subject:"CVS commit\: src\/crypto\/external\/bsd\/netpgp\/dist"

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-10-02 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Mon Oct  3 05:34:31 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c

Log Message:
netpgp: fix build with Clang (since 2022-10-01)

error: passing 'char [1]' to parameter of type 'const uint8_t *'
(aka 'const unsigned char *') converts between pointers to integer
types where one is of the unique plain 'char' type and the other is
not [-Werror,-Wpointer-sign]


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-10-02 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Mon Oct  3 05:34:31 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c

Log Message:
netpgp: fix build with Clang (since 2022-10-01)

error: passing 'char [1]' to parameter of type 'const uint8_t *'
(aka 'const unsigned char *') converts between pointers to integer
types where one is of the unique plain 'char' type and the other is
not [-Werror,-Wpointer-sign]


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.59 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.60
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.59	Sat Oct  1 22:21:31 2022
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c	Mon Oct  3 05:34:31 2022
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.59 2022/10/01 22:21:31 rillig Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.60 2022/10/03 05:34:31 rillig Exp $");
 #endif
 
 #ifdef HAVE_FCNTL_H
@@ -1159,7 +1159,7 @@ pgp_export_key(pgp_io_t *io, const pgp_k
 		pgp_write_xfer_seckey(output, keydata, passphrase,
 	strlen((char *)passphrase), 1);
 	}
-	pgp_memory_add(mem, "", 1);
+	pgp_memory_add(mem, (uint8_t[]){0}, 1);
 	cp = netpgp_strdup(pgp_mem_data(mem));
 	pgp_teardown_memory_write(output, mem);
 	return cp;

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-10-01 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Oct  1 22:21:31 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c

Log Message:
netpgpkeys: properly terminate string before calling strdup

$ MALLOC_CONF=junk:true netpgpkeys \
--export-key \
--keyring=/usr/pkg/etc/gnupg/pkgsrc.gpg \
b5952cabdd765a20

The above command printed "-END PGP PUBLIC KEY BLOCK-\r\n"
followed by "\xA5\xA5\xA5...".


To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.58 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.59
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.58	Sat Aug 27 08:58:32 2022
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c	Sat Oct  1 22:21:31 2022
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.58 2022/08/27 08:58:32 rillig Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.59 2022/10/01 22:21:31 rillig Exp $");
 #endif
 
 #ifdef HAVE_FCNTL_H
@@ -1159,6 +1159,7 @@ pgp_export_key(pgp_io_t *io, const pgp_k
 		pgp_write_xfer_seckey(output, keydata, passphrase,
 	strlen((char *)passphrase), 1);
 	}
+	pgp_memory_add(mem, "", 1);
 	cp = netpgp_strdup(pgp_mem_data(mem));
 	pgp_teardown_memory_write(output, mem);
 	return cp;

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-10-01 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Oct  1 22:21:31 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c

Log Message:
netpgpkeys: properly terminate string before calling strdup

$ MALLOC_CONF=junk:true netpgpkeys \
--export-key \
--keyring=/usr/pkg/etc/gnupg/pkgsrc.gpg \
b5952cabdd765a20

The above command printed "-END PGP PUBLIC KEY BLOCK-\r\n"
followed by "\xA5\xA5\xA5...".


To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/bindings/lua

2022-08-27 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Aug 27 12:55:34 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/bindings/lua: netpgp.lua

Log Message:
netpgp: fix indentation in Lua binding example program


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua
diff -u src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.7 src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.8
--- src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.7	Sat Aug 27 08:57:23 2022
+++ src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua	Sat Aug 27 12:55:34 2022
@@ -73,7 +73,7 @@ if options.homedir then
 	netpgp.homedir(pgp, options.homedir)
 end
 if options.decrypt or options.sign then
-netpgp.setvar(pgp, "need seckey", 1)
+	netpgp.setvar(pgp, "need seckey", 1)
 end
 
 -- initialise everything

CVS commit: src/crypto/external/bsd/netpgp/dist/bindings/lua

2022-08-27 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Aug 27 12:55:34 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/bindings/lua: netpgp.lua

Log Message:
netpgp: fix indentation in Lua binding example program


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/bindings/lua

2022-08-27 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Aug 27 08:57:23 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/bindings/lua: netpgp.lua

Log Message:
netpgp: fail if the shared library cannot be loaded


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua
diff -u src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.6 src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.7
--- src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.6	Mon Apr 30 22:17:46 2018
+++ src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua	Sat Aug 27 08:57:23 2022
@@ -50,7 +50,7 @@ if f then
 	extension = ".dylib"
 	io.close(f)
 end
-glupkg = package.loadlib("libluanetpgp" .. extension, "luaopen_netpgp")
+glupkg = assert(package.loadlib("libluanetpgp" .. extension, "luaopen_netpgp"))
 netpgp = glupkg()
 
 -- initialise
@@ -79,7 +79,6 @@ end
 -- initialise everything
 netpgp.init(pgp)
 
-local i
 for i = 1, #args do
 	if options.encrypt then
 		-- encrypt a file

CVS commit: src/crypto/external/bsd/netpgp/dist/bindings/lua

2022-08-27 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Aug 27 08:57:23 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/bindings/lua: netpgp.lua

Log Message:
netpgp: fail if the shared library cannot be loaded


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-08-27 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Aug 27 08:35:01 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c

Log Message:
netpgp: fix use after free when writing keyring

Same pattern as in the previous commit.


To generate a diff of this commit:
cvs rdiff -u -r1.104 -r1.105 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.104 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.105
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.104	Sat Aug 27 08:30:06 2022
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c	Sat Aug 27 08:35:01 2022
@@ -34,7 +34,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.104 2022/08/27 08:30:06 rillig Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.105 2022/08/27 08:35:01 rillig Exp $");
 #endif
 
 #include 
@@ -317,8 +317,8 @@ writekeyring(netpgp_t *netpgp, const cha
 
 	filename = keyringfile(netpgp, name);
 	if (!pgp_keyring_filewrite(keyring, noarmor, filename, passphrase)) {
-		free(filename);
 		(void) fprintf(stderr, "Can't write %s %s\n", name, filename);
+		free(filename);
 		return 0;
 	}
 	netpgp_setvar(netpgp, name, filename);

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-08-27 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Aug 27 08:35:01 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c

Log Message:
netpgp: fix use after free when writing keyring

Same pattern as in the previous commit.


To generate a diff of this commit:
cvs rdiff -u -r1.104 -r1.105 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-08-27 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Aug 27 08:30:06 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c

Log Message:
netpgp: fix use after free when reading pubkey

To reproduce:
srcdir=...
objdir=...
cd "$srcdir"/crypto/external/bsd/netpgp/dist/bindings/lua
cp "$objdir"/crypto/external/bsd/netpgp/bindings/lua/netpgp.so \
./libluanetpgp.so
LD_LIBRARY_PATH="." MALLOC_CONF=junk:true lua netpgp.lua

> $HOME/.gnupg/pubring.gpg: No such file or directory
> Can't read pubring 


To generate a diff of this commit:
cvs rdiff -u -r1.103 -r1.104 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.103 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.104
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.103	Sat Mar 21 01:07:21 2020
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c	Sat Aug 27 08:30:06 2022
@@ -34,7 +34,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.103 2020/03/21 01:07:21 jhigh Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.104 2022/08/27 08:30:06 rillig Exp $");
 #endif
 
 #include 
@@ -297,9 +297,9 @@ readkeyring(netpgp_t *netpgp, const char
 
 	filename = keyringfile(netpgp, name);
 	if (!pgp_keyring_fileread(keyring, noarmor, filename)) {
+		(void) fprintf(stderr, "Can't read %s %s\n", name, filename);
 		free(filename);
 		free(keyring);
-		(void) fprintf(stderr, "Can't read %s %s\n", name, filename);
 		return NULL;
 	}
 	netpgp_setvar(netpgp, name, filename);

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-08-27 Thread Roland Illig

Module Name:src
Committed By:   rillig
Date:   Sat Aug 27 08:30:06 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c

Log Message:
netpgp: fix use after free when reading pubkey

To reproduce:
srcdir=...
objdir=...
cd "$srcdir"/crypto/external/bsd/netpgp/dist/bindings/lua
cp "$objdir"/crypto/external/bsd/netpgp/bindings/lua/netpgp.so \
./libluanetpgp.so
LD_LIBRARY_PATH="." MALLOC_CONF=junk:true lua netpgp.lua

> $HOME/.gnupg/pubring.gpg: No such file or directory
> Can't read pubring 


To generate a diff of this commit:
cvs rdiff -u -r1.103 -r1.104 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-08-26 Thread Jason High

Module Name:src
Committed By:   jhigh
Date:   Fri Aug 26 19:18:38 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.h misc.c
netpgpsdk.h openssl_crypto.c packet-parse.c packet-print.c
packet-show.c packet.h signature.c version.h

Log Message:
adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, 
p384/sha384, and p521/sha512


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 \
src/crypto/external/bsd/netpgp/dist/src/lib/create.c \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
cvs rdiff -u -r1.43 -r1.44 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h
cvs rdiff -u -r1.34 -r1.35 \
src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
cvs rdiff -u -r1.53 -r1.54 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c
cvs rdiff -u -r1.32 -r1.33 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
cvs rdiff -u -r1.47 -r1.48 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.38 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.39
--- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.38	Mon Nov 15 08:03:39 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c	Fri Aug 26 19:18:38 2022
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.38 2010/11/15 08:03:39 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.39 2022/08/26 19:18:38 jhigh Exp $");
 #endif
 
 #include 
@@ -250,6 +250,11 @@ write_pubkey_body(const pgp_pubkey_t *ke
 			pgp_write_mpi(output, key->key.dsa.g) &&
 			pgp_write_mpi(output, key->key.dsa.y);
 
+	case PGP_PKA_ECDSA:
+		return pgp_write(output, >key.ecdsa.len, 1) && 
+			pgp_write(output, key->key.ecdsa.oid, key->key.ecdsa.len) &&
+			pgp_write_mpi(output, key->key.ecdsa.p);
+
 	case PGP_PKA_RSA:
 	case PGP_PKA_RSA_ENCRYPT_ONLY:
 	case PGP_PKA_RSA_SIGN_ONLY:
Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.38 src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.39
--- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.38	Mon Feb  5 23:56:01 2018
+++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c	Fri Aug 26 19:18:38 2022
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: signature.c,v 1.38 2018/02/05 23:56:01 christos Exp $");
+__RCSID("$NetBSD: signature.c,v 1.39 2022/08/26 19:18:38 jhigh Exp $");
 #endif
 
 #include 
@@ -265,6 +265,56 @@ dsa_sign(pgp_hash_t *hash,
 	return 1;
 }
 
+static int
+ecdsa_sign(pgp_hash_t *hash,
+	   const pgp_ecdsa_pubkey_t *ecdsa,
+	   const pgp_ecdsa_seckey_t *secdsa,
+	   pgp_output_t *output)
+{
+	unsignedhashsize;
+	unsignedt;
+	uint8_t hashbuf[NETPGP_BUFSIZ];
+	ECDSA_SIG*ecdsasig;
+	const BIGNUM   *r, *s;
+ 
+	hashsize = ecdsa_hashsize(ecdsa); 
+ 
+	if (hashsize == -1) {
+		return 0;
+	}
+
+	t = hash->finish(hash, [0]);
+
+	if (t != hashsize) {
+		(void) fprintf(stderr, "ecdsa_sign: hashfinish %d not %d\n", t, hashsize);
+		return 0;
+	}
+
+	pgp_write(output, [0], 2);
+
+	/* write signature to buf */
+	ecdsasig = pgp_ecdsa_sign(hashbuf, hashsize, secdsa, ecdsa);
+
+	if (ecdsasig == NULL) {
+		(void) fprintf(stderr, "ecdsa_sign: invalid ecdsa sig\n");
+		return 0;
+	}
+
+	/* convert and write the sig out to memory */
+#if OPENSSL_VERSION_NUMBER >= 0x1010
+	ECDSA_SIG_get0(ecdsasig, , );
+#else
+	r = ecdsasig->r;
+	s = ecdsasig->s;
+#endif
+	pgp_write_mpi(output, r);
+	pgp_write_mpi(output, s);
+	
+	ECDSA_SIG_free(ecdsasig);
+
+	return 1;
+}
+
 static unsigned 
 rsa_verify(pgp_hash_alg_t type,
 	   const uint8_t *hash,
@@ -430,6 +480,12 @@ pgp_check_sig(const uint8_t *hash, unsig
 >key.dsa);
 		break;
 
+	case PGP_PKA_ECDSA:
+		ret = pgp_ecdsa_verify(hash, length,
+>info.sig.ecdsa,
+>key.ecdsa);
+		break;
+
 	case PGP_PKA_RSA:
 		ret = rsa_verify(sig->info.hash_alg, hash, length,
 >info.sig.rsa,
@@ -764,6 +820,14 @@ pgp_write_sig(pgp_output_t *output, 
 		}
 		break;
 
+	case PGP_PKA_ECDSA:
+		if (seckey->key.ecdsa.x == NULL) {
+			(void) fprintf(stderr, "pgp_write_sig: null ecdsa.x\n");
+			return 0;
+		}
+
+		break;
+
 	default:
 		(void)

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2022-08-26 Thread Jason High

Module Name:src
Committed By:   jhigh
Date:   Fri Aug 26 19:18:38 UTC 2022

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.h misc.c
netpgpsdk.h openssl_crypto.c packet-parse.c packet-print.c
packet-show.c packet.h signature.c version.h

Log Message:
adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, 
p384/sha384, and p521/sha512


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 \
src/crypto/external/bsd/netpgp/dist/src/lib/create.c \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
cvs rdiff -u -r1.43 -r1.44 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h
cvs rdiff -u -r1.34 -r1.35 \
src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
cvs rdiff -u -r1.53 -r1.54 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c
cvs rdiff -u -r1.32 -r1.33 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
cvs rdiff -u -r1.47 -r1.48 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/netpgpverify

2019-10-08 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Tue Oct  8 18:47:11 UTC 2019

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/netpgpverify: libverify.c

Log Message:
grow the buffer a little.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/netpgpverify

2019-10-08 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Tue Oct  8 18:47:11 UTC 2019

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/netpgpverify: libverify.c

Log Message:
grow the buffer a little.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
diff -u src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c:1.13 src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c:1.14
--- src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c:1.13	Mon Apr 17 15:50:28 2017
+++ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c	Tue Oct  8 14:47:10 2019
@@ -2622,7 +2622,7 @@ read_ssh_file(pgpv_t *pgp, pgpv_primaryk
 	int64_t			 off;
 	va_list			 args;
 	char			 hostname[256];
-	char			 owner[256];
+	char			 owner[2 * 256];
 	char			*space;
 	char		 	*buf;
 	char		 	*bin;

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src

2018-04-03 Thread Christos Zoulas

In article <20180403220010.ga5...@britannica.bec.de>,
Joerg Sonnenberger   wrote:
>On Tue, Apr 03, 2018 at 09:57:15PM +, Sevan Janiyan wrote:
>> Module Name: src
>> Committed By:sevan
>> Date:Tue Apr  3 21:57:15 UTC 2018
>> 
>> Modified Files:
>>  src/crypto/external/bsd/netpgp/dist/src/lib: libnetpgp.3
>>  src/crypto/external/bsd/netpgp/dist/src/libbn: libnetpgpbn.3
>>  src/crypto/external/bsd/netpgp/dist/src/libmj: libmj.3
>>  src/crypto/external/bsd/netpgp/dist/src/netpgpverify: netpgpverify.1
>> 
>> Log Message:
>> Some further changes from PR bin/48395.
>
>This is not a very useful commit message...

I was typing the same thing :-)

christos

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src

2018-04-03 Thread Joerg Sonnenberger

On Tue, Apr 03, 2018 at 09:57:15PM +, Sevan Janiyan wrote:
> Module Name:  src
> Committed By: sevan
> Date: Tue Apr  3 21:57:15 UTC 2018
> 
> Modified Files:
>   src/crypto/external/bsd/netpgp/dist/src/lib: libnetpgp.3
>   src/crypto/external/bsd/netpgp/dist/src/libbn: libnetpgpbn.3
>   src/crypto/external/bsd/netpgp/dist/src/libmj: libmj.3
>   src/crypto/external/bsd/netpgp/dist/src/netpgpverify: netpgpverify.1
> 
> Log Message:
> Some further changes from PR bin/48395.

This is not a very useful commit message...

Joerg

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2018-04-01 Thread Christos Zoulas

In article <20180401232528.1e523f...@cvs.netbsd.org>,
Sevan Janiyan  wrote:
>-=-=-=-=-=-
>
>Module Name:   src
>Committed By:  sevan
>Date:  Sun Apr  1 23:25:28 UTC 2018
>
>Modified Files:
>   src/crypto/external/bsd/netpgp/dist/src/lib: libnetpgp.3
>
>Log Message:
>netpgp_t is a structure

Yes, it is a struct tag, but also a type as the _t indicates. So the man
page was correct before (and it is correct now, but this was not the
intention of the typedef). It should be backed out...

christos

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src

2017-02-19 Thread Alistair Crooks

Thanks, but I'd really like it if netpgp would work the same on all pkgsrc
platforms:

The linux man page for getpass(3) (https://linux.die.net/man/3/getpass)
says:

The function *getpass*() returns a pointer to a static buffer containing
(the first *PASS_MAX* bytes of) the password without the trailing newline,
terminated by a null byte ('\0'). This buffer may be overwritten by a
following call. On error, the terminal state is restored, *errno* is set
appropriately, and NULL is returned.

On 19 February 2017 at 17:38, Pierre Pronchery  wrote:

> Module Name:src
> Committed By:   khorben
> Date:   Mon Feb 20 01:38:28 UTC 2017
>
> Modified Files:
> src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c
> src/crypto/external/bsd/netpgp/dist/src/librsa: rsastubs.c
>
> Log Message:
> Remove a useless loop around getpass()
>
> According to getpass(3), this library function cannot return NULL.
> Verified with a source code inspection.
>
>
> To generate a diff of this commit:
> cvs rdiff -u -r1.98 -r1.99 \
> src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
> cvs rdiff -u -r1.2 -r1.3 \
> src/crypto/external/bsd/netpgp/dist/src/librsa/rsastubs.c
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
>
>

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-07-21 Thread Julio Merino


On 7/21/11 4:49 AM, Martin Husemann wrote:

On Thu, Jul 21, 2011 at 07:11:56AM +0100, Iain Hibbert wrote:

I thought that I agreed with Jukka, it seemed to be a complaint with no
specific content except that you were uncomfortable (unfamilar?) with
atf.


I'm mostly with Iain here, though I have a vague idea and think I partly
understand the uncomfortableness on David's side.

However, from my very practical experience (from all relevant sides: running
tests, writing/extending them, and most importantly: fixing the troubles
they show) it is not the framework that causes most problems in solving
bugs, my top problem was:

  non working gdb (at least for threaded apps)


How so?  gdb with test programs should have been fixed a while ago.  Or 
are we talking about something different?

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-07-21 Thread Julio Merino


On 7/21/11 2:11 AM, Iain Hibbert wrote:

PS the predictable consequence that you cannot fold in external test
programs did not come true, see tests/lib/libevent/t_event.sh for example,
though I note that the number of libevent tests are misrepresented in the
atf-total since the test program prints OK rather than allowing the test
harness to do each one separately


And this particular concern is what has kept me busy for the last two 
weeks.  Still not there yet, but it should soon be possible to mux atf 
and non-atf test programs in the same suite.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-07-21 Thread Jeff Rizzo


On 7/21/11 10:33 AM, Julio Merino wrote:

On 7/21/11 4:49 AM, Martin Husemann wrote:
However, from my very practical experience (from all relevant sides: 
running

tests, writing/extending them, and most importantly: fixing the troubles
they show) it is not the framework that causes most problems in solving
bugs, my top problem was:

  non working gdb (at least for threaded apps)


How so?  gdb with test programs should have been fixed a while ago.  
Or are we talking about something different?


I believe this is a general gdb complaint, not specific to atf.  I've 
run into this issue as well - there are some workarounds (threaded 
debugging works somewhat on core dumps), but it's a giant pain given 
than one of the key components of many tests (rump) is threaded...


+j

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-07-21 Thread Martin Husemann

On Thu, Jul 21, 2011 at 10:45:55AM -0700, Jeff Rizzo wrote:
 I believe this is a general gdb complaint, not specific to atf.  I've 
 run into this issue as well - there are some workarounds (threaded 
 debugging works somewhat on core dumps), but it's a giant pain given 
 than one of the key components of many tests (rump) is threaded...

Yes, exactly - we *realy* need a fixed gdb.

Martin

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-07-21 Thread Adam Hamsik


On Jul,Thursday 21 2011, at 8:15 PM, Martin Husemann wrote:

 On Thu, Jul 21, 2011 at 10:45:55AM -0700, Jeff Rizzo wrote:
 I believe this is a general gdb complaint, not specific to atf.  I've 
 run into this issue as well - there are some workarounds (threaded 
 debugging works somewhat on core dumps), but it's a giant pain given 
 than one of the key components of many tests (rump) is threaded...
 
 Yes, exactly - we *realy* need a fixed gdb.


I think that it's a great candidate for next funded development project.

Regards

Adam.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-07-20 Thread David Holland

On Wed, Jun 29, 2011 at 03:05:09PM +0100, Julio Merino wrote:
  Perhaps if atf were less intrusive...?
  
  What do you mean? I think it needs to be quite intrusive
  (sandboxing, etc.).  Unquestionably the old /regress-style is not
  the way to go. Even if you dislike some parts of the API, already
  the consistency is a big win.
  
  Yep, I had the same question here.  I don't know what the original
  comment meant.

In just about every other test suite I've used (which includes some
very large ones with turing complete/scripted test harness programs
and other fancy stuff) there are test programs and test driver
scripts, but all the pieces have clearly defined and clearly separated
roles, and moreover are self-contained so they can be worked with
easily.

ATF, however, insists on sticking its fingers and APIs in everywhere
(intrusive) with the net result that everything becomes vastly more
complicated and working with individual tests directly becomes awkward
and difficult. One of the predictable consequences is not being able
to fold in preexisting test programs.

But apparently I'm not entitled to an opinion since I haven't been
working on the test suite. (I was at one point some time back,
actually, but got fed up with all the unnecessary hoops to jump
through and with how straightforward usability problems like PR 38746
got ignored.)

-- 
David A. Holland
dholl...@netbsd.org

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-07-20 Thread Jukka Ruohonen

On Wed, Jul 20, 2011 at 08:03:59AM +, David Holland wrote:
 In just about every other test suite I've used (which includes some
 very large ones with turing complete/scripted test harness programs
 and other fancy stuff) there are test programs and test driver
 scripts, but all the pieces have clearly defined and clearly separated
 roles, and moreover are self-contained so they can be worked with
 easily.

 ATF, however, insists on sticking its fingers and APIs in everywhere
 (intrusive) with the net result that everything becomes vastly more
 complicated and working with individual tests directly becomes awkward
 and difficult. One of the predictable consequences is not being able
 to fold in preexisting test programs.

A lot of empty talk here.

What is exactly your problem? Not being able to fold existing tests? That
sounds like a bug. Indeed one ought to be able to

#/bin/sh

atf-run /usr/tests/lib/libc/gen/t_vis
atf-run /usr/tests/include/sys/t_types

 But apparently I'm not entitled to an opinion since I haven't been
 working on the test suite. (I was at one point some time back,
 actually, but got fed up with all the unnecessary hoops to jump
 through and with how straightforward usability problems like PR 38746
 got ignored.)

Feel free to roll your own and write the +2500 test cases, or get on with it
and be constructive.

- Jukka.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-06-29 Thread Julio Merino

On 6/28/11 7:25 AM, Jukka Ruohonen wrote:
 On Tue, Jun 28, 2011 at 08:12:26AM +0200, Alistair Crooks wrote:
 3.  they are candidates for modifying to work under atf, I have yet to
 get the time to do that

 4. luke kindly made some gnu autotests for them a while ago

 [...]

 and if someone was to offer to convert these tests to atf style, that
 would be great, thanks.
 
 Ok.
 
 But I think this entails a wider discussion about how the tests shipped
 with third-party software could be integrated to atf(7). In case of netpgp(1)
 this is easy; a relatively small code base for which both in-house tests and
 /src/tests can be easily distributed. But then there are entirely different
 beasts like gcc(1).

One of the ideas floating around in my head is to make atf-run (well,
kyua) support foreign tests.  The most basic form of this would be
programs that just return 0 on success or 1 on failure, but maybe it'd
be extended to also support autotest programs, etc.

Sure, their functionality would be limited within the framework (as
compared to native atf tests, but this would allow us to mux all the
tests in one single run without much effort.

-- 
Julio Merino / @jmmv

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-06-29 Thread Jukka Ruohonen

On Tue, Jun 28, 2011 at 06:50:50AM +, David Holland wrote:
 Perhaps if atf were less intrusive...?

What do you mean? I think it needs to be quite intrusive (sandboxing, etc.).
Unquestionably the old /regress-style is not the way to go. Even if you
dislike some parts of the API, already the consistency is a big win.

On Wed, Jun 29, 2011 at 10:50:22AM +0100, Julio Merino wrote:
 One of the ideas floating around in my head is to make atf-run (well,
 kyua) support foreign tests.  The most basic form of this would be
 programs that just return 0 on success or 1 on failure, but maybe it'd
 be extended to also support autotest programs, etc.

Wasn't there already a test or two doing something like this? Fine by me,
as long as we do not regress to the old /regress-style in which it is usually
hard to even know what is being tested.

 Sure, their functionality would be limited within the framework (as
 compared to native atf tests, but this would allow us to mux all the
 tests in one single run without much effort.

But in reality, the gcc(1) test suite is probably the only one that would
really be worth considering. NetBSD does not ship that much third-party
software, and the availability of tests is generally quite limited among
this group.

- Jukka.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-06-29 Thread Julio Merino

On 6/29/11 2:59 PM, Jukka Ruohonen wrote:
 On Tue, Jun 28, 2011 at 06:50:50AM +, David Holland wrote:
 Perhaps if atf were less intrusive...?
 
 What do you mean? I think it needs to be quite intrusive (sandboxing, etc.).
 Unquestionably the old /regress-style is not the way to go. Even if you
 dislike some parts of the API, already the consistency is a big win.

Yep, I had the same question here.  I don't know what the original
comment meant.

 On Wed, Jun 29, 2011 at 10:50:22AM +0100, Julio Merino wrote:
 One of the ideas floating around in my head is to make atf-run (well,
 kyua) support foreign tests.  The most basic form of this would be
 programs that just return 0 on success or 1 on failure, but maybe it'd
 be extended to also support autotest programs, etc.
 
 Wasn't there already a test or two doing something like this? Fine by me,
 as long as we do not regress to the old /regress-style in which it is usually
 hard to even know what is being tested.

Some atf-ified tests do look like this, yes, and it's ugly.  But if we
could do this, we could lower the barrier of entry (specially for
third-party projects): you could plug in a simple test program that you
already have and get it to work inside atf, later refining it.

Also, using foreign test programs does not preclude the sandboxing.
The sandboxing is something that must be in place all the time IMHO
regardless of how the tests are written.

 Sure, their functionality would be limited within the framework (as
 compared to native atf tests, but this would allow us to mux all the
 tests in one single run without much effort.
 
 But in reality, the gcc(1) test suite is probably the only one that would
 really be worth considering. NetBSD does not ship that much third-party
 software, and the availability of tests is generally quite limited among
 this group.

Maybe true, but I'd personally like to see all the available tests
running, even if they are not sophisticated enough.  (Otherwise, why are
we importing them at all?)

-- 
Julio Merino / @jmmv

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-06-29 Thread Iain Hibbert

On Wed, 29 Jun 2011, Jukka Ruohonen wrote:

 On Wed, Jun 29, 2011 at 10:50:22AM +0100, Julio Merino wrote:
  One of the ideas floating around in my head is to make atf-run (well,
  kyua) support foreign tests.  The most basic form of this would be
  programs that just return 0 on success or 1 on failure, but maybe it'd
  be extended to also support autotest programs, etc.

 Wasn't there already a test or two doing something like this?

The libevent tests do work that way, using an atf-sh wrapper

iain

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-06-28 Thread Alistair Crooks

On Tue, Jun 28, 2011 at 07:45:07AM +0300, Jukka Ruohonen wrote:
 On Tue, Jun 28, 2011 at 03:29:39AM +, Alistair G. Crooks wrote:
  Module Name:src
  Committed By:   agc
  Date:   Tue Jun 28 03:29:38 UTC 2011
  
  Modified Files:
  src/crypto/external/bsd/netpgp/dist: tst
  
  Log Message:
  re-do the tests so that it's much easier to see at a glance which tests
  passed and which failed.
 
 I wonder why these aren't part of tests(7)?

1.  afaict, they predate the atf tests, especially atf's latest
incarnation

2.  they are fairly user-dependent (i.e.  i think you'd need my
private key to make them all work)

3.  they are candidates for modifying to work under atf, I have yet to
get the time to do that

4. luke kindly made some gnu autotests for them a while ago

5.  i made some tests for my codecs stuff a while ago; the time i
spent doing that was wasted

now i'm very supportive about the testing framework, catching
regressions, and the great things that atf has done for netbsd.

and if someone was to offer to convert these tests to atf style, that
would be great, thanks.

best,
alistair

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-06-28 Thread Jukka Ruohonen

On Tue, Jun 28, 2011 at 08:12:26AM +0200, Alistair Crooks wrote:
 3.  they are candidates for modifying to work under atf, I have yet to
 get the time to do that
 
 4. luke kindly made some gnu autotests for them a while ago

 [...]
 
 and if someone was to offer to convert these tests to atf style, that
 would be great, thanks.

Ok.

But I think this entails a wider discussion about how the tests shipped
with third-party software could be integrated to atf(7). In case of netpgp(1)
this is easy; a relatively small code base for which both in-house tests and
/src/tests can be easily distributed. But then there are entirely different
beasts like gcc(1).

- Jukka.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2011-06-28 Thread David Holland

On Tue, Jun 28, 2011 at 09:25:32AM +0300, Jukka Ruohonen wrote:
  But I think this entails a wider discussion about how the tests
  shipped with third-party software could be integrated to atf(7). In
  case of netpgp(1) this is easy; a relatively small code base for
  which both in-house tests and /src/tests can be easily
  distributed. But then there are entirely different beasts like
  gcc(1).

Perhaps if atf were less intrusive...?

anyway, this discussion should probably be on tech-userlevel (or
tech-toolchain?) not on source-changes-d...

-- 
David A. Holland
dholl...@netbsd.org

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-08-15 Thread Christos Zoulas

In article 20100815163624.8645d17...@cvs.netbsd.org,
Alistair G. Crooks source-changes-d@NetBSD.org wrote:
-=-=-=-=-=-

Module Name:   src
Committed By:  agc
Date:  Sun Aug 15 16:36:24 UTC 2010

Modified Files:
   src/crypto/external/bsd/netpgp/dist/src/lib: misc.c packet-parse.c
   packet-show.c reader.c signature.c validate.c writer.c

Log Message:
get rid of more 64-bit lint

some of this can be fixed in a better way, for example making cc ssize_t,
len size_t etc. and avoiding casts.

christos

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-08-15 Thread Alistair Crooks

On Sun, Aug 15, 2010 at 05:16:47PM +, Christos Zoulas wrote:
 In article 20100815163624.8645d17...@cvs.netbsd.org,
 Alistair G. Crooks source-changes-d@NetBSD.org wrote:
 -=-=-=-=-=-
 
 Module Name: src
 Committed By:agc
 Date:Sun Aug 15 16:36:24 UTC 2010
 
 Modified Files:
  src/crypto/external/bsd/netpgp/dist/src/lib: misc.c packet-parse.c
  packet-show.c reader.c signature.c validate.c writer.c
 
 Log Message:
 get rid of more 64-bit lint
 
 some of this can be fixed in a better way, for example making cc ssize_t,
 len size_t etc. and avoiding casts.

Yes, it can, but I'm concerned about the portability of doing things
that way. Probably just me being overly conservative, but whatever.

I'm not particularly happy with the way this code looks now, but I
have it in a state that I can work with :-)

I'll re-address this when I get a chance, I wanted to get this in and
cleaned up now.

Best,
Al

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-07-26 Thread Tom Spindler

 Modified Files:
   src/crypto/external/bsd/netpgp/dist/src/lib: keyring.h packet-print.c
 Added Files:
   src/crypto/external/bsd/netpgp/dist/src/lib: mj.c mj.h
 
 Log Message:
 add a minimalist JSON implementation, and add a new function to access the
 data, and serialise it using JSON.

Alas, this fails to build on pretty much all 64-bit arches:

/src/nbsrc/crypto/external/bsd/netpgp/lib/../dist/src/lib/mj.c: In function 
'mj_parse':
/src/nbsrc/crypto/external/bsd/netpgp/lib/../dist/src/lib/mj.c:278: warning: 
cast from pointer to integer of different size

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-07-26 Thread Alistair Crooks

On Mon, Jul 26, 2010 at 03:56:07AM -0700, Tom Spindler wrote:
  Modified Files:
  src/crypto/external/bsd/netpgp/dist/src/lib: keyring.h packet-print.c
  Added Files:
  src/crypto/external/bsd/netpgp/dist/src/lib: mj.c mj.h
  
  Log Message:
  add a minimalist JSON implementation, and add a new function to access the
  data, and serialise it using JSON.
 
 Alas, this fails to build on pretty much all 64-bit arches:
 
 /src/nbsrc/crypto/external/bsd/netpgp/lib/../dist/src/lib/mj.c: In function 
 'mj_parse':
 /src/nbsrc/crypto/external/bsd/netpgp/lib/../dist/src/lib/mj.c:278: warning: 
 cast from pointer to integer of different size

Fixed now, sorry about that.

Thanks,
Alistair

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-06-28 Thread Alan Barrett

On Sat, 26 Jun 2010, David Holland wrote:
 I suppose the best available comprehensive solution is to use PRIu***
 garble in the code and then if necessary have autoconf figure out what
 the garble should expand to based on SIZE_MAX.

Yes.

--apb (Alan Barrett)

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-06-27 Thread David Holland

On Sun, Jun 27, 2010 at 08:10:41PM +0200, Joerg Sonnenberger wrote:
   Compromising the autoconfiguration not work properly in the name of
   cross-compilation, though, is misguided. Can't you have it run the
   test if it's not a cross-compiler and only if it is fall back to the
   platform test? Or is this one of the things where autoconf falls apart
   because it's not written in a programming language?
  
  You can by using AC_RUN_IFELSE directly. The fourth argument is the
  cross-compiling test.

That seems like a better approach then, especially in this context.

   I suppose the best available comprehensive solution is to use PRIu***
   garble in the code and then if necessary have autoconf figure out what
   the garble should expand to based on SIZE_MAX.
  
  The trivial example was FreeBSD 4.x, but I would expect platforms with
  %zu to fall into this category too.

...huh?

What you wrote doesn't relate to what you quoted, and also isn't an
answer to what I asked, which was:

 : Are there non-theoretical platforms that are missing both SIZE_MAX and
 : SIZE_T_MAX defines where it isn't either 0x or
 : 0x?

which certainly does not include FreeBSD 4.x unless they grew a PDP-10
port or something while we weren't looking.

You can easily distinguish the 32-bit vs. 64-bit case by trying to
compile something like

   typedef char foo[((size_t)0xUL)+1];

If size_t is 32 bits it'll fail trying to declare a zero-length array
type. It might conceivably also fail for other reasons but again I
don't think there are non-theoretical platforms where this is an
issue, except for 16-bit DOS which we explicitly do not care about.

   (not counting where it might technically be 0x7fff because someone
   was unclear on it being unsigned -- that doesn't affect printf)
  
  SSIZE_MAX is surprisingly a lot better supported...

Since ssize_t is required to be the same size as size_t, why not
leverage that?

  I still don't understand why autoconf is passing C pre-processor
  directives down.
  
  #if sizeof(size_t) == sizeof(int)
  ...
  #elif sizeof(size_t) == sizeof(long)
  ...
  #endif
  
  directly in the code is much more readable.
   
   It would be nice if that worked... it did in Borland's compiler back
   in the day. I suppose someone on the standards committee thought it
   was OK to have to teach the preprocessor the entire expression syntax
   but not the type name syntax...
  
  The problem is that you can't really evuluate the above with
  interpreting all of the C code before. size_t is not a keyword type in
  the sense that it is hard-coded into the compiler. Doing so would
  violate the layering design of the preprocessor.

As it's a standard type, however, it could be made known to the
preprocessor via some other mechanism. (And you'll find that it is
actually hard-coded into the compiler in gcc anyway; if your libc
headers don't agree with gcc on what it should be you'll get assorted
static on stderr.)

That won't work in general, but I suspect most or all of the cases
where #if sizeof would actually be useful involve standard types.

-- 
David A. Holland
dholl...@netbsd.org

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-06-26 Thread David Holland

On Sat, Jun 26, 2010 at 06:25:23AM +0200, Joerg Sonnenberger wrote:
   It would be better to make this a check which is size_t dependent,
   rather than platform-dependent.
  
  The idea is to black list platforms that don't do %zu and there is no
  way to do that without breaking cross-compilation. It is still
  preferable to use that if it is available, e.g. to help format string
  checks.

Compromising the autoconfiguration not work properly in the name of
cross-compilation, though, is misguided. Can't you have it run the
test if it's not a cross-compiler and only if it is fall back to the
platform test? Or is this one of the things where autoconf falls apart
because it's not written in a programming language?

I suppose the best available comprehensive solution is to use PRIu***
garble in the code and then if necessary have autoconf figure out what
the garble should expand to based on SIZE_MAX.

Are there non-theoretical platforms that are missing both SIZE_MAX and
SIZE_T_MAX defines where it isn't either 0x or 0x?

(not counting where it might technically be 0x7fff because someone
was unclear on it being unsigned -- that doesn't affect printf)

   I still don't understand why autoconf is passing C pre-processor
   directives down.
   
   #if sizeof(size_t) == sizeof(int)
   ...
   #elif sizeof(size_t) == sizeof(long)
   ...
   #endif
   
   directly in the code is much more readable.

It would be nice if that worked... it did in Borland's compiler back
in the day. I suppose someone on the standards committee thought it
was OK to have to teach the preprocessor the entire expression syntax
but not the type name syntax...

-- 
David A. Holland
dholl...@netbsd.org

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-06-25 Thread Christos Zoulas

In article 20100625183016.ac0be17...@cvs.netbsd.org,
Alistair G. Crooks source-changes-d@NetBSD.org wrote:
-=-=-=-=-=-

Module Name:   src
Committed By:  agc
Date:  Fri Jun 25 18:30:16 UTC 2010

Modified Files:
   src/crypto/external/bsd/netpgp/dist/src/lib: misc.c

Log Message:
Fix build problems on LP64 platforms - thanks to Paul Goyette for the nudge.

That should be %zu really; it is more readable.

christos

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-06-25 Thread Alistair Crooks

On Fri, Jun 25, 2010 at 08:40:26PM +, Christos Zoulas wrote:
 In article 20100625183016.ac0be17...@cvs.netbsd.org,
 Alistair G. Crooks source-changes-d@NetBSD.org wrote:
 -=-=-=-=-=-
 
 Module Name: src
 Committed By:agc
 Date:Fri Jun 25 18:30:16 UTC 2010
 
 Modified Files:
  src/crypto/external/bsd/netpgp/dist/src/lib: misc.c
 
 Log Message:
 Fix build problems on LP64 platforms - thanks to Paul Goyette for the nudge.
 
 That should be %zu really; it is more readable.

%zu is more readble, but it's C99, and even some C99 implementations
don't define it (I have in my mind Microsoft from the time that I brought
up the iSCSI target on Windows, but I may be wrong there)

The following quote is apt:

C99 adds a 'z' modifier specifically for size_t:

printf(Total buffer size: %zu bytes\n, buffer_size);

but many printf implementations don't support it. (Even if your
compiler supports C99 and defines __STDC_VERSION__ appropriately,
that's not, practically speaking, a guarantee that the library also
conforms to C99.)

Even in C99, the %lu method will work unless size_t is bigger than
unsigned long *and* the value being printed exceeds ULONG_MAX, which
is unlikely to happen in practice.

--
Keith Thompson (The_Other_Keith) ks...@mib.org 
http://www.ghoti.net/~kst
San Diego Supercomputer Center * http://users.sdsc.edu/~kst

referenced in:


http://bytes.com/topic/c/answers/221867-portable-way-printf-size_t-instance

Oh, and yes, this is not a we need to conform to c89 as LCD post -
this is 2010 after all - it's an I want netpgp to be as portable as
possible post.

Regards,
Alistair

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-06-25 Thread Joerg Sonnenberger

On Fri, Jun 25, 2010 at 11:54:32PM +0200, Alistair Crooks wrote:
   Even in C99, the %lu method will work unless size_t is bigger than
   unsigned long *and* the value being printed exceeds ULONG_MAX, which
   is unlikely to happen in practice.

Actually, it doesn't. This method breaks as soon as size_t != u_long and
might only work in a few edge cases like the size_t being the last
argument and the byte order is Little Endian. This is worse because IIRC
Microsoft decided to use IL32LLP64 or something similarly fancy.

A more portable approach with autoconf can be found in pkg_install, look
for MISSING_SIZE_T_SUPPORT and the corresponding AC_CHECK_SIZEOF calls
in configure.ac.

Joerg

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-06-25 Thread Alistair Crooks

On Sat, Jun 26, 2010 at 01:32:05AM +0200, Joerg Sonnenberger wrote:
 On Fri, Jun 25, 2010 at 11:54:32PM +0200, Alistair Crooks wrote:
  Even in C99, the %lu method will work unless size_t is bigger than
  unsigned long *and* the value being printed exceeds ULONG_MAX, which
  is unlikely to happen in practice.

Please get the attributions right - I was quoting that text.
 
 Actually, it doesn't. This method breaks as soon as size_t != u_long and
 might only work in a few edge cases like the size_t being the last
 argument and the byte order is Little Endian. This is worse because IIRC
 Microsoft decided to use IL32LLP64 or something similarly fancy.

Can you give us a reference to this, please?
 
 A more portable approach with autoconf can be found in pkg_install, look
 for MISSING_SIZE_T_SUPPORT and the corresponding AC_CHECK_SIZEOF calls
 in configure.ac.

Hmmm, I see this in configure.ac -

AC_CHECK_SIZEOF(int)  
AC_CHECK_SIZEOF(long)   
AC_CHECK_SIZEOF(long long)
AC_CHECK_SIZEOF(size_t, [#include stdlib.h])

and

case $host in
*-*-hpux*)
AC_DEFINE(MISSING_SIZE_T_SUPPORT)
AH_TEMPLATE([MISSING_SIZE_T_SUPPORT], [ 
Define to 1 if the `z' modifider for printf is missing.
])
;;
esac

and

#ifndef MISSING_SIZE_T_SUPPORT
#  define PRIzu zu
#elif SIZEOF_SIZE_T == SIZEOF_INT
#  define PRIzu u
#elif SIZEOF_SIZE_T == SIZEOF_LONG
#  define PRIzu lu
#elif SIZEOF_SIZE_T == SIZEOF_LONG_LONG
#  define PRIzu llu
#else
#  errror Unknown size_t size
#endif

Not quite what I'd been expecting, though, from the glowing description
above.

Am I missing a revision of that file or something? It took me ages to
find it, since I was looking under src/external first of all - and cvs
status does say it's up to date.

Thanks,
Alistair

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-06-25 Thread M. Warner Losh

In message: 20100626032531.ga14...@britannica.bec.de
Joerg Sonnenberger jo...@britannica.bec.de writes:
: On Sat, Jun 26, 2010 at 05:11:39AM +0200, Alistair Crooks wrote:
:  On Sat, Jun 26, 2010 at 01:32:05AM +0200, Joerg Sonnenberger wrote:
:   On Fri, Jun 25, 2010 at 11:54:32PM +0200, Alistair Crooks wrote:
:Even in C99, the %lu method will work unless size_t is bigger 
than
:unsigned long *and* the value being printed exceeds ULONG_MAX, 
which
:is unlikely to happen in practice.
:  
:  Please get the attributions right - I was quoting that text.
:   
:   Actually, it doesn't. This method breaks as soon as size_t != u_long and
:   might only work in a few edge cases like the size_t being the last
:   argument and the byte order is Little Endian. This is worse because IIRC
:   Microsoft decided to use IL32LLP64 or something similarly fancy.
:  
:  Can you give us a reference to this, please?
: 
: E.g.
: 
http://stackoverflow.com/questions/384502/what-is-the-bit-size-of-long-on-64-bit-windows
: and the MSDN reference inside.
: 
:   A more portable approach with autoconf can be found in pkg_install, look
:   for MISSING_SIZE_T_SUPPORT and the corresponding AC_CHECK_SIZEOF calls
:   in configure.ac.
:  
:  Hmmm, I see this in configure.ac -
:  
:  AC_CHECK_SIZEOF(int)  
:  AC_CHECK_SIZEOF(long)   
:  AC_CHECK_SIZEOF(long long)
:  AC_CHECK_SIZEOF(size_t, [#include stdlib.h])
: 
: ...compute the sizes to not depend on SIZE_MAX (which would simplify the
: logic a lot).
: 
:  and
:  
:  case $host in
:  *-*-hpux*)
:  AC_DEFINE(MISSING_SIZE_T_SUPPORT)
:  AH_TEMPLATE([MISSING_SIZE_T_SUPPORT], [ 
:  Define to 1 if the `z' modifider for printf is missing.
:  ])
:  ;;
:  esac
: 
: The only platform for pkgsrc purposes ATM which lacks the %z support.
: 
:  and
:  
:  #ifndef MISSING_SIZE_T_SUPPORT
:  #  define PRIzu zu
:  #elif SIZEOF_SIZE_T == SIZEOF_INT
:  #  define PRIzu u
:  #elif SIZEOF_SIZE_T == SIZEOF_LONG
:  #  define PRIzu lu
:  #elif SIZEOF_SIZE_T == SIZEOF_LONG_LONG
:  #  define PRIzu llu
:  #else
:  #  errror Unknown size_t size
:  #endif
:  
:  Not quite what I'd been expecting, though, from the glowing description
:  above.
: 
: It would be simpler if SIZE_MAX support can be assumed. In that case it
: would boil down to
: #if SIZE_MAX == INT_MAX
: #define PRIzu u
: #elif SIZE_MAX == LONG_MAX
: #define PRIzu lu
: #else SIZE_MAX == LLONG_MAX
: #define PRIzu llu
: #endif

You could easily enough have something like the following in autoconf
to generate that:

#include stdlib.h
#include stdio.h

int main(int argc, char **argv)
{
size_t foo = ~0;
printf(#ifndef SIZE_MAX\n#define SIZE_MAX %llu\n#endif\n,
(unsigned long long)foo);
return (0);
}

Warner

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-03-08 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Mon Mar  8 08:56:03 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c

Log Message:
ensure that we have an element in the array before we try to store a value
in it.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist

2010-03-07 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Mon Mar  8 07:37:24 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac
src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c packet-parse.c
packet-print.c version.h
src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile
src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile verify.c

Log Message:
Changes to 1.99.22/20100307
+ add key expiry information to public key information display


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/netpgp/dist/configure
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/netpgp/dist/configure.ac
cvs rdiff -u -r1.29 -r1.30 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
cvs rdiff -u -r1.27 -r1.28 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.28 -r1.29 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/TODO
diff -u src/crypto/external/bsd/netpgp/dist/TODO:1.33 src/crypto/external/bsd/netpgp/dist/TODO:1.34
--- src/crypto/external/bsd/netpgp/dist/TODO:1.33	Fri Mar  5 19:58:38 2010
+++ src/crypto/external/bsd/netpgp/dist/TODO	Mon Mar  8 07:37:23 2010
@@ -1,5 +1,6 @@
 To Do
 =
+add revocation information to public key display
 agent
 agentctl
 trust subpackets
@@ -91,3 +92,4 @@
 hkpd
 hkpclient
 netbsd/pkgsrc pr 42922
+add expiry information to public key display

Index: src/crypto/external/bsd/netpgp/dist/configure
diff -u src/crypto/external/bsd/netpgp/dist/configure:1.25 src/crypto/external/bsd/netpgp/dist/configure:1.26
--- src/crypto/external/bsd/netpgp/dist/configure:1.25	Fri Mar  5 19:58:38 2010
+++ src/crypto/external/bsd/netpgp/dist/configure	Mon Mar  8 07:37:24 2010
@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac Revision: 1.25 .
+# From configure.ac Revision: 1.26 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.63 for netpgp 20100305.
+# Generated by GNU Autoconf 2.63 for netpgp 20100307.
 #
 # Report bugs to Alistair Crooks a...@netbsd.org c0596823.
 #
@@ -751,8 +751,8 @@
 # Identity of this package.
 PACKAGE_NAME='netpgp'
 PACKAGE_TARNAME='netpgp'
-PACKAGE_VERSION='20100305'
-PACKAGE_STRING='netpgp 20100305'
+PACKAGE_VERSION='20100307'
+PACKAGE_STRING='netpgp 20100307'
 PACKAGE_BUGREPORT='Alistair Crooks a...@netbsd.org c0596823'
 
 ac_unique_file=src/netpgp/netpgp.c
@@ -1483,7 +1483,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat _ACEOF
-\`configure' configures netpgp 20100305 to adapt to many kinds of systems.
+\`configure' configures netpgp 20100307 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1553,7 +1553,7 @@
 
 if test -n $ac_init_help; then
   case $ac_init_help in
- short | recursive ) echo Configuration of netpgp 20100305:;;
+ short | recursive ) echo Configuration of netpgp 20100307:;;
esac
   cat \_ACEOF
 
@@ -1660,7 +1660,7 @@
 test -n $ac_init_help  exit $ac_status
 if $ac_init_version; then
   cat \_ACEOF
-netpgp configure 20100305
+netpgp configure 20100307
 generated by GNU Autoconf 2.63
 
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1674,7 +1674,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by netpgp $as_me 20100305, which was
+It was created by netpgp $as_me 20100307, which was
 generated by GNU Autoconf 2.63.  Invocation command line was
 
   $ $0 $@
@@ -2561,7 +2561,7 @@
 
 # Define the identity of the package.
  PACKAGE='netpgp'
- VERSION='20100305'
+ VERSION='20100307'
 
 
 cat confdefs.h _ACEOF
@@ -22306,7 +22306,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log=
-This file was extended by netpgp $as_me 20100305, which was
+This file was extended by netpgp $as_me 20100307, which was
 generated by GNU Autoconf 2.63.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -22369,7 +22369,7 @@
 _ACEOF
 cat $CONFIG_STATUS _ACEOF || ac_write_fail=1
 ac_cs_version=\\
-netpgp config.status 20100305
+netpgp config.status 20100307
 configured by $0, generated by GNU Autoconf 2.63,
   with options

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-03-05 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Fri Mar  5 16:30:05 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c netpgp.c

Log Message:
clean up some lint that crept in.


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
cvs rdiff -u -r1.41 -r1.42 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist

2010-03-05 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Fri Mar  5 19:58:39 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac
src/crypto/external/bsd/netpgp/dist/src/lib: fastctype.h types.h
version.h
src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile
src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile verify.c

Log Message:
Changes to 1.99.21/20100305

+ clean up some lint
+ the obligatory ''build on mac os x fixes'' - inttypes.h header file


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/netpgp/dist/configure
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/netpgp/dist/configure.ac
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/netpgp/dist/src/lib/fastctype.h
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/netpgp/dist/src/lib/types.h
cvs rdiff -u -r1.27 -r1.28 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/TODO
diff -u src/crypto/external/bsd/netpgp/dist/TODO:1.32 src/crypto/external/bsd/netpgp/dist/TODO:1.33
--- src/crypto/external/bsd/netpgp/dist/TODO:1.32	Fri Mar  5 16:01:09 2010
+++ src/crypto/external/bsd/netpgp/dist/TODO	Fri Mar  5 19:58:38 2010
@@ -3,10 +3,10 @@
 agent
 agentctl
 trust subpackets
+make netpgpkeys work - add, import, commit, update, sign, passphrase
 convert to and from ascii armored sigs
 gpgme compat lib
 --list-sigs - these come out in __ops_check_subkey_sig()
-make netpgpkeys work - add, import, commit, update, sign, passphrase
 return userids from successful verify, and then print id out if required
 is get_passphrase_cb needed?
 error logging

Index: src/crypto/external/bsd/netpgp/dist/configure
diff -u src/crypto/external/bsd/netpgp/dist/configure:1.24 src/crypto/external/bsd/netpgp/dist/configure:1.25
--- src/crypto/external/bsd/netpgp/dist/configure:1.24	Fri Mar  5 16:01:09 2010
+++ src/crypto/external/bsd/netpgp/dist/configure	Fri Mar  5 19:58:38 2010
@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac Revision: 1.24 .
+# From configure.ac Revision: 1.25 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.63 for netpgp 20100304.
+# Generated by GNU Autoconf 2.63 for netpgp 20100305.
 #
 # Report bugs to Alistair Crooks a...@netbsd.org c0596823.
 #
@@ -751,8 +751,8 @@
 # Identity of this package.
 PACKAGE_NAME='netpgp'
 PACKAGE_TARNAME='netpgp'
-PACKAGE_VERSION='20100304'
-PACKAGE_STRING='netpgp 20100304'
+PACKAGE_VERSION='20100305'
+PACKAGE_STRING='netpgp 20100305'
 PACKAGE_BUGREPORT='Alistair Crooks a...@netbsd.org c0596823'
 
 ac_unique_file=src/netpgp/netpgp.c
@@ -1483,7 +1483,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat _ACEOF
-\`configure' configures netpgp 20100304 to adapt to many kinds of systems.
+\`configure' configures netpgp 20100305 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1553,7 +1553,7 @@
 
 if test -n $ac_init_help; then
   case $ac_init_help in
- short | recursive ) echo Configuration of netpgp 20100304:;;
+ short | recursive ) echo Configuration of netpgp 20100305:;;
esac
   cat \_ACEOF
 
@@ -1660,7 +1660,7 @@
 test -n $ac_init_help  exit $ac_status
 if $ac_init_version; then
   cat \_ACEOF
-netpgp configure 20100304
+netpgp configure 20100305
 generated by GNU Autoconf 2.63
 
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1674,7 +1674,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by netpgp $as_me 20100304, which was
+It was created by netpgp $as_me 20100305, which was
 generated by GNU Autoconf 2.63.  Invocation command line was
 
   $ $0 $@
@@ -2561,7 +2561,7 @@
 
 # Define the identity of the package.
  PACKAGE='netpgp'
- VERSION='20100304'
+ VERSION='20100305'
 
 
 cat confdefs.h _ACEOF
@@ -22306,7 +22306,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log=
-This file was extended by netpgp $as_me 20100304, which was
+This file was extended by netpgp $as_me 20100305, which was
 generated by GNU Autoconf 2.63.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -22369,7 +22369,7 @@
 _ACEOF
 cat $CONFIG_STATUS _ACEOF || ac_write_fail=1
 ac_cs_version=\\
-netpgp

CVS commit: src/crypto/external/bsd/netpgp/dist

2010-03-05 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Fri Mar  5 19:58:39 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac
src/crypto/external/bsd/netpgp/dist/src/lib: fastctype.h types.h
version.h
src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile
src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile verify.c

Log Message:
Changes to 1.99.21/20100305

+ clean up some lint
+ the obligatory ''build on mac os x fixes'' - inttypes.h header file


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/netpgp/dist/configure
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/netpgp/dist/configure.ac
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/netpgp/dist/src/lib/fastctype.h
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/netpgp/dist/src/lib/types.h
cvs rdiff -u -r1.27 -r1.28 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd

2010-03-01 Thread Joerg Sonnenberger

Why do we want to have another ad-hoc HTTP implementation? Wouldn't a
small *CGI script be good enough?

Joerg

On Mon, Mar 01, 2010 at 07:41:57AM +, Alistair G. Crooks wrote:
 Module Name:  src
 Committed By: agc
 Date: Mon Mar  1 07:41:57 UTC 2010
 
 Added Files:
   src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h
   main.c
 
 Log Message:
 add an embryonic httpd key server (hkpd) to netpgp. this is based on the
 discontinued draft for hkp servers, in lieu of any official rfc.
 
 the post method for adding keys to the server has not been implemented.
 not until i've gone through all of the implications, anyway.
 
 hkp servers serve up pgp public keys over http. the default port is 11371,
 but it can be any port, specifiable at run time. whilst this hkpd will
 return valid html to browsers, it is aimed at the ''machine readable''
 side, using the ''options=mr'' option to the http get string.
 
 this hkpd server will get hooked into the build at a later date.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \
 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \
 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \
 src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd

2010-03-01 Thread Alistair Crooks

not really, i tried to shoehorn all of this into bozo, and it wasn't
willing to do it, and its cgi subsystem doesn't lend itself to this
kind of thing.  i'm fairly intimate with most of bozo's internals,
too.

the server itself is not that large.  if there's a common server-side
library that can be used, great, show me it, and i'll convert the hkpd
to use it.  libfetch certainly isn't up to the task.

regards,
alistair

On Mon, Mar 01, 2010 at 10:35:20PM +0100, Joerg Sonnenberger wrote:
 Why do we want to have another ad-hoc HTTP implementation? Wouldn't a
 small *CGI script be good enough?
 
 Joerg
 
 On Mon, Mar 01, 2010 at 07:41:57AM +, Alistair G. Crooks wrote:
  Module Name:src
  Committed By:   agc
  Date:   Mon Mar  1 07:41:57 UTC 2010
  
  Added Files:
  src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h
  main.c
  
  Log Message:
  add an embryonic httpd key server (hkpd) to netpgp. this is based on the
  discontinued draft for hkp servers, in lieu of any official rfc.
  
  the post method for adding keys to the server has not been implemented.
  not until i've gone through all of the implications, anyway.
  
  hkp servers serve up pgp public keys over http. the default port is 11371,
  but it can be any port, specifiable at run time. whilst this hkpd will
  return valid html to browsers, it is aimed at the ''machine readable''
  side, using the ''options=mr'' option to the http get string.
  
  this hkpd server will get hooked into the build at a later date.
  
  
  To generate a diff of this commit:
  cvs rdiff -u -r0 -r1.1 
  src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \
  src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \
  src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \
  src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c
  
  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd

2010-03-01 Thread Thomas E. Spanjaard

Joerg Sonnenberger wrote:
 Why do we want to have another ad-hoc HTTP implementation? Wouldn't a
 small *CGI script be good enough?

Argument for a separate implementation: it runs as a standalone daemon
on a different port than the default for HTTP, as a decoupled service
from your normal httpd. Argument against: a CGI script would allow you
too hook it into your favourite httpd, which could do all sorts of
advanced stuff to requests before they hit the CGI script, like
aliasing, rewriting, filtering, caching, etc..

Personally, I'd prefer a CGI script; though I do not at present desire
to run a HKP server. I am satisfied with the various SKS servers out there.

Cheers,
-- 
Thomas E. Spanjaard
t...@netphreax.net
t...@deepbone.net



signature.asc
Description: OpenPGP digital signature

CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd

2010-02-28 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Mon Mar  1 07:41:57 UTC 2010

Added Files:
src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h
main.c

Log Message:
add an embryonic httpd key server (hkpd) to netpgp. this is based on the
discontinued draft for hkp servers, in lieu of any official rfc.

the post method for adding keys to the server has not been implemented.
not until i've gone through all of the implications, anyway.

hkp servers serve up pgp public keys over http. the default port is 11371,
but it can be any port, specifiable at run time. whilst this hkpd will
return valid html to browsers, it is aimed at the ''machine readable''
side, using the ''options=mr'' option to the http get string.

this hkpd server will get hooked into the build at a later date.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \
src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \
src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \
src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile
diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.1
--- /dev/null	Mon Mar  1 07:41:57 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile	Mon Mar  1 07:41:56 2010
@@ -0,0 +1,11 @@
+# $NetBSD: Makefile,v 1.1 2010/03/01 07:41:56 agc Exp $
+
+PROG=hkpd
+SRCS=hkpd.c main.c
+CPPFLAGS+=-g # -DHAVE_CONFIG_H=1
+LDFLAGS+=-g
+LDADD+= -lnetpgp
+MKMAN=no
+WARNS=0 # anything over 0 will fail at the link stage with IDEA errors
+
+.include bsd.prog.mk
Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c
diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.1
--- /dev/null	Mon Mar  1 07:41:57 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c	Mon Mar  1 07:41:56 2010
@@ -0,0 +1,275 @@
+/*-
+ * Copyright (c) 2009,2010 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Alistair Crooks (a...@netbsd.org)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include sys/types.h
+#include sys/param.h
+#include sys/socket.h
+#include sys/stat.h
+#include sys/param.h
+
+#include netinet/in.h
+
+#include errno.h
+#include netdb.h
+#include netpgp.h
+#include regex.h
+#include stdio.h
+#include stdlib.h
+#include string.h
+#include unistd.h
+
+#include hkpd.h
+
+/* make the string have %xx - %c */
+static size_t
+frompercent(char *in, size_t insize, char *out, size_t outsize)
+{
+	size_t	 outcc;
+	char	*next;
+	char	*pc;
+
+	outcc = 0;
+	for (pc = in ; (next = strchr(pc, '%')) != NULL ; pc = next + 3) {
+		(void) memcpy(out[outcc], pc, (size_t)(next - pc));
+		outcc += (size_t)(next - pc);
+		out[outcc++] = (char)strtol(next + 1, NULL, 16);
+	}
+	(void) memcpy(out[outcc], pc, insize - (int)(pc - in));
+	outcc += insize - (int)(pc - in);
+	out[outcc] = 0x0;
+	return outcc;
+}
+
+#define HKP_HTTP_LEVEL	HTTP/1.0
+#define HKP_NAME	hkpd
+#define HKP_MIME_GET	application/pgp-keys
+#define HKP_MIME_INDEX	text/plain
+#define HKP_MACHREAD	info:1:1\r\n
+
+#define HKP_SUCCESS	200
+#define HKP_NOT_FOUND	404
+
+/* make into html */
+static int
+htmlify(char *buf, size_t size, const int code, const int get, const char *title, const int mr, const char *body)
+{
+	return snprintf(buf, size,
+		%s %d %s\r\n
+		Server: %s/%d\r\n
+		Content-type: %s\r\n
+		\r\n
+		%s
+		%s,
+		HKP_HTTP_LEVEL, code, (code == HKP_SUCCESS) ? OK : not found,
+		HKP_NAME,

CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd

2010-02-28 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Mon Mar  1 07:41:57 UTC 2010

Added Files:
src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h
main.c

Log Message:
add an embryonic httpd key server (hkpd) to netpgp. this is based on the
discontinued draft for hkp servers, in lieu of any official rfc.

the post method for adding keys to the server has not been implemented.
not until i've gone through all of the implications, anyway.

hkp servers serve up pgp public keys over http. the default port is 11371,
but it can be any port, specifiable at run time. whilst this hkpd will
return valid html to browsers, it is aimed at the ''machine readable''
side, using the ''options=mr'' option to the http get string.

this hkpd server will get hooked into the build at a later date.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \
src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \
src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \
src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpclient

2010-02-28 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Mon Mar  1 07:52:21 UTC 2010

Added Files:
src/crypto/external/bsd/netpgp/dist/src/hkpclient: hkpclient.lua
optparse.lua tst

Log Message:
add the scripts used to test the hkpd.

fwiw, the hkp client script is - essentially - 7 lines of lua, using
libcurl for the http transport.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 \
src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua \
src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua \
src/crypto/external/bsd/netpgp/dist/src/hkpclient/tst

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua
diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua:1.1
--- /dev/null	Mon Mar  1 07:52:21 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua	Mon Mar  1 07:52:21 2010
@@ -0,0 +1,74 @@
+#! /usr/bin/env lua
+
+--
+-- Copyright (c) 2010 The NetBSD Foundation, Inc.
+-- All rights reserved.
+--
+-- This code is derived from software contributed to The NetBSD Foundation
+-- by Alistair Crooks (a...@netbsd.org)
+--
+-- Redistribution and use in source and binary forms, with or without
+-- modification, are permitted provided that the following conditions
+-- are met:
+-- 1. Redistributions of source code must retain the above copyright
+--notice, this list of conditions and the following disclaimer.
+-- 2. Redistributions in binary form must reproduce the above copyright
+--notice, this list of conditions and the following disclaimer in the
+--documentation and/or other materials provided with the distribution.
+--
+-- THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+-- ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+-- TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+-- PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+-- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+-- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+-- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+-- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+-- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+-- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+-- POSSIBILITY OF SUCH DAMAGE.
+--
+
+-- a short HKP client
+
+require(cURL)
+
+-- command line args
+dofile optparse.lua
+
+opt = OptionParser{usage=%prog [options] file, version=20100226}
+
+opt.add_option{-V, --version, action=store_true, dest=version,
+			help=--version}
+opt.add_option{-m, --mr, action=store_true, dest=mr, help=-m}
+opt.add_option{-o, --op, action=store, dest=op, help=-o op}
+opt.add_option{-p, --port, action=store, dest=port, help=-p port}
+opt.add_option{-s, --server, action=store, dest=server, help=-s server}
+
+-- parse command line args
+options,args = opt.parse_args()
+
+-- set defaults
+local server = options.server or pgp.mit.edu
+local port = options.port or 11371
+local op = options.op or get
+local mr = 
+if options.mr then mr = options=mr end
+
+-- get output stream
+f = io.output()
+
+c = cURL.easy_init()
+
+-- setup url
+c:setopt_url(http://; .. server .. : .. port ..
+	/pks/lookup?op= .. op .. search= .. args[1] .. mr)
+
+-- perform, invokes callbacks
+c:perform({writefunction = function(str) 
+f:write(str)
+			 end})
+
+-- close output file
+f:close()
+
Index: src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua
diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua:1.1
--- /dev/null	Mon Mar  1 07:52:21 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua	Mon Mar  1 07:52:21 2010
@@ -0,0 +1,123 @@
+-- Lua command line option parser.
+-- Interface based on Pythons optparse.
+-- http://docs.python.org/lib/module-optparse.html
+-- (c) 2008 David Manura, Licensed under the same terms as Lua (MIT license)
+--
+-- To be used like this:  
+-- t={usage=some usage message, version=version string}   
+-- op=OptionParser(t) 
+-- op=add_option{opt, action=action, dest=dest, help=help message for this option}
+--
+-- with :
+--   opt the option string to be used (can be anything, if one letter opt, then should be -x val, more letters: -xy=val )
+--   action one of
+--   - store: store in options as key, val  
+--   - store_true: stores key, true 
+--   - store_false: stores key, false
+--   dest is the key under which the option is saved
+--

CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpclient

2010-02-28 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Mon Mar  1 07:52:21 UTC 2010

Added Files:
src/crypto/external/bsd/netpgp/dist/src/hkpclient: hkpclient.lua
optparse.lua tst

Log Message:
add the scripts used to test the hkpd.

fwiw, the hkp client script is - essentially - 7 lines of lua, using
libcurl for the http transport.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 \
src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua \
src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua \
src/crypto/external/bsd/netpgp/dist/src/hkpclient/tst

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/netpgp

2010-02-24 Thread Thomas Klausner

Module Name:src
Committed By:   wiz
Date:   Wed Feb 24 08:22:59 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/netpgp: netpgp.1

Log Message:
New sentence, new line; remove trailing whitespace.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src

2010-02-22 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Tue Feb 23 01:24:45 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c validate.c
src/crypto/external/bsd/netpgp/dist/src/netpgp: netpgp.1

Log Message:
fix a bug in verifying memory.

add two examples to the netpgp(1) manual page outlining how to sign
and encrypt via a pipeline, and how to decrypt and verify/cat using a
pipeline.


To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.29 -r1.30 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.39 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.40
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.39	Fri Feb 12 03:38:48 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c	Tue Feb 23 01:24:44 2010
@@ -34,7 +34,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT(@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.);
-__RCSID($NetBSD: netpgp.c,v 1.39 2010/02/12 03:38:48 agc Exp $);
+__RCSID($NetBSD: netpgp.c,v 1.40 2010/02/23 01:24:44 agc Exp $);
 #endif
 
 #include sys/types.h
@@ -1014,6 +1014,9 @@
 	}
 	signedmem = __ops_memory_new();
 	__ops_memory_add(signedmem, in, size);
+	if (out) {
+		cat = __ops_memory_new();
+	}
 	ret = __ops_validate_mem(io, result, signedmem,
 (out) ? cat : NULL,
 armored, netpgp-pubring);

Index: src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.29 src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.30
--- src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.29	Fri Feb 12 03:38:48 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c	Tue Feb 23 01:24:44 2010
@@ -54,7 +54,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT(@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.);
-__RCSID($NetBSD: validate.c,v 1.29 2010/02/12 03:38:48 agc Exp $);
+__RCSID($NetBSD: validate.c,v 1.30 2010/02/23 01:24:44 agc Exp $);
 #endif
 
 #include sys/types.h
@@ -949,7 +949,7 @@
 	__ops_teardown_memory_read(stream, mem);
 
 	/* this is triggered only for --cat output */
-	if (*cat) {
+	if (cat) {
 		/* need to send validated output somewhere */
 		*cat = validation.mem;
 	} else {

Index: src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1
diff -u src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1:1.7 src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1:1.8
--- src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1:1.7	Sat Feb  6 02:24:34 2010
+++ src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1	Tue Feb 23 01:24:45 2010
@@ -1,4 +1,4 @@
-.\ $NetBSD: netpgp.1,v 1.7 2010/02/06 02:24:34 agc Exp $
+.\ $NetBSD: netpgp.1,v 1.8 2010/02/23 01:24:45 agc Exp $
 .\
 .\ Copyright (c) 2009 The NetBSD Foundation, Inc.
 .\ All rights reserved.
@@ -406,6 +406,10 @@
 netpgp passphrase:
 %
 .Ed
+.Pp
+This simple (and contrived) example shows that
+.Nm
+commands can be used together in a pipeline to produce the desired effect.
 .Bd -literal
 % netpgp --sign \*[Lt] a | netpgp --cat \*[Gt] b 
 netpgp: default key set to C0596823
@@ -428,6 +432,43 @@
 uid  Alistair Crooks (Yahoo!) \*[lt]agcro...@yahoo-inc.com\*[gt]
 %
 .Ed
+.Pp
+For operations like signing and encrypting a file at the same time,
+the best way is to make use of pipelines:
+.Bd -literal
+% netpgp --sign \*[Lt] example | netpgp --encrypt --userid=c0596823 \*[Gt] example.gpg
+netpgp: default key set to C0596823
+pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
+Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid  Alistair Crooks \*[lt]alist...@hockley-crooks.com\*[gt]
+uid  Alistair Crooks \*[lt]...@pkgsrc.org\*[gt]
+uid  Alistair Crooks \*[lt]...@netbsd.org\*[gt]
+uid  Alistair Crooks \*[lt]...@alistaircrooks.com\*[gt]
+uid  Alistair Crooks (Yahoo!) \*[lt]agcro...@yahoo-inc.com\*[gt]
+netpgp passphrase:
+% netpgp --decrypt \*[Lt] example.gpg | netpgp --cat
+netpgp: default key set to C0596823
+netpgp: default key set to C0596823
+pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
+Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid  Alistair Crooks \*[lt]alist...@hockley-crooks.com\*[gt]
+uid  Alistair Crooks \*[lt]...@pkgsrc.org\*[gt]
+uid  Alistair Crooks \*[lt]...@netbsd.org\*[gt]
+uid  Alistair Crooks \*[lt]...@alistaircrooks.com\*[gt]
+uid  Alistair Crooks (Yahoo!) \*[lt]agcro...@yahoo-inc.com\*[gt]
+netpgp passphrase:
+Good

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-02-12 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Sat Feb 13 00:14:00 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: signature.h

Log Message:
let's get modern int types defined so that netpgp will build on mac os x


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist

2010-02-11 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Thu Feb 11 17:46:09 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist: configure.ac
src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c version.h

Log Message:
changes to 1.99.18/20100211

small steps, but lots of them - this is the first one.

+ print out the correct key information when signing files and memory.
  what used to be printed out was the copy of the public key which is
  stored as part of the private key(!). does not address the info shown
  when decrypting, since that is done in a different way, by callback.
  this whole part needs to be re-written, but will have to wait for two
  good hands.


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/netpgp/dist/configure.ac
cvs rdiff -u -r1.37 -r1.38 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist

2010-02-11 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Fri Feb 12 03:38:48 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist: TODO configure.ac
src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.c crypto.h
keyring.h netpgp.c packet-print.c reader.c validate.c version.h
src/crypto/external/bsd/netpgp/dist/src/netpgpverify: verify.c

Log Message:
Changes to 1.99.19/20100212

+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
+ make the singular of time units read correctly
+ print decryption key info properly when prompting for passphrase


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/netpgp/dist/configure.ac
cvs rdiff -u -r1.21 -r1.22 \
src/crypto/external/bsd/netpgp/dist/src/lib/create.c
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c
cvs rdiff -u -r1.15 -r1.16 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
cvs rdiff -u -r1.20 -r1.21 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h
cvs rdiff -u -r1.38 -r1.39 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.25 -r1.26 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
cvs rdiff -u -r1.29 -r1.30 \
src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
cvs rdiff -u -r1.28 -r1.29 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist

2010-02-08 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Mon Feb  8 17:19:12 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac
src/crypto/external/bsd/netpgp/dist/src/lib: crypto.c crypto.h
packet-print.c packet.h reader.c validate.c version.h
src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile
src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile

Log Message:
Update netpgp to version 1.99.17/20100208

Changes to 1.99.17/20100208

+ get rid of last 2 static variables - use the __ops_printstate_t struct
  passed down, and add the indent variable here too
+ get rid of 3 occurrences in reader.c where an automatic buffer was
  addressed (as part of a subsequent callback) by a struct field from
  a calling scope, and only valid within the callback.  Found by
  Flexelint and phk - many thanks.
+ print filename/memory when time problems occur when validating signatures


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/netpgp/dist/configure
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/netpgp/dist/configure.ac
cvs rdiff -u -r1.18 -r1.19 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c
cvs rdiff -u -r1.14 -r1.15 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.17 -r1.18 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
cvs rdiff -u -r1.28 -r1.29 \
src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
cvs rdiff -u -r1.27 -r1.28 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
cvs rdiff -u -r1.23 -r1.24 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

2010-02-06 Thread David Laight

Module Name:src
Committed By:   dsl
Date:   Sat Feb  6 10:50:52 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: packet-parse.c validate.c

Log Message:
Fix printf formats on amd64 (and probably other 64bit systems).


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
cvs rdiff -u -r1.26 -r1.27 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/crypto/external/bsd/netpgp/dist

2010-02-05 Thread Alistair G. Crooks

Module Name:src
Committed By:   agc
Date:   Sat Feb  6 02:24:34 UTC 2010

Modified Files:
src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac tst
src/crypto/external/bsd/netpgp/dist/include: netpgp.h
src/crypto/external/bsd/netpgp/dist/src/lib: crypto.h keyring.c
keyring.h netpgp.c netpgpsdk.h openssl_crypto.c packet-parse.c
packet-print.c packet.h reader.c signature.c signature.h ssh2pgp.c
validate.c validate.h version.h
src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile netpgp.1
netpgp.c
src/crypto/external/bsd/netpgp/dist/src/netpgpkeys: netpgpkeys.1
netpgpkeys.c
src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile

Log Message:
Changes to 1.99.16/20100205

+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
  packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
  signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
  signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/netpgp/dist/configure
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/netpgp/dist/configure.ac
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/netpgp/dist/tst
cvs rdiff -u -r1.14 -r1.15 \
src/crypto/external/bsd/netpgp/dist/include/netpgp.h
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
cvs rdiff -u -r1.26 -r1.27 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h
cvs rdiff -u -r1.36 -r1.37 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h
cvs rdiff -u -r1.18 -r1.19 \
src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
cvs rdiff -u -r1.27 -r1.28 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c \
src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
cvs rdiff -u -r1.23 -r1.24 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.16 -r1.17 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
cvs rdiff -u -r1.14 -r1.15 \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.h
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c
cvs rdiff -u -r1.25 -r1.26 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
cvs rdiff -u -r1.11 -r1.12 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.h
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile \
src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-27 Thread Alistair Crooks

On Tue, May 26, 2009 at 09:12:39AM +0200, Joerg Sonnenberger wrote:
 On Tue, May 26, 2009 at 05:40:03AM +, Luke Mewburn wrote:
  Log Message:
  Improve SHA256_CTX checks; OS/X provides it in CommonCrypto/CommonDigest.h
  even though their openssl/sha.h is too old.
 
 I think I will hit similiar issues with libarchive at some points, so do
 you have more details here?

Take a look at the source code - it's worked on Mac OS X with its weird
digest/openssl integration since January.

Regards,
Alistair

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-26 Thread Joerg Sonnenberger

On Tue, May 26, 2009 at 05:40:03AM +, Luke Mewburn wrote:
 Log Message:
 Improve SHA256_CTX checks; OS/X provides it in CommonCrypto/CommonDigest.h
 even though their openssl/sha.h is too old.

I think I will hit similiar issues with libarchive at some points, so do
you have more details here?

Joerg

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-26 Thread David Holland

On Mon, May 11, 2009 at 10:32:30AM -0400, Perry E. Metzger wrote:
  The only thing I will directly advocate for (besides scrapping the
  current UI) is something like the ssh-agent functionality. It is painful
  having to type in your passphrase for every email message you read,
  every one you want to sign, etc.

What do you think of plan9 factotum? I remember thinking it was
reasonably sane, although that was long enough ago that I forget all
the details.

-- 
David A. Holland
dholl...@netbsd.org

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-26 Thread Perry E. Metzger


David Holland dholland-sourcechan...@netbsd.org writes:
 On Mon, May 11, 2009 at 10:32:30AM -0400, Perry E. Metzger wrote:
   The only thing I will directly advocate for (besides scrapping the
   current UI) is something like the ssh-agent functionality. It is painful
   having to type in your passphrase for every email message you read,
   every one you want to sign, etc.

 What do you think of plan9 factotum? I remember thinking it was
 reasonably sane, although that was long enough ago that I forget all
 the details.

As do I -- I would need to re-read about it.

Perry
-- 
Perry E. Metzgerpe...@piermont.com

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-25 Thread Christos Zoulas

In article 20090525160949.gr14...@nef.pbox.org,
Alistair Crooks  a...@pkgsrc.org wrote:
Hi Arnaud, everyone,

On Thu, May 21, 2009 at 10:59:04PM -0400, Arnaud Lacombe wrote:
 I've been seeing a lot of commit and activity in netpgp. Do you mind
 sending me a small paragraph [for the next CVS activity report] about
 what you're doing in it and what is already possible and what
 direction does it take ?
 
Yeah, there's no secret about what I'm doing with it, but just to clarify:

netpgp is a high-level layer which sits on top of a heavily-modified
openpgpsdk, and provides a library interface defined in
/usr/include/netpgp.h - the main functions are:

int netpgp_encrypt_file(netpgp_t *, char *, char *, char *, int);
int netpgp_decrypt_file(netpgp_t *, char *, char *, int);
int netpgp_sign_file(netpgp_t *, char *, char *, char *, int, int, int);
int netpgp_verify_file(netpgp_t *, char *, const char *, int);

Shouldn't most of those char *'s be const char *, and in the code
the result of the __ops_functions should be checked, and appropriate
errnos set?

christos

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-21 Thread Arnaud Lacombe

Hi Alistair,

I've been seeing a lot of commit and activity in netpgp. Do you mind
sending me a small paragraph [for the next CVS activity report] about
what you're doing in it and what is already possible and what
direction does it take ?

Thanks !

 - Arnaud

On Thu, May 21, 2009 at 10:28 PM, Alistair G. Crooks a...@netbsd.org wrote:
 Module Name:    src
 Committed By:   agc
 Date:           Fri May 22 02:28:54 UTC 2009

 Modified Files:
        src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac tst
        src/crypto/external/bsd/netpgp/dist/src/bin: netpgp.1 netpgp.c
        src/crypto/external/bsd/netpgp/dist/src/lib: config.h packet.h
            version.h

 Log Message:
 CHANGES 1.99.2 - 1.99.3

 + modified regression tests to make it easier to see status messages
 + modified --encrypt, --decrypt, --sign, and --clearsign as well as --cat
  to respect the --output argument for the output file. Default behaviour
  remains unchanged - if --output is not specified, standard file names
  and suffixes apply. Note that --verify has not been changed - this is
  for compatibility with gpg, POLA/POLS, and because --verify-cat/--cat
  provides this behaviour


 To generate a diff of this commit:
 cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/netpgp/dist/TODO
 cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/netpgp/dist/configure \
    src/crypto/external/bsd/netpgp/dist/configure.ac
 cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/netpgp/dist/tst
 cvs rdiff -u -r1.11 -r1.12 \
    src/crypto/external/bsd/netpgp/dist/src/bin/netpgp.1
 cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/netpgp/dist/src/bin/netpgp.c
 cvs rdiff -u -r1.9 -r1.10 \
    src/crypto/external/bsd/netpgp/dist/src/lib/config.h \
    src/crypto/external/bsd/netpgp/dist/src/lib/version.h
 cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/netpgp/dist/src/lib/packet.h

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-12 Thread Perry E. Metzger



Alistair G. Crooks a...@netbsd.org writes:
 + allow a choice of hash algorithms for the signature digest (rather
   than hardcoding SHA1 - it is looking as though collisions are easier
   to manufacture based on recent findings)
 + move default signature RSA hash algorithm to SHA256 (from SHA1). This is
   passed as a string parameter from the high-level interface. We'll
   revisit this later after a good way to specify the algorithm has been
   found.

I presume this isn't in the man page because you're waiting on the final
method to handle it?

Perry

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-11 Thread Perry E. Metzger


Alistair Crooks a...@pkgsrc.org writes:
 I'll look into providing that somehow (I've been of the opinion that
 we need one binary for key management, and one binary for
 signing/verification and encrypting/decrypting for a while now - it's
 the way that the old nbpg SoC project was going too), and that
 definitely gives me an incentive to do that kind of split.

The worst part of pgp and gpg have always been the user interfaces --
bulky, so many options you can't remember which ones you want at any
given time, complicated init files, etc.

I would suggest ignoring any prior precedents on such matters because
they're all bad and start from a clean slate. Start fresh as though you
were a sane Unix geek building from scratch and produce an interface
that is intuitive to Unix users -- if you do, netpgp will take over the
world.

The only thing I will directly advocate for (besides scrapping the
current UI) is something like the ssh-agent functionality. It is painful
having to type in your passphrase for every email message you read,
every one you want to sign, etc.

Perry
-- 
Perry E. Metzgerpe...@piermont.com

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-11 Thread Luke Mewburn

On Mon, May 11, 2009 at 10:32:30AM -0400, Perry E. Metzger wrote:
  | The only thing I will directly advocate for (besides scrapping the
  | current UI) is something like the ssh-agent functionality. It is painful
  | having to type in your passphrase for every email message you read,
  | every one you want to sign, etc.

gpg (gnupg) version 2 provides gpg-agent for this.
That may provide some more inspiration for features.


pgpM3zJAAMAT1.pgp
Description: PGP signature

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-10 Thread Perry E. Metzger


Simon Burge sim...@netbsd.org writes:
 Perry E. Metzger wrote:

 [ ... ] Encrypted swap should
 be the default -- either using cgd or by simply encrypting the blocks as
 they go in and out without using the cgd layer.

 You've benchmarked the effect of this, especially on older hardware?

No, but others have, and it is generally negligible. Why is this the
case? Well, think about it for a moment -- the time to encrypt a disk
block is a tiny fraction of the time needed to write it to disk. It is
true that on older machines there is less processor, but there is also
even less disk bandwidth. The situation is a lot worse if you're
thrashing, but of course the situation is always a lot worse if you're
thrashing.

In any case: there would clearly be a knob to this on and off, and it
can even be left off by default, at least on older ports. The problem is
this: it is a significant effort to set this up at all, so no one does
it. If it was trivial to set up, even something listed in sysinst, it
would be widely used, unlike the situation now where it is barely if
ever done.

Perry
-- 
Perry E. Metzgerpe...@piermont.com

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-10 Thread Daniel Carosone

On Sat, May 09, 2009 at 03:46:28AM +0100, Alistair Crooks wrote:

 [...] since there's no way of changing a PGP passphrase
 short of generating a new key.

Huh?  Sure, you have a need to deal with keyring copies from before
the change, maybe with some more rm -P and its limtations, but
otherwise, I don't understand this.  

--
Dan.


pgpNspqO3Rna0.pgp
Description: PGP signature

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-10 Thread Daniel Carosone

On Mon, May 11, 2009 at 02:55:03AM +0100, Alistair Crooks wrote:
 On Mon, May 11, 2009 at 11:09:40AM +1000, Daniel Carosone wrote:
  On Sat, May 09, 2009 at 03:46:28AM +0100, Alistair Crooks wrote:
  
   [...] since there's no way of changing a PGP passphrase
   short of generating a new key.
  
  Huh?  Sure, you have a need to deal with keyring copies from before
  the change, maybe with some more rm -P and its limtations, but
  otherwise, I don't understand this.  
 
 Sorry, I must be missing something then (perfectly possible, now I'm
 old and grey) - how do you change the passphrase on a PGP key?

For gpg, the passwd sub-command under edit-key.  For other
implementations, special sigils created by waving the magic
wand^Wpointer.  

If the corresponding feature is missing from this implementation,
that's a deficiency, but not a limitation of the format.  Someone
might implement the feature, or you might combine tools since the
keyring format is standardised and (I hope) therefore the tools are
interoperable.   

--
Dan.



pgpab5DcKPMca.pgp
Description: PGP signature

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-10 Thread Alistair Crooks

On Mon, May 11, 2009 at 12:11:03PM +1000, Daniel Carosone wrote:
 On Mon, May 11, 2009 at 02:55:03AM +0100, Alistair Crooks wrote:
  On Mon, May 11, 2009 at 11:09:40AM +1000, Daniel Carosone wrote:
   On Sat, May 09, 2009 at 03:46:28AM +0100, Alistair Crooks wrote:
   
[...] since there's no way of changing a PGP passphrase
short of generating a new key.
   
   Huh?  Sure, you have a need to deal with keyring copies from before
   the change, maybe with some more rm -P and its limtations, but
   otherwise, I don't understand this.  
  
  Sorry, I must be missing something then (perfectly possible, now I'm
  old and grey) - how do you change the passphrase on a PGP key?
 
 For gpg, the passwd sub-command under edit-key.  For other
 implementations, special sigils created by waving the magic
 wand^Wpointer.  
 
 If the corresponding feature is missing from this implementation,
 that's a deficiency, but not a limitation of the format.  Someone
 might implement the feature, or you might combine tools since the
 keyring format is standardised and (I hope) therefore the tools are
 interoperable.   

Cool, thanks, that's exactly the information I was looking for.

I'll look into providing that somehow (I've been of the opinion that
we need one binary for key management, and one binary for
signing/verification and encrypting/decrypting for a while now - it's
the way that the old nbpg SoC project was going too), and that
definitely gives me an incentive to do that kind of split.

Thanks once again,
Al

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-06 Thread Alistair Crooks

On Wed, May 06, 2009 at 12:57:06PM +0200, Klaus Klein wrote:
 On Tue, May 05, 2009 at 11:38:36PM +, David Holland wrote:
  On Wed, May 06, 2009 at 12:33:00AM +0100, Alistair Crooks wrote:
Imagine someone embedding this library in their (embedded) product.
Having the library dump core for what is an unusual ocurrence, admittedly
(such as an out of memory condition, perhaps) is suboptimal, since the
product may then have to be re-started to get a working system. This
is too intrusive. As someone with an LCD TV which sometimes does this,
it annoys me intensely. Names and models on request, in private.

This also brings us round to a pet peeve of mine - for development
work, dumping core is fine for exceptional conditions. Same as kernel
panics. It's not usually wanted in production code.
  
  Having things fail silently or go into a fugue state is not an
  improvement, particularly in security code. So I'd qualify all this by
  saying that end-to-end behavior should always be fail-stop.
  
  However, I'm inclined to agree that libraries should not in general
  abort on behalf of an application, and that it's the application's
  responsibility to be fail-stop.
 
 So, as far as the library is concerned, shouldn't these assertions
 be preserved, and face conversion to _DIAGASSERT(3)?

You're right, if you believe that the failure of a runtime check for
the length of time_t being greater than or equal to 4 bytes is
sufficient to abort an application.  There were also assertions about
previous values which had been hardcoded.  Some of the assertions had
code further on to check exactly the same error condition, and return
gracefully with an error value if triggered.

Anyway, on with the meta-discussion.

Regards,
Alistair

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-06 Thread Joerg Sonnenberger

On Wed, May 06, 2009 at 03:52:15PM +0100, Alistair Crooks wrote:
 You're right, if you believe that the failure of a runtime check for
 the length of time_t being greater than or equal to 4 bytes is
 sufficient to abort an application.

...which can and should be a compile-time assertion.

Joerg

Re: CVS commit: src/crypto/external/bsd/netpgp/dist

2009-05-06 Thread Alistair Crooks

On Wed, May 06, 2009 at 06:47:37PM +0200, Joerg Sonnenberger wrote:
 On Wed, May 06, 2009 at 03:52:15PM +0100, Alistair Crooks wrote:
  You're right, if you believe that the failure of a runtime check for
  the length of time_t being greater than or equal to 4 bytes is
  sufficient to abort an application.
 
 ...which can and should be a compile-time assertion.

Absolutely - we can put it in sys/cdefs.h, right next to the check
for the value of pi changing, and the check for int32_t being able to
address 32 bits.

Having this kind of thing as compile-time checks would take a huge
weight off my mind.

Alistair

PS.  It has suddenly struck me that your suggestion might have been
serious. Oh well...

82 matches

Mail list logo