Module Name: src
Committed By: agc
Date: Fri Jun 25 03:37:28 UTC 2010
Modified Files:
src/crypto/external/bsd/netpgp/dist: TODO tst
src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.c
keyring.c keyring.h misc.c netpgp.c netpgpdefs.h openssl_crypto.c
ops-ssh.h packet-parse.c packet-print.c packet.h reader.c
signature.c ssh2pgp.c validate.c version.h writer.c
src/crypto/external/bsd/netpgp/dist/src/netpgpkeys: netpgpkeys.1
netpgpkeys.c
Log Message:
Changes to 3.99.5
+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option
With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)
% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub
--list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk
(/etc/ssh/ssh_host_rsa_key.pub) <[email protected]>
% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b
/etc/ssh/ssh_host_rsa_key.pub (RSA)
%
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/netpgp/dist/tst
cvs rdiff -u -r1.28 -r1.29 \
src/crypto/external/bsd/netpgp/dist/src/lib/create.c \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
cvs rdiff -u -r1.23 -r1.24 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c \
src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c \
src/crypto/external/bsd/netpgp/dist/src/lib/writer.c
cvs rdiff -u -r1.37 -r1.38 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
cvs rdiff -u -r1.26 -r1.27 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c
cvs rdiff -u -r1.58 -r1.59 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgpdefs.h
cvs rdiff -u -r1.1 -r1.2 \
src/crypto/external/bsd/netpgp/dist/src/lib/ops-ssh.h
cvs rdiff -u -r1.36 -r1.37 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c \
src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
cvs rdiff -u -r1.31 -r1.32 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c
cvs rdiff -u -r1.35 -r1.36 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
cvs rdiff -u -r1.11 -r1.12 \
src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/netpgp/dist/TODO
diff -u src/crypto/external/bsd/netpgp/dist/TODO:1.38 src/crypto/external/bsd/netpgp/dist/TODO:1.39
--- src/crypto/external/bsd/netpgp/dist/TODO:1.38 Sat May 8 02:45:45 2010
+++ src/crypto/external/bsd/netpgp/dist/TODO Fri Jun 25 03:37:27 2010
@@ -95,3 +95,4 @@
--list-sigs - these come out in __ops_check_subkey_sig()
hkp to include sigs too
make netpgpkeys work - add, import, commit, update, sign, passphrase
+fix ssh fingerprints not matching netpgp
Index: src/crypto/external/bsd/netpgp/dist/tst
diff -u src/crypto/external/bsd/netpgp/dist/tst:1.23 src/crypto/external/bsd/netpgp/dist/tst:1.24
--- src/crypto/external/bsd/netpgp/dist/tst:1.23 Sat May 8 02:18:05 2010
+++ src/crypto/external/bsd/netpgp/dist/tst Fri Jun 25 03:37:27 2010
@@ -31,7 +31,7 @@
su root -c "make install"'
passed=0
-total=32
+total=33
rm -f passed
date > passed
echo "======> sign/verify 180938 file"
@@ -164,5 +164,10 @@
echo "======> ascii detached armoured sig detection and verification"
/usr/bin/netpgp --verify i.asc && passed=$(expr $passed + 1)
echo "32 " $passed >> passed
+echo "======> ssh fingerprint and netpgp fingerprint"
+/usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
+/usr/bin/ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
+passed=$(expr $passed + 1)
+echo "33 " $passed >> passed
rm -f a a.gpg b b.gpg c c.gpg d d.gpg e f f.sig g g.asc g2 a2 a3 a4 a5 h h.sig i i.asc
echo "Passed ${passed}/${total} tests"
Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.28 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.29
--- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.28 Tue May 25 01:05:10 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c Fri Jun 25 03:37:27 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.28 2010/05/25 01:05:10 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.29 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -422,10 +422,8 @@
__ops_encrypt_init(&crypted);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "\nWRITING:\niv=");
- hexdump(stderr, key->iv, __ops_block_size(key->alg), " ");
- (void) fprintf(stderr, "\nkey=");
- hexdump(stderr, sesskey, CAST_KEY_LENGTH, " ");
+ hexdump(stderr, "writing: iv=", key->iv, __ops_block_size(key->alg));
+ hexdump(stderr, "key= ", sesskey, CAST_KEY_LENGTH);
(void) fprintf(stderr, "\nturning encryption on...\n");
}
__ops_push_enc_crypt(output, &crypted);
@@ -838,9 +836,7 @@
cs[1] = (uint8_t)(checksum & 0xff);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr,"\nm buf checksum: ");
- hexdump(stderr, cs, 2, " ");
- (void) fprintf(stderr,"\n");
+ hexdump(stderr, "nm buf checksum:", cs, 2);
}
return 1;
}
@@ -922,9 +918,7 @@
(void) memcpy(EM + i, M, mLen);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "Encoded Message: \n");
- hexdump(stderr, EM, mLen, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "Encoded Message:", EM, mLen);
}
return 1;
}
@@ -984,9 +978,7 @@
sizeof(sesskey->key_id));
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "Encrypting for RSA key id : ");
- hexdump(stderr, key->key_id, sizeof(sesskey->key_id), " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "Encrypting for RSA keyid", key->key_id, sizeof(sesskey->key_id));
}
if (key->key.pubkey.alg != OPS_PKA_RSA) {
(void) fprintf(stderr,
@@ -1002,11 +994,7 @@
__ops_random(sesskey->key, CAST_KEY_LENGTH);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr,
- "CAST5 session key created (len=%d):\n ",
- CAST_KEY_LENGTH);
- hexdump(stderr, sesskey->key, CAST_KEY_LENGTH, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "CAST5 sesskey created", sesskey->key, CAST_KEY_LENGTH);
}
if (create_unencoded_m_buf(sesskey, &unencoded_m_buf[0]) == 0) {
free(encoded_m_buf);
@@ -1014,9 +1002,7 @@
return NULL;
}
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "unencoded m buf:\n");
- hexdump(stderr, unencoded_m_buf, SZ_UNENCODED_M_BUF, " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "uuencoded m buf", unencoded_m_buf, SZ_UNENCODED_M_BUF);
}
encode_m_buf(unencoded_m_buf, SZ_UNENCODED_M_BUF, pubkey, encoded_m_buf);
@@ -1238,7 +1224,7 @@
{
uint8_t keyid[OPS_KEY_ID_SIZE];
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
+ __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, OPS_HASH_SHA1); /* XXX - hardcoded */
return __ops_write_ptag(output, OPS_PTAG_CT_1_PASS_SIG) &&
__ops_write_length(output, 1 + 1 + 1 + 1 + 8 + 1) &&
__ops_write_scalar(output, 3, 1) /* version */ &&
Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.28 src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.29
--- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.28 Tue May 25 01:05:11 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c Fri Jun 25 03:37:27 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: signature.c,v 1.28 2010/05/25 01:05:11 agc Exp $");
+__RCSID("$NetBSD: signature.c,v 1.29 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -335,15 +335,10 @@
}
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "\nhashbuf_from_sig\n");
- hexdump(stderr, hashbuf_from_sig, debug_len_decrypted, " ");
- printf("\nprefix\n");
- hexdump(stderr, prefix, plen, " ");
- (void) fprintf(stderr, "\nhash from sig\n");
- hexdump(stderr, &hashbuf_from_sig[n + plen], hash_length, " ");
- (void) fprintf(stderr, "\nhash passed in (should match hash from sig)\n");
- hexdump(stderr, hash, hash_length, " ");
- printf("\n");
+ hexdump(stderr, "sig hashbuf", hashbuf_from_sig, debug_len_decrypted);
+ hexdump(stderr, "prefix", prefix, plen);
+ hexdump(stderr, "sig hash", &hashbuf_from_sig[n + plen], hash_length);
+ hexdump(stderr, "input hash", hash, hash_length);
}
return (memcmp(&hashbuf_from_sig[n], prefix, plen) == 0 &&
memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) == 0);
@@ -419,8 +414,7 @@
unsigned ret;
if (__ops_get_debug_level(__FILE__)) {
- printf("__ops_check_sig: (length %d) hash=", length);
- hexdump(stdout, hash, length, "");
+ hexdump(stdout, "hash", hash, length);
}
ret = 0;
switch (sig->info.key_alg) {
@@ -1036,7 +1030,7 @@
return 0;
}
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
+ __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, hash_alg);
ret = __ops_add_issuer_keyid(sig, keyid) &&
__ops_end_hashed_subpkts(sig) &&
__ops_write_sig(output, sig, &seckey->pubkey, seckey);
@@ -1079,7 +1073,7 @@
__ops_add_birthtime(sig, (long long)from);
__ops_add_expiration(sig, (long long)duration);
/* add key id to signature */
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
+ __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, hash_alg);
__ops_add_issuer_keyid(sig, keyid);
__ops_end_hashed_subpkts(sig);
__ops_write_sig(output, sig, &seckey->pubkey, seckey);
@@ -1204,7 +1198,7 @@
__ops_add_birthtime(sig, from);
__ops_add_expiration(sig, (long long)duration);
/* add key id to signature */
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
+ __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, hash_alg);
__ops_add_issuer_keyid(sig, keyid);
__ops_end_hashed_subpkts(sig);
@@ -1230,15 +1224,15 @@
const unsigned armored, const unsigned overwrite)
{
__ops_create_sig_t *sig;
- __ops_hash_alg_t alg;
+ __ops_hash_alg_t hash_alg;
__ops_output_t *output;
__ops_memory_t *mem;
uint8_t keyid[OPS_KEY_ID_SIZE];
int fd;
/* find out which hash algorithm to use */
- alg = __ops_str_to_hash_alg(hash);
- if (alg == OPS_HASH_UNKNOWN) {
+ hash_alg = __ops_str_to_hash_alg(hash);
+ if (hash_alg == OPS_HASH_UNKNOWN) {
(void) fprintf(io->errs,"Unknown hash algorithm: %s\n", hash);
return 0;
}
@@ -1253,7 +1247,7 @@
/* create a new signature */
sig = __ops_create_sig_new();
- __ops_start_sig(sig, seckey, alg, OPS_SIG_BINARY);
+ __ops_start_sig(sig, seckey, hash_alg, OPS_SIG_BINARY);
/* read the contents of 'f', and add that to the signature */
mem = __ops_memory_new();
@@ -1271,7 +1265,7 @@
/* calculate the signature */
__ops_add_birthtime(sig, from);
__ops_add_expiration(sig, (long long)duration);
- __ops_keyid(keyid, sizeof(keyid), &seckey->pubkey);
+ __ops_keyid(keyid, sizeof(keyid), &seckey->pubkey, hash_alg);
__ops_add_issuer_keyid(sig, keyid);
__ops_end_hashed_subpkts(sig);
__ops_write_sig(output, sig, &seckey->pubkey, seckey);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.23 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.24
--- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.23 Sun May 16 02:46:25 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Fri Jun 25 03:37:27 2010
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: crypto.c,v 1.23 2010/05/16 02:46:25 agc Exp $");
+__RCSID("$NetBSD: crypto.c,v 1.24 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -109,9 +109,7 @@
}
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "\nDECRYPTING\nencrypted data : ");
- hexdump(stderr, encmpibuf, 16, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "encrypted", encmpibuf, 16);
}
n = __ops_rsa_private_decrypt(mpibuf, encmpibuf,
(unsigned)(BN_num_bits(encmpi) + 7) / 8,
@@ -122,21 +120,13 @@
}
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "decrypted encoded m buf : ");
- hexdump(stderr, mpibuf, 16, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "decrypted", mpibuf, 16);
}
if (n <= 0) {
return -1;
}
- if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, " decrypted=%d ", n);
- hexdump(stderr, mpibuf, (unsigned)n, "");
- fprintf(stderr, "\n");
- }
/* Decode EME-PKCS1_V1_5 (RFC 2437). */
-
if (mpibuf[0] != 0 || mpibuf[1] != 2) {
return -1;
}
@@ -158,9 +148,7 @@
}
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "decoded m buf:\n");
- hexdump(stderr, buf, (size_t)(n - i), " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "decoded m", buf, (size_t)(n - i));
}
return n - i;
}
@@ -197,9 +185,7 @@
skp->rsa.encrypted_m = BN_bin2bn(encmpibuf, n, NULL);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "encrypted mpi buf : ");
- hexdump(stderr, encmpibuf, 16, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "encrypted mpi", encmpibuf, 16);
}
return 1;
}
Index: src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.23 src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.24
--- src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.23 Tue May 25 01:05:10 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Fri Jun 25 03:37:27 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: openssl_crypto.c,v 1.23 2010/05/25 01:05:10 agc Exp $");
+__RCSID("$NetBSD: openssl_crypto.c,v 1.24 2010/06/25 03:37:27 agc Exp $");
#endif
#ifdef HAVE_OPENSSL_DSA_H
@@ -538,9 +538,7 @@
odsa->pub_key = dsa->y;
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "hash passed in:\n");
- hexdump(stderr, hash, hash_length, " ");
- (void) fprintf(stderr, "\nhash_length=%" PRIsize "d\n", hash_length);
+ hexdump(stderr, "input hash", hash, hash_length);
(void) fprintf(stderr, "Q=%d\n", BN_num_bytes(odsa->q));
}
if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {
@@ -823,8 +821,8 @@
RSA_free(rsa);
- __ops_keyid(keydata->key_id, OPS_KEY_ID_SIZE, &keydata->key.seckey.pubkey);
- __ops_fingerprint(&keydata->fingerprint, &keydata->key.seckey.pubkey);
+ __ops_keyid(keydata->key_id, OPS_KEY_ID_SIZE, &keydata->key.seckey.pubkey, seckey->hash_alg);
+ __ops_fingerprint(&keydata->fingerprint, &keydata->key.seckey.pubkey, seckey->hash_alg);
/* Generate checksum */
Index: src/crypto/external/bsd/netpgp/dist/src/lib/writer.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.23 src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.24
--- src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.23 Tue May 25 01:05:11 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/writer.c Fri Jun 25 03:37:28 2010
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: writer.c,v 1.23 2010/05/25 01:05:11 agc Exp $");
+__RCSID("$NetBSD: writer.c,v 1.24 2010/06/25 03:37:28 agc Exp $");
#endif
#include <sys/types.h>
@@ -955,11 +955,8 @@
src + done, size);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "WRITING:\nunencrypted: ");
- hexdump(stderr, &src[done], 16, " ");
- (void) fprintf(stderr, "\nencrypted: ");
- hexdump(stderr, encbuf, 16, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "unencrypted", &src[done], 16);
+ hexdump(stderr, "encrypted", encbuf, 16);
}
if (!stacked_write(writer, encbuf, size, errors)) {
if (__ops_get_debug_level(__FILE__)) {
@@ -1165,9 +1162,7 @@
preamble[crypted->blocksize + 1] = preamble[crypted->blocksize - 1];
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "\npreamble: ");
- hexdump(stderr, preamble, preamblesize, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "preamble", preamble, preamblesize);
}
/* now construct MDC packet and add to the end of the buffer */
@@ -1176,11 +1171,8 @@
__ops_write_mdc(mdcoutput, hashed);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "\nplaintext: ");
- hexdump(stderr, data, len, " ");
- (void) fprintf(stderr, "\nmdc: ");
- hexdump(stderr, __ops_mem_data(mdc), OPS_SHA1_HASH_SIZE + 1 + 1, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "plaintext", data, len);
+ hexdump(stderr, "mdc", __ops_mem_data(mdc), OPS_SHA1_HASH_SIZE + 1 + 1);
}
/* and write it out */
Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.37 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.38
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c:1.37 Tue May 25 01:05:10 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Fri Jun 25 03:37:27 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.37 2010/05/25 01:05:10 agc Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.38 2010/06/25 03:37:27 agc Exp $");
#endif
#ifdef HAVE_FCNTL_H
@@ -822,12 +822,8 @@
{
for ( ; keyring && *from < keyring->keyc; *from += 1) {
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(io->errs,
- "__ops_getkeybyid: keyring keyid ");
- hexdump(io->errs, keyring->keys[*from].key_id, OPS_KEY_ID_SIZE, "");
- (void) fprintf(io->errs, ", keyid ");
- hexdump(io->errs, keyid, OPS_KEY_ID_SIZE, "");
- (void) fprintf(io->errs, "\n");
+ hexdump(io->errs, "keyring keyid", keyring->keys[*from].key_id, OPS_KEY_ID_SIZE);
+ hexdump(io->errs, "keyid", keyid, OPS_KEY_ID_SIZE);
}
if (memcmp(keyring->keys[*from].key_id, keyid,
OPS_KEY_ID_SIZE) == 0) {
@@ -904,7 +900,7 @@
(void) memset(keyid, 0x0, sizeof(keyid));
str2keyid(name, keyid, sizeof(keyid));
if (__ops_get_debug_level(__FILE__)) {
- hexdump(io->outs, keyid, 4, "");
+ hexdump(io->outs, "keyid", keyid, 4);
}
savedstart = *from;
if ((kp = __ops_getkeybyid(io, keyring, keyid, from)) != NULL) {
@@ -1031,8 +1027,8 @@
key = &keyring->keys[keyring->keyc++];
duration = key->key.pubkey.duration;
(void) memset(key, 0x0, sizeof(*key));
- __ops_keyid(key->key_id, OPS_KEY_ID_SIZE, pubkey);
- __ops_fingerprint(&key->fingerprint, pubkey);
+ __ops_keyid(key->key_id, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype);
+ __ops_fingerprint(&key->fingerprint, pubkey, keyring->hashtype);
key->type = OPS_PTAG_CT_PUBLIC_KEY;
key->key.pubkey = *pubkey;
key->key.pubkey.duration = duration;
@@ -1050,8 +1046,8 @@
key = &keyring->keys[keyring->keyc++];
(void) memset(key, 0x0, sizeof(*key));
pubkey = &seckey->pubkey;
- __ops_keyid(key->key_id, OPS_KEY_ID_SIZE, pubkey);
- __ops_fingerprint(&key->fingerprint, pubkey);
+ __ops_keyid(key->key_id, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype);
+ __ops_fingerprint(&key->fingerprint, pubkey, keyring->hashtype);
key->type = OPS_PTAG_CT_SECRET_KEY;
key->key.seckey = *seckey;
return 1;
Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.26 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.27
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.26 Tue May 25 01:05:10 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h Fri Jun 25 03:37:27 2010
@@ -68,6 +68,7 @@
*/
typedef struct __ops_keyring_t {
DYNARRAY(__ops_key_t, key);
+ __ops_hash_alg_t hashtype;
} __ops_keyring_t;
const __ops_key_t *__ops_getkeybyid(__ops_io_t *,
Index: src/crypto/external/bsd/netpgp/dist/src/lib/misc.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.30 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.31
--- src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.30 Tue May 25 01:05:10 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/misc.c Fri Jun 25 03:37:27 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: misc.c,v 1.30 2010/05/25 01:05:10 agc Exp $");
+__RCSID("$NetBSD: misc.c,v 1.31 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -98,7 +98,7 @@
typedef struct {
- __ops_keyring_t *keyring;
+ __ops_keyring_t *keyring;
} accumulate_t;
/**
@@ -402,6 +402,60 @@
}
}
+/* hash a 32-bit integer */
+static int
+hash_uint32(__ops_hash_t *hash, uint32_t n)
+{
+ uint8_t ibuf[4];
+
+ ibuf[0] = (uint8_t)(n >> 24) & 0xff;
+ ibuf[1] = (uint8_t)(n >> 16) & 0xff;
+ ibuf[2] = (uint8_t)(n >> 8) & 0xff;
+ ibuf[3] = (uint8_t)n & 0xff;
+ (*hash->add)(hash, (const uint8_t *)(void *)ibuf, sizeof(ibuf));
+ return sizeof(ibuf);
+}
+
+/* hash a string - first length, then string itself */
+static int
+hash_string(__ops_hash_t *hash, const uint8_t *buf, uint32_t len)
+{
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "hash_string", buf, len);
+ }
+ hash_uint32(hash, len);
+ (*hash->add)(hash, buf, len);
+ return sizeof(len) + (int)len;
+}
+
+/* hash a bignum, possibly padded - first length, then string itself */
+static int
+hash_bignum(__ops_hash_t *hash, BIGNUM *bignum)
+{
+ uint8_t *bn;
+ size_t len;
+ int padbyte;
+
+ if (BN_is_zero(bignum)) {
+ hash_uint32(hash, 0);
+ return sizeof(len);
+ }
+ if ((len = (size_t) BN_num_bytes(bignum)) < 1) {
+ (void) fprintf(stderr, "hash_bignum: bad size\n");
+ return 0;
+ }
+ if ((bn = calloc(1, len)) == NULL) {
+ (void) fprintf(stderr, "hash_bignum: bad bn alloc\n");
+ return 0;
+ }
+ BN_bn2bin(bignum, bn + 1);
+ bn[0] = 0x0;
+ padbyte = (bn[1] & 0x80) ? 1 : 0;
+ hash_string(hash, bn + 1 - padbyte, len + padbyte);
+ free(bn);
+ return sizeof(len) + len + padbyte;
+}
+
/** \file
*/
@@ -411,83 +465,81 @@
* \param fp Where to put the calculated fingerprint
* \param key The key for which the fingerprint is calculated
*/
-
-void
-__ops_fingerprint(__ops_fingerprint_t *fp, const __ops_pubkey_t *key)
+int
+__ops_fingerprint(__ops_fingerprint_t *fp, const __ops_pubkey_t *key, __ops_hash_alg_t hashtype)
{
- if (key->version == 2 || key->version == 3) {
- unsigned char *bn;
- size_t n;
- __ops_hash_t md5;
+ __ops_memory_t *mem;
+ __ops_hash_t hash;
+ const char *type;
+ uint32_t len;
+ mem = __ops_memory_new();
+ if (key->version == 2 || key->version == 3) {
if (key->alg != OPS_PKA_RSA &&
key->alg != OPS_PKA_RSA_ENCRYPT_ONLY &&
key->alg != OPS_PKA_RSA_SIGN_ONLY) {
(void) fprintf(stderr,
"__ops_fingerprint: bad algorithm\n");
- return;
+ return 0;
}
-
- __ops_hash_md5(&md5);
- if (!md5.init(&md5)) {
+ __ops_hash_md5(&hash);
+ if (!hash.init(&hash)) {
(void) fprintf(stderr,
"__ops_fingerprint: bad md5 alloc\n");
- return;
+ return 0;
}
-
- n = (size_t) BN_num_bytes(key->key.rsa.n);
- if ((bn = calloc(1, n)) == NULL) {
- (void) fprintf(stderr,
- "__ops_fingerprint: bad bn alloc\n");
- return;
+ hash_bignum(&hash, key->key.rsa.n);
+ hash_bignum(&hash, key->key.rsa.e);
+ fp->length = hash.finish(&hash, fp->fingerprint);
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "v2/v3 fingerprint", fp->fingerprint, fp->length);
}
- BN_bn2bin(key->key.rsa.n, bn);
- md5.add(&md5, bn, n);
- free(bn);
-
- n = (size_t) BN_num_bytes(key->key.rsa.e);
- if ((bn = calloc(1, n)) == NULL) {
+ } else if (hashtype == OPS_HASH_MD5) {
+ __ops_hash_md5(&hash);
+ if (!hash.init(&hash)) {
(void) fprintf(stderr,
- "__ops_fingerprint: bad bn alloc 2\n");
- return;
+ "__ops_fingerprint: bad md5 alloc\n");
+ return 0;
}
- BN_bn2bin(key->key.rsa.e, bn);
- md5.add(&md5, bn, n);
- free(bn);
-
- md5.finish(&md5, fp->fingerprint);
- fp->length = 16;
- } else {
- __ops_memory_t *mem = __ops_memory_new();
- __ops_hash_t sha1;
- size_t len;
-
- __ops_build_pubkey(mem, key, 0);
-
+ type = (key->alg == OPS_PKA_RSA) ? "ssh-rsa" : "ssh-dsa";
+ hash_string(&hash, (const uint8_t *)(const void *)type, strlen(type));
+ switch(key->alg) {
+ case OPS_PKA_RSA:
+ hash_bignum(&hash, key->key.rsa.e);
+ hash_bignum(&hash, key->key.rsa.n);
+ break;
+ case OPS_PKA_DSA:
+ hash_bignum(&hash, key->key.dsa.p);
+ hash_bignum(&hash, key->key.dsa.q);
+ hash_bignum(&hash, key->key.dsa.g);
+ hash_bignum(&hash, key->key.dsa.y);
+ break;
+ default:
+ break;
+ }
+ fp->length = hash.finish(&hash, fp->fingerprint);
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "-> creating key fingerprint\n");
+ hexdump(stderr, "md5 fingerprint", fp->fingerprint, fp->length);
}
- __ops_hash_sha1(&sha1);
- if (!sha1.init(&sha1)) {
+ } else {
+ __ops_build_pubkey(mem, key, 0);
+ __ops_hash_sha1(&hash);
+ if (!hash.init(&hash)) {
(void) fprintf(stderr,
"__ops_fingerprint: bad sha1 alloc\n");
- return;
+ return 0;
}
-
len = __ops_mem_len(mem);
-
- __ops_hash_add_int(&sha1, 0x99, 1);
- __ops_hash_add_int(&sha1, len, 2);
- sha1.add(&sha1, __ops_mem_data(mem), len);
- sha1.finish(&sha1, fp->fingerprint);
-
+ __ops_hash_add_int(&hash, 0x99, 1);
+ __ops_hash_add_int(&hash, len, 2);
+ hash.add(&hash, __ops_mem_data(mem), len);
+ fp->length = hash.finish(&hash, fp->fingerprint);
+ __ops_memory_free(mem);
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "<- finished making key fingerprint\n");
+ hexdump(stderr, "sha1 fingerprint", fp->fingerprint, fp->length);
}
- fp->length = OPS_FINGERPRINT_SIZE;
-
- __ops_memory_free(mem);
}
+ return 1;
}
/**
@@ -497,8 +549,8 @@
* \param key The key for which the ID is calculated
*/
-void
-__ops_keyid(uint8_t *keyid, const size_t idlen, const __ops_pubkey_t *key)
+int
+__ops_keyid(uint8_t *keyid, const size_t idlen, const __ops_pubkey_t *key, __ops_hash_alg_t hashtype)
{
__ops_fingerprint_t finger;
@@ -509,22 +561,23 @@
n = (unsigned) BN_num_bytes(key->key.rsa.n);
if (n > sizeof(bn)) {
(void) fprintf(stderr, "__ops_keyid: bad num bytes\n");
- return;
+ return 0;
}
if (key->alg != OPS_PKA_RSA &&
key->alg != OPS_PKA_RSA_ENCRYPT_ONLY &&
key->alg != OPS_PKA_RSA_SIGN_ONLY) {
(void) fprintf(stderr, "__ops_keyid: bad algorithm\n");
- return;
+ return 0;
}
BN_bn2bin(key->key.rsa.n, bn);
(void) memcpy(keyid, bn + n - idlen, idlen);
} else {
- __ops_fingerprint(&finger, key);
+ __ops_fingerprint(&finger, key, hashtype);
(void) memcpy(keyid,
finger.fingerprint + finger.length - idlen,
idlen);
}
+ return 1;
}
/**
@@ -698,11 +751,8 @@
uint8_t c;
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "__ops_calc_mdc_hash():\npreamble: ");
- hexdump(stderr, preamble, sz_preamble, " ");
- (void) fprintf(stderr, "\nplaintext (len=%u): ", sz_plaintext);
- hexdump(stderr, plaintext, sz_plaintext, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "preamble", preamble, sz_preamble);
+ hexdump(stderr, "plaintext", plaintext, sz_plaintext);
}
/* init */
__ops_hash_any(&hash, OPS_HASH_SHA1);
@@ -727,9 +777,7 @@
hash.finish(&hash, hashed);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "\nhashed (len=%d): ", OPS_SHA1_HASH_SIZE);
- hexdump(stderr, hashed, OPS_SHA1_HASH_SIZE, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "hashed", hashed, OPS_SHA1_HASH_SIZE);
}
}
@@ -1041,14 +1089,35 @@
return (str) ? str : "Unknown";
}
+#define LINELEN 16
+
+/* show hexadecimal/ascii dump */
void
-hexdump(FILE *fp, const uint8_t *src, size_t length, const char *sep)
+hexdump(FILE *fp, const char *header, const uint8_t *src, size_t length)
{
- unsigned i;
+ size_t i;
+ char line[LINELEN + 1];
- for (i = 0 ; i < length ; i += 2) {
- (void) fprintf(fp, "%02x", *src++);
- (void) fprintf(fp, "%02x%s", *src++, sep);
+ (void) fprintf(fp, "%s%s", (header) ? header : "", (header) ? "\n" : "");
+ (void) fprintf(fp, "[%d chars]\n", length);
+ for (i = 0 ; i < length ; i++) {
+ if (i % LINELEN == 0) {
+ (void) fprintf(fp, "%.5d | ", i);
+ }
+ (void) fprintf(fp, "%.02x ", (uint8_t)src[i]);
+ line[i % LINELEN] = (isprint(src[i])) ? src[i] : '.';
+ if (i % LINELEN == LINELEN - 1) {
+ line[LINELEN] = 0x0;
+ (void) fprintf(fp, " | %s\n", line);
+ }
+ }
+ if (i % LINELEN != 0) {
+ for ( ; i % LINELEN != 0 ; i++) {
+ (void) fprintf(fp, " ");
+ line[i % LINELEN] = ' ';
+ }
+ line[LINELEN] = 0x0;
+ (void) fprintf(fp, " | %s\n", line);
}
}
Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.58 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.59
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.58 Wed Jun 2 03:38:01 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Fri Jun 25 03:37:27 2010
@@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.58 2010/06/02 03:38:01 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.59 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -249,6 +249,8 @@
{
__ops_keyring_t *pubring;
__ops_keyring_t *secring;
+ unsigned hashtype;
+ char *hash;
char f[MAXPATHLEN];
char *filename;
@@ -260,7 +262,19 @@
(void) fprintf(stderr, "readsshkeys: bad alloc\n");
return 0;
}
- if (!__ops_ssh2_readkeys(netpgp->io, pubring, NULL, filename, NULL)) {
+ /* openssh2 keys use md5 by default */
+ hashtype = OPS_HASH_MD5;
+ if ((hash = netpgp_getvar(netpgp, "hash")) != NULL) {
+ /* openssh 2 hasn't really caught up to anything else yet */
+ if (strcasecmp(hash, "md5") == 0) {
+ hashtype = OPS_HASH_MD5;
+ } else if (strcasecmp(hash, "sha1") == 0) {
+ hashtype = OPS_HASH_SHA1;
+ } else if (strcasecmp(hash, "sha256") == 0) {
+ hashtype = OPS_HASH_SHA256;
+ }
+ }
+ if (!__ops_ssh2_readkeys(netpgp->io, pubring, NULL, filename, NULL, hashtype)) {
free(pubring);
(void) fprintf(stderr, "readsshkeys: can't read %s\n",
filename);
@@ -284,7 +298,7 @@
(void) fprintf(stderr, "readsshkeys: bad alloc\n");
return 0;
}
- if (__ops_ssh2_readkeys(netpgp->io, pubring, secring, NULL, filename)) {
+ if (__ops_ssh2_readkeys(netpgp->io, pubring, secring, NULL, filename, hashtype)) {
netpgp->secring = secring;
netpgp_setvar(netpgp, "sshsecfile", filename);
} else {
Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgpdefs.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgpdefs.h:1.8 src/crypto/external/bsd/netpgp/dist/src/lib/netpgpdefs.h:1.9
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgpdefs.h:1.8 Fri Mar 5 16:01:09 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgpdefs.h Fri Jun 25 03:37:27 2010
@@ -47,7 +47,7 @@
/* number of elements in an array */
#define OPS_ARRAY_SIZE(a) (sizeof(a)/sizeof(*(a)))
-void hexdump(FILE *, const uint8_t *, size_t, const char *);
+void hexdump(FILE *, const char *, const uint8_t *, size_t);
const char *__ops_str_from_map(int, __ops_map_t *);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/ops-ssh.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/ops-ssh.h:1.1 src/crypto/external/bsd/netpgp/dist/src/lib/ops-ssh.h:1.2
--- src/crypto/external/bsd/netpgp/dist/src/lib/ops-ssh.h:1.1 Sat Dec 5 07:08:19 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/ops-ssh.h Fri Jun 25 03:37:27 2010
@@ -32,10 +32,10 @@
#include "keyring.h"
#include "types.h"
-int __ops_ssh2pubkey(__ops_io_t *, const char *, __ops_key_t *);
-int __ops_ssh2seckey(__ops_io_t *, const char *, __ops_key_t *, __ops_pubkey_t *);
+int __ops_ssh2pubkey(__ops_io_t *, const char *, __ops_key_t *, __ops_hash_alg_t);
+int __ops_ssh2seckey(__ops_io_t *, const char *, __ops_key_t *, __ops_pubkey_t *, __ops_hash_alg_t);
int __ops_ssh2_readkeys(__ops_io_t *, __ops_keyring_t *, __ops_keyring_t *,
- const char *, const char *);
+ const char *, const char *, unsigned);
#endif
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.36 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.37
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.36 Tue Jun 1 03:19:26 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Fri Jun 25 03:37:27 2010
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-parse.c,v 1.36 2010/06/01 03:19:26 agc Exp $");
+__RCSID("$NetBSD: packet-parse.c,v 1.37 2010/06/25 03:37:27 agc Exp $");
#endif
#ifdef HAVE_OPENSSL_CAST_H
@@ -2485,11 +2485,8 @@
__ops_crypt_any(&decrypt, pkt.u.seckey.alg);
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "\nREADING:\niv=");
- hexdump(stderr, pkt.u.seckey.iv, __ops_block_size(pkt.u.seckey.alg), " ");
- fprintf(stderr, "\nkey=");
- hexdump(stderr, key, CAST_KEY_LENGTH, " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "input iv", pkt.u.seckey.iv, __ops_block_size(pkt.u.seckey.alg));
+ hexdump(stderr, "key", key, CAST_KEY_LENGTH);
}
decrypt.set_iv(&decrypt, pkt.u.seckey.iv);
decrypt.set_crypt_key(&decrypt, key);
@@ -2658,9 +2655,7 @@
return 0;
}
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "session key: public key id: x=%" PRIsize "d\n", sizeof(pkt.u.pk_sesskey.key_id));
- hexdump(stderr, pkt.u.pk_sesskey.key_id, sizeof(pkt.u.pk_sesskey.key_id), " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "sesskey: pubkey id", pkt.u.pk_sesskey.key_id, sizeof(pkt.u.pk_sesskey.key_id));
}
if (!limread(&c, 1, region, stream)) {
return 0;
@@ -2740,9 +2735,7 @@
(void) memcpy(pkt.u.pk_sesskey.key, unencoded_m_buf + 1, k);
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "session key recovered (len=%u):\n", k);
- hexdump(stderr, pkt.u.pk_sesskey.key, k, " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "recovered sesskey", pkt.u.pk_sesskey.key, k);
}
pkt.u.pk_sesskey.checksum = unencoded_m_buf[k + 1] +
(unencoded_m_buf[k + 2] << 8);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.36 src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.37
--- src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.36 Tue May 25 01:05:11 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c Fri Jun 25 03:37:27 2010
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: reader.c,v 1.36 2010/05/25 01:05:11 agc Exp $");
+__RCSID("$NetBSD: reader.c,v 1.37 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -1465,11 +1465,8 @@
encrypted->decrypted, buffer, n);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "READING:\nencrypted: ");
- hexdump(stderr, buffer, 16, " ");
- (void) fprintf(stderr, "\ndecrypted: ");
- hexdump(stderr, encrypted->decrypted, 16, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "encrypted", buffer, 16);
+ hexdump(stderr, "decrypted", encrypted->decrypted, 16);
}
} else {
(void) memcpy(
@@ -1601,17 +1598,11 @@
return -1;
}
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "\n\nentire SE IP packet (len=%d):\n",
- decrypted_region.length);
- hexdump(stderr, buf, decrypted_region.length, " ");
- fprintf(stderr, "\n\n");
+ hexdump(stderr, "SE IP packet", buf, decrypted_region.length);
}
/* verify leading preamble */
-
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "\npreamble: ");
- hexdump(stderr, buf, se_ip->decrypt->blocksize , " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "preamble", buf, se_ip->decrypt->blocksize);
}
b = se_ip->decrypt->blocksize;
if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) {
@@ -1636,12 +1627,8 @@
mdc_hash = mdc + 2;
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "\nplaintext (len=%" PRIsize "u): ",
- sz_plaintext);
- hexdump(stderr, plaintext, sz_plaintext, " ");
- fprintf(stderr, "\nmdc (len=%" PRIsize "u): ", sz_mdc);
- hexdump(stderr, mdc, sz_mdc, " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "plaintext", plaintext, sz_plaintext);
+ hexdump(stderr, "mdc", mdc, sz_mdc);
}
__ops_calc_mdc_hash(preamble, sz_preamble, plaintext,
sz_plaintext, hashed);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.31 src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.32
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.31 Tue May 25 01:05:11 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c Fri Jun 25 03:37:27 2010
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-print.c,v 1.31 2010/05/25 01:05:11 agc Exp $");
+__RCSID("$NetBSD: packet-print.c,v 1.32 2010/06/25 03:37:27 agc Exp $");
#endif
#include <string.h>
@@ -103,20 +103,14 @@
print_hexdump(int indent, const char *name, const uint8_t *data, unsigned len)
{
print_name(indent, name);
-
- printf("len=%u, data=0x", len);
- hexdump(stdout, data, len, "");
- printf("\n");
+ hexdump(stdout, NULL, data, len);
}
static void
hexdump_data(int indent, const char *name, const uint8_t *data, unsigned len)
{
print_name(indent, name);
-
- printf("0x");
- hexdump(stdout, data, len, "");
- printf("\n");
+ hexdump(stdout, NULL, data, len);
}
static void
@@ -177,24 +171,7 @@
static void
print_packet_hex(const __ops_subpacket_t *pkt)
{
- unsigned rem;
- unsigned blksz = 4;
- uint8_t *cur;
- int i;
-
- printf("\nhexdump of packet contents follows:\n");
- for (i = 1, cur = pkt->raw;
- cur < (pkt->raw + pkt->length);
- cur += blksz, i++) {
- rem = pkt->raw + pkt->length - cur;
- hexdump(stdout, cur, (rem <= blksz) ? rem : blksz, "");
- printf(" ");
- if (i % 8 == 0) {
- printf("\n");
- }
-
- }
- printf("\n");
+ hexdump(stdout, "packet contents:", pkt->raw, pkt->length);
}
static void
@@ -491,7 +468,7 @@
strhexdump(keyid, key->key_id, OPS_KEY_ID_SIZE, ""),
ptimestr(t, sizeof(t), pubkey->birthtime),
expired,
- strhexdump(fp, key->fingerprint.fingerprint, OPS_FINGERPRINT_SIZE, " "),
+ strhexdump(fp, key->fingerprint.fingerprint, key->fingerprint.length, " "),
uidbuf);
}
@@ -840,12 +817,8 @@
case OPS_PTAG_CT_SE_IP_DATA_BODY:
print_tagname(print->indent,
"SYMMETRIC ENCRYPTED INTEGRITY PROTECTED DATA BODY");
- printf(" data body length=%u\n",
- content->se_data_body.length);
- printf(" data=");
- hexdump(stdout, content->se_data_body.data,
- content->se_data_body.length, "");
- printf("\n");
+ hexdump(stdout, "data", content->se_data_body.data,
+ content->se_data_body.length);
break;
case OPS_PTAG_CT_PUBLIC_KEY:
@@ -1016,10 +989,8 @@
printf(" (sensitive)");
}
printf(", algid=0x%x", content->ss_revocation_key.algid);
- printf(", fingerprint=");
- hexdump(stdout, content->ss_revocation_key.fingerprint,
- OPS_FINGERPRINT_SIZE, "");
- printf("\n");
+ hexdump(stdout, "fingerprint", content->ss_revocation_key.fingerprint,
+ OPS_FINGERPRINT_SIZE);
end_subpacket(&print->indent);
break;
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.22 src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.23
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.22 Tue May 25 01:05:11 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h Fri Jun 25 03:37:27 2010
@@ -872,13 +872,15 @@
/** __ops_fingerprint_t */
typedef struct {
- uint8_t fingerprint[OPS_FINGERPRINT_SIZE];
- unsigned length;
+ uint8_t fingerprint[OPS_FINGERPRINT_SIZE];
+ unsigned length;
+ __ops_hash_alg_t hashtype;
} __ops_fingerprint_t;
+int __ops_keyid(uint8_t *, const size_t, const __ops_pubkey_t *, __ops_hash_alg_t);
+int __ops_fingerprint(__ops_fingerprint_t *, const __ops_pubkey_t *, __ops_hash_alg_t);
+
void __ops_finish(void);
-void __ops_keyid(uint8_t *, const size_t, const __ops_pubkey_t *);
-void __ops_fingerprint(__ops_fingerprint_t *, const __ops_pubkey_t *);
void __ops_pubkey_free(__ops_pubkey_t *);
void __ops_userid_free(uint8_t **);
void __ops_data_free(__ops_data_t *);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c:1.12 src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c:1.13
--- src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c:1.12 Tue May 25 01:05:11 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c Fri Jun 25 03:37:27 2010
@@ -141,36 +141,6 @@
return dstc;
}
-#define LINELEN 16
-
-/* show hexadecimal/ascii dump */
-static void
-show(const char *header, char *in, int len)
-{
- char line[LINELEN + 1];
- int i;
-
- printf("%s%s", (header) ? header : "", (header) ? "\n" : "");
- printf("[%d chars]\n", len);
- for (i = 0 ; i < len ; i++) {
- if (i % LINELEN == 0) {
- printf("%.5d | ", i);
- }
- printf("%.02x ", (uint8_t)in[i]);
- line[i % LINELEN] = (isprint(in[i])) ? in[i] : '.';
- if (i % LINELEN == LINELEN - 1) {
- line[LINELEN] = 0x0;
- printf(" | %s\n", line);
- }
- }
- for ( ; i % LINELEN != 0 ; i++) {
- printf(" ");
- line[i % LINELEN] = ' ';
- }
- line[LINELEN] = 0x0;
- printf(" | %s\n", line);
-}
-
/* get a bignum from the buffer gap */
static BIGNUM *
getbignum(bufgap_t *bg, char *buf, const char *header)
@@ -184,12 +154,30 @@
(void) bufgap_getbin(bg, buf, len);
bignum = BN_bin2bn((const uint8_t *)buf, (int)len, NULL);
if (__ops_get_debug_level(__FILE__)) {
- show(header, buf, (int)len);
+ hexdump(stderr, header, (const uint8_t *)(void *)buf, len);
}
(void) bufgap_seek(bg, len, BGFromHere, BGByte);
return bignum;
}
+#if 0
+static int
+putbignum(bufgap_t *bg, BIGNUM *bignum)
+{
+ uint32_t len;
+
+ len = BN_num_bytes(bignum);
+ (void) bufgap_insert(bg, &len, sizeof(len));
+ (void) bufgap_insert(bg, buf, len);
+ bignum = BN_bin2bn((const uint8_t *)buf, (int)len, NULL);
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, header, buf, (int)len);
+ }
+ (void) bufgap_seek(bg, len, BGFromHere, BGByte);
+ return bignum;
+}
+#endif
+
static str_t pkatypes[] = {
{ "ssh-rsa", 7, OPS_PKA_RSA },
{ "ssh-dsa", 7, OPS_PKA_DSA },
@@ -212,7 +200,7 @@
/* convert an ssh (host) pubkey to a pgp pubkey */
int
-__ops_ssh2pubkey(__ops_io_t *io, const char *f, __ops_key_t *key)
+__ops_ssh2pubkey(__ops_io_t *io, const char *f, __ops_key_t *key, __ops_hash_alg_t hashtype)
{
__ops_pubkey_t *pubkey;
struct stat st;
@@ -259,11 +247,11 @@
cc = (int)(space - buf);
}
if (__ops_get_debug_level(__FILE__)) {
- show(NULL, buf, cc);
+ hexdump(stderr, NULL, (const uint8_t *)(const void *)buf, (size_t)cc);
}
cc = frombase64(bin, buf, (size_t)cc, 0);
if (__ops_get_debug_level(__FILE__)) {
- show("decoded base64:", bin, cc);
+ hexdump(stderr, "decoded base64:", (const uint8_t *)(const void *)bin, (size_t)cc);
}
bufgap_delete(&bg, (uint64_t)bufgap_tell(&bg, BGFromEOF, BGByte));
bufgap_insert(&bg, bin, cc);
@@ -328,9 +316,9 @@
hostname,
f,
owner);
- __ops_keyid(key->key_id, sizeof(key->key_id), pubkey);
+ __ops_keyid(key->key_id, sizeof(key->key_id), pubkey, hashtype);
__ops_add_userid(key, userid);
- __ops_fingerprint(&key->fingerprint, pubkey);
+ __ops_fingerprint(&key->fingerprint, pubkey, hashtype);
free(userid);
if (__ops_get_debug_level(__FILE__)) {
/*__ops_print_keydata(io, keyring, key, "pub", pubkey, 0);*/
@@ -345,7 +333,7 @@
/* convert an ssh (host) seckey to a pgp seckey */
int
-__ops_ssh2seckey(__ops_io_t *io, const char *f, __ops_key_t *key, __ops_pubkey_t *pubkey)
+__ops_ssh2seckey(__ops_io_t *io, const char *f, __ops_key_t *key, __ops_pubkey_t *pubkey, __ops_hash_alg_t hashtype)
{
__ops_crypt_t crypted;
__ops_hash_t hash;
@@ -353,6 +341,7 @@
unsigned i = 0;
uint8_t sesskey[CAST_KEY_LENGTH];
uint8_t hashed[OPS_SHA1_HASH_SIZE];
+ BIGNUM *tmp;
__OPS_USED(io);
/* XXX - check for rsa/dsa */
@@ -369,6 +358,12 @@
key->key.seckey.alg = OPS_SA_CAST5;
key->key.seckey.s2k_specifier = OPS_S2KS_SALTED;
key->key.seckey.hash_alg = OPS_HASH_SHA1;
+ if (key->key.seckey.pubkey.alg == OPS_PKA_RSA) {
+ /* openssh and openssl have p and q swapped */
+ tmp = key->key.seckey.key.rsa.p;
+ key->key.seckey.key.rsa.p = key->key.seckey.key.rsa.q;
+ key->key.seckey.key.rsa.q = tmp;
+ }
for (done = 0, i = 0; done < CAST_KEY_LENGTH; i++) {
unsigned j;
uint8_t zero = 0;
@@ -419,8 +414,8 @@
crypted.set_crypt_key(&crypted, sesskey);
__ops_encrypt_init(&crypted);
key->key.seckey.pubkey.alg = OPS_PKA_RSA;
- __ops_fingerprint(&key->fingerprint, pubkey);
- __ops_keyid(key->key_id, sizeof(key->key_id), pubkey);
+ __ops_fingerprint(&key->fingerprint, pubkey, hashtype);
+ __ops_keyid(key->key_id, sizeof(key->key_id), pubkey, hashtype);
return 1;
}
@@ -428,7 +423,7 @@
int
__ops_ssh2_readkeys(__ops_io_t *io, __ops_keyring_t *pubring,
__ops_keyring_t *secring, const char *pubfile,
- const char *secfile)
+ const char *secfile, unsigned hashtype)
{
__ops_key_t *pubkey;
__ops_key_t *seckey;
@@ -440,7 +435,7 @@
if (__ops_get_debug_level(__FILE__)) {
(void) fprintf(io->errs, "__ops_ssh2_readkeys: pubfile '%s'\n", pubfile);
}
- __ops_ssh2pubkey(io, pubfile, &key);
+ __ops_ssh2pubkey(io, pubfile, &key, hashtype);
EXPAND_ARRAY(pubring, key);
pubkey = &pubring->keys[pubring->keyc++];
(void) memcpy(pubkey, &key, sizeof(key));
@@ -453,7 +448,7 @@
if (pubkey == NULL) {
pubkey = &pubring->keys[0];
}
- (void) __ops_ssh2seckey(io, secfile, &key, &pubkey->key.pubkey);
+ (void) __ops_ssh2seckey(io, secfile, &key, &pubkey->key.pubkey, hashtype);
EXPAND_ARRAY(secring, key);
seckey = &secring->keys[secring->keyc++];
(void) memcpy(seckey, &key, sizeof(key));
Index: src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.35 src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.36
--- src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.35 Tue May 25 01:05:11 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c Fri Jun 25 03:37:28 2010
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: validate.c,v 1.35 2010/05/25 01:05:11 agc Exp $");
+__RCSID("$NetBSD: validate.c,v 1.36 2010/06/25 03:37:28 agc Exp $");
#endif
#include <sys/types.h>
@@ -204,11 +204,8 @@
case OPS_V4:
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "v4_hashlen %zu\n",
+ hexdump(stderr, "v4 hash", sig->info.v4_hashed,
sig->info.v4_hashlen);
- hexdump(stderr, sig->info.v4_hashed,
- sig->info.v4_hashlen, " ");
- (void) fprintf(stderr, "\n");
}
hash.add(&hash, sig->info.v4_hashed, sig->info.v4_hashlen);
trailer[0] = 0x04; /* version */
@@ -229,9 +226,7 @@
n = hash.finish(&hash, hashout);
if (__ops_get_debug_level(__FILE__)) {
- printf("check_binary_sig: hash length %" PRIsize "u\n",
- hash.size);
- hexdump(stdout, hashout, n, "");
+ hexdump(stdout, "hash out", hashout, n);
}
return __ops_check_sig(hashout, n, sig, signer);
}
@@ -471,14 +466,10 @@
case OPS_PTAG_CT_SIGNATURE: /* V3 sigs */
case OPS_PTAG_CT_SIGNATURE_FOOTER: /* V4 sigs */
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(io->outs, "\n*** hashed data:\n");
- hexdump(io->outs, content->sig.info.v4_hashed,
- content->sig.info.v4_hashlen, " ");
- (void) fprintf(io->outs, "\ntype=%02x signer_id=",
- content->sig.info.type);
- hexdump(io->outs, content->sig.info.signer_id,
- sizeof(content->sig.info.signer_id), "");
- (void) fprintf(io->outs, "\n");
+ hexdump(io->outs, "hashed data", content->sig.info.v4_hashed,
+ content->sig.info.v4_hashlen);
+ hexdump(io->outs, "signer id", content->sig.info.signer_id,
+ sizeof(content->sig.info.signer_id));
}
from = 0;
signer = __ops_getkeybyid(io, data->keyring,
@@ -514,9 +505,8 @@
__ops_mem_readfile(data->mem, data->detachname);
}
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "about to check_binary_sig, dump of sig:\n");
- hexdump(stderr, (const uint8_t *)(const void *)&content->sig,
- sizeof(content->sig), "");
+ hexdump(stderr, "sig dump", (const uint8_t *)(const void *)&content->sig,
+ sizeof(content->sig));
}
valid = check_binary_sig(__ops_mem_data(data->mem),
__ops_mem_len(data->mem),
Index: src/crypto/external/bsd/netpgp/dist/src/lib/version.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.35 src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.36
--- src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.35 Wed Jun 2 03:15:14 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/version.h Fri Jun 25 03:37:28 2010
@@ -58,7 +58,7 @@
#endif
/* development versions have .99 suffix */
-#define NETPGP_BASE_VERSION "3.99.4"
+#define NETPGP_BASE_VERSION "3.99.5"
#define NETPGP_VERSION_CAT(a, b) "NetPGP portable " a "/[" b "]"
#define NETPGP_VERSION_STRING \
Index: src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1
diff -u src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1:1.11 src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1:1.12
--- src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1:1.11 Tue Jun 1 05:55:56 2010
+++ src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1 Fri Jun 25 03:37:28 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: netpgpkeys.1,v 1.11 2010/06/01 05:55:56 agc Exp $
+.\" $NetBSD: netpgpkeys.1,v 1.12 2010/06/25 03:37:28 agc Exp $
.\"
.\" Copyright (c) 2009, 2010 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -65,6 +65,8 @@
.Pp
.Op Fl Fl coredumps
.br
+.Op Fl Fl hash Ns = Ns Ar hash-algorithm
+.br
.Op Fl Fl homedir Ns = Ns Ar home-directory
.br
.Op Fl Fl keyring Ns = Ns Ar keyring
@@ -190,6 +192,13 @@
In addition to one of the preceding commands, a number of qualifiers
or options may be given.
.Bl -tag -width Ar
+.It Fl Fl hash Ar hash-algorithm
+Specify the hash algorithm which is used during fingerprint calculation.
+For reference, at the present time,
+.Xr ssh-keygen 1
+uses
+.Dq MD5
+for its fingerprint values.
.It Fl Fl homedir Ar home-directory
Keyrings are normally located, for historical reasons, within
the user's home directory in a subdirectory called
@@ -304,11 +313,14 @@
or 2 if any other error occurs.
.Sh EXAMPLES
.Bd -literal
-% netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys
+% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
-pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
-Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
-uid netbsd-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) \*[lt][email protected]\*[gt]
+pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
+Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
+uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <[email protected]>
+
+% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
+1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%
.Ed
.Pp
@@ -338,6 +350,7 @@
.Sh SEE ALSO
.Xr netpgp 1 ,
.Xr ssh 1 ,
+.Xr ssh-keygen 1 ,
.Xr getpass 3 ,
.\" .Xr libbz2 3 ,
.Xr libnetpgp 3 ,
Index: src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c
diff -u src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c:1.12 src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c:1.13
--- src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c:1.12 Sun May 16 06:48:53 2010
+++ src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c Fri Jun 25 03:37:28 2010
@@ -46,6 +46,8 @@
*/
#define DEFAULT_NUMBITS 2048
+#define DEFAULT_HASH_ALG "SHA256"
+
static const char *usage =
" --help OR\n"
"\t--export-keys [options] OR\n"
@@ -58,6 +60,7 @@
"\t--version\n"
"where options are:\n"
"\t[--coredumps] AND/OR\n"
+ "\t[--hash=<hash alg>] AND/OR\n"
"\t[--homedir=<homedir>] AND/OR\n"
"\t[--keyring=<keyring>] AND/OR\n"
"\t[--userid=<userid>] AND/OR\n"
@@ -81,6 +84,7 @@
USERID,
HOMEDIR,
NUMBITS,
+ HASH_ALG,
VERBOSE,
COREDUMPS,
PASSWDFD,
@@ -111,6 +115,9 @@
{"coredumps", no_argument, NULL, COREDUMPS},
{"keyring", required_argument, NULL, KEYRING},
{"userid", required_argument, NULL, USERID},
+ {"hash-alg", required_argument, NULL, HASH_ALG},
+ {"hash", required_argument, NULL, HASH_ALG},
+ {"algorithm", required_argument, NULL, HASH_ALG},
{"home", required_argument, NULL, HOMEDIR},
{"homedir", required_argument, NULL, HOMEDIR},
{"numbits", required_argument, NULL, NUMBITS},
@@ -206,6 +213,7 @@
netpgp_set_homedir(&netpgp, getenv("HOME"), "/.gnupg", 1);
netpgp_setvar(&netpgp, "sshkeydir", "/etc/ssh");
netpgp_setvar(&netpgp, "res", "<stdout>");
+ netpgp_setvar(&netpgp, "hash", DEFAULT_HASH_ALG);
optindex = 0;
while ((ch = getopt_long(argc, argv, "", options, &optindex)) != -1) {
switch (options[optindex].val) {
@@ -275,6 +283,14 @@
}
p.numbits = atoi(optarg);
break;
+ case HASH_ALG:
+ if (optarg == NULL) {
+ (void) fprintf(stderr,
+ "No hash algorithm argument provided\n");
+ exit(EXIT_ERROR);
+ }
+ netpgp_setvar(&netpgp, "hash", optarg);
+ break;
case PASSWDFD:
if (optarg == NULL) {
(void) fprintf(stderr,
