CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: rillig Date: Mon Oct 3 05:34:31 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c Log Message: netpgp: fix build with Clang (since 2022-10-01) error: passing 'char [1]' to parameter of type 'const uint8_t *' (aka 'const unsigned char *') converts between pointers to integer types where one is of the unique plain 'char' type and the other is not [-Werror,-Wpointer-sign] To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: rillig Date: Mon Oct 3 05:34:31 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c Log Message: netpgp: fix build with Clang (since 2022-10-01) error: passing 'char [1]' to parameter of type 'const uint8_t *' (aka 'const unsigned char *') converts between pointers to integer types where one is of the unique plain 'char' type and the other is not [-Werror,-Wpointer-sign] To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.59 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.60 --- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.59 Sat Oct 1 22:21:31 2022 +++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Mon Oct 3 05:34:31 2022 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: keyring.c,v 1.59 2022/10/01 22:21:31 rillig Exp $"); +__RCSID("$NetBSD: keyring.c,v 1.60 2022/10/03 05:34:31 rillig Exp $"); #endif #ifdef HAVE_FCNTL_H @@ -1159,7 +1159,7 @@ pgp_export_key(pgp_io_t *io, const pgp_k pgp_write_xfer_seckey(output, keydata, passphrase, strlen((char *)passphrase), 1); } - pgp_memory_add(mem, "", 1); + pgp_memory_add(mem, (uint8_t[]){0}, 1); cp = netpgp_strdup(pgp_mem_data(mem)); pgp_teardown_memory_write(output, mem); return cp;
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: rillig Date: Sat Oct 1 22:21:31 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c Log Message: netpgpkeys: properly terminate string before calling strdup $ MALLOC_CONF=junk:true netpgpkeys \ --export-key \ --keyring=/usr/pkg/etc/gnupg/pkgsrc.gpg \ b5952cabdd765a20 The above command printed "-END PGP PUBLIC KEY BLOCK-\r\n" followed by "\xA5\xA5\xA5...". To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.58 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.59 --- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.58 Sat Aug 27 08:58:32 2022 +++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Sat Oct 1 22:21:31 2022 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: keyring.c,v 1.58 2022/08/27 08:58:32 rillig Exp $"); +__RCSID("$NetBSD: keyring.c,v 1.59 2022/10/01 22:21:31 rillig Exp $"); #endif #ifdef HAVE_FCNTL_H @@ -1159,6 +1159,7 @@ pgp_export_key(pgp_io_t *io, const pgp_k pgp_write_xfer_seckey(output, keydata, passphrase, strlen((char *)passphrase), 1); } + pgp_memory_add(mem, "", 1); cp = netpgp_strdup(pgp_mem_data(mem)); pgp_teardown_memory_write(output, mem); return cp;
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: rillig Date: Sat Oct 1 22:21:31 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c Log Message: netpgpkeys: properly terminate string before calling strdup $ MALLOC_CONF=junk:true netpgpkeys \ --export-key \ --keyring=/usr/pkg/etc/gnupg/pkgsrc.gpg \ b5952cabdd765a20 The above command printed "-END PGP PUBLIC KEY BLOCK-\r\n" followed by "\xA5\xA5\xA5...". To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/bindings/lua
Module Name:src Committed By: rillig Date: Sat Aug 27 12:55:34 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/bindings/lua: netpgp.lua Log Message: netpgp: fix indentation in Lua binding example program To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua diff -u src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.7 src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.8 --- src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.7 Sat Aug 27 08:57:23 2022 +++ src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua Sat Aug 27 12:55:34 2022 @@ -73,7 +73,7 @@ if options.homedir then netpgp.homedir(pgp, options.homedir) end if options.decrypt or options.sign then -netpgp.setvar(pgp, "need seckey", 1) + netpgp.setvar(pgp, "need seckey", 1) end -- initialise everything
CVS commit: src/crypto/external/bsd/netpgp/dist/bindings/lua
Module Name:src Committed By: rillig Date: Sat Aug 27 12:55:34 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/bindings/lua: netpgp.lua Log Message: netpgp: fix indentation in Lua binding example program To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/bindings/lua
Module Name:src Committed By: rillig Date: Sat Aug 27 08:57:23 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/bindings/lua: netpgp.lua Log Message: netpgp: fail if the shared library cannot be loaded To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua diff -u src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.6 src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.7 --- src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua:1.6 Mon Apr 30 22:17:46 2018 +++ src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua Sat Aug 27 08:57:23 2022 @@ -50,7 +50,7 @@ if f then extension = ".dylib" io.close(f) end -glupkg = package.loadlib("libluanetpgp" .. extension, "luaopen_netpgp") +glupkg = assert(package.loadlib("libluanetpgp" .. extension, "luaopen_netpgp")) netpgp = glupkg() -- initialise @@ -79,7 +79,6 @@ end -- initialise everything netpgp.init(pgp) -local i for i = 1, #args do if options.encrypt then -- encrypt a file
CVS commit: src/crypto/external/bsd/netpgp/dist/bindings/lua
Module Name:src Committed By: rillig Date: Sat Aug 27 08:57:23 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/bindings/lua: netpgp.lua Log Message: netpgp: fail if the shared library cannot be loaded To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/netpgp/dist/bindings/lua/netpgp.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: rillig Date: Sat Aug 27 08:35:01 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c Log Message: netpgp: fix use after free when writing keyring Same pattern as in the previous commit. To generate a diff of this commit: cvs rdiff -u -r1.104 -r1.105 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.104 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.105 --- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.104 Sat Aug 27 08:30:06 2022 +++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Sat Aug 27 08:35:01 2022 @@ -34,7 +34,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: netpgp.c,v 1.104 2022/08/27 08:30:06 rillig Exp $"); +__RCSID("$NetBSD: netpgp.c,v 1.105 2022/08/27 08:35:01 rillig Exp $"); #endif #include @@ -317,8 +317,8 @@ writekeyring(netpgp_t *netpgp, const cha filename = keyringfile(netpgp, name); if (!pgp_keyring_filewrite(keyring, noarmor, filename, passphrase)) { - free(filename); (void) fprintf(stderr, "Can't write %s %s\n", name, filename); + free(filename); return 0; } netpgp_setvar(netpgp, name, filename);
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: rillig Date: Sat Aug 27 08:35:01 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c Log Message: netpgp: fix use after free when writing keyring Same pattern as in the previous commit. To generate a diff of this commit: cvs rdiff -u -r1.104 -r1.105 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: rillig Date: Sat Aug 27 08:30:06 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c Log Message: netpgp: fix use after free when reading pubkey To reproduce: srcdir=... objdir=... cd "$srcdir"/crypto/external/bsd/netpgp/dist/bindings/lua cp "$objdir"/crypto/external/bsd/netpgp/bindings/lua/netpgp.so \ ./libluanetpgp.so LD_LIBRARY_PATH="." MALLOC_CONF=junk:true lua netpgp.lua > $HOME/.gnupg/pubring.gpg: No such file or directory > Can't read pubring To generate a diff of this commit: cvs rdiff -u -r1.103 -r1.104 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.103 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.104 --- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.103 Sat Mar 21 01:07:21 2020 +++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Sat Aug 27 08:30:06 2022 @@ -34,7 +34,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: netpgp.c,v 1.103 2020/03/21 01:07:21 jhigh Exp $"); +__RCSID("$NetBSD: netpgp.c,v 1.104 2022/08/27 08:30:06 rillig Exp $"); #endif #include @@ -297,9 +297,9 @@ readkeyring(netpgp_t *netpgp, const char filename = keyringfile(netpgp, name); if (!pgp_keyring_fileread(keyring, noarmor, filename)) { + (void) fprintf(stderr, "Can't read %s %s\n", name, filename); free(filename); free(keyring); - (void) fprintf(stderr, "Can't read %s %s\n", name, filename); return NULL; } netpgp_setvar(netpgp, name, filename);
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: rillig Date: Sat Aug 27 08:30:06 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c Log Message: netpgp: fix use after free when reading pubkey To reproduce: srcdir=... objdir=... cd "$srcdir"/crypto/external/bsd/netpgp/dist/bindings/lua cp "$objdir"/crypto/external/bsd/netpgp/bindings/lua/netpgp.so \ ./libluanetpgp.so LD_LIBRARY_PATH="." MALLOC_CONF=junk:true lua netpgp.lua > $HOME/.gnupg/pubring.gpg: No such file or directory > Can't read pubring To generate a diff of this commit: cvs rdiff -u -r1.103 -r1.104 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: jhigh Date: Fri Aug 26 19:18:38 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.h misc.c netpgpsdk.h openssl_crypto.c packet-parse.c packet-print.c packet-show.c packet.h signature.c version.h Log Message: adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, p384/sha384, and p521/sha512 To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 \ src/crypto/external/bsd/netpgp/dist/src/lib/create.c \ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c cvs rdiff -u -r1.30 -r1.31 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h cvs rdiff -u -r1.43 -r1.44 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c cvs rdiff -u -r1.12 -r1.13 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h cvs rdiff -u -r1.34 -r1.35 \ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c cvs rdiff -u -r1.53 -r1.54 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c cvs rdiff -u -r1.22 -r1.23 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c cvs rdiff -u -r1.32 -r1.33 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h cvs rdiff -u -r1.47 -r1.48 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.38 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.39 --- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.38 Mon Nov 15 08:03:39 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c Fri Aug 26 19:18:38 2022 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: create.c,v 1.38 2010/11/15 08:03:39 agc Exp $"); +__RCSID("$NetBSD: create.c,v 1.39 2022/08/26 19:18:38 jhigh Exp $"); #endif #include @@ -250,6 +250,11 @@ write_pubkey_body(const pgp_pubkey_t *ke pgp_write_mpi(output, key->key.dsa.g) && pgp_write_mpi(output, key->key.dsa.y); + case PGP_PKA_ECDSA: + return pgp_write(output, >key.ecdsa.len, 1) && + pgp_write(output, key->key.ecdsa.oid, key->key.ecdsa.len) && + pgp_write_mpi(output, key->key.ecdsa.p); + case PGP_PKA_RSA: case PGP_PKA_RSA_ENCRYPT_ONLY: case PGP_PKA_RSA_SIGN_ONLY: Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.38 src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.39 --- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.38 Mon Feb 5 23:56:01 2018 +++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c Fri Aug 26 19:18:38 2022 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: signature.c,v 1.38 2018/02/05 23:56:01 christos Exp $"); +__RCSID("$NetBSD: signature.c,v 1.39 2022/08/26 19:18:38 jhigh Exp $"); #endif #include @@ -265,6 +265,56 @@ dsa_sign(pgp_hash_t *hash, return 1; } +static int +ecdsa_sign(pgp_hash_t *hash, + const pgp_ecdsa_pubkey_t *ecdsa, + const pgp_ecdsa_seckey_t *secdsa, + pgp_output_t *output) +{ + unsignedhashsize; + unsignedt; + uint8_t hashbuf[NETPGP_BUFSIZ]; + ECDSA_SIG*ecdsasig; + const BIGNUM *r, *s; + + hashsize = ecdsa_hashsize(ecdsa); + + if (hashsize == -1) { + return 0; + } + + t = hash->finish(hash, [0]); + + if (t != hashsize) { + (void) fprintf(stderr, "ecdsa_sign: hashfinish %d not %d\n", t, hashsize); + return 0; + } + + pgp_write(output, [0], 2); + + /* write signature to buf */ + ecdsasig = pgp_ecdsa_sign(hashbuf, hashsize, secdsa, ecdsa); + + if (ecdsasig == NULL) { + (void) fprintf(stderr, "ecdsa_sign: invalid ecdsa sig\n"); + return 0; + } + + /* convert and write the sig out to memory */ +#if OPENSSL_VERSION_NUMBER >= 0x1010 + ECDSA_SIG_get0(ecdsasig, , ); +#else + r = ecdsasig->r; + s = ecdsasig->s; +#endif + pgp_write_mpi(output, r); + pgp_write_mpi(output, s); + + ECDSA_SIG_free(ecdsasig); + + return 1; +} + static unsigned rsa_verify(pgp_hash_alg_t type, const uint8_t *hash, @@ -430,6 +480,12 @@ pgp_check_sig(const uint8_t *hash, unsig >key.dsa); break; + case PGP_PKA_ECDSA: + ret = pgp_ecdsa_verify(hash, length, +>info.sig.ecdsa, +>key.ecdsa); + break; + case PGP_PKA_RSA: ret = rsa_verify(sig->info.hash_alg, hash, length, >info.sig.rsa, @@ -764,6 +820,14 @@ pgp_write_sig(pgp_output_t *output, } break; + case PGP_PKA_ECDSA: + if (seckey->key.ecdsa.x == NULL) { + (void) fprintf(stderr, "pgp_write_sig: null ecdsa.x\n"); + return 0; + } + + break; + default: (void)
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: jhigh Date: Fri Aug 26 19:18:38 UTC 2022 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.h misc.c netpgpsdk.h openssl_crypto.c packet-parse.c packet-print.c packet-show.c packet.h signature.c version.h Log Message: adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, p384/sha384, and p521/sha512 To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 \ src/crypto/external/bsd/netpgp/dist/src/lib/create.c \ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c cvs rdiff -u -r1.30 -r1.31 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h cvs rdiff -u -r1.43 -r1.44 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c cvs rdiff -u -r1.12 -r1.13 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h cvs rdiff -u -r1.34 -r1.35 \ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c cvs rdiff -u -r1.53 -r1.54 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c cvs rdiff -u -r1.22 -r1.23 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c cvs rdiff -u -r1.32 -r1.33 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h cvs rdiff -u -r1.47 -r1.48 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/netpgpverify
Module Name:src Committed By: christos Date: Tue Oct 8 18:47:11 UTC 2019 Modified Files: src/crypto/external/bsd/netpgp/dist/src/netpgpverify: libverify.c Log Message: grow the buffer a little. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/netpgpverify
Module Name:src Committed By: christos Date: Tue Oct 8 18:47:11 UTC 2019 Modified Files: src/crypto/external/bsd/netpgp/dist/src/netpgpverify: libverify.c Log Message: grow the buffer a little. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c diff -u src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c:1.13 src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c:1.14 --- src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c:1.13 Mon Apr 17 15:50:28 2017 +++ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c Tue Oct 8 14:47:10 2019 @@ -2622,7 +2622,7 @@ read_ssh_file(pgpv_t *pgp, pgpv_primaryk int64_t off; va_list args; char hostname[256]; - char owner[256]; + char owner[2 * 256]; char *space; char *buf; char *bin;
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src
In article <20180403220010.ga5...@britannica.bec.de>, Joerg Sonnenbergerwrote: >On Tue, Apr 03, 2018 at 09:57:15PM +, Sevan Janiyan wrote: >> Module Name: src >> Committed By:sevan >> Date:Tue Apr 3 21:57:15 UTC 2018 >> >> Modified Files: >> src/crypto/external/bsd/netpgp/dist/src/lib: libnetpgp.3 >> src/crypto/external/bsd/netpgp/dist/src/libbn: libnetpgpbn.3 >> src/crypto/external/bsd/netpgp/dist/src/libmj: libmj.3 >> src/crypto/external/bsd/netpgp/dist/src/netpgpverify: netpgpverify.1 >> >> Log Message: >> Some further changes from PR bin/48395. > >This is not a very useful commit message... I was typing the same thing :-) christos
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src
On Tue, Apr 03, 2018 at 09:57:15PM +, Sevan Janiyan wrote: > Module Name: src > Committed By: sevan > Date: Tue Apr 3 21:57:15 UTC 2018 > > Modified Files: > src/crypto/external/bsd/netpgp/dist/src/lib: libnetpgp.3 > src/crypto/external/bsd/netpgp/dist/src/libbn: libnetpgpbn.3 > src/crypto/external/bsd/netpgp/dist/src/libmj: libmj.3 > src/crypto/external/bsd/netpgp/dist/src/netpgpverify: netpgpverify.1 > > Log Message: > Some further changes from PR bin/48395. This is not a very useful commit message... Joerg
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
In article <20180401232528.1e523f...@cvs.netbsd.org>, Sevan Janiyanwrote: >-=-=-=-=-=- > >Module Name: src >Committed By: sevan >Date: Sun Apr 1 23:25:28 UTC 2018 > >Modified Files: > src/crypto/external/bsd/netpgp/dist/src/lib: libnetpgp.3 > >Log Message: >netpgp_t is a structure Yes, it is a struct tag, but also a type as the _t indicates. So the man page was correct before (and it is correct now, but this was not the intention of the typedef). It should be backed out... christos
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src
Thanks, but I'd really like it if netpgp would work the same on all pkgsrc platforms: The linux man page for getpass(3) (https://linux.die.net/man/3/getpass) says: The function *getpass*() returns a pointer to a static buffer containing (the first *PASS_MAX* bytes of) the password without the trailing newline, terminated by a null byte ('\0'). This buffer may be overwritten by a following call. On error, the terminal state is restored, *errno* is set appropriately, and NULL is returned. On 19 February 2017 at 17:38, Pierre Proncherywrote: > Module Name:src > Committed By: khorben > Date: Mon Feb 20 01:38:28 UTC 2017 > > Modified Files: > src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c > src/crypto/external/bsd/netpgp/dist/src/librsa: rsastubs.c > > Log Message: > Remove a useless loop around getpass() > > According to getpass(3), this library function cannot return NULL. > Verified with a source code inspection. > > > To generate a diff of this commit: > cvs rdiff -u -r1.98 -r1.99 \ > src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c > cvs rdiff -u -r1.2 -r1.3 \ > src/crypto/external/bsd/netpgp/dist/src/librsa/rsastubs.c > > Please note that diffs are not public domain; they are subject to the > copyright notices on the relevant files. > >
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On 7/21/11 4:49 AM, Martin Husemann wrote: On Thu, Jul 21, 2011 at 07:11:56AM +0100, Iain Hibbert wrote: I thought that I agreed with Jukka, it seemed to be a complaint with no specific content except that you were uncomfortable (unfamilar?) with atf. I'm mostly with Iain here, though I have a vague idea and think I partly understand the uncomfortableness on David's side. However, from my very practical experience (from all relevant sides: running tests, writing/extending them, and most importantly: fixing the troubles they show) it is not the framework that causes most problems in solving bugs, my top problem was: non working gdb (at least for threaded apps) How so? gdb with test programs should have been fixed a while ago. Or are we talking about something different?
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On 7/21/11 2:11 AM, Iain Hibbert wrote: PS the predictable consequence that you cannot fold in external test programs did not come true, see tests/lib/libevent/t_event.sh for example, though I note that the number of libevent tests are misrepresented in the atf-total since the test program prints OK rather than allowing the test harness to do each one separately And this particular concern is what has kept me busy for the last two weeks. Still not there yet, but it should soon be possible to mux atf and non-atf test programs in the same suite.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On 7/21/11 10:33 AM, Julio Merino wrote: On 7/21/11 4:49 AM, Martin Husemann wrote: However, from my very practical experience (from all relevant sides: running tests, writing/extending them, and most importantly: fixing the troubles they show) it is not the framework that causes most problems in solving bugs, my top problem was: non working gdb (at least for threaded apps) How so? gdb with test programs should have been fixed a while ago. Or are we talking about something different? I believe this is a general gdb complaint, not specific to atf. I've run into this issue as well - there are some workarounds (threaded debugging works somewhat on core dumps), but it's a giant pain given than one of the key components of many tests (rump) is threaded... +j
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Thu, Jul 21, 2011 at 10:45:55AM -0700, Jeff Rizzo wrote: I believe this is a general gdb complaint, not specific to atf. I've run into this issue as well - there are some workarounds (threaded debugging works somewhat on core dumps), but it's a giant pain given than one of the key components of many tests (rump) is threaded... Yes, exactly - we *realy* need a fixed gdb. Martin
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Jul,Thursday 21 2011, at 8:15 PM, Martin Husemann wrote: On Thu, Jul 21, 2011 at 10:45:55AM -0700, Jeff Rizzo wrote: I believe this is a general gdb complaint, not specific to atf. I've run into this issue as well - there are some workarounds (threaded debugging works somewhat on core dumps), but it's a giant pain given than one of the key components of many tests (rump) is threaded... Yes, exactly - we *realy* need a fixed gdb. I think that it's a great candidate for next funded development project. Regards Adam.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Wed, Jun 29, 2011 at 03:05:09PM +0100, Julio Merino wrote: Perhaps if atf were less intrusive...? What do you mean? I think it needs to be quite intrusive (sandboxing, etc.). Unquestionably the old /regress-style is not the way to go. Even if you dislike some parts of the API, already the consistency is a big win. Yep, I had the same question here. I don't know what the original comment meant. In just about every other test suite I've used (which includes some very large ones with turing complete/scripted test harness programs and other fancy stuff) there are test programs and test driver scripts, but all the pieces have clearly defined and clearly separated roles, and moreover are self-contained so they can be worked with easily. ATF, however, insists on sticking its fingers and APIs in everywhere (intrusive) with the net result that everything becomes vastly more complicated and working with individual tests directly becomes awkward and difficult. One of the predictable consequences is not being able to fold in preexisting test programs. But apparently I'm not entitled to an opinion since I haven't been working on the test suite. (I was at one point some time back, actually, but got fed up with all the unnecessary hoops to jump through and with how straightforward usability problems like PR 38746 got ignored.) -- David A. Holland dholl...@netbsd.org
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Wed, Jul 20, 2011 at 08:03:59AM +, David Holland wrote: In just about every other test suite I've used (which includes some very large ones with turing complete/scripted test harness programs and other fancy stuff) there are test programs and test driver scripts, but all the pieces have clearly defined and clearly separated roles, and moreover are self-contained so they can be worked with easily. ATF, however, insists on sticking its fingers and APIs in everywhere (intrusive) with the net result that everything becomes vastly more complicated and working with individual tests directly becomes awkward and difficult. One of the predictable consequences is not being able to fold in preexisting test programs. A lot of empty talk here. What is exactly your problem? Not being able to fold existing tests? That sounds like a bug. Indeed one ought to be able to #/bin/sh atf-run /usr/tests/lib/libc/gen/t_vis atf-run /usr/tests/include/sys/t_types But apparently I'm not entitled to an opinion since I haven't been working on the test suite. (I was at one point some time back, actually, but got fed up with all the unnecessary hoops to jump through and with how straightforward usability problems like PR 38746 got ignored.) Feel free to roll your own and write the +2500 test cases, or get on with it and be constructive. - Jukka.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On 6/28/11 7:25 AM, Jukka Ruohonen wrote: On Tue, Jun 28, 2011 at 08:12:26AM +0200, Alistair Crooks wrote: 3. they are candidates for modifying to work under atf, I have yet to get the time to do that 4. luke kindly made some gnu autotests for them a while ago [...] and if someone was to offer to convert these tests to atf style, that would be great, thanks. Ok. But I think this entails a wider discussion about how the tests shipped with third-party software could be integrated to atf(7). In case of netpgp(1) this is easy; a relatively small code base for which both in-house tests and /src/tests can be easily distributed. But then there are entirely different beasts like gcc(1). One of the ideas floating around in my head is to make atf-run (well, kyua) support foreign tests. The most basic form of this would be programs that just return 0 on success or 1 on failure, but maybe it'd be extended to also support autotest programs, etc. Sure, their functionality would be limited within the framework (as compared to native atf tests, but this would allow us to mux all the tests in one single run without much effort. -- Julio Merino / @jmmv
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Tue, Jun 28, 2011 at 06:50:50AM +, David Holland wrote: Perhaps if atf were less intrusive...? What do you mean? I think it needs to be quite intrusive (sandboxing, etc.). Unquestionably the old /regress-style is not the way to go. Even if you dislike some parts of the API, already the consistency is a big win. On Wed, Jun 29, 2011 at 10:50:22AM +0100, Julio Merino wrote: One of the ideas floating around in my head is to make atf-run (well, kyua) support foreign tests. The most basic form of this would be programs that just return 0 on success or 1 on failure, but maybe it'd be extended to also support autotest programs, etc. Wasn't there already a test or two doing something like this? Fine by me, as long as we do not regress to the old /regress-style in which it is usually hard to even know what is being tested. Sure, their functionality would be limited within the framework (as compared to native atf tests, but this would allow us to mux all the tests in one single run without much effort. But in reality, the gcc(1) test suite is probably the only one that would really be worth considering. NetBSD does not ship that much third-party software, and the availability of tests is generally quite limited among this group. - Jukka.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On 6/29/11 2:59 PM, Jukka Ruohonen wrote: On Tue, Jun 28, 2011 at 06:50:50AM +, David Holland wrote: Perhaps if atf were less intrusive...? What do you mean? I think it needs to be quite intrusive (sandboxing, etc.). Unquestionably the old /regress-style is not the way to go. Even if you dislike some parts of the API, already the consistency is a big win. Yep, I had the same question here. I don't know what the original comment meant. On Wed, Jun 29, 2011 at 10:50:22AM +0100, Julio Merino wrote: One of the ideas floating around in my head is to make atf-run (well, kyua) support foreign tests. The most basic form of this would be programs that just return 0 on success or 1 on failure, but maybe it'd be extended to also support autotest programs, etc. Wasn't there already a test or two doing something like this? Fine by me, as long as we do not regress to the old /regress-style in which it is usually hard to even know what is being tested. Some atf-ified tests do look like this, yes, and it's ugly. But if we could do this, we could lower the barrier of entry (specially for third-party projects): you could plug in a simple test program that you already have and get it to work inside atf, later refining it. Also, using foreign test programs does not preclude the sandboxing. The sandboxing is something that must be in place all the time IMHO regardless of how the tests are written. Sure, their functionality would be limited within the framework (as compared to native atf tests, but this would allow us to mux all the tests in one single run without much effort. But in reality, the gcc(1) test suite is probably the only one that would really be worth considering. NetBSD does not ship that much third-party software, and the availability of tests is generally quite limited among this group. Maybe true, but I'd personally like to see all the available tests running, even if they are not sophisticated enough. (Otherwise, why are we importing them at all?) -- Julio Merino / @jmmv
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Wed, 29 Jun 2011, Jukka Ruohonen wrote: On Wed, Jun 29, 2011 at 10:50:22AM +0100, Julio Merino wrote: One of the ideas floating around in my head is to make atf-run (well, kyua) support foreign tests. The most basic form of this would be programs that just return 0 on success or 1 on failure, but maybe it'd be extended to also support autotest programs, etc. Wasn't there already a test or two doing something like this? The libevent tests do work that way, using an atf-sh wrapper iain
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Tue, Jun 28, 2011 at 07:45:07AM +0300, Jukka Ruohonen wrote: On Tue, Jun 28, 2011 at 03:29:39AM +, Alistair G. Crooks wrote: Module Name:src Committed By: agc Date: Tue Jun 28 03:29:38 UTC 2011 Modified Files: src/crypto/external/bsd/netpgp/dist: tst Log Message: re-do the tests so that it's much easier to see at a glance which tests passed and which failed. I wonder why these aren't part of tests(7)? 1. afaict, they predate the atf tests, especially atf's latest incarnation 2. they are fairly user-dependent (i.e. i think you'd need my private key to make them all work) 3. they are candidates for modifying to work under atf, I have yet to get the time to do that 4. luke kindly made some gnu autotests for them a while ago 5. i made some tests for my codecs stuff a while ago; the time i spent doing that was wasted now i'm very supportive about the testing framework, catching regressions, and the great things that atf has done for netbsd. and if someone was to offer to convert these tests to atf style, that would be great, thanks. best, alistair
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Tue, Jun 28, 2011 at 08:12:26AM +0200, Alistair Crooks wrote: 3. they are candidates for modifying to work under atf, I have yet to get the time to do that 4. luke kindly made some gnu autotests for them a while ago [...] and if someone was to offer to convert these tests to atf style, that would be great, thanks. Ok. But I think this entails a wider discussion about how the tests shipped with third-party software could be integrated to atf(7). In case of netpgp(1) this is easy; a relatively small code base for which both in-house tests and /src/tests can be easily distributed. But then there are entirely different beasts like gcc(1). - Jukka.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Tue, Jun 28, 2011 at 09:25:32AM +0300, Jukka Ruohonen wrote: But I think this entails a wider discussion about how the tests shipped with third-party software could be integrated to atf(7). In case of netpgp(1) this is easy; a relatively small code base for which both in-house tests and /src/tests can be easily distributed. But then there are entirely different beasts like gcc(1). Perhaps if atf were less intrusive...? anyway, this discussion should probably be on tech-userlevel (or tech-toolchain?) not on source-changes-d... -- David A. Holland dholl...@netbsd.org
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
In article 20100815163624.8645d17...@cvs.netbsd.org, Alistair G. Crooks source-changes-d@NetBSD.org wrote: -=-=-=-=-=- Module Name: src Committed By: agc Date: Sun Aug 15 16:36:24 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: misc.c packet-parse.c packet-show.c reader.c signature.c validate.c writer.c Log Message: get rid of more 64-bit lint some of this can be fixed in a better way, for example making cc ssize_t, len size_t etc. and avoiding casts. christos
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
On Sun, Aug 15, 2010 at 05:16:47PM +, Christos Zoulas wrote: In article 20100815163624.8645d17...@cvs.netbsd.org, Alistair G. Crooks source-changes-d@NetBSD.org wrote: -=-=-=-=-=- Module Name: src Committed By:agc Date:Sun Aug 15 16:36:24 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: misc.c packet-parse.c packet-show.c reader.c signature.c validate.c writer.c Log Message: get rid of more 64-bit lint some of this can be fixed in a better way, for example making cc ssize_t, len size_t etc. and avoiding casts. Yes, it can, but I'm concerned about the portability of doing things that way. Probably just me being overly conservative, but whatever. I'm not particularly happy with the way this code looks now, but I have it in a state that I can work with :-) I'll re-address this when I get a chance, I wanted to get this in and cleaned up now. Best, Al
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: keyring.h packet-print.c Added Files: src/crypto/external/bsd/netpgp/dist/src/lib: mj.c mj.h Log Message: add a minimalist JSON implementation, and add a new function to access the data, and serialise it using JSON. Alas, this fails to build on pretty much all 64-bit arches: /src/nbsrc/crypto/external/bsd/netpgp/lib/../dist/src/lib/mj.c: In function 'mj_parse': /src/nbsrc/crypto/external/bsd/netpgp/lib/../dist/src/lib/mj.c:278: warning: cast from pointer to integer of different size
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
On Mon, Jul 26, 2010 at 03:56:07AM -0700, Tom Spindler wrote: Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: keyring.h packet-print.c Added Files: src/crypto/external/bsd/netpgp/dist/src/lib: mj.c mj.h Log Message: add a minimalist JSON implementation, and add a new function to access the data, and serialise it using JSON. Alas, this fails to build on pretty much all 64-bit arches: /src/nbsrc/crypto/external/bsd/netpgp/lib/../dist/src/lib/mj.c: In function 'mj_parse': /src/nbsrc/crypto/external/bsd/netpgp/lib/../dist/src/lib/mj.c:278: warning: cast from pointer to integer of different size Fixed now, sorry about that. Thanks, Alistair
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
On Sat, 26 Jun 2010, David Holland wrote: I suppose the best available comprehensive solution is to use PRIu*** garble in the code and then if necessary have autoconf figure out what the garble should expand to based on SIZE_MAX. Yes. --apb (Alan Barrett)
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
On Sun, Jun 27, 2010 at 08:10:41PM +0200, Joerg Sonnenberger wrote: Compromising the autoconfiguration not work properly in the name of cross-compilation, though, is misguided. Can't you have it run the test if it's not a cross-compiler and only if it is fall back to the platform test? Or is this one of the things where autoconf falls apart because it's not written in a programming language? You can by using AC_RUN_IFELSE directly. The fourth argument is the cross-compiling test. That seems like a better approach then, especially in this context. I suppose the best available comprehensive solution is to use PRIu*** garble in the code and then if necessary have autoconf figure out what the garble should expand to based on SIZE_MAX. The trivial example was FreeBSD 4.x, but I would expect platforms with %zu to fall into this category too. ...huh? What you wrote doesn't relate to what you quoted, and also isn't an answer to what I asked, which was: : Are there non-theoretical platforms that are missing both SIZE_MAX and : SIZE_T_MAX defines where it isn't either 0x or : 0x? which certainly does not include FreeBSD 4.x unless they grew a PDP-10 port or something while we weren't looking. You can easily distinguish the 32-bit vs. 64-bit case by trying to compile something like typedef char foo[((size_t)0xUL)+1]; If size_t is 32 bits it'll fail trying to declare a zero-length array type. It might conceivably also fail for other reasons but again I don't think there are non-theoretical platforms where this is an issue, except for 16-bit DOS which we explicitly do not care about. (not counting where it might technically be 0x7fff because someone was unclear on it being unsigned -- that doesn't affect printf) SSIZE_MAX is surprisingly a lot better supported... Since ssize_t is required to be the same size as size_t, why not leverage that? I still don't understand why autoconf is passing C pre-processor directives down. #if sizeof(size_t) == sizeof(int) ... #elif sizeof(size_t) == sizeof(long) ... #endif directly in the code is much more readable. It would be nice if that worked... it did in Borland's compiler back in the day. I suppose someone on the standards committee thought it was OK to have to teach the preprocessor the entire expression syntax but not the type name syntax... The problem is that you can't really evuluate the above with interpreting all of the C code before. size_t is not a keyword type in the sense that it is hard-coded into the compiler. Doing so would violate the layering design of the preprocessor. As it's a standard type, however, it could be made known to the preprocessor via some other mechanism. (And you'll find that it is actually hard-coded into the compiler in gcc anyway; if your libc headers don't agree with gcc on what it should be you'll get assorted static on stderr.) That won't work in general, but I suspect most or all of the cases where #if sizeof would actually be useful involve standard types. -- David A. Holland dholl...@netbsd.org
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
On Sat, Jun 26, 2010 at 06:25:23AM +0200, Joerg Sonnenberger wrote: It would be better to make this a check which is size_t dependent, rather than platform-dependent. The idea is to black list platforms that don't do %zu and there is no way to do that without breaking cross-compilation. It is still preferable to use that if it is available, e.g. to help format string checks. Compromising the autoconfiguration not work properly in the name of cross-compilation, though, is misguided. Can't you have it run the test if it's not a cross-compiler and only if it is fall back to the platform test? Or is this one of the things where autoconf falls apart because it's not written in a programming language? I suppose the best available comprehensive solution is to use PRIu*** garble in the code and then if necessary have autoconf figure out what the garble should expand to based on SIZE_MAX. Are there non-theoretical platforms that are missing both SIZE_MAX and SIZE_T_MAX defines where it isn't either 0x or 0x? (not counting where it might technically be 0x7fff because someone was unclear on it being unsigned -- that doesn't affect printf) I still don't understand why autoconf is passing C pre-processor directives down. #if sizeof(size_t) == sizeof(int) ... #elif sizeof(size_t) == sizeof(long) ... #endif directly in the code is much more readable. It would be nice if that worked... it did in Borland's compiler back in the day. I suppose someone on the standards committee thought it was OK to have to teach the preprocessor the entire expression syntax but not the type name syntax... -- David A. Holland dholl...@netbsd.org
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
In article 20100625183016.ac0be17...@cvs.netbsd.org, Alistair G. Crooks source-changes-d@NetBSD.org wrote: -=-=-=-=-=- Module Name: src Committed By: agc Date: Fri Jun 25 18:30:16 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: misc.c Log Message: Fix build problems on LP64 platforms - thanks to Paul Goyette for the nudge. That should be %zu really; it is more readable. christos
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
On Fri, Jun 25, 2010 at 08:40:26PM +, Christos Zoulas wrote: In article 20100625183016.ac0be17...@cvs.netbsd.org, Alistair G. Crooks source-changes-d@NetBSD.org wrote: -=-=-=-=-=- Module Name: src Committed By:agc Date:Fri Jun 25 18:30:16 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: misc.c Log Message: Fix build problems on LP64 platforms - thanks to Paul Goyette for the nudge. That should be %zu really; it is more readable. %zu is more readble, but it's C99, and even some C99 implementations don't define it (I have in my mind Microsoft from the time that I brought up the iSCSI target on Windows, but I may be wrong there) The following quote is apt: C99 adds a 'z' modifier specifically for size_t: printf(Total buffer size: %zu bytes\n, buffer_size); but many printf implementations don't support it. (Even if your compiler supports C99 and defines __STDC_VERSION__ appropriately, that's not, practically speaking, a guarantee that the library also conforms to C99.) Even in C99, the %lu method will work unless size_t is bigger than unsigned long *and* the value being printed exceeds ULONG_MAX, which is unlikely to happen in practice. -- Keith Thompson (The_Other_Keith) ks...@mib.org http://www.ghoti.net/~kst San Diego Supercomputer Center * http://users.sdsc.edu/~kst referenced in: http://bytes.com/topic/c/answers/221867-portable-way-printf-size_t-instance Oh, and yes, this is not a we need to conform to c89 as LCD post - this is 2010 after all - it's an I want netpgp to be as portable as possible post. Regards, Alistair
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
On Fri, Jun 25, 2010 at 11:54:32PM +0200, Alistair Crooks wrote: Even in C99, the %lu method will work unless size_t is bigger than unsigned long *and* the value being printed exceeds ULONG_MAX, which is unlikely to happen in practice. Actually, it doesn't. This method breaks as soon as size_t != u_long and might only work in a few edge cases like the size_t being the last argument and the byte order is Little Endian. This is worse because IIRC Microsoft decided to use IL32LLP64 or something similarly fancy. A more portable approach with autoconf can be found in pkg_install, look for MISSING_SIZE_T_SUPPORT and the corresponding AC_CHECK_SIZEOF calls in configure.ac. Joerg
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
On Sat, Jun 26, 2010 at 01:32:05AM +0200, Joerg Sonnenberger wrote: On Fri, Jun 25, 2010 at 11:54:32PM +0200, Alistair Crooks wrote: Even in C99, the %lu method will work unless size_t is bigger than unsigned long *and* the value being printed exceeds ULONG_MAX, which is unlikely to happen in practice. Please get the attributions right - I was quoting that text. Actually, it doesn't. This method breaks as soon as size_t != u_long and might only work in a few edge cases like the size_t being the last argument and the byte order is Little Endian. This is worse because IIRC Microsoft decided to use IL32LLP64 or something similarly fancy. Can you give us a reference to this, please? A more portable approach with autoconf can be found in pkg_install, look for MISSING_SIZE_T_SUPPORT and the corresponding AC_CHECK_SIZEOF calls in configure.ac. Hmmm, I see this in configure.ac - AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(long) AC_CHECK_SIZEOF(long long) AC_CHECK_SIZEOF(size_t, [#include stdlib.h]) and case $host in *-*-hpux*) AC_DEFINE(MISSING_SIZE_T_SUPPORT) AH_TEMPLATE([MISSING_SIZE_T_SUPPORT], [ Define to 1 if the `z' modifider for printf is missing. ]) ;; esac and #ifndef MISSING_SIZE_T_SUPPORT # define PRIzu zu #elif SIZEOF_SIZE_T == SIZEOF_INT # define PRIzu u #elif SIZEOF_SIZE_T == SIZEOF_LONG # define PRIzu lu #elif SIZEOF_SIZE_T == SIZEOF_LONG_LONG # define PRIzu llu #else # errror Unknown size_t size #endif Not quite what I'd been expecting, though, from the glowing description above. Am I missing a revision of that file or something? It took me ages to find it, since I was looking under src/external first of all - and cvs status does say it's up to date. Thanks, Alistair
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
In message: 20100626032531.ga14...@britannica.bec.de Joerg Sonnenberger jo...@britannica.bec.de writes: : On Sat, Jun 26, 2010 at 05:11:39AM +0200, Alistair Crooks wrote: : On Sat, Jun 26, 2010 at 01:32:05AM +0200, Joerg Sonnenberger wrote: : On Fri, Jun 25, 2010 at 11:54:32PM +0200, Alistair Crooks wrote: :Even in C99, the %lu method will work unless size_t is bigger than :unsigned long *and* the value being printed exceeds ULONG_MAX, which :is unlikely to happen in practice. : : Please get the attributions right - I was quoting that text. : : Actually, it doesn't. This method breaks as soon as size_t != u_long and : might only work in a few edge cases like the size_t being the last : argument and the byte order is Little Endian. This is worse because IIRC : Microsoft decided to use IL32LLP64 or something similarly fancy. : : Can you give us a reference to this, please? : : E.g. : http://stackoverflow.com/questions/384502/what-is-the-bit-size-of-long-on-64-bit-windows : and the MSDN reference inside. : : A more portable approach with autoconf can be found in pkg_install, look : for MISSING_SIZE_T_SUPPORT and the corresponding AC_CHECK_SIZEOF calls : in configure.ac. : : Hmmm, I see this in configure.ac - : : AC_CHECK_SIZEOF(int) : AC_CHECK_SIZEOF(long) : AC_CHECK_SIZEOF(long long) : AC_CHECK_SIZEOF(size_t, [#include stdlib.h]) : : ...compute the sizes to not depend on SIZE_MAX (which would simplify the : logic a lot). : : and : : case $host in : *-*-hpux*) : AC_DEFINE(MISSING_SIZE_T_SUPPORT) : AH_TEMPLATE([MISSING_SIZE_T_SUPPORT], [ : Define to 1 if the `z' modifider for printf is missing. : ]) : ;; : esac : : The only platform for pkgsrc purposes ATM which lacks the %z support. : : and : : #ifndef MISSING_SIZE_T_SUPPORT : # define PRIzu zu : #elif SIZEOF_SIZE_T == SIZEOF_INT : # define PRIzu u : #elif SIZEOF_SIZE_T == SIZEOF_LONG : # define PRIzu lu : #elif SIZEOF_SIZE_T == SIZEOF_LONG_LONG : # define PRIzu llu : #else : # errror Unknown size_t size : #endif : : Not quite what I'd been expecting, though, from the glowing description : above. : : It would be simpler if SIZE_MAX support can be assumed. In that case it : would boil down to : #if SIZE_MAX == INT_MAX : #define PRIzu u : #elif SIZE_MAX == LONG_MAX : #define PRIzu lu : #else SIZE_MAX == LLONG_MAX : #define PRIzu llu : #endif You could easily enough have something like the following in autoconf to generate that: #include stdlib.h #include stdio.h int main(int argc, char **argv) { size_t foo = ~0; printf(#ifndef SIZE_MAX\n#define SIZE_MAX %llu\n#endif\n, (unsigned long long)foo); return (0); } Warner
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: agc Date: Mon Mar 8 08:56:03 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c Log Message: ensure that we have an element in the array before we try to store a value in it. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist
Module Name:src Committed By: agc Date: Mon Mar 8 07:37:24 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c packet-parse.c packet-print.c version.h src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile verify.c Log Message: Changes to 1.99.22/20100307 + add key expiry information to public key information display To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/netpgp/dist/TODO cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/netpgp/dist/configure cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/netpgp/dist/configure.ac cvs rdiff -u -r1.29 -r1.30 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c cvs rdiff -u -r1.30 -r1.31 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c cvs rdiff -u -r1.27 -r1.28 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c cvs rdiff -u -r1.28 -r1.29 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/TODO diff -u src/crypto/external/bsd/netpgp/dist/TODO:1.33 src/crypto/external/bsd/netpgp/dist/TODO:1.34 --- src/crypto/external/bsd/netpgp/dist/TODO:1.33 Fri Mar 5 19:58:38 2010 +++ src/crypto/external/bsd/netpgp/dist/TODO Mon Mar 8 07:37:23 2010 @@ -1,5 +1,6 @@ To Do = +add revocation information to public key display agent agentctl trust subpackets @@ -91,3 +92,4 @@ hkpd hkpclient netbsd/pkgsrc pr 42922 +add expiry information to public key display Index: src/crypto/external/bsd/netpgp/dist/configure diff -u src/crypto/external/bsd/netpgp/dist/configure:1.25 src/crypto/external/bsd/netpgp/dist/configure:1.26 --- src/crypto/external/bsd/netpgp/dist/configure:1.25 Fri Mar 5 19:58:38 2010 +++ src/crypto/external/bsd/netpgp/dist/configure Mon Mar 8 07:37:24 2010 @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac Revision: 1.25 . +# From configure.ac Revision: 1.26 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.63 for netpgp 20100305. +# Generated by GNU Autoconf 2.63 for netpgp 20100307. # # Report bugs to Alistair Crooks a...@netbsd.org c0596823. # @@ -751,8 +751,8 @@ # Identity of this package. PACKAGE_NAME='netpgp' PACKAGE_TARNAME='netpgp' -PACKAGE_VERSION='20100305' -PACKAGE_STRING='netpgp 20100305' +PACKAGE_VERSION='20100307' +PACKAGE_STRING='netpgp 20100307' PACKAGE_BUGREPORT='Alistair Crooks a...@netbsd.org c0596823' ac_unique_file=src/netpgp/netpgp.c @@ -1483,7 +1483,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat _ACEOF -\`configure' configures netpgp 20100305 to adapt to many kinds of systems. +\`configure' configures netpgp 20100307 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1553,7 +1553,7 @@ if test -n $ac_init_help; then case $ac_init_help in - short | recursive ) echo Configuration of netpgp 20100305:;; + short | recursive ) echo Configuration of netpgp 20100307:;; esac cat \_ACEOF @@ -1660,7 +1660,7 @@ test -n $ac_init_help exit $ac_status if $ac_init_version; then cat \_ACEOF -netpgp configure 20100305 +netpgp configure 20100307 generated by GNU Autoconf 2.63 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1674,7 +1674,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by netpgp $as_me 20100305, which was +It was created by netpgp $as_me 20100307, which was generated by GNU Autoconf 2.63. Invocation command line was $ $0 $@ @@ -2561,7 +2561,7 @@ # Define the identity of the package. PACKAGE='netpgp' - VERSION='20100305' + VERSION='20100307' cat confdefs.h _ACEOF @@ -22306,7 +22306,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log= -This file was extended by netpgp $as_me 20100305, which was +This file was extended by netpgp $as_me 20100307, which was generated by GNU Autoconf 2.63. Invocation command line was CONFIG_FILES= $CONFIG_FILES @@ -22369,7 +22369,7 @@ _ACEOF cat $CONFIG_STATUS _ACEOF || ac_write_fail=1 ac_cs_version=\\ -netpgp config.status 20100305 +netpgp config.status 20100307 configured by $0, generated by GNU Autoconf 2.63, with options
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: agc Date: Fri Mar 5 16:30:05 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c netpgp.c Log Message: clean up some lint that crept in. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c cvs rdiff -u -r1.41 -r1.42 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist
Module Name:src Committed By: agc Date: Fri Mar 5 19:58:39 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac src/crypto/external/bsd/netpgp/dist/src/lib: fastctype.h types.h version.h src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile verify.c Log Message: Changes to 1.99.21/20100305 + clean up some lint + the obligatory ''build on mac os x fixes'' - inttypes.h header file To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/crypto/external/bsd/netpgp/dist/TODO cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/netpgp/dist/configure cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/netpgp/dist/configure.ac cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/netpgp/dist/src/lib/fastctype.h cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/netpgp/dist/src/lib/types.h cvs rdiff -u -r1.27 -r1.28 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/TODO diff -u src/crypto/external/bsd/netpgp/dist/TODO:1.32 src/crypto/external/bsd/netpgp/dist/TODO:1.33 --- src/crypto/external/bsd/netpgp/dist/TODO:1.32 Fri Mar 5 16:01:09 2010 +++ src/crypto/external/bsd/netpgp/dist/TODO Fri Mar 5 19:58:38 2010 @@ -3,10 +3,10 @@ agent agentctl trust subpackets +make netpgpkeys work - add, import, commit, update, sign, passphrase convert to and from ascii armored sigs gpgme compat lib --list-sigs - these come out in __ops_check_subkey_sig() -make netpgpkeys work - add, import, commit, update, sign, passphrase return userids from successful verify, and then print id out if required is get_passphrase_cb needed? error logging Index: src/crypto/external/bsd/netpgp/dist/configure diff -u src/crypto/external/bsd/netpgp/dist/configure:1.24 src/crypto/external/bsd/netpgp/dist/configure:1.25 --- src/crypto/external/bsd/netpgp/dist/configure:1.24 Fri Mar 5 16:01:09 2010 +++ src/crypto/external/bsd/netpgp/dist/configure Fri Mar 5 19:58:38 2010 @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac Revision: 1.24 . +# From configure.ac Revision: 1.25 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.63 for netpgp 20100304. +# Generated by GNU Autoconf 2.63 for netpgp 20100305. # # Report bugs to Alistair Crooks a...@netbsd.org c0596823. # @@ -751,8 +751,8 @@ # Identity of this package. PACKAGE_NAME='netpgp' PACKAGE_TARNAME='netpgp' -PACKAGE_VERSION='20100304' -PACKAGE_STRING='netpgp 20100304' +PACKAGE_VERSION='20100305' +PACKAGE_STRING='netpgp 20100305' PACKAGE_BUGREPORT='Alistair Crooks a...@netbsd.org c0596823' ac_unique_file=src/netpgp/netpgp.c @@ -1483,7 +1483,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat _ACEOF -\`configure' configures netpgp 20100304 to adapt to many kinds of systems. +\`configure' configures netpgp 20100305 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1553,7 +1553,7 @@ if test -n $ac_init_help; then case $ac_init_help in - short | recursive ) echo Configuration of netpgp 20100304:;; + short | recursive ) echo Configuration of netpgp 20100305:;; esac cat \_ACEOF @@ -1660,7 +1660,7 @@ test -n $ac_init_help exit $ac_status if $ac_init_version; then cat \_ACEOF -netpgp configure 20100304 +netpgp configure 20100305 generated by GNU Autoconf 2.63 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1674,7 +1674,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by netpgp $as_me 20100304, which was +It was created by netpgp $as_me 20100305, which was generated by GNU Autoconf 2.63. Invocation command line was $ $0 $@ @@ -2561,7 +2561,7 @@ # Define the identity of the package. PACKAGE='netpgp' - VERSION='20100304' + VERSION='20100305' cat confdefs.h _ACEOF @@ -22306,7 +22306,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log= -This file was extended by netpgp $as_me 20100304, which was +This file was extended by netpgp $as_me 20100305, which was generated by GNU Autoconf 2.63. Invocation command line was CONFIG_FILES= $CONFIG_FILES @@ -22369,7 +22369,7 @@ _ACEOF cat $CONFIG_STATUS _ACEOF || ac_write_fail=1 ac_cs_version=\\ -netpgp
CVS commit: src/crypto/external/bsd/netpgp/dist
Module Name:src Committed By: agc Date: Fri Mar 5 19:58:39 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac src/crypto/external/bsd/netpgp/dist/src/lib: fastctype.h types.h version.h src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile verify.c Log Message: Changes to 1.99.21/20100305 + clean up some lint + the obligatory ''build on mac os x fixes'' - inttypes.h header file To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/crypto/external/bsd/netpgp/dist/TODO cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/netpgp/dist/configure cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/netpgp/dist/configure.ac cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/netpgp/dist/src/lib/fastctype.h cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/netpgp/dist/src/lib/types.h cvs rdiff -u -r1.27 -r1.28 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd
Why do we want to have another ad-hoc HTTP implementation? Wouldn't a small *CGI script be good enough? Joerg On Mon, Mar 01, 2010 at 07:41:57AM +, Alistair G. Crooks wrote: Module Name: src Committed By: agc Date: Mon Mar 1 07:41:57 UTC 2010 Added Files: src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h main.c Log Message: add an embryonic httpd key server (hkpd) to netpgp. this is based on the discontinued draft for hkp servers, in lieu of any official rfc. the post method for adding keys to the server has not been implemented. not until i've gone through all of the implications, anyway. hkp servers serve up pgp public keys over http. the default port is 11371, but it can be any port, specifiable at run time. whilst this hkpd will return valid html to browsers, it is aimed at the ''machine readable'' side, using the ''options=mr'' option to the http get string. this hkpd server will get hooked into the build at a later date. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \ src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd
not really, i tried to shoehorn all of this into bozo, and it wasn't willing to do it, and its cgi subsystem doesn't lend itself to this kind of thing. i'm fairly intimate with most of bozo's internals, too. the server itself is not that large. if there's a common server-side library that can be used, great, show me it, and i'll convert the hkpd to use it. libfetch certainly isn't up to the task. regards, alistair On Mon, Mar 01, 2010 at 10:35:20PM +0100, Joerg Sonnenberger wrote: Why do we want to have another ad-hoc HTTP implementation? Wouldn't a small *CGI script be good enough? Joerg On Mon, Mar 01, 2010 at 07:41:57AM +, Alistair G. Crooks wrote: Module Name:src Committed By: agc Date: Mon Mar 1 07:41:57 UTC 2010 Added Files: src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h main.c Log Message: add an embryonic httpd key server (hkpd) to netpgp. this is based on the discontinued draft for hkp servers, in lieu of any official rfc. the post method for adding keys to the server has not been implemented. not until i've gone through all of the implications, anyway. hkp servers serve up pgp public keys over http. the default port is 11371, but it can be any port, specifiable at run time. whilst this hkpd will return valid html to browsers, it is aimed at the ''machine readable'' side, using the ''options=mr'' option to the http get string. this hkpd server will get hooked into the build at a later date. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \ src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd
Joerg Sonnenberger wrote: Why do we want to have another ad-hoc HTTP implementation? Wouldn't a small *CGI script be good enough? Argument for a separate implementation: it runs as a standalone daemon on a different port than the default for HTTP, as a decoupled service from your normal httpd. Argument against: a CGI script would allow you too hook it into your favourite httpd, which could do all sorts of advanced stuff to requests before they hit the CGI script, like aliasing, rewriting, filtering, caching, etc.. Personally, I'd prefer a CGI script; though I do not at present desire to run a HKP server. I am satisfied with the various SKS servers out there. Cheers, -- Thomas E. Spanjaard t...@netphreax.net t...@deepbone.net signature.asc Description: OpenPGP digital signature
CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd
Module Name:src Committed By: agc Date: Mon Mar 1 07:41:57 UTC 2010 Added Files: src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h main.c Log Message: add an embryonic httpd key server (hkpd) to netpgp. this is based on the discontinued draft for hkp servers, in lieu of any official rfc. the post method for adding keys to the server has not been implemented. not until i've gone through all of the implications, anyway. hkp servers serve up pgp public keys over http. the default port is 11371, but it can be any port, specifiable at run time. whilst this hkpd will return valid html to browsers, it is aimed at the ''machine readable'' side, using the ''options=mr'' option to the http get string. this hkpd server will get hooked into the build at a later date. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \ src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Added files: Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.1 --- /dev/null Mon Mar 1 07:41:57 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile Mon Mar 1 07:41:56 2010 @@ -0,0 +1,11 @@ +# $NetBSD: Makefile,v 1.1 2010/03/01 07:41:56 agc Exp $ + +PROG=hkpd +SRCS=hkpd.c main.c +CPPFLAGS+=-g # -DHAVE_CONFIG_H=1 +LDFLAGS+=-g +LDADD+= -lnetpgp +MKMAN=no +WARNS=0 # anything over 0 will fail at the link stage with IDEA errors + +.include bsd.prog.mk Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.1 --- /dev/null Mon Mar 1 07:41:57 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c Mon Mar 1 07:41:56 2010 @@ -0,0 +1,275 @@ +/*- + * Copyright (c) 2009,2010 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Alistair Crooks (a...@netbsd.org) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include sys/types.h +#include sys/param.h +#include sys/socket.h +#include sys/stat.h +#include sys/param.h + +#include netinet/in.h + +#include errno.h +#include netdb.h +#include netpgp.h +#include regex.h +#include stdio.h +#include stdlib.h +#include string.h +#include unistd.h + +#include hkpd.h + +/* make the string have %xx - %c */ +static size_t +frompercent(char *in, size_t insize, char *out, size_t outsize) +{ + size_t outcc; + char *next; + char *pc; + + outcc = 0; + for (pc = in ; (next = strchr(pc, '%')) != NULL ; pc = next + 3) { + (void) memcpy(out[outcc], pc, (size_t)(next - pc)); + outcc += (size_t)(next - pc); + out[outcc++] = (char)strtol(next + 1, NULL, 16); + } + (void) memcpy(out[outcc], pc, insize - (int)(pc - in)); + outcc += insize - (int)(pc - in); + out[outcc] = 0x0; + return outcc; +} + +#define HKP_HTTP_LEVEL HTTP/1.0 +#define HKP_NAME hkpd +#define HKP_MIME_GET application/pgp-keys +#define HKP_MIME_INDEX text/plain +#define HKP_MACHREAD info:1:1\r\n + +#define HKP_SUCCESS 200 +#define HKP_NOT_FOUND 404 + +/* make into html */ +static int +htmlify(char *buf, size_t size, const int code, const int get, const char *title, const int mr, const char *body) +{ + return snprintf(buf, size, + %s %d %s\r\n + Server: %s/%d\r\n + Content-type: %s\r\n + \r\n + %s + %s, + HKP_HTTP_LEVEL, code, (code == HKP_SUCCESS) ? OK : not found, + HKP_NAME,
CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpd
Module Name:src Committed By: agc Date: Mon Mar 1 07:41:57 UTC 2010 Added Files: src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h main.c Log Message: add an embryonic httpd key server (hkpd) to netpgp. this is based on the discontinued draft for hkp servers, in lieu of any official rfc. the post method for adding keys to the server has not been implemented. not until i've gone through all of the implications, anyway. hkp servers serve up pgp public keys over http. the default port is 11371, but it can be any port, specifiable at run time. whilst this hkpd will return valid html to browsers, it is aimed at the ''machine readable'' side, using the ''options=mr'' option to the http get string. this hkpd server will get hooked into the build at a later date. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \ src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpclient
Module Name:src Committed By: agc Date: Mon Mar 1 07:52:21 UTC 2010 Added Files: src/crypto/external/bsd/netpgp/dist/src/hkpclient: hkpclient.lua optparse.lua tst Log Message: add the scripts used to test the hkpd. fwiw, the hkp client script is - essentially - 7 lines of lua, using libcurl for the http transport. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 \ src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua \ src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua \ src/crypto/external/bsd/netpgp/dist/src/hkpclient/tst Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Added files: Index: src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua:1.1 --- /dev/null Mon Mar 1 07:52:21 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua Mon Mar 1 07:52:21 2010 @@ -0,0 +1,74 @@ +#! /usr/bin/env lua + +-- +-- Copyright (c) 2010 The NetBSD Foundation, Inc. +-- All rights reserved. +-- +-- This code is derived from software contributed to The NetBSD Foundation +-- by Alistair Crooks (a...@netbsd.org) +-- +-- Redistribution and use in source and binary forms, with or without +-- modification, are permitted provided that the following conditions +-- are met: +-- 1. Redistributions of source code must retain the above copyright +--notice, this list of conditions and the following disclaimer. +-- 2. Redistributions in binary form must reproduce the above copyright +--notice, this list of conditions and the following disclaimer in the +--documentation and/or other materials provided with the distribution. +-- +-- THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +-- ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +-- TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +-- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +-- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +-- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +-- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +-- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +-- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +-- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +-- POSSIBILITY OF SUCH DAMAGE. +-- + +-- a short HKP client + +require(cURL) + +-- command line args +dofile optparse.lua + +opt = OptionParser{usage=%prog [options] file, version=20100226} + +opt.add_option{-V, --version, action=store_true, dest=version, + help=--version} +opt.add_option{-m, --mr, action=store_true, dest=mr, help=-m} +opt.add_option{-o, --op, action=store, dest=op, help=-o op} +opt.add_option{-p, --port, action=store, dest=port, help=-p port} +opt.add_option{-s, --server, action=store, dest=server, help=-s server} + +-- parse command line args +options,args = opt.parse_args() + +-- set defaults +local server = options.server or pgp.mit.edu +local port = options.port or 11371 +local op = options.op or get +local mr = +if options.mr then mr = options=mr end + +-- get output stream +f = io.output() + +c = cURL.easy_init() + +-- setup url +c:setopt_url(http://; .. server .. : .. port .. + /pks/lookup?op= .. op .. search= .. args[1] .. mr) + +-- perform, invokes callbacks +c:perform({writefunction = function(str) +f:write(str) + end}) + +-- close output file +f:close() + Index: src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua:1.1 --- /dev/null Mon Mar 1 07:52:21 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua Mon Mar 1 07:52:21 2010 @@ -0,0 +1,123 @@ +-- Lua command line option parser. +-- Interface based on Pythons optparse. +-- http://docs.python.org/lib/module-optparse.html +-- (c) 2008 David Manura, Licensed under the same terms as Lua (MIT license) +-- +-- To be used like this: +-- t={usage=some usage message, version=version string} +-- op=OptionParser(t) +-- op=add_option{opt, action=action, dest=dest, help=help message for this option} +-- +-- with : +-- opt the option string to be used (can be anything, if one letter opt, then should be -x val, more letters: -xy=val ) +-- action one of +-- - store: store in options as key, val +-- - store_true: stores key, true +-- - store_false: stores key, false +-- dest is the key under which the option is saved +--
CVS commit: src/crypto/external/bsd/netpgp/dist/src/hkpclient
Module Name:src Committed By: agc Date: Mon Mar 1 07:52:21 UTC 2010 Added Files: src/crypto/external/bsd/netpgp/dist/src/hkpclient: hkpclient.lua optparse.lua tst Log Message: add the scripts used to test the hkpd. fwiw, the hkp client script is - essentially - 7 lines of lua, using libcurl for the http transport. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 \ src/crypto/external/bsd/netpgp/dist/src/hkpclient/hkpclient.lua \ src/crypto/external/bsd/netpgp/dist/src/hkpclient/optparse.lua \ src/crypto/external/bsd/netpgp/dist/src/hkpclient/tst Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/netpgp
Module Name:src Committed By: wiz Date: Wed Feb 24 08:22:59 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/netpgp: netpgp.1 Log Message: New sentence, new line; remove trailing whitespace. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src
Module Name:src Committed By: agc Date: Tue Feb 23 01:24:45 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c validate.c src/crypto/external/bsd/netpgp/dist/src/netpgp: netpgp.1 Log Message: fix a bug in verifying memory. add two examples to the netpgp(1) manual page outlining how to sign and encrypt via a pipeline, and how to decrypt and verify/cat using a pipeline. To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.40 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c cvs rdiff -u -r1.29 -r1.30 \ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.39 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.40 --- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.39 Fri Feb 12 03:38:48 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Tue Feb 23 01:24:44 2010 @@ -34,7 +34,7 @@ #if defined(__NetBSD__) __COPYRIGHT(@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.); -__RCSID($NetBSD: netpgp.c,v 1.39 2010/02/12 03:38:48 agc Exp $); +__RCSID($NetBSD: netpgp.c,v 1.40 2010/02/23 01:24:44 agc Exp $); #endif #include sys/types.h @@ -1014,6 +1014,9 @@ } signedmem = __ops_memory_new(); __ops_memory_add(signedmem, in, size); + if (out) { + cat = __ops_memory_new(); + } ret = __ops_validate_mem(io, result, signedmem, (out) ? cat : NULL, armored, netpgp-pubring); Index: src/crypto/external/bsd/netpgp/dist/src/lib/validate.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.29 src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.30 --- src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.29 Fri Feb 12 03:38:48 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c Tue Feb 23 01:24:44 2010 @@ -54,7 +54,7 @@ #if defined(__NetBSD__) __COPYRIGHT(@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.); -__RCSID($NetBSD: validate.c,v 1.29 2010/02/12 03:38:48 agc Exp $); +__RCSID($NetBSD: validate.c,v 1.30 2010/02/23 01:24:44 agc Exp $); #endif #include sys/types.h @@ -949,7 +949,7 @@ __ops_teardown_memory_read(stream, mem); /* this is triggered only for --cat output */ - if (*cat) { + if (cat) { /* need to send validated output somewhere */ *cat = validation.mem; } else { Index: src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1 diff -u src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1:1.7 src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1:1.8 --- src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1:1.7 Sat Feb 6 02:24:34 2010 +++ src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1 Tue Feb 23 01:24:45 2010 @@ -1,4 +1,4 @@ -.\ $NetBSD: netpgp.1,v 1.7 2010/02/06 02:24:34 agc Exp $ +.\ $NetBSD: netpgp.1,v 1.8 2010/02/23 01:24:45 agc Exp $ .\ .\ Copyright (c) 2009 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -406,6 +406,10 @@ netpgp passphrase: % .Ed +.Pp +This simple (and contrived) example shows that +.Nm +commands can be used together in a pipeline to produce the desired effect. .Bd -literal % netpgp --sign \*[Lt] a | netpgp --cat \*[Gt] b netpgp: default key set to C0596823 @@ -428,6 +432,43 @@ uid Alistair Crooks (Yahoo!) \*[lt]agcro...@yahoo-inc.com\*[gt] % .Ed +.Pp +For operations like signing and encrypting a file at the same time, +the best way is to make use of pipelines: +.Bd -literal +% netpgp --sign \*[Lt] example | netpgp --encrypt --userid=c0596823 \*[Gt] example.gpg +netpgp: default key set to C0596823 +pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 +Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 +uid Alistair Crooks \*[lt]alist...@hockley-crooks.com\*[gt] +uid Alistair Crooks \*[lt]...@pkgsrc.org\*[gt] +uid Alistair Crooks \*[lt]...@netbsd.org\*[gt] +uid Alistair Crooks \*[lt]...@alistaircrooks.com\*[gt] +uid Alistair Crooks (Yahoo!) \*[lt]agcro...@yahoo-inc.com\*[gt] +netpgp passphrase: +% netpgp --decrypt \*[Lt] example.gpg | netpgp --cat +netpgp: default key set to C0596823 +netpgp: default key set to C0596823 +pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 +Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 +uid Alistair Crooks \*[lt]alist...@hockley-crooks.com\*[gt] +uid Alistair Crooks \*[lt]...@pkgsrc.org\*[gt] +uid Alistair Crooks \*[lt]...@netbsd.org\*[gt] +uid Alistair Crooks \*[lt]...@alistaircrooks.com\*[gt] +uid Alistair Crooks (Yahoo!) \*[lt]agcro...@yahoo-inc.com\*[gt] +netpgp passphrase: +Good
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: agc Date: Sat Feb 13 00:14:00 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: signature.h Log Message: let's get modern int types defined so that netpgp will build on mac os x To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 \ src/crypto/external/bsd/netpgp/dist/src/lib/signature.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist
Module Name:src Committed By: agc Date: Thu Feb 11 17:46:09 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist: configure.ac src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c version.h Log Message: changes to 1.99.18/20100211 small steps, but lots of them - this is the first one. + print out the correct key information when signing files and memory. what used to be printed out was the copy of the public key which is stored as part of the private key(!). does not address the info shown when decrypting, since that is done in a different way, by callback. this whole part needs to be re-written, but will have to wait for two good hands. To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/netpgp/dist/configure.ac cvs rdiff -u -r1.37 -r1.38 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c cvs rdiff -u -r1.24 -r1.25 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist
Module Name:src Committed By: agc Date: Fri Feb 12 03:38:48 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist: TODO configure.ac src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.c crypto.h keyring.h netpgp.c packet-print.c reader.c validate.c version.h src/crypto/external/bsd/netpgp/dist/src/netpgpverify: verify.c Log Message: Changes to 1.99.19/20100212 + plug some memory leaks, from cppcheck via Thomas Klausner (thanks!) + make the singular of time units read correctly + print decryption key info properly when prompting for passphrase To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/netpgp/dist/TODO cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/netpgp/dist/configure.ac cvs rdiff -u -r1.21 -r1.22 \ src/crypto/external/bsd/netpgp/dist/src/lib/create.c cvs rdiff -u -r1.19 -r1.20 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c cvs rdiff -u -r1.15 -r1.16 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h cvs rdiff -u -r1.20 -r1.21 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h cvs rdiff -u -r1.38 -r1.39 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c cvs rdiff -u -r1.25 -r1.26 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h cvs rdiff -u -r1.29 -r1.30 \ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c cvs rdiff -u -r1.28 -r1.29 \ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist
Module Name:src Committed By: agc Date: Mon Feb 8 17:19:12 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac src/crypto/external/bsd/netpgp/dist/src/lib: crypto.c crypto.h packet-print.c packet.h reader.c validate.c version.h src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile Log Message: Update netpgp to version 1.99.17/20100208 Changes to 1.99.17/20100208 + get rid of last 2 static variables - use the __ops_printstate_t struct passed down, and add the indent variable here too + get rid of 3 occurrences in reader.c where an automatic buffer was addressed (as part of a subsequent callback) by a struct field from a calling scope, and only valid within the callback. Found by Flexelint and phk - many thanks. + print filename/memory when time problems occur when validating signatures To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/netpgp/dist/TODO cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/netpgp/dist/configure cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/netpgp/dist/configure.ac cvs rdiff -u -r1.18 -r1.19 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c cvs rdiff -u -r1.14 -r1.15 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h cvs rdiff -u -r1.24 -r1.25 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c cvs rdiff -u -r1.17 -r1.18 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h cvs rdiff -u -r1.28 -r1.29 \ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c cvs rdiff -u -r1.27 -r1.28 \ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c cvs rdiff -u -r1.23 -r1.24 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Module Name:src Committed By: dsl Date: Sat Feb 6 10:50:52 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: packet-parse.c validate.c Log Message: Fix printf formats on amd64 (and probably other 64bit systems). To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c cvs rdiff -u -r1.26 -r1.27 \ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/netpgp/dist
Module Name:src Committed By: agc Date: Sat Feb 6 02:24:34 UTC 2010 Modified Files: src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac tst src/crypto/external/bsd/netpgp/dist/include: netpgp.h src/crypto/external/bsd/netpgp/dist/src/lib: crypto.h keyring.c keyring.h netpgp.c netpgpsdk.h openssl_crypto.c packet-parse.c packet-print.c packet.h reader.c signature.c signature.h ssh2pgp.c validate.c validate.h version.h src/crypto/external/bsd/netpgp/dist/src/netpgp: Makefile netpgp.1 netpgp.c src/crypto/external/bsd/netpgp/dist/src/netpgpkeys: netpgpkeys.1 netpgpkeys.c src/crypto/external/bsd/netpgp/dist/src/netpgpverify: Makefile Log Message: Changes to 1.99.16/20100205 + minor simplifications to netpgp(1) internally + fix a bug in netpgp_verify_file where a non-existent file while listing packets would cause a SIGSEGV + add duration arg to netpgp(1), and check for validity when verifying signatures + add birthtime arg to netpgp(1), and check for validity when verifying signatures + add netpgp commands to print pubkey, if desired + allow the passphrase for the signature to be taken from --pass-fd + get rid of static indent value when printing packet contents + print signature validity times when verifying a file's signature To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/netpgp/dist/TODO cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/netpgp/dist/configure cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/netpgp/dist/configure.ac cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/netpgp/dist/tst cvs rdiff -u -r1.14 -r1.15 \ src/crypto/external/bsd/netpgp/dist/include/netpgp.h cvs rdiff -u -r1.13 -r1.14 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h cvs rdiff -u -r1.26 -r1.27 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c cvs rdiff -u -r1.19 -r1.20 \ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h cvs rdiff -u -r1.36 -r1.37 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h cvs rdiff -u -r1.18 -r1.19 \ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c cvs rdiff -u -r1.27 -r1.28 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c \ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c cvs rdiff -u -r1.23 -r1.24 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c cvs rdiff -u -r1.16 -r1.17 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h cvs rdiff -u -r1.24 -r1.25 \ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c cvs rdiff -u -r1.14 -r1.15 \ src/crypto/external/bsd/netpgp/dist/src/lib/signature.h cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c cvs rdiff -u -r1.25 -r1.26 \ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c cvs rdiff -u -r1.11 -r1.12 \ src/crypto/external/bsd/netpgp/dist/src/lib/validate.h cvs rdiff -u -r1.22 -r1.23 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/netpgp/dist/src/netpgp/Makefile \ src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1 cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1 cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Tue, May 26, 2009 at 09:12:39AM +0200, Joerg Sonnenberger wrote: On Tue, May 26, 2009 at 05:40:03AM +, Luke Mewburn wrote: Log Message: Improve SHA256_CTX checks; OS/X provides it in CommonCrypto/CommonDigest.h even though their openssl/sha.h is too old. I think I will hit similiar issues with libarchive at some points, so do you have more details here? Take a look at the source code - it's worked on Mac OS X with its weird digest/openssl integration since January. Regards, Alistair
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Tue, May 26, 2009 at 05:40:03AM +, Luke Mewburn wrote: Log Message: Improve SHA256_CTX checks; OS/X provides it in CommonCrypto/CommonDigest.h even though their openssl/sha.h is too old. I think I will hit similiar issues with libarchive at some points, so do you have more details here? Joerg
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Mon, May 11, 2009 at 10:32:30AM -0400, Perry E. Metzger wrote: The only thing I will directly advocate for (besides scrapping the current UI) is something like the ssh-agent functionality. It is painful having to type in your passphrase for every email message you read, every one you want to sign, etc. What do you think of plan9 factotum? I remember thinking it was reasonably sane, although that was long enough ago that I forget all the details. -- David A. Holland dholl...@netbsd.org
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
David Holland dholland-sourcechan...@netbsd.org writes: On Mon, May 11, 2009 at 10:32:30AM -0400, Perry E. Metzger wrote: The only thing I will directly advocate for (besides scrapping the current UI) is something like the ssh-agent functionality. It is painful having to type in your passphrase for every email message you read, every one you want to sign, etc. What do you think of plan9 factotum? I remember thinking it was reasonably sane, although that was long enough ago that I forget all the details. As do I -- I would need to re-read about it. Perry -- Perry E. Metzgerpe...@piermont.com
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
In article 20090525160949.gr14...@nef.pbox.org, Alistair Crooks a...@pkgsrc.org wrote: Hi Arnaud, everyone, On Thu, May 21, 2009 at 10:59:04PM -0400, Arnaud Lacombe wrote: I've been seeing a lot of commit and activity in netpgp. Do you mind sending me a small paragraph [for the next CVS activity report] about what you're doing in it and what is already possible and what direction does it take ? Yeah, there's no secret about what I'm doing with it, but just to clarify: netpgp is a high-level layer which sits on top of a heavily-modified openpgpsdk, and provides a library interface defined in /usr/include/netpgp.h - the main functions are: int netpgp_encrypt_file(netpgp_t *, char *, char *, char *, int); int netpgp_decrypt_file(netpgp_t *, char *, char *, int); int netpgp_sign_file(netpgp_t *, char *, char *, char *, int, int, int); int netpgp_verify_file(netpgp_t *, char *, const char *, int); Shouldn't most of those char *'s be const char *, and in the code the result of the __ops_functions should be checked, and appropriate errnos set? christos
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
Hi Alistair, I've been seeing a lot of commit and activity in netpgp. Do you mind sending me a small paragraph [for the next CVS activity report] about what you're doing in it and what is already possible and what direction does it take ? Thanks ! - Arnaud On Thu, May 21, 2009 at 10:28 PM, Alistair G. Crooks a...@netbsd.org wrote: Module Name: src Committed By: agc Date: Fri May 22 02:28:54 UTC 2009 Modified Files: src/crypto/external/bsd/netpgp/dist: TODO configure configure.ac tst src/crypto/external/bsd/netpgp/dist/src/bin: netpgp.1 netpgp.c src/crypto/external/bsd/netpgp/dist/src/lib: config.h packet.h version.h Log Message: CHANGES 1.99.2 - 1.99.3 + modified regression tests to make it easier to see status messages + modified --encrypt, --decrypt, --sign, and --clearsign as well as --cat to respect the --output argument for the output file. Default behaviour remains unchanged - if --output is not specified, standard file names and suffixes apply. Note that --verify has not been changed - this is for compatibility with gpg, POLA/POLS, and because --verify-cat/--cat provides this behaviour To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/netpgp/dist/TODO cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/netpgp/dist/configure \ src/crypto/external/bsd/netpgp/dist/configure.ac cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/netpgp/dist/tst cvs rdiff -u -r1.11 -r1.12 \ src/crypto/external/bsd/netpgp/dist/src/bin/netpgp.1 cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/netpgp/dist/src/bin/netpgp.c cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/netpgp/dist/src/lib/config.h \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/netpgp/dist/src/lib/packet.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
Alistair G. Crooks a...@netbsd.org writes: + allow a choice of hash algorithms for the signature digest (rather than hardcoding SHA1 - it is looking as though collisions are easier to manufacture based on recent findings) + move default signature RSA hash algorithm to SHA256 (from SHA1). This is passed as a string parameter from the high-level interface. We'll revisit this later after a good way to specify the algorithm has been found. I presume this isn't in the man page because you're waiting on the final method to handle it? Perry
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
Alistair Crooks a...@pkgsrc.org writes: I'll look into providing that somehow (I've been of the opinion that we need one binary for key management, and one binary for signing/verification and encrypting/decrypting for a while now - it's the way that the old nbpg SoC project was going too), and that definitely gives me an incentive to do that kind of split. The worst part of pgp and gpg have always been the user interfaces -- bulky, so many options you can't remember which ones you want at any given time, complicated init files, etc. I would suggest ignoring any prior precedents on such matters because they're all bad and start from a clean slate. Start fresh as though you were a sane Unix geek building from scratch and produce an interface that is intuitive to Unix users -- if you do, netpgp will take over the world. The only thing I will directly advocate for (besides scrapping the current UI) is something like the ssh-agent functionality. It is painful having to type in your passphrase for every email message you read, every one you want to sign, etc. Perry -- Perry E. Metzgerpe...@piermont.com
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Mon, May 11, 2009 at 10:32:30AM -0400, Perry E. Metzger wrote: | The only thing I will directly advocate for (besides scrapping the | current UI) is something like the ssh-agent functionality. It is painful | having to type in your passphrase for every email message you read, | every one you want to sign, etc. gpg (gnupg) version 2 provides gpg-agent for this. That may provide some more inspiration for features. pgpM3zJAAMAT1.pgp Description: PGP signature
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
Simon Burge sim...@netbsd.org writes: Perry E. Metzger wrote: [ ... ] Encrypted swap should be the default -- either using cgd or by simply encrypting the blocks as they go in and out without using the cgd layer. You've benchmarked the effect of this, especially on older hardware? No, but others have, and it is generally negligible. Why is this the case? Well, think about it for a moment -- the time to encrypt a disk block is a tiny fraction of the time needed to write it to disk. It is true that on older machines there is less processor, but there is also even less disk bandwidth. The situation is a lot worse if you're thrashing, but of course the situation is always a lot worse if you're thrashing. In any case: there would clearly be a knob to this on and off, and it can even be left off by default, at least on older ports. The problem is this: it is a significant effort to set this up at all, so no one does it. If it was trivial to set up, even something listed in sysinst, it would be widely used, unlike the situation now where it is barely if ever done. Perry -- Perry E. Metzgerpe...@piermont.com
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Sat, May 09, 2009 at 03:46:28AM +0100, Alistair Crooks wrote: [...] since there's no way of changing a PGP passphrase short of generating a new key. Huh? Sure, you have a need to deal with keyring copies from before the change, maybe with some more rm -P and its limtations, but otherwise, I don't understand this. -- Dan. pgpNspqO3Rna0.pgp Description: PGP signature
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Mon, May 11, 2009 at 02:55:03AM +0100, Alistair Crooks wrote: On Mon, May 11, 2009 at 11:09:40AM +1000, Daniel Carosone wrote: On Sat, May 09, 2009 at 03:46:28AM +0100, Alistair Crooks wrote: [...] since there's no way of changing a PGP passphrase short of generating a new key. Huh? Sure, you have a need to deal with keyring copies from before the change, maybe with some more rm -P and its limtations, but otherwise, I don't understand this. Sorry, I must be missing something then (perfectly possible, now I'm old and grey) - how do you change the passphrase on a PGP key? For gpg, the passwd sub-command under edit-key. For other implementations, special sigils created by waving the magic wand^Wpointer. If the corresponding feature is missing from this implementation, that's a deficiency, but not a limitation of the format. Someone might implement the feature, or you might combine tools since the keyring format is standardised and (I hope) therefore the tools are interoperable. -- Dan. pgpab5DcKPMca.pgp Description: PGP signature
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Mon, May 11, 2009 at 12:11:03PM +1000, Daniel Carosone wrote: On Mon, May 11, 2009 at 02:55:03AM +0100, Alistair Crooks wrote: On Mon, May 11, 2009 at 11:09:40AM +1000, Daniel Carosone wrote: On Sat, May 09, 2009 at 03:46:28AM +0100, Alistair Crooks wrote: [...] since there's no way of changing a PGP passphrase short of generating a new key. Huh? Sure, you have a need to deal with keyring copies from before the change, maybe with some more rm -P and its limtations, but otherwise, I don't understand this. Sorry, I must be missing something then (perfectly possible, now I'm old and grey) - how do you change the passphrase on a PGP key? For gpg, the passwd sub-command under edit-key. For other implementations, special sigils created by waving the magic wand^Wpointer. If the corresponding feature is missing from this implementation, that's a deficiency, but not a limitation of the format. Someone might implement the feature, or you might combine tools since the keyring format is standardised and (I hope) therefore the tools are interoperable. Cool, thanks, that's exactly the information I was looking for. I'll look into providing that somehow (I've been of the opinion that we need one binary for key management, and one binary for signing/verification and encrypting/decrypting for a while now - it's the way that the old nbpg SoC project was going too), and that definitely gives me an incentive to do that kind of split. Thanks once again, Al
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Wed, May 06, 2009 at 12:57:06PM +0200, Klaus Klein wrote: On Tue, May 05, 2009 at 11:38:36PM +, David Holland wrote: On Wed, May 06, 2009 at 12:33:00AM +0100, Alistair Crooks wrote: Imagine someone embedding this library in their (embedded) product. Having the library dump core for what is an unusual ocurrence, admittedly (such as an out of memory condition, perhaps) is suboptimal, since the product may then have to be re-started to get a working system. This is too intrusive. As someone with an LCD TV which sometimes does this, it annoys me intensely. Names and models on request, in private. This also brings us round to a pet peeve of mine - for development work, dumping core is fine for exceptional conditions. Same as kernel panics. It's not usually wanted in production code. Having things fail silently or go into a fugue state is not an improvement, particularly in security code. So I'd qualify all this by saying that end-to-end behavior should always be fail-stop. However, I'm inclined to agree that libraries should not in general abort on behalf of an application, and that it's the application's responsibility to be fail-stop. So, as far as the library is concerned, shouldn't these assertions be preserved, and face conversion to _DIAGASSERT(3)? You're right, if you believe that the failure of a runtime check for the length of time_t being greater than or equal to 4 bytes is sufficient to abort an application. There were also assertions about previous values which had been hardcoded. Some of the assertions had code further on to check exactly the same error condition, and return gracefully with an error value if triggered. Anyway, on with the meta-discussion. Regards, Alistair
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Wed, May 06, 2009 at 03:52:15PM +0100, Alistair Crooks wrote: You're right, if you believe that the failure of a runtime check for the length of time_t being greater than or equal to 4 bytes is sufficient to abort an application. ...which can and should be a compile-time assertion. Joerg
Re: CVS commit: src/crypto/external/bsd/netpgp/dist
On Wed, May 06, 2009 at 06:47:37PM +0200, Joerg Sonnenberger wrote: On Wed, May 06, 2009 at 03:52:15PM +0100, Alistair Crooks wrote: You're right, if you believe that the failure of a runtime check for the length of time_t being greater than or equal to 4 bytes is sufficient to abort an application. ...which can and should be a compile-time assertion. Absolutely - we can put it in sys/cdefs.h, right next to the check for the value of pi changing, and the check for int32_t being able to address 32 bits. Having this kind of thing as compile-time checks would take a huge weight off my mind. Alistair PS. It has suddenly struck me that your suggestion might have been serious. Oh well...