diff options
Diffstat (limited to 'meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch')
-rw-r--r-- | meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch | 236 |
1 files changed, 0 insertions, 236 deletions
diff --git a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch deleted file mode 100644 index 76d502d..0000000 --- a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch +++ /dev/null @@ -1,236 +0,0 @@ -From 278418aa56573c368abd6dc9b7742df270574842 Mon Sep 17 00:00:00 2001 -From: Li xin <lixin.fnst at cn.fujitsu.com> -Date: Tue, 28 Jul 2015 03:06:10 +0900 -Subject: [PATCH] ecryptfs fix disable nss - ---- - src/libecryptfs/key_management.c | 87 ++++++++++++++++++++++++++++++++++++++++ - src/libecryptfs/main.c | 31 ++++++++++++++ - 2 files changed, 118 insertions(+) - -diff --git a/src/libecryptfs/key_management.c b/src/libecryptfs/key_management.c -index 81a9c08..c051a50 100644 ---- a/src/libecryptfs/key_management.c -+++ b/src/libecryptfs/key_management.c -@@ -21,8 +21,12 @@ - */ - - #include <errno.h> -+#ifdef ENABLE_NSS - #include <nss.h> - #include <pk11func.h> -+#else -+#include <gcrypt.h> -+#endif /* #ifdef ENABLE_NSS */ - #include <keyutils.h> - #ifndef S_SPLINT_S - #include <stdio.h> -@@ -572,6 +576,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, - ECRYPTFS_AES_BLOCK_SIZE + 1]; - int encrypted_passphrase_pos = 0; - int decrypted_passphrase_pos = 0; -+#ifdef ENABLE_NSS - int tmp1_outlen = 0; - int tmp2_outlen = 0; - SECStatus err; -@@ -580,6 +585,11 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, - PK11SlotInfo *slot = NULL; - PK11Context *enc_ctx = NULL; - SECItem *sec_param = NULL; -+#else -+#warning Building against gcrypt instead of nss -+ gcry_cipher_hd_t gcry_handle; -+ gcry_error_t gcry_err; -+#endif /* #ifdef ENABLE_NSS */ - int encrypted_passphrase_bytes; - int decrypted_passphrase_bytes; - int fd; -@@ -618,6 +628,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, - - (decrypted_passphrase_bytes - % ECRYPTFS_AES_BLOCK_SIZE)); - encrypted_passphrase_bytes = decrypted_passphrase_bytes; -+#ifdef ENABLE_NSS - NSS_NoDB_Init(NULL); - slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); - key_item.data = (unsigned char *)wrapping_key; -@@ -678,6 +689,41 @@ nss_finish: - rc = - EIO; - goto out; - } -+#else -+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, -+ GCRY_CIPHER_MODE_ECB, 0))) { -+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ goto out; -+ } -+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, -+ ECRYPTFS_AES_KEY_BYTES))) { -+ syslog(LOG_ERR, "Error attempting to set AES key; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ while (decrypted_passphrase_bytes > 0) { -+ if ((gcry_err = gcry_cipher_encrypt( -+ gcry_handle, -+ &encrypted_passphrase[encrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE, -+ &decrypted_passphrase[decrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE))) { -+ syslog(LOG_ERR, "Error attempting to encrypt block; " -+ "gcry_error = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; -+ } -+ gcry_cipher_close(gcry_handle); -+#endif /* #ifdef ENABLE_NSS */ - rc = write_v2_wrapped_passphrase_file(filename, wrapping_salt, - wrapping_auth_tok_sig, - encrypted_passphrase, -@@ -852,6 +898,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, - char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1]; - int encrypted_passphrase_pos = 0; - int decrypted_passphrase_pos = 0; -+#ifdef ENABLE_NSS - int tmp1_outlen = 0; - int tmp2_outlen = 0; - SECStatus err; -@@ -860,6 +907,10 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, - PK11SlotInfo *slot = NULL; - PK11Context *enc_ctx = NULL; - SECItem *sec_param = NULL; -+#else -+ gcry_cipher_hd_t gcry_handle; -+ gcry_error_t gcry_err; -+#endif /* #ifdef ENABLE_NSS */ - uint8_t version = 0; - int encrypted_passphrase_bytes; - int rc; -@@ -923,6 +974,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, - rc = -EIO; - goto out; - } -+#ifdef ENABLE_NSS - NSS_NoDB_Init(NULL); - slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); - key_item.data = (unsigned char *)wrapping_key; -@@ -982,6 +1034,41 @@ nss_finish: - rc = - EIO; - goto out; - } -+#else -+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, -+ GCRY_CIPHER_MODE_ECB, 0))) { -+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ goto out; -+ } -+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, -+ ECRYPTFS_AES_KEY_BYTES))) { -+ syslog(LOG_ERR, "Error attempting to set AES key; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1); -+ while (encrypted_passphrase_bytes > 0) { -+ if ((gcry_err = gcry_cipher_decrypt( -+ gcry_handle, -+ &decrypted_passphrase[encrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE, -+ &encrypted_passphrase[decrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE))) { -+ syslog(LOG_ERR, "Error attempting to decrypt block; " -+ "gcry_error = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; -+ } -+#endif /* #ifdef ENABLE_NSS */ - out: - return rc; - } -diff --git a/src/libecryptfs/main.c b/src/libecryptfs/main.c -index 98bdc54..800c851 100644 ---- a/src/libecryptfs/main.c -+++ b/src/libecryptfs/main.c -@@ -20,8 +20,12 @@ - */ - - #include <errno.h> -+#ifdef ENABLE_NSS - #include <nss.h> - #include <pk11func.h> -+#else -+#include <gcrypt.h> -+#endif /* #ifdef ENABLE_NSS */ - #include <mntent.h> - #ifndef S_SPLINT_S - #include <stdio.h> -@@ -73,7 +77,16 @@ void from_hex(char *dst, char *src, int dst_size) - - int do_hash(char *src, int src_size, char *dst, int algo) - { -+#ifdef ENABLE_NSS - SECStatus err; -+#else -+ gcry_md_hd_t hd; -+ gcry_error_t err = 0; -+ unsigned char * hash; -+ unsigned int mdlen; -+#endif /* #ifdef ENABLE_NSS */ -+ -+#ifdef ENABLE_NSS - - NSS_NoDB_Init(NULL); - err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src, -@@ -85,6 +98,19 @@ int do_hash(char *src, int src_size, char *dst, int algo) - err = -EINVAL; - goto out; - } -+#else -+ err = gcry_md_open(&hd, algo, 0); -+ mdlen = gcry_md_get_algo_dlen(algo); -+ if (err) { -+ syslog(LOG_ERR, "Failed to open hash algo [%d]: " -+ "[%d]\n", algo, err); -+ goto out; -+ } -+ gcry_md_write(hd, src, src_size); -+ hash = gcry_md_read(hd, algo); -+ memcpy(dst, hash, mdlen); -+ gcry_md_close(hd); -+#endif /* #ifdef ENABLE_NSS */ - out: - return (int)err; - } -@@ -217,7 +243,12 @@ generate_passphrase_sig(char *passphrase_sig, char *fekek, - char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES - + ECRYPTFS_SALT_SIZE]; - int passphrase_size; -+#ifdef ENABLE_NSS - int alg = SEC_OID_SHA512; -+#else -+ int alg = GCRY_MD_SHA512; -+#endif /* #ifdef ENABLE_NSS */ -+ - int dig_len = SHA512_DIGEST_LENGTH; - char buf[SHA512_DIGEST_LENGTH]; - int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS; --- -1.8.4.2 - |