CVS commit: src/crypto/external/bsd/netpgp/dist

[Alistair G. Crooks]

Module Name:    src
Committed By:   agc
Date:           Thu Jun 11 04:57:52 UTC 2009

Modified Files:
        src/crypto/external/bsd/netpgp/dist: TODO
        src/crypto/external/bsd/netpgp/dist/src/lib: keyring.c keyring.h
            netpgp.c reader.c

Log Message:
+ only prompt for the passphrase for the secret key if the secret key is
  protected by a passphrase


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.19 -r1.20 \
    src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
cvs rdiff -u -r1.15 -r1.16 \
    src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h
cvs rdiff -u -r1.24 -r1.25 \
    src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.20 -r1.21 \
    src/crypto/external/bsd/netpgp/dist/src/lib/reader.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/netpgp/dist/TODO
diff -u src/crypto/external/bsd/netpgp/dist/TODO:1.19 src/crypto/external/bsd/netpgp/dist/TODO:1.20
--- src/crypto/external/bsd/netpgp/dist/TODO:1.19	Thu Jun 11 01:17:43 2009
+++ src/crypto/external/bsd/netpgp/dist/TODO	Thu Jun 11 04:57:51 2009
@@ -7,7 +7,6 @@
 64-bit offsets
 default compression when signing?
 Multiple recipients for encryption
-don't require passphrase for keys without one
 convert tests from ./tst to the autotest ./tests/
 
 Done
@@ -65,3 +64,4 @@
 separate key management program
 C++ guards in header file
 modify sets lists for netpgpverify
+don't require passphrase for keys without one

Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.19 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.20
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.19	Thu Jun 11 01:12:42 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c	Thu Jun 11 04:57:52 2009
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.19 2009/06/11 01:12:42 agc Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.20 2009/06/11 04:57:52 agc Exp $");
 #endif
 
 #ifdef HAVE_FCNTL_H
@@ -228,6 +228,7 @@
 {
 	const __ops_contents_t	*content = &pkt->u;
 	decrypt_t		*decrypt;
+	char			 pass[MAX_PASSPHRASE_LENGTH];
 
 	decrypt = __ops_callback_arg(cbinfo);
 	switch (pkt->tag) {
@@ -240,7 +241,8 @@
 		break;
 
 	case OPS_GET_PASSPHRASE:
-		*content->skey_passphrase.passphrase = decrypt->passphrase;
+		(void) __ops_getpassphrase(NULL, pass, sizeof(pass));
+		*content->skey_passphrase.passphrase = strdup(pass);
 		return OPS_KEEP_MEMORY;
 
 	case OPS_PARSER_ERRCODE:
@@ -291,7 +293,7 @@
 \return secret key
 */
 __ops_seckey_t *
-__ops_decrypt_seckey(const __ops_key_t *key, const char *passphrase)
+__ops_decrypt_seckey(const __ops_key_t *key)
 {
 	__ops_stream_t	*stream;
 	const int	 printerrors = 1;
@@ -299,14 +301,11 @@
 
 	(void) memset(&decrypt, 0x0, sizeof(decrypt));
 	decrypt.key = key;
-	decrypt.passphrase = strdup(passphrase);
 	stream = __ops_new(sizeof(*stream));
 	__ops_keydata_reader_set(stream, key);
 	__ops_set_callback(stream, decrypt_cb, &decrypt);
 	stream->readinfo.accumulate = 1;
 	__ops_parse(stream, !printerrors);
-	__ops_forget(decrypt.passphrase, strlen(decrypt.passphrase));
-	(void) free(decrypt.passphrase);
 	return decrypt.seckey;
 }
 

Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.15 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.16
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.15	Wed Jun 10 16:36:23 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h	Thu Jun 11 04:57:52 2009
@@ -56,6 +56,11 @@
 #include "packet.h"
 #include "packet-parse.h"
 
+enum {
+	MAX_ID_LENGTH		= 128,
+	MAX_PASSPHRASE_LENGTH	= 256
+};
+
 typedef struct __ops_key_t	__ops_key_t;
 
 /** \struct __ops_keyring_t
@@ -78,7 +83,7 @@
 unsigned   __ops_is_key_secret(const __ops_key_t *);
 const __ops_seckey_t *__ops_get_seckey(const __ops_key_t *);
 __ops_seckey_t *__ops_get_writable_seckey(__ops_key_t *);
-__ops_seckey_t *__ops_decrypt_seckey(const __ops_key_t *, const char *);
+__ops_seckey_t *__ops_decrypt_seckey(const __ops_key_t *);
 
 unsigned   __ops_keyring_fileread(__ops_keyring_t *, const unsigned,
 					const char *);

Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.24 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.25
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.24	Thu Jun 11 01:12:42 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c	Thu Jun 11 04:57:52 2009
@@ -34,7 +34,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.24 2009/06/11 01:12:42 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.25 2009/06/11 04:57:52 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -85,11 +85,6 @@
 #include "netpgpdefs.h"
 #include "crypto.h"
 
-enum {
-	MAX_ID_LENGTH		= 128,
-	MAX_PASSPHRASE_LENGTH	= 256
-};
-
 /* read any gpg config file */
 static int
 conffile(netpgp_t *netpgp, char *homedir, char *userid, size_t length)
@@ -509,7 +504,6 @@
 	const unsigned		 overwrite = 1;
 	__ops_io_t		*io;
 	char			*hashalg;
-	char			 pass[MAX_PASSPHRASE_LENGTH];
 	int			 ret;
 
 	io = netpgp->io;
@@ -527,17 +521,11 @@
 	do {
 		/* print out the user id */
 		__ops_print_pubkeydata(io, keypair);
-		/* get the passphrase */
-		if (!__ops_getpassphrase(netpgp->passfp, pass, sizeof(pass))) {
-			(void) fprintf(io->errs, "Can't get passphrase\n");
-			return 0;
-		}
 		/* now decrypt key */
-		seckey = __ops_decrypt_seckey(keypair, pass);
+		seckey = __ops_decrypt_seckey(keypair);
 		if (seckey == NULL) {
 			(void) fprintf(io->errs, "Bad passphrase\n");
 		}
-		__ops_forget(pass, sizeof(pass));
 	} while (seckey == NULL);
 	/* sign file */
 	hashalg = netpgp_getvar(netpgp, "hash");

Index: src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.20 src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.21
--- src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.20	Thu Jun 11 01:12:42 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c	Thu Jun 11 04:57:52 2009
@@ -54,7 +54,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: reader.c,v 1.20 2009/06/11 01:12:42 agc Exp $");
+__RCSID("$NetBSD: reader.c,v 1.21 2009/06/11 04:57:52 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -2154,7 +2154,7 @@
 {
 	const __ops_contents_t	*content = &pkt->u;
 	const __ops_seckey_t	*secret;
-	__ops_packet_t		 seckey;
+	const __ops_key_t	*keypair;
 	__ops_io_t		*io;
 
 	io = cbinfo->io;
@@ -2171,27 +2171,16 @@
 			return 0;
 		}
 
-		/* now get the key from the data */
-		secret = __ops_get_seckey(cbinfo->cryptinfo.keydata);
-		while (!secret) {
-			if (!cbinfo->cryptinfo.passphrase) {
-				(void) memset(&seckey, 0x0, sizeof(seckey));
-				seckey.u.skey_passphrase.passphrase =
-					&cbinfo->cryptinfo.passphrase;
-				CALLBACK(OPS_GET_PASSPHRASE, cbinfo, &seckey);
-			}
-			/* then it must be encrypted */
-			secret = __ops_decrypt_seckey(
-						cbinfo->cryptinfo.keydata,
-						cbinfo->cryptinfo.passphrase);
-			if (!secret) {
-				(void) __ops_forget(
-					cbinfo->cryptinfo.passphrase,
-					strlen(cbinfo->cryptinfo.passphrase));
-				cbinfo->cryptinfo.passphrase = NULL;
-				(void) fprintf(stderr, "Bad passphrase\n");
+		keypair = cbinfo->cryptinfo.keydata;
+		do {
+			/* print out the user id */
+			__ops_print_pubkeydata(io, keypair);
+			/* now decrypt key */
+			secret = __ops_decrypt_seckey(keypair);
+			if (secret == NULL) {
+				(void) fprintf(io->errs, "Bad passphrase\n");
 			}
-		}
+		} while (secret == NULL);
 		*content->get_seckey.seckey = secret;
 		break;