aboutsummaryrefslogtreecommitdiffstats
path: root/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch')
-rw-r--r--meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch236
1 files changed, 0 insertions, 236 deletions
diff --git a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
deleted file mode 100644
index 76d502d..0000000
--- a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
+++ /dev/null
@@ -1,236 +0,0 @@
-From 278418aa56573c368abd6dc9b7742df270574842 Mon Sep 17 00:00:00 2001
-From: Li xin <lixin.fnst at cn.fujitsu.com>
-Date: Tue, 28 Jul 2015 03:06:10 +0900
-Subject: [PATCH] ecryptfs fix disable nss
-
----
- src/libecryptfs/key_management.c | 87 ++++++++++++++++++++++++++++++++++++++++
- src/libecryptfs/main.c | 31 ++++++++++++++
- 2 files changed, 118 insertions(+)
-
-diff --git a/src/libecryptfs/key_management.c b/src/libecryptfs/key_management.c
-index 81a9c08..c051a50 100644
---- a/src/libecryptfs/key_management.c
-+++ b/src/libecryptfs/key_management.c
-@@ -21,8 +21,12 @@
- */
-
- #include <errno.h>
-+#ifdef ENABLE_NSS
- #include <nss.h>
- #include <pk11func.h>
-+#else
-+#include <gcrypt.h>
-+#endif /* #ifdef ENABLE_NSS */
- #include <keyutils.h>
- #ifndef S_SPLINT_S
- #include <stdio.h>
-@@ -572,6 +576,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase,
- ECRYPTFS_AES_BLOCK_SIZE + 1];
- int encrypted_passphrase_pos = 0;
- int decrypted_passphrase_pos = 0;
-+#ifdef ENABLE_NSS
- int tmp1_outlen = 0;
- int tmp2_outlen = 0;
- SECStatus err;
-@@ -580,6 +585,11 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase,
- PK11SlotInfo *slot = NULL;
- PK11Context *enc_ctx = NULL;
- SECItem *sec_param = NULL;
-+#else
-+#warning Building against gcrypt instead of nss
-+ gcry_cipher_hd_t gcry_handle;
-+ gcry_error_t gcry_err;
-+#endif /* #ifdef ENABLE_NSS */
- int encrypted_passphrase_bytes;
- int decrypted_passphrase_bytes;
- int fd;
-@@ -618,6 +628,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase,
- - (decrypted_passphrase_bytes
- % ECRYPTFS_AES_BLOCK_SIZE));
- encrypted_passphrase_bytes = decrypted_passphrase_bytes;
-+#ifdef ENABLE_NSS
- NSS_NoDB_Init(NULL);
- slot = PK11_GetBestSlot(CKM_AES_ECB, NULL);
- key_item.data = (unsigned char *)wrapping_key;
-@@ -678,6 +689,41 @@ nss_finish:
- rc = - EIO;
- goto out;
- }
-+#else
-+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
-+ GCRY_CIPHER_MODE_ECB, 0))) {
-+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
-+ "gcry_error_t = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ goto out;
-+ }
-+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
-+ ECRYPTFS_AES_KEY_BYTES))) {
-+ syslog(LOG_ERR, "Error attempting to set AES key; "
-+ "gcry_error_t = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ gcry_cipher_close(gcry_handle);
-+ goto out;
-+ }
-+ while (decrypted_passphrase_bytes > 0) {
-+ if ((gcry_err = gcry_cipher_encrypt(
-+ gcry_handle,
-+ &encrypted_passphrase[encrypted_passphrase_pos],
-+ ECRYPTFS_AES_BLOCK_SIZE,
-+ &decrypted_passphrase[decrypted_passphrase_pos],
-+ ECRYPTFS_AES_BLOCK_SIZE))) {
-+ syslog(LOG_ERR, "Error attempting to encrypt block; "
-+ "gcry_error = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ gcry_cipher_close(gcry_handle);
-+ goto out;
-+ }
-+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
-+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
-+ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
-+ }
-+ gcry_cipher_close(gcry_handle);
-+#endif /* #ifdef ENABLE_NSS */
- rc = write_v2_wrapped_passphrase_file(filename, wrapping_salt,
- wrapping_auth_tok_sig,
- encrypted_passphrase,
-@@ -852,6 +898,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename,
- char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1];
- int encrypted_passphrase_pos = 0;
- int decrypted_passphrase_pos = 0;
-+#ifdef ENABLE_NSS
- int tmp1_outlen = 0;
- int tmp2_outlen = 0;
- SECStatus err;
-@@ -860,6 +907,10 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename,
- PK11SlotInfo *slot = NULL;
- PK11Context *enc_ctx = NULL;
- SECItem *sec_param = NULL;
-+#else
-+ gcry_cipher_hd_t gcry_handle;
-+ gcry_error_t gcry_err;
-+#endif /* #ifdef ENABLE_NSS */
- uint8_t version = 0;
- int encrypted_passphrase_bytes;
- int rc;
-@@ -923,6 +974,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename,
- rc = -EIO;
- goto out;
- }
-+#ifdef ENABLE_NSS
- NSS_NoDB_Init(NULL);
- slot = PK11_GetBestSlot(CKM_AES_ECB, NULL);
- key_item.data = (unsigned char *)wrapping_key;
-@@ -982,6 +1034,41 @@ nss_finish:
- rc = - EIO;
- goto out;
- }
-+#else
-+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
-+ GCRY_CIPHER_MODE_ECB, 0))) {
-+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
-+ "gcry_error_t = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ goto out;
-+ }
-+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
-+ ECRYPTFS_AES_KEY_BYTES))) {
-+ syslog(LOG_ERR, "Error attempting to set AES key; "
-+ "gcry_error_t = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ gcry_cipher_close(gcry_handle);
-+ goto out;
-+ }
-+ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1);
-+ while (encrypted_passphrase_bytes > 0) {
-+ if ((gcry_err = gcry_cipher_decrypt(
-+ gcry_handle,
-+ &decrypted_passphrase[encrypted_passphrase_pos],
-+ ECRYPTFS_AES_BLOCK_SIZE,
-+ &encrypted_passphrase[decrypted_passphrase_pos],
-+ ECRYPTFS_AES_BLOCK_SIZE))) {
-+ syslog(LOG_ERR, "Error attempting to decrypt block; "
-+ "gcry_error = [%d]\n", gcry_err);
-+ rc = -EIO;
-+ gcry_cipher_close(gcry_handle);
-+ goto out;
-+ }
-+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
-+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
-+ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
-+ }
-+#endif /* #ifdef ENABLE_NSS */
- out:
- return rc;
- }
-diff --git a/src/libecryptfs/main.c b/src/libecryptfs/main.c
-index 98bdc54..800c851 100644
---- a/src/libecryptfs/main.c
-+++ b/src/libecryptfs/main.c
-@@ -20,8 +20,12 @@
- */
-
- #include <errno.h>
-+#ifdef ENABLE_NSS
- #include <nss.h>
- #include <pk11func.h>
-+#else
-+#include <gcrypt.h>
-+#endif /* #ifdef ENABLE_NSS */
- #include <mntent.h>
- #ifndef S_SPLINT_S
- #include <stdio.h>
-@@ -73,7 +77,16 @@ void from_hex(char *dst, char *src, int dst_size)
-
- int do_hash(char *src, int src_size, char *dst, int algo)
- {
-+#ifdef ENABLE_NSS
- SECStatus err;
-+#else
-+ gcry_md_hd_t hd;
-+ gcry_error_t err = 0;
-+ unsigned char * hash;
-+ unsigned int mdlen;
-+#endif /* #ifdef ENABLE_NSS */
-+
-+#ifdef ENABLE_NSS
-
- NSS_NoDB_Init(NULL);
- err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src,
-@@ -85,6 +98,19 @@ int do_hash(char *src, int src_size, char *dst, int algo)
- err = -EINVAL;
- goto out;
- }
-+#else
-+ err = gcry_md_open(&hd, algo, 0);
-+ mdlen = gcry_md_get_algo_dlen(algo);
-+ if (err) {
-+ syslog(LOG_ERR, "Failed to open hash algo [%d]: "
-+ "[%d]\n", algo, err);
-+ goto out;
-+ }
-+ gcry_md_write(hd, src, src_size);
-+ hash = gcry_md_read(hd, algo);
-+ memcpy(dst, hash, mdlen);
-+ gcry_md_close(hd);
-+#endif /* #ifdef ENABLE_NSS */
- out:
- return (int)err;
- }
-@@ -217,7 +243,12 @@ generate_passphrase_sig(char *passphrase_sig, char *fekek,
- char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES
- + ECRYPTFS_SALT_SIZE];
- int passphrase_size;
-+#ifdef ENABLE_NSS
- int alg = SEC_OID_SHA512;
-+#else
-+ int alg = GCRY_MD_SHA512;
-+#endif /* #ifdef ENABLE_NSS */
-+
- int dig_len = SHA512_DIGEST_LENGTH;
- char buf[SHA512_DIGEST_LENGTH];
- int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS;
---
-1.8.4.2
-