rpms/ecryptfs-utils/F-13 ecryptfs-utils-75-werror.patch, 1.4, 1.5 ecryptfs-utils.spec, 1.60, 1.61

Michal Hlavinka mhlavink at fedoraproject.org
Mon Mar 22 09:14:23 UTC 2010 

Author: mhlavink

Update of /cvs/pkgs/rpms/ecryptfs-utils/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv15967

Modified Files:
	ecryptfs-utils-75-werror.patch ecryptfs-utils.spec 
Log Message:
* Mon Mar 22 2010 Michal Hlavinka <mhlavink at redhat.com> - 83-3
- enable PKCS#11 support


ecryptfs-utils-75-werror.patch:
 key_mod/ecryptfs_key_mod_pkcs11_helper.c |   39 +++++++++++++++----------------
 libecryptfs/ecryptfs-stat.c              |    2 -
 pam_ecryptfs/pam_ecryptfs.c              |   35 ++-------------------------
 3 files changed, 23 insertions(+), 53 deletions(-)

Index: ecryptfs-utils-75-werror.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ecryptfs-utils/F-13/ecryptfs-utils-75-werror.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- ecryptfs-utils-75-werror.patch	18 Feb 2010 10:33:08 -0000	1.4
+++ ecryptfs-utils-75-werror.patch	22 Mar 2010 09:14:23 -0000	1.5
@@ -1,6 +1,149 @@
+diff -up ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
+--- ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror	2010-03-22 09:14:49.758683763 +0100
++++ ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c	2010-03-22 09:21:16.957387907 +0100
+@@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize(
+ 		pkcs11h_data->serialized_id = NULL;
+ 	}
+ 	else {
+-		pkcs11h_data->serialized_id = blob + i;
++		pkcs11h_data->serialized_id = (char *)blob + i;
+ 		i += serialized_id_length;
+ 	}
+ 	pkcs11h_data->certificate_blob_size = blob[i++] % 256;
+@@ -104,12 +104,11 @@ static int ecryptfs_pkcs11h_deserialize(
+ 		pkcs11h_data->passphrase = NULL;
+ 	}
+ 	else {
+-		pkcs11h_data->passphrase = blob + i;
++		pkcs11h_data->passphrase = (char *)blob + i;
+ 		i += passphrase_length;
+ 	}
+ 
+ 	rc = 0;
+-out:
+ 	return rc;
+ }
+ 
+@@ -346,14 +345,14 @@ static int ecryptfs_pkcs11h_get_key_sig(
+ 	data[i++] = '\02';
+ 	data[i++] = (char)(nbits >> 8);
+ 	data[i++] = (char)nbits;
+-	BN_bn2bin(rsa->n, &(data[i]));
++	BN_bn2bin(rsa->n, (unsigned char *)&(data[i]));
+ 	i += nbytes;
+ 	data[i++] = (char)(ebits >> 8);
+ 	data[i++] = (char)ebits;
+-	BN_bn2bin(rsa->e, &(data[i]));
++	BN_bn2bin(rsa->e, (unsigned char *)&(data[i]));
+ 	i += ebytes;
+-	SHA1(data, len + 3, hash);
+-	to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
++	SHA1((unsigned char *)data, len + 3, (unsigned char *)hash);
++	to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE);
+ 	sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
+ 
+ 	rc = 0;
+@@ -411,8 +410,8 @@ static int ecryptfs_pkcs11h_encrypt(char
+ 		if (
+ 			(rc = RSA_public_encrypt(
+ 				from_size,
+-				from,
+-				to,
++				(unsigned char *)from,
++				(unsigned char *)to,
+ 				rsa,
+ 				RSA_PKCS1_PADDING
+ 			)) == -1
+@@ -506,9 +505,9 @@ static int ecryptfs_pkcs11h_decrypt(char
+ 		(rv = pkcs11h_certificate_decryptAny (
+ 			certificate,
+ 			CKM_RSA_PKCS,
+-			from,
++			(unsigned char *)from,
+ 			from_size,
+-			to,
++			(unsigned char *)to,
+ 			to_size
+ 		)) != CKR_OK
+ 	) {
+@@ -534,9 +533,9 @@ static int ecryptfs_pkcs11h_decrypt(char
+ 		pkcs11h_certificate_decryptAny (
+ 			certificate,
+ 			CKM_RSA_PKCS,
+-			from,
++			(unsigned char *)from,
+ 			from_size,
+-			tmp,
++			(unsigned char *)tmp,
+ 			to_size
+ 		);
+ 
+@@ -851,7 +850,7 @@ static int ecryptfs_pkcs11h_process_key(
+ 		rc = MOUNT_ERROR;
+ 		goto out;
+ 	}
+-	if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob,
++	if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob,
+ 					     &subgraph_key_ctx->key_mod->blob_size, 
+ 					     pkcs11h_data))) {
+ 		syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc);
+@@ -930,7 +929,7 @@ static int tf_pkcs11h_global_loglevel(st
+ 
+ 	rc = DEFAULT_TOK;
+ 	node->val = NULL;
+-out:
++// out:
+ 	return rc;
+ }
+ 
+@@ -943,7 +942,7 @@ static int tf_pkcs11h_global_pincache(st
+ 
+ 	rc = DEFAULT_TOK;
+ 	node->val = NULL;
+-out:
++// out:
+ 	return rc;
+ }
+ 
+@@ -1013,7 +1012,7 @@ static int tf_pkcs11h_provider_prot_auth
+ 	sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication);
+ 	rc = DEFAULT_TOK;
+ 	node->val = NULL;
+-out:
++
+ 	return rc;
+ }
+ 
+@@ -1027,7 +1026,7 @@ static int tf_pkcs11h_provider_cert_priv
+ 	sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private);
+ 	rc = DEFAULT_TOK;
+ 	node->val = NULL;
+-out:
++
+ 	return rc;
+ }
+ 
+@@ -1042,7 +1041,7 @@ static int tf_pkcs11h_provider_private_m
+ 
+ 	rc = DEFAULT_TOK;
+ 	node->val = NULL;
+-out:
++
+ 	return rc;
+ }
+ 
+@@ -1073,7 +1072,7 @@ static int tf_pkcs11h_provider_end(struc
+ 	free(subgraph_provider_ctx);
+ 	*foo = NULL;
+ 	rc = DEFAULT_TOK;
+-out:
++
+ 	return rc;
+ }
+ 
 diff -up ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c
 --- ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c.werror	2009-10-20 20:49:55.000000000 +0200
-+++ ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c	2010-02-18 10:40:45.447667184 +0100
++++ ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c	2010-03-22 09:13:24.003425916 +0100
 @@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_
  	if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES
  			+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
@@ -12,7 +155,7 @@ diff -up ecryptfs-utils-83/src/libecrypt
  			+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
 diff -up ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c
 --- ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c.werror	2010-02-16 18:01:43.000000000 +0100
-+++ ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c	2010-02-18 10:41:48.792416776 +0100
++++ ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c	2010-03-22 09:13:24.003425916 +0100
 @@ -43,31 +43,6 @@
  
  #define PRIVATE_DIR "Private"


Index: ecryptfs-utils.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ecryptfs-utils/F-13/ecryptfs-utils.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -p -r1.60 -r1.61
--- ecryptfs-utils.spec	10 Mar 2010 16:38:47 -0000	1.60
+++ ecryptfs-utils.spec	22 Mar 2010 09:14:23 -0000	1.61
@@ -5,7 +5,7 @@
 
 Name: ecryptfs-utils
 Version: 83
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: The eCryptfs mount helper and support libraries
 Group: System Environment/Base
 License: GPLv2+
@@ -24,6 +24,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{na
 Requires: keyutils, cryptsetup-luks, util-linux-ng
 BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel
 BuildRequires: trousers-devel nss-devel desktop-file-utils intltool
+BuildRequires: pkcs11-helper-devel
 
 %description
 eCryptfs is a stacked cryptographic filesystem that ships in Linux
@@ -60,7 +61,7 @@ the interface supplied by the ecryptfs-u
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror"
-%configure --disable-rpath --enable-tspi --enable-nss
+%configure --disable-rpath --enable-tspi --enable-nss --enable-pkcs11-helper
 make clean
 #disable rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
@@ -174,6 +175,9 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/ecryptfs-utils/_libecryptfs.so
 
 %changelog
+* Mon Mar 22 2010 Michal Hlavinka <mhlavink at redhat.com> - 83-3
+- enable PKCS#11 support
+
 * Wed Mar 10 2010 Michal Hlavinka <mhlavink at redhat.com> - 83-2
 - blkid moved from e2fsprogs to util-linux-ng, follow the change (#569996)

More information about the scm-commits mailing list