l/scute: Patched for TLS 1.2 support (again)

8 years ago · 34097f9a2d
3 changed files with 90 additions and 15 deletions
--- a/l/scute/gnupg-2.0.24-tls12.diff
+++ b/l/scute/gnupg-2.0.24-tls12.diff
@ -1,12 +1,61 @@
-diff -Naur gnupg-2.0.24.orig/agent/command.c gnupg-2.0.24/agent/command.c
--- gnupg-2.0.24.orig/agent/command.c	2014-06-24 13:50:15.000000000 +0200
-+++ gnupg-2.0.24/agent/command.c	2014-09-01 23:05:10.052415294 +0200
-@@ -649,7 +649,7 @@
-   if (rc)
-     return rc;
+diff --git a/agent/agent.h b/agent/agent.h
+index 938a9aa..6431bb2 100644
+--- a/agent/agent.h
+++ b/agent/agent.h
+@@ -41,6 +41,7 @@
+ #define GCRY_MODULE_ID_USER 1024
+ #endif
+ #define MD_USER_TLS_MD5SHA1 (GCRY_MODULE_ID_USER+1)
+#define MD_USER_TLS_DIGEST  (GCRY_MODULE_ID_USER+2)
+ 
+ /* Maximum length of a digest.  */
+ #define MAX_DIGEST_LEN 64
+diff --git a/agent/command.c b/agent/command.c
+index 2405c54..31e7b93 100644
+--- a/agent/command.c
+++ b/agent/command.c
+@@ -624,6 +624,8 @@ cmd_sethash (assuan_context_t ctx, char *line)
+         algo = GCRY_MD_MD5;
+       else if (has_option (line, "--hash=tls-md5sha1"))
+         algo = MD_USER_TLS_MD5SHA1;
+      else if (has_option (line, "--hash=tls-digest"))
+        algo = MD_USER_TLS_DIGEST;
+       else
+         return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
+     }
+@@ -651,6 +653,8 @@ cmd_sethash (assuan_context_t ctx, char *line)
   n /= 2;
-  if (algo == MD_USER_TLS_MD5SHA1 && n == 36)
-+  if (algo == MD_USER_TLS_MD5SHA1 && (n == 36 || n == 51))
+   if (algo == MD_USER_TLS_MD5SHA1 && n == 36)
     ;
+  else if (algo == MD_USER_TLS_DIGEST && (n == 35 || n == 51))
+    ;
   else if (n != 16 && n != 20 && n != 24
            && n != 28 && n != 32 && n != 48 && n != 64)
+     return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash");
+diff --git a/agent/divert-scd.c b/agent/divert-scd.c
+index 1f36f6e..b3c1301 100644
+--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
+@@ -342,7 +342,7 @@ divert_pksign (ctrl_t ctrl,
+   if (rc)
+     return rc;
+ 
+-  if (algo == MD_USER_TLS_MD5SHA1)
+  if (algo == MD_USER_TLS_MD5SHA1 || algo == MD_USER_TLS_DIGEST)
+     {
+       int save = ctrl->use_auth_call;
+       ctrl->use_auth_call = 1;
+diff --git a/agent/pksign.c b/agent/pksign.c
+index 25cadb2..9f19478 100644
+--- a/agent/pksign.c
+++ b/agent/pksign.c
+@@ -184,7 +184,8 @@ agent_pksign_do (ctrl_t ctrl, const char *desc_text,
+       gcry_sexp_t s_hash = NULL;
+ 
+       /* Put the hash into a sexp */
+-      if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
+      if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1
+          || ctrl->digest.algo == MD_USER_TLS_DIGEST)
+         rc = do_encode_raw_pkcs1 (ctrl->digest.value,
+                                   ctrl->digest.valuelen,
+                                   gcry_pk_get_nbits (s_skey),
--- a/l/scute/scute-1.4.0-tls12.diff
+++ b/l/scute/scute-1.4.0-tls12.diff
@ -1,12 +1,38 @@
-diff -Naur scute-38bdba0.orig/src/agent.c scute-38bdba0/src/agent.c
--- scute-38bdba0.orig/src/agent.c	2010-04-21 04:57:53.000000000 +0200
-+++ scute-38bdba0/src/agent.c	2014-09-01 23:21:27.722285606 +0200
-@@ -996,7 +996,7 @@
+diff --git a/src/agent.c b/src/agent.c
+index 9265ca2..b77c879 100644
+--- a/src/agent.c
+++ b/src/agent.c
+@@ -996,8 +996,9 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
 {
   char cmd[150];
   gpg_error_t err;
 -#define MAX_DATA_LEN 36
-+#define MAX_DATA_LEN 128
+#define MAX_DATA_LEN 51
   unsigned char pretty_data[2 * MAX_DATA_LEN + 1];
+  char *data_type;
   int i;
   struct signature sig;
+ 
+@@ -1016,6 +1017,13 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
+   if (len > MAX_DATA_LEN)
+     return gpg_error (GPG_ERR_INV_ARG);
+ 
+  if (len == 36) /* TLS <= 1.1, data is a MD5+SHA1 hash */
+    data_type = "tls-md5sha1";
+  else if (len == 35 || len == 51) /* TLS 1.2, data is a DigestInfo object */
+    data_type = "tls-digest";
+  else
+    return gpg_error (GPG_ERR_INV_ARG);
+
+   if (grip == NULL || sig_result == NULL || *sig_len < SIG_LEN)
+     return gpg_error (GPG_ERR_INV_ARG);
+ 
+@@ -1029,7 +1037,7 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
+     snprintf (&pretty_data[2 * i], 3, "%02X", data[i]);
+   pretty_data[2 * len] = '\0';
+ 
+-  snprintf (cmd, sizeof (cmd), "SETHASH --hash=tls-md5sha1 %s", pretty_data);
+  snprintf (cmd, sizeof (cmd), "SETHASH --hash=%s %s", data_type, pretty_data);
+   err = assuan_transact (agent_ctx, cmd, NULL, NULL, default_inq_cb,
+ 			 NULL, NULL, NULL);
+   if (err)
--- a/l/scute/scute.SlackBuild
+++ b/l/scute/scute.SlackBuild
@ -33,7 +33,7 @@ WGET=${WGET:-http://git.gnupg.org/cgi-bin/gitweb.cgi?p=scute.git;a=snapshot;h=$C

 # Build infos
 NAMEPKG=${NAMEPKG:-scute}
-BUILD=${BUILD:-2GGD}
+BUILD=${BUILD:-3GGD}
 ARCH=${ARCH:-$(uname -m | sed 's/^i.86$/i486/;s/^arm.*/arm/')}
 JOBS=${JOBS:-1}
 EXT=${EXT:-txz}
@ -84,7 +84,7 @@ cd $TMP
 echo "Building $ARCHIVE..."
 tar xf $CWD/$ARCHIVE
 cd $NAME
-# Patch from Oliver Winker to support TLS 1.2
+# Patch adapted from Oliver Winker to support TLS 1.2
 # <http://www.gossamer-threads.com/lists/gnupg/users/67663>
 # (Work together with the accompanying patch for GnuPG-2.x)
 patch -p 1 < $CWD/scute-1.4.0-tls12.diff