From 79c27c8cdc7e0acf1f3a799588e2c7bc0f5c3f37 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mar 22 2010 08:24:01 +0000 Subject: - enable PKCS#11 support --- diff --git a/ecryptfs-utils-75-werror.patch b/ecryptfs-utils-75-werror.patch index 549a428..8844609 100644 --- a/ecryptfs-utils-75-werror.patch +++ b/ecryptfs-utils-75-werror.patch @@ -1,6 +1,149 @@ +diff -up ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c +--- ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2010-03-22 09:14:49.758683763 +0100 ++++ ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2010-03-22 09:21:16.957387907 +0100 +@@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize( + pkcs11h_data->serialized_id = NULL; + } + else { +- pkcs11h_data->serialized_id = blob + i; ++ pkcs11h_data->serialized_id = (char *)blob + i; + i += serialized_id_length; + } + pkcs11h_data->certificate_blob_size = blob[i++] % 256; +@@ -104,12 +104,11 @@ static int ecryptfs_pkcs11h_deserialize( + pkcs11h_data->passphrase = NULL; + } + else { +- pkcs11h_data->passphrase = blob + i; ++ pkcs11h_data->passphrase = (char *)blob + i; + i += passphrase_length; + } + + rc = 0; +-out: + return rc; + } + +@@ -346,14 +345,14 @@ static int ecryptfs_pkcs11h_get_key_sig( + data[i++] = '\02'; + data[i++] = (char)(nbits >> 8); + data[i++] = (char)nbits; +- BN_bn2bin(rsa->n, &(data[i])); ++ BN_bn2bin(rsa->n, (unsigned char *)&(data[i])); + i += nbytes; + data[i++] = (char)(ebits >> 8); + data[i++] = (char)ebits; +- BN_bn2bin(rsa->e, &(data[i])); ++ BN_bn2bin(rsa->e, (unsigned char *)&(data[i])); + i += ebytes; +- SHA1(data, len + 3, hash); +- to_hex(sig, hash, ECRYPTFS_SIG_SIZE); ++ SHA1((unsigned char *)data, len + 3, (unsigned char *)hash); ++ to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE); + sig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; + + rc = 0; +@@ -411,8 +410,8 @@ static int ecryptfs_pkcs11h_encrypt(char + if ( + (rc = RSA_public_encrypt( + from_size, +- from, +- to, ++ (unsigned char *)from, ++ (unsigned char *)to, + rsa, + RSA_PKCS1_PADDING + )) == -1 +@@ -506,9 +505,9 @@ static int ecryptfs_pkcs11h_decrypt(char + (rv = pkcs11h_certificate_decryptAny ( + certificate, + CKM_RSA_PKCS, +- from, ++ (unsigned char *)from, + from_size, +- to, ++ (unsigned char *)to, + to_size + )) != CKR_OK + ) { +@@ -534,9 +533,9 @@ static int ecryptfs_pkcs11h_decrypt(char + pkcs11h_certificate_decryptAny ( + certificate, + CKM_RSA_PKCS, +- from, ++ (unsigned char *)from, + from_size, +- tmp, ++ (unsigned char *)tmp, + to_size + ); + +@@ -851,7 +850,7 @@ static int ecryptfs_pkcs11h_process_key( + rc = MOUNT_ERROR; + goto out; + } +- if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob, ++ if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob, + &subgraph_key_ctx->key_mod->blob_size, + pkcs11h_data))) { + syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc); +@@ -930,7 +929,7 @@ static int tf_pkcs11h_global_loglevel(st + + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++// out: + return rc; + } + +@@ -943,7 +942,7 @@ static int tf_pkcs11h_global_pincache(st + + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++// out: + return rc; + } + +@@ -1013,7 +1012,7 @@ static int tf_pkcs11h_provider_prot_auth + sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication); + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++ + return rc; + } + +@@ -1027,7 +1026,7 @@ static int tf_pkcs11h_provider_cert_priv + sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private); + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++ + return rc; + } + +@@ -1042,7 +1041,7 @@ static int tf_pkcs11h_provider_private_m + + rc = DEFAULT_TOK; + node->val = NULL; +-out: ++ + return rc; + } + +@@ -1073,7 +1072,7 @@ static int tf_pkcs11h_provider_end(struc + free(subgraph_provider_ctx); + *foo = NULL; + rc = DEFAULT_TOK; +-out: ++ + return rc; + } + diff -up ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c --- ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c.werror 2009-10-20 20:49:55.000000000 +0200 -+++ ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c 2010-02-18 10:40:45.447667184 +0100 ++++ ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c 2010-03-22 09:13:24.003425916 +0100 @@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_ if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES @@ -12,7 +155,7 @@ diff -up ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES diff -up ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c --- ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c.werror 2010-02-16 18:01:43.000000000 +0100 -+++ ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c 2010-02-18 10:41:48.792416776 +0100 ++++ ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c 2010-03-22 09:13:24.003425916 +0100 @@ -43,31 +43,6 @@ #define PRIVATE_DIR "Private" diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index f117456..b552d37 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -5,7 +5,7 @@ Name: ecryptfs-utils Version: 83 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The eCryptfs mount helper and support libraries Group: System Environment/Base License: GPLv2+ @@ -24,6 +24,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires: keyutils, cryptsetup-luks, util-linux-ng BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel BuildRequires: trousers-devel nss-devel desktop-file-utils intltool +BuildRequires: pkcs11-helper-devel %description eCryptfs is a stacked cryptographic filesystem that ships in Linux @@ -60,7 +61,7 @@ the interface supplied by the ecryptfs-utils library. %build export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror" -%configure --disable-rpath --enable-tspi --enable-nss +%configure --disable-rpath --enable-tspi --enable-nss --enable-pkcs11-helper make clean #disable rpath sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool @@ -174,6 +175,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog +* Mon Mar 22 2010 Michal Hlavinka - 83-3 +- enable PKCS#11 support + * Wed Mar 10 2010 Michal Hlavinka - 83-2 - blkid moved from e2fsprogs to util-linux-ng, follow the change (#569996)