Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Johannes Huber <johu@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:kdeapps-4.14-cleanup commit in: kde-apps/kwalletd/files/
Date: Wed, 25 May 2016 22:24:13
Message-Id: 1464215007.6277d1b7f1c2abf4e61a516642c211c51fbc3fe3.johu@gentoo
1 commit: 6277d1b7f1c2abf4e61a516642c211c51fbc3fe3
2 Author: Johannes Huber <johu <AT> gentoo <DOT> org>
3 AuthorDate: Wed May 25 21:49:13 2016 +0000
4 Commit: Johannes Huber <johu <AT> gentoo <DOT> org>
5 CommitDate: Wed May 25 22:23:27 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6277d1b7
7
8 kde-apps: Remove KDE Applications 4.14.3
9
10 With some exceptions.
11
12 Package-Manager: portage-2.3.0_rc1
13
14 .../files/kwalletd-4.14.3-CVE-2013-7252.patch | 777 ---------------------
15 .../files/kwalletd-4.14.3-fix-random-open.patch | 152 ----
16 2 files changed, 929 deletions(-)
17
18 diff --git a/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch b/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch
19 deleted file mode 100644
20 index 9019e17..0000000
21 --- a/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch
22 +++ /dev/null
23 @@ -1,777 +0,0 @@
24 -From 466859302095a4ee4a9214ab24144eab7697224f Mon Sep 17 00:00:00 2001
25 -From: Valentin Rusu <kde@××××.info>
26 -Date: Mon, 5 Jan 2015 23:00:58 +0100
27 -Subject: [PATCH] Backporting CBC algorithm fix from frameworks/kwallet
28 -
29 -The CBC algorithm was not enrcrypting in CBC but in ECB, despite it being
30 -named CBC. This problem was found by Itay Duvdevani who let us know it on the
31 -security mailing list. His mail eventually got forwarded to me and here is the
32 -fix. I also fixed the test program which was incorrectly checking the
33 -expected bytes.
34 -
35 -This commit corresponds to the following commits from:
36 -frameworks/kwallet
37 - 88bc1ff01e5fdf59a13fe012aa03e31e9eb8a3b1
38 - 6e588d795e6631c3c9d84d85fd3884a159b45849
39 ----
40 - kwalletd/backend/backendpersisthandler.cpp | 67 ++++---
41 - kwalletd/backend/backendpersisthandler.h | 4 +-
42 - kwalletd/backend/cbc.cc | 273 ++++++++++++++++++-----------
43 - kwalletd/backend/cbc.h | 44 ++---
44 - kwalletd/backend/tests/testbf.cpp | 96 +++++-----
45 - 5 files changed, 279 insertions(+), 205 deletions(-)
46 -
47 -diff --git a/kwalletd/backend/backendpersisthandler.cpp b/kwalletd/backend/backendpersisthandler.cpp
48 -index 126210a..5c321c9 100644
49 ---- a/kwalletd/backend/backendpersisthandler.cpp
50 -+++ b/kwalletd/backend/backendpersisthandler.cpp
51 -@@ -40,14 +40,15 @@
52 - #include "sha1.h"
53 - #include "cbc.h"
54 -
55 --#ifdef Q_OS_WIN
56 -+#ifdef Q_OS_WIN
57 - #include <windows.h>
58 - #include <wincrypt.h>
59 - #endif
60 -
61 --#define KWALLET_CIPHER_BLOWFISH_CBC 0
62 -+#define KWALLET_CIPHER_BLOWFISH_ECB 0 // this was the old KWALLET_CIPHER_BLOWFISH_CBC
63 - #define KWALLET_CIPHER_3DES_CBC 1 // unsupported
64 - #define KWALLET_CIPHER_GPG 2
65 -+#define KWALLET_CIPHER_BLOWFISH_CBC 3
66 -
67 - #define KWALLET_HASH_SHA1 0
68 - #define KWALLET_HASH_MD5 1 // unsupported
69 -@@ -164,13 +165,18 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(BackendCipherTyp
70 - return 0;
71 - }
72 - }
73 --
74 -+
75 - BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12])
76 - {
77 -- if (magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC &&
78 -+ if ((magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB || magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC) &&
79 - (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) {
80 -- if (0 == blowfishHandler)
81 -- blowfishHandler = new BlowfishPersistHandler;
82 -+ if (0 == blowfishHandler) {
83 -+ bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB;
84 -+ if (useECBforReading) {
85 -+ qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save.";
86 -+ }
87 -+ blowfishHandler = new BlowfishPersistHandler(useECBforReading);
88 -+ }
89 - return blowfishHandler;
90 - }
91 - #ifdef HAVE_QGPGME
92 -@@ -183,11 +189,16 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12
93 - #endif // HAVE_QGPGME
94 - return 0; // unknown cipher or hash
95 - }
96 --
97 -+
98 - int BlowfishPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WId)
99 - {
100 - assert(wb->_cipherType == BACKEND_CIPHER_BLOWFISH);
101 -
102 -+ if (_useECBforReading) {
103 -+ qDebug() << "This wallet used ECB and is now saved using CBC";
104 -+ _useECBforReading = false;
105 -+ }
106 -+
107 - version[2] = KWALLET_CIPHER_BLOWFISH_CBC;
108 - if(!wb->_useNewHash) {
109 - version[3] = KWALLET_HASH_SHA1;
110 -@@ -358,7 +369,7 @@ int BlowfishPersistHandler::read(Backend* wb, QFile& db, WId)
111 - assert(encrypted.size() < db.size());
112 -
113 - BlowFish _bf;
114 -- CipherBlockChain bf(&_bf);
115 -+ CipherBlockChain bf(&_bf, _useECBforReading);
116 - int blksz = bf.blockSize();
117 - if ((encrypted.size() % blksz) != 0) {
118 - return -5; // invalid file structure
119 -@@ -502,7 +513,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI
120 - sf.abort();
121 - return -5;
122 - }
123 --
124 -+
125 - boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
126 - if (0 == ctx) {
127 - kDebug() << "Cannot setup OpenPGP context!";
128 -@@ -511,7 +522,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI
129 - }
130 -
131 - assert(wb->_cipherType == BACKEND_CIPHER_GPG);
132 --
133 -+
134 - QByteArray hashes;
135 - QDataStream hashStream(&hashes, QIODevice::WriteOnly);
136 - KMD5 md5;
137 -@@ -549,7 +560,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI
138 - dataStream << keyID;
139 - dataStream << hashes;
140 - dataStream << values;
141 --
142 -+
143 - GpgME::Data decryptedData(dataBuffer.data(), dataBuffer.size(), false);
144 - GpgME::Data encryptedData;
145 - std::vector< GpgME::Key > keys;
146 -@@ -574,7 +585,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI
147 - return -4; // write error
148 - }
149 - }
150 --
151 -+
152 - return 0;
153 - }
154 -
155 -@@ -596,7 +607,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
156 - while (bytes = sf.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){
157 - encryptedData.write(buffer, bytes);
158 - }
159 --
160 -+
161 - retry_label:
162 - boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
163 - if (0 == ctx) {
164 -@@ -620,13 +631,13 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
165 - }
166 - return -1;
167 - }
168 --
169 -+
170 - decryptedData.seek(0, SEEK_SET);
171 - QByteArray dataBuffer;
172 - while (bytes = decryptedData.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){
173 - dataBuffer.append(buffer, bytes);
174 - }
175 --
176 -+
177 - // load the wallet from the decrypted data
178 - QDataStream dataStream(dataBuffer);
179 - QString keyID;
180 -@@ -661,10 +672,10 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
181 - return -1;
182 - }
183 -
184 --
185 -+
186 - QDataStream hashStream(hashes);
187 - QDataStream valueStream(values);
188 --
189 -+
190 - quint32 hashCount;
191 - hashStream >> hashCount;
192 - if (hashCount > 0xFFFF) {
193 -@@ -675,10 +686,10 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
194 - while (hashCount--){
195 - KMD5::Digest d;
196 - hashStream.readRawData(reinterpret_cast<char *>(d), 16);
197 --
198 -+
199 - quint32 folderSize;
200 - hashStream >> folderSize;
201 --
202 -+
203 - MD5Digest ba = MD5Digest(reinterpret_cast<char *>(d));
204 - QMap<MD5Digest, QList<MD5Digest> >::iterator it = wb->_hashes.insert(ba, QList<MD5Digest>());
205 - while (folderSize--){
206 -@@ -688,27 +699,27 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
207 - (*it).append(ba);
208 - }
209 - }
210 --
211 -+
212 - while (folderCount--){
213 - QString folder;
214 - valueStream >> folder;
215 --
216 -+
217 - quint32 entryCount;
218 - valueStream >> entryCount;
219 --
220 -+
221 - wb->_entries[folder].clear();
222 --
223 -+
224 - while (entryCount--){
225 - KWallet::Wallet::EntryType et = KWallet::Wallet::Unknown;
226 - Entry *e = new Entry;
227 --
228 -+
229 - QString key;
230 - valueStream >> key;
231 --
232 -+
233 - qint32 x =0; // necessary to read properly
234 - valueStream >> x;
235 - et = static_cast<KWallet::Wallet::EntryType>(x);
236 --
237 -+
238 - switch (et) {
239 - case KWallet::Wallet::Password:
240 - case KWallet::Wallet::Stream:
241 -@@ -718,7 +729,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
242 - delete e;
243 - continue;
244 - }
245 --
246 -+
247 - QByteArray a;
248 - valueStream >> a;
249 - e->setValue(a);
250 -@@ -727,7 +738,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
251 - wb->_entries[folder][key] = e;
252 - }
253 - }
254 --
255 -+
256 - wb->_open = true;
257 -
258 - return 0;
259 -diff --git a/kwalletd/backend/backendpersisthandler.h b/kwalletd/backend/backendpersisthandler.h
260 -index a33db48..11d67f2 100644
261 ---- a/kwalletd/backend/backendpersisthandler.h
262 -+++ b/kwalletd/backend/backendpersisthandler.h
263 -@@ -60,11 +60,13 @@ public:
264 -
265 - class BlowfishPersistHandler : public BackendPersistHandler {
266 - public:
267 -- BlowfishPersistHandler() {}
268 -+ explicit BlowfishPersistHandler(bool useECBforReading =false) : _useECBforReading(useECBforReading) {}
269 - virtual ~BlowfishPersistHandler() {}
270 -
271 - virtual int write(Backend* wb, KSaveFile& sf, QByteArray& version, WId w);
272 - virtual int read(Backend* wb, QFile& sf, WId w);
273 -+private:
274 -+ bool _useECBforReading;
275 - };
276 -
277 - #ifdef HAVE_QGPGME
278 -diff --git a/kwalletd/backend/cbc.cc b/kwalletd/backend/cbc.cc
279 -index 7bc5f38..772f3de 100644
280 ---- a/kwalletd/backend/cbc.cc
281 -+++ b/kwalletd/backend/cbc.cc
282 -@@ -1,149 +1,212 @@
283 - /* This file is part of the KDE project
284 - Copyright (C) 2001 George Staikos <staikos@×××.org>
285 --
286 -+
287 - This library is free software; you can redistribute it and/or
288 - modify it under the terms of the GNU Library General Public
289 - License as published by the Free Software Foundation; either
290 - version 2 of the License, or (at your option) any later version.
291 --
292 -+
293 - This library is distributed in the hope that it will be useful,
294 - but WITHOUT ANY WARRANTY; without even the implied warranty of
295 - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
296 - Library General Public License for more details.
297 --
298 -+
299 - You should have received a copy of the GNU Library General Public License
300 - along with this library; see the file COPYING.LIB. If not, write to
301 - the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
302 - Boston, MA 02110-1301, USA.
303 - */
304 -
305 --
306 - #include "cbc.h"
307 - #include <string.h>
308 --
309 --
310 --
311 --CipherBlockChain::CipherBlockChain(BlockCipher *cipher) : _cipher(cipher) {
312 -- _next = 0L;
313 -- _register = 0L;
314 -- _len = -1;
315 -- _reader = _writer = 0L;
316 -- if (cipher) {
317 -- _blksz = cipher->blockSize();
318 -- }
319 -+#include <kdebug.h>
320 -+
321 -+CipherBlockChain::CipherBlockChain(BlockCipher *cipher, bool useECBforReading) :
322 -+ _cipher(cipher)
323 -+ , _useECBforReading(useECBforReading)
324 -+{
325 -+ _next = 0L;
326 -+ _register = 0L;
327 -+ _len = -1;
328 -+ _reader = _writer = 0L;
329 -+ if (cipher) {
330 -+ _blksz = cipher->blockSize();
331 -+ }
332 - }
333 -
334 --
335 --CipherBlockChain::~CipherBlockChain() {
336 -- delete[] (char *)_register;
337 -- _register = 0L;
338 -- delete[] (char *)_next;
339 -- _next = 0L;
340 -+CipherBlockChain::~CipherBlockChain()
341 -+{
342 -+ delete[](char *)_register;
343 -+ _register = 0L;
344 -+ delete[](char *)_next;
345 -+ _next = 0L;
346 - }
347 -
348 --
349 --bool CipherBlockChain::setKey(void *key, int bitlength) {
350 -- if (_cipher) {
351 -- return _cipher->setKey(key, bitlength);
352 -- }
353 -- return false;
354 -+bool CipherBlockChain::setKey(void *key, int bitlength)
355 -+{
356 -+ if (_cipher) {
357 -+ return _cipher->setKey(key, bitlength);
358 -+ }
359 -+ return false;
360 - }
361 -
362 --
363 --int CipherBlockChain::keyLen() const {
364 -- if (_cipher) {
365 -- return _cipher->keyLen();
366 -- }
367 -- return -1;
368 -+int CipherBlockChain::keyLen() const
369 -+{
370 -+ if (_cipher) {
371 -+ return _cipher->keyLen();
372 -+ }
373 -+ return -1;
374 - }
375 -
376 --
377 --bool CipherBlockChain::variableKeyLen() const {
378 -- if (_cipher) {
379 -- return _cipher->variableKeyLen();
380 -- }
381 -- return false;
382 -+bool CipherBlockChain::variableKeyLen() const
383 -+{
384 -+ if (_cipher) {
385 -+ return _cipher->variableKeyLen();
386 -+ }
387 -+ return false;
388 - }
389 -
390 --
391 --bool CipherBlockChain::readyToGo() const {
392 -- if (_cipher) {
393 -- return _cipher->readyToGo();
394 -- }
395 -- return false;
396 -+bool CipherBlockChain::readyToGo() const
397 -+{
398 -+ if (_cipher) {
399 -+ return _cipher->readyToGo();
400 -+ }
401 -+ return false;
402 - }
403 -
404 --
405 --int CipherBlockChain::encrypt(void *block, int len) {
406 -- if (_cipher && !_reader) {
407 -- int rc;
408 --
409 -- _writer |= 1;
410 --
411 -- if (!_register) {
412 -- _register = new unsigned char[len];
413 -- _len = len;
414 -- memset(_register, 0, len);
415 -- } else if (len > _len) {
416 -- return -1;
417 -- }
418 --
419 -- // This might be optimizable
420 -- char *tb = (char *)block;
421 -- for (int i = 0; i < len; i++) {
422 -- tb[i] ^= ((char *)_register)[i];
423 -- }
424 --
425 -- rc = _cipher->encrypt(block, len);
426 --
427 -- if (rc != -1) {
428 -- memcpy(_register, block, len);
429 -- }
430 --
431 -- return rc;
432 -- }
433 -- return -1;
434 -+void CipherBlockChain::initRegister() {
435 -+ if (_register == 0L) {
436 -+ size_t registerLen = _cipher->blockSize();
437 -+ _register = new unsigned char[registerLen];
438 -+ _len = registerLen;
439 -+ }
440 -+ memset(_register, 0, _len);
441 - }
442 -
443 -+int CipherBlockChain::encrypt(void *block, int len)
444 -+{
445 -+ if (_cipher && !_reader) {
446 -+ int rc;
447 -
448 --int CipherBlockChain::decrypt(void *block, int len) {
449 -- if (_cipher && !_writer) {
450 -- int rc;
451 -+ _writer |= 1;
452 -
453 -- _reader |= 1;
454 -+ initRegister();
455 -
456 -- if (!_register) {
457 -- _register = new unsigned char[len];
458 -- _len = len;
459 -- memset(_register, 0, len);
460 -- } else if (len > _len) {
461 -- return -1;
462 -- }
463 -+ if ((len % _len) >0) {
464 -+ kDebug() << "Block length given encrypt (" << len << ") is not a multiple of " << _len;
465 -+ return -1;
466 -+ }
467 -
468 -- if (!_next)
469 -- _next = new unsigned char[_len];
470 -- memcpy(_next, block, _len);
471 -+ char *elemBlock = static_cast<char*>(block);
472 -+ for (int b = 0; b < len/_len; b++) {
473 -
474 -- rc = _cipher->decrypt(block, len);
475 -+ // This might be optimizable
476 -+ char *tb = static_cast<char*>(elemBlock);
477 -+ for (int i = 0; i < _len; i++) {
478 -+ *tb++ ^= ((char *)_register)[i];
479 -+ }
480 -
481 -- if (rc != -1) {
482 -- // This might be optimizable
483 -- char *tb = (char *)block;
484 -- for (int i = 0; i < len; i++) {
485 -- tb[i] ^= ((char *)_register)[i];
486 -- }
487 -- }
488 -+ rc = _cipher->encrypt(elemBlock, _len);
489 -
490 -- void *temp;
491 -- temp = _next;
492 -- _next = _register;
493 -- _register = temp;
494 -+ if (rc != -1) {
495 -+ memcpy(_register, elemBlock, _len);
496 -+ }
497 -+ elemBlock += _len;
498 -+ }
499 -
500 -- return rc;
501 -- }
502 -- return -1;
503 -+ return rc;
504 -+ }
505 -+ return -1;
506 - }
507 -
508 -+// This is the old decrypt method, that was decrypting using ECB
509 -+// instead of CBC
510 -+int CipherBlockChain::decryptECB(void *block, int len) {
511 -+ if (_cipher && !_writer) {
512 -+ int rc;
513 -+
514 -+ _reader |= 1;
515 -+
516 -+ if (!_register) {
517 -+ _register = new unsigned char[len];
518 -+ _len = len;
519 -+ memset(_register, 0, len);
520 -+ } else if (len > _len) {
521 -+ return -1;
522 -+ }
523 -+
524 -+ if (!_next) {
525 -+ _next = new unsigned char[_len];
526 -+ }
527 -+ memcpy(_next, block, _len);
528 -+
529 -+ rc = _cipher->decrypt(block, len);
530 -+
531 -+ if (rc != -1) {
532 -+ // This might be optimizable
533 -+ char *tb = (char *)block;
534 -+ for (int i = 0; i < len; i++) {
535 -+ tb[i] ^= ((char *)_register)[i];
536 -+ }
537 -+ }
538 -+
539 -+ void *temp;
540 -+ temp = _next;
541 -+ _next = _register;
542 -+ _register = temp;
543 -+
544 -+ return rc;
545 -+ }
546 -+ return -1;
547 -+}
548 -
549 --
550 -+int CipherBlockChain::decrypt(void *block, int len)
551 -+{
552 -+ if (_useECBforReading) {
553 -+ kDebug() << "decrypting using ECB!";
554 -+ return decryptECB(block, len);
555 -+ }
556 -+
557 -+ if (_cipher && !_writer) {
558 -+ int rc = 0;
559 -+
560 -+ _reader |= 1;
561 -+
562 -+ initRegister();
563 -+
564 -+ if ((len % _len) >0) {
565 -+ kDebug() << "Block length given for decrypt (" << len << ") is not a multiple of " << _len;
566 -+ return -1;
567 -+ }
568 -+
569 -+ char *elemBlock = static_cast<char*>(block);
570 -+ for (int b = 0; b < len/_len; b++) {
571 -+ if (_next == 0L) {
572 -+ _next = new unsigned char[_len];
573 -+ }
574 -+ memcpy(_next, elemBlock, _len);
575 -+
576 -+ int bytesDecrypted = _cipher->decrypt(elemBlock, _len);
577 -+
578 -+ if (bytesDecrypted != -1) {
579 -+ rc += bytesDecrypted;
580 -+ // This might be optimizable
581 -+ char *tb = (char *)elemBlock;
582 -+ for (int i = 0; i < _len; i++) {
583 -+ *tb++ ^= ((char *)_register)[i];
584 -+ }
585 -+ }
586 -+
587 -+ void *temp;
588 -+ temp = _next;
589 -+ _next = _register;
590 -+ _register = temp;
591 -+
592 -+ elemBlock += _len;
593 -+ }
594 -+
595 -+ return rc;
596 -+ }
597 -+ return -1;
598 -+}
599 -
600 -diff --git a/kwalletd/backend/cbc.h b/kwalletd/backend/cbc.h
601 -index 1ce971a..8750785 100644
602 ---- a/kwalletd/backend/cbc.h
603 -+++ b/kwalletd/backend/cbc.h
604 -@@ -1,24 +1,22 @@
605 - /* This file is part of the KDE project
606 - Copyright (C) 2001 George Staikos <staikos@×××.org>
607 --
608 -+
609 - This library is free software; you can redistribute it and/or
610 - modify it under the terms of the GNU Library General Public
611 - License as published by the Free Software Foundation; either
612 - version 2 of the License, or (at your option) any later version.
613 --
614 -+
615 - This library is distributed in the hope that it will be useful,
616 - but WITHOUT ANY WARRANTY; without even the implied warranty of
617 - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
618 - Library General Public License for more details.
619 --
620 -+
621 - You should have received a copy of the GNU Library General Public License
622 - along with this library; see the file COPYING.LIB. If not, write to
623 - the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
624 - Boston, MA 02110-1301, USA.
625 - */
626 -
627 --
628 --
629 - #ifndef __CBC__KO__H
630 - #define __CBC__KO__H
631 -
632 -@@ -33,30 +31,34 @@
633 - * calls to the other will fail in this instance.
634 - */
635 -
636 --class CipherBlockChain : public BlockCipher {
637 -- public:
638 -- CipherBlockChain(BlockCipher *cipher);
639 -- virtual ~CipherBlockChain();
640 -+class CipherBlockChain : public BlockCipher
641 -+{
642 -+public:
643 -+ CipherBlockChain(BlockCipher *cipher, bool useECBforReading =false);
644 -+ virtual ~CipherBlockChain();
645 -
646 -- virtual bool setKey(void *key, int bitlength);
647 -+ virtual bool setKey(void *key, int bitlength);
648 -
649 -- virtual int keyLen() const;
650 -+ virtual int keyLen() const;
651 -
652 -- virtual bool variableKeyLen() const;
653 -+ virtual bool variableKeyLen() const;
654 -
655 -- virtual bool readyToGo() const;
656 -+ virtual bool readyToGo() const;
657 -
658 -- virtual int encrypt(void *block, int len);
659 -+ virtual int encrypt(void *block, int len);
660 -
661 -- virtual int decrypt(void *block, int len);
662 -+ virtual int decrypt(void *block, int len);
663 -
664 -- private:
665 -- BlockCipher *_cipher;
666 -- void *_register;
667 -- void *_next;
668 -- int _len;
669 -- int _reader, _writer;
670 -+private:
671 -+ void initRegister();
672 -+ int decryptECB(void *block, int len);
673 -
674 -+ BlockCipher *_cipher;
675 -+ void *_register;
676 -+ void *_next;
677 -+ int _len;
678 -+ int _reader, _writer;
679 -+ bool _useECBforReading;
680 - };
681 -
682 - #endif
683 -diff --git a/kwalletd/backend/tests/testbf.cpp b/kwalletd/backend/tests/testbf.cpp
684 -index 12dc746..b3d554a 100644
685 ---- a/kwalletd/backend/tests/testbf.cpp
686 -+++ b/kwalletd/backend/tests/testbf.cpp
687 -@@ -4,64 +4,60 @@
688 - #include "blowfish.h"
689 - #include "cbc.h"
690 -
691 --
692 --int main() {
693 --BlockCipher *bf;
694 --char data[] = "This is a test.";
695 --char expect[] = "\x22\x30\x7e\x2f\x42\x28\x44\x01\xda\xdf\x5a\x81\xd7\xe5\x7c\xd0";
696 --char key[] = "testkey";
697 --unsigned long et[] = {0x11223344};
698 --
699 -- printf("%d: 0x11 == %d and 0x44 == %d\n", ((unsigned char *)et)[0],
700 -- 0x11, 0x44);
701 -- bf = new BlowFish();
702 -+int main()
703 -+{
704 -+ BlockCipher *bf;
705 -+ char data[] = "This is a test.";
706 -+ char expect[] = "\x3f\x3c\x2d\xae\x8c\x7\x84\xf2\xa7\x6d\x28\xbd\xd\xb\xb8\x79";
707 -+ char key[] = "testkey";
708 -+ unsigned long et[] = {0x11223344};
709 -+
710 -+ printf("%d: 0x11 == %d and 0x44 == %d\n", ((unsigned char *)et)[0],
711 -+ 0x11, 0x44);
712 -+ bf = new BlowFish();
713 - // bf = new CipherBlockChain(new BlowFish());
714 -
715 -- bf->setKey((void *)key, 7*8);
716 --
717 -- if (!bf->readyToGo()) {
718 -- printf("Error: not ready to go!\n");
719 -- return -1;
720 -- }
721 -+ bf->setKey((void *)key, 7 * 8);
722 -
723 -- printf("About to encrypt...\n"); fflush(stdout);
724 -- if (-1 == bf->encrypt((void *)data, 8)) {
725 -- printf("Error: encrypt failed!\n");
726 -- return -1;
727 -- }
728 -- printf("About to encrypt part 2...\n"); fflush(stdout);
729 -- bf->encrypt((void *)(data+8), 8);
730 --
731 -- printf("Encryption done. data[] is now: ");
732 -- for (int i = 0; i < 16; i++) {
733 -- printf("0x%x ", data[i]&0xff);
734 -- if ((data[i]&0xff) != (expect[i]&0xff)) {
735 -- printf("Error. This byte failed the comparison. It should have been 0x%x.\n", expect[i]&0xff);
736 -+ if (!bf->readyToGo()) {
737 -+ printf("Error: not ready to go!\n");
738 - return -1;
739 -- }
740 -- }
741 -- printf("\n");
742 -+ }
743 -
744 -- delete bf;
745 -- bf = new BlowFish();
746 -+ printf("About to encrypt...\n"); fflush(stdout);
747 -+ if (-1 == bf->encrypt((void *)data, 16)) {
748 -+ printf("Error: encrypt failed!\n");
749 -+ return -1;
750 -+ }
751 -+
752 -+ printf("Encryption done. data[] is now: ");
753 -+ for (int i = 0; i < 16; i++) {
754 -+ printf("0x%x ", data[i] & 0xff);
755 -+ if ((data[i] & 0xff) != (expect[i] & 0xff)) {
756 -+ printf("Error. This byte failed the comparison. It should have been 0x%x.\n", expect[i] & 0xff);
757 -+ break;
758 -+ }
759 -+ }
760 -+ printf("\n");
761 -+
762 -+ delete bf;
763 -+ bf = new BlowFish();
764 - // bf = new CipherBlockChain(new BlowFish());
765 -- bf->setKey((void *)key, 7*8);
766 -+ bf->setKey((void *)key, 7 * 8);
767 -
768 -- printf("About to decrypt...\n"); fflush(stdout);
769 -- if (-1 == bf->decrypt((void *)data, 16)) {
770 -- printf("Error: decrypt failed!\n");
771 -- return -1;
772 -- }
773 -- //bf->decrypt((void *)(data+8), 8);
774 -+ printf("About to decrypt...\n"); fflush(stdout);
775 -+ if (-1 == bf->decrypt((void *)data, 16)) {
776 -+ printf("Error: decrypt failed!\n");
777 -+ return -1;
778 -+ }
779 -+ //bf->decrypt((void *)(data+8), 8);
780 -
781 -- printf("All done! Result... data[] = \"%s\"\n", data);
782 -- if (strcmp(data, "This is a test.")) {
783 -- printf("ERROR. Decryption failed.\n");
784 -- return -1;
785 -- }
786 -+ printf("All done! Result... data[] = \"%s\"\n", data);
787 -+ if (strcmp(data, "This is a test.")) {
788 -+ printf("ERROR. Decryption failed.\n");
789 -+ return -1;
790 -+ }
791 -
792 -- delete bf;
793 -+ delete bf;
794 - }
795 -
796 --
797 --
798 ---
799 -2.2.1
800 -
801
802 diff --git a/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch b/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch
803 deleted file mode 100644
804 index 7443e3f..0000000
805 --- a/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch
806 +++ /dev/null
807 @@ -1,152 +0,0 @@
808 -commit 33a17ba0104cd94f2e33a3ac007b300553cdb417
809 -Author: Valentin Rusu <kde@××××.info>
810 -Date: Mon Feb 16 22:44:07 2015 +0100
811 -
812 - Fix for the random wallet open failure when updating
813 -
814 - The problem seems to be caused by the use of BackendPersistHandler
815 - singleton when the user has several wallets on his system and not
816 - all of them have been updated to the new schema.
817 -
818 - BUG: 343718
819 -
820 -diff --git a/kwalletd/backend/backendpersisthandler.cpp b/kwalletd/backend/backendpersisthandler.cpp
821 -index 5c321c9..b7f63f8 100644
822 ---- a/kwalletd/backend/backendpersisthandler.cpp
823 -+++ b/kwalletd/backend/backendpersisthandler.cpp
824 -@@ -140,25 +140,14 @@ static int getRandomBlock(QByteArray& randBlock) {
825 - #endif
826 - }
827 -
828 --
829 --
830 --static BlowfishPersistHandler *blowfishHandler =0;
831 --#ifdef HAVE_QGPGME
832 --static GpgPersistHandler *gpgHandler =0;
833 --#endif // HAVE_QGPGME
834 --
835 - BackendPersistHandler *BackendPersistHandler::getPersistHandler(BackendCipherType cipherType)
836 - {
837 - switch (cipherType){
838 - case BACKEND_CIPHER_BLOWFISH:
839 -- if (0 == blowfishHandler)
840 -- blowfishHandler = new BlowfishPersistHandler;
841 -- return blowfishHandler;
842 -+ return new BlowfishPersistHandler;
843 - #ifdef HAVE_QGPGME
844 - case BACKEND_CIPHER_GPG:
845 -- if (0 == gpgHandler)
846 -- gpgHandler = new GpgPersistHandler;
847 -- return gpgHandler;
848 -+ return new GpgPersistHandler;
849 - #endif // HAVE_QGPGME
850 - default:
851 - Q_ASSERT(0);
852 -@@ -170,21 +159,16 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12
853 - {
854 - if ((magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB || magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC) &&
855 - (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) {
856 -- if (0 == blowfishHandler) {
857 -- bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB;
858 -- if (useECBforReading) {
859 -- qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save.";
860 -- }
861 -- blowfishHandler = new BlowfishPersistHandler(useECBforReading);
862 -+ bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB;
863 -+ if (useECBforReading) {
864 -+ qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save.";
865 - }
866 -- return blowfishHandler;
867 -+ return new BlowfishPersistHandler(useECBforReading);
868 - }
869 - #ifdef HAVE_QGPGME
870 - if (magicBuf[2] == KWALLET_CIPHER_GPG &&
871 - magicBuf[3] == 0) {
872 -- if (0 == gpgHandler)
873 -- gpgHandler = new GpgPersistHandler;
874 -- return gpgHandler;
875 -+ return new GpgPersistHandler;
876 - }
877 - #endif // HAVE_QGPGME
878 - return 0; // unknown cipher or hash
879 -diff --git a/kwalletd/backend/kwalletbackend.cc b/kwalletd/backend/kwalletbackend.cc
880 -index 7d439e3..9240103 100644
881 ---- a/kwalletd/backend/kwalletbackend.cc
882 -+++ b/kwalletd/backend/kwalletbackend.cc
883 -@@ -266,7 +266,7 @@ int Backend::open(const QByteArray& password, WId w) {
884 - if (_open) {
885 - return -255; // already open
886 - }
887 --
888 -+
889 - setPassword(password);
890 - return openInternal(w);
891 - }
892 -@@ -287,20 +287,20 @@ int Backend::openPreHashed(const QByteArray &passwordHash)
893 - if (_open) {
894 - return -255; // already open
895 - }
896 --
897 -+
898 - // check the password hash for correct size (currently fixed)
899 - if (passwordHash.size() != 20 && passwordHash.size() != 40 &&
900 - passwordHash.size() != 56) {
901 - return -42; // unsupported encryption scheme
902 - }
903 --
904 -+
905 - _passhash = passwordHash;
906 - _newPassHash = passwordHash;
907 - _useNewHash = true;//Only new hash is supported
908 -
909 - return openInternal();
910 - }
911 --
912 -+
913 - int Backend::openInternal(WId w)
914 - {
915 - // No wallet existed. Let's create it.
916 -@@ -350,7 +350,9 @@ int Backend::openInternal(WId w)
917 - if (0 == phandler){
918 - return 42; // unknown cipher or hash
919 - }
920 -- return phandler->read(this, db, w);
921 -+ int result = phandler->read(this, db, w);
922 -+ delete phandler;
923 -+ return result;
924 - }
925 -
926 - void Backend::swapToNewHash()
927 -@@ -427,6 +429,7 @@ int Backend::sync(WId w) {
928 - notification->setText( i18n("Failed to sync wallet <b>%1</b> to disk. Error codes are:\nRC <b>%2</b>\nSF <b>%3</b>. Please file a BUG report using this information to bugs.kde.org").arg(_name).arg(rc).arg(sf.errorString()) );
929 - notification->sendEvent();
930 - }
931 -+ delete phandler;
932 - return rc;
933 - }
934 -
935 -@@ -439,7 +442,7 @@ int Backend::close(bool save) {
936 - return rc;
937 - }
938 - }
939 --
940 -+
941 - // do the actual close
942 - for (FolderMap::ConstIterator i = _entries.constBegin(); i != _entries.constEnd(); ++i) {
943 - for (EntryMap::ConstIterator j = i.value().constBegin(); j != i.value().constEnd(); ++j) {
944 -@@ -447,13 +450,13 @@ int Backend::close(bool save) {
945 - }
946 - }
947 - _entries.clear();
948 --
949 -+
950 - // empty the password hash
951 - _passhash.fill(0);
952 - _newPassHash.fill(0);
953 -
954 - _open = false;
955 --
956 -+
957 - return 0;
958 - }
959 -
Report Message
Find on MARC Find on Google Groups