- Adding argon2_blake2b_512_hash_buffers() as the replacement of
_gcry_digest_spec_blake2b_512.hash_buffers()
- Replacing gpg_err_code_from_errno() with GPG_ERR_*
- Removing the unsupported KDFs from _gcry_kdf_*()
Signed-off-by: Gary Lin <g...@suse.com>
---
conf/Makefile.extra-dist | 1 +
.../libgcrypt-patches/09_kdf_build_fix.patch | 230 ++++++++++++++++++
2 files changed, 231 insertions(+)
create mode 100644 grub-core/lib/libgcrypt-patches/09_kdf_build_fix.patch
diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index 49bca5577..844e54165 100644
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -43,6 +43,7 @@ EXTRA_DIST +=
grub-core/lib/libgcrypt-patches/05_disable_rsa_shake.patch
EXTRA_DIST += grub-core/lib/libgcrypt-patches/06_blake.patch
EXTRA_DIST += grub-core/lib/libgcrypt-patches/07_disable_64div.patch
EXTRA_DIST += grub-core/lib/libgcrypt-patches/08_sexp_leak.patch
+EXTRA_DIST += grub-core/lib/libgcrypt-patches/09_kdf_build_fix.patch
EXTRA_DIST +=
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
EXTRA_DIST +=
grub-core/lib/libtasn1-patches/0002-libtasn1-replace-strcat-with-strcpy-in-_asn1_str_cat.patch
diff --git a/grub-core/lib/libgcrypt-patches/09_kdf_build_fix.patch
b/grub-core/lib/libgcrypt-patches/09_kdf_build_fix.patch
new file mode 100644
index 000000000..6bc430e22
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/09_kdf_build_fix.patch
@@ -0,0 +1,230 @@
+From 8583cb1211e9f8253e072b047082b2141346fd31 Mon Sep 17 00:00:00 2001
+From: Gary Lin <g...@suse.com>
+Date: Wed, 6 Aug 2025 09:56:21 +0800
+Subject: [PATCH] kdf: Resovle the build errors
+
+- Adding argon2_blake2b_512_hash_buffers() as the replacement of
+ _gcry_digest_spec_blake2b_512.hash_buffers()
+- Replacing gpg_err_code_from_errno() with GPG_ERR_*
+- Removing the unsupported KDFs from _gcry_kdf_*()
+
+Signed-off-by: Gary Lin <g...@suse.com>
+---
+ grub-core/lib/libgcrypt-grub/cipher/kdf.c | 145 ++++------------------
+ 1 file changed, 22 insertions(+), 123 deletions(-)
+
+diff --git a/grub-core/lib/libgcrypt-grub/cipher/kdf.c
b/grub-core/lib/libgcrypt-grub/cipher/kdf.c
+index 0689f88b1..6e825d3e8 100644
+--- a/grub-core/lib/libgcrypt-grub/cipher/kdf.c
++++ b/grub-core/lib/libgcrypt-grub/cipher/kdf.c
+@@ -129,6 +129,24 @@ beswap64_block (u64 *dst)
+ #endif
+ }
+
++/* Implementation of _gcry_blake2b_512_hash_buffers */
++static void
++argon2_blake2b_512_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int
iovcnt)
++{
++ void *hd;
++
++ hd = xtrymalloc (_gcry_digest_spec_blake2b_512.contextsize);
++ if (!hd)
++ return;
++
++ _gcry_digest_spec_blake2b_512.init (hd, 0);
++ for (;iovcnt > 0; iov++, iovcnt--)
++ _gcry_digest_spec_blake2b_512.write (hd, (const char*)iov[0].data +
iov[0].off, iov[0].len);
++ _gcry_digest_spec_blake2b_512.final (hd);
++ grub_memcpy (outbuf, _gcry_digest_spec_blake2b_512.read (hd), 512 / 8);
++
++ xfree (hd);
++}
+
+ static gpg_err_code_t
+ argon2_fill_first_blocks (argon2_ctx_t a)
+@@ -195,7 +213,7 @@ argon2_fill_first_blocks (argon2_ctx_t a)
+ iov_count++;
+ }
+
+- _gcry_digest_spec_blake2b_512.hash_buffers (h0_01_i, 64, iov, iov_count);
++ argon2_blake2b_512_hash_buffers (h0_01_i, iov, iov_count);
+
+ for (i = 0; i < a->lanes; i++)
+ {
+@@ -242,7 +260,7 @@ argon2_init (argon2_ctx_t a, unsigned int parallelism,
+ block = xtrymalloc (1024 * memory_blocks);
+ if (!block)
+ {
+- ec = gpg_err_code_from_errno (errno);
++ ec = GPG_ERR_OUT_OF_MEMORY;
+ return ec;
+ }
+ memset (block, 0, 1024 * memory_blocks);
+@@ -250,7 +268,7 @@ argon2_init (argon2_ctx_t a, unsigned int parallelism,
+ thread_data = xtrymalloc (a->lanes * sizeof (struct argon2_thread_data));
+ if (!thread_data)
+ {
+- ec = gpg_err_code_from_errno (errno);
++ ec = GPG_ERR_OUT_OF_MEMORY;
+ xfree (block);
+ return ec;
+ }
+@@ -601,7 +619,7 @@ argon2_open (gcry_kdf_hd_t *hd, int subalgo,
+ n = offsetof (struct argon2_context, out) + taglen;
+ a = xtrymalloc (n);
+ if (!a)
+- return gpg_err_code_from_errno (errno);
++ return GPG_ERR_OUT_OF_MEMORY;
+
+ a->algo = GCRY_KDF_ARGON2;
+ a->hash_type = hash_type;
+@@ -798,64 +816,6 @@ _gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo,
+ key, keylen, ad, adlen);
+ break;
+
+- case GCRY_KDF_BALLOON:
+- if (!inputlen || !saltlen || keylen || adlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)key;
+- (void)ad;
+- ec = balloon_open (hd, subalgo, param, paramlen,
+- input, inputlen, salt, saltlen);
+- }
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF:
+- if (!inputlen || !paramlen || !adlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)salt;
+- (void)key;
+- ec = onestep_kdf_open (hd, subalgo, param, paramlen,
+- input, inputlen, ad, adlen);
+- }
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF_MAC:
+- if (!inputlen || !paramlen || !keylen || !adlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)salt;
+- ec = onestep_kdf_mac_open (hd, subalgo, param, paramlen,
+- input, inputlen, key, keylen, ad, adlen);
+- }
+- break;
+-
+- case GCRY_KDF_HKDF:
+- if (!inputlen || !paramlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)salt;
+- ec = hkdf_open (hd, subalgo, param, paramlen,
+- input, inputlen, key, keylen, ad, adlen);
+- }
+- break;
+-
+- case GCRY_KDF_X963_KDF:
+- if (!inputlen || !paramlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)salt;
+- (void)key;
+- ec = x963_kdf_open (hd, subalgo, param, paramlen,
+- input, inputlen, ad, adlen);
+- }
+- break;
+-
+ default:
+ ec = GPG_ERR_UNKNOWN_ALGORITHM;
+ break;
+@@ -875,26 +835,6 @@ _gcry_kdf_compute (gcry_kdf_hd_t h, const struct
gcry_kdf_thread_ops *ops)
+ ec = argon2_compute ((argon2_ctx_t)(void *)h, ops);
+ break;
+
+- case GCRY_KDF_BALLOON:
+- ec = balloon_compute_all ((balloon_ctx_t)(void *)h, ops);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF:
+- ec = onestep_kdf_compute ((onestep_kdf_ctx_t)(void *)h, ops);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF_MAC:
+- ec = onestep_kdf_mac_compute ((onestep_kdf_mac_ctx_t)(void *)h, ops);
+- break;
+-
+- case GCRY_KDF_HKDF:
+- ec = hkdf_compute ((hkdf_ctx_t)(void *)h, ops);
+- break;
+-
+- case GCRY_KDF_X963_KDF:
+- ec = x963_kdf_compute ((x963_kdf_ctx_t)(void *)h, ops);
+- break;
+-
+ default:
+ ec = GPG_ERR_UNKNOWN_ALGORITHM;
+ break;
+@@ -915,27 +855,6 @@ _gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void
*result)
+ ec = argon2_final ((argon2_ctx_t)(void *)h, resultlen, result);
+ break;
+
+- case GCRY_KDF_BALLOON:
+- ec = balloon_final ((balloon_ctx_t)(void *)h, resultlen, result);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF:
+- ec = onestep_kdf_final ((onestep_kdf_ctx_t)(void *)h, resultlen,
result);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF_MAC:
+- ec = onestep_kdf_mac_final ((onestep_kdf_mac_ctx_t)(void *)h,
+- resultlen, result);
+- break;
+-
+- case GCRY_KDF_HKDF:
+- ec = hkdf_final ((hkdf_ctx_t)(void *)h, resultlen, result);
+- break;
+-
+- case GCRY_KDF_X963_KDF:
+- ec = x963_kdf_final ((x963_kdf_ctx_t)(void *)h, resultlen, result);
+- break;
+-
+ default:
+ ec = GPG_ERR_UNKNOWN_ALGORITHM;
+ break;
+@@ -953,26 +872,6 @@ _gcry_kdf_close (gcry_kdf_hd_t h)
+ argon2_close ((argon2_ctx_t)(void *)h);
+ break;
+
+- case GCRY_KDF_BALLOON:
+- balloon_close ((balloon_ctx_t)(void *)h);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF:
+- onestep_kdf_close ((onestep_kdf_ctx_t)(void *)h);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF_MAC:
+- onestep_kdf_mac_close ((onestep_kdf_mac_ctx_t)(void *)h);
+- break;
+-
+- case GCRY_KDF_HKDF:
+- hkdf_close ((hkdf_ctx_t)(void *)h);
+- break;
+-
+- case GCRY_KDF_X963_KDF:
+- x963_kdf_close ((x963_kdf_ctx_t)(void *)h);
+- break;
+-
+ default:
+ break;
+ }
+--
+2.43.0
+
--
2.43.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
