GNU bug report logs - #69275
[PATCH] gnu: ecryptfs-utils: Add the openssl key module.

Previous Next

Package: guix-patches;

Reported by: Brian Kubisiak <brian <at> kubisiak.com>

Date: Mon, 19 Feb 2024 16:17:01 UTC

Severity: normal

Tags: patch

To reply to this bug, email your comments to 69275 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to guix-patches <at> gnu.org:
bug#69275; Package guix-patches. (Mon, 19 Feb 2024 16:17:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Brian Kubisiak <brian <at> kubisiak.com>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 19 Feb 2024 16:17:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Brian Kubisiak <brian <at> kubisiak.com>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: ecryptfs-utils: Add the openssl key module.
Date: Mon, 19 Feb 2024 07:15:08 -0800
* gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add the patch.
* gnu/packages/linux.scm (ecryptfs-utils)[source]: Apply the patch.
[inputs]: Add openssl-1.1.

Change-Id: I89cc15534e93cf20f2b5084157cbefaec5084ec8
---
 gnu/local.mk                                  |  1 +
 gnu/packages/linux.scm                        |  4 +-
 .../patches/ecryptfs-utils-openssl-1.1.patch  | 52 +++++++++++++++++++
 3 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 58011d1149..cb5741dc60 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1107,6 +1107,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
   %D%/packages/patches/dynaconf-unvendor-deps.patch		\
   %D%/packages/patches/dyninst-fix-glibc-compatibility.patch	\
+  %D%/packages/patches/ecryptfs-utils-openssl-1.1.patch	\
   %D%/packages/patches/efivar-211.patch			\
   %D%/packages/patches/eigen-fix-strict-aliasing-bug.patch	\
   %D%/packages/patches/einstein-build.patch			\
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d798c44a8f..100f322afd 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7024,7 +7024,8 @@ (define-public ecryptfs-utils
                            version ".orig.tar.gz"))
        (sha256
         (base32
-         "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"))))
+         "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"))
+       (patches (search-patches "ecryptfs-utils-openssl-1.1.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list "--disable-pywrap")
@@ -7106,6 +7107,7 @@ (define-public ecryptfs-utils
            linux-pam
            lsof
            lvm2
+           openssl-1.1
            nss
            rsync
            sed
diff --git a/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch b/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch
new file mode 100644
index 0000000000..87b24829b4
--- /dev/null
+++ b/gnu/packages/patches/ecryptfs-utils-openssl-1.1.patch
@@ -0,0 +1,52 @@
+diff --git a/src/key_mod/ecryptfs_key_mod_openssl.c b/src/key_mod/ecryptfs_key_mod_openssl.c
+index 56ebe2d..3959974 100644
+--- a/src/key_mod/ecryptfs_key_mod_openssl.c
++++ b/src/key_mod/ecryptfs_key_mod_openssl.c
+@@ -141,6 +141,7 @@ ecryptfs_openssl_destroy_subgraph_ctx(struct ecryptfs_subgraph_ctx *ctx)
+ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ {
+ 	int len, nbits, ebits, i;
++	const BIGNUM *n, *e;
+ 	int nbytes, ebytes;
+ 	unsigned char *hash;
+ 	unsigned char *data = NULL;
+@@ -152,11 +153,14 @@ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ 		rc = -ENOMEM;
+ 		goto out;
+ 	}
+-	nbits = BN_num_bits(key->n);
++
++	RSA_get0_key(key, &n, &e, NULL);
++
++	nbits = BN_num_bits(n);
+ 	nbytes = nbits / 8;
+ 	if (nbits % 8)
+ 		nbytes++;
+-	ebits = BN_num_bits(key->e);
++	ebits = BN_num_bits(e);
+ 	ebytes = ebits / 8;
+ 	if (ebits % 8)
+ 		ebytes++;
+@@ -179,11 +183,11 @@ static int ecryptfs_openssl_generate_signature(char *sig, RSA *key)
+ 	data[i++] = '\02';
+ 	data[i++] = (nbits >> 8);
+ 	data[i++] = nbits;
+-	BN_bn2bin(key->n, &(data[i]));
++	BN_bn2bin(n, &(data[i]));
+ 	i += nbytes;
+ 	data[i++] = (ebits >> 8);
+ 	data[i++] = ebits;
+-	BN_bn2bin(key->e, &(data[i]));
++	BN_bn2bin(e, &(data[i]));
+ 	i += ebytes;
+ 	SHA1(data, len + 3, hash);
+ 	to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE);
+@@ -278,7 +282,7 @@ static int ecryptfs_openssl_read_key(RSA **rsa, unsigned char *blob)
+ 	BIO *in = NULL;
+ 	int rc;
+ 
+-	CRYPTO_malloc_init();
++	OPENSSL_malloc_init();
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_algorithms();
+ 	ENGINE_load_builtin_engines();

base-commit: a35372cc0b9525b401c9a8b8c5eea6c3a83c9f4b
prerequisite-patch-id: 22abd79e623712e121f73c89488a47c1b5b9cd7d
prerequisite-patch-id: ebb44601cec0b6a5cf73e980522a864b2aae824e
prerequisite-patch-id: 56702abf84319ed57932ea9a895700eb87954a20
prerequisite-patch-id: 26b2a4d0d2d944a4e8c9b5277781daa080836c03
prerequisite-patch-id: 3b30c17f33cfe426c2643be26bb5b8ff83ae7c0c
-- 
2.41.0






Information forwarded to guix-patches <at> gnu.org:
bug#69275; Package guix-patches. (Sat, 02 Nov 2024 12:01:02 GMT) Full text and rfc822 format available.

Message #8 received at 69275 <at> debbugs.gnu.org (full text, mbox):

From: Steve George <steve <at> futurile.net>
To: 69275 <at> debbugs.gnu.org
Subject: RE: ecryptfs-utils: Add the openssl key module
Date: Sat, 2 Nov 2024 11:58:04 +0000
Hi Brian,

You sent through a patch for adding the openssl module, your commit message doesn't say why it's required?

As I don't use ecryptfs-utils I was wondering if you have a small example test of how it's used?

Also, there's a bunch of pre-requisite patches, are these still needed?

Thanks so much!

Steve / Futurile




This bug report was last modified 49 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.