Fix ZFS crypto error types.

	* grub-core/fs/zfs/zfscrypt.c (grub_ccm_decrypt): Fix return type.
	(grub_gcm_decrypt): Likewise.
	(grub_zfs_load_key_real): Fix error code type. Handle possible error
	from PBKDF2.

diff --git a/ChangeLog b/ChangeLog
index edb0b2c1021260925de3e59a205abe8662a85db9..194bd13fa0a1090b64780eeb4fb80634d35f7c8d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2011-11-08  Vladimir Serbinenko  <phcoder@gmail.com>
+
+       Fix ZFS crypto error types.
+
+       * grub-core/fs/zfs/zfscrypt.c (grub_ccm_decrypt): Fix return type.
+       (grub_gcm_decrypt): Likewise.
+       (grub_zfs_load_key_real): Fix error code type. Handle possible error
+       from PBKDF2.
+
 2011-11-08  Vladimir Serbinenko  <phcoder@gmail.com>
 
        Illumos support.

diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c
index 39335a7284d1f8434531cbd4f24fecd052fdb315..14babd29fa2a538c0bfa794eb94d32cfb70ed03b 100644 (file)
--- a/grub-core/fs/zfs/zfscrypt.c
+++ b/grub-core/fs/zfs/zfscrypt.c
@@ -90,7 +90,7 @@ grub_zfs_add_key (grub_uint8_t *key_in,
   return GRUB_ERR_NONE;
 }
 
-static grub_err_t
+static gcry_err_code_t
 grub_ccm_decrypt (grub_crypto_cipher_handle_t cipher,
                  grub_uint8_t *out, const grub_uint8_t *in,
                  grub_size_t psize,
@@ -101,7 +101,7 @@ grub_ccm_decrypt (grub_crypto_cipher_handle_t cipher,
   grub_uint8_t mul[16];
   grub_uint32_t mac[4];
   unsigned i, j;
-  grub_err_t err;
+  gcry_err_code_t err;
 
   grub_memcpy (iv + 1, nonce, 15 - l);
 
@@ -173,7 +173,7 @@ grub_gcm_mul (grub_uint8_t *a, const grub_uint8_t *b)
   grub_memcpy (a, res, 16);
 }
 
-static grub_err_t
+static gcry_err_code_t
 grub_gcm_decrypt (grub_crypto_cipher_handle_t cipher,
                  grub_uint8_t *out, const grub_uint8_t *in,
                  grub_size_t psize,
@@ -184,7 +184,7 @@ grub_gcm_decrypt (grub_crypto_cipher_handle_t cipher,
   grub_uint8_t mul[16];
   grub_uint8_t mac[16], h[16], mac_xor[16];
   unsigned i, j;
-  grub_err_t err;
+  gcry_err_code_t err;
 
   grub_memset (mac, 0, sizeof (mac));
 
@@ -243,7 +243,7 @@ grub_gcm_decrypt (grub_crypto_cipher_handle_t cipher,
 }
 
 
-static grub_err_t
+static gcry_err_code_t
 algo_decrypt (grub_crypto_cipher_handle_t cipher, grub_uint64_t algo,
              grub_uint8_t *out, const grub_uint8_t *in,
              grub_size_t psize,
@@ -307,7 +307,6 @@ grub_zfs_load_key_real (const struct grub_zfs_key *key,
   unsigned keylen;
   struct grub_zfs_wrap_key *wrap_key;
   grub_crypto_cipher_handle_t ret = NULL;
-  grub_err_t err;
 
   if (keysize != sizeof (*key))
     {
@@ -327,6 +326,7 @@ grub_zfs_load_key_real (const struct grub_zfs_key *key,
     {
       grub_crypto_cipher_handle_t cipher;
       grub_uint8_t decrypted[32], mac[32], wrap_key_real[32];
+      gcry_err_code_t err;
       cipher = grub_crypto_cipher_open (GRUB_CIPHER_AES);
       if (!cipher)
        {
@@ -334,15 +334,21 @@ grub_zfs_load_key_real (const struct grub_zfs_key *key,
          return 0;
        }
       grub_memset (wrap_key_real, 0, sizeof (wrap_key_real));
+      err = 0;
       if (!wrap_key->is_passphrase)
        grub_memcpy(wrap_key_real, wrap_key->key,
                    wrap_key->keylen < keylen ? wrap_key->keylen : keylen);
       else
-       grub_crypto_pbkdf2 (GRUB_MD_SHA1,
-                           (const grub_uint8_t *) wrap_key->key,
-                           wrap_key->keylen,
-                           (const grub_uint8_t *) &salt, sizeof (salt),
-                           1000, wrap_key_real, keylen);
+       err = grub_crypto_pbkdf2 (GRUB_MD_SHA1,
+                                 (const grub_uint8_t *) wrap_key->key,
+                                 wrap_key->keylen,
+                                 (const grub_uint8_t *) &salt, sizeof (salt),
+                                 1000, wrap_key_real, keylen);
+      if (err)
+       {
+         grub_errno = GRUB_ERR_NONE;
+         continue;
+       }
                    
       err = grub_crypto_cipher_set_key (cipher, wrap_key_real,
                                        keylen);