summaryrefslogtreecommitdiff
path: root/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff
blob: 2450bc3cf6c03c815412547a52346fba26bb95b3 (plain)
  1. --- ./lib/opencdk/opencdk.h.orig 2008-06-30 16:45:51.000000000 -0400
  2. +++ ./lib/opencdk/opencdk.h 2008-08-21 19:23:44.000000000 -0400
  3. @@ -214,7 +214,11 @@
  4.  enum cdk_s2k_type_t {
  5. CDK_S2K_SIMPLE = 0,
  6. CDK_S2K_SALTED = 1,
  7. - CDK_S2K_ITERSALTED = 3
  8. + CDK_S2K_ITERSALTED = 3,
  9. + CDK_S2K_GNU_EXT = 101
  10. + /* GNU S2K extensions: refer to DETAILS from GnuPG:
  11. + http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
  12. + */
  13. };
  14. --- ./lib/opencdk/read-packet.c.orig 2008-06-30 16:45:51.000000000 -0400
  15. +++ ./lib/opencdk/read-packet.c 2008-08-21 19:30:09.000000000 -0400
  16. @@ -78,10 +78,35 @@
  17. }
  18. -static int
  19. +/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */
  20. +static cdk_error_t
  21. read_s2k (cdk_stream_t inp, cdk_s2k_t s2k)
  22. {
  23. - return CDK_Not_Implemented;
  24. + size_t nread;
  25. +
  26. + s2k->mode = cdk_stream_getc (inp);
  27. + s2k->hash_algo = cdk_stream_getc (inp);
  28. + if (s2k->mode == CDK_S2K_SIMPLE)
  29. + return 0;
  30. + else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
  31. + {
  32. + if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
  33. + return CDK_Inv_Packet;
  34. + if (nread != DIM (s2k->salt))
  35. + return CDK_Inv_Packet;
  36. +
  37. + if (s2k->mode == CDK_S2K_ITERSALTED)
  38. + s2k->count = cdk_stream_getc (inp);
  39. + }
  40. + else if (s2k->mode == CDK_S2K_GNU_EXT)
  41. + {
  42. + /* GNU extensions to the S2K : read DETAILS from gnupg */
  43. + return 0;
  44. + }
  45. + else
  46. + return CDK_Not_Implemented;
  47. +
  48. + return 0;
  49. }
  50. @@ -194,6 +219,7 @@
  51. static cdk_error_t
  52. read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske)
  53. {
  54. + cdk_error_t ret;
  55. cdk_s2k_t s2k;
  56. size_t minlen;
  57. size_t nread, nleft;
  58. @@ -213,7 +239,9 @@
  59. return CDK_Out_Of_Core;
  60. ske->cipher_algo = cdk_stream_getc (inp);
  61. - s2k->mode = cdk_stream_getc (inp);
  62. + ret = read_s2k(inp, s2k);
  63. + if (ret != 0)
  64. + return ret;
  65. switch (s2k->mode)
  66. {
  67. case CDK_S2K_SIMPLE : minlen = 0; break;
  68. @@ -225,18 +253,6 @@
  69. return CDK_Inv_Packet;
  70. }
  71. - s2k->hash_algo = cdk_stream_getc (inp);
  72. - if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
  73. - {
  74. - if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
  75. - return CDK_Inv_Packet;
  76. - if (nread != DIM (s2k->salt))
  77. - return CDK_Inv_Packet;
  78. -
  79. - if (s2k->mode == CDK_S2K_ITERSALTED)
  80. - s2k->count = cdk_stream_getc (inp);
  81. - }
  82. -
  83. ske->seskeylen = pktlen - 4 - minlen;
  84. /* We check if there is an encrypted session key and if it fits into
  85. the buffer. The maximal key length is 256-bit. */
  86. @@ -421,14 +437,19 @@
  87. rc = read_s2k (inp, sk->protect.s2k);
  88. if (rc)
  89. return rc;
  90. - sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo);
  91. - if (!sk->protect.ivlen)
  92. - return CDK_Inv_Packet;
  93. - rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
  94. - if (rc)
  95. - return rc;
  96. - if (nread != sk->protect.ivlen)
  97. - return CDK_Inv_Packet;
  98. + /* refer to --export-secret-subkeys in gpg(1) */
  99. + if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
  100. + sk->protect.ivlen = 0;
  101. + else {
  102. + sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo);
  103. + if (!sk->protect.ivlen)
  104. + return CDK_Inv_Packet;
  105. + rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
  106. + if (rc)
  107. + return rc;
  108. + if (nread != sk->protect.ivlen)
  109. + return CDK_Inv_Packet;
  110. + }
  111. }
  112. else
  113. sk->protect.algo = sk->s2k_usage;
  114. @@ -476,6 +497,22 @@
  115. return CDK_Out_Of_Core;
  116. if (stream_read (inp, sk->encdata, sk->enclen, &nread))
  117. return CDK_Inv_Packet;
  118. + /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
  119. + if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) {
  120. + unsigned char gnumode;
  121. + if ((sk->enclen < strlen("GNU") + 1) ||
  122. + (0 != memcmp("GNU", sk->encdata, strlen("GNU"))))
  123. + return CDK_Inv_Packet;
  124. + gnumode = sk->encdata[strlen("GNU")];
  125. + /* we only handle gnu-dummy (mode 1).
  126. + mode 2 should refer to external smart cards.
  127. + */
  128. + if (gnumode != 1)
  129. + return CDK_Inv_Packet;
  130. + /* gnu-dummy should have no more data */
  131. + if (sk->enclen != strlen("GNU") + 1)
  132. + return CDK_Inv_Packet;
  133. + }
  134. nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
  135. if (!nskey)
  136. return CDK_Inv_Algo;