libgcrypt/kdf: Remove unsupported KDFs

Clean up _gcry_kdf_*() to remove unsupported KDFs. Signed-off-by: Gary Lin <glin@suse.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2025-10-15 11:00:20 +08:00 · 2025-10-15 11:00:20 +08:00 · 93544861bc
commit 93544861bc
parent 1ff7206417
2 changed files with 167 additions and 0 deletions
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@ -45,6 +45,7 @@ EXTRA_DIST += grub-core/lib/libgcrypt-patches/07_disable_64div.patch
 EXTRA_DIST += grub-core/lib/libgcrypt-patches/08_sexp_leak.patch
 EXTRA_DIST += grub-core/lib/libgcrypt-patches/09-blake2b-hash-buffers.patch
 EXTRA_DIST += grub-core/lib/libgcrypt-patches/10-kdf-use-GPG-errs.patch
+EXTRA_DIST += grub-core/lib/libgcrypt-patches/11-kdf-remove-unsupported-kdfs.patch

 EXTRA_DIST += grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
 EXTRA_DIST += grub-core/lib/libtasn1-patches/0002-libtasn1-replace-strcat-with-strcpy-in-_asn1_str_cat.patch
--- a/grub-core/lib/libgcrypt-patches/11-kdf-remove-unsupported-kdfs.patch
+++ b/grub-core/lib/libgcrypt-patches/11-kdf-remove-unsupported-kdfs.patch
@ -0,0 +1,166 @@
+From fc9c57f54fd28685f7df79e53078e1dc9e44f964 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Mon, 25 Aug 2025 16:00:17 +0800
+Subject: [PATCH 3/4] libgcrypt/kdf: Remove unsupported KDFs
+
+Clean up _gcry_kdf_*() to remove unsupported KDFs.
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ grub-core/lib/libgcrypt-grub/cipher/kdf.c | 119 ----------------------
+ 1 file changed, 119 deletions(-)
+
+diff --git a/grub-core/lib/libgcrypt-grub/cipher/kdf.c b/grub-core/lib/libgcrypt-grub/cipher/kdf.c
+index 6e0351d8a..c51a70eff 100644
+--- a/grub-core/lib/libgcrypt-grub/cipher/kdf.c
+++ b/grub-core/lib/libgcrypt-grub/cipher/kdf.c
+@@ -821,64 +821,6 @@ _gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo,
+                           key, keylen, ad, adlen);
+       break;
+ 
+-    case GCRY_KDF_BALLOON:
+-      if (!inputlen || !saltlen || keylen || adlen)
+-        ec = GPG_ERR_INV_VALUE;
+-      else
+-        {
+-          (void)key;
+-          (void)ad;
+-          ec = balloon_open (hd, subalgo, param, paramlen,
+-                             input, inputlen, salt, saltlen);
+-        }
+-      break;
+-
+-    case GCRY_KDF_ONESTEP_KDF:
+-      if (!inputlen || !paramlen || !adlen)
+-        ec = GPG_ERR_INV_VALUE;
+-      else
+-        {
+-          (void)salt;
+-          (void)key;
+-          ec = onestep_kdf_open (hd, subalgo, param, paramlen,
+-                                 input, inputlen, ad, adlen);
+-        }
+-      break;
+-
+-    case GCRY_KDF_ONESTEP_KDF_MAC:
+-      if (!inputlen || !paramlen || !keylen || !adlen)
+-        ec = GPG_ERR_INV_VALUE;
+-      else
+-        {
+-          (void)salt;
+-          ec = onestep_kdf_mac_open (hd, subalgo, param, paramlen,
+-                                     input, inputlen, key, keylen, ad, adlen);
+-        }
+-      break;
+-
+-    case GCRY_KDF_HKDF:
+-      if (!inputlen || !paramlen)
+-        ec = GPG_ERR_INV_VALUE;
+-      else
+-        {
+-          (void)salt;
+-          ec = hkdf_open (hd, subalgo, param, paramlen,
+-                          input, inputlen, key, keylen, ad, adlen);
+-        }
+-      break;
+-
+-    case GCRY_KDF_X963_KDF:
+-      if (!inputlen || !paramlen)
+-        ec = GPG_ERR_INV_VALUE;
+-      else
+-        {
+-          (void)salt;
+-          (void)key;
+-          ec = x963_kdf_open (hd, subalgo, param, paramlen,
+-                              input, inputlen, ad, adlen);
+-        }
+-      break;
+-
+     default:
+       ec = GPG_ERR_UNKNOWN_ALGORITHM;
+       break;
+@@ -898,26 +840,6 @@ _gcry_kdf_compute (gcry_kdf_hd_t h, const struct gcry_kdf_thread_ops *ops)
+       ec = argon2_compute ((argon2_ctx_t)(void *)h, ops);
+       break;
+ 
+-    case GCRY_KDF_BALLOON:
+-      ec = balloon_compute_all ((balloon_ctx_t)(void *)h, ops);
+-      break;
+-
+-    case GCRY_KDF_ONESTEP_KDF:
+-      ec = onestep_kdf_compute ((onestep_kdf_ctx_t)(void *)h, ops);
+-      break;
+-
+-    case GCRY_KDF_ONESTEP_KDF_MAC:
+-      ec = onestep_kdf_mac_compute ((onestep_kdf_mac_ctx_t)(void *)h, ops);
+-      break;
+-
+-    case GCRY_KDF_HKDF:
+-      ec = hkdf_compute ((hkdf_ctx_t)(void *)h, ops);
+-      break;
+-
+-    case GCRY_KDF_X963_KDF:
+-      ec = x963_kdf_compute ((x963_kdf_ctx_t)(void *)h, ops);
+-      break;
+-
+     default:
+       ec = GPG_ERR_UNKNOWN_ALGORITHM;
+       break;
+@@ -938,27 +860,6 @@ _gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void *result)
+       ec = argon2_final ((argon2_ctx_t)(void *)h, resultlen, result);
+       break;
+ 
+-    case GCRY_KDF_BALLOON:
+-      ec = balloon_final ((balloon_ctx_t)(void *)h, resultlen, result);
+-      break;
+-
+-    case GCRY_KDF_ONESTEP_KDF:
+-      ec = onestep_kdf_final ((onestep_kdf_ctx_t)(void *)h, resultlen, result);
+-      break;
+-
+-    case GCRY_KDF_ONESTEP_KDF_MAC:
+-      ec = onestep_kdf_mac_final ((onestep_kdf_mac_ctx_t)(void *)h,
+-                                  resultlen, result);
+-      break;
+-
+-    case GCRY_KDF_HKDF:
+-      ec = hkdf_final ((hkdf_ctx_t)(void *)h, resultlen, result);
+-      break;
+-
+-    case GCRY_KDF_X963_KDF:
+-      ec = x963_kdf_final ((x963_kdf_ctx_t)(void *)h, resultlen, result);
+-      break;
+-
+     default:
+       ec = GPG_ERR_UNKNOWN_ALGORITHM;
+       break;
+@@ -976,26 +877,6 @@ _gcry_kdf_close (gcry_kdf_hd_t h)
+       argon2_close ((argon2_ctx_t)(void *)h);
+       break;
+ 
+-    case GCRY_KDF_BALLOON:
+-      balloon_close ((balloon_ctx_t)(void *)h);
+-      break;
+-
+-    case GCRY_KDF_ONESTEP_KDF:
+-      onestep_kdf_close ((onestep_kdf_ctx_t)(void *)h);
+-      break;
+-
+-    case GCRY_KDF_ONESTEP_KDF_MAC:
+-      onestep_kdf_mac_close ((onestep_kdf_mac_ctx_t)(void *)h);
+-      break;
+-
+-    case GCRY_KDF_HKDF:
+-      hkdf_close ((hkdf_ctx_t)(void *)h);
+-      break;
+-
+-    case GCRY_KDF_X963_KDF:
+-      x963_kdf_close ((x963_kdf_ctx_t)(void *)h);
+-      break;
+-
+     default:
+       break;
+     }
+-- 
+2.51.0
+