Browse Source

l/scute: Use explicit patch names.

slackware-14.2
Damien Goutte-Gattat 7 years ago
parent
commit
4b97eaf05e
  1. 31
      l/scute/0001-Allow-signing-with-other-algorithms-than-MD5-SHA1.patch
  2. 80
      l/scute/0002-Remove-extra-nul-byte-in-signature-data.patch
  3. 6
      l/scute/scute.SlackBuild

31
l/scute/scute-1.4.0-tls12.diff → l/scute/0001-Allow-signing-with-other-algorithms-than-MD5-SHA1.patch

@ -1,15 +1,21 @@
commit 40dc64ebc43eff86c58952dbfb13487f73dd4ab2
Author: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Date: Wed Dec 10 01:13:23 2014 +0100
From f07f6c2639b0a127475aad7ccbeb40e10dc565e5 Mon Sep 17 00:00:00 2001
From: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Date: Wed, 10 Dec 2014 01:13:23 +0100
Subject: [PATCH 1/2] Allow signing with other algorithms than MD5+SHA1
To: gnupg-devel@gnupg.org
Allow signing with other algorithms than MD5+SHA1
Determine the hash algorithm of the message digest by checking
for known ASN.1 prefixes.
This is a streamlined version of a patch proposed by Werner Koch
<http://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028750.html>
without unrelated, cosmetic changes.
* src/agent.c (scute_agent_sign): Determine the hash algorithm of the
message digest by checking for known ASN.1 prefixes.
* src/support.h (STR): New.
--
This is a streamlined version of a patch proposed by Werner Koch
<http://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028750.html>
without unrelated, cosmetic changes.
---
src/agent.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
src/support.h | 3 +++
2 files changed, 57 insertions(+), 3 deletions(-)
diff --git a/src/agent.c b/src/agent.c
index 9265ca2..b1fdbf0 100644
@ -113,3 +119,6 @@ index 8f4d538..859d1de 100644
/* Copy a string into its location, with blank character padding. */
static inline void
--
1.8.4

80
l/scute/scute-1.4.0-gpg21.diff → l/scute/0002-Remove-extra-nul-byte-in-signature-data.patch

@ -1,16 +1,32 @@
commit a3a4d5ea80dc34e7a14952380b85be8b1b0bc1e3
Author: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Date: Wed Dec 10 01:24:36 2014 +0100
From 3e13d5493c74427655a7208a7bc4fcbcabda6774 Mon Sep 17 00:00:00 2001
From: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Date: Wed, 28 Jan 2015 16:03:10 +0100
Subject: [PATCH 2/2] Remove extra nul byte in signature data
To: gnupg-devel@gnupg.org
Remove extra nul byte in signature data
GPG Agent prepends a nul byte in the signature value if the first
byte has its most signifiant bit set, to prevent it from being
interpreted as a sign bit. We need to remove that byte when it is
present.
* src/agent.c (scute_agent_sign): Check for extra nul byte at the
beginning of signature data.
--
GPG Agent 2.1 prepends a nul byte in the signature value if the first
byte has its most significant bit set, to prevent it from being
interpreted as a sign bit (see agent_pksign_do, in GnuPG's
agent/pksign.c).
But Scute expects the signature to be always of a fixed size (128 or
256 bytes), and it will reject a signature containing this extra nul
byte.
This patch makes Scute read the effective size of the signature from
the S-expression, and remove the prepended nul byte if present.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
---
src/agent.c | 57 ++++++++++++++++++++++++++++++++-------------------------
1 file changed, 32 insertions(+), 25 deletions(-)
diff --git a/src/agent.c b/src/agent.c
index b1fdbf0..525c2a9 100644
index 9265ca2..547c587 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -981,13 +981,12 @@ pksign_cb (void *opaque, const void *buffer, size_t length)
@ -28,9 +44,9 @@ index b1fdbf0..525c2a9 100644
+#define SIG_MIN_LEN 128
+#define SIG_MAX_LEN 256
static unsigned char sha1_prefix[15] = /* (1.3.14.3.2.26) */
@@ -1033,14 +1032,14 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
/* Call the agent to learn about a smartcard. */
gpg_error_t
@@ -1009,14 +1008,14 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
if (sig_result == NULL)
{
/* FIXME: We return the largest supported size - is that correct? */
@ -47,7 +63,7 @@ index b1fdbf0..525c2a9 100644
return gpg_error (GPG_ERR_INV_ARG);
snprintf (cmd, sizeof (cmd), "SIGKEY %s", grip);
@@ -1092,30 +1091,37 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
@@ -1041,30 +1040,38 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
return err;
/* FIXME: we need a real parser to cope with all kind of S-expressions. */
@ -65,42 +81,46 @@ index b1fdbf0..525c2a9 100644
- else
- {
- if (sig.len != SIG_PREFIX_LEN + SIG_LEN + SIG_POSTFIX_LEN)
+ int data_len;
+ unsigned char *sig_begin;
+ unsigned char *sig_val;
+ unsigned int sig_val_len;
+
+ data_len = atoi(sig.data + SIG_PREFIX_LEN);
+ sig_begin = strchr(sig.data + SIG_PREFIX_LEN, ':');
+ if (!sig_begin) /* Invalid S-expression? */
+ sig_val_len = strtol (sig.data + SIG_PREFIX_LEN, (char **)&sig_val, 10);
+
+ if (*(sig_val++) != ':')
return gpg_error (GPG_ERR_BAD_SIGNATURE);
- if (memcmp (sig.data, SIG_PREFIX, SIG_PREFIX_LEN))
+
+ sig_begin += 1; /* Skip colon. */
+
+ if (sig.len != sig_begin - sig.data + data_len + SIG_POSTFIX_LEN)
+ if (sig.len != sig_val - sig.data + sig_val_len + SIG_POSTFIX_LEN)
return gpg_error (GPG_ERR_BAD_SIGNATURE);
- if (memcmp (sig.data + sig.len - SIG_POSTFIX_LEN,
- SIG_POSTFIX, SIG_POSTFIX_LEN))
+ if (memcmp (sig.data + sig.len - SIG_POSTFIX_LEN, SIG_POSTFIX, SIG_POSTFIX_LEN))
+ if (memcmp (sig.data + sig.len - SIG_POSTFIX_LEN, SIG_POSTFIX,
+ SIG_POSTFIX_LEN))
return gpg_error (GPG_ERR_BAD_SIGNATURE);
- memcpy (sig_result, sig.data + SIG_PREFIX_LEN, SIG_LEN);
- *sig_len = SIG_LEN;
+
+ if ( *sig_begin == 0 && *(sig_begin+1) & 0x80 )
+ if ( *sig_val == 0 && *(sig_val+1) & 0x80 )
+ {
+ /* Remove the extra nul byte that was added to prevent
+ * the signature from being interpreted as a negative value. */
+ sig_begin += 1;
+ data_len -= 1;
+ sig_val += 1;
+ sig_val_len -= 1;
+ }
+
+ memcpy (sig_result, sig_begin, data_len);
+ *sig_len = data_len;
+ if ( sig_val_len > *sig_len )
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+ memcpy (sig_result, sig_val, sig_val_len);
+ *sig_len = sig_val_len;
}
-
-
+ else
+ return gpg_error( GPG_ERR_BAD_SIGNATURE ); /* Unexpected signature prefix. */
+ return gpg_error( GPG_ERR_BAD_SIGNATURE ); /* Unexpected prefix. */
+
return 0;
}
--
1.8.4

6
l/scute/scute.SlackBuild

@ -33,7 +33,7 @@ WGET=${WGET:-http://git.gnupg.org/cgi-bin/gitweb.cgi?p=scute.git;a=snapshot;h=$C
# Build infos
NAMEPKG=${NAMEPKG:-scute}
BUILD=${BUILD:-5GGD}
BUILD=${BUILD:-6GGD}
ARCH=${ARCH:-$(uname -m | sed 's/^i.86$/i486/;s/^arm.*/arm/')}
JOBS=${JOBS:-1}
EXT=${EXT:-txz}
@ -85,9 +85,9 @@ echo "Building $ARCHIVE..."
tar xf $CWD/$ARCHIVE
cd $NAME
# Add support for TLS 1.2 message digest...
patch -p 1 < $CWD/scute-1.4.0-tls12.diff
patch -p 1 < $CWD/0001-Allow-signing-with-other-algorithms-than-MD5-SHA1.patch
# and GnuPG 2.1.x
patch -p 1 < $CWD/scute-1.4.0-gpg21.diff
patch -p 1 < $CWD/0002-Remove-extra-nul-byte-in-signature-data.patch
./autogen.sh
CFLAGS=$CPUOPT \
CXXFLAGS=$CPUOPT \

Loading…
Cancel
Save