allow empty passphrase in PBKDF2 needed for cryptsetup (=891266)

2013-01-03 14:54:02 +01:00 · 2013-01-03 14:54:02 +01:00 · 02a80de472
commit 02a80de472
parent 07b385d5db
2 changed files with 61 additions and 1 deletions
--- a/libgcrypt-1.5.0-empty-passphrase.patch
+++ b/libgcrypt-1.5.0-empty-passphrase.patch
@ -0,0 +1,54 @@
+commit 8528f1ba40e587dc17e02822e529fbd7ac69a189
+Author: Milan Broz <mbroz@redhat.com>
+Date:   Mon Oct 29 17:18:09 2012 +0100
+
+    PBKDF2: Allow empty passphrase.
+    
+    * cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2.
+    * tests/t-kdf.c (check_pbkdf2): Add test case for above.
+    --
+    
+    While it is insecure, the PBKDF2 implementations usually
+    allows to derive key only from salt.
+    
+    This particular case is used e.g. in cryptsetup when
+    you use empty file as keyfile for LUKS keyslot.
+    
+    Test vector is compared with two independent implementations.
+    
+    Signed-off-by: Milan Broz <mbroz@redhat.com>
+
+diff --git a/cipher/kdf.c b/cipher/kdf.c
+index d981022..46e8550 100644
+--- a/cipher/kdf.c
+++ b/cipher/kdf.c
+@@ -238,7 +238,7 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen,
+ {
+   gpg_err_code_t ec;
+ 
+-  if (!passphrase || !passphraselen)
+  if (!passphrase || (!passphraselen && algo != GCRY_KDF_PBKDF2))
+     {
+       ec = GPG_ERR_INV_DATA;
+       goto leave;
+diff --git a/tests/t-kdf.c b/tests/t-kdf.c
+index 7209525..06c0026 100644
+--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
+@@ -917,7 +917,15 @@ check_pbkdf2 (void)
+       16,
+       "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37"
+       "\xd7\xf0\x34\x25\xe0\xc3"
+-    }
+    },
+    { /* empty password test, not in RFC-6070 */
+      "", 0,
+      "salt", 4,
+      2,
+      20,
+      "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2"
+      "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97"
+    },
+   };
+   int tvidx;
+   gpg_error_t err;
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@ -1,6 +1,6 @@
 Name: libgcrypt
 Version: 1.5.0
-Release: 8%{?dist}
+Release: 9%{?dist}
 URL: http://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.bz2
 # The original libgcrypt sources now contain potentially patented ECC
@ -25,6 +25,8 @@ Patch7: libgcrypt-1.5.0-fips-cavs.patch
 Patch8: libgcrypt-1.5.0-set-enforced-mode.patch
 # fix for memory leaks an other errors found by Coverity scan
 Patch9: libgcrypt-1.5.0-leak.patch
+# allow empty passphrase (upstreamed)
+Patch10: libgcrypt-1.5.0-empty-passphrase.patch

 # Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
 # Documentation and some utilities are GPLv2+ licensed. These files
@ -66,6 +68,7 @@ applications using libgcrypt.
 %patch7 -p1 -b .cavs
 %patch8 -p1 -b .enforce
 %patch9 -p1 -b .leak
+%patch10 -p1 -b .emptypass

 mv AUTHORS AUTHORS.iso88591
 iconv -f ISO-8859-1 -t UTF-8 AUTHORS.iso88591 >AUTHORS
@ -179,6 +182,9 @@ exit 0
 %doc COPYING

 %changelog
+* Thu Jan  3 2013 Tomas Mraz <tmraz@redhat.com> 1.5.0-9
+- allow empty passphrase in PBKDF2 needed for cryptsetup (=891266)
+
 * Mon Dec  3 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-8
 - fix multilib conflict in libgcrypt-config
 - fix minor memory leaks and other bugs found by Coverity scan