|
 |
bd7cb17 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
bd7cb17 |
From: Daniel Axtens <dja@axtens.net>
|
|
|
bd7cb17 |
Date: Fri, 2 Oct 2020 10:49:26 +1000
|
|
|
bd7cb17 |
Subject: [PATCH] crypto: move storage for grub_crypto_pk_* to crypto.c
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
The way gcry_rsa and friends (the asymmetric ciphers) are loaded for the
|
|
|
bd7cb17 |
pgp module is a bit quirky.
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
include/grub/crypto.h contains:
|
|
|
bd7cb17 |
extern struct gcry_pk_spec *grub_crypto_pk_rsa;
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
commands/pgp.c contains the actual storage:
|
|
|
bd7cb17 |
struct gcry_pk_spec *grub_crypto_pk_rsa;
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
And the module itself saves to the storage in pgp.c:
|
|
|
bd7cb17 |
GRUB_MOD_INIT(gcry_rsa)
|
|
|
bd7cb17 |
{
|
|
|
bd7cb17 |
grub_crypto_pk_rsa = &_gcry_pubkey_spec_rsa;
|
|
|
bd7cb17 |
}
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
This is annoying: gcry_rsa now has a dependency on pgp!
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
We want to be able to bring in gcry_rsa without bringing in PGP,
|
|
|
bd7cb17 |
so move the storage to crypto.c.
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
Previously, gcry_rsa depended on pgp and mpi. Now it depends on
|
|
|
bd7cb17 |
crypto and mpi. As pgp depends on crypto, this doesn't add any new
|
|
|
bd7cb17 |
module dependencies using the PGP verfier.
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
[FWIW, the story is different for the symmetric ciphers. cryptodisk
|
|
|
bd7cb17 |
and friends (zfs encryption etc) use grub_crypto_lookup_cipher_by_name()
|
|
|
bd7cb17 |
to get a cipher handle. That depends on grub_ciphers being populated
|
|
|
bd7cb17 |
by people calling grub_cipher_register. import_gcry.py ensures that the
|
|
|
bd7cb17 |
symmetric ciphers call it.]
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
bd7cb17 |
---
|
|
|
bd7cb17 |
grub-core/commands/pgp.c | 4 ----
|
|
|
bd7cb17 |
grub-core/lib/crypto.c | 4 ++++
|
|
|
bd7cb17 |
2 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
|
|
|
bd7cb17 |
index 2408db4994f..355a43844ac 100644
|
|
|
bd7cb17 |
--- a/grub-core/commands/pgp.c
|
|
|
bd7cb17 |
+++ b/grub-core/commands/pgp.c
|
|
|
bd7cb17 |
@@ -147,10 +147,6 @@ const char *hashes[] = {
|
|
|
bd7cb17 |
[0x0b] = "sha224"
|
|
|
bd7cb17 |
};
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
-struct gcry_pk_spec *grub_crypto_pk_dsa;
|
|
|
bd7cb17 |
-struct gcry_pk_spec *grub_crypto_pk_ecdsa;
|
|
|
bd7cb17 |
-struct gcry_pk_spec *grub_crypto_pk_rsa;
|
|
|
bd7cb17 |
-
|
|
|
bd7cb17 |
static int
|
|
|
bd7cb17 |
dsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval,
|
|
|
bd7cb17 |
const gcry_md_spec_t *hash, struct grub_public_subkey *sk);
|
|
|
bd7cb17 |
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
|
|
|
bd7cb17 |
index ca334d5a40e..c578128a59d 100644
|
|
|
bd7cb17 |
--- a/grub-core/lib/crypto.c
|
|
|
bd7cb17 |
+++ b/grub-core/lib/crypto.c
|
|
|
bd7cb17 |
@@ -121,6 +121,10 @@ grub_md_unregister (gcry_md_spec_t *cipher)
|
|
|
bd7cb17 |
}
|
|
|
bd7cb17 |
}
|
|
|
bd7cb17 |
|
|
|
bd7cb17 |
+struct gcry_pk_spec *grub_crypto_pk_dsa;
|
|
|
bd7cb17 |
+struct gcry_pk_spec *grub_crypto_pk_ecdsa;
|
|
|
bd7cb17 |
+struct gcry_pk_spec *grub_crypto_pk_rsa;
|
|
|
bd7cb17 |
+
|
|
|
bd7cb17 |
void
|
|
|
bd7cb17 |
grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in,
|
|
|
bd7cb17 |
grub_size_t inlen)
|