summaryrefslogtreecommitdiffstats
path: root/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch')
-rw-r--r--meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch324
1 files changed, 169 insertions, 155 deletions
diff --git a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
index 6105819..76d502d 100644
--- a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
+++ b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
@@ -1,76 +1,20 @@
-Index: ecryptfs-utils-93/src/libecryptfs/main.c
-===================================================================
---- ecryptfs-utils-93.orig/src/libecryptfs/main.c 2011-10-27 18:53:07.000000000 +0300
-+++ ecryptfs-utils-93/src/libecryptfs/main.c 2011-12-07 17:23:57.000000000 +0200
+From 278418aa56573c368abd6dc9b7742df270574842 Mon Sep 17 00:00:00 2001
+From: Li xin <lixin.fnst at cn.fujitsu.com>
+Date: Tue, 28 Jul 2015 03:06:10 +0900
+Subject: [PATCH] ecryptfs fix disable nss
+
+---
+ src/libecryptfs/key_management.c | 87 ++++++++++++++++++++++++++++++++++++++++
+ src/libecryptfs/main.c | 31 ++++++++++++++
+ 2 files changed, 118 insertions(+)
+
+diff --git a/src/libecryptfs/key_management.c b/src/libecryptfs/key_management.c
+index 81a9c08..c051a50 100644
+--- a/src/libecryptfs/key_management.c
++++ b/src/libecryptfs/key_management.c
@@ -21,8 +21,12 @@
+ */
- #include "config.h"
- #include <errno.h>
-+#ifdef ENABLE_NSS
- #include <nss.h>
- #include <pk11func.h>
-+#else
-+#include <gcrypt.h>
-+#endif /* #ifdef ENABLE_NSS */
- #include <mntent.h>
- #ifndef S_SPLINT_S
- #include <stdio.h>
-@@ -74,7 +78,16 @@
-
- int do_hash(char *src, int src_size, char *dst, int algo)
- {
-+#ifdef ENABLE_NSS
- SECStatus err;
-+#else
-+ gcry_md_hd_t hd;
-+ gcry_error_t err = 0;
-+ unsigned char * hash;
-+ unsigned int mdlen;
-+#endif /* #ifdef ENABLE_NSS */
-+
-+#ifdef ENABLE_NSS
-
- NSS_NoDB_Init(NULL);
- err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src,
-@@ -86,6 +99,19 @@
- err = -EINVAL;
- goto out;
- }
-+#else
-+ err = gcry_md_open(&hd, algo, 0);
-+ mdlen = gcry_md_get_algo_dlen(algo);
-+ if (err) {
-+ syslog(LOG_ERR, "Failed to open hash algo [%d]: "
-+ "[%d]\n", algo, err);
-+ goto out;
-+ }
-+ gcry_md_write(hd, src, src_size);
-+ hash = gcry_md_read(hd, algo);
-+ memcpy(dst, hash, mdlen);
-+ gcry_md_close(hd);
-+#endif /* #ifdef ENABLE_NSS */
- out:
- return (int)err;
- }
-@@ -214,7 +240,11 @@
- char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES
- + ECRYPTFS_SALT_SIZE];
- int passphrase_size;
-+#ifdef ENABLE_NSS
- int alg = SEC_OID_SHA512;
-+#else
-+ int alg = GCRY_MD_SHA512;
-+#endif /* #ifdef ENABLE_NSS */
- int dig_len = SHA512_DIGEST_LENGTH;
- char buf[SHA512_DIGEST_LENGTH];
- int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS;
-Index: ecryptfs-utils-93/src/libecryptfs/key_management.c
-===================================================================
---- ecryptfs-utils-93.orig/src/libecryptfs/key_management.c 2011-10-27 18:53:07.000000000 +0300
-+++ ecryptfs-utils-93/src/libecryptfs/key_management.c 2011-12-07 17:38:46.000000000 +0200
-@@ -20,8 +20,12 @@
-
- #include "config.h"
#include <errno.h>
+#ifdef ENABLE_NSS
#include <nss.h>
@@ -81,7 +25,7 @@ Index: ecryptfs-utils-93/src/libecryptfs/key_management.c
#include <keyutils.h>
#ifndef S_SPLINT_S
#include <stdio.h>
-@@ -295,6 +299,7 @@
+@@ -572,6 +576,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase,
ECRYPTFS_AES_BLOCK_SIZE + 1];
int encrypted_passphrase_pos = 0;
int decrypted_passphrase_pos = 0;
@@ -89,19 +33,19 @@ Index: ecryptfs-utils-93/src/libecryptfs/key_management.c
int tmp1_outlen = 0;
int tmp2_outlen = 0;
SECStatus err;
-@@ -303,6 +308,11 @@
+@@ -580,6 +585,11 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase,
PK11SlotInfo *slot = NULL;
PK11Context *enc_ctx = NULL;
SECItem *sec_param = NULL;
+#else
+#warning Building against gcrypt instead of nss
-+ gcry_cipher_hd_t gcry_handle;
-+ gcry_error_t gcry_err;
++ gcry_cipher_hd_t gcry_handle;
++ gcry_error_t gcry_err;
+#endif /* #ifdef ENABLE_NSS */
int encrypted_passphrase_bytes;
int decrypted_passphrase_bytes;
int fd;
-@@ -334,6 +344,7 @@
+@@ -618,6 +628,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase,
- (decrypted_passphrase_bytes
% ECRYPTFS_AES_BLOCK_SIZE));
encrypted_passphrase_bytes = decrypted_passphrase_bytes;
@@ -109,49 +53,49 @@ Index: ecryptfs-utils-93/src/libecryptfs/key_management.c
NSS_NoDB_Init(NULL);
slot = PK11_GetBestSlot(CKM_AES_ECB, NULL);
key_item.data = (unsigned char *)wrapping_key;
-@@ -394,6 +405,41 @@
+@@ -678,6 +689,41 @@ nss_finish:
rc = - EIO;
goto out;
}
+#else
-+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
-+ GCRY_CIPHER_MODE_ECB, 0))) {
-+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
-+ "gcry_error_t = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ goto out;
-+ }
-+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
-+ ECRYPTFS_AES_KEY_BYTES))) {
-+ syslog(LOG_ERR, "Error attempting to set AES key; "
-+ "gcry_error_t = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ gcry_cipher_close(gcry_handle);
-+ goto out;
-+ }
-+ while (decrypted_passphrase_bytes > 0) {
-+ if ((gcry_err = gcry_cipher_encrypt(
-+ gcry_handle,
-+ &encrypted_passphrase[encrypted_passphrase_pos],
-+ ECRYPTFS_AES_BLOCK_SIZE,
-+ &decrypted_passphrase[decrypted_passphrase_pos],
-+ ECRYPTFS_AES_BLOCK_SIZE))) {
-+ syslog(LOG_ERR, "Error attempting to encrypt block; "
-+ "gcry_error = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ gcry_cipher_close(gcry_handle);
-+ goto out;
-+ }
-+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
-+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
-+ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
-+ }
-+ gcry_cipher_close(gcry_handle);
++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
++ GCRY_CIPHER_MODE_ECB, 0))) {
++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ goto out;
++ }
++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
++ ECRYPTFS_AES_KEY_BYTES))) {
++ syslog(LOG_ERR, "Error attempting to set AES key; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ while (decrypted_passphrase_bytes > 0) {
++ if ((gcry_err = gcry_cipher_encrypt(
++ gcry_handle,
++ &encrypted_passphrase[encrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE,
++ &decrypted_passphrase[decrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE))) {
++ syslog(LOG_ERR, "Error attempting to encrypt block; "
++ "gcry_error = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
++ }
++ gcry_cipher_close(gcry_handle);
+#endif /* #ifdef ENABLE_NSS */
- unlink(filename);
- if ((fd = open(filename, (O_WRONLY | O_CREAT | O_EXCL),
- (S_IRUSR | S_IWUSR))) == -1) {
-@@ -439,6 +485,7 @@
+ rc = write_v2_wrapped_passphrase_file(filename, wrapping_salt,
+ wrapping_auth_tok_sig,
+ encrypted_passphrase,
+@@ -852,6 +898,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename,
char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1];
int encrypted_passphrase_pos = 0;
int decrypted_passphrase_pos = 0;
@@ -159,64 +103,134 @@ Index: ecryptfs-utils-93/src/libecryptfs/key_management.c
int tmp1_outlen = 0;
int tmp2_outlen = 0;
SECStatus err;
-@@ -447,6 +494,10 @@
+@@ -860,6 +907,10 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename,
PK11SlotInfo *slot = NULL;
PK11Context *enc_ctx = NULL;
SECItem *sec_param = NULL;
+#else
-+ gcry_cipher_hd_t gcry_handle;
-+ gcry_error_t gcry_err;
++ gcry_cipher_hd_t gcry_handle;
++ gcry_error_t gcry_err;
+#endif /* #ifdef ENABLE_NSS */
+ uint8_t version = 0;
int encrypted_passphrase_bytes;
- int fd;
- ssize_t size;
-@@ -493,6 +544,7 @@
+ int rc;
+@@ -923,6 +974,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename,
+ rc = -EIO;
goto out;
}
- encrypted_passphrase_bytes = size;
+#ifdef ENABLE_NSS
NSS_NoDB_Init(NULL);
slot = PK11_GetBestSlot(CKM_AES_ECB, NULL);
key_item.data = (unsigned char *)wrapping_key;
-@@ -552,6 +604,41 @@
+@@ -982,6 +1034,41 @@ nss_finish:
rc = - EIO;
goto out;
}
+#else
-+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
-+ GCRY_CIPHER_MODE_ECB, 0))) {
-+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
-+ "gcry_error_t = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ goto out;
-+ }
-+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
-+ ECRYPTFS_AES_KEY_BYTES))) {
-+ syslog(LOG_ERR, "Error attempting to set AES key; "
-+ "gcry_error_t = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ gcry_cipher_close(gcry_handle);
-+ goto out;
-+ }
-+ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1);
-+ while (encrypted_passphrase_bytes > 0) {
-+ if ((gcry_err = gcry_cipher_decrypt(
-+ gcry_handle,
-+ &decrypted_passphrase[encrypted_passphrase_pos],
-+ ECRYPTFS_AES_BLOCK_SIZE,
-+ &encrypted_passphrase[decrypted_passphrase_pos],
-+ ECRYPTFS_AES_BLOCK_SIZE))) {
-+ syslog(LOG_ERR, "Error attempting to decrypt block; "
-+ "gcry_error = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ gcry_cipher_close(gcry_handle);
-+ goto out;
-+ }
-+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
-+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
-+ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
-+ }
++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
++ GCRY_CIPHER_MODE_ECB, 0))) {
++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ goto out;
++ }
++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
++ ECRYPTFS_AES_KEY_BYTES))) {
++ syslog(LOG_ERR, "Error attempting to set AES key; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1);
++ while (encrypted_passphrase_bytes > 0) {
++ if ((gcry_err = gcry_cipher_decrypt(
++ gcry_handle,
++ &decrypted_passphrase[encrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE,
++ &encrypted_passphrase[decrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE))) {
++ syslog(LOG_ERR, "Error attempting to decrypt block; "
++ "gcry_error = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
++ }
+#endif /* #ifdef ENABLE_NSS */
out:
return rc;
}
+diff --git a/src/libecryptfs/main.c b/src/libecryptfs/main.c
+index 98bdc54..800c851 100644
+--- a/src/libecryptfs/main.c
++++ b/src/libecryptfs/main.c
+@@ -20,8 +20,12 @@
+ */
+
+ #include <errno.h>
++#ifdef ENABLE_NSS
+ #include <nss.h>
+ #include <pk11func.h>
++#else
++#include <gcrypt.h>
++#endif /* #ifdef ENABLE_NSS */
+ #include <mntent.h>
+ #ifndef S_SPLINT_S
+ #include <stdio.h>
+@@ -73,7 +77,16 @@ void from_hex(char *dst, char *src, int dst_size)
+
+ int do_hash(char *src, int src_size, char *dst, int algo)
+ {
++#ifdef ENABLE_NSS
+ SECStatus err;
++#else
++ gcry_md_hd_t hd;
++ gcry_error_t err = 0;
++ unsigned char * hash;
++ unsigned int mdlen;
++#endif /* #ifdef ENABLE_NSS */
++
++#ifdef ENABLE_NSS
+
+ NSS_NoDB_Init(NULL);
+ err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src,
+@@ -85,6 +98,19 @@ int do_hash(char *src, int src_size, char *dst, int algo)
+ err = -EINVAL;
+ goto out;
+ }
++#else
++ err = gcry_md_open(&hd, algo, 0);
++ mdlen = gcry_md_get_algo_dlen(algo);
++ if (err) {
++ syslog(LOG_ERR, "Failed to open hash algo [%d]: "
++ "[%d]\n", algo, err);
++ goto out;
++ }
++ gcry_md_write(hd, src, src_size);
++ hash = gcry_md_read(hd, algo);
++ memcpy(dst, hash, mdlen);
++ gcry_md_close(hd);
++#endif /* #ifdef ENABLE_NSS */
+ out:
+ return (int)err;
+ }
+@@ -217,7 +243,12 @@ generate_passphrase_sig(char *passphrase_sig, char *fekek,
+ char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES
+ + ECRYPTFS_SALT_SIZE];
+ int passphrase_size;
++#ifdef ENABLE_NSS
+ int alg = SEC_OID_SHA512;
++#else
++ int alg = GCRY_MD_SHA512;
++#endif /* #ifdef ENABLE_NSS */
++
+ int dig_len = SHA512_DIGEST_LENGTH;
+ char buf[SHA512_DIGEST_LENGTH];
+ int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS;
+--
+1.8.4.2
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-24 22:18:49 +0000