From: Brian Kubisiak <brian@kubisiak.com>
To: 69275@debbugs.gnu.org
Subject: [bug#69275] [PATCH] gnu: ecryptfs-utils: Add the openssl key module.
Date: Mon, 19 Feb 2024 07:15:08 -0800 [thread overview]
Message-ID: <cfe83bc19e6b7a5f2a63d742c3647dac7256d26e.1708355625.git.brian@kubisiak.com> (raw)
* gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add the patch.
* gnu/packages/linux.scm (ecryptfs-utils)[source]: Apply the patch.
[inputs]: Add openssl-1.1.
Change-Id: I89cc15534e93cf20f2b5084157cbefaec5084ec8
---
gnu/local.mk | 1 +
gnu/packages/linux.scm | 4 +-
.../patches/ecryptfs-utils-openssl-1.1.patch | 52 +++++++++++++++++++
3 files changed, 56 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 58011d1149..cb5741dc60 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1107,6 +1107,7 @@ dist_patch_DATA = \
%D%/packages/patches/dvd+rw-tools-add-include.patch \
%D%/packages/patches/dynaconf-unvendor-deps.patch \
%D%/packages/patches/dyninst-fix-glibc-compatibility.patch \
+ %D%/packages/patches/ecryptfs-utils-openssl-1.1.patch \
%D%/packages/patches/efivar-211.patch \
%D%/packages/patches/eigen-fix-strict-aliasing-bug.patch \
%D%/packages/patches/einstein-build.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d798c44a8f..100f322afd 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7024,7 +7024,8 @@ (define-public ecryptfs-utils
version ".orig.tar.gz"))
(sha256
(base32
- "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"))))
+ "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"))
+ (patches (search-patches "ecryptfs-utils-openssl-1.1.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags (list "--disable-pywrap")
@@ -7106,6 +7107,7 @@ (define-public ecryptfs-utils
linux-pam
lsof
lvm2
+ openssl-1.1
nss
rsync
sed
diff --git a/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch b/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch
new file mode 100644
index 0000000000..87b24829b4
--- /dev/null
+++ b/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch
@@ -0,0 +1,52 @@
+diff --git a/src/key_mod/ecryptfs_key_mod_openssl.c b/src/key_mod/ecryptfs_key_mod_openssl.c
+index 56ebe2d..3959974 100644
+--- a/src/key_mod/ecryptfs_key_mod_openssl.c
++++ b/src/key_mod/ecryptfs_key_mod_openssl.c
+@@ -141,6 +141,7 @@ ecryptfs_openssl_destroy_subgraph_ctx(struct ecryptfs_subgraph_ctx *ctx)
+ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ {
+ int len, nbits, ebits, i;
++ const BIGNUM *n, *e;
+ int nbytes, ebytes;
+ unsigned char *hash;
+ unsigned char *data = NULL;
+@@ -152,11 +153,14 @@ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ rc = -ENOMEM;
+ goto out;
+ }
+- nbits = BN_num_bits(key->n);
++
++ RSA_get0_key(key, &n, &e, NULL);
++
++ nbits = BN_num_bits(n);
+ nbytes = nbits / 8;
+ if (nbits % 8)
+ nbytes++;
+- ebits = BN_num_bits(key->e);
++ ebits = BN_num_bits(e);
+ ebytes = ebits / 8;
+ if (ebits % 8)
+ ebytes++;
+@@ -179,11 +183,11 @@ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ data[i++] = '\02';
+ data[i++] = (nbits >> 8);
+ data[i++] = nbits;
+- BN_bn2bin(key->n, &(data[i]));
++ BN_bn2bin(n, &(data[i]));
+ i += nbytes;
+ data[i++] = (ebits >> 8);
+ data[i++] = ebits;
+- BN_bn2bin(key->e, &(data[i]));
++ BN_bn2bin(e, &(data[i]));
+ i += ebytes;
+ SHA1(data, len + 3, hash);
+ to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE);
+@@ -278,7 +282,7 @@ static int ecryptfs_openssl_read_key(RSA **rsa, unsigned char *blob)
+ BIO *in = NULL;
+ int rc;
+
+- CRYPTO_malloc_init();
++ OPENSSL_malloc_init();
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ ENGINE_load_builtin_engines();
base-commit: a35372cc0b9525b401c9a8b8c5eea6c3a83c9f4b
prerequisite-patch-id: 22abd79e623712e121f73c89488a47c1b5b9cd7d
prerequisite-patch-id: ebb44601cec0b6a5cf73e980522a864b2aae824e
prerequisite-patch-id: 56702abf84319ed57932ea9a895700eb87954a20
prerequisite-patch-id: 26b2a4d0d2d944a4e8c9b5277781daa080836c03
prerequisite-patch-id: 3b30c17f33cfe426c2643be26bb5b8ff83ae7c0c
--
2.41.0
next reply other threads:[~2024-02-19 16:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-19 15:15 Brian Kubisiak [this message]
2024-11-02 11:58 ` [bug#69275] ecryptfs-utils: Add the openssl key module Steve George
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cfe83bc19e6b7a5f2a63d742c3647dac7256d26e.1708355625.git.brian@kubisiak.com \
--to=brian@kubisiak.com \
--cc=69275@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).