc = is_support_pks (); +- if (rc != GRUB_ERR_NONE) ++ if (is_pks_present () == false) + { +- grub_printf ("Switch to Static Key!\n"); +- return rc; ++ grub_dprintf ("ieee1275", "Platform PKS is not available\n"); ++ return; + } + +- /* SB_VERSION */ +- rc = get_secure_boot_version (); +- if (rc != GRUB_ERR_NONE) +- return rc; +- +- if (grub_pks_use_keystore) +- { +- grub_memset (&grub_pks_keystore, 0, sizeof (grub_pks_t)); +- /* DB */ +- rc = read_secure_boot_variables (0, DB, &grub_pks_keystore.db, &grub_pks_keystore.db_entries); +- if (rc == PKS_OBJECT_NOT_FOUND) +- { +- rc = GRUB_ERR_NONE; +- /* +- * DB variable won't be available by default in PKS. +- * So, it will load the Default Keys from ELF Note +- */ +- grub_pks_keystore.use_static_keys = true; +- } +- +- if (rc == GRUB_ERR_NONE) +- { +- /* DBX */ +- rc = read_secure_boot_variables (0, DBX, &grub_pks_keystore.dbx, &grub_pks_keystore.dbx_entries); +- if (rc == PKS_OBJECT_NOT_FOUND) +- { +- grub_dprintf ("ieee1275", "dbx is not found in PKS\n"); +- rc = GRUB_ERR_NONE; +- } +- } +- +- } +- +- if (rc != GRUB_ERR_NONE) +- grub_pks_free_keystore (); +- +- return rc; ++ /* ++ * When read db from PKS, there are three scenarios ++ * 1. db fully loaded from PKS ++ * 2. db partially loaded from PKS ++ * 3. no keys are loaded from db (if db does not exist in PKS), default to ++ * built-in keys (static keys) ++ * each of these scenarios, the db keys are checked against dbx. ++ */ ++ rc_db = read_sbvar_from_pks (0, GRUB_PKS_SBVAR_DB, &pks_keystore.db, &pks_keystore.db_entries); ++ if (rc_db == GRUB_ERR_FILE_NOT_FOUND) ++ pks_keystore.db_exists = false; ++ ++ /* ++ * Read dbx from PKS. If dbx is not completely loaded from PKS, then this ++ * could lead to the loading of vulnerable GRUB modules and kernel binaries. ++ * So, this should be prevented by freeing up loaded dbx and db. ++ */ ++ rc_dbx = read_sbvar_from_pks (0, GRUB_PKS_SBVAR_DBX, &pks_keystore.dbx, &pks_keystore.dbx_entries); ++ if (rc_dbx == GRUB_ERR_FILE_NOT_FOUND || rc_dbx == GRUB_ERR_BAD_NUMBER) ++ rc_dbx = GRUB_ERR_NONE; ++ ++ if (rc_dbx != GRUB_ERR_NONE) ++ grub_pks_free_data (); ++ ++ /* ++ * At this point, it's evident that PKS infrastructure exists, so the PKS ++ * keystore must be used for validating appended signatures. ++ */ ++ pks_use_keystore = true; + } +diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h +index 27b9cf2..63fda90 100644 +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -24,6 +24,9 @@ + #include + #include + ++#define IEEE1275_CELL_INVALID ((grub_ieee1275_cell_t) -1) ++#define IEEE1275_CELL_NOT_FOUND ((grub_int32_t) -7) ++ + #define GRUB_IEEE1275_CELL_FALSE ((grub_ieee1275_cell_t) 0) + #define GRUB_IEEE1275_CELL_TRUE ((grub_ieee1275_cell_t) -1) + +diff --git a/include/grub/powerpc/ieee1275/ieee1275.h b/include/grub/powerpc/ieee1275/ieee1275.h +index 45c7b16..6f0454a 100644 +--- a/include/grub/powerpc/ieee1275/ieee1275.h ++++ b/include/grub/powerpc/ieee1275/ieee1275.h +@@ -25,18 +25,40 @@ + #define GRUB_IEEE1275_CELL_SIZEOF 4 + typedef grub_uint32_t grub_ieee1275_cell_t; + +-int EXPORT_FUNC (grub_ieee1275_test) (const char *name, +- grub_ieee1275_cell_t *missing); ++#ifdef __powerpc__ ++/* The maximum object size interface name for a PKS object. */ ++#define GRUB_PKS_MAX_OBJ_INTERFACE "pks-max-object-size" + +-int grub_ieee1275_pks_max_object_size (grub_size_t *result); ++/* PKS read object and read sbvar interface name. */ ++#define GRUB_PKS_READ_OBJ_INTERFACE "pks-read-object" ++#define GRUB_PKS_READ_SBVAR_INTERFACE "pks-read-sbvar" + +-int grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label, +- grub_size_t label_len, grub_uint8_t *buffer, +- grub_size_t buffer_len, grub_size_t *data_len, +- grub_uint32_t *policies); ++/* PKS read object label for secure boot version. */ ++#define GRUB_SB_VERSION_KEY_NAME "SB_VERSION" ++#define GRUB_SB_VERSION_KEY_LEN (sizeof (GRUB_SB_VERSION_KEY_NAME) - 1) + +-int grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t sbvartype, +- grub_uint8_t *buffer, grub_size_t buffer_len, +- grub_size_t *data_len); ++/* PKS consumer type for firmware. */ ++#define GRUB_PKS_CONSUMER_FW ((grub_uint32_t) 1) + ++/* PKS read secure boot variable request type for db and dbx. */ ++#define GRUB_PKS_SBVAR_DB ((grub_uint32_t) 1) ++#define GRUB_PKS_SBVAR_DBX ((grub_uint32_t) 2) ++ ++extern grub_int32_t ++grub_ieee1275_test (const char *interface_name); ++ ++extern grub_int32_t ++grub_ieee1275_pks_max_object_size (grub_uint32_t *result); ++ ++extern grub_int32_t ++grub_ieee1275_pks_read_object (const grub_uint32_t consumer, const char *label, ++ const grub_uint32_t label_len, const grub_uint32_t buffer_len, ++ grub_uint8_t *buffer, grub_uint32_t *data_len, ++ grub_uint32_t *policies); ++ ++extern grub_int32_t ++grub_ieee1275_pks_read_sbvar (const grub_uint32_t sbvar_flags, const grub_uint32_t sbvar_type, ++ const grub_uint32_t buffer_len, grub_uint8_t *buffer, ++ grub_size_t *data_len); ++#endif /* __powerpc__ */ + #endif /* ! GRUB_IEEE1275_MACHINE_HEADER */ +diff --git a/include/grub/powerpc/ieee1275/platform_keystore.h b/include/grub/powerpc/ieee1275/platform_keystore.h +index 870fb8c..931ada2 100644 +--- a/include/grub/powerpc/ieee1275/platform_keystore.h ++++ b/include/grub/powerpc/ieee1275/platform_keystore.h +@@ -26,201 +26,98 @@ + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * +- * + * https://github.com/tianocore/edk2-staging (edk2-staging repo of tianocore), + * the ImageAuthentication.h file under it, and here's the copyright and license. + * + * MdePkg/Include/Guid/ImageAuthentication.h + * +- * Copyright 2024 IBM Corp. ++ * Copyright 2022, 2023, 2024, 2025 IBM Corp. + */ + +-#ifndef __PLATFORM_KEYSTORE_H__ +-#define __PLATFORM_KEYSTORE_H__ ++#ifndef PLATFORM_KEYSTORE_HEADER ++#define PLATFORM_KEYSTORE_HEADER 1 + + #include + #include + #include + +-#if __GNUC__ >= 9 +-#pragma GCC diagnostic ignored "-Waddress-of-packed-member" +-#endif +- +-#define GRUB_MAX_HASH_SIZE 64 +- +-typedef struct grub_esd grub_esd_t; +-typedef struct grub_esl grub_esl_t; +- + /* + * It is derived from EFI_SIGNATURE_DATA + * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h + * +- * The structure of an EFI signature database (ESD).*/ ++ * The structure of an EFI Signature Database (ESD). */ + struct grub_esd + { + /* +- * An identifier which identifies the agent which added +- * the signature to the list. ++ * An identifier which identifies the agent which added the signature to ++ * the list. + */ +- grub_uuid_t signatureowner; +- /* The format of the signature is defined by the SignatureType.*/ +- grub_uint8_t signaturedata[]; ++ grub_packed_guid_t signature_owner; ++ /* The format of the signature is defined by the SignatureType. */ ++ grub_uint8_t signature_data[]; + } GRUB_PACKED; ++typedef struct grub_esd grub_esd_t; + + /* + * It is derived from EFI_SIGNATURE_LIST + * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h + * +- * The structure of an EFI signature list (ESL).*/ ++ * The structure of an EFI Signature List (ESL). */ + struct grub_esl + { +- /* Type of the signature. GUID signature types are defined in below.*/ +- grub_uuid_t signaturetype; +- /* Total size of the signature list, including this header.*/ +- grub_uint32_t signaturelistsize; +- /* +- * Size of the signature header which precedes +- * the array of signatures. +- */ +- grub_uint32_t signatureheadersize; ++ /* Type of the signature. GUID signature types are defined in below. */ ++ grub_packed_guid_t signature_type; ++ /* Total size of the signature list, including this header. */ ++ grub_uint32_t signature_list_size; ++ /* Size of the signature header which precedes the array of signatures. */ ++ grub_uint32_t signature_header_size; + /* Size of each signature.*/ +- grub_uint32_t signaturesize; ++ grub_uint32_t signature_size; + } GRUB_PACKED; ++typedef struct grub_esl grub_esl_t; + +-/* +- * It is derived from EFI_CERT_X509_GUID +- * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h +- */ +-#define GRUB_PKS_CERT_X509_GUID \ +- (grub_uuid_t) \ +- { \ +- { \ +- 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, \ +- 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, \ +- 0x5c, 0x2b, 0xf0, 0x72 \ +- } \ +- } +- +-/* +- * It is derived from EFI_CERT_SHA256_GUID +- * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h +- */ +-#define GRUB_PKS_CERT_SHA256_GUID \ +- (grub_uuid_t) \ +- { \ +- { \ +- 0x26, 0x16, 0xc4, 0xc1, 0x4c, 0x50, \ +- 0x92, 0x40, 0xac, 0xa9, 0x41, 0xf9, \ +- 0x36, 0x93, 0x43, 0x28 \ +- } \ +- } +- +-/* +- * It is derived from EFI_CERT_SHA384_GUID +- * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h +- */ +-#define GRUB_PKS_CERT_SHA384_GUID \ +- (grub_uuid_t) \ +- { \ +- { \ +- 0x07, 0x53, 0x3e, 0xff, 0xd0, 0x9f, \ +- 0xc9, 0x48, 0x85, 0xf1, 0x8a, 0xd5, \ +- 0x6c, 0x70, 0x1e, 0x1 \ +- } \ +- } +- +-/* +- * It is derived from EFI_CERT_SHA512_GUID +- * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h +- */ +-#define GRUB_PKS_CERT_SHA512_GUID \ +- (grub_uuid_t) \ +- { \ +- { \ +- 0xae, 0x0f, 0x3e, 0x09, 0xc4, 0xa6, \ +- 0x50, 0x4f, 0x9f, 0x1b, 0xd4, 0x1e, \ +- 0x2b, 0x89, 0xc1, 0x9a \ +- } \ +- } +- +-/* +- * It is derived from EFI_CERT_X509_SHA256_GUID +- * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h +- */ +-#define GRUB_PKS_CERT_X509_SHA256_GUID \ +- (grub_uuid_t) \ +- { \ +- { \ +- 0x92, 0xa4, 0xd2, 0x3b, 0xc0, 0x96, \ +- 0x79, 0x40, 0xb4, 0x20, 0xfc, 0xf9, \ +- 0x8e, 0xf1, 0x03, 0xed \ +- } \ +- } +- +-/* +- * It is derived from EFI_CERT_X509_SHA384_GUID +- * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h +- */ +-#define GRUB_PKS_CERT_X509_SHA384_GUID \ +- (grub_uuid_t) \ +- { \ +- { \ +- 0x6e, 0x87, 0x76, 0x70, 0xc2, 0x80, \ +- 0xe6, 0x4e, 0xaa, 0xd2, 0x28, 0xb3, \ +- 0x49, 0xa6, 0x86, 0x5b \ +- } \ +- } +- +-/* +- * It is derived from EFI_CERT_X509_SHA512_GUID +- * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h +- */ +-#define GRUB_PKS_CERT_X509_SHA512_GUID \ +- (grub_uuid_t) \ +- { \ +- { \ +- 0x63, 0xbf, 0x6d, 0x44, 0x02, 0x25, \ +- 0xda, 0x4c, 0xbc, 0xfa, 0x24, 0x65, \ +- 0xd2, 0xb0, 0xfe, 0x9d \ +- } \ +- } +- +-typedef struct grub_pks_sd grub_pks_sd_t; +-typedef struct grub_pks grub_pks_t; +- +-/* The structure of a PKS signature data.*/ ++/* The structure of a PKS Signature Database (SD). */ + struct grub_pks_sd + { +- grub_uuid_t guid; /* signature type */ +- grub_uint8_t *data; /* signature data */ +- grub_size_t data_size; /* size of signature data */ ++ grub_packed_guid_t guid; /* Signature type. */ ++ grub_uint8_t *data; /* Signature data. */ ++ grub_size_t data_size; /* Size of signature data. */ + } GRUB_PACKED; ++typedef struct grub_pks_sd grub_pks_sd_t; + +-/* The structure of a PKS.*/ ++/* The structure of a Platform KeyStore (PKS). */ + struct grub_pks + { +- grub_pks_sd_t *db; /* signature database */ +- grub_pks_sd_t *dbx; /* forbidden signature database */ +- grub_size_t db_entries; /* size of signature database */ +- grub_size_t dbx_entries; /* size of forbidden signature database */ +- grub_bool_t use_static_keys;/* flag to indicate use of static keys */ +-} GRUB_PACKED; ++ grub_pks_sd_t *db; /* Signature database. */ ++ grub_pks_sd_t *dbx; /* Forbidden signature database. */ ++ grub_uint32_t db_entries; /* Size of signature database. */ ++ grub_uint32_t dbx_entries;/* Size of forbidden signature database. */ ++ bool db_exists; /* Flag to indicate if the db exists or not in PKS. */ ++}; ++typedef struct grub_pks grub_pks_t; + +-#ifdef __powerpc__ ++#if defined(__powerpc__) ++/* Initialization of the Platform Keystore. */ ++extern void ++grub_pks_keystore_init (void); + +-/* Initialization of the Platform Keystore */ +-grub_err_t grub_pks_keystore_init (void); +-/* Free allocated memory */ +-void EXPORT_FUNC(grub_pks_free_keystore) (void); +-extern grub_uint8_t EXPORT_VAR(grub_pks_use_keystore); +-extern grub_pks_t EXPORT_VAR(grub_pks_keystore); ++/* Platform KeyStore db and dbx. */ ++extern grub_pks_t * ++EXPORT_FUNC (grub_pks_get_keystore) (void); + ++/* Free allocated memory. */ ++extern void ++EXPORT_FUNC (grub_pks_free_data) (void); + #else ++static inline grub_pks_t * ++grub_pks_get_keystore (void) ++{ ++ return NULL; ++} + +-#define grub_pks_use_keystore 0 +-grub_pks_t grub_pks_keystore = {NULL, NULL, 0, 0, false}; +-void grub_pks_free_keystore (void); +- +-#endif +- ++static inline void ++grub_pks_free_data (void) ++{ ++} ++#endif /* __powerpc__ */ + #endif diff --git a/0493-appended-signatures-Introducing-key-management-envir.patch b/0493-appended-signatures-Introducing-key-management-envir.patch new file mode 100644 index 0000000..c3fcb7d --- /dev/null +++ b/0493-appended-signatures-Introducing-key-management-envir.patch @@ -0,0 +1,144 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:54:57 +0530 +Subject: [PATCH] appended signatures: Introducing key management environment + variable + +Introducing the appended signature key management environment variable. It is +automatically set to either "static" or "dynamic" based on the Platform KeyStore. + +"static": Enforce static key management signature verification. This is the + default. When the GRUB is locked down, user cannot change the value + by setting the appendedsig_key_mgmt variable back to "dynamic". + +"dynamic": Enforce dynamic key management signature verification. When the GRUB + is locked down, user cannot change the value by setting the + appendedsig_key_mgmt variable back to "static". + +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/appendedsig.c | 75 ++++++++++++++++++++++++++++ + 1 file changed, 75 insertions(+) + +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +index e53efd2..ca54c90 100644 +--- a/grub-core/commands/appendedsig/appendedsig.c ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + #include "appendedsig.h" + +@@ -94,6 +95,16 @@ static sb_database_t db = {.certs = NULL, .cert_entries = 0}; + */ + static bool check_sigs = false; + ++/* ++ * append_key_mgmt: Key Management Modes ++ * False: Static key management (use built-in Keys). This is default. ++ * True: Dynamic key management (use Platform KeySotre). ++ */ ++static bool append_key_mgmt = false; ++ ++/* Platform KeyStore db and dbx. */ ++static grub_pks_t *pks_keystore; ++ + static grub_ssize_t + pseudo_read (struct grub_file *file, char *buf, grub_size_t len) + { +@@ -469,6 +480,46 @@ grub_env_write_sec (struct grub_env_var *var __attribute__ ((unused)), const cha + return ret; + } + ++static const char * ++grub_env_read_key_mgmt (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ if (append_key_mgmt == true) ++ return "dynamic"; ++ ++ return "static"; ++} ++ ++static char * ++grub_env_write_key_mgmt (struct grub_env_var *var __attribute__ ((unused)), const char *val) ++{ ++ char *ret; ++ ++ /* ++ * Do not allow the value to be changed if signature verification is enabled ++ * (check_sigs is set to true) and GRUB is locked down. ++ */ ++ if (check_sigs == true && grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) ++ { ++ ret = grub_strdup (grub_env_read_key_mgmt (NULL, NULL)); ++ if (ret == NULL) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); ++ ++ return ret; ++ } ++ ++ if (grub_strcmp (val, "dynamic") == 0) ++ append_key_mgmt = true; ++ else if (grub_strcmp (val, "static") == 0) ++ append_key_mgmt = false; ++ ++ ret = grub_strdup (grub_env_read_key_mgmt (NULL, NULL)); ++ if (ret == NULL) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); ++ ++ return ret; ++} ++ + static grub_err_t + appendedsig_init (grub_file_t io __attribute__ ((unused)), enum grub_file_type type, + void **context __attribute__ ((unused)), enum grub_verify_flags *flags) +@@ -540,6 +591,11 @@ GRUB_MOD_INIT (appendedsig) + if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) + check_sigs = true; + ++ /* If PKS keystore is available, use dynamic key management. */ ++ pks_keystore = grub_pks_get_keystore (); ++ if (pks_keystore != NULL) ++ append_key_mgmt = true; ++ + /* + * This is appended signature verification environment variable. It is + * automatically set to either "no" or "yes" based on the ’ibm,secure-boot’ +@@ -554,6 +610,23 @@ GRUB_MOD_INIT (appendedsig) + grub_register_variable_hook ("check_appended_signatures", grub_env_read_sec, grub_env_write_sec); + grub_env_export ("check_appended_signatures"); + ++ /* ++ * This is appended signature key management environment variable. It is ++ * automatically set to either "static" or "dynamic" based on the ++ * Platform KeyStore. ++ * ++ * "static": Enforce static key management signature verification. This is ++ * the default. When the GRUB is locked down, user cannot change ++ * the value by setting the appendedsig_key_mgmt variable back to ++ * "dynamic". ++ * ++ * "dynamic": Enforce dynamic key management signature verification. When the ++ * GRUB is locked down, user cannot change the value by setting the ++ * appendedsig_key_mgmt variable back to "static". ++ */ ++ grub_register_variable_hook ("appendedsig_key_mgmt", grub_env_read_key_mgmt, grub_env_write_key_mgmt); ++ grub_env_export ("appendedsig_key_mgmt"); ++ + rc = grub_asn1_init (); + if (rc != ASN1_SUCCESS) + grub_fatal ("error initing ASN.1 data structures: %d: %s\n", rc, asn1_strerror (rc)); +@@ -577,5 +650,7 @@ GRUB_MOD_FINI (appendedsig) + free_db_list (); + grub_register_variable_hook ("check_appended_signatures", NULL, NULL); + grub_env_unset ("check_appended_signatures"); ++ grub_register_variable_hook ("appendedsig_key_mgmt", NULL, NULL); ++ grub_env_unset ("appendedsig_key_mgmt"); + grub_verifier_unregister (&grub_appendedsig_verifier); + } diff --git a/0494-PARTIAL-guid-Unify-GUID-types.patch b/0494-PARTIAL-guid-Unify-GUID-types.patch new file mode 100644 index 0000000..25ee758 --- /dev/null +++ b/0494-PARTIAL-guid-Unify-GUID-types.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Oliver Steffen +Date: Fri, 26 May 2023 13:35:43 +0200 +Subject: [PATCH] [PARTIAL] guid: Unify GUID types + +There are 3 implementations of a GUID in GRUB. Replace them with +a common one, placed in types.h. + +It uses the "packed" flavor of the GUID structs, the alignment attribute +is dropped, since it is not required. + +Signed-off-by: Oliver Steffen +Reviewed-by: Daniel Kiper +--- + include/grub/types.h | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/include/grub/types.h b/include/grub/types.h +index 32ca225..de6b0b3 100644 +--- a/include/grub/types.h ++++ b/include/grub/types.h +@@ -355,4 +355,13 @@ struct grub_uuid + + typedef char grub_bool_t; + ++struct grub_guid ++{ ++ grub_uint32_t data1; ++ grub_uint16_t data2; ++ grub_uint16_t data3; ++ grub_uint8_t data4[8]; ++} GRUB_PACKED; ++typedef struct grub_guid grub_guid_t; ++ + #endif /* ! GRUB_TYPES_HEADER */ diff --git a/0495-PARTIAL-types-Split-aligned-and-packed-guids.patch b/0495-PARTIAL-types-Split-aligned-and-packed-guids.patch new file mode 100644 index 0000000..75fa6f1 --- /dev/null +++ b/0495-PARTIAL-types-Split-aligned-and-packed-guids.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Sun, 13 Aug 2023 09:18:23 +0200 +Subject: [PATCH] [PARTIAL] types: Split aligned and packed guids + +On ia64 alignment requirements are strict. When we pass a pointer to +UUID it needs to be at least 4-byte aligned or EFI will crash. +On the other hand in device path there is no padding for UUID, so we +need 2 types in one formor another. Make 4-byte aligned and unaligned types + +The code is structured in a way to accept unaligned inputs +in most cases and supply 4-byte aligned outputs. + +Efiemu case is a bit ugly because there inputs and outputs are +reversed and so we need careful casts to account for this +inversion. + +Signed-off-by: Vladimir Serbinenko +Reviewed-by: Daniel Kiper +--- + include/grub/types.h | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/include/grub/types.h b/include/grub/types.h +index de6b0b3..1d554c8 100644 +--- a/include/grub/types.h ++++ b/include/grub/types.h +@@ -361,7 +361,16 @@ struct grub_guid + grub_uint16_t data2; + grub_uint16_t data3; + grub_uint8_t data4[8]; +-} GRUB_PACKED; ++} __attribute__ ((aligned(4))); + typedef struct grub_guid grub_guid_t; + ++struct grub_packed_guid ++{ ++ grub_uint32_t data1; ++ grub_uint16_t data2; ++ grub_uint16_t data3; ++ grub_uint8_t data4[8]; ++} GRUB_PACKED; ++typedef struct grub_packed_guid grub_packed_guid_t; ++ + #endif /* ! GRUB_TYPES_HEADER */ diff --git a/0496-appended-signatures-Create-db-and-dbx-lists.patch b/0496-appended-signatures-Create-db-and-dbx-lists.patch new file mode 100644 index 0000000..e1fa787 --- /dev/null +++ b/0496-appended-signatures-Create-db-and-dbx-lists.patch @@ -0,0 +1,689 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:54:58 +0530 +Subject: [PATCH] appended signatures: Create db and dbx lists + +If secure boot is enabled with static key management mode, the trusted +certificates will be extracted from the GRUB ELF Note and added to db list. + +If secure boot is enabled with dynamic key management mode, the trusted +certificates and certificate/binary hash will be extracted from the PKS +and added to db list. The distrusted certificates, certificate/binary hash +are read from the PKS and added to dbx list. Both dbx and db lists usage is +added by a subsequent patch. + +Note: +- If db does not exist in the PKS storage, then read the static keys as a db + default keys from the GRUB ELF Note and add them into the db list. +- If the certificate or the certificate hash exists in the dbx list, then do not + add that certificate/certificate hash to the db list. + +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/appendedsig.c | 407 +++++++++++++++++++++++++-- + include/grub/efi/pks.h | 112 ++++++++ + include/grub/types.h | 4 + + 3 files changed, 506 insertions(+), 17 deletions(-) + create mode 100644 include/grub/efi/pks.h + +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +index ca54c90..0c4c788 100644 +--- a/grub-core/commands/appendedsig/appendedsig.c ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include "appendedsig.h" + +@@ -46,6 +47,11 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define SIG_MAGIC "~Module signature appended~\n" + #define SIG_MAGIC_SIZE ((sizeof(SIG_MAGIC) - 1)) + ++/* SHA256, SHA384 and SHA512 hash sizes. */ ++#define SHA256_HASH_SIZE 32 ++#define SHA384_HASH_SIZE 48 ++#define SHA512_HASH_SIZE 64 ++ + /* + * This structure is extracted from scripts/sign-file.c in the linux kernel + * source. It was licensed as LGPLv2.1+, which is GPLv3+ compatible. +@@ -79,11 +85,23 @@ struct sb_database + { + grub_x509_cert_t *certs; /* Certificates. */ + grub_uint32_t cert_entries; /* Number of certificates. */ ++ grub_uint8_t **hashes; /* Certificate/binary hashes. */ ++ grub_size_t *hash_sizes; /* Sizes of certificate/binary hashes. */ ++ grub_uint32_t hash_entries; /* Number of certificate/binary hashes. */ ++ bool is_db; /* Flag to indicate the db/dbx list. */ + }; + typedef struct sb_database sb_database_t; + + /* The db list is used to validate appended signatures. */ +-static sb_database_t db = {.certs = NULL, .cert_entries = 0}; ++static sb_database_t db = {.certs = NULL, .cert_entries = 0, .hashes = NULL, ++ .hash_sizes = NULL, .hash_entries = 0, .is_db = true}; ++/* ++ * The dbx list is used to ensure that the distrusted certificates or GRUB ++ * modules/kernel binaries are rejected during appended signatures/hashes ++ * validation. ++ */ ++static sb_database_t dbx = {.certs = NULL, .cert_entries = 0, .hashes = NULL, ++ .hash_sizes = NULL, .hash_entries = 0, .is_db = false}; + + /* + * Signature verification flag (check_sigs). +@@ -118,6 +136,169 @@ static struct grub_fs pseudo_fs = { + .fs_read = pseudo_read + }; + ++/* ++ * GUID can be used to determine the hashing function and generate the hash using ++ * determined hashing function. ++ */ ++static grub_err_t ++get_hash (const grub_packed_guid_t *guid, const grub_uint8_t *data, const grub_size_t data_size, ++ grub_uint8_t *hash, grub_size_t *hash_size) ++{ ++ gcry_md_spec_t *hash_func = NULL; ++ ++ if (guid == NULL) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "GUID is not available"); ++ ++ if (grub_memcmp (guid, &GRUB_PKS_CERT_SHA256_GUID, GRUB_PACKED_GUID_SIZE) == 0 || ++ grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA256_GUID, GRUB_PACKED_GUID_SIZE) == 0) ++ hash_func = &_gcry_digest_spec_sha256; ++ else if (grub_memcmp (guid, &GRUB_PKS_CERT_SHA384_GUID, GRUB_PACKED_GUID_SIZE) == 0 || ++ grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA384_GUID, GRUB_PACKED_GUID_SIZE) == 0) ++ hash_func = &_gcry_digest_spec_sha384; ++ else if (grub_memcmp (guid, &GRUB_PKS_CERT_SHA512_GUID, GRUB_PACKED_GUID_SIZE) == 0 || ++ grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA512_GUID, GRUB_PACKED_GUID_SIZE) == 0) ++ hash_func = &_gcry_digest_spec_sha512; ++ else ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "unsupported GUID hash"); ++ ++ grub_crypto_hash (hash_func, hash, data, data_size); ++ *hash_size = hash_func->mdlen; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++generate_cert_hash (const grub_size_t cert_hash_size, const grub_uint8_t *data, ++ const grub_size_t data_size, grub_uint8_t *hash, grub_size_t *hash_size) ++{ ++ grub_packed_guid_t guid = { 0 }; ++ ++ /* support SHA256, SHA384 and SHA512 for certificate hash */ ++ if (cert_hash_size == SHA256_HASH_SIZE) ++ grub_memcpy (&guid, &GRUB_PKS_CERT_X509_SHA256_GUID, GRUB_PACKED_GUID_SIZE); ++ else if (cert_hash_size == SHA384_HASH_SIZE) ++ grub_memcpy (&guid, &GRUB_PKS_CERT_X509_SHA384_GUID, GRUB_PACKED_GUID_SIZE); ++ else if (cert_hash_size == SHA512_HASH_SIZE) ++ grub_memcpy (&guid, &GRUB_PKS_CERT_X509_SHA512_GUID, GRUB_PACKED_GUID_SIZE); ++ else ++ { ++ grub_dprintf ("appendedsig", "unsupported hash type (%" PRIuGRUB_SIZE ") and " ++ "skipped\n", cert_hash_size); ++ return GRUB_ERR_UNKNOWN_COMMAND; ++ } ++ ++ return get_hash (&guid, data, data_size, hash, hash_size); ++} ++ ++/* Check the hash presence in the db/dbx list. */ ++static bool ++check_hash_presence (grub_uint8_t *const hash, const grub_size_t hash_size, ++ const sb_database_t *sb_database) ++{ ++ grub_uint32_t i; ++ ++ for (i = 0; i < sb_database->hash_entries; i++) ++ { ++ if (sb_database->hashes[i] == NULL) ++ continue; ++ ++ if (hash_size == sb_database->hash_sizes[i] && ++ grub_memcmp (sb_database->hashes[i], hash, hash_size) == 0) ++ return true; ++ } ++ ++ return false; ++} ++ ++/* Add the certificate/binary hash into the db/dbx list. */ ++static grub_err_t ++add_hash (grub_uint8_t *const data, const grub_size_t data_size, sb_database_t *sb_database) ++{ ++ grub_uint8_t **hashes; ++ grub_size_t *hash_sizes; ++ ++ if (data == NULL || data_size == 0) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "certificate/binary-hash data or size is not available"); ++ ++ if (sb_database->is_db == true) ++ { ++ if (check_hash_presence (data, data_size, &dbx) == true) ++ { ++ grub_dprintf ("appendedsig", ++ "cannot add a hash (%02x%02x%02x%02x), as it is present in the dbx list\n", ++ data[0], data[1], data[2], data[3]); ++ return GRUB_ERR_ACCESS_DENIED; ++ } ++ } ++ ++ if (check_hash_presence (data, data_size, sb_database) == true) ++ { ++ grub_dprintf ("appendedsig", ++ "cannot add a hash (%02x%02x%02x%02x), as it is present in the %s list\n", ++ data[0], data[1], data[2], data[3], ((sb_database->is_db == true) ? "db" : "dbx")); ++ return GRUB_ERR_EXISTS; ++ } ++ ++ hashes = grub_realloc (sb_database->hashes, sizeof (grub_uint8_t *) * (sb_database->hash_entries + 1)); ++ if (hashes == NULL) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); ++ ++ hash_sizes = grub_realloc (sb_database->hash_sizes, sizeof (grub_size_t) * (sb_database->hash_entries + 1)); ++ if (hash_sizes == NULL) ++ { ++ /* Allocated memory will be freed by free_db_list()/free_dbx_list(). */ ++ hashes[sb_database->hash_entries] = NULL; ++ sb_database->hashes = hashes; ++ sb_database->hash_entries++; ++ ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); ++ } ++ ++ hashes[sb_database->hash_entries] = grub_malloc (data_size); ++ if (hashes[sb_database->hash_entries] == NULL) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); ++ ++ grub_dprintf ("appendedsig", ++ "added the hash %02x%02x%02x%02x... with size of %" PRIuGRUB_SIZE " to the %s list\n", ++ data[0], data[1], data[2], data[3], data_size, ++ ((sb_database->is_db == true) ? "db" : "dbx")); ++ ++ grub_memcpy (hashes[sb_database->hash_entries], data, data_size); ++ hash_sizes[sb_database->hash_entries] = data_size; ++ sb_database->hash_sizes = hash_sizes; ++ sb_database->hashes = hashes; ++ sb_database->hash_entries++; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static bool ++is_hash (const grub_packed_guid_t *guid) ++{ ++ /* GUID type of the binary hash. */ ++ if (grub_memcmp (guid, &GRUB_PKS_CERT_SHA256_GUID, GRUB_PACKED_GUID_SIZE) == 0 || ++ grub_memcmp (guid, &GRUB_PKS_CERT_SHA384_GUID, GRUB_PACKED_GUID_SIZE) == 0 || ++ grub_memcmp (guid, &GRUB_PKS_CERT_SHA512_GUID, GRUB_PACKED_GUID_SIZE) == 0) ++ return true; ++ ++ /* GUID type of the certificate hash. */ ++ if (grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA256_GUID, GRUB_PACKED_GUID_SIZE) == 0 || ++ grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA384_GUID, GRUB_PACKED_GUID_SIZE) == 0 || ++ grub_memcmp (guid, &GRUB_PKS_CERT_X509_SHA512_GUID, GRUB_PACKED_GUID_SIZE) == 0) ++ return true; ++ ++ return false; ++} ++ ++static bool ++is_x509 (const grub_packed_guid_t *guid) ++{ ++ if (grub_memcmp (guid, &GRUB_PKS_CERT_X509_GUID, GRUB_PACKED_GUID_SIZE) == 0) ++ return true; ++ ++ return false; ++} ++ + static bool + is_cert_match (const grub_x509_cert_t *cert1, const grub_x509_cert_t *cert2) + { +@@ -136,7 +317,33 @@ is_cert_match (const grub_x509_cert_t *cert1, const grub_x509_cert_t *cert2) + return false; + } + +-/* Check the certificate presence in the db list. */ ++/* Check the certificate hash presence in the dbx list. */ ++static bool ++is_cert_hash_present_in_dbx (const grub_uint8_t *data, const grub_size_t data_size) ++{ ++ grub_err_t rc; ++ grub_uint32_t i; ++ grub_size_t cert_hash_size = 0; ++ grub_uint8_t cert_hash[GRUB_MAX_HASH_LEN] = { 0 }; ++ ++ for (i = 0; i < dbx.hash_entries; i++) ++ { ++ if (dbx.hashes[i] == NULL) ++ continue; ++ ++ rc = generate_cert_hash (dbx.hash_sizes[i], data, data_size, cert_hash, &cert_hash_size); ++ if (rc != GRUB_ERR_NONE) ++ continue; ++ ++ if (cert_hash_size == dbx.hash_sizes[i] && ++ grub_memcmp (dbx.hashes[i], cert_hash, cert_hash_size) == 0) ++ return true; ++ } ++ ++ return false; ++} ++ ++/* Check the certificate presence in the db/dbx list. */ + static bool + check_cert_presence (const grub_x509_cert_t *cert_in, const sb_database_t *sb_database) + { +@@ -149,7 +356,11 @@ check_cert_presence (const grub_x509_cert_t *cert_in, const sb_database_t *sb_da + return false; + } + +-/* Add the certificate into the db list */ ++/* ++ * Add the certificate into the db list if it is not present in the dbx and db ++ * list when is_db is true. Add the certificate into the dbx list when is_db is ++ * false. ++ */ + static grub_err_t + add_certificate (const grub_uint8_t *data, const grub_size_t data_size, + sb_database_t *sb_database) +@@ -167,30 +378,54 @@ add_certificate (const grub_uint8_t *data, const grub_size_t data_size, + rc = grub_x509_cert_parse (data, data_size, cert); + if (rc != GRUB_ERR_NONE) + { +- grub_dprintf ("appendedsig", "cannot add a certificate CN='%s' to the db list\n", +- cert->subject); ++ grub_dprintf ("appendedsig", "cannot add a certificate CN='%s' to the %s list\n", ++ cert->subject, (sb_database->is_db == true) ? "db" : "dbx"); + grub_free (cert); + return rc; + } + ++ /* ++ * Only checks the certificate against dbx if is_db is true when dynamic key ++ * management is enabled. ++ */ ++ if (append_key_mgmt == true) ++ { ++ if (sb_database->is_db == true) ++ { ++ if (is_cert_hash_present_in_dbx (data, data_size) == true || ++ check_cert_presence (cert, &dbx) == true) ++ { ++ grub_dprintf ("appendedsig", ++ "cannot add a certificate CN='%s', as it is present in the dbx list", ++ cert->subject); ++ rc = GRUB_ERR_ACCESS_DENIED; ++ goto fail; ++ } ++ } ++ } ++ + if (check_cert_presence (cert, sb_database) == true) + { + grub_dprintf ("appendedsig", +- "cannot add a certificate CN='%s', as it is present in the db list", +- cert->subject); +- grub_x509_cert_release (cert); +- grub_free (cert); +- +- return GRUB_ERR_EXISTS; ++ "cannot add a certificate CN='%s', as it is present in the %s list", ++ cert->subject, ((sb_database->is_db == true) ? "db" : "dbx")); ++ rc = GRUB_ERR_EXISTS; ++ goto fail; + } + +- grub_dprintf ("appendedsig", "added a certificate CN='%s' to the db list\n", +- cert->subject); ++ grub_dprintf ("appendedsig", "added a certificate CN='%s' to the %s list\n", ++ cert->subject, ((sb_database->is_db == true) ? "db" : "dbx")); + + cert->next = sb_database->certs; + sb_database->certs = cert; + sb_database->cert_entries++; + ++ return rc; ++ ++ fail: ++ grub_x509_cert_release (cert); ++ grub_free (cert); ++ + return rc; + } + +@@ -382,6 +617,68 @@ grub_verify_appended_signature (const grub_uint8_t *buf, grub_size_t bufsize) + return err; + } + ++/* Add the X.509 certificates/binary hash to the db list from PKS. */ ++static grub_err_t ++load_pks2db (void) ++{ ++ grub_err_t rc; ++ grub_uint32_t i; ++ ++ for (i = 0; i < pks_keystore->db_entries; i++) ++ { ++ if (is_hash (&pks_keystore->db[i].guid) == true) ++ { ++ rc = add_hash (pks_keystore->db[i].data, ++ pks_keystore->db[i].data_size, &db); ++ if (rc == GRUB_ERR_OUT_OF_MEMORY) ++ return rc; ++ } ++ else if (is_x509 (&pks_keystore->db[i].guid) == true) ++ { ++ rc = add_certificate (pks_keystore->db[i].data, ++ pks_keystore->db[i].data_size, &db); ++ if (rc == GRUB_ERR_OUT_OF_MEMORY) ++ return rc; ++ } ++ else ++ grub_dprintf ("appendedsig", "unsupported signature data type and " ++ "skipped (%u)\n", i + 1); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++/* Add the certificates and certificate/binary hash to the dbx list from PKS. */ ++static grub_err_t ++load_pks2dbx (void) ++{ ++ grub_err_t rc; ++ grub_uint32_t i; ++ ++ for (i = 0; i < pks_keystore->dbx_entries; i++) ++ { ++ if (is_x509 (&pks_keystore->dbx[i].guid) == true) ++ { ++ rc = add_certificate (pks_keystore->dbx[i].data, ++ pks_keystore->dbx[i].data_size, &dbx); ++ if (rc == GRUB_ERR_OUT_OF_MEMORY) ++ return rc; ++ } ++ else if (is_hash (&pks_keystore->dbx[i].guid) == true) ++ { ++ rc = add_hash (pks_keystore->dbx[i].data, ++ pks_keystore->dbx[i].data_size, &dbx); ++ if (rc != GRUB_ERR_NONE) ++ return rc; ++ } ++ else ++ grub_dprintf ("appendedsig", "unsupported signature data type and " ++ "skipped (%u)\n", i + 1); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ + /* + * Extract the X.509 certificates from the ELF Note header, parse it, and add + * it to the db list. +@@ -422,11 +719,45 @@ load_elf2db (void) + } + } + ++/* ++ * Extract trusted and distrusted keys from PKS and store them in the db and ++ * dbx list. ++ */ ++static void ++create_dbs_from_pks (void) ++{ ++ grub_err_t err; ++ ++ err = load_pks2dbx (); ++ if (err != GRUB_ERR_NONE) ++ grub_printf ("warning: dbx list might not be fully populated\n"); ++ ++ /* ++ * If db does not exist in the PKS storage, then read the static keys as a db ++ * default keys from the GRUB ELF Note and add them into the db list. ++ */ ++ if (pks_keystore->db_exists == false) ++ load_elf2db (); ++ else ++ { ++ err = load_pks2db (); ++ if (err != GRUB_ERR_NONE) ++ grub_printf ("warning: db list might not be fully populated\n"); ++ } ++ ++ grub_pks_free_data (); ++ grub_dprintf ("appendedsig", "the db list now has %u keys\n" ++ "the dbx list now has %u keys\n", ++ db.hash_entries + db.cert_entries, ++ dbx.hash_entries + dbx.cert_entries); ++} ++ + /* Free db list memory */ + static void + free_db_list (void) + { + grub_x509_cert_t *cert; ++ grub_uint32_t i; + + while (db.certs != NULL) + { +@@ -436,9 +767,37 @@ free_db_list (void) + grub_free (cert); + } + ++ for (i = 0; i < db.hash_entries; i++) ++ grub_free (db.hashes[i]); ++ ++ grub_free (db.hashes); ++ grub_free (db.hash_sizes); + grub_memset (&db, 0, sizeof (sb_database_t)); + } + ++/* Free dbx list memory */ ++static void ++free_dbx_list (void) ++{ ++ grub_x509_cert_t *cert; ++ grub_uint32_t i; ++ ++ while (dbx.certs != NULL) ++ { ++ cert = dbx.certs; ++ dbx.certs = dbx.certs->next; ++ grub_x509_cert_release (cert); ++ grub_free (cert); ++ } ++ ++ for (i = 0; i < dbx.hash_entries; i++) ++ grub_free (dbx.hashes[i]); ++ ++ grub_free (dbx.hashes); ++ grub_free (dbx.hash_sizes); ++ grub_memset (&dbx, 0, sizeof (sb_database_t)); ++} ++ + static const char * + grub_env_read_sec (struct grub_env_var *var __attribute__ ((unused)), + const char *val __attribute__ ((unused))) +@@ -631,10 +990,23 @@ GRUB_MOD_INIT (appendedsig) + if (rc != ASN1_SUCCESS) + grub_fatal ("error initing ASN.1 data structures: %d: %s\n", rc, asn1_strerror (rc)); + +- /* Extract trusted keys from ELF Note and store them in the db. */ +- load_elf2db (); +- grub_dprintf ("appendedsig", "the db list now has %u static keys\n", +- db.cert_entries); ++ /* ++ * If signature verification is enabled with the dynamic key management, ++ * extract trusted and distrusted keys from PKS and store them in the db ++ * and dbx list. ++ */ ++ if (append_key_mgmt == true) ++ create_dbs_from_pks (); ++ /* ++ * If signature verification is enabled with the static key management, ++ * extract trusted keys from ELF Note and store them in the db list. ++ */ ++ else ++ { ++ load_elf2db (); ++ grub_dprintf ("appendedsig", "the db list now has %u static keys\n", ++ db.cert_entries); ++ } + + grub_verifier_register (&grub_appendedsig_verifier); + grub_dl_set_persistent (mod); +@@ -648,6 +1020,7 @@ GRUB_MOD_FINI (appendedsig) + */ + + free_db_list (); ++ free_dbx_list (); + grub_register_variable_hook ("check_appended_signatures", NULL, NULL); + grub_env_unset ("check_appended_signatures"); + grub_register_variable_hook ("appendedsig_key_mgmt", NULL, NULL); +diff --git a/include/grub/efi/pks.h b/include/grub/efi/pks.h +new file mode 100644 +index 0000000..ff306f5 +--- /dev/null ++++ b/include/grub/efi/pks.h +@@ -0,0 +1,112 @@ ++/* ++ * Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved. This ++ * program and the accompanying materials are licensed and made available ++ * under the terms and conditions of the 2-Clause BSD License which ++ * accompanies this distribution. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright notice, ++ * this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" ++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE ++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++ * POSSIBILITY OF SUCH DAMAGE. ++ * ++ * https://github.com/tianocore/edk2-staging (edk2-staging repo of tianocore), ++ * the ImageAuthentication.h file under it, and here's the copyright and license. ++ * ++ * MdePkg/Include/Guid/ImageAuthentication.h ++ * ++ * Copyright 2022, 2023, 2024, 2025 IBM Corp. ++ */ ++ ++#ifndef PKS_HEADER ++#define PKS_HEADER 1 ++ ++#include ++ ++/* ++ * It is derived from EFI_CERT_X509_GUID. ++ * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h ++ */ ++#define GRUB_PKS_CERT_X509_GUID \ ++ (grub_guid_t) \ ++ { 0xa159c0a5, 0xe494, 0xa74a, \ ++ { 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 } \ ++ } ++ ++/* ++ * It is derived from EFI_CERT_SHA256_GUID. ++ * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h ++ */ ++#define GRUB_PKS_CERT_SHA256_GUID \ ++ (grub_guid_t) \ ++ { 0x2616c4c1, 0x4c50, 0x9240, \ ++ { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 } \ ++ } ++ ++/* ++ * It is derived from EFI_CERT_SHA384_GUID. ++ * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h ++ */ ++#define GRUB_PKS_CERT_SHA384_GUID \ ++ (grub_guid_t) \ ++ { 0x07533eff, 0xd09f, 0xc948, \ ++ { 0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1 } \ ++ } ++ ++/* ++ * It is derived from EFI_CERT_SHA512_GUID. ++ * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h ++ */ ++#define GRUB_PKS_CERT_SHA512_GUID \ ++ (grub_guid_t) \ ++ { 0xae0f3e09, 0xc4a6, 0x504f, \ ++ { 0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a } \ ++ } ++ ++/* ++ * It is derived from EFI_CERT_X509_SHA256_GUID. ++ * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h ++ */ ++#define GRUB_PKS_CERT_X509_SHA256_GUID \ ++ (grub_guid_t) \ ++ { 0x92a4d23b, 0xc096, 0x7940, \ ++ { 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ ++ } ++ ++/* ++ * It is derived from EFI_CERT_X509_SHA384_GUID. ++ * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h ++ */ ++#define GRUB_PKS_CERT_X509_SHA384_GUID \ ++ (grub_guid_t) \ ++ { 0x6e877670, 0xc280, 0xe64e, \ ++ { 0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ ++ } ++ ++/* ++ * It is derived from EFI_CERT_X509_SHA512_GUID. ++ * https://github.com/tianocore/edk2-staging/blob/master/MdePkg/Include/Guid/ImageAuthentication.h ++ */ ++#define GRUB_PKS_CERT_X509_SHA512_GUID \ ++ (grub_guid_t) \ ++ { 0x63bf6d44, 0x0225, 0xda4c, \ ++ { 0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ ++ } ++ ++#endif +diff --git a/include/grub/types.h b/include/grub/types.h +index 1d554c8..6ccae80 100644 +--- a/include/grub/types.h ++++ b/include/grub/types.h +@@ -364,6 +364,8 @@ struct grub_guid + } __attribute__ ((aligned(4))); + typedef struct grub_guid grub_guid_t; + ++#define GRUB_GUID_SIZE (sizeof (grub_guid_t)) ++ + struct grub_packed_guid + { + grub_uint32_t data1; +@@ -373,4 +375,6 @@ struct grub_packed_guid + } GRUB_PACKED; + typedef struct grub_packed_guid grub_packed_guid_t; + ++#define GRUB_PACKED_GUID_SIZE (sizeof (grub_packed_guid_t)) ++ + #endif /* ! GRUB_TYPES_HEADER */ diff --git a/0497-appended-signatures-Using-db-and-dbx-lists-for-signa.patch b/0497-appended-signatures-Using-db-and-dbx-lists-for-signa.patch new file mode 100644 index 0000000..74bc7e4 --- /dev/null +++ b/0497-appended-signatures-Using-db-and-dbx-lists-for-signa.patch @@ -0,0 +1,136 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:54:59 +0530 +Subject: [PATCH] appended signatures: Using db and dbx lists for signature + verification + +Signature verification: verify the kernel against lists of hashes that are +either in dbx or db list. If it is not in the dbx list then the trusted keys +from the db list are used to verify the signature. + +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/appendedsig.c | 94 +++++++++++++++++++++++++++- + 1 file changed, 93 insertions(+), 1 deletion(-) + +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +index 0c4c788..9cfa1be 100644 +--- a/grub-core/commands/appendedsig/appendedsig.c ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -521,6 +521,83 @@ extract_appended_signature (const grub_uint8_t *buf, grub_size_t bufsize, + return grub_pkcs7_data_parse (signed_data, appendedsig_pkcs7_size, &sig->pkcs7); + } + ++static grub_err_t ++get_binary_hash (const grub_size_t binary_hash_size, const grub_uint8_t *data, ++ const grub_size_t data_size, grub_uint8_t *hash, grub_size_t *hash_size) ++{ ++ grub_packed_guid_t guid = { 0 }; ++ ++ /* support SHA256, SHA384 and SHA512 for binary hash */ ++ if (binary_hash_size == SHA256_HASH_SIZE) ++ grub_memcpy (&guid, &GRUB_PKS_CERT_SHA256_GUID, GRUB_PACKED_GUID_SIZE); ++ else if (binary_hash_size == SHA384_HASH_SIZE) ++ grub_memcpy (&guid, &GRUB_PKS_CERT_SHA384_GUID, GRUB_PACKED_GUID_SIZE); ++ else if (binary_hash_size == SHA512_HASH_SIZE) ++ grub_memcpy (&guid, &GRUB_PKS_CERT_SHA512_GUID, GRUB_PACKED_GUID_SIZE); ++ else ++ { ++ grub_dprintf ("appendedsig", "unsupported hash type (%" PRIuGRUB_SIZE ") and " ++ "skipped\n", binary_hash_size); ++ return GRUB_ERR_UNKNOWN_COMMAND; ++ } ++ ++ return get_hash (&guid, data, data_size, hash, hash_size); ++} ++ ++/* ++ * Verify binary hash against the db and dbx list. ++ * The following errors can occur: ++ * - GRUB_ERR_BAD_SIGNATURE: indicates that the hash is in dbx list. ++ * - GRUB_ERR_EOF: the hash could not be found in the db and dbx list. ++ * - GRUB_ERR_NONE: the hash is found in db list. ++ */ ++static grub_err_t ++verify_binary_hash (const grub_uint8_t *data, const grub_size_t data_size) ++{ ++ grub_err_t rc = GRUB_ERR_NONE; ++ grub_uint32_t i; ++ grub_size_t hash_size = 0; ++ grub_uint8_t hash[GRUB_MAX_HASH_LEN] = { 0 }; ++ ++ for (i = 0; i < dbx.hash_entries; i++) ++ { ++ if (dbx.hashes[i] == NULL) ++ continue; ++ ++ rc = get_binary_hash (dbx.hash_sizes[i], data, data_size, hash, &hash_size); ++ if (rc != GRUB_ERR_NONE) ++ continue; ++ ++ if (hash_size == dbx.hash_sizes[i] && ++ grub_memcmp (dbx.hashes[i], hash, hash_size) == 0) ++ { ++ grub_dprintf ("appendedsig", "the hash (%02x%02x%02x%02x) is present in the dbx list\n", ++ hash[0], hash[1], hash[2], hash[3]); ++ return GRUB_ERR_BAD_SIGNATURE; ++ } ++ } ++ ++ for (i = 0; i < db.hash_entries; i++) ++ { ++ if (db.hashes[i] == NULL) ++ continue; ++ ++ rc = get_binary_hash (db.hash_sizes[i], data, data_size, hash, &hash_size); ++ if (rc != GRUB_ERR_NONE) ++ continue; ++ ++ if (hash_size == db.hash_sizes[i] && ++ grub_memcmp (db.hashes[i], hash, hash_size) == 0) ++ { ++ grub_dprintf ("appendedsig", "verified with a trusted hash (%02x%02x%02x%02x)\n", ++ hash[0], hash[1], hash[2], hash[3]); ++ return GRUB_ERR_NONE; ++ } ++ } ++ ++ return GRUB_ERR_EOF; ++} ++ + /* + * Given a hash value 'hval', of hash specification 'hash', prepare the + * S-expressions (sexp) and perform the signature verification. +@@ -565,7 +642,7 @@ grub_verify_appended_signature (const grub_uint8_t *buf, grub_size_t bufsize) + grub_pkcs7_signer_t *si; + grub_int32_t i; + +- if (!db.cert_entries) ++ if (!db.cert_entries && !db.hash_entries) + return grub_error (GRUB_ERR_BAD_SIGNATURE, "no trusted keys to verify against"); + + err = extract_appended_signature (buf, bufsize, &sig); +@@ -574,6 +651,21 @@ grub_verify_appended_signature (const grub_uint8_t *buf, grub_size_t bufsize) + + datasize = bufsize - sig.signature_len; + ++ /* ++ * If signature verification is enabled with dynamic key management mode, ++ * Verify binary hash against the db and dbx list. ++ */ ++ if (append_key_mgmt == true) ++ { ++ err = verify_binary_hash (buf, datasize); ++ if (err == GRUB_ERR_BAD_SIGNATURE) ++ { ++ grub_pkcs7_data_release (&sig.pkcs7); ++ return grub_error (err, ++ "failed to verify the binary hash against a trusted binary hash"); ++ } ++ } ++ + /* Verify signature using trusted keys from db list. */ + for (i = 0; i < sig.pkcs7.signer_count; i++) + { diff --git a/0498-appended-signatures-GRUB-commands-to-manage-the-cert.patch b/0498-appended-signatures-GRUB-commands-to-manage-the-cert.patch new file mode 100644 index 0000000..8504eb7 --- /dev/null +++ b/0498-appended-signatures-GRUB-commands-to-manage-the-cert.patch @@ -0,0 +1,406 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:55:00 +0530 +Subject: [PATCH] appended signatures: GRUB commands to manage the certificates +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Introducing the following GRUB commands to manage the certificates. + + 1. append_list_db: + Show the list of trusted certificates from the db list + 2. append_add_db_cert: + Add the trusted certificate to the db list + 3. append_add_dbx_cert: + Add the distrusted certificate to the dbx list + 4. append_verify: + Verify the signed file using db list + +Note that if signature verification (check_appended_signatures) is set to yes, +the append_add_db_cert and append_add_dbx_cert commands only accept the file +‘X509_certificate’ that is signed with an appended signature. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Tested-by: Sridhar Markonda +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/appendedsig.c | 316 +++++++++++++++++++++++++++ + 1 file changed, 316 insertions(+) + +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +index 9cfa1be..614ebee 100644 +--- a/grub-core/commands/appendedsig/appendedsig.c ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -123,6 +123,9 @@ static bool append_key_mgmt = false; + /* Platform KeyStore db and dbx. */ + static grub_pks_t *pks_keystore; + ++/* Appended signature size. */ ++static grub_size_t append_sig_len = 0; ++ + static grub_ssize_t + pseudo_read (struct grub_file *file, char *buf, grub_size_t len) + { +@@ -136,6 +139,65 @@ static struct grub_fs pseudo_fs = { + .fs_read = pseudo_read + }; + ++/* ++ * We cannot use hexdump() to display hash data because it is typically displayed ++ * in hexadecimal format, along with an ASCII representation of the same data. ++ * ++ * Example: sha256 hash data ++ * 00000000 52 b5 90 49 64 de 22 d7 4e 5f 4f b4 1b 51 9c 34 |R..Id.".N_O..Q.4| ++ * 00000010 b1 96 21 7c 91 78 a5 0d 20 8c e9 5c 22 54 53 f7 |..!|.x.. ..\"TS.| ++ * ++ * An appended signature only required to display the hexadecimal of the hash data ++ * by separating each byte with ":". So, we introduced a new method hexdump_colon ++ * to display it. ++ * ++ * Example: Sha256 hash data ++ * 52:b5:90:49:64:de:22:d7:4e:5f:4f:b4:1b:51:9c:34: ++ * b1:96:21:7c:91:78:a5:0d:20:8c:e9:5c:22:54:53:f7 ++ */ ++static void ++hexdump_colon (const grub_uint8_t *data, const grub_size_t length) ++{ ++ grub_size_t i, count = 0; ++ ++ for (i = 0; i < length - 1; i++) ++ { ++ grub_printf ("%02x:", data[i]); ++ count++; ++ if (count == 16) ++ { ++ grub_printf ("\n "); ++ count = 0; ++ } ++ } ++ ++ grub_printf ("%02x\n", data[i]); ++} ++ ++static void ++print_certificate (const grub_x509_cert_t *cert, const grub_uint32_t cert_num) ++{ ++ grub_uint32_t i; ++ ++ grub_printf ("\nCertificate: %u\n", cert_num); ++ grub_printf (" Data:\n"); ++ grub_printf (" Version: %u (0x%u)\n", cert->version + 1, cert->version); ++ grub_printf (" Serial Number:\n "); ++ ++ for (i = 0; i < cert->serial_len - 1; i++) ++ grub_printf ("%02x:", cert->serial[i]); ++ ++ grub_printf ("%02x\n", cert->serial[cert->serial_len - 1]); ++ grub_printf (" Issuer: %s\n", cert->issuer); ++ grub_printf (" Subject: %s\n", cert->subject); ++ grub_printf (" Subject Public Key Info:\n"); ++ grub_printf (" Public Key Algorithm: rsaEncryption\n"); ++ grub_printf (" RSA Public-Key: (%d bit)\n", cert->modulus_size); ++ grub_printf (" Fingerprint: sha256\n "); ++ hexdump_colon (&cert->fingerprint[GRUB_FINGERPRINT_SHA256][0], ++ grub_strlen ((char *) cert->fingerprint[GRUB_FINGERPRINT_SHA256])); ++} ++ + /* + * GUID can be used to determine the hashing function and generate the hash using + * determined hashing function. +@@ -429,6 +491,61 @@ add_certificate (const grub_uint8_t *data, const grub_size_t data_size, + return rc; + } + ++static void ++_remove_cert_from_db (const grub_x509_cert_t *cert) ++{ ++ grub_uint32_t i = 1; ++ grub_x509_cert_t *curr_cert, *prev_cert; ++ ++ for (curr_cert = prev_cert = db.certs; curr_cert != NULL; curr_cert = curr_cert->next, i++) ++ { ++ if (is_cert_match (curr_cert, cert) == true) ++ { ++ if (i == 1) /* Match with first certificate in the db list. */ ++ db.certs = curr_cert->next; ++ else ++ prev_cert->next = curr_cert->next; ++ ++ grub_dprintf ("appendedsig", ++ "removed distrusted certificate with CN: %s from the db list\n", ++ curr_cert->subject); ++ curr_cert->next = NULL; ++ grub_x509_cert_release (curr_cert); ++ grub_free (curr_cert); ++ break; ++ } ++ else ++ prev_cert = curr_cert; ++ } ++} ++ ++static grub_err_t ++remove_cert_from_db (const grub_uint8_t *data, const grub_size_t data_size) ++{ ++ grub_err_t rc; ++ grub_x509_cert_t *cert; ++ ++ if (data == NULL || data_size == 0) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "certificate data or size is not available"); ++ ++ cert = grub_zalloc (sizeof (grub_x509_cert_t)); ++ if (cert == NULL) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory"); ++ ++ rc = grub_x509_cert_parse (data, data_size, cert); ++ if (rc != GRUB_ERR_NONE) ++ { ++ grub_dprintf ("appendedsig", "cannot remove an invalid certificate from the db list\n"); ++ grub_free (cert); ++ return rc; ++ } ++ ++ /* Remove certificate from the db list. */ ++ _remove_cert_from_db (cert); ++ ++ return rc; ++} ++ + static grub_err_t + file_read_whole (grub_file_t file, grub_uint8_t **buf, grub_size_t *len) + { +@@ -649,6 +766,7 @@ grub_verify_appended_signature (const grub_uint8_t *buf, grub_size_t bufsize) + if (err != GRUB_ERR_NONE) + return err; + ++ append_sig_len = sig.signature_len; + datasize = bufsize - sig.signature_len; + + /* +@@ -709,6 +827,189 @@ grub_verify_appended_signature (const grub_uint8_t *buf, grub_size_t bufsize) + return err; + } + ++static grub_err_t ++grub_cmd_verify_signature (grub_command_t cmd __attribute__ ((unused)), int argc, char **args) ++{ ++ grub_file_t signed_file; ++ grub_err_t err; ++ grub_uint8_t *signed_data = NULL; ++ grub_size_t signed_data_size = 0; ++ ++ if (argc != 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "a signed file is expected\nExample:\n\tappend_verify \n"); ++ ++ if (!grub_strlen (args[0])) ++ return grub_error (GRUB_ERR_BAD_FILENAME, "missing signed file"); ++ ++ grub_dprintf ("appendedsig", "verifying %s\n", args[0]); ++ ++ signed_file = grub_file_open (args[0], GRUB_FILE_TYPE_VERIFY_SIGNATURE); ++ if (signed_file == NULL) ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "could not open %s file", args[0]); ++ ++ err = file_read_whole (signed_file, &signed_data, &signed_data_size); ++ if (err == GRUB_ERR_NONE) ++ { ++ err = grub_verify_appended_signature (signed_data, signed_data_size); ++ grub_free (signed_data); ++ } ++ ++ grub_file_close (signed_file); ++ ++ return err; ++} ++ ++/* ++ * Checks the trusted certificate against dbx list if dynamic key management is ++ * enabled. And add it to the db list if it is not already present. ++ * ++ * Note: When signature verification is enabled, this command only accepts the ++ * trusted certificate that is signed with an appended signature. ++ * The signature is verified by the appendedsig module. If verification succeeds, ++ * the certificate is added to the db list. Otherwise, an error is posted and ++ * the certificate is not added. ++ * When signature verification is disabled, it accepts the trusted certificate ++ * without an appended signature and add it to the db list. ++ * ++ * Also, note that the adding of the trusted certificate using this command does ++ * not persist across reboots. ++ */ ++static grub_err_t ++grub_cmd_db_cert (grub_command_t cmd __attribute__ ((unused)), int argc, char **args) ++{ ++ grub_err_t err; ++ grub_file_t cert_file; ++ grub_uint8_t *cert_data = NULL; ++ grub_size_t cert_data_size = 0; ++ ++ if (argc != 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "a trusted X.509 certificate file is expected in DER format\n" ++ "Example:\n\tappend_add_db_cert \n"); ++ ++ if (!grub_strlen (args[0])) ++ return grub_error (GRUB_ERR_BAD_FILENAME, "missing trusted X.509 certificate file"); ++ ++ cert_file = grub_file_open (args[0], ++ GRUB_FILE_TYPE_CERTIFICATE_TRUST | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ if (cert_file == NULL) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "could not open %s file", args[0]); ++ ++ err = file_read_whole (cert_file, &cert_data, &cert_data_size); ++ grub_file_close (cert_file); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ ++ /* ++ * If signature verification is enabled (check_sigs is set to true), obtain ++ * the actual certificate size by subtracting the appended signature size from ++ * the certificate size because the certificate has an appended signature, and ++ * this actual certificate size is used to get the X.509 certificate. ++ */ ++ if (check_sigs == true) ++ cert_data_size -= append_sig_len; ++ ++ err = add_certificate (cert_data, cert_data_size, &db); ++ grub_free (cert_data); ++ ++ return err; ++} ++ ++/* ++ * Remove the distrusted certificate from the db list if it is already present. ++ * And add it to the dbx list if not present when dynamic key management is ++ * enabled. ++ * ++ * Note: When signature verification is enabled, this command only accepts the ++ * distrusted certificate that is signed with an appended signature. ++ * The signature is verified by the appended sig module. If verification ++ * succeeds, the certificate is removed from the db list. Otherwise, an error ++ * is posted and the certificate is not removed. ++ * When signature verification is disabled, it accepts the distrusted certificate ++ * without an appended signature and removes it from the db list. ++ * ++ * Also, note that the removal of the distrusted certificate using this command ++ * does not persist across reboots. ++ */ ++static grub_err_t ++grub_cmd_dbx_cert (grub_command_t cmd __attribute__ ((unused)), int argc, char **args) ++{ ++ grub_err_t err; ++ grub_file_t cert_file; ++ grub_uint8_t *cert_data = NULL; ++ grub_size_t cert_data_size = 0; ++ ++ if (argc != 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "a distrusted X.509 certificate file is expected in DER format\n" ++ "Example:\n\tappend_add_dbx_cert \n"); ++ ++ if (!grub_strlen (args[0])) ++ return grub_error (GRUB_ERR_BAD_FILENAME, "missing distrusted X.509 certificate file"); ++ ++ cert_file = grub_file_open (args[0], ++ GRUB_FILE_TYPE_CERTIFICATE_TRUST | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ if (cert_file == NULL) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "could not open %s file", args[0]); ++ ++ err = file_read_whole (cert_file, &cert_data, &cert_data_size); ++ grub_file_close (cert_file); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ ++ /* ++ * If signature verification is enabled (check_sigs is set to true), obtain ++ * the actual certificate size by subtracting the appended signature size from ++ * the certificate size because the certificate has an appended signature, and ++ * this actual certificate size is used to get the X.509 certificate. ++ */ ++ if (check_sigs == true) ++ cert_data_size -= append_sig_len; ++ ++ /* Remove distrusted certificate from the db list if present. */ ++ err = remove_cert_from_db (cert_data, cert_data_size); ++ if (err != GRUB_ERR_NONE) ++ { ++ grub_free (cert_data); ++ return err; ++ } ++ ++ /* Only add the certificate to the dbx list if dynamic key management is enabled. */ ++ if (append_key_mgmt == true) ++ err = add_certificate (cert_data, cert_data_size, &dbx); ++ ++ grub_free (cert_data); ++ ++ return err; ++} ++ ++static grub_err_t ++grub_cmd_list_db (grub_command_t cmd __attribute__ ((unused)), int argc __attribute__ ((unused)), ++ char **args __attribute__ ((unused))) ++{ ++ struct x509_certificate *cert; ++ grub_uint32_t i, cert_num = 1; ++ ++ for (cert = db.certs; cert != NULL; cert = cert->next, cert_num++) ++ print_certificate (cert, cert_num); ++ ++ if (append_key_mgmt == false) ++ return GRUB_ERR_NONE; ++ ++ for (i = 0; i < db.hash_entries; i++) ++ { ++ if (db.hashes[i] != NULL) ++ { ++ grub_printf ("\nBinary hash: %u\n", i + 1); ++ grub_printf (" Hash: sha%" PRIuGRUB_SIZE "\n ", db.hash_sizes[i] * 8); ++ hexdump_colon (db.hashes[i], db.hash_sizes[i]); ++ } ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ + /* Add the X.509 certificates/binary hash to the db list from PKS. */ + static grub_err_t + load_pks2db (void) +@@ -1031,6 +1332,8 @@ struct grub_file_verifier grub_appendedsig_verifier = { + .write = appendedsig_write, + }; + ++static grub_command_t cmd_verify, cmd_list_db, cmd_dbx_cert, cmd_db_cert; ++ + GRUB_MOD_INIT (appendedsig) + { + grub_int32_t rc; +@@ -1100,6 +1403,15 @@ GRUB_MOD_INIT (appendedsig) + db.cert_entries); + } + ++ cmd_verify = grub_register_command ("append_verify", grub_cmd_verify_signature, N_(""), ++ N_("Verify SIGNED_FILE against the trusted X.509 certificates in the db list")); ++ cmd_list_db = grub_register_command ("append_list_db", grub_cmd_list_db, 0, ++ N_("Show the list of trusted X.509 certificates from the db list")); ++ cmd_db_cert = grub_register_command ("append_add_db_cert", grub_cmd_db_cert, N_(""), ++ N_("Add trusted X509_CERTIFICATE to the db list")); ++ cmd_dbx_cert = grub_register_command ("append_add_dbx_cert", grub_cmd_dbx_cert, N_(""), ++ N_("Add distrusted X509_CERTIFICATE to the dbx list")); ++ + grub_verifier_register (&grub_appendedsig_verifier); + grub_dl_set_persistent (mod); + } +@@ -1118,4 +1430,8 @@ GRUB_MOD_FINI (appendedsig) + grub_register_variable_hook ("appendedsig_key_mgmt", NULL, NULL); + grub_env_unset ("appendedsig_key_mgmt"); + grub_verifier_unregister (&grub_appendedsig_verifier); ++ grub_unregister_command (cmd_verify); ++ grub_unregister_command (cmd_list_db); ++ grub_unregister_command (cmd_db_cert); ++ grub_unregister_command (cmd_dbx_cert); + } diff --git a/0499-appended-signatures-GRUB-commands-to-manage-the-hash.patch b/0499-appended-signatures-GRUB-commands-to-manage-the-hash.patch new file mode 100644 index 0000000..9aabb43 --- /dev/null +++ b/0499-appended-signatures-GRUB-commands-to-manage-the-hash.patch @@ -0,0 +1,382 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:55:01 +0530 +Subject: [PATCH] appended signatures: GRUB commands to manage the hashes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Introducing the following GRUB commands to manage certificate/binary +hashes. + + 1. append_list_dbx: + Show the list of distrusted certificates and binary/certificate + hashes from the dbx list. + 2. append_add_db_hash: + Add the trusted binary hash to the db list. + 3. append_add_dbx_hash: + Add the distrusted certificate/binary hash to the dbx list. + +Note that if signature verification (check_appended_signatures) is set to yes, +the append_add_db_hash and append_add_dbx_hash commands only accept the file +‘hash_file’ that is signed with an appended signature. + +Signed-off-by: Sudhakar Kuppusamy +Tested-by: Sridhar Markonda +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/commands/appendedsig/appendedsig.c | 279 +++++++++++++++++++++++++++ + include/grub/file.h | 2 + + 2 files changed, 281 insertions(+) + +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +index 614ebee..5c53f63 100644 +--- a/grub-core/commands/appendedsig/appendedsig.c ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -52,6 +52,9 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define SHA384_HASH_SIZE 48 + #define SHA512_HASH_SIZE 64 + ++#define OPTION_BINARY_HASH 0 ++#define OPTION_CERT_HASH 1 ++ + /* + * This structure is extracted from scripts/sign-file.c in the linux kernel + * source. It was licensed as LGPLv2.1+, which is GPLv3+ compatible. +@@ -126,6 +129,13 @@ static grub_pks_t *pks_keystore; + /* Appended signature size. */ + static grub_size_t append_sig_len = 0; + ++static const struct grub_arg_option options[] = ++{ ++ {"binary-hash", 'b', 0, N_("hash file of the binary."), 0, ARG_TYPE_PATHNAME}, ++ {"cert-hash", 'c', 1, N_("hash file of the certificate."), 0, ARG_TYPE_PATHNAME}, ++ {0, 0, 0, 0, 0, 0} ++}; ++ + static grub_ssize_t + pseudo_read (struct grub_file *file, char *buf, grub_size_t len) + { +@@ -546,6 +556,69 @@ remove_cert_from_db (const grub_uint8_t *data, const grub_size_t data_size) + return rc; + } + ++static bool ++cert_fingerprint_match (const grub_uint8_t *hash_data, const grub_size_t hash_data_size, ++ const grub_x509_cert_t *cert) ++{ ++ grub_int32_t type; ++ ++ if (hash_data_size == SHA256_HASH_SIZE) ++ type = GRUB_FINGERPRINT_SHA256; ++ else if (hash_data_size == SHA384_HASH_SIZE) ++ type = GRUB_FINGERPRINT_SHA384; ++ else if (hash_data_size == SHA512_HASH_SIZE) ++ type = GRUB_FINGERPRINT_SHA512; ++ else ++ { ++ grub_dprintf ("appendedsig", "unsupported fingerprint hash type " ++ "(%" PRIuGRUB_SIZE ") \n", hash_data_size); ++ return false; ++ } ++ ++ if (grub_memcmp (cert->fingerprint[type], hash_data, hash_data_size) == 0) ++ return true; ++ ++ return false; ++} ++ ++static void ++remove_hash_from_db (const grub_uint8_t *hash_data, const grub_size_t hash_data_size, ++ const bool bin_hash) ++{ ++ grub_uint32_t i; ++ grub_x509_cert_t *cert; ++ ++ if (bin_hash == true) ++ { ++ for (i = 0; i < db.hash_entries; i++) ++ { ++ if (db.hashes[i] == NULL) ++ continue; ++ ++ if (grub_memcmp (db.hashes[i], hash_data, hash_data_size) == 0) ++ { ++ grub_dprintf ("appendedsig", "removed distrusted hash %02x%02x%02x%02x.. from the db list\n", ++ db.hashes[i][0], db.hashes[i][1], db.hashes[i][2], db.hashes[i][3]); ++ grub_free (db.hashes[i]); ++ db.hashes[i] = NULL; ++ db.hash_sizes[i] = 0; ++ break; ++ } ++ } ++ } ++ else ++ { ++ for (cert = db.certs; cert != NULL; cert = cert->next) ++ { ++ if (cert_fingerprint_match (hash_data, hash_data_size, cert) == true) ++ { ++ _remove_cert_from_db (cert); ++ break; ++ } ++ } ++ } ++} ++ + static grub_err_t + file_read_whole (grub_file_t file, grub_uint8_t **buf, grub_size_t *len) + { +@@ -1010,6 +1083,192 @@ grub_cmd_list_db (grub_command_t cmd __attribute__ ((unused)), int argc __attrib + return GRUB_ERR_NONE; + } + ++static grub_err_t ++grub_cmd_list_dbx (grub_command_t cmd __attribute__((unused)), ++ int argc __attribute__((unused)), char **args __attribute__((unused))) ++{ ++ struct x509_certificate *cert; ++ grub_uint32_t i, cert_num = 1; ++ ++ if (append_key_mgmt == false) ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ "append_list_dbx command is unsupported in static key mode"); ++ ++ for (cert = dbx.certs; cert != NULL; cert = cert->next, cert_num++) ++ print_certificate (cert, cert_num); ++ ++ for (i = 0; i < dbx.hash_entries; i++) ++ { ++ if (dbx.hashes[i] != NULL) ++ { ++ grub_printf ("\nCertificate/Binary hash: %u\n", i + 1); ++ grub_printf (" Hash: sha%" PRIuGRUB_SIZE "\n ", dbx.hash_sizes[i] * 8); ++ hexdump_colon (dbx.hashes[i], dbx.hash_sizes[i]); ++ } ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++/* ++ * Remove the trusted binary hash from the dbx list if present. And add them to ++ * the db list if it is not already present. ++ * ++ * Note: When signature verification is enabled, this command only accepts the ++ * binary hash file that is signed with an appended signature. The signature is ++ * verified by the appendedsig module. If verification succeeds, the binary hash ++ * is added to the db list. Otherwise, an error is posted and the binary hash is ++ * not added. ++ * When signature verification is disabled, it accepts the binary hash file ++ * without an appended signature and adds it to the db list. ++ * ++ * Also, note that the adding of the trusted binary hash using this command does ++ * not persist across reboots. ++ */ ++static grub_err_t ++grub_cmd_add_db_hash (grub_command_t cmd __attribute__((unused)), int argc, char**args) ++{ ++ grub_err_t rc; ++ grub_file_t hash_file; ++ grub_uint8_t *hash_data = NULL; ++ grub_size_t hash_data_size = 0; ++ ++ if (append_key_mgmt == false) ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ "append_add_db_hash command is unsupported in static key mode"); ++ ++ if (argc != 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "a trusted binary hash file is expected in binary format\n" ++ "Example:\n\tappend_add_db_hash \n"); ++ ++ if (!grub_strlen (args[0])) ++ return grub_error (GRUB_ERR_BAD_FILENAME, "missing trusted binary hash file"); ++ ++ hash_file = grub_file_open (args[0], GRUB_FILE_TYPE_HASH_TRUST | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ if (hash_file == NULL) ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "unable to open %s file", args[0]); ++ ++ rc = file_read_whole (hash_file, &hash_data, &hash_data_size); ++ grub_file_close (hash_file); ++ if (rc != GRUB_ERR_NONE) ++ return rc; ++ ++ /* ++ * If signature verification is enabled (check_sigs is set to true), obtain ++ * the actual hash data size by subtracting the appended signature size from ++ * the hash data size because the hash has an appended signature, and this ++ * actual hash data size is used to get the hash data. ++ */ ++ if (check_sigs == true) ++ hash_data_size -= append_sig_len; ++ ++ grub_dprintf ("appendedsig", ++ "adding a trusted binary hash %02x%02x%02x%02x... with size of %" PRIuGRUB_SIZE "\n", ++ hash_data[0], hash_data[1], hash_data[2], hash_data[3], hash_data_size); ++ ++ /* Only accept SHA256, SHA384 and SHA512 binary hash */ ++ if (hash_data_size != SHA256_HASH_SIZE && hash_data_size != SHA384_HASH_SIZE && ++ hash_data_size != SHA512_HASH_SIZE) ++ { ++ grub_free (hash_data); ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, "unacceptable trusted binary hash type"); ++ } ++ ++ rc = add_hash (hash_data, hash_data_size, &db); ++ grub_free (hash_data); ++ ++ return rc; ++} ++ ++/* ++ * Remove the distrusted binary/certificate hash from the db list if present. ++ * And add them to the dbx list if it is not already present. ++ * ++ * Note: When signature verification is enabled, this command only accepts the ++ * binary/certificate hash file that is signed with an appended signature. The ++ * signature is verified by the appendedsig module. If verification succeeds, ++ * the binary/certificate hash is added to the dbx list. Otherwise, an error is ++ * posted and the binary/certificate hash is not added. ++ * When signature verification is disabled, it accepts the binary/certificate ++ * hash file without an appended signature and adds it to the dbx list. ++ * ++ * Also, note that the adding of the distrusted binary/certificate hash using ++ * this command does not persist across reboots. ++ */ ++static grub_err_t ++grub_cmd_add_dbx_hash (grub_extcmd_context_t ctxt, int argc __attribute__ ((unused)), ++ char **args __attribute__ ((unused))) ++{ ++ grub_err_t rc; ++ grub_file_t hash_file; ++ grub_uint8_t *hash_data = NULL; ++ grub_size_t hash_data_size = 0; ++ char *file_path; ++ ++ if (append_key_mgmt == false) ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ "append_add_dbx_hash command is unsupported in static key mode"); ++ ++ if (!ctxt->state[OPTION_BINARY_HASH].set && !ctxt->state[OPTION_CERT_HASH].set) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "a distrusted certificate/binary hash file is expected in binary format\n" ++ "Example:\n\tappend_add_dbx_hash [option] \n" ++ "option:\n[-b|--binary-hash] FILE [BINARY HASH FILE]\n" ++ "[-c|--cert-hash] FILE [CERTFICATE HASH FILE]\n"); ++ ++ if (ctxt->state[OPTION_BINARY_HASH].arg == NULL && ctxt->state[OPTION_CERT_HASH].arg == NULL) ++ return grub_error (GRUB_ERR_BAD_FILENAME, "missing distrusted certificate/binary hash file"); ++ ++ if (ctxt->state[OPTION_BINARY_HASH].arg != NULL) ++ file_path = ctxt->state[OPTION_BINARY_HASH].arg; ++ else ++ file_path = ctxt->state[OPTION_CERT_HASH].arg; ++ ++ hash_file = grub_file_open (file_path, GRUB_FILE_TYPE_HASH_TRUST | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ if (hash_file == NULL) ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "unable to open %s file", file_path); ++ ++ rc = file_read_whole (hash_file, &hash_data, &hash_data_size); ++ grub_file_close (hash_file); ++ if (rc != GRUB_ERR_NONE) ++ return rc; ++ ++ /* ++ * If signature verification is enabled (check_sigs is set to true), obtain ++ * the actual hash data size by subtracting the appended signature size from ++ * the hash data size because the hash has an appended signature, and this ++ * actual hash data size is used to get the hash data. ++ */ ++ if (check_sigs == true) ++ hash_data_size -= append_sig_len; ++ ++ grub_dprintf ("appendedsig", ++ "adding a distrusted certificate/binary hash %02x%02x%02x%02x..." ++ " with size of %" PRIuGRUB_SIZE "\n", hash_data[0], hash_data[1], ++ hash_data[2], hash_data[3], hash_data_size); ++ ++ if (ctxt->state[OPTION_BINARY_HASH].set || ctxt->state[OPTION_CERT_HASH].set) ++ { ++ /* Only accept SHA256, SHA384 and SHA512 certificate/binary hash */ ++ if (hash_data_size != SHA256_HASH_SIZE && hash_data_size != SHA384_HASH_SIZE && ++ hash_data_size != SHA512_HASH_SIZE) ++ { ++ grub_free (hash_data); ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "unacceptable distrusted certificate/binary hash type"); ++ } ++ } ++ ++ /* Remove distrusted binary hash/certificate from the db list if present. */ ++ remove_hash_from_db (hash_data, hash_data_size, ++ (ctxt->state[OPTION_BINARY_HASH].set) ? true : false); ++ rc = add_hash (hash_data, hash_data_size, &dbx); ++ grub_free (hash_data); ++ ++ return rc; ++} ++ + /* Add the X.509 certificates/binary hash to the db list from PKS. */ + static grub_err_t + load_pks2db (void) +@@ -1292,6 +1551,11 @@ appendedsig_init (grub_file_t io __attribute__ ((unused)), enum grub_file_type t + * verifier, but we lack the hubris required to take this on. Instead, + * require that it have an appended signature. + */ ++ case GRUB_FILE_TYPE_HASH_TRUST: ++ /* ++ * This is a certificate/binary hash to add to db/dbx. This needs to be ++ * verified or blocked. ++ */ + case GRUB_FILE_TYPE_LINUX_KERNEL: + case GRUB_FILE_TYPE_GRUB_MODULE: + /* +@@ -1333,6 +1597,8 @@ struct grub_file_verifier grub_appendedsig_verifier = { + }; + + static grub_command_t cmd_verify, cmd_list_db, cmd_dbx_cert, cmd_db_cert; ++static grub_command_t cmd_list_dbx, cmd_db_hash; ++static grub_extcmd_t cmd_dbx_hash; + + GRUB_MOD_INIT (appendedsig) + { +@@ -1412,6 +1678,16 @@ GRUB_MOD_INIT (appendedsig) + cmd_dbx_cert = grub_register_command ("append_add_dbx_cert", grub_cmd_dbx_cert, N_(""), + N_("Add distrusted X509_CERTIFICATE to the dbx list")); + ++ cmd_list_dbx = grub_register_command ("append_list_dbx", grub_cmd_list_dbx, 0, ++ N_("Show the list of distrusted certificates and" ++ " certificate/binary hashes from the dbx list")); ++ cmd_db_hash = grub_register_command ("append_add_db_hash", grub_cmd_add_db_hash, N_("BINARY HASH FILE"), ++ N_("Add trusted BINARY HASH to the db list.")); ++ cmd_dbx_hash = grub_register_extcmd ("append_add_dbx_hash", grub_cmd_add_dbx_hash, 0, ++ N_("[-b|--binary-hash] FILE [BINARY HASH FILE]\n" ++ "[-c|--cert-hash] FILE [CERTFICATE HASH FILE]"), ++ N_("Add distrusted CERTFICATE/BINARY HASH to the dbx list."), options); ++ + grub_verifier_register (&grub_appendedsig_verifier); + grub_dl_set_persistent (mod); + } +@@ -1434,4 +1710,7 @@ GRUB_MOD_FINI (appendedsig) + grub_unregister_command (cmd_list_db); + grub_unregister_command (cmd_db_cert); + grub_unregister_command (cmd_dbx_cert); ++ grub_unregister_command (cmd_list_dbx); ++ grub_unregister_command (cmd_db_hash); ++ grub_unregister_extcmd (cmd_dbx_hash); + } +diff --git a/include/grub/file.h b/include/grub/file.h +index 27e1a88..d1b2863 100644 +--- a/include/grub/file.h ++++ b/include/grub/file.h +@@ -115,6 +115,8 @@ enum grub_file_type + GRUB_FILE_TYPE_HASHLIST, + /* File hashed by hashsum. */ + GRUB_FILE_TYPE_TO_HASH, ++ /* File holding certificiate/binary hash to add to db/dbx. */ ++ GRUB_FILE_TYPE_HASH_TRUST, + /* Keyboard layout. */ + GRUB_FILE_TYPE_KEYBOARD_LAYOUT, + /* Picture file. */ diff --git a/0500-appended-signatures-Verification-tests.patch b/0500-appended-signatures-Verification-tests.patch new file mode 100644 index 0000000..e8eb212 --- /dev/null +++ b/0500-appended-signatures-Verification-tests.patch @@ -0,0 +1,1270 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Thu, 13 Nov 2025 03:47:57 -0500 +Subject: [PATCH] appended signatures: Verification tests + +These tests are run through all_functional_test and test a range +of commands and behaviours. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + grub-core/Makefile.core.def | 2 + + grub-core/tests/appended_signature_test.c | 368 +++++++++------- + grub-core/tests/appended_signatures.h | 709 ++++++++++++++++++++++-------- + 3 files changed, 730 insertions(+), 349 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 3961fec..56a231b 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2197,6 +2197,8 @@ module = { + name = appended_signature_test; + common = tests/appended_signature_test.c; + common = tests/appended_signatures.h; ++ enable = emu; ++ enable = powerpc_ieee1275; + }; + + module = { +diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c +index dbba061..2130008 100644 +--- a/grub-core/tests/appended_signature_test.c ++++ b/grub-core/tests/appended_signature_test.c +@@ -1,6 +1,7 @@ + /* + * GRUB -- GRand Unified Bootloader +- * Copyright (C) 2020 IBM Corporation. ++ * Copyright (C) 2020, 2022 Free Software Foundation, Inc. ++ * Copyright (C) 2020, 2022, 2025 IBM Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -30,31 +31,29 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-#define DEFINE_TEST_CASE(case_name) \ +-static char * \ +-get_ ## case_name (grub_size_t *sz) \ +-{ \ +- char *ret; \ +- *sz = case_name ## _len; \ +- ret = grub_malloc (*sz); \ +- if (ret) \ +- grub_memcpy (ret, case_name, *sz); \ +- return ret; \ +-} \ +-\ +-static struct grub_procfs_entry case_name ## _entry = \ +-{ \ +- .name = #case_name, \ +- .get_contents = get_ ## case_name \ +-} ++#define PROC_FILE(identifier, file_name) \ ++ static char *get_##identifier (grub_size_t *sz) \ ++ { \ ++ char *ret; \ ++ \ ++ *sz = identifier##_len; \ ++ ret = grub_malloc (*sz); \ ++ if (ret != NULL) \ ++ grub_memcpy (ret, identifier, *sz); \ ++ return ret; \ ++ } \ ++ \ ++ static struct grub_procfs_entry identifier##_entry = { .name = file_name, \ ++ .get_contents = get_##identifier }; + +-#define DO_TEST(case_name, is_valid) \ +-{ \ +- grub_procfs_register (#case_name, &case_name ## _entry); \ +- do_verify ("(proc)/" #case_name, is_valid); \ +- grub_procfs_unregister (&case_name ## _entry); \ +-} ++#define DEFINE_TEST_CASE(case_name) PROC_FILE (case_name, #case_name) + ++#define DO_TEST(case_name, is_valid) \ ++ { \ ++ grub_procfs_register (#case_name, &case_name##_entry); \ ++ do_verify ("(proc)/" #case_name, is_valid); \ ++ grub_procfs_unregister (&case_name##_entry); \ ++ } + + DEFINE_TEST_CASE (hi_signed); + DEFINE_TEST_CASE (hi_signed_sha256); +@@ -62,71 +61,13 @@ DEFINE_TEST_CASE (hj_signed); + DEFINE_TEST_CASE (short_msg); + DEFINE_TEST_CASE (unsigned_msg); + DEFINE_TEST_CASE (hi_signed_2nd); ++DEFINE_TEST_CASE (hi_double); ++DEFINE_TEST_CASE (hi_double_extended); + +-static char * +-get_certificate_der (grub_size_t * sz) +-{ +- char *ret; +- *sz = certificate_der_len; +- ret = grub_malloc (*sz); +- if (ret) +- grub_memcpy (ret, certificate_der, *sz); +- return ret; +-} +- +-static struct grub_procfs_entry certificate_der_entry = { +- .name = "certificate.der", +- .get_contents = get_certificate_der +-}; +- +-static char * +-get_certificate2_der (grub_size_t * sz) +-{ +- char *ret; +- *sz = certificate2_der_len; +- ret = grub_malloc (*sz); +- if (ret) +- grub_memcpy (ret, certificate2_der, *sz); +- return ret; +-} +- +-static struct grub_procfs_entry certificate2_der_entry = { +- .name = "certificate2.der", +- .get_contents = get_certificate2_der +-}; +- +-static char * +-get_certificate_printable_der (grub_size_t * sz) +-{ +- char *ret; +- *sz = certificate_printable_der_len; +- ret = grub_malloc (*sz); +- if (ret) +- grub_memcpy (ret, certificate_printable_der, *sz); +- return ret; +-} +- +-static struct grub_procfs_entry certificate_printable_der_entry = { +- .name = "certificate_printable.der", +- .get_contents = get_certificate_printable_der +-}; +- +-static char * +-get_certificate_eku_der (grub_size_t * sz) +-{ +- char *ret; +- *sz = certificate_eku_der_len; +- ret = grub_malloc (*sz); +- if (ret) +- grub_memcpy (ret, certificate_eku_der, *sz); +- return ret; +-} +- +-static struct grub_procfs_entry certificate_eku_der_entry = { +- .name = "certificate_eku.der", +- .get_contents = get_certificate_eku_der +-}; +- ++PROC_FILE (certificate_der, "certificate.der") ++PROC_FILE (certificate2_der, "certificate2.der") ++PROC_FILE (certificate_printable_der, "certificate_printable.der") ++PROC_FILE (certificate_eku_der, "certificate_eku.der") + + static void + do_verify (const char *f, int is_valid) +@@ -135,26 +76,24 @@ do_verify (const char *f, int is_valid) + char *args[] = { (char *) f, NULL }; + grub_err_t err; + +- cmd = grub_command_find ("verify_appended"); +- if (!cmd) ++ cmd = grub_command_find ("append_verify"); ++ if (cmd == NULL) + { +- grub_test_assert (0, "can't find command `%s'", "verify_appended"); ++ grub_test_assert (0, "can't find command `%s'", "append_verify"); + return; + } ++ + err = (cmd->func) (cmd, 1, args); + if (is_valid) + { +- grub_test_assert (err == GRUB_ERR_NONE, +- "verification of %s failed: %d: %s", f, grub_errno, +- grub_errmsg); ++ grub_test_assert (err == GRUB_ERR_NONE, "verification of %s failed: %d: %s", ++ f, grub_errno, grub_errmsg); + } + else + { +- grub_test_assert (err == GRUB_ERR_BAD_SIGNATURE, +- "verification of %s unexpectedly succeeded", f); ++ grub_test_assert (err != GRUB_ERR_NONE, ++ "verification of %s unexpectedly succeeded", f); + } +- grub_errno = GRUB_ERR_NONE; +- + } + + static void +@@ -163,32 +102,39 @@ appended_signature_test (void) + grub_command_t cmd_trust, cmd_distrust; + char *trust_args[] = { (char *) "(proc)/certificate.der", NULL }; + char *trust_args2[] = { (char *) "(proc)/certificate2.der", NULL }; +- char *trust_args_printable[] = { (char *) "(proc)/certificate_printable.der", +- NULL }; ++ char *trust_args_printable[] = { (char *) "(proc)/certificate_printable.der", NULL }; + char *trust_args_eku[] = { (char *) "(proc)/certificate_eku.der", NULL }; +- char *distrust_args[] = { (char *) "1", NULL }; +- char *distrust2_args[] = { (char *) "2", NULL }; ++ const char *key_mgmt; + grub_err_t err; + + grub_procfs_register ("certificate.der", &certificate_der_entry); + grub_procfs_register ("certificate2.der", &certificate2_der_entry); +- grub_procfs_register ("certificate_printable.der", +- &certificate_printable_der_entry); ++ grub_procfs_register ("certificate_printable.der", &certificate_printable_der_entry); + grub_procfs_register ("certificate_eku.der", &certificate_eku_der_entry); + +- cmd_trust = grub_command_find ("trust_certificate"); +- if (!cmd_trust) ++ /* Set appended signature key managment to static. */ ++ err = grub_env_set ("appendedsig_key_mgmt", "static"); ++ grub_test_assert (err == GRUB_ERR_NONE, "set of key management is failed: %d: %s", ++ grub_errno, grub_errmsg); ++ ++ /* Get appended signatures key management. */ ++ key_mgmt = grub_env_get ("appendedsig_key_mgmt"); ++ grub_test_assert (grub_strncmp (key_mgmt, "static", grub_strlen(key_mgmt)) == 0, ++ "getting unexpected key management: %d: %s", ++ grub_errno, grub_errmsg); ++ ++ cmd_trust = grub_command_find ("append_add_db_cert"); ++ if (cmd_trust == NULL) + { +- grub_test_assert (0, "can't find command `%s'", "trust_certificate"); ++ grub_test_assert (0, "can't find command `%s'", "append_add_db_cert"); + return; + } ++ ++ grub_errno = GRUB_ERR_NONE; + err = (cmd_trust->func) (cmd_trust, 1, trust_args); +- +- grub_test_assert (err == GRUB_ERR_NONE, +- "loading certificate failed: %d: %s", grub_errno, +- grub_errmsg); +- +- /* If we have no certificate the remainder of the tests are meaningless */ ++ grub_test_assert (err == GRUB_ERR_NONE, "loading certificate failed: %d: %s", ++ grub_errno, grub_errmsg); ++ /* If we have no certificate the remainder of the tests are meaningless. */ + if (err != GRUB_ERR_NONE) + return; + +@@ -199,103 +145,199 @@ appended_signature_test (void) + * releases some internal storage. This means it's not safe to call a second + * time and we need to reload it. + */ +- cmd_trust = grub_command_find ("trust_certificate"); ++ cmd_trust = grub_command_find ("append_add_db_cert"); + ++ /* The hi, signed with key 1, SHA-512. */ + DO_TEST (hi_signed, 1); ++ ++ /* The hi, signed with key 1, SHA-256. */ + DO_TEST (hi_signed_sha256, 1); ++ ++ /* The hi, key 1, SHA-512, second byte corrupted. */ + DO_TEST (hj_signed, 0); ++ ++ /* Message too short for a signature. */ + DO_TEST (short_msg, 0); ++ ++ /* Lorem ipsum. */ + DO_TEST (unsigned_msg, 0); + ++ /* The hi, signed with both keys, SHA-512. */ ++ DO_TEST (hi_double, 1); ++ + /* +- * in enforcing mode, we shouldn't be able to load a certificate that isn't ++ * The hi, signed with both keys and with empty space to test we haven't ++ * broken support for adding more signatures after the fact. ++ */ ++ DO_TEST (hi_double_extended, 1); ++ ++ /* ++ * In enforcing mode, we shouldn't be able to load a certificate that isn't + * signed by an existing trusted key. + * + * However, procfs files automatically skip the verification test, so we can't + * easily test this. + */ + +- /* +- * verify that testing with 2 trusted certs works +- */ ++ /* Verify that testing with 2 trusted certs works. */ + DO_TEST (hi_signed_2nd, 0); + ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args); ++ grub_test_assert (err != GRUB_ERR_NONE, "unexpectedly reloaded certificate 1: %d: %s", ++ grub_errno, grub_errmsg); ++ + err = (cmd_trust->func) (cmd_trust, 1, trust_args2); +- +- grub_test_assert (err == GRUB_ERR_NONE, +- "loading certificate 2 failed: %d: %s", grub_errno, +- grub_errmsg); +- ++ grub_test_assert (err == GRUB_ERR_NONE, "loading certificate 2 failed: %d: %s", ++ grub_errno, grub_errmsg); + if (err != GRUB_ERR_NONE) + return; + + DO_TEST (hi_signed_2nd, 1); + DO_TEST (hi_signed, 1); ++ DO_TEST (hi_double, 1); ++ DO_TEST (hi_double_extended, 1); + + /* +- * Check certificate removal. They're added to the _top_ of the list and ++ * Check certificate removal. They're added to the _top_ of the db list and + * removed by position in the list. Current the list looks like [#2, #1]. +- * +- * First test removing the second certificate in the list, which is +- * certificate #1, giving us just [#2]. + */ +- cmd_distrust = grub_command_find ("distrust_certificate"); +- if (!cmd_distrust) ++ cmd_distrust = grub_command_find ("append_add_dbx_cert"); ++ if (cmd_distrust == NULL) + { +- grub_test_assert (0, "can't find command `%s'", "distrust_certificate"); ++ grub_test_assert (0, "can't find command `%s'", "append_add_dbx_cert"); + return; + } + +- err = (cmd_distrust->func) (cmd_distrust, 1, distrust2_args); +- grub_test_assert (err == GRUB_ERR_NONE, +- "distrusting certificate 1 failed: %d: %s", grub_errno, +- grub_errmsg); ++ /* Remove the certificate #1. */ ++ err = (cmd_distrust->func) (cmd_distrust, 1, trust_args); ++ grub_test_assert (err == GRUB_ERR_NONE, "distrusting certificate 1 failed: %d: %s", ++ grub_errno, grub_errmsg); + DO_TEST (hi_signed_2nd, 1); + DO_TEST (hi_signed, 0); ++ DO_TEST (hi_double, 1); + +- /* +- * Now reload certificate #1. This will make the list look like [#1, #2] +- */ ++ /* Now reload certificate #1. */ + err = (cmd_trust->func) (cmd_trust, 1, trust_args); ++ grub_test_assert (err == GRUB_ERR_NONE, "reloading certificate 1 failed: %d: %s", ++ grub_errno, grub_errmsg); ++ DO_TEST (hi_signed_2nd, 1); ++ DO_TEST (hi_signed, 1); ++ DO_TEST (hi_double, 1); ++ ++ /* Remove the certificate #2. */ ++ err = (cmd_distrust->func) (cmd_distrust, 1, trust_args2); ++ grub_test_assert (err == GRUB_ERR_NONE, "distrusting certificate 2 failed: %d: %s", ++ grub_errno, grub_errmsg); ++ DO_TEST (hi_signed_2nd, 0); ++ DO_TEST (hi_signed, 1); ++ DO_TEST (hi_double, 1); ++ ++ /* Now reload certificate #2. */ ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args2); ++ grub_test_assert (err == GRUB_ERR_NONE, "reloading certificate 2 failed: %d: %s", ++ grub_errno, grub_errmsg); ++ DO_TEST (hi_signed_2nd, 1); ++ DO_TEST (hi_signed, 1); ++ DO_TEST (hi_double, 1); ++ ++ /* Remove the certificate #1. */ ++ err = (cmd_distrust->func) (cmd_distrust, 1, trust_args); ++ grub_test_assert (err == GRUB_ERR_NONE, "distrusting certificate 1 failed: %d: %s", ++ grub_errno, grub_errmsg); ++ ++ /* Remove the certificate #2. */ ++ err = (cmd_distrust->func) (cmd_distrust, 1, trust_args2); ++ grub_test_assert (err == GRUB_ERR_NONE, "distrusting certificate 2 failed: %d: %s", ++ grub_errno, grub_errmsg); ++ ++ /* Set appended signature key managment to dynamic. */ ++ err = grub_env_set ("appendedsig_key_mgmt", "dynamic"); ++ grub_test_assert (err == GRUB_ERR_NONE, "set of key management is failed: %d: %s", ++ grub_errno, grub_errmsg); ++ ++ /* Get appended signatures key management. */ ++ key_mgmt = grub_env_get ("appendedsig_key_mgmt"); ++ grub_test_assert (grub_strncmp (key_mgmt, "dynamic", grub_strlen(key_mgmt)) == 0, ++ "getting unexpected key management: %d: %s", ++ grub_errno, grub_errmsg); ++ ++ cmd_trust = grub_command_find ("append_add_db_cert"); ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args); ++ grub_test_assert ((err == GRUB_ERR_NONE || err == GRUB_ERR_EXISTS || GRUB_ERR_ACCESS_DENIED), ++ "loading certificate 1 failed: %d: %s", ++ grub_errno, grub_errmsg); ++ if (err != GRUB_ERR_NONE) ++ return; ++ ++ DO_TEST (hi_signed, 1); ++ DO_TEST (hi_double, 1); ++ DO_TEST (hi_double_extended, 1); ++ ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args2); ++ grub_test_assert ((err == GRUB_ERR_NONE || err == GRUB_ERR_EXISTS || GRUB_ERR_ACCESS_DENIED), ++ "loading certificate 2 failed: %d: %s", ++ grub_errno, grub_errmsg); ++ if (err != GRUB_ERR_NONE) ++ return; + +- grub_test_assert (err == GRUB_ERR_NONE, +- "reloading certificate 1 failed: %d: %s", grub_errno, +- grub_errmsg); ++ DO_TEST (hi_signed_2nd, 1); + DO_TEST (hi_signed, 1); ++ DO_TEST (hi_double, 1); ++ DO_TEST (hi_double_extended, 1); + +- /* Remove the first certificate in the list, giving us just [#2] */ +- err = (cmd_distrust->func) (cmd_distrust, 1, distrust_args); +- grub_test_assert (err == GRUB_ERR_NONE, +- "distrusting certificate 1 (first time) failed: %d: %s", +- grub_errno, grub_errmsg); ++ cmd_distrust = grub_command_find ("append_add_dbx_cert"); ++ if (cmd_distrust == NULL) ++ { ++ grub_test_assert (0, "can't find command `%s'", "append_add_dbx_cert"); ++ return; ++ } ++ ++ /* Now remove certificate #1. */ ++ err = (cmd_distrust->func) (cmd_distrust, 1, trust_args); ++ grub_test_assert ((err == GRUB_ERR_NONE || err == GRUB_ERR_EXISTS), ++ "distrusting certificate 1 failed: %d: %s", ++ grub_errno, grub_errmsg); + DO_TEST (hi_signed_2nd, 1); + DO_TEST (hi_signed, 0); ++ DO_TEST (hi_double, 1); + +- /* +- * Remove the first certificate again, giving an empty list. +- * +- * verify_appended should fail if there are no certificates to verify against. +- */ +- err = (cmd_distrust->func) (cmd_distrust, 1, distrust_args); +- grub_test_assert (err == GRUB_ERR_NONE, +- "distrusting certificate 1 (second time) failed: %d: %s", +- grub_errno, grub_errmsg); ++ /* Now reload certificate #1. */ ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args); ++ grub_test_assert (err != GRUB_ERR_NONE, "unexpectedly reloaded certificate 1: %d: %s", ++ grub_errno, grub_errmsg); ++ DO_TEST (hi_signed_2nd, 1); ++ DO_TEST (hi_signed, 0); ++ DO_TEST (hi_double, 1); ++ ++ /* Remove the certificate #2. */ ++ err = (cmd_distrust->func) (cmd_distrust, 1, trust_args2); ++ grub_test_assert ((err == GRUB_ERR_NONE || err == GRUB_ERR_EXISTS), ++ "distrusting certificate 2 failed: %d: %s", ++ grub_errno, grub_errmsg); + DO_TEST (hi_signed_2nd, 0); ++ DO_TEST (hi_signed, 0); ++ DO_TEST (hi_double, 0); ++ ++ /* Now reload certificate #2. */ ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args2); ++ grub_test_assert (err != GRUB_ERR_NONE, "unexpectedly reloaded certificate 2: %d: %s", ++ grub_errno, grub_errmsg); ++ DO_TEST (hi_signed_2nd, 0); ++ DO_TEST (hi_signed, 0); ++ DO_TEST (hi_double, 0); + + /* +- * Lastly, check a certificate that uses printableString rather than +- * utf8String loads properly, and that a certificate with an appropriate +- * extended key usage loads. ++ * Lastly, check a certificate that uses printableString rather than utf8String ++ * loads properly, and that a certificate with an appropriate extended key usage ++ * loads. + */ + err = (cmd_trust->func) (cmd_trust, 1, trust_args_printable); +- grub_test_assert (err == GRUB_ERR_NONE, +- "trusting printable certificate failed: %d: %s", +- grub_errno, grub_errmsg); ++ grub_test_assert (err == GRUB_ERR_NONE, "trusting printable certificate failed: %d: %s", ++ grub_errno, grub_errmsg); + + err = (cmd_trust->func) (cmd_trust, 1, trust_args_eku); +- grub_test_assert (err == GRUB_ERR_NONE, +- "trusting certificate with extended key usage failed: %d: %s", +- grub_errno, grub_errmsg); ++ grub_test_assert (err == GRUB_ERR_NONE, "trusting certificate with extended key usage failed: %d: %s", ++ grub_errno, grub_errmsg); + + grub_procfs_unregister (&certificate_der_entry); + grub_procfs_unregister (&certificate2_der_entry); +diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h +index 2e5ebd7..c6aa12d 100644 +--- a/grub-core/tests/appended_signatures.h ++++ b/grub-core/tests/appended_signatures.h +@@ -1,220 +1,319 @@ + unsigned char certificate_der[] = { +- 0x30, 0x82, 0x03, 0x88, 0x30, 0x82, 0x02, 0x70, 0xa0, 0x03, 0x02, 0x01, +- 0x02, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, +- 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, ++ 0x30, 0x82, 0x05, 0x5d, 0x30, 0x82, 0x03, 0x45, 0xa0, 0x03, 0x02, 0x01, ++ 0x02, 0x02, 0x14, 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, ++ 0x3a, 0x91, 0x07, 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x92, 0x03, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, +- 0x05, 0x00, 0x30, 0x49, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, +- 0x03, 0x0c, 0x1f, 0x47, 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, ++ 0x05, 0x00, 0x30, 0x3d, 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, ++ 0x03, 0x0c, 0x32, 0x47, 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, + 0x6e, 0x64, 0x65, 0x64, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, +- 0x72, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, +- 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, +- 0x01, 0x16, 0x0e, 0x64, 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, +- 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x30, 0x30, +- 0x37, 0x30, 0x39, 0x30, 0x36, 0x32, 0x32, 0x30, 0x37, 0x5a, 0x18, 0x0f, +- 0x32, 0x31, 0x32, 0x30, 0x30, 0x36, 0x31, 0x35, 0x30, 0x36, 0x32, 0x32, +- 0x30, 0x37, 0x5a, 0x30, 0x52, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, ++ 0x72, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, ++ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, ++ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, ++ 0x36, 0x32, 0x39, 0x30, 0x38, 0x33, 0x36, 0x31, 0x33, 0x5a, 0x18, 0x0f, ++ 0x32, 0x31, 0x32, 0x31, 0x30, 0x36, 0x30, 0x35, 0x30, 0x38, 0x33, 0x36, ++ 0x31, 0x33, 0x5a, 0x30, 0x33, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x28, 0x47, 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, + 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x69, 0x67, +- 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x4b, 0x65, 0x79, 0x31, 0x1d, 0x30, 0x1b, +- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, +- 0x0e, 0x64, 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, +- 0x6e, 0x65, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, +- 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, +- 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, +- 0xcd, 0xe8, 0x1c, 0x08, 0x68, 0x2e, 0xcb, 0xfe, 0x8c, 0x4b, 0x3b, 0x61, +- 0xe7, 0x8e, 0x80, 0x58, 0x85, 0x85, 0xea, 0xc8, 0x3b, 0x42, 0xba, 0x72, +- 0x84, 0x65, 0x20, 0xbc, 0x48, 0xa2, 0x25, 0x49, 0x6e, 0x1c, 0xb9, 0x7d, +- 0xeb, 0xc1, 0x0c, 0xa8, 0xb7, 0xcc, 0x13, 0x78, 0xba, 0x11, 0xa4, 0x98, +- 0xd7, 0xd0, 0x7c, 0xdd, 0xf5, 0x5a, 0xb7, 0xcd, 0x31, 0x0e, 0xcd, 0x9e, +- 0xa7, 0x19, 0xf0, 0xbd, 0x0f, 0xa6, 0xfe, 0x8a, 0x11, 0x97, 0xed, 0x8b, +- 0xe5, 0x16, 0xa6, 0x21, 0x13, 0x36, 0xad, 0x05, 0x49, 0xec, 0x29, 0x12, +- 0x38, 0xa7, 0x4b, 0x0f, 0xa1, 0xfb, 0x72, 0xc0, 0xc0, 0x09, 0x67, 0x78, +- 0xa8, 0xb6, 0xd6, 0x1a, 0x39, 0xc0, 0xa8, 0xbf, 0x5f, 0x14, 0x89, 0x5c, +- 0xbc, 0x41, 0x0c, 0x0c, 0x5d, 0x42, 0x2e, 0x1c, 0xdf, 0x1f, 0x1d, 0xc9, +- 0x43, 0x94, 0x5b, 0x6e, 0x8f, 0x15, 0x8c, 0x8f, 0x94, 0x73, 0x4f, 0x97, +- 0x54, 0xf1, 0x86, 0x8a, 0xbc, 0xe4, 0xe4, 0x93, 0xc1, 0x5e, 0xc2, 0x3e, +- 0x31, 0x5e, 0xd4, 0x85, 0x57, 0x14, 0xd0, 0x11, 0x07, 0x65, 0xf4, 0x7c, +- 0x8f, 0x07, 0x57, 0xe1, 0x22, 0xd4, 0x78, 0x47, 0x65, 0x4e, 0xa9, 0xb3, +- 0xaa, 0xce, 0xc7, 0x36, 0xfe, 0xda, 0x66, 0x02, 0xb6, 0x8d, 0x18, 0x2f, +- 0x3b, 0x41, 0x8d, 0x02, 0x08, 0x72, 0x4b, 0x69, 0xbd, 0x1e, 0x58, 0xfc, +- 0x1b, 0x64, 0x04, 0x52, 0x35, 0x35, 0xe2, 0x3d, 0x3e, 0xde, 0xd6, 0x64, +- 0xf4, 0xec, 0x57, 0x7e, 0x65, 0x59, 0x00, 0xa6, 0xd3, 0x4b, 0x09, 0x93, +- 0x2a, 0x95, 0x0f, 0x30, 0xb6, 0xa1, 0x8c, 0xe7, 0x8b, 0x49, 0xa4, 0x1d, +- 0x25, 0x2d, 0x65, 0x48, 0x8a, 0x0f, 0xcf, 0x2a, 0xa2, 0xe1, 0xef, 0x72, +- 0x92, 0xc3, 0xf5, 0x21, 0x37, 0x83, 0x9b, 0x6d, 0x0b, 0x1b, 0xb3, 0xa2, +- 0x32, 0x38, 0x11, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5d, 0x30, +- 0x5b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, +- 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, +- 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, +- 0x16, 0x04, 0x14, 0xe5, 0x2a, 0x4f, 0xf2, 0x84, 0x91, 0x57, 0x91, 0xaf, +- 0x12, 0xd2, 0xf1, 0xa1, 0x87, 0x73, 0x0f, 0x90, 0x25, 0xa0, 0x7a, 0x30, +- 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, +- 0x56, 0xd1, 0xfd, 0xe2, 0x1e, 0x7e, 0x1c, 0x63, 0x4f, 0x47, 0xdb, 0xe4, +- 0xc4, 0x51, 0x04, 0x03, 0x9a, 0x48, 0x35, 0x6e, 0x30, 0x0d, 0x06, 0x09, +- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, +- 0x82, 0x01, 0x01, 0x00, 0x65, 0x82, 0xd5, 0x88, 0x30, 0xe2, 0x2c, 0x47, +- 0xf3, 0x31, 0x39, 0xa1, 0x75, 0x9a, 0xb0, 0x8a, 0x6c, 0x4b, 0xac, 0xdf, +- 0x09, 0x7b, 0x90, 0xb6, 0x9e, 0x76, 0x62, 0x94, 0xc1, 0x3a, 0x99, 0x49, +- 0x68, 0x29, 0x47, 0x42, 0xc3, 0x06, 0xcb, 0x88, 0x75, 0xe6, 0x79, 0x13, +- 0x8c, 0x4b, 0x49, 0x6a, 0xb5, 0x56, 0x95, 0xc0, 0x42, 0x21, 0x9b, 0xd4, +- 0x61, 0xd0, 0x02, 0x41, 0xdd, 0x20, 0x61, 0xe5, 0x91, 0xdf, 0x75, 0x00, +- 0x25, 0x0e, 0x99, 0x65, 0x5c, 0x54, 0x49, 0x32, 0xa3, 0xe2, 0xcd, 0xa1, +- 0x5f, 0x40, 0xf3, 0xc5, 0x81, 0xd9, 0x3c, 0xa3, 0x63, 0x5a, 0x38, 0x79, +- 0xab, 0x77, 0x98, 0xde, 0x8f, 0x4e, 0x9e, 0x26, 0xbc, 0x4e, 0x80, 0x9e, +- 0x8f, 0xbe, 0xf1, 0x00, 0xb3, 0x78, 0xb9, 0x4b, 0x1d, 0xc7, 0xa4, 0x83, +- 0x59, 0x56, 0x11, 0xd1, 0x11, 0x1e, 0x50, 0x39, 0xd5, 0x78, 0x14, 0xf3, +- 0xb9, 0x1d, 0xda, 0xe4, 0xc4, 0x63, 0x74, 0x26, 0xab, 0xa3, 0xfd, 0x9d, +- 0x58, 0xa2, 0xee, 0x7b, 0x28, 0x34, 0xa3, 0xbe, 0x85, 0x7e, 0xaa, 0x97, +- 0xb7, 0x5b, 0x9d, 0xa9, 0x4d, 0x96, 0xdb, 0x6b, 0x21, 0xe1, 0x96, 0x5d, +- 0xc7, 0xad, 0x23, 0x03, 0x9a, 0x16, 0xdb, 0xa4, 0x1f, 0x63, 0xef, 0xaf, +- 0x1e, 0x4f, 0xf8, 0x27, 0xdc, 0x4b, 0xfc, 0x2b, 0x68, 0x2e, 0xa0, 0xd3, +- 0xae, 0xf2, 0xce, 0xf5, 0xfc, 0x97, 0x92, 0xd2, 0x29, 0x0f, 0x4f, 0x4b, +- 0x29, 0xeb, 0x06, 0xcb, 0xf8, 0x21, 0x6e, 0xbc, 0x8b, 0x5c, 0xc5, 0xc9, +- 0xf7, 0xe2, 0x7c, 0x47, 0xcd, 0x43, 0x98, 0xc4, 0xa3, 0x9a, 0xd7, 0x3e, +- 0xdc, 0x01, 0x13, 0x28, 0x96, 0xc4, 0x60, 0x83, 0xe2, 0x79, 0xa1, 0x46, +- 0xef, 0xf5, 0xa4, 0x7b, 0x00, 0xe3, 0x3d, 0x7d, 0xbc, 0xa8, 0x98, 0x49, +- 0xa8, 0xcf, 0x3b, 0x41, 0xb6, 0x09, 0x97, 0x07 ++ 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x82, 0x02, 0x22, ++ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, ++ 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, ++ 0x02, 0x82, 0x02, 0x01, 0x00, 0xb9, 0x09, 0xb2, 0xf6, 0x24, 0x34, 0xdc, ++ 0x62, 0xe6, 0x4e, 0xee, 0x04, 0xdb, 0x29, 0xdc, 0x94, 0xcc, 0xee, 0x8a, ++ 0x5b, 0xc3, 0x9e, 0x06, 0xba, 0xa7, 0x9b, 0xa4, 0x5f, 0x15, 0x59, 0x8e, ++ 0xb8, 0x6e, 0x3c, 0xeb, 0x2e, 0xf2, 0xac, 0x21, 0x42, 0xbd, 0x30, 0xa1, ++ 0x39, 0xe5, 0xb9, 0x4f, 0xa0, 0x53, 0xd5, 0x42, 0xdc, 0x8a, 0x87, 0x30, ++ 0x38, 0x93, 0x44, 0x80, 0x3b, 0x1a, 0x7e, 0x9e, 0x8e, 0x3e, 0xea, 0x45, ++ 0xa0, 0x11, 0x8b, 0xfb, 0x78, 0xe4, 0xbc, 0x65, 0x6b, 0x73, 0xea, 0x6e, ++ 0xdf, 0x7c, 0x5b, 0x63, 0x7e, 0x5b, 0x0a, 0x1c, 0xe6, 0x76, 0x19, 0xb5, ++ 0x01, 0xde, 0xf6, 0x65, 0x51, 0x30, 0x0a, 0x56, 0x69, 0x69, 0xe8, 0x20, ++ 0xf9, 0x13, 0xf1, 0xbf, 0x6f, 0xdd, 0xce, 0x94, 0x96, 0x6e, 0x63, 0xd6, ++ 0xfa, 0xa4, 0x91, 0x5f, 0xb3, 0x9c, 0xc7, 0xfa, 0xa9, 0xff, 0x66, 0x5f, ++ 0xf3, 0xab, 0x5e, 0xdf, 0x4e, 0xca, 0x11, 0xcf, 0xbf, 0xf8, 0xad, 0x65, ++ 0xb1, 0x49, 0x8b, 0xe9, 0x2a, 0xad, 0x7d, 0xf3, 0x0b, 0xfa, 0x5b, 0x6a, ++ 0x6a, 0x20, 0x12, 0x77, 0xef, 0x4b, 0xb6, 0xbe, 0x92, 0xba, 0x14, 0x9c, ++ 0x5e, 0xea, 0xdc, 0x56, 0x6d, 0x92, 0xd3, 0x64, 0x22, 0xf6, 0x12, 0xe8, ++ 0x7d, 0x5e, 0x9c, 0xd6, 0xf9, 0x75, 0x68, 0x7f, 0x8f, 0xd3, 0x6e, 0x05, ++ 0x94, 0x91, 0x4f, 0xa1, 0xd6, 0x50, 0x72, 0x3b, 0x11, 0x1f, 0x28, 0x13, ++ 0xe8, 0x25, 0x6b, 0xdf, 0xff, 0x72, 0x46, 0x25, 0xe9, 0x05, 0x6f, 0x02, ++ 0xc7, 0x1e, 0xc9, 0xcf, 0x99, 0xe9, 0xa7, 0xe2, 0xae, 0xbc, 0xc1, 0x22, ++ 0x32, 0x73, 0x2d, 0xa3, 0x70, 0x8f, 0xa7, 0x8d, 0xbf, 0x5f, 0x74, 0x05, ++ 0x1b, 0x5e, 0xfe, 0x97, 0x3c, 0xe7, 0x3b, 0x86, 0x0d, 0xf6, 0x38, 0xdb, ++ 0xd2, 0x39, 0x47, 0x82, 0x00, 0x44, 0x6c, 0x7b, 0x40, 0x24, 0x0b, 0x3a, ++ 0xd4, 0x19, 0x31, 0xba, 0x4e, 0x8e, 0xa3, 0x33, 0xa6, 0x78, 0xef, 0x72, ++ 0x9f, 0x06, 0x37, 0x01, 0x9b, 0x79, 0x0d, 0x04, 0xbf, 0xba, 0xd5, 0x1f, ++ 0x27, 0xdc, 0x85, 0xbb, 0xef, 0xd2, 0x60, 0xda, 0xa0, 0x3f, 0x66, 0xce, ++ 0x9f, 0xa2, 0x7e, 0xa8, 0x8d, 0xee, 0x14, 0x4b, 0xcb, 0x93, 0xf1, 0x38, ++ 0xac, 0x4f, 0xd8, 0x29, 0xf3, 0x6f, 0xd4, 0xfd, 0x4d, 0x34, 0x77, 0x58, ++ 0x99, 0xdb, 0x16, 0xc1, 0xd0, 0xc7, 0x43, 0x41, 0x70, 0xc4, 0xad, 0x01, ++ 0x29, 0x65, 0x22, 0x43, 0x00, 0x6f, 0xb3, 0x00, 0x27, 0x38, 0xc1, 0x4f, ++ 0xda, 0x28, 0x96, 0x42, 0xdc, 0xbc, 0x3e, 0x34, 0x8e, 0x14, 0xb8, 0xf3, ++ 0x86, 0x4a, 0xea, 0x16, 0x90, 0xf9, 0x0e, 0x9e, 0x8f, 0x66, 0x0c, 0xbf, ++ 0x29, 0xd3, 0x8f, 0xfc, 0x4d, 0x38, 0x68, 0xe2, 0xe7, 0x64, 0x32, 0x47, ++ 0xdd, 0x56, 0xc9, 0xe4, 0x47, 0x9f, 0x18, 0x89, 0xfc, 0x30, 0x7a, 0xae, ++ 0x63, 0xe4, 0xec, 0x93, 0x04, 0xd4, 0x61, 0xe7, 0xbf, 0x0a, 0x06, 0x29, ++ 0xc2, 0xa6, 0xd5, 0x53, 0x5d, 0x65, 0x6d, 0x4a, 0xd0, 0xb7, 0x68, 0x4d, ++ 0x46, 0x0a, 0xb5, 0xff, 0x52, 0x5e, 0x92, 0x7e, 0x75, 0x08, 0xa4, 0x63, ++ 0x0a, 0x6c, 0x31, 0x7a, 0xaa, 0x0c, 0x52, 0xf4, 0x2e, 0xcd, 0x08, 0xeb, ++ 0xb3, 0xbd, 0xad, 0x8b, 0x8b, 0x9b, 0x8d, 0x71, 0x42, 0x30, 0x8e, 0xc7, ++ 0xfd, 0xec, 0xb7, 0xe6, 0x26, 0x96, 0xf2, 0x74, 0x1b, 0x78, 0x95, 0x22, ++ 0x14, 0xf3, 0xc9, 0xd3, 0x79, 0x11, 0xd9, 0xb7, 0x4d, 0x0d, 0x61, 0x60, ++ 0x5c, 0x47, 0x50, 0xf3, 0xca, 0x84, 0x4c, 0x5c, 0x30, 0x2c, 0x6a, 0x18, ++ 0x26, 0xb0, 0xf3, 0xd1, 0x15, 0x19, 0x39, 0xc3, 0x23, 0x13, 0x0f, 0x9c, ++ 0x97, 0x2b, 0x97, 0x93, 0xf9, 0xf8, 0x18, 0x9b, 0x4a, 0x4d, 0xd6, 0xd3, ++ 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5d, 0x30, 0x5b, 0x30, 0x0c, ++ 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, ++ 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x07, ++ 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, ++ 0x8f, 0xba, 0x8b, 0xf5, 0xf4, 0x77, 0xb2, 0xa4, 0x19, 0xef, 0x43, 0xb1, ++ 0x8b, 0x03, 0x4b, 0x45, 0x47, 0xb5, 0x2a, 0x48, 0x30, 0x1f, 0x06, 0x03, ++ 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x59, 0x1c, 0xb5, ++ 0x52, 0x62, 0x83, 0x05, 0x3b, 0x41, 0x4c, 0x63, 0x4d, 0x5b, 0xf4, 0x8c, ++ 0xe6, 0xd7, 0xda, 0x87, 0x54, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, ++ 0x00, 0x36, 0x2d, 0x0a, 0xcb, 0x49, 0x54, 0x75, 0xd7, 0xca, 0x21, 0x86, ++ 0xae, 0x40, 0x0f, 0x63, 0x10, 0x35, 0xfd, 0xbc, 0xba, 0x28, 0x31, 0x33, ++ 0x07, 0x08, 0x64, 0x03, 0x6c, 0xd3, 0xd5, 0xf7, 0xb7, 0x79, 0x11, 0x0c, ++ 0xa8, 0x9e, 0xfd, 0x34, 0xa2, 0xba, 0x77, 0x15, 0x15, 0x2d, 0x2c, 0x96, ++ 0xae, 0x47, 0xbb, 0x82, 0x89, 0x09, 0x7f, 0xd1, 0x95, 0x69, 0x9b, 0xfe, ++ 0xd7, 0x6f, 0x4e, 0x68, 0xf6, 0xe7, 0x5f, 0x54, 0xa1, 0x3a, 0xeb, 0xa4, ++ 0xbf, 0x7a, 0xb6, 0x7f, 0xaa, 0xd8, 0xd7, 0x99, 0xcb, 0xae, 0x88, 0x6d, ++ 0x7a, 0xf3, 0xfa, 0x9e, 0x44, 0x2f, 0x30, 0xa8, 0xe6, 0xb9, 0x75, 0xa0, ++ 0x82, 0xd6, 0xb0, 0xe3, 0x03, 0xb3, 0x12, 0xa3, 0xdc, 0xb9, 0x4d, 0x93, ++ 0xd4, 0x30, 0xea, 0xce, 0x96, 0x92, 0x07, 0xf8, 0xba, 0xe4, 0x0f, 0x41, ++ 0xe3, 0x04, 0xaa, 0x8c, 0x07, 0x1a, 0x34, 0x60, 0xfc, 0xc0, 0x05, 0xd2, ++ 0x5a, 0xa8, 0x66, 0xef, 0xe0, 0x94, 0xc5, 0x2f, 0x0f, 0xff, 0xdc, 0x70, ++ 0xfb, 0xe2, 0x9d, 0x61, 0x51, 0x25, 0x02, 0xff, 0x4b, 0x69, 0xfd, 0x66, ++ 0xb9, 0xeb, 0x0c, 0xc8, 0x50, 0xd3, 0xb1, 0x08, 0x1e, 0x09, 0x54, 0x87, ++ 0xe8, 0xa3, 0x4b, 0xef, 0x0c, 0x32, 0x0a, 0x6c, 0xec, 0x27, 0x22, 0xba, ++ 0x7f, 0xdc, 0x52, 0x27, 0x31, 0x14, 0x9a, 0xa8, 0xf7, 0xf9, 0xeb, 0xc8, ++ 0xb5, 0x8d, 0x12, 0xed, 0x94, 0xab, 0x3d, 0x9a, 0xfb, 0x4e, 0x04, 0x05, ++ 0xd2, 0x3c, 0x7c, 0x8a, 0xed, 0x46, 0x1b, 0x7c, 0xb5, 0x6c, 0x40, 0xb8, ++ 0xc1, 0xbf, 0xb0, 0xd2, 0x93, 0x8e, 0xa8, 0x0f, 0xde, 0x78, 0xf3, 0x8c, ++ 0xd8, 0x9f, 0xf8, 0xdc, 0xa1, 0x23, 0x20, 0x40, 0x17, 0xb4, 0xdb, 0xb7, ++ 0x09, 0x74, 0xa7, 0x80, 0xc2, 0x12, 0xd9, 0x76, 0x79, 0x5b, 0x71, 0xa9, ++ 0x6c, 0xd4, 0x57, 0x48, 0xe8, 0xfe, 0xc5, 0xc2, 0x6e, 0xe7, 0x83, 0x5a, ++ 0x07, 0xf0, 0x33, 0xc1, 0xc1, 0x1d, 0x34, 0xd4, 0xc8, 0xb0, 0xb7, 0xdb, ++ 0xeb, 0xe9, 0xe3, 0x59, 0xdc, 0x7f, 0x36, 0x58, 0xa9, 0xb8, 0x52, 0xdd, ++ 0xf9, 0xfd, 0x1c, 0x22, 0x2f, 0x93, 0x3d, 0x53, 0x89, 0x80, 0xde, 0xa2, ++ 0xb5, 0xa5, 0x36, 0xbd, 0xc3, 0x92, 0x03, 0xf3, 0x93, 0xc8, 0xc7, 0x4a, ++ 0x0b, 0x8b, 0x62, 0xfe, 0xd0, 0xf8, 0x0d, 0x7a, 0x32, 0xb4, 0x39, 0x1a, ++ 0xb7, 0x4e, 0xaa, 0xc4, 0x33, 0x32, 0x90, 0x8c, 0xab, 0xd4, 0xae, 0xa5, ++ 0xa4, 0x85, 0xcf, 0xba, 0xe1, 0x1b, 0x26, 0x7f, 0x74, 0x02, 0x12, 0x09, ++ 0x89, 0x56, 0xe4, 0xe7, 0x9d, 0x91, 0xde, 0x88, 0xe7, 0x1c, 0xed, 0x80, ++ 0x05, 0xa8, 0x58, 0x9a, 0x3e, 0x16, 0x97, 0xd5, 0xbc, 0x54, 0xcc, 0xf0, ++ 0x32, 0xf2, 0x93, 0x09, 0x94, 0x9f, 0x3c, 0xd9, 0x58, 0xca, 0x68, 0x0b, ++ 0xde, 0x3f, 0x73, 0x64, 0xb7, 0xf4, 0xd7, 0x5f, 0x2b, 0xe7, 0x7b, 0x06, ++ 0xca, 0xb1, 0x3e, 0xed, 0xd2, 0xb9, 0x29, 0xc1, 0x95, 0x87, 0xad, 0xd6, ++ 0x63, 0x69, 0xb8, 0x1f, 0x70, 0xdb, 0xeb, 0xc7, 0x11, 0x7d, 0xe2, 0x99, ++ 0x64, 0x6a, 0xf5, 0x3f, 0x30, 0x74, 0x5f, 0x2a, 0x21, 0xda, 0xef, 0x44, ++ 0x1d, 0xad, 0x97, 0xa1, 0xfe, 0x14, 0xa7, 0x88, 0x99, 0xd0, 0x1e, 0xb0, ++ 0x61, 0x88, 0x09, 0xc9, 0xfa, 0xd1, 0xb3, 0xcb, 0x1d, 0x76, 0x04, 0xbe, ++ 0x06, 0x44, 0xd2, 0x30, 0x5e, 0x95, 0x4b, 0x96, 0xc0, 0xd6, 0xbe, 0xd0, ++ 0x4d, 0xf2, 0xf4, 0x71, 0x72, 0xa9, 0xbd, 0x07, 0x4f, 0xbc, 0xb3, 0x78, ++ 0xb4, 0x8a, 0x44, 0xbd, 0x58, 0xd5, 0x21, 0xb6, 0x47, 0x9c, 0x88, 0x1f, ++ 0xbc, 0xbd, 0x54, 0xfa, 0x1d, 0x49, 0xec, 0x51, 0xd9, 0x43, 0x49, 0x9c, ++ 0x0c, 0xfa, 0x18, 0xdb, 0xeb, 0x05, 0x77, 0xa2, 0x9a + }; +-unsigned int certificate_der_len = 908; ++unsigned int certificate_der_len = 1377; + + unsigned char hi_signed[] = { +- 0x68, 0x69, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, +- 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, +- 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x02, 0xb4, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0xa5, 0x30, 0x82, ++ 0x02, 0xa1, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, +- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, +- 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, +- 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x02, ++ 0x7e, 0x30, 0x82, 0x02, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x55, 0x30, 0x3d, ++ 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x32, 0x47, + 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, + 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, +- 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, +- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, +- 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, +- 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, +- 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, ++ 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, ++ 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, ++ 0x79, 0x02, 0x14, 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, ++ 0x3a, 0x91, 0x07, 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x92, 0x03, 0x30, + 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, +- 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xc7, 0x69, 0x35, 0x21, 0x66, +- 0x4d, 0x50, 0xd4, 0x73, 0xde, 0xbd, 0x3a, 0xf6, 0x45, 0xe3, 0xe4, 0xd0, +- 0xb6, 0xa1, 0xe7, 0xc0, 0xa2, 0xc9, 0xf4, 0xf0, 0x05, 0x8c, 0xa4, 0x16, +- 0x9e, 0x81, 0x0d, 0x21, 0x68, 0xf3, 0xfe, 0x03, 0x96, 0x77, 0x31, 0x69, +- 0x01, 0xd8, 0x26, 0xd9, 0x48, 0x95, 0xcf, 0xd1, 0x17, 0xb1, 0x0b, 0x6b, +- 0x2c, 0xf1, 0xb0, 0xab, 0x65, 0x65, 0x56, 0xf8, 0x0c, 0xa7, 0xf7, 0xbb, +- 0xf6, 0x5a, 0x55, 0x98, 0x14, 0x07, 0x8d, 0x2a, 0xbc, 0x16, 0x48, 0x94, +- 0xab, 0x2f, 0x85, 0x97, 0x90, 0x51, 0x78, 0xa0, 0xda, 0x60, 0xb5, 0x41, +- 0x4b, 0xe8, 0x78, 0xc5, 0xa6, 0x04, 0x9d, 0x54, 0x2a, 0x85, 0xfd, 0x86, +- 0x0b, 0x6d, 0xc2, 0xd2, 0xad, 0x07, 0xff, 0x16, 0x42, 0x82, 0xe3, 0x5c, +- 0xaa, 0x22, 0x59, 0x78, 0x92, 0xea, 0x94, 0xc3, 0x41, 0xb7, 0xa1, 0x86, +- 0x44, 0xea, 0xd1, 0xdb, 0xe5, 0xac, 0x30, 0x32, 0xfb, 0x7d, 0x3f, 0xf7, +- 0x8b, 0x11, 0x7f, 0x80, 0x3b, 0xe5, 0xc7, 0x82, 0x0f, 0x92, 0x07, 0x14, +- 0x66, 0x01, 0x6e, 0x85, 0xab, 0x3a, 0x14, 0xcf, 0x76, 0xd1, 0x7e, 0x14, +- 0x85, 0xca, 0x01, 0x73, 0x72, 0x38, 0xdc, 0xde, 0x30, 0x5c, 0xfb, 0xc0, +- 0x3d, 0x93, 0xef, 0x9c, 0xbc, 0xf8, 0xcc, 0xd2, 0xbf, 0x47, 0xec, 0xf8, +- 0x88, 0x9b, 0xe1, 0x43, 0xbe, 0xa7, 0x47, 0x96, 0xb6, 0x5d, 0x46, 0x0e, +- 0x7a, 0x78, 0x38, 0x19, 0xbc, 0xb5, 0xbc, 0x9b, 0x3c, 0x39, 0x92, 0x70, +- 0x0d, 0x9d, 0x8a, 0x35, 0xaf, 0xb4, 0x9e, 0xf4, 0xef, 0xc1, 0xb8, 0x25, +- 0xd0, 0x14, 0x91, 0xd6, 0xc2, 0xb6, 0xc7, 0x3c, 0x72, 0x91, 0x0f, 0xad, +- 0xde, 0xb2, 0x36, 0xf8, 0x4e, 0x59, 0xd4, 0xa4, 0x21, 0x9f, 0x03, 0x95, +- 0x48, 0x01, 0xb4, 0x05, 0xc3, 0x39, 0x60, 0x51, 0x08, 0xd0, 0xbe, 0x00, +- 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, +- 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, +- 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, +- 0x64, 0x7e, 0x0a ++ 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x00, 0xa0, 0x83, 0x3f, 0xac, 0x77, ++ 0x97, 0x74, 0x9b, 0x4b, 0x25, 0xa1, 0x64, 0x09, 0x8d, 0x53, 0xa6, 0x03, ++ 0xdf, 0x9a, 0x10, 0x52, 0xe5, 0x3f, 0xd4, 0x72, 0x75, 0x30, 0xd4, 0x6e, ++ 0x77, 0x32, 0x49, 0x84, 0xe2, 0xbe, 0xef, 0xe4, 0xf3, 0xac, 0xb0, 0x52, ++ 0x55, 0xbf, 0xa9, 0x57, 0x12, 0x08, 0x7d, 0xb0, 0x86, 0xc0, 0x9d, 0x01, ++ 0xc2, 0x1a, 0x4a, 0x2e, 0x3d, 0xd5, 0xc8, 0x56, 0xac, 0xd1, 0x83, 0x75, ++ 0x88, 0xd4, 0xcc, 0x9f, 0x0d, 0xcf, 0xd3, 0xa6, 0x91, 0xb6, 0xb6, 0xb1, ++ 0xd1, 0x24, 0x9c, 0xd0, 0x13, 0xe8, 0x6b, 0x15, 0x9c, 0x62, 0x33, 0x8d, ++ 0xe3, 0x67, 0x9b, 0xb1, 0x8a, 0x72, 0x38, 0xf7, 0x48, 0x32, 0x2f, 0x1e, ++ 0x45, 0xa8, 0xc4, 0xa5, 0xae, 0xb1, 0xfc, 0x35, 0x25, 0xb5, 0xf9, 0x7f, ++ 0x86, 0xef, 0xa2, 0x6d, 0x78, 0xcc, 0xfd, 0x0c, 0xca, 0x8a, 0xe1, 0xae, ++ 0xcd, 0x0f, 0x58, 0x69, 0xf1, 0x8b, 0xcc, 0x22, 0x35, 0x6d, 0x1f, 0xd5, ++ 0x27, 0x87, 0x39, 0x62, 0x3f, 0xb2, 0x17, 0x3d, 0x5e, 0xb1, 0x32, 0x7a, ++ 0xf1, 0x70, 0xce, 0xfa, 0xab, 0x1c, 0x92, 0xa8, 0xe1, 0xc4, 0xb2, 0x33, ++ 0x1a, 0x16, 0xf3, 0x60, 0x39, 0xdf, 0xb8, 0x85, 0xe7, 0x5d, 0x4d, 0xc2, ++ 0x8d, 0x55, 0x00, 0x49, 0x94, 0x04, 0x17, 0x88, 0x7c, 0xf4, 0xac, 0xa9, ++ 0xc5, 0x3a, 0x09, 0xc4, 0xc2, 0xcd, 0x3d, 0xc3, 0xfc, 0x4e, 0xf3, 0x70, ++ 0xa1, 0xc1, 0x54, 0x36, 0x1f, 0x38, 0x6d, 0x7a, 0x6b, 0x6a, 0xd3, 0x67, ++ 0x04, 0xd5, 0x53, 0xd4, 0xa5, 0xad, 0x63, 0x55, 0x0e, 0x06, 0x06, 0x3a, ++ 0x9a, 0xc5, 0xfe, 0x38, 0xc9, 0xb0, 0x69, 0x42, 0x90, 0x35, 0x1f, 0xe3, ++ 0x1c, 0x57, 0xea, 0xdb, 0x51, 0x35, 0x53, 0xd3, 0x94, 0xfe, 0x72, 0x33, ++ 0xd6, 0x8a, 0x46, 0x74, 0xf9, 0x6e, 0x94, 0x40, 0x2f, 0xba, 0xa2, 0xc4, ++ 0xe9, 0xc9, 0x8a, 0xf4, 0xda, 0xe2, 0xca, 0x3e, 0x98, 0x85, 0xa5, 0xd1, ++ 0x60, 0x94, 0xc8, 0xdf, 0x82, 0xee, 0x5c, 0x0d, 0x2a, 0xa9, 0x8e, 0x26, ++ 0x83, 0x3f, 0x02, 0xa2, 0xaf, 0xb8, 0x3b, 0x83, 0xf2, 0x44, 0x46, 0x41, ++ 0xd7, 0x5c, 0xa1, 0x42, 0x17, 0xa2, 0xd0, 0x50, 0x42, 0xef, 0x66, 0xda, ++ 0x35, 0x03, 0xd1, 0x8e, 0x77, 0x22, 0x7d, 0x4e, 0xf7, 0x4e, 0x04, 0xe3, ++ 0x0f, 0x98, 0x7d, 0xaa, 0x58, 0xba, 0xef, 0x9a, 0xd0, 0x88, 0x7c, 0x98, ++ 0xa0, 0xc2, 0xff, 0xa6, 0xb1, 0xec, 0xbe, 0x6e, 0xb0, 0x7e, 0xc6, 0xe5, ++ 0xaa, 0xcf, 0x10, 0x73, 0xc9, 0x13, 0x1a, 0x20, 0x12, 0x5c, 0xd2, 0x0e, ++ 0xe2, 0x60, 0x17, 0xdf, 0x4a, 0x44, 0x08, 0x22, 0xbc, 0xcd, 0x75, 0xbe, ++ 0xc3, 0x7a, 0x12, 0x90, 0x90, 0xc7, 0x94, 0x4c, 0x98, 0x45, 0x02, 0x5c, ++ 0x24, 0xae, 0x82, 0x2f, 0xcd, 0x30, 0xa6, 0xf5, 0x3f, 0xd3, 0xa7, 0xa6, ++ 0xe6, 0xea, 0x11, 0x4e, 0x45, 0xb7, 0xc0, 0xe6, 0x24, 0x8b, 0x76, 0xc5, ++ 0x5e, 0xc1, 0xd8, 0x07, 0x1e, 0x26, 0x94, 0x7a, 0x80, 0xc6, 0x3b, 0x1f, ++ 0x74, 0xe6, 0xae, 0x43, 0x2d, 0x11, 0xee, 0x96, 0x56, 0x6c, 0xff, 0xcb, ++ 0x3b, 0xde, 0xcc, 0xb3, 0x7b, 0x08, 0xf5, 0x3e, 0x6e, 0x51, 0x71, 0xe0, ++ 0x8a, 0xfa, 0xdd, 0x19, 0x39, 0xcf, 0x3f, 0x29, 0x4f, 0x2d, 0xd2, 0xd4, ++ 0xdc, 0x5c, 0xc4, 0xd1, 0xa7, 0xf5, 0xbf, 0x4a, 0xc0, 0x9b, 0xb4, 0x2b, ++ 0x83, 0x7a, 0x63, 0x4d, 0x20, 0x40, 0x8b, 0x11, 0x5c, 0x53, 0xd4, 0x52, ++ 0x21, 0xe7, 0xe4, 0x1f, 0x01, 0xf6, 0xd1, 0x25, 0x28, 0xba, 0x51, 0x6f, ++ 0x51, 0x69, 0xf4, 0x41, 0x45, 0x75, 0x23, 0x25, 0x77, 0xef, 0xa8, 0x1c, ++ 0x19, 0x8a, 0x66, 0x8c, 0x61, 0x13, 0x37, 0x4f, 0xa3, 0xa1, 0x83, 0x17, ++ 0x35, 0x23, 0x2d, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x02, 0xb8, 0x7e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, ++ 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, ++ 0x65, 0x6e, 0x64, 0x65, 0x64, 0x7e, 0x0a + }; +-unsigned int hi_signed_len = 495; ++unsigned int hi_signed_len = 739; + + unsigned char hj_signed[] = { +- 0x68, 0x6a, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, +- 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, +- 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x68, 0x6a, 0x0a, 0x30, 0x82, 0x02, 0xb4, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0xa5, 0x30, 0x82, ++ 0x02, 0xa1, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, +- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, +- 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, +- 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x02, ++ 0x7e, 0x30, 0x82, 0x02, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x55, 0x30, 0x3d, ++ 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x32, 0x47, + 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, + 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, +- 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, +- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, +- 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, +- 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, +- 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, ++ 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, ++ 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, ++ 0x79, 0x02, 0x14, 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, ++ 0x3a, 0x91, 0x07, 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x92, 0x03, 0x30, + 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, +- 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xc7, 0x69, 0x35, 0x21, 0x66, +- 0x4d, 0x50, 0xd4, 0x73, 0xde, 0xbd, 0x3a, 0xf6, 0x45, 0xe3, 0xe4, 0xd0, +- 0xb6, 0xa1, 0xe7, 0xc0, 0xa2, 0xc9, 0xf4, 0xf0, 0x05, 0x8c, 0xa4, 0x16, +- 0x9e, 0x81, 0x0d, 0x21, 0x68, 0xf3, 0xfe, 0x03, 0x96, 0x77, 0x31, 0x69, +- 0x01, 0xd8, 0x26, 0xd9, 0x48, 0x95, 0xcf, 0xd1, 0x17, 0xb1, 0x0b, 0x6b, +- 0x2c, 0xf1, 0xb0, 0xab, 0x65, 0x65, 0x56, 0xf8, 0x0c, 0xa7, 0xf7, 0xbb, +- 0xf6, 0x5a, 0x55, 0x98, 0x14, 0x07, 0x8d, 0x2a, 0xbc, 0x16, 0x48, 0x94, +- 0xab, 0x2f, 0x85, 0x97, 0x90, 0x51, 0x78, 0xa0, 0xda, 0x60, 0xb5, 0x41, +- 0x4b, 0xe8, 0x78, 0xc5, 0xa6, 0x04, 0x9d, 0x54, 0x2a, 0x85, 0xfd, 0x86, +- 0x0b, 0x6d, 0xc2, 0xd2, 0xad, 0x07, 0xff, 0x16, 0x42, 0x82, 0xe3, 0x5c, +- 0xaa, 0x22, 0x59, 0x78, 0x92, 0xea, 0x94, 0xc3, 0x41, 0xb7, 0xa1, 0x86, +- 0x44, 0xea, 0xd1, 0xdb, 0xe5, 0xac, 0x30, 0x32, 0xfb, 0x7d, 0x3f, 0xf7, +- 0x8b, 0x11, 0x7f, 0x80, 0x3b, 0xe5, 0xc7, 0x82, 0x0f, 0x92, 0x07, 0x14, +- 0x66, 0x01, 0x6e, 0x85, 0xab, 0x3a, 0x14, 0xcf, 0x76, 0xd1, 0x7e, 0x14, +- 0x85, 0xca, 0x01, 0x73, 0x72, 0x38, 0xdc, 0xde, 0x30, 0x5c, 0xfb, 0xc0, +- 0x3d, 0x93, 0xef, 0x9c, 0xbc, 0xf8, 0xcc, 0xd2, 0xbf, 0x47, 0xec, 0xf8, +- 0x88, 0x9b, 0xe1, 0x43, 0xbe, 0xa7, 0x47, 0x96, 0xb6, 0x5d, 0x46, 0x0e, +- 0x7a, 0x78, 0x38, 0x19, 0xbc, 0xb5, 0xbc, 0x9b, 0x3c, 0x39, 0x92, 0x70, +- 0x0d, 0x9d, 0x8a, 0x35, 0xaf, 0xb4, 0x9e, 0xf4, 0xef, 0xc1, 0xb8, 0x25, +- 0xd0, 0x14, 0x91, 0xd6, 0xc2, 0xb6, 0xc7, 0x3c, 0x72, 0x91, 0x0f, 0xad, +- 0xde, 0xb2, 0x36, 0xf8, 0x4e, 0x59, 0xd4, 0xa4, 0x21, 0x9f, 0x03, 0x95, +- 0x48, 0x01, 0xb4, 0x05, 0xc3, 0x39, 0x60, 0x51, 0x08, 0xd0, 0xbe, 0x00, +- 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, +- 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, +- 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, +- 0x64, 0x7e, 0x0a ++ 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x00, 0xa0, 0x83, 0x3f, 0xac, 0x77, ++ 0x97, 0x74, 0x9b, 0x4b, 0x25, 0xa1, 0x64, 0x09, 0x8d, 0x53, 0xa6, 0x03, ++ 0xdf, 0x9a, 0x10, 0x52, 0xe5, 0x3f, 0xd4, 0x72, 0x75, 0x30, 0xd4, 0x6e, ++ 0x77, 0x32, 0x49, 0x84, 0xe2, 0xbe, 0xef, 0xe4, 0xf3, 0xac, 0xb0, 0x52, ++ 0x55, 0xbf, 0xa9, 0x57, 0x12, 0x08, 0x7d, 0xb0, 0x86, 0xc0, 0x9d, 0x01, ++ 0xc2, 0x1a, 0x4a, 0x2e, 0x3d, 0xd5, 0xc8, 0x56, 0xac, 0xd1, 0x83, 0x75, ++ 0x88, 0xd4, 0xcc, 0x9f, 0x0d, 0xcf, 0xd3, 0xa6, 0x91, 0xb6, 0xb6, 0xb1, ++ 0xd1, 0x24, 0x9c, 0xd0, 0x13, 0xe8, 0x6b, 0x15, 0x9c, 0x62, 0x33, 0x8d, ++ 0xe3, 0x67, 0x9b, 0xb1, 0x8a, 0x72, 0x38, 0xf7, 0x48, 0x32, 0x2f, 0x1e, ++ 0x45, 0xa8, 0xc4, 0xa5, 0xae, 0xb1, 0xfc, 0x35, 0x25, 0xb5, 0xf9, 0x7f, ++ 0x86, 0xef, 0xa2, 0x6d, 0x78, 0xcc, 0xfd, 0x0c, 0xca, 0x8a, 0xe1, 0xae, ++ 0xcd, 0x0f, 0x58, 0x69, 0xf1, 0x8b, 0xcc, 0x22, 0x35, 0x6d, 0x1f, 0xd5, ++ 0x27, 0x87, 0x39, 0x62, 0x3f, 0xb2, 0x17, 0x3d, 0x5e, 0xb1, 0x32, 0x7a, ++ 0xf1, 0x70, 0xce, 0xfa, 0xab, 0x1c, 0x92, 0xa8, 0xe1, 0xc4, 0xb2, 0x33, ++ 0x1a, 0x16, 0xf3, 0x60, 0x39, 0xdf, 0xb8, 0x85, 0xe7, 0x5d, 0x4d, 0xc2, ++ 0x8d, 0x55, 0x00, 0x49, 0x94, 0x04, 0x17, 0x88, 0x7c, 0xf4, 0xac, 0xa9, ++ 0xc5, 0x3a, 0x09, 0xc4, 0xc2, 0xcd, 0x3d, 0xc3, 0xfc, 0x4e, 0xf3, 0x70, ++ 0xa1, 0xc1, 0x54, 0x36, 0x1f, 0x38, 0x6d, 0x7a, 0x6b, 0x6a, 0xd3, 0x67, ++ 0x04, 0xd5, 0x53, 0xd4, 0xa5, 0xad, 0x63, 0x55, 0x0e, 0x06, 0x06, 0x3a, ++ 0x9a, 0xc5, 0xfe, 0x38, 0xc9, 0xb0, 0x69, 0x42, 0x90, 0x35, 0x1f, 0xe3, ++ 0x1c, 0x57, 0xea, 0xdb, 0x51, 0x35, 0x53, 0xd3, 0x94, 0xfe, 0x72, 0x33, ++ 0xd6, 0x8a, 0x46, 0x74, 0xf9, 0x6e, 0x94, 0x40, 0x2f, 0xba, 0xa2, 0xc4, ++ 0xe9, 0xc9, 0x8a, 0xf4, 0xda, 0xe2, 0xca, 0x3e, 0x98, 0x85, 0xa5, 0xd1, ++ 0x60, 0x94, 0xc8, 0xdf, 0x82, 0xee, 0x5c, 0x0d, 0x2a, 0xa9, 0x8e, 0x26, ++ 0x83, 0x3f, 0x02, 0xa2, 0xaf, 0xb8, 0x3b, 0x83, 0xf2, 0x44, 0x46, 0x41, ++ 0xd7, 0x5c, 0xa1, 0x42, 0x17, 0xa2, 0xd0, 0x50, 0x42, 0xef, 0x66, 0xda, ++ 0x35, 0x03, 0xd1, 0x8e, 0x77, 0x22, 0x7d, 0x4e, 0xf7, 0x4e, 0x04, 0xe3, ++ 0x0f, 0x98, 0x7d, 0xaa, 0x58, 0xba, 0xef, 0x9a, 0xd0, 0x88, 0x7c, 0x98, ++ 0xa0, 0xc2, 0xff, 0xa6, 0xb1, 0xec, 0xbe, 0x6e, 0xb0, 0x7e, 0xc6, 0xe5, ++ 0xaa, 0xcf, 0x10, 0x73, 0xc9, 0x13, 0x1a, 0x20, 0x12, 0x5c, 0xd2, 0x0e, ++ 0xe2, 0x60, 0x17, 0xdf, 0x4a, 0x44, 0x08, 0x22, 0xbc, 0xcd, 0x75, 0xbe, ++ 0xc3, 0x7a, 0x12, 0x90, 0x90, 0xc7, 0x94, 0x4c, 0x98, 0x45, 0x02, 0x5c, ++ 0x24, 0xae, 0x82, 0x2f, 0xcd, 0x30, 0xa6, 0xf5, 0x3f, 0xd3, 0xa7, 0xa6, ++ 0xe6, 0xea, 0x11, 0x4e, 0x45, 0xb7, 0xc0, 0xe6, 0x24, 0x8b, 0x76, 0xc5, ++ 0x5e, 0xc1, 0xd8, 0x07, 0x1e, 0x26, 0x94, 0x7a, 0x80, 0xc6, 0x3b, 0x1f, ++ 0x74, 0xe6, 0xae, 0x43, 0x2d, 0x11, 0xee, 0x96, 0x56, 0x6c, 0xff, 0xcb, ++ 0x3b, 0xde, 0xcc, 0xb3, 0x7b, 0x08, 0xf5, 0x3e, 0x6e, 0x51, 0x71, 0xe0, ++ 0x8a, 0xfa, 0xdd, 0x19, 0x39, 0xcf, 0x3f, 0x29, 0x4f, 0x2d, 0xd2, 0xd4, ++ 0xdc, 0x5c, 0xc4, 0xd1, 0xa7, 0xf5, 0xbf, 0x4a, 0xc0, 0x9b, 0xb4, 0x2b, ++ 0x83, 0x7a, 0x63, 0x4d, 0x20, 0x40, 0x8b, 0x11, 0x5c, 0x53, 0xd4, 0x52, ++ 0x21, 0xe7, 0xe4, 0x1f, 0x01, 0xf6, 0xd1, 0x25, 0x28, 0xba, 0x51, 0x6f, ++ 0x51, 0x69, 0xf4, 0x41, 0x45, 0x75, 0x23, 0x25, 0x77, 0xef, 0xa8, 0x1c, ++ 0x19, 0x8a, 0x66, 0x8c, 0x61, 0x13, 0x37, 0x4f, 0xa3, 0xa1, 0x83, 0x17, ++ 0x35, 0x23, 0x2d, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x02, 0xb8, 0x7e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, ++ 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, ++ 0x65, 0x6e, 0x64, 0x65, 0x64, 0x7e, 0x0a + }; +-unsigned int hj_signed_len = 495; ++unsigned int hj_signed_len = 739; + + unsigned char hi_signed_sha256[] = { +- 0x68, 0x69, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, +- 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, +- 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x02, 0xb4, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0xa5, 0x30, 0x82, ++ 0x02, 0xa1, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x0b, 0x06, 0x09, +- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, +- 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, +- 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x02, ++ 0x7e, 0x30, 0x82, 0x02, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x55, 0x30, 0x3d, ++ 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x32, 0x47, + 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, + 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, +- 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, +- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, +- 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, +- 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, +- 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, ++ 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, ++ 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, ++ 0x79, 0x02, 0x14, 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, ++ 0x3a, 0x91, 0x07, 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x92, 0x03, 0x30, + 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, +- 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0x7b, 0x5e, 0x82, 0x1d, 0x21, +- 0xb6, 0x40, 0xd3, 0x33, 0x79, 0xa7, 0x52, 0x2b, 0xfc, 0x46, 0x51, 0x26, +- 0xfe, 0x0f, 0x81, 0x90, 0x81, 0xab, 0x57, 0x5e, 0xf6, 0x45, 0x41, 0xa3, +- 0x7b, 0x48, 0xdd, 0xd6, 0x59, 0x60, 0x51, 0x31, 0x14, 0x14, 0x7b, 0xb4, +- 0x55, 0x7b, 0x4d, 0xfe, 0x09, 0x7a, 0x5d, 0xae, 0xc4, 0x58, 0x50, 0x80, +- 0x75, 0xf2, 0x23, 0x20, 0x62, 0xe3, 0x7c, 0x26, 0x1d, 0x2a, 0x4d, 0x9f, +- 0x89, 0xf0, 0x4f, 0x95, 0x8a, 0x80, 0x6e, 0x1a, 0xea, 0x87, 0xdb, 0x1f, +- 0xf3, 0xda, 0x04, 0x91, 0x37, 0xea, 0x0a, 0xfb, 0x6c, 0xc9, 0x3d, 0x73, +- 0xf9, 0x58, 0x7c, 0x15, 0x6b, 0xa2, 0x52, 0x5a, 0x97, 0xff, 0xd6, 0xb0, +- 0xf1, 0xbf, 0xa5, 0x04, 0x6d, 0x91, 0xc1, 0x54, 0x05, 0xdc, 0x7f, 0x5d, +- 0x19, 0xaf, 0x55, 0xec, 0x51, 0xfb, 0x66, 0x0a, 0xa4, 0x4e, 0x96, 0x47, +- 0x43, 0x54, 0x7c, 0x64, 0xa8, 0xaa, 0xb4, 0x90, 0x02, 0xf3, 0xa7, 0x0b, +- 0xb7, 0xbf, 0x06, 0xdb, 0x5e, 0x9c, 0x32, 0x6d, 0x45, 0x14, 0x1c, 0xaf, +- 0x46, 0x30, 0x08, 0x55, 0x49, 0x78, 0xfa, 0x57, 0xda, 0x3d, 0xf5, 0xa0, +- 0xef, 0x11, 0x0a, 0x81, 0x0d, 0x82, 0xcd, 0xaf, 0xdb, 0xda, 0x0e, 0x1a, +- 0x44, 0xd1, 0xee, 0xc4, 0xb8, 0xde, 0x97, 0xb4, 0xda, 0xb4, 0x8b, 0x4f, +- 0x58, 0x24, 0x59, 0xc0, 0xe0, 0x08, 0x97, 0x14, 0x68, 0xbe, 0x31, 0x09, +- 0x5e, 0x67, 0x45, 0xf0, 0xcb, 0x81, 0x4f, 0x17, 0x44, 0x61, 0xe0, 0xe2, +- 0xf0, 0xfc, 0x1e, 0xb9, 0x73, 0xaf, 0x42, 0xff, 0x33, 0xde, 0x61, 0x6b, +- 0x7f, 0xc2, 0x69, 0x0d, 0x66, 0x54, 0xae, 0xf6, 0xde, 0x20, 0x47, 0x44, +- 0x9b, 0x73, 0xd1, 0x07, 0x6e, 0x77, 0x37, 0x0a, 0xbb, 0x7f, 0xa0, 0x93, +- 0x2d, 0x8d, 0x44, 0xba, 0xe2, 0xdd, 0x34, 0x32, 0xd7, 0x56, 0x71, 0x00, +- 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, +- 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, +- 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, +- 0x64, 0x7e, 0x0a ++ 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x00, 0x96, 0x02, 0x7b, 0xa4, 0x07, ++ 0xa7, 0x39, 0x8d, 0xa6, 0x0b, 0xde, 0x33, 0xdd, 0xf8, 0xec, 0x24, 0x5d, ++ 0x06, 0x81, 0xe7, 0x3c, 0x2d, 0x0c, 0x53, 0xfb, 0x7e, 0x5a, 0xf3, 0xee, ++ 0xe5, 0x4c, 0x7c, 0xf7, 0xe7, 0x8f, 0x36, 0x62, 0x35, 0xb8, 0x99, 0xc3, ++ 0xeb, 0x85, 0x1d, 0x2e, 0x40, 0x6e, 0x2a, 0xb4, 0x3a, 0x76, 0x48, 0x4f, ++ 0x8b, 0x29, 0xd4, 0x9e, 0x5c, 0xd2, 0x41, 0x4d, 0xc1, 0x72, 0x0f, 0x97, ++ 0xe0, 0x7d, 0x88, 0xed, 0x1a, 0xb0, 0xde, 0x1b, 0x21, 0xa6, 0x0c, 0x19, ++ 0xd8, 0xb0, 0x12, 0x54, 0x7b, 0xd8, 0x19, 0x03, 0xbd, 0x77, 0x83, 0x23, ++ 0xeb, 0xeb, 0x68, 0x0a, 0x7b, 0x3a, 0x4d, 0x25, 0x44, 0xe1, 0x64, 0x8d, ++ 0x43, 0x5a, 0x1c, 0x9f, 0x74, 0x79, 0x31, 0x3f, 0xc7, 0x8e, 0xae, 0xe1, ++ 0xf9, 0x1e, 0x54, 0x12, 0x36, 0x85, 0xf2, 0x55, 0xba, 0x42, 0x60, 0x64, ++ 0x25, 0x9f, 0x73, 0x62, 0x42, 0xd2, 0x1c, 0x5e, 0x39, 0x4f, 0x7d, 0x91, ++ 0xb8, 0xf9, 0x59, 0x3c, 0x13, 0x6b, 0x84, 0x76, 0x6d, 0x8a, 0xc3, 0xcb, ++ 0x2d, 0x14, 0x27, 0x16, 0xdc, 0x20, 0x2c, 0xbc, 0x6b, 0xc9, 0xda, 0x9f, ++ 0xef, 0xe2, 0x2d, 0xc3, 0x83, 0xd8, 0xf9, 0x94, 0x18, 0xbc, 0xfe, 0x8f, ++ 0xa9, 0x44, 0xad, 0xff, 0x1b, 0xcb, 0x86, 0x30, 0x96, 0xa8, 0x3c, 0x7a, ++ 0x4b, 0x73, 0x1b, 0xa9, 0xc3, 0x3b, 0xaa, 0xd7, 0x44, 0xa8, 0x4d, 0xd6, ++ 0x92, 0xb6, 0x00, 0x04, 0x09, 0x05, 0x4a, 0x95, 0x02, 0x90, 0x19, 0x8c, ++ 0x9a, 0xa5, 0xee, 0x58, 0x24, 0xb0, 0xca, 0x5e, 0x6f, 0x73, 0xdb, 0xf5, ++ 0xa1, 0xf4, 0xf0, 0xa9, 0xeb, 0xe4, 0xdc, 0x55, 0x9f, 0x8f, 0x7a, 0xd0, ++ 0xf7, 0xb6, 0xaa, 0xa6, 0xb5, 0xb4, 0xab, 0xb8, 0x65, 0xad, 0x12, 0x32, ++ 0x1c, 0xe6, 0x99, 0x71, 0x93, 0xe8, 0xb4, 0x1e, 0x21, 0x27, 0x52, 0xea, ++ 0x8c, 0xc8, 0x79, 0x96, 0x2e, 0x48, 0x60, 0x57, 0x1c, 0x7d, 0x8c, 0x0d, ++ 0x07, 0xa7, 0x12, 0x83, 0x0a, 0x76, 0x6a, 0x64, 0xed, 0xbe, 0x8d, 0xaf, ++ 0xdf, 0x51, 0x05, 0xdd, 0xf2, 0xd3, 0xb8, 0x93, 0xa9, 0x13, 0xa5, 0x96, ++ 0xe8, 0xfa, 0x82, 0x02, 0x18, 0x71, 0x7a, 0x71, 0xbb, 0x39, 0x6f, 0x85, ++ 0xee, 0x16, 0x82, 0x27, 0x42, 0x9f, 0x83, 0xc8, 0xab, 0x6a, 0x3b, 0x99, ++ 0xba, 0x38, 0x92, 0x38, 0xae, 0x59, 0xfa, 0xaa, 0x40, 0x2b, 0x52, 0x95, ++ 0xca, 0x5e, 0xe1, 0x9b, 0x00, 0xbd, 0xb9, 0x63, 0x25, 0x8d, 0xc7, 0x22, ++ 0xaf, 0xe5, 0x67, 0x76, 0x91, 0xf4, 0xda, 0xc9, 0x7e, 0x9e, 0xec, 0x9b, ++ 0x1f, 0x7d, 0x3b, 0xfe, 0xa1, 0x20, 0x52, 0xac, 0xd0, 0xe5, 0xa6, 0xf1, ++ 0xfd, 0x4c, 0x08, 0x59, 0x7d, 0x50, 0xbb, 0x0c, 0xcf, 0xd8, 0xb6, 0x0f, ++ 0xc7, 0x19, 0xcb, 0x7a, 0x96, 0x6f, 0x0f, 0x6c, 0x71, 0x56, 0x72, 0xd1, ++ 0x06, 0x29, 0x0f, 0x08, 0xa2, 0x46, 0x3e, 0x58, 0x42, 0xc4, 0x8c, 0xe0, ++ 0x6e, 0xe9, 0x37, 0xd5, 0x2f, 0x74, 0x36, 0x1d, 0x14, 0xcb, 0x10, 0x0e, ++ 0x7d, 0x67, 0xbd, 0x38, 0x0e, 0xa4, 0x27, 0x1d, 0x3c, 0x78, 0x4d, 0x0d, ++ 0x15, 0x42, 0x70, 0x20, 0xe0, 0x1d, 0x83, 0x6c, 0x4d, 0xf1, 0x02, 0xa1, ++ 0x51, 0xc4, 0xc5, 0x5d, 0x69, 0x90, 0x58, 0x82, 0x94, 0x50, 0x36, 0x22, ++ 0xb3, 0xa4, 0x15, 0x77, 0xdc, 0x44, 0xb0, 0x50, 0xa2, 0x3f, 0xd0, 0x0e, ++ 0x1b, 0xfc, 0xf4, 0x5b, 0x3b, 0x7d, 0x63, 0x94, 0x22, 0xf3, 0x87, 0x0a, ++ 0x41, 0x8a, 0x27, 0x48, 0xcb, 0x6c, 0xfd, 0x70, 0x66, 0x5f, 0x11, 0x6f, ++ 0x74, 0x2c, 0x42, 0xaf, 0x74, 0x45, 0x3f, 0x0c, 0x03, 0xc8, 0x80, 0xe2, ++ 0x71, 0x08, 0x93, 0xbd, 0x4d, 0x18, 0x78, 0x1e, 0x8e, 0xb9, 0x3a, 0xd6, ++ 0x1a, 0xde, 0xf9, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x02, 0xb8, 0x7e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, ++ 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, ++ 0x65, 0x6e, 0x64, 0x65, 0x64, 0x7e, 0x0a + }; +-unsigned int hi_signed_sha256_len = 495; ++unsigned int hi_signed_sha256_len = 739; + + unsigned char short_msg[] = { + 0x68, 0x69, 0x0a +@@ -482,6 +581,244 @@ unsigned char hi_signed_2nd[] = { + }; + unsigned int hi_signed_2nd_len = 736; + ++unsigned char hi_double[] = { ++ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x05, 0x2f, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x05, 0x20, 0x30, 0x82, ++ 0x05, 0x1c, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x04, ++ 0xf9, 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x01, 0x30, 0x52, 0x30, 0x3a, ++ 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2f, 0x47, ++ 0x72, 0x75, 0x62, 0x20, 0x32, 0x6e, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74, ++ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, ++ 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, ++ 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x02, 0x14, ++ 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, 0x3a, 0x91, 0x07, ++ 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x91, 0xff, 0x30, 0x0b, 0x06, 0x09, ++ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0d, 0x06, ++ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, ++ 0x04, 0x82, 0x02, 0x00, 0x0e, 0xc2, 0x30, 0x38, 0x81, 0x23, 0x68, 0x90, ++ 0xae, 0x5f, 0xce, 0xf7, 0x27, 0xb1, 0x8c, 0x2e, 0x12, 0x10, 0xc6, 0x99, ++ 0xdc, 0x4d, 0x4b, 0x79, 0xda, 0xe4, 0x32, 0x10, 0x46, 0x1c, 0x16, 0x07, ++ 0x87, 0x66, 0x55, 0xff, 0x64, 0x1c, 0x61, 0x25, 0xd5, 0xb9, 0xe1, 0xfe, ++ 0xea, 0x5a, 0xcd, 0x56, 0xa5, 0xc3, 0xbe, 0xb1, 0x61, 0xc7, 0x6f, 0x5f, ++ 0x69, 0x20, 0x64, 0x50, 0x6f, 0x12, 0x78, 0xb6, 0x0c, 0x72, 0x44, 0x4f, ++ 0x60, 0x0f, 0x9f, 0xa2, 0x83, 0x3b, 0xc2, 0x83, 0xd5, 0x14, 0x1f, 0x6f, ++ 0x3e, 0xb2, 0x47, 0xb5, 0x58, 0xc5, 0xa7, 0xb4, 0x82, 0x53, 0x2e, 0x53, ++ 0x95, 0x4e, 0x3d, 0xe4, 0x62, 0xe8, 0xa1, 0xaf, 0xae, 0xbf, 0xa9, 0xd2, ++ 0x22, 0x07, 0xbe, 0x71, 0x37, 0x2c, 0x5a, 0xa7, 0x6c, 0xaf, 0x14, 0xc0, ++ 0x6c, 0x2f, 0xbf, 0x4f, 0x15, 0xc2, 0x0f, 0x8b, 0xdc, 0x68, 0x45, 0xdf, ++ 0xf3, 0xa5, 0x7f, 0x11, 0x6a, 0x54, 0xcd, 0x67, 0xb9, 0x2e, 0x7d, 0x05, ++ 0xe3, 0x1c, 0x1d, 0xcc, 0x77, 0x8e, 0x97, 0xb1, 0xa0, 0x11, 0x09, 0x3d, ++ 0x90, 0x54, 0xfc, 0x7e, 0xbb, 0xbb, 0x21, 0x23, 0x03, 0x44, 0xbf, 0x7d, ++ 0x2c, 0xc9, 0x15, 0x42, 0xe5, 0xa0, 0x3b, 0xa2, 0xd1, 0x5b, 0x73, 0x81, ++ 0xff, 0xfa, 0x90, 0xfc, 0x27, 0x7b, 0x2f, 0x86, 0x9c, 0x1d, 0x14, 0x36, ++ 0x94, 0xa2, 0x6e, 0xe8, 0x9d, 0xa0, 0x5f, 0xfc, 0x5a, 0x0d, 0xa4, 0xd5, ++ 0x2f, 0x8d, 0xd6, 0x00, 0xfa, 0x93, 0x5b, 0x09, 0x7f, 0x42, 0x78, 0xcc, ++ 0x8c, 0x49, 0xda, 0xd9, 0xf6, 0x43, 0xe7, 0xe1, 0x3c, 0xa2, 0xe2, 0x70, ++ 0xe2, 0x6a, 0x99, 0xc5, 0xd6, 0xa2, 0xe3, 0x0b, 0xd4, 0x09, 0xac, 0x94, ++ 0xaf, 0xb7, 0xf0, 0xb3, 0x0c, 0x1e, 0xf5, 0x16, 0x4f, 0x53, 0x9a, 0xe3, ++ 0xcc, 0xe2, 0x0c, 0x4a, 0xb9, 0xe6, 0x06, 0xbb, 0xf7, 0x41, 0x43, 0x20, ++ 0x04, 0xee, 0x99, 0x2f, 0xd8, 0x9f, 0xda, 0x3f, 0xfd, 0x49, 0xb8, 0xc2, ++ 0xbd, 0xd9, 0xc5, 0x72, 0xfd, 0xe3, 0xce, 0x1c, 0xbc, 0xe4, 0x39, 0xac, ++ 0x2a, 0x99, 0xe9, 0xb4, 0x3e, 0x74, 0x10, 0xeb, 0xd5, 0x14, 0xcc, 0xdb, ++ 0xf1, 0x04, 0x63, 0x36, 0xfb, 0x1f, 0x2b, 0xe2, 0x73, 0xd4, 0xd8, 0x49, ++ 0x31, 0xa8, 0x55, 0xcc, 0xa7, 0x76, 0x36, 0x6e, 0x18, 0xdc, 0xb9, 0xb0, ++ 0x29, 0x99, 0xcf, 0x49, 0xbf, 0xf9, 0xdb, 0x7f, 0x24, 0x42, 0x02, 0xcb, ++ 0xc1, 0xaa, 0xcb, 0xba, 0x18, 0x85, 0x86, 0xc7, 0xf4, 0x1c, 0x62, 0x76, ++ 0xbc, 0x73, 0xfb, 0xe4, 0x15, 0xb8, 0xdd, 0x5d, 0xa6, 0x68, 0x39, 0xa5, ++ 0x3d, 0x33, 0xaf, 0xd5, 0x92, 0x4d, 0x48, 0xdb, 0x22, 0xc0, 0xdc, 0x49, ++ 0x5f, 0x7b, 0xa8, 0xd2, 0x62, 0x2d, 0xa7, 0x39, 0x93, 0x48, 0xe7, 0x6b, ++ 0x23, 0xba, 0xd4, 0xe0, 0xc1, 0x29, 0x55, 0xc4, 0x34, 0xe3, 0xac, 0x25, ++ 0xa7, 0x15, 0xad, 0xab, 0xb3, 0xb7, 0x25, 0xca, 0x37, 0x88, 0x40, 0x2e, ++ 0x47, 0x6e, 0x92, 0x20, 0x09, 0x2e, 0x5a, 0xec, 0xf2, 0xfb, 0xb3, 0xa0, ++ 0x16, 0xb6, 0x93, 0xf2, 0xf5, 0x8b, 0xfe, 0xaf, 0x25, 0xee, 0x2e, 0x98, ++ 0x6c, 0x0a, 0xfe, 0xae, 0x0b, 0x57, 0xf5, 0x9f, 0x3c, 0x80, 0xe9, 0x8b, ++ 0xaf, 0x92, 0x8a, 0xad, 0xe7, 0xa0, 0xe4, 0xe6, 0x0a, 0xa0, 0xc7, 0x83, ++ 0xb5, 0x48, 0x58, 0x5f, 0x55, 0x9e, 0x9b, 0x27, 0xcd, 0x31, 0x1f, 0x3e, ++ 0x50, 0x5a, 0x91, 0xad, 0x21, 0x1b, 0x97, 0x5b, 0xe8, 0xfa, 0x29, 0x8a, ++ 0xa4, 0x17, 0xe8, 0xab, 0x87, 0x02, 0xd6, 0x18, 0x8c, 0x9f, 0x65, 0xb7, ++ 0x2a, 0xfa, 0xde, 0x5f, 0x77, 0x30, 0x6c, 0x04, 0x22, 0xe6, 0x58, 0x26, ++ 0x14, 0x0d, 0x9c, 0x41, 0x0a, 0x82, 0x77, 0xdb, 0x40, 0xa1, 0x58, 0xac, ++ 0x30, 0x82, 0x02, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x55, 0x30, 0x3d, 0x31, ++ 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x32, 0x47, 0x72, ++ 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, ++ 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, 0x65, ++ 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, ++ 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, ++ 0x02, 0x14, 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, 0x3a, ++ 0x91, 0x07, 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x92, 0x03, 0x30, 0x0b, ++ 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, ++ 0x05, 0x00, 0x04, 0x82, 0x02, 0x00, 0xa0, 0x83, 0x3f, 0xac, 0x77, 0x97, ++ 0x74, 0x9b, 0x4b, 0x25, 0xa1, 0x64, 0x09, 0x8d, 0x53, 0xa6, 0x03, 0xdf, ++ 0x9a, 0x10, 0x52, 0xe5, 0x3f, 0xd4, 0x72, 0x75, 0x30, 0xd4, 0x6e, 0x77, ++ 0x32, 0x49, 0x84, 0xe2, 0xbe, 0xef, 0xe4, 0xf3, 0xac, 0xb0, 0x52, 0x55, ++ 0xbf, 0xa9, 0x57, 0x12, 0x08, 0x7d, 0xb0, 0x86, 0xc0, 0x9d, 0x01, 0xc2, ++ 0x1a, 0x4a, 0x2e, 0x3d, 0xd5, 0xc8, 0x56, 0xac, 0xd1, 0x83, 0x75, 0x88, ++ 0xd4, 0xcc, 0x9f, 0x0d, 0xcf, 0xd3, 0xa6, 0x91, 0xb6, 0xb6, 0xb1, 0xd1, ++ 0x24, 0x9c, 0xd0, 0x13, 0xe8, 0x6b, 0x15, 0x9c, 0x62, 0x33, 0x8d, 0xe3, ++ 0x67, 0x9b, 0xb1, 0x8a, 0x72, 0x38, 0xf7, 0x48, 0x32, 0x2f, 0x1e, 0x45, ++ 0xa8, 0xc4, 0xa5, 0xae, 0xb1, 0xfc, 0x35, 0x25, 0xb5, 0xf9, 0x7f, 0x86, ++ 0xef, 0xa2, 0x6d, 0x78, 0xcc, 0xfd, 0x0c, 0xca, 0x8a, 0xe1, 0xae, 0xcd, ++ 0x0f, 0x58, 0x69, 0xf1, 0x8b, 0xcc, 0x22, 0x35, 0x6d, 0x1f, 0xd5, 0x27, ++ 0x87, 0x39, 0x62, 0x3f, 0xb2, 0x17, 0x3d, 0x5e, 0xb1, 0x32, 0x7a, 0xf1, ++ 0x70, 0xce, 0xfa, 0xab, 0x1c, 0x92, 0xa8, 0xe1, 0xc4, 0xb2, 0x33, 0x1a, ++ 0x16, 0xf3, 0x60, 0x39, 0xdf, 0xb8, 0x85, 0xe7, 0x5d, 0x4d, 0xc2, 0x8d, ++ 0x55, 0x00, 0x49, 0x94, 0x04, 0x17, 0x88, 0x7c, 0xf4, 0xac, 0xa9, 0xc5, ++ 0x3a, 0x09, 0xc4, 0xc2, 0xcd, 0x3d, 0xc3, 0xfc, 0x4e, 0xf3, 0x70, 0xa1, ++ 0xc1, 0x54, 0x36, 0x1f, 0x38, 0x6d, 0x7a, 0x6b, 0x6a, 0xd3, 0x67, 0x04, ++ 0xd5, 0x53, 0xd4, 0xa5, 0xad, 0x63, 0x55, 0x0e, 0x06, 0x06, 0x3a, 0x9a, ++ 0xc5, 0xfe, 0x38, 0xc9, 0xb0, 0x69, 0x42, 0x90, 0x35, 0x1f, 0xe3, 0x1c, ++ 0x57, 0xea, 0xdb, 0x51, 0x35, 0x53, 0xd3, 0x94, 0xfe, 0x72, 0x33, 0xd6, ++ 0x8a, 0x46, 0x74, 0xf9, 0x6e, 0x94, 0x40, 0x2f, 0xba, 0xa2, 0xc4, 0xe9, ++ 0xc9, 0x8a, 0xf4, 0xda, 0xe2, 0xca, 0x3e, 0x98, 0x85, 0xa5, 0xd1, 0x60, ++ 0x94, 0xc8, 0xdf, 0x82, 0xee, 0x5c, 0x0d, 0x2a, 0xa9, 0x8e, 0x26, 0x83, ++ 0x3f, 0x02, 0xa2, 0xaf, 0xb8, 0x3b, 0x83, 0xf2, 0x44, 0x46, 0x41, 0xd7, ++ 0x5c, 0xa1, 0x42, 0x17, 0xa2, 0xd0, 0x50, 0x42, 0xef, 0x66, 0xda, 0x35, ++ 0x03, 0xd1, 0x8e, 0x77, 0x22, 0x7d, 0x4e, 0xf7, 0x4e, 0x04, 0xe3, 0x0f, ++ 0x98, 0x7d, 0xaa, 0x58, 0xba, 0xef, 0x9a, 0xd0, 0x88, 0x7c, 0x98, 0xa0, ++ 0xc2, 0xff, 0xa6, 0xb1, 0xec, 0xbe, 0x6e, 0xb0, 0x7e, 0xc6, 0xe5, 0xaa, ++ 0xcf, 0x10, 0x73, 0xc9, 0x13, 0x1a, 0x20, 0x12, 0x5c, 0xd2, 0x0e, 0xe2, ++ 0x60, 0x17, 0xdf, 0x4a, 0x44, 0x08, 0x22, 0xbc, 0xcd, 0x75, 0xbe, 0xc3, ++ 0x7a, 0x12, 0x90, 0x90, 0xc7, 0x94, 0x4c, 0x98, 0x45, 0x02, 0x5c, 0x24, ++ 0xae, 0x82, 0x2f, 0xcd, 0x30, 0xa6, 0xf5, 0x3f, 0xd3, 0xa7, 0xa6, 0xe6, ++ 0xea, 0x11, 0x4e, 0x45, 0xb7, 0xc0, 0xe6, 0x24, 0x8b, 0x76, 0xc5, 0x5e, ++ 0xc1, 0xd8, 0x07, 0x1e, 0x26, 0x94, 0x7a, 0x80, 0xc6, 0x3b, 0x1f, 0x74, ++ 0xe6, 0xae, 0x43, 0x2d, 0x11, 0xee, 0x96, 0x56, 0x6c, 0xff, 0xcb, 0x3b, ++ 0xde, 0xcc, 0xb3, 0x7b, 0x08, 0xf5, 0x3e, 0x6e, 0x51, 0x71, 0xe0, 0x8a, ++ 0xfa, 0xdd, 0x19, 0x39, 0xcf, 0x3f, 0x29, 0x4f, 0x2d, 0xd2, 0xd4, 0xdc, ++ 0x5c, 0xc4, 0xd1, 0xa7, 0xf5, 0xbf, 0x4a, 0xc0, 0x9b, 0xb4, 0x2b, 0x83, ++ 0x7a, 0x63, 0x4d, 0x20, 0x40, 0x8b, 0x11, 0x5c, 0x53, 0xd4, 0x52, 0x21, ++ 0xe7, 0xe4, 0x1f, 0x01, 0xf6, 0xd1, 0x25, 0x28, 0xba, 0x51, 0x6f, 0x51, ++ 0x69, 0xf4, 0x41, 0x45, 0x75, 0x23, 0x25, 0x77, 0xef, 0xa8, 0x1c, 0x19, ++ 0x8a, 0x66, 0x8c, 0x61, 0x13, 0x37, 0x4f, 0xa3, 0xa1, 0x83, 0x17, 0x35, ++ 0x23, 0x2d, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x05, 0x33, 0x7e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, ++ 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, ++ 0x6e, 0x64, 0x65, 0x64, 0x7e, 0x0a ++}; ++unsigned int hi_double_len = 1374; ++ ++unsigned char hi_double_extended[] = { ++ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x05, 0x2f, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x05, 0x20, 0x30, 0x82, ++ 0x05, 0x1c, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x04, ++ 0xf9, 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x01, 0x30, 0x52, 0x30, 0x3a, ++ 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2f, 0x47, ++ 0x72, 0x75, 0x62, 0x20, 0x32, 0x6e, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74, ++ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, ++ 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, ++ 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x02, 0x14, ++ 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, 0x3a, 0x91, 0x07, ++ 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x91, 0xff, 0x30, 0x0b, 0x06, 0x09, ++ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0d, 0x06, ++ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, ++ 0x04, 0x82, 0x02, 0x00, 0x0e, 0xc2, 0x30, 0x38, 0x81, 0x23, 0x68, 0x90, ++ 0xae, 0x5f, 0xce, 0xf7, 0x27, 0xb1, 0x8c, 0x2e, 0x12, 0x10, 0xc6, 0x99, ++ 0xdc, 0x4d, 0x4b, 0x79, 0xda, 0xe4, 0x32, 0x10, 0x46, 0x1c, 0x16, 0x07, ++ 0x87, 0x66, 0x55, 0xff, 0x64, 0x1c, 0x61, 0x25, 0xd5, 0xb9, 0xe1, 0xfe, ++ 0xea, 0x5a, 0xcd, 0x56, 0xa5, 0xc3, 0xbe, 0xb1, 0x61, 0xc7, 0x6f, 0x5f, ++ 0x69, 0x20, 0x64, 0x50, 0x6f, 0x12, 0x78, 0xb6, 0x0c, 0x72, 0x44, 0x4f, ++ 0x60, 0x0f, 0x9f, 0xa2, 0x83, 0x3b, 0xc2, 0x83, 0xd5, 0x14, 0x1f, 0x6f, ++ 0x3e, 0xb2, 0x47, 0xb5, 0x58, 0xc5, 0xa7, 0xb4, 0x82, 0x53, 0x2e, 0x53, ++ 0x95, 0x4e, 0x3d, 0xe4, 0x62, 0xe8, 0xa1, 0xaf, 0xae, 0xbf, 0xa9, 0xd2, ++ 0x22, 0x07, 0xbe, 0x71, 0x37, 0x2c, 0x5a, 0xa7, 0x6c, 0xaf, 0x14, 0xc0, ++ 0x6c, 0x2f, 0xbf, 0x4f, 0x15, 0xc2, 0x0f, 0x8b, 0xdc, 0x68, 0x45, 0xdf, ++ 0xf3, 0xa5, 0x7f, 0x11, 0x6a, 0x54, 0xcd, 0x67, 0xb9, 0x2e, 0x7d, 0x05, ++ 0xe3, 0x1c, 0x1d, 0xcc, 0x77, 0x8e, 0x97, 0xb1, 0xa0, 0x11, 0x09, 0x3d, ++ 0x90, 0x54, 0xfc, 0x7e, 0xbb, 0xbb, 0x21, 0x23, 0x03, 0x44, 0xbf, 0x7d, ++ 0x2c, 0xc9, 0x15, 0x42, 0xe5, 0xa0, 0x3b, 0xa2, 0xd1, 0x5b, 0x73, 0x81, ++ 0xff, 0xfa, 0x90, 0xfc, 0x27, 0x7b, 0x2f, 0x86, 0x9c, 0x1d, 0x14, 0x36, ++ 0x94, 0xa2, 0x6e, 0xe8, 0x9d, 0xa0, 0x5f, 0xfc, 0x5a, 0x0d, 0xa4, 0xd5, ++ 0x2f, 0x8d, 0xd6, 0x00, 0xfa, 0x93, 0x5b, 0x09, 0x7f, 0x42, 0x78, 0xcc, ++ 0x8c, 0x49, 0xda, 0xd9, 0xf6, 0x43, 0xe7, 0xe1, 0x3c, 0xa2, 0xe2, 0x70, ++ 0xe2, 0x6a, 0x99, 0xc5, 0xd6, 0xa2, 0xe3, 0x0b, 0xd4, 0x09, 0xac, 0x94, ++ 0xaf, 0xb7, 0xf0, 0xb3, 0x0c, 0x1e, 0xf5, 0x16, 0x4f, 0x53, 0x9a, 0xe3, ++ 0xcc, 0xe2, 0x0c, 0x4a, 0xb9, 0xe6, 0x06, 0xbb, 0xf7, 0x41, 0x43, 0x20, ++ 0x04, 0xee, 0x99, 0x2f, 0xd8, 0x9f, 0xda, 0x3f, 0xfd, 0x49, 0xb8, 0xc2, ++ 0xbd, 0xd9, 0xc5, 0x72, 0xfd, 0xe3, 0xce, 0x1c, 0xbc, 0xe4, 0x39, 0xac, ++ 0x2a, 0x99, 0xe9, 0xb4, 0x3e, 0x74, 0x10, 0xeb, 0xd5, 0x14, 0xcc, 0xdb, ++ 0xf1, 0x04, 0x63, 0x36, 0xfb, 0x1f, 0x2b, 0xe2, 0x73, 0xd4, 0xd8, 0x49, ++ 0x31, 0xa8, 0x55, 0xcc, 0xa7, 0x76, 0x36, 0x6e, 0x18, 0xdc, 0xb9, 0xb0, ++ 0x29, 0x99, 0xcf, 0x49, 0xbf, 0xf9, 0xdb, 0x7f, 0x24, 0x42, 0x02, 0xcb, ++ 0xc1, 0xaa, 0xcb, 0xba, 0x18, 0x85, 0x86, 0xc7, 0xf4, 0x1c, 0x62, 0x76, ++ 0xbc, 0x73, 0xfb, 0xe4, 0x15, 0xb8, 0xdd, 0x5d, 0xa6, 0x68, 0x39, 0xa5, ++ 0x3d, 0x33, 0xaf, 0xd5, 0x92, 0x4d, 0x48, 0xdb, 0x22, 0xc0, 0xdc, 0x49, ++ 0x5f, 0x7b, 0xa8, 0xd2, 0x62, 0x2d, 0xa7, 0x39, 0x93, 0x48, 0xe7, 0x6b, ++ 0x23, 0xba, 0xd4, 0xe0, 0xc1, 0x29, 0x55, 0xc4, 0x34, 0xe3, 0xac, 0x25, ++ 0xa7, 0x15, 0xad, 0xab, 0xb3, 0xb7, 0x25, 0xca, 0x37, 0x88, 0x40, 0x2e, ++ 0x47, 0x6e, 0x92, 0x20, 0x09, 0x2e, 0x5a, 0xec, 0xf2, 0xfb, 0xb3, 0xa0, ++ 0x16, 0xb6, 0x93, 0xf2, 0xf5, 0x8b, 0xfe, 0xaf, 0x25, 0xee, 0x2e, 0x98, ++ 0x6c, 0x0a, 0xfe, 0xae, 0x0b, 0x57, 0xf5, 0x9f, 0x3c, 0x80, 0xe9, 0x8b, ++ 0xaf, 0x92, 0x8a, 0xad, 0xe7, 0xa0, 0xe4, 0xe6, 0x0a, 0xa0, 0xc7, 0x83, ++ 0xb5, 0x48, 0x58, 0x5f, 0x55, 0x9e, 0x9b, 0x27, 0xcd, 0x31, 0x1f, 0x3e, ++ 0x50, 0x5a, 0x91, 0xad, 0x21, 0x1b, 0x97, 0x5b, 0xe8, 0xfa, 0x29, 0x8a, ++ 0xa4, 0x17, 0xe8, 0xab, 0x87, 0x02, 0xd6, 0x18, 0x8c, 0x9f, 0x65, 0xb7, ++ 0x2a, 0xfa, 0xde, 0x5f, 0x77, 0x30, 0x6c, 0x04, 0x22, 0xe6, 0x58, 0x26, ++ 0x14, 0x0d, 0x9c, 0x41, 0x0a, 0x82, 0x77, 0xdb, 0x40, 0xa1, 0x58, 0xac, ++ 0x30, 0x82, 0x02, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x55, 0x30, 0x3d, 0x31, ++ 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x32, 0x47, 0x72, ++ 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, ++ 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, 0x65, ++ 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, ++ 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, ++ 0x02, 0x14, 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, 0x3a, ++ 0x91, 0x07, 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x92, 0x03, 0x30, 0x0b, ++ 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, ++ 0x05, 0x00, 0x04, 0x82, 0x02, 0x00, 0xa0, 0x83, 0x3f, 0xac, 0x77, 0x97, ++ 0x74, 0x9b, 0x4b, 0x25, 0xa1, 0x64, 0x09, 0x8d, 0x53, 0xa6, 0x03, 0xdf, ++ 0x9a, 0x10, 0x52, 0xe5, 0x3f, 0xd4, 0x72, 0x75, 0x30, 0xd4, 0x6e, 0x77, ++ 0x32, 0x49, 0x84, 0xe2, 0xbe, 0xef, 0xe4, 0xf3, 0xac, 0xb0, 0x52, 0x55, ++ 0xbf, 0xa9, 0x57, 0x12, 0x08, 0x7d, 0xb0, 0x86, 0xc0, 0x9d, 0x01, 0xc2, ++ 0x1a, 0x4a, 0x2e, 0x3d, 0xd5, 0xc8, 0x56, 0xac, 0xd1, 0x83, 0x75, 0x88, ++ 0xd4, 0xcc, 0x9f, 0x0d, 0xcf, 0xd3, 0xa6, 0x91, 0xb6, 0xb6, 0xb1, 0xd1, ++ 0x24, 0x9c, 0xd0, 0x13, 0xe8, 0x6b, 0x15, 0x9c, 0x62, 0x33, 0x8d, 0xe3, ++ 0x67, 0x9b, 0xb1, 0x8a, 0x72, 0x38, 0xf7, 0x48, 0x32, 0x2f, 0x1e, 0x45, ++ 0xa8, 0xc4, 0xa5, 0xae, 0xb1, 0xfc, 0x35, 0x25, 0xb5, 0xf9, 0x7f, 0x86, ++ 0xef, 0xa2, 0x6d, 0x78, 0xcc, 0xfd, 0x0c, 0xca, 0x8a, 0xe1, 0xae, 0xcd, ++ 0x0f, 0x58, 0x69, 0xf1, 0x8b, 0xcc, 0x22, 0x35, 0x6d, 0x1f, 0xd5, 0x27, ++ 0x87, 0x39, 0x62, 0x3f, 0xb2, 0x17, 0x3d, 0x5e, 0xb1, 0x32, 0x7a, 0xf1, ++ 0x70, 0xce, 0xfa, 0xab, 0x1c, 0x92, 0xa8, 0xe1, 0xc4, 0xb2, 0x33, 0x1a, ++ 0x16, 0xf3, 0x60, 0x39, 0xdf, 0xb8, 0x85, 0xe7, 0x5d, 0x4d, 0xc2, 0x8d, ++ 0x55, 0x00, 0x49, 0x94, 0x04, 0x17, 0x88, 0x7c, 0xf4, 0xac, 0xa9, 0xc5, ++ 0x3a, 0x09, 0xc4, 0xc2, 0xcd, 0x3d, 0xc3, 0xfc, 0x4e, 0xf3, 0x70, 0xa1, ++ 0xc1, 0x54, 0x36, 0x1f, 0x38, 0x6d, 0x7a, 0x6b, 0x6a, 0xd3, 0x67, 0x04, ++ 0xd5, 0x53, 0xd4, 0xa5, 0xad, 0x63, 0x55, 0x0e, 0x06, 0x06, 0x3a, 0x9a, ++ 0xc5, 0xfe, 0x38, 0xc9, 0xb0, 0x69, 0x42, 0x90, 0x35, 0x1f, 0xe3, 0x1c, ++ 0x57, 0xea, 0xdb, 0x51, 0x35, 0x53, 0xd3, 0x94, 0xfe, 0x72, 0x33, 0xd6, ++ 0x8a, 0x46, 0x74, 0xf9, 0x6e, 0x94, 0x40, 0x2f, 0xba, 0xa2, 0xc4, 0xe9, ++ 0xc9, 0x8a, 0xf4, 0xda, 0xe2, 0xca, 0x3e, 0x98, 0x85, 0xa5, 0xd1, 0x60, ++ 0x94, 0xc8, 0xdf, 0x82, 0xee, 0x5c, 0x0d, 0x2a, 0xa9, 0x8e, 0x26, 0x83, ++ 0x3f, 0x02, 0xa2, 0xaf, 0xb8, 0x3b, 0x83, 0xf2, 0x44, 0x46, 0x41, 0xd7, ++ 0x5c, 0xa1, 0x42, 0x17, 0xa2, 0xd0, 0x50, 0x42, 0xef, 0x66, 0xda, 0x35, ++ 0x03, 0xd1, 0x8e, 0x77, 0x22, 0x7d, 0x4e, 0xf7, 0x4e, 0x04, 0xe3, 0x0f, ++ 0x98, 0x7d, 0xaa, 0x58, 0xba, 0xef, 0x9a, 0xd0, 0x88, 0x7c, 0x98, 0xa0, ++ 0xc2, 0xff, 0xa6, 0xb1, 0xec, 0xbe, 0x6e, 0xb0, 0x7e, 0xc6, 0xe5, 0xaa, ++ 0xcf, 0x10, 0x73, 0xc9, 0x13, 0x1a, 0x20, 0x12, 0x5c, 0xd2, 0x0e, 0xe2, ++ 0x60, 0x17, 0xdf, 0x4a, 0x44, 0x08, 0x22, 0xbc, 0xcd, 0x75, 0xbe, 0xc3, ++ 0x7a, 0x12, 0x90, 0x90, 0xc7, 0x94, 0x4c, 0x98, 0x45, 0x02, 0x5c, 0x24, ++ 0xae, 0x82, 0x2f, 0xcd, 0x30, 0xa6, 0xf5, 0x3f, 0xd3, 0xa7, 0xa6, 0xe6, ++ 0xea, 0x11, 0x4e, 0x45, 0xb7, 0xc0, 0xe6, 0x24, 0x8b, 0x76, 0xc5, 0x5e, ++ 0xc1, 0xd8, 0x07, 0x1e, 0x26, 0x94, 0x7a, 0x80, 0xc6, 0x3b, 0x1f, 0x74, ++ 0xe6, 0xae, 0x43, 0x2d, 0x11, 0xee, 0x96, 0x56, 0x6c, 0xff, 0xcb, 0x3b, ++ 0xde, 0xcc, 0xb3, 0x7b, 0x08, 0xf5, 0x3e, 0x6e, 0x51, 0x71, 0xe0, 0x8a, ++ 0xfa, 0xdd, 0x19, 0x39, 0xcf, 0x3f, 0x29, 0x4f, 0x2d, 0xd2, 0xd4, 0xdc, ++ 0x5c, 0xc4, 0xd1, 0xa7, 0xf5, 0xbf, 0x4a, 0xc0, 0x9b, 0xb4, 0x2b, 0x83, ++ 0x7a, 0x63, 0x4d, 0x20, 0x40, 0x8b, 0x11, 0x5c, 0x53, 0xd4, 0x52, 0x21, ++ 0xe7, 0xe4, 0x1f, 0x01, 0xf6, 0xd1, 0x25, 0x28, 0xba, 0x51, 0x6f, 0x51, ++ 0x69, 0xf4, 0x41, 0x45, 0x75, 0x23, 0x25, 0x77, 0xef, 0xa8, 0x1c, 0x19, ++ 0x8a, 0x66, 0x8c, 0x61, 0x13, 0x37, 0x4f, 0xa3, 0xa1, 0x83, 0x17, 0x35, ++ 0x23, 0x2d, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x05, 0x34, 0x7e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, ++ 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, ++ 0x65, 0x6e, 0x64, 0x65, 0x64, 0x7e, 0x0a ++}; ++unsigned int hi_double_extended_len = 1375; ++ + unsigned char certificate_printable_der[] = { + 0x30, 0x82, 0x03, 0x39, 0x30, 0x82, 0x02, 0x21, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0xde, 0xf6, 0x22, 0xc4, 0xf2, 0xf1, 0x86, 0x02, diff --git a/0501-docs-grub-Document-signing-GRUB-under-UEFI.patch b/0501-docs-grub-Document-signing-GRUB-under-UEFI.patch new file mode 100644 index 0000000..51fdf32 --- /dev/null +++ b/0501-docs-grub-Document-signing-GRUB-under-UEFI.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 6 Oct 2025 12:55:03 +0530 +Subject: [PATCH] docs/grub: Document signing GRUB under UEFI + +Before adding information about how GRUB is signed with an appended +signature scheme, it's worth adding some information about how it +can currently be signed for UEFI. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + docs/grub.texi | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 2677059..c0ee968 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -6504,6 +6504,21 @@ which increases the risk of password leakage during the process. Moreover, the + superuser list must be well maintained, and the password used cannot be + synchronized with LUKS key rotation. + ++@node Signing GRUB itself ++@section Signing GRUB itself ++To ensure a complete secure-boot chain, there must be a way for the code that ++loads GRUB to verify the integrity of the core image. ++This is ultimately platform-specific and individual platforms can define their ++own mechanisms. However, there are general-purpose mechanisms that can be used ++with GRUB. ++@section Signing GRUB for UEFI secure boot ++On UEFI platforms, @file{core.img} is a PE binary. Therefore, it can be signed ++with a tool such as @command{pesign} or @command{sbsign}. Refer to the ++suggestions in @pxref{UEFI secure boot and shim} to ensure that the final ++image works under UEFI secure boot and can maintain the secure-boot chain. It ++will also be necessary to enroll the public key used into a relevant firmware ++key database. ++ + @node Platform limitations + @chapter Platform limitations + diff --git a/0502-docs-grub-Document-signing-GRUB-with-an-appended-sig.patch b/0502-docs-grub-Document-signing-GRUB-with-an-appended-sig.patch new file mode 100644 index 0000000..8a15f06 --- /dev/null +++ b/0502-docs-grub-Document-signing-GRUB-with-an-appended-sig.patch @@ -0,0 +1,124 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:55:04 +0530 +Subject: [PATCH] docs/grub: Document signing GRUB with an appended signature + +Signing GRUB for firmware that verifies an appended signature is a +bit fiddly. I don't want people to have to figure it out from scratch +so document it here. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + docs/grub.texi | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 95 insertions(+) + +diff --git a/docs/grub.texi b/docs/grub.texi +index c0ee968..a7afe87 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -6519,6 +6519,101 @@ image works under UEFI secure boot and can maintain the secure-boot chain. It + will also be necessary to enroll the public key used into a relevant firmware + key database. + ++@section Signing GRUB with an appended signature ++The @file{core.elf} itself can be signed with a Linux kernel module-style ++appended signature (@pxref{Using appended signatures}). ++To support IEEE1275 platforms where the boot image is often loaded directly ++from a disk partition rather than from a file system, the @file{core.elf} ++can specify the size and location of the appended signature with an ELF ++Note added by @command{grub-install} or @command{grub-mkimage}. ++An image can be signed this way using the @command{sign-file} command from ++the Linux kernel: ++ ++@itemize ++@item Signing a GRUB image using a single signer key. The grub.key is your ++private key used for GRUB signing, grub.der is a corresponding public key ++(certificate) used for GRUB signature verification, and the kernel.der is ++your public key (certificate) used for kernel signature verification. ++@example ++@group ++# Determine the size of the appended signature. It depends on the ++# signing key and the hash algorithm. ++# ++# Signing /dev/null with an appended signature. ++ ++sign-file SHA256 grub.key grub.der /dev/null ./empty.sig ++ ++# Build a GRUB image for the signature. ++ ++grub-mkimage -O powerpc-ieee1275 -o core.elf.unsigned -x kernel.der \ ++ -p /grub --appended-signature-size $(stat -c '%s' ./empty.sig) \ ++ --modules="appendedsig ..." ... ++ ++# Remove the signature file. ++ ++rm ./empty.sig ++ ++# Signing a GRUB image with an appended signature. ++ ++sign-file SHA256 grub.key grub.der core.elf.unsigned core.elf.signed ++ ++@end group ++@end example ++@item Signing a GRUB image using more than one signer key. The grub1.key and ++grub2.key are private keys used for GRUB signing, grub1.der and grub2.der ++are corresponding public keys (certificates) used for GRUB signature verification. ++The kernel1.der and kernel2.der are your public keys (certificates) used for ++kernel signature verification. ++@example ++@group ++# Generate a signature by signing /dev/null. ++ ++openssl cms -sign -binary -nocerts -in /dev/null -signer \ ++ grub1.der -inkey grub1.key -signer grub2.der -inkey grub2.key \ ++ -out ./empty.p7s -outform DER -noattr -md sha256 ++ ++# To be able to determine the size of an appended signature, sign an ++# empty file (/dev/null) to which a signature will be appended to. ++ ++sign-file -s ./empty.p7s sha256 /dev/null /dev/null ./empty.sig ++ ++# Build a GRUB image for the signature. ++ ++grub-mkimage -O powerpc-ieee1275 -o core.elf.unsigned -x kernel1.der \ ++ kernel2.der -p /grub --appended-signature-size $(stat -c '%s' ./empty.sig) \ ++ --modules="appendedsig ..." ... ++ ++# Remove the signature files. ++ ++rm ./empty.sig ./empty.p7s ++ ++# Generate a raw signature for GRUB image signing using OpenSSL. ++ ++openssl cms -sign -binary -nocerts -in core.elf.unsigned -signer \ ++ grub1.der -inkey grub1.key -signer grub2.der -inkey grub2.key \ ++ -out core.p7s -outform DER -noattr -md sha256 ++ ++# Sign a GRUB image to get an image file with an appended signature. ++ ++sign-file -s core.p7s sha256 /dev/null core.elf.unsigned core.elf.signed ++ ++@end group ++@end example ++@item Don't forget to install the signed image as required ++(e.g. on powerpc-ieee1275, to the PReP partition). ++@example ++@group ++# Install signed GRUB image to the PReP partition on powerpc-ieee1275 ++ ++dd if=core.elf.signed of=/dev/sda1 ++ ++@end group ++@end example ++@end itemize ++ ++As with UEFI secure boot, it is necessary to build-in the required modules, ++or sign them if they are not part of the GRUB image. ++ + @node Platform limitations + @chapter Platform limitations + diff --git a/0503-docs-grub-Document-appended-signature.patch b/0503-docs-grub-Document-appended-signature.patch new file mode 100644 index 0000000..23e92f1 --- /dev/null +++ b/0503-docs-grub-Document-appended-signature.patch @@ -0,0 +1,471 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Mon, 6 Oct 2025 12:55:05 +0530 +Subject: [PATCH] docs/grub: Document appended signature + +This explains how appended signatures can be used to form part of +a secure boot chain, and documents the commands and variables +introduced. + +Signed-off-by: Daniel Axtens +Signed-off-by: Sudhakar Kuppusamy +Reviewed-by: Stefan Berger +Reviewed-by: Avnish Chouhan +Reviewed-by: Daniel Kiper +--- + docs/grub.texi | 360 ++++++++++++++++++++++++++++++++++++++++++++++----------- + 1 file changed, 292 insertions(+), 68 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index a7afe87..ef16fcb 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -3227,6 +3227,7 @@ GRUB. Others may be used freely in GRUB configuration files. + These variables have special meaning to GRUB. + + @menu ++* appendedsig_key_mgmt:: + * biosnum:: + * check_appended_signatures:: + * check_signatures:: +@@ -3275,6 +3276,19 @@ These variables have special meaning to GRUB. + @end menu + + ++@node appendedsig_key_mgmt ++@subsection appendedsig_key_mgmt ++ ++This variable controls whether GRUB enforces appended signature validation ++using either @code{static} or @code{dynamic} key management. It is automatically ++set by GRUB to either @code{static} or @code{dynamic} based on the ++@strong{'ibm,secure-boot'} device tree property and Platform KeyStore (PKS). ++Also, it can be explicitly set to either @code{static} or @code{dynamic} by ++setting the @code{appendedsig_key_mgmt} variable from the GRUB console ++when the GRUB is not locked down. ++ ++@xref{Using appended signatures} for more information. ++ + @node biosnum + @subsection biosnum + +@@ -3287,13 +3301,17 @@ this. + For an alternative approach which also changes BIOS drive mappings for the + chain-loaded system, @pxref{drivemap}. + +- + @node check_appended_signatures + @subsection check_appended_signatures + + This variable controls whether GRUB enforces appended signature validation on +-certain loaded files. @xref{Using appended signatures}. ++loaded kernel and GRUB module files. It is automatically set by GRUB ++to either @code{no} or @code{yes} based on the @strong{'ibm,secure-boot'} device ++tree property. Also, it can be explicitly set to either @code{no} or @code{yes} by ++setting the @code{check_appended_signatures} variable from the GRUB console ++when the GRUB is not locked down. + ++@xref{Using appended signatures} for more information. + + @node check_signatures + @subsection check_signatures +@@ -3995,6 +4013,13 @@ you forget a command, you can run the command @command{help} + @menu + * [:: Check file types and compare values + * acpi:: Load ACPI tables ++* append_add_db_cert:: Add trusted certificate to the db list ++* append_add_db_hash:: Add trusted certificate/binary hash to the db list ++* append_add_dbx_cert:: Add distrusted certificate to the dbx list ++* append_add_dbx_hash:: Add distrusted certificate/binary hash to the dbx list ++* append_list_db:: List all trusted certificates from the db list ++* append_list_dbx:: List all distrusted certificates and binary/certificate hashes from the dbx list ++* append_verify:: Verify appended digital signature using db and dbx lists + * authenticate:: Check whether user is in user list + * background_color:: Set background color for active terminal + * background_image:: Load background image for active terminal +@@ -4122,6 +4147,140 @@ Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). + unsigned code. + @end deffn + ++@node append_add_db_cert ++@subsection append_add_db_cert ++ ++@deffn Command append_add_db_cert ++Read an X.509 certificate from the file @var{X509_certificate} ++and add it to GRUB's internal db list of trusted certificates. ++These certificates are used to validate appended signatures when the ++environment variable @code{check_appended_signatures} (@pxref{check_appended_signatures}) ++is set to @code{yes} or the @command{append_verify} (@pxref{append_verify}) ++command is executed from the GRUB console. ++ ++@xref{Using appended signatures} for more information. ++@end deffn ++ ++@node append_add_db_hash ++@subsection append_add_db_hash ++ ++@deffn Command append_add_db_hash ++Read a binary hash from the file @var{hash_file} ++and add it to GRUB's internal db list of trusted binary hashes. These ++hashes are used to validate the Linux kernel/GRUB module binary hashes when the ++environment variable @code{check_appended_signatures} ++(@pxref{check_appended_signatures}) is set to @code{yes} or the ++@command{append_verify} (@pxref{append_verify}) command is executed ++from the GRUB console. ++ ++Here is an example for how to generate a SHA-256 hash for a file. The hash ++will be in binary format: ++ ++@example ++ ++# The vmlinux (kernel image) file is your binary file, and ++# it should be unsigned. ++# ++# Generate the binary_hash.bin file from the vmlinux file ++# using OpenSSL command ++ ++openssl dgst -binary -sha256 -out binary_hash.bin vmlinux ++ ++@end example ++ ++@xref{Using appended signatures} for more information. ++@end deffn ++ ++@node append_add_dbx_cert ++@subsection append_add_dbx_cert ++ ++@deffn Command append_add_dbx_cert ++Read an X.509 certificate from the file @var{X509_certificate} ++and add it to GRUB's internal dbx list of distrusted certificates. ++These certificates are used to ensure that the distrusted certificates ++are rejected during appended signatures validation when the environment ++variable @code{check_appended_signatures} is set to @code{yes} ++(@pxref{check_appended_signatures}) or the @command{append_verify} ++(@pxref{append_verify}) command is executed from the GRUB console. ++Also, these certificates are used to prevent distrusted certificates from ++being added to the db list later on. ++ ++@xref{Using appended signatures} for more information. ++@end deffn ++ ++@node append_add_dbx_hash ++@subsection append_add_dbx_hash ++ ++@deffn Command append_add_dbx_hash [@option{-b}|@option{-c}] ++Read a binary/certificate hash from the file @var{hash_file} ++and add it to GRUB's internal dbx list of distrusted binary/certificate hashes. ++When the environment variable @code{check_appended_signatures} (@pxref{check_appended_signatures}) ++is set to @code{yes} or the @command{append_verify} (@pxref{append_verify}) command ++is executed from the GRUB console, then matching distrusted binary hashes or the signature ++validation with distrusted certificates may lead to the rejection of the Linux kernel or GRUB modules. ++Also, these hashes are used to prevent distrusted certificates and binary hashes from being ++added to the db list later on. ++ ++The @option{-b} (@option{--binary-hash}) can be used to specify a binary hash file and ++@option{-c} (@option{--cert-hash}) can be used to specify a certificate hash file. ++ ++Here is an example for how to generate a SHA-256 hash for a binary and a ++certificate file. The hash will be in binary format: ++ ++@example ++ ++# The vmlinux (kernel image) file is your binary file, and ++# it should be unsigned. The kernel.der is your certificate file. ++# ++# Generate the cert_hash.bin file from the kernel.der file ++ ++openssl dgst -binary -sha256 -out cert_hash.bin kernel.der ++ ++# Generate the binary_hash.bin file from the vmlinux file ++ ++openssl dgst -binary -sha256 -out binary_hash.bin vmlinux ++ ++@end example ++ ++@xref{Using appended signatures} for more information. ++@end deffn ++ ++@node append_list_db ++@subsection append_list_db ++ ++@deffn Command append_list_db ++List all X.509 certificates and binary hashes trusted by GRUB for validating ++appended signatures. The output is a numbered list of certificates and binary hashes, ++showing the certificate's version, serial number, issuer, subject, ++public key algorithm, RSA public key size, and certificate fingerprint. ++ ++@xref{Using appended signatures} for more information. ++@end deffn ++ ++@node append_list_dbx ++@subsection append_list_dbx ++ ++@deffn Command append_list_dbx ++List all the distrusted X.509 certificates and binary/certificate hashes. ++The output is a numbered list of certificates and binary/certificate hashes, ++showing the certificate's version, serial number, issuer, subject, ++public key algorithm, RSA public key size, and certificate fingerprint. ++ ++@xref{Using appended signatures} for more information. ++@end deffn ++ ++@node append_verify ++@subsection append_verify ++ ++@deffn Command append_verify ++Verifies an appended signature on @var{signed_file} against the trusted X.509 certificates ++and hashes known to GRUB (@pxref{append_list_db},@pxref{append_list_dbx}, @pxref{append_add_db_cert}, ++@pxref{append_add_db_hash}, @pxref{append_add_dbx_hash} and @pxref{append_add_dbx_cert}). ++Exit code @code{$?} is set to 0 if the signature validates successfully. ++If validation fails, it is set to a non-zero value. ++ ++@xref{Using appended signatures} for more information. ++@end deffn + + @node authenticate + @subsection authenticate +@@ -4813,10 +4972,12 @@ configurations, and to enable ``one-shot'' boot attempts and + ``savedefault'' behavior. @xref{Using GPG-style digital signatures}, for more + information. + +-Extra care should be taken when combining this command with appended signatures +-(@pxref{Using appended signatures}), as this file is not validated by an +-appended signature and could set @code{check_appended_signatures=no} if GRUB is +-not in @pxref{Lockdown} mode. ++If the environment variable @code{check_appended_signatures} value is set to ++@code{yes} and GRUB is in lockeddown mode, the user is not allowed to set ++@code{check_appended_signatures} to @code{no} and @code{appendedsig_key_mgmt} ++to @code{static} or @code{dynamic} either directly using @command{load_env} ++command or via environment block file. @xref{Using appended signatures}, for ++more information. + @end deffn + + +@@ -6073,6 +6234,7 @@ environment variables and commands are listed in the same order. + * Secure Boot Advanced Targeting:: Embedded information for generation number based revocation + * Measured Boot:: Measuring boot components + * Lockdown:: Lockdown when booting on a secure setup ++* Signing certificate and hash files:: Certificate and hash file signing + * Signing GRUB itself:: Ensuring the integrity of the GRUB core image + @end menu + +@@ -6246,8 +6408,8 @@ secure boot chain. + @node Using appended signatures + @section Using appended signatures in GRUB + +-GRUB supports verifying Linux-style 'appended signatures' for secure boot. +-Appended signatures are PKCS#7 messages containing a signature over the ++GRUB supports verifying Linux-style 'appended signatures' for Linux on Power LPAR ++secure boot. Appended signatures are PKCS#7 messages containing a signature over the + contents of a file, plus some metadata, appended to the end of a file. A file + with an appended signature ends with the magic string: + +@@ -6255,80 +6417,114 @@ with an appended signature ends with the magic string: + ~Module signature appended~\n + @end example + +-where @code{\n} represents the line-feed character, @code{0x0a}. ++where @code{\n} represents the line feed character, @code{0x0a}. + +-For static key, Certificates will be built in to the core image using +-the @code{--x509} parameter to @command{grub-install} or @command{grub-mkimage}. +-it can allow to list the trusted certificates and binary hashes at boot time using +-@pxref{trusted_list} and list distrusted certificates and binary/certificate hashes +-at boot time using @pxref{distrusted_list} commands. ++Linux on Power LPAR secure boot is controlled by @strong{'ibm,secure-boot'} ++device tree property and if this property is set to @code{2} (@samp{enforce}), ++GRUB enters lockdown mode. There are three secure boot modes. They are + +-For dynamic key, loads the signature database (DB) and forbidden +-signature database (DBX) from platform keystore (PKS) and it can allow to list +-the trusted certificates and binary hashes at boot time using @pxref{trusted_list} +-and list distrusted certificates and binary/certificate hashes at boot time using +-@pxref{distrusted_list} commands. ++@itemize ++@item @samp{0 - disabled}: Secure boot is disabled. This is the default. ++@item @samp{1 - audit}: Enforce signature verification by setting ++ @code{check_appended_signatures} (@pxref{check_appended_signatures}) to ++ @code{yes} and do not enter lockdown mode. Signature verification ++ is performed and if signature verification fails, display the errors and ++ allow the boot to continue. ++@item @samp{2 - enforce}: Enter lockdown mode and enforce signature verification by setting ++ @code{check_appended_signatures} (@pxref{check_appended_signatures}) to @code{yes}. ++@end itemize + +-A file can be explictly verified using the @pxref{verify_appended} command. ++Note that Linux on Power LPAR only supports @samp{0 - disabled} and @samp{2 - enforce}, ++and @samp{1 - audit} is considered as secure boot being disabled. + +-Only signatures made with the SHA-256 or SHA-512 hash algorithm are supported, +-and only RSA signatures are supported. ++Enforcement of signature verification is controlled by the environment variable ++@code{check_appended_signatures} (@pxref{check_appended_signatures}). ++ ++@itemize ++@item @samp{no}: No verification is performed. This is the default. ++@item @samp{yes}: Signature verification is performed and if signature verification fails, ++ display the errors and stop the boot. Signature verification cannot be disabled by setting ++ the @code{check_appended_signatures} variable back to @samp{no}. ++@end itemize ++ ++To enable appended signature verification, load the appendedsig module and an ++X.509 certificate for verification. It is recommended to build the appendedsig module ++into the core GRUB image. ++ ++Key management is controlled by the environment variable @code{appendedsig_key_mgmt} ++(@pxref{appendedsig_key_mgmt}). ++ ++@itemize ++@item @samp{static}: Enforce static key management signature verification. This is the default. ++ When GRUB is in lockdown mode, then the user cannot change the value of the ++ @code{appendedsig_key_mgmt}. ++@item @samp{dynamic}: Enforce dynamic key management signature verification. When GRUB is in ++ lockdown mode, then the user cannot change the value of the @code{appendedsig_key_mgmt}. ++@end itemize ++ ++In static key management mode, certificates will be built into the core image using ++the @code{--x509} parameter to @command{grub-mkimage}. The list of trusted certificates ++available at boot time can be shown using @command{append_list_db} (@pxref{append_list_db}). ++Distrusted certificates can be explicitly removed from the db using @command{append_add_dbx_cert} ++(@pxref{append_add_dbx_cert}). Also, trusted certificates can be explicitly added to the db using ++@command{append_add_db_cert} (@pxref{append_add_db_cert}). ++ ++In dynamic key management mode, db and dbx are read from the Platform KeyStore (PKS). If ++db does not exist in PKS, static keys (built-in keys) are used as the default keys. ++The list of trusted certificates and binary hashes available at boot time can be shown using ++@command{append_list_db} (@pxref{append_list_db}) and the list of distrusted certificates and ++binary/certificate hashes available at boot time can be shown using @command{append_list_dbx} ++(@pxref{append_list_dbx}). The trusted certificates and binary hashes can be explicitly added ++to the db using @command{append_add_db_cert} (@pxref{append_add_db_cert}) and ++@command{append_add_db_hash} (@pxref{append_add_db_hash}). Distrusted certificates can be explicitly ++added to the dbx using @command{append_add_dbx_cert} (@pxref{append_add_dbx_cert}) and distrusted ++certificate/binary hashes can be explicitly added to the dbx using @command{append_add_dbx_hash} ++(@pxref{append_add_dbx_hash}). ++ ++A file can be explicitly verified using @command{append_verify} (@pxref{append_verify}). ++ ++Note that when the environment variable @code{check_appended_signatures} is set to @code{yes}, ++the @command{append_add_db_cert} and @command{append_add_dbx_cert} commands only accept ++the file @samp{@var{X509_certificate}} that is signed with an appended signature ++(@pxref{Signing certificate and hash files}), and the @command{append_add_db_hash} and ++@command{append_add_dbx_hash} commands only accept the file @samp{@var{hash_file}} that is ++signed with an appended signature (@pxref{Signing certificate and hash files}). ++The signature is verified by the appendedsig module. ++When the environment variable @code{check_appended_signatures} is set to @code{no}, ++these commands accept files without an appended signature. ++ ++Also, note that @samp{@var{X509_certificate}} should be in DER-format and @samp{@var{hash_file}} ++should be in binary format. Only SHA-256, SHA-384, or SHA-512 hashes of binary/certificate are allowed. ++Certificates/hashes of certificates/binaries added through @command{append_add_db_cert}, ++@command{append_add_dbx_cert}, @command{append_add_db_hash}, and @command{append_add_dbx_hash} ++will not be persisted across boots. ++ ++Only signatures created using SHA-256 or SHA-512 hash algorithm along with RSA keys of size 2048, ++3072, or 4096 bits are supported. + + A file can be signed with the @command{sign-file} utility supplied with the + Linux kernel source. For example, if you have @code{signing.key} as the private +-key and @code{certificate.der} as the x509 certificate containing the public key: ++key and @code{certificate.der} as the X.509 certificate containing the public key: + + @example + sign-file SHA256 signing.key certificate.der vmlinux vmlinux.signed + @end example + +-Enforcement of signature verification is controlled by the +-@code{check_appended_signatures} variable. ++Once signature verification is turned on, the following file types must carry ++appended signatures: + +-@itemize +-@item @samp{no}: no verification is performed. This is the default when GRUB +- is not in @pxref{Lockdown} mode. +-@item @samp{enforce}: verification is performed. Verification can be disabled +- by setting the variable back to @samp{no}. +-@item @samp{forced}: verification is performed and cannot be disabled. This is +- set when GRUB is in Lockdown when the appendedsig module is loaded. +-@end itemize +- +-Unlike GPG-style signatures, not all files loaded by GRUB are required to be +-signed. Once verification is turned on, the following file types will have +-appended signatures verified: +- +-@itemize ++@enumerate + @item Linux kernels +-@item GRUB modules, except those built into the core image +-@item Any new certificate files to be trusted +-@end itemize +- +-ACPI tables and Device Tree images will not be checked for appended signatures +-but must be verified by another mechanism such as GPG-style signatures before +-they will be loaded. +- +-Unless lockdown mode is enabled, signature checking does @strong{not} +-stop an attacker with console access from dropping manually to the GRUB +-console and executing: +- +-@example +-set check_appended_signatures=no +-@end example +- +-Refer to the section on password-protecting GRUB (@pxref{Authentication +-and authorisation}) for more information on preventing this. +- +-Additionally, unless lockdown mode is enabled: +- +-@itemize +-@item Special care must be taken around the @command{loadenv} command, which +- can be used to turn off @code{check_appended_signature}. +- +-@item If the grub configuration file is loaded from the disk, anyone who can +- modify the file on disk can turn off @code{check_appended_signature}. +- Consider embedding the configuration into the core grub image. +-@end itemize ++@item GRUB modules, except those built in to the core image ++@item Any new certificate or binary hash files to be trusted ++@item Any new certificate/binary hash files to be distrusted ++@end enumerate ++ ++When GRUB is in lockdown mode (when secure boot mode is set to @code{enforce}), ++signature verification cannot be @strong{disabled} by setting the ++@code{check_appended_signatures} (@pxref{check_appended_signatures}) variable ++to @code{no} or using the @command{load_env} (@pxref{load_env}) command from ++the GRUB console. + + @node UEFI secure boot and shim + @section UEFI secure boot and shim support +@@ -6504,6 +6700,34 @@ which increases the risk of password leakage during the process. Moreover, the + superuser list must be well maintained, and the password used cannot be + synchronized with LUKS key rotation. + ++@node Signing certificate and hash files ++@section Signing certificate and hash files ++X.509 certificate (public key) files and hash files (binary/certificate hash files) ++can be signed with a Linux kernel module-style appended signature. ++ ++The signer.key is a private key used for signing and signer.der is the corresponding ++public key (certificate) used for appended signature verification. Note that the ++signer.der (certificate) should exist in the db (@pxref{Using appended signatures}). ++ ++@itemize ++@item Signing the X.509 certificate file using @file{sign-file}. ++The kernel.der is an X.509 certificate file. ++@example ++ ++sign-file SHA256 signer.key signer.der kernel.der \ ++ kernel.der.signed ++ ++@end example ++@item Signing the hash file using @file{sign-file}. ++The binary_hash.bin is a binary hash file. ++@example ++ ++sign-file SHA256 signer.key signer.der binary_hash.bin \ ++ binary_hash.signed ++ ++@end example ++@end itemize ++ + @node Signing GRUB itself + @section Signing GRUB itself + To ensure a complete secure-boot chain, there must be a way for the code that diff --git a/0504-Appended-sig-Fix-build-after-merge.patch b/0504-Appended-sig-Fix-build-after-merge.patch new file mode 100644 index 0000000..663d5d6 --- /dev/null +++ b/0504-Appended-sig-Fix-build-after-merge.patch @@ -0,0 +1,124 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Nicolas Frayer +Date: Thu, 13 Nov 2025 08:24:41 -0500 +Subject: [PATCH] Appended sig: Fix build after merge + +Fixed build for duplicates and previous partial merge from upstream. + +Signed-off-by: Nicolas Frayer +--- + grub-core/commands/appendedsig/appendedsig.c | 2 +- + grub-core/commands/appendedsig/appendedsig.h | 2 +- + grub-core/commands/appendedsig/x509.c | 2 +- + include/grub/kernel.h | 1 - + util/grub-install-common.c | 6 ------ + util/grub-mkimage.c | 7 ------- + util/grub-mkimagexx.c | 9 --------- + 7 files changed, 3 insertions(+), 26 deletions(-) + +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +index 5c53f63..1c74554 100644 +--- a/grub-core/commands/appendedsig/appendedsig.c ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -30,7 +30,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h +index c874654..cb0fe19 100644 +--- a/grub-core/commands/appendedsig/appendedsig.h ++++ b/grub-core/commands/appendedsig/appendedsig.h +@@ -18,7 +18,7 @@ + */ + + #include +-#include ++#include + + extern asn1_node grub_gnutls_gnutls_asn; + extern asn1_node grub_gnutls_pkix_asn; +diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c +index bc15266..08846aa 100644 +--- a/grub-core/commands/appendedsig/x509.c ++++ b/grub-core/commands/appendedsig/x509.c +@@ -17,7 +17,7 @@ + * along with GRUB. If not, see . + */ + +-#include ++#include + #include + #include + #include +diff --git a/include/grub/kernel.h b/include/grub/kernel.h +index 0ada600..bd0826b 100644 +--- a/include/grub/kernel.h ++++ b/include/grub/kernel.h +@@ -28,7 +28,6 @@ enum + OBJ_TYPE_MEMDISK, + OBJ_TYPE_CONFIG, + OBJ_TYPE_PREFIX, +- OBJ_TYPE_GPG_PUBKEY, + OBJ_TYPE_X509_PUBKEY, + OBJ_TYPE_DTB, + OBJ_TYPE_DISABLE_SHIM_LOCK, +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 7f0aedb..6c82ff2 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -505,12 +505,6 @@ grub_install_parse (int key, char *arg) + case GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK: + disable_shim_lock = 1; + return 1; +- case 'x': +- x509keys = xrealloc (x509keys, +- sizeof (x509keys[0]) +- * (nx509keys + 1)); +- x509keys[nx509keys++] = xstrdup (arg); +- return 1; + case GRUB_INSTALL_OPTIONS_DISABLE_CLI: + disable_cli = 1; + return 1; +diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c +index 55f3eaa..21f5aa0 100644 +--- a/util/grub-mkimage.c ++++ b/util/grub-mkimage.c +@@ -178,13 +178,6 @@ argp_parser (int key, char *arg, struct argp_state *state) + arguments->note = 1; + break; + +- case 'S': +- grub_errno = 0; +- arguments->appsig_size = grub_strtol(arg, &end, 10); +- if (grub_errno) +- return 0; +- break; +- + case 'S': + arguments->appsig_size = grub_strtoul (arg, &end, 10); + if (*arg == '\0' || *end != '\0') +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index ca25b2d..7da40d5 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -84,15 +84,6 @@ struct grub_ieee1275_note + struct grub_ieee1275_note_desc descriptor; + }; + +-#define GRUB_APPENDED_SIGNATURE_NOTE_NAME "Appended-Signature" +-#define GRUB_APPENDED_SIGNATURE_NOTE_TYPE 0x41536967 /* "ASig" */ +- +-struct grub_appended_signature_note +-{ +- Elf32_Nhdr header; +- char name[ALIGN_UP(sizeof (GRUB_APPENDED_SIGNATURE_NOTE_NAME), 4)]; +-}; +- + #define GRUB_XEN_NOTE_NAME "Xen" + + struct fixup_block_list diff --git a/0505-libgcrypt-Avoid-Wsign-compare-in-rijndael-do_setkey.patch b/0505-libgcrypt-Avoid-Wsign-compare-in-rijndael-do_setkey.patch new file mode 100644 index 0000000..3dee29a --- /dev/null +++ b/0505-libgcrypt-Avoid-Wsign-compare-in-rijndael-do_setkey.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Heinrich Schuchardt +Date: Fri, 13 Aug 2021 16:15:33 +0200 +Subject: [PATCH] libgcrypt: Avoid -Wsign-compare in rijndael do_setkey() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Avoid a warning + + lib/libgcrypt-grub/cipher/rijndael.c:352:21: warning: + comparison of integer expressions of different signedness: + ‘int’ and ‘unsigned int’ [-Wsign-compare] + 352 | for (i = 0; i < keylen; i++) + | + +Signed-off-by: Heinrich Schuchardt +Reviewed-by: Daniel Kiper +--- + grub-core/lib/libgcrypt/cipher/rijndael.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/lib/libgcrypt/cipher/rijndael.c b/grub-core/lib/libgcrypt/cipher/rijndael.c +index 559550b..38e9a7c 100644 +--- a/grub-core/lib/libgcrypt/cipher/rijndael.c ++++ b/grub-core/lib/libgcrypt/cipher/rijndael.c +@@ -181,7 +181,8 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) + static int initialized = 0; + static const char *selftest_failed=0; + int rounds; +- int i,j, r, t, rconpointer = 0; ++ unsigned int i; ++ int j, r, t, rconpointer = 0; + int KC; + union + { diff --git a/0506-libgcrypt-Avoid-Wempty-body-in-rijndael-do_setkey.patch b/0506-libgcrypt-Avoid-Wempty-body-in-rijndael-do_setkey.patch new file mode 100644 index 0000000..99ab942 --- /dev/null +++ b/0506-libgcrypt-Avoid-Wempty-body-in-rijndael-do_setkey.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Heinrich Schuchardt +Date: Fri, 13 Aug 2021 14:49:10 +0200 +Subject: [PATCH] libgcrypt: Avoid -Wempty-body in rijndael do_setkey() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Avoid a warning + + lib/libgcrypt-grub/cipher/rijndael.c:229:9: + warning: suggest braces around empty body in an ‘if’ statement [-Wempty-body] + 229 | ; + | ^ + +Signed-off-by: Heinrich Schuchardt +Reviewed-by: Daniel Kiper +--- + grub-core/lib/libgcrypt/cipher/rijndael.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/grub-core/lib/libgcrypt/cipher/rijndael.c b/grub-core/lib/libgcrypt/cipher/rijndael.c +index 38e9a7c..b3effa2 100644 +--- a/grub-core/lib/libgcrypt/cipher/rijndael.c ++++ b/grub-core/lib/libgcrypt/cipher/rijndael.c +@@ -228,7 +228,9 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) + KC = 4; + + if (0) +- ; ++ { ++ ; ++ } + #ifdef USE_PADLOCK + else if ((_gcry_get_hw_features () & HWF_PADLOCK_AES)) + { diff --git a/0507-lib-Remove-trailing-whitespaces.patch b/0507-lib-Remove-trailing-whitespaces.patch new file mode 100644 index 0000000..b71d6b3 --- /dev/null +++ b/0507-lib-Remove-trailing-whitespaces.patch @@ -0,0 +1,1235 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Elyes Haouas +Date: Fri, 4 Mar 2022 07:42:04 +0100 +Subject: [PATCH] lib: Remove trailing whitespaces + +Signed-off-by: Elyes Haouas +Reviewed-by: Daniel Kiper +--- + grub-core/lib/arg.c | 2 +- + grub-core/lib/crypto.c | 14 +++--- + grub-core/lib/efi/relocator.c | 8 ++-- + grub-core/lib/fdt.c | 4 +- + grub-core/lib/i386/reboot.c | 2 +- + grub-core/lib/i386/relocator.c | 2 +- + grub-core/lib/ieee1275/cmos.c | 4 +- + grub-core/lib/ieee1275/relocator.c | 4 +- + grub-core/lib/legacy_parse.c | 26 ++++++------ + grub-core/lib/libgcrypt/cipher/test-getrusage.c | 14 +++--- + grub-core/lib/libgcrypt/mpi/generic/mpih-add1.c | 6 +-- + grub-core/lib/libgcrypt/mpi/generic/mpih-lshift.c | 2 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-mul1.c | 4 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-mul2.c | 6 +-- + grub-core/lib/libgcrypt/mpi/generic/mpih-mul3.c | 4 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-sub1.c | 4 +- + grub-core/lib/libgcrypt/mpi/i386/syntax.h | 2 +- + grub-core/lib/libgcrypt/mpi/m68k/syntax.h | 2 +- + grub-core/lib/mips/loongson/reboot.c | 2 +- + grub-core/lib/mips/relocator.c | 2 +- + grub-core/lib/posix_wrap/ctype.h | 14 +++--- + grub-core/lib/posix_wrap/stdlib.h | 2 +- + grub-core/lib/posix_wrap/string.h | 4 +- + grub-core/lib/posix_wrap/wctype.h | 2 +- + grub-core/lib/powerpc/relocator.c | 4 +- + grub-core/lib/priority_queue.c | 2 +- + grub-core/lib/reed_solomon.c | 6 +-- + grub-core/lib/relocator.c | 48 ++++++++++----------- + grub-core/lib/syslinux_parse.c | 52 +++++++++++------------ + grub-core/lib/xzembed/xz_dec_stream.c | 6 +-- + 30 files changed, 127 insertions(+), 127 deletions(-) + +diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c +index ade82d5..c2bd6a4 100644 +--- a/grub-core/lib/arg.c ++++ b/grub-core/lib/arg.c +@@ -270,7 +270,7 @@ grub_arg_parse (grub_extcmd_t cmd, int argc, char **argv, + for (curshort = arg + 1; *curshort; curshort++) + if (!find_short (cmd->options, *curshort)) + break; +- ++ + if (*curshort) + { + if (add_arg (&argl, &num, arg) != 0) +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index c578128..d53ddbe 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -59,7 +59,7 @@ _gcry_burn_stack (int size) + void __attribute__ ((noreturn)) + _gcry_assert_failed (const char *expr, const char *file, int line, + const char *func) +- ++ + { + grub_fatal ("assertion %s at %s:%d (%s) failed\n", expr, file, line, func); + } +@@ -83,7 +83,7 @@ void _gcry_log_error (const char *fmt, ...) + } + } + +-void ++void + grub_cipher_register (gcry_cipher_spec_t *cipher) + { + cipher->next = grub_ciphers; +@@ -102,14 +102,14 @@ grub_cipher_unregister (gcry_cipher_spec_t *cipher) + } + } + +-void ++void + grub_md_register (gcry_md_spec_t *digest) + { + digest->next = grub_digests; + grub_digests = digest; + } + +-void ++void + grub_md_unregister (gcry_md_spec_t *cipher) + { + gcry_md_spec_t **ciph; +@@ -318,7 +318,7 @@ grub_crypto_hmac_init (const struct gcry_md_spec *md, + if (!ctx) + goto err; + +- if ( keylen > md->blocksize ) ++ if ( keylen > md->blocksize ) + { + helpkey = grub_malloc (md->mdlen); + if (!helpkey) +@@ -339,7 +339,7 @@ grub_crypto_hmac_init (const struct gcry_md_spec *md, + + grub_memcpy ( ipad, key, keylen ); + grub_memcpy ( opad, key, keylen ); +- for (i=0; i < md->blocksize; i++ ) ++ for (i=0; i < md->blocksize; i++ ) + { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; +@@ -462,7 +462,7 @@ grub_password_get (char buf[], unsigned buf_size) + + while (1) + { +- key = grub_getkey (); ++ key = grub_getkey (); + if (key == '\n' || key == '\r') + break; + +diff --git a/grub-core/lib/efi/relocator.c b/grub-core/lib/efi/relocator.c +index 319b69e..84da70a 100644 +--- a/grub-core/lib/efi/relocator.c ++++ b/grub-core/lib/efi/relocator.c +@@ -26,7 +26,7 @@ + #define NEXT_MEMORY_DESCRIPTOR(desc, size) \ + ((grub_efi_memory_descriptor_t *) ((char *) (desc) + (size))) + +-unsigned ++unsigned + grub_relocator_firmware_get_max_events (void) + { + grub_efi_uintn_t mmapsize = 0, descriptor_size = 0; +@@ -39,7 +39,7 @@ grub_relocator_firmware_get_max_events (void) + return 2 * (mmapsize / descriptor_size + 10); + } + +-unsigned ++unsigned + grub_relocator_firmware_fill_events (struct grub_relocator_mmap_event *events) + { + grub_efi_uintn_t mmapsize = 0, desc_size = 0; +@@ -65,7 +65,7 @@ grub_relocator_firmware_fill_events (struct grub_relocator_mmap_event *events) + grub_uint64_t start = desc->physical_start; + grub_uint64_t end = desc->physical_start + (desc->num_pages << 12); + +- /* post-4G addresses are never supported on 32-bit EFI. ++ /* post-4G addresses are never supported on 32-bit EFI. + Moreover it has been reported that some 64-bit EFI contrary to the + spec don't map post-4G pages. So if you enable post-4G allocations, + map pages manually or check that they are mapped. +@@ -81,7 +81,7 @@ grub_relocator_firmware_fill_events (struct grub_relocator_mmap_event *events) + counter++; + events[counter].type = REG_FIRMWARE_END; + events[counter].pos = end; +- counter++; ++ counter++; + } + + return counter; +diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c +index 37e04bd..fbf749e 100644 +--- a/grub-core/lib/fdt.c ++++ b/grub-core/lib/fdt.c +@@ -333,7 +333,7 @@ int grub_fdt_next_node (const void *fdt, unsigned int currentoffset) + return -1; + return (int) ((grub_addr_t) token - (grub_addr_t) fdt + - grub_fdt_get_off_dt_struct (fdt)); +-} ++} + + int grub_fdt_first_node (const void *fdt, unsigned int parentoffset) + { +@@ -353,7 +353,7 @@ int grub_fdt_first_node (const void *fdt, unsigned int parentoffset) + return -1; + return (int) ((grub_addr_t) token - (grub_addr_t) fdt + - grub_fdt_get_off_dt_struct (fdt)); +-} ++} + + /* Find a direct sub-node of a given parent node. */ + int grub_fdt_find_subnode (const void *fdt, unsigned int parentoffset, +diff --git a/grub-core/lib/i386/reboot.c b/grub-core/lib/i386/reboot.c +index dce0b56..d0fd6a5 100644 +--- a/grub-core/lib/i386/reboot.c ++++ b/grub-core/lib/i386/reboot.c +@@ -55,7 +55,7 @@ grub_reboot (void) + state.a20 = 0; + + grub_stop_floppy (); +- ++ + err = grub_relocator16_boot (relocator, state); + + while (1); +diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c +index 34cbe83..54a1dcd 100644 +--- a/grub-core/lib/i386/relocator.c ++++ b/grub-core/lib/i386/relocator.c +@@ -131,7 +131,7 @@ grub_relocator16_boot (struct grub_relocator *rel, + if (err) + return err; + +- grub_relocator16_cs = state.cs; ++ grub_relocator16_cs = state.cs; + grub_relocator16_ip = state.ip; + + grub_relocator16_ds = state.ds; +diff --git a/grub-core/lib/ieee1275/cmos.c b/grub-core/lib/ieee1275/cmos.c +index 328d70a..1400cfb 100644 +--- a/grub-core/lib/ieee1275/cmos.c ++++ b/grub-core/lib/ieee1275/cmos.c +@@ -52,7 +52,7 @@ grub_cmos_find_port_iter (struct grub_ieee1275_devalias *alias) + #if GRUB_CPU_SIZEOF_VOID_P == 8 + if (actual == 8) + { +- grub_cmos_port = (volatile grub_uint8_t *) ++ grub_cmos_port = (volatile grub_uint8_t *) + ((((grub_addr_t) addr[0]) << 32) | addr[1]); + return 1; + } +@@ -72,6 +72,6 @@ grub_cmos_find_port (void) + grub_ieee1275_devices_iterate (grub_cmos_find_port_iter); + if (!grub_cmos_port) + return grub_error (GRUB_ERR_IO, "no cmos found"); +- ++ + return GRUB_ERR_NONE; + } +diff --git a/grub-core/lib/ieee1275/relocator.c b/grub-core/lib/ieee1275/relocator.c +index d1bb45c..918392f 100644 +--- a/grub-core/lib/ieee1275/relocator.c ++++ b/grub-core/lib/ieee1275/relocator.c +@@ -33,7 +33,7 @@ count (grub_uint64_t addr __attribute__ ((unused)), + return 0; + } + +-unsigned ++unsigned + grub_relocator_firmware_get_max_events (void) + { + int counter = 0; +@@ -82,7 +82,7 @@ grub_relocator_firmware_fill_events_iter (grub_uint64_t addr, + return 0; + } + +-unsigned ++unsigned + grub_relocator_firmware_fill_events (struct grub_relocator_mmap_event *events) + { + struct grub_relocator_firmware_fill_events_ctx ctx = { +diff --git a/grub-core/lib/legacy_parse.c b/grub-core/lib/legacy_parse.c +index 05719ab..fa0131a 100644 +--- a/grub-core/lib/legacy_parse.c ++++ b/grub-core/lib/legacy_parse.c +@@ -92,7 +92,7 @@ static struct legacy_command legacy_commands[] = + 2, {TYPE_FILE, TYPE_FILE}, FLAG_IGNORE_REST, "FILE1 FILE2", + "Compare the file FILE1 with the FILE2 and inform the different values" + " if any."}, +- {"color", "set color_normal='%s'; set color_highlight='%s'\n", NULL, 0, ++ {"color", "set color_normal='%s'; set color_highlight='%s'\n", NULL, 0, + 2, {TYPE_VERBATIM, TYPE_VERBATIM}, + FLAG_IGNORE_REST | FLAG_FALLBACK_AVAILABLE, "NORMAL [HIGHLIGHT]", + "Change the menu colors. The color NORMAL is used for most" +@@ -115,7 +115,7 @@ static struct legacy_command legacy_commands[] = + 0, {}, 0, 0, "Turn on/off the debug mode."}, + {"default", + "set default='%s'; if [ x\"$default\" = xsaved ]; then load_env; " +- "set default=\"$saved_entry\"; fi\n", NULL, 0, 1, {TYPE_VERBATIM}, 0, ++ "set default=\"$saved_entry\"; fi\n", NULL, 0, 1, {TYPE_VERBATIM}, 0, + "[NUM | `saved']", + "Set the default entry to entry number NUM (if not specified, it is" + " 0, the first entry) or the entry number saved by savedefault."}, +@@ -128,7 +128,7 @@ static struct legacy_command legacy_commands[] = + " tag."}, + {"displayapm", "lsapm\n", NULL, 0, 0, {}, 0, 0, + "Display APM BIOS information."}, +- {"displaymem", "lsmmap\n", NULL, 0, 0, {}, 0, 0, ++ {"displaymem", "lsmmap\n", NULL, 0, 0, {}, 0, 0, + "Display what GRUB thinks the system address space map of the" + " machine is, including all regions of physical RAM installed."}, + /* FIXME: device and efimap unsupported. */ +@@ -213,7 +213,7 @@ static struct legacy_command legacy_commands[] = + 1, {TYPE_BOOL}, FLAG_FALLBACK_AVAILABLE, "[FLAG]", + "Toggle pager mode with no argument. If FLAG is given and its value" + " is `on', turn on the mode. If FLAG is `off', turn off the mode."}, +- {"pager", ++ {"pager", + "if [ \"$pager\" = 1 ]; then pager=0; echo Internal pager is now off;" + "else pager=1; echo Internal pager is now on; fi\n", NULL, 0, 0, {}, + FLAG_FALLBACK, NULL, NULL}, +@@ -291,7 +291,7 @@ static struct legacy_command legacy_commands[] = + "Save the current entry as the default boot entry if no argument is" + " specified. If a number is specified, this number is saved. If" + " `fallback' is used, next fallback entry is saved."}, +- {"serial", "serial %s\n", NULL, 0, 1, {TYPE_REST_VERBATIM}, 0, ++ {"serial", "serial %s\n", NULL, 0, 1, {TYPE_REST_VERBATIM}, 0, + "[--unit=UNIT] [--port=PORT] [--speed=SPEED] [--word=WORD] " + "[--parity=PARITY] [--stop=STOP] [--device=DEV]", + "Initialize a serial device. UNIT is a digit that specifies which serial" +@@ -438,7 +438,7 @@ adjust_file (const char *in, grub_size_t len) + { + if (*ptr == '\'' || *ptr == '\\') + *outptr++ = '\\'; +- ++ + *outptr++ = *ptr; + } + if (subpart != -1) +@@ -451,7 +451,7 @@ adjust_file (const char *in, grub_size_t len) + { + if (*ptr == '\'' || *ptr == '\\') + *outptr++ = '\\'; +- ++ + *outptr++ = *ptr; + } + *outptr = 0; +@@ -489,7 +489,7 @@ is_option (enum arg_type opt, const char *curarg, grub_size_t len) + return (len >= 2 && curarg[0] == '-' && curarg[1] == '-'); + default: + return 0; +- } ++ } + } + + char * +@@ -635,7 +635,7 @@ grub_legacy_parse (const char *buf, char **entryname, char **suffix) + + { + int hold_arg = 0; +- const char *curarg = NULL; ++ const char *curarg = NULL; + for (i = 0; i < legacy_commands[cmdnum].argc; i++) + { + grub_size_t curarglen; +@@ -685,7 +685,7 @@ grub_legacy_parse (const char *buf, char **entryname, char **suffix) + ptr++; + overhead += 3; + } +- ++ + outptr0 = args[i] = grub_malloc (overhead + (ptr - curarg)); + if (!outptr0) + return NULL; +@@ -819,14 +819,14 @@ grub_legacy_parse (const char *buf, char **entryname, char **suffix) + case TYPE_FORCE_OPTION: + case TYPE_NOAPM_OPTION: + case TYPE_TYPE_OR_NOMEM_OPTION: +- case TYPE_OPTION: ++ case TYPE_OPTION: + args[i] = grub_strdup (""); + break; + case TYPE_BOOL: + case TYPE_INT: + args[i] = grub_strdup ("0"); + break; +- case TYPE_VBE_MODE: ++ case TYPE_VBE_MODE: + args[i] = grub_strdup ("auto"); + break; + } +@@ -849,7 +849,7 @@ grub_legacy_parse (const char *buf, char **entryname, char **suffix) + if (!invert) + return NULL; + grub_memcpy (invert, slash + 1, len - (slash - corig) - 1); +- invert[len - (slash - args[0]) - 1] = '/'; ++ invert[len - (slash - args[0]) - 1] = '/'; + grub_memcpy (invert + len - (slash - corig), corig, slash - corig); + invert[len] = 0; + args[legacy_commands[cmdnum].argc] = invert; +diff --git a/grub-core/lib/libgcrypt/cipher/test-getrusage.c b/grub-core/lib/libgcrypt/cipher/test-getrusage.c +index 479eaab..978cf2d 100644 +--- a/grub-core/lib/libgcrypt/cipher/test-getrusage.c ++++ b/grub-core/lib/libgcrypt/cipher/test-getrusage.c +@@ -27,7 +27,7 @@ main (int argc, char **argv) + } + + printf ("ru_utime = %ld.%06ld\n", +- buf.ru_utime.tv_sec, buf.ru_utime.tv_usec); ++ buf.ru_utime.tv_sec, buf.ru_utime.tv_usec); + printf ("ru_stime = %ld.%06ld\n", + buf.ru_stime.tv_sec, buf.ru_stime.tv_usec); + printf ("ru_maxrss = %ld\n", buf.ru_maxrss ); +@@ -60,7 +60,7 @@ collect_rusage_stats (struct rusage *rb) + { + static int idx; + static struct rusage buf[100]; +- ++ + if (!rb) + { + int i; +@@ -68,12 +68,12 @@ collect_rusage_stats (struct rusage *rb) + fprintf (stderr, "ru_utime ru_stime ru_minflt ru_nvcsw ru_nivcsw\n"); + for (i=0; i < idx; i++) + fprintf (stderr, "%ld.%06ld %ld.%06ld %5ld %5ld %5ld\n", +- buf[i].ru_utime.tv_sec, buf[i].ru_utime.tv_usec, +- buf[i].ru_stime.tv_sec, buf[i].ru_stime.tv_usec, +- buf[i].ru_minflt, ++ buf[i].ru_utime.tv_sec, buf[i].ru_utime.tv_usec, ++ buf[i].ru_stime.tv_sec, buf[i].ru_stime.tv_usec, ++ buf[i].ru_minflt, + buf[i].ru_nvcsw, + buf[i].ru_nivcsw); +- } ++ } + else if (idx < DIM(buf)) + { + buf[idx++] = *rb; +@@ -99,7 +99,7 @@ collect_rusage_stats (struct rusage *rb) + add_randomness( &buf, sizeof buf, 1 ); + memset( &buf, 0, sizeof buf ); + } +- ++ + */ + + +diff --git a/grub-core/lib/libgcrypt/mpi/generic/mpih-add1.c b/grub-core/lib/libgcrypt/mpi/generic/mpih-add1.c +index 4a84df6..4ffe0eb 100644 +--- a/grub-core/lib/libgcrypt/mpi/generic/mpih-add1.c ++++ b/grub-core/lib/libgcrypt/mpi/generic/mpih-add1.c +@@ -1,5 +1,5 @@ + /* mpihelp-add_1.c - MPI helper functions +- * Copyright (C) 1994, 1996, 1997, 1998, ++ * Copyright (C) 1994, 1996, 1997, 1998, + * 2000, 2002 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. +@@ -48,7 +48,7 @@ _gcry_mpih_add_n (mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, + res_ptr -= j; + + cy = 0; +- do ++ do + { + y = s2_ptr[j]; + x = s1_ptr[j]; +@@ -57,7 +57,7 @@ _gcry_mpih_add_n (mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, + y += x; /* add other addend */ + cy += y < x; /* get out carry from that add, combine */ + res_ptr[j] = y; +- } ++ } + while ( ++j ); + + return cy; +diff --git a/grub-core/lib/libgcrypt/mpi/generic/mpih-lshift.c b/grub-core/lib/libgcrypt/mpi/generic/mpih-lshift.c +index f48c12c..8c1d943 100644 +--- a/grub-core/lib/libgcrypt/mpi/generic/mpih-lshift.c ++++ b/grub-core/lib/libgcrypt/mpi/generic/mpih-lshift.c +@@ -54,7 +54,7 @@ _gcry_mpih_lshift( mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize, + low_limb = up[i]; + retval = low_limb >> sh_2; + high_limb = low_limb; +- while ( --i >= 0 ) ++ while ( --i >= 0 ) + { + low_limb = up[i]; + wp[i] = (high_limb << sh_1) | (low_limb >> sh_2); +diff --git a/grub-core/lib/libgcrypt/mpi/generic/mpih-mul1.c b/grub-core/lib/libgcrypt/mpi/generic/mpih-mul1.c +index 0e8197d..614646c 100644 +--- a/grub-core/lib/libgcrypt/mpi/generic/mpih-mul1.c ++++ b/grub-core/lib/libgcrypt/mpi/generic/mpih-mul1.c +@@ -48,13 +48,13 @@ _gcry_mpih_mul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size, + res_ptr -= j; + + cy_limb = 0; +- do ++ do + { + umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb ); + prod_low += cy_limb; + cy_limb = (prod_low < cy_limb?1:0) + prod_high; + res_ptr[j] = prod_low; +- } ++ } + while( ++j ); + + return cy_limb; +diff --git a/grub-core/lib/libgcrypt/mpi/generic/mpih-mul2.c b/grub-core/lib/libgcrypt/mpi/generic/mpih-mul2.c +index 3b75496..56979df 100644 +--- a/grub-core/lib/libgcrypt/mpi/generic/mpih-mul2.c ++++ b/grub-core/lib/libgcrypt/mpi/generic/mpih-mul2.c +@@ -48,7 +48,7 @@ _gcry_mpih_addmul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, + s1_ptr -= j; + + cy_limb = 0; +- do ++ do + { + umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb ); + +@@ -59,9 +59,9 @@ _gcry_mpih_addmul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, + prod_low = x + prod_low; + cy_limb += prod_low < x?1:0; + res_ptr[j] = prod_low; +- } ++ } + while ( ++j ); +- ++ + return cy_limb; + } + +diff --git a/grub-core/lib/libgcrypt/mpi/generic/mpih-mul3.c b/grub-core/lib/libgcrypt/mpi/generic/mpih-mul3.c +index 5e84f94..9b8df1a 100644 +--- a/grub-core/lib/libgcrypt/mpi/generic/mpih-mul3.c ++++ b/grub-core/lib/libgcrypt/mpi/generic/mpih-mul3.c +@@ -48,7 +48,7 @@ _gcry_mpih_submul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, + s1_ptr -= j; + + cy_limb = 0; +- do ++ do + { + umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb); + +@@ -59,7 +59,7 @@ _gcry_mpih_submul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, + prod_low = x - prod_low; + cy_limb += prod_low > x?1:0; + res_ptr[j] = prod_low; +- } ++ } + while( ++j ); + + return cy_limb; +diff --git a/grub-core/lib/libgcrypt/mpi/generic/mpih-sub1.c b/grub-core/lib/libgcrypt/mpi/generic/mpih-sub1.c +index e88821b..25b08af 100644 +--- a/grub-core/lib/libgcrypt/mpi/generic/mpih-sub1.c ++++ b/grub-core/lib/libgcrypt/mpi/generic/mpih-sub1.c +@@ -48,7 +48,7 @@ _gcry_mpih_sub_n( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, + res_ptr -= j; + + cy = 0; +- do ++ do + { + y = s2_ptr[j]; + x = s1_ptr[j]; +@@ -57,7 +57,7 @@ _gcry_mpih_sub_n( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, + y = x - y; /* main subtract */ + cy += y > x; /* get out carry from the subtract, combine */ + res_ptr[j] = y; +- } ++ } + while( ++j ); + + return cy; +diff --git a/grub-core/lib/libgcrypt/mpi/i386/syntax.h b/grub-core/lib/libgcrypt/mpi/i386/syntax.h +index 39ede98..88845f2 100644 +--- a/grub-core/lib/libgcrypt/mpi/i386/syntax.h ++++ b/grub-core/lib/libgcrypt/mpi/i386/syntax.h +@@ -1,6 +1,6 @@ + /* syntax.h -- Definitions for x86 syntax variations. + * +- * Copyright (C) 1992, 1994, 1995, 1998, ++ * Copyright (C) 1992, 1994, 1995, 1998, + * 2001, 2002 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. +diff --git a/grub-core/lib/libgcrypt/mpi/m68k/syntax.h b/grub-core/lib/libgcrypt/mpi/m68k/syntax.h +index e27de98..6a3fea1 100644 +--- a/grub-core/lib/libgcrypt/mpi/m68k/syntax.h ++++ b/grub-core/lib/libgcrypt/mpi/m68k/syntax.h +@@ -2,7 +2,7 @@ + * + * Copyright (C) 1992, 1994, 1996, 1998, + * 2001, 2002 Free Software Foundation, Inc. +- * ++ * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify +diff --git a/grub-core/lib/mips/loongson/reboot.c b/grub-core/lib/mips/loongson/reboot.c +index a20e574..7317e58 100644 +--- a/grub-core/lib/mips/loongson/reboot.c ++++ b/grub-core/lib/mips/loongson/reboot.c +@@ -42,7 +42,7 @@ grub_reboot (void) + break; + grub_cs5536_write_msr (dev, GRUB_CS5536_MSR_DIVIL_RESET, + grub_cs5536_read_msr (dev, +- GRUB_CS5536_MSR_DIVIL_RESET) ++ GRUB_CS5536_MSR_DIVIL_RESET) + | 1); + break; + } +diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c +index 743b213..773f3b7 100644 +--- a/grub-core/lib/mips/relocator.c ++++ b/grub-core/lib/mips/relocator.c +@@ -103,7 +103,7 @@ grub_cpu_relocator_forward (void *ptr0, void *src, void *dest, + write_reg (8, (grub_uint32_t) src, &ptr); + write_reg (9, (grub_uint32_t) dest, &ptr); + write_reg (10, (grub_uint32_t) size, &ptr); +- grub_memcpy (ptr, &grub_relocator_forward_start, ++ grub_memcpy (ptr, &grub_relocator_forward_start, + RELOCATOR_SRC_SIZEOF (forward)); + } + +diff --git a/grub-core/lib/posix_wrap/ctype.h b/grub-core/lib/posix_wrap/ctype.h +index 38b5727..67bcaac 100644 +--- a/grub-core/lib/posix_wrap/ctype.h ++++ b/grub-core/lib/posix_wrap/ctype.h +@@ -27,13 +27,13 @@ toupper (int c) + return grub_toupper (c); + } + +-static inline int ++static inline int + isspace (int c) + { + return grub_isspace (c); + } + +-static inline int ++static inline int + isdigit (int c) + { + return grub_isdigit (c); +@@ -63,19 +63,19 @@ isxdigit (int c) + return grub_isxdigit (c); + } + +-static inline int ++static inline int + isprint (int c) + { + return grub_isprint (c); + } + +-static inline int ++static inline int + iscntrl (int c) + { + return !grub_isprint (c); + } + +-static inline int ++static inline int + isgraph (int c) + { + return grub_isprint (c) && !grub_isspace (c); +@@ -87,13 +87,13 @@ isalnum (int c) + return grub_isalpha (c) || grub_isdigit (c); + } + +-static inline int ++static inline int + ispunct (int c) + { + return grub_isprint (c) && !grub_isspace (c) && !isalnum (c); + } + +-static inline int ++static inline int + isalpha (int c) + { + return grub_isalpha (c); +diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h +index 4634db0..e5093a9 100644 +--- a/grub-core/lib/posix_wrap/stdlib.h ++++ b/grub-core/lib/posix_wrap/stdlib.h +@@ -23,7 +23,7 @@ + #include + #include + +-static inline void ++static inline void + free (void *ptr) + { + grub_free (ptr); +diff --git a/grub-core/lib/posix_wrap/string.h b/grub-core/lib/posix_wrap/string.h +index 7ae6eee..1adb450 100644 +--- a/grub-core/lib/posix_wrap/string.h ++++ b/grub-core/lib/posix_wrap/string.h +@@ -30,13 +30,13 @@ strlen (const char *s) + return grub_strlen (s); + } + +-static inline int ++static inline int + strcmp (const char *s1, const char *s2) + { + return grub_strcmp (s1, s2); + } + +-static inline int ++static inline int + strcasecmp (const char *s1, const char *s2) + { + return grub_strcasecmp (s1, s2); +diff --git a/grub-core/lib/posix_wrap/wctype.h b/grub-core/lib/posix_wrap/wctype.h +index 3771dc5..cc9faf5 100644 +--- a/grub-core/lib/posix_wrap/wctype.h ++++ b/grub-core/lib/posix_wrap/wctype.h +@@ -37,7 +37,7 @@ static inline wctype_t + wctype (const char *name) + { + wctype_t i; +- static const char names[][10] = { "", ++ static const char names[][10] = { "", + "alnum", "cntrl", "lower", + "space", "alpha", "digit", + "print", "upper", "blank", +diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c +index 8ffb8b6..15aeb02 100644 +--- a/grub-core/lib/powerpc/relocator.c ++++ b/grub-core/lib/powerpc/relocator.c +@@ -55,7 +55,7 @@ static void + write_reg (int regn, grub_uint32_t val, void **target) + { + /* lis r, val >> 16 */ +- *(grub_uint32_t *) *target = ++ *(grub_uint32_t *) *target = + ((0x3c00 | (regn << 5)) << 16) | (val >> 16); + *target = ((grub_uint32_t *) *target) + 1; + /* ori r, r, val & 0xffff. */ +@@ -99,7 +99,7 @@ grub_cpu_relocator_forward (void *ptr0, void *src, void *dest, + write_reg (8, (grub_uint32_t) src, &ptr); + write_reg (9, (grub_uint32_t) dest, &ptr); + write_reg (10, (grub_uint32_t) size, &ptr); +- grub_memcpy (ptr, &grub_relocator_forward_start, ++ grub_memcpy (ptr, &grub_relocator_forward_start, + RELOCATOR_SRC_SIZEOF (forward)); + } + +diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c +index 7d5e7c0..ba59dda 100644 +--- a/grub-core/lib/priority_queue.c ++++ b/grub-core/lib/priority_queue.c +@@ -139,7 +139,7 @@ void + grub_priority_queue_pop (grub_priority_queue_t pq) + { + grub_size_t p; +- ++ + swap (pq, 0, pq->used - 1); + pq->used--; + for (p = 0; left_child (p) < pq->used; ) +diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c +index 79037c0..4657a13 100644 +--- a/grub-core/lib/reed_solomon.c ++++ b/grub-core/lib/reed_solomon.c +@@ -265,7 +265,7 @@ rs_recover (gf_single_t *mm, grub_size_t s, grub_size_t rs) + sigma[i] = 0; + + gauss_solve (eqstat, rs2, rs2, sigma); +- } ++ } + + for (i = 0; i < (int) (rs + s); i++) + if (pol_evaluate (sigma, rs2 - 1, 255 - i) == gf_powx[i]) +@@ -338,7 +338,7 @@ encode_block (gf_single_t *ptr, grub_size_t s, + for (j = 0; j < ds; j++) + m[j] = ptr[SECTOR_SIZE * j + i]; + rs_encode (m, ds, rr); +- for (j = 0; j < rr; j++) ++ for (j = 0; j < rr; j++) + rptr[SECTOR_SIZE * j + i] = m[j + ds]; + free (m); + } +@@ -473,7 +473,7 @@ main (int argc, char **argv) + + buf = xmalloc (s + rs + SECTOR_SIZE); + fread (buf, 1, s + rs, out); +- fclose (out); ++ fclose (out); + #endif + #if 1 + grub_memset (buf + 512 * 15, 0, 512); +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index f2c1944..68ef128 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -108,7 +108,7 @@ grub_relocator_new (void) + ret = grub_zalloc (sizeof (struct grub_relocator)); + if (!ret) + return NULL; +- ++ + ret->postchunks = ~(grub_phys_addr_t) 0; + ret->relocators_size = grub_relocator_jumper_size; + grub_dprintf ("relocator", "relocators_size=%lu\n", +@@ -139,7 +139,7 @@ allocate_regstart (grub_phys_addr_t addr, grub_size_t size, grub_mm_region_t rb, + grub_mm_header_t new_header; + grub_mm_header_t hb = (grub_mm_header_t) (rb + 1); + +-#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF ++#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF + grub_dprintf ("relocator", "ra = %p, rb = %p\n", regancestor, rb); + #endif + newreg_start = ALIGN_UP (newreg_raw_start, GRUB_MM_ALIGN); +@@ -163,7 +163,7 @@ allocate_regstart (grub_phys_addr_t addr, grub_size_t size, grub_mm_region_t rb, + { + new_header = hb->next; + if (new_header == hb) +- new_header = (void *) (newreg_start + sizeof (*rb)); ++ new_header = (void *) (newreg_start + sizeof (*rb)); + } + { + struct grub_mm_header *newregfirst = rb->first; +@@ -212,7 +212,7 @@ allocate_inreg (grub_phys_addr_t paddr, grub_size_t size, + (unsigned long) paddr, (unsigned long) size, hb, hbp, + rb, (unsigned long) vaddr); + #endif +- ++ + if (ALIGN_UP (vaddr + size, GRUB_MM_ALIGN) + GRUB_MM_ALIGN + <= (grub_addr_t) (hb + hb->size)) + { +@@ -246,7 +246,7 @@ allocate_inreg (grub_phys_addr_t paddr, grub_size_t size, + } + else + foll = hb->next; +- ++ + hbp->next = foll; + if (rb->first == hb) + { +@@ -409,7 +409,7 @@ free_subchunk (const struct grub_relocator_subchunk *subchu) + } + break; + #endif +- } ++ } + } + + static int +@@ -439,7 +439,7 @@ malloc_in_range (struct grub_relocator *rel, + if (end < start + size) + return 0; + +- /* We have to avoid any allocations when filling scanline events. ++ /* We have to avoid any allocations when filling scanline events. + Hence 2-stages. + */ + for (r = grub_mm_base; r; r = r->next) +@@ -527,7 +527,7 @@ malloc_in_range (struct grub_relocator *rel, + { + #ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF + grub_dprintf ("relocator", "Blocking at 0x%lx-0x%lx\n", +- (unsigned long) r - r->pre_size, ++ (unsigned long) r - r->pre_size, + (unsigned long) (r + 1) + r->size); + #endif + events[N].type = FIRMWARE_BLOCK_START; +@@ -596,7 +596,7 @@ malloc_in_range (struct grub_relocator *rel, + p = pa->next; + if (p->magic == GRUB_MM_ALLOC_MAGIC) + continue; +- do ++ do + { + if (p->magic != GRUB_MM_FREE_MAGIC) + grub_fatal ("%s:%d free magic broken at %p (0x%x)\n", +@@ -654,12 +654,12 @@ malloc_in_range (struct grub_relocator *rel, + { + grub_memset (counter, 0, (1 + (1 << DIGITSORT_BITS)) * sizeof (counter[0])); + for (j = 0; j < N; j++) +- counter[((events[j].pos >> (DIGITSORT_BITS * i)) ++ counter[((events[j].pos >> (DIGITSORT_BITS * i)) + & DIGITSORT_MASK) + 1]++; + for (j = 0; j <= DIGITSORT_MASK; j++) + counter[j+1] += counter[j]; + for (j = 0; j < N; j++) +- eventt[counter[((events[j].pos >> (DIGITSORT_BITS * i)) ++ eventt[counter[((events[j].pos >> (DIGITSORT_BITS * i)) + & DIGITSORT_MASK)]++] = events[j]; + t = eventt; + eventt = events; +@@ -680,7 +680,7 @@ malloc_in_range (struct grub_relocator *rel, + const int nlefto = 0; + #endif + grub_addr_t starta = 0; +- for (j = from_low_priv ? 0 : N - 1; from_low_priv ? j < N : (j + 1); ++ for (j = from_low_priv ? 0 : N - 1; from_low_priv ? j < N : (j + 1); + from_low_priv ? j++ : j--) + { + int isinsidebefore, isinsideafter; +@@ -734,7 +734,7 @@ malloc_in_range (struct grub_relocator *rel, + nstarted--; + break; + } +- isinsideafter = (!ncollisions && (nstarted || ((nlefto || nstartedfw) ++ isinsideafter = (!ncollisions && (nstarted || ((nlefto || nstartedfw) + && !nblockfw))); + if (from_low_priv) { + if (!isinsidebefore && isinsideafter) +@@ -847,13 +847,13 @@ malloc_in_range (struct grub_relocator *rel, + fend + = ALIGN_UP (alloc_end, + GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT); +-#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF ++#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF + grub_dprintf ("relocator", "requesting %lx-%lx\n", + (unsigned long) fstart, + (unsigned long) fend); + #endif + /* The failure here can be very expensive. */ +- if (!grub_relocator_firmware_alloc_region (fstart, ++ if (!grub_relocator_firmware_alloc_region (fstart, + fend - fstart)) + { + if (from_low_priv) +@@ -889,7 +889,7 @@ malloc_in_range (struct grub_relocator *rel, + nallocs++; + } + } +- ++ + switch (events[j].type) + { + case REG_BEG_START: +@@ -1201,7 +1201,7 @@ malloc_in_range (struct grub_relocator *rel, + } + + static void +-adjust_limits (struct grub_relocator *rel, ++adjust_limits (struct grub_relocator *rel, + grub_phys_addr_t *min_addr, grub_phys_addr_t *max_addr, + grub_phys_addr_t in_min, grub_phys_addr_t in_max) + { +@@ -1296,9 +1296,9 @@ grub_relocator_alloc_chunk_addr (struct grub_relocator *rel, + { + if (rel->highestnonpostaddr < target + size) + rel->highestnonpostaddr = target + size; +- ++ + if (rel->highestnonpostaddr < chunk->src + size) +- rel->highestnonpostaddr = chunk->src + size; ++ rel->highestnonpostaddr = chunk->src + size; + } + + grub_dprintf ("relocator", "relocators_size=%ld\n", +@@ -1508,7 +1508,7 @@ grub_relocator_unload (struct grub_relocator *rel) + for (chunk = rel->chunks; chunk; chunk = next) + { + unsigned i; +- for (i = 0; i < chunk->nsubchunks; i++) ++ for (i = 0; i < chunk->nsubchunks; i++) + free_subchunk (&chunk->subchunks[i]); + grub_unmap_memory (chunk->srcv, chunk->size); + next = chunk->next; +@@ -1543,7 +1543,7 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, + *relsize = rel->relocators_size; + + grub_dprintf ("relocator", "Relocs allocated at %p\n", movers_chunk.srcv); +- ++ + { + unsigned i; + grub_size_t count[257]; +@@ -1555,7 +1555,7 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, + struct grub_relocator_chunk *chunk; + for (chunk = rel->chunks; chunk; chunk = chunk->next) + { +- grub_dprintf ("relocator", "chunk %p->%p, 0x%lx\n", ++ grub_dprintf ("relocator", "chunk %p->%p, 0x%lx\n", + (void *) chunk->src, (void *) chunk->target, + (unsigned long) chunk->size); + nchunks++; +@@ -1599,7 +1599,7 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, + + for (j = 0; j < nchunks; j++) + { +- grub_dprintf ("relocator", "sorted chunk %p->%p, 0x%lx\n", ++ grub_dprintf ("relocator", "sorted chunk %p->%p, 0x%lx\n", + (void *) sorted[j].src, (void *) sorted[j].target, + (unsigned long) sorted[j].size); + if (sorted[j].src < sorted[j].target) +@@ -1641,7 +1641,7 @@ grub_mm_check_real (const char *file, int line) + p = pa->next; + if (p->magic == GRUB_MM_ALLOC_MAGIC) + continue; +- do ++ do + { + if ((grub_addr_t) p < (grub_addr_t) (r + 1) + || (grub_addr_t) p >= (grub_addr_t) (r + 1) + r->size) +diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c +index ff244d2..ae61a96 100644 +--- a/grub-core/lib/syslinux_parse.c ++++ b/grub-core/lib/syslinux_parse.c +@@ -51,8 +51,8 @@ struct syslinux_menuentry + char hotkey; + int make_default; + struct syslinux_say *say; +- +- enum { KERNEL_NO_KERNEL, KERNEL_LINUX, KERNEL_CHAINLOADER, ++ ++ enum { KERNEL_NO_KERNEL, KERNEL_LINUX, KERNEL_CHAINLOADER, + KERNEL_BIN, KERNEL_PXE, KERNEL_CHAINLOADER_BPB, + KERNEL_COM32, KERNEL_COM, KERNEL_IMG, KERNEL_CONFIG, LOCALBOOT } + entry_type; +@@ -170,7 +170,7 @@ print_num (struct output_buffer *outbuf, int n) + { + char buf[20]; + grub_snprintf (buf, sizeof (buf), "%d", n); +- return print (outbuf, buf, grub_strlen (buf)); ++ return print (outbuf, buf, grub_strlen (buf)); + } + + static grub_err_t +@@ -233,7 +233,7 @@ kernel (const char *line, struct syslinux_menu *menu) + + if (end - line >= 4 && grub_strcasecmp (end - 4, ".img") == 0) + menu->entries->entry_type = KERNEL_IMG; +- ++ + return GRUB_ERR_NONE; + } + +@@ -247,7 +247,7 @@ cmd_linux (const char *line, struct syslinux_menu *menu) + if (!menu->entries->kernel_file) + return grub_errno; + menu->entries->entry_type = KERNEL_LINUX; +- ++ + return GRUB_ERR_NONE; + } + +@@ -261,7 +261,7 @@ cmd_boot (const char *line, struct syslinux_menu *menu) + if (!menu->entries->kernel_file) + return grub_errno; + menu->entries->entry_type = KERNEL_CHAINLOADER; +- ++ + return GRUB_ERR_NONE; + } + +@@ -275,7 +275,7 @@ cmd_bss (const char *line, struct syslinux_menu *menu) + if (!menu->entries->kernel_file) + return grub_errno; + menu->entries->entry_type = KERNEL_CHAINLOADER_BPB; +- ++ + return GRUB_ERR_NONE; + } + +@@ -289,7 +289,7 @@ cmd_pxe (const char *line, struct syslinux_menu *menu) + if (!menu->entries->kernel_file) + return grub_errno; + menu->entries->entry_type = KERNEL_PXE; +- ++ + return GRUB_ERR_NONE; + } + +@@ -303,7 +303,7 @@ cmd_fdimage (const char *line, struct syslinux_menu *menu) + if (!menu->entries->kernel_file) + return grub_errno; + menu->entries->entry_type = KERNEL_IMG; +- ++ + return GRUB_ERR_NONE; + } + +@@ -317,7 +317,7 @@ cmd_comboot (const char *line, struct syslinux_menu *menu) + if (!menu->entries->kernel_file) + return grub_errno; + menu->entries->entry_type = KERNEL_COM; +- ++ + return GRUB_ERR_NONE; + } + +@@ -331,7 +331,7 @@ cmd_com32 (const char *line, struct syslinux_menu *menu) + if (!menu->entries->kernel_file) + return grub_errno; + menu->entries->entry_type = KERNEL_COM32; +- ++ + return GRUB_ERR_NONE; + } + +@@ -354,7 +354,7 @@ cmd_config (const char *line, struct syslinux_menu *menu) + return grub_errno; + } + menu->entries->entry_type = KERNEL_CONFIG; +- ++ + return GRUB_ERR_NONE; + } + +@@ -367,7 +367,7 @@ cmd_append (const char *line, struct syslinux_menu *menu) + menu->entries->append = grub_strdup (line); + if (!menu->entries->append) + return grub_errno; +- ++ + return GRUB_ERR_NONE; + } + +@@ -405,7 +405,7 @@ cmd_initrd (const char *line, struct syslinux_menu *menu) + while (*line == ',') + line++; + } +- ++ + return GRUB_ERR_NONE; + } + +@@ -415,7 +415,7 @@ cmd_default (const char *line, struct syslinux_menu *menu) + menu->def = grub_strdup (line); + if (!menu->def) + return grub_errno; +- ++ + return GRUB_ERR_NONE; + } + +@@ -423,7 +423,7 @@ static grub_err_t + cmd_timeout (const char *line, struct syslinux_menu *menu) + { + menu->timeout = grub_strtoul (line, NULL, 0); +- ++ + return GRUB_ERR_NONE; + } + +@@ -434,7 +434,7 @@ cmd_menudefault (const char *line __attribute__ ((unused)), + if (!menu->entries) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "kernel without label"); + +- menu->entries->make_default = 1; ++ menu->entries->make_default = 1; + return GRUB_ERR_NONE; + } + +@@ -457,7 +457,7 @@ cmd_localboot (const char *line, + if (!menu->entries->kernel_file) + return grub_errno; + menu->entries->entry_type = LOCALBOOT; +- ++ + return GRUB_ERR_NONE; + } + +@@ -485,7 +485,7 @@ cmd_extlabel (const char *line, struct syslinux_menu *menu) + *out++ = *in++; + } + *out = 0; +- ++ + return GRUB_ERR_NONE; + } + +@@ -548,7 +548,7 @@ syslinux_parse (const char *filename, + ret = syslinux_parse_real (menu); + if (ret == GRUB_ERR_FILE_NOT_FOUND + || ret == GRUB_ERR_BAD_FILENAME) +- { ++ { + grub_errno = ret = GRUB_ERR_NONE; + add_comment (menu, "# File ", 0); + add_comment (menu, nf, 0); +@@ -765,7 +765,7 @@ syslinux_parse_real (struct syslinux_menu *menu) + } + + static grub_err_t +-print_escaped (struct output_buffer *outbuf, ++print_escaped (struct output_buffer *outbuf, + const char *from, const char *to) + { + const char *ptr; +@@ -1040,7 +1040,7 @@ write_entry (struct output_buffer *outbuf, + case KERNEL_COM: + { + char *basename = NULL; +- ++ + { + char *ptr; + for (ptr = curentry->kernel_file; *ptr; ptr++) +@@ -1247,8 +1247,8 @@ write_entry (struct output_buffer *outbuf, + if (grub_strcasecmp (basename, "whichsys.c32") == 0) + { + grub_syslinux_flavour_t flavour = GRUB_SYSLINUX_ISOLINUX; +- const char *flav[] = +- { ++ const char *flav[] = ++ { + [GRUB_SYSLINUX_ISOLINUX] = "iso", + [GRUB_SYSLINUX_PXELINUX] = "pxe", + [GRUB_SYSLINUX_SYSLINUX] = "sys" +@@ -1419,7 +1419,7 @@ free_menu (struct syslinux_menu *menu) + grub_free (initrd->file); + grub_free (initrd); + } +- ++ + grub_free (entry->comments); + grub_free (entry->kernel_file); + grub_free (entry->label); +@@ -1507,7 +1507,7 @@ config_file (struct output_buffer *outbuf, + print_string ("\n"); + } + for (curentry = lentry; curentry; curentry = curentry->prev) +- { ++ { + print_string ("menuentry "); + err = print_escaped (outbuf, + curentry->extlabel ? : curentry->label, NULL); +diff --git a/grub-core/lib/xzembed/xz_dec_stream.c b/grub-core/lib/xzembed/xz_dec_stream.c +index a29751e..832d8af 100644 +--- a/grub-core/lib/xzembed/xz_dec_stream.c ++++ b/grub-core/lib/xzembed/xz_dec_stream.c +@@ -381,7 +381,7 @@ static enum xz_ret hash_validate(struct xz_dec *s, struct xz_buf *b, + { + #ifndef GRUB_EMBED_DECOMPRESSOR + const gcry_md_spec_t *hash = crc32 ? s->crc32 : s->hash; +- void *hash_context = crc32 ? s->crc32_context ++ void *hash_context = crc32 ? s->crc32_context + : s->hash_context; + if(!s->have_hash_value && hash + && sizeof (s->hash_value) >= hash->mdlen) +@@ -512,7 +512,7 @@ static enum xz_ret dec_stream_header(struct xz_dec *s) + kfree(s->crc32_context); + return XZ_MEMLIMIT_ERROR; + } +- ++ + s->index.hash.hash_context = kmalloc(s->hash->contextsize, + GFP_KERNEL); + if (s->index.hash.hash_context == NULL) +@@ -521,7 +521,7 @@ static enum xz_ret dec_stream_header(struct xz_dec *s) + kfree(s->crc32_context); + return XZ_MEMLIMIT_ERROR; + } +- ++ + s->block.hash.hash_context = kmalloc(s->hash->contextsize, GFP_KERNEL); + if (s->block.hash.hash_context == NULL) + { diff --git a/0508-libgcrypt-Import-libgcrypt-1.11.patch b/0508-libgcrypt-Import-libgcrypt-1.11.patch new file mode 100644 index 0000000..1dd2e32 --- /dev/null +++ b/0508-libgcrypt-Import-libgcrypt-1.11.patch @@ -0,0 +1,261786 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Mon, 7 Jul 2025 14:52:07 +0000 +Subject: [PATCH] libgcrypt: Import libgcrypt 1.11 + +We currently use an old version of libgcrypt which results in us having +fewer ciphers and missing on many other improvements. + +Signed-off-by: Vladimir Serbinenko +Reviewed-by: Daniel Kiper +--- + grub-core/lib/libgcrypt/AUTHORS | 274 + + grub-core/lib/libgcrypt/COPYING | 339 + + grub-core/lib/libgcrypt/COPYING.LIB | 502 + + grub-core/lib/libgcrypt/LICENSES | 319 + + grub-core/lib/libgcrypt/README | 278 + + grub-core/lib/libgcrypt/README.GIT | 49 + + grub-core/lib/libgcrypt/THANKS | 168 + + grub-core/lib/libgcrypt/VERSION | 1 + + grub-core/lib/libgcrypt/cipher/ChangeLog | 3990 --- + grub-core/lib/libgcrypt/cipher/ChangeLog-2011 | 40 +- + grub-core/lib/libgcrypt/cipher/Makefile.am | 330 +- + grub-core/lib/libgcrypt/cipher/Manifest | 73 - + grub-core/lib/libgcrypt/cipher/ac.c | 3301 --- + grub-core/lib/libgcrypt/cipher/arcfour-amd64.S | 108 + + grub-core/lib/libgcrypt/cipher/arcfour.c | 93 +- + .../lib/libgcrypt/cipher/aria-aesni-avx-amd64.S | 1440 ++ + .../lib/libgcrypt/cipher/aria-aesni-avx2-amd64.S | 1830 ++ + .../lib/libgcrypt/cipher/aria-gfni-avx512-amd64.S | 1010 + + grub-core/lib/libgcrypt/cipher/aria.c | 1768 ++ + .../lib/libgcrypt/cipher/asm-common-aarch64.h | 132 + + grub-core/lib/libgcrypt/cipher/asm-common-amd64.h | 213 + + grub-core/lib/libgcrypt/cipher/asm-common-i386.h | 161 + + grub-core/lib/libgcrypt/cipher/asm-common-s390x.h | 90 + + grub-core/lib/libgcrypt/cipher/asm-inline-s390x.h | 205 + + .../lib/libgcrypt/cipher/asm-poly1305-aarch64.h | 245 + + .../lib/libgcrypt/cipher/asm-poly1305-amd64.h | 171 + + .../lib/libgcrypt/cipher/asm-poly1305-s390x.h | 140 + + grub-core/lib/libgcrypt/cipher/bithelp.h | 111 +- + grub-core/lib/libgcrypt/cipher/blake2.c | 1086 + + .../lib/libgcrypt/cipher/blake2b-amd64-avx2.S | 301 + + .../lib/libgcrypt/cipher/blake2b-amd64-avx512.S | 429 + + grub-core/lib/libgcrypt/cipher/blake2s-amd64-avx.S | 281 + + .../lib/libgcrypt/cipher/blake2s-amd64-avx512.S | 397 + + grub-core/lib/libgcrypt/cipher/blowfish-amd64.S | 601 + + grub-core/lib/libgcrypt/cipher/blowfish-arm.S | 743 + + grub-core/lib/libgcrypt/cipher/blowfish.c | 792 +- + grub-core/lib/libgcrypt/cipher/bufhelp.h | 458 +- + grub-core/lib/libgcrypt/cipher/bulkhelp.h | 493 + + .../lib/libgcrypt/cipher/camellia-aarch64-ce.c | 42 + + grub-core/lib/libgcrypt/cipher/camellia-aarch64.S | 585 + + .../libgcrypt/cipher/camellia-aesni-avx-amd64.S | 2802 ++ + .../libgcrypt/cipher/camellia-aesni-avx2-amd64.S | 34 + + .../libgcrypt/cipher/camellia-aesni-avx2-amd64.h | 2327 ++ + grub-core/lib/libgcrypt/cipher/camellia-arm.S | 626 + + .../libgcrypt/cipher/camellia-gfni-avx2-amd64.S | 34 + + .../libgcrypt/cipher/camellia-gfni-avx512-amd64.S | 1634 ++ + grub-core/lib/libgcrypt/cipher/camellia-glue.c | 1670 +- + grub-core/lib/libgcrypt/cipher/camellia-ppc8le.c | 47 + + grub-core/lib/libgcrypt/cipher/camellia-ppc9le.c | 47 + + grub-core/lib/libgcrypt/cipher/camellia-simd128.h | 2235 ++ + .../libgcrypt/cipher/camellia-vaes-avx2-amd64.S | 35 + + grub-core/lib/libgcrypt/cipher/camellia.c | 172 +- + grub-core/lib/libgcrypt/cipher/camellia.h | 34 +- + grub-core/lib/libgcrypt/cipher/cast5-amd64.S | 663 + + grub-core/lib/libgcrypt/cipher/cast5-arm.S | 728 + + grub-core/lib/libgcrypt/cipher/cast5.c | 769 +- + grub-core/lib/libgcrypt/cipher/chacha20-aarch64.S | 650 + + .../lib/libgcrypt/cipher/chacha20-amd64-avx2.S | 604 + + .../lib/libgcrypt/cipher/chacha20-amd64-avx512.S | 736 + + .../lib/libgcrypt/cipher/chacha20-amd64-ssse3.S | 1015 + + .../lib/libgcrypt/cipher/chacha20-armv7-neon.S | 393 + + grub-core/lib/libgcrypt/cipher/chacha20-p10le-8x.s | 864 + + grub-core/lib/libgcrypt/cipher/chacha20-ppc.c | 750 + + grub-core/lib/libgcrypt/cipher/chacha20-s390x.S | 1566 ++ + grub-core/lib/libgcrypt/cipher/chacha20.c | 1450 ++ + grub-core/lib/libgcrypt/cipher/cipher-aeswrap.c | 380 + + grub-core/lib/libgcrypt/cipher/cipher-cbc.c | 292 + + grub-core/lib/libgcrypt/cipher/cipher-ccm.c | 419 + + grub-core/lib/libgcrypt/cipher/cipher-cfb.c | 317 + + grub-core/lib/libgcrypt/cipher/cipher-cmac.c | 292 + + grub-core/lib/libgcrypt/cipher/cipher-ctr.c | 131 + + grub-core/lib/libgcrypt/cipher/cipher-eax.c | 293 + + .../lib/libgcrypt/cipher/cipher-gcm-armv7-neon.S | 341 + + .../libgcrypt/cipher/cipher-gcm-armv8-aarch32-ce.S | 588 + + .../libgcrypt/cipher/cipher-gcm-armv8-aarch64-ce.S | 633 + + .../lib/libgcrypt/cipher/cipher-gcm-intel-pclmul.c | 2025 ++ + grub-core/lib/libgcrypt/cipher/cipher-gcm-ppc.c | 548 + + grub-core/lib/libgcrypt/cipher/cipher-gcm-siv.c | 664 + + grub-core/lib/libgcrypt/cipher/cipher-gcm.c | 1260 + + grub-core/lib/libgcrypt/cipher/cipher-internal.h | 975 + + grub-core/lib/libgcrypt/cipher/cipher-ocb.c | 763 + + grub-core/lib/libgcrypt/cipher/cipher-ofb.c | 108 + + grub-core/lib/libgcrypt/cipher/cipher-poly1305.c | 383 + + grub-core/lib/libgcrypt/cipher/cipher-siv.c | 375 + + grub-core/lib/libgcrypt/cipher/cipher-xts.c | 189 + + grub-core/lib/libgcrypt/cipher/cipher.c | 2896 +-- + .../lib/libgcrypt/cipher/crc-armv8-aarch64-ce.S | 500 + + grub-core/lib/libgcrypt/cipher/crc-armv8-ce.c | 229 + + grub-core/lib/libgcrypt/cipher/crc-intel-pclmul.c | 939 + + grub-core/lib/libgcrypt/cipher/crc-ppc.c | 656 + + grub-core/lib/libgcrypt/cipher/crc.c | 192 +- + grub-core/lib/libgcrypt/cipher/des-amd64.S | 1116 + + grub-core/lib/libgcrypt/cipher/des.c | 301 +- + grub-core/lib/libgcrypt/cipher/dsa-common.c | 473 + + grub-core/lib/libgcrypt/cipher/dsa.c | 1199 +- + grub-core/lib/libgcrypt/cipher/ecc-common.h | 143 + + grub-core/lib/libgcrypt/cipher/ecc-curves.c | 1587 ++ + grub-core/lib/libgcrypt/cipher/ecc-ecdh.c | 357 + + grub-core/lib/libgcrypt/cipher/ecc-ecdsa.c | 305 + + grub-core/lib/libgcrypt/cipher/ecc-eddsa.c | 1079 + + grub-core/lib/libgcrypt/cipher/ecc-gost.c | 218 + + grub-core/lib/libgcrypt/cipher/ecc-misc.c | 469 + + grub-core/lib/libgcrypt/cipher/ecc-sm2.c | 569 + + grub-core/lib/libgcrypt/cipher/ecc.c | 3296 ++- + grub-core/lib/libgcrypt/cipher/elgamal.c | 827 +- + grub-core/lib/libgcrypt/cipher/gost-s-box.c | 266 + + grub-core/lib/libgcrypt/cipher/gost-sb.h | 2128 ++ + grub-core/lib/libgcrypt/cipher/gost.h | 34 + + grub-core/lib/libgcrypt/cipher/gost28147.c | 553 + + grub-core/lib/libgcrypt/cipher/gostr3411-94.c | 383 + + grub-core/lib/libgcrypt/cipher/hash-common.c | 108 +- + grub-core/lib/libgcrypt/cipher/hash-common.h | 29 + + grub-core/lib/libgcrypt/cipher/hmac-tests.c | 732 - + grub-core/lib/libgcrypt/cipher/idea.c | 24 +- + grub-core/lib/libgcrypt/cipher/kdf-internal.h | 39 + + grub-core/lib/libgcrypt/cipher/kdf.c | 2239 +- + .../lib/libgcrypt/cipher/keccak-amd64-avx512.S | 587 + + grub-core/lib/libgcrypt/cipher/keccak-armv7-neon.S | 945 + + grub-core/lib/libgcrypt/cipher/keccak.c | 1904 ++ + grub-core/lib/libgcrypt/cipher/keccak_permute_32.h | 536 + + grub-core/lib/libgcrypt/cipher/keccak_permute_64.h | 385 + + grub-core/lib/libgcrypt/cipher/kem-ecc.c | 332 + + grub-core/lib/libgcrypt/cipher/kem-ecc.h | 40 + + grub-core/lib/libgcrypt/cipher/kem.c | 435 + + grub-core/lib/libgcrypt/cipher/kyber-common.c | 766 + + grub-core/lib/libgcrypt/cipher/kyber-kdep.c | 825 + + grub-core/lib/libgcrypt/cipher/kyber.c | 530 + + grub-core/lib/libgcrypt/cipher/kyber.h | 130 + + grub-core/lib/libgcrypt/cipher/mac-cmac.c | 532 + + grub-core/lib/libgcrypt/cipher/mac-gmac.c | 203 + + grub-core/lib/libgcrypt/cipher/mac-hmac.c | 1471 ++ + grub-core/lib/libgcrypt/cipher/mac-internal.h | 290 + + grub-core/lib/libgcrypt/cipher/mac-poly1305.c | 382 + + grub-core/lib/libgcrypt/cipher/mac.c | 834 + + grub-core/lib/libgcrypt/cipher/mceliece6688128f.c | 3673 +++ + grub-core/lib/libgcrypt/cipher/mceliece6688128f.h | 63 + + grub-core/lib/libgcrypt/cipher/md.c | 1610 +- + grub-core/lib/libgcrypt/cipher/md4.c | 169 +- + grub-core/lib/libgcrypt/cipher/md5.c | 175 +- + .../lib/libgcrypt/cipher/poly1305-amd64-avx512.S | 1626 ++ + grub-core/lib/libgcrypt/cipher/poly1305-internal.h | 92 + + grub-core/lib/libgcrypt/cipher/poly1305-p10le.s | 841 + + grub-core/lib/libgcrypt/cipher/poly1305-s390x.S | 87 + + grub-core/lib/libgcrypt/cipher/poly1305.c | 846 + + grub-core/lib/libgcrypt/cipher/primegen.c | 561 +- + grub-core/lib/libgcrypt/cipher/pubkey-internal.h | 107 + + grub-core/lib/libgcrypt/cipher/pubkey-util.c | 1363 + + grub-core/lib/libgcrypt/cipher/pubkey.c | 4281 +-- + grub-core/lib/libgcrypt/cipher/rfc2268.c | 57 +- + grub-core/lib/libgcrypt/cipher/rijndael-aarch64.S | 512 + + grub-core/lib/libgcrypt/cipher/rijndael-aesni.c | 5033 ++++ + grub-core/lib/libgcrypt/cipher/rijndael-amd64.S | 477 + + grub-core/lib/libgcrypt/cipher/rijndael-arm.S | 581 + + .../libgcrypt/cipher/rijndael-armv8-aarch32-ce.S | 2134 ++ + .../libgcrypt/cipher/rijndael-armv8-aarch64-ce.S | 2038 ++ + grub-core/lib/libgcrypt/cipher/rijndael-armv8-ce.c | 396 + + .../lib/libgcrypt/cipher/rijndael-gcm-p10le.s | 1401 + + grub-core/lib/libgcrypt/cipher/rijndael-internal.h | 216 + + grub-core/lib/libgcrypt/cipher/rijndael-p10le.c | 119 + + grub-core/lib/libgcrypt/cipher/rijndael-padlock.c | 109 + + .../lib/libgcrypt/cipher/rijndael-ppc-common.h | 328 + + .../lib/libgcrypt/cipher/rijndael-ppc-functions.h | 2544 ++ + grub-core/lib/libgcrypt/cipher/rijndael-ppc.c | 230 + + grub-core/lib/libgcrypt/cipher/rijndael-ppc9le.c | 119 + + grub-core/lib/libgcrypt/cipher/rijndael-s390x.c | 1166 + + .../libgcrypt/cipher/rijndael-ssse3-amd64-asm.S | 879 + + .../lib/libgcrypt/cipher/rijndael-ssse3-amd64.c | 742 + + grub-core/lib/libgcrypt/cipher/rijndael-tables.h | 1846 +- + .../libgcrypt/cipher/rijndael-vaes-avx2-amd64.S | 3688 +++ + .../lib/libgcrypt/cipher/rijndael-vaes-avx2-i386.S | 2804 ++ + .../lib/libgcrypt/cipher/rijndael-vaes-i386.c | 231 + + grub-core/lib/libgcrypt/cipher/rijndael-vaes.c | 240 + + grub-core/lib/libgcrypt/cipher/rijndael.c | 2629 +- + grub-core/lib/libgcrypt/cipher/rmd160.c | 586 +- + grub-core/lib/libgcrypt/cipher/rsa-common.c | 1151 + + grub-core/lib/libgcrypt/cipher/rsa.c | 1774 +- + grub-core/lib/libgcrypt/cipher/salsa20-amd64.S | 940 + + .../lib/libgcrypt/cipher/salsa20-armv7-neon.S | 899 + + grub-core/lib/libgcrypt/cipher/salsa20.c | 600 + + grub-core/lib/libgcrypt/cipher/scrypt.c | 322 + + grub-core/lib/libgcrypt/cipher/seed.c | 32 +- + .../lib/libgcrypt/cipher/serpent-armv7-neon.S | 1180 + + .../lib/libgcrypt/cipher/serpent-avx2-amd64.S | 1214 + + .../lib/libgcrypt/cipher/serpent-avx512-x86.c | 994 + + .../lib/libgcrypt/cipher/serpent-sse2-amd64.S | 1276 + + grub-core/lib/libgcrypt/cipher/serpent.c | 2017 +- + grub-core/lib/libgcrypt/cipher/sha1-armv7-neon.S | 526 + + .../lib/libgcrypt/cipher/sha1-armv8-aarch32-ce.S | 220 + + .../lib/libgcrypt/cipher/sha1-armv8-aarch64-ce.S | 204 + + grub-core/lib/libgcrypt/cipher/sha1-avx-amd64.S | 433 + + .../lib/libgcrypt/cipher/sha1-avx-bmi2-amd64.S | 446 + + .../lib/libgcrypt/cipher/sha1-avx2-bmi2-amd64.S | 578 + + grub-core/lib/libgcrypt/cipher/sha1-intel-shaext.c | 292 + + grub-core/lib/libgcrypt/cipher/sha1-ssse3-amd64.S | 442 + + grub-core/lib/libgcrypt/cipher/sha1.c | 567 +- + grub-core/lib/libgcrypt/cipher/sha1.h | 47 + + .../lib/libgcrypt/cipher/sha256-armv8-aarch32-ce.S | 231 + + .../lib/libgcrypt/cipher/sha256-armv8-aarch64-ce.S | 218 + + grub-core/lib/libgcrypt/cipher/sha256-avx-amd64.S | 511 + + .../lib/libgcrypt/cipher/sha256-avx2-bmi2-amd64.S | 533 + + .../lib/libgcrypt/cipher/sha256-intel-shaext.c | 363 + + grub-core/lib/libgcrypt/cipher/sha256-ppc.c | 610 + + .../lib/libgcrypt/cipher/sha256-ssse3-amd64.S | 533 + + grub-core/lib/libgcrypt/cipher/sha256.c | 771 +- + grub-core/lib/libgcrypt/cipher/sha512-arm.S | 464 + + grub-core/lib/libgcrypt/cipher/sha512-armv7-neon.S | 452 + + .../lib/libgcrypt/cipher/sha512-armv8-aarch64-ce.S | 383 + + grub-core/lib/libgcrypt/cipher/sha512-avx-amd64.S | 466 + + .../lib/libgcrypt/cipher/sha512-avx2-bmi2-amd64.S | 507 + + .../lib/libgcrypt/cipher/sha512-avx512-amd64.S | 465 + + grub-core/lib/libgcrypt/cipher/sha512-ppc.c | 725 + + .../lib/libgcrypt/cipher/sha512-ssse3-amd64.S | 472 + + grub-core/lib/libgcrypt/cipher/sha512-ssse3-i386.c | 404 + + grub-core/lib/libgcrypt/cipher/sha512.c | 1304 +- + grub-core/lib/libgcrypt/cipher/sm3-aarch64.S | 660 + + .../lib/libgcrypt/cipher/sm3-armv8-aarch64-ce.S | 221 + + .../lib/libgcrypt/cipher/sm3-avx-bmi2-amd64.S | 555 + + grub-core/lib/libgcrypt/cipher/sm3.c | 565 + + grub-core/lib/libgcrypt/cipher/sm4-aarch64.S | 644 + + .../lib/libgcrypt/cipher/sm4-aesni-avx-amd64.S | 1058 + + .../lib/libgcrypt/cipher/sm4-aesni-avx2-amd64.S | 973 + + .../lib/libgcrypt/cipher/sm4-armv8-aarch64-ce.S | 731 + + .../libgcrypt/cipher/sm4-armv9-aarch64-sve-ce.S | 967 + + .../lib/libgcrypt/cipher/sm4-gfni-avx2-amd64.S | 1260 + + .../lib/libgcrypt/cipher/sm4-gfni-avx512-amd64.S | 1861 ++ + grub-core/lib/libgcrypt/cipher/sm4-ppc.c | 342 + + grub-core/lib/libgcrypt/cipher/sm4.c | 2070 ++ + grub-core/lib/libgcrypt/cipher/sntrup761.c | 1062 + + grub-core/lib/libgcrypt/cipher/sntrup761.h | 73 + + grub-core/lib/libgcrypt/cipher/stribog.c | 1362 + + grub-core/lib/libgcrypt/cipher/test-getrusage.c | 105 - + grub-core/lib/libgcrypt/cipher/tiger.c | 309 +- + grub-core/lib/libgcrypt/cipher/twofish-aarch64.S | 322 + + grub-core/lib/libgcrypt/cipher/twofish-amd64.S | 1258 + + grub-core/lib/libgcrypt/cipher/twofish-arm.S | 363 + + .../lib/libgcrypt/cipher/twofish-avx2-amd64.S | 1136 + + grub-core/lib/libgcrypt/cipher/twofish.c | 954 +- + .../lib/libgcrypt/cipher/whirlpool-sse2-amd64.S | 348 + + grub-core/lib/libgcrypt/cipher/whirlpool.c | 334 +- + grub-core/lib/libgcrypt/compat/Makefile.am | 48 + + grub-core/lib/libgcrypt/compat/clock.c | 36 + + grub-core/lib/libgcrypt/compat/compat.c | 40 + + grub-core/lib/libgcrypt/compat/getpid.c | 29 + + grub-core/lib/libgcrypt/compat/libcompat.h | 37 + + grub-core/lib/libgcrypt/config.h.in | 873 + + grub-core/lib/libgcrypt/configure | 25763 +++++++++++++++++++ + grub-core/lib/libgcrypt/configure.ac | 3883 +++ + grub-core/lib/libgcrypt/mkinstalldirs | 161 + + grub-core/lib/libgcrypt/mpi/ChangeLog-2011 | 17 +- + grub-core/lib/libgcrypt/mpi/Makefile.am | 16 +- + grub-core/lib/libgcrypt/mpi/Manifest | 41 - + .../mpi/{pentium4/sse2 => aarch64}/distfiles | 1 + + grub-core/lib/libgcrypt/mpi/aarch64/mpi-asm-defs.h | 4 + + grub-core/lib/libgcrypt/mpi/aarch64/mpih-add1.S | 75 + + grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul1.S | 100 + + grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul2.S | 112 + + grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul3.S | 125 + + grub-core/lib/libgcrypt/mpi/aarch64/mpih-sub1.S | 75 + + grub-core/lib/libgcrypt/mpi/alpha/README | 4 +- + grub-core/lib/libgcrypt/mpi/alpha/mpih-add1.S | 4 +- + grub-core/lib/libgcrypt/mpi/alpha/mpih-lshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/alpha/mpih-mul1.S | 4 +- + grub-core/lib/libgcrypt/mpi/alpha/mpih-mul2.S | 4 +- + grub-core/lib/libgcrypt/mpi/alpha/mpih-mul3.S | 4 +- + grub-core/lib/libgcrypt/mpi/alpha/mpih-rshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/alpha/mpih-sub1.S | 4 +- + grub-core/lib/libgcrypt/mpi/alpha/udiv-qrnnd.S | 4 +- + grub-core/lib/libgcrypt/mpi/amd64/distfiles | 1 + + grub-core/lib/libgcrypt/mpi/amd64/func_abi.h | 34 + + grub-core/lib/libgcrypt/mpi/amd64/mpi-asm-defs.h | 2 +- + grub-core/lib/libgcrypt/mpi/amd64/mpih-add1.S | 92 +- + grub-core/lib/libgcrypt/mpi/amd64/mpih-lshift.S | 54 +- + grub-core/lib/libgcrypt/mpi/amd64/mpih-mul1.S | 11 +- + grub-core/lib/libgcrypt/mpi/amd64/mpih-mul2.S | 53 +- + grub-core/lib/libgcrypt/mpi/amd64/mpih-mul3.S | 11 +- + grub-core/lib/libgcrypt/mpi/amd64/mpih-rshift.S | 56 +- + grub-core/lib/libgcrypt/mpi/amd64/mpih-sub1.S | 90 +- + .../lib/libgcrypt/mpi/{i586 => arm}/distfiles | 6 +- + grub-core/lib/libgcrypt/mpi/arm/mpi-asm-defs.h | 4 + + grub-core/lib/libgcrypt/mpi/arm/mpih-add1.S | 76 + + grub-core/lib/libgcrypt/mpi/arm/mpih-mul1.S | 80 + + grub-core/lib/libgcrypt/mpi/arm/mpih-mul2.S | 94 + + grub-core/lib/libgcrypt/mpi/arm/mpih-mul3.S | 100 + + grub-core/lib/libgcrypt/mpi/arm/mpih-sub1.S | 77 + + grub-core/lib/libgcrypt/mpi/asm-common-aarch64.h | 26 + + grub-core/lib/libgcrypt/mpi/asm-common-amd64.h | 26 + + grub-core/lib/libgcrypt/mpi/asm-common-i386.h | 26 + + grub-core/lib/libgcrypt/mpi/config.links | 182 +- + .../libgcrypt/{cipher/rmd.h => mpi/ec-ed25519.c} | 35 +- + grub-core/lib/libgcrypt/mpi/ec-hw-s390x.c | 412 + + grub-core/lib/libgcrypt/mpi/ec-inline.h | 1236 + + grub-core/lib/libgcrypt/mpi/ec-internal.h | 49 + + grub-core/lib/libgcrypt/mpi/ec-nist.c | 826 + + grub-core/lib/libgcrypt/mpi/ec.c | 2059 +- + grub-core/lib/libgcrypt/mpi/generic/Manifest | 29 - + grub-core/lib/libgcrypt/mpi/generic/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/generic/mpi-asm-defs.h | 16 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-add1.c | 10 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-lshift.c | 6 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-mul1.c | 8 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-mul2.c | 10 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-mul3.c | 8 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-rshift.c | 4 +- + grub-core/lib/libgcrypt/mpi/generic/mpih-sub1.c | 8 +- + grub-core/lib/libgcrypt/mpi/generic/udiv-w-sdiv.c | 4 +- + grub-core/lib/libgcrypt/mpi/hppa/mpih-add1.S | 4 +- + grub-core/lib/libgcrypt/mpi/hppa/mpih-lshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/hppa/mpih-rshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/hppa/mpih-sub1.S | 4 +- + grub-core/lib/libgcrypt/mpi/hppa/udiv-qrnnd.S | 4 +- + grub-core/lib/libgcrypt/mpi/i386/Manifest | 28 - + grub-core/lib/libgcrypt/mpi/i386/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/i386/mpih-add1.S | 51 +- + grub-core/lib/libgcrypt/mpi/i386/mpih-lshift.S | 16 +- + grub-core/lib/libgcrypt/mpi/i386/mpih-mul1.S | 16 +- + grub-core/lib/libgcrypt/mpi/i386/mpih-mul2.S | 16 +- + grub-core/lib/libgcrypt/mpi/i386/mpih-mul3.S | 16 +- + grub-core/lib/libgcrypt/mpi/i386/mpih-rshift.S | 18 +- + grub-core/lib/libgcrypt/mpi/i386/mpih-sub1.S | 51 +- + grub-core/lib/libgcrypt/mpi/i386/syntax.h | 16 +- + grub-core/lib/libgcrypt/mpi/i586/Manifest | 27 - + grub-core/lib/libgcrypt/mpi/i586/README | 26 - + grub-core/lib/libgcrypt/mpi/i586/mpih-add1.S | 135 - + grub-core/lib/libgcrypt/mpi/i586/mpih-lshift.S | 229 - + grub-core/lib/libgcrypt/mpi/i586/mpih-mul1.S | 89 - + grub-core/lib/libgcrypt/mpi/i586/mpih-mul2.S | 93 - + grub-core/lib/libgcrypt/mpi/i586/mpih-mul3.S | 93 - + grub-core/lib/libgcrypt/mpi/i586/mpih-rshift.S | 228 - + grub-core/lib/libgcrypt/mpi/i586/mpih-sub1.S | 142 - + grub-core/lib/libgcrypt/mpi/longlong.h | 967 +- + grub-core/lib/libgcrypt/mpi/m68k/Manifest | 25 - + grub-core/lib/libgcrypt/mpi/m68k/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/m68k/mc68020/Manifest | 23 - + grub-core/lib/libgcrypt/mpi/m68k/mc68020/distfiles | 1 - + .../lib/libgcrypt/mpi/m68k/mc68020/mpih-mul1.S | 4 +- + .../lib/libgcrypt/mpi/m68k/mc68020/mpih-mul2.S | 4 +- + .../lib/libgcrypt/mpi/m68k/mc68020/mpih-mul3.S | 4 +- + grub-core/lib/libgcrypt/mpi/m68k/mpih-add1.S | 4 +- + grub-core/lib/libgcrypt/mpi/m68k/mpih-lshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/m68k/mpih-rshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/m68k/mpih-sub1.S | 4 +- + grub-core/lib/libgcrypt/mpi/m68k/syntax.h | 6 +- + grub-core/lib/libgcrypt/mpi/mips3/Manifest | 28 - + grub-core/lib/libgcrypt/mpi/mips3/README | 2 +- + grub-core/lib/libgcrypt/mpi/mips3/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/mips3/mpih-add1.S | 4 +- + grub-core/lib/libgcrypt/mpi/mips3/mpih-lshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/mips3/mpih-mul1.S | 4 +- + grub-core/lib/libgcrypt/mpi/mips3/mpih-mul2.S | 4 +- + grub-core/lib/libgcrypt/mpi/mips3/mpih-mul3.S | 4 +- + grub-core/lib/libgcrypt/mpi/mips3/mpih-rshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/mips3/mpih-sub1.S | 4 +- + grub-core/lib/libgcrypt/mpi/mpi-add.c | 64 +- + grub-core/lib/libgcrypt/mpi/mpi-bit.c | 251 +- + grub-core/lib/libgcrypt/mpi/mpi-cmp.c | 45 +- + grub-core/lib/libgcrypt/mpi/mpi-div.c | 23 +- + grub-core/lib/libgcrypt/mpi/mpi-gcd.c | 15 +- + grub-core/lib/libgcrypt/mpi/mpi-inline.c | 4 +- + grub-core/lib/libgcrypt/mpi/mpi-inline.h | 4 +- + grub-core/lib/libgcrypt/mpi/mpi-internal.h | 60 +- + grub-core/lib/libgcrypt/mpi/mpi-inv.c | 312 +- + grub-core/lib/libgcrypt/mpi/mpi-mod.c | 54 +- + grub-core/lib/libgcrypt/mpi/mpi-mpow.c | 12 +- + grub-core/lib/libgcrypt/mpi/mpi-mul.c | 27 +- + grub-core/lib/libgcrypt/mpi/mpi-pow.c | 458 +- + grub-core/lib/libgcrypt/mpi/mpi-scan.c | 136 +- + grub-core/lib/libgcrypt/mpi/mpicoder.c | 759 +- + grub-core/lib/libgcrypt/mpi/mpih-const-time.c | 241 + + grub-core/lib/libgcrypt/mpi/mpih-div.c | 14 +- + grub-core/lib/libgcrypt/mpi/mpih-mul.c | 27 +- + grub-core/lib/libgcrypt/mpi/mpiutil.c | 488 +- + grub-core/lib/libgcrypt/mpi/pa7100/Manifest | 22 - + grub-core/lib/libgcrypt/mpi/pa7100/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/pa7100/mpih-lshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/pa7100/mpih-rshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/pentium4/README | 115 - + grub-core/lib/libgcrypt/mpi/pentium4/distfiles | 3 - + grub-core/lib/libgcrypt/mpi/pentium4/mmx/distfiles | 2 - + .../lib/libgcrypt/mpi/pentium4/mmx/mpih-lshift.S | 457 - + .../lib/libgcrypt/mpi/pentium4/mmx/mpih-rshift.S | 453 - + .../lib/libgcrypt/mpi/pentium4/sse2/mpih-add1.S | 91 - + .../lib/libgcrypt/mpi/pentium4/sse2/mpih-mul1.S | 96 - + .../lib/libgcrypt/mpi/pentium4/sse2/mpih-mul2.S | 136 - + .../lib/libgcrypt/mpi/pentium4/sse2/mpih-mul3.S | 127 - + .../lib/libgcrypt/mpi/pentium4/sse2/mpih-sub1.S | 112 - + grub-core/lib/libgcrypt/mpi/power/Manifest | 27 - + grub-core/lib/libgcrypt/mpi/power/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/power/mpih-add1.S | 4 +- + grub-core/lib/libgcrypt/mpi/power/mpih-lshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/power/mpih-mul1.S | 4 +- + grub-core/lib/libgcrypt/mpi/power/mpih-mul2.S | 4 +- + grub-core/lib/libgcrypt/mpi/power/mpih-mul3.S | 4 +- + grub-core/lib/libgcrypt/mpi/power/mpih-rshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/power/mpih-sub1.S | 4 +- + grub-core/lib/libgcrypt/mpi/powerpc32/Manifest | 28 - + grub-core/lib/libgcrypt/mpi/powerpc32/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/powerpc32/mpih-add1.S | 9 +- + .../lib/libgcrypt/mpi/powerpc32/mpih-lshift.S | 8 +- + grub-core/lib/libgcrypt/mpi/powerpc32/mpih-mul1.S | 10 +- + grub-core/lib/libgcrypt/mpi/powerpc32/mpih-mul2.S | 10 +- + grub-core/lib/libgcrypt/mpi/powerpc32/mpih-mul3.S | 9 +- + .../lib/libgcrypt/mpi/powerpc32/mpih-rshift.S | 10 +- + grub-core/lib/libgcrypt/mpi/powerpc32/mpih-sub1.S | 9 +- + grub-core/lib/libgcrypt/mpi/powerpc32/syntax.h | 5 +- + grub-core/lib/libgcrypt/mpi/sparc32/Manifest | 24 - + grub-core/lib/libgcrypt/mpi/sparc32/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/sparc32/mpih-add1.S | 4 +- + grub-core/lib/libgcrypt/mpi/sparc32/mpih-lshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/sparc32/mpih-rshift.S | 4 +- + grub-core/lib/libgcrypt/mpi/sparc32/udiv.S | 4 +- + grub-core/lib/libgcrypt/mpi/sparc32v8/Manifest | 23 - + grub-core/lib/libgcrypt/mpi/sparc32v8/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/sparc32v8/mpih-mul1.S | 4 +- + grub-core/lib/libgcrypt/mpi/sparc32v8/mpih-mul2.S | 4 +- + grub-core/lib/libgcrypt/mpi/sparc32v8/mpih-mul3.S | 4 +- + grub-core/lib/libgcrypt/mpi/supersparc/Manifest | 21 - + grub-core/lib/libgcrypt/mpi/supersparc/distfiles | 1 - + grub-core/lib/libgcrypt/mpi/supersparc/udiv.S | 4 +- + grub-core/lib/libgcrypt/src/ChangeLog-2011 | 75 +- + grub-core/lib/libgcrypt/src/Makefile.am | 89 +- + grub-core/lib/libgcrypt/src/Manifest | 58 - + grub-core/lib/libgcrypt/src/ath.c | 344 - + grub-core/lib/libgcrypt/src/ath.h | 147 - + grub-core/lib/libgcrypt/src/cipher-proto.h | 250 +- + grub-core/lib/libgcrypt/src/cipher.h | 167 +- + grub-core/lib/libgcrypt/src/const-time.c | 88 + + grub-core/lib/libgcrypt/src/const-time.h | 167 + + grub-core/lib/libgcrypt/src/context.c | 154 + + grub-core/lib/libgcrypt/src/context.h | 33 + + grub-core/lib/libgcrypt/src/dumpsexp.c | 25 +- + grub-core/lib/libgcrypt/src/ec-context.h | 107 + + grub-core/lib/libgcrypt/src/fips.c | 808 +- + grub-core/lib/libgcrypt/src/g10lib.h | 278 +- + grub-core/lib/libgcrypt/src/gcrypt-int.h | 595 + + grub-core/lib/libgcrypt/src/gcrypt-module.h | 240 - + grub-core/lib/libgcrypt/src/gcrypt-testapi.h | 70 + + grub-core/lib/libgcrypt/src/gcrypt.h.in | 1354 +- + grub-core/lib/libgcrypt/src/gcryptrnd.c | 680 - + grub-core/lib/libgcrypt/src/gen-note-integrity.sh | 123 + + grub-core/lib/libgcrypt/src/getrandom.c | 326 - + grub-core/lib/libgcrypt/src/global.c | 921 +- + grub-core/lib/libgcrypt/src/hmac256.c | 89 +- + grub-core/lib/libgcrypt/src/hmac256.h | 2 +- + grub-core/lib/libgcrypt/src/hwf-arm.c | 564 + + grub-core/lib/libgcrypt/src/hwf-common.h | 28 + + grub-core/lib/libgcrypt/src/hwf-ppc.c | 247 + + grub-core/lib/libgcrypt/src/hwf-s390x.c | 231 + + grub-core/lib/libgcrypt/src/hwf-x86.c | 512 + + grub-core/lib/libgcrypt/src/hwfeatures.c | 320 +- + grub-core/lib/libgcrypt/src/libgcrypt-config.in | 20 +- + grub-core/lib/libgcrypt/src/libgcrypt.def | 165 +- + grub-core/lib/libgcrypt/src/libgcrypt.m4 | 179 +- + grub-core/lib/libgcrypt/src/libgcrypt.pc.in | 18 + + grub-core/lib/libgcrypt/src/libgcrypt.vers | 93 +- + grub-core/lib/libgcrypt/src/misc.c | 452 +- + grub-core/lib/libgcrypt/src/missing-string.c | 4 +- + grub-core/lib/libgcrypt/src/module.c | 212 - + grub-core/lib/libgcrypt/src/mpi.h | 219 +- + grub-core/lib/libgcrypt/src/mpicalc.c | 627 + + grub-core/lib/libgcrypt/src/secmem.c | 625 +- + grub-core/lib/libgcrypt/src/secmem.h | 17 +- + grub-core/lib/libgcrypt/src/sexp.c | 1384 +- + grub-core/lib/libgcrypt/src/stdmem.c | 145 +- + grub-core/lib/libgcrypt/src/stdmem.h | 13 +- + grub-core/lib/libgcrypt/src/types.h | 160 +- + grub-core/lib/libgcrypt/src/versioninfo.rc.in | 2 +- + grub-core/lib/libgcrypt/src/visibility.c | 1040 +- + grub-core/lib/libgcrypt/src/visibility.h | 1234 +- + 468 files changed, 210391 insertions(+), 33061 deletions(-) + create mode 100644 grub-core/lib/libgcrypt/AUTHORS + create mode 100644 grub-core/lib/libgcrypt/COPYING + create mode 100644 grub-core/lib/libgcrypt/COPYING.LIB + create mode 100644 grub-core/lib/libgcrypt/LICENSES + create mode 100644 grub-core/lib/libgcrypt/README + create mode 100644 grub-core/lib/libgcrypt/README.GIT + create mode 100644 grub-core/lib/libgcrypt/THANKS + create mode 100644 grub-core/lib/libgcrypt/VERSION + delete mode 100644 grub-core/lib/libgcrypt/cipher/ChangeLog + delete mode 100644 grub-core/lib/libgcrypt/cipher/Manifest + delete mode 100644 grub-core/lib/libgcrypt/cipher/ac.c + create mode 100644 grub-core/lib/libgcrypt/cipher/arcfour-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/aria-aesni-avx-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/aria-aesni-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/aria-gfni-avx512-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/aria.c + create mode 100644 grub-core/lib/libgcrypt/cipher/asm-common-aarch64.h + create mode 100644 grub-core/lib/libgcrypt/cipher/asm-common-amd64.h + create mode 100644 grub-core/lib/libgcrypt/cipher/asm-common-i386.h + create mode 100644 grub-core/lib/libgcrypt/cipher/asm-common-s390x.h + create mode 100644 grub-core/lib/libgcrypt/cipher/asm-inline-s390x.h + create mode 100644 grub-core/lib/libgcrypt/cipher/asm-poly1305-aarch64.h + create mode 100644 grub-core/lib/libgcrypt/cipher/asm-poly1305-amd64.h + create mode 100644 grub-core/lib/libgcrypt/cipher/asm-poly1305-s390x.h + create mode 100644 grub-core/lib/libgcrypt/cipher/blake2.c + create mode 100644 grub-core/lib/libgcrypt/cipher/blake2b-amd64-avx2.S + create mode 100644 grub-core/lib/libgcrypt/cipher/blake2b-amd64-avx512.S + create mode 100644 grub-core/lib/libgcrypt/cipher/blake2s-amd64-avx.S + create mode 100644 grub-core/lib/libgcrypt/cipher/blake2s-amd64-avx512.S + create mode 100644 grub-core/lib/libgcrypt/cipher/blowfish-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/blowfish-arm.S + create mode 100644 grub-core/lib/libgcrypt/cipher/bulkhelp.h + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aarch64-ce.c + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aarch64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aesni-avx-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aesni-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aesni-avx2-amd64.h + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-arm.S + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-gfni-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-gfni-avx512-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-ppc8le.c + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-ppc9le.c + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-simd128.h + create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-vaes-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/cast5-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/cast5-arm.S + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-aarch64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-amd64-avx2.S + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-amd64-avx512.S + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-amd64-ssse3.S + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-armv7-neon.S + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-p10le-8x.s + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-ppc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-s390x.S + create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-aeswrap.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-cbc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-ccm.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-cfb.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-cmac.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-ctr.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-eax.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-armv7-neon.S + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-armv8-aarch32-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-armv8-aarch64-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-intel-pclmul.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-ppc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-siv.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-internal.h + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-ocb.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-ofb.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-poly1305.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-siv.c + create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-xts.c + create mode 100644 grub-core/lib/libgcrypt/cipher/crc-armv8-aarch64-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/crc-armv8-ce.c + create mode 100644 grub-core/lib/libgcrypt/cipher/crc-intel-pclmul.c + create mode 100644 grub-core/lib/libgcrypt/cipher/crc-ppc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/des-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/dsa-common.c + create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-common.h + create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-curves.c + create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-ecdh.c + create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-ecdsa.c + create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-eddsa.c + create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-gost.c + create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-misc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-sm2.c + create mode 100644 grub-core/lib/libgcrypt/cipher/gost-s-box.c + create mode 100644 grub-core/lib/libgcrypt/cipher/gost-sb.h + create mode 100644 grub-core/lib/libgcrypt/cipher/gost.h + create mode 100644 grub-core/lib/libgcrypt/cipher/gost28147.c + create mode 100644 grub-core/lib/libgcrypt/cipher/gostr3411-94.c + delete mode 100644 grub-core/lib/libgcrypt/cipher/hmac-tests.c + create mode 100644 grub-core/lib/libgcrypt/cipher/kdf-internal.h + create mode 100644 grub-core/lib/libgcrypt/cipher/keccak-amd64-avx512.S + create mode 100644 grub-core/lib/libgcrypt/cipher/keccak-armv7-neon.S + create mode 100644 grub-core/lib/libgcrypt/cipher/keccak.c + create mode 100644 grub-core/lib/libgcrypt/cipher/keccak_permute_32.h + create mode 100644 grub-core/lib/libgcrypt/cipher/keccak_permute_64.h + create mode 100644 grub-core/lib/libgcrypt/cipher/kem-ecc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/kem-ecc.h + create mode 100644 grub-core/lib/libgcrypt/cipher/kem.c + create mode 100644 grub-core/lib/libgcrypt/cipher/kyber-common.c + create mode 100644 grub-core/lib/libgcrypt/cipher/kyber-kdep.c + create mode 100644 grub-core/lib/libgcrypt/cipher/kyber.c + create mode 100644 grub-core/lib/libgcrypt/cipher/kyber.h + create mode 100644 grub-core/lib/libgcrypt/cipher/mac-cmac.c + create mode 100644 grub-core/lib/libgcrypt/cipher/mac-gmac.c + create mode 100644 grub-core/lib/libgcrypt/cipher/mac-hmac.c + create mode 100644 grub-core/lib/libgcrypt/cipher/mac-internal.h + create mode 100644 grub-core/lib/libgcrypt/cipher/mac-poly1305.c + create mode 100644 grub-core/lib/libgcrypt/cipher/mac.c + create mode 100644 grub-core/lib/libgcrypt/cipher/mceliece6688128f.c + create mode 100644 grub-core/lib/libgcrypt/cipher/mceliece6688128f.h + create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305-amd64-avx512.S + create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305-internal.h + create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305-p10le.s + create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305-s390x.S + create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305.c + create mode 100644 grub-core/lib/libgcrypt/cipher/pubkey-internal.h + create mode 100644 grub-core/lib/libgcrypt/cipher/pubkey-util.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-aarch64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-aesni.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-arm.S + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-armv8-aarch32-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-armv8-aarch64-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-armv8-ce.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-gcm-p10le.s + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-internal.h + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-p10le.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-padlock.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ppc-common.h + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ppc-functions.h + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ppc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ppc9le.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-s390x.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ssse3-amd64-asm.S + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ssse3-amd64.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-vaes-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-vaes-avx2-i386.S + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-vaes-i386.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-vaes.c + create mode 100644 grub-core/lib/libgcrypt/cipher/rsa-common.c + create mode 100644 grub-core/lib/libgcrypt/cipher/salsa20-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/salsa20-armv7-neon.S + create mode 100644 grub-core/lib/libgcrypt/cipher/salsa20.c + create mode 100644 grub-core/lib/libgcrypt/cipher/scrypt.c + create mode 100644 grub-core/lib/libgcrypt/cipher/serpent-armv7-neon.S + create mode 100644 grub-core/lib/libgcrypt/cipher/serpent-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/serpent-avx512-x86.c + create mode 100644 grub-core/lib/libgcrypt/cipher/serpent-sse2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-armv7-neon.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-armv8-aarch32-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-armv8-aarch64-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-avx-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-avx-bmi2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-avx2-bmi2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-intel-shaext.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-ssse3-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha1.h + create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-armv8-aarch32-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-armv8-aarch64-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-avx-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-avx2-bmi2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-intel-shaext.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-ppc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-ssse3-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-arm.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-armv7-neon.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-armv8-aarch64-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-avx-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-avx2-bmi2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-avx512-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-ppc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-ssse3-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-ssse3-i386.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sm3-aarch64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm3-armv8-aarch64-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm3-avx-bmi2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm3.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-aarch64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-aesni-avx-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-aesni-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-armv8-aarch64-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-armv9-aarch64-sve-ce.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-gfni-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-gfni-avx512-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-ppc.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sm4.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sntrup761.c + create mode 100644 grub-core/lib/libgcrypt/cipher/sntrup761.h + create mode 100644 grub-core/lib/libgcrypt/cipher/stribog.c + delete mode 100644 grub-core/lib/libgcrypt/cipher/test-getrusage.c + create mode 100644 grub-core/lib/libgcrypt/cipher/twofish-aarch64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/twofish-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/twofish-arm.S + create mode 100644 grub-core/lib/libgcrypt/cipher/twofish-avx2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/cipher/whirlpool-sse2-amd64.S + create mode 100644 grub-core/lib/libgcrypt/compat/Makefile.am + create mode 100644 grub-core/lib/libgcrypt/compat/clock.c + create mode 100644 grub-core/lib/libgcrypt/compat/compat.c + create mode 100644 grub-core/lib/libgcrypt/compat/getpid.c + create mode 100644 grub-core/lib/libgcrypt/compat/libcompat.h + create mode 100644 grub-core/lib/libgcrypt/config.h.in + create mode 100755 grub-core/lib/libgcrypt/configure + create mode 100644 grub-core/lib/libgcrypt/configure.ac + create mode 100755 grub-core/lib/libgcrypt/mkinstalldirs + delete mode 100644 grub-core/lib/libgcrypt/mpi/Manifest + rename grub-core/lib/libgcrypt/mpi/{pentium4/sse2 => aarch64}/distfiles (80%) + create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpi-asm-defs.h + create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-add1.S + create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul1.S + create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul2.S + create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul3.S + create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-sub1.S + create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/func_abi.h + rename grub-core/lib/libgcrypt/mpi/{i586 => arm}/distfiles (57%) + create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpi-asm-defs.h + create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-add1.S + create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-mul1.S + create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-mul2.S + create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-mul3.S + create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-sub1.S + create mode 100644 grub-core/lib/libgcrypt/mpi/asm-common-aarch64.h + create mode 100644 grub-core/lib/libgcrypt/mpi/asm-common-amd64.h + create mode 100644 grub-core/lib/libgcrypt/mpi/asm-common-i386.h + rename grub-core/lib/libgcrypt/{cipher/rmd.h => mpi/ec-ed25519.c} (51%) + create mode 100644 grub-core/lib/libgcrypt/mpi/ec-hw-s390x.c + create mode 100644 grub-core/lib/libgcrypt/mpi/ec-inline.h + create mode 100644 grub-core/lib/libgcrypt/mpi/ec-internal.h + create mode 100644 grub-core/lib/libgcrypt/mpi/ec-nist.c + delete mode 100644 grub-core/lib/libgcrypt/mpi/generic/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/i386/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/README + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/mpih-add1.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/mpih-lshift.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/mpih-mul1.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/mpih-mul2.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/mpih-mul3.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/mpih-rshift.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/i586/mpih-sub1.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/m68k/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mc68020/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/mips3/Manifest + create mode 100644 grub-core/lib/libgcrypt/mpi/mpih-const-time.c + delete mode 100644 grub-core/lib/libgcrypt/mpi/pa7100/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/README + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/distfiles + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/mmx/distfiles + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/mmx/mpih-lshift.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/mmx/mpih-rshift.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/sse2/mpih-add1.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/sse2/mpih-mul1.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/sse2/mpih-mul2.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/sse2/mpih-mul3.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/pentium4/sse2/mpih-sub1.S + delete mode 100644 grub-core/lib/libgcrypt/mpi/power/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/sparc32/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/sparc32v8/Manifest + delete mode 100644 grub-core/lib/libgcrypt/mpi/supersparc/Manifest + delete mode 100644 grub-core/lib/libgcrypt/src/Manifest + delete mode 100644 grub-core/lib/libgcrypt/src/ath.c + delete mode 100644 grub-core/lib/libgcrypt/src/ath.h + create mode 100644 grub-core/lib/libgcrypt/src/const-time.c + create mode 100644 grub-core/lib/libgcrypt/src/const-time.h + create mode 100644 grub-core/lib/libgcrypt/src/context.c + create mode 100644 grub-core/lib/libgcrypt/src/context.h + create mode 100644 grub-core/lib/libgcrypt/src/ec-context.h + create mode 100644 grub-core/lib/libgcrypt/src/gcrypt-int.h + delete mode 100644 grub-core/lib/libgcrypt/src/gcrypt-module.h + create mode 100644 grub-core/lib/libgcrypt/src/gcrypt-testapi.h + delete mode 100644 grub-core/lib/libgcrypt/src/gcryptrnd.c + create mode 100755 grub-core/lib/libgcrypt/src/gen-note-integrity.sh + delete mode 100644 grub-core/lib/libgcrypt/src/getrandom.c + create mode 100644 grub-core/lib/libgcrypt/src/hwf-arm.c + create mode 100644 grub-core/lib/libgcrypt/src/hwf-common.h + create mode 100644 grub-core/lib/libgcrypt/src/hwf-ppc.c + create mode 100644 grub-core/lib/libgcrypt/src/hwf-s390x.c + create mode 100644 grub-core/lib/libgcrypt/src/hwf-x86.c + create mode 100644 grub-core/lib/libgcrypt/src/libgcrypt.pc.in + delete mode 100644 grub-core/lib/libgcrypt/src/module.c + create mode 100644 grub-core/lib/libgcrypt/src/mpicalc.c + +diff --git a/grub-core/lib/libgcrypt/AUTHORS b/grub-core/lib/libgcrypt/AUTHORS +new file mode 100644 +index 0000000..f916160 +--- /dev/null ++++ b/grub-core/lib/libgcrypt/AUTHORS +@@ -0,0 +1,274 @@ ++Library: Libgcrypt ++Homepage: https://gnupg.org/related_software/libgcrypt/ ++Download: https://gnupg.org/ftp/gcrypt/libgcrypt/ ++Repository: git://git.gnupg.org/libgcrypt.git ++Maintainer: Werner Koch ++Bug reports: https://bugs.gnupg.org ++Security related bug reports: ++End-of-life: TBD ++License (library): LGPLv2.1+ ++License (manual and tools): GPLv2+ ++ ++ ++Libgcrypt is free software. See the files COPYING.LIB and COPYING for ++copying conditions, and LICENSES for notices about a few contributions ++that require these additional notices to be distributed. License ++copyright years may be listed using range notation, e.g., 2000-2013, ++indicating that every year in the range, inclusive, is a copyrightable ++year that would otherwise be listed individually. ++ ++ ++List of Copyright holders ++========================= ++ ++ Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. ++ Copyright (C) 1994 X Consortium ++ Copyright (C) 1996 L. Peter Deutsch ++ Copyright (C) 1997 Werner Koch ++ Copyright (C) 1998 The Internet Society ++ Copyright (C) 1996-1999 Peter Gutmann, Paul Kendall, and Chris Wedgwood ++ Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett ++ Copyright (C) 2003 Nikos Mavroyanopoulos ++ Copyright (c) 2006 CRYPTOGAMS ++ Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation) ++ Copyright (C) 2012-2024 g10 Code GmbH ++ Copyright (C) 2012 Simon Josefsson, Niels Möller ++ Copyright (c) 2012 Intel Corporation ++ Copyright (C) 2013 Christian Grothoff ++ Copyright (C) 2013-2024 Jussi Kivilinna ++ Copyright (C) 2013-2014 Dmitry Eremin-Solenikov ++ Copyright (C) 2014 Stephan Mueller ++ Copyright (C) 2017 Jia Zhang ++ Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik ++ Copyright (C) 2020 Alibaba Group. ++ Copyright (C) 2020 Tianjia Zhang ++ Copyright (C) 2023 Simon Josefsson ++ ++ ++Authors with a FSF copyright assignment ++======================================= ++ ++LIBGCRYPT Werner Koch 2001-06-07 ++Assigns past and future changes. ++Assignment for future changes terminated on 2012-12-04. ++wk@gnupg.org ++Designed and implemented Libgcrypt. ++ ++GNUPG Matthew Skala 1998-08-10 ++Disclaims changes. ++mskala@ansuz.sooke.bc.ca ++Wrote cipher/twofish.c. ++ ++GNUPG Natural Resources Canada 1998-08-11 ++Disclaims changes by Matthew Skala. ++ ++GNUPG Michael Roth Germany 1998-09-17 ++Assigns changes. ++mroth@nessie.de ++Wrote cipher/des.c. ++Changes and bug fixes all over the place. ++ ++GNUPG Niklas Hernaeus 1998-09-18 ++Disclaims changes. ++nh@df.lth.se ++Weak key patches. ++ ++GNUPG Rémi Guyomarch 1999-05-25 ++Assigns past and future changes. (g10/compress.c, g10/encr-data.c, ++g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c) ++rguyom@mail.dotcom.fr ++ ++ANY g10 Code GmbH 2001-06-07 ++Assignment for future changes terminated on 2012-12-04. ++Code marked with ChangeLog entries of g10 Code employees. ++ ++LIBGCRYPT Timo Schulz 2001-08-31 ++Assigns past and future changes. ++twoaday@freakmail.de ++ ++LIBGCRYPT Simon Josefsson 2002-10-25 ++Assigns past and future changes to FSF (cipher/{md4,crc}.c, CTR mode, ++CTS/MAC flags, self test improvements) ++simon@josefsson.org ++ ++LIBGCRYPT Moritz Schulte 2003-04-17 ++Assigns past and future changes. ++moritz@g10code.com ++ ++GNUTLS Nikolaos Mavrogiannopoulos 2003-11-22 ++nmav@gnutls.org ++Original code for cipher/rfc2268.c. ++ ++LIBGCRYPT The Written Word 2005-04-15 ++Assigns past and future changes. (new: src/libgcrypt.pc.in, ++src/Makefile.am, src/secmem.c, mpi/hppa1.1/mpih-mul3.S, ++mpi/hppa1.1/udiv-qrnnd.S, mpi/hppa1.1/mpih-mul2.S, ++mpi/hppa1.1/mpih-mul1.S, mpi/Makefile.am, tests/prime.c, ++tests/register.c, tests/ac.c, tests/basic.c, tests/tsexp.c, ++tests/keygen.c, tests/pubkey.c, configure.ac, acinclude.m4) ++ ++LIBGCRYPT Brad Hards 2006-02-09 ++Assigns Past and Future Changes ++bradh@frogmouth.net ++(Added OFB mode. Changed cipher/cipher.c, test/basic.c doc/gcrypt.tex. ++ added SHA-224, changed cipher/sha256.c, added HMAC tests.) ++ ++LIBGCRYPT Hye-Shik Chang 2006-09-07 ++Assigns Past and Future Changes ++perky@freebsd.org ++(SEED cipher) ++ ++LIBGCRYPT Werner Dittmann 2009-05-20 ++Assigns Past and Future Changes ++werner.dittmann@t-online.de ++(mpi/amd64, tests/mpitests.c) ++ ++GNUPG David Shaw ++Assigns past and future changes. ++dshaw@jabberwocky.com ++(cipher/camellia-glue.c and related stuff) ++ ++LIBGCRYPT Andrey Jivsov 2010-12-09 ++Assigns Past and Future Changes ++openpgp@brainhub.org ++(cipher/ecc.c and related files) ++ ++LIBGCRYPT Ulrich Müller 2012-02-15 ++Assigns Past and Future Changes ++ulm@gentoo.org ++(Changes to cipher/idea.c and related files) ++ ++LIBGCRYPT Vladimir Serbinenko 2012-04-26 ++Assigns Past and Future Changes ++phcoder@gmail.com ++(cipher/serpent.c) ++ ++ ++Authors with a DCO ++================== ++ ++Andrei Scherer ++2014-08-22:BF7CEF794F9.000003F0andsch@inbox.com: ++ ++Christian Aistleitner ++2013-02-26:20130226110144.GA12678@quelltextlich.at: ++ ++Christian Grothoff ++2013-03-21:514B5D8A.6040705@grothoff.org: ++ ++Clemens Lang ++2022-02-10:20220210133844.46581-1-cllang@redhat.com: ++ ++Danny Tsen ++2021-12-20:OF85D11C2F.7A339D7D-ON002587B1.0042A81E-002587B1.0042B94D@ibm.com ++ ++Dmitry Baryshkov ++Dmitry Eremin-Solenikov ++2013-07-13:20130713144407.GA27334@fangorn.rup.mentorg.com: ++ ++Dmitry Kasatkin ++2012-12-14:50CAE2DB.80302@intel.com: ++ ++Falko Strenzke ++2023-09-27:51677567-0b78-4665-805d-fd0cdd50f7fa@mtg.de: ++ ++H.J. Lu ++2020-01-19:20200119135241.GA4970@gmail.com: ++ ++Jia Zhang ++2017-10-17:59E56E30.9060503@alibaba-inc.com: ++ ++Jérémie Courrèges-Anglas ++2016-05-26:87bn3ssqg0.fsf@ritchie.wxcvbn.org: ++ ++Jussi Kivilinna ++2012-11-15:20121115172331.150537dzb5i6jmy8@www.dalek.fi: ++ ++Jussi Kivilinna ++2013-05-06:5186720A.4090101@iki.fi: ++ ++Markus Teich ++2014-10-08:20141008180509.GA2770@trolle: ++ ++Martin Storsjö ++2018-03-28:dc1605ce-a47d-34c5-8851-d9569f9ea5d3@martin.st: ++ ++Mathias L. Baumann ++2017-01-30:07c06d79-0828-b564-d604-fd16c7c86ebe@sociomantic.com: ++ ++Milan Broz ++2014-01-13:52D44CC6.4050707@gmail.com: ++ ++Paul Wolneykien ++2019-11-19:20191119204459.312927aa@rigel.localdomain: ++ ++Peter Wu ++2015-07-22:20150722191325.GA8113@al: ++ ++Rafaël Carré ++2012-04-20:4F91988B.1080502@videolan.org: ++ ++Sergey V. ++2013-11-07:2066221.5IYa7Yq760@darkstar: ++ ++Shawn Landden ++2019-07-09:2794651562684255@iva4-64850291ca1c.qloud-c.yandex.net: ++ ++Simit Ghane ++2024-05-06:OF22575887.761836D9-ON48258B15.0044A21E-48258B15.0044A222@lge.com: ++ ++Stephan Mueller ++2014-08-22:2008899.25OeoelVVA@myon.chronox.de: ++ ++Tianjia Zhang ++2020-01-08:dcda0127-2f45-93a3-0736-27259a33bffa@linux.alibaba.com: ++ ++Tomáš Mráz ++2012-04-16:1334571250.5056.52.camel@vespa.frost.loc: ++ ++Vitezslav Cizek ++2015-11-05:20151105131424.GA32700@kolac.suse.cz: ++ ++Werner Koch (g10 Code GmbH) ++2012-12-05:87obi8u4h2.fsf@vigenere.g10code.de: ++ ++ ++More credits ++============ ++ ++Libgcrypt used to be part of GnuPG but has been taken out into its own ++package on 2000-12-21. ++ ++Most of the stuff in mpi has been taken from an old GMP library ++version by Torbjorn Granlund . ++ ++The files cipher/rndunix.c and cipher/rndw32.c are based on those ++files from Cryptlib. Copyright Peter Gutmann, Paul Kendall, and Chris ++Wedgwood 1996-1999. ++ ++The ECC code cipher/ecc.c was based on code by Sergi Blanch i Torne, ++sergi at calcurco dot org. ++ ++The implementation of the Camellia cipher has been been taken from the ++original NTT provided GPL source. ++ ++The CAVS testing program tests/cavs_driver.pl is not to be considered ++a part of libgcrypt proper. We distribute it merely for convenience. ++It has a permissive license and is copyrighted by atsec information ++security corporation. See the file for details. ++ ++The file salsa20.c is based on D.J. Bernstein's public domain code and ++taken from Nettle. Copyright 2012 Simon Josefsson and Niels Möller. ++ ++The sntrup761 code is based on public domain code written by Daniel ++J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Christine ++van Vredendaal. Copyright 2023 Simon Josefsson. ++ ++ ++ This file is free software; as a special exception the author gives ++ unlimited permission to copy and/or distribute it, with or without ++ modifications, as long as this notice is preserved. ++ ++ This file is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the ++ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +diff --git a/grub-core/lib/libgcrypt/COPYING b/grub-core/lib/libgcrypt/COPYING +new file mode 100644 +index 0000000..d159169 +--- /dev/null ++++ b/grub-core/lib/libgcrypt/COPYING +@@ -0,0 +1,339 @@ ++ GNU GENERAL PUBLIC LICENSE ++ Version 2, June 1991 ++ ++ Copyright (C) 1989, 1991 Free Software Foundation, Inc., ++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ Everyone is permitted to copy and distribute verbatim copies ++ of this license document, but changing it is not allowed. ++ ++ Preamble ++ ++ The licenses for most software are designed to take away your ++freedom to share and change it. By contrast, the GNU General Public ++License is intended to guarantee your freedom to share and change free ++software--to make sure the software is free for all its users. This ++General Public License applies to most of the Free Software ++Foundation's software and to any other program whose authors commit to ++using it. (Some other Free Software Foundation software is covered by ++the GNU Lesser General Public License instead.) You can apply it to ++your programs, too. ++ ++ When we speak of free software, we are referring to freedom, not ++price. Our General Public Licenses are designed to make sure that you ++have the freedom to distribute copies of free software (and charge for ++this service if you wish), that you receive source code or can get it ++if you want it, that you can change the software or use pieces of it ++in new free programs; and that you know you can do these things. ++ ++ To protect your rights, we need to make restrictions that forbid ++anyone to deny you these rights or to ask you to surrender the rights. ++These restrictions translate to certain responsibilities for you if you ++distribute copies of the software, or if you modify it. ++ ++ For example, if you distribute copies of such a program, whether ++gratis or for a fee, you must give the recipients all the rights that ++you have. You must make sure that they, too, receive or can get the ++source code. And you must show them these terms so they know their ++rights. ++ ++ We protect your rights with two steps: (1) copyright the software, and ++(2) offer you this license which gives you legal permission to copy, ++distribute and/or modify the software. ++ ++ Also, for each author's protection and ours, we want to make certain ++that everyone understands that there is no warranty for this free ++software. If the software is modified by someone else and passed on, we ++want its recipients to know that what they have is not the original, so ++that any problems introduced by others will not reflect on the original ++authors' reputations. ++ ++ Finally, any free program is threatened constantly by software ++patents. We wish to avoid the danger that redistributors of a free ++program will individually obtain patent licenses, in effect making the ++program proprietary. To prevent this, we have made it clear that any ++patent must be licensed for everyone's free use or not licensed at all. ++ ++ The precise terms and conditions for copying, distribution and ++modification follow. ++ ++ GNU GENERAL PUBLIC LICENSE ++ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION ++ ++ 0. This License applies to any program or other work which contains ++a notice placed by the copyright holder saying it may be distributed ++under the terms of this General Public License. The "Program", below, ++refers to any such program or work, and a "work based on the Program" ++means either the Program or any derivative work under copyright law: ++that is to say, a work containing the Program or a portion of it, ++either verbatim or with modifications and/or translated into another ++language. (Hereinafter, translation is included without limitation in ++the term "modification".) Each licensee is addressed as "you". ++ ++Activities other than copying, distribution and modification are not ++covered by this License; they are outside its scope. The act of ++running the Program is not restricted, and the output from the Program ++is covered only if its contents constitute a work based on the ++Program (independent of having been made by running the Program). ++Whether that is true depends on what the Program does. ++ ++ 1. You may copy and distribute verbatim copies of the Program's ++source code as you receive it, in any medium, provided that you ++conspicuously and appropriately publish on each copy an appropriate ++copyright notice and disclaimer of warranty; keep intact all the ++notices that refer to this License and to the absence of any warranty; ++and give any other recipients of the Program a copy of this License ++along with the Program. ++ ++You may charge a fee for the physical act of transferring a copy, and ++you may at your option offer warranty protection in exchange for a fee. ++ ++ 2. You may modify your copy or copies of the Program or any portion ++of it, thus forming a work based on the Program, and copy and ++distribute such modifications or work under the terms of Section 1 ++above, provided that you also meet all of these conditions: ++ ++ a) You must cause the modified files to carry prominent notices ++ stating that you changed the files and the date of any change. ++ ++ b) You must cause any work that you distribute or publish, that in ++ whole or in part contains or is derived from the Program or any ++ part thereof, to be licensed as a whole at no charge to all third ++ parties under the terms of this License. ++ ++ c) If the modified program normally reads commands interactively ++ when run, you must cause it, when started running for such ++ interactive use in the most ordinary way, to print or display an ++ announcement including an appropriate copyright notice and a ++ notice that there is no warranty (or else, saying that you provide ++ a warranty) and that users may redistribute the program under ++ these conditions, and telling the user how to view a copy of this ++ License. (Exception: if the Program itself is interactive but ++ does not normally print such an announcement, your work based on ++ the Program is not required to print an announcement.) ++ ++These requirements apply to the modified work as a whole. If ++identifiable sections of that work are not derived from the Program, ++and can be reasonably considered independent and separate works in ++themselves, then this License, and its terms, do not apply to those ++sections when you distribute them as separate works. But when you ++distribute the same sections as part of a whole which is a work based ++on the Program, the distribution of the whole must be on the terms of ++this License, whose permissions for other licensees extend to the ++entire whole, and thus to each and every part regardless of who wrote it. ++ ++Thus, it is not the intent of this section to claim rights or contest ++your rights to work written entirely by you; rather, the intent is to ++exercise the right to control the distribution of derivative or ++collective works based on the Program. ++ ++In addition, mere aggregation of another work not based on the Program ++with the Program (or with a work based on the Program) on a volume of ++a storage or distribution medium does not bring the other work under ++the scope of this License. ++ ++ 3. You may copy and distribute the Program (or a work based on it, ++under Section 2) in object code or executable form under the terms of ++Sections 1 and 2 above provided that you also do one of the following: ++ ++ a) Accompany it with the complete corresponding machine-readable ++ source code, which must be distributed under the terms of Sections ++ 1 and 2 above on a medium customarily used for software interchange; or, ++ ++ b) Accompany it with a written offer, valid for at least three ++ years, to give any third party, for a charge no more than your ++ cost of physically performing source distribution, a complete ++ machine-readable copy of the corresponding source code, to be ++ distributed under the terms of Sections 1 and 2 above on a medium ++ customarily used for software interchange; or, ++ ++ c) Accompany it with the information you received as to the offer ++ to distribute corresponding source code. (This alternative is ++ allowed only for noncommercial distribution and only if you ++ received the program in object code or executable form with such ++ an offer, in accord with Subsection b above.) ++ ++The source code for a work means the preferred form of the work for ++making modifications to it. For an executable work, complete source ++code means all the source code for all modules it contains, plus any ++associated interface definition files, plus the scripts used to ++control compilation and installation of the executable. However, as a ++special exception, the source code distributed need not include ++anything that is normally distributed (in either source or binary ++form) with the major components (compiler, kernel, and so on) of the ++operating system on which the executable runs, unless that component ++itself accompanies the executable. ++ ++If distribution of executable or object code is made by offering ++access to copy from a designated place, then offering equivalent ++access to copy the source code from the same place counts as ++distribution of the source code, even though third parties are not ++compelled to copy the source along with the object code. ++ ++ 4. You may not copy, modify, sublicense, or distribute the Program ++except as expressly provided under this License. Any attempt ++otherwise to copy, modify, sublicense or distribute the Program is ++void, and will automatically terminate your rights under this License. ++However, parties who have received copies, or rights, from you under ++this License will not have their licenses terminated so long as such ++parties remain in full compliance. ++ ++ 5. You are not required to accept this License, since you have not ++signed it. However, nothing else grants you permission to modify or ++distribute the Program or its derivative works. These actions are ++prohibited by law if you do not accept this License. Therefore, by ++modifying or distributing the Program (or any work based on the ++Program), you indicate your acceptance of this License to do so, and ++all its terms and conditions for copying, distributing or modifying ++the Program or works based on it. ++ ++ 6. Each time you redistribute the Program (or any work based on the ++Program), the recipient automatically receives a license from the ++original licensor to copy, distribute or modify the Program subject to ++these terms and conditions. You may not impose any further ++restrictions on the recipients' exercise of the rights granted herein. ++You are not responsible for enforcing compliance by third parties to ++this License. ++ ++ 7. If, as a consequence of a court judgment or allegation of patent ++infringement or for any other reason (not limited to patent issues), ++conditions are imposed on you (whether by court order, agreement or ++otherwise) that contradict the conditions of this License, they do not ++excuse you from the conditions of this License. If you cannot ++distribute so as to satisfy simultaneously your obligations under this ++License and any other pertinent obligations, then as a consequence you ++may not distribute the Program at all. For example, if a patent ++license would not permit royalty-free redistribution of the Program by ++all those who receive copies directly or indirectly through you, then ++the only way you could satisfy both it and this License would be to ++refrain entirely from distribution of the Program. ++ ++If any portion of this section is held invalid or unenforceable under ++any particular circumstance, the balance of the section is intended to ++apply and the section as a whole is intended to apply in other ++circumstances. ++ ++It is not the purpose of this section to induce you to infringe any ++patents or other property right claims or to contest validity of any ++such claims; this section has the sole purpose of protecting the ++integrity of the free software distribution system, which is ++implemented by public license practices. Many people have made ++generous contributions to the wide range of software distributed ++through that system in reliance on consistent application of that ++system; it is up to the author/donor to decide if he or she is willing ++to distribute software through any other system and a licensee cannot ++impose that choice. ++ ++This section is intended to make thoroughly clear what is believed to ++be a consequence of the rest of this License. ++ ++ 8. If the distribution and/or use of the Program is restricted in ++certain countries either by patents or by copyrighted interfaces, the ++original copyright holder who places the Program under this License ++may add an explicit geographical distribution limitation excluding ++those countries, so that distribution is permitted only in or among ++countries not thus excluded. In such case, this License incorporates ++the limitation as if written in the body of this License. ++ ++ 9. The Free Software Foundation may publish revised and/or new versions ++of the General Public License from time to time. Such new versions will ++be similar in spirit to the present version, but may differ in detail to ++address new problems or concerns. ++ ++Each version is given a distinguishing version number. If the Program ++specifies a version number of this License which applies to it and "any ++later version", you have the option of following the terms and conditions ++either of that version or of any later version published by the Free ++Software Foundation. If the Program does not specify a version number of ++this License, you may choose any version ever published by the Free Software ++Foundation. ++ ++ 10. If you wish to incorporate parts of the Program into other free ++programs whose distribution conditions are different, write to the author ++to ask for permission. For software which is copyrighted by the Free ++Software Foundation, write to the Free Software Foundation; we sometimes ++make exceptions for this. Our decision will be guided by the two goals ++of preserving the free status of all derivatives of our free software and ++of promoting the sharing and reuse of software generally. ++ ++ NO WARRANTY ++ ++ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY ++FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN ++OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES ++PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED ++OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ++MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS ++TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE ++PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, ++REPAIR OR CORRECTION. ++ ++ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING ++WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR ++REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, ++INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING ++OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED ++TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY ++YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER ++PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE ++POSSIBILITY OF SUCH DAMAGES. ++ ++ END OF TERMS AND CONDITIONS ++ ++ How to Apply These Terms to Your New Programs ++ ++ If you develop a new program, and you want it to be of the greatest ++possible use to the public, the best way to achieve this is to make it ++free software which everyone can redistribute and change under these terms. ++ ++ To do so, attach the following notices to the program. It is safest ++to attach them to the start of each source file to most effectively ++convey the exclusion of warranty; and each file should have at least ++the "copyright" line and a pointer to where the full notice is found. ++ ++ ++ Copyright (C) ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License along ++ with this program; if not, write to the Free Software Foundation, Inc., ++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ ++Also add information on how to contact you by electronic and paper mail. ++ ++If the program is interactive, make it output a short notice like this ++when it starts in an interactive mode: ++ ++ Gnomovision version 69, Copyright (C) year name of author ++ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. ++ This is free software, and you are welcome to redistribute it ++ under certain conditions; type `show c' for details. ++ ++The hypothetical commands `show w' and `show c' should show the appropriate ++parts of the General Public License. Of course, the commands you use may ++be called something other than `show w' and `show c'; they could even be ++mouse-clicks or menu items--whatever suits your program. ++ ++You should also get your employer (if you work as a programmer) or your ++school, if any, to sign a "copyright disclaimer" for the program, if ++necessary. Here is a sample; alter the names: ++ ++ Yoyodyne, Inc., hereby disclaims all copyright interest in the program ++ `Gnomovision' (which makes passes at compilers) written by James Hacker. ++ ++ , 1 April 1989 ++ Ty Coon, President of Vice ++ ++This General Public License does not permit incorporating your program into ++proprietary programs. If your program is a subroutine library, you may ++consider it more useful to permit linking proprietary applications with the ++library. If this is what you want to do, use the GNU Lesser General ++Public License instead of this License. +diff --git a/grub-core/lib/libgcrypt/COPYING.LIB b/grub-core/lib/libgcrypt/COPYING.LIB +new file mode 100644 +index 0000000..4362b49 +--- /dev/null ++++ b/grub-core/lib/libgcrypt/COPYING.LIB +@@ -0,0 +1,502 @@ ++ GNU LESSER GENERAL PUBLIC LICENSE ++ Version 2.1, February 1999 ++ ++ Copyright (C) 1991, 1999 Free Software Foundation, Inc. ++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ Everyone is permitted to copy and distribute verbatim copies ++ of this license document, but changing it is not allowed. ++ ++[This is the first released version of the Lesser GPL. It also counts ++ as the successor of the GNU Library Public License, version 2, hence ++ the version number 2.1.] ++ ++ Preamble ++ ++ The licenses for most software are designed to take away your ++freedom to share and change it. By contrast, the GNU General Public ++Licenses are intended to guarantee your freedom to share and change ++free software--to make sure the software is free for all its users. ++ ++ This license, the Lesser General Public License, applies to some ++specially designated software packages--typically libraries--of the ++Free Software Foundation and other authors who decide to use it. You ++can use it too, but we suggest you first think carefully about whether ++this license or the ordinary General Public License is the better ++strategy to use in any particular case, based on the explanations below. ++ ++ When we speak of free software, we are referring to freedom of use, ++not price. Our General Public Licenses are designed to make sure that ++you have the freedom to distribute copies of free software (and charge ++for this service if you wish); that you receive source code or can get ++it if you want it; that you can change the software and use pieces of ++it in new free programs; and that you are informed that you can do ++these things. ++ ++ To protect your rights, we need to make restrictions that forbid ++distributors to deny you these rights or to ask you to surrender these ++rights. These restrictions translate to certain responsibilities for ++you if you distribute copies of the library or if you modify it. ++ ++ For example, if you distribute copies of the library, whether gratis ++or for a fee, you must give the recipients all the rights that we gave ++you. You must make sure that they, too, receive or can get the source ++code. If you link other code with the library, you must provide ++complete object files to the recipients, so that they can relink them ++with the library after making changes to the library and recompiling ++it. And you must show them these terms so they know their rights. ++ ++ We protect your rights with a two-step method: (1) we copyright the ++library, and (2) we offer you this license, which gives you legal ++permission to copy, distribute and/or modify the library. ++ ++ To protect each distributor, we want to make it very clear that ++there is no warranty for the free library. Also, if the library is ++modified by someone else and passed on, the recipients should know ++that what they have is not the original version, so that the original ++author's reputation will not be affected by problems that might be ++introduced by others. ++ ++ Finally, software patents pose a constant threat to the existence of ++any free program. We wish to make sure that a company cannot ++effectively restrict the users of a free program by obtaining a ++restrictive license from a patent holder. Therefore, we insist that ++any patent license obtained for a version of the library must be ++consistent with the full freedom of use specified in this license. ++ ++ Most GNU software, including some libraries, is covered by the ++ordinary GNU General Public License. This license, the GNU Lesser ++General Public License, applies to certain designated libraries, and ++is quite different from the ordinary General Public License. We use ++this license for certain libraries in order to permit linking those ++libraries into non-free programs. ++ ++ When a program is linked with a library, whether statically or using ++a shared library, the combination of the two is legally speaking a ++combined work, a derivative of the original library. The ordinary ++General Public License therefore permits such linking only if the ++entire combination fits its criteria of freedom. The Lesser General ++Public License permits more lax criteria for linking other code with ++the library. ++ ++ We call this license the "Lesser" General Public License because it ++does Less to protect the user's freedom than the ordinary General ++Public License. It also provides other free software developers Less ++of an advantage over competing non-free programs. These disadvantages ++are the reason we use the ordinary General Public License for many ++libraries. However, the Lesser license provides advantages in certain ++special circumstances. ++ ++ For example, on rare occasions, there may be a special need to ++encourage the widest possible use of a certain library, so that it becomes ++a de-facto standard. To achieve this, non-free programs must be ++allowed to use the library. A more frequent case is that a free ++library does the same job as widely used non-free libraries. In this ++case, there is little to gain by limiting the free library to free ++software only, so we use the Lesser General Public License. ++ ++ In other cases, permission to use a particular library in non-free ++programs enables a greater number of people to use a large body of ++free software. For example, permission to use the GNU C Library in ++non-free programs enables many more people to use the whole GNU ++operating system, as well as its variant, the GNU/Linux operating ++system. ++ ++ Although the Lesser General Public License is Less protective of the ++users' freedom, it does ensure that the user of a program that is ++linked with the Library has the freedom and the wherewithal to run ++that program using a modified version of the Library. ++ ++ The precise terms and conditions for copying, distribution and ++modification follow. Pay close attention to the difference between a ++"work based on the library" and a "work that uses the library". The ++former contains code derived from the library, whereas the latter must ++be combined with the library in order to run. ++ ++ GNU LESSER GENERAL PUBLIC LICENSE ++ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION ++ ++ 0. This License Agreement applies to any software library or other ++program which contains a notice placed by the copyright holder or ++other authorized party saying it may be distributed under the terms of ++this Lesser General Public License (also called "this License"). ++Each licensee is addressed as "you". ++ ++ A "library" means a collection of software functions and/or data ++prepared so as to be conveniently linked with application programs ++(which use some of those functions and data) to form executables. ++ ++ The "Library", below, refers to any such software library or work ++which has been distributed under these terms. A "work based on the ++Library" means either the Library or any derivative work under ++copyright law: that is to say, a work containing the Library or a ++portion of it, either verbatim or with modifications and/or translated ++straightforwardly into another language. (Hereinafter, translation is ++included without limitation in the term "modification".) ++ ++ "Source code" for a work means the preferred form of the work for ++making modifications to it. For a library, complete source code means ++all the source code for all modules it contains, plus any associated ++interface definition files, plus the scripts used to control compilation ++and installation of the library. ++ ++ Activities other than copying, distribution and modification are not ++covered by this License; they are outside its scope. The act of ++running a program using the Library is not restricted, and output from ++such a program is covered only if its contents constitute a work based ++on the Library (independent of the use of the Library in a tool for ++writing it). Whether that is true depends on what the Library does ++and what the program that uses the Library does. ++ ++ 1. You may copy and distribute verbatim copies of the Library's ++complete source code as you receive it, in any medium, provided that ++you conspicuously and appropriately publish on each copy an ++appropriate copyright notice and disclaimer of warranty; keep intact ++all the notices that refer to this License and to the absence of any ++warranty; and distribute a copy of this License along with the ++Library. ++ ++ You may charge a fee for the physical act of transferring a copy, ++and you may at your option offer warranty protection in exchange for a ++fee. ++ ++ 2. You may modify your copy or copies of the Library or any portion ++of it, thus forming a work based on the Library, and copy and ++distribute such modifications or work under the terms of Section 1 ++above, provided that you also meet all of these conditions: ++ ++ a) The modified work must itself be a software library. ++ ++ b) You must cause the files modified to carry prominent notices ++ stating that you changed the files and the date of any change. ++ ++ c) You must cause the whole of the work to be licensed at no ++ charge to all third parties under the terms of this License. ++ ++ d) If a facility in the modified Library refers to a function or a ++ table of data to be supplied by an application program that uses ++ the facility, other than as an argument passed when the facility ++ is invoked, then you must make a good faith effort to ensure that, ++ in the event an application does not supply such function or ++ table, the facility still operates, and performs whatever part of ++ its purpose remains meaningful. ++ ++ (For example, a function in a library to compute square roots has ++ a purpose that is entirely well-defined independent of the ++ application. Therefore, Subsection 2d requires that any ++ application-supplied function or table used by this function must ++ be optional: if the application does not supply it, the square ++ root function must still compute square roots.) ++ ++These requirements apply to the modified work as a whole. If ++identifiable sections of that work are not derived from the Library, ++and can be reasonably considered independent and separate works in ++themselves, then this License, and its terms, do not apply to those ++sections when you distribute them as separate works. But when you ++distribute the same sections as part of a whole which is a work based ++on the Library, the distribution of the whole must be on the terms of ++this License, whose permissions for other licensees extend to the ++entire whole, and thus to each and every part regardless of who wrote ++it. ++ ++Thus, it is not the intent of this section to claim rights or contest ++your rights to work written entirely by you; rather, the intent is to ++exercise the right to control the distribution of derivative or ++collective works based on the Library. ++ ++In addition, mere aggregation of another work not based on the Library ++with the Library (or with a work based on the Library) on a volume of ++a storage or distribution medium does not bring the other work under ++the scope of this License. ++ ++ 3. You may opt to apply the terms of the ordinary GNU General Public ++License instead of this License to a given copy of the Library. To do ++this, you must alter all the notices that refer to this License, so ++that they refer to the ordinary GNU General Public License, version 2, ++instead of to this License. (If a newer version than version 2 of the ++ordinary GNU General Public License has appeared, then you can specify ++that version instead if you wish.) Do not make any other change in ++these notices. ++ ++ Once this change is made in a given copy, it is irreversible for ++that copy, so the ordinary GNU General Public License applies to all ++subsequent copies and derivative works made from that copy. ++ ++ This option is useful when you wish to copy part of the code of ++the Library into a program that is not a library. ++ ++ 4. You may copy and distribute the Library (or a portion or ++derivative of it, under Section 2) in object code or executable form ++under the terms of Sections 1 and 2 above provided that you accompany ++it with the complete corresponding machine-readable source code, which ++must be distributed under the terms of Sections 1 and 2 above on a ++medium customarily used for software interchange. ++ ++ If distribution of object code is made by offering access to copy ++from a designated place, then offering equivalent access to copy the ++source code from the same place satisfies the requirement to ++distribute the source code, even though third parties are not ++compelled to copy the source along with the object code. ++ ++ 5. A program that contains no derivative of any portion of the ++Library, but is designed to work with the Library by being compiled or ++linked with it, is called a "work that uses the Library". Such a ++work, in isolation, is not a derivative work of the Library, and ++therefore falls outside the scope of this License. ++ ++ However, linking a "work that uses the Library" with the Library ++creates an executable that is a derivative of the Library (because it ++contains portions of the Library), rather than a "work that uses the ++library". The executable is therefore covered by this License. ++Section 6 states terms for distribution of such executables. ++ ++ When a "work that uses the Library" uses material from a header file ++that is part of the Library, the object code for the work may be a ++derivative work of the Library even though the source code is not. ++Whether this is true is especially significant if the work can be ++linked without the Library, or if the work is itself a library. The ++threshold for this to be true is not precisely defined by law. ++ ++ If such an object file uses only numerical parameters, data ++structure layouts and accessors, and small macros and small inline ++functions (ten lines or less in length), then the use of the object ++file is unrestricted, regardless of whether it is legally a derivative ++work. (Executables containing this object code plus portions of the ++Library will still fall under Section 6.) ++ ++ Otherwise, if the work is a derivative of the Library, you may ++distribute the object code for the work under the terms of Section 6. ++Any executables containing that work also fall under Section 6, ++whether or not they are linked directly with the Library itself. ++ ++ 6. As an exception to the Sections above, you may also combine or ++link a "work that uses the Library" with the Library to produce a ++work containing portions of the Library, and distribute that work ++under terms of your choice, provided that the terms permit ++modification of the work for the customer's own use and reverse ++engineering for debugging such modifications. ++ ++ You must give prominent notice with each copy of the work that the ++Library is used in it and that the Library and its use are covered by ++this License. You must supply a copy of this License. If the work ++during execution displays copyright notices, you must include the ++copyright notice for the Library among them, as well as a reference ++directing the user to the copy of this License. Also, you must do one ++of these things: ++ ++ a) Accompany the work with the complete corresponding ++ machine-readable source code for the Library including whatever ++ changes were used in the work (which must be distributed under ++ Sections 1 and 2 above); and, if the work is an executable linked ++ with the Library, with the complete machine-readable "work that ++ uses the Library", as object code and/or source code, so that the ++ user can modify the Library and then relink to produce a modified ++ executable containing the modified Library. (It is understood ++ that the user who changes the contents of definitions files in the ++ Library will not necessarily be able to recompile the application ++ to use the modified definitions.) ++ ++ b) Use a suitable shared library mechanism for linking with the ++ Library. A suitable mechanism is one that (1) uses at run time a ++ copy of the library already present on the user's computer system, ++ rather than copying library functions into the executable, and (2) ++ will operate properly with a modified version of the library, if ++ the user installs one, as long as the modified version is ++ interface-compatible with the version that the work was made with. ++ ++ c) Accompany the work with a written offer, valid for at ++ least three years, to give the same user the materials ++ specified in Subsection 6a, above, for a charge no more ++ than the cost of performing this distribution. ++ ++ d) If distribution of the work is made by offering access to copy ++ from a designated place, offer equivalent access to copy the above ++ specified materials from the same place. ++ ++ e) Verify that the user has already received a copy of these ++ materials or that you have already sent this user a copy. ++ ++ For an executable, the required form of the "work that uses the ++Library" must include any data and utility programs needed for ++reproducing the executable from it. However, as a special exception, ++the materials to be distributed need not include anything that is ++normally distributed (in either source or binary form) with the major ++components (compiler, kernel, and so on) of the operating system on ++which the executable runs, unless that component itself accompanies ++the executable. ++ ++ It may happen that this requirement contradicts the license ++restrictions of other proprietary libraries that do not normally ++accompany the operating system. Such a contradiction means you cannot ++use both them and the Library together in an executable that you ++distribute. ++ ++ 7. You may place library facilities that are a work based on the ++Library side-by-side in a single library together with other library ++facilities not covered by this License, and distribute such a combined ++library, provided that the separate distribution of the work based on ++the Library and of the other library facilities is otherwise ++permitted, and provided that you do these two things: ++ ++ a) Accompany the combined library with a copy of the same work ++ based on the Library, uncombined with any other library ++ facilities. This must be distributed under the terms of the ++ Sections above. ++ ++ b) Give prominent notice with the combined library of the fact ++ that part of it is a work based on the Library, and explaining ++ where to find the accompanying uncombined form of the same work. ++ ++ 8. You may not copy, modify, sublicense, link with, or distribute ++the Library except as expressly provided under this License. Any ++attempt otherwise to copy, modify, sublicense, link with, or ++distribute the Library is void, and will automatically terminate your ++rights under this License. However, parties who have received copies, ++or rights, from you under this License will not have their licenses ++terminated so long as such parties remain in full compliance. ++ ++ 9. You are not required to accept this License, since you have not ++signed it. However, nothing else grants you permission to modify or ++distribute the Library or its derivative works. These actions are ++prohibited by law if you do not accept this License. Therefore, by ++modifying or distributing the Library (or any work based on the ++Library), you indicate your acceptance of this License to do so, and ++all its terms and conditions for copying, distributing or modifying ++the Library or works based on it. ++ ++ 10. Each time you redistribute the Library (or any work based on the ++Library), the recipient automatically receives a license from the ++original licensor to copy, distribute, link with or modify the Library ++subject to these terms and conditions. You may not impose any further ++restrictions on the recipients' exercise of the rights granted herein. ++You are not responsible for enforcing compliance by third parties with ++this License. ++ ++ 11. If, as a consequence of a court judgment or allegation of patent ++infringement or for any other reason (not limited to patent issues), ++conditions are imposed on you (whether by court order, agreement or ++otherwise) that contradict the conditions of this License, they do not ++excuse you from the conditions of this License. If you cannot ++distribute so as to satisfy simultaneously your obligations under this ++License and any other pertinent obligations, then as a consequence you ++may not distribute the Library at all. For example, if a patent ++license would not permit royalty-free redistribution of the Library by ++all those who receive copies directly or indirectly through you, then ++the only way you could satisfy both it and this License would be to ++refrain entirely from distribution of the Library. ++ ++If any portion of this section is held invalid or unenforceable under any ++particular circumstance, the balance of the section is intended to apply, ++and the section as a whole is intended to apply in other circumstances. ++ ++It is not the purpose of this section to induce you to infringe any ++patents or other property right claims or to contest validity of any ++such claims; this section has the sole purpose of protecting the ++integrity of the free software distribution system which is ++implemented by public license practices. Many people have made ++generous contributions to the wide range of software distributed ++through that system in reliance on consistent application of that ++system; it is up to the author/donor to decide if he or she is willing ++to distribute software through any other system and a licensee cannot ++impose that choice. ++ ++This section is intended to make thoroughly clear what is believed to ++be a consequence of the rest of this License. ++ ++ 12. If the distribution and/or use of the Library is restricted in ++certain countries either by patents or by copyrighted interfaces, the ++original copyright holder who places the Library under this License may add ++an explicit geographical distribution limitation excluding those countries, ++so that distribution is permitted only in or among countries not thus ++excluded. In such case, this License incorporates the limitation as if ++written in the body of this License. ++ ++ 13. The Free Software Foundation may publish revised and/or new ++versions of the Lesser General Public License from time to time. ++Such new versions will be similar in spirit to the present version, ++but may differ in detail to address new problems or concerns. ++ ++Each version is given a distinguishing version number. If the Library ++specifies a version number of this License which applies to it and ++"any later version", you have the option of following the terms and ++conditions either of that version or of any later version published by ++the Free Software Foundation. If the Library does not specify a ++license version number, you may choose any version ever published by ++the Free Software Foundation. ++ ++ 14. If you wish to incorporate parts of the Library into other free ++programs whose distribution conditions are incompatible with these, ++write to the author to ask for permission. For software which is ++copyrighted by the Free Software Foundation, write to the Free ++Software Foundation; we sometimes make exceptions for this. Our ++decision will be guided by the two goals of preserving the free status ++of all derivatives of our free software and of promoting the sharing ++and reuse of software generally. ++ ++ NO WARRANTY ++ ++ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO ++WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. ++EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR ++OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY ++KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE ++IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE ++LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME ++THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. ++ ++ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN ++WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY ++AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU ++FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR ++CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE ++LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING ++RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A ++FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF ++SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH ++DAMAGES. ++ ++ END OF TERMS AND CONDITIONS ++ ++ How to Apply These Terms to Your New Libraries ++ ++ If you develop a new library, and you want it to be of the greatest ++possible use to the public, we recommend making it free software that ++everyone can redistribute and change. You can do so by permitting ++redistribution under these terms (or, alternatively, under the terms of the ++ordinary General Public License). ++ ++ To apply these terms, attach the following notices to the library. It is ++safest to attach them to the start of each source file to most effectively ++convey the exclusion of warranty; and each file should have at least the ++"copyright" line and a pointer to where the full notice is found. ++ ++ ++ Copyright (C) ++ ++ This library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ This library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with this library; if not, write to the Free Software ++ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ ++Also add information on how to contact you by electronic and paper mail. ++ ++You should also get your employer (if you work as a programmer) or your ++school, if any, to sign a "copyright disclaimer" for the library, if ++necessary. Here is a sample; alter the names: ++ ++ Yoyodyne, Inc., hereby disclaims all copyright interest in the ++ library `Frob' (a library for tweaking knobs) written by James Random Hacker. ++ ++ , 1 April 1990 ++ Ty Coon, President of Vice ++ ++That's all there is to it! +diff --git a/grub-core/lib/libgcrypt/LICENSES b/grub-core/lib/libgcrypt/LICENSES +new file mode 100644 +index 0000000..c2fea82 +--- /dev/null ++++ b/grub-core/lib/libgcrypt/LICENSES +@@ -0,0 +1,319 @@ ++Additional license notices for Libgcrypt. -*- org -*- ++ ++This file contains the copying permission notices for various files in ++the Libgcrypt distribution which are not covered by the GNU Lesser ++General Public License (LGPL) or the GNU General Public License (GPL). ++ ++These notices all require that a copy of the notice be included ++in the accompanying documentation and be distributed with binary ++distributions of the code, so be sure to include this file along ++with any binary distributions derived from the GNU C Library. ++ ++* BSD_3Clause ++ ++ For files: ++ - cipher/sha256-avx-amd64.S ++ - cipher/sha256-avx2-bmi2-amd64.S ++ - cipher/sha256-ssse3-amd64.S ++ - cipher/sha512-avx-amd64.S ++ - cipher/sha512-avx2-bmi2-amd64.S ++ - cipher/sha512-ssse3-amd64.S ++ - cipher/sha512-ssse3-i386.c ++ - cipher/sha512-avx512-amd64.S ++ ++#+begin_quote ++ Copyright (c) 2012, Intel Corporation ++ ++ All rights reserved. ++ ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions are ++ met: ++ ++ * Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++ ++ * Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the ++ distribution. ++ ++ * Neither the name of the Intel Corporation nor the names of its ++ contributors may be used to endorse or promote products derived from ++ this software without specific prior written permission. ++ ++ ++ THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY ++ EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR ++ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, ++ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ++ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR ++ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF ++ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING ++ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS ++ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++#+end_quote ++ ++ For files: ++ - cipher/poly1305-amd64-avx512.S ++ ++#+begin_quote ++ Copyright (c) 2021-2022, Intel Corporation ++ ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions are met: ++ ++ * Redistributions of source code must retain the above copyright notice, ++ this list of conditions and the following disclaimer. ++ * Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ * Neither the name of Intel Corporation nor the names of its contributors ++ may be used to endorse or promote products derived from this software ++ without specific prior written permission. ++ ++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" ++ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE ++ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER ++ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ++ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++#+end_quote ++ ++ For files: ++ - random/jitterentropy-base.c ++ - random/jitterentropy-gcd.c ++ - random/jitterentropy-gcd.h ++ - random/jitterentropy-health.c ++ - random/jitterentropy-health.h ++ - random/jitterentropy-noise.c ++ - random/jitterentropy-noise.h ++ - random/jitterentropy-sha3.c ++ - random/jitterentropy-sha3.h ++ - random/jitterentropy-timer.c ++ - random/jitterentropy-timer.h ++ - random/jitterentropy.h ++ - random/rndjent.c (plus common Libgcrypt copyright holders) ++ ++#+begin_quote ++ Copyright (C) 2017 - 2021, Stephan Mueller ++ ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions ++ are met: ++ 1. Redistributions of source code must retain the above copyright ++ notice, and the entire permission notice in its entirety, ++ including the disclaimer of warranties. ++ 2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ 3. The name of the author may not be used to endorse or promote ++ products derived from this software without specific prior ++ written permission. ++ ++ ALTERNATIVELY, this product may be distributed under the terms of ++ the GNU General Public License, in which case the provisions of the GPL2 ++ are required INSTEAD OF the above restrictions. (This clause is ++ necessary due to a potential bad interaction between the GPL and ++ the restrictions contained in a BSD-style copyright.) ++ ++ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF ++ WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE ++ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ++ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT ++ OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR ++ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF ++ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE ++ USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH ++ DAMAGE. ++#+end_quote ++ ++ For files: ++ - cipher/cipher-gcm-ppc.c ++ - cipher/keccak-amd64-avx512.S ++ ++#+begin_quote ++ Copyright (c) 2006, CRYPTOGAMS by ++ All rights reserved. ++ ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions ++ are met: ++ ++ * Redistributions of source code must retain copyright notices, ++ this list of conditions and the following disclaimer. ++ ++ * Redistributions in binary form must reproduce the above ++ copyright notice, this list of conditions and the following ++ disclaimer in the documentation and/or other materials ++ provided with the distribution. ++ ++ * Neither the name of the CRYPTOGAMS nor the names of its ++ copyright holder and contributors may be used to endorse or ++ promote products derived from this software without specific ++ prior written permission. ++ ++ ALTERNATIVELY, provided that this notice is retained in full, this ++ product may be distributed under the terms of the GNU General Public ++ License (GPL), in which case the provisions of the GPL apply INSTEAD OF ++ those given above. ++ ++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS ++ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++#+end_quote ++ ++* X License ++ ++ For files: ++ - install.sh ++ ++#+begin_quote ++ Copyright (C) 1994 X Consortium ++ ++ Permission is hereby granted, free of charge, to any person obtaining a copy ++ of this software and associated documentation files (the "Software"), to ++ deal in the Software without restriction, including without limitation the ++ rights to use, copy, modify, merge, publish, distribute, sublicense, and/or ++ sell copies of the Software, and to permit persons to whom the Software is ++ furnished to do so, subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be included in ++ all copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN ++ AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- ++ TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++ ++ Except as contained in this notice, the name of the X Consortium shall not ++ be used in advertising or otherwise to promote the sale, use or other deal- ++ ings in this Software without prior written authorization from the X Consor- ++ tium. ++#+end_quote ++ ++* Public domain ++ ++ For files: ++ - cipher/arcfour-amd64.S ++ ++#+begin_quote ++ Author: Marc Bevand ++ Licence: I hereby disclaim the copyright on this code and place it ++ in the public domain. ++#+end_quote ++ ++* OCB license 1 ++ ++ For files: ++ - cipher/cipher-ocb.c ++ ++#+begin_quote ++ OCB is covered by several patents but may be used freely by most ++ software. See http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm . ++ In particular license 1 is suitable for Libgcrypt: See ++ http://web.cs.ucdavis.edu/~rogaway/ocb/license1.pdf for the full ++ license document; it basically says: ++ ++ License 1 — License for Open-Source Software Implementations of OCB ++ (Jan 9, 2013) ++ ++ Under this license, you are authorized to make, use, and ++ distribute open-source software implementations of OCB. This ++ license terminates for you if you sue someone over their ++ open-source software implementation of OCB claiming that you have ++ a patent covering their implementation. ++ ++ ++ ++ License for Open Source Software Implementations of OCB ++ January 9, 2013 ++ ++ 1 Definitions ++ ++ 1.1 “Licensor†means Phillip Rogaway. ++ ++ 1.2 “Licensed Patents†means any patent that claims priority to United ++ States Patent Application No. 09/918,615 entitled “Method and Apparatus ++ for Facilitating Efficient Authenticated Encryption,†and any utility, ++ divisional, provisional, continuation, continuations-in-part, reexamination, ++ reissue, or foreign counterpart patents that may issue with respect to the ++ aforesaid patent application. This includes, but is not limited to, United ++ States Patent No. 7,046,802; United States Patent No. 7,200,227; United ++ States Patent No. 7,949,129; United States Patent No. 8,321,675 ; and any ++ patent that issues out of United States Patent Application No. 13/669,114. ++ ++ 1.3 “Use†means any practice of any invention claimed in the Licensed Patents. ++ ++ 1.4 “Software Implementation†means any practice of any invention ++ claimed in the Licensed Patents that takes the form of software executing on ++ a user-programmable, general-purpose computer or that takes the form of a ++ computer-readable medium storing such software. Software Implementation does ++ not include, for example, application-specific integrated circuits (ASICs), ++ field-programmable gate arrays (FPGAs), embedded systems, or IP cores. ++ ++ 1.5 “Open Source Software†means software whose source code is published ++ and made available for inspection and use by anyone because either (a) the ++ source code is subject to a license that permits recipients to copy, modify, ++ and distribute the source code without payment of fees or royalties, or ++ (b) the source code is in the public domain, including code released for ++ public use through a CC0 waiver. All licenses certified by the Open Source ++ Initiative at opensource.org as of January 9, 2013 and all Creative Commons ++ licenses identified on the creativecommons.org website as of January 9, ++ 2013, including the Public License Fallback of the CC0 waiver, satisfy these ++ requirements for the purposes of this license. ++ ++ 1.6 “Open Source Software Implementation†means a Software ++ Implementation in which the software implicating the Licensed Patents is ++ Open Source Software. Open Source Software Implementation does not include ++ any Software Implementation in which the software implicating the Licensed ++ Patents is combined, so as to form a larger program, with software that is ++ not Open Source Software. ++ ++ 2 License Grant ++ ++ 2.1 License. Subject to your compliance with the term s of this license, ++ including the restriction set forth in Section 2.2, Licensor hereby ++ grants to you a perpetual, worldwide, non-exclusive, non-transferable, ++ non-sublicenseable, no-charge, royalty-free, irrevocable license to practice ++ any invention claimed in the Licensed Patents in any Open Source Software ++ Implementation. ++ ++ 2.2 Restriction. If you or your affiliates institute patent litigation ++ (including, but not limited to, a cross-claim or counterclaim in a lawsuit) ++ against any entity alleging that any Use authorized by this license ++ infringes another patent, then any rights granted to you under this license ++ automatically terminate as of the date such litigation is filed. ++ ++ 3 Disclaimer ++ YOUR USE OF THE LICENSED PATENTS IS AT YOUR OWN RISK AND UNLESS REQUIRED ++ BY APPLICABLE LAW, LICENSOR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY ++ KIND CONCERNING THE LICENSED PATENTS OR ANY PRODUCT EMBODYING ANY LICENSED ++ PATENT, EXPRESS OR IMPLIED, STATUT ORY OR OTHERWISE, INCLUDING, WITHOUT ++ LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR ++ PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL LICENSOR BE LIABLE FOR ANY ++ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, ++ ARISING FROM OR RELATED TO ANY USE OF THE LICENSED PATENTS, INCLUDING, ++ WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE ++ OR SPECIAL DAMAGES, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF ++ SUCH DAMAGES PRIOR TO SUCH AN OCCURRENCE. ++#+end_quote +diff --git a/grub-core/lib/libgcrypt/README b/grub-core/lib/libgcrypt/README +new file mode 100644 +index 0000000..7733dbd +--- /dev/null ++++ b/grub-core/lib/libgcrypt/README +@@ -0,0 +1,278 @@ ++ Libgcrypt - The GNU Crypto Library ++ ------------------------------------ ++ Version 1.11 ++ ++ Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. ++ Copyright (C) 2012-2024 g10 Code GmbH ++ Copyright (C) 2013-2024 Jussi Kivilinna ++ ++ Libgcrypt is free software. See the file AUTHORS for full copying ++ notices, and LICENSES for notices about contributions that require ++ these additional notices to be distributed. ++ ++ ++ Overview ++ -------- ++ ++ Libgcrypt is a general purpose crypto library based on the code ++ used in GnuPG. Libgcrypt depends on the library `libgpg-error', ++ which must be installed correctly before Libgcrypt is to be built. ++ Libgcrypt is distributed under the LGPL, see the section "License" ++ below for details. ++ ++ ++ Build Instructions ++ ------------------ ++ ++ The download canonical location for libgcrypt is: ++ ++ https://gnupg.org/ftp/gcrypt/libgcrypt/ ++ ++ To build libgcrypt you need libgpg-error: ++ ++ https://gnupg.org/ftp/gcrypt/libgpg-error/ ++ ++ You should get the latest versions of course. ++ ++ After building and installing the libgpg-error package, you may ++ continue with Libgcrypt installation as with allmost all GNU ++ packages, you just have to do ++ ++ ./configure ++ make ++ make check ++ make install ++ ++ The "make check" is not required but a good idea to see whether ++ the library works as expected. The check takes some while and ++ prints some benchmarking results. Before doing "make install" you ++ probably need to become root. ++ ++ To build libgcrypt for Microsoft Windows, you need to have the ++ mingw32 cross-building toolchain installed. Instead of running a ++ plain configure you use ++ ++ ./autogen.sh --build-w32 ++ make ++ make install ++ ++ By default this command sequences expectsd a libgpg-error ++ installed below $HOME/w32root and installs libgcrypt to that ++ directory too. See the autogen.sh code for details. ++ ++ The documentation is available as an Info file (gcrypt.info). To ++ build documentation in PDF, run this: ++ ++ cd doc ++ make pdf ++ ++ ++ ++ Mailing List ++ ------------ ++ ++ You may want to join the developer's mailing list ++ gcrypt-devel@gnupg.org by sending mail with a subject of ++ "subscribe" to gcrypt-devel-request@gnupg.org. An archive of this ++ list is available at https://lists.gnupg.org . ++ ++ ++ Configure options ++ ----------------- ++ Here is a list of configure options which are sometimes useful ++ for installation. ++ ++ --enable-large-data-tests ++ With this option a "make check" will take really ++ long due to extra checks for the hash algorithms. ++ ++ --disable-asm ++ Do not use assembler modules. It is not possible ++ to use this on some CPU types. ++ ++ --enable-ld-version-script ++ Libgcrypt tries to build a library where internal ++ symbols are not exported. This requires support ++ from ld and is currently enabled for a few OSes. ++ If you know that your ld supports the so called ++ ELF version scripts, you can use this option to ++ force its use. OTOH, if you get error message ++ from the linker, you probably want to use this ++ option to disable the use of version scripts. ++ Note, that you should never ever use an ++ undocumented symbol or one which is prefixed with ++ an underscore. ++ ++ --enable-ciphers=list ++ --enable-pubkey-ciphers=list ++ --enable-digests=list ++ If not otherwise specified, all algorithms ++ included in the libgcrypt source tree are built. ++ An exception are algorithms, which depend on ++ features not provided by the system, like 64bit ++ data types. With these switches it is possible ++ to select exactly those algorithm modules, which ++ should be built. The algorithms are to be ++ separated by spaces, commas or colons. To view ++ the list used with the current build the program ++ tests/version may be used. ++ ++ --disable-endian-check ++ Don't let configure test for the endianness but ++ try to use the OS provided macros at compile ++ time. This is helpful to create OS X fat binaries. ++ ++ --enable-random-daemon ++ Include support for a global random daemon and ++ build the daemon. This is an experimental feature. ++ ++ --enable-mpi-path=EXTRA_PATH ++ Prepend EXTRA_PATH to list of CPU specific ++ optimizations. For example, if you want to add ++ optimizations forn a Intel Pentium 4 compatible ++ CPU, you may use ++ --enable-mpi-path=pentium4/sse2:pentium4/mmx ++ Take care: The generated library may crash on ++ non-compatible CPUs. ++ ++ --enable-random=NAME ++ Force the use of the random gathering module ++ NAME. Default is either to use /dev/random or ++ the auto mode. Possible values for NAME are: ++ egd - Use the module which accesses the ++ Entropy Gathering Daemon. See the webpages ++ for more information about it. ++ unix - Use the standard Unix module which does not ++ have a very good performance. ++ linux - Use the module which accesses /dev/random. ++ This is the first choice and the default one ++ for GNU/Linux or *BSD. ++ auto - Compile linux, egd and unix in and ++ automagically select at runtime. ++ ++ --enable-hmac-binary-check ++ Include support to check the binary at runtime ++ against a HMAC checksum. This works only in FIPS ++ mode on systems providing the dladdr function and using ++ the ELF binary format. ++ ++ --with-fips-module-version=version ++ Specify a string used as a module version for FIPS ++ certification purposes. ++ ++ --disable-padlock-support ++ Disable support for the PadLock engine of VIA ++ processors. The default is to use PadLock if ++ available. Try this if you get problems with ++ assembler code. ++ ++ --disable-aesni-support ++ Disable support for the AES-NI instructions of ++ newer Intel CPUs. The default is to use AES-NI ++ if available. Try this if you get problems with ++ assembler code. ++ ++ --disable-O-flag-munging ++ Some code is too complex for some compilers while ++ in higher optimization modes, thus the compiler ++ invocation is modified to use a lower ++ optimization level. Usually this works very well ++ but on some platforms these rules break the ++ invocation. This option may be used to disable ++ the feature under the assumption that either good ++ CFLAGS are given or the compiler can grok the code. ++ ++ ++ ++ ++ Build Problems ++ -------------- ++ ++ If you have a problem with a a certain release, please first check ++ the Release-info URL given in the NEWS file. ++ ++ We can't check all assembler files, so if you have problems ++ assembling them (or the program crashes) use --disable-asm with ++ ./configure. If you opt to delete individual replacement files in ++ hopes of using the remaining ones, be aware that the configure ++ scripts may consider several subdirectories to get all available ++ assembler files; be sure to delete the correct ones. Never delete ++ udiv-qrnnd.S in any CPU directory, because there may be no C ++ substitute (in mpi/genereic). Don't forget to delete ++ "config.cache" and run "./config.status --recheck". We got a few ++ reports about problems using versions of gcc earlier than 2.96 ++ along with a non-GNU assembler (as). If this applies to your ++ platform, you can either upgrade gcc to a more recent version, or ++ use the GNU assembler. ++ ++ Some make tools are broken - the best solution is to use GNU's ++ make. Try gmake or grab the sources from a GNU archive and ++ install them. ++ ++ Specific problems on some machines: ++ ++ * AArch64 (GCC 11.1 and 11.2) ++ ++ Because of the bug in GCC (fixed in 11.3), with the option ++ -O3, vectorization results wrong code for the function ++ buf_eq_const. Please use -O2 or -fno-tree-loop-vectorize. ++ ++ * IBM RS/6000 running AIX ++ ++ Due to a change in gcc (since version 2.8) the MPI stuff may ++ not build. In this case try to run configure using: ++ CFLAGS="-g -O2 -mcpu=powerpc" ./configure ++ ++ * SVR4.2 (ESIX V4.2 cc) ++ ++ Due to problems with the ESIX as(1), you probably want to do: ++ CFLAGS="-O -K pentium" ./configure --disable-asm ++ ++ * SunOS 4.1.4 ++ ++ ./configure ac_cv_sys_symbol_underscore=yes ++ ++ * Sparc64 CPUs ++ ++ We have reports about failures in the AES module when ++ compiling using gcc (e.g. version 4.1.2) and the option -O3; ++ using -O2 solves the problem. ++ ++ ++ License ++ ------- ++ ++ The library is distributed under the terms of the GNU Lesser ++ General Public License (LGPL); see the file COPYING.LIB for the ++ actual terms. ++ ++ The helper programs as well as the documentation are distributed ++ under the terms of the GNU General Public License (GPL); see the ++ file COPYING for the actual terms. ++ ++ The file LICENSES has notices about contributions that require ++ that these additional notices are distributed. ++ ++ ++ Contact ++ ------- ++ ++ See the file AUTHORS. ++ ++ Commercial grade support for Libgcrypt is available; for a listing ++ of offers see https://www.gnupg.org/service.html . ++ ++ Since 2001 maintenance and development of Libgcrypt is done by g10 ++ Code GmbH and was mostly financed by donations; since 2022 a raise ++ in revenues from support contracts allows to fully finance the ++ development without resorting to donations. Many thanks to our ++ paid developers for their work and also a big thank you to Jussi ++ Kivilinna for all of his performance work. ++ ++ This file is Free Software; as a special exception the authors gives ++ unlimited permission to copy and/or distribute it, with or without ++ modifications, as long as this notice is preserved. For conditions ++ of the whole package, please see the file COPYING. This file is ++ distributed in the hope that it will be useful, but WITHOUT ANY ++ WARRANTY, to the extent permitted by law; without even the implied ++ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +diff --git a/grub-core/lib/libgcrypt/README.GIT b/grub-core/lib/libgcrypt/README.GIT +new file mode 100644 +index 0000000..ee2c638 +--- /dev/null ++++ b/grub-core/lib/libgcrypt/README.GIT +@@ -0,0 +1,49 @@ ++If you are building from GIT, run the script ++ ++./autogen.sh ++ ++first, to make sure that you have all the necessary maintainer tools ++are installed and to build the actual configuration files. If you ++have just checked out from GIT, you should add the option "--force" to ++autogen.sh so that meta data is noticed by autom4te.cache. Then run ++ ++./configure --enable-maintainer-mode ++ ++followed by the usual make. ++ ++If autogen.sh complains about insufficient versions of the required ++tools, or the tools are not installed, you may use environment ++variables to override the default tool names: ++ ++ AUTOMAKE_SUFFIX is used as a suffix for all tools from the automake ++ package. For example ++ AUTOMAKE_SUFFIX="-1.7" ./autogen.sh ++ uses "automake-1.7" and "aclocal-1.7. ++ AUTOMAKE_PREFIX is used as a prefix for all tools from the automake ++ page and may be combined with AUTOMAKE_SUFFIX. e.g.: ++ AUTOMAKE_PREFIX=/usr/foo/bin ./autogen.sh ++ uses "automake" and "aclocal" in the /usr/foo/bin ++ directory. ++ AUTOCONF_SUFFIX is used as a suffix for all tools from the automake ++ package ++ AUTOCONF_PREFIX is used as a prefix for all tools from the automake ++ package ++ GETTEXT_SUFFIX is used as a suffix for all tools from the gettext ++ package ++ GETTEXT_PREFIX is used as a prefix for all tools from the gettext ++ package ++ ++It is also possible to use the variable name AUTOMAKE, AUTOCONF, ++ACLOCAL, AUTOHEADER, GETTEXT and MSGMERGE to directly specify the name ++of the programs to run. It is however better to use the suffix and ++prefix forms as described above because that does not require ++knowledge about the actual tools used by autogen.sh. ++ ++ ++Please don't use autopoint, libtoolize or autoreconf unless you are ++the current maintainer and want to update the standard configuration ++files. All those files should be in GIT and only updated manually ++if the maintainer decides that newer versions are required. The ++maintainer should also make sure that the required version of automake ++et al. are properly indicated at the top of configure.ac and take care ++to copy the files and not merely use symlinks. +diff --git a/grub-core/lib/libgcrypt/THANKS b/grub-core/lib/libgcrypt/THANKS +new file mode 100644 +index 0000000..6a44ead +--- /dev/null ++++ b/grub-core/lib/libgcrypt/THANKS +@@ -0,0 +1,168 @@ ++Libgcrypt is based on the GnuPG code. Here is a list of people, who ++helped in GnuPG and Libgcrypt development. Please help us to keep it ++complete and free of errors. ++ ++Albert Chin china at thewrittenword com ++Allan Clark allanc@sco.com ++Anand Kumria wildfire@progsoc.uts.edu.au ++Andreas Metzler ametzler at downhill.at.eu.org ++Ariel T Glenn ariel@columbia.edu ++Aurelien Jarno aurel32 at debian.org ++Ben Hutchings ben decadent org uk ++Bodo Moeller Bodo_Moeller@public.uni-hamburg.de ++Brenno de Winter brenno@dewinter.com ++Brian Moore bem@cmc.net ++Brian Warner warner@lothar.com ++Brieuc Jeunhomme bbp@via.ecp.fr ++Bryan Fullerton bryanf@samurai.com ++Caskey L. Dickson caskey@technocage.com ++Cees van de Griend cees-list@griend.xs4all.nl ++Charles Levert charles@comm.polymtl.ca ++Christian Biere christianbiere@gmx.de ++Christian Grothoff christian at grothoff org ++Christian von Roques roques@pond.sub.org ++Christopher Oliver oliver@fritz.traverse.net ++Christian Recktenwald chris@citecs.de ++Daiki Ueno ueno at unixuser org ++Dan Fandrich dan at coneharvesters com ++Daniel Eisenbud eisenbud@cs.swarthmore.edu ++Daniel Koening dan@mail.isis.de ++David Ellement ellement@sdd.hp.com ++Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de ++Dirk Lattermann dlatt@t-online.de ++Dirk Stoecker gcrypt@dstoecker.de ++Ed Boraas ecxjo@esperanto.org ++Elie De Brauwer elie@de-brauwer.be ++Enzo Michelangeli em@MailAndNews.com ++Ernst Molitor ernst.molitor@uni-bonn.de ++Fabian Keil fk at fabiankeil de ++Fabio Coatti cova@felix.unife.it ++Felix von Leitner leitner@amdiv.de ++Frank Heckenbach heckenb@mi.uni-erlangen.de ++Frank Stajano frank.stajano@cl.cam.ac.uk ++Gabriele Monti psicus78 gmail com ++Gaël Quéri gqueri@mail.dotcom.fr ++Gregor Riepl seto-kun@freesurf.ch ++Gerlinde Klaes gk@u64.de ++Greg Louis glouis@dynamicro.on.ca ++Greg Troxel gdt@ir.bbn.com ++Gregory Steuck steuck@iname.com ++Geoff Keating geoffk@ozemail.com.au ++Harald Denker harry@hal.westfalen.de ++Hendrik Buschkamp buschkamp@rheumanet.org ++Holger Schurig holger@d.om.org ++Hugh Daniel hugh@toad.com ++Ian McKellar imckellar@harvestroad.com.au ++Ian Peters itp@ximian.com ++Janusz A. Urbanowicz alex@bofh.torun.pl ++James Troup james@nocrew.org ++Jean-loup Gailly gzip@prep.ai.mit.edu ++Jeff Johnson jbj@redhat.com ++Jens Bachem bachem@rrz.uni-koeln.de ++J Horacio MG homega@ciberia.es ++Joachim Backes backes@rhrk.uni-kl.de ++Jordi Mallach jordi@sindominio.net ++John A. Martin jam@jamux.com ++Johnny Teveßen j.tevessen@gmx.de ++Jörg Schilling schilling@fokus.gmd.de ++Jun Kuriyama kuriyama@sky.rim.or.jp ++Karl Fogel kfogel@guanabana.onshore.com ++Karsten Thygesen karthy@kom.auc.dk ++Katsuhiro Kondou kondou@nec.co.jp ++Kazu Yamamoto kazu@iijlab.net ++Lars Kellogg-Stedman lars@bu.edu ++Lee Fisher blibbet at gmail dot com ++Marco d'Itri md@linux.it ++Mark Adler madler@alumni.caltech.edu ++Mark Elbrecht snowball3@bigfoot.com ++Markus Friedl Markus.Friedl@informatik.uni-erlangen.de ++Matthias Urlichs smurf@smurf.noris.de ++Martin Kahlert martin.kahlert@provi.de ++Martin Hamilton ++Martin Schulte schulte@thp.uni-koeln.de ++Matthew Skala mskala@ansuz.sooke.bc.ca ++Max Kellermann max@duempel.org ++Max Valianskiy maxcom@maxcom.ml.org ++Michael Fischer v. Mollard mfvm@gmx.de ++Michael Roth mroth@nessie.de ++Michael Sobolev mss@despair.transas.com ++Michele Baldessari michele@pupazzo.org ++Modestas Vainius geromanas@mailas.com ++Neil Dunbar neil.dunbar at pobox.com ++Neil Spring nspring@cs.washington.edu ++Newton Hammet newton@hammet.net ++Nicolas Graner Nicolas.Graner@cri.u-psud.fr ++NIIBE Yutaka gniibe@chroot.org ++Niklas Hernaeus ++Nikolay Sturm sturm@sec.informatik.tu-darmstadt.de ++Nikos Mavroyanopoulos nmav@hellug.gr ++Nimrod Zimerman zimerman@forfree.at ++N J Doye nic@niss.ac.uk ++Oliver Haakert haakert@hsp.de ++Oskari Jääskeläinen f33003a@cc.hut.fi ++Paul D. Smith psmith@baynetworks.com ++Philippe Laliberte arsphl@oeil.qc.ca ++Peter Gutmann pgut001@cs.auckland.ac.nz ++QingLong qinglong@bolizm.ihep.su ++Rafael Ãvila de Espíndola rafael.espindola@gmail.com ++Rafaël Carré funman@videolan.org ++Ralf Fassel ralf@akutech.de ++Ralf Hildebrandt Ralf.Hildebrandt@innominate.com ++Ralf Schneider ralf@tapfere-schneiderleins.de ++Ralph Gillen gillen@theochem.uni-duesseldorf.de ++Rami Lehti Rami.Lehti@finland.sun.com ++Randolph Chung tausq@debian.org ++Randy mcclellr@oit.edu ++Rat ratinox@peorth.gweep.net ++Reinhard Wobst R.Wobst@ifw-dresden.de ++Rémi Guyomarch rguyom@mail.dotcom.fr ++Reuben Sumner rasumner@wisdom.weizmann.ac.il ++Richard Outerbridge outer@interlog.com ++Roddy Strachan roddy@satlink.com.au ++Roland Rosenfeld roland@spinnaker.rhein.de ++Ross Golder rossigee@bigfoot.com ++Serge Munhoven munhoven@mema.ucl.ac.be ++Sergi Blanch i Torné sergi at calcurco cat ++Simon Josefsson jas@extundo.com ++SL Baur steve@xemacs.org ++Stephan Austermuehle au@hcsd.de ++Stephan Müller smueller at atsec com ++Stephane Corthesy stephane@sente.ch ++Stefan Karrmann S.Karrmann@gmx.net ++Stefan Keller dres@cs.tu-berlin.de ++Stefan Krüger stadtkind2 at gmx de ++Steffen Ullrich ccrlphr@xensei.com ++Steffen Zahn zahn@berlin.snafu.de ++Steven Bakker steven@icoe.att.com ++Susanne Schultz schultz@hsp.de ++Sven Bjorn ++Szakats Istvan szaki.ms@gmail.com ++Thiago Jung Bauermann jungmann@cwb.matrix.com.br ++Thomas Roessler roessler@guug.de ++Tom Holroyd tomh@po.crl.go.jp ++Tom Spindler dogcow@home.merit.edu ++Tom Zerucha tzeruch@ceddec.com ++Tomas Fasth tomas.fasth@twinspot.net ++Tommi Komulainen Tommi.Komulainen@iki.fi ++Thomas Mikkelsen tbm@image.dk ++Ulf Möller 3umoelle@informatik.uni-hamburg.de ++Umberto Salsi salsi@icosaedro.it ++Uoti Urpala ++Urko Lusa ulusa@euskalnet.net ++Victor Stinner haypo@inl.fr ++Walter Koch koch@u32.de ++Werner Koch wk@gnupg.org ++Wim Vandeputte wim@kd85.com ++ nbecker@hns.com ++ ++ ++ Copyright 1998, 1999, 2000, 2001, 2002, 2003, ++ 2009, 2011 Free Software Foundation, Inc. ++ ++ This file is free software; as a special exception the author gives ++ unlimited permission to copy and/or distribute it, with or without ++ modifications, as long as this notice is preserved. ++ ++ This file is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the ++ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +diff --git a/grub-core/lib/libgcrypt/VERSION b/grub-core/lib/libgcrypt/VERSION +new file mode 100644 +index 0000000..1cac385 +--- /dev/null ++++ b/grub-core/lib/libgcrypt/VERSION +@@ -0,0 +1 @@ ++1.11.0 +diff --git a/grub-core/lib/libgcrypt/cipher/ChangeLog b/grub-core/lib/libgcrypt/cipher/ChangeLog +deleted file mode 100644 +index 1b3694f..0000000 +--- a/grub-core/lib/libgcrypt/cipher/ChangeLog ++++ /dev/null +@@ -1,3990 +0,0 @@ +-2010-08-19 Werner Koch +- +- * cipher.c (gcry_cipher_open): Remove double release of the module. +- Fixes bug#1263. +- +-2010-06-10 Jeff Johnson (wk) +- +- * ecc.c (ecc_generate_ext): Parse transient-key flag. +- (generate_key): Add arg TRANSIENT_KEY and use it to set the random +- level. +- +-2010-04-12 Brad Hards (wk) +- +- Spelling fixes. +- +-2010-03-26 Werner Koch +- +- * tiger.c (asn): Unfetter the old TIGER from an OID. +- (TIGER_CONTEXT): Add field VARIANT. +- (tiger_init): Factor code out to ... +- (do_init): New. +- (tiger1_init, tiger2_init): New. +- (_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): New. +- * md.c (digest_table): Add TIGER1 and TIGER2 variants. +- +-2009-12-11 Werner Koch +- +- * sha256.c (Cho, Maj, Sum0, Sum1): Turn macros into inline +- functions. +- (transform): Partly unroll to interweave the chain variables +- +- * sha512.c (ROTR, Ch, Maj, Sum0, Sum1): Turn macros into inline +- functions. +- (transform): Partly unroll to interweave the chain variables. +- Suggested by Christian Grothoff. +- +-2009-12-10 Werner Koch +- +- * Makefile.am (o_flag_munging): New. +- (tiger.o, tiger.lo): Use it. +- +- * cipher.c (do_ctr_encrypt): Add arg OUTBUFLEN. Check for +- suitable value. Add check for valid inputlen. Wipe temporary +- memory. +- (do_ctr_decrypt): Likewise. +- (do_cbc_encrypt, do_cbc_decrypt): Add arg OUTBUFLEN. Check for +- suitable value. Move check for valid inputlen to here; change +- returned error from INV_ARG to INV_LENGTH. +- (do_ecb_encrypt, do_ecb_decrypt): Ditto. +- (do_cfb_encrypt, do_cfb_decrypt): Ditto. +- (do_ofb_encrypt, do_ofb_decrypt): Ditto. +- (cipher_encrypt, cipher_encrypt): Adjust for above changes. +- (gcry_cipher_encrypt, gcry_cipher_decrypt): Simplify. +- +-2009-12-09 Werner Koch +- +- * cipher.c (gcry_cipher_open): Allow for GCRY_CIPHER_MODE_AESWRAP. +- (cipher_encrypt, cipher_decrypt): Ditto. +- (do_aeswrap_encrypt, do_aeswrap_decrypt): New. +- (struct gcry_cipher_handle): Add field marks. +- (cipher_setkey, cipher_setiv): Update marks flags. +- (cipher_reset): Reset marks. +- (cipher_encrypt, cipher_decrypt): Add new arg OUTBUFLEN. +- (gcry_cipher_encrypt, gcry_cipher_decrypt): Pass outbuflen to +- cipher_encrypt. Replace GPG_ERR_TOO_SHORT by +- GPG_ERR_BUFFER_TOO_SHORT. +- +-2009-08-21 Werner Koch +- +- * dsa.c (dsa_generate_ext): Release retfactors array before +- setting it to NULL. Reported by Daiko Ueno. +- +-2009-07-02 Werner Koch +- +- * md.c (md_read): Fix incomplete check for NULL. +- Reported by Fabian Kail. +- +-2009-03-31 Werner Koch +- +- * rsa.c (rsa_check_secret_key): Return GPG_ERR_BAD_SECKEY and not +- GPG_ERR_PUBKEY_ALGO. +- +-2009-02-16 Werner Koch +- +- * rsa.c (generate_x931): Do not initialize TBL with automatic +- variables. +- * whirlpool.c, tiger.c, sha256.c, sha1.c, rmd160.c, md5.c +- * md4.c, crc.c: Remove memory.h. This is garbage from gnupg. +- Reported by Dan Fandrich. +- +-2009-01-22 Werner Koch +- +- * ecc.c (compute_keygrip): Remove superfluous const. +- +-2009-01-06 Werner Koch +- +- * rmd160.c (oid_spec_rmd160): Add TeleTrust identifier. +- +-2008-12-10 Werner Koch +- +- * dsa.c (generate): Add arg DOMAIN and use it if specified. +- (generate_fips186): Ditto. +- (dsa_generate_ext): Parse and check the optional "domain" +- parameter and pass them to the generate functions. +- +- * rijndael.c (rijndael_names): Add "AES128" and "AES-128". +- (rijndael192_names): Add "AES-192". +- (rijndael256_names): Add "AES-256". +- +-2008-12-05 Werner Koch +- +- * dsa.c (generate): Add arg TRANSIENT_KEY and use it to detrmine +- the RNG quality needed. +- (dsa_generate_ext): Parse the transient-key flag und pass it to +- generate. +- +-2008-11-28 Werner Koch +- +- * dsa.c (generate_fips186): Add arg DERIVEPARMS and use the seed +- value if available. +- +- * primegen.c (_gcry_generate_fips186_2_prime): Fix inner p loop. +- +-2008-11-26 Werner Koch +- +- * primegen.c (_gcry_generate_fips186_3_prime): New. +- * dsa.c (generate_fips186): Add arg USE_FIPS186_2. +- (dsa_generate_ext): Parse new flag use-fips183-2. +- +-2008-11-25 Werner Koch +- +- * dsa.c (generate_fips186): New. +- (dsa_generate_ext): Use new function if derive-parms are given or +- if in FIPS mode. +- * primegen.c (_gcry_generate_fips186_2_prime): New. +- +-2008-11-24 Werner Koch +- +- * pubkey.c (gcry_pk_genkey): Insert code to output extrainfo. +- (pubkey_generate): Add arg R_EXTRAINFO and pass it to the extended +- key generation function. +- * rsa.c (gen_x931_parm_xp, gen_x931_parm_xi): New. +- (generate_x931): Generate params if not given. +- (rsa_generate_ext): Parse use-x931 flag. Return p-q-swapped +- indicator. +- * dsa.c (dsa_generate_ext): Put RETFACTORS into R_EXTRAINFO if +- possible. +- +- * pubkey.c (gcry_pk_genkey): Remove parsing of almost all +- parameters and pass the parameter S-expression to pubkey_generate. +- (pubkey_generate): Simplify by requitring modules to parse the +- parameters. Remove the special cases for Elgamal and ECC. +- (sexp_elements_extract_ecc): Add arg EXTRASPEC and use it. Fix +- small memory leak. +- (sexp_to_key): Pass EXTRASPEC to sexp_elements_extract_ecc. +- (pubkey_table) [USE_ELGAMAL]: Add real extraspec. +- * rsa.c (rsa_generate_ext): Adjust for new calling convention. +- * dsa.c (dsa_generate_ext): Ditto. +- * elgamal.c (_gcry_elg_generate): Ditto. Rename to elg_generate_ext. +- (elg_generate): New. +- (_gcry_elg_generate_using_x): Remove after merging code with +- elg_generate_ext. +- (_gcry_pubkey_extraspec_elg): New. +- (_gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_sign) +- (_gcry_elg_verify, _gcry_elg_get_nbits): Make static and remove +- _gcry_ prefix. +- * ecc.c (_gcry_ecc_generate): Rename to ecc_generate_ext and +- adjust for new calling convention. +- (_gcry_ecc_get_param): Rename to ecc_get_param and make static. +- (_gcry_pubkey_extraspec_ecdsa): Add ecc_generate_ext and +- ecc_get_param. +- +-2008-11-20 Werner Koch +- +- * pubkey.c (pubkey_generate): Add arg DERIVEPARMS. +- (gcry_pk_genkey): Parse derive-parms and pass it to above. +- * rsa.c (generate_x931): New. +- (rsa_generate_ext): Add arg DERIVEPARMS and call new function in +- fips mode or if DERIVEPARMS is given. +- * primegen.c (_gcry_derive_x931_prime, find_x931_prime): New. +- +-2008-11-19 Werner Koch +- +- * rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding. +- (generate): Rename to generate_std. +- +-2008-11-05 Werner Koch +- +- * md.c (md_open): Use a switch to set the Bsize. +- (prepare_macpads): Fix long key case for SHA384 and SHA512. +- +- * cipher.c (gcry_cipher_handle): Add field EXTRASPEC. +- (gcry_cipher_open): Set it. +- (gcry_cipher_ctl): Add private control code to disable weak key +- detection and to return the current input block. +- * des.c (_tripledes_ctx): Add field FLAGS. +- (do_tripledes_set_extra_info): New. +- (_gcry_cipher_extraspec_tripledes): Add new function. +- (do_tripledes_setkey): Disable weak key detection. +- +-2008-10-24 Werner Koch +- +- * md.c (digest_table): Allow MD5 in fips mode. +- (md_register_default): Take special action for MD5. +- (md_enable, gcry_md_hash_buffer): Ditto. +- +-2008-09-30 Werner Koch +- +- * rijndael.c (do_setkey): Properly align "t" and "tk". +- (prepare_decryption): Properly align "w". Fixes bug #936. +- +-2008-09-18 Werner Koch +- +- * pubkey.c (gcry_pk_genkey): Parse domain parameter. +- (pubkey_generate): Add new arg DOMAIN and remove special case for +- DSA with qbits. +- * rsa.c (rsa_generate): Add dummy args QBITS, NAME and DOMAIN and +- rename to rsa_generate_ext. Change caller. +- (_gcry_rsa_generate, _gcry_rsa_check_secret_key) +- (_gcry_rsa_encrypt, _gcry_rsa_decrypt, _gcry_rsa_sign) +- (_gcry_rsa_verify, _gcry_rsa_get_nbits): Make static and remove +- _gcry_ prefix. +- (_gcry_pubkey_spec_rsa, _gcry_pubkey_extraspec_rsa): Adjust names. +- * dsa.c (dsa_generate_ext): New. +- (_gcry_dsa_generate): Replace code by a call to dsa_generate. +- (_gcry_dsa_check_secret_key, _gcry_dsa_sign, _gcry_dsa_verify) +- (_gcry_dsa_get_nbits): Make static and remove _gcry prefix. +- (_gcry_dsa_generate2): Remove. +- (_gcry_pubkey_spec_dsa): Adjust to name changes. +- (_gcry_pubkey_extraspec_rsa): Add dsa_generate_ext. +- +-2008-09-16 Werner Koch +- +- * ecc.c (run_selftests): Add arg EXTENDED. +- +-2008-09-12 Werner Koch +- +- * rsa.c (test_keys): Do a bad case signature check. +- * dsa.c (test_keys): Do a bad case check. +- +- * cipher.c (_gcry_cipher_selftest): Add arg EXTENDED and pass it +- to the called tests. +- * md.c (_gcry_md_selftest): Ditto. +- * pubkey.c (_gcry_pk_selftest): Ditto. +- * rijndael.c (run_selftests): Add arg EXTENDED and pass it to the +- called tests. +- (selftest_fips_128): Add arg EXTENDED and run only one test +- non-extended mode. +- (selftest_fips_192): Add dummy arg EXTENDED. +- (selftest_fips_256): Ditto. +- * hmac-tests.c (_gcry_hmac_selftest): Ditto. +- (run_selftests): Ditto. +- (selftests_sha1): Add arg EXTENDED and run only one test +- non-extended mode. +- (selftests_sha224, selftests_sha256): Ditto. +- (selftests_sha384, selftests_sha512): Ditto. +- * sha1.c (run_selftests): Add arg EXTENDED and pass it to the +- called test. +- (selftests_sha1): Add arg EXTENDED and run only one test +- non-extended mode. +- * sha256.c (run_selftests): Add arg EXTENDED and pass it to the +- called tests. +- (selftests_sha224): Add arg EXTENDED and run only one test +- non-extended mode. +- (selftests_sha256): Ditto. +- * sha512.c (run_selftests): Add arg EXTENDED and pass it to the +- called tests. +- (selftests_sha384): Add arg EXTENDED and run only one test +- non-extended mode. +- (selftests_sha512): Ditto. +- * des.c (run_selftests): Add arg EXTENDED and pass it to the +- called test. +- (selftest_fips): Add dummy arg EXTENDED. +- * rsa.c (run_selftests): Add dummy arg EXTENDED. +- +- * dsa.c (run_selftests): Add dummy arg EXTENDED. +- +- * rsa.c (extract_a_from_sexp): New. +- (selftest_encr_1024): Check that the ciphertext does not match the +- plaintext. +- (test_keys): Improve tests and return an error status. +- (generate): Return an error if test_keys fails. +- * dsa.c (test_keys): Add comments and return an error status. +- (generate): Return an error if test_keys failed. +- +-2008-09-11 Werner Koch +- +- * rsa.c (_gcry_rsa_decrypt): Return an error instead of calling +- BUG in case of a practically impossible condition. +- (sample_secret_key, sample_public_key): New. +- (selftest_sign_1024, selftest_encr_1024): New. +- (selftests_rsa): Implement tests. +- * dsa.c (sample_secret_key, sample_public_key): New. +- (selftest_sign_1024): New. +- (selftests_dsa): Implement tests. +- +-2008-09-09 Werner Koch +- +- * hmac-tests.c (selftests_sha1): Add tests. +- (selftests_sha224, selftests_sha384, selftests_sha512): Make up tests. +- +- * hash-common.c, hash-common.h: New. +- * sha1.c (selftests_sha1): Add 3 tests. +- * sha256.c (selftests_sha256, selftests_sha224): Ditto. +- * sha512.c (selftests_sha512, selftests_sha384): Ditto. +- +-2008-08-29 Werner Koch +- +- * pubkey.c (gcry_pk_get_keygrip): Remove the special case for RSA +- and check whether a custom computation function has been setup. +- * rsa.c (compute_keygrip): New. +- (_gcry_pubkey_extraspec_rsa): Setup this function. +- * ecc.c (compute_keygrip): New. +- (_gcry_pubkey_extraspec_ecdsa): Setup this function. +- +-2008-08-28 Werner Koch +- +- * cipher.c (cipher_decrypt, cipher_encrypt): Return an error if +- mode NONE is used. +- (gcry_cipher_open): Allow mode NONE only with a debug flag set and +- if not in FIPS mode. +- +-2008-08-26 Werner Koch +- +- * pubkey.c (pubkey_generate): Add arg KEYGEN_FLAGS. +- (gcry_pk_genkey): Implement new parameter "transient-key" and +- pass it as flags to pubkey_generate. +- (pubkey_generate): Make use of an ext_generate function. +- * rsa.c (generate): Add new arg transient_key and pass appropriate +- args to the prime generator. +- (_gcry_rsa_generate): Factor all code out to ... +- (rsa_generate): .. new func with extra arg KEYGEN_FLAGS. +- (_gcry_pubkey_extraspec_ecdsa): Setup rsa_generate. +- * primegen.c (_gcry_generate_secret_prime) +- (_gcry_generate_public_prime): Add new arg RANDOM_LEVEL. +- +-2008-08-21 Werner Koch +- +- * primegen.c (_gcry_generate_secret_prime) +- (_gcry_generate_public_prime): Use a constant macro for the random +- level. +- +-2008-08-19 Werner Koch +- +- * pubkey.c (sexp_elements_extract_ecc) [!USE_ECC]: Do not allow +- allow "curve" parameter. +- +-2008-08-15 Werner Koch +- +- * pubkey.c (_gcry_pk_selftest): New. +- * dsa.c (selftests_dsa, run_selftests): New. +- * rsa.c (selftests_rsa, run_selftests): New. +- * ecc.c (selftests_ecdsa, run_selftests): New. +- +- * md.c (_gcry_md_selftest): New. +- * sha1.c (run_selftests, selftests_sha1): New. +- * sha256.c (selftests_sha224, selftests_sha256, run_selftests): New. +- * sha512.c (selftests_sha384, selftests_sha512, run_selftests): New. +- +- * des.c (selftest): Remove static variable form selftest. +- (des_setkey): No on-the-fly self test in fips mode. +- (tripledes_set3keys): Ditto. +- +- * cipher.c (_gcry_cipher_setkey, _gcry_cipher_setiv): +- +- * dsa.c (generate): Bail out in fips mode if NBITS is less than 1024. +- * rsa.c (generate): Return an error code if the the requested size +- is less than 1024 and we are in fpis mode. +- (_gcry_rsa_generate): Take care of that error code. +- +- * ecc.c (generate_curve): In fips mode enable only NIST curves. +- +- * cipher.c (_gcry_cipher_selftest): New. +- +- * sha512.c (_gcry_digest_extraspec_sha384) +- (_gcry_digest_extraspec_sha512): New. +- * sha256.c (_gcry_digest_extraspec_sha224) +- (_gcry_digest_extraspec_sha256): New. +- * sha1.c (_gcry_digest_extraspec_sha1): New. +- * ecc.c (_gcry_pubkey_extraspec_ecdsa): New. +- * dsa.c (_gcry_pubkey_extraspec_dsa): New. +- * rsa.c (_gcry_pubkey_extraspec_rsa): New. +- * rijndael.c (_gcry_cipher_extraspec_aes) +- (_gcry_cipher_extraspec_aes192, _gcry_cipher_extraspec_aes256): New. +- * des.c (_gcry_cipher_extraspec_tripledes): New. +- +- * cipher.c (gcry_cipher_register): Rename to _gcry_cipher_register. +- Add arg EXTRASPEC. +- (dummy_extra_spec): New. +- (cipher_table_entry): Add extraspec field. +- * md.c (_gcry_md_register): Rename to _gcry_md_register. Add +- arg EXTRASPEC. +- (dummy_extra_spec): New. +- (digest_table_entry): Add extraspec field. +- * pubkey.c (gcry_pk_register): Rename to _gcry_pk_register. Add +- arg EXTRASPEC. +- (dummy_extra_spec): New. +- (pubkey_table_entry): Add extraspec field. +- +- * ac.c: Let most public functions return GPG_ERR_UNSUPPORTED in +- fips mode. +- +- * pubkey.c (pubkey_table_entry): Add field FIPS_ALLOWED and mark +- appropriate algorithms. +- (dummy_generate, dummy_check_secret_key, dummy_encrypt) +- (dummy_decrypt, dummy_sign, dummy_verify, dummy_get_nbits): Signal +- a fips error when used. +- (gcry_pk_register): In fips mode do not allow to register new +- algorithms. +- +- * md.c (digest_table): Add field FIPS_ALLOWED and mark appropriate +- algorithms. +- (md_register_default): In fips mode register only fips algorithms. +- (gcry_md_register): In fips mode do not allow to register new +- algorithms. +- (gcry_md_get): Signal a fips error if called. +- (gcry_md_hash_buffer): Do not allow rmd160 when not in fips mode. +- (md_start_debug): Disable in fips_mode. +- +- * md.c (gcry_md_register_default): Rename to .. +- (md_register_default): .. this. +- (md_digest): Remove this commented fucntion. +- * pubkey.c (gcry_pk_register_default): Rename to .. +- (pk_register_default): .. this. +- +- * cipher.c (cipher_table_entry): Add field FIPS_ALLOWED. +- (gcry_cipher_register_default): Register only fips approved +- algorithms. +- (gcry_cipher_register): Do not allow to register new ciphers. +- (cipher_setiv): Signal fips error. +- +- * cipher (gcry_cipher_register_default): Rename to .. +- (cipher_register_default): .. this. +- (REGISTER_DEFAULT_CIPHERS): Adjust for that change. +- +-2008-07-05 Werner Koch +- +- * random-daemon.c, random.h, rndhw.c, rndunix.c, rand-internal.h +- * random.c, rndegd.c, rndlinux.c, rndw32.c: Move to ../cipher. +- * Makefile.am: Remove random stuff. +- +-2008-06-24 Szakats Istvan (wk) +- +- * ac.c (_gcry_ac_key_destroy, _gcry_ac_key_pair_generate): Relase +- some more memory. +- +-2008-04-22 Werner Koch +- +- * rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc) +- (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use Padlock if possible. +- +-2008-04-18 Werner Koch +- +- * sha1.c (transform_aligned): Remove. That is will obviosuly not +- work because we need a scratch working area and our internal API +- does not allow to modify the buffers. +- +- * rijndael.c: Factor tables out to .. +- * rijndael-tables.h: .. new. +- +- * ac.c (ac_data_extract): Make static. +- +- * camellia.h [HAVE_CONFIG_H]: Include config.h. +- +- * rndw32.c (registry_poll): Only print the performance data +- problem warning once. Suggested by Simon Josefsson. +- +-2008-03-19 Werner Koch +- +- * cipher.c (gcry_cipher_open) [USE_AES]: Init bulk encryption only +- if requested. Suggested by Dirk Stoecker. +- +-2008-03-18 Werner Koch +- +- * sha1.c: Include stdint.h. +- (transform): Add arg NBLOCKS so that we can work on more than one +- block and avoid updates of the chaining variables. Changed all +- callers to use 1. +- (sha1_write): Replace loop around transform. +- (transform_aligned) [WORDS_BIGENDIAN]: New. +- (TRANSFORM): New macro to replace all direct calls of transform. +- +-2008-03-17 Werner Koch +- +- * rijndael.c (_gcry_aes_cfb_dec): New. +- (do_encrypt): Factor code out to .. +- (do_encrypt_aligned): .. New. +- (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec): Use new function. +- (do_decrypt): Factor code out to .. +- (do_decrypt_aligned): .. new. +- (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec): New. +- * cipher.c (struct gcry_cipher_handle): Put field IV into new +- union U_IV to enforce proper alignment. Change all users. +- (do_cfb_decrypt): Optimize. +- (do_cbc_encrypt, do_cbc_decrypt): Optimize. +- +-2008-03-15 Werner Koch +- +- * rijndael.c (_gcry_aes_cfb_enc): New. +- * cipher.c (struct gcry_cipher_handle): Add field ALGO and BULK. +- (gcry_cipher_open): Set ALGO and BULK. +- (do_cfb_encrypt): Optimize. +- +-2008-02-18 Werner Koch +- +- * rsa.c (_gcry_rsa_verify) [IS_DEVELOPMENT_VERSION]: Print +- intermediate results. +- +-2008-01-08 Werner Koch +- +- * random.c (add_randomness): Do not just increment +- POOL_FILLED_COUNTER but update it by the actual amount of data. +- +-2007-12-13 Werner Koch +- +- * pubkey.c (sexp_data_to_mpi): Support SHA-224. +- +-2007-12-05 Werner Koch +- +- * rijndael.c (USE_PADLOCK): Depend on ENABLE_PADLOCK_SUPPORT. +- * rndhw.c (USE_PADLOCK): Ditto +- +- * rsa.c (secret): Fixed condition test for using CRT. Reported by +- Dean Scarff. Fixes bug#864. +- (_gcry_rsa_check_secret_key): Return an erro if the optional +- parameters are missing. +- * pubkey.c (sexp_elements_extract): Add arg ALGO_NAME. Changed all +- callers to pass NULL. Add hack to allow for optional RSA +- parameters. +- (sexp_to_key): Pass algo name to sexp_elements_extract. +- +-2007-12-03 Werner Koch +- +- * random.c (gcry_random_add_bytes): Implement it. +- * rand-internal.h (RANDOM_ORIGIN_EXTERNAL): New. +- +-2007-11-30 Werner Koch +- +- * rndhw.c: New. +- * rndlinux.c (_gcry_rndlinux_gather_random): Try to read 50% +- directly from the hwrng. +- * random.c (do_fast_random_poll): Also run the hw rng fast poll. +- (_gcry_random_dump_stats): Tell whether the hw rng failed. +- +-2007-11-29 Werner Koch +- +- * rijndael.c (USE_PADLOCK): Define new macro used for ia32. +- (RIJNDAEL_context) [USE_PADLOCK]: Add fields USE_PADLOCK and +- PADLOCK_KEY. +- (do_setkey) [USE_PADLOCK]: Enable padlock if available for 128 bit +- AES. +- (do_padlock) [USE_PADLOCK]: New. +- (rijndael_encrypt, rijndael_decrypt) [USE_PADLOCK]: Divert to +- do_padlock. +- * cipher.c (cipher_context_alignment_t): New. Use it in this +- module in place of PROPERLY_ALIGNED_TYPE. +- (NEED_16BYTE_ALIGNED_CONTEXT): Define macro for ia32. +- (struct gcry_cipher_handle): Add field HANDLE_OFFSET. +- (gcry_cipher_open): Take care of increased alignment requirements. +- (gcry_cipher_close): Ditto. +- +-2007-11-28 Werner Koch +- +- * sha256.c (asn224): Fixed wrong template. It happened due to a +- bug in RFC4880. SHA-224 is not in the stable version of libgcrypt +- so the consequences are limited to users of this devel version. +- +-2007-10-31 Werner Koch +- +- * ac.c (gcry_ac_data_new): Remove due to the visibility wrapper. +- (gcry_ac_data_destroy, gcry_ac_data_copy, gcry_ac_data_length) +- (gcry_ac_data_set, gcry_ac_data_get_name, gcry_ac_data_get_index) +- (gcry_ac_data_to_sexp, gcry_ac_data_from_sexp) +- (gcry_ac_data_clear, gcry_ac_io_init, gcry_ac_open) +- (gcry_ac_close, gcry_ac_key_init, gcry_ac_key_pair_generate) +- (gcry_ac_key_pair_extract, gcry_ac_key_destroy) +- (gcry_ac_key_pair_destroy, gcry_ac_key_data_get) +- (gcry_ac_key_test, gcry_ac_key_get_nbits, gcry_ac_key_get_grip) +- (gcry_ac_data_encrypt, gcry_ac_data_decrypt, gcry_ac_data_sign) +- (gcry_ac_data_verify, gcry_ac_data_encode, gcry_ac_data_decode) +- (gcry_ac_mpi_to_os, gcry_ac_mpi_to_os_alloc, gcry_ac_os_to_mpi) +- (gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme) +- (gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme) +- (gcry_ac_io_init_va): Ditto. +- (gcry_ac_id_to_name, gcry_ac_name_to_id): Remove as these +- deprecated functions are now implemented by visibility.c. +- +-2007-10-26 Werner Koch +- +- * rndw32.c: Disable debug flag. +- +-2007-10-25 Werner Koch +- +- * rndw32.c: Updated from current cryptlib snapshot and modified +- for our use. Removed support from pre NT systems. +- (slow_gatherer_windows95): Remove. +- (_gcry_rndw32_gather_random): Require an NT platform. +- (init_system_rng, read_system_rng, read_mbm_data): New. +- (slow_gatherer_windowsNT): Rename to ... +- (slow_gatherer): .. this. Read system RNG and MBM. +- (registry_poll): New with code factored out from slow_gatherer. +- +-2007-08-23 Werner Koch +- +- * random.c (pool_filled_counter): New. +- (add_randomness): Use it. +- +-2007-08-22 Werner Koch +- +- * rndw32.c, rndunix.c: Switched to LGPL. +- +-2007-05-30 Werner Koch +- +- * camellia.h, camellia.c: Replace by new LGPL version and adjusted +- camellia.h. +- +-2007-05-09 Marcus Brinkmann +- +- * ac.c (_gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read): +- Adjust users of gcry_ac_io_t because union is not anonymous +- anymore. +- +-2007-05-02 Werner Koch +- +- * camellia-glue.c (camellia_setkey, camellia_encrypt) +- (camellia_decrypt): Recalculated used stack size in called +- functions. +- * camellia.h: Redefine external symbols. +- +-2007-05-02 David Shaw +- +- * Makefile.am, cipher.c: Add Camellia. +- +- * camellia-glue.c: New. The necessary glue to interface libgcrypt +- to the stock NTT Camellia distribution. +- +- * camellia.h, camellia.c: The stock NTT Camellia distribution +- (GPL). +- +-2007-04-30 David Shaw +- +- * cipher.c: Use #if instead of #ifdef as configure defines the +- USE_cipher defines as 0 for disabled. +- +-2007-04-30 Werner Koch +- +- * rndegd.c (_gcry_rndegd_set_socket_name): New. +- +-2007-04-30 Marcus Brinkmann +- +- * ecc.c (ec2os): Fix relocation of short numbers. +- +- * ecc.c (generate_key): Do not allocate D, which will be allocated +- by GEN_K. Remove G. Fix test if g_x, g_y resp. q_x, q_y are +- requested. +- (_gcry_ecc_generate): Release unneeded members of SK. +- * pubkey.c (sexp_to_key): Release NAME. +- +-2007-04-28 Marcus Brinkmann +- +- * ac.c (gcry_ac_mpi): Remove member NAME_PROVIDED. +- (ac_data_mpi_copy, _gcry_ac_data_set, _gcry_ac_data_get_name) +- (_gcry_ac_data_get_index, ac_data_construct): Adjust handling of +- NAME accordingly. +- +-2007-04-20 Werner Koch +- +- * ecc.c (domain_parms): Add standard brainpool curves. +- +-2007-04-18 Werner Koch +- +- * ecc.c (generate_curve): Implement alias mechanism. +- +- * pubkey.c (sexp_elements_extract_ecc): New. +- (sexp_to_key): Add special case for ecc. +- (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_genkey): Replace +- name_terminated stuff by a call to _gcry_sexp_nth_string. +- (gcry_pk_get_keygrip): Ditto. +- +-2007-04-16 Werner Koch +- +- * ecc.c (_gcry_ecc_generate): Renamed DUMMY to CURVE and use it. +- +-2007-04-13 Marcus Brinkmann +- +- * ac.c (ac_data_construct): Cast const away to suppress compiler +- warning. +- +- * ecc.c (ecc_generate): Avoid compiler warning for unused argument +- DUMMY. +- (ecc_verify): Avoid compiler warning for unused arguments CMP and +- OPAQUEV. +- +-2007-04-06 Werner Koch +- +- * sha1.c (oid_spec_sha1): Add another oid from X9.62. +- +-2007-03-28 Werner Koch +- +- * pubkey.c (gcry_pk_genkey): Do not issue misc-key-info if it is +- empty. +- (gcry_pk_genkey): New parameter "curve". +- +- * ecc.c: Entirely rewritten with only a few traces of the old +- code left. +- (_gcry_ecc_generate): New. +- (generate_key) New arg NAME. +- (generate_curve): Ditto. Return actual number of NBITS. +- +-2007-03-26 Werner Koch +- +- * pubkey.c (gcry_pk_genkey): Increase size of SKEY array and add a +- runtime bounds check. +- +-2007-03-23 Werner Koch +- +- * ecc.c (ecc_ctx_init, ecc_ctx_free, ecc_mod, ecc_mulm): New. +- (duplicate_point, sum_points, escalar_mult): Don't use a +- copy of base->p. Replaced all mpi_mulm by ecc_mulm so that we can +- experiment with different algorithms. +- (generate_key, check_secret_key, sign, verify): Initialize a +- computation context for use by ecc_mulm. +- +-2007-03-22 Werner Koch +- +- * pubkey.c (pubkey_table): Initialize ECC. +- * Makefile.am (EXTRA_libcipher_la_SOURCES): Add ecc.c. +- * ecc.c: New. Heavily reformatted and changed for use in libgcrypt. +- (point_init): New. +- (escalar_mult): Make arg R the first arg to be similar to the mpi +- functions. +- (duplicate_point): Ditto +- (sum_points): Ditto +- (sign, verify): Remove unneeded copy operations. +- (sum_points): Removed memory leaks and optimized some compares. +- (verify): Simplified input check. +- +-2007-03-14 Werner Koch +- +- * random.c (MASK_LEVEL): Removed macro as it was used only at one +- place. Open coded it there. +- (gcry_randomize, _gcry_update_random_seed_file) +- (_gcry_fast_random_poll): Factor lock code out to .. +- (lock_pool, unlock_pool): .. new. +- (initialize): Look the pool while allocating. +- (read_random_source, do_fast_random_poll): Moved intialization to ... +- (initialize): .. here. +- (_gcry_enable_quick_random_gen): No more need for initialization. +- (is_initialized): Moved this global flag to .. +- (initialize): .. here and changed all users to unconditionally call +- initialize. +- (add_randomness): Remove initalization here. It simply can't +- happen. +- +- * random.c (enum random_origins): Moved to .. +- * rand-internal.h: .. here. +- * rndunix.c (_gcry_rndunix_gather_random): Use enum in prototype +- for ORIGIN and renamed REQUESTOR to ORIGIN. +- * rndegd.c (_gcry_rndegd_gather_random): Ditto. +- * rndlinux.c (_gcry_rndlinux_gather_random): Ditto. +- * rndw32.c (_gcry_rndw32_gather_random): Ditto. +- (_gcry_rndw32_gather_random_fast): Ditto. +- +-2007-03-13 Werner Koch +- +- * random.c (enum random_origins): New. +- (add_randomness): Renamed arg SOURCE to ORIGIN. +- (read_random_source): Renamed arg REQUESTOR to ORIGIN. +- (getfnc_gather_random): Removed static variable because this +- function is only called one and thus we don't need this +- optimization. +- (_gcry_quick_random_gen): Removed and replaced by.. +- (_gcry_enable_quick_random_gen): .. this. It is onlyu used to +- enable it and it does not make sense to disable it later. Changed +- the only one caller too. +- (get_random_bytes): Removed. +- (gcry_random_bytes, gcry_random_bytes_secure): Implement in terms +- of gcry_randomize. +- * random-daemon.c (_gcry_daemon_get_random_bytes): Removed. +- +-2007-02-23 Werner Koch +- +- * elgamal.c (generate): Removed unused variable TEMP. +- (test_keys): New arg NODIE. +- (generate_using_x, _gcry_elg_generate_using_x): New. +- * pubkey.c (pubkey_generate): New arg XVALUE and direct call to +- the new elgamal generate fucntion. +- (gcry_pk_genkey): Parse the new "xvalue" tag. +- +-2007-02-22 Werner Koch +- +- * pubkey.c (sexp_data_to_mpi): Handle dynamically allocated +- algorithms. Suggested by Neil Dunbar. Fixes bug#596. +- +- * rndw32.c (_gcry_rndw32_gather_random_fast): Make it return void. +- +- * cipher.c (gcry_cipher_algo_name): Simplified. +- +- * random.c: Use the daemon only if compiled with USE_RANDOM_DAEMON. +- +- * Makefile.am (libcipher_la_SOURCES): Build random-daemon support +- only if requested. +- +-2007-02-21 Werner Koch +- +- * random.c (rndpool, keypool): Make unsigned. +- (mix_pool): Change char* variables to unsigned char*. +- (gcry_randomize): Make arg BUFFER a void*. +- (gcry_create_nonce): Ditto. +- +- * rmd160.c (gcry_rmd160_mixblock): Make BUFFER a void*. +- (_gcry_rmd160_hash_buffer): Make OUTBUF and BUFFER void*. +- * sha1.c (_gcry_sha1_hash_buffer): Ditto. +- +- * cipher.c (gcry_cipher_encrypt, cry_cipher_decrypt): Change +- buffer args to void*. +- (gcry_cipher_register): Make ALGORITHM_ID a int *. +- +- * md.c (md_start_debug): Make SUFFIX a const char*. Use snprintf. +- (gcry_md_debug): New. +- (gcry_md_ctl): Changed arg BUFFER from unsigned char*. +- +- * md.c (md_write): Make INBUF a const void*. +- (gcry_md_write): Remove needless cast. +- * crc.c (crc32_write): Make INBUF a const void* +- (update_crc32, crc24rfc2440_write): Ditto. +- * sha512.c (sha512_write, transform): Ditto. +- * sha256.c (sha256_write, transform): Ditto. +- * rmd160.c (rmd160_write, transform): Ditto. +- * md5.c (md5_write, transform): Ditto. +- * md4.c (md4_write, transform): Ditto. +- * sha1.c (sha1_write, transform): Ditto. +- +- * tiger.c (tiger_write, transform): Ditto. +- * whirlpool.c (whirlpool_write, whirlpool_add, transform): Ditto. +- +- * elgamal.c (elg_names): Change to a const*. +- * dsa.c (dsa_names): Ditto. +- * rsa.c (rsa_names): Ditto. +- * pubkey.c (gcry_pk_lookup_func_name): Make ALIASES a const. +- +-2007-02-20 Werner Koch +- +- * rndlinux.c (open_device): Remove unsused arg MINOR. +- +-2007-01-30 Werner Koch +- +- * sha256.c (oid_spec_sha256): Add alias from pkcs#1. +- * sha512.c (oid_spec_sha512): Ditto. +- (oid_spec_sha384): Ditto. +- +-2006-12-18 Werner Koch +- +- * rndlinux.c (set_cloexec_flag): New. +- (open_device): Set close-on-exit flags. Suggested by Max +- Kellermann. Fixes Debian#403613. +- +- * Makefile.am (AM_CPPFLAGS, AM_CFLAGS): Splitted and merged +- Moritz' changes. +- (INCLUDES): Removed. +- +-2006-11-30 Werner Koch +- +- * serpent.c (byte_swap_32): Remove trailing semicolon. +- +-2006-11-15 Werner Koch +- +- * Makefile.am (INCLUDES): Include ../src/ +- +-2006-11-03 Werner Koch +- +- * random.c [HAVE_GETTIMEOFDAY]: Included sys/time.h and not +- sys/times.h. Reported by Rafaël Carré. +- +-2006-11-05 Moritz Schulte +- +- * Makefile.am (AM_CFLAGS): Added -I$(top_builddir)/src so that the +- new gcrypt.h is used, not the one installed in the system. +- +-2006-10-25 Werner Koch +- +- * primegen.c (prime_generate_internal): Tweaked use of secure +- memory and entropy use. Safe unused primes from the pool. Allocate +- at least a pool of 30. +- (save_pool_prime, get_pool_prime): New. +- +-2006-10-23 Werner Koch +- +- * ac.c (_gcry_ac_data_from_sexp): Reset sexp_tmp for failsafe +- means. Release sexp_cur if needed. Reported by Dirk Stoecker. +- +- * pubkey.c (pubkeys_registered_lock): Intialized it. It is not +- realy needed because this is a mere initialization to 0 anyway. +- Noted by Victor Stinner. +- +-2006-10-17 Werner Koch +- +- * dsa.c (_gcry_dsa_generate2): New. +- (generate): New arg QBITS. Add sanity checks for reasonable qbits +- and nbits. +- * pubkey.c (gcry_pk_genkey): Parse an qbits element. +- (pubkey_generate): New arg QBITS. Pass it to the DSA generation. +- +-2006-10-05 Werner Koch +- +- * md.c (gcry_md_algo_info) : Check that the algo is +- available. +- +-2006-10-04 David Shaw (wk) +- +- * tiger.c (round): Rename to tiger_round as gcc 4 has a built-in +- round function that this conflicts with. +- +-2006-09-11 Werner Koch +- +- * rndw32.c (slow_gatherer_windowsNT): While adding data use the +- size of the diskPerformance and not its address. Has been fixed in +- GnuPG more than a year ago. Noted by Lee Fisher. +- +-2006-08-30 Werner Koch +- +- * pubkey.c (sexp_data_to_mpi): Need to allow "ripemd160" here as +- this is the canonical name. +- +-2006-08-29 Hye-Shik Chang (wk) +- +- * seed.c: New. +- +-2006-08-03 Werner Koch +- +- * random-daemon.c (_gcry_daemon_initialize_basics): Don't +- initialize the socket. Remove arg SOCKETNAME. +- (connect_to_socket): Make sure that daemon is set to -1 on error. +- (call_daemon): Initialize the socket on the first call. +- (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) +- (_gcry_daemon_create_nonce): New arg SOCKETNAME. +- * random.c (initialize): Call new daemon initializator. +- (get_random_bytes, gcry_randomize, gcry_create_nonce): Pass socket +- name to daemon call and reset allow_daemon on failure. +- +-2006-07-26 Werner Koch +- +- * rmd160.c (_gcry_rmd160_mixblock): Add cast to transform call. +- +- * blowfish.c (selftest): Cast string to usnigned char*. +- +- * primegen.c (prime_generate_internal): Cast unsigned/char* +- mismatch in calling m_out_of_n. +- (is_prime): Changed COUNT to unsigned int *. +- +- * ac.c (_gcry_ac_data_copy): Initialize DATA_MPIS. +- +- * random.c (gcry_create_nonce): Update the pid after a fork. +- Reported by Uoti Urpala. +- +-2006-07-04 Marcus Brinkmann +- +- * sha512.c: Fix typo in copyright notice. +- +-2006-06-21 Werner Koch +- +- * rsa.c (_gcry_rsa_generate): Replace xcalloc by calloc. +- * pubkey.c (gcry_pk_encrypt, gcry_pk_sign): Ditto. +- (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_encrypt) +- (gcry_pk_sign, gcry_pk_genkey, gcry_pk_get_keygrip): Ditto. +- * md.c (md_copy): Ditto. +- +-2006-04-22 Moritz Schulte +- +- * random-daemon.c (_gcry_daemon_initialize_basics): New argument: +- SOCKETNAME. Passing on to connect_to_socket() if non-NULL. +- (connect_to_socket, writen, readn, call_daemon): New functions. +- (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) +- (_gcry_daemon_create_nonce): Call call_daemon(). +- (RANDOM_DAEMON_SOCKET): New symbol. +- (daemon_socket): New static variable. +- +- * random.h (_gcry_daemon_initialize_basics): New parameter: +- SOCKETNAME. +- (_gcry_set_random_daemon_socket): New declaration. +- +- * random.c (initialize_basics): Pass DAEMON_SOCKET_NAME to +- _gcry_daemon_initialize_basics. +- (_gcry_set_random_daemon_socket): New function, setting +- DAEMON_SOCKET_NAME. +- +-2006-04-01 Moritz Schulte +- +- * ac.c (eme_pkcs_v1_5_encode): Use KEY_SIZE directly, no need to +- call gcry_ac_key_get_nbits. +- (eme_pkcs_v1_5_decode): Likewise. +- (ac_es_dencode_prepare_pkcs_v1_5): Fill options_em structure with +- key_size. +- (_gcry_ac_data_dump, gcry_ac_data_dump): New functions. +- (_gcry_ac_data_to_sexp, _gcry_ac_data_from_sexp): More or less +- rewritten; changed S-Expression format so that it matches the one +- used in pubkey.c. +- +-2006-03-15 Werner Koch +- +- * random-daemon.c: New. +- * random.c (_gcry_use_random_daemon): New. +- (get_random_bytes, gcry_randomize, gcry_create_nonce): Try +- diverting to the daemon functions. +- +-2006-03-14 Werner Koch +- +- * random.c (lock_seed_file): New. +- (read_seed_file, _gcry_update_random_seed_file): Use it. +- +- * random.c (gcry_create_nonce): Detect a fork and re-seed. +- (read_pool): Fixed the fork detection; it used to work only for +- multi-threaded processes. +- +-2006-03-12 Brad Hards (wk) +- +- * md.c (md_open): Use new variable macpads_Bsize instead of +- hardwiring the block size. Changed at all places. +- +-2006-03-10 Brad Hards (wk, patch 2005-04-22) +- +- * md.c, sha256.c: Add support for SHA-224. +- (sha224_init): New. +- +-2006-01-18 Brad Hards (wk 2006-03-07) +- +- * cipher.c (cipher_encrypt, cipher_decrypt, do_ofb_encrypt) +- (do_ofb_decrypt, gcry_cipher_open): Implement Output Feedback Mode. +- +-2005-11-02 Moritz Schulte +- +- * pubkey.c (gcry_pk_algo_name): Return "?" instead of NULL for +- unknown algorithm IDs. +- * cipher.c (cipher_algo_to_string): Likewise. +- +-2005-11-01 Moritz Schulte +- +- * pubkey.c (gcry_pk_algo_info): Don't forget to break after switch +- case. +- +-2005-09-19 Werner Koch +- +- * dsa.c (generate): Add preliminary support for 2 and 4 keys. +- Return an error code if the key size is not supported. +- (_gcry_dsa_generate): Return an error. +- +-2005-08-22 Werner Koch +- +- * primegen.c (check_prime): New arg RM_ROUNDS. +- (prime_generate_internal): Call it here with 5 rounds as used +- before. +- (gcry_prime_check): But here with 64 rounds. +- (is_prime): Make sure never to use less than 5 rounds. +- +-2005-04-16 Moritz Schulte +- +- * ac.c (_gcry_ac_init): New function. +- +-2005-04-12 Moritz Schulte +- +- * ac.c (_gcry_ac_io_write, _gcry_ac_io_read): Initialize err to +- make the compiler happy. +- Always use errno, now that gcry_malloc() is guaranteed to set +- errno on failure. +- (_gcry_ac_data_to_sexp): Don't forget to goto out after error in +- loop. +- (_gcry_ac_data_to_sexp): Remove unused variable: mpi_list; +- (_gcry_ac_data_to_sexp): Always deallocate sexp_buffer. +- (_gcry_ac_data_from_sexp): Don't forget to initialize data_set_new. +- (_gcry_ac_data_from_sexp): Handle special case, which is +- necessary, since gcry_sexp_nth() does not distinguish between +- "element does not exist" and "element is the empty list". +- (_gcry_ac_io_init_va): Use assert to make sure that mode and type +- are correct. +- Use gcry_error_t types where gcry_err_code_t types have been used +- before. +- +-2005-04-11 Moritz Schulte +- +- * ac.c (_gcry_ac_data_sign_scheme): Don't forget to initialize +- buffer. +- +- * whirlpool.c: New file. +- * md.c (digest_table): Add whirlpool. +- * Makefile.am (EXTRA_libcipher_la_SOURCES): Added: whirlpool.c. +- +-2005-03-30 Moritz Schulte +- +- * ac.c (_gcry_ac_data_from_sexp): Use length of SEXP_CUR, not +- length of SEXP; do not forget to set SEXP_TMP to NULL after it has +- been released. +- +- (struct gcry_ac_mpi): New member: name_provided. +- (_gcry_ac_data_set): Rename variable `name_final' to `name_cp'; +- remove const qualifier; change code to not cast away const +- qualifiers; use name_provided member as well. +- (_gcry_ac_data_set, _gcry_ac_data_get_name): Use name_provided +- member of named mpi structure. +- +- (gcry_ac_name_to_id): Do not forget to initialize err. +- (_gcry_ac_data_get_index): Do not forget to initialize mpi_return; +- use gcry_free() instead of free(); remove unnecessary cast; rename +- mpi_return and name_return to mpi_cp and name_cp; adjust code. +- (ac_data_mpi_copy): Do not cast away const qualifier. +- (ac_data_values_destroy): Likewise. +- (ac_data_construct): Likewise. +- +- (ac_data_mpi_copy): Initialize flags to GCRY_AC_FLAG_DEALLOC. +- (ac_data_extract): Use GCRY_AC_FLAG_DEALLOC instead of +- GCRY_AC_FLAG_COPY. +- +- (_gcry_ac_io_init_va, _gcry_ac_io_init, gcry_ac_io_init) +- (gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read) +- (_gcry_ac_io_read_all, _gcry_ac_io_process): New functions. +- (gry_ac_em_dencode_t): Use gcry_ac_io_t in prototype instead of +- memroy strings directly; adjust encode/decode functions to use io +- objects. +- (emsa_pkcs_v1_5_encode_data_cb): New function ... +- (emsa_pkcs_v1_5_encode): ... use it here. +- (ac_data_dencode): Use io objects. +- (_gcry_ac_data_encode, _gcry_ac_data_decode, gcry_ac_data_encode) +- (gcry_ac_data_decode): Likewise. +- (_gcry_ac_data_encrypt_scheme, gcry_ac_data_encrypt_scheme) +- (_gcry_ac_data_decrypt_scheme, gcry_ac_data_decrypt_scheme) +- (_gcry_ac_data_sign_scheme, gcry_ac_data_sign_scheme) +- (_gcry_ac_data_verify_scheme, gcry_ac_data_verify_scheme): +- Likewise. +- +-2005-03-23 Werner Koch +- +- * rndw32.c (_gcry_rndw32_gather_random_fast): While adding data +- use the size of the object and not the one of its address. Bug +- reported by Sascha Kiefer. +- +-2005-03-19 Moritz Schulte +- +- * cipher.c (do_cbc_encrypt): Be careful to not overwrite data, +- which is to be used later on. This happend, in case CTS is +- enabled and OUTBUF is equal to INBUF. +- +-2005-02-25 Werner Koch +- +- * pubkey.c (gcry_pk_get_keygrip): Allow for shadowed-private-key. +- +-2005-02-13 Moritz Schulte +- +- * serpent.c: Updated from 1.2 branch: +- +- s/u32_t/u32/ and s/byte_t/byte/. Too match what we have always +- used and are using in all other files too +- (serpent_test): Moved prototype out of a fucntion. +- +-2005-02-07 Moritz Schulte +- +- * ac.c: Major parts rewritten. +- * pubkey.c (_gcry_pk_get_elements): New function. +- +-2004-12-09 Werner Koch +- +- * serpent.c (serpent_setkey): Moved prototype of serpent_test to +- outer scope. +- +-2004-09-11 Moritz Schulte +- +- * pubkey.c (pubkey_table): Added an alias entry for GCRY_PK_ELG_E. +- +-2004-08-23 Moritz Schulte +- +- * ac.c: Do not include . +- * rndegd.c: Likewise. +- * sha1.c: Likewise. +- * rndunix.c: Likewise. +- * rndlinux.c: Likewise. +- * rmd160.c: Likewise. +- * md5.c: Likewise. +- * md4.c: Likewise. +- * cipher.c: Likewise. +- * crc.c: Likewise. +- * blowfish.c: Likewise. +- +- * pubkey.c (dummy_generate, dummy_check_secret_key) +- (dummy_encrypt, dummy_decrypt, dummy_sign, dummy_verify): Return +- err code GPG_ERR_NOT_IMPLEMENTED instead of aborting through +- log_bug(). +- (dummy_get_nbits): Return 0 instead of aborting though log_bug(). +- +-2004-08-19 Werner Koch +- +- * pubkey.c (sexp_data_to_mpi): Changed the zero random byte +- substituting code to actually do clever things. Thanks to +- Matthias Urlichs for noting the implementation problem. +- +-2004-08-09 Moritz Schulte +- +- * pubkey.c (gcry_pk_sign): Fixed memory leak; fix provided by +- Modestas Vainius. +- +-2004-07-16 Werner Koch +- +- * rijndael.c (do_encrypt): Fix alignment problem. Bugs found by +- Matthias Urlichs. +- (do_decrypt): Ditto. +- (keySched, keySched2): Use 2 macros along with unions in the key +- schedule context. +- +-2004-07-14 Moritz Schulte +- +- * rsa.c (_gcry_rsa_decrypt): Don't forget to free "a". Thanks to +- Nikos Mavroyanopoulos. +- +-2004-05-09 Werner Koch +- +- * random.c (read_pool): Mix the PID in to better protect after a +- fork. +- +-2004-07-04 Moritz Schulte +- +- * serpent.c: Use "u32_t" instead of "unsigned long", do not +- declare S-Box variables as "register". Fixes failure on +- OpenBSD/sparc64, reported by Nikolay Sturm. +- +-2004-05-07 Werner Koch +- +- * random.c (initialize): Factored out some code to .. +- (initialize_basics): .. new function. +- (_gcry_random_initialize): Just call initialize_basics unless the +- new arg FULL is set to TRUE. +- (_gcry_fast_random_poll): Don't do anything unless the random +- system has been really initialized. +- +-2004-05-07 Moritz Schulte +- +- * ac.c (gcry_ac_open): Do not dereference NULL pointer. Reported +- by Umberto Salsi. +- +-2004-02-20 Werner Koch +- +- * primegen.c (check_prime): New args CB_FUNC and CB_ARG; call them +- at different stages. Pass these arguments through all callers. +- +-2004-02-06 Werner Koch +- +- * des.c: Add a new OID as used by pkcs#12. +- +- * rfc2268.c: New. Taken from libgcrypt. +- * cipher.c: Setup the rfc2268 algorithm. +- +-2004-01-25 Moritz Schulte +- +- * primegen.c (prime_generate_internal): Do not forget to free +- `q_factor'; fixed by Brieuc Jeunhomme. +- (prime_generate_internal): Do not forget to free `prime'. +- +-2004-01-14 Moritz Schulte +- +- * ac.c (gcry_ac_data_set): New argument: flags; slightly +- rewritten. +- (gcry_ac_data_get_name, gcry_ac_data_get_index): Likewise. +- (gcry_ac_key_pair_generate): New argument: misc_data; modified +- order of arguments. +- (gcry_ac_key_test): New argument: handle. +- (gcry_ac_key_get_nbits, gcry_ac_key_get_grip): Likewise. +- Use GCRY_AC_FLAG_NO_BLINDING instead of +- GCRY_AC_DATA_FLAG_NO_BLINDING. +- (gcry_ac_mpi): New member: flags. +- (gcry_ac_data_search, gcry_ac_data_add): Removed functions. +- +-2003-12-22 Werner Koch +- +- * primegen.c (is_prime): Release A2. +- +-2003-12-19 Werner Koch +- +- * md.c: Moved a couple of functions down below the data structure +- definitions. +- (struct gcry_md_context): New field ACTUAL_HANDLE_SIZE. +- (md_open): Set it here. +- (strcut gcry_md_list): New field ACTUAL_STRUCT_SIZE. +- (md_enable): Set it here. +- (md_close): Wipe the context memory. +- secure memory. +- * cipher.c (struct gcry_cipher_handle): New field ACTUAL_HANDLE_SIZE. +- (gcry_cipher_open): Set it here. +- (gcry_cipher_close): Use it to always wipe out the handle data. +- +- * ac.c (gcry_ac_open): Make sure HANDLE gets initialized even when +- the function is not successful. +- (gcry_ac_close): Allow a NULL handle. +- (gcry_ac_key_destroy, gcry_ac_key_pair_destroy): Ditto. +- (gcry_ac_key_get_grip): Return INV_OBJ on error. +- +- * primegen.c (prime_generate_internal): Fixed error code for +- failed malloc. Replaced the !err if chain by gotos. +- (gcry_prime_group_generator): Remove the extra sanity check. +- +- * md.c: Minor code and comment cleanups. +- +-2003-12-16 Werner Koch +- +- * primegen.c (gen_prime): Doc fix. Thanks to Newton Hammet. +- +-2003-12-11 Werner Koch +- +- * rndunix.c (slow_poll): Don't use #warning but #error. +- +- * rndegd.c: Changed indentation. +- (my_make_filename): Removd the var_arg cruft becuase we +- don't need it here. Changed caller. +- +- * rndlinux.c: Changed indentation. +- (open_device): Remove the superfluous stat call and clarify +- comment. +- +- * rsa.c: Changed indentation. +- (secret): Use the standard algorithm if p, q and u are not +- available. +- (rsa_blind, rsa_unblind): Renamed from _gcry_rsa_blind, +- _gcry_rsa_unblind and moved more to the top. +- +- * md4.c: Changed indentation. Removed unnecessary casts. +- * md5.c, rmd160.c, sha1.c, tiger.c: Ditto. +- * rijndael.c, twofish.c: Ditto. +- * serpent.c: Removed unnecessary casts. +- * sha256.c, sha512.c: Ditto. +- +-2003-12-09 Werner Koch +- +- * dsa.c: Unified indentation style. +- * elgamal.c: Ditto. +- * des.c (des_key_schedule): Code beautifications. +- * blowfish.c: Changed indentation style. +- * cast5.c (do_cast_setkey): Ditto. +- +- * pubkey.c (gcry_pk_encrypt): Replaced the chain of if(!err) tests +- by straightforward gotos. Other cleanups. +- (gcry_pk_decrypt): Ditto. +- (gcry_pk_sign): Ditto. +- (gcry_pk_verify): Ditto. +- (gcry_pk_genkey): Ditto. Use strtoul instead of strtol. +- (gcry_pk_ctl): Use GPG_ERR_INV_ARG to indicate bad arguments. +- +-2003-12-07 Werner Koch +- +- * pubkey.c (gcry_pk_register_default): Undef the helper macro. +- (gcry_pk_map_name): Allow NULL for string. +- (sexp_to_key): Use memcpy and not strncpy. Use gcry_free and not +- free. +- (sexp_to_sig): Ditto. +- (sexp_to_enc): Ditto. Replaced the chain of if(!err) tests by +- straightforward gotos. +- +-2003-12-05 Werner Koch +- +- * cipher.c: Documentation cleanups. +- (gcry_cipher_mode_from_oid): Allow NULL for STRING. +- +-2003-12-03 Werner Koch +- +- * elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is +- only used for encryption. +- +-2003-11-18 Werner Koch +- +- * random.h (rndw32_set_dll_name): Removed unused prototype. +- +- * Makefile.am (EXTRA_DIST): Added Manifest. +- +-2003-11-11 Werner Koch +- +- * Manifest: New. +- +-2003-11-04 Werner Koch +- +- * md.c (gcry_md_hash_buffer): Use shortcut for SHA1 +- * sha1.c (_gcry_sha1_hash_buffer): New. +- +- * random.c: Reformatted most functions. +- (mix_pool): Moved the failsafe_digest from global +- scope to here. +- (do_fast_random_poll): Use the generic fucntions even if a fast +- gathering function has been used. +- (read_pool): Detect a fork and retry. +- (gcry_randomize, get_random_bytes): Don't distinguish anymore +- between weak and strong random. +- (gcry_create_nonce): New. +- +-2003-10-31 Werner Koch +- +- * rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the +- disk performance values and not the W32 API structure. +- +- * dsa.c (verify): s/exp/ex/ due to shadowing of a builtin. +- * elgamal.c (verify): Ditto. +- +- * ac.c (gcry_ac_data_get_index): s/index/idx/ +- (gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc. +- (gcry_ac_data_add): Must use gcry_realloc instead of realloc. +- * pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the +- forehackers. +- (gcry_pk_encrypt): Removed shadowed definition of I. Reordered +- arguments to malloc for clarity. +- (gcry_pk_sign, gcry_pk_genkey): Ditto. +- * primegen.c (prime_generate_internal): s/random/randomlevel/. +- +-2003-10-27 Moritz Schulte +- +- * pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey. +- +-2003-10-27 Werner Koch +- +- * random.c (gcry_random_add_bytes): Return if buflen is zero to +- avoid gcc warning about unsed parameter. +- (MASK_LEVEL): Simplified; does now work for signed and unsigned +- w/o warnings. +- +- * md.c (md_start_debug): Removed the const from SUFFIX, because +- this function is called from the control fucntion which does not +- require const. +- +- Prefixed all (pubkey,digest,cipher}_spec_* globale variables with +- _gcry_. +- +- * ac.c (ac_key_identifiers): Made static. +- +- * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move +- prototypes to .. +- * rand-internal.h: .. here +- * random.c (getfnc_gather_random): Include rndw32 gatherer. +- * rndunix.c, rndw32.c, rndegd.c: Include them here. +- * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_ +- prefix. Changed all callers. +- * rndegd.c (_gcry_rndegd_gather_random): Likewise. +- (_gcry_rndegd_connect_socket): Likewise. +- * rndunix.c (_gcry_rndunix_gather_random): Likewise. +- (waitpid): Made static. +- * rndw32.c: Removed the old and unused winseed.dll cruft. +- (_gcry_rndw32_gather_random_fast): Renamed from +- gather_random_fast. +- (_gcry_rndw32_gather_random): Renamed from gather_random. Note, +- that the changes 2003-04-08 somehow got lost. +- +- * sha512.c (sha512_init, sha384_init): Made static. +- +- * cipher.c (do_ctr_decrypt): Removed "return" from this void +- function. +- +-2003-10-24 Moritz Schulte +- +- * serpent.c: Fix an issue on big-endian systems. +- +- * rndw32.c: Removed IS_MODULE -cruft. +- * rndlinux.c (rndlinux_gather_random): Likewise. +- +-2003-10-10 Werner Koch +- +- * primegen.c (gen_prime): Bail out if NBITS is less than 16. +- (prime_generate_internal): Initialize prime variable to suppress +- compiler warning. Check pbits, initialize qbits when passed as +- zero. +- +- * primegen.c (prime_generate_internal): New arg +- ALL_FACTORS. Changed all callers. +- (gcry_prime_generate): Make the factors arg optional. Request +- all_factors. Make sure PRIME is set to NULL even on error. +- (gcry_prime_group_generator): New. +- (gcry_prime_release_factors): New. +- +-2003-10-06 Werner Koch +- +- * primegen.c (gen_prime): Assert that NBITS is never zero, it +- would cause a segv. +- +-2003-09-28 Moritz Schulte +- +- * ac.c: Include "cipher.h". +- +-2003-09-27 Moritz Schulte +- +- * rndegd.c (do_read): Return nread instead of nbytes; thanks to +- Michael Caerwyn. +- +-2003-09-04 Werner Koch +- +- * pubkey.c (_gcry_pk_aliased_algo_name): New. +- * ac.c (gcry_ac_open): Use it here. +- +- * Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c +- +-2003-09-02 Moritz Schulte +- +- * primegen.c (gcry_prime_check, gcry_prime_generate): New +- functions. +- (prime_generate_internal): New function, based on +- _gcry_generate_elg_prime. +- (_gcry_generate_elg_prime): Rewritten as a wrapper for +- prime_generate_internal. +- +-2003-08-28 Werner Koch +- +- * pubkey.c (gcry_pk_encrypt): Don't include the flags list in the +- return value. This does not make sense and breaks any programs +- parsing the output strictly (e.g. current gpgsm). +- (gcry_pk_encrypt): If aliases for the algorithm name exists, take +- the first one instead of the regular name to adhere to SPKI +- conventions. +- (gcry_pk_genkey): Ditto. +- (gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME. +- +-2003-08-19 Moritz Schulte +- +- * cipher.c: Add support for Serpent +- * serpent.c: New file. +- +-2003-08-10 Moritz Schulte +- +- * rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static. +- +-2003-08-09 Timo Schulz +- +- * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM +- two times, but also the NAME_OF_DEV_URANDOM device. +- +-2003-08-08 Moritz Schulte +- +- * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not +- fail if no `flags' sub S-Expression is found. +- +-2003-07-27 Werner Koch +- +- * md.c (gcry_md_lookup_func_oid): Allow for empty OID lists. +- +-2003-07-23 Moritz Schulte +- +- * ac.c (gcry_ac_data_construct): New argument: include_flags, only +- include `flags' S-expression, if include_flags is true. Adjust +- callers. Thanks for triggering a bug caused by `flags' +- sub-S-expression where they are not expected to Ralf Schneider. +- +-2003-07-21 Moritz Schulte +- +- * pubkey.c (gcry_pk_lookup_func_name): Use new member name +- `aliases' instead of `sexp_names'. +- +- * ac.c (gcry_ac_key_data_get): New function. +- +- * cipher.c (gcry_cipher_lookup_func_name): Fix return value. +- +-2003-07-20 Moritz Schulte +- +- * blowfish.c: Adjusted for new gcry_cipher_spec_t structure. +- * cast5.c: Likewise. +- * twofish.c: Likewise. +- * arcfour.c: Likewise. +- * rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids): +- New variables, adjust for new gcry_cipher_spec_t structure. +- * des.c (oids_tripledes): New variable, adjust for new +- gcry_cipher_spec_t structure. +- +- * md.c (oid_table): Removed. +- +- * tiger.c (oid_spec_tiger): New variable. +- (digest_spec_tiger): Adjusted for new gry_md_spec_t structure. +- +- * sha512.c (oid_spec_sha512): New variable. +- (digest_spec_sha512): Adjusted for new gry_md_spec_t structure. +- +- * sha512.c (oid_spec_sha384): New variable. +- (digest_spec_sha384): Adjusted for new gry_md_spec_t structure. +- +- * sha256.c (oid_spec_sha256): New variable. +- (digest_spec_sha256): Adjusted for new gry_md_spec_t structure. +- +- * sha1.c (oid_spec_sha1): New variable. +- (digest_spec_sha1): Adjusted for new gry_md_spec_t structure. +- +- * rmd160.c (oid_spec_rmd160): New variable. +- (digest_spec_rnd160): Adjusted for new gry_md_spec_t structure. +- +- * md5.c (oid_spec_md5): New variable. +- (digest_spec_md5): Adjusted for new gry_md_spec_t structure. +- +- * md4.c (oid_spec_md4): New variable. +- (digest_spec_md4): Adjusted for new gry_md_spec_t structure. +- +- * crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510, +- digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t +- structure. +- +-2003-07-19 Moritz Schulte +- +- * md.c (gcry_md_lookup_func_oid): New function. +- (search_oid): New function, copied from cipher.c. +- (gcry_md_map_name): Adjust for new search_oid_interface. +- +- * cipher.c (oid_table): Removed table. +- (gcry_cipher_lookup_func_oid): New function. +- (search_oid): Rewritten to use the module functions. +- (gcry_cipher_map_name): Adjust for new search_oid interface. +- (gcry_cipher_mode_from_oid): Likewise. +- +-2003-07-18 Werner Koch +- +- * md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in +- gpg_strerror. +- +-2003-07-14 Moritz Schulte +- +- * cipher.c (gcry_cipher_lookup_func_name): Also check the cipher +- name aliases, not just the primary name. +- (gcry_cipher_map_name): Remove kludge for aliasing Rijndael to +- AES. +- +- * arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher +- specification structures. +- +- * rijndael.c (rijndael_names, rijndael192_names, +- rijndael256_names): New variables, use them in the cipher +- specifications. +- +- * rmd160test.c: Removed file. +- +- * ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c, +- elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c: +- Used gcry_err* wrappers for libgpg symbols. +- +- * primegen.c (gen_prime): Correct the order arguments to +- extra_check. +- +-2003-07-12 Moritz Schulte +- +- * ac.c: Replaced all public occurences of gpg_error_t with +- gcry_error_t. +- * cipher.c: Likewise. +- * md.c: Likewise. +- * pubkey.c: Likewise. +- * random.c: Likewise. +- +- * cipher.c: Added support for TWOFISH128. +- +-2003-07-08 Moritz Schulte +- +- * ac.c (gcry_ac_data_copy_internal): New function, based on +- gcry_ac_data_copy. +- (gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal. +- (gcry_ac_key_init): Use gcry_ac_data_copy_internal. +- +-2003-07-07 Moritz Schulte +- +- * ac.c (gcry_ac_data_set): Only release old MPI value if it is +- different from the new value. Bug reported by Simon Josefsson +- . +- +- * pubkey.c (gcry_pk_list): New function. +- * md.c (gcry_md_list): New function. +- +- * ac.c (gcry_ac_key_pair_generate): Fix calculation of format +- string size. +- +-2003-07-05 Moritz Schulte +- +- * md.c: Named struct of digest_table `digest_table_entry'. +- (digest_table_entry): New member: algorithm; filled in. +- (digest_table_entry): Removed unused member: flags. +- (gcry_md_register): New argument: algorithm_id, filled in. +- (gcry_md_register_default): Used algorithm ID from module +- structure. +- (gcry_md_map_name): Likewise. +- (md_enable): Likewise. +- (md_read): Likewise. +- (gcry_md_info): Likewise. +- +- * pubkey.c: Named truct for pubkey_table `pubkey_table_entry'. +- (pubkey_table_entry): New member: algorithm; filled in. +- (gcry_pk_register_default): Used algorithm ID from pubkey_table. +- (gcry_pk_register): New argument: algorithm_id, filled in. +- (gcry_pk_map_name): Used algorithm ID from module structure. +- (gcry_pk_decrypt): Likewise. +- (gcry_pk_encrypt): Likewise. +- (gcry_pk_verify): Likewise. +- (gcry_pk_sign): Likewise. +- (gcry_pk_testkey): Likewise. +- (gcry_pk_genkey): Likewise. +- (gcry_pk_get_nbits): Likewise. +- (sexp_to_key): Removed unused variable: algo. +- (sexp_to_sig): Likewise. +- +- * cipher.c: Named struct for cipher_table `cipher_table_entry'. +- (cipher_table_entry): New member: algorithm; filled in. +- (gcry_cipher_register_default): Used algorithm ID from +- cipher_table. +- (gcry_cipher_register): New argument: algorithm_id, filled in. +- (gcry_cipher_map_name): Used algorithm ID from module structure. +- +- * arcfour.c (cipher_spec_arcfour): Removed algorithm ID. +- * blowfish.c (cipher_spec_blowfish): Likewise. +- * cast5.c (cipher_spec_cast5): Likewise. +- * crc.c (digest_spec_crc32): Likewise. +- * crc.c (digest_spec_crc32_rfc1510): Likewise. +- * crc.c (digest_spec_crc32_rfc2440): Likewise. +- * des.c (cipher_spec_des): Likewise. +- * des.c (cipher_spec_tripledes): Likewise. +- * dsa.c (pubkey_spec_dsa): Likewise. +- * elgamal.c (pubkey_spec_elg): Likewise. +- * md4.c (digest_spec_md4): Likewise. +- * md5.c (digest_spec_md5): Likewise. +- * aes.c (cipher_spec_aes): Likewise. +- * aes.c (cipher_spec_aes192): Likewise. +- * aes.c (cipher_spec_aes256): Likewise. +- * rsa.c (pubkey_spec_rsa): Likewise. +- * sha1.c (digest_spec_sha1): Likewise. +- * sha256.c (digest_spec_sha256): Likewise. +- * sha512.c (digest_spec_sha512): Likewise. +- * tiger.c (digest_spec_tiger): Likewise. +- * twofish.c (cipher_spec_twofish): Likewise. +- * twofish.c (cipher_spec_twofish128): Likewise. +- +- * Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source +- files; reported by Simon Josefsson . +- +- * pubkey.c: Replaced all occurences of `id' with `algorithm', +- since `id' is a keyword in obj-c. +- * md.c: Likewise. +- * cipher.c: Likewise. +- +- * crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c: +- Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t. +- +- * dsa.c, rsa.c, elgamal.c: Replaced all occurencens of +- gcry_pubkey_spec_t with gcry_pk_spec_t. +- +- * md.c: Replaced all occurences of gcry_digest_spec_t with +- gcry_md_spec_t. +- (gcry_digest_register_default): Renamed to ... +- (gcry_md_register_default): ... this; adjusted callers. +- (gcry_digest_lookup_func_name): Renamed to ... +- (gcry_md_lookup_func_name): ... this; adjusted callers. +- (gcry_digest_lookup_name): Renamed to ... +- (gcry_md_lookup_name): ... this; adjusted callers. +- (gcry_digest_register): Renamed to ... +- (gcry_md_register): ... this. +- (gcry_digest_unregister): Renamed to ... +- (gcry_md_unregister): ... this. +- +- * pubkey.c (gcry_pubkey_register): Renamed to ... +- (gcry_pk_register): ... this. +- (gcry_pubkey_unregister): Renamed to ... +- (gcry_pk_unregister): ... this. +- Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t. +- (gcry_pubkey_register_default): Renamed to ... +- (gcry_pk_register_default): ... this; adjusted callers. +- (gcry_pubkey_lookup_func_name): Renamed to ... +- (gcry_pk_lookup_func_name): ... this; adjusted callers. +- (gcry_pubkey_lookup_name): Renamed to ... +- (gcry_pk_lookup_name): ... this; adjusted callers. +- +- * md.c (gcry_md_hash_buffer): Fix error checking. Thanks to Simon +- Josefsson . +- +-2003-07-04 Moritz Schulte +- +- * cipher.c (gcry_cipher_list): New function. +- +-2003-07-01 Moritz Schulte +- +- * pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more +- consistent with sexp_to_enc. +- +-2003-06-30 Moritz Schulte +- +- * Makefile.am (libcipher_la_SOURCES): Added: ac.c. +- +- * pubkey.c (_gcry_pk_module_lookup): New function. +- (_gcry_pk_module_release): New function. +- +-2003-06-29 Moritz Schulte +- +- * ac.c: New file. +- +-2003-06-26 Werner Koch +- +- * md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API. +- +-2003-06-19 Werner Koch +- +- * md.c (gcry_md_is_enabled): Fixed. +- +-2003-06-18 Werner Koch +- +- * cipher.c (gcry_cipher_get_algo_keylen): New. +- (gcry_cipher_get_algo_blklen): New. +- +-2003-06-18 Moritz Schulte +- +- * arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c, +- des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c, +- rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: +- Replaced older types GcryDigestSpec, GcryCipherSpec and +- GcryPubkeySpec with newer types: gcry_digest_spec_t, +- gcry_cipher_spec_t and gcry_pubkey_spec_t. +- +- * md.c (gcry_digest_id_new): Removed function. +- (gcry_digest_register): Removed code for generating a new module +- ID. +- +- * pubkey.c (gcry_pubkey_id_new): Removed function. +- (gcry_pubkey_register): Removed code for generating a new module +- ID. +- +- * cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer +- one: gcry_module_t. +- (gcry_cipher_id_new): Removed function. +- (gcry_cipher_register): Removed code for generating a new module +- ID. +- +- * cipher.c (gcry_cipher_register): Adjust call to +- _gcry_module_add. +- (gcry_cipher_register_default): Likewise. +- * pubkey.c (gcry_pubkey_register_default): Likewise. +- (gcry_pubkey_register): Likewise. +- * md.c (gcry_digest_register_default): Likewise. +- (gcry_digest_register): Likewise. +- +- * md.c (gcry_digest_lookup_func_id): Removed function. +- (gcry_digest_lookup_id): Likewise. +- (gcry_digest_id_new): Use _gcry_module_lookup_id instead of +- gcry_digest_lookup_id. +- (digest_algo_to_string): Likewise. +- (check_digest_algo): Likewise. +- (md_enable): Likewise. +- (md_digest_length): Likewise. +- (md_asn_oid): Likewise. +- +- * pubkey.c (gcry_pubkey_lookup_id): Removed function. +- (gcry_pubkey_lookup_func_id): Likewise. +- (gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of +- gcry_pubkey_id_new. +- (gcry_pk_algo_name): Likewise. +- (disable_pubkey_algo): Likewise. +- (check_pubkey_algo): Likewise. +- (pubkey_get_npkey): Likewise. +- (pubkey_get_nskey): Likewise. +- (pubkey_get_nsig): Likewise. +- (pubkey_get_nenc): Likewise. +- (pubkey_generate): Likewise. +- (pubkey_check_secret_key): Likewise. +- (pubkey_encrypt): Likewise. +- (pubkey_decrypt): Likewise. +- (pubkey_sign): Likewise. +- (pubkey_verify): Likewise. +- (gcry_pk_algo_info): Likewise. +- +- * cipher.c (gcry_cipher_lookup_func_id): Removed function. +- (gcry_cipher_lookup_id): Likewise. +- (cipher_algo_to_string): use _gcry_module_lookup_id instead of +- gcry_cipher_lookup_id. +- (disable_cipher_algo): Likewise. +- (check_cipher_algo): Likewise. +- (cipher_get_blocksize): Likewise. +- (gcry_cipher_open): Likewise. +- (gcry_cipher_id_new): Likewise. +- +-2003-06-17 Moritz Schulte +- +- * Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@, +- @GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@. +- (libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES). +- (libcipher_la_LIBADD): Likewise. +- (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@. +- (EXTRA_libcipher_la_SOURCES): Added all conditional sources. +- +- * md.c (md_open): Use _gcry_fast_random_poll instead of +- fast_random_poll. +- * cipher.c (gcry_cipher_open): Likewise. +- +- * random.h (fast_random_poll): Removed macro. +- +- * blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c, +- tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own +- BIG_ENDIAN_HOST. +- +-2003-06-16 Moritz Schulte +- +- * random.c (getfnc_gather_random): Do not special-case +- USE_ALL_RANDOM_MODULES, make it the default. +- +- * dsa.c: Replace last occurences of old type names with newer +- names (i.e. replace MPI with gcry_mpi_t). +- * elgamal.c: Likewise. +- * primegen.c: Likewise. +- * pubkey.c: Likewise. +- * rsa.c: Likewise. +- +-2003-06-14 Moritz Schulte +- +- * des.c (des_setkey): Add selftest check. +- (tripledes_set3keys): Likewise. +- (do_tripledes_setkey): Remove selftest check. +- (do_des_setkey): Likewise. +- +-2003-06-11 Moritz Schulte +- +- * md.c (_gcry_md_init): New function. +- * cipher.c (_gcry_cipher_init): New function. +- * pubkey.c (_gcry_pk_init): New function. +- +-2003-06-13 Werner Koch +- +- * md.c (gcry_md_get_algo): Reverted to old API. This is a +- convenience function anyway and error checking is not approriate. +- (gcry_md_is_secure): New. +- (gcry_md_is_enabled): New. +- +-2003-06-12 Werner Koch +- +- * cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on +- error. +- +-2003-06-11 Werner Koch +- +- * md.c (gcry_md_open): Make sure H receives either NULL or an +- valid handle. +- (gcry_md_copy): Swapped arguments so that it is more in lione with +- md_open and most other API fucntions like memcpy (destination +- comes first). Make sure HANDLE is set to NULL on error. +- +- * rijndael.c (do_encrypt): Hack to force correct alignment. It +- seems not to be not sufficient, though. We should rework this +- fucntions and remove all these ugly casts. Let the compiler +- optimize or have an assembler implementation. +- +-2003-06-09 Moritz Schulte +- +- * Makefile.am: Removed rules serpent, since that is not commited +- yet. +- +-2003-06-08 Moritz Schulte +- +- * pubkey.c (gcry_pk_encrypt): Improve calculation for size of the +- format string. +- +-2003-06-07 Moritz Schulte +- +- * arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c, +- des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c, +- rand-internal.h, random.c, random.h, rijndael.c, rmd160.c, +- rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c, +- rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all +- preprocessor instructions to remove whitespace before the '#'. +- This is not required by C89, but there are some compilers out +- there that don't like it. Replaced any occurence of the now +- deprecated type names with the new ones. +- +-2003-06-04 Moritz Schulte +- +- * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use +- gcry_sexp_build_array instead of gcry_sexp_build. +- (gcry_pk_sign): Likewise. +- (gcry_pk_genkey): Likewise. +- +-2003-06-01 Moritz Schulte +- +- * dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID +- does indeed belong to DSA. +- (_gcry_dsa_sign): Likewise. +- (_gcry_dsa_verify): Likewise. +- (_gcry_dsa_get_nbits): Likewise. +- +- * elgamal.c (_gcry_elg_check_secret_key): Do not check wether the +- algorithm ID does indeed belong to ElGamal. +- (_gcry_elg_encrypt): Likewise. +- (_gcry_elg_decrypt): Likewise. +- (_gcry_elg_sign): Likewise. +- (_gcry_elg_verify): Likewise. +- (_gcry_elg_get_nbits): Likewise. +- (_gcry_elg_generate): Likewise. +- +- * rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID +- does indeed belong to RSA. +- (_gcry_rsa_encrypt): Likewise. +- (_gcry_rsa_decrypt): Likewise. +- (_gcry_rsa_sign): Likewise. +- (_gcry_rsa_verify): Likewise. +- (_gcry_rsa_get_nbits): Likewise. +- +-2003-05-30 Moritz Schulte +- +- * md.c (md_get_algo): Return zero in case to algorithm is enabled. +- +- * md.c (gcry_md_info): Adjusted for new no-errno-API. +- (md_final): Likewise. +- (gcry_md_get_algo): Likewise. +- * pubkey.c (gcry_pk_get_keygrip): Likewise. +- (gcry_pk_ctl): Likewise. +- (gcry_pk_algo_info): Likewise. +- * des.c (selftest): Likewise. +- +-2003-05-29 Moritz Schulte +- +- * md.c (md_enable): Do not forget to release module on error. +- (gcry_md_open): Adjusted for new no-errno-API. +- (md_open): Likewise. +- (md_copy): Likewise. +- (gcry_md_copy): Likewise. +- (gcry_md_setkey): Likewise. +- (gcry_md_algo_info): Likewise. +- +- * cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and +- also fixed a locking bug. +- (gcry_cipher_encrypt): Adjusted for new no-errno-API. +- (gcry_cipher_decrypt): Likewise. +- (gcry_cipher_ctl): Likewise. +- (gcry_cipher_info): Likewise. +- (gcry_cipher_algo_info): Likewise. +- +-2003-05-28 Moritz Schulte +- +- * md.c (md_enable): Adjusted for libgpg-error. +- (gcry_md_enable): Likewise. +- (gcry_digest_register_default): Likewise. +- (gcry_digest_register): Likewise. +- (check_digest_algo): Likewise. +- (prepare_macpads): Likewise. +- (gcry_md_setkey): Likewise. +- (gcry_md_ctl): Likewise. +- (gcry_md_get): Likewise. +- (gcry_md_algo_info): Likewise. +- (gcry_md_info): Likewise. +- * dsa.c (_gcry_dsa_generate): Likewise. +- (_gcry_dsa_check_secret_key): Likewise. +- (_gcry_dsa_sign): Likewie. +- (_gcry_dsa_verify): Likewise. +- * twofish.c (do_twofish_setkey): Likewise. +- (twofish_setkey): Likewise. +- * cipher.c (gcry_cipher_register): Likewise. +- +-2003-05-25 Moritz Schulte +- +- * rijndael.c (do_setkey): Adjusted for libgpg-error. +- (rijndael_setkey): Likewise. +- * random.c (gcry_random_add_bytes): Likewise. +- * elgamal.c (_gcry_elg_generate): Likewise. +- (_gcry_elg_check_secret_key): Likewise. +- (_gcry_elg_encrypt): Likewise. +- (_gcry_elg_decrypt): Likewise. +- (_gcry_elg_sign): Likewise. +- (_gcry_elg_verify): Likewise. +- * rsa.c (_gcry_rsa_generate): Likewise. +- (_gcry_rsa_check_secret_key): Likewise. +- (_gcry_rsa_encrypt): Likewise. +- (_gcry_rsa_decrypt): Likewise. +- (_gcry_rsa_sign): Likewise. +- (_gcry_rsa_verify): Likewise. +- * pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt, +- dummy_decrypt, dummy_sign, dummy_verify): Likewise. +- (gcry_pubkey_register): Likewise. +- (check_pubkey_algo): Likewise. +- (pubkey_generate): Likewise. +- (pubkey_check_secret_key): Likewise. +- (pubkey_encrypt): Likewise. +- (pubkey_decrypt): Likewise. +- (pubkey_sign): Likewise. +- (pubkey_verify): Likewise. +- (sexp_elements_extract): Likewise. +- (sexp_to_key): Likewise. +- (sexp_to_sig): Likewise. +- (sexp_to_enc): Likewise. +- (sexp_data_to_mpi): Likewise. +- (gcry_pk_encrypt): Likewise. +- (gcry_pk_decrypt): Likewise. +- (gcry_pk_sign): Likewise. +- (gcry_pk_verify): Likewise. +- (gcry_pk_testkey): Likewise. +- (gcry_pk_genkey): Likewise. +- (gcry_pk_ctl): Likewise. +- * cipher.c (dummy_setkey): Likewise. +- (check_cipher_algo): Likewise. +- (gcry_cipher_open): Likewise. +- (cipher_setkey): Likewise. +- (gcry_cipher_ctl): Likewise. +- (cipher_encrypt): Likewise. +- (gcry_cipher_encrypt): Likewise. +- (cipher_decrypt): Likewise. +- (gcry_cipher_decrypt): Likewise. +- (gcry_cipher_info): Likewise. +- (gcry_cipher_algo_info): Likewise. +- * cast5.c (cast_setkey): Likewise. +- (do_cast_setkey): Likewise. +- * arcfour.c (arcfour_setkey): Likewise. +- (do_arcfour_setkey): Likewise. +- * blowfish.c (do_bf_setkey): Likewise. +- (bf_setkey): Likewise. +- * des.c (do_des_setkey): Likewise. +- (do_tripledes_setkey): Likewise. +- +-2003-05-22 Moritz Schulte +- +- * tiger.c: Merged code ussing the U64_C macro from GnuPG. +- +- * sha512.c: Likewise. +- +-2003-05-17 Moritz Schulte +- +- * pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of +- releasing it. +- +-2003-05-11 Moritz Schulte +- +- * pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS. +- (gcry_pk_ctl): Likewise. +- +-2003-04-27 Moritz Schulte +- +- * pubkey.c (gcry_pk_genkey): Release sexp after extracted data has +- been used. +- +- * md.c (gcry_md_get_algo_dlen): Simplified, simply call +- md_digest_length to do the job. +- +- * des.c (do_des_setkey): Check for selftest failure not only +- during initialization. +- (do_tripledes_setkey): Include check for selftest failure. +- +- * pubkey.c (gcry_pubkey_register_default): New macro +- `pubkey_use_dummy', use it. +- +- * elgamal.c (elg_names): New variable. +- (pubkey_spec_elg): Include elg_names. +- +- * dsa.c (dsa_names): New variable. +- (pubkey_spec_dsa): Include dsa_names. +- +- * rsa.c (rsa_names): New variable. +- (pubkey_spec_rsa): Include rsa_names. +- +- * pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with +- the names listed in `sexp_names'. +- +-2003-04-24 Moritz Schulte +- +- * pubkey.c (sexp_to_key): New variables: module, pubkey. Adjusted +- to new module interface. +- (sexp_to_key): Changend type of argument `retalgo' from `int *' to +- `GcryModule **'. Adjusted all callers. Removed argument: +- r_algotblidx. +- (sexp_to_sig): Changend type of argument `retalgo' from `int *' to +- `GcryModule **'. Adjusted all callers. +- (sexp_to_enc): Likewise. +- +- (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig, +- pubkey_get_nenc): Use strlen to find out the number. +- +- * rsa.c: Adjust pubkey_spec_rsa to new internal interface. +- * dsa.c: Likewise. +- * elgamal.c: Likewise. +- +-2003-04-17 Moritz Schulte +- +- * pubkey.c (sexp_elements_extract): New function. +- * pubkey.c (sexp_to_key): Removed variable `idx', added `err', use +- sexp_elements_extract. +- (sexp_to_sig): Likewise. +- (sexp_to_enc): Likewise. +- +- * pubkey.c: Terminate list correctly. +- * md.c: Include sha512/sha384 in digest_table. +- +-2003-04-16 Moritz Schulte +- +- * Makefile.am: Include support for sha512.c. +- +- * sha512.c: New file, merged from GnuPG, with few modifications +- for libgcrypt. +- +- * rand-internal.h: Removed declarations for constructor functions. +- +- * md.c (md_copy): Call _gcry_module_use for incrementing the usage +- counter of the digest modules. +- +- * rsa.c: Do not include "rsa.h". +- * dsa.c: Do not include "dsa.h". +- * elgamal.c: Do not include "elgamal.h". +- * des.c: Do not include "des.h". +- * cast5.c: Do not include "cast5.h". +- * blowfish.c: Do not include "blowfish.h". +- * arcfour.c: Do not include "arcfour.h". +- +- * Makefile.am (libcipher_la_DEPENDENCIES): Removed. +- (libcipher_la_LIBADD): Removed. +- Use Automake conditionals for conditional compilation. +- +-2003-04-13 Moritz Schulte +- +- * cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS. +- +- * md.c (gcry_md_list): New member: module. +- (md_enable): New variable: module, changed use of module and +- digest. +- (md_enable): Initialize member: module. +- (md_close): Call _gcry_module_release. +- +- * cipher.c (gcry_cipher_open): New variable: module, changed use of +- module and cipher. +- (struct gcry_cipher_handle): New member: module. +- (gcry_cipher_open): Initialize member: module. +- (gcry_cipher_close): Call _gcry_module_release. +- +-2003-04-09 Moritz Schulte +- +- * cipher.c: Include "ath.h". +- * md.c: Likewise. +- * pubkey.c: Likewise. +- +- * cipher.c (ciphers_registered_lock): New variable. +- * md.c (digests_registered_lock): New variable. +- * pubkey.c (pubkeys_registered_lock): New variable. +- +- * rndlinux.c (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_rndlinux_constructor): Removed function. +- +- * rndegd.c (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_rndegd_constructor): Removed function. +- +- * rndunix.c (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_rndunix_constructor): Removed function. +- +- * rndw32.c (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_rndw32_constructor): Removed function. +- +- * rndegd.c (rndegd_connect_socket): Simplify code for creating the +- egd socket address. +- (rndegd_connect_socket): Call log_fatal use instead of +- g10_log_fatal. +- (egd_gather_random): Renamed to ... +- (rndegd_gather_random): ... here. +- +-2003-04-08 Moritz Schulte +- +- * rndlinux.c: Do not include "dynload.h". +- * rndunix.c: Likewise. +- * rndw32.c: Likewise. +- +- * rndegd.c (rndegd_connect_socket): Factored out from ... +- (egd_gather_random): here; call it. +- (egd_socket): New variable. +- (egd_gather_random): Initialize fd with egd_socket, do not declare +- fd static. +- (do_read): Merged few changes from GnuPG. FIXME - not finished? +- Do not include "dynload.h". +- +- * rndw32.c (gather_random): Renamed to rndw32_gather_random, do +- not declare static. +- (gather_random_fast): Renamed to rndw32_gather_random_fast, do not +- declare static. +- +- * rndunix.c (gather_random): Renamed to rndunix_gather_random, do +- not declare static. +- * rndegd.c (gather_random): Renamed to rndegd_gather_random, do +- not declare static. +- * rndlinux.c (gather_random): Renamed to rndlinux_gather_random, +- do not declare static. +- +-2003-04-07 Moritz Schulte +- +- * Makefile.am (libcipher_la_SOURCES): Removed construct.c. +- (libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c, +- md5.c, tiger.c and crc.c +- (EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger +- and crc. Removed definitions: EXTRA_md4_SOURCES, +- EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES, +- EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES, +- BUILT_SOURCES, DISTCLEANFILES. +- +- * pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h". +- +- * Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h, +- dsa.h, des.h, cast5.h, arcfour.h and blowfish.h. +- +- * rsa.h: Removed file. +- * elgamal.h: Removed file. +- * dsa.h: Removed file. +- * des.h: Removed file. +- * cast5.h: Removed file. +- * arcfour.h: Removed file. +- * blowfish.h: Removed file. +- +- * Makefile.am (libcipher_la_SOURCES): Removed dynload.c and +- dynload.h. +- +- * rsa.c (pubkey_spec_rsa): New variable. +- * dsa.c (pubkey_spec_rsa): New variable. +- * elgamal.c (pubkey_spec_elg): New variable. +- +- * rsa.c (_gcry_rsa_get_info): Removed function. +- * elgamal.c (_gcry_elg_get_info): Removed function. +- * dsa.c (_gcry_dsa_get_info): Removed function. +- +- * tiger.c (tiger_get_info): Removed function. +- (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_tiger_constructor): Removed function. +- +- * sha1.c (sha1_get_info): Removed function. +- (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_sha1_constructor): Removed function. +- +- * sha256.c (sha256_get_info): Removed function. +- (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_sha256_constructor): Removed function. +- +- * rmd160.c (rmd160_get_info): Removed function. +- (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_rmd160_constructor): Removed function. +- +- * md5.c (md5_get_info): Removed function. +- (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_md5_constructor): Removed function. +- +- * md4.c (md4_get_info): Removed function. +- (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func): Removed function. +- (_gcry_md4_constructor): Removed function. +- +- * crc.c (crc_get_info): Removed function. +- +- * arcfour.c (do_arcfour_setkey): Changed type of context argument +- to `void *', added local variable for cast, adjusted callers. +- (arcfour_setkey): Likewise. +- (encrypt_stream): Likewise. +- * cast5.c (cast_setkey): Likewise. +- (encrypt_block): Likewise. +- * rijndael.c (rijndael_setkey): Likewise. +- (rijndael_encrypt): Likewise. +- (rijndael_decrypt): Likewise. +- * twofish.c (twofish_setkey): Likewise. +- (twofish_encrypt): Likewise. +- (twofish_decrypt): Likewise. +- * des.c (do_des_setkey): Likewise. +- (do_des_encrypt): Likewise. +- (do_des_encrypt): Likewise. +- (do_tripledes_encrypt): Likewise. +- (do_tripledes_encrypt): Likewise. +- * blowfish.c (bf_setkey: Likewise. +- (encrypt_block): Likewise. +- (decrypt_block): Likewise. +- +- * arcfour.c (encrypt_stream): Likewise. +- +- * rijndael.c (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func) Removed function. +- +- * twofish.c (gnupgext_version, func_table): Removed definitions. +- (gnupgext_enum_func) Removed function. +- +- * cast5.c (CIPHER_ALGO_CAST5): Removed. +- +- * blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros. +- (CIPHER_ALGO_BLOWFISH): Removed symbol. +- * cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise. +- * des.c (selftest_failed): Removed. +- (initialized): New variable. +- (do_des_setkey): Run selftest, if not yet done. +- (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros. +- +- * arcfour.c (_gcry_arcfour_get_info): Removed function. +- * blowfish.c (_gcry_blowfish_get_info): Removed function. +- * cast5.c (_gcry_cast5_get_info): Removed function. +- * des.c (_gcry_des_get_info): Removed function. +- * rijndael.c (_gcry_rijndael_get_info): Removed function. +- * twofish.c (_gcry_twofish_get_info): Removed function. +- +- * arcfour.c (cipher_spec_arcfour): New variable. +- * twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New +- variables. +- * rijndael.c (cipher_spec_aes, cipher_spec_aes192, +- cipher_spec256): New variables. +- * des.c (cipher_spec_des, cipher_spec_tripledes): New variables. +- * cast5.c (cipher_spec_cast5): New variable. +- * blowfish.c (cipher_spec_blowfish): Likewise. +- +- * twofish.c: Do not include "dynload.h". +- * rijndael.c: Likewise. +- * des.c: Likewise. +- * cast5.c: Likewise. +- * blowfish.c: Likewise. +- * cipher.c: Likewise. +- * crc.c: Likewise. +- * md4.c: Likewise. +- * md5.c: Likewise. +- * md.c: Likewise. +- * pubkey.c: Likewise. +- * rijndael.c: Likewise. +- * sha1.c: Likewise. +- * sha256.c: Likewise. +- +- * arcfour.c: Include "cipher.h". +- * twofish.c: Likewise. +- * rijndael.c: Likewise. +- * des.c: Likewise. +- * cast5.c: Likewise. +- * blowfish.c: Likewise. +- +- * twofish.c (twofish_setkey): Declared argument `key' const. +- (twofish_encrypt): Declared argument `inbuf' const. +- (twofish_decrypt): Likewise. +- +- * rijndael.c (rijndael_setkey): Declared argument `key' const. +- (rijndael_encrypt): Declared argument `inbuf' const. +- (rijndael_decrypt): Likewise. +- +- * des.c (do_des_setkey): Declared argument `key' const. +- (do_tripledes_setkey): Likewise. +- (do_des_encrypt): Declared argument `inbuf' const. +- (do_des_decrypt): Likewise. +- (do_tripledes_encrypt): Likewise. +- (do_tripledes_decrypt): Likewise. +- +- * cast5.c (encrypt_block): Declared argument `inbuf' const. +- (decrypt_block): Likewise. +- (cast_setkey): Declared argument `key' const. +- +- * blowfish.c (do_bf_setkey): Declared argument `key' const. +- (encrypt_block): Declared argument `inbuf' const. +- (encrypt_block): Likewise. +- +- +- +- * cipher.c: Remove CIPHER_ALGO_DUMMY related code. +- Removed struct cipher_table_s. +- Changed definition of cipher_table. +- Removed definition of disabled_algos. +- (ciphers_registered, default_ciphers_registered): New variables. +- (REGISTER_DEFAULT_CIPHERS): New macro. +- (dummy_setkey): Declared argument `key' const. +- (dummy_encrypt_block): Declared argument `inbuf' const. +- (dummy_encrypt_block): Likewise. +- (dummy_encrypt_stream): Likewise. +- (dummy_encrypt_stream): Likewise. +- (dummy_setkey): Use `unsigned char' instead of `byte'. +- (dummy_encrypt_block): Likewise. +- (dummy_decrypt_block): Likewise. +- (dummy_encrypt_stream): Likewise. +- (dummy_decrypt_stream): Likewise. +- (gcry_cipher_register_default): New function. +- (gcry_cipher_lookup_func_id): New function. +- (gcry_cipher_lookup_func_name): New function. +- (gcry_cipher_lookup_id): New function. +- (gcry_cipher_lookup_name): New function. +- (gcry_cipher_id_new): New function. +- (gcry_cipher_register): New function. +- (gcry_cipher_unregister): New function. +- (setup_cipher_table): Removed function. +- (load_cipher_modules): Removed function. +- (gcry_cipher_map_name): Adjusted to use new module management. +- (cipher_algo_to_string): Likewise. +- (disable_cipher_algo): Likewise. +- (check_cipher_algo): Likewise. +- (cipher_get_keylen): Likewise. +- (cipher_get_blocksize): Likewise. +- (gcry_cipher_open): Likewise. +- (struct gcry_cipher_handle): Replaced members algo, algo_index, +- blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one +- member: cipher. +- (gcry_cipher_open): Adjusted code for new handle structure. +- (cipher_setkey): Likewise. +- (cipher_setiv): Likewise. +- (cipher_reset): Likewise. +- (do_ecb_encrypt): Likewise. +- (do_ecb_decrypt): Likewise. +- (do_cbc_encrypt): Likewise. +- (do_cbc_decrypt): Likewise. +- (do_cfb_encrypt): Likewise. +- (do_cfb_decrypt): Likewise. +- (do_ctr_encrypt): Likewise. +- (cipher_encrypt): Likewise. +- (gcry_cipher_encrypt): Likewise. +- (cipher_decrypt): Likewise. +- (gcry_cipher_decrypt): Likewise. +- (cipher_sync): Likewise. +- (gcry_cipher_ctl): Likewise. +- +- * pubkey.c: Removed struct pubkey_table_s. +- Changed definition of pubkey_table. +- Removed definition of disabled_algos. +- (pubkeys_registered, default_pubkeys_registered): New variables. +- (REGISTER_DEFAULT_PUBKEYS): New macro. +- (setup_pubkey_table): Removed function. +- (load_pubkey_modules): Removed function. +- (gcry_pubkey_register_default): New function. +- (gcry_pubkey_lookup_func_id): New function. +- (gcry_pubkey_lookup_func_name): New function. +- (gcry_pubkey_lookup_id): New function. +- (gcry_pubkey_lookup_name): New function. +- (gcry_pubkey_id_new): New function. +- (gcry_pubkey_register): New function. +- (gcry_pubkey_unregister): New function. +- (gcry_pk_map_name): Adjusted to use new module management. +- (gcry_pk_algo_name): Likewise. +- (disable_pubkey_algo): Likewise. +- (check_pubkey_algo): Likewise. +- (pubkey_get_npkey): Likewise. +- (pubkey_get_nskey): Likewise. +- (pubkey_get_nsig): Likewise. +- (pubkey_get_nenc): Likewise. +- (pubkey_generate): Likewise. +- (pubkey_check_secret_key): Likewise. +- (pubkey_encrypt): Likewise. +- (pubkey_decrypt): Likewise. +- (pubkey_sign): Likewise. +- (pubkey_verify): Likewise. +- (gcry_pk_get_nbits): Likewise. +- (gcry_pk_algo_info): Likewise. +- +- * md.c: Removed struct md_digest_list_s. +- (digest_list): Changed definition. +- (digests_registered, default_digests_registered): New variables. +- (REGISTER_DEFAULT_DIGESTS): New macro. +- (new_list_item): Removed function. +- (setup_md_table): Removed function. +- (load_digest_module): Removed function. +- (gcry_digest_register_default): New function. +- (gcry_digest_lookup_func_id): New function. +- (gcry_digest_lookup_func_name): New function. +- (gcry_digest_lookup_id): New function. +- (gcry_digest_lookup_name): New function. +- (gcry_digest_id_new): New function. +- (gcry_digest_register): New function. +- (gcry_digest_unregister): New function. +- (GcryDigestEntry): New type. +- (struct gcry_md_context): Adjusted type of `list'. +- (gcry_md_map_name): Adjusted to use new module management. +- (digest_algo_to_string): Likewise. +- (check_digest_algo): Likewise. +- (md_enable): Likewise. +- (md_digest_length): Likewise. +- (md_asn_oid): Likewise. +- +-2003-04-07 Moritz Schulte +- +- * pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA, +- PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with +- GCRY_PK_ELG. +- +- * dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA. +- +-2003-04-01 Moritz Schulte +- +- * des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES. +- +-2003-03-31 Moritz Schulte +- +- * tiger.c (tiger_get_info): Do not declare static. +- * sha256.c (sha256_get_info): Likewise. +- * sha1.c (sha1_get_info): Likewise. +- * rmd160.c (rmd160_get_info): Likewise. +- * md5.c (md5_get_info): Likewise. +- * md4.c (md4_get_info): Likewise. +- * crc.c (crc_get_info): Likewise. +- +- * md.c (load_digest_module): Call setup_md_table during +- initialization. +- (new_list_item): Link new element into digest_list. +- +- * cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper +- for do_ctr_encrypt, since these functions are identical. +- +-2003-03-30 Simon Josefsson +- +- * cipher.c (struct gcry_cipher_handle): Add counter field. +- (gcry_cipher_open): Add CTR. +- (cipher_reset): Clear counter field. +- (do_ctr_encrypt, do_ctr_decrypt): New functions. +- (cipher_encrypt, cipher_decrypt): Call CTR functions. +- (gcry_cipher_ctl): Add SET_CTR to set counter. +- +-2003-03-30 Moritz Schulte +- +- * rsa.c (_gcry_rsa_blind): New function. +- (_gcry_rsa_unblind): New function. +- (_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt. +- +-2003-03-26 Moritz Schulte +- +- * dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and +- `decrypt' function arguments. +- (_gcry_enum_gnupgext_pubkeys): Likewise. +- * dynload.h: Likewise. +- +- * pubkey.c (dummy_decrypt): Add argument: int flags. +- (dummy_encrypt): Likewise. +- +- * elgamal.c (_gcry_elg_encrypt): Add argument: int flags. +- (_gcry_elg_decrypt): Likewise. +- +- * rsa.c (_gcry_rsa_encrypt): Add argument: int flags. +- (_gcry_rsa_decrypt): Likewise. +- +- * pubkey.c: Add `flags' argument to members `encrypt' and +- `decrypt' of struct `pubkey_table_s'. +- +- * rsa.h: Add `flags' argument to function declarations. +- * elgamal.h: Likewise. +- +- * pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags. +- (sexp_data_to_mpi): Set `parsed_flags'. +- (sexp_data_to_mpi): New argument: int *flags. +- (gcry_pk_encrypt): New variable: int flags. +- (gcry_pk_encrypt): Pass `flags' to pubkey_encrypt. +- (pubkey_encrypt): New variable: int flags. +- (pubkey_encrypt): Pass `flags' to pubkey encrypt function. +- (pubkey_decrypt): Likewise. +- (pubkey_decrypt): Pass `flags' to pubkey encrypt function. +- (gcry_pk_encrypt): Include `flags' s-exp in return list. +- (sexp_to_enc): New argument: int *flags. +- (gcry_pk_decrypt): New variable: int flags. +- (gcry_pk_decrypt): Pass `flags' to pubkey_decrypt. +- (sexp_to_enc): New variable: int parsed_flags. +- (sexp_to_enc): Set `parsed_flags'. +- +-2003-03-22 Simon Josefsson +- +- * cipher.c (gcry_cipher_open, do_cbc_encrypt) +- (gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC. +- (gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC. +- +-2003-03-19 Werner Koch +- +- * primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG +- to allow for a user callback. Changed all callers. +- (_gcry_generate_secret_prime) +- (_gcry_generate_public_prime): Ditto, pass them to gen_prime. +- * rsa.c (check_exponent): New. +- (generate): Use a callback to ensure that a given exponent is +- actually generated. +- +-2003-03-12 Moritz Schulte +- +- * primegen.c: Initialize `no_of_small_prime_numbers' statically. +- (gen_prime): Remove calculation of `no_of_small_prime_numbers'. +- +-2003-03-03 Moritz Schulte +- +- * md.c (gcry_md_ctl): Rewritten to use same style like the other +- functions dispatchers. +- +-2003-03-02 Moritz Schulte +- +- * cipher.c (struct gcry_cipher_handle): New member: algo_index. +- (gcry_cipher_open): Allocate memory for two cipher contexts. +- Initialize algo_index. +- (cipher_setkey): Duplicate context into reserved memory. +- (cipher_reset): New function, which resets the context and clear +- the IV. +- (gcry_cipher_ctl): Call cipher_reset. +- +-2003-02-23 Moritz Schulte +- +- * cipher.c: Remove (bogus) `digitp' macro definition. +- * md.c: Likewise. +- +- * blowfish.c (burn_stack): Removed. +- * arcfour.c (burn_stack): Likewise. +- * cast5.c (burn_stack): Likewise. +- * des.c (burn_stack): Likewise. +- * md4.c (burn_stack): Likewise. +- * md5.c (burn_stack): Likewise. +- * random.c (burn_stack): Likewise. +- * rijndael.c (burn_stack): Likewise. +- * rmd160.c (burn_stack): Likewise. +- * sha1.c (burn_stack): Likewise. +- * sha256.c (burn_stack): Likewise. +- * tiger.c (burn_stack): Likewise. +- * twofish.c (burn_stack): Likewise. +- +- * blowfish.c: Changed all occurences of burn_stack to +- _gcry_burn_stack. +- * arcfour.c: Likewise. +- * cast5.c: Likewise. +- * des.c: Likewise. +- * md4.c: Likewise. +- * md5.c: Likewise. +- * random.c: Likewise. +- * rijndael.c: Likewise. +- * rmd160.c: Likewise. +- * sha1.c: Likewise. +- * sha256.c: Likewise. +- * tiger.c: Likewise. +- * twofish.c: Likewise. +- +- * arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR +- instead of hard-coded value `301'. +- +-2003-01-24 Werner Koch +- +- * random.c (_gcry_register_random_progress): New. +- (_gcry_random_progress): New. +- +- * rndlinux.c (gather_random): Call the random progress function. +- +-2003-01-23 Werner Koch +- +- * rsa.c (generate): New arg USE_E to request a specific public +- exponent. +- (_gcry_rsa_generate): Ditto. +- * elgamal.c (_gcry_elg_generate): Must add an dummy argument +- instead of USE_E. +- * dsa.c (_gcry_dsa_generate): Ditto. +- * pubkey.c (dummy_generate): Ditto. +- (pubkey_generate): Add USE_E arg and pass it down. +- (gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate. +- +- * pubkey.c (sexp_to_enc): New arg RET_MODERN. +- (gcry_pk_decrypt): Make use of it to return a real S-expression. +- Return better error codes. +- (gcry_pk_verify): Return better error codes. +- +-2003-01-21 Werner Koch +- +- * random.c (gcry_random_add_bytes): Add QUALITY argument, let +- function return an error code and disable its core for now. +- +-2003-01-21 Timo Schulz +- +- * random.c (gcry_random_add_bytes): New. Function to add external +- random to the pool. +- +-2003-01-20 Simon Josefsson +- +- * crc.c: New. +- * Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c. +- * md.c (gcry_md_get_algo_dlen): Add values for CRC. +- +-2003-01-20 Werner Koch +- +- * sha256.c: New. +- * bithelp.h (ror): New. +- * Makfile.am: Add sha256.c. +- * md.c (oid_table): Add values for SHA256 et al. +- (gcry_md_get_algo_dlen): Likewise +- +-2003-01-20 Werner Koch +- +- * pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA +- and ElGamal. +- +-2003-01-17 Werner Koch +- +- * cipher.c (gcry_cipher_encrypt): Reworked so that the output will +- never contain the plaintext even if the caller did not checked the +- return value. +- +- * md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL +- because we don't have an invalid md algo but no algorithm enabled. +- +- * pubkey.c (gcry_pk_genkey): Changed error code for bounds check +- of table parameters to GCRYERR_INTERNAL. +- +- * md.c (gcry_md_open): Partly reverted Timo's change from +- 2002-10-10 by removing the check for the algorithm. An algorithm +- of 0 is allowed and anyway we should not double check it or check +- it using a different function. Also fixed the flags check. +- +- * pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL +- on error. +- (gcry_pk_decrypt): Ditto for R_PLAIN. +- (gcry_pk_sign): Ditto for R_SIG. +- (gcry_pk_genkey): Ditto for R_KEY. +- +-2003-01-16 Werner Koch +- +- * md.c (gcry_md_write): Changed 2nd argument type to void*. +- (gcry_md_hash_buffer): Changed type of boths buffers to void*. +- (gcry_md_setkey): Changed 2nd argument type to void*. +- +-2003-01-15 Werner Koch +- +- * pubkey.c (sexp_data_to_mpi): New. This handles pkcs1 padding. +- (gcry_pk_sign, gcry_pk_verify): Use it here. +- (gcry_pk_encrypt): And here. +- (pubkey_verify): Add debug code. +- (sexp_to_enc): Handle flags in the input and return the pkcs1 flag +- in a new parameter. +- (gcry_pk_decrypt): Prepare for future pkcs1 handling. +- +-2002-12-19 Werner Koch +- +- * random.c (_gcry_random_initialize): New. +- +-2002-12-16 Werner Koch +- +- * cipher.c: Added a Teletrust specific OID for 3DES. +- +-2002-12-12 Werner Koch +- +- * md.c: Added another oddball OIW OID (sha-1WithRSAEncryption). +- +-2002-11-23 Werner Koch +- +- * md.c (load_digest_module): Enlarged checked_algos bitmap. +- * md4.c (func_table): Fixed entry for md4. +- Both by Simon Josephson. +- (transform): Copy data to get the alignment straight. Tested only +- on i386. +- +-2002-11-10 Simon Josefsson +- +- * cipher.c (gcry_cipher_open): Don't reject CTS flag. +- (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt) +- (gcry_cipher_encrypt, cipher_decrypt) +- (gcry_cipher_decrypt): Support CTS flag. +- (gcry_cipher_ctl): Toggle CTS flag. +- +-2002-11-10 Werner Koch +- +- * md4.c: New. By Simon Josefsson. +- * Makefile.am (EXTRA_PROGRAMS): Add md4.c. +- * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support. +- +-2002-10-14 Werner Koch +- +- * arcfour.c (do_encrypt_stream): Don't use increment op when +- assigning to the same variable. +- +-2002-10-10 Timo Schulz +- +- * pubkey.c (gcry_pk_genkey): Check boundaries. +- +- * md.c (gcry_md_open): Check that algo is available and only +- valid flag values are used. +- (gcry_md_get_algo): Add error handling. +- +-2002-09-26 Werner Koch +- +- * md.c: Include an OID for TIGER. +- * tiger.c (tiger_get_info): Use a regular OID. +- +-2002-09-17 Werner Koch +- +- * random.c: Replaced mutex.h by the new ath.h. Changed all calls. +- +-2002-09-16 Werner Koch +- +- * arcfour.c (do_encrypt_stream): Use register modifier and modulo. +- According to Nikos Mavroyanopoulos this increases perfromace on +- i386 system noticable. And I always tought gcc is clever enough. +- * md5.c (transform): Use register modifier. +- * rmd160.c (transform): Ditto. +- * sha1.c (transform): Ditto. We hope that there are 6 free registers. +- * random.c (gcry_randomize): Rewrote to avoid malloc calls. +- +- * rndlinux.c (gather_random): Replaced remaining fprintfs by log_*. +- * arcfour.c (do_arcfour_setkey): Ditto. +- * twofish.c (do_twofish_setkey): Ditto. +- * rndegd.c (gather_random): Ditto. +- * rijndael.c (do_setkey): Ditto. +- * random.c (_gcry_random_dump_stats): Ditto. +- * primegen.c (_gcry_generate_elg_prime): Ditto. +- * des.c (_gcry_des_get_info): Ditto. +- * cast5.c (do_cast_setkey): Ditto. +- * blowfish.c (do_bf_setkey): Ditto. +- +-2002-08-26 Werner Koch +- +- * des.c (weak_keys): Fixed one entry in the table and compared +- all entries against the literature. +- (selftest): Checksum the weak key table. +- +-2002-08-21 Werner Koch +- +- * pubkey.c: Enable keygrip calculation for "openpgp-rsa". +- +-2002-08-17 Werner Koch +- +- * cipher.c (setup_cipher_table): Don't overwrite the DES entry +- with the entry for DUMMY. +- +-2002-08-14 Werner Koch +- +- * des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New. +- (_gcry_des_get_info): Support plain old DES. +- * cipher.c (setup_cipher_table): Put DES into the table. +- +-2002-07-25 Werner Koch +- +- * rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_. +- Noted by Stephan Austermuehle. +- +-2002-07-08 Timo Schulz +- +- * rndw32.c: Replaced the m_ memory functions with the real +- gcry_ functions. Renamed all g10_ prefixed functions to log_. +- +-2002-06-12 Werner Koch +- +- * rsa.c (generate): Use e = 65537 for now. +- +-2002-06-11 Werner Koch +- +- * pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key". +- +-2002-06-05 Timo Schulz +- +- * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): +- Check that the input size is a multiple of the blocksize. +- +-2002-05-23 Werner Koch +- +- * md.c (oid_table): Add an rsadsi OID for MD5. +- +-2002-05-21 Werner Koch +- +- * primegen.c, elgamal.c, dsa.c (progress): Do not print anything +- by default. Pass an extra identifying string to the callback and +- reserved 2 argumenst for current and total counters. Changed the +- register function prototype. +- +-2002-05-17 Werner Koch +- +- * rndegd.c (rndegd_constructor): Fixed name of register function +- and prefixed the function name with _gcry_. +- * rndw32.c (rndw32_constructor): Ditto. +- * tiger.c (tiger_constructor): Ditto. +- +- * Makefile.am: Removed all dynamic loading stuff. +- * dynload.c: Ditto. Now only used for the constructor system. +- +-2002-05-15 Werner Koch +- +- * random.c (gcry_random_bytes,gcry_random_bytes_secure) +- (gcry_randomize): Make sure we are initialized. +- +-2002-05-14 Werner Koch +- +- Changed license of most files to the LGPL. +- +-2002-05-02 Werner Koch +- +- * random.c (_gcry_fast_random_poll): Initialize the module so the +- mutex can be used. +- +- * primegen.c (small_prime_numbers): Moved table from smallprime.c +- * smallprime.c: File removed. +- +- * des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static. +- +- * cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES". +- * rijndael.c (rijndael_get_info): We do only support a 128 bit +- blocksize so it makes sense to change the algorithm strings to +- AES. +- +- * tiger.c (tiger_final): Removed superfluous token pasting operators. +- * md5.c (md5_final): Ditto. +- +-2002-04-30 Werner Koch +- +- * cipher.c: Fixed list of copyright years. +- +-2002-03-18 Werner Koch +- +- * random.c (initialize): Initialize the new pool lock mutex. +- (_gcry_fast_random_poll): Add locking and moved main +- code out to... +- (do_fast_random_poll): new function. +- (read_pool): Use the new function here. +- (get_random_bytes): Add locking. +- (_gcry_update_random_seed_file): Ditto. +- +-2002-03-11 Werner Koch +- +- * md.c: Add rsaSignatureWithripemd160 to OID table. +- +-2002-02-20 Werner Koch +- +- * sha1.c: Removed a left over comment note. The code has been +- rewritten from scratch in 1998. Thanks to Niels Möller for +- reporting this misleading comment. +- +-2002-02-18 Werner Koch +- +- * rndunix.c (rndunix_constructor): Use the the new prefixed +- function name. Reported by Jordi Mallach. +- +-2002-02-10 Werner Koch +- +- * random.c (mix_pool): Carry an extra failsafe_digest buffer +- around to make the function more robust. +- +-2002-02-08 Werner Koch +- +- * random.c (add_randomness): Xor new data into the pool and not +- just copy it. This avoids any choosen input attacks which are not +- serious in our setting because an outsider won't be able to mix +- data in and even then we keep going with a PRNG. Thanks to Stefan +- Keller for pointing this out. +- +-2002-01-04 Werner Koch +- +- * pubkey.c (gcry_pk_genkey): Do not release skey - it is static. +- +- * primegen.c (gen_prime): Of course we should use set_bit +- and not set_highbit to set the second high bit. +- +-2001-12-18 Werner Koch +- +- * rsa.c (generate): Loop until we find the exact modulus size. +- Changed the exponent to 41. +- (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings. +- * primegen.c (gen_prime): Set 2 high order bits for secret primes. +- +- * Makefile.am (DISTCLEANFILES): Include construct.c. +- +-2001-12-17 Werner Koch +- +- * pubkey.c (gcry_pk_get_keygrip): New - experimental. +- +-2001-12-11 Werner Koch +- +- * cipher.c: Added OIDs for AES. +- (gcry_cipher_mode_from_oid): New. +- (gcry_cipher_map_name): Moved OID search code to .. +- (search_oid): .. new function. +- +-2001-12-10 Werner Koch +- +- * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name +- and not by number. +- +- * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign) +- (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey) +- (gcry_pk_get_nbits): Release the arrays. Noted by Nikos +- Mavroyanopoulos. +- +-2001-12-06 Werner Koch +- +- * cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed +- with "oid." or "OID.". +- +-2001-12-05 Werner Koch +- +- * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa. +- +-2001-11-24 Werner Koch +- +- * pubkey.c: Added the rsaEncryption OID to the tables. +- (sexp_to_key): Add an arg to return the index of the algorithm, +- changed all callers. +- (gcry_pk_sign): Find the signature algorithm by name and not by +- number. +- (gcry_pk_get_nbits): Fixed so that we can now really pass a secret +- key to get the result. +- +- * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid." +- or "OID." so that an OID string can be used as an S-Exp token. +- +-2001-11-20 Werner Koch +- +- * md.c (gcry_md_map_name): Lookup by OID if the the name begins +- with a digit. +- (oid_table): New. +- +-2001-11-16 Werner Koch +- +- * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED. +- +-2001-11-07 Werner Koch +- +- * md.c (gcry_md_hash_buffer): Close the handle which was left open +- for algorithms other than rmd160. +- +-2001-08-08 Werner Koch +- +- * rndw32.c (gather_random): Use toolhelp in addition to the NT +- gatherer for Windows2000. Suggested by Sami Tolvanen. +- +- * random.c (read_pool): Fixed length check, this used to be one +- byte to strict. Made an assert out of it because the caller has +- already made sure that only poolsize bytes are requested. +- Reported by Marcus Brinkmann. +- +-2001-08-03 Werner Koch +- +- * cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return +- errors. We have to change the interface to all ciphers to make +- this really work but we should do so to prepare for hardware +- encryption modules. +- (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and +- set lasterr. +- (gcry_cipher_ctl): Make sure that errors from setkey are returned. +- +-2001-08-02 Werner Koch +- +- * rndlinux.c (gather_random): casted a size_t arg to int so that +- the format string is correct. Casting is okay here and avoids +- translation changes. +- +- * random.c (fast_random_poll): Do not check the return code of +- getrusage. +- +- * rndunix.c: Add a signal.h header to avoid warnings on Solaris 7 +- and 8. +- +- * tiger.c (print_abc,print_data): Removed. +- +- * rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c +- (burn_stack): New. Add wrappers for most functions to be able to +- call burn_stack after the function invocation. This methods seems +- to be the most portable way to zeroise the stack used. It does +- only work on stack frame based machines but it is highly portable +- and has no side effects. Just setting the automatic variables at +- the end of a function to zero does not work well because the +- compiler will optimize them away - marking them as volatile would +- be bad for performance. +- * md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise. +- * random.c (burn_stack): New. +- (mix_pool): Use it here to burn the stack of the mixblock function. +- +- * primegen.c (_gcry_generate_elg_prime): Freed q at 3 places. +- Thanks to Tommi Komulainen. +- +- * arcfour.c (arcfour_setkey): Check the minimim keylength against +- bytes and not bits. +- (selftest): Must reset the key before decryption. +- +-2001-05-31 Werner Koch +- +- * sha1.c (sha1_init): Made static. +- +- Changed all g10_ prefixed function names as well as some mpi_ +- function names to cope with the introduced naming changes. +- +- * md.c (prepare_macpads): Made key const. +- +-2001-05-28 Werner Koch +- +- * rndegd.c (gather_random): Removed the use of tty_printf. +- +-2001-03-29 Werner Koch +- +- * md5.c (md5_final): Fixed calculation of hashed length. Thanks +- to disastry@saiknes.lv for pointing out that it was horrible wrong +- for more than 512MB of input. +- * sha1.c (sha1_final): Ditto. +- * rmd160.c (rmd160_final): Ditto. +- * tiger.c (tiger_final): Ditto. +- +- * blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to +- avoid name clashes with an encrypt function in stdlib.h of +- Dynix/PIX. Thanks to Gene Carter. +- * elgamal.c (encrypt,do_encrypt): Ditto. +- +- * twofish.c (gnupgext_enum_func): Use only when when compiled as a +- module. +- * rijndael.c (gnupgext_enum_func): Ditto. +- +- * tiger.c (tiger_get_info): Return "TIGER192" and not just +- "TIGER". By Edwin Woudt. +- +- * random.c: Always include time.h - standard requirement. Thanks +- to James Troup. +- +- * rndw32.c: Fixes to the macros. +- +-2001-01-11 Werner Koch +- +- * cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and +- not 8. +- +-2000-12-19 Werner Koch +- +- Major change: +- Removed all GnuPG stuff and renamed this piece of software +- to gcrypt. +- +-2000-11-14 Werner Koch +- +- * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and +- mpi_free by gcry_mpi_release. +- * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure. +- * rsa.c (test_keys,generate,rsa_verify): Ditto. +- * primegen.c (generate_elg_prime): Ditto. +- (gen_prime): Ditto and removed nlimbs. +- +- * rsa.c (generate): Allocate 2 more vars in secure memory. +- +- * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency +- problems. +- +-2000-10-09 Werner Koch +- +- * arcfour.c, arcfour.h: New. +- * cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode. +- (setup_cipher_table): Add Arcfour. +- (gcry_cipher_open): Kludge to allow stream mode. +- +-Wed Oct 4 13:16:18 CEST 2000 Werner Koch +- +- * sha1.c (transform): Use rol() macro. Actually this is not needed +- for a newer gcc but there are still aoter compilers. +- +- * rsa.c (test_keys): Use new random function. +- +- * md.c (gcry_md_setkey): New function to overcome problems with +- const conflics. +- (gcry_md_ctl): Pass set key to the new functions. +- +- * rijndael.c: New. +- * cipher.c: Add Rijndael support. +- +-Mon Sep 18 16:35:45 CEST 2000 Werner Koch +- +- * rndlinux.c (open_device): Loose random device checking. +- By Nils Ellmenreich. +- +- * random.c (fast_random_poll): Check ENOSYS for getrusage. +- * rndunix.c: Add 2 sources for QNX. By Sam Roberts. +- +- * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE. +- +- * rsa.c: Changed the comment about the patent. +- (secret): Speed up by using the CRT. For a 2k keys this +- is about 3 times faster. +- (stronger_key_check): New but unused code to check the secret key. +- * Makefile.am: Included rsa.[ch]. +- * pubkey.c: Enabled RSA support. +- (pubkey_get_npkey): Removed RSA workaround. +- +-Mon Jul 31 10:04:47 CEST 2000 Werner Koch +- +- * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new +- gcry_sexp_nth_{data,mpi} functions. +- +-Tue Jul 25 17:44:15 CEST 2000 Werner Koch +- +- * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt, +- gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with +- the new S-Exp interface. +- +-Mon Jul 17 16:35:47 CEST 2000 Werner Koch +- +- * random.c (gather_faked): Replaced make_timestamp by time(2) again. +- +-Fri Jul 14 19:38:23 CEST 2000 Werner Koch +- +- * md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP. +- +- * Makefile.am: Never compile mingw32 as module. +- +- * Makefile.am: Tweaked module build and removed libtool +- +- * Makefile.am: Replaced -O1 by -O. Suggested by Alec Habig. +- +- * elgamal.c (sign): Removed inactive code. +- +- * rsa.c, rsa.h: New based on the old module version (only in CVS for now). +- * pubkey.c (setup_pubkey_table): Added commented support for RSA. +- +- * rndunix.c (waitpid): New. For UTS 2.1. All by Dave Dykstra. +- (my_popen): Do the FD_CLOEXEC only if it is available +- (start_gatherer): Cope with missing _SC_OPEN_MAX +- +- * rndunix.c: Add some more headers for QNX. By Sam Roberts. +- +- * rndegd.c (gather_random): Shortcut level 0. +- * rndunix.c (gather_random): Ditto. +- * rndw32.c (gather_random): Ditto. +- +- * rndw32.c: Replaced with code from Cryptlib and commented the old stuff. +- * rndw32.c: Add some debuging code enabled by an environment variable. +- +- * random.c (read_seed_file): Binary open for DOSish system +- (update_random_seed_file): Ditto. +- * random.c [MINGW32]: Include process.h for getpid. +- * random.c (fast_random_poll): Add clock_gettime() as fallback for +- system which support this POSIX.4 fucntion. By Sam Roberts. +- +- * random.c (read_seed_file): Removed the S_ISLNK test becuase it +- is already covered by !S_ISREG and is not defined in Unixware. +- Reported by Dave Dykstra. +- (update_random_seed_file): Silently ignore update request when pool +- is not filled. +- +- * random.c (read_seed_file): New. +- (set_random_seed_file): New. +- (read_pool): Try to read the seeding file. +- (update_random_seed_file): New. +- +- (read_pool): Do an initial extra seeding when level 2 quality random +- is requested the first time. This requestes at least POOLSIZE/2 bytes +- of entropy. Compined with the seeding file this should make normal +- random bytes cheaper and increase the quality of the random bytes +- used for key generation. +- +- * random.c (read_pool): Print a more friendly error message in +- cases when too much random is requested in one call. +- +- * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined; +- this is not the case for some ESIX and Unixware, although they have +- getrusage(). +- +- * primegen.c (generate_elg_prime): All primes are now generated with +- the lowest random quality level. Because they are public anyway we +- don't need stronger random and by this we do not drain the systems +- entropy so much. +- +- * primegen.c (register_primegen_progress): New. +- * dsa.c (register_pk_dsa_progress): New. +- * elgamal.c (register_pk_elg_progress): New. +- +- * elgamal.c (wiener_map): New. +- (gen_k): Use a much smaller k. +- (generate): Calculate the qbits using the wiener map and +- choose an x at a size comparable to the one choosen in gen_k +- +- * rmd160.c (rmd160_get_info): Moved casting to the left side due to a +- problem with UTS4.3. Suggested by Dave Dykstra. +- * sha1.c (sha1_get_info): Ditto. +- * tiger.c (tiger_get_info): Ditto. +- * md5.c (md5_get_info): Ditto +- * des.c (des_get_info): Ditto. +- * blowfish.c (blowfish_get_info): Ditto. +- * cast5.c (cast5_get_info): Ditto. +- * twofish.c (twofish_get_info): Ditto. +- +-Fri Mar 24 11:25:45 CET 2000 Werner Koch +- +- * md.c (md_open): Add hmac arg and allocate space for the pads. +- (md_finalize): Add HMAC support. +- (md_copy): Ditto. +- (md_close): Ditto. +- (gcry_md_reset): Ditto. +- (gcry_md_ctl): Ditto. +- (prepare_macpdas): New. +- +-Mon Mar 13 19:22:46 CET 2000 Werner Koch +- +- * md.c (gcry_md_hash_buffer): Add support for the other algorithms. +- +-Mon Jan 31 16:37:34 CET 2000 Werner Koch +- +- * genprime.c (generate_elg_prime): Fixed returned factors which never +- worked for non-DSA keys. +- +-Thu Jan 27 18:00:44 CET 2000 Werner Koch +- +- * pubkey.c (sexp_to_key): Fixed mem leaks in case of errors. +- +-Mon Jan 24 22:24:38 CET 2000 Werner Koch +- +- * pubkey.c (gcry_pk_decrypt): Implemented. +- (gcry_pk_encrypt): Implemented. +- (gcry_pk_testkey): New. +- (gcry_pk_genkey): New. +- (pubkey_decrypt): Made static. +- (pubkey_encrypt): Ditto. +- (pubkey_check_secret_key): Ditto. +- (pubkey_generate): Ditto. +- +-Mon Jan 24 13:04:28 CET 2000 Werner Koch +- +- * pubkey.c (pubkey_nbits): Removed and replaced by ... +- (gcry_pk_get_nbits): this new one. +- +-Wed Dec 8 21:58:32 CET 1999 Werner Koch +- +- * dsa.c: s/mpi_powm/gcry_mpi_powm/g +- * elgamal.c: Ditto. +- * primegen.c: Ditto. +- +- * : Replaced g10_opt_verbose by g10_log_verbosity(). +- +- * Makefile.am (INCLUDES): removed intl, add ../gcrypt +- +-Fri Nov 19 17:15:20 CET 1999 Werner Koch +- +- * dynload.c (cmp_filenames): New to replaced compare_filename() in +- module. +- (register_cipher_extension): Removed the tilde expansion stuff. +- * rndeg.c (my_make_filename): New. +- +- * : Replaced header util.h by g10lib.h +- +- * random.c (gather_faked): Replaced make_timestamp by time(2). +- Disabled wrning printed with tty_printf. +- * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx; +- this should be replaced by a callback function. +- +- * primegen.c (gen_prime): Use gcry_mpi_randomize. +- (is_prime): Ditto. +- * elgamal.c (test_keys): Ditto. +- * dsa.c (test_keys): Ditto. +- +- * cipher.c (gcry_cipher_close): Die on invalid handle. +- +-Mon Nov 15 21:36:02 CET 1999 Werner Koch +- +- * elgamal.c (gen_k): Use the new random API. +- (generate): Ditto. +- * dsa.c (gen_k): Ditto. +- (generate): Ditto. +- +-Sat Nov 13 17:44:23 CET 1999 Werner Koch +- +- * pubkey.c (disable_pubkey_algo): Made static. +- (gcry_pk_ctl): New. +- +- * random.c (get_random_bits): Renamed to ... +- (get_random_bytes): ... this and made static. +- (gcry_random_bytes): New. +- (gcry_random_bytes_secure): New. +- (randomize_buffer): Renamed to ... +- (gcry_randomize): ...this. +- +- * md.c (gcry_md_hash_buffer): New. +- +- * pubkey.c (gcry_pk_algo_info): 4 new commands. +- (pubkey_get_npkey): Made static. +- (pubkey_get_nskey): Made static. +- (pubkey_get_nsig): Made static. +- (pubkey_get_nenc): Made static. +- +- * pubkey.c: Removed all G10ERR_xxx. +- * cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO. +- * md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO. +- * cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx. +- * blowfish.c: Ditto. +- * des.c: Ditto. +- * twofish.c: Ditto. +- * dsa.c: Ditto. +- * elgamal.c: Ditto. +- +- * g10c.c: Removed +- +- * cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL +- if we are out of core. +- * dynload.c: Replaced all memory allocation functions. +- * md.c: Ditto. +- * primegen.c: Ditto. +- * pubkey.c: Ditto. +- * random.c: Ditto. +- * rndw32.c: Ditto. +- * elgamal.c: Ditto. +- * dsa.c: Ditto. +- +-Tue Oct 26 14:10:21 CEST 1999 Werner Koch +- +- * elgamal.c (sign): Hugh found strange code here. Replaced by BUG(). +- +- * cipher.c: Merged with gcrypt/symapi.c. +- +- * pubkey.c (string_to_pubkey_algo): Renamed function to ... +- (gcry_pk_map_name): ... this. +- (pubkey_algo_to_string): Renamed function to ... +- (gcry_pk_algo_name): ... this. +- (gcry_pk_algo_info): New. +- * pubkey.c: Merged with gcrypt/pkapi.c. +- +- * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for +- fixing this bug. +- +- * md.c: Merged with gcrypt/mdapi.c +- +-Wed Sep 15 14:39:59 CEST 1999 Michael Roth +- +- * des.c: Various speed improvements: One bit pre rotation +- trick after initial permutation (Richard Outerbridge). +- Finished test of SSLeay Tripple-DES patterns. +- +-Wed Sep 15 16:22:17 CEST 1999 Werner Koch +- +- * rndw32.c: New. +- +-Mon Sep 13 10:51:29 CEST 1999 Werner Koch +- +- * bithelp.h: New. +- * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h +- +-Tue Sep 7 16:23:36 CEST 1999 Werner Koch +- +- * Makefile.am: Fixed seds for latest egcc. By Ollivier Robert. +- +-Mon Sep 6 19:59:08 CEST 1999 Werner Koch +- +- * des.c (selftest): Add some testpattern +- +-Mon Aug 30 20:38:33 CEST 1999 Werner Koch +- +- * cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using +- in place encryption. Pointed out by Frank Stajano. +- +-Mon Jul 26 09:34:46 CEST 1999 Werner Koch +- +- * md5.c (md5_final): Fix for a SCO cpp bug. +- +-Thu Jul 15 10:15:35 CEST 1999 Werner Koch +- +- * elgamal.c (elg_check_secret_key,elg_encrypt +- elg_decrypt,elg_sign,elg_verify): Sanity check on the args. +- * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto. +- +- * pubkey.c (disable_pubkey_algo): New. +- (check_pubkey_algo2): Look at disabled algo table. +- * cipher.c (disable_cipher_algo): New. +- (check_cipher_algo): Look at disabled algo table. +- +-Wed Jul 7 13:08:40 CEST 1999 Werner Koch +- +- * Makefile.am: Support for libtool. +- +-Fri Jul 2 11:45:54 CEST 1999 Werner Koch +- +- * dsa.c (gen_k): Changed algorithm to consume less random bytes +- * elgamal.c (gen_k): Ditto. +- +- * random.c (random_dump_stats): New. +- +-Thu Jul 1 12:47:31 CEST 1999 Werner Koch +- +- * primegen.c, elgamal.c, dsa.c (progess): New and replaced all +- fputc with a call to this function. +- +-Sat Jun 26 12:15:59 CEST 1999 Werner Koch +- +- * rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs. +- +- * cipher.c (do_cbc_encrypt, do_cbc_decrypt): New. +- +- * dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra). +- * Makefile.am (install-exec-hook): Removed. +- +-Sun May 23 14:20:22 CEST 1999 Werner Koch +- +- * cipher.c (setup_cipher_table): Enable Twofish +- +- * random.c (fast_random_poll): Disable use of times() for mingw32. +- +-Mon May 17 21:54:43 CEST 1999 Werner Koch +- +- * dynload.c (register_internal_cipher_extension): Minor init fix. +- +-Tue May 4 15:47:53 CEST 1999 Werner Koch +- +- * primegen.c (gen_prime): Readded the Fermat test. Fixed the bug +- that we didn't correct for step when passing the prime to the +- Rabin-Miller test which led to bad performance (Stefan Keller). +- (check_prime): Add a first Fermat test. +- +-Sun Apr 18 10:11:28 CEST 1999 Werner Koch +- +- * cipher.c (cipher_setiv): Add ivlen arg, changed all callers. +- +- * random.c (randomize_buffer): alway use secure memory because +- we can't use m_is_secure() on a statically allocated buffer. +- +- * twofish.c: Replaced some macros by a loop to reduce text size. +- * Makefile.am (twofish): No more need for sed editing. +- +-Fri Apr 9 12:26:25 CEST 1999 Werner Koch +- +- * cipher.c (cipher_open): Reversed the changes for AUTO_CFB. +- +- * blowfish.c: Dropped the Blowfish 160 mode. +- * cipher.c (cipher_open): Ditto. +- (setup_cipher_table): Ditto. And removed support of twofish128 +- +-Wed Apr 7 20:51:39 CEST 1999 Werner Koch +- +- * random.c (get_random_bits): Can now handle requests > POOLSIZE +- +- * cipher.c (cipher_open): Now uses standard CFB for automode if +- the blocksize is gt 8 (according to rfc2440). +- +- * twofish.c: Applied Matthew Skala's patches for 256 bit key. +- +-Tue Apr 6 19:58:12 CEST 1999 Werner Koch +- +- * random.c (get_random_bits): Can now handle requests > POOLSIZE +- +- * cipher.c (cipher_open): Now uses standard CFB for automode if +- the blocksize is gt 8 (according to rfc2440). +- +-Sat Mar 20 11:44:21 CET 1999 Werner Koch +- +- * rndlinux.c (tty_printf) [IS_MODULE]: Removed. +- +- * rndegd.c (gather_random): Some fixes. +- +-Wed Mar 17 13:09:03 CET 1999 Werner Koch +- +- * rndegd.c (do_read): New. +- (gather_random): Changed the implementation. +- +-Mon Mar 8 20:47:17 CET 1999 Werner Koch +- +- * dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed. +- +-Fri Feb 26 17:55:41 CET 1999 Werner Koch +- +- * md.c: Nearly a total rewrote. +- +-Wed Feb 24 11:07:27 CET 1999 Werner Koch +- +- * cipher.c (context): Fixed alignment +- * md.c: Ditto. +- +- * rndegd.c: New +- +-Mon Feb 22 20:04:00 CET 1999 Werner Koch +- +- * rndegd.c: New. +- +-Wed Feb 10 17:15:39 CET 1999 Werner Koch +- +- * Makefile.am: Modules are now figured out by configure +- * construct.c: New. Generated by configure. Changed all modules +- to work with that. +- * sha1.h: Removed. +- * md5.h: Removed. +- +- * twofish.c: Changed interface to allow Twofish/256 +- +- * rndunix.c (start_gatherer): Die on SIGPIPE. +- +-Wed Jan 20 18:59:49 CET 1999 Werner Koch +- +- * rndunix.c (gather_random): Fix to avoid infinite loop. +- +-Sun Jan 17 11:04:33 CET 1999 Werner Koch +- +- * des.c (is_weak_key): Replace system memcmp due to bugs +- in SunOS's memcmp. +- (des_get_info): Return error on failed selftest. +- * twofish.c (twofish_setkey): Return error on failed selftest or +- invalid keylength. +- * cast5.c (cast_setkey): Ditto. +- * blowfish.c (bf_setkey): Return error on failed selftest. +- +-Tue Jan 12 11:17:18 CET 1999 Werner Koch +- +- * random.c (random_is_faked): New. +- +- * tiger.c: Only compile if we have the u64 type +- +-Sat Jan 9 16:02:23 CET 1999 Werner Koch +- +- * rndunix.c (gather_random): check for setuid. +- +- * Makefile.am: Add a way to staically link random modules +- +-Thu Jan 7 18:00:58 CET 1999 Werner Koch +- +- * md.c (md_stop_debug): Do a flush first. +- (md_open): size of buffer now depends on the secure parameter +- +-Sun Jan 3 15:28:44 CET 1999 Werner Koch +- +- * rndunix.c (start_gatherer): Fixed stupid ==/= bug +- +-1998-12-31 Geoff Keating +- +- * des.c (is_weak_key): Rewrite loop end condition. +- +-Tue Dec 29 14:41:47 CET 1998 Werner Koch +- +- * random.c: add unistd.h for getpid(). +- (RAND_MAX): Fallback value for Sun. +- +-Wed Dec 23 17:12:24 CET 1998 Werner Koch +- +- * md.c (md_copy): Reset debug. +- +-Mon Dec 14 21:18:49 CET 1998 Werner Koch +- +- * random.c (read_random_source): Changed the interface to the +- random gathering function. +- (gather_faked): Use new interface. +- * dynload.c (dynload_getfnc_fast_random_poll): Ditto. +- (dynload_getfnc_gather_random): Ditto. +- * rndlinux.c (gather_random): Ditto. +- * rndunix.c (gather_random): Ditto. +- +-Sat Dec 12 18:40:32 CET 1998 Werner Koch +- +- * dynload.c (SYMBOL_VERSION): New to cope with system which needs +- underscores. +- +- * rndunix.c: Rewrote large parts +- +-Thu Dec 10 20:15:36 CET 1998 Werner Koch +- +- * dynload.c (load_extension): increased needed verbosity level. +- +- * random.c (fast_random_poll): Fallback to a default fast random +- poll function. +- (read_random_source): Always use the faked entroy gatherer if no +- gather module is available. +- * rndlinux.c (fast_poll): Removed. +- * rndunix.c (fast_poll): Removed. +- +- +-Wed Nov 25 12:33:41 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rand-*.c: Removed. +- * rndlinux.c : New. +- * rndunix.c : New. +- * random.c : Restructured the interface to the gather modules. +- (intialize): Call constructor functions +- (read_radnom_source): Moved to here. +- * dynload.c (dynload_getfnc_gather_random): New. +- (dynload_getfnc_fast_random_poll): New. +- (register_internal_cipher_extension): New. +- (register_cipher_extension): Support of internal modules. +- +-Sun Nov 8 17:44:36 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rand-unix.c (read_random_source): Removed the assert. +- +-Mon Oct 19 18:34:30 1998 me,,, (wk@tobold) +- +- * pubkey.c: Hack to allow us to give some info about RSA keys back. +- +-Thu Oct 15 11:47:57 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * dynload.c: Support for DLD +- +-Wed Oct 14 12:13:07 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rand-unix.c: Now uses names from configure for /dev/random. +- +-1998-10-10 SL Baur +- +- * Makefile.am: fix sed -O substitutions to catch -O6, etc. +- +-Tue Oct 6 10:06:32 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-) +- * rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto. +- +-Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * md.c (md_digest): New. +- (md_reset): New. +- +-Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned. +- +-Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none)) +- +- * des.c: Some patches from Michael. +- +-Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none)) +- +- * des.c : New file from Michael Roth +- +-Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none)) +- +- * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys. +- +-Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none)) +- +- * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined. +- +-Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none)) +- +- * Makefile.am: Fixes to allow a different build directory +- +-Thu Aug 6 17:25:38 1998 Werner Koch,mobil,,, (wk@tobold) +- +- * random.c (get_random_byte): Removed and changed all callers +- to use get_random_bits() +- +-Mon Jul 27 10:30:22 1998 Werner Koch (wk@(none)) +- +- * cipher.c : Support for other blocksizes +- (cipher_get_blocksize): New. +- * twofish.c: New. +- * Makefile.am: Add twofish module. +- +-Mon Jul 13 21:30:52 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * random.c (read_pool): Simple alloc if secure_alloc is not set. +- (get_random_bits): Ditto. +- +-Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * dynload.c (load_extension): Function now nbails out if +- the program is run setuid. +- +-Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rmd160.c (rmd160_hash_buffer): New. +- +-Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * cipher.c (cipher_open): algos >=100 use standard CFB +- +-Thu Jun 25 11:18:25 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * Makefile.am: Support for extensions +- +-Thu Jun 18 12:09:38 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * random.c (mix_pool): simpler handling for level 0 +- +-Mon Jun 15 14:40:48 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * tiger.c: Removed from dist, will reappear as dynload module +- +-Sat Jun 13 14:16:57 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * pubkey.c: Major changes to allow extensions. Changed the inteface +- of all public key ciphers and added the ability to load extensions +- on demand. +- +- * misc.c: Removed. +- +-Wed Jun 10 07:52:08 1998 Werner Koch,mobil,,, (wk@tobold) +- +- * dynload.c: New. +- * cipher.c: Major changes to allow extensions. +- +-Mon Jun 8 22:43:00 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * cipher.c: Major internal chnages to support extensions. +- * blowfish.c (blowfish_get_info): New and made all internal +- functions static, changed heder. +- * cast5.c (cast5_get_info): Likewise. +- +-Mon Jun 8 12:27:52 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * tiger.c (transform): Fix for big endian +- +- * cipher.c (do_cfb_decrypt): Big endian fix. +- +-Fri May 22 07:30:39 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * md.c (md_get_oid): Add a new one for TIGER. +- +-Thu May 21 13:24:52 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * cipher.c: Add support for a dummy cipher +- +-Thu May 14 15:40:36 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rmd160.c (transform): fixed sigbus - I should better +- add Christian von Roques's new implemenation of rmd160_write. +- +-Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New +- * random.c: Moved system specific functions to rand-****.c +- +-Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * random.c (fast_random_poll): add call to gethrtime. +- +-Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * elgamal.c (elg_generate): choosing x was not correct, could +- yield 6 bytes which are not from the random pool, tsss, tsss.. +- +-Tue May 5 14:09:06 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * primegen.c (generate_elg_prime): Add arg mode, changed all +- callers and implemented mode 1. +- +-Mon Apr 27 14:41:58 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * cipher.c (cipher_get_keylen): New. +- +-Sun Apr 26 14:44:52 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * tiger.c, tiger.h: New. +- +-Wed Apr 8 14:57:11 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * misc.c (check_pubkey_algo2): New. +- +-Tue Apr 7 18:46:49 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * cipher.c: New +- * misc.c (check_cipher_algo): Moved to cipher.c +- * cast5.c: Moved many functions to cipher.c +- * blowfish.c: Likewise. +- +-Sat Apr 4 19:52:08 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * cast5.c: Implemented and tested. +- +-Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * elgamal.c (elg_generate): Faster generation of x in some cases. +- +-Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * blowfish.c (blowfish_decode_cfb): changed XOR operation +- (blowfish_encode_cfb): Ditto. +- +-Thu Mar 12 14:04:05 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * sha1.c (transform): Rewrote +- +- * blowfish.c (encrypt): Unrolled for rounds == 16 +- (decrypt): Ditto. +- +-Tue Mar 10 16:32:08 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rmd160.c (transform): Unrolled the loop. +- +-Tue Mar 10 13:05:14 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * random.c (read_pool): Add pool_balance stuff. +- (get_random_bits): New. +- +- * elgamal.c (elg_generate): Now uses get_random_bits to generate x. +- +- +-Tue Mar 10 11:33:51 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * md.c (md_digest_length): New. +- +-Tue Mar 10 11:27:41 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * dsa.c (dsa_verify): Works. +- +-Mon Mar 9 12:59:08 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * dsa.c, dsa.h: Removed some unused code. +- +-Wed Mar 4 10:39:22 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * md.c (md_open): Add call to fast_random_poll. +- blowfish.c (blowfish_setkey): Ditto. +- +-Tue Mar 3 13:32:54 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * rmd160.c (rmd160_mixblock): New. +- * random.c: Restructured to start with a new RNG implementation. +- * random.h: New. +- +-Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * gost.c, gost.h: Removed because they did only contain trash. +- +-Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * random.c (fill_buffer): removed error message if n == -1. +- +-Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * md.c (md_enable): No init if called twice. +- +-Thu Feb 26 07:57:02 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * primegen.c (generate_elg_prime): Changed the progress printing. +- (gen_prime): Ditto. +- +-Tue Feb 24 12:28:42 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * md5.c, md.5 : Replaced by a modified version of md5.c from +- GNU textutils 1.22. +- +-Wed Feb 18 14:08:30 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * md.c, md.h : New debugging support +- +-Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de) +- +- * misc.c (cipher_algo_to_string): New +- (pubkey_algo_to_string): New. +- (digest_algo_to_string): New. +- +- +- Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +- 2007, 2008, 2009, 2010 Free Software Foundation, Inc. +- +- This file is free software; as a special exception the author gives +- unlimited permission to copy and/or distribute it, with or without +- modifications, as long as this notice is preserved. +- +- This file is distributed in the hope that it will be useful, but +- WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +- implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +diff --git a/grub-core/lib/libgcrypt/cipher/ChangeLog-2011 b/grub-core/lib/libgcrypt/cipher/ChangeLog-2011 +index 05516c9..1ce6bd1 100644 +--- a/grub-core/lib/libgcrypt/cipher/ChangeLog-2011 ++++ b/grub-core/lib/libgcrypt/cipher/ChangeLog-2011 +@@ -1,9 +1,37 @@ + 2011-12-01 Werner Koch + +- NB: ChangeLog files are no longer manually maintained. Starting +- on December 1st, 2011 we put change information only in the GIT +- commit log, and generate a top-level ChangeLog file from logs at +- "make dist". See doc/HACKING for details. ++ NB: ChangeLog files are no longer manually maintained. Starting ++ on December 1st, 2011 we put change information only in the GIT ++ commit log, and generate a top-level ChangeLog file from logs at ++ "make dist". See doc/HACKING for details. ++ ++2011-09-16 Werner Koch ++ ++ * primegen.c (_gcry_primegen_init): New. ++ ++2011-09-15 Werner Koch ++ ++ * cipher-cbc.c, cipher-cfb.c, cipher-ofb.c, cipher-ctr.c: New. ++ * cipher-aeswrap.c: New. ++ * cipher-internal.h: New. ++ * cipher.c (cipher_context_alignment_t, struct gcry_cipher_handle) ++ (CTX_MAGIC_NORMAL, CTX_MAGIC_SECURE, NEED_16BYTE_ALIGNED_CONTEXT) ++ (MAX_BLOCKSIZE): Move to cipher-internal.h. ++ (do_aeswrap_encrypt, do_aeswrap_encrypt) ++ (do_cbc_encrypt, do_cbc_decrypt, do_ctr_encrypt, do_ctr_decrypt) ++ (do_ofb_encrypt, do_ofb_decrypt, do_ctr_encrypt): Move to the ++ respective new cipher-foo.c files. ++ (do_ctr_decrypt): Remove. ++ ++2011-09-15 Werner Koch ++ ++ * pubkey.c (gcry_pk_list): Remove. ++ (gcry_pk_unregister): Remove. ++ * md.c (gcry_md_list): Remove. ++ (gcry_md_unregister): Remove. ++ * cipher.c (gcry_cipher_list): Remove. ++ (gcry_cipher_unregister): Remove. ++ * ac.c: Remove. + + 2011-06-29 Werner Koch + +@@ -4245,3 +4273,7 @@ Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de) + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ++ ++Local Variables: ++buffer-read-only: t ++End: +diff --git a/grub-core/lib/libgcrypt/cipher/Makefile.am b/grub-core/lib/libgcrypt/cipher/Makefile.am +index 76cdc96..ea9014c 100644 +--- a/grub-core/lib/libgcrypt/cipher/Makefile.am ++++ b/grub-core/lib/libgcrypt/cipher/Makefile.am +@@ -19,65 +19,317 @@ + + # Process this file with automake to produce Makefile.in + +-EXTRA_DIST = Manifest +- + # Need to include ../src in addition to top_srcdir because gcrypt.h is + # a built header. +-AM_CPPFLAGS = -I../src -I$(top_srcdir)/src ++AM_CPPFLAGS = -I../src -I$(top_srcdir)/src -I../mpi -I$(top_srcdir)/mpi + AM_CFLAGS = $(GPG_ERROR_CFLAGS) + ++AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) ++ ++EXTRA_DIST = gost-s-box.c kyber-common.c kyber-kdep.c ++ ++CLEANFILES = gost-s-box$(EXEEXT_FOR_BUILD) ++DISTCLEANFILES = gost-sb.h + + noinst_LTLIBRARIES = libcipher.la + +-GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ @GCRYPT_DIGESTS@ ++GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ \ ++ @GCRYPT_DIGESTS@ @GCRYPT_KDFS@ + + libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES) + libcipher_la_LIBADD = $(GCRYPT_MODULES) + + libcipher_la_SOURCES = \ +-cipher.c pubkey.c ac.c md.c kdf.c \ +-hmac-tests.c \ +-bithelp.h \ +-primegen.c \ +-hash-common.c hash-common.h \ +-rmd.h ++ cipher.c cipher-internal.h \ ++ cipher-cbc.c \ ++ cipher-cfb.c \ ++ cipher-ofb.c \ ++ cipher-ctr.c \ ++ cipher-aeswrap.c \ ++ cipher-ccm.c \ ++ cipher-cmac.c \ ++ cipher-gcm.c \ ++ cipher-poly1305.c \ ++ cipher-ocb.c \ ++ cipher-xts.c \ ++ cipher-eax.c \ ++ cipher-siv.c \ ++ cipher-gcm-siv.c \ ++ pubkey.c pubkey-internal.h pubkey-util.c \ ++ md.c \ ++ mac.c mac-internal.h \ ++ mac-hmac.c mac-cmac.c mac-gmac.c mac-poly1305.c \ ++ poly1305.c poly1305-internal.h \ ++ kem.c sntrup761.c sntrup761.h kyber.c kyber.h kem-ecc.c kem-ecc.h \ ++ mceliece6688128f.c mceliece6688128f.h \ ++ kdf.c kdf-internal.h \ ++ bithelp.h \ ++ bufhelp.h \ ++ bulkhelp.h \ ++ primegen.c \ ++ hash-common.c hash-common.h \ ++ dsa-common.c rsa-common.c \ ++ sha1.h + + EXTRA_libcipher_la_SOURCES = \ +-arcfour.c \ +-blowfish.c \ +-cast5.c \ +-crc.c \ +-des.c \ +-dsa.c \ +-elgamal.c \ +-ecc.c \ +-idea.c \ +-md4.c \ +-md5.c \ +-rijndael.c rijndael-tables.h \ +-rmd160.c \ +-rsa.c \ +-seed.c \ +-serpent.c \ +-sha1.c \ +-sha256.c \ +-sha512.c \ +-tiger.c \ +-whirlpool.c \ +-twofish.c \ +-rfc2268.c \ +-camellia.c camellia.h camellia-glue.c ++ asm-common-aarch64.h \ ++ asm-common-amd64.h \ ++ asm-common-i386.h \ ++ asm-common-s390x.h \ ++ asm-inline-s390x.h \ ++ asm-poly1305-aarch64.h \ ++ asm-poly1305-amd64.h \ ++ asm-poly1305-s390x.h \ ++ aria.c aria-aesni-avx-amd64.S aria-aesni-avx2-amd64.S \ ++ aria-gfni-avx512-amd64.S \ ++ arcfour.c arcfour-amd64.S \ ++ blowfish.c blowfish-amd64.S blowfish-arm.S \ ++ cast5.c cast5-amd64.S cast5-arm.S \ ++ chacha20.c chacha20-amd64-ssse3.S chacha20-amd64-avx2.S \ ++ chacha20-amd64-avx512.S chacha20-armv7-neon.S chacha20-aarch64.S \ ++ chacha20-ppc.c chacha20-s390x.S \ ++ chacha20-p10le-8x.s \ ++ cipher-gcm-ppc.c cipher-gcm-intel-pclmul.c cipher-gcm-armv7-neon.S \ ++ cipher-gcm-armv8-aarch32-ce.S cipher-gcm-armv8-aarch64-ce.S \ ++ crc.c crc-intel-pclmul.c crc-armv8-ce.c \ ++ crc-armv8-aarch64-ce.S \ ++ crc-ppc.c \ ++ des.c des-amd64.S \ ++ dsa.c \ ++ elgamal.c \ ++ ecc.c ecc-curves.c ecc-misc.c ecc-common.h \ ++ ecc-ecdh.c ecc-ecdsa.c ecc-eddsa.c ecc-gost.c ecc-sm2.c \ ++ idea.c \ ++ gost28147.c gost.h \ ++ gostr3411-94.c \ ++ md4.c \ ++ md5.c \ ++ poly1305-s390x.S poly1305-amd64-avx512.S \ ++ poly1305-p10le.s \ ++ rijndael.c rijndael-internal.h rijndael-tables.h \ ++ rijndael-aesni.c rijndael-padlock.c \ ++ rijndael-amd64.S rijndael-arm.S \ ++ rijndael-ssse3-amd64.c rijndael-ssse3-amd64-asm.S \ ++ rijndael-vaes.c rijndael-vaes-avx2-amd64.S \ ++ rijndael-vaes-i386.c rijndael-vaes-avx2-i386.S \ ++ rijndael-armv8-ce.c rijndael-armv8-aarch32-ce.S \ ++ rijndael-armv8-aarch64-ce.S rijndael-aarch64.S \ ++ rijndael-ppc.c rijndael-ppc9le.c \ ++ rijndael-p10le.c rijndael-gcm-p10le.s \ ++ rijndael-ppc-common.h rijndael-ppc-functions.h \ ++ rijndael-s390x.c \ ++ rmd160.c \ ++ rsa.c \ ++ salsa20.c salsa20-amd64.S salsa20-armv7-neon.S \ ++ scrypt.c \ ++ seed.c \ ++ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ ++ serpent-avx512-x86.c serpent-armv7-neon.S \ ++ sm4.c sm4-aesni-avx-amd64.S sm4-aesni-avx2-amd64.S \ ++ sm4-gfni-avx2-amd64.S sm4-gfni-avx512-amd64.S \ ++ sm4-aarch64.S sm4-armv8-aarch64-ce.S sm4-armv9-aarch64-sve-ce.S \ ++ sm4-ppc.c \ ++ sha1.c sha1-ssse3-amd64.S sha1-avx-amd64.S sha1-avx-bmi2-amd64.S \ ++ sha1-avx2-bmi2-amd64.S sha1-armv7-neon.S sha1-armv8-aarch32-ce.S \ ++ sha1-armv8-aarch64-ce.S sha1-intel-shaext.c \ ++ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S \ ++ sha256-avx2-bmi2-amd64.S \ ++ sha256-armv8-aarch32-ce.S sha256-armv8-aarch64-ce.S \ ++ sha256-intel-shaext.c sha256-ppc.c \ ++ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S \ ++ sha512-avx2-bmi2-amd64.S sha512-avx512-amd64.S \ ++ sha512-armv7-neon.S sha512-armv8-aarch64-ce.S sha512-arm.S \ ++ sha512-ppc.c sha512-ssse3-i386.c \ ++ sm3.c sm3-avx-bmi2-amd64.S sm3-aarch64.S sm3-armv8-aarch64-ce.S \ ++ keccak.c keccak_permute_32.h keccak_permute_64.h \ ++ keccak-armv7-neon.S keccak-amd64-avx512.S \ ++ stribog.c \ ++ tiger.c \ ++ whirlpool.c whirlpool-sse2-amd64.S \ ++ twofish.c twofish-amd64.S twofish-arm.S twofish-aarch64.S \ ++ twofish-avx2-amd64.S \ ++ rfc2268.c \ ++ camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \ ++ camellia-aesni-avx2-amd64.h \ ++ camellia-gfni-avx2-amd64.S camellia-gfni-avx512-amd64.S \ ++ camellia-vaes-avx2-amd64.S camellia-aesni-avx2-amd64.S \ ++ camellia-arm.S camellia-aarch64.S camellia-aarch64-ce.c \ ++ camellia-simd128.h camellia-ppc8le.c camellia-ppc9le.c \ ++ blake2.c \ ++ blake2b-amd64-avx2.S blake2b-amd64-avx512.S \ ++ blake2s-amd64-avx.S blake2s-amd64-avx512.S ++ ++gost28147.lo: gost-sb.h ++gost-sb.h: gost-s-box$(EXEEXT_FOR_BUILD) ++ ./gost-s-box$(EXEEXT_FOR_BUILD) $@ ++ ++gost-s-box$(EXEEXT_FOR_BUILD): gost-s-box.c ++ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) \ ++ $(CPPFLAGS_FOR_BUILD) -o $@ $(srcdir)/gost-s-box.c ++ + + if ENABLE_O_FLAG_MUNGING +-o_flag_munging = sed -e 's/-O\([2-9s][2-9s]*\)/-O1/' -e 's/-Ofast/-O1/g' ++o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /' -e 's/[[:blank:]]-Ofast/ -O1 /g' + else + o_flag_munging = cat + endif + + + # We need to lower the optimization for this module. +-tiger.o: $(srcdir)/tiger.c +- `echo $(COMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) ` ++tiger.o: $(srcdir)/tiger.c Makefile ++ `echo $(COMPILE) -c $< | $(o_flag_munging) ` + +-tiger.lo: $(srcdir)/tiger.c +- `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) ` ++tiger.lo: $(srcdir)/tiger.c Makefile ++ `echo $(LTCOMPILE) -c $< | $(o_flag_munging) ` ++ ++ ++# We need to disable instrumentation for these modules as they use cc as ++# thin assembly front-end and do not tolerate in-between function calls ++# inserted by compiler as those functions may clobber the XMM registers. ++if ENABLE_INSTRUMENTATION_MUNGING ++instrumentation_munging = sed \ ++ -e 's/-fsanitize[=,\-][=,a-z,A-Z,0-9,\,,\-]*//g' \ ++ -e 's/-fprofile[=,\-][=,a-z,A-Z,0-9,\,,\-]*//g' \ ++ -e 's/-fcoverage[=,\-][=,a-z,A-Z,0-9,\,,\-]*//g' ++else ++instrumentation_munging = cat ++endif ++ ++rijndael-aesni.o: $(srcdir)/rijndael-aesni.c Makefile ++ `echo $(COMPILE) -c $< | $(instrumentation_munging) ` ++ ++rijndael-aesni.lo: $(srcdir)/rijndael-aesni.c Makefile ++ `echo $(LTCOMPILE) -c $< | $(instrumentation_munging) ` ++ ++rijndael-ssse3-amd64.o: $(srcdir)/rijndael-ssse3-amd64.c Makefile ++ `echo $(COMPILE) -c $< | $(instrumentation_munging) ` ++ ++rijndael-ssse3-amd64.lo: $(srcdir)/rijndael-ssse3-amd64.c Makefile ++ `echo $(LTCOMPILE) -c $< | $(instrumentation_munging) ` ++ ++cipher-gcm-intel-pclmul.o: $(srcdir)/cipher-gcm-intel-pclmul.c Makefile ++ `echo $(COMPILE) -c $< | $(instrumentation_munging) ` ++ ++cipher-gcm-intel-pclmul.lo: $(srcdir)/cipher-gcm-intel-pclmul.c Makefile ++ `echo $(LTCOMPILE) -c $< | $(instrumentation_munging) ` ++ ++sha1-intel-shaext.o: $(srcdir)/sha1-intel-shaext.c Makefile ++ `echo $(COMPILE) -c $< | $(instrumentation_munging) ` ++ ++sha1-intel-shaext.lo: $(srcdir)/sha1-intel-shaext.c Makefile ++ `echo $(LTCOMPILE) -c $< | $(instrumentation_munging) ` ++ ++sha256-intel-shaext.o: $(srcdir)/sha256-intel-shaext.c Makefile ++ `echo $(COMPILE) -c $< | $(instrumentation_munging) ` ++ ++sha256-intel-shaext.lo: $(srcdir)/sha256-intel-shaext.c Makefile ++ `echo $(LTCOMPILE) -c $< | $(instrumentation_munging) ` ++ ++sha256-ssse3-i386.o: $(srcdir)/sha256-ssse3-i386.c Makefile ++ `echo $(COMPILE) -c $< | $(instrumentation_munging) ` ++ ++sha256-ssse3-i386.lo: $(srcdir)/sha256-ssse3-i386.c Makefile ++ `echo $(LTCOMPILE) -c $< | $(instrumentation_munging) ` ++ ++crc-intel-pclmul.o: $(srcdir)/crc-intel-pclmul.c Makefile ++ `echo $(COMPILE) -c $< | $(instrumentation_munging) ` ++ ++crc-intel-pclmul.lo: $(srcdir)/crc-intel-pclmul.c Makefile ++ `echo $(LTCOMPILE) -c $< | $(instrumentation_munging) ` ++ ++if ENABLE_PPC_VCRYPTO_EXTRA_CFLAGS ++ppc_vcrypto_cflags = -O2 -maltivec -mvsx -mcrypto ++else ++ppc_vcrypto_cflags = ++endif ++ ++if ENABLE_AARCH64_NEON_INTRINSICS_EXTRA_CFLAGS ++aarch64_neon_cflags = -O2 -march=armv8-a+crypto ++else ++aarch64_neon_cflags = ++endif ++ ++rijndael-ppc.o: $(srcdir)/rijndael-ppc.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++rijndael-ppc.lo: $(srcdir)/rijndael-ppc.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++rijndael-ppc9le.o: $(srcdir)/rijndael-ppc9le.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++rijndael-ppc9le.lo: $(srcdir)/rijndael-ppc9le.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++rijndael-p10le.o: $(srcdir)/rijndael-p10le.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++rijndael-p10le.lo: $(srcdir)/rijndael-p10le.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++sha256-ppc.o: $(srcdir)/sha256-ppc.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++sha256-ppc.lo: $(srcdir)/sha256-ppc.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++sha512-ppc.o: $(srcdir)/sha512-ppc.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++sha512-ppc.lo: $(srcdir)/sha512-ppc.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++chacha20-ppc.o: $(srcdir)/chacha20-ppc.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++chacha20-ppc.lo: $(srcdir)/chacha20-ppc.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++crc-ppc.o: $(srcdir)/crc-ppc.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++crc-ppc.lo: $(srcdir)/crc-ppc.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++cipher-gcm-ppc.o: $(srcdir)/cipher-gcm-ppc.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++cipher-gcm-ppc.lo: $(srcdir)/cipher-gcm-ppc.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++camellia-ppc8le.o: $(srcdir)/camellia-ppc8le.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++camellia-ppc8le.lo: $(srcdir)/camellia-ppc8le.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++camellia-ppc9le.o: $(srcdir)/camellia-ppc9le.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++camellia-ppc9le.lo: $(srcdir)/camellia-ppc9le.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++camellia-aarch64-ce.o: $(srcdir)/camellia-aarch64-ce.c Makefile ++ `echo $(COMPILE) $(aarch64_neon_cflags) -c $< | $(instrumentation_munging) ` ++ ++camellia-aarch64-ce.lo: $(srcdir)/camellia-aarch64-ce.c Makefile ++ `echo $(LTCOMPILE) $(aarch64_neon_cflags) -c $< | $(instrumentation_munging) ` ++ ++sm4-ppc.o: $(srcdir)/sm4-ppc.c Makefile ++ `echo $(COMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++sm4-ppc.lo: $(srcdir)/sm4-ppc.c Makefile ++ `echo $(LTCOMPILE) $(ppc_vcrypto_cflags) -c $< | $(instrumentation_munging) ` ++ ++ ++if ENABLE_X86_AVX512_INTRINSICS_EXTRA_CFLAGS ++avx512f_cflags = -mavx512f ++else ++avx512f_cflags = ++endif ++ ++serpent-avx512-x86.o: $(srcdir)/serpent-avx512-x86.c Makefile ++ `echo $(COMPILE) $(avx512f_cflags) -c $< | $(instrumentation_munging) ` ++ ++serpent-avx512-x86.lo: $(srcdir)/serpent-avx512-x86.c Makefile ++ `echo $(LTCOMPILE) $(avx512f_cflags) -c $< | $(instrumentation_munging) ` +diff --git a/grub-core/lib/libgcrypt/cipher/Manifest b/grub-core/lib/libgcrypt/cipher/Manifest +deleted file mode 100644 +index 0cd64f7..0000000 +--- a/grub-core/lib/libgcrypt/cipher/Manifest ++++ /dev/null +@@ -1,73 +0,0 @@ +-# Manifest - checksums of the cipher directory +-# Copyright 2003 Free Software Foundation, Inc. +-# +-# This file is part of Libgcrypt. +-# +-# Libgcrypt is free software; you can redistribute it and/or modify +-# it under the terms of the GNU Lesser general Public License as +-# published by the Free Software Foundation; either version 2.1 of +-# the License, or (at your option) any later version. +-# +-# Libgcrypt is distributed in the hope that it will be useful, +-# but WITHOUT ANY WARRANTY; without even the implied warranty of +-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-# GNU Lesser General Public License for more details. +-# +-# You should have received a copy of the GNU Lesser General Public +-# License along with this program; if not, write to the Free Software +-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +- +-# Checksums for all source files in this directory. Format is +-# filename, blanks, base-64 part of an OpenPGP detached signature +-# without the header lines. Blank lines and lines beginning with a +-# hash mark are ignored. A tool to process this file is available by +-# cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool +-# +-# The special entry "$names$" holds a signature over all sorted +-# filenames excluding itself. +- +- +-# Algorithm API +-cipher.c iQCVAwUAQDzrVjEAnp832S/7AQIPDgP+OVJ/YNWY5m7c09EBbPAzL/WsGoj6wrBNMmkRlMOqTHeh+OOtjuFHt1f9uhfM2Nzl7sJ5+h4ryZKLEZmQPRMTZTnAqkvGdsrJWJnigUA9QwYdV0ONqC9C63gpuG465gO9TZVOqlQu/FTxSRuTQYUulkaBNG71n8nZEOusBVwV2YA==58xH +-pubkey.c iQCVAwUAP9XQ3jEAnp832S/7AQJ5UgQAyHfEBvPVJ8wTRg8c7ixS2GiVmIgwIo5tvQaiQJTPWASevvYrB+2Z2qa9cATyu50ACjLzbaquGBgPzjJV3dU/qttT1gCqRuN/LCNvXFe5qnIZezejc3RAadFNTw/pOTHq0wxD1Keg66ruei9R36Nba59pEQIWIBXTfubRft2hMYk==E09t +-ac.c iQCVAwUAQDzsOzEAnp832S/7AQJCBQP/WI6EV/dsR4rmha6RVhvkjZo17kQ8z6pIl5J3cXOvqEkIFeD2HYu3HHrWST5l7yXlffhpDkVHkfMih4ruK76q6Fm0dxZ98pO4C/dVtgimlvvcy/wOQjpzsE0fYAe1BYdg81LJ09X33vW5x6C29lunfKROO2tPlV5i8ffeoFvmMF8==j26g +-md.c iQCVAwUAP+NFGjEAnp832S/7AQJs8wP/Qdk0EAKsyr3O1/pmOSN8AG4rPKbd6KDTzvoBPAN4upFwKYY4hWwvy12Q3YU9DmECrzZkRCXHR7mljVQKs6B7CRZJKjFKmOELpcJDtKvu40vTs1bOH4k9iJYZpGgRA83nkQ+ELAcphAbCA+KIpVr2K4mCJAB0FhpC2uOQ50JHAko==BeF6 +-primegen.c iQCVAwUAQDzsoDEAnp832S/7AQKYRwP/TqAQBm1rHTnF0HYE05PqXfWlOqa6EosqVpaOcs/OIW6PaqX0xH1UlrukK7jNOjK3xC4o1qNQ1UKzz2dvQaq1bMvNNizeavxAh10SJZc0hIc/ofc83IbjLh8SZVWQ67JxjsUd3DOXmSmhPZ+Pqd7cUIiw8fDoF+I9EZqy3COu1wY==1ebT +- +-# Algorithm implementations +-arcfour.c iQCVAwUAP9XR/TEAnp832S/7AQJcRwP6AlvYEx++fpT4mIYo0xRDqKEQeqMQvbaRhIg2eV74JxItpHa3q5YsYIl+n1yUz5g35JRWWXSWmAZBwO5wLKsHii4kRUhgrKWnSoQZoPpl49L5+N3R58ON3S0ru5lsBiEJEze3xplf2vqwrH9v1QHVD+gU7UTlfNqrIJoOUXN+1O4==Tq+x +-blowfish.c iQCVAwUAP9XTETEAnp832S/7AQJaEgQAgiqqfuO+zQtscgTB0rvOzVymIKjRKjYhFuLjVuc79G4z1RCAffvIn/YM2d7kt+Z/QF7zjcTAOgETCQL1XokpX2zz9HPAMi2tlDY5zsDufTNqj0n4WBL9nM7w6XAvsiwP1B3bqCTv9SjJV4KbxJ58vw1yQE+sqW74R/QIHFvC7mU==wZnX +-cast5.c iQCVAwUAP9XT6DEAnp832S/7AQJ3xgP/ehLjEN3GELGudbqeo91Xd+PqitHrkuBbtRIYX7Udd/fyXLN+h8rMJVyIQX2m+mpxbBxudVU3x8/DNT8B0ZHAwK6qqJmEBLLhEYPgIuF76i9LMrP1KqUPhAwRZ2OppjIIugBQ+rP74aD4eLyd/aKQHNuXML8QGWR6KwQShohXM5I==/BRh +-crc.c iQCVAwUAP7ouejEAnp832S/7AQIgwQQApg5Nm63tH5DQkbN+zPzMO9Ygoj3ukxfFTyTBPYSXYKMiTjEbESegaU40uN8jnz2vprcIQWcgZfzO4+opEJMcI35aPwzEk0vKOp0S/PrBLUY2rJfnDVkX5XgJFZa2Q7LLe826UEBzTVYW924utiCCe8oOaOEWVNpg1mqdknu3M9o==kz5D +-des.c iQCVAwUAQCN2oDEAnp832S/7AQL/jwP6Auoq6nZCDBjpgc9tDzuIRwa9DqyuM3gX94uvgEpUwdHszb2bG43dz03kVmcYxtj1MzXbyCeCZOwox0b2SKmLgxIbrNP6yGbzVdTj6592gDYuf/ZXmc1ZNJ1DDldcPQ0n9fXUipUPwyPaNWo3mSZaNcMKSWWzdK0J6ciG6nk7SWI==9k/t +-dsa.c iQCVAwUAP9XZHDEAnp832S/7AQLBRgP/XrBzTEYx5ccMj1MMb6sg37liEHdIyyy49zjvt6jUqxj4RuwVEN8S6v3u4q/QyJkHAi1E0EkREgENlyHW6PKWhYbcrd0vPIAN15yjnl2yqtrCrJImexUCoqJJewK0E4JOicGbabTil8MZjk+mbhEPnjJBqOkyP1w0i31pEDgE/8M==pC8s +-elgamal.c iQCVAwUAP9XbYzEAnp832S/7AQLXagQA3HrvspZfbTGgmUH0IqLQTJ0exUPxJv5DET2TvoIy62trDmMN6lTAj5P+a7jQ8udcu0w+mR2vXUHcxUpNA2PxLaMwGzNSY4zRDNe9r3SFTDrFm6m4y9Ko2e8XtEA+WF6P/XLpck4Jn7vMEDmVGPwkNd22kXFFE8dBGwG6i5Hk1Mk==oBUs +-md4.c iQCVAwUAP9h50DEAnp832S/7AQJhHgQAzNA/B6MWFDlCtPkIVaW8RpP1Eg0ZNMsy0s7SJkopOCBlu6CwXUOKe+8ppcSxhjYKh4i4uQr/QtfipYlBjzKJGnrafoF/NugXNCOHSTGT11TvK7mCiBuUMVgvZGAlOJImk6eTTfUjRrMfaXM/SWl8bdJ4ZpzdjEyVh89r7I5JrGk==x2UD +-md5.c iQCVAwUAP9h7LzEAnp832S/7AQJUGQP/c0cbf6WZXCzmjufHxiE9FAQBzTsA0WtaNqdFcHl7fhmikGtknlaED8n5a7eYd/C481UQW6Wgq/oZdsvgoPWPhG3fOCy2CFP9cZVXITuMSf0ucyZTFUJNO15fnZ+nDfsUv+JPdv1aSeRinAUtfAcSKfkSyR9BCPZvkx+tgU6cphU==Zv+h +-rijndael.c iQCVAwUAP9h9cTEAnp832S/7AQKF1AP+P2L/tPqDJRDg+/fwbOk8Ts0MNxnvvYEm3gE73TKuLt1S+B2+jkrZcKNvM5VGPnVMJbnS0lmIK04nmedHCOftGTOwhGulZAHHIaKGystT3Jql4iPws/JMgAjE7Fyxh5WZMtB9yEljKBpJ5XNqhrMvvxcHpnyP3+YzIXNwzk34V+c==dJ5k +-rmd160.c iQCVAwUAP9h+bTEAnp832S/7AQK1OgP+PNKF6Nzi6X93easVlksdLqKEsArCAw2QjGWDGyxTnbiJM55qAl9JxR1mn3V+oOL7izLLwTt6EYK9evhzfcxY5N5Mni85RAcsLPsuAfQDEzjI6GUWHtQUKPbM+BaorzfhQjYFSZyvum/dZYJ/WfiwwwhqqIKyVU2ZFSqA38YGC/c==9jdA +-rsa.c iQCVAwUAP9iHIzEAnp832S/7AQKAYwQAuWtnMte54QHN+Hij9t4sGuypXogajOb1vQQwGgS0fKsaBZsuSP2amze4o5diIvsQTsFQ4CzjvqoCVuBDoHM3xkSD8wGDizgvtCamAxkdbF7wmzldKFn8SpJqlVwWQMP6kk1IjXHEuYb4IDWGTbVMhfEu+eOlU8+PSK4IhZqNvt4==/3hp +-serpent.c iQCVAwUAP9h/VzEAnp832S/7AQLyCwP/d1zbmb7l/PriZNa9/Z7mo01XFe5MnAqCfIwhl9GjeaMszcoS37jECNq5nLvrTTFIIJpm3rvBePwiCG4Wwx1I18HCxaP198pcSaR+BLOJ3Aj52EZPrxtqlDKuFr38ZOP5giyUqUYVYGVdrz4kRMNWAZQK53GeJnGhXCnhxojLEgA==ck46 +-sha1.c iQCVAwUAP9iATTEAnp832S/7AQKcSwQAwAs/HnNqho3lU1ZUgCPNt5P2/Brm6W21+wWWGKJkSrra/c4NYVKJGDDwlsFE0b9ln1uZt7bHReFkKXK3JnrKTmNVcx/Cy64iCMRNMhaM72Mqy7wWx5yHBAmMBxzFGnNQKbmeY52zeGih5HsNLSibc2pPuOViWo2JPJ5Ci/wIwl8==/wtO +-sha256.c iQCVAwUAP9iAtzEAnp832S/7AQJD2QP/UqvL0hhjG1wEFbGrdkV9tba1sMDXdnnK6X7HdLuRpVAgNiQiFf8JDmntd/dZ2Q71p4Uae2ctqve4WoEijPUZPjACnpuZfx0SEQL0lQBkwxzJp7lz9ujVtwQ2cM/aYexJkXcWgGcloJNLM3JbWPGIJnuYbr/IwJ6RQF9vgj0357o==UWO1 +-sha512.c iQCVAwUAP9iBTDEAnp832S/7AQIPBAQA28CJSUQLiW0s2x9u8/OH2eKnxPjA4sZmb50WP7920Lem66P31C3BrOqwfBot4RLhjL+zh/+Uc4s3HPwApZuj9E4BxNMlqLv+Tqk++DAbdaOeYT4jeUt+mlhQQ6mH/RDsy32rZsNsGQ2bUGxazZmfG++PL3JyhawqCy00SUDr/o0==H+0X +-tiger.c iQCVAwUAP9iCfjEAnp832S/7AQKufwP/fryv3MqSOYY+90325DH7X3/CtekxeooN0scGsHX0fxBakWSMecTNrj33KPddLS46gU/S89zIc2N/Bw/7EVIAXVFA3/3Ip+OrFOuIMO4Py1sCdB8o2Y+5ygv8iXLcsXIq1O0av79i9g774V3uaXa2qN9ZnXe0AEhcy8FHJ2i/wro==5XVB +-twofish.c iQCVAwUAP9iD6TEAnp832S/7AQKUnQP/Rq8FaYeHTG7HbZuqAs9pbPitzjDbkdZddmInWR7NmevBkKvhsJALjVooc0KGQfo2lAAmy3Xi/4QQN8VPn51DVjDIgf7x+DQh/9TFJHMccxI9asUgi4+TNnmMqLU1k3N8S2PjyZ1sjeC8B79fKPpwCzj72WkqPkzZw3l2jArr+dU==NdJT +-rfc2268.c iQCVAwUAQCN+3jEAnp832S/7AQLv1gQA1hJh29hAjKi4uLSGxXvJ6cyYmPdmevdKrbLnuHZWtHe4xvCgy/nTdEojEpxgLp/hL/ogasuWRC1W16Wiz9ryxf7YR0uhZWayO/bQNagpfU5MIkJTLuKqqgpwYumCSQfOugXVAqcgEzj+13eeyJaFVrzwrNa67sh84nmbjOjNjvE==0zBq +- +-# Random number related +-random.c iQCVAwUAP7nsITEAnp832S/7AQK4SAQAtvfUgrtGOQ2PlxGMla0qJLPHjJacMwgq0ecusiI79elPdDsFfCCk6dK1Ug2kFbNm22nCGHNcUquqbX7noi7ZVQnmPBQXzyLNZd7GmrawRZfdlRerTUDBpSnR8V8ui/5+YYp627E7kKGC0hPSgqXFql6oBMIfno0LZwFJTjIevRY==L419 +-random.h iQCVAwUAP7ovKDEAnp832S/7AQJ3bQQAjnPebnyTC7sphAv2I7uIz+yPgw1ZfbVhLv+OiWDlO9ish+fRyyMpy+HELBOgZjJdgRegqhlZC6qyns5arM/VglYi+PzvdLO3hIqHE/YFfpIFPz8wBrcmlqrYyd3CsGqcYsfjocXNttCBLeSWmoJ09ltKQH8yzJf3oAgN6X1yuc4==eNoU +-rand-internal.h iQCVAwUAP7ouvDEAnp832S/7AQLYnAQAhdI7ERoJVCkV8GiV7MjaUxv1WIL7iZ+jIOvVhv4fNyhCGCGoEtTjkyput/lj7Nsh3FXEqRhypGGrCLf47x/gua5n+BwffogxVyUDqiOyyGhNTPpe3fQcNBvbPCtco8yMK4GJO5G3BqzlPyN+BMeogLymyV6Sm1mvh5LZDyAFbfQ==tZSE +-rndlinux.c iQCVAwUAP9iPYTEAnp832S/7AQL6/AP/ZDrbOkVuB9qJ7sKeX1MImZEsz3mi0xPovJzaBtBU7a0idcUKrWYOvQFWRlLUeq0iCT6+h2l5bniP7q7hepzlKa+VPY9VWaQthqeJm2l5LN6QQ5PyMfBq04QuBncw9BJnCGmEyTLt3RxIXBAPdxmiVxtcRIFUqCBtQvoUXGLvemw==t37k +-rndegd.c iQCVAwUAP9iPRDEAnp832S/7AQImBQP/WHKg+hKXcm1pQvilzML0jZpwK5PAMM4uBnnPJNIXWOYBO6I/Xg9d/tPLg8NlmmtyQCo2Eu0ybDSt+8mu+dWveAys+0LTi0MIqeP9BMzCKz8dnWH6+S8huLXwTF3m0IrqM0JLb6b71GK9SOq6sWQ22yW5vf61hXP8kH9dhIaoMZs==FaHV +-rndunix.c iQCVAwUAP9iQlzEAnp832S/7AQL/KgQA29GnvcD4Xb5qjDMBgW9THEE4+4lfex/6k+Fh0IT61OLJsWVLJ7bJpRntburw4uQm4Tf7CO8vaiDFDYhKKrzXeOF1fmdpcL8hA+fNp9I/MUOc4e9kN9+YJ9wikVa0SZj1OBfhzgcFLd1xOtulkr3ii52HLF9vhrxzkgVwvD10Bi8==2cML +-rndw32.c iQCVAwUAP9iRKDEAnp832S/7AQIuaAQA3AJr3WqnxNDsWCIdvehf8Suotthj+laX8nJsvDfFhXPKcXDpsg0wTTXSnnKgyED53+uYiMDnVRsxeWAyhKwvx1MjjlaSMMjzbH6isWTH8FaWpLgrxEkXoPeNqYf5FXpdUkcUxGX2RkQeuX/cIfiHLNE9CV0usaF2jysjBX2iERY==EEnO +- +-# Helper +-bithelp.h iQCVAwUAP7ouPTEAnp832S/7AQKXggQAqjcgvihIF3WclOgw1JV2rbARw4ISIDRMFqdaNCqBRx6BwEz3UGsEIlz6+iR1sS/reqN61WvtjLb+D0+tujAkGrgQJhFLG85WtG2tB5UVoI3am1fpkwiRm+bR4rv0rGk0BYk81bC7+l4KrK9o5lVp4lCsrorlUKsd48lNmBHyAXM==mDDN +-rmd.h iQCVAwUAP7oumjEAnp832S/7AQJiJQP/V4bJwjZaYndJzV+KRnIDbl1koHuw+ZK5heMYVu8Qk4ylqv//BGyeRa3jZCcfPHI35q6HilCs2VBm8hiBMjHSqY/VPn2ZQ0yg/lt6qEvl7YjsLmyMICvjG+ncszHoq9pRvnF3vTnM18sPIioXLk8fskuM0XOCNBs0ARBAQjY9UGI==olUN +- +-# Configuration +-Makefile.am iQCVAwUAQCN33TEAnp832S/7AQKFJAQAz7BDkC814q+QiuE/jnutJHR5qlgbrm3ikGbQwdRzYUscst4bCCWy3uKL/sIPGLg+JQXtF5FnsQy3s4D9BOYhp72cA9ktYK65hhi4pNm/JQ0lXkZMNfk8Go5lNzKezlWwHvkMwRXR0Fep0wPdyeaKW5BfaW2ABvgep6Bp+hHEbyg==zSyi +-$names$ iQCVAwUAQCN3EDEAnp832S/7AQJXLAP8DvHTpm5DkTF35EmzeKpi9ie59AZcZanD19ir/e/7+PaQxr2riuLHDGwFKTju+dcvvBsqrygXOC378GXVWzIF2OZwS4EdDcJ+pgojo9UpsqpKsJHouY4Ugx5cQialxba462kUn8hcihSBnMyc4LzbJ5WQ4puQuqy544d2x94+2ms==G4Ls +diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c +deleted file mode 100644 +index 63f6fcd..0000000 +--- a/grub-core/lib/libgcrypt/cipher/ac.c ++++ /dev/null +@@ -1,3301 +0,0 @@ +-/* ac.c - Alternative interface for asymmetric cryptography. +- Copyright (C) 2003, 2004, 2005, 2006 +- 2007, 2008 Free Software Foundation, Inc. +- +- This file is part of Libgcrypt. +- +- Libgcrypt is free software; you can redistribute it and/or modify +- it under the terms of the GNU Lesser general Public License as +- published by the Free Software Foundation; either version 2.1 of +- the License, or (at your option) any later version. +- +- Libgcrypt is distributed in the hope that it will be useful, +- but WITHOUT ANY WARRANTY; without even the implied warranty of +- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- GNU Lesser General Public License for more details. +- +- You should have received a copy of the GNU Lesser General Public +- License along with this program; if not, see . +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include "g10lib.h" +-#include "cipher.h" +-#include "mpi.h" +- +- +- +-/* At the moment the ac interface is a wrapper around the pk +- interface, but this might change somewhen in the future, depending +- on how many people prefer the ac interface. */ +- +-/* Mapping of flag numbers to the according strings as it is expected +- for S-expressions. */ +-static struct number_string +-{ +- int number; +- const char *string; +-} ac_flags[] = +- { +- { GCRY_AC_FLAG_NO_BLINDING, "no-blinding" }, +- }; +- +-/* The positions in this list correspond to the values contained in +- the gcry_ac_key_type_t enumeration list. */ +-static const char *ac_key_identifiers[] = +- { +- "private-key", +- "public-key" +- }; +- +-/* These specifications are needed for key-pair generation; the caller +- is allowed to pass additional, algorithm-specific `specs' to +- gcry_ac_key_pair_generate. This list is used for decoding the +- provided values according to the selected algorithm. */ +-struct gcry_ac_key_generate_spec +-{ +- int algorithm; /* Algorithm for which this flag is +- relevant. */ +- const char *name; /* Name of this flag. */ +- size_t offset; /* Offset in the cipher-specific spec +- structure at which the MPI value +- associated with this flag is to be +- found. */ +-} ac_key_generate_specs[] = +- { +- { GCRY_AC_RSA, "rsa-use-e", offsetof (gcry_ac_key_spec_rsa_t, e) }, +- { 0 } +- }; +- +-/* Handle structure. */ +-struct gcry_ac_handle +-{ +- int algorithm; /* Algorithm ID associated with this +- handle. */ +- const char *algorithm_name; /* Name of the algorithm. */ +- unsigned int flags; /* Flags, not used yet. */ +- gcry_module_t module; /* Reference to the algorithm +- module. */ +-}; +- +-/* A named MPI value. */ +-typedef struct gcry_ac_mpi +-{ +- char *name; /* Self-maintained copy of name. */ +- gcry_mpi_t mpi; /* MPI value. */ +- unsigned int flags; /* Flags. */ +-} gcry_ac_mpi_t; +- +-/* A data set, that is simply a list of named MPI values. */ +-struct gcry_ac_data +-{ +- gcry_ac_mpi_t *data; /* List of named values. */ +- unsigned int data_n; /* Number of values in DATA. */ +-}; +- +-/* A single key. */ +-struct gcry_ac_key +-{ +- gcry_ac_data_t data; /* Data in native ac structure. */ +- gcry_ac_key_type_t type; /* Type of the key. */ +-}; +- +-/* A key pair. */ +-struct gcry_ac_key_pair +-{ +- gcry_ac_key_t public; +- gcry_ac_key_t secret; +-}; +- +- +- +-/* +- * Functions for working with data sets. +- */ +- +-/* Creates a new, empty data set and store it in DATA. */ +-gcry_error_t +-_gcry_ac_data_new (gcry_ac_data_t *data) +-{ +- gcry_ac_data_t data_new; +- gcry_error_t err; +- +- if (fips_mode ()) +- return gpg_error (GPG_ERR_NOT_SUPPORTED); +- +- data_new = gcry_malloc (sizeof (*data_new)); +- if (! data_new) +- { +- err = gcry_error_from_errno (errno); +- goto out; +- } +- +- data_new->data = NULL; +- data_new->data_n = 0; +- *data = data_new; +- err = 0; +- +- out: +- +- return err; +-} +- +-/* Destroys all the entries in DATA, but not DATA itself. */ +-static void +-ac_data_values_destroy (gcry_ac_data_t data) +-{ +- unsigned int i; +- +- for (i = 0; i < data->data_n; i++) +- if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC) +- { +- gcry_mpi_release (data->data[i].mpi); +- gcry_free (data->data[i].name); +- } +-} +- +-/* Destroys the data set DATA. */ +-void +-_gcry_ac_data_destroy (gcry_ac_data_t data) +-{ +- if (data) +- { +- ac_data_values_destroy (data); +- gcry_free (data->data); +- gcry_free (data); +- } +-} +- +-/* This function creates a copy of the array of named MPIs DATA_MPIS, +- which is of length DATA_MPIS_N; the copy is stored in +- DATA_MPIS_CP. */ +-static gcry_error_t +-ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, +- gcry_ac_mpi_t **data_mpis_cp) +-{ +- gcry_ac_mpi_t *data_mpis_new; +- gcry_error_t err; +- unsigned int i; +- gcry_mpi_t mpi; +- char *label; +- +- data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); +- if (! data_mpis_new) +- { +- err = gcry_error_from_errno (errno); +- goto out; +- } +- memset (data_mpis_new, 0, sizeof (*data_mpis_new) * data_mpis_n); +- +- err = 0; +- for (i = 0; i < data_mpis_n; i++) +- { +- /* Copy values. */ +- +- label = gcry_strdup (data_mpis[i].name); +- mpi = gcry_mpi_copy (data_mpis[i].mpi); +- if (! (label && mpi)) +- { +- err = gcry_error_from_errno (errno); +- gcry_mpi_release (mpi); +- gcry_free (label); +- break; +- } +- +- data_mpis_new[i].flags = GCRY_AC_FLAG_DEALLOC; +- data_mpis_new[i].name = label; +- data_mpis_new[i].mpi = mpi; +- } +- if (err) +- goto out; +- +- *data_mpis_cp = data_mpis_new; +- err = 0; +- +- out: +- +- if (err) +- if (data_mpis_new) +- { +- for (i = 0; i < data_mpis_n; i++) +- { +- gcry_mpi_release (data_mpis_new[i].mpi); +- gcry_free (data_mpis_new[i].name); +- } +- gcry_free (data_mpis_new); +- } +- +- return err; +-} +- +-/* Create a copy of the data set DATA and store it in DATA_CP. */ +-gcry_error_t +-_gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data) +-{ +- gcry_ac_mpi_t *data_mpis = NULL; +- gcry_ac_data_t data_new; +- gcry_error_t err; +- +- if (fips_mode ()) +- return gpg_error (GPG_ERR_NOT_SUPPORTED); +- +- /* Allocate data set. */ +- data_new = gcry_malloc (sizeof (*data_new)); +- if (! data_new) +- { +- err = gcry_error_from_errno (errno); +- goto out; +- } +- +- err = ac_data_mpi_copy (data->data, data->data_n, &data_mpis); +- if (err) +- goto out; +- +- data_new->data_n = data->data_n; +- data_new->data = data_mpis; +- *data_cp = data_new; +- +- out: +- +- if (err) +- gcry_free (data_new); +- +- return err; +-} +- +-/* Returns the number of named MPI values inside of the data set +- DATA. */ +-unsigned int +-_gcry_ac_data_length (gcry_ac_data_t data) +-{ +- return data->data_n; +-} +- +- +-/* Add the value MPI to DATA with the label NAME. If FLAGS contains +- GCRY_AC_FLAG_COPY, the data set will contain copies of NAME +- and MPI. If FLAGS contains GCRY_AC_FLAG_DEALLOC or +- GCRY_AC_FLAG_COPY, the values contained in the data set will +- be deallocated when they are to be removed from the data set. */ +-gcry_error_t +-_gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags, +- const char *name, gcry_mpi_t mpi) +-{ +- gcry_error_t err; +- gcry_mpi_t mpi_cp; +- char *name_cp; +- unsigned int i; +- +- name_cp = NULL; +- mpi_cp = NULL; +- +- if (fips_mode ()) +- return gpg_error (GPG_ERR_NOT_SUPPORTED); +- +- if (flags & ~(GCRY_AC_FLAG_DEALLOC | GCRY_AC_FLAG_COPY)) +- { +- err = gcry_error (GPG_ERR_INV_ARG); +- goto out; +- } +- +- if (flags & GCRY_AC_FLAG_COPY) +- { +- /* Create copies. */ +- +- flags |= GCRY_AC_FLAG_DEALLOC; +- name_cp = gcry_strdup (name); +- mpi_cp = gcry_mpi_copy (mpi); +- if (! (name_cp && mpi_cp)) +- { +- err = gcry_error_from_errno (errno); +- goto out; +- } +- } +- +- /* Search for existing entry. */ +- for (i = 0; i < data->data_n; i++) +- if (! strcmp (name, data->data[i].name)) +- break; +- if (i < data->data_n) +- { +- /* An entry for NAME does already exist. */ +- if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC) +- { +- gcry_mpi_release (data->data[i].mpi); +- gcry_free (data->data[i].name); +- } +- } +- else +- { +- /* Create a new entry. */ +- +- gcry_ac_mpi_t *ac_mpis; +- +- ac_mpis = gcry_realloc (data->data, +- sizeof (*data->data) * (data->data_n + 1)); +- if (! ac_mpis) +- { +- err = gcry_error_from_errno (errno); +- goto out; +- } +- +- if (data->data != ac_mpis) +- data->data = ac_mpis; +- data->data_n++; +- } +- +- data->data[i].name = name_cp ? name_cp : ((char *) name); +- data->data[i].mpi = mpi_cp ? mpi_cp : mpi; +- data->data[i].flags = flags; +- err = 0; +- +- out: +- +- if (err) +- { +- gcry_mpi_release (mpi_cp); +- gcry_free (name_cp); +- } +- +- return err; +-} +- +-/* Stores the value labelled with NAME found in the data set DATA in +- MPI. The returned MPI value will be released in case +- gcry_ac_data_set is used to associate the label NAME with a +- different MPI value. */ +-gcry_error_t +-_gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags, +- const char *name, gcry_mpi_t *mpi) +-{ +- gcry_mpi_t mpi_return; +- gcry_error_t err; +- unsigned int i; +- +- if (fips_mode ()) +- return gpg_error (GPG_ERR_NOT_SUPPORTED); +- +- if (flags & ~(GCRY_AC_FLAG_COPY)) +- { +- err = gcry_error (GPG_ERR_INV_ARG); +- goto out; +- } +- +- for (i = 0; i < data->data_n; i++) +- if (! strcmp (name, data->data[i].name)) +- break; +- if (i == data->data_n) +- { +- err = gcry_error (GPG_ERR_NOT_FOUND); +- goto out; +- } +- +- if (flags & GCRY_AC_FLAG_COPY) +- { +- mpi_return = gcry_mpi_copy (data->data[i].mpi); +- if (! mpi_return) +- { +- err = gcry_error_from_errno (errno); /* FIXME? */ +- goto out; +- } +- } +- else +- mpi_return = data->data[i].mpi; +- +- *mpi = mpi_return; +- err = 0; +- +- out: +- +- return err; +-} +- +-/* Stores in NAME and MPI the named MPI value contained in the data +- set DATA with the index IDX. NAME or MPI may be NULL. The +- returned MPI value will be released in case gcry_ac_data_set is +- used to associate the label NAME with a different MPI value. */ +-gcry_error_t +-_gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags, +- unsigned int idx, +- const char **name, gcry_mpi_t *mpi) +-{ +- gcry_error_t err; +- gcry_mpi_t mpi_cp; +- char *name_cp; +- +- name_cp = NULL; +- mpi_cp = NULL; +- +- if (fips_mode ()) +- return gpg_error (GPG_ERR_NOT_SUPPORTED); +- +- if (flags & ~(GCRY_AC_FLAG_COPY)) +- { +- err = gcry_error (GPG_ERR_INV_ARG); +- goto out; +- } +- +- if (idx >= data->data_n) +- { +- err = gcry_error (GPG_ERR_INV_ARG); +- goto out; +- } +- +- if (flags & GCRY_AC_FLAG_COPY) +- { +- /* Return copies to the user. */ +- if (name) +- { +- name_cp = gcry_strdup (data->data[idx].name); +- if (! name_cp) +- { +- err = gcry_error_from_errno (errno); +- goto out; +- } +- } +- if (mpi) +- { +- mpi_cp = gcry_mpi_copy (data->data[idx].mpi); +- if (! mpi_cp) +- { +- err = gcry_error_from_errno (errno); +- goto out; +- } +- } +- } +- +- if (name) +- *name = name_cp ? name_cp : data->data[idx].name; +- if (mpi) +- *mpi = mpi_cp ? mpi_cp : data->data[idx].mpi; +- err = 0; +- +- out: +- +- if (err) +- { +- gcry_mpi_release (mpi_cp); +- gcry_free (name_cp); +- } +- +- return err; +-} +- +-/* Convert the data set DATA into a new S-Expression, which is to be +- stored in SEXP, according to the identifiers contained in +- IDENTIFIERS. */ +-gcry_error_t +-_gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, +- const char **identifiers) +-{ +- gcry_sexp_t sexp_new; +- gcry_error_t err; +- char *sexp_buffer; +- size_t sexp_buffer_n; +- size_t identifiers_n; +- const char *label; +- gcry_mpi_t mpi; +- void **arg_list; +- size_t data_n; +- unsigned int i; +- +- sexp_buffer_n = 1; +- sexp_buffer = NULL; +- arg_list = NULL; +- err = 0; +- +- if (fips_mode ()) +- return gpg_error (GPG_ERR_NOT_SUPPORTED); +- +- /* Calculate size of S-expression representation. */ +- +- i = 0; +- if (identifiers) +- while (identifiers[i]) +- { +- /* For each identifier, we add "()". */ +- sexp_buffer_n += 1 + strlen (identifiers[i]) + 1; +- i++; +- } +- identifiers_n = i; +- +- if (! identifiers_n) +- /* If there are NO identifiers, we still add surrounding braces so +- that we have a list of named MPI value lists. Otherwise it +- wouldn't be too much fun to process these lists. */ +- sexp_buffer_n += 2; +- +- data_n = _gcry_ac_data_length (data); +- for (i = 0; i < data_n; i++) +- { +- err = gcry_ac_data_get_index (data, 0, i, &label, NULL); +- if (err) +- break; +- /* For each MPI we add "(