dist

Alistair G. Crooks Wed, 01 Sep 2010 10:26:44 -0700

Module Name:    src
Committed By:   agc
Date:           Wed Sep  1 17:25:58 UTC 2010


Modified Files:
        src/crypto/external/bsd/netpgp/dist: tst
        src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c main.c
        src/crypto/external/bsd/netpgp/dist/src/lib: create.c keyring.c
            netpgp.c
        src/crypto/external/bsd/netpgp/dist/src/netpgp: netpgp.c
        src/crypto/external/bsd/netpgp/dist/src/netpgpverify: verify.c

Log Message:
Various minor changes to netpgp:

+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in 
netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
  keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/netpgp/dist/tst
cvs rdiff -u -r1.2 -r1.3 \
    src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \
    src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c
cvs rdiff -u -r1.33 -r1.34 \
    src/crypto/external/bsd/netpgp/dist/src/lib/create.c
cvs rdiff -u -r1.45 -r1.46 \
    src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
cvs rdiff -u -r1.70 -r1.71 \
    src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.13 -r1.14 \
    src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c
cvs rdiff -u -r1.14 -r1.15 \
    src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/dist/tst
diff -u src/crypto/external/bsd/netpgp/dist/tst:1.28 src/crypto/external/bsd/netpgp/dist/tst:1.29
--- src/crypto/external/bsd/netpgp/dist/tst:1.28	Sat Aug  7 04:27:00 2010
+++ src/crypto/external/bsd/netpgp/dist/tst	Wed Sep  1 17:25:57 2010
@@ -36,7 +36,7 @@
 	su root -c "make install"'
 
 passed=0
-total=34
+total=35
 rm -f passed
 date > passed
 echo "======> sign/verify 180938 file"
@@ -181,5 +181,8 @@
 echo "user sshkey \"$sshkey\" = netpgpkey \"$netpgpkey\""
 [ $sshkey = $netpgpkey ] && passed=$(expr $passed + 1)
 echo "34 " $passed >> passed
+echo "======> single key listing"
+/usr/bin/netpgpkeys -l agc && passed=$(expr $passed + 1)
+echo "35 " $passed >> passed
 rm -f a a.gpg b b.gpg c c.gpg d d.gpg e f f.sig g g.asc g2 a2 a3 a4 a5 h h.sig i i.asc
 echo "Passed ${passed}/${total} tests"

Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile
diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.2 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.3
--- src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.2	Tue Mar 16 00:22:52 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile	Wed Sep  1 17:25:57 2010
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2010/03/16 00:22:52 agc Exp $
+# $NetBSD: Makefile,v 1.3 2010/09/01 17:25:57 agc Exp $
 
 PROG=hkpd
 SRCS=hkpd.c main.c
@@ -9,3 +9,11 @@
 WARNS=0 # anything over 0 will fail at the link stage with IDEA errors
 
 .include <bsd.prog.mk>
+
+t: ${PROG}
+	./${PROG} -D &
+	sleep 1
+	ftp -o- 'http://localhost:11371/pks/lookup?op=index&search=agc&options=json'
+	ftp -o- 'http://localhost:11371/pks/lookup?op=get&search=agc&options=json'
+	ftp -o- 'http://localhost:11371/pks/lookup?op=get&search=agc&options=mr'
+	pkill hkpd
Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c
diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.2 src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.3
--- src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.2	Tue Mar 16 00:22:52 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c	Wed Sep  1 17:25:57 2010
@@ -92,7 +92,7 @@
 	host = strdup("localhost");
 	daemonise = 1;
 	family = strdup("46");
-	while ((i = getopt(argc, argv, "DH:Vf:h:p:v:")) != -1) {
+	while ((i = getopt(argc, argv, "DH:S:Vf:h:p:v:")) != -1) {
 		switch(i) {
 		case 'D':
 			daemonise = 0;
@@ -100,6 +100,10 @@
 		case 'H':
 			set_homedir(&netpgp, optarg, NULL, 0);
 			break;
+		case 'S':
+			netpgp_setvar(&netpgp, "ssh keys", "1");
+			netpgp_setvar(&netpgp, "sshkeyfile", optarg);
+			break;
 		case 'V':
 			printf("%s: Version %d\n", *argv, HKPD_VERSION);
 			exit(EXIT_SUCCESS);

Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c
diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.4 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.5
--- src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.4	Tue Mar 16 04:14:29 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c	Wed Sep  1 17:25:57 2010
@@ -31,7 +31,6 @@
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
-#include <sys/param.h>
 #include <sys/select.h>
 
 #include <netinet/in.h>
@@ -78,7 +77,7 @@
 
 /* make into html */
 static int
-htmlify(char *buf, size_t size, const int code, const int get, const char *title, const int mr, const char *body)
+htmlify(char *buf, size_t size, const int code, const int get, const char *title, const char *out, const char *body)
 {
 	return snprintf(buf, size,
 		"%s %d %s\r\n"
@@ -90,13 +89,13 @@
 		HKP_HTTP_LEVEL, code, (code == HKP_SUCCESS) ? "OK" : "not found",
 		HKP_NAME, HKPD_VERSION,
 		(get) ? HKP_MIME_GET : HKP_MIME_INDEX,
-		(get || !mr) ? "" : HKP_MACHREAD,
+		(get || strcmp(out, "mr") != 0) ? "" : HKP_MACHREAD,
 		body);
 }
 
 /* send the response now */
 static int
-response(int sock, const int code, const char *search, const int get, char *buf, int cc, int mr)
+response(int sock, const int code, const char *search, const int get, char *buf, int cc, const char *out)
 {
 	char	outbuf[1024 * 512];
 	char	item[BUFSIZ];
@@ -109,13 +108,13 @@
 			"Error handling request: No keys found for '%s'\r\n", search);
 		n = htmlify(outbuf, sizeof(outbuf), code, get,
 			"Error handling request\r\n",
-			mr,
+			out,
 			item);
 	} else {
 		(void) snprintf(item, sizeof(item), "Search results for '%s'", search);
 		n = htmlify(outbuf, sizeof(outbuf), code, get,
 			item,
-			mr,
+			out,
 			buf);
 	}
 	for (tot = 0 ; (wc = write(sock, &outbuf[tot], n - tot)) > 0 && tot < n ; tot += wc) {
@@ -203,20 +202,20 @@
 	struct sockaddr_in	from;
 	regmatch_t		searchmatches[10];
 	regmatch_t		opmatches[10];
-	regmatch_t		mrmatch[3];
+	regmatch_t		fmtmatch[3];
 	socklen_t		fromlen;
-	regex_t			machreadterm;
 	regex_t			searchterm;
+	regex_t			fmtterm;
 	regex_t			opterm;
 	regex_t			get;
 	fd_set			sockets;
 	char			search[BUFSIZ];
 	char			buf[BUFSIZ];
 	char			*cp;
+	char			fmt[10];
 	int			newsock;
 	int			sock;
 	int			code;
-	int			mr;
 	int			ok;
 	int			cc;
 	int			n;
@@ -225,12 +224,12 @@
 #define HTTPGET		"GET /pks/lookup\\?"
 #define OPTERM		"op=([a-zA-Z]+)"
 #define SEARCHTERM	"search=([^ \t&]+)"
-#define MACHREAD	"options=mr"
+#define FMT		"options=(mr|json)"
 
 	(void) regcomp(&get, HTTPGET, REG_EXTENDED);
 	(void) regcomp(&opterm, OPTERM, REG_EXTENDED);
 	(void) regcomp(&searchterm, SEARCHTERM, REG_EXTENDED);
-	(void) regcomp(&machreadterm, MACHREAD, REG_EXTENDED);
+	(void) regcomp(&fmtterm, FMT, REG_EXTENDED);
 	if (sock4 >= 0) {
 		listen(sock4, 32);
 	}
@@ -265,8 +264,12 @@
 			(void) fprintf(stderr, "no operation in request\n");
 			ok = 0;
 		}
-		if (ok) {
-			mr = (regexec(&machreadterm, buf, 3, mrmatch, 0) == 0);
+		if (ok && regexec(&fmtterm, buf, 3, fmtmatch, 0) == 0) {
+			(void) snprintf(fmt, sizeof(fmt), "%.*s",
+				(int)(fmtmatch[1].rm_eo - fmtmatch[1].rm_so),
+				&buf[(int)fmtmatch[1].rm_so]);
+		} else {
+			fmt[0] = 0x0;
 		}
 		if (ok && regexec(&searchterm, buf, 10, searchmatches, 0) != 0) {
 			(void) fprintf(stderr, "no search term in request\n");
@@ -286,26 +289,36 @@
 		if (strncmp(&buf[opmatches[1].rm_so], "vindex", 6) == 0) {
 			cc = 0;
 			netpgp_setvar(netpgp, "subkey sigs", "yes");
-			if ((cp = netpgp_get_key(netpgp, search, (mr) ? "mr" : "")) != NULL) {
+			if (strcmp(fmt, "json") == 0) {
+				if (netpgp_match_keys_json(netpgp, &cp, search, "human", 1)) {
+					cc = strlen(cp);
+					code = HKP_SUCCESS;
+				}
+			} else if ((cp = netpgp_get_key(netpgp, search, fmt)) != NULL) {
 				cc = strlen(cp);
 				code = HKP_SUCCESS;
 			}
-			response(newsock, code, search, 0, cp, cc, mr);
+			response(newsock, code, search, 0, cp, cc, fmt);
 			netpgp_unsetvar(netpgp, "subkey sigs");
 		} else if (strncmp(&buf[opmatches[1].rm_so], "index", 5) == 0) {
 			cc = 0;
 			netpgp_unsetvar(netpgp, "subkey sigs");
-			if ((cp = netpgp_get_key(netpgp, search, (mr) ? "mr" : "")) != NULL) {
+			if (strcmp(fmt, "json") == 0) {
+				if (netpgp_match_keys_json(netpgp, &cp, search, "human", 0)) {
+					cc = strlen(cp);
+					code = HKP_SUCCESS;
+				}
+			} else if ((cp = netpgp_get_key(netpgp, search, fmt)) != NULL) {
 				cc = strlen(cp);
 				code = HKP_SUCCESS;
 			}
-			response(newsock, code, search, 0, cp, cc, mr);
+			response(newsock, code, search, 0, cp, cc, fmt);
 		} else if (strncmp(&buf[opmatches[1].rm_so], "get", 3) == 0) {
 			if ((cp = netpgp_export_key(netpgp, search)) != NULL) {
 				cc = strlen(cp);
 				code = HKP_SUCCESS;
 			}
-			response(newsock, code, search, 1, cp, cc, mr);
+			response(newsock, code, search, 1, cp, cc, fmt);
 		}
 		free(cp);
 		(void) close(newsock);

Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.33 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.34
--- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.33	Sun Aug 15 07:52:26 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c	Wed Sep  1 17:25:57 2010
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.33 2010/08/15 07:52:26 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.34 2010/09/01 17:25:57 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -271,7 +271,7 @@
 
 /*
  * Note that we support v3 keys here because they're needed for
- * verification - the writer doesn't allow them, though
+ * verification.
  */
 static unsigned 
 write_seckey_body(const __ops_seckey_t *key,
@@ -480,11 +480,6 @@
 static unsigned 
 write_struct_pubkey(__ops_output_t *output, const __ops_pubkey_t *key)
 {
-	if (key->version != 4) {
-		(void) fprintf(stderr,
-			"write_struct_pubkey: wrong key version\n");
-		return 0;
-	}
 	return __ops_write_ptag(output, OPS_PTAG_CT_PUBLIC_KEY) &&
 		__ops_write_length(output, 1 + 4 + 1 + pubkey_length(key)) &&
 		write_pubkey_body(key, output);
@@ -513,7 +508,7 @@
 		__ops_writer_push_armoured(output, OPS_PGP_PUBLIC_KEY_BLOCK);
 	}
 	/* public key */
-	if (!write_struct_pubkey(output, &key->key.seckey.pubkey)) {
+	if (!write_struct_pubkey(output, &key->key.pubkey)) {
 		return 0;
 	}
 

Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.45 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.46
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.45	Wed Sep  1 06:20:23 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c	Wed Sep  1 17:25:57 2010
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.45 2010/09/01 06:20:23 agc Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.46 2010/09/01 17:25:57 agc Exp $");
 #endif
 
 #ifdef HAVE_FCNTL_H
@@ -821,6 +821,9 @@
 __ops_getkeybyid(__ops_io_t *io, const __ops_keyring_t *keyring,
 			   const uint8_t *keyid, unsigned *from, __ops_pubkey_t **pubkey)
 {
+	uint8_t	nullid[OPS_KEY_ID_SIZE];
+
+	(void) memset(nullid, 0x0, sizeof(nullid));
 	for ( ; keyring && *from < keyring->keyc; *from += 1) {
 		if (__ops_get_debug_level(__FILE__)) {
 			hexdump(io->errs, "keyring keyid", keyring->keys[*from].sigid, OPS_KEY_ID_SIZE);
@@ -834,7 +837,7 @@
 			}
 			return &keyring->keys[*from];
 		}
-		if (memcmp(&keyring->keys[*from].encid, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", OPS_KEY_ID_SIZE) == 0) {
+		if (memcmp(&keyring->keys[*from].encid, nullid, sizeof(nullid)) == 0) {
 			continue;
 		}
 		if (memcmp(&keyring->keys[*from].encid, keyid, OPS_KEY_ID_SIZE) == 0 ||

Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.70 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.71
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.70	Wed Sep  1 06:20:23 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c	Wed Sep  1 17:25:57 2010
@@ -34,7 +34,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.70 2010/09/01 06:20:23 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.71 2010/09/01 17:25:57 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -575,7 +575,7 @@
 		}
 	} else {
 		last = (netpgp->pubring != NULL);
-		if (!readsshkeys(netpgp, homedir, netpgp_getvar(netpgp, "need userid"))) {
+		if (!readsshkeys(netpgp, homedir, netpgp_getvar(netpgp, "need seckey"))) {
 			(void) fprintf(io->errs, "Can't read ssh keys\n");
 			return 0;
 		}

Index: src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c:1.13 src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c:1.14
--- src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c:1.13	Fri Aug 13 18:29:41 2010
+++ src/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c	Wed Sep  1 17:25:57 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: netpgp.c,v 1.13 2010/08/13 18:29:41 agc Exp $ */
+/* $NetBSD: netpgp.c,v 1.14 2010/09/01 17:25:57 agc Exp $ */
 
 /*-
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -343,13 +343,22 @@
 		netpgp_setvar(netpgp, "coredumps", "allowed");
 		break;
 	case ENCRYPT:
+		/* for encryption, we need a userid */
+		netpgp_setvar(netpgp, "need userid", "1");
+		p->cmd = val;
+		break;
 	case SIGN:
 	case CLEARSIGN:
-		/* for encryption and signing, we need a userid */
+		/* for signing, we need a userid and a seckey */
+		netpgp_setvar(netpgp, "need seckey", "1");
 		netpgp_setvar(netpgp, "need userid", "1");
 		p->cmd = val;
 		break;
 	case DECRYPT:
+		/* for decryption, we need a seckey */
+		netpgp_setvar(netpgp, "need seckey", "1");
+		p->cmd = val;
+		break;
 	case VERIFY:
 	case VERIFY_CAT:
 	case LIST_PACKETS:
@@ -437,6 +446,7 @@
 		netpgp_setvar(netpgp, "results", arg);
 		break;
 	case SSHKEYFILE:
+		netpgp_setvar(netpgp, "ssh keys", "1");
 		netpgp_setvar(netpgp, "sshkeyfile", arg);
 		break;
 	case MAX_MEM_ALLOC:
@@ -532,10 +542,12 @@
 					netpgp_get_info("maintainer"));
 				exit(EXIT_SUCCESS);
 			case 'd':
+				/* for decryption, we need the seckey */
+				netpgp_setvar(&netpgp, "need seckey", "1");
 				p.cmd = DECRYPT;
 				break;
 			case 'e':
-				/* for encryption and signing, we need a userid */
+				/* for encryption, we need a userid */
 				netpgp_setvar(&netpgp, "need userid", "1");
 				p.cmd = ENCRYPT;
 				break;
@@ -545,7 +557,8 @@
 				}
 				break;
 			case 's':
-				/* for encryption and signing, we need a userid */
+				/* for signing, we need a userid and a seckey */
+				netpgp_setvar(&netpgp, "need seckey", "1");
 				netpgp_setvar(&netpgp, "need userid", "1");
 				p.cmd = SIGN;
 				break;

Index: src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c
diff -u src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c:1.14 src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c:1.15
--- src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c:1.14	Thu Jul  1 04:27:21 2010
+++ src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c	Wed Sep  1 17:25:57 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: verify.c,v 1.14 2010/07/01 04:27:21 agc Exp $ */
+/* $NetBSD: verify.c,v 1.15 2010/09/01 17:25:57 agc Exp $ */
 
 /*-
  * Copyright (c) 2009,2010 The NetBSD Foundation, Inc.
@@ -323,6 +323,7 @@
 			netpgp_setvar(&netpgp, "results", optarg);
 			break;
 		case SSHKEYFILE:
+			netpgp_setvar(&netpgp, "ssh keys", "1");
 			netpgp_setvar(&netpgp, "sshkeyfile", optarg);
 			break;
 		case MAX_MEM_ALLOC:

CVS commit: src/crypto/external/bsd/netpgp/dist

Reply via email to