aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch')
-rw-r--r--recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch222
1 files changed, 222 insertions, 0 deletions
diff --git a/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
new file mode 100644
index 0000000..6105819
--- /dev/null
+++ b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
@@ -0,0 +1,222 @@
+Index: ecryptfs-utils-93/src/libecryptfs/main.c
+===================================================================
+--- ecryptfs-utils-93.orig/src/libecryptfs/main.c 2011-10-27 18:53:07.000000000 +0300
++++ ecryptfs-utils-93/src/libecryptfs/main.c 2011-12-07 17:23:57.000000000 +0200
+@@ -21,8 +21,12 @@
+
+ #include "config.h"
+ #include <errno.h>
++#ifdef ENABLE_NSS
+ #include <nss.h>
+ #include <pk11func.h>
++#else
++#include <gcrypt.h>
++#endif /* #ifdef ENABLE_NSS */
+ #include <mntent.h>
+ #ifndef S_SPLINT_S
+ #include <stdio.h>
+@@ -74,7 +78,16 @@
+
+ int do_hash(char *src, int src_size, char *dst, int algo)
+ {
++#ifdef ENABLE_NSS
+ SECStatus err;
++#else
++ gcry_md_hd_t hd;
++ gcry_error_t err = 0;
++ unsigned char * hash;
++ unsigned int mdlen;
++#endif /* #ifdef ENABLE_NSS */
++
++#ifdef ENABLE_NSS
+
+ NSS_NoDB_Init(NULL);
+ err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src,
+@@ -86,6 +99,19 @@
+ err = -EINVAL;
+ goto out;
+ }
++#else
++ err = gcry_md_open(&hd, algo, 0);
++ mdlen = gcry_md_get_algo_dlen(algo);
++ if (err) {
++ syslog(LOG_ERR, "Failed to open hash algo [%d]: "
++ "[%d]\n", algo, err);
++ goto out;
++ }
++ gcry_md_write(hd, src, src_size);
++ hash = gcry_md_read(hd, algo);
++ memcpy(dst, hash, mdlen);
++ gcry_md_close(hd);
++#endif /* #ifdef ENABLE_NSS */
+ out:
+ return (int)err;
+ }
+@@ -214,7 +240,11 @@
+ char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES
+ + ECRYPTFS_SALT_SIZE];
+ int passphrase_size;
++#ifdef ENABLE_NSS
+ int alg = SEC_OID_SHA512;
++#else
++ int alg = GCRY_MD_SHA512;
++#endif /* #ifdef ENABLE_NSS */
+ int dig_len = SHA512_DIGEST_LENGTH;
+ char buf[SHA512_DIGEST_LENGTH];
+ int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS;
+Index: ecryptfs-utils-93/src/libecryptfs/key_management.c
+===================================================================
+--- ecryptfs-utils-93.orig/src/libecryptfs/key_management.c 2011-10-27 18:53:07.000000000 +0300
++++ ecryptfs-utils-93/src/libecryptfs/key_management.c 2011-12-07 17:38:46.000000000 +0200
+@@ -20,8 +20,12 @@
+
+ #include "config.h"
+ #include <errno.h>
++#ifdef ENABLE_NSS
+ #include <nss.h>
+ #include <pk11func.h>
++#else
++#include <gcrypt.h>
++#endif /* #ifdef ENABLE_NSS */
+ #include <keyutils.h>
+ #ifndef S_SPLINT_S
+ #include <stdio.h>
+@@ -295,6 +299,7 @@
+ ECRYPTFS_AES_BLOCK_SIZE + 1];
+ int encrypted_passphrase_pos = 0;
+ int decrypted_passphrase_pos = 0;
++#ifdef ENABLE_NSS
+ int tmp1_outlen = 0;
+ int tmp2_outlen = 0;
+ SECStatus err;
+@@ -303,6 +308,11 @@
+ PK11SlotInfo *slot = NULL;
+ PK11Context *enc_ctx = NULL;
+ SECItem *sec_param = NULL;
++#else
++#warning Building against gcrypt instead of nss
++ gcry_cipher_hd_t gcry_handle;
++ gcry_error_t gcry_err;
++#endif /* #ifdef ENABLE_NSS */
+ int encrypted_passphrase_bytes;
+ int decrypted_passphrase_bytes;
+ int fd;
+@@ -334,6 +344,7 @@
+ - (decrypted_passphrase_bytes
+ % ECRYPTFS_AES_BLOCK_SIZE));
+ encrypted_passphrase_bytes = decrypted_passphrase_bytes;
++#ifdef ENABLE_NSS
+ NSS_NoDB_Init(NULL);
+ slot = PK11_GetBestSlot(CKM_AES_ECB, NULL);
+ key_item.data = (unsigned char *)wrapping_key;
+@@ -394,6 +405,41 @@
+ rc = - EIO;
+ goto out;
+ }
++#else
++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
++ GCRY_CIPHER_MODE_ECB, 0))) {
++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ goto out;
++ }
++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
++ ECRYPTFS_AES_KEY_BYTES))) {
++ syslog(LOG_ERR, "Error attempting to set AES key; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ while (decrypted_passphrase_bytes > 0) {
++ if ((gcry_err = gcry_cipher_encrypt(
++ gcry_handle,
++ &encrypted_passphrase[encrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE,
++ &decrypted_passphrase[decrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE))) {
++ syslog(LOG_ERR, "Error attempting to encrypt block; "
++ "gcry_error = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
++ }
++ gcry_cipher_close(gcry_handle);
++#endif /* #ifdef ENABLE_NSS */
+ unlink(filename);
+ if ((fd = open(filename, (O_WRONLY | O_CREAT | O_EXCL),
+ (S_IRUSR | S_IWUSR))) == -1) {
+@@ -439,6 +485,7 @@
+ char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1];
+ int encrypted_passphrase_pos = 0;
+ int decrypted_passphrase_pos = 0;
++#ifdef ENABLE_NSS
+ int tmp1_outlen = 0;
+ int tmp2_outlen = 0;
+ SECStatus err;
+@@ -447,6 +494,10 @@
+ PK11SlotInfo *slot = NULL;
+ PK11Context *enc_ctx = NULL;
+ SECItem *sec_param = NULL;
++#else
++ gcry_cipher_hd_t gcry_handle;
++ gcry_error_t gcry_err;
++#endif /* #ifdef ENABLE_NSS */
+ int encrypted_passphrase_bytes;
+ int fd;
+ ssize_t size;
+@@ -493,6 +544,7 @@
+ goto out;
+ }
+ encrypted_passphrase_bytes = size;
++#ifdef ENABLE_NSS
+ NSS_NoDB_Init(NULL);
+ slot = PK11_GetBestSlot(CKM_AES_ECB, NULL);
+ key_item.data = (unsigned char *)wrapping_key;
+@@ -552,6 +604,41 @@
+ rc = - EIO;
+ goto out;
+ }
++#else
++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
++ GCRY_CIPHER_MODE_ECB, 0))) {
++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ goto out;
++ }
++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
++ ECRYPTFS_AES_KEY_BYTES))) {
++ syslog(LOG_ERR, "Error attempting to set AES key; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1);
++ while (encrypted_passphrase_bytes > 0) {
++ if ((gcry_err = gcry_cipher_decrypt(
++ gcry_handle,
++ &decrypted_passphrase[encrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE,
++ &encrypted_passphrase[decrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE))) {
++ syslog(LOG_ERR, "Error attempting to decrypt block; "
++ "gcry_error = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
++ }
++#endif /* #ifdef ENABLE_NSS */
+ out:
+ return rc;
+ }
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-19 18:05:21 +0000