community/ecryptfs-utils: build with openssl

author: Timo Teräs <timo.teras@iki.fi> 2019-05-28 14:15:43 +0300
committer: Timo Teräs <timo.teras@iki.fi> 2019-05-28 14:17:48 +0300
commit: cf27c56733d5ca8b624e380f6541ec2017d5722b (patch)
tree: fa9cc21439de801bee5d81b132d3053b5719afaa /community/ecryptfs-utils
parent: 450dbddd7bbec931fcf9d64d2d1de9baaae18156 (diff)
download: aports-cf27c56733d5ca8b624e380f6541ec2017d5722b.tar.bz2
aports-cf27c56733d5ca8b624e380f6541ec2017d5722b.tar.xz
2 files changed, 171 insertions, 3 deletions
diff --git a/community/ecryptfs-utils/APKBUILD b/community/ecryptfs-utils/APKBUILD
index 17bf372d73..01c757e11d 100644
--- a/community/ecryptfs-utils/APKBUILD
+++ b/community/ecryptfs-utils/APKBUILD
@@ -2,20 +2,21 @@
 # Maintainer: Timo Teräs <timo.teras@iki.fi>
 pkgname=ecryptfs-utils
 pkgver=111
-pkgrel=7
+pkgrel=8
 pkgdesc="Enterprise-class stacked cryptographic filesystem for Linux"
 url="http://ecryptfs.org/"
 arch="all"
 license="GPL-2.0-or-later"
 depends="cryptsetup keyutils gettext rsync"
 depends_dev="keyutils-dev linux-pam-dev nss-dev linux-headers"
-makedepends="$depends_dev swig intltool perl-dev"
+makedepends="$depends_dev swig intltool perl-dev openssl-dev"
 checkdepends="bash"
 options="suid"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 source="https://launchpad.net/ecryptfs/trunk/${pkgver}/+download/${pkgname}_${pkgver}.orig.tar.gz
 	fix-build.patch
 	fix-stdout-flush.patch
+	fix-openssl-1.1.patch
 	"
 
 build() {
@@ -42,4 +43,5 @@ package() {
 
 sha512sums="d8643f3a1f9981fecc6a08b4aa0adb6272e7340db794f6e7507cba7b712247c6beb239f27875eab6e38a69b45bc2476e6bf6b4485eb82d58f65cc469f8613c18  ecryptfs-utils_111.orig.tar.gz
 09ff196e6d3ef54ef57e22e78a4af748c2989928a5c8bc3ece1f8c21c5f301b7e56142c5098111ac853ac88c1b2ee2d0b5c606a210fb53cdf0fde534aa0af92f  fix-build.patch
-c9eb924890a8fa3ffe8b8344a493419cf93336743b1a3a8dba984f62f8eb7a43ed6b6dbbbb7efe9e7fc84b60e71d7100f042a72c407fc9e8c4fcbeeb73d848a3  fix-stdout-flush.patch"
+c9eb924890a8fa3ffe8b8344a493419cf93336743b1a3a8dba984f62f8eb7a43ed6b6dbbbb7efe9e7fc84b60e71d7100f042a72c407fc9e8c4fcbeeb73d848a3  fix-stdout-flush.patch
+d721dd40c9ca04a7af0ce52692e80e8371f4647e2ed7e2d7e29df48b10db64b195b4354b11f35fe1ce80df3f6ef3859dcf07f5fbcdbd7a870eba091c7e898ef3  fix-openssl-1.1.patch"
diff --git a/community/ecryptfs-utils/fix-openssl-1.1.patch b/community/ecryptfs-utils/fix-openssl-1.1.patch
new file mode 100644
index 0000000000..7aed86ea20
--- /dev/null
+++ b/community/ecryptfs-utils/fix-openssl-1.1.patch
@@ -0,0 +1,166 @@
+=== modified file 'src/key_mod/ecryptfs_key_mod_openssl.c'
+--- a/src/key_mod/ecryptfs_key_mod_openssl.c	2013-10-25 19:45:09 +0000
++++ b/src/key_mod/ecryptfs_key_mod_openssl.c	2017-06-02 17:14:18 +0000
+@@ -41,6 +41,7 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <libgen.h>
++#include <openssl/bn.h>
+ #include <openssl/pem.h>
+ #include <openssl/rsa.h>
+ #include <openssl/err.h>
+@@ -55,6 +56,19 @@
+ 	char *passphrase;
+ };
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++static void RSA_get0_key(const RSA *r,
++                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++   if (n != NULL)
++       *n = r->n;
++   if (e != NULL)
++       *e = r->e;
++   if (d != NULL)
++       *d = r->d;
++}
++#endif
++
+ static void
+ ecryptfs_openssl_destroy_openssl_data(struct openssl_data *openssl_data)
+ {
+@@ -142,6 +156,7 @@
+ {
+ 	int len, nbits, ebits, i;
+ 	int nbytes, ebytes;
++	const BIGNUM *key_n, *key_e;
+ 	unsigned char *hash;
+ 	unsigned char *data = NULL;
+ 	int rc = 0;
+@@ -152,11 +167,13 @@
+ 		rc = -ENOMEM;
+ 		goto out;
+ 	}
+-	nbits = BN_num_bits(key->n);
++	RSA_get0_key(key, &key_n, NULL, NULL);
++	nbits = BN_num_bits(key_n);
+ 	nbytes = nbits / 8;
+ 	if (nbits % 8)
+ 		nbytes++;
+-	ebits = BN_num_bits(key->e);
++	RSA_get0_key(key, NULL, &key_e, NULL);
++	ebits = BN_num_bits(key_e);
+ 	ebytes = ebits / 8;
+ 	if (ebits % 8)
+ 		ebytes++;
+@@ -179,11 +196,13 @@
+ 	data[i++] = '\02';
+ 	data[i++] = (nbits >> 8);
+ 	data[i++] = nbits;
+-	BN_bn2bin(key->n, &(data[i]));
++	RSA_get0_key(key, &key_n, NULL, NULL);
++	BN_bn2bin(key_n, &(data[i]));
+ 	i += nbytes;
+ 	data[i++] = (ebits >> 8);
+ 	data[i++] = ebits;
+-	BN_bn2bin(key->e, &(data[i]));
++	RSA_get0_key(key, NULL, &key_e, NULL);
++	BN_bn2bin(key_e, &(data[i]));
+ 	i += ebytes;
+ 	SHA1(data, len + 3, hash);
+ 	to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE);
+@@ -278,7 +297,9 @@
+ 	BIO *in = NULL;
+ 	int rc;
+ 
++	#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	CRYPTO_malloc_init();
++	#endif
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_algorithms();
+ 	ENGINE_load_builtin_engines();
+
+=== modified file 'src/key_mod/ecryptfs_key_mod_pkcs11_helper.c'
+--- a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c	2013-10-25 19:45:09 +0000
++++ b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c	2017-06-02 17:14:32 +0000
+@@ -41,6 +41,7 @@
+ #include <errno.h>
+ #include <stdlib.h>
+ #include <unistd.h>
++#include <openssl/bn.h>
+ #include <openssl/err.h>
+ #include <openssl/pem.h>
+ #include <openssl/x509.h>
+@@ -77,6 +78,19 @@
+ typedef const unsigned char *__pkcs11_openssl_d2i_t;
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++static void RSA_get0_key(const RSA *r,
++                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++   if (n != NULL)
++       *n = r->n;
++   if (e != NULL)
++       *e = r->e;
++   if (d != NULL)
++       *d = r->d;
++}
++#endif
++
+ /**
+  * ecryptfs_pkcs11h_deserialize
+  * @pkcs11h_data: The deserialized version of the key module data;
+@@ -282,7 +296,11 @@
+ 		goto out;
+ 	}
+ 	
++	#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	if (pubkey->type != EVP_PKEY_RSA) {
++	#else
++	if (EVP_PKEY_base_id(pubkey) != EVP_PKEY_RSA) {
++	#endif
+ 		syslog(LOG_ERR, "PKCS#11: Invalid public key algorithm");
+ 		rc = -EIO;
+ 		goto out;
+@@ -318,6 +336,7 @@
+ 	int nbytes, ebytes;
+ 	char *hash = NULL;
+ 	char *data = NULL;
++	const BIGNUM *rsa_n, *rsa_e;
+ 	int rc;
+ 
+ 	if ((rc = ecryptfs_pkcs11h_get_public_key(&rsa, blob))) {
+@@ -331,11 +350,13 @@
+ 		rc = -ENOMEM;
+ 		goto out;
+ 	}
+-	nbits = BN_num_bits(rsa->n);
++	RSA_get0_key(rsa, &rsa_n, NULL, NULL);
++	nbits = BN_num_bits(rsa_n);
+ 	nbytes = nbits / 8;
+ 	if (nbits % 8)
+ 		nbytes++;
+-	ebits = BN_num_bits(rsa->e);
++	RSA_get0_key(rsa, NULL, &rsa_e, NULL);
++	ebits = BN_num_bits(rsa_e);
+ 	ebytes = ebits / 8;
+ 	if (ebits % 8)
+ 		ebytes++;
+@@ -358,11 +379,13 @@
+ 	data[i++] = '\02';
+ 	data[i++] = (char)(nbits >> 8);
+ 	data[i++] = (char)nbits;
+-	BN_bn2bin(rsa->n, &(data[i]));
++	RSA_get0_key(rsa, &rsa_n, NULL, NULL);
++	BN_bn2bin(rsa_n, &(data[i]));
+ 	i += nbytes;
+ 	data[i++] = (char)(ebits >> 8);
+ 	data[i++] = (char)ebits;
+-	BN_bn2bin(rsa->e, &(data[i]));
++	RSA_get0_key(rsa, NULL, &rsa_e, NULL);
++	BN_bn2bin(rsa_e, &(data[i]));
+ 	i += ebytes;
+ 	SHA1(data, len + 3, hash);
+ 	to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
+
author	Timo Teräs <timo.teras@iki.fi>	2019-05-28 14:15:43 +0300
committer	Timo Teräs <timo.teras@iki.fi>	2019-05-28 14:17:48 +0300
commit	cf27c56733d5ca8b624e380f6541ec2017d5722b (patch)
tree	fa9cc21439de801bee5d81b132d3053b5719afaa /community/ecryptfs-utils
parent	450dbddd7bbec931fcf9d64d2d1de9baaae18156 (diff)
download	aports-cf27c56733d5ca8b624e380f6541ec2017d5722b.tar.bz2 aports-cf27c56733d5ca8b624e380f6541ec2017d5722b.tar.xz