On 10/2/25 8:30 AM, Sudhakar Kuppusamy wrote:
From: Daniel Axtens <[email protected]>
The way gcry_rsa and friends (the asymmetric ciphers) are loaded for the
pgp module is a bit quirky.
include/grub/crypto.h contains:
extern struct gcry_pk_spec *grub_crypto_pk_rsa;
commands/pgp.c contains the actual storage:
struct gcry_pk_spec *grub_crypto_pk_rsa;
And the module itself saves to the storage in pgp.c:
GRUB_MOD_INIT(gcry_rsa)
{
grub_crypto_pk_rsa = &_gcry_pubkey_spec_rsa;
}
This is annoying: gcry_rsa now has a dependency on pgp!
We want to be able to bring in gcry_rsa without bringing in PGP, so move the
storage to crypto.c.
Previously, gcry_rsa depended on pgp and mpi. Now it depends on crypto and mpi.
As pgp depends on crypto, this doesn't add any new module dependencies using
the PGP verfier.
[FWIW, the story is different for the symmetric ciphers. cryptodisk and friends
(zfs encryption etc) use grub_crypto_lookup_cipher_by_name() to get a cipher
handle. That depends on grub_ciphers being populated by people calling
grub_cipher_register. import_gcry.py ensures that the symmetric ciphers call
it.]
Signed-off-by: Daniel Axtens <[email protected]>
Signed-off-by: Sudhakar Kuppusamy <[email protected]>
Reviewed-by: Stefan Berger <[email protected]>
Reviewed-by: Vladimir Serbinenko <[email protected]>
Reviewed-by: Avnish Chouhan <[email protected]>
Reviewed-by: Daniel Kiper <[email protected]>
---
grub-core/commands/pgp.c | 4 ----
grub-core/lib/crypto.c | 4 ++++
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
index e61887862..251ed1b06 100644
--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
@@ -136,10 +136,6 @@ struct signature_v4_header
grub_uint16_t hashed_sub;
} GRUB_PACKED;
-struct gcry_pk_spec *grub_crypto_pk_dsa;
-struct gcry_pk_spec *grub_crypto_pk_ecdsa;
-struct gcry_pk_spec *grub_crypto_pk_rsa;
-
struct
{
const char *name;
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index dd60dd4ac..292b747b2 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -170,6 +170,10 @@ grub_md_unregister (gcry_md_spec_t *cipher)
}
}
+struct gcry_pk_spec *grub_crypto_pk_dsa;
+struct gcry_pk_spec *grub_crypto_pk_ecdsa;
+struct gcry_pk_spec *grub_crypto_pk_rsa;
+
void
grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in,
grub_size_t inlen)
Again,
Reviewed-by: Stefan Berger <[email protected]>
_______________________________________________
Grub-devel mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/grub-devel
