diff --git a/package/libkcapi/0001-kcapi-enc.patch b/package/libkcapi/0001-kcapi-enc.patch new file mode 100644 index 00000000..5c5c7faa --- /dev/null +++ b/package/libkcapi/0001-kcapi-enc.patch @@ -0,0 +1,84 @@ +diff -Nurp libkcapi-1.3.1/apps/kcapi-enc.c libkcapi-1.3.1_new/apps/kcapi-enc.c +--- libkcapi-1.3.1/apps/kcapi-enc.c 2021-05-17 20:34:44.000000000 +0800 ++++ libkcapi-1.3.1_new/apps/kcapi-enc.c 2022-01-13 17:12:03.441098213 +0800 +@@ -731,78 +731,9 @@ static int set_key(struct kcapi_handle * + + /* Transform password into a key using PBKDF2. */ + if (passwdptr && passwdlen) { +- uint8_t *saltbuf = NULL; +- uint32_t saltbuflen = 0; +- +- dolog(KCAPI_LOG_DEBUG, "password %s", passwdptr); +- +- /* Determine the number of PBKDF2 iterations. */ +- if (!opts->pbkdf_iterations) { +- opts->pbkdf_iterations = +- kcapi_pbkdf_iteration_count(opts->pbkdf_hash, 0); +- +- dolog(KCAPI_LOG_WARN, "PBKDF2 iterations used: %u", +- opts->pbkdf_iterations); +- } +- +- /* Convert the salt hex representation into binary. */ +- if (opts->salt) { +- ret = hex2bin_alloc(opts->salt, +- (uint32_t)strlen(opts->salt), +- &saltbuf, &saltbuflen); +- if (ret) +- goto out; +- } else { +- /* No salt provided, generate a random number. */ +- struct kcapi_handle *rng; +- uint32_t j = 0; +- +- ret = kcapi_rng_init(&rng, "stdrng", 0); +- if (ret) +- goto out; +- ret = kcapi_rng_seed(rng, NULL, 0); +- if (ret) { +- kcapi_rng_destroy(rng); +- goto out; +- } +- +- saltbuflen = 32; +- saltbuf = malloc(saltbuflen); +- if (!saltbuf) { +- ret = -ENOMEM; +- kcapi_rng_destroy(rng); +- goto out; +- } +- +- while (j < saltbuflen) { +- ret = kcapi_rng_generate(rng, saltbuf, +- saltbuflen); +- if (ret < 0) { +- kcapi_rng_destroy(rng); +- free(saltbuf); +- goto out; +- } +- j += (uint32_t)ret; +- } +- kcapi_rng_destroy(rng); +- +- dolog_bin(KCAPI_LOG_WARN, saltbuf, saltbuflen, +- "PBKDF2 salt used"); +- } +- +- /* +- * PBKDF2 operation: generate a key from password -- +- * reading of sizeof(keybuf) implies 256 bit key. +- */ +- ret = kcapi_pbkdf(opts->pbkdf_hash, passwdptr, passwdlen, +- saltbuf, saltbuflen, opts->pbkdf_iterations, +- keybuf, sizeof(keybuf)); +- free(saltbuf); +- if (ret) +- goto out; +- + have_key = 1; +- keybuflen = sizeof(keybuf); ++ memcpy(keybuf,passwdptr,passwdlen); ++ keybuflen = passwdlen; + + dolog(KCAPI_LOG_VERBOSE, + "Data Encryption Key derived from Password using PBKDF2 using %s with %u iterations", diff --git a/package/libkcapi/libkcapi.hash b/package/libkcapi/libkcapi.hash index b3c2c749..a0618a0b 100644 --- a/package/libkcapi/libkcapi.hash +++ b/package/libkcapi/libkcapi.hash @@ -1,5 +1,6 @@ # Locally calculated sha256 8a08dcbb4d05ede4357cdc9d61c7f2a7f2cd96b7ce2eb41b28e45b2e378267ad libkcapi-1.1.5.tar.xz +sha256 6b57946eb87bc9cfa544140b6c9a12ef9eefa0a16695578aebf3395f0a78bede libkcapi-1.3.1.tar.xz sha256 c6b8402a68999b0f84560ab43cdf60f9ff33c4a9a8ced6a40db9d3b787ba5b4a COPYING sha256 e6d6a009505e345fe949e1310334fcb0747f28dae2856759de102ab66b722cb4 COPYING.gplv2 sha256 13aa749a5b0a454917a944ed8fffc530b784f5ead522b1aacaf4ec8aa55a6239 COPYING.bsd diff --git a/package/libkcapi/libkcapi.mk b/package/libkcapi/libkcapi.mk index 60b3f943..42e1c6b3 100644 --- a/package/libkcapi/libkcapi.mk +++ b/package/libkcapi/libkcapi.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBKCAPI_VERSION = 1.1.5 +LIBKCAPI_VERSION = 1.3.1 LIBKCAPI_SOURCE = libkcapi-$(LIBKCAPI_VERSION).tar.xz LIBKCAPI_SITE = http://www.chronox.de/libkcapi LIBKCAPI_AUTORECONF = YES @@ -16,6 +16,8 @@ LIBKCAPI_CONF_ENV = \ ac_cv_path_DB2PS="" \ ac_cv_path_XMLTO="" +LIBKCAPI_CONF_OPTS += --enable-lib-asym + ifeq ($(BR2_PACKAGE_LIBKCAPI_ENCAPP),y) LIBKCAPI_CONF_OPTS += --enable-kcapi-encapp else