From 48a54bccf918b3e9bce4a0b300f4f8cf9112c54e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
Date: Thu, 22 Nov 2012 03:28:49 +0100
Subject: [PATCH] Fix a crash when trying to use passphrase encryption in FIPS
 mode

---
 volume_key-0.3.9-fips-crash.patch | 33 +++++++++++++++++++++++++++++++
 volume_key.spec                   |  9 ++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 volume_key-0.3.9-fips-crash.patch

diff --git a/volume_key-0.3.9-fips-crash.patch b/volume_key-0.3.9-fips-crash.patch
new file mode 100644
index 0000000..0f79d4e
--- /dev/null
+++ b/volume_key-0.3.9-fips-crash.patch
@@ -0,0 +1,33 @@
+This case can be triggered by encrypting in FIPS mode, where the default
+algorithm is unsupported and gpg crashes in response.
+
+diff --git a/lib/crypto.c b/lib/crypto.c
+index 06eb482..905d583 100644
+--- a/lib/crypto.c
++++ b/lib/crypto.c
+@@ -709,6 +709,12 @@ encrypt_with_passphrase (size_t *res_size, const void *data, size_t size,
+     }
+   gpgme_data_release (src_data);
+   gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size);
++  if (gpgme_res == NULL)
++    {
++      g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO,
++		   _("Unknown error getting encryption result"));
++      goto err_ctx;
++    }
+   res = g_memdup (gpgme_res, *res_size);
+   gpgme_free (gpgme_res);
+ 
+@@ -759,6 +765,12 @@ decrypt_with_passphrase (size_t *res_size, const void *data, size_t size,
+     }
+   gpgme_data_release (src_data);
+   gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size);
++  if (gpgme_res == NULL)
++    {
++      g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO,
++		   _("Unknown error getting decryption result"));
++      goto err_ctx;
++    }
+   res = g_memdup (gpgme_res, *res_size);
+   gpgme_free (gpgme_res);
+ 
diff --git a/volume_key.spec b/volume_key.spec
index 8835f73..47b29e8 100644
--- a/volume_key.spec
+++ b/volume_key.spec
@@ -3,13 +3,15 @@
 Summary: An utility for manipulating storage encryption keys and passphrases
 Name: volume_key
 Version: 0.3.9
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Group: Applications/System
 URL: https://fedorahosted.org/volume_key/
 Requires: volume_key-libs%{?_isa} = %{version}-%{release}
 
 Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz
+# Upstream commit 04991fe8c4f77c4e5c7874c2db8ca32fb4655f6e
+Patch1: volume_key-0.3.9-fips-crash.patch
 BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg
 BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel
 
@@ -75,6 +77,8 @@ for other formats is possible, some formats are planned for future releases.
 %prep
 %setup -q
 
+%patch1 -p1 -b .fips-crash
+
 %build
 %configure
 make %{?_smp_mflags}
@@ -114,6 +118,9 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/volume_key.py*
 
 %changelog
+* Thu Nov 22 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.9-2
+- Fix a crash when trying to use passphrase encryption in FIPS mode
+
 * Sat Sep 22 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.9-1
 - Update to volume_key-0.3.9