Browse Source

l/scute: Patched for TLS 1.2 support (again)

slackware-14.2
Damien Goutte-Gattat 8 years ago
parent
commit
34097f9a2d
  1. 65
      l/scute/gnupg-2.0.24-tls12.diff
  2. 36
      l/scute/scute-1.4.0-tls12.diff
  3. 4
      l/scute/scute.SlackBuild

65
l/scute/gnupg-2.0.24-tls12.diff

@ -1,12 +1,61 @@
diff -Naur gnupg-2.0.24.orig/agent/command.c gnupg-2.0.24/agent/command.c
--- gnupg-2.0.24.orig/agent/command.c 2014-06-24 13:50:15.000000000 +0200
+++ gnupg-2.0.24/agent/command.c 2014-09-01 23:05:10.052415294 +0200
@@ -649,7 +649,7 @@
if (rc)
return rc;
diff --git a/agent/agent.h b/agent/agent.h
index 938a9aa..6431bb2 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -41,6 +41,7 @@
#define GCRY_MODULE_ID_USER 1024
#endif
#define MD_USER_TLS_MD5SHA1 (GCRY_MODULE_ID_USER+1)
+#define MD_USER_TLS_DIGEST (GCRY_MODULE_ID_USER+2)
/* Maximum length of a digest. */
#define MAX_DIGEST_LEN 64
diff --git a/agent/command.c b/agent/command.c
index 2405c54..31e7b93 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -624,6 +624,8 @@ cmd_sethash (assuan_context_t ctx, char *line)
algo = GCRY_MD_MD5;
else if (has_option (line, "--hash=tls-md5sha1"))
algo = MD_USER_TLS_MD5SHA1;
+ else if (has_option (line, "--hash=tls-digest"))
+ algo = MD_USER_TLS_DIGEST;
else
return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
}
@@ -651,6 +653,8 @@ cmd_sethash (assuan_context_t ctx, char *line)
n /= 2;
- if (algo == MD_USER_TLS_MD5SHA1 && n == 36)
+ if (algo == MD_USER_TLS_MD5SHA1 && (n == 36 || n == 51))
if (algo == MD_USER_TLS_MD5SHA1 && n == 36)
;
+ else if (algo == MD_USER_TLS_DIGEST && (n == 35 || n == 51))
+ ;
else if (n != 16 && n != 20 && n != 24
&& n != 28 && n != 32 && n != 48 && n != 64)
return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash");
diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index 1f36f6e..b3c1301 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -342,7 +342,7 @@ divert_pksign (ctrl_t ctrl,
if (rc)
return rc;
- if (algo == MD_USER_TLS_MD5SHA1)
+ if (algo == MD_USER_TLS_MD5SHA1 || algo == MD_USER_TLS_DIGEST)
{
int save = ctrl->use_auth_call;
ctrl->use_auth_call = 1;
diff --git a/agent/pksign.c b/agent/pksign.c
index 25cadb2..9f19478 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -184,7 +184,8 @@ agent_pksign_do (ctrl_t ctrl, const char *desc_text,
gcry_sexp_t s_hash = NULL;
/* Put the hash into a sexp */
- if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
+ if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1
+ || ctrl->digest.algo == MD_USER_TLS_DIGEST)
rc = do_encode_raw_pkcs1 (ctrl->digest.value,
ctrl->digest.valuelen,
gcry_pk_get_nbits (s_skey),

36
l/scute/scute-1.4.0-tls12.diff

@ -1,12 +1,38 @@
diff -Naur scute-38bdba0.orig/src/agent.c scute-38bdba0/src/agent.c
--- scute-38bdba0.orig/src/agent.c 2010-04-21 04:57:53.000000000 +0200
+++ scute-38bdba0/src/agent.c 2014-09-01 23:21:27.722285606 +0200
@@ -996,7 +996,7 @@
diff --git a/src/agent.c b/src/agent.c
index 9265ca2..b77c879 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -996,8 +996,9 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
{
char cmd[150];
gpg_error_t err;
-#define MAX_DATA_LEN 36
+#define MAX_DATA_LEN 128
+#define MAX_DATA_LEN 51
unsigned char pretty_data[2 * MAX_DATA_LEN + 1];
+ char *data_type;
int i;
struct signature sig;
@@ -1016,6 +1017,13 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
if (len > MAX_DATA_LEN)
return gpg_error (GPG_ERR_INV_ARG);
+ if (len == 36) /* TLS <= 1.1, data is a MD5+SHA1 hash */
+ data_type = "tls-md5sha1";
+ else if (len == 35 || len == 51) /* TLS 1.2, data is a DigestInfo object */
+ data_type = "tls-digest";
+ else
+ return gpg_error (GPG_ERR_INV_ARG);
+
if (grip == NULL || sig_result == NULL || *sig_len < SIG_LEN)
return gpg_error (GPG_ERR_INV_ARG);
@@ -1029,7 +1037,7 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
snprintf (&pretty_data[2 * i], 3, "%02X", data[i]);
pretty_data[2 * len] = '\0';
- snprintf (cmd, sizeof (cmd), "SETHASH --hash=tls-md5sha1 %s", pretty_data);
+ snprintf (cmd, sizeof (cmd), "SETHASH --hash=%s %s", data_type, pretty_data);
err = assuan_transact (agent_ctx, cmd, NULL, NULL, default_inq_cb,
NULL, NULL, NULL);
if (err)

4
l/scute/scute.SlackBuild

@ -33,7 +33,7 @@ WGET=${WGET:-http://git.gnupg.org/cgi-bin/gitweb.cgi?p=scute.git;a=snapshot;h=$C
# Build infos
NAMEPKG=${NAMEPKG:-scute}
BUILD=${BUILD:-2GGD}
BUILD=${BUILD:-3GGD}
ARCH=${ARCH:-$(uname -m | sed 's/^i.86$/i486/;s/^arm.*/arm/')}
JOBS=${JOBS:-1}
EXT=${EXT:-txz}
@ -84,7 +84,7 @@ cd $TMP
echo "Building $ARCHIVE..."
tar xf $CWD/$ARCHIVE
cd $NAME
# Patch from Oliver Winker to support TLS 1.2
# Patch adapted from Oliver Winker to support TLS 1.2
# <http://www.gossamer-threads.com/lists/gnupg/users/67663>
# (Work together with the accompanying patch for GnuPG-2.x)
patch -p 1 < $CWD/scute-1.4.0-tls12.diff

Loading…
Cancel
Save