From dc15a186a7ed39bf27ecf5befc1c277a16d699ce Mon Sep 17 00:00:00 2001 From: flz Date: Mon, 31 Mar 2008 12:45:17 +0000 Subject: Retire pkg_sign. It was used to embed signatures in gzip'ed packages. It's not relevant since we've changed to bzip2 compression. MFC after: 1 week --- usr.sbin/pkg_install/Makefile | 6 +- usr.sbin/pkg_install/sign/Makefile | 16 -- usr.sbin/pkg_install/sign/README | 55 ----- usr.sbin/pkg_install/sign/check.c | 119 ---------- usr.sbin/pkg_install/sign/common.c | 90 ------- usr.sbin/pkg_install/sign/extern.h | 100 -------- usr.sbin/pkg_install/sign/gzip.c | 319 ------------------------- usr.sbin/pkg_install/sign/gzip.h | 95 -------- usr.sbin/pkg_install/sign/main.c | 185 --------------- usr.sbin/pkg_install/sign/pgp.h | 25 -- usr.sbin/pkg_install/sign/pgp_check.c | 196 ---------------- usr.sbin/pkg_install/sign/pgp_sign.c | 281 ---------------------- usr.sbin/pkg_install/sign/pkg_sign.1 | 211 ----------------- usr.sbin/pkg_install/sign/sha1.c | 230 ------------------ usr.sbin/pkg_install/sign/sign.c | 150 ------------ usr.sbin/pkg_install/sign/stand.c | 57 ----- usr.sbin/pkg_install/sign/stand.h | 28 --- usr.sbin/pkg_install/sign/x509.c | 428 ---------------------------------- 18 files changed, 1 insertion(+), 2590 deletions(-) delete mode 100644 usr.sbin/pkg_install/sign/Makefile delete mode 100644 usr.sbin/pkg_install/sign/README delete mode 100644 usr.sbin/pkg_install/sign/check.c delete mode 100644 usr.sbin/pkg_install/sign/common.c delete mode 100644 usr.sbin/pkg_install/sign/extern.h delete mode 100644 usr.sbin/pkg_install/sign/gzip.c delete mode 100644 usr.sbin/pkg_install/sign/gzip.h delete mode 100644 usr.sbin/pkg_install/sign/main.c delete mode 100644 usr.sbin/pkg_install/sign/pgp.h delete mode 100644 usr.sbin/pkg_install/sign/pgp_check.c delete mode 100644 usr.sbin/pkg_install/sign/pgp_sign.c delete mode 100644 usr.sbin/pkg_install/sign/pkg_sign.1 delete mode 100644 usr.sbin/pkg_install/sign/sha1.c delete mode 100644 usr.sbin/pkg_install/sign/sign.c delete mode 100644 usr.sbin/pkg_install/sign/stand.c delete mode 100644 usr.sbin/pkg_install/sign/stand.h delete mode 100644 usr.sbin/pkg_install/sign/x509.c (limited to 'usr.sbin') diff --git a/usr.sbin/pkg_install/Makefile b/usr.sbin/pkg_install/Makefile index d89e0ac..ae8d098 100644 --- a/usr.sbin/pkg_install/Makefile +++ b/usr.sbin/pkg_install/Makefile @@ -2,10 +2,6 @@ .include -SUBDIR= lib add create delete info ${_sign} updating version - -.if ${MK_OPENSSL} != "no" -_sign= sign -.endif +SUBDIR= lib add create delete info updating version .include diff --git a/usr.sbin/pkg_install/sign/Makefile b/usr.sbin/pkg_install/sign/Makefile deleted file mode 100644 index 35fe7ec..0000000 --- a/usr.sbin/pkg_install/sign/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# $FreeBSD$ -# $OpenBSD: Makefile.bsd-wrapper,v 1.2 1999/10/07 16:30:32 espie Exp $ - -PROG= pkg_sign -LINKS= ${BINDIR}/pkg_sign ${BINDIR}/pkg_check -MLINKS= pkg_sign.1 pkg_check.1 -SRCS= main.c check.c common.c gzip.c pgp_check.c pgp_sign.c \ - sha1.c sign.c stand.c x509.c - -CFLAGS+= -I${.CURDIR}/../lib - -DPADD= ${LIBINSTALL} ${LIBMD} ${LIBCRYPTO} -LDADD= ${LIBINSTALL} -lmd -lcrypto - -.include - diff --git a/usr.sbin/pkg_install/sign/README b/usr.sbin/pkg_install/sign/README deleted file mode 100644 index 8e81fcd..0000000 --- a/usr.sbin/pkg_install/sign/README +++ /dev/null @@ -1,55 +0,0 @@ -To sign packages in a transparent way: -gzip files can handle an extra field at the beginning that -stores anything we wish. - -So it's just a question to choose a format for the signature, and to -embed it there. - -We use the extra field to store signatures. Each signature consists -of a 6 bytes type marker, a 2 bytes length, followed by the signature -itself. We can potentially stack signatures: resign a signed archive -by just prepending the new signature to the extra field. - -To check the first signature, the checker just needs to extract it, pass it -off to the checking protocol (e.g. PGP), followed by the unsigned archive -(e.g., regenerate the gzip header without the first signature, then put -the gzip data). - -* Signed archives just look like normal .tar.gz files, except for programs -that use the extra field for their own purpose, -* Possibility to grab the files off the net and extract stuff/verify -signatures on the fly (just need to wedge the checker as an intermediate -pipe) -* Pretty simple, small portable code to be able to check signatures -everywhere (the signer itself needs getpass and corresponding functionality) - -The scheme should be extensible to any compressed format which allows for -extended headers. - - -Thanks to Angelos D. Keromytis for pointing out I did not need to -uncompress the archive to sign it, and to other members of the OpenBSD -project for various reasons. - --- - Marc Espie, 1999 - $OpenBSD: README,v 1.2 1999/10/04 21:46:27 espie Exp $ - --- - -X.509 notes: - -I added the ability to sign a package with an X.509 key, and to check -against a stack of X.509 certificates. This allows a "vendor" to -distribute a system with one or more certificates pre-installed, and -to add certificates in a signed package by appending them to the -default certficiate stack. - -The X.509 signatures are stored in the gzip header in the same manner -as other signatures. This is known to compile against OpenSSL -libraries on OpenBSD 2.7 and FreeBSD 5.0, your mileage may vary. - --- - - Wes Peters, Dec 2000 - $FreeBSD$ diff --git a/usr.sbin/pkg_install/sign/check.c b/usr.sbin/pkg_install/sign/check.c deleted file mode 100644 index cfc3bfa..0000000 --- a/usr.sbin/pkg_install/sign/check.c +++ /dev/null @@ -1,119 +0,0 @@ -/* $OpenBSD: check.c,v 1.2 1999/10/04 21:46:27 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -/* Simple code for a stand-alone package checker */ -#include -#include -#include -#include -#include "stand.h" -#include "pgp.h" -#include "gzip.h" -#include "extern.h" - -struct checker { - void *context; - void (*add)(void *, const char *, size_t); - int (*get)(void *); - int status; -}; - -#define MAX_CHECKERS 20 - -int -check_signature(file, userid, envp, filename) - /*@dependent@*/FILE *file; - const char *userid; - char *envp[]; - /*@observer@*/const char *filename; -{ - struct signature *sign; - struct mygzip_header h; - int status; - char buffer[1024]; - size_t length; - struct checker checker[MAX_CHECKERS]; - struct signature *sweep; - int i, j; - - status = read_header_and_diagnose(file, &h, &sign, filename); - if (status != 1) - return PKG_UNSIGNED; - - for (sweep = sign, i = 0; - sweep != NULL && i < MAX_CHECKERS; - sweep=sweep->next, i++) { - switch(sweep->type) { - case TAG_OLD: - fprintf(stderr, "File %s uses old signatures, no longer supported\n", - filename); - checker[i].context = NULL; - break; - case TAG_X509: - checker[i].context = new_x509_checker(&h, sweep, userid, envp, filename); - checker[i].add = x509_add; - checker[i].get = x509_sign_ok; - break; - case TAG_SHA1: - checker[i].context = new_sha1_checker(&h, sweep, userid, envp, filename); - checker[i].add = sha1_add; - checker[i].get = sha1_sign_ok; - break; - case TAG_PGP: - checker[i].context = new_pgp_checker(&h, sweep, userid, envp, filename); - checker[i].add = pgp_add; - checker[i].get = pgp_sign_ok; - break; - default: - abort(); - } - } - while ((length = fread(buffer, 1, sizeof buffer, file)) > 0) { - for (j = 0; j < i; j++) { - if (checker[j].context) { - (*checker[j].add)(checker[j].context, buffer, length); - } - } - } -// for (j = i-1; j >= 0; j--) - for (j = 0; j < i; j++) { - if (checker[j].context) { - checker[j].status = (*checker[j].get)(checker[j].context); - } else { - checker[j].status = PKG_SIGERROR; - } - } - free_signature(sign); - return checker[0].status; -} - diff --git a/usr.sbin/pkg_install/sign/common.c b/usr.sbin/pkg_install/sign/common.c deleted file mode 100644 index ec32357..0000000 --- a/usr.sbin/pkg_install/sign/common.c +++ /dev/null @@ -1,90 +0,0 @@ -/* $OpenBSD: common.c,v 1.3 1999/10/07 16:30:32 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include "stand.h" -#include "gzip.h" -#include "pgp.h" -#include "extern.h" - -/* Ensure consistent diagnostics */ -int -read_header_and_diagnose(file, h, sign, filename) - FILE *file; - struct mygzip_header *h; - struct signature **sign; - const char *filename; -{ - switch(gzip_read_header(file, h, sign)) { - case GZIP_SIGNED: - if (sign == NULL) { - fprintf(stderr, "File %s is already signed\n", filename); - return 0; - } else - return 1; - case GZIP_UNSIGNED: - if (sign != NULL) { - fprintf(stderr, "File %s is not a signed gzip file\n", filename); - return 0; - } else - return 1; - case GZIP_NOT_GZIP: - fprintf(stderr, "File %s is not a gzip file\n", filename); - return 0; - case GZIP_NOT_PGPSIGNED: - fprintf(stderr, "File %s contains an unknown extension\n", filename); - return 0; - default: - /* this should not happen */ - abort(); - } -} - -int -reap(pid) - pid_t pid; -{ - int pstat; - pid_t result; - - do { - result = waitpid(pid, &pstat, 0); - } while (result == -1 && errno == EINTR); - return result == -1 ? -1 : pstat; -} - diff --git a/usr.sbin/pkg_install/sign/extern.h b/usr.sbin/pkg_install/sign/extern.h deleted file mode 100644 index 12a1ab5..0000000 --- a/usr.sbin/pkg_install/sign/extern.h +++ /dev/null @@ -1,100 +0,0 @@ -/* $FreeBSD$ */ -/* $OpenBSD: extern.h,v 1.3 1999/10/07 16:30:32 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Convention: all functions that operate on a FILE * also take a filename - * for diagnostic purposes. The file can be connected to a pipe, so - * - don't rewind - * - don't reopen from filename. - */ - -struct mygzip_header; -struct signature; - -/* main.c */ -extern int verbose; -extern int quiet; -extern char *userkey; - -/* common.c */ -extern int read_header_and_diagnose(FILE *file, \ - /*@out@*/struct mygzip_header *h, /*@null@*/struct signature **sign, \ - const char *filename); -extern int reap(pid_t pid); - -/* sign.c */ -extern int sign(/*@observer@*/const char *filename, int type, \ - /*@null@*/const char *userid, char *envp[]); - -/* check.c */ -extern int check_signature(/*@dependent@*/FILE *file, \ - /*@null@*/const char *userid, char *envp[], \ - /*@observer@*/const char *filename); - -#define PKG_BADSIG 0 -#define PKG_GOODSIG 1 -#define PKG_UNSIGNED 2 -#define PKG_SIGNED 4 -#define PKG_SIGERROR 8 -#define PKG_SIGUNKNOWN 16 - -typedef /*@observer@*/char *pchar; - -#define MAXID 512 -/* sha1.c */ -#define SHA1_DB_NAME "/var/db/pkg/SHA1" - -extern void *new_sha1_checker(struct mygzip_header *h, \ - struct signature *sign, const char *userid, char *envp[], \ - const char *filename); - -extern void sha1_add(void *arg, const char *buffer, \ - size_t length); - -extern int sha1_sign_ok(void *arg); - -extern int retrieve_sha1_marker(const char *filename, \ - struct signature **sign, const char *userid); - -/* x509.c */ -#define X509_DB_NAME "/var/db/pkg/X509" - -extern void *new_x509_checker(struct mygzip_header *h, \ - struct signature *sign, const char *userid, char *envp[], \ - const char *filename); - -extern void x509_add(void *arg, const char *buffer, \ - size_t length); - -extern int x509_sign_ok(void *arg); - -extern int retrieve_x509_marker(const char *filename, \ - struct signature **sign, const char *userid); diff --git a/usr.sbin/pkg_install/sign/gzip.c b/usr.sbin/pkg_install/sign/gzip.c deleted file mode 100644 index 33d9bae..0000000 --- a/usr.sbin/pkg_install/sign/gzip.c +++ /dev/null @@ -1,319 +0,0 @@ -/* $OpenBSD: gzip.c,v 1.3 1999/10/04 21:46:28 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include "stand.h" -#include "gzip.h" -#include "pgp.h" - -/* - * Signatures follow a simple format - * (endianess was chosen to conform to gzip header format) - */ - -SIGNTAG known_tags[KNOWN_TAGS] = { - {'S', 'I', 'G', 'P', 'G', 'P', 0, 0 }, - {'C', 'K', 'S', 'H', 'A', '1', 0, 0 }, - {'C', 'R', 'X', '5', '0', '9', 0, 0 }, - {'S', 'i', 'g', 'P', 'G', 'P', 0, 0 } /* old format */ -}; - -void -sign_fill_tag(sign) - struct signature *sign; -{ - sign->tag[6] = sign->length % 256; - sign->tag[7] = sign->length / 256; -} - -void -sign_fill_length(sign) - struct signature *sign; -{ - sign->length = sign->tag[6] + 256 * sign->tag[7]; -} - -static size_t -stack_sign(match, t, f, sign) - SIGNTAG match; - int t; - FILE *f; - struct signature **sign; -{ - struct signature *new_sign; - size_t length; - - new_sign = malloc(sizeof *new_sign); - if (new_sign == NULL) - return 0; - new_sign->type = t; - new_sign->next = NULL; - memcpy(new_sign->tag, match, sizeof(SIGNTAG)); - sign_fill_length(new_sign); - new_sign->data = malloc(new_sign->length); - if (new_sign->data == NULL || - fread(new_sign->data, 1, new_sign->length, f) != new_sign->length) { - free_signature(new_sign); - return 0; - } - length = new_sign->length; - if (sign != NULL) { - if (!*sign) - *sign = new_sign; - else { - while ((*sign)->next != NULL) - sign = &((*sign)->next); - (*sign)->next = new_sign; - } - } else - free_signature(new_sign); - return length; -} - - -static int -add_sign(f, sign) - FILE *f; - struct signature **sign; -{ - SIGNTAG match; - int i; - - if (fread(match, 1, sizeof(SIGNTAG), f) != sizeof(SIGNTAG)) - return -1; - for (i = 0; i < KNOWN_TAGS; i++) { - if (memcmp(match, known_tags[i], TAGCHECK) == 0) { - unsigned int sign_length = stack_sign(match, i, f, sign); - if (sign_length > 0) - return sign_length + sizeof(SIGNTAG); - else - return -1; - } - } - return 0; -} - -static int -gzip_magic(f) - FILE *f; -{ - int c, d; - - c = fgetc(f); - d = fgetc(f); - if ((unsigned char)c != (unsigned char)GZIP_MAGIC0 - || (unsigned char)d != (unsigned char)GZIP_MAGIC1) - return 0; - else - return 1; -} - -static int -fill_gzip_fields(f, h) - FILE *f; - struct mygzip_header *h; -{ - int method, flags; - - method = fgetc(f); - flags = fgetc(f); - - if (method == EOF || flags == EOF || fread(h->stamp, 1, 6, f) != 6) - return 0; - h->method = (char)method; - h->flags = (char)flags; - if ((h->flags & CONTINUATION) != 0) - if (fread(h->part, 1, 2, f) != 2) - return 0; - return 1; -} - -/* retrieve a gzip header, including signatures */ -int -gzip_read_header(f, h, sign) - FILE *f; - struct mygzip_header *h; - struct signature **sign; -{ - if (sign != NULL) - *sign = NULL; - if (!gzip_magic(f) || !fill_gzip_fields(f, h)) - return GZIP_NOT_GZIP; - - if ((h->flags & EXTRA_FIELD) == 0) { - h->remaining = 0; - return GZIP_UNSIGNED; - } - else { - int c; - - c = fgetc(f); - if (c == EOF) - return GZIP_NOT_GZIP; - h->remaining = (unsigned)c; - c = fgetc(f); - if (c == EOF) - return GZIP_NOT_PGPSIGNED; - h->remaining += ((unsigned) c) << 8; - while (h->remaining >= sizeof(SIGNTAG)) { - int sign_length = add_sign(f, sign); - if (sign_length > 0) - h->remaining -= sign_length; - if (sign_length < 0) - return GZIP_NOT_GZIP; - if (sign_length == 0) - return GZIP_SIGNED; - } - return GZIP_SIGNED; - } -} - -static unsigned -sign_length(sign) - struct signature *sign; -{ - unsigned total = 0; - - while (sign != NULL) { - total += sizeof(SIGNTAG) + sign->length; - sign = sign->next; - } - return total; -} - -struct mydata { - FILE *file; - int ok; -}; - -static void myadd(arg, buffer, size) - void *arg; - const char *buffer; - size_t size; -{ - struct mydata *d = arg; - - if (fwrite(buffer, 1, size, d->file) == size) - d->ok = 1; - else - d->ok = 0; -} - -/* write a gzip header, including signatures */ -int -gzip_write_header(f, h, sign) - FILE *f; - const struct mygzip_header *h; - struct signature *sign; -{ - struct mydata d; - d.file = f; - if (gzip_copy_header(h, sign, myadd, &d) == 0) - return 0; - return d.ok; -} - -int -gzip_copy_header(h, sign, add, data) - const struct mygzip_header *h; - struct signature *sign; - void (*add)(void *, const char *, size_t); - void *data; -{ - char flags; - size_t length; - size_t buflength; - size_t i; - char *buffer; - - length = h->remaining + sign_length(sign); - if (length) { - buflength = length + 2; - flags = h->flags | EXTRA_FIELD; - } else { - flags = h->flags & ~EXTRA_FIELD; - buflength = 0; - } - buflength += 10; - if ((h->flags & CONTINUATION) != 0) - buflength += 2; - - buffer = malloc(buflength); - if (buffer == NULL) - return 0; - - i = 0; - buffer[i++] = GZIP_MAGIC0; - buffer[i++] = GZIP_MAGIC1; - buffer[i++] = h->method; - buffer[i++] = flags; - memcpy(buffer+i, h->stamp, 6); - i += 6; - if ((flags & CONTINUATION) != 0) { - memcpy(buffer+i, h->part, 2); - i += 2; - } - if (length) { - buffer[i++] = (char)(length % 256); - buffer[i++] = (char)(length / 256); - while (sign != NULL) { - memcpy(buffer+i, sign->tag, sizeof(SIGNTAG)); - i += sizeof(SIGNTAG); - memcpy(buffer+i, sign->data, sign->length); - i += sign->length; - sign = sign->next; - } - } - (*add)(data, buffer, buflength); - free(buffer); - return 1; -} - -void -free_signature(sign) - struct signature *sign; -{ - struct signature *next; - - while (sign != NULL) { - next = sign->next; - free(sign->data); - free(sign); - sign = next; - } -} diff --git a/usr.sbin/pkg_install/sign/gzip.h b/usr.sbin/pkg_install/sign/gzip.h deleted file mode 100644 index 7db388e..0000000 --- a/usr.sbin/pkg_install/sign/gzip.h +++ /dev/null @@ -1,95 +0,0 @@ -/* $FreeBSD$ */ -/* $OpenBSD: gzip.h,v 1.2 1999/10/04 21:46:28 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#define GZIP_MAGIC0 '\037' -#define GZIP_MAGIC1 '\213' -/* flags values */ -#define CONTINUATION 0x02 -#define EXTRA_FIELD 0x04 - -/* - * Meaningful fields in a gzip header, see gzip proper for details. - * This structure should not be fiddled with outside of gzip_read_header - * and gzip_write_header - */ -struct mygzip_header { - char method; - char flags; - char stamp[6]; - char part[2]; - /* remaining extra, after know signs have been read */ - unsigned int remaining; -}; - -#define TAGSIZE 8 -#define TAGCHECK 6 - -typedef unsigned char SIGNTAG[8]; - -/* stack of signatures */ -struct signature { - SIGNTAG tag; - int type; - int length; - char *data; - struct signature *next; -}; - -/* returns from gzip_read_header */ -#define GZIP_UNSIGNED 0 /* gzip file, no signature */ -#define GZIP_SIGNED 1 /* gzip file, signature parsed ok */ -#define GZIP_NOT_GZIP 2 /* not a proper gzip file */ -#define GZIP_NOT_PGPSIGNED 3 /* gzip file, unknown extension */ -extern int gzip_read_header(FILE *f, /*@out@*/struct mygzip_header *h, \ - /*@null@*/struct signature **sign); -/* gzip_write_header returns 1 for success */ -extern int gzip_write_header(FILE *f, const struct mygzip_header *h, \ - /*@null@*/struct signature *sign); -/* - * Writing header to memory. Returns size needed, or 0 if buffer too small - * buffer must be at least 14 characters - */ -extern int gzip_copy_header(const struct mygzip_header *h, \ - /*@null@*/struct signature *sign, \ - void (*add)(void *, const char *, size_t), void *data); - -extern void free_signature(/*@null@*/struct signature *sign); -extern void sign_fill_tag(struct signature *sign); -#define KNOWN_TAGS 4 -#define TAG_PGP 0 -#define TAG_SHA1 1 -#define TAG_X509 2 -#define TAG_OLD 3 -#define TAG_ANY -1 -#define pgptag (known_tags[TAG_PGP]) -#define sha1tag (known_tags[TAG_SHA1]) -#define x509tag (known_tags[TAG_X509]) -extern SIGNTAG known_tags[KNOWN_TAGS]; diff --git a/usr.sbin/pkg_install/sign/main.c b/usr.sbin/pkg_install/sign/main.c deleted file mode 100644 index 0161efe..0000000 --- a/usr.sbin/pkg_install/sign/main.c +++ /dev/null @@ -1,185 +0,0 @@ -/* $OpenBSD: main.c,v 1.2 1999/10/04 21:46:28 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include "stand.h" -#include "gzip.h" -#include "pgp.h" -#include "extern.h" - -#ifdef __OpenBSD__ -extern char *__progname; -#define argv0 __progname -#else -static char *argv0; -#endif - -#define NM_SIGN "pkg_sign" - -int verbose = 0; -int quiet = 0; -char *userkey = NULL; - -static void -usage() -{ - fprintf(stderr, "usage: %s [-sc] [-t type] [-u userid] [-k keyfile] pkg1 ...\n", argv0); - exit(EXIT_FAILURE); -} - -#define SIGN 0 -#define CHECK 1 - -/* wrapper for the check_signature function (open file if needed) */ -static int -check(filename, type, userid, envp) - /*@observer@*/const char *filename; - int type; - /*@null@*/const char *userid; - char *envp[]; -{ - int result; - FILE *file; - - if (strcmp(filename, "-") == 0) - return check_signature(stdin, userid, envp, "stdin"); - file = fopen(filename, "r"); - if (file == NULL) { - fprintf(stderr, "Can't open %s\n", filename); - return 0; - } - result = check_signature(file, userid, envp, filename); - if (fclose(file) == 0) { - if (result == PKG_BADSIG || result == PKG_SIGERROR) - return 0; - else - return 1; - } else - return 0; -} - -int -main(argc, argv, envp) - int argc; - char *argv[]; - char *envp[]; -{ - int success = 1; - int ch; - char *userid = NULL; - int mode; - int i; - int type = TAG_ANY; - -#ifndef BSD4_4 - set_program_name(argv[0]); -#endif -#ifdef CHECKER_ONLY - mode = CHECK; -#else -#ifndef __OpenBSD__ - if ((argv0 = strrchr(argv[0], '/')) != NULL) - argv0++; - else - argv0 = argv[0]; -#endif - if (strcmp(argv0, NM_SIGN) == 0) - mode = SIGN; - else - mode = CHECK; -#endif - - while ((ch = getopt(argc, argv, "t:u:k:qscv")) != -1) { - switch(ch) { - case 't': - if (strcmp(optarg, "pgp") == 0) - type = TAG_PGP; - else if (strcmp(optarg, "sha1") == 0) - type = TAG_SHA1; - else if (strcmp(optarg, "x509") == 0) - type = TAG_X509; - else - usage(); - break; - case 'u': - userid = strdup(optarg); - break; - - case 'k': - userkey = optarg; - break; - - case 'q': - quiet = 1; - break; - -#ifndef CHECKER_ONLY - case 's': - mode = SIGN; - break; -#endif - case 'c': - mode = CHECK; - break; - - case 'v': - verbose = 1; - break; - default: - usage(); - } - } - argc -= optind; - argv += optind; - if (argc == 0) { - if (mode == CHECK) - success &= check("-", 0, userid, envp); - else - usage(); - } - -#ifndef CHECKER_ONLY - if (mode == SIGN && type == TAG_ANY) - type = TAG_PGP; - if (mode == SIGN && type == TAG_PGP) - handle_pgp_passphrase(); -#endif - for (i = 0; i < argc; i++) - success &= (mode == SIGN ? sign : check)(argv[i], type, userid, envp); - exit(success == 1 ? EXIT_SUCCESS : EXIT_FAILURE); -} diff --git a/usr.sbin/pkg_install/sign/pgp.h b/usr.sbin/pkg_install/sign/pgp.h deleted file mode 100644 index db70a8b..0000000 --- a/usr.sbin/pkg_install/sign/pgp.h +++ /dev/null @@ -1,25 +0,0 @@ -/* $FreeBSD$ */ -/* $OpenBSD: pgp.h,v 1.2 1999/10/04 21:46:28 espie Exp $ */ -/* Estimate size of pgp signature */ -#define MAXPGPSIGNSIZE 1024 - -#ifndef PGP -#define PGP "/usr/local/bin/pgp" -#endif - -struct mygzip_header; -struct signature; - -extern void *new_pgp_checker(struct mygzip_header *h, \ - struct signature *sign, const char *userid, char *envp[], \ - const char *filename); - -extern void pgp_add(void *arg, const char *buffer, \ - size_t length); - -extern int pgp_sign_ok(void *arg); - -extern void handle_pgp_passphrase(void); - -extern int retrieve_pgp_signature(const char *filename, \ -struct signature **sign, const char *userid, char *envp[]); diff --git a/usr.sbin/pkg_install/sign/pgp_check.c b/usr.sbin/pkg_install/sign/pgp_check.c deleted file mode 100644 index 52b0345..0000000 --- a/usr.sbin/pkg_install/sign/pgp_check.c +++ /dev/null @@ -1,196 +0,0 @@ -/* $OpenBSD: pgp_check.c,v 1.2 1999/10/07 16:30:32 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include -#include -#include "stand.h" -#include "pgp.h" -#include "gzip.h" -#include "extern.h" - -#ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" -#endif - -/* transform current process into pgp signature checker -u userid type == TAG_PGP); - n = malloc(sizeof *n); - - { - struct stat sbuf; - - if (stat(PGP, &sbuf) == -1) { - warnx("%s does not exist", PGP); - return NULL; - } - } - if (n == NULL) { - warnx("Can't allocate pgp_checker"); - return NULL; - } - - if (pipe(topgpcheck) == -1) { - warn("Pgp checker pipe"); - free(n); - return NULL; - } - switch(n->id = fork()) { - case -1: - warn("Pgp checker process"); - free(n); - return NULL; - case 0: - if (close(topgpcheck[1]) == -1) - exit(errno); - pgpcheck(topgpcheck[0], userid, envp); - /*@notreached@*/ - break; - default: - (void)close(topgpcheck[0]); - break; - } - n->fdout = topgpcheck[1]; - /* so that subsequent fork() won't duplicate it inadvertently */ - (void)fcntl(n->fdout, F_SETFD, FD_CLOEXEC); -#ifdef DEBUG_DUMP - n->out = fopen("compare", "w"); -#endif - n->status = PKG_GOODSIG; - - pgp_add(n, sign->data, sign->length); - if (gzip_copy_header(h, sign->next, pgp_add, n) == 0) { - warnx("Unexpected header in %s", filename); - n->status = PKG_SIGERROR; - } - return n; -} - -void -pgp_add(arg, buffer, length) - void *arg; - const char *buffer; - size_t length; -{ - struct pgp_checker *n = arg; - - if (n->status == PKG_GOODSIG) { -#ifdef DEBUG_DUMP - fwrite(buffer, 1, length, n->out); -#endif - while (length > 0) { - ssize_t l = write(n->fdout, buffer, length); - if (l == -1) { - n->status = PKG_SIGERROR; - break; - } - length -= l; - buffer += l; - } - } -} - -int -pgp_sign_ok(arg) - void *arg; -{ - struct pgp_checker *n = arg; - int status = n->status; - -#ifdef DEBUG_DUMP - fclose(n->out); -#endif - if (close(n->fdout) != 0) - status = PKG_SIGERROR; - if (reap(n->id) != 0) - status = PKG_BADSIG; - free(n); - return status; -} diff --git a/usr.sbin/pkg_install/sign/pgp_sign.c b/usr.sbin/pkg_install/sign/pgp_sign.c deleted file mode 100644 index 78992ff..0000000 --- a/usr.sbin/pkg_install/sign/pgp_sign.c +++ /dev/null @@ -1,281 +0,0 @@ -/* $OpenBSD: pgp_sign.c,v 1.1 1999/10/04 21:46:29 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "stand.h" -#include "pgp.h" -#include "gzip.h" -#include "extern.h" - -static void -pgpsign(fdin, fdout, userid, envp) - int fdin, fdout; - const char *userid; - char *envp[]; -{ - pchar argv[10]; - int argc = 0; - - argv[argc++] = PGP; - argv[argc++] = "+batchmode"; - argv[argc++] = "+compress=off"; - argv[argc++] = "-f"; - argv[argc++] = "-s"; - argv[argc++] = "-zAthlon"; - - if (userid) { - argv[argc++] = "-u"; - argv[argc++] = (char *)userid; - } - argv[argc++] = NULL; - assert(argc <= sizeof argv / sizeof(pchar)); - - if (dup2(fdin, fileno(stdin)) == -1 || - dup2(fdout, fileno(stdout)) == -1 || - execve(PGP, argv, envp) == -1) - exit(errno); -} - -static struct signature * -new_pgpsignature(old) - struct signature *old; -{ - struct signature *n; - - n = malloc(sizeof(*n)); - if (n != NULL) { - n->data = malloc(MAXPGPSIGNSIZE); - if (n->data == NULL) { - free(n); - return NULL; - } - n->length = 0; - n->next = old; - n->type = TAG_PGP; - memcpy(n->tag, pgptag, sizeof pgptag); - } - return n; -} - -int -retrieve_pgp_signature(filename, sign, userid, envp) - const char *filename; - struct signature **sign; - const char *userid; - char *envp[]; -{ - int topgp[2], frompgp[2]; - pid_t pgpid; - struct mygzip_header h; - int success; - - FILE *orig, *dest, *signin; - struct signature *old; - - orig = fopen(filename, "r"); - if (orig == NULL) - return 0; - if (gzip_read_header(orig, &h, &old) == GZIP_NOT_GZIP) { - warnx("File %s is not a gzip file\n", filename); - fclose(orig); - return 0; - } - - if (pipe(topgp) == -1) { - fclose(orig); - return 0; - } - if (pipe(frompgp) == -1) { - fclose(orig); - (void)close(topgp[0]); - (void)close(topgp[1]); - return 0; - } - switch(pgpid = fork()) { - case 0: - (void)close(topgp[1]); - (void)close(frompgp[0]); - pgpsign(topgp[0], frompgp[1], userid, envp); - /*NOT REACHED */ - case -1: - (void)close(topgp[0]); - (void)close(topgp[1]); - (void)close(frompgp[0]); - (void)close(frompgp[1]); - fclose(orig); - return 0; - default: - (void)close(topgp[0]); - (void)close(frompgp[1]); - } - - dest = fdopen(topgp[1], "w"); - if (dest == NULL) { - (void)close(topgp[1]); - (void)close(frompgp[0]); - (void)reap(pgpid); - return 0; - } - - success = 1; - if (gzip_write_header(dest, &h, old) == 0) - success = 0; - else { - int c; - - while ((c = fgetc(orig)) != EOF && fputc(c, dest) != EOF) - ; - if (ferror(dest)) - success = 0; - } - if (fclose(dest) != 0) - success = 0; - - if (fclose(orig) != 0) - success = 0; - - signin = fdopen(frompgp[0], "r"); - if (signin == NULL) { - (void)close(frompgp[0]); - } else { - enum { NONE, FIRST, DONE, COPY} magic = NONE; - int c; -#ifdef DEBUG_DUMP - FILE *out = fopen("dump", "w"); -#endif - - if ((*sign = new_pgpsignature(old)) == NULL) - success = 0; - else { - while ((c = fgetc(signin)) != EOF && magic != DONE && - (*sign)->length < MAXPGPSIGNSIZE) { - switch(magic) { - case NONE: - (*sign)->data[(*sign)->length++] = c; - if ((unsigned char)c == (unsigned char)GZIP_MAGIC0) - magic = FIRST; - break; - case FIRST: - (*sign)->data[(*sign)->length++] = c; - if ((unsigned char)c == (unsigned char)GZIP_MAGIC1) -#ifdef DEBUG_DUMP - magic = COPY; -#else - magic = DONE; -#endif - else if ((unsigned char)c != (unsigned char)GZIP_MAGIC0) - magic = NONE; - break; - case DONE: - case COPY: - break; - } -#ifdef DEBUG_DUMP - fputc(c, out); -#endif - } - if ((*sign)->length == MAXPGPSIGNSIZE) - success = 0; - (*sign)->length -= 2; - sign_fill_tag(*sign); - } - fclose(signin); -#ifdef DEBUG_DUMP - fclose(out); -#endif - reap(pgpid); - } - return success; -} - -void -handle_pgp_passphrase() -{ - pid_t pid; - int fd[2]; - char *p; - -printf("Short-circuiting %s\n", __func__); -return; - - /* Retrieve the pgp passphrase */ - p = getpass("Enter passphrase:"); - - /* - * Somewhat kludgy code to get the passphrase to pgp, see - * pgp documentation for the gore - */ - if (pipe(fd) != 0) { - perror("pkg_sign"); - exit(EXIT_FAILURE); - } - switch(pid = fork()) { - case -1: - perror("pkg_sign"); - exit(EXIT_FAILURE); - case 0: - { - (void)close(fd[0]); - /* - * The child fills the pipe with copies of the passphrase. - * Expect violent death when father exits. - */ - printf("Child process %d stuffing passphrase in pipe:\n", getpid()); - for(;;) { - char c = '\n'; - (void)write(fd[1], p, strlen(p)); - (void)write(fd[1], &c, 1); - putchar('.'); fflush(stdout); - } - } - default: - { - char buf[10]; - - sleep(1); - (void)close(fd[1]); - (void)sprintf(buf, "%d", fd[0]); - (void)setenv("PGPPASSFD", buf, 1); - printf("Parent process PGPPASSFD=%d.\n", fd[0]); - } - } -} - diff --git a/usr.sbin/pkg_install/sign/pkg_sign.1 b/usr.sbin/pkg_install/sign/pkg_sign.1 deleted file mode 100644 index 661d20e..0000000 --- a/usr.sbin/pkg_install/sign/pkg_sign.1 +++ /dev/null @@ -1,211 +0,0 @@ -.\" $FreeBSD$ -.\" $OpenBSD: pkg_sign.1,v 1.6 2000/04/15 02:15:20 aaron Exp $ -.\" -.\" Copyright (c) 1999 Marc Espie. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by Marc Espie for the OpenBSD -.\" Project. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS -.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD -.\" PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.Dd September 24, 1999 -.Dt PKG_SIGN 1 -.Os -.Sh NAME -.Nm pkg_sign , -.Nm pkg_check -.Nd handle package signatures -.Sh SYNOPSIS -.Nm -.Op Fl sc -.Op Fl t Ar type -.Op Fl u Ar id -.Op Fl k Ar key -.Op Ar -.Nm pkg_check -.Op Fl sc -.Op Fl u Ar id -.Op Fl k Ar cert -.Op Ar -.Sh DESCRIPTION -The -.Nm -utility embeds a cryptographic signature within a gzip file -.Ar file . -.Ar type -can be -.Cm pgp -(default), -.Cm sha1 , -or -.Cm x509 . -If -.Ar type -is -.Cm pgp , -it will always prompt you for a passphrase to unlock your private -pgp key, even if you do not use a passphrase (which is a bad idea, anyway). -If -.Ar type -is -.Cm sha1 , -you must supply an -.Ar id , -which will be recorded as the name of the package, and printed as the -SHA1 checksum. -.Pp -The -.Nm pkg_check -utility checks that cryptographic signature. -It currently disregards -.Ar type -and checks only the topmost signature. -For -.Cm sha1 , -it checksums the file -and verifies that the result matches the list of checksums recorded in -.Pa /var/db/pkg/SHA1 . -.Pp -Options -.Fl s -and -.Fl c -can be used to force package signing or signature checking mode. -.Pp -For -.Cm pgp , -the -.Ar id -to use to sign the package or verify the signature can be forced with -.Fl u . -.Pp -For -.Cm x509 , -the signing key or verification certificate may be -specified with the -.Fl k -option. -If not specified, packages are signed or verified with the -default keys and certificates documented below. -.Pp -If -.Ar file -is a single dash -.Pq Sq Fl -or absent, -.Nm -reads from the standard input. -.Pp -Package signing uses a feature of the gzip format, namely that one can -set a flag -.Dv EXTRA_FIELD -in the gzip header and store extra data between the gzip header and the -compressed file proper. -The -.Ox -signing scheme uses eight bytes markers such -.Sq Li SIGPGP -+ length or -.Sq CKSHA1 -+ length for its signatures (those markers are conveniently -eight bytes long). -.Sh FILES -.Bl -tag -width "/usr/local/bin/pgp" -compact -.It Pa file.sign -Temporary file built by -.Nm -from -.Ar file . -.It Pa /usr/local/bin/pgp -Default path to -.Xr pgp 1 . -.It Pa /var/db/pkgs/SHA1 -Recorded checksums. -.It Pa /etc/ssl/pkg.key -Default package signing key. -.It Pa /etc/ssl/pkg.crt -Default package verification certificate(s). -.El -.Sh EXIT STATUS -The -.Nm -and -.Nm pkg_check -utilities return with an exit code >0 if anything went wrong for any -.Ar file . -For -.Nm pkg_check , -this usually indicates that the package is not signed, or that the -signature is forged. -.Sh DIAGNOSTICS -.Bl -diag -.It "File %s is already signed" -There is a signature embedded within the gzip file already. -The -.Nm -utility currently does not handle multiple signatures. -.It "File %s is not a signed gzip file" -This is an unsigned package. -.It "File %s is not a gzip file" -The program could not find a proper gzip header. -.It "File %s contains an unknown extension" -The extended area of the gzip file has been used for an unknown purpose. -.It "File %s uses old signatures, no longer supported" -The gzip file uses a very early version of package signing that was -substantially slower. -.El -.Sh SEE ALSO -.Xr gzip 1 , -.Xr pgp 1 , -.Xr pkg_add 1 , -.Xr sha1 1 -.Sh AUTHORS -.An -nosplit -A -.Nm -utility was created by -.An Marc Espie -for the -.Ox -Project. -X.509 signatures and -.Fx -support added by -.An Wes Peters Aq wes@softweyr.com . -.Sh BUGS -The -.Xr pgp 1 -utility is an ill-designed program, which is hard to interface with. -For instance, the `separate signing scheme' it pretends to offer is -useless, as it cannot be used with pipes, so that -.Nm pgp_sign -needs to kludge it by knowing the length of a pgp signature, and invoking -pgp in `seamless' signature mode, without compression of the main file, -and just retrieving the signature. -.Pp -The checking scheme is little less convoluted, namely we rebuild the file -that pgp expects on the fly. -.Pp -Paths to -.Nm pgp -and -the checksum file are hard-coded to avoid tampering and hinder flexibility. diff --git a/usr.sbin/pkg_install/sign/sha1.c b/usr.sbin/pkg_install/sign/sha1.c deleted file mode 100644 index 272ae31..0000000 --- a/usr.sbin/pkg_install/sign/sha1.c +++ /dev/null @@ -1,230 +0,0 @@ -/* $OpenBSD: sha1.c,v 1.1 1999/10/04 21:46:29 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include -#include "stand.h" -#include "gzip.h" -#include "extern.h" - -/* private context for sha1 signature checker */ -struct sha1_checker { - SHA_CTX context; - const char *id; - const char *filename; -}; - - -#define SHA1_TEMPLATE "SHA1 (%s) = " -#define BUFSIZE (MAXID+sizeof(SHA1_TEMPLATE)+2*SHA_DIGEST_LENGTH+1) - -/* - * Finalize SHA1 checksum for our sha1_context into result - * (size at least BUFSIZE). Returns the length of the checksum - * marker, e.g., SHA1 (id) = xxxxxxxxx - * ^here - * Return 0 for errors. - */ -size_t -sha1_build_checksum(result, n) - char *result; - struct sha1_checker *n; -{ - size_t length; - - snprintf(result, BUFSIZE-2*SHA_DIGEST_LENGTH-1, SHA1_TEMPLATE, n->id); - length = strlen(result); - SHA1_End(&n->context, result + length); - strcat(result, "\n"); - free(n); - return length; -} - -void * -new_sha1_checker(h, sign, userid, envp, filename) - struct mygzip_header *h; - struct signature *sign; - const char *userid; - char *envp[]; - /*@observer@*/const char *filename; -{ - struct sha1_checker *n; - - assert(sign->type == TAG_SHA1); - /* make sure data conforms to what we can handle */ - if (sign->length > MAXID || sign->data[sign->length-1] != '\0') { - warnx("Corrupted SHA1 header in %s", filename); - return 0; - } - - n = malloc(sizeof *n); - if (n == NULL) { - warnx("Can't allocate sha1_checker"); - return NULL; - } - SHA1_Init(&n->context); - n->id = sign->data; - n->filename = filename; - - /* copy header, as this is a checksum, we don't strip our own marker */ - if (gzip_copy_header(h, sign, sha1_add, n) == 0) { - warnx("Unexpected header in %s", filename); - free(n); - return 0; - } - return n; -} - -void -sha1_add(arg, buffer, length) - void *arg; - const char *buffer; - size_t length; -{ - struct sha1_checker *n = arg; - SHA1_Update(&n->context, buffer, length); -} - -int -sha1_sign_ok(arg) - void *arg; -{ - struct sha1_checker *n = arg; - char buffer[BUFSIZE]; - char scan[BUFSIZE]; - size_t length; - FILE *f; - int tag_found; - - length = sha1_build_checksum(buffer, n); - f= fopen(SHA1_DB_NAME, "r"); - tag_found = 0; - - if (f == NULL) { - warn("Can't access checksum file %s", SHA1_DB_NAME); - return PKG_BADSIG; - } - while (fgets(scan, sizeof(scan), f) != NULL) { - if (strcmp(scan, buffer) == 0) { - fprintf(stderr, "Checksum ok\n"); - return PKG_GOODSIG; - } - if (strncmp(scan, buffer, length) == 0) - tag_found = 1; - } - - if (tag_found) { - warnx("Checksum incorrect for %s (%s)", n->filename, n->id); - return PKG_BADSIG; - } else { - warnx("No checksum found for %s (%s)", n->filename, n->id); - return PKG_SIGUNKNOWN; - } -} - -int -retrieve_sha1_marker(filename, sign, userid) - const char *filename; - struct signature **sign; - const char *userid; -{ - struct signature *n; - struct mygzip_header h; - FILE *f; - char buffer[1024]; - char result[BUFSIZE]; - ssize_t length = -1; - struct sha1_checker *checker; - - *sign = NULL; - if (userid == NULL) - return 0; - - /* - * Create a blank signature and fill it with the userid. - */ - n = malloc(sizeof *n); - if (n == NULL) - return 0; - n->length = strlen(userid)+1; - n->data = malloc(n->length); - if (n->data == NULL) { - free(n); - return 0; - } - memcpy(n->data, userid, n->length); - n->type = TAG_SHA1; - memcpy(n->tag, sha1tag, sizeof sha1tag); - sign_fill_tag(n); - - /* - * Read the gzip header and add our "userid" signature to it. - */ - f = fopen(filename, "r"); - if (f == NULL) { - free(n); - return 0; - } - if (gzip_read_header(f, &h, sign) == GZIP_NOT_GZIP) { - warnx("File %s is not a gzip file\n", filename); - fclose(f); - free(n); - return 0; - } - n->next = *sign; - *sign = n; - - /* - * Calculate the SHA1 of the remaining data and write it to stderr. - */ - checker = new_sha1_checker(&h, *sign, NULL, NULL, filename); - if (checker) - while ((length = fread(buffer, 1, sizeof buffer, f)) > 0) - sha1_add(checker, buffer, length); - if (fclose(f) != 0 || length == -1) { - warn("Problem checksumming %s", filename); - *sign = n->next; - free(n); - return 0; - } - - (void)sha1_build_checksum(result, checker); - fputs(result, stderr); - return 1; -} - diff --git a/usr.sbin/pkg_install/sign/sign.c b/usr.sbin/pkg_install/sign/sign.c deleted file mode 100644 index 33fc351..0000000 --- a/usr.sbin/pkg_install/sign/sign.c +++ /dev/null @@ -1,150 +0,0 @@ -/* $OpenBSD: sign.c,v 1.3 1999/10/04 21:46:29 espie Exp $ */ -/*- - * Copyright (c) 1999 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Marc Espie for the OpenBSD - * Project. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "stand.h" -#include "pgp.h" -#include "gzip.h" -#include "extern.h" - -#define COPY_TEMPLATE "%s.sign" - -static int -embed_signature_FILE(orig, dest, sign, filename) - /*@temp@*/FILE *orig; - /*@temp@*/FILE *dest; - struct signature *sign; - const char *filename; -{ - struct mygzip_header h; - int c; - - if (gzip_read_header(orig, &h, NULL) == GZIP_NOT_GZIP) - return 0; - - if (gzip_write_header(dest, &h, sign) == 0) - return 0; - while ((c = fgetc(orig)) != EOF && fputc(c, dest) != EOF) - ; - if (ferror(dest) != 0) - return 0; - return 1; -} - -static int -embed_signature(filename, copy, sign) - const char *filename; - const char *copy; - struct signature *sign; -{ - FILE *orig, *dest; - int success; - - success = 0; - orig= fopen(filename, "r"); - if (orig) { - dest = fopen(copy, "w"); - if (dest) { - success = embed_signature_FILE(orig, dest, sign, filename); - if (fclose(dest) != 0) - success = 0; - } - if (fclose(orig) != 0) - success = 0; - } - return success; -} - -int -sign(filename, type, userid, envp) - const char *filename; - const char *userid; - int type; - char *envp[]; -{ - char *copy; - int result; - struct signature *sign; - int success; - - sign = NULL; - switch(type) { - case TAG_PGP: - success = retrieve_pgp_signature(filename, &sign, userid, envp); - break; - case TAG_SHA1: - success = retrieve_sha1_marker(filename, &sign, userid); - break; - case TAG_X509: - success = retrieve_x509_marker(filename, &sign, userid); - break; - default: - success = 0; - fprintf(stderr, "Unknown type %d\n", type); - } - - if (!success) { - fprintf(stderr, "Problem signing %s\n", filename); - free_signature(sign); - return 0; - } - copy = malloc(strlen(filename)+sizeof(COPY_TEMPLATE)); - if (copy == NULL) { - fprintf(stderr, "Can't allocate memory\n"); - free_signature(sign); - return 0; - } - sprintf(copy, COPY_TEMPLATE, filename); - result = embed_signature(filename, copy, sign); - if (result == 0) { - fprintf(stderr, "Can't embed signature in %s\n", filename); - } else if (unlink(filename) != 0) { - fprintf(stderr, "Can't unlink original %s\n", filename); - result = 0; - } else if (rename(copy, filename) != 0) { - fprintf(stderr, "Can't rename new file %s\n", copy); - result = 0; - } - free(copy); - free_signature(sign); - return result; -} - diff --git a/usr.sbin/pkg_install/sign/stand.c b/usr.sbin/pkg_install/sign/stand.c deleted file mode 100644 index 98e4b47..0000000 --- a/usr.sbin/pkg_install/sign/stand.c +++ /dev/null @@ -1,57 +0,0 @@ -#include -__FBSDID("$FreeBSD$"); - -#include "stand.h" - -#ifndef BSD4_4 -#include -#include -#include -#include - -/* shortened version of warn */ -static const char *program_name; - -void -set_program_name(n) - const char *n; -{ - if ((program_name = strrchr(n, '/')) != NULL) - program_name++; - else - program_name = n; -} - -void -warn(const char *fmt, ...) -{ - va_list ap; - int interrno; - - va_start(ap, fmt); - - interrno = errno; - (void)fprintf(stderr, "%s: ", program_name); - if (fmt != NULL) { - (void)vfprintf(stderr, fmt, ap); - (void)fprintf(stderr, ": "); - } - (void)fprintf(stderr, "%s\n", strerror(interrno)); - - va_end(ap); -} - -void -warnx(const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - (void)fprintf(stderr, "%s: ", program_name); - if (fmt != NULL) - (void)vfprintf(stderr, fmt, ap); - (void)fprintf(stderr, "\n"); - va_end(ap); -} - -#endif diff --git a/usr.sbin/pkg_install/sign/stand.h b/usr.sbin/pkg_install/sign/stand.h deleted file mode 100644 index d641867..0000000 --- a/usr.sbin/pkg_install/sign/stand.h +++ /dev/null @@ -1,28 +0,0 @@ -/* $FreeBSD$ */ -/* $OpenBSD: stand.h,v 1.2 1999/10/04 21:46:30 espie Exp $ */ - -/* provided to cater for BSD idiosyncrasies */ - -#if (defined(__unix__) || defined(unix)) && !defined(USG) -#include -#endif - -#ifndef __P -#ifdef __STDC__ -#define __P(x) x -#else -#define __P(x) () -#endif -#endif - -#if defined(BSD4_4) -#include -#else -extern void warn(const char *fmt, ...); -extern void warnx(const char *fmt, ...); -#endif -extern void set_program_name(const char * name); - -#ifndef __GNUC__ -#define __attribute__(x) -#endif diff --git a/usr.sbin/pkg_install/sign/x509.c b/usr.sbin/pkg_install/sign/x509.c deleted file mode 100644 index 5ecbd7c..0000000 --- a/usr.sbin/pkg_install/sign/x509.c +++ /dev/null @@ -1,428 +0,0 @@ -/*- - * Copyright (c) 2000 Softweyr LLC, South Jordan, Utah, USA. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY Softweyr LLC ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL Softweyr LLC BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "stand.h" -#include "gzip.h" -#include "extern.h" - - -/* - * Default names for the signing key and certificate(s) for verification. - */ -#define CERTFILE "/etc/ssl/pkg.crt" -#define KEYFILE "/etc/ssl/pkg.key" - - -/* - * Private context for X.509 signature checker - */ -struct x509_checker -{ - const char * id; - const char * filename; - - struct signature * signature; - - STACK_OF(X509) * certs; - EVP_MD_CTX rsa_ctx, dsa_ctx; - int has_rsa, has_dsa; -}; - - -static void key_from_name(char *, const char *); - -/* - * Initialize an X.509 "checker" context. - */ -void * -new_x509_checker(h, sign, userid, envp, filename) - struct mygzip_header *h; - struct signature *sign; - const char *userid; - char *envp[]; - /*@observer@*/const char *filename; -{ - FILE * fp; - struct x509_checker * me; - char certfile[PATH_MAX + 1] = CERTFILE; - X509 * x509; - - assert(sign->type == TAG_X509); - - /* - * Make sure data conforms to what we can handle. We do not write a - * trailing null onto the signature like some other types, because - * the X.509 signature is binary data. - */ - if (sign->length > MAXID) { - warnx("Corrupted X.509 header in %s", filename); - return 0; - } - - me = malloc(sizeof *me); - if (me == NULL) { - warn("Cannot allocate x509_checker"); - return 0; - } - me->id = sign->data; - me->filename = filename; - me->signature = sign; - me->has_rsa = 0; - me->has_dsa = 0; - - key_from_name(certfile, userkey); - - /* - * Load just the crypto library error strings. - */ - ERR_load_crypto_strings(); - - /* - * Load the stack of X.509 certs we will compare against. - * - * KLUDGE: this needs to be fleshed out a bit. We can do better - * than hard-coding the location of the cert key file. - */ - me->certs = sk_X509_new_null(); - - fp = fopen(certfile, "r"); - if (fp == NULL) { - warnx("Cannot open public key %s", certfile); - return 0; - } - - if (verbose) - printf("Loading certificates from %s:\n", certfile); - - while ((x509 = PEM_read_X509(fp, NULL, NULL, 0))) { - sk_X509_push(me->certs, x509); - - switch (EVP_PKEY_type(X509_get_pubkey(x509)->type)) - { - case EVP_PKEY_RSA: - me->has_rsa = 1; - break; - - case EVP_PKEY_DSA: - me->has_dsa = 1; - break; - - default: - warnx("Unknown certificate type: %d", EVP_PKEY_type(X509_get_pubkey(x509)->type)); - fclose(fp); - return 0; - } - - /* - * By default, print the contents of the cert we matched so the - * user can decide if she is willing to accept a package from - * whoever signed this. - */ - if (!quiet) - X509_print_fp(stdout, x509); - } - fclose(fp); - - /* - * Initialize the verification contexts for both RSA and DSA. - */ - if (me->has_rsa) EVP_VerifyInit(&me->rsa_ctx, EVP_sha1()); - if (me->has_dsa) EVP_VerifyInit(&me->dsa_ctx, EVP_dss1()); - - return me; -} - - -/* - * "Add" another data block to an existing checker. - */ -void -x509_add(arg, buffer, length) - void *arg; - const char *buffer; - size_t length; -{ - struct x509_checker * me = arg; - - if (me->has_rsa) EVP_VerifyUpdate(&me->rsa_ctx, buffer, length); - if (me->has_dsa) EVP_VerifyUpdate(&me->dsa_ctx, buffer, length); -} - - -/* - * Finalize an existing checker and verify the signature matches one of the - * certs in our stack. - */ -int -x509_sign_ok(arg) - void *arg; -{ - struct x509_checker * n = arg; - X509 * x509; - EVP_PKEY * pkey; - EVP_MD_CTX * md_ctx; - int status; - - if (verbose) - printf("\n\n-------\n\nChecking package signature:\n"); - - while ((x509 = sk_X509_pop(n->certs)) != NULL) { - /* - * Get public key from cert. - */ - pkey = X509_get_pubkey(x509); - if (pkey == NULL) { - warnx("Getting public key:"); - ERR_print_errors_fp(stderr); - continue; - } - - if (verbose) - X509_print_fp(stdout, x509); - - switch (EVP_PKEY_type(pkey->type)) - { - case EVP_PKEY_RSA: - md_ctx = &n->rsa_ctx; - break; - - case EVP_PKEY_DSA: - md_ctx = &n->dsa_ctx; - break; - - default: - warnx("Unknown public key type: %d", EVP_PKEY_type(pkey->type)); - md_ctx = NULL; - break; - } - - status = (md_ctx == NULL) ? 0 : EVP_VerifyFinal(md_ctx, - n->signature->data, - n->signature->length, - pkey); - - EVP_PKEY_free(pkey); - X509_free(x509); - - if (status == 1) { - fprintf(stderr, "X.509 signature matched\n"); - - /* - * KLUDGE: Does this free the rest of the certs, or just the - * stack itself? Enquiring minds want to know. - */ - sk_X509_free(n->certs); - return PKG_GOODSIG; - } - } - - warnx("Verifying signature:"); - ERR_print_errors_fp(stderr); - sk_X509_free(n->certs); - return PKG_BADSIG; -} - - -/* - * Sign the specified filename into sign. - */ -int -retrieve_x509_marker(filename, sign, userid) - const char * filename; - struct signature ** sign; - const char * userid; -{ - struct signature * n; - struct mygzip_header h; - FILE * f, * keyf; - char buffer[1024]; - ssize_t length; - int err; - int sig_len = 4096; - unsigned char * sig_buf; - EVP_MD_CTX md_ctx; - const EVP_MD * md_type; - EVP_PKEY * pkey; - - char keyfile[PATH_MAX + 1] = KEYFILE; - - key_from_name(keyfile, userkey); - - f = fopen(filename, "r"); - if (f == NULL) { - return 0; - } - if (gzip_read_header(f, &h, sign) == GZIP_NOT_GZIP) { - warnx("File %s is not a gzip file\n", filename); - fclose(f); - return 0; - } - - /* - * Sign the remaining data: - * Load just the crypto library error strings. - */ - ERR_load_crypto_strings(); - - /* - * Read private key. - */ - keyf = fopen(keyfile, "r"); - if (keyf == NULL) - { - warnx("Cannot open private key %s.", keyfile); - fclose(f); - return 0; - } - - pkey = PEM_read_PrivateKey(keyf, NULL, NULL, 0); - fclose(keyf); - - if (pkey == NULL) - { - warnx("Reading private key %s:", keyfile); - ERR_print_errors_fp(stderr); - return 0; - } - - /* - * Do the signature. The remaining bytes of the GZIP file are the - * compressed tar image, which is what we are signing. - */ - switch (EVP_PKEY_type(pkey->type)) - { - case EVP_PKEY_RSA: - md_type = EVP_sha1(); - break; - - case EVP_PKEY_DSA: - md_type = EVP_dss1(); - break; - - default: - warnx("Unknown key type"); - fclose(f); - return 0; - } - - EVP_SignInit(&md_ctx, md_type); - - while ((length = fread(buffer, 1, sizeof buffer, f)) > 0) - EVP_SignUpdate(&md_ctx, buffer, length); - - fclose(f); - - sig_buf = malloc(sig_len); - if (sig_buf == NULL) { - warnx("Cannot allocated %u bytes for signature buffer", sig_len); - return 0; - } - - err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey); - - if (err != 1) - { - warnx("Creating signature:"); - ERR_print_errors_fp(stderr); - return 0; - } - - EVP_PKEY_free(pkey); - - /* - * Stuff the signature onto the head of the chain of signatures in - * the package. - */ - n = malloc(sizeof *n); - if (n == NULL) { - warnx("Cannot allocate %u bytes for new signature", sizeof *n); - return 0; - } - n->data = sig_buf; - n->length = sig_len; - n->type = TAG_X509; - memcpy(n->tag, x509tag, sizeof x509tag); - sign_fill_tag(n); - n->next = *sign; - *sign = n; - - /* - * Report our success. - */ - return 1; -} - - -static void -key_from_name(char * filename, const char * ident) -{ - char * cp; - - /* - * If an alternate keyfile was specified, treat it as the name of an - * alternate private key with which to sign or verify the package. - */ - if (ident) { - printf("Using alternate key/cert \"%s\".\n", ident); - if (strchr(ident, '/')) { - /* - * The user specified a path, take it verbatim. - */ - strncpy(filename, ident, PATH_MAX); - } else { - cp = dirname(filename); - if (cp == NULL) { - warnx("Key directory not correctly specified."); - return; - } - snprintf(filename, PATH_MAX, "%s/%s", cp, ident); - } - } - - if (verbose) - printf("Key is \"%s\".\n", filename); -} -- cgit v1.1