diff options
Diffstat (limited to 'recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch')
-rw-r--r-- | recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch | 222 |
1 files changed, 222 insertions, 0 deletions
diff --git a/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch new file mode 100644 index 0000000..6105819 --- /dev/null +++ b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch @@ -0,0 +1,222 @@ +Index: ecryptfs-utils-93/src/libecryptfs/main.c +=================================================================== +--- ecryptfs-utils-93.orig/src/libecryptfs/main.c 2011-10-27 18:53:07.000000000 +0300 ++++ ecryptfs-utils-93/src/libecryptfs/main.c 2011-12-07 17:23:57.000000000 +0200 +@@ -21,8 +21,12 @@ + + #include "config.h" + #include <errno.h> ++#ifdef ENABLE_NSS + #include <nss.h> + #include <pk11func.h> ++#else ++#include <gcrypt.h> ++#endif /* #ifdef ENABLE_NSS */ + #include <mntent.h> + #ifndef S_SPLINT_S + #include <stdio.h> +@@ -74,7 +78,16 @@ + + int do_hash(char *src, int src_size, char *dst, int algo) + { ++#ifdef ENABLE_NSS + SECStatus err; ++#else ++ gcry_md_hd_t hd; ++ gcry_error_t err = 0; ++ unsigned char * hash; ++ unsigned int mdlen; ++#endif /* #ifdef ENABLE_NSS */ ++ ++#ifdef ENABLE_NSS + + NSS_NoDB_Init(NULL); + err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src, +@@ -86,6 +99,19 @@ + err = -EINVAL; + goto out; + } ++#else ++ err = gcry_md_open(&hd, algo, 0); ++ mdlen = gcry_md_get_algo_dlen(algo); ++ if (err) { ++ syslog(LOG_ERR, "Failed to open hash algo [%d]: " ++ "[%d]\n", algo, err); ++ goto out; ++ } ++ gcry_md_write(hd, src, src_size); ++ hash = gcry_md_read(hd, algo); ++ memcpy(dst, hash, mdlen); ++ gcry_md_close(hd); ++#endif /* #ifdef ENABLE_NSS */ + out: + return (int)err; + } +@@ -214,7 +240,11 @@ + char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + + ECRYPTFS_SALT_SIZE]; + int passphrase_size; ++#ifdef ENABLE_NSS + int alg = SEC_OID_SHA512; ++#else ++ int alg = GCRY_MD_SHA512; ++#endif /* #ifdef ENABLE_NSS */ + int dig_len = SHA512_DIGEST_LENGTH; + char buf[SHA512_DIGEST_LENGTH]; + int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS; +Index: ecryptfs-utils-93/src/libecryptfs/key_management.c +=================================================================== +--- ecryptfs-utils-93.orig/src/libecryptfs/key_management.c 2011-10-27 18:53:07.000000000 +0300 ++++ ecryptfs-utils-93/src/libecryptfs/key_management.c 2011-12-07 17:38:46.000000000 +0200 +@@ -20,8 +20,12 @@ + + #include "config.h" + #include <errno.h> ++#ifdef ENABLE_NSS + #include <nss.h> + #include <pk11func.h> ++#else ++#include <gcrypt.h> ++#endif /* #ifdef ENABLE_NSS */ + #include <keyutils.h> + #ifndef S_SPLINT_S + #include <stdio.h> +@@ -295,6 +299,7 @@ + ECRYPTFS_AES_BLOCK_SIZE + 1]; + int encrypted_passphrase_pos = 0; + int decrypted_passphrase_pos = 0; ++#ifdef ENABLE_NSS + int tmp1_outlen = 0; + int tmp2_outlen = 0; + SECStatus err; +@@ -303,6 +308,11 @@ + PK11SlotInfo *slot = NULL; + PK11Context *enc_ctx = NULL; + SECItem *sec_param = NULL; ++#else ++#warning Building against gcrypt instead of nss ++ gcry_cipher_hd_t gcry_handle; ++ gcry_error_t gcry_err; ++#endif /* #ifdef ENABLE_NSS */ + int encrypted_passphrase_bytes; + int decrypted_passphrase_bytes; + int fd; +@@ -334,6 +344,7 @@ + - (decrypted_passphrase_bytes + % ECRYPTFS_AES_BLOCK_SIZE)); + encrypted_passphrase_bytes = decrypted_passphrase_bytes; ++#ifdef ENABLE_NSS + NSS_NoDB_Init(NULL); + slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); + key_item.data = (unsigned char *)wrapping_key; +@@ -394,6 +405,41 @@ + rc = - EIO; + goto out; + } ++#else ++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, ++ GCRY_CIPHER_MODE_ECB, 0))) { ++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ goto out; ++ } ++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, ++ ECRYPTFS_AES_KEY_BYTES))) { ++ syslog(LOG_ERR, "Error attempting to set AES key; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ while (decrypted_passphrase_bytes > 0) { ++ if ((gcry_err = gcry_cipher_encrypt( ++ gcry_handle, ++ &encrypted_passphrase[encrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE, ++ &decrypted_passphrase[decrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE))) { ++ syslog(LOG_ERR, "Error attempting to encrypt block; " ++ "gcry_error = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; ++ } ++ gcry_cipher_close(gcry_handle); ++#endif /* #ifdef ENABLE_NSS */ + unlink(filename); + if ((fd = open(filename, (O_WRONLY | O_CREAT | O_EXCL), + (S_IRUSR | S_IWUSR))) == -1) { +@@ -439,6 +485,7 @@ + char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1]; + int encrypted_passphrase_pos = 0; + int decrypted_passphrase_pos = 0; ++#ifdef ENABLE_NSS + int tmp1_outlen = 0; + int tmp2_outlen = 0; + SECStatus err; +@@ -447,6 +494,10 @@ + PK11SlotInfo *slot = NULL; + PK11Context *enc_ctx = NULL; + SECItem *sec_param = NULL; ++#else ++ gcry_cipher_hd_t gcry_handle; ++ gcry_error_t gcry_err; ++#endif /* #ifdef ENABLE_NSS */ + int encrypted_passphrase_bytes; + int fd; + ssize_t size; +@@ -493,6 +544,7 @@ + goto out; + } + encrypted_passphrase_bytes = size; ++#ifdef ENABLE_NSS + NSS_NoDB_Init(NULL); + slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); + key_item.data = (unsigned char *)wrapping_key; +@@ -552,6 +604,41 @@ + rc = - EIO; + goto out; + } ++#else ++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, ++ GCRY_CIPHER_MODE_ECB, 0))) { ++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ goto out; ++ } ++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, ++ ECRYPTFS_AES_KEY_BYTES))) { ++ syslog(LOG_ERR, "Error attempting to set AES key; " ++ "gcry_error_t = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1); ++ while (encrypted_passphrase_bytes > 0) { ++ if ((gcry_err = gcry_cipher_decrypt( ++ gcry_handle, ++ &decrypted_passphrase[encrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE, ++ &encrypted_passphrase[decrypted_passphrase_pos], ++ ECRYPTFS_AES_BLOCK_SIZE))) { ++ syslog(LOG_ERR, "Error attempting to decrypt block; " ++ "gcry_error = [%d]\n", gcry_err); ++ rc = -EIO; ++ gcry_cipher_close(gcry_handle); ++ goto out; ++ } ++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; ++ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; ++ } ++#endif /* #ifdef ENABLE_NSS */ + out: + return rc; + } |