Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Johannes Huber <johu@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: kde-apps/kwalletd/files/
Date: Fri, 08 Jul 2016 21:02:33
Message-Id: 1468011738.128e87dc2b3fd3cd715ff4c79291595135ce1641.johu@gentoo
1 commit: 128e87dc2b3fd3cd715ff4c79291595135ce1641
2 Author: Johannes Huber <johu <AT> gentoo <DOT> org>
3 AuthorDate: Fri Jul 8 21:02:03 2016 +0000
4 Commit: Johannes Huber <johu <AT> gentoo <DOT> org>
5 CommitDate: Fri Jul 8 21:02:18 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=128e87dc
7
8 kde-apps/kwalletd: Remove unused patches
9
10 Package-Manager: portage-2.3.0
11
12 .../files/kwalletd-4.14.3-CVE-2013-7252.patch | 777 ---------------------
13 .../files/kwalletd-4.14.3-fix-random-open.patch | 152 ----
14 2 files changed, 929 deletions(-)
15
16 diff --git a/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch b/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch
17 deleted file mode 100644
18 index 9019e17..0000000
19 --- a/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch
20 +++ /dev/null
21 @@ -1,777 +0,0 @@
22 -From 466859302095a4ee4a9214ab24144eab7697224f Mon Sep 17 00:00:00 2001
23 -From: Valentin Rusu <kde@××××.info>
24 -Date: Mon, 5 Jan 2015 23:00:58 +0100
25 -Subject: [PATCH] Backporting CBC algorithm fix from frameworks/kwallet
26 -
27 -The CBC algorithm was not enrcrypting in CBC but in ECB, despite it being
28 -named CBC. This problem was found by Itay Duvdevani who let us know it on the
29 -security mailing list. His mail eventually got forwarded to me and here is the
30 -fix. I also fixed the test program which was incorrectly checking the
31 -expected bytes.
32 -
33 -This commit corresponds to the following commits from:
34 -frameworks/kwallet
35 - 88bc1ff01e5fdf59a13fe012aa03e31e9eb8a3b1
36 - 6e588d795e6631c3c9d84d85fd3884a159b45849
37 ----
38 - kwalletd/backend/backendpersisthandler.cpp | 67 ++++---
39 - kwalletd/backend/backendpersisthandler.h | 4 +-
40 - kwalletd/backend/cbc.cc | 273 ++++++++++++++++++-----------
41 - kwalletd/backend/cbc.h | 44 ++---
42 - kwalletd/backend/tests/testbf.cpp | 96 +++++-----
43 - 5 files changed, 279 insertions(+), 205 deletions(-)
44 -
45 -diff --git a/kwalletd/backend/backendpersisthandler.cpp b/kwalletd/backend/backendpersisthandler.cpp
46 -index 126210a..5c321c9 100644
47 ---- a/kwalletd/backend/backendpersisthandler.cpp
48 -+++ b/kwalletd/backend/backendpersisthandler.cpp
49 -@@ -40,14 +40,15 @@
50 - #include "sha1.h"
51 - #include "cbc.h"
52 -
53 --#ifdef Q_OS_WIN
54 -+#ifdef Q_OS_WIN
55 - #include <windows.h>
56 - #include <wincrypt.h>
57 - #endif
58 -
59 --#define KWALLET_CIPHER_BLOWFISH_CBC 0
60 -+#define KWALLET_CIPHER_BLOWFISH_ECB 0 // this was the old KWALLET_CIPHER_BLOWFISH_CBC
61 - #define KWALLET_CIPHER_3DES_CBC 1 // unsupported
62 - #define KWALLET_CIPHER_GPG 2
63 -+#define KWALLET_CIPHER_BLOWFISH_CBC 3
64 -
65 - #define KWALLET_HASH_SHA1 0
66 - #define KWALLET_HASH_MD5 1 // unsupported
67 -@@ -164,13 +165,18 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(BackendCipherTyp
68 - return 0;
69 - }
70 - }
71 --
72 -+
73 - BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12])
74 - {
75 -- if (magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC &&
76 -+ if ((magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB || magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC) &&
77 - (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) {
78 -- if (0 == blowfishHandler)
79 -- blowfishHandler = new BlowfishPersistHandler;
80 -+ if (0 == blowfishHandler) {
81 -+ bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB;
82 -+ if (useECBforReading) {
83 -+ qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save.";
84 -+ }
85 -+ blowfishHandler = new BlowfishPersistHandler(useECBforReading);
86 -+ }
87 - return blowfishHandler;
88 - }
89 - #ifdef HAVE_QGPGME
90 -@@ -183,11 +189,16 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12
91 - #endif // HAVE_QGPGME
92 - return 0; // unknown cipher or hash
93 - }
94 --
95 -+
96 - int BlowfishPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WId)
97 - {
98 - assert(wb->_cipherType == BACKEND_CIPHER_BLOWFISH);
99 -
100 -+ if (_useECBforReading) {
101 -+ qDebug() << "This wallet used ECB and is now saved using CBC";
102 -+ _useECBforReading = false;
103 -+ }
104 -+
105 - version[2] = KWALLET_CIPHER_BLOWFISH_CBC;
106 - if(!wb->_useNewHash) {
107 - version[3] = KWALLET_HASH_SHA1;
108 -@@ -358,7 +369,7 @@ int BlowfishPersistHandler::read(Backend* wb, QFile& db, WId)
109 - assert(encrypted.size() < db.size());
110 -
111 - BlowFish _bf;
112 -- CipherBlockChain bf(&_bf);
113 -+ CipherBlockChain bf(&_bf, _useECBforReading);
114 - int blksz = bf.blockSize();
115 - if ((encrypted.size() % blksz) != 0) {
116 - return -5; // invalid file structure
117 -@@ -502,7 +513,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI
118 - sf.abort();
119 - return -5;
120 - }
121 --
122 -+
123 - boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
124 - if (0 == ctx) {
125 - kDebug() << "Cannot setup OpenPGP context!";
126 -@@ -511,7 +522,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI
127 - }
128 -
129 - assert(wb->_cipherType == BACKEND_CIPHER_GPG);
130 --
131 -+
132 - QByteArray hashes;
133 - QDataStream hashStream(&hashes, QIODevice::WriteOnly);
134 - KMD5 md5;
135 -@@ -549,7 +560,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI
136 - dataStream << keyID;
137 - dataStream << hashes;
138 - dataStream << values;
139 --
140 -+
141 - GpgME::Data decryptedData(dataBuffer.data(), dataBuffer.size(), false);
142 - GpgME::Data encryptedData;
143 - std::vector< GpgME::Key > keys;
144 -@@ -574,7 +585,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI
145 - return -4; // write error
146 - }
147 - }
148 --
149 -+
150 - return 0;
151 - }
152 -
153 -@@ -596,7 +607,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
154 - while (bytes = sf.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){
155 - encryptedData.write(buffer, bytes);
156 - }
157 --
158 -+
159 - retry_label:
160 - boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
161 - if (0 == ctx) {
162 -@@ -620,13 +631,13 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
163 - }
164 - return -1;
165 - }
166 --
167 -+
168 - decryptedData.seek(0, SEEK_SET);
169 - QByteArray dataBuffer;
170 - while (bytes = decryptedData.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){
171 - dataBuffer.append(buffer, bytes);
172 - }
173 --
174 -+
175 - // load the wallet from the decrypted data
176 - QDataStream dataStream(dataBuffer);
177 - QString keyID;
178 -@@ -661,10 +672,10 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
179 - return -1;
180 - }
181 -
182 --
183 -+
184 - QDataStream hashStream(hashes);
185 - QDataStream valueStream(values);
186 --
187 -+
188 - quint32 hashCount;
189 - hashStream >> hashCount;
190 - if (hashCount > 0xFFFF) {
191 -@@ -675,10 +686,10 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
192 - while (hashCount--){
193 - KMD5::Digest d;
194 - hashStream.readRawData(reinterpret_cast<char *>(d), 16);
195 --
196 -+
197 - quint32 folderSize;
198 - hashStream >> folderSize;
199 --
200 -+
201 - MD5Digest ba = MD5Digest(reinterpret_cast<char *>(d));
202 - QMap<MD5Digest, QList<MD5Digest> >::iterator it = wb->_hashes.insert(ba, QList<MD5Digest>());
203 - while (folderSize--){
204 -@@ -688,27 +699,27 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
205 - (*it).append(ba);
206 - }
207 - }
208 --
209 -+
210 - while (folderCount--){
211 - QString folder;
212 - valueStream >> folder;
213 --
214 -+
215 - quint32 entryCount;
216 - valueStream >> entryCount;
217 --
218 -+
219 - wb->_entries[folder].clear();
220 --
221 -+
222 - while (entryCount--){
223 - KWallet::Wallet::EntryType et = KWallet::Wallet::Unknown;
224 - Entry *e = new Entry;
225 --
226 -+
227 - QString key;
228 - valueStream >> key;
229 --
230 -+
231 - qint32 x =0; // necessary to read properly
232 - valueStream >> x;
233 - et = static_cast<KWallet::Wallet::EntryType>(x);
234 --
235 -+
236 - switch (et) {
237 - case KWallet::Wallet::Password:
238 - case KWallet::Wallet::Stream:
239 -@@ -718,7 +729,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
240 - delete e;
241 - continue;
242 - }
243 --
244 -+
245 - QByteArray a;
246 - valueStream >> a;
247 - e->setValue(a);
248 -@@ -727,7 +738,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
249 - wb->_entries[folder][key] = e;
250 - }
251 - }
252 --
253 -+
254 - wb->_open = true;
255 -
256 - return 0;
257 -diff --git a/kwalletd/backend/backendpersisthandler.h b/kwalletd/backend/backendpersisthandler.h
258 -index a33db48..11d67f2 100644
259 ---- a/kwalletd/backend/backendpersisthandler.h
260 -+++ b/kwalletd/backend/backendpersisthandler.h
261 -@@ -60,11 +60,13 @@ public:
262 -
263 - class BlowfishPersistHandler : public BackendPersistHandler {
264 - public:
265 -- BlowfishPersistHandler() {}
266 -+ explicit BlowfishPersistHandler(bool useECBforReading =false) : _useECBforReading(useECBforReading) {}
267 - virtual ~BlowfishPersistHandler() {}
268 -
269 - virtual int write(Backend* wb, KSaveFile& sf, QByteArray& version, WId w);
270 - virtual int read(Backend* wb, QFile& sf, WId w);
271 -+private:
272 -+ bool _useECBforReading;
273 - };
274 -
275 - #ifdef HAVE_QGPGME
276 -diff --git a/kwalletd/backend/cbc.cc b/kwalletd/backend/cbc.cc
277 -index 7bc5f38..772f3de 100644
278 ---- a/kwalletd/backend/cbc.cc
279 -+++ b/kwalletd/backend/cbc.cc
280 -@@ -1,149 +1,212 @@
281 - /* This file is part of the KDE project
282 - Copyright (C) 2001 George Staikos <staikos@×××.org>
283 --
284 -+
285 - This library is free software; you can redistribute it and/or
286 - modify it under the terms of the GNU Library General Public
287 - License as published by the Free Software Foundation; either
288 - version 2 of the License, or (at your option) any later version.
289 --
290 -+
291 - This library is distributed in the hope that it will be useful,
292 - but WITHOUT ANY WARRANTY; without even the implied warranty of
293 - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
294 - Library General Public License for more details.
295 --
296 -+
297 - You should have received a copy of the GNU Library General Public License
298 - along with this library; see the file COPYING.LIB. If not, write to
299 - the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
300 - Boston, MA 02110-1301, USA.
301 - */
302 -
303 --
304 - #include "cbc.h"
305 - #include <string.h>
306 --
307 --
308 --
309 --CipherBlockChain::CipherBlockChain(BlockCipher *cipher) : _cipher(cipher) {
310 -- _next = 0L;
311 -- _register = 0L;
312 -- _len = -1;
313 -- _reader = _writer = 0L;
314 -- if (cipher) {
315 -- _blksz = cipher->blockSize();
316 -- }
317 -+#include <kdebug.h>
318 -+
319 -+CipherBlockChain::CipherBlockChain(BlockCipher *cipher, bool useECBforReading) :
320 -+ _cipher(cipher)
321 -+ , _useECBforReading(useECBforReading)
322 -+{
323 -+ _next = 0L;
324 -+ _register = 0L;
325 -+ _len = -1;
326 -+ _reader = _writer = 0L;
327 -+ if (cipher) {
328 -+ _blksz = cipher->blockSize();
329 -+ }
330 - }
331 -
332 --
333 --CipherBlockChain::~CipherBlockChain() {
334 -- delete[] (char *)_register;
335 -- _register = 0L;
336 -- delete[] (char *)_next;
337 -- _next = 0L;
338 -+CipherBlockChain::~CipherBlockChain()
339 -+{
340 -+ delete[](char *)_register;
341 -+ _register = 0L;
342 -+ delete[](char *)_next;
343 -+ _next = 0L;
344 - }
345 -
346 --
347 --bool CipherBlockChain::setKey(void *key, int bitlength) {
348 -- if (_cipher) {
349 -- return _cipher->setKey(key, bitlength);
350 -- }
351 -- return false;
352 -+bool CipherBlockChain::setKey(void *key, int bitlength)
353 -+{
354 -+ if (_cipher) {
355 -+ return _cipher->setKey(key, bitlength);
356 -+ }
357 -+ return false;
358 - }
359 -
360 --
361 --int CipherBlockChain::keyLen() const {
362 -- if (_cipher) {
363 -- return _cipher->keyLen();
364 -- }
365 -- return -1;
366 -+int CipherBlockChain::keyLen() const
367 -+{
368 -+ if (_cipher) {
369 -+ return _cipher->keyLen();
370 -+ }
371 -+ return -1;
372 - }
373 -
374 --
375 --bool CipherBlockChain::variableKeyLen() const {
376 -- if (_cipher) {
377 -- return _cipher->variableKeyLen();
378 -- }
379 -- return false;
380 -+bool CipherBlockChain::variableKeyLen() const
381 -+{
382 -+ if (_cipher) {
383 -+ return _cipher->variableKeyLen();
384 -+ }
385 -+ return false;
386 - }
387 -
388 --
389 --bool CipherBlockChain::readyToGo() const {
390 -- if (_cipher) {
391 -- return _cipher->readyToGo();
392 -- }
393 -- return false;
394 -+bool CipherBlockChain::readyToGo() const
395 -+{
396 -+ if (_cipher) {
397 -+ return _cipher->readyToGo();
398 -+ }
399 -+ return false;
400 - }
401 -
402 --
403 --int CipherBlockChain::encrypt(void *block, int len) {
404 -- if (_cipher && !_reader) {
405 -- int rc;
406 --
407 -- _writer |= 1;
408 --
409 -- if (!_register) {
410 -- _register = new unsigned char[len];
411 -- _len = len;
412 -- memset(_register, 0, len);
413 -- } else if (len > _len) {
414 -- return -1;
415 -- }
416 --
417 -- // This might be optimizable
418 -- char *tb = (char *)block;
419 -- for (int i = 0; i < len; i++) {
420 -- tb[i] ^= ((char *)_register)[i];
421 -- }
422 --
423 -- rc = _cipher->encrypt(block, len);
424 --
425 -- if (rc != -1) {
426 -- memcpy(_register, block, len);
427 -- }
428 --
429 -- return rc;
430 -- }
431 -- return -1;
432 -+void CipherBlockChain::initRegister() {
433 -+ if (_register == 0L) {
434 -+ size_t registerLen = _cipher->blockSize();
435 -+ _register = new unsigned char[registerLen];
436 -+ _len = registerLen;
437 -+ }
438 -+ memset(_register, 0, _len);
439 - }
440 -
441 -+int CipherBlockChain::encrypt(void *block, int len)
442 -+{
443 -+ if (_cipher && !_reader) {
444 -+ int rc;
445 -
446 --int CipherBlockChain::decrypt(void *block, int len) {
447 -- if (_cipher && !_writer) {
448 -- int rc;
449 -+ _writer |= 1;
450 -
451 -- _reader |= 1;
452 -+ initRegister();
453 -
454 -- if (!_register) {
455 -- _register = new unsigned char[len];
456 -- _len = len;
457 -- memset(_register, 0, len);
458 -- } else if (len > _len) {
459 -- return -1;
460 -- }
461 -+ if ((len % _len) >0) {
462 -+ kDebug() << "Block length given encrypt (" << len << ") is not a multiple of " << _len;
463 -+ return -1;
464 -+ }
465 -
466 -- if (!_next)
467 -- _next = new unsigned char[_len];
468 -- memcpy(_next, block, _len);
469 -+ char *elemBlock = static_cast<char*>(block);
470 -+ for (int b = 0; b < len/_len; b++) {
471 -
472 -- rc = _cipher->decrypt(block, len);
473 -+ // This might be optimizable
474 -+ char *tb = static_cast<char*>(elemBlock);
475 -+ for (int i = 0; i < _len; i++) {
476 -+ *tb++ ^= ((char *)_register)[i];
477 -+ }
478 -
479 -- if (rc != -1) {
480 -- // This might be optimizable
481 -- char *tb = (char *)block;
482 -- for (int i = 0; i < len; i++) {
483 -- tb[i] ^= ((char *)_register)[i];
484 -- }
485 -- }
486 -+ rc = _cipher->encrypt(elemBlock, _len);
487 -
488 -- void *temp;
489 -- temp = _next;
490 -- _next = _register;
491 -- _register = temp;
492 -+ if (rc != -1) {
493 -+ memcpy(_register, elemBlock, _len);
494 -+ }
495 -+ elemBlock += _len;
496 -+ }
497 -
498 -- return rc;
499 -- }
500 -- return -1;
501 -+ return rc;
502 -+ }
503 -+ return -1;
504 - }
505 -
506 -+// This is the old decrypt method, that was decrypting using ECB
507 -+// instead of CBC
508 -+int CipherBlockChain::decryptECB(void *block, int len) {
509 -+ if (_cipher && !_writer) {
510 -+ int rc;
511 -+
512 -+ _reader |= 1;
513 -+
514 -+ if (!_register) {
515 -+ _register = new unsigned char[len];
516 -+ _len = len;
517 -+ memset(_register, 0, len);
518 -+ } else if (len > _len) {
519 -+ return -1;
520 -+ }
521 -+
522 -+ if (!_next) {
523 -+ _next = new unsigned char[_len];
524 -+ }
525 -+ memcpy(_next, block, _len);
526 -+
527 -+ rc = _cipher->decrypt(block, len);
528 -+
529 -+ if (rc != -1) {
530 -+ // This might be optimizable
531 -+ char *tb = (char *)block;
532 -+ for (int i = 0; i < len; i++) {
533 -+ tb[i] ^= ((char *)_register)[i];
534 -+ }
535 -+ }
536 -+
537 -+ void *temp;
538 -+ temp = _next;
539 -+ _next = _register;
540 -+ _register = temp;
541 -+
542 -+ return rc;
543 -+ }
544 -+ return -1;
545 -+}
546 -
547 --
548 -+int CipherBlockChain::decrypt(void *block, int len)
549 -+{
550 -+ if (_useECBforReading) {
551 -+ kDebug() << "decrypting using ECB!";
552 -+ return decryptECB(block, len);
553 -+ }
554 -+
555 -+ if (_cipher && !_writer) {
556 -+ int rc = 0;
557 -+
558 -+ _reader |= 1;
559 -+
560 -+ initRegister();
561 -+
562 -+ if ((len % _len) >0) {
563 -+ kDebug() << "Block length given for decrypt (" << len << ") is not a multiple of " << _len;
564 -+ return -1;
565 -+ }
566 -+
567 -+ char *elemBlock = static_cast<char*>(block);
568 -+ for (int b = 0; b < len/_len; b++) {
569 -+ if (_next == 0L) {
570 -+ _next = new unsigned char[_len];
571 -+ }
572 -+ memcpy(_next, elemBlock, _len);
573 -+
574 -+ int bytesDecrypted = _cipher->decrypt(elemBlock, _len);
575 -+
576 -+ if (bytesDecrypted != -1) {
577 -+ rc += bytesDecrypted;
578 -+ // This might be optimizable
579 -+ char *tb = (char *)elemBlock;
580 -+ for (int i = 0; i < _len; i++) {
581 -+ *tb++ ^= ((char *)_register)[i];
582 -+ }
583 -+ }
584 -+
585 -+ void *temp;
586 -+ temp = _next;
587 -+ _next = _register;
588 -+ _register = temp;
589 -+
590 -+ elemBlock += _len;
591 -+ }
592 -+
593 -+ return rc;
594 -+ }
595 -+ return -1;
596 -+}
597 -
598 -diff --git a/kwalletd/backend/cbc.h b/kwalletd/backend/cbc.h
599 -index 1ce971a..8750785 100644
600 ---- a/kwalletd/backend/cbc.h
601 -+++ b/kwalletd/backend/cbc.h
602 -@@ -1,24 +1,22 @@
603 - /* This file is part of the KDE project
604 - Copyright (C) 2001 George Staikos <staikos@×××.org>
605 --
606 -+
607 - This library is free software; you can redistribute it and/or
608 - modify it under the terms of the GNU Library General Public
609 - License as published by the Free Software Foundation; either
610 - version 2 of the License, or (at your option) any later version.
611 --
612 -+
613 - This library is distributed in the hope that it will be useful,
614 - but WITHOUT ANY WARRANTY; without even the implied warranty of
615 - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
616 - Library General Public License for more details.
617 --
618 -+
619 - You should have received a copy of the GNU Library General Public License
620 - along with this library; see the file COPYING.LIB. If not, write to
621 - the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
622 - Boston, MA 02110-1301, USA.
623 - */
624 -
625 --
626 --
627 - #ifndef __CBC__KO__H
628 - #define __CBC__KO__H
629 -
630 -@@ -33,30 +31,34 @@
631 - * calls to the other will fail in this instance.
632 - */
633 -
634 --class CipherBlockChain : public BlockCipher {
635 -- public:
636 -- CipherBlockChain(BlockCipher *cipher);
637 -- virtual ~CipherBlockChain();
638 -+class CipherBlockChain : public BlockCipher
639 -+{
640 -+public:
641 -+ CipherBlockChain(BlockCipher *cipher, bool useECBforReading =false);
642 -+ virtual ~CipherBlockChain();
643 -
644 -- virtual bool setKey(void *key, int bitlength);
645 -+ virtual bool setKey(void *key, int bitlength);
646 -
647 -- virtual int keyLen() const;
648 -+ virtual int keyLen() const;
649 -
650 -- virtual bool variableKeyLen() const;
651 -+ virtual bool variableKeyLen() const;
652 -
653 -- virtual bool readyToGo() const;
654 -+ virtual bool readyToGo() const;
655 -
656 -- virtual int encrypt(void *block, int len);
657 -+ virtual int encrypt(void *block, int len);
658 -
659 -- virtual int decrypt(void *block, int len);
660 -+ virtual int decrypt(void *block, int len);
661 -
662 -- private:
663 -- BlockCipher *_cipher;
664 -- void *_register;
665 -- void *_next;
666 -- int _len;
667 -- int _reader, _writer;
668 -+private:
669 -+ void initRegister();
670 -+ int decryptECB(void *block, int len);
671 -
672 -+ BlockCipher *_cipher;
673 -+ void *_register;
674 -+ void *_next;
675 -+ int _len;
676 -+ int _reader, _writer;
677 -+ bool _useECBforReading;
678 - };
679 -
680 - #endif
681 -diff --git a/kwalletd/backend/tests/testbf.cpp b/kwalletd/backend/tests/testbf.cpp
682 -index 12dc746..b3d554a 100644
683 ---- a/kwalletd/backend/tests/testbf.cpp
684 -+++ b/kwalletd/backend/tests/testbf.cpp
685 -@@ -4,64 +4,60 @@
686 - #include "blowfish.h"
687 - #include "cbc.h"
688 -
689 --
690 --int main() {
691 --BlockCipher *bf;
692 --char data[] = "This is a test.";
693 --char expect[] = "\x22\x30\x7e\x2f\x42\x28\x44\x01\xda\xdf\x5a\x81\xd7\xe5\x7c\xd0";
694 --char key[] = "testkey";
695 --unsigned long et[] = {0x11223344};
696 --
697 -- printf("%d: 0x11 == %d and 0x44 == %d\n", ((unsigned char *)et)[0],
698 -- 0x11, 0x44);
699 -- bf = new BlowFish();
700 -+int main()
701 -+{
702 -+ BlockCipher *bf;
703 -+ char data[] = "This is a test.";
704 -+ char expect[] = "\x3f\x3c\x2d\xae\x8c\x7\x84\xf2\xa7\x6d\x28\xbd\xd\xb\xb8\x79";
705 -+ char key[] = "testkey";
706 -+ unsigned long et[] = {0x11223344};
707 -+
708 -+ printf("%d: 0x11 == %d and 0x44 == %d\n", ((unsigned char *)et)[0],
709 -+ 0x11, 0x44);
710 -+ bf = new BlowFish();
711 - // bf = new CipherBlockChain(new BlowFish());
712 -
713 -- bf->setKey((void *)key, 7*8);
714 --
715 -- if (!bf->readyToGo()) {
716 -- printf("Error: not ready to go!\n");
717 -- return -1;
718 -- }
719 -+ bf->setKey((void *)key, 7 * 8);
720 -
721 -- printf("About to encrypt...\n"); fflush(stdout);
722 -- if (-1 == bf->encrypt((void *)data, 8)) {
723 -- printf("Error: encrypt failed!\n");
724 -- return -1;
725 -- }
726 -- printf("About to encrypt part 2...\n"); fflush(stdout);
727 -- bf->encrypt((void *)(data+8), 8);
728 --
729 -- printf("Encryption done. data[] is now: ");
730 -- for (int i = 0; i < 16; i++) {
731 -- printf("0x%x ", data[i]&0xff);
732 -- if ((data[i]&0xff) != (expect[i]&0xff)) {
733 -- printf("Error. This byte failed the comparison. It should have been 0x%x.\n", expect[i]&0xff);
734 -+ if (!bf->readyToGo()) {
735 -+ printf("Error: not ready to go!\n");
736 - return -1;
737 -- }
738 -- }
739 -- printf("\n");
740 -+ }
741 -
742 -- delete bf;
743 -- bf = new BlowFish();
744 -+ printf("About to encrypt...\n"); fflush(stdout);
745 -+ if (-1 == bf->encrypt((void *)data, 16)) {
746 -+ printf("Error: encrypt failed!\n");
747 -+ return -1;
748 -+ }
749 -+
750 -+ printf("Encryption done. data[] is now: ");
751 -+ for (int i = 0; i < 16; i++) {
752 -+ printf("0x%x ", data[i] & 0xff);
753 -+ if ((data[i] & 0xff) != (expect[i] & 0xff)) {
754 -+ printf("Error. This byte failed the comparison. It should have been 0x%x.\n", expect[i] & 0xff);
755 -+ break;
756 -+ }
757 -+ }
758 -+ printf("\n");
759 -+
760 -+ delete bf;
761 -+ bf = new BlowFish();
762 - // bf = new CipherBlockChain(new BlowFish());
763 -- bf->setKey((void *)key, 7*8);
764 -+ bf->setKey((void *)key, 7 * 8);
765 -
766 -- printf("About to decrypt...\n"); fflush(stdout);
767 -- if (-1 == bf->decrypt((void *)data, 16)) {
768 -- printf("Error: decrypt failed!\n");
769 -- return -1;
770 -- }
771 -- //bf->decrypt((void *)(data+8), 8);
772 -+ printf("About to decrypt...\n"); fflush(stdout);
773 -+ if (-1 == bf->decrypt((void *)data, 16)) {
774 -+ printf("Error: decrypt failed!\n");
775 -+ return -1;
776 -+ }
777 -+ //bf->decrypt((void *)(data+8), 8);
778 -
779 -- printf("All done! Result... data[] = \"%s\"\n", data);
780 -- if (strcmp(data, "This is a test.")) {
781 -- printf("ERROR. Decryption failed.\n");
782 -- return -1;
783 -- }
784 -+ printf("All done! Result... data[] = \"%s\"\n", data);
785 -+ if (strcmp(data, "This is a test.")) {
786 -+ printf("ERROR. Decryption failed.\n");
787 -+ return -1;
788 -+ }
789 -
790 -- delete bf;
791 -+ delete bf;
792 - }
793 -
794 --
795 --
796 ---
797 -2.2.1
798 -
799
800 diff --git a/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch b/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch
801 deleted file mode 100644
802 index 7443e3f..0000000
803 --- a/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch
804 +++ /dev/null
805 @@ -1,152 +0,0 @@
806 -commit 33a17ba0104cd94f2e33a3ac007b300553cdb417
807 -Author: Valentin Rusu <kde@××××.info>
808 -Date: Mon Feb 16 22:44:07 2015 +0100
809 -
810 - Fix for the random wallet open failure when updating
811 -
812 - The problem seems to be caused by the use of BackendPersistHandler
813 - singleton when the user has several wallets on his system and not
814 - all of them have been updated to the new schema.
815 -
816 - BUG: 343718
817 -
818 -diff --git a/kwalletd/backend/backendpersisthandler.cpp b/kwalletd/backend/backendpersisthandler.cpp
819 -index 5c321c9..b7f63f8 100644
820 ---- a/kwalletd/backend/backendpersisthandler.cpp
821 -+++ b/kwalletd/backend/backendpersisthandler.cpp
822 -@@ -140,25 +140,14 @@ static int getRandomBlock(QByteArray& randBlock) {
823 - #endif
824 - }
825 -
826 --
827 --
828 --static BlowfishPersistHandler *blowfishHandler =0;
829 --#ifdef HAVE_QGPGME
830 --static GpgPersistHandler *gpgHandler =0;
831 --#endif // HAVE_QGPGME
832 --
833 - BackendPersistHandler *BackendPersistHandler::getPersistHandler(BackendCipherType cipherType)
834 - {
835 - switch (cipherType){
836 - case BACKEND_CIPHER_BLOWFISH:
837 -- if (0 == blowfishHandler)
838 -- blowfishHandler = new BlowfishPersistHandler;
839 -- return blowfishHandler;
840 -+ return new BlowfishPersistHandler;
841 - #ifdef HAVE_QGPGME
842 - case BACKEND_CIPHER_GPG:
843 -- if (0 == gpgHandler)
844 -- gpgHandler = new GpgPersistHandler;
845 -- return gpgHandler;
846 -+ return new GpgPersistHandler;
847 - #endif // HAVE_QGPGME
848 - default:
849 - Q_ASSERT(0);
850 -@@ -170,21 +159,16 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12
851 - {
852 - if ((magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB || magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC) &&
853 - (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) {
854 -- if (0 == blowfishHandler) {
855 -- bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB;
856 -- if (useECBforReading) {
857 -- qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save.";
858 -- }
859 -- blowfishHandler = new BlowfishPersistHandler(useECBforReading);
860 -+ bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB;
861 -+ if (useECBforReading) {
862 -+ qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save.";
863 - }
864 -- return blowfishHandler;
865 -+ return new BlowfishPersistHandler(useECBforReading);
866 - }
867 - #ifdef HAVE_QGPGME
868 - if (magicBuf[2] == KWALLET_CIPHER_GPG &&
869 - magicBuf[3] == 0) {
870 -- if (0 == gpgHandler)
871 -- gpgHandler = new GpgPersistHandler;
872 -- return gpgHandler;
873 -+ return new GpgPersistHandler;
874 - }
875 - #endif // HAVE_QGPGME
876 - return 0; // unknown cipher or hash
877 -diff --git a/kwalletd/backend/kwalletbackend.cc b/kwalletd/backend/kwalletbackend.cc
878 -index 7d439e3..9240103 100644
879 ---- a/kwalletd/backend/kwalletbackend.cc
880 -+++ b/kwalletd/backend/kwalletbackend.cc
881 -@@ -266,7 +266,7 @@ int Backend::open(const QByteArray& password, WId w) {
882 - if (_open) {
883 - return -255; // already open
884 - }
885 --
886 -+
887 - setPassword(password);
888 - return openInternal(w);
889 - }
890 -@@ -287,20 +287,20 @@ int Backend::openPreHashed(const QByteArray &passwordHash)
891 - if (_open) {
892 - return -255; // already open
893 - }
894 --
895 -+
896 - // check the password hash for correct size (currently fixed)
897 - if (passwordHash.size() != 20 && passwordHash.size() != 40 &&
898 - passwordHash.size() != 56) {
899 - return -42; // unsupported encryption scheme
900 - }
901 --
902 -+
903 - _passhash = passwordHash;
904 - _newPassHash = passwordHash;
905 - _useNewHash = true;//Only new hash is supported
906 -
907 - return openInternal();
908 - }
909 --
910 -+
911 - int Backend::openInternal(WId w)
912 - {
913 - // No wallet existed. Let's create it.
914 -@@ -350,7 +350,9 @@ int Backend::openInternal(WId w)
915 - if (0 == phandler){
916 - return 42; // unknown cipher or hash
917 - }
918 -- return phandler->read(this, db, w);
919 -+ int result = phandler->read(this, db, w);
920 -+ delete phandler;
921 -+ return result;
922 - }
923 -
924 - void Backend::swapToNewHash()
925 -@@ -427,6 +429,7 @@ int Backend::sync(WId w) {
926 - notification->setText( i18n("Failed to sync wallet <b>%1</b> to disk. Error codes are:\nRC <b>%2</b>\nSF <b>%3</b>. Please file a BUG report using this information to bugs.kde.org").arg(_name).arg(rc).arg(sf.errorString()) );
927 - notification->sendEvent();
928 - }
929 -+ delete phandler;
930 - return rc;
931 - }
932 -
933 -@@ -439,7 +442,7 @@ int Backend::close(bool save) {
934 - return rc;
935 - }
936 - }
937 --
938 -+
939 - // do the actual close
940 - for (FolderMap::ConstIterator i = _entries.constBegin(); i != _entries.constEnd(); ++i) {
941 - for (EntryMap::ConstIterator j = i.value().constBegin(); j != i.value().constEnd(); ++j) {
942 -@@ -447,13 +450,13 @@ int Backend::close(bool save) {
943 - }
944 - }
945 - _entries.clear();
946 --
947 -+
948 - // empty the password hash
949 - _passhash.fill(0);
950 - _newPassHash.fill(0);
951 -
952 - _open = false;
953 --
954 -+
955 - return 0;
956 - }
957 -
Report Message
Find on MARC Find on Google Groups