Module Name: src
Committed By: agc
Date: Fri Jul 9 05:35:35 UTC 2010
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.c
keyring.c misc.c netpgp.c openssl_crypto.c packet-parse.c
packet-print.c packet.h reader.c readerwriter.h ssh2pgp.c version.h
writer.c
Log Message:
Changes to 3.99.7/20100701
+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
fingerprint
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/external/bsd/netpgp/dist/src/lib/create.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c \
src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c \
src/crypto/external/bsd/netpgp/dist/src/lib/writer.c
cvs rdiff -u -r1.38 -r1.39 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
cvs rdiff -u -r1.32 -r1.33 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.63 -r1.64 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.37 -r1.38 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c \
src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
cvs rdiff -u -r1.23 -r1.24 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/netpgp/dist/src/lib/readerwriter.h
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c
cvs rdiff -u -r1.36 -r1.37 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.30 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.31
--- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.30 Wed Jun 30 15:18:10 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c Fri Jul 9 05:35:34 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.30 2010/06/30 15:18:10 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.31 2010/07/09 05:35:34 agc Exp $");
#endif
#include <sys/types.h>
@@ -453,10 +453,10 @@
return 0;
}
break;
-
- /* case OPS_PKA_ELGAMAL: */
- /* return __ops_write_mpi(output, key->key.elgamal.x); */
-
+ case OPS_PKA_DSA:
+ return __ops_write_mpi(output, key->key.dsa.x);
+ case OPS_PKA_ELGAMAL:
+ return __ops_write_mpi(output, key->key.elgamal.x);
default:
return 0;
}
@@ -892,8 +892,14 @@
unsigned i;
/* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */
-
- if (pubkey->alg != OPS_PKA_RSA) {
+ switch (pubkey->alg) {
+ case OPS_PKA_RSA:
+ break;
+ case OPS_PKA_DSA:
+ case OPS_PKA_ELGAMAL:
+ (void) fprintf(stderr, "encode_m_buf: DSA/Elgamal encryption not implemented yet\n");
+ break;
+ default:
(void) fprintf(stderr, "encode_m_buf: pubkey algorithm\n");
return 0;
}
@@ -986,7 +992,12 @@
if (__ops_get_debug_level(__FILE__)) {
hexdump(stderr, "Encrypting for RSA keyid", key->key_id, sizeof(sesskey->key_id));
}
- if (key->key.pubkey.alg != OPS_PKA_RSA) {
+ switch (key->key.pubkey.alg) {
+ case OPS_PKA_RSA:
+ case OPS_PKA_DSA:
+ case OPS_PKA_ELGAMAL:
+ break;
+ default:
(void) fprintf(stderr,
"__ops_create_pk_sesskey: bad pubkey algorithm\n");
free(encoded_m_buf);
@@ -1013,11 +1024,24 @@
encode_m_buf(unencoded_m_buf, SZ_UNENCODED_M_BUF, pubkey, encoded_m_buf);
/* and encrypt it */
- if (!__ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pubkey,
- &sesskey->params)) {
+ switch (key->key.pubkey.alg) {
+ case OPS_PKA_RSA:
+ if (!__ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pubkey,
+ &sesskey->params)) {
+ free(encoded_m_buf);
+ free(sesskey);
+ return NULL;
+ }
+ break;
+ case OPS_PKA_DSA:
+ case OPS_PKA_ELGAMAL:
+ (void) fprintf(stderr, "DSA/Elgamal encryption not supported yet\n");
free(encoded_m_buf);
free(sesskey);
return NULL;
+ default:
+ /* will not get here - for lint only */
+ break;
}
free(encoded_m_buf);
return sesskey;
@@ -1039,20 +1063,26 @@
"__ops_write_pk_sesskey: NULL pksk\n");
return 0;
}
- if (pksk->alg != OPS_PKA_RSA) {
+ switch (pksk->alg) {
+ case OPS_PKA_RSA:
+ return __ops_write_ptag(output, OPS_PTAG_CT_PK_SESSION_KEY) &&
+ __ops_write_length(output, (unsigned)(1 + 8 + 1 +
+ BN_num_bytes(pksk->params.rsa.encrypted_m) + 2)) &&
+ __ops_write_scalar(output, (unsigned)pksk->version, 1) &&
+ __ops_write(output, pksk->key_id, 8) &&
+ __ops_write_scalar(output, (unsigned)pksk->alg, 1) &&
+ __ops_write_mpi(output, pksk->params.rsa.encrypted_m)
+ /* ?? && __ops_write_scalar(output, 0, 2); */
+ ;
+ case OPS_PKA_DSA:
+ case OPS_PKA_ELGAMAL:
+ (void) fprintf(stderr, "__ops_write_pk_sesskey: DSA/Elgamal encryption not implemented yet\n");
+ return 0;
+ default:
(void) fprintf(stderr,
"__ops_write_pk_sesskey: bad algorithm\n");
return 0;
}
- return __ops_write_ptag(output, OPS_PTAG_CT_PK_SESSION_KEY) &&
- __ops_write_length(output, (unsigned)(1 + 8 + 1 +
- BN_num_bytes(pksk->params.rsa.encrypted_m) + 2)) &&
- __ops_write_scalar(output, (unsigned)pksk->version, 1) &&
- __ops_write(output, pksk->key_id, 8) &&
- __ops_write_scalar(output, (unsigned)pksk->alg, 1) &&
- __ops_write_mpi(output, pksk->params.rsa.encrypted_m)
- /* ?? && __ops_write_scalar(output, 0, 2); */
- ;
}
/**
Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.24 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.25
--- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.24 Fri Jun 25 03:37:27 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Fri Jul 9 05:35:34 2010
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: crypto.c,v 1.24 2010/06/25 03:37:27 agc Exp $");
+__RCSID("$NetBSD: crypto.c,v 1.25 2010/07/09 05:35:34 agc Exp $");
#endif
#include <sys/types.h>
@@ -89,11 +89,11 @@
const BIGNUM *encmpi,
const __ops_seckey_t *seckey)
{
- uint8_t encmpibuf[NETPGP_BUFSIZ];
- uint8_t mpibuf[NETPGP_BUFSIZ];
unsigned mpisize;
- int n;
+ uint8_t encmpibuf[NETPGP_BUFSIZ];
+ uint8_t mpibuf[NETPGP_BUFSIZ];
int i;
+ int n;
mpisize = (unsigned)BN_num_bytes(encmpi);
/* MPI can't be more than 65,536 */
@@ -103,54 +103,52 @@
}
BN_bn2bin(encmpi, encmpibuf);
- if (seckey->pubkey.alg != OPS_PKA_RSA) {
+ switch (seckey->pubkey.alg) {
+ case OPS_PKA_RSA:
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "encrypted", encmpibuf, 16);
+ }
+ n = __ops_rsa_private_decrypt(mpibuf, encmpibuf,
+ (unsigned)(BN_num_bits(encmpi) + 7) / 8,
+ &seckey->key.rsa, &seckey->pubkey.key.rsa);
+ if (n == -1) {
+ (void) fprintf(stderr, "ops_rsa_private_decrypt failure\n");
+ return -1;
+ }
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "decrypted", mpibuf, 16);
+ }
+ if (n <= 0) {
+ return -1;
+ }
+ /* Decode EME-PKCS1_V1_5 (RFC 2437). */
+ if (mpibuf[0] != 0 || mpibuf[1] != 2) {
+ return -1;
+ }
+ /* Skip the random bytes. */
+ for (i = 2; i < n && mpibuf[i]; ++i) {
+ }
+ if (i == n || i < 10) {
+ return -1;
+ }
+ /* Skip the zero */
+ i += 1;
+ /* this is the unencoded m buf */
+ if ((unsigned) (n - i) <= buflen) {
+ (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); /* XXX - Flexelint */
+ }
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "decoded m", buf, (size_t)(n - i));
+ }
+ return n - i;
+ case OPS_PKA_DSA:
+ case OPS_PKA_ELGAMAL:
+ (void) fprintf(stderr, "XXX - no support for DSA/Elgamal yet\n");
+ return 0;
+ default:
(void) fprintf(stderr, "pubkey algorithm wrong\n");
return -1;
}
-
- if (__ops_get_debug_level(__FILE__)) {
- hexdump(stderr, "encrypted", encmpibuf, 16);
- }
- n = __ops_rsa_private_decrypt(mpibuf, encmpibuf,
- (unsigned)(BN_num_bits(encmpi) + 7) / 8,
- &seckey->key.rsa, &seckey->pubkey.key.rsa);
- if (n == -1) {
- (void) fprintf(stderr, "ops_rsa_private_decrypt failure\n");
- return -1;
- }
-
- if (__ops_get_debug_level(__FILE__)) {
- hexdump(stderr, "decrypted", mpibuf, 16);
- }
- if (n <= 0) {
- return -1;
- }
-
- /* Decode EME-PKCS1_V1_5 (RFC 2437). */
- if (mpibuf[0] != 0 || mpibuf[1] != 2) {
- return -1;
- }
-
- /* Skip the random bytes. */
- for (i = 2; i < n && mpibuf[i]; ++i) {
- }
-
- if (i == n || i < 10) {
- return -1;
- }
-
- /* Skip the zero */
- i += 1;
-
- /* this is the unencoded m buf */
- if ((unsigned) (n - i) <= buflen) {
- (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); /* XXX - Flexelint */
- }
-
- if (__ops_get_debug_level(__FILE__)) {
- hexdump(stderr, "decoded m", buf, (size_t)(n - i));
- }
- return n - i;
}
/**
@@ -215,16 +213,16 @@
break;
case OPS_PTAG_CT_PK_SESSION_KEY:
- return pk_sesskey_cb(pkt, cbinfo);
+ return __ops_pk_sesskey_cb(pkt, cbinfo);
case OPS_GET_SECKEY:
- return get_seckey_cb(pkt, cbinfo);
+ return __ops_get_seckey_cb(pkt, cbinfo);
case OPS_GET_PASSPHRASE:
return cbinfo->cryptinfo.getpassphrase(pkt, cbinfo);
case OPS_PTAG_CT_LITDATA_BODY:
- return litdata_cb(pkt, cbinfo);
+ return __ops_litdata_cb(pkt, cbinfo);
case OPS_PTAG_CT_ARMOUR_HEADER:
case OPS_PTAG_CT_ARMOUR_TRAILER:
@@ -291,7 +289,10 @@
}
/* Push the encrypted writer */
- __ops_push_enc_se_ip(output, pubkey);
+ if (!__ops_push_enc_se_ip(output, pubkey)) {
+ __ops_memory_free(inmem);
+ return 0;
+ }
/* This does the writing */
__ops_write(output, __ops_mem_data(inmem), __ops_mem_len(inmem));
Index: src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.24 src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.25
--- src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.24 Fri Jun 25 03:37:27 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Fri Jul 9 05:35:34 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: openssl_crypto.c,v 1.24 2010/06/25 03:37:27 agc Exp $");
+__RCSID("$NetBSD: openssl_crypto.c,v 1.25 2010/07/09 05:35:34 agc Exp $");
#endif
#ifdef HAVE_OPENSSL_DSA_H
@@ -834,9 +834,8 @@
__ops_push_checksum_writer(output, seckey);
switch (seckey->pubkey.alg) {
- /* case OPS_PKA_DSA: */
- /* return __ops_write_mpi(output, key->key.dsa.x); */
-
+ case OPS_PKA_DSA:
+ return __ops_write_mpi(output, seckey->key.dsa.x);
case OPS_PKA_RSA:
case OPS_PKA_RSA_ENCRYPT_ONLY:
case OPS_PKA_RSA_SIGN_ONLY:
@@ -847,9 +846,8 @@
return 0;
}
break;
-
- /* case OPS_PKA_ELGAMAL: */
- /* return __ops_write_mpi(output, key->key.elgamal.x); */
+ case OPS_PKA_ELGAMAL:
+ return __ops_write_mpi(output, seckey->key.elgamal.x);
default:
(void) fprintf(stderr, "Bad seckey->pubkey.alg\n");
Index: src/crypto/external/bsd/netpgp/dist/src/lib/writer.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.24 src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.25
--- src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.24 Fri Jun 25 03:37:28 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/writer.c Fri Jul 9 05:35:35 2010
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: writer.c,v 1.24 2010/06/25 03:37:28 agc Exp $");
+__RCSID("$NetBSD: writer.c,v 1.25 2010/07/09 05:35:35 agc Exp $");
#endif
#include <sys/types.h>
@@ -1025,7 +1025,7 @@
\ingroup Core_WritersNext
\brief Push Encrypted SE IP Writer onto stack
*/
-void
+int
__ops_push_enc_se_ip(__ops_output_t *output, const __ops_key_t *pubkey)
{
__ops_pk_sesskey_t *encrypted_pk_sesskey;
@@ -1035,25 +1035,28 @@
if ((se_ip = calloc(1, sizeof(*se_ip))) == NULL) {
(void) fprintf(stderr, "__ops_push_enc_se_ip: bad alloc\n");
- return;
+ return 0;
}
/* Create and write encrypted PK session key */
- encrypted_pk_sesskey = __ops_create_pk_sesskey(pubkey);
+ if ((encrypted_pk_sesskey = __ops_create_pk_sesskey(pubkey)) == NULL) {
+ (void) fprintf(stderr, "__ops_push_enc_se_ip: null pk sesskey\n");
+ return 0;
+ }
__ops_write_pk_sesskey(output, encrypted_pk_sesskey);
/* Setup the se_ip */
if ((encrypted = calloc(1, sizeof(*encrypted))) == NULL) {
free(se_ip);
(void) fprintf(stderr, "__ops_push_enc_se_ip: bad alloc\n");
- return;
+ return 0;
}
__ops_crypt_any(encrypted, encrypted_pk_sesskey->symm_alg);
if ((iv = calloc(1, encrypted->blocksize)) == NULL) {
free(se_ip);
free(encrypted);
(void) fprintf(stderr, "__ops_push_enc_se_ip: bad alloc\n");
- return;
+ return 0;
}
encrypted->set_iv(encrypted, iv);
encrypted->set_crypt_key(encrypted, &encrypted_pk_sesskey->key[0]);
@@ -1067,6 +1070,7 @@
/* tidy up */
free(encrypted_pk_sesskey);
free(iv);
+ return 1;
}
static unsigned
Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.38 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.39
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.38 Fri Jun 25 03:37:27 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Fri Jul 9 05:35:34 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.38 2010/06/25 03:37:27 agc Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.39 2010/07/09 05:35:34 agc Exp $");
#endif
#ifdef HAVE_FCNTL_H
@@ -377,12 +377,13 @@
__ops_is_key_supported(const __ops_key_t *key)
{
if (key->type == OPS_PTAG_CT_PUBLIC_KEY) {
- if (key->key.pubkey.alg == OPS_PKA_RSA) {
- return 1;
- }
- } else if (key->type == OPS_PTAG_CT_PUBLIC_KEY) {
- if (key->key.pubkey.alg == OPS_PKA_DSA) {
+ switch(key->key.pubkey.alg) {
+ case OPS_PKA_RSA:
+ case OPS_PKA_DSA:
+ case OPS_PKA_ELGAMAL:
return 1;
+ default:
+ break;
}
}
return 0;
@@ -1023,6 +1024,9 @@
__ops_key_t *key;
time_t duration;
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(stderr, "__ops_add_to_pubring\n");
+ }
EXPAND_ARRAY(keyring, key);
key = &keyring->keys[keyring->keyc++];
duration = key->key.pubkey.duration;
@@ -1042,6 +1046,17 @@
const __ops_pubkey_t *pubkey;
__ops_key_t *key;
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(stderr, "__ops_add_to_secring\n");
+ }
+ if (keyring->keyc > 0) {
+ key = &keyring->keys[keyring->keyc - 1];
+ if (__ops_get_debug_level(__FILE__) &&
+ key->key.pubkey.alg == OPS_PKA_DSA &&
+ seckey->pubkey.alg == OPS_PKA_ELGAMAL) {
+ fprintf(stderr, "__ops_add_to_secring: found elgamal seckey\n");
+ }
+ }
EXPAND_ARRAY(keyring, key);
key = &keyring->keys[keyring->keyc++];
(void) memset(key, 0x0, sizeof(*key));
@@ -1050,6 +1065,9 @@
__ops_fingerprint(&key->fingerprint, pubkey, keyring->hashtype);
key->type = OPS_PTAG_CT_SECRET_KEY;
key->key.seckey = *seckey;
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(stderr, "__ops_add_to_secring: keyc %u\n", keyring->keyc);
+ }
return 1;
}
Index: src/crypto/external/bsd/netpgp/dist/src/lib/misc.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.32 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.33
--- src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.32 Fri Jun 25 18:30:16 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/misc.c Fri Jul 9 05:35:34 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: misc.c,v 1.32 2010/06/25 18:30:16 agc Exp $");
+__RCSID("$NetBSD: misc.c,v 1.33 2010/07/09 05:35:34 agc Exp $");
#endif
#include <sys/types.h>
@@ -111,21 +111,18 @@
__ops_keyring_t *keyring;
accumulate_t *accumulate;
+ if (__ops_get_debug_level(__FILE__)) {
+ (void) fprintf(stderr, "accumulate callback: packet tag %u\n", pkt->tag);
+ }
accumulate = __ops_callback_arg(cbinfo);
keyring = accumulate->keyring;
switch (pkt->tag) {
case OPS_PTAG_CT_PUBLIC_KEY:
+ __ops_add_to_pubring(keyring, &content->pubkey);
+ return OPS_KEEP_MEMORY;
case OPS_PTAG_CT_SECRET_KEY:
case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY:
- if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "Creating key %u - tag %u\n",
- keyring->keyc, pkt->tag);
- }
- if (pkt->tag == OPS_PTAG_CT_PUBLIC_KEY) {
- __ops_add_to_pubring(keyring, &content->pubkey);
- } else {
- __ops_add_to_secring(keyring, &content->seckey);
- }
+ __ops_add_to_secring(keyring, &content->seckey);
return OPS_KEEP_MEMORY;
case OPS_PTAG_CT_USER_ID:
if (__ops_get_debug_level(__FILE__)) {
@@ -133,14 +130,12 @@
content->userid,
keyring->keyc - 1);
}
- if (keyring->keyc > 0) {
- __ops_add_userid(&keyring->keys[keyring->keyc - 1],
- content->userid);
- return OPS_KEEP_MEMORY;
+ if (keyring->keyc == 0) {
+ OPS_ERROR(cbinfo->errors, OPS_E_P_NO_USERID, "No userid found");
+ } else {
+ __ops_add_userid(&keyring->keys[keyring->keyc - 1], content->userid);
}
- OPS_ERROR(cbinfo->errors, OPS_E_P_NO_USERID, "No userid found");
return OPS_KEEP_MEMORY;
-
case OPS_PARSER_PACKET_END:
if (keyring->keyc > 0) {
__ops_add_subpacket(&keyring->keys[keyring->keyc - 1],
@@ -148,20 +143,16 @@
return OPS_KEEP_MEMORY;
}
return OPS_RELEASE_MEMORY;
-
case OPS_PARSER_ERROR:
(void) fprintf(stderr, "Error: %s\n", content->error);
return OPS_FINISHED;
-
case OPS_PARSER_ERRCODE:
(void) fprintf(stderr, "parse error: %s\n",
__ops_errcode(content->errcode.errcode));
break;
-
default:
break;
}
-
/* XXX: we now exclude so many things, we should either drop this or */
/* do something to pass on copies of the stuff we keep */
return __ops_stacked_callback(pkt, cbinfo);
@@ -501,7 +492,7 @@
"__ops_fingerprint: bad md5 alloc\n");
return 0;
}
- type = (key->alg == OPS_PKA_RSA) ? "ssh-rsa" : "ssh-dsa";
+ type = (key->alg == OPS_PKA_RSA) ? "ssh-rsa" : "ssh-dss";
hash_string(&hash, (const uint8_t *)(const void *)type, strlen(type));
switch(key->alg) {
case OPS_PKA_RSA:
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.32 src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.33
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.32 Fri Jun 25 03:37:27 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c Fri Jul 9 05:35:34 2010
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-print.c,v 1.32 2010/06/25 03:37:27 agc Exp $");
+__RCSID("$NetBSD: packet-print.c,v 1.33 2010/07/09 05:35:34 agc Exp $");
#endif
#include <string.h>
@@ -411,7 +411,7 @@
int n;
int r;
- if (key->revoked) {
+ if (key == NULL || key->revoked) {
return -1;
}
now = time(NULL);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.63 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.64
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.63 Thu Jul 1 04:27:21 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Fri Jul 9 05:35:34 2010
@@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.63 2010/07/01 04:27:21 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.64 2010/07/09 05:35:34 agc Exp $");
#endif
#include <sys/types.h>
@@ -245,7 +245,7 @@
/* read keys from ssh key files */
static int
-readsshkeys(netpgp_t *netpgp, char *homedir)
+readsshkeys(netpgp_t *netpgp, char *homedir, const char *needseckey)
{
__ops_keyring_t *pubring;
__ops_keyring_t *secring;
@@ -285,25 +285,26 @@
} else {
__ops_append_keyring(netpgp->pubring, pubring);
}
- netpgp_setvar(netpgp, "sshpubfile", filename);
- /* try to take the ".pub" off the end */
- if (filename == f) {
- f[strlen(f) - 4] = 0x0;
- } else {
- (void) snprintf(f, sizeof(f), "%.*s",
- (int)strlen(filename) - 4, filename);
- filename = f;
- }
- if ((secring = calloc(1, sizeof(*secring))) == NULL) {
- (void) fprintf(stderr, "readsshkeys: bad alloc\n");
- return 0;
- }
- if (__ops_ssh2_readkeys(netpgp->io, pubring, secring, NULL, filename, hashtype)) {
+ if (needseckey) {
+ netpgp_setvar(netpgp, "sshpubfile", filename);
+ /* try to take the ".pub" off the end */
+ if (filename == f) {
+ f[strlen(f) - 4] = 0x0;
+ } else {
+ (void) snprintf(f, sizeof(f), "%.*s",
+ (int)strlen(filename) - 4, filename);
+ filename = f;
+ }
+ if ((secring = calloc(1, sizeof(*secring))) == NULL) {
+ (void) fprintf(stderr, "readsshkeys: bad alloc\n");
+ return 0;
+ }
+ if (!__ops_ssh2_readkeys(netpgp->io, pubring, secring, NULL, filename, hashtype)) {
+ (void) fprintf(stderr, "readsshkeys: can't read sec %s\n", filename);
+ return 0;
+ }
netpgp->secring = secring;
netpgp_setvar(netpgp, "sshsecfile", filename);
- } else {
- (void) fprintf(stderr, "readsshkeys: can't read sec %s (%d)\n",
- filename, errno);
}
return 1;
}
@@ -439,21 +440,25 @@
/* return 1 if the file contains ascii-armoured text */
static unsigned
-isarmoured(__ops_io_t *io, const char *f, const char *text)
+isarmoured(__ops_io_t *io, const char *f, const void *memory, const char *text)
{
unsigned armoured;
FILE *fp;
char buf[BUFSIZ];
armoured = 0;
- if ((fp = fopen(f, "r")) == NULL) {
- (void) fprintf(io->errs, "isarmoured: can't open '%s'\n", f);
- return 0;
- }
- if (fgets(buf, sizeof(buf), fp) != NULL) {
- armoured = (strncmp(buf, text, strlen(text)) == 0);
+ if (f) {
+ if ((fp = fopen(f, "r")) == NULL) {
+ (void) fprintf(io->errs, "isarmoured: can't open '%s'\n", f);
+ return 0;
+ }
+ if (fgets(buf, sizeof(buf), fp) != NULL) {
+ armoured = (strncmp(buf, text, strlen(text)) == 0);
+ }
+ (void) fclose(fp);
+ } else {
+ armoured = (strncmp(memory, text, strlen(text)) == 0);
}
- (void) fclose(fp);
return armoured;
}
@@ -563,8 +568,8 @@
}
} else {
last = (netpgp->pubring != NULL);
- if (!readsshkeys(netpgp, homedir)) {
- (void) fprintf(io->errs, "Can't read ssh pub key\n");
+ if (!readsshkeys(netpgp, homedir, netpgp_getvar(netpgp, "need userid"))) {
+ (void) fprintf(io->errs, "Can't read ssh keys\n");
return 0;
}
if ((userid = netpgp_getvar(netpgp, "userid")) == NULL) {
@@ -769,31 +774,17 @@
int
netpgp_import_key(netpgp_t *netpgp, char *f)
{
-#if 0
- __ops_keyring_t *keyring;
-#endif
__ops_io_t *io;
unsigned realarmor;
-#if 0
- char ringfile[MAXPATHLEN];
-#endif
int done;
io = netpgp->io;
- realarmor = isarmoured(io, f, IMPORT_ARMOR_HEAD);
+ realarmor = isarmoured(io, f, NULL, IMPORT_ARMOR_HEAD);
done = __ops_keyring_fileread(netpgp->pubring, realarmor, f);
if (!done) {
(void) fprintf(io->errs, "Cannot import key from file %s\n", f);
return 0;
}
-#if 0
- keyring = netpgp->pubring;
- (void) snprintf(ringfile, sizeof(ringfile), "%s/pubring.gpg", netpgp_getvar(netpgp, "homedir"));
- if (!appendkey(io, &keyring->keys[keyring->keyc - 1], ringfile)) {
- (void) fprintf(io->errs, "Cannot append imported key to pubring %s\n", ringfile);
- return 0;
- }
-#endif
return __ops_keyring_list(io, netpgp->pubring, 0);
}
@@ -900,7 +891,7 @@
overwrite);
}
-#define ARMOR_HEAD "-----BEGIN PGP MESSAGE-----\r\n"
+#define ARMOR_HEAD "-----BEGIN PGP MESSAGE-----"
/* decrypt a file */
int
@@ -917,7 +908,7 @@
"netpgp_decrypt_file: no filename specified\n");
return 0;
}
- realarmor = isarmoured(io, f, ARMOR_HEAD);
+ realarmor = isarmoured(io, f, NULL, ARMOR_HEAD);
return __ops_decrypt_file(netpgp->io, f, out, netpgp->secring,
netpgp->pubring,
realarmor, overwrite,
@@ -1019,7 +1010,7 @@
"netpgp_verify_file: no filename specified\n");
return 0;
}
- realarmor = isarmoured(io, in, ARMOR_SIG_HEAD);
+ realarmor = isarmoured(io, in, NULL, ARMOR_SIG_HEAD);
if (__ops_validate_file(io, &result, in, out, (const int)realarmor, netpgp->pubring)) {
resultp(io, in, &result, netpgp->pubring);
return 1;
@@ -1212,20 +1203,20 @@
{
__ops_memory_t *mem;
__ops_io_t *io;
- unsigned realarmor;
+ unsigned realarmour;
size_t m;
+ __OPS_USED(armored);
io = netpgp->io;
- realarmor = (unsigned) armored;
if (input == NULL) {
(void) fprintf(io->errs,
"netpgp_decrypt_memory: no memory\n");
return 0;
}
- realarmor = (strncmp(input, ARMOR_HEAD, sizeof(ARMOR_HEAD) - 1) == 0);
+ realarmour = isarmoured(io, NULL, input, ARMOR_HEAD);
mem = __ops_decrypt_buf(netpgp->io, input, insize, netpgp->secring,
netpgp->pubring,
- realarmor, netpgp->passfp,
+ realarmour, netpgp->passfp,
get_passphrase_cb);
m = MIN(__ops_mem_len(mem), outsize);
(void) memcpy(out, __ops_mem_data(mem), m);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.37 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.38
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.37 Fri Jun 25 03:37:27 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Fri Jul 9 05:35:34 2010
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-parse.c,v 1.37 2010/06/25 03:37:27 agc Exp $");
+__RCSID("$NetBSD: packet-parse.c,v 1.38 2010/07/09 05:35:34 agc Exp $");
#endif
#ifdef HAVE_OPENSSL_CAST_H
@@ -2370,6 +2370,9 @@
int keysize;
int n;
+ if (__ops_get_debug_level(__FILE__)) {
+ (void) fprintf(stderr, "crypted seckey\n");
+ }
blocksize = __ops_block_size(pkt.u.seckey.alg);
if (blocksize == 0 || blocksize > OPS_MAX_BLOCK_SIZE) {
(void) fprintf(stderr,
@@ -2508,6 +2511,9 @@
saved_region = region;
region = &encregion;
}
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(stderr, "parse_seckey: end of crypted passphrase\n");
+ }
if (pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) {
pkt.u.seckey.checkhash = calloc(1, OPS_CHECKHASH_SIZE);
if (pkt.u.seckey.checkhash == NULL) {
@@ -2519,7 +2525,9 @@
} else {
__ops_reader_push_sum16(stream);
}
-
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(stderr, "parse_seckey: checkhash, reading MPIs\n");
+ }
switch (pkt.u.seckey.pubkey.alg) {
case OPS_PKA_RSA:
case OPS_PKA_RSA_ENCRYPT_ONLY:
@@ -2538,6 +2546,13 @@
}
break;
+ case OPS_PKA_ELGAMAL:
+printf("elgamal reading\n");
+ if (!limread_mpi(&pkt.u.seckey.key.elgamal.x, region, stream)) {
+ ret = 0;
+ }
+ break;
+
default:
OPS_ERROR_2(&stream->errors,
OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
Index: src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.37 src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.38
--- src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.37 Fri Jun 25 03:37:27 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c Fri Jul 9 05:35:35 2010
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: reader.c,v 1.37 2010/06/25 03:37:27 agc Exp $");
+__RCSID("$NetBSD: reader.c,v 1.38 2010/07/09 05:35:35 agc Exp $");
#endif
#include <sys/types.h>
@@ -2081,12 +2081,12 @@
}
__ops_cb_ret_t
-litdata_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo)
+__ops_litdata_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo)
{
const __ops_contents_t *content = &pkt->u;
if (__ops_get_debug_level(__FILE__)) {
- printf("litdata_cb: ");
+ printf("__ops_litdata_cb: ");
__ops_print_packet(&cbinfo->printstate, pkt);
}
/* Read data from packet into static buffer */
@@ -2095,7 +2095,7 @@
/* if writer enabled, use it */
if (cbinfo->output) {
if (__ops_get_debug_level(__FILE__)) {
- printf("litdata_cb: length is %u\n",
+ printf("__ops_litdata_cb: length is %u\n",
content->litdata_body.length);
}
__ops_write(cbinfo->output,
@@ -2116,7 +2116,7 @@
}
__ops_cb_ret_t
-pk_sesskey_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo)
+__ops_pk_sesskey_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo)
{
const __ops_contents_t *content = &pkt->u;
unsigned from;
@@ -2134,7 +2134,7 @@
}
if (!cbinfo->cryptinfo.secring) {
(void) fprintf(io->errs,
- "pk_sesskey_cb: bad keyring\n");
+ "__ops_pk_sesskey_cb: bad keyring\n");
return (__ops_cb_ret_t)0;
}
from = 0;
@@ -2168,7 +2168,7 @@
*/
__ops_cb_ret_t
-get_seckey_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo)
+__ops_get_seckey_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo)
{
const __ops_contents_t *content = &pkt->u;
const __ops_seckey_t *secret;
@@ -2199,9 +2199,12 @@
return (__ops_cb_ret_t)0;
}
keypair = cbinfo->cryptinfo.keydata;
+ if (pubkey == NULL) {
+ pubkey = keypair;
+ }
do {
/* print out the user id */
- __ops_print_keydata(io, cbinfo->cryptinfo.pubring,pubkey, "pub", &pubkey->key.pubkey, 0);
+ __ops_print_keydata(io, cbinfo->cryptinfo.pubring, pubkey, "pub", &pubkey->key.pubkey, 0);
/* now decrypt key */
secret = __ops_decrypt_seckey(keypair, cbinfo->passfp);
if (secret == NULL) {
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.23 src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.24
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.23 Fri Jun 25 03:37:27 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h Fri Jul 9 05:35:35 2010
@@ -444,10 +444,16 @@
BIGNUM *x;
} __ops_dsa_seckey_t;
+/** __ops_elgamal_seckey_t */
+typedef struct {
+ BIGNUM *x;
+} __ops_elgamal_seckey_t;
+
/** __ops_seckey_union_t */
typedef union {
__ops_rsa_seckey_t rsa;
__ops_dsa_seckey_t dsa;
+ __ops_elgamal_seckey_t elgamal;
} __ops_seckey_union_t;
/** s2k_usage_t
Index: src/crypto/external/bsd/netpgp/dist/src/lib/readerwriter.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/readerwriter.h:1.10 src/crypto/external/bsd/netpgp/dist/src/lib/readerwriter.h:1.11
--- src/crypto/external/bsd/netpgp/dist/src/lib/readerwriter.h:1.10 Fri Mar 5 16:01:10 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/readerwriter.h Fri Jul 9 05:35:35 2010
@@ -75,7 +75,7 @@
const unsigned,
__ops_crypt_t *);
void __ops_push_enc_crypt(__ops_output_t *, __ops_crypt_t *);
-void __ops_push_enc_se_ip(__ops_output_t *, const __ops_key_t *);
+int __ops_push_enc_se_ip(__ops_output_t *, const __ops_key_t *);
/* Secret Key checksum */
void __ops_push_checksum_writer(__ops_output_t *, __ops_seckey_t *);
@@ -117,9 +117,9 @@
unsigned __ops_reader_set_accumulate(__ops_stream_t *, unsigned);
/* useful callbacks */
-__ops_cb_ret_t litdata_cb(const __ops_packet_t *, __ops_cbdata_t *);
-__ops_cb_ret_t pk_sesskey_cb(const __ops_packet_t *, __ops_cbdata_t *);
-__ops_cb_ret_t get_seckey_cb(const __ops_packet_t *, __ops_cbdata_t *);
+__ops_cb_ret_t __ops_litdata_cb(const __ops_packet_t *, __ops_cbdata_t *);
+__ops_cb_ret_t __ops_pk_sesskey_cb(const __ops_packet_t *, __ops_cbdata_t *);
+__ops_cb_ret_t __ops_get_seckey_cb(const __ops_packet_t *, __ops_cbdata_t *);
int __ops_getpassphrase(void *, char *, size_t);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c:1.13 src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c:1.14
--- src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c:1.13 Fri Jun 25 03:37:27 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c Fri Jul 9 05:35:35 2010
@@ -180,6 +180,7 @@
static str_t pkatypes[] = {
{ "ssh-rsa", 7, OPS_PKA_RSA },
+ { "ssh-dss", 7, OPS_PKA_DSA },
{ "ssh-dsa", 7, OPS_PKA_DSA },
{ NULL, 0, 0 }
};
@@ -435,7 +436,10 @@
if (__ops_get_debug_level(__FILE__)) {
(void) fprintf(io->errs, "__ops_ssh2_readkeys: pubfile '%s'\n", pubfile);
}
- __ops_ssh2pubkey(io, pubfile, &key, hashtype);
+ if (!__ops_ssh2pubkey(io, pubfile, &key, hashtype)) {
+ (void) fprintf(io->errs, "__ops_ssh2_readkeys: can't read pubkeys '%s'\n", pubfile);
+ return 0;
+ }
EXPAND_ARRAY(pubring, key);
pubkey = &pubring->keys[pubring->keyc++];
(void) memcpy(pubkey, &key, sizeof(key));
@@ -448,7 +452,10 @@
if (pubkey == NULL) {
pubkey = &pubring->keys[0];
}
- (void) __ops_ssh2seckey(io, secfile, &key, &pubkey->key.pubkey, hashtype);
+ if (!__ops_ssh2seckey(io, secfile, &key, &pubkey->key.pubkey, hashtype)) {
+ (void) fprintf(io->errs, "__ops_ssh2_readkeys: can't read seckeys '%s'\n", secfile);
+ return 0;
+ }
EXPAND_ARRAY(secring, key);
seckey = &secring->keys[secring->keyc++];
(void) memcpy(seckey, &key, sizeof(key));
Index: src/crypto/external/bsd/netpgp/dist/src/lib/version.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.36 src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.37
--- src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.36 Fri Jun 25 03:37:28 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/version.h Fri Jul 9 05:35:35 2010
@@ -58,7 +58,7 @@
#endif
/* development versions have .99 suffix */
-#define NETPGP_BASE_VERSION "3.99.5"
+#define NETPGP_BASE_VERSION "3.99.7"
#define NETPGP_VERSION_CAT(a, b) "NetPGP portable " a "/[" b "]"
#define NETPGP_VERSION_STRING \
