GNU bug report logs -
#69275
[PATCH] gnu: ecryptfs-utils: Add the openssl key module.
Previous Next
To reply to this bug, email your comments to 69275 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#69275
; Package
guix-patches
.
(Mon, 19 Feb 2024 16:17:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Brian Kubisiak <brian <at> kubisiak.com>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Mon, 19 Feb 2024 16:17:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add the patch.
* gnu/packages/linux.scm (ecryptfs-utils)[source]: Apply the patch.
[inputs]: Add openssl-1.1.
Change-Id: I89cc15534e93cf20f2b5084157cbefaec5084ec8
---
gnu/local.mk | 1 +
gnu/packages/linux.scm | 4 +-
.../patches/ecryptfs-utils-openssl-1.1.patch | 52 +++++++++++++++++++
3 files changed, 56 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 58011d1149..cb5741dc60 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1107,6 +1107,7 @@ dist_patch_DATA = \
%D%/packages/patches/dvd+rw-tools-add-include.patch \
%D%/packages/patches/dynaconf-unvendor-deps.patch \
%D%/packages/patches/dyninst-fix-glibc-compatibility.patch \
+ %D%/packages/patches/ecryptfs-utils-openssl-1.1.patch \
%D%/packages/patches/efivar-211.patch \
%D%/packages/patches/eigen-fix-strict-aliasing-bug.patch \
%D%/packages/patches/einstein-build.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d798c44a8f..100f322afd 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7024,7 +7024,8 @@ (define-public ecryptfs-utils
version ".orig.tar.gz"))
(sha256
(base32
- "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"))))
+ "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"))
+ (patches (search-patches "ecryptfs-utils-openssl-1.1.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags (list "--disable-pywrap")
@@ -7106,6 +7107,7 @@ (define-public ecryptfs-utils
linux-pam
lsof
lvm2
+ openssl-1.1
nss
rsync
sed
diff --git a/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch b/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch
new file mode 100644
index 0000000000..87b24829b4
--- /dev/null
+++ b/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch
@@ -0,0 +1,52 @@
+diff --git a/src/key_mod/ecryptfs_key_mod_openssl.c b/src/key_mod/ecryptfs_key_mod_openssl.c
+index 56ebe2d..3959974 100644
+--- a/src/key_mod/ecryptfs_key_mod_openssl.c
++++ b/src/key_mod/ecryptfs_key_mod_openssl.c
+@@ -141,6 +141,7 @@ ecryptfs_openssl_destroy_subgraph_ctx(struct ecryptfs_subgraph_ctx *ctx)
+ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ {
+ int len, nbits, ebits, i;
++ const BIGNUM *n, *e;
+ int nbytes, ebytes;
+ unsigned char *hash;
+ unsigned char *data = NULL;
+@@ -152,11 +153,14 @@ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ rc = -ENOMEM;
+ goto out;
+ }
+- nbits = BN_num_bits(key->n);
++
++ RSA_get0_key(key, &n, &e, NULL);
++
++ nbits = BN_num_bits(n);
+ nbytes = nbits / 8;
+ if (nbits % 8)
+ nbytes++;
+- ebits = BN_num_bits(key->e);
++ ebits = BN_num_bits(e);
+ ebytes = ebits / 8;
+ if (ebits % 8)
+ ebytes++;
+@@ -179,11 +183,11 @@ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ data[i++] = '\02';
+ data[i++] = (nbits >> 8);
+ data[i++] = nbits;
+- BN_bn2bin(key->n, &(data[i]));
++ BN_bn2bin(n, &(data[i]));
+ i += nbytes;
+ data[i++] = (ebits >> 8);
+ data[i++] = ebits;
+- BN_bn2bin(key->e, &(data[i]));
++ BN_bn2bin(e, &(data[i]));
+ i += ebytes;
+ SHA1(data, len + 3, hash);
+ to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE);
+@@ -278,7 +282,7 @@ static int ecryptfs_openssl_read_key(RSA **rsa, unsigned char *blob)
+ BIO *in = NULL;
+ int rc;
+
+- CRYPTO_malloc_init();
++ OPENSSL_malloc_init();
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ ENGINE_load_builtin_engines();
base-commit: a35372cc0b9525b401c9a8b8c5eea6c3a83c9f4b
prerequisite-patch-id: 22abd79e623712e121f73c89488a47c1b5b9cd7d
prerequisite-patch-id: ebb44601cec0b6a5cf73e980522a864b2aae824e
prerequisite-patch-id: 56702abf84319ed57932ea9a895700eb87954a20
prerequisite-patch-id: 26b2a4d0d2d944a4e8c9b5277781daa080836c03
prerequisite-patch-id: 3b30c17f33cfe426c2643be26bb5b8ff83ae7c0c
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org
:
bug#69275
; Package
guix-patches
.
(Sat, 02 Nov 2024 12:01:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 69275 <at> debbugs.gnu.org (full text, mbox):
Hi Brian,
You sent through a patch for adding the openssl module, your commit message doesn't say why it's required?
As I don't use ecryptfs-utils I was wondering if you have a small example test of how it's used?
Also, there's a bunch of pre-requisite patches, are these still needed?
Thanks so much!
Steve / Futurile
This bug report was last modified 49 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.