diff options
author | Christian Neukirchen <chneukirchen@gmail.com> | 2016-09-03 17:45:12 +0200 |
---|---|---|
committer | Christian Neukirchen <chneukirchen@gmail.com> | 2016-09-03 17:45:12 +0200 |
commit | 5b6b3da8312a77047376dc3135e6159829a4b001 (patch) | |
tree | 7c4cdcce0679691b0317b697b58ed36b9d46639d /src | |
parent | c1f86bc3033b6f7225147e185d6b1842cf22252d (diff) | |
download | outils-5b6b3da8312a77047376dc3135e6159829a4b001.tar.gz outils-5b6b3da8312a77047376dc3135e6159829a4b001.tar.xz outils-5b6b3da8312a77047376dc3135e6159829a4b001.zip |
remove gzsig, superseded by signify -z
Diffstat (limited to 'src')
-rw-r--r-- | src/usr.bin/gzsig/Makefile | 9 | ||||
-rw-r--r-- | src/usr.bin/gzsig/extern.h | 47 | ||||
-rw-r--r-- | src/usr.bin/gzsig/gzip.h | 107 | ||||
-rw-r--r-- | src/usr.bin/gzsig/gzsig.1 | 131 | ||||
-rw-r--r-- | src/usr.bin/gzsig/gzsig.c | 65 | ||||
-rw-r--r-- | src/usr.bin/gzsig/key.c | 220 | ||||
-rw-r--r-- | src/usr.bin/gzsig/key.h | 57 | ||||
-rw-r--r-- | src/usr.bin/gzsig/sign.c | 313 | ||||
-rw-r--r-- | src/usr.bin/gzsig/ssh.c | 345 | ||||
-rw-r--r-- | src/usr.bin/gzsig/ssh.h | 39 | ||||
-rw-r--r-- | src/usr.bin/gzsig/ssh2.c | 223 | ||||
-rw-r--r-- | src/usr.bin/gzsig/ssh2.h | 29 | ||||
-rw-r--r-- | src/usr.bin/gzsig/util.c | 88 | ||||
-rw-r--r-- | src/usr.bin/gzsig/util.h | 41 | ||||
-rw-r--r-- | src/usr.bin/gzsig/verify.c | 216 | ||||
-rw-r--r-- | src/usr.bin/gzsig/x509.c | 137 | ||||
-rw-r--r-- | src/usr.bin/gzsig/x509.h | 40 |
17 files changed, 0 insertions, 2107 deletions
diff --git a/src/usr.bin/gzsig/Makefile b/src/usr.bin/gzsig/Makefile deleted file mode 100644 index 785cbbe..0000000 --- a/src/usr.bin/gzsig/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# $OpenBSD: Makefile,v 1.4 2014/04/25 12:20:17 mikeb Exp $ - -PROG = gzsig -SRCS = gzsig.c key.c sign.c ssh.c ssh2.c util.c verify.c x509.c - -LDADD = -lcrypto -lm -DPADD = ${LIBCRYPTO} ${LIBM} - -.include <bsd.prog.mk> diff --git a/src/usr.bin/gzsig/extern.h b/src/usr.bin/gzsig/extern.h deleted file mode 100644 index ce310bb..0000000 --- a/src/usr.bin/gzsig/extern.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * extern.h - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: extern.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#ifndef EXTERN_H -#define EXTERN_H - -void sign(int argc, char *argv[]); -void verify(int argc, char *argv[]); - -int sign_passwd_cb(char *buf, int size, int rwflag, void *u); - -void sign_usage(void); -void verify_usage(void); - -extern char *__progname; /* from crt0.o */ - -#endif /* EXTERN_H */ diff --git a/src/usr.bin/gzsig/gzip.h b/src/usr.bin/gzsig/gzip.h deleted file mode 100644 index 750a327..0000000 --- a/src/usr.bin/gzsig/gzip.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * gzip.h - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: gzip.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#ifndef GZIP_H -#define GZIP_H - -/* RFC 1952 is b0rked! This is from gzip-1.2.4's algorithm.doc... */ - -/* Magic header */ -#define GZIP_MAGIC "\037\213" - -/* Compression methods */ -#define GZIP_MSTORED 0 -#define GZIP_MCOMPRESS 1 -#define GZIP_MPACKED 2 -#define GZIP_MLZHED 3 -#define GZIP_MDEFLATE 8 - -/* Flags */ -#define GZIP_FTEXT 0x01 -#define GZIP_FCONT 0x02 /* never set by gzip-1.2.4 */ -#define GZIP_FEXTRA 0x04 -#define GZIP_FNAME 0x08 -#define GZIP_FCOMMENT 0x10 -#define GZIP_FENCRYPT 0x20 -#define GZIP_FRESERVED 0xC0 - -#define GZIP_FENCRYPT_LEN 12 - -#define GZSIG_ID "GS" -#define GZSIG_VERSION 1 - -struct gzsig_data { - u_char version; -#ifdef COMMENT_ONLY - u_char signature[]; -#endif -}; - -/* - * Note: all number fields below are in little-endian byte order. - */ - -struct gzip_xfield { - u_short len; - struct gzip_subfield { - u_char id[2]; - u_short len; -#ifdef COMMENT_ONLY - u_char data[]; -#endif - } subfield; -}; - -struct gzip_header { - u_char magic[2]; - u_char method; - u_char flags; - u_char mtime[4]; - u_char xflags; - u_char os; -#if COMMENT_ONLY - /* Optional fields */ - u_char part[2]; /* flags & GZIP_FCONT */ - struct gzip_xfield xfield; /* flags & GZIP_FEXTRA */ - char filename[]; /* flags & GZIP_FNAME */ - char comment[]; /* flags & GZIP_FCOMMENT */ - u_char encrypt_hdr[12]; /* flags & GZIP_FENCRYPT */ -#endif -}; - -struct gzip_trailer { - u_int32_t crc32[4]; - u_int32_t size[4]; -}; - -#endif /* GZIP_H */ diff --git a/src/usr.bin/gzsig/gzsig.1 b/src/usr.bin/gzsig/gzsig.1 deleted file mode 100644 index 87d7b2f..0000000 --- a/src/usr.bin/gzsig/gzsig.1 +++ /dev/null @@ -1,131 +0,0 @@ -.\" $OpenBSD: gzsig.1,v 1.16 2013/07/16 07:01:02 schwarze Exp $ -.\" $Id: gzsig.1,v 1.16 2013/07/16 07:01:02 schwarze Exp $ -.\" -.\" Copyright (c) 2001 Dug Song <dugsong@arbor.net> -.\" Copyright (c) 2001 Arbor Networks, Inc. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The names of the copyright holders may not be used to endorse or -.\" promote products derived from this software without specific -.\" prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 16 2013 $ -.Dt GZSIG 1 -.Os -.Sh NAME -.Nm gzsig -.Nd gzip signing utility -.Sh SYNOPSIS -.Nm gzsig -.Ic sign -.Op Fl q | v -.Op Fl f Ar secret_file -.Ar privkey -.Op Ar -.Nm gzsig -.Ic verify -.Op Fl q | v -.Op Fl f Ar secret_file -.Ar pubkey -.Op Ar -.Sh DESCRIPTION -.Nm -embeds or verifies RSA PKCS #1 v2.0 or DSA SHA1 signatures in -.Xr gzip 1 -compressed files using SSH identity keys or X.509 certificates. -.Pp -The -.Ar file -operands are processed in command-line order. -If -.Ar file -is a single dash -.Pq Sq - -or absent, -.Nm -reads from the standard input. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl f Ar secret_file -Indicates that the passphrase for the key should be read from -.Ar secret_file -instead of being supplied manually. -.It Fl q -Enable quiet mode. -The options -.Fl q -and -.Fl v -are mutually exclusive; -the last one specified takes precedence. -.It Fl v -Enable verbose mode. -This is the default. -The options -.Fl q -and -.Fl v -are mutually exclusive; -the last one specified takes precedence. -.It Ic sign -Sign the input using the private key in -.Ar privkey . -.It Ic verify -Verify the signature using the public key in -.Ar pubkey . -.El -.Sh EXIT STATUS -.Ex -std gzsig -.Sh EXAMPLES -Sign -.Ar file1 -and -.Ar file2 -with the SSH2 identity key in -.Ar ~/.ssh/id_rsa : -.Pp -.Dl $ gzsig sign ~/.ssh/id_rsa file1 file2 -.Pp -Sign -.Ar file1 -with the SSH2 identity key, saving the signed file in -.Ar file2 : -.Pp -.Dl $ gzsig sign ~/.ssh/id_rsa \*(Ltfile1 \*(Gtfile2 -.Pp -Verify the signature on -.Ar file1 -using the SSL certificate in -.Ar /etc/ssl/server.crt : -.Pp -.Dl $ gzsig verify /etc/ssl/server.crt \*(Ltfile1 -.Sh SEE ALSO -.Xr gzip 1 , -.Xr ssh-keygen 1 , -.Xr ssl 8 -.Sh AUTHORS -.An -nosplit -.An Dug Song Aq Mt dugsong@arbor.net . -.Pp -SSH2 support by -.An Marius Eriksen Aq Mt marius@openbsd.org . diff --git a/src/usr.bin/gzsig/gzsig.c b/src/usr.bin/gzsig/gzsig.c deleted file mode 100644 index af5ff78..0000000 --- a/src/usr.bin/gzsig/gzsig.c +++ /dev/null @@ -1,65 +0,0 @@ -/* $OpenBSD: gzsig.c,v 1.3 2005/05/29 09:10:23 djm Exp $ */ - -/* - * gzsig.c - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: gzsig.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#include "extern.h" - -static void -usage(void) -{ - sign_usage(); - verify_usage(); - exit(1); -} - -int -main(int argc, char *argv[]) -{ - if (argc < 2) - usage(); - - if (strcmp(argv[1], "sign") == 0) { - sign(argc - 1, argv + 1); - } else if (strcmp(argv[1], "verify") == 0) { - verify(argc - 1, argv + 1); - } else { - usage(); - } - - exit(0); -} diff --git a/src/usr.bin/gzsig/key.c b/src/usr.bin/gzsig/key.c deleted file mode 100644 index 1d40fe7..0000000 --- a/src/usr.bin/gzsig/key.c +++ /dev/null @@ -1,220 +0,0 @@ -/* $OpenBSD: key.c,v 1.6 2010/08/11 18:38:30 jasper Exp $ */ - -/* - * key.c - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: key.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#include <sys/limits.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/uio.h> - -#include <openssl/ssl.h> - -#include <errno.h> -#include <fcntl.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include "key.h" -#include "ssh.h" -#include "ssh2.h" -#include "util.h" -#include "x509.h" - -typedef int (*key_loader)(struct key *, struct iovec *); - -static key_loader pubkey_loaders[] = { - ssh_load_public, - ssh2_load_public, - x509_load_public, - NULL -}; - -static key_loader privkey_loaders[] = { - ssh_load_private, - x509_load_private, - NULL -}; - -static int -load_file(struct iovec *iov, char *filename) -{ - struct stat st; - int fd; - int rval = -1; - - if ((fd = open(filename, O_RDONLY)) < 0) - goto done; - - if (fstat(fd, &st) < 0) - goto done; - - if (st.st_size == 0 || st.st_size >= SIZE_MAX) { - errno = EINVAL; - goto done; - } - if ((iov->iov_base = malloc(st.st_size + 1)) == NULL) - goto done; - - iov->iov_len = st.st_size; - ((u_char *)iov->iov_base)[iov->iov_len] = '\0'; - - if (read(fd, iov->iov_base, iov->iov_len) != iov->iov_len) { - free(iov->iov_base); - goto done; - } - - rval = 0; - -done: - if (fd != -1) - close(fd); - return (rval); -} - -struct key * -key_new(void) -{ - return (calloc(1, sizeof(struct key))); -} - -int -key_load_private(struct key *k, char *filename) -{ - struct iovec iov; - int i; - - if (load_file(&iov, filename) < 0) - return (-1); - - for (i = 0; privkey_loaders[i] != NULL; i++) { - if (privkey_loaders[i](k, &iov) == 0) - return (0); - } - return (-1); -} - -int -key_load_public(struct key *k, char *filename) -{ - struct iovec iov; - int i; - - if (load_file(&iov, filename) < 0) - return (-1); - - for (i = 0; pubkey_loaders[i] != NULL; i++) { - if (pubkey_loaders[i](k, &iov) == 0) - return (0); - } - return (-1); -} - -int -key_sign(struct key *k, u_char *msg, int mlen, u_char *sig, int slen) -{ - switch (k->type) { - case KEY_RSA: - if (RSA_size((RSA *)k->data) > slen) { - fprintf(stderr, "RSA modulus too large: %d bits\n", - RSA_size((RSA *)k->data)); - return (-1); - } - if (RSA_sign(NID_sha1, msg, mlen, sig, &slen, - (RSA *)k->data) <= 0) { - fprintf(stderr, "RSA signing failed\n"); - return (-1); - } - break; - - case KEY_DSA: - if (DSA_size((DSA *)k->data) > slen) { - fprintf(stderr, "DSA signature size too large: " - "%d bits\n", DSA_size((DSA *)k->data)); - return (-1); - } - if (DSA_sign(NID_sha1, msg, mlen, sig, &slen, - (DSA *)k->data) <= 0) { - fprintf(stderr, "DSA signing failed\n"); - return (-1); - } - break; - - default: - fprintf(stderr, "Unknown key type: %d\n", k->type); - return (-1); - } - return (slen); -} - -int -key_verify(struct key *k, u_char *msg, int mlen, u_char *sig, int slen) -{ - switch (k->type) { - - case KEY_RSA: - if (RSA_verify(NID_sha1, msg, mlen, - sig, slen, (RSA *)k->data) <= 0) { - fprintf(stderr, "RSA verification failed\n"); - return (-1); - } - break; - - case KEY_DSA: - if (DSA_verify(NID_sha1, msg, mlen, - sig, slen, (DSA *)k->data) <= 0) { - fprintf(stderr, "DSA verification failed\n"); - return (-1); - } - break; - - default: - fprintf(stderr, "Unknown key type: %d\n", k->type); - return (-1); - } - return (slen); -} - -void -key_free(struct key *k) -{ - if (k->type == KEY_RSA) - RSA_free((RSA *)k->data); - else if (k->type == KEY_DSA) - DSA_free((DSA *)k->data); - else if (k->data != NULL) - free(k->data); - - free(k); -} diff --git a/src/usr.bin/gzsig/key.h b/src/usr.bin/gzsig/key.h deleted file mode 100644 index 460ea97..0000000 --- a/src/usr.bin/gzsig/key.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * key.h - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: key.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#ifndef KEY_H -#define KEY_H - -enum key_type { - KEY_UNSPEC, - KEY_RSA, - KEY_DSA -}; - -struct key { - int type; - void *data; -}; - -struct key *key_new(void); -int key_load_public(struct key *k, char *filename); -int key_load_private(struct key *k, char *filename); -int key_sign(struct key *k, u_char *msg, int mlen, - u_char *sig, int slen); -int key_verify(struct key *k, u_char *msg, int mlen, - u_char *sig, int slen); -void key_free(struct key *k); - -#endif /* KEY_H */ diff --git a/src/usr.bin/gzsig/sign.c b/src/usr.bin/gzsig/sign.c deleted file mode 100644 index 7795a85..0000000 --- a/src/usr.bin/gzsig/sign.c +++ /dev/null @@ -1,313 +0,0 @@ -/* $OpenBSD: sign.c,v 1.13 2013/03/10 10:36:57 tobias Exp $ */ - -/* - * sign.c - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: sign.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#include <sys/param.h> -#include <sys/types.h> -#include <sys/stat.h> - -#include <openssl/ssl.h> -#include <openssl/evp.h> -#include <openssl/sha.h> - -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <err.h> - -#include "extern.h" -#include "gzip.h" -#include "key.h" -#include "util.h" - -static char *passphrase_file = NULL; - -static int -embed_signature(struct key *key, FILE *fin, FILE *fout) -{ - struct gzip_header gh; - struct gzip_xfield *gx; - struct gzsig_data *gd; - u_char *sig, digest[20], buf[8192]; - SHA_CTX ctx; - int i, siglen; - long offset; - - /* Read gzip header. */ - if (fread((u_char *)&gh, 1, sizeof(gh), fin) != sizeof(gh)) { - fprintf(stderr, "Error reading gzip header: %s\n", - strerror(errno)); - return (-1); - } - /* Verify gzip header. */ - if (memcmp(gh.magic, GZIP_MAGIC, sizeof(gh.magic)) != 0) { - fprintf(stderr, "Invalid gzip file\n"); - return (-1); - } - if (gh.flags & GZIP_FCONT) { - fprintf(stderr, "Multi-part gzip files not supported\n"); - return (-1); - } - /* Skip over any existing signature. */ - if (gh.flags & GZIP_FEXTRA) { - gx = (struct gzip_xfield *)buf; - gd = (struct gzsig_data *)(gx + 1); - - if (fread((u_char *)gx, 1, sizeof(*gx), fin) != sizeof(*gx)) { - fprintf(stderr, "Error reading extra field: %s\n", - strerror(errno)); - return (-1); - } - if (memcmp(gx->subfield.id, GZSIG_ID, 2) != 0) { - fprintf(stderr, "Unknown extra field\n"); - return (-1); - } - gx->subfield.len = letoh16(gx->subfield.len); - - if (gx->subfield.len < sizeof(*gd) || - gx->subfield.len > sizeof(buf) - sizeof(*gx)) { - fprintf(stderr, "Invalid signature length\n"); - return (-1); - } - if (fread((u_char *)gd, 1, gx->subfield.len, fin) != - gx->subfield.len) { - fprintf(stderr, "Error reading signature: %s\n", - strerror(errno)); - return (-1); - } - fprintf(stderr, "Overwriting existing signature\n"); - } - /* Skip over any options. */ - offset = ftell(fin); - - if (gh.flags & GZIP_FNAME) { - if (skip_string(fin)) - return (-1); - } - if (gh.flags & GZIP_FCOMMENT) { - if (skip_string(fin)) - return (-1); - } - if (gh.flags & GZIP_FENCRYPT) { - if (fread(buf, 1, GZIP_FENCRYPT_LEN, fin) != GZIP_FENCRYPT_LEN) - return (-1); - } - /* Compute checksum over compressed data and trailer. */ - SHA1_Init(&ctx); - - while ((i = fread(buf, 1, sizeof(buf), fin)) > 0) { - SHA1_Update(&ctx, buf, i); - } - SHA1_Final(digest, &ctx); - - /* Generate signature. */ - gx = (struct gzip_xfield *)buf; - gd = (struct gzsig_data *)(gx + 1); - sig = (u_char *)(gd + 1); - - siglen = key_sign(key, digest, sizeof(digest), sig, - sizeof(buf) - (sig - buf)); - - if (siglen < 0) { - fprintf(stderr, "Error signing checksum\n"); - return (-1); - } - i = sizeof(*gd) + siglen; - gx->subfield.len = htole16(i); - gx->len = htole16(sizeof(gx->subfield) + i); - memcpy(gx->subfield.id, GZSIG_ID, sizeof(gx->subfield.id)); - gd->version = GZSIG_VERSION; - - /* Write out gzip header. */ - gh.flags |= GZIP_FEXTRA; - - if (fwrite((u_char *)&gh, 1, sizeof(gh), fout) != sizeof(gh)) { - fprintf(stderr, "Error writing output: %s\n", strerror(errno)); - return (-1); - } - /* Write out signature. */ - if (fwrite(buf, 1, sizeof(*gx) + i, fout) != sizeof(*gx) + i) { - fprintf(stderr, "Error writing output: %s\n", strerror(errno)); - return (-1); - } - /* Write out options, compressed data, and trailer. */ - if (fseek(fin, offset, SEEK_SET) < 0) { - fprintf(stderr, "Error writing output: %s\n", strerror(errno)); - return (-1); - } - while ((i = fread(buf, 1, sizeof(buf), fin)) > 0) { - if (fwrite(buf, 1, i, fout) != i) { - fprintf(stderr, "Error writing output: %s\n", - strerror(errno)); - return (-1); - } - } - if (ferror(fin)) { - fprintf(stderr, "Error reading input: %s\n", strerror(errno)); - return (-1); - } - return (0); -} - -void -sign_usage(void) -{ - fprintf(stderr, "usage: %s sign [-q | -v] [-f secret_file] privkey " - "[file ...]\n", __progname); -} - -int -sign_passwd_cb(char *buf, int size, int rwflag, void *u) -{ - char *p; - FILE *f; - - if (passphrase_file != NULL) { - if ((f = fopen(passphrase_file, "r")) == NULL) - err(1, "fopen(%.64s)", passphrase_file); - if (fgets(buf, size, f) == NULL) - err(1, "fgets(%.64s)", passphrase_file); - fclose(f); - buf[strcspn(buf, "\n")] = '\0'; - } else { - p = getpass("Enter passphrase: "); - if (strlcpy(buf, p, size) >= size) - errx(1, "Passphrase too long"); - memset(p, 0, strlen(p)); - } - - return (strlen(buf)); -} - -void -sign(int argc, char *argv[]) -{ - struct key *key; - char *gzipfile, tmppath[MAXPATHLEN]; - FILE *fin, *fout; - int i, fd, error, qflag; - - qflag = 0; - - while ((i = getopt(argc, argv, "qvf:")) != -1) { - switch (i) { - case 'q': - qflag = 1; - break; - case 'v': - qflag = 0; - break; - case 'f': - passphrase_file = optarg; - break; - default: - sign_usage(); - exit(1); - } - } - argc -= optind; - argv += optind; - - if (argc < 1) { - sign_usage(); - exit(1); - } - OpenSSL_add_all_algorithms(); - - if ((key = key_new()) == NULL) - fatal(1, "Couldn't initialize private key"); - - if (key_load_private(key, argv[0]) < 0) - fatal(1, "Couldn't load private key"); - - if (argc == 1 || *argv[1] == '-') { - argc = 0; - - if (embed_signature(key, stdin, stdout) == 0) { - if (!qflag) - fprintf(stderr, "Signed input\n"); - } else - fatal(1, "Couldn't sign input"); - } - for (i = 1; i < argc; i++) { - gzipfile = argv[i]; - - if ((fin = fopen(gzipfile, "r+")) == NULL) { - fprintf(stderr, "Error opening %s: %s\n", - gzipfile, strerror(errno)); - continue; - } - snprintf(tmppath, sizeof(tmppath), "%s.XXXXXX", gzipfile); - - if ((fd = mkstemp(tmppath)) < 0) { - fprintf(stderr, "Error creating %s: %s\n", - tmppath, strerror(errno)); - fclose(fin); - continue; - } - if ((fout = fdopen(fd, "w")) == NULL) { - fprintf(stderr, "Error opening %s: %s\n", - tmppath, strerror(errno)); - fclose(fin); - close(fd); - continue; - } - if (copy_permissions(fileno(fin), fd) < 0) { - fprintf(stderr, "Error initializing %s: %s\n", - tmppath, strerror(errno)); - fclose(fin); - fclose(fout); - continue; - } - error = embed_signature(key, fin, fout); - - fclose(fin); - fclose(fout); - - if (!error) { - if (rename(tmppath, gzipfile) < 0) { - unlink(tmppath); - fatal(1, "Couldn't sign %s", gzipfile); - } - if (!qflag) - fprintf(stderr, "Signed %s\n", gzipfile); - } else { - unlink(tmppath); - fatal(1, "Couldn't sign %s", gzipfile); - } - } - key_free(key); -} diff --git a/src/usr.bin/gzsig/ssh.c b/src/usr.bin/gzsig/ssh.c deleted file mode 100644 index e791141..0000000 --- a/src/usr.bin/gzsig/ssh.c +++ /dev/null @@ -1,345 +0,0 @@ -/* $OpenBSD: ssh.c,v 1.3 2014/04/16 05:16:39 miod Exp $ */ - -/* - * ssh.c - * - * Copyright (c) 2001 Dug Song <dugsong@monkey.org> - * Copyright (c) 2000 Niels Provos <provos@monkey.org> - * Copyright (c) 2000 Markus Friedl <markus@monkey.org> - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: ssh.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#include <sys/types.h> -#include <sys/uio.h> - -#include <arpa/nameser.h> -#include <openssl/ssl.h> -#include <openssl/des.h> -#include <openssl/md5.h> - -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "key.h" -#include "ssh.h" - -#define SSH1_MAGIC "SSH PRIVATE KEY FILE FORMAT 1.1\n" - -extern int sign_passwd_cb(char *, int, int, void *); - -struct des3_state { - DES_key_schedule k1, k2, k3; - DES_cblock iv1, iv2, iv3; -}; - -static int -get_bn(BIGNUM *bn, u_char **pp, int *lenp) -{ - short i; - - if (*lenp < 2) { - errno = EINVAL; - return (-1); - } - GETSHORT(i, *pp); *lenp -= 2; - - i = ((i + 7) / 8); - - if (*lenp < i) { - errno = EINVAL; - return (-1); - } - BN_bin2bn(*pp, i, bn); - - *pp += i; *lenp -= i; - - return (0); -} - -static int -get_string(char *dst, int len, u_char **pp, int *lenp) -{ - long i; - - if (*lenp < 4) { - errno = EINVAL; - return (-1); - } - GETLONG(i, *pp); *lenp -= 4; - - if (*lenp < i || len < i) { - errno = EINVAL; - return (-1); - } - memcpy(dst, *pp, i); - - *pp += i; *lenp -= i; - - return (0); -} - -static int -read_ssh1_bn(BIGNUM *value, char **cpp) -{ - char *cp = *cpp; - int old; - - /* Skip any leading whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - - /* Check that it begins with a decimal digit. */ - if (*cp < '0' || *cp > '9') { - errno = EINVAL; - return (-1); - } - /* Save starting position. */ - *cpp = cp; - - /* Move forward until all decimal digits skipped. */ - for (; *cp >= '0' && *cp <= '9'; cp++) - ; - - /* Save the old terminating character, and replace it by \0. */ - old = *cp; - *cp = 0; - - /* Parse the number. */ - if (BN_dec2bn(&value, *cpp) == 0) - return (-1); - - /* Restore old terminating character. */ - *cp = old; - - /* Move beyond the number and return success. */ - *cpp = cp; - return (0); -} - -/* XXX - SSH1's weirdo 3DES... */ -static void * -des3_init(u_char *sesskey, int len) -{ - struct des3_state *state; - - if ((state = malloc(sizeof(*state))) == NULL) - return (NULL); - - DES_set_key((const_DES_cblock *)sesskey, &state->k1); - DES_set_key((const_DES_cblock *)(sesskey + 8), &state->k2); - - if (len <= 16) - DES_set_key((const_DES_cblock *)sesskey, &state->k3); - else - DES_set_key((const_DES_cblock *)(sesskey + 16), &state->k3); - - memset(state->iv1, 0, 8); - memset(state->iv2, 0, 8); - memset(state->iv3, 0, 8); - - return (state); -} - -static void -des3_decrypt(u_char *src, u_char *dst, int len, void *state) -{ - struct des3_state *dstate; - - dstate = (struct des3_state *)state; - memcpy(dstate->iv1, dstate->iv2, 8); - - DES_ncbc_encrypt(src, dst, len, &dstate->k3, &dstate->iv3, DES_DECRYPT); - DES_ncbc_encrypt(dst, dst, len, &dstate->k2, &dstate->iv2, DES_ENCRYPT); - DES_ncbc_encrypt(dst, dst, len, &dstate->k1, &dstate->iv1, DES_DECRYPT); -} - -static int -load_ssh1_public(RSA *rsa, struct iovec *iov) -{ - char *p; - u_int bits; - - /* Skip leading whitespace. */ - for (p = iov->iov_base; *p == ' ' || *p == '\t'; p++) - ; - - /* Get number of bits. */ - if (*p < '0' || *p > '9') - return (-1); - - for (bits = 0; *p >= '0' && *p <= '9'; p++) - bits = 10 * bits + *p - '0'; - - if (bits == 0) - return (-1); - - /* Get public exponent, public modulus. */ - if (read_ssh1_bn(rsa->e, &p) < 0) - return (-1); - - if (read_ssh1_bn(rsa->n, &p) < 0) - return (-1); - - return (0); -} - -static int -load_ssh1_private(RSA *rsa, struct iovec *iov) -{ - BN_CTX *ctx; - BIGNUM *aux; - MD5_CTX md; - char pass[128], comment[BUFSIZ]; - u_char *p, cipher_type, digest[16]; - void *dstate; - int i; - - i = strlen(SSH1_MAGIC) + 1; - - /* Make sure it begins with the id string. */ - if (iov->iov_len < i || memcmp(iov->iov_base, SSH1_MAGIC, i) != 0) - return (-1); - - p = (u_char *)iov->iov_base + i; - i = iov->iov_len - i; - - /* Skip cipher_type, reserved data, bits. */ - cipher_type = *p; - p += 1 + 4 + 4; - i -= 1 + 4 + 4; - - /* Read public key. */ - if (get_bn(rsa->n, &p, &i) < 0 || get_bn(rsa->e, &p, &i) < 0) - return (-1); - - /* Read comment. */ - if (get_string(comment, sizeof(comment), &p, &i) < 0) - return (-1); - - /* Decrypt private key. */ - if (cipher_type != 0) { - sign_passwd_cb(pass, sizeof(pass), 0, NULL); - - MD5_Init(&md); - MD5_Update(&md, (const u_char *)pass, strlen(pass)); - MD5_Final(digest, &md); - - memset(pass, 0, strlen(pass)); - - if ((dstate = des3_init(digest, sizeof(digest))) == NULL) - return (-1); - - des3_decrypt(p, p, i, dstate); - - if (p[0] != p[2] || p[1] != p[3]) { - fprintf(stderr, "Bad passphrase for %s\n", comment); - return (-1); - } - } - else if (p[0] != p[2] || p[1] != p[3]) - return (-1); - - p += 4; - i -= 4; - - /* Read the private key. */ - if (get_bn(rsa->d, &p, &i) < 0 || - get_bn(rsa->iqmp, &p, &i) < 0) - return (-1); - - /* In SSL and SSH v1 p and q are exchanged. */ - if (get_bn(rsa->q, &p, &i) < 0 || - get_bn(rsa->p, &p, &i) < 0) - return (-1); - - /* Calculate p-1 and q-1. */ - ctx = BN_CTX_new(); - aux = BN_new(); - - BN_sub(aux, rsa->q, BN_value_one()); - BN_mod(rsa->dmq1, rsa->d, aux, ctx); - - BN_sub(aux, rsa->p, BN_value_one()); - BN_mod(rsa->dmp1, rsa->d, aux, ctx); - - BN_clear_free(aux); - BN_CTX_free(ctx); - - return (0); -} - -int -ssh_load_public(struct key *k, struct iovec *iov) -{ - RSA *rsa; - - rsa = RSA_new(); - - rsa->n = BN_new(); - rsa->e = BN_new(); - - if (load_ssh1_public(rsa, iov) < 0) { - RSA_free(rsa); - return (-1); - } - k->type = KEY_RSA; - k->data = (void *)rsa; - - return (0); -} - -int -ssh_load_private(struct key *k, struct iovec *iov) -{ - RSA *rsa; - - rsa = RSA_new(); - - rsa->n = BN_new(); - rsa->e = BN_new(); - - rsa->d = BN_new(); - rsa->iqmp = BN_new(); - rsa->q = BN_new(); - rsa->p = BN_new(); - rsa->dmq1 = BN_new(); - rsa->dmp1 = BN_new(); - - if (load_ssh1_private(rsa, iov) < 0) { - RSA_free(rsa); - return (-1); - - } - k->type = KEY_RSA; - k->data = (void *)rsa; - - return (0); -} diff --git a/src/usr.bin/gzsig/ssh.h b/src/usr.bin/gzsig/ssh.h deleted file mode 100644 index 19c1d8a..0000000 --- a/src/usr.bin/gzsig/ssh.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * ssh.h - * - * Copyright (c) 2001 Dug Song <dugsong@monkey.org> - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: ssh.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#ifndef SSH_H -#define SSH_H - -int ssh_load_public(struct key *k, struct iovec *iov); -int ssh_load_private(struct key *k, struct iovec *iov); - -#endif /* SSH_H */ diff --git a/src/usr.bin/gzsig/ssh2.c b/src/usr.bin/gzsig/ssh2.c deleted file mode 100644 index c022a06..0000000 --- a/src/usr.bin/gzsig/ssh2.c +++ /dev/null @@ -1,223 +0,0 @@ -/* $OpenBSD: ssh2.c,v 1.4 2014/07/07 17:02:22 bluhm Exp $ */ -/* - * ssh2.c - * - * Copyright (c) 2005 Marius Eriksen <marius@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/types.h> -#include <sys/uio.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <openssl/ssl.h> -#include <openssl/des.h> -#include <openssl/md5.h> - -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <resolv.h> -#include <err.h> - -#include "key.h" -#include "ssh2.h" - -#define GET_32BIT(cp) (((u_long)(u_char)(cp)[0] << 24) | \ - ((u_long)(u_char)(cp)[1] << 16) | \ - ((u_long)(u_char)(cp)[2] << 8) | \ - ((u_long)(u_char)(cp)[3])) - -/* From OpenSSH */ -static int -_uudecode(const char *src, u_char *target, size_t targsize) -{ - int len; - char *encoded, *p; - - /* copy the 'readonly' source */ - if ((encoded = strdup(src)) == NULL) - err(1, "strdup"); - /* skip whitespace and data */ - for (p = encoded; *p == ' ' || *p == '\t'; p++) - ; - for (; *p != '\0' && *p != ' ' && *p != '\t'; p++) - ; - /* and remove trailing whitespace because __b64_pton needs this */ - *p = '\0'; - len = __b64_pton(encoded, target, targsize); - - free(encoded); - - return len; -} - -/* - * Small compatibility layer for the OpenSSH buffers. Only what we - * need here. - */ - -static int -_keyfromstr(char *str, int len) -{ - if (strncmp(str, "rsa", len) == 0 || - strncmp(str, "ssh-rsa", len) == 0) - return KEY_RSA; - else if (strncmp(str, "dsa", len) == 0 || - strncmp(str, "ssh-dss", len) == 0) - return KEY_DSA; - - return (-1); -} - -static int -_read_int(struct iovec *iov, int *ival) -{ - if (iov->iov_len < 4) - return (-1); - iov->iov_len -= 4; - *ival = GET_32BIT((u_char *)iov->iov_base); - iov->iov_base = (u_char*)iov->iov_base + 4; - - return (0); -} - -static int -_read_opaque(struct iovec *iov, u_char **buf, int *len) -{ - if (_read_int(iov, len) < 0 || *len < 0) - return (-1); - - if (iov->iov_len < (size_t)*len) - return (-1); - iov->iov_len -= *len; - - *buf = iov->iov_base; - iov->iov_base = (u_char*)iov->iov_base + *len; - - return (0); -} - -static int -_read_bignum(struct iovec *iov, BIGNUM *bn) -{ - u_char *bp; - int blen; - - if (_read_opaque(iov, &bp, &blen) < 0) - return (-1); - - if ((blen > 0 && bp[0] & 0x80) || /* No negative values */ - (blen > 8*1024)) /* Too large */ - return (-1); - - BN_bin2bn(bp, blen, bn); - - return (0); -} - -int -ssh2_load_public(struct key *k, struct iovec *iovp) -{ - int len, keytype, error = 0; - u_char *bp; - struct iovec iov; - /* iov->iov_base is NULL terminated */ - char *cp0, *savep = NULL, *cp = iovp->iov_base; - - if ((cp0 = strchr(cp, ' ')) == NULL) - return (-1); - - len = cp0 - cp; - - if ((keytype = _keyfromstr(cp, len)) < 0) - return (-1); - - /* cp0 is a space (' '), so we have at least one more */ - cp = cp0 + 1; - - len = 2*strlen(cp); - if ((savep = iov.iov_base = malloc(len)) == NULL) - err(1, "malloc(%d)", len); - iov.iov_len = _uudecode(cp, iov.iov_base, len); - - if (_read_opaque(&iov, &bp, &len) < 0 || - keytype != _keyfromstr(bp, len)) { - error = -1; - goto out; - } - - k->type = keytype; - switch (keytype) { - case KEY_RSA: { - RSA *rsa; - - if ((rsa = RSA_new()) == NULL || - (rsa->e = BN_new()) == NULL || - (rsa->n = BN_new()) == NULL) - errx(1, "BN_new"); - - if (_read_bignum(&iov, rsa->e) < 0 || - _read_bignum(&iov, rsa->n) < 0) { - error = -1; - RSA_free(rsa); - goto out; - } - - k->data = (void *)rsa; - - break; - } - case KEY_DSA: { - DSA *dsa; - - if ((dsa = DSA_new()) == NULL || - (dsa->p = BN_new()) == NULL || - (dsa->q = BN_new()) == NULL || - (dsa->g = BN_new()) == NULL || - (dsa->pub_key = BN_new()) == NULL) - errx(1, "BN_new"); - - if (_read_bignum(&iov, dsa->p) < 0 || - _read_bignum(&iov, dsa->q) < 0 || - _read_bignum(&iov, dsa->g) < 0 || - _read_bignum(&iov, dsa->pub_key) < 0) { - error = -1; - DSA_free(dsa); - goto out; - } - - k->data = (void *)dsa; - - break; - } - default: - error = -1; - } - -#if 0 - if (iov->iov_len != 0) - /* Sanity check. */ - return (-1); -#endif - - -out: - if (savep != NULL) - free(savep); - return (error); -} diff --git a/src/usr.bin/gzsig/ssh2.h b/src/usr.bin/gzsig/ssh2.h deleted file mode 100644 index d703822..0000000 --- a/src/usr.bin/gzsig/ssh2.h +++ /dev/null @@ -1,29 +0,0 @@ -/* $OpenBSD: ssh2.h,v 1.1.1.1 2005/05/28 01:57:30 marius Exp $ */ -/* - * ssh2.h - * - * Copyright (c) 2005 Marius Eriksen <marius@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef SSH2_H -#define SSH2_H - -int ssh2_load_public(struct key *k, struct iovec *iovp); - -#endif /* SSH2_H */ - - - - diff --git a/src/usr.bin/gzsig/util.c b/src/usr.bin/gzsig/util.c deleted file mode 100644 index 0a3d734..0000000 --- a/src/usr.bin/gzsig/util.c +++ /dev/null @@ -1,88 +0,0 @@ -/* $OpenBSD: util.c,v 1.4 2013/03/10 10:36:57 tobias Exp $ */ - -/* - * util.c - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: util.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#include <sys/types.h> -#include <sys/stat.h> - -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <stdarg.h> -#include <string.h> -#include <unistd.h> - -#include "util.h" - -int -copy_permissions(int srcfd, int dstfd) -{ - struct stat st; - - if (fstat(srcfd, &st) < 0) - return (-1); - - if (fchown(dstfd, st.st_uid, st.st_gid) < 0) - return (-1); - - if (fchmod(dstfd, st.st_mode) < 0) - return (-1); - - return (0); -} - -int -skip_string(FILE *fin) -{ - int c; - - while ((c = getc(fin)) != '\0') - if (c == EOF) - return (-1); - return (0); -} - -void -fatal(int status, const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - vfprintf(stderr, fmt, ap); - va_end(ap); - - fprintf(stderr, "\n"); - - exit(status); -} diff --git a/src/usr.bin/gzsig/util.h b/src/usr.bin/gzsig/util.h deleted file mode 100644 index 66e2870..0000000 --- a/src/usr.bin/gzsig/util.h +++ /dev/null @@ -1,41 +0,0 @@ -/* $OpenBSD: util.h,v 1.4 2013/03/10 10:36:57 tobias Exp $ */ -/* - * util.h - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: util.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#ifndef UTIL_H - -int copy_permissions(int srcfd, int dstfd); -int skip_string(FILE *fin); -void fatal(int status, const char *fmt, ...); - -#endif /* UTIL_H */ diff --git a/src/usr.bin/gzsig/verify.c b/src/usr.bin/gzsig/verify.c deleted file mode 100644 index f0e9373..0000000 --- a/src/usr.bin/gzsig/verify.c +++ /dev/null @@ -1,216 +0,0 @@ -/* $OpenBSD: verify.c,v 1.10 2013/03/10 10:36:57 tobias Exp $ */ - -/* - * verify.c - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: verify.c,v 1.3 2005/04/07 23:19:35 dugsong Exp $ - */ - -#include <sys/types.h> - -#include <openssl/ssl.h> -#include <openssl/evp.h> -#include <openssl/sha.h> - -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "extern.h" -#include "gzip.h" -#include "key.h" -#include "util.h" - -static int -verify_signature(struct key *key, FILE *fin) -{ - struct gzip_header gh; - struct gzip_xfield *gx; - struct gzsig_data *gd; - u_char *sig, digest[20], buf[8192], sbuf[4096]; - SHA_CTX ctx; - int i, siglen; - - /* Read gzip header. */ - if ((i = fread((u_char *)&gh, 1, sizeof(gh), fin)) != sizeof(gh)) { - fprintf(stderr, "Error reading gzip header: %s\n", - strerror(errno)); - return (-1); - } - /* Verify gzip header. */ - if (memcmp(gh.magic, GZIP_MAGIC, sizeof(gh.magic)) != 0) { - fprintf(stderr, "Invalid gzip file\n"); - return (-1); - } else if (gh.flags & GZIP_FCONT){ - fprintf(stderr, "Multi-part gzip files not supported\n"); - return (-1); - } else if ((gh.flags & GZIP_FEXTRA) == 0) { - fprintf(stderr, "No gzip signature found\n"); - return (-1); - } - /* Read signature. */ - gx = (struct gzip_xfield *)buf; - - if ((i = fread((u_char *)gx, 1, sizeof(*gx), fin)) != sizeof(*gx)) { - fprintf(stderr, "Error reading extra field: %s\n", - strerror(errno)); - return (-1); - } - if (memcmp(gx->subfield.id, GZSIG_ID, sizeof(gx->subfield.id)) != 0) { - fprintf(stderr, "Unknown extra field\n"); - return (-1); - } - gx->subfield.len = letoh16(gx->subfield.len); - - if (gx->subfield.len <= 0 || gx->subfield.len > sizeof(sbuf)) { - fprintf(stderr, "Invalid signature length\n"); - return (-1); - } - gd = (struct gzsig_data *)sbuf; - - if ((i = fread((u_char *)gd, 1, gx->subfield.len, fin)) != - gx->subfield.len) { - fprintf(stderr, "Error reading signature: %s\n", - strerror(errno)); - return (-1); - } - /* Skip over any options. */ - if (gh.flags & GZIP_FNAME) { - if (skip_string(fin)) - return (-1); - } - if (gh.flags & GZIP_FCOMMENT) { - if (skip_string(fin)) - return (-1); - } - if (gh.flags & GZIP_FENCRYPT && - fread(buf, 1, GZIP_FENCRYPT_LEN, fin) != GZIP_FENCRYPT_LEN) - return (-1); - - /* Check signature version. */ - if (gd->version != GZSIG_VERSION) { - fprintf(stderr, "Unknown signature version: %d\n", - gd->version); - return (-1); - } - /* Compute SHA1 checksum over compressed data and trailer. */ - sig = (u_char *)(gd + 1); - siglen = gx->subfield.len - sizeof(*gd); - - SHA1_Init(&ctx); - - while ((i = fread(buf, 1, sizeof(buf), fin)) > 0) { - SHA1_Update(&ctx, buf, i); - } - SHA1_Final(digest, &ctx); - - /* Verify signature. */ - if (key_verify(key, digest, sizeof(digest), sig, siglen) < 0) { - fprintf(stderr, "Error verifying signature\n"); - return (-1); - } - return (0); -} - -void -verify_usage(void) -{ - fprintf(stderr, "usage: %s verify [-q | -v] [-f secret_file] pubkey " - "[file ...]\n", __progname); -} - -void -verify(int argc, char *argv[]) -{ - struct key *key; - char *gzipfile; - FILE *fin; - int i, error, qflag; - - qflag = 0; - - while ((i = getopt(argc, argv, "qv")) != -1) { - switch (i) { - case 'q': - qflag = 1; - break; - case 'v': - qflag = 0; - break; - default: - verify_usage(); - exit(1); - } - } - argc -= optind; - argv += optind; - - if (argc < 1) { - verify_usage(); - exit(1); - } - OpenSSL_add_all_algorithms(); - - if ((key = key_new()) == NULL) - fatal(1, "Can't initialize public key"); - - if (key_load_public(key, argv[0]) < 0) - fatal(1, "Can't load public key"); - - if (argc == 1 || *argv[1] == '-') { - argc = 0; - - if (verify_signature(key, stdin) == 0) { - if (!qflag) - fprintf(stderr, "Verified input\n"); - } else - fatal(1, "Couldn't verify input"); - } - for (i = 1; i < argc; i++) { - gzipfile = argv[i]; - - if ((fin = fopen(gzipfile, "r")) == NULL) { - fprintf(stderr, "Couldn't open %s: %s\n", - gzipfile, strerror(errno)); - continue; - } - error = verify_signature(key, fin); - fclose(fin); - - if (!error) { - if (!qflag) - fprintf(stderr, "Verified %s\n", gzipfile); - } else - fatal(1, "Couldn't verify %s", gzipfile); - } - key_free(key); -} diff --git a/src/usr.bin/gzsig/x509.c b/src/usr.bin/gzsig/x509.c deleted file mode 100644 index 99dcc52..0000000 --- a/src/usr.bin/gzsig/x509.c +++ /dev/null @@ -1,137 +0,0 @@ -/* $OpenBSD: x509.c,v 1.2 2005/05/28 08:07:45 marius Exp $ */ - -/* - * x509.c - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: x509.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#include <sys/types.h> -#include <sys/uio.h> - -#include <openssl/ssl.h> - -#include <stdio.h> -#include <string.h> -#include <unistd.h> - -#include "key.h" -#include "extern.h" -#include "x509.h" - -#define X509_CERT_MAGIC "-----BEGIN CERTIFICATE-----" -#define X509_RSA_MAGIC "-----BEGIN RSA PRIVATE KEY-----" -#define X509_DSA_MAGIC "-----BEGIN DSA PRIVATE KEY-----" - -int -x509_load_public(struct key *k, struct iovec *iov) -{ - BIO *bio; - X509 *cert; - EVP_PKEY *evp; - - if (strncmp((char *)iov->iov_base, X509_CERT_MAGIC, - strlen(X509_CERT_MAGIC)) != 0) - return (-1); - - if ((bio = BIO_new(BIO_s_mem())) == NULL) - return (-1); - - if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) { - BIO_free(bio); - return (-1); - } - cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); - BIO_free(bio); - - if (cert == NULL) - return (-1); - - evp = X509_get_pubkey(cert); - - if (evp->type == EVP_PKEY_RSA) { - k->type = KEY_RSA; - k->data = (void *)RSAPublicKey_dup(evp->pkey.rsa); - } else if (evp->type == EVP_PKEY_DSA) { - k->type = KEY_DSA; - k->data = (void *)evp->pkey.dsa; - evp->pkey.dsa = NULL; /* XXX */ - } else { - X509_free(cert); - return (-1); - } - X509_free(cert); - - return (0); -} - -int -x509_load_private(struct key *k, struct iovec *iov) -{ - BIO *bio; - EVP_PKEY *evp; - - if (strncmp((char *)iov->iov_base, X509_RSA_MAGIC, - strlen(X509_RSA_MAGIC)) != 0 && - strncmp((char *)iov->iov_base, X509_DSA_MAGIC, - strlen(X509_DSA_MAGIC)) != 0) { - return (-1); - } - if ((bio = BIO_new(BIO_s_mem())) == NULL) - return (-1); - - if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) { - BIO_free(bio); - return (-1); - } - - evp = PEM_read_bio_PrivateKey(bio, NULL, sign_passwd_cb, NULL); - - BIO_free(bio); - - if (evp == NULL) - return (-1); - - if (evp->type == EVP_PKEY_RSA) { - k->type = KEY_RSA; - k->data = (void *)evp->pkey.rsa; - evp->pkey.rsa = NULL; /* XXX */ - } else if (evp->type == EVP_PKEY_DSA) { - k->type = KEY_DSA; - k->data = (void *)evp->pkey.dsa; - evp->pkey.dsa = NULL; /* XXX */ - } else { - EVP_PKEY_free(evp); - return (-1); - } - EVP_PKEY_free(evp); - - return (0); -} diff --git a/src/usr.bin/gzsig/x509.h b/src/usr.bin/gzsig/x509.h deleted file mode 100644 index 636bbb6..0000000 --- a/src/usr.bin/gzsig/x509.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * x509.h - * - * Copyright (c) 2001 Dug Song <dugsong@arbor.net> - * Copyright (c) 2001 Arbor Networks, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the copyright holders may not be used to endorse or - * promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Vendor: x509.h,v 1.2 2005/04/01 16:47:31 dugsong Exp $ - */ - -#ifndef X509_H -#define X509_H - -int x509_load_public(struct key *k, struct iovec *iov); -int x509_load_private(struct key *k, struct iovec *iov); - -#endif /* X509_H */ |