aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-support-ivi/ecryptfs-utils
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-support-ivi/ecryptfs-utils')
-rw-r--r--recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch222
-rw-r--r--recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb62
2 files changed, 253 insertions, 31 deletions
diff --git a/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
new file mode 100644
index 0000000..6105819
--- /dev/null
+++ b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch
@@ -0,0 +1,222 @@
+Index: ecryptfs-utils-93/src/libecryptfs/main.c
+===================================================================
+--- ecryptfs-utils-93.orig/src/libecryptfs/main.c 2011-10-27 18:53:07.000000000 +0300
++++ ecryptfs-utils-93/src/libecryptfs/main.c 2011-12-07 17:23:57.000000000 +0200
+@@ -21,8 +21,12 @@
+
+ #include "config.h"
+ #include <errno.h>
++#ifdef ENABLE_NSS
+ #include <nss.h>
+ #include <pk11func.h>
++#else
++#include <gcrypt.h>
++#endif /* #ifdef ENABLE_NSS */
+ #include <mntent.h>
+ #ifndef S_SPLINT_S
+ #include <stdio.h>
+@@ -74,7 +78,16 @@
+
+ int do_hash(char *src, int src_size, char *dst, int algo)
+ {
++#ifdef ENABLE_NSS
+ SECStatus err;
++#else
++ gcry_md_hd_t hd;
++ gcry_error_t err = 0;
++ unsigned char * hash;
++ unsigned int mdlen;
++#endif /* #ifdef ENABLE_NSS */
++
++#ifdef ENABLE_NSS
+
+ NSS_NoDB_Init(NULL);
+ err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src,
+@@ -86,6 +99,19 @@
+ err = -EINVAL;
+ goto out;
+ }
++#else
++ err = gcry_md_open(&hd, algo, 0);
++ mdlen = gcry_md_get_algo_dlen(algo);
++ if (err) {
++ syslog(LOG_ERR, "Failed to open hash algo [%d]: "
++ "[%d]\n", algo, err);
++ goto out;
++ }
++ gcry_md_write(hd, src, src_size);
++ hash = gcry_md_read(hd, algo);
++ memcpy(dst, hash, mdlen);
++ gcry_md_close(hd);
++#endif /* #ifdef ENABLE_NSS */
+ out:
+ return (int)err;
+ }
+@@ -214,7 +240,11 @@
+ char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES
+ + ECRYPTFS_SALT_SIZE];
+ int passphrase_size;
++#ifdef ENABLE_NSS
+ int alg = SEC_OID_SHA512;
++#else
++ int alg = GCRY_MD_SHA512;
++#endif /* #ifdef ENABLE_NSS */
+ int dig_len = SHA512_DIGEST_LENGTH;
+ char buf[SHA512_DIGEST_LENGTH];
+ int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS;
+Index: ecryptfs-utils-93/src/libecryptfs/key_management.c
+===================================================================
+--- ecryptfs-utils-93.orig/src/libecryptfs/key_management.c 2011-10-27 18:53:07.000000000 +0300
++++ ecryptfs-utils-93/src/libecryptfs/key_management.c 2011-12-07 17:38:46.000000000 +0200
+@@ -20,8 +20,12 @@
+
+ #include "config.h"
+ #include <errno.h>
++#ifdef ENABLE_NSS
+ #include <nss.h>
+ #include <pk11func.h>
++#else
++#include <gcrypt.h>
++#endif /* #ifdef ENABLE_NSS */
+ #include <keyutils.h>
+ #ifndef S_SPLINT_S
+ #include <stdio.h>
+@@ -295,6 +299,7 @@
+ ECRYPTFS_AES_BLOCK_SIZE + 1];
+ int encrypted_passphrase_pos = 0;
+ int decrypted_passphrase_pos = 0;
++#ifdef ENABLE_NSS
+ int tmp1_outlen = 0;
+ int tmp2_outlen = 0;
+ SECStatus err;
+@@ -303,6 +308,11 @@
+ PK11SlotInfo *slot = NULL;
+ PK11Context *enc_ctx = NULL;
+ SECItem *sec_param = NULL;
++#else
++#warning Building against gcrypt instead of nss
++ gcry_cipher_hd_t gcry_handle;
++ gcry_error_t gcry_err;
++#endif /* #ifdef ENABLE_NSS */
+ int encrypted_passphrase_bytes;
+ int decrypted_passphrase_bytes;
+ int fd;
+@@ -334,6 +344,7 @@
+ - (decrypted_passphrase_bytes
+ % ECRYPTFS_AES_BLOCK_SIZE));
+ encrypted_passphrase_bytes = decrypted_passphrase_bytes;
++#ifdef ENABLE_NSS
+ NSS_NoDB_Init(NULL);
+ slot = PK11_GetBestSlot(CKM_AES_ECB, NULL);
+ key_item.data = (unsigned char *)wrapping_key;
+@@ -394,6 +405,41 @@
+ rc = - EIO;
+ goto out;
+ }
++#else
++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
++ GCRY_CIPHER_MODE_ECB, 0))) {
++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ goto out;
++ }
++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
++ ECRYPTFS_AES_KEY_BYTES))) {
++ syslog(LOG_ERR, "Error attempting to set AES key; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ while (decrypted_passphrase_bytes > 0) {
++ if ((gcry_err = gcry_cipher_encrypt(
++ gcry_handle,
++ &encrypted_passphrase[encrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE,
++ &decrypted_passphrase[decrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE))) {
++ syslog(LOG_ERR, "Error attempting to encrypt block; "
++ "gcry_error = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
++ }
++ gcry_cipher_close(gcry_handle);
++#endif /* #ifdef ENABLE_NSS */
+ unlink(filename);
+ if ((fd = open(filename, (O_WRONLY | O_CREAT | O_EXCL),
+ (S_IRUSR | S_IWUSR))) == -1) {
+@@ -439,6 +485,7 @@
+ char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1];
+ int encrypted_passphrase_pos = 0;
+ int decrypted_passphrase_pos = 0;
++#ifdef ENABLE_NSS
+ int tmp1_outlen = 0;
+ int tmp2_outlen = 0;
+ SECStatus err;
+@@ -447,6 +494,10 @@
+ PK11SlotInfo *slot = NULL;
+ PK11Context *enc_ctx = NULL;
+ SECItem *sec_param = NULL;
++#else
++ gcry_cipher_hd_t gcry_handle;
++ gcry_error_t gcry_err;
++#endif /* #ifdef ENABLE_NSS */
+ int encrypted_passphrase_bytes;
+ int fd;
+ ssize_t size;
+@@ -493,6 +544,7 @@
+ goto out;
+ }
+ encrypted_passphrase_bytes = size;
++#ifdef ENABLE_NSS
+ NSS_NoDB_Init(NULL);
+ slot = PK11_GetBestSlot(CKM_AES_ECB, NULL);
+ key_item.data = (unsigned char *)wrapping_key;
+@@ -552,6 +604,41 @@
+ rc = - EIO;
+ goto out;
+ }
++#else
++ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES,
++ GCRY_CIPHER_MODE_ECB, 0))) {
++ syslog(LOG_ERR, "Error attempting to initialize AES cipher; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ goto out;
++ }
++ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key,
++ ECRYPTFS_AES_KEY_BYTES))) {
++ syslog(LOG_ERR, "Error attempting to set AES key; "
++ "gcry_error_t = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1);
++ while (encrypted_passphrase_bytes > 0) {
++ if ((gcry_err = gcry_cipher_decrypt(
++ gcry_handle,
++ &decrypted_passphrase[encrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE,
++ &encrypted_passphrase[decrypted_passphrase_pos],
++ ECRYPTFS_AES_BLOCK_SIZE))) {
++ syslog(LOG_ERR, "Error attempting to decrypt block; "
++ "gcry_error = [%d]\n", gcry_err);
++ rc = -EIO;
++ gcry_cipher_close(gcry_handle);
++ goto out;
++ }
++ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE;
++ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE;
++ }
++#endif /* #ifdef ENABLE_NSS */
+ out:
+ return rc;
+ }
diff --git a/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb
index f1e6c07..f08d5cd 100644
--- a/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb
+++ b/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_96.bb
@@ -1,31 +1,31 @@
-DESCRIPTION = "eCryptfs: A stacked cryptographic filesystem for Linux"
-SECTION = "base"
-LICENSE = "GPLv2"
-DEPENDS = "keyutils libgcrypt libpam"
-
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
-
-SRC_URI = "https://launchpad.net/ecryptfs/trunk/96/+download/ecryptfs-utils_96.orig.tar.gz \
- file://ecryptfs-fix-disable-nss.patch \
- "
-SRC_URI[md5sum] = "4f92c9f6e8f62ac00ca7e2c4e480f1d7"
-SRC_URI[sha256sum] = "04c43b6e7a2f6b3644a24bcf718bfde6384e74bb4266c053ac78b9cc852f2c0c"
-
-
-inherit autotools
-
-EXTRA_OECONF += "--disable-nss --disable-pywrap --enable-openssl"
-EXTRA_OEMAKE += "'CFLAGS+= -lgcrypt '"
-
-FILES_${PN} += " \
- ${libdir}/ecryptfs/* \
- ${base_libdir}/security/pam_ecryptfs.so \
- "
-
-FILES_${PN}-dbg += "${libdir}/ecryptfs/.debug \
- ${base_libdir}/security/.debug \
- "
-
-# Skip useless warning as we have /usr and / on the same partition
-WARN_QA = "ldflags useless-rpaths rpaths staticdev"
+DESCRIPTION = "eCryptfs: A stacked cryptographic filesystem for Linux"
+SECTION = "base"
+LICENSE = "GPLv2"
+DEPENDS = "keyutils libgcrypt libpam"
+
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+
+SRC_URI = "https://launchpad.net/ecryptfs/trunk/96/+download/ecryptfs-utils_96.orig.tar.gz \
+ file://ecryptfs-fix-disable-nss.patch \
+ "
+SRC_URI[md5sum] = "4f92c9f6e8f62ac00ca7e2c4e480f1d7"
+SRC_URI[sha256sum] = "04c43b6e7a2f6b3644a24bcf718bfde6384e74bb4266c053ac78b9cc852f2c0c"
+
+
+inherit autotools
+
+EXTRA_OECONF += "--disable-nss --disable-pywrap --enable-openssl"
+EXTRA_OEMAKE += "'CFLAGS+= -lgcrypt '"
+
+FILES_${PN} += " \
+ ${libdir}/ecryptfs/* \
+ ${base_libdir}/security/pam_ecryptfs.so \
+ "
+
+FILES_${PN}-dbg += "${libdir}/ecryptfs/.debug \
+ ${base_libdir}/security/.debug \
+ "
+
+# Skip useless warning as we have /usr and / on the same partition
+WARN_QA = "ldflags useless-rpaths rpaths staticdev"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-30 09:02:52 +0000