Fixing signature generation

Fixing referencing issue when writing out the signature

.gitignore

@@ -0,0 +1,9 @@
+configure
+aclocal.m4
+autom4te.cache
+build
+*/Makefile.in
+Makefile.in
+include/netpgp/config.h.in
+include/netpgp/config.h.in~
+buildaux

Makefile.am

@@ -1,3 +1,3 @@
 ## $NetBSD$
 
-SUBDIRS = include src 
+SUBDIRS = . include src

ax_check_gskssl.m4

@@ -0,0 +1,90 @@
+AU_ALIAS([CHECK_SSL], [AX_CHECK_GSKSSL])
+AC_DEFUN([AX_CHECK_GSKSSL], [
+    found=false
+    AC_ARG_WITH(gskssl,
+        AS_HELP_STRING([--with-gskssl=DIR],
+            [root of the GSK SSL directory]),
+        [
+            case "$withval" in
+            "" | y | ye | yes | n | no)
+            AC_MSG_ERROR([Invalid --with-gskssl value])
+              ;;
+            *) ssldirs="$withval"
+              ;;
+            esac
+        ], [
+            # if pkg-config is installed and gskssl has installed a .pc file,
+            # then use that information and don't search ssldirs
+            AC_PATH_PROG(PKG_CONFIG, pkg-config)
+            if test x"$PKG_CONFIG" != x""; then
+                GSKSSL_LDFLAGS=`$PKG_CONFIG gskssl --libs-only-L 2>/dev/null`
+                if test $? = 0; then
+                    GSKSSL_LIBS=`$PKG_CONFIG gskssl --libs-only-l 2>/dev/null`
+                    GSKSSL_INCLUDES=`$PKG_CONFIG gskssl --cflags-only-I 2>/dev/null`
+                    found=true
+                fi
+            fi
+
+            # no such luck; use some default ssldirs
+            if ! $found; then
+                ssldirs="/usr/lpp/gskssl /usr"
+            fi
+        ]
+        )
+
+
+    # note that we #include <gskssl/foo.h>, so the GSK SSL headers have to be in
+    # an 'gskssl' subdirectory
+
+    if ! $found; then
+        GSKSSL_INCLUDES=
+        for ssldir in $ssldirs; do
+            AC_MSG_CHECKING([for include/gskssl.h in $ssldir])
+            if test -f "$ssldir/include/gskssl.h"; then
+                if test -f "$ssldir/lib/GSKSSL.x"; then
+                    GSKSSL_INCLUDES="-I$ssldir/include"
+                    GSKSSL_LDFLAGS="-L$ssldir/lib"
+                    GSKSSL_LIBS="$ssldir/lib/GSKSSL.x $ssldir/lib/GSKCMS64.x"
+                    found=true
+                    AC_MSG_RESULT([yes])
+                fi
+                break
+            else
+                AC_MSG_RESULT([no])
+            fi
+        done
+
+        # if the file wasn't found, well, go ahead and try the link anyway -- maybe
+        # it will just work!
+    fi
+
+    # try the preprocessor and linker with our new flags,
+    # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
+
+    AC_MSG_CHECKING([whether compiling and linking against GSK SSL works])
+    echo "Trying link with GSKSSL_LDFLAGS=$GSKSSL_LDFLAGS;" \
+        "GSKSSL_LIBS=$GSKSSL_LIBS; GSKSSL_INCLUDES=$GSKSSL_INCLUDES" >&AS_MESSAGE_LOG_FD
+
+    save_LIBS="$LIBS"
+    save_LDFLAGS="$LDFLAGS"
+    save_CPPFLAGS="$CPPFLAGS"
+    LDFLAGS="$LDFLAGS $GSKSSL_LDFLAGS"
+    LIBS="$GSKSSL_LIBS $LIBS"
+    CPPFLAGS="$GSKSSL_INCLUDES $CPPFLAGS"
+    AC_LINK_IFELSE(
+        AC_LANG_PROGRAM([#include <gskssl.h>], [gsk_handle env_handle;]),
+        [
+            AC_MSG_RESULT([yes])
+            $1
+        ], [
+            AC_MSG_RESULT([no])
+            $2
+        ])
+    CPPFLAGS="$save_CPPFLAGS"
+    LDFLAGS="$save_LDFLAGS"
+    LIBS="$save_LIBS"
+
+    AC_SUBST([GSKSSL_INCLUDES])
+    AC_SUBST([GSKSSL_LIBS])
+    AC_SUBST([GSKSSL_LDFLAGS])
+])

ax_check_pkcs.m4

@@ -0,0 +1,90 @@
+AU_ALIAS([CHECK_PKCS], [AX_CHECK_PKCS])
+AC_DEFUN([AX_CHECK_PKCS], [
+    found=false
+    AC_ARG_WITH(gskssl,
+        AS_HELP_STRING([--with-gskssl=DIR],
+            [root of the GSK PKCS directory]),
+        [
+            case "$withval" in
+            "" | y | ye | yes | n | no)
+            AC_MSG_ERROR([Invalid --with-gskssl value])
+              ;;
+            *) pkcsdirs="$withval"
+              ;;
+            esac
+        ], [
+            # if pkg-config is installed and gskssl has installed a .pc file,
+            # then use that information and don't search pkcsdirs
+            AC_PATH_PROG(PKG_CONFIG, pkg-config)
+            if test x"$PKG_CONFIG" != x""; then
+                PKCS_LDFLAGS=`$PKG_CONFIG gskssl --libs-only-L 2>/dev/null`
+                if test $? = 0; then
+                    PKCS_LIBS=`$PKG_CONFIG gskssl --libs-only-l 2>/dev/null`
+                    PKCS_INCLUDES=`$PKG_CONFIG gskssl --cflags-only-I 2>/dev/null`
+                    found=true
+                fi
+            fi
+
+            # no such luck; use some default pkcsdirs
+            if ! $found; then
+                pkcsdirs="/usr/lpp/pkcs11 /usr"
+            fi
+        ]
+        )
+
+
+    # note that we #include <gskssl/foo.h>, so the GSK PKCS headers have to be in
+    # an 'gskssl' subdirectory
+
+    if ! $found; then
+        PKCS_INCLUDES=
+        for pkcsdir in $pkcsdirs; do
+            AC_MSG_CHECKING([for include/gskssl.h in $pkcsdir])
+            if test -f "$pkcsdir/include/csnpdefs.h"; then
+                if test -f "$pkcsdir/lib/CSNPCA64.x"; then
+                    PKCS_INCLUDES="-I$pkcsdir/include"
+                    PKCS_LDFLAGS="-L$pkcsdir/lib"
+                    PKCS_LIBS="$pkcsdir/lib/CSNPCA64.x"
+                    found=true
+                    AC_MSG_RESULT([yes])
+                fi
+                break
+            else
+                AC_MSG_RESULT([no])
+            fi
+        done
+
+        # if the file wasn't found, well, go ahead and try the link anyway -- maybe
+        # it will just work!
+    fi
+
+    # try the preprocessor and linker with our new flags,
+    # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
+
+    AC_MSG_CHECKING([whether compiling and linking against GSK PKCS works])
+    echo "Trying link with PKCS_LDFLAGS=$PKCS_LDFLAGS;" \
+        "PKCS_LIBS=$PKCS_LIBS; PKCS_INCLUDES=$PKCS_INCLUDES" >&AS_MESSAGE_LOG_FD
+
+    save_LIBS="$LIBS"
+    save_LDFLAGS="$LDFLAGS"
+    save_CPPFLAGS="$CPPFLAGS"
+    LDFLAGS="$LDFLAGS $PKCS_LDFLAGS"
+    LIBS="$PKCS_LIBS $LIBS"
+    CPPFLAGS="$PKCS_INCLUDES $CPPFLAGS"
+    AC_LINK_IFELSE(
+        AC_LANG_PROGRAM([#include <gskssl.h>], [gsk_handle env_handle;]),
+        [
+            AC_MSG_RESULT([yes])
+            $1
+        ], [
+            AC_MSG_RESULT([no])
+            $2
+        ])
+    CPPFLAGS="$save_CPPFLAGS"
+    LDFLAGS="$save_LDFLAGS"
+    LIBS="$save_LIBS"
+
+    AC_SUBST([PKCS_INCLUDES])
+    AC_SUBST([PKCS_LIBS])
+    AC_SUBST([PKCS_LDFLAGS])
+])

configure.ac

@@ -8,9 +8,9 @@ AC_REVISION([$Revision$])
 
 AS_SHELL_SANITIZE
 
-AC_CONFIG_SRCDIR([src/netpgp.c])
+AC_CONFIG_SRCDIR([src/main.c])
 AC_CONFIG_AUX_DIR([buildaux])
-AC_CONFIG_HEADER([src/config.h])
+AC_CONFIG_HEADER([include/netpgp/config.h])
 
 AM_INIT_AUTOMAKE([-Wall foreign])
 AM_MAINTAINER_MODE
@@ -25,6 +25,7 @@ AC_PROG_MAKE_SET
 AC_PROG_AWK
 AC_PROG_CC
 AC_PROG_INSTALL
+AM_PROG_AR
 AC_PROG_LIBTOOL
 AC_PROG_LN_S
 
@@ -42,7 +43,7 @@ AC_PROG_AR
 #
 AC_MSG_CHECKING([if using gcc])
 AS_IF([test "$GCC" = "yes"],
-      [WARNCFLAGS="-Werror -Wall -Wpointer-arith"
+      [WARNCFLAGS="-Wno-error -Wall -Wpointer-arith"
        AC_MSG_RESULT([yes; adding to CFLAGS: "$WARNCFLAGS"])],
       [WARNCFLAGS=""
        AC_MSG_RESULT([no])])
@@ -57,12 +58,21 @@ AC_HEADER_STDC
 AC_CHECK_HEADERS([CommonCrypto/CommonDigest.h])
 AC_CHECK_HEADERS([dmalloc.h direct.h errno.h fcntl.h \
                  inttypes.h limits.h malloc.h zlib.h])
-AC_CHECK_HEADERS([sys/cdefs.h sys/file.h sys/mman.h sys/param.h \
-                  sys/resource.h sys/uio.h])
-
-AC_CHECK_HEADERS([bzlib.h],
-                 [],
-                 [AC_MSG_FAILURE([missing <bzlib.h>; is bzip2 installed?])])
+AC_CHECK_HEADERS([sys/cdefs.h sys/file.h sys/mman.h\
+		  sys/resource.h sys/uio.h])
+
+platform_name=$(uname)
+AS_IF([test "$platform_name" == "OS/390"],[
+AC_MSG_NOTICE([z/OS detected... Skipping some headers])
+ZLIB_FLAG="-lzz"
+],[
+AC_CHECK_HEADERS([sys/param.h])
+AC_CHECK_HEADERS([bzlib.h], [], [
+AC_MSG_FAILURE([missing <bzlib.h>; is bzip2 installed?])
+])
+ZLIB_FLAG="-lz"
+])
+AC_SUBST([ZLIB_FLAG])
 
 # Checks for typedefs, structures, and compiler characteristics.
 #
@@ -75,16 +85,25 @@ AC_TYPE_UINT8_T
 
 # check for openssl
 m4_include([ax_check_openssl.m4])
+m4_include([ax_check_gskssl.m4])
+m4_include([ax_check_pkcs.m4])
 
-AX_CHECK_OPENSSL([LIBS="$LIBS $OPENSSL_LDFLAGS $OPENSSL_LIBS" INCLUDES="$INCLUDES $OPENSSL_INCLUDES"],
-	[AC_MSG_ERROR([Missing OpenSSL])])
+AX_CHECK_OPENSSL([LIBS="$LIBS $OPENSSL_LDFLAGS $OPENSSL_LIBS" INCLUDES="$INCLUDES $OPENSSL_INCLUDES" found_openssl="yes"],[found_openssl="no"])
+AX_CHECK_GSKSSL([LIBS="$LIBS $GSKSSL_LDFLAGS $GSKSSL_LIBS" INCLUDES="$INCLUDES $GSKSSL_INCLUDES" found_gskssl="yes"],[found_gskssl="no"])
+AX_CHECK_PKCS([LIBS="$LIBS $PKSC_LDFLAGS $PKCS_LIBS" INCLUDES="$INCLUDES $PKCS_INCLUDES" found_pkcs="yes"],[found_pkcs="no"])
+
+AS_IF([test "$found_openssl" == "no"],[AS_IF([test "$found_gskssl" == "no"],[AC_MSG_FAILURE([No suitable SSL library found])])])
 
 CPPFLAGS="$CPPFLAGS $INCLUDES"
 
+AS_IF([test "$found_openssl" == "yes" ],[
+AC_MSG_NOTICE([OpenSSL found])
+AC_DEFINE([HAVE_OPENSSL], [1], [Use OpenSSL])
+
 AC_CHECK_HEADERS([openssl/aes.h openssl/bn.h openssl/camellia.h openssl/cast.h \
 		  openssl/des.h openssl/dsa.h openssl/err.h openssl/idea.h \
 		  openssl/md5.h openssl/rand.h openssl/rsa.h openssl/sha.h \
-		  openssl/err.h openssl/sha.h])
+		  openssl/err.h openssl/sha.h openssl/ossl_typ.h])
 
 AC_CHECK_TYPES([SHA256_CTX],
                [],
@@ -102,6 +121,14 @@ AC_CHECK_TYPES([SHA256_CTX],
 #endif
 ]])
 
+])
+
+AS_IF([test "$found_gskssl" == "yes" ],[
+AC_MSG_NOTICE([GSK SSL found])
+AC_DEFINE([HAVE_GSKSSL], [1], [Use the SSL implementation from IBM])
+AC_DEFINE([OPENSSL_NO_IDEA], [1], [Explicitely disable OPENSSL IDEA])
+])
+
 # Checks for library functions.
 #
 AC_SEARCH_LIBS([gzopen], [z])

include/netpgp.h

@@ -39,27 +39,27 @@
 #  endif
 #endif
 
+#include <netpgp/config.h>
+
+#include <netpgp/keyring.h>
+
 __BEGIN_DECLS
 
 /* structure used to hold (key,value) pair information */
 typedef struct netpgp_t {
-	unsigned	  c;		/* # of elements used */
-	unsigned	  size;		/* size of array */
-	char		**name;		/* key names */
-	char		**value;	/* value information */
-	void		 *pubring;	/* public key ring */
-	void		 *secring;	/* s3kr1t key ring */
-	void		 *io;		/* the io struct for results/errs */
-	void		 *passfp;	/* file pointer for password input */
+    unsigned      c;        /* # of elements used */
+    unsigned      size;        /* size of array */
+    char        **name;        /* key names */
+    char        **value;    /* value information */
+    pgp_keyring_t *pubring;    /* public key ring */
+    pgp_keyring_t *secring;    /* s3kr1t key ring */
+    void         *io;        /* the io struct for results/errs */
 } netpgp_t;
 
 /* begin and end */
 int netpgp_init(netpgp_t *);
 int netpgp_end(netpgp_t *);
 
-const char *netpgp_get_info(const char *);
-int netpgp_list_packets(netpgp_t *, char *, int, char *);
-
 /* variables */
 int netpgp_setvar(netpgp_t *, const char *, const char *);
 char *netpgp_getvar(netpgp_t *, const char *);
@@ -77,15 +77,18 @@ char *netpgp_get_key(netpgp_t *, const char *, const char *);
 char *netpgp_export_key(netpgp_t *, char *);
 int netpgp_save_secring(netpgp_t *);
 int netpgp_save_pubring(netpgp_t *);
-int netpgp_import_key(netpgp_t *, char *);
-int netpgp_generate_key(netpgp_t *, char *, int);
-
-/* file management */
-int netpgp_encrypt_file(netpgp_t *, const char *, const char *, char *, int);
-int netpgp_decrypt_file(netpgp_t *, const char *, char *, int);
-int netpgp_sign_file(netpgp_t *, const char *, const char *, char *, int, int, int);
-int netpgp_verify_file(netpgp_t *, const char *, const char *, int);
 
+/* higher level functions */
+pgp_memory_t * netpgp_encrypt_and_sign(
+        netpgp_t *netpgp,
+        pgp_keyring_t *rcpts,
+        pgp_seckey_t *seckey,
+        const char *ptext, size_t psize,
+        int do_sign,
+        int armour
+); // encrypt and sign to multiple recipients
+
+// TODO: Implement those
 /* memory signing and encryption */
 int netpgp_sign_memory(netpgp_t *, const char *, char *, size_t, char *, size_t, const unsigned, const unsigned);
 int netpgp_verify_memory(netpgp_t *, const void *, const size_t, void *, size_t, const int);
@@ -100,9 +103,9 @@ int netpgp_format_json(void *, const char *, const int);
 
 int netpgp_validate_sigs(netpgp_t *);
 
-/* save pgp key in ssh format */
-int netpgp_write_sshkey(netpgp_t *, char *, const char *, char *, size_t);
-
+// helpers
+unsigned uint_to_string(const int8_t *src, char **str, unsigned len);
+unsigned string_to_uint(const char *str, uint8_t **fpr, size_t *length);
 
 __END_DECLS
 

include/netpgp/config.h

@@ -1,160 +0,0 @@
-//
-//  config.h
-//  netpgp
-
-#ifndef netpgp_config_h
-#define netpgp_config_h
-
-/* Define to 1 if you have the <bzlib.h> header file. */
-#define HAVE_BZLIB_H 1
-
-/* Define to 1 if you have the <CommonCrypto/CommonDigest.h> header file. */
-#define HAVE_COMMONCRYPTO_COMMONDIGEST_H 1
-
-/* Define to 1 if you have the <direct.h> header file. */
-/* #undef HAVE_DIRECT_H */
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#define HAVE_DLFCN_H 1
-
-/* Define to 1 if you have the <dmalloc.h> header file. */
-/* #undef HAVE_DMALLOC_H */
-
-/* Define to 1 if you have the <errno.h> header file. */
-#define HAVE_ERRNO_H 1
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#define HAVE_FCNTL_H 1
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#define HAVE_INTTYPES_H 1
-
-/* Define to 1 if you have the <limits.h> header file. */
-#define HAVE_LIMITS_H 1
-
-/* Define to 1 if the system has the type 'long long int'. */
-#define HAVE_LONG_LONG_INT 1
-
-/* Define to 1 if you have the <malloc.h> header file. */
-/* #undef HAVE_MALLOC_H */
-
-/* Define to 1 if you have the <memory.h> header file. */
-#define HAVE_MEMORY_H 1
-
-/* Define to 1 if you have the <openssl/aes.h> header file. */
-#define HAVE_OPENSSL_AES_H 1
-
-/* Define to 1 if you have the <openssl/bn.h> header file. */
-#define HAVE_OPENSSL_BN_H 1
-
-/* Define to 1 if you have the <openssl/camellia.h> header file. */
-/* #undef HAVE_OPENSSL_CAMELLIA_H */
-
-/* Define to 1 if you have the <openssl/cast.h> header file. */
-#define HAVE_OPENSSL_CAST_H 1
-
-/* Define to 1 if you have the <openssl/des.h> header file. */
-#define HAVE_OPENSSL_DES_H 1
-
-/* Define to 1 if you have the <openssl/dsa.h> header file. */
-#define HAVE_OPENSSL_DSA_H 1
-
-/* Define to 1 if you have the <openssl/err.h> header file. */
-#define HAVE_OPENSSL_ERR_H 1
-
-/* Define to 1 if you have the <openssl/idea.h> header file. */
-/* #undef HAVE_OPENSSL_IDEA_H */
-
-/* Define to 1 if you have the <openssl/md5.h> header file. */
-#define HAVE_OPENSSL_MD5_H 1
-
-/* Define to 1 if you have the <openssl/rand.h> header file. */
-#define HAVE_OPENSSL_RAND_H 1
-
-/* Define to 1 if you have the <openssl/rsa.h> header file. */
-#define HAVE_OPENSSL_RSA_H 1
-
-/* Define to 1 if you have the <openssl/sha.h> header file. */
-#define HAVE_OPENSSL_SHA_H 1
-
-/* Define to 1 if the system has the type `SHA256_CTX'. */
-#define HAVE_SHA256_CTX 1
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#define HAVE_STDINT_H 1
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#define HAVE_STDLIB_H 1
-
-/* Define to 1 if you have the <strings.h> header file. */
-#define HAVE_STRINGS_H 1
-
-/* Define to 1 if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define to 1 if you have the <sys/cdefs.h> header file. */
-#define HAVE_SYS_CDEFS_H 1
-
-/* Define to 1 if you have the <sys/file.h> header file. */
-#define HAVE_SYS_FILE_H 1
-
-/* Define to 1 if you have the <sys/mman.h> header file. */
-#define HAVE_SYS_MMAN_H 1
-
-/* Define to 1 if you have the <sys/param.h> header file. */
-#define HAVE_SYS_PARAM_H 1
-
-/* Define to 1 if you have the <sys/resource.h> header file. */
-#define HAVE_SYS_RESOURCE_H 1
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#define HAVE_SYS_STAT_H 1
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#define HAVE_SYS_TYPES_H 1
-
-/* Define to 1 if you have the <sys/uio.h> header file. */
-#define HAVE_SYS_UIO_H 1
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define to 1 if the system has the type 'unsigned long long int'. */
-#define HAVE_UNSIGNED_LONG_LONG_INT 1
-
-/* Define to 1 if you have the <zlib.h> header file. */
-#define HAVE_ZLIB_H 1
-
-/* Define to the sub-directory where libtool stores uninstalled libraries. */
-#define LT_OBJDIR ".libs/"
-
-/* Name of package */
-#define PACKAGE "netpgp"
-
-/* Define to the address where bug reports for this package should be sent. */
-#define PACKAGE_BUGREPORT " pEp NetPGP Team <netpgp@pep-project.org> "
-
-/* Define to the full name of this package. */
-#define PACKAGE_NAME "netpgp"
-
-/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "netpgp beta0"
-
-/* Define to the one symbol short name of this package. */
-#define PACKAGE_TARNAME "netpgp"
-
-/* Define to the home page for this package. */
-#define PACKAGE_URL ""
-
-/* Define to the version of this package. */
-#define PACKAGE_VERSION "beta0"
-
-/* Define to 1 if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Version number of package */
-#define VERSION "beta0"
-
-#define OPENSSL_NO_IDEA 1
-
-#endif

include/netpgp/create.h

@@ -65,8 +65,8 @@
  * This struct contains the required information about how to write this stream
  */
 struct pgp_output_t {
-	pgp_writer_t	 writer;
-	pgp_error_t	*errors;	/* error stack */
+    pgp_writer_t     writer;
+    pgp_error_t    *errors;    /* error stack */
 };
 
 pgp_output_t *pgp_output_new(void);
@@ -77,45 +77,47 @@ int pgp_filewrite(const char *, const char *, const size_t, const unsigned);
 void pgp_build_pubkey(pgp_memory_t *, const pgp_pubkey_t *, unsigned);
 
 unsigned pgp_calc_sesskey_checksum(pgp_pk_sesskey_t *, uint8_t *);
-unsigned pgp_write_struct_userid(pgp_output_t *, const uint8_t *);
+unsigned pgp_write_struct_userid(pgp_output_t *, const uint8_t*);
 unsigned pgp_write_ss_header(pgp_output_t *, size_t, pgp_content_enum);
-unsigned pgp_write_struct_seckey_ptag(const pgp_seckey_t *key,
-			    const uint8_t *passphrase,
-			    const size_t pplen,
-			    pgp_output_t *output,
-	            pgp_content_enum ptag);
-unsigned pgp_write_struct_seckey(const pgp_seckey_t *,
-			    const uint8_t *,
-			    const size_t,
-			    pgp_output_t *);
+
+unsigned pgp_write_struct_seckey_ptag(const pgp_seckey_t *key, pgp_output_t *output, pgp_content_enum ptag);
+unsigned pgp_write_struct_seckey(const pgp_seckey_t *, pgp_output_t *);
+
 unsigned pgp_write_struct_pubkey(pgp_output_t *, const pgp_pubkey_t *);
 unsigned pgp_write_one_pass_sig(pgp_output_t *,
-				const pgp_seckey_t *,
-				const pgp_hash_alg_t,
-				const pgp_sig_type_t);
+                const pgp_seckey_t *,
+                const pgp_hash_alg_t,
+                const pgp_sig_type_t);
 unsigned pgp_write_litdata(pgp_output_t *, 
-				const uint8_t *,
-				const int,
-				const pgp_litdata_enum);
+                const uint8_t *,
+                const int,
+                const pgp_litdata_enum);
 pgp_pk_sesskey_t *pgp_create_pk_sesskey(pgp_key_t *, const char *, pgp_pk_sesskey_t *);
 unsigned pgp_write_pk_sesskey(pgp_output_t *, pgp_pk_sesskey_t *);
-unsigned pgp_write_xfer_key(pgp_output_t *output,
+
+unsigned pgp_write_xfer_key(
+            pgp_output_t *output,
             const pgp_key_t *key,
-            const unsigned armoured);
+            const unsigned armoured
+);
 
 void pgp_fast_create_userid(uint8_t **, uint8_t *);
-unsigned pgp_write_userid(const uint8_t *, pgp_output_t *);
+unsigned pgp_write_userid(const uint8_t*, pgp_output_t *);
+
+#ifdef HAVE_OPENSSL
 void pgp_fast_create_rsa_pubkey(pgp_pubkey_t *, time_t, BIGNUM *, BIGNUM *);
+
 unsigned pgp_write_rsa_pubkey(time_t, const BIGNUM *, const BIGNUM *,
-				pgp_output_t *);
+                pgp_output_t *);
+
 void pgp_fast_create_rsa_seckey(pgp_seckey_t *, time_t, BIGNUM *,
-				BIGNUM *, BIGNUM *, BIGNUM *,
-				BIGNUM *, BIGNUM *);
+                BIGNUM *, BIGNUM *, BIGNUM *,
+                BIGNUM *, BIGNUM *);
+#endif
+
 unsigned encode_m_buf(const uint8_t *, size_t, const pgp_pubkey_t *,
-				uint8_t *);
+                uint8_t *);
 unsigned pgp_fileread_litdata(const char *, const pgp_litdata_enum,
-				pgp_output_t *);
-unsigned pgp_write_symm_enc_data(const uint8_t *, const int,
-				pgp_output_t *);
+                pgp_output_t *);
 
 #endif /* CREATE_H_ */

include/netpgp/crypto.h

@@ -53,62 +53,88 @@
 #ifndef CRYPTO_H_
 #define CRYPTO_H_
 
+#include <netpgp/config.h>
+
 #include "keyring.h"
 #include "packet.h"
 #include "memory.h"
 #include "packet-parse.h"
 
+#ifdef HAVE_OPENSSL_DSA_H
 #include <openssl/dsa.h>
+#endif
+
+#ifdef HAVE_GSKSSL
+#include <gskcms.h>
+#include <csfbext.h>
+#include <csnpdefs.h>
+#endif
+
+#define PGP_MIN_HASH_SIZE    16
 
-#define PGP_MIN_HASH_SIZE	16
+#if defined(HAVE_GSKSSL)
+unsigned gsk_num_bits ( const gsk_buffer *bn );
+#endif
 
 /** pgp_hash_t */
 struct pgp_hash_t {
-	pgp_hash_alg_t		 alg;		/* algorithm */
-	size_t			 size;		/* size */
-	const char		*name;		/* what it's known as */
-	int			(*init)(pgp_hash_t *);
-	void			(*add)(pgp_hash_t *, const uint8_t *, unsigned);
-	unsigned		(*finish)(pgp_hash_t *, uint8_t *);
-	void		 	*data;		/* blob for data */
+    pgp_hash_alg_t         alg;        /* algorithm */
+    size_t             size;        /* size */
+    const char        *name;        /* what it's known as */
+    int            (*init)(pgp_hash_t *);
+    void            (*add)(pgp_hash_t *, const uint8_t *, unsigned);
+    unsigned        (*finish)(pgp_hash_t *, uint8_t *);
+#if defined(HAVE_OPENSSL)
+    void             *data;        /* blob for data */
+#elif defined(HAVE_GSKSSL)
+    CK_SESSION_HANDLE *session;
+#endif
 };
 
 /** pgp_crypt_t */
 struct pgp_crypt_t {
-	pgp_symm_alg_t	alg;
-	size_t			blocksize;
-	size_t			keysize;
-	void 			(*set_iv)(pgp_crypt_t *, const uint8_t *);
-	void			(*set_crypt_key)(pgp_crypt_t *, const uint8_t *);
-	int			(*base_init)(pgp_crypt_t *);
-	void			(*decrypt_resync)(pgp_crypt_t *);
-	/* encrypt/decrypt one block */
-	void			(*block_encrypt)(pgp_crypt_t *, void *, const void *);
-	void			(*block_decrypt)(pgp_crypt_t *, void *, const void *);
-	/* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */
-	void 			(*cfb_encrypt)(pgp_crypt_t *, void *, const void *, size_t);
-	void			(*cfb_decrypt)(pgp_crypt_t *, void *, const void *, size_t);
-	void			(*decrypt_finish)(pgp_crypt_t *);
-	uint8_t			iv[PGP_MAX_BLOCK_SIZE];
-	uint8_t			civ[PGP_MAX_BLOCK_SIZE];
-	uint8_t			siv[PGP_MAX_BLOCK_SIZE];
-		/* siv is needed for weird v3 resync */
-	uint8_t			key[PGP_MAX_KEY_SIZE];
-	int			num;
-		/* num is offset - see openssl _encrypt doco */
-	void			*encrypt_key;
-	void			*decrypt_key;
+    pgp_symm_alg_t    alg;
+    size_t            blocksize;
+    size_t            keysize;
+    void             (*set_iv)(pgp_crypt_t *, const uint8_t *);
+    void            (*set_crypt_key)(pgp_crypt_t *, const uint8_t *);
+    int            (*base_init)(pgp_crypt_t *);
+    void            (*decrypt_resync)(pgp_crypt_t *);
+    /* encrypt/decrypt one block */
+    void            (*block_encrypt)(pgp_crypt_t *, void *, const void *);
+    void            (*block_decrypt)(pgp_crypt_t *, void *, const void *);
+    /* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */
+    void             (*cfb_encrypt)(pgp_crypt_t *, void *, const void *, size_t);
+    void            (*cfb_decrypt)(pgp_crypt_t *, void *, const void *, size_t);
+    void            (*decrypt_finish)(pgp_crypt_t *);
+    uint8_t            iv[PGP_MAX_BLOCK_SIZE];
+    uint8_t            civ[PGP_MAX_BLOCK_SIZE];
+    uint8_t            siv[PGP_MAX_BLOCK_SIZE];
+    /* siv is needed for weird v3 resync */
+    uint8_t            key[PGP_MAX_KEY_SIZE];
+    int            num;
+#if defined(HAVE_OPENSSL)
+    /* num is offset - see openssl _encrypt doco */
+    void            *encrypt_key;
+    void            *decrypt_key;
+#elif defined(HAVE_GSKSSL)
+    CK_SESSION_HANDLE session;
+    CK_MECHANISM mechanism;
+    CK_KEY_TYPE keyType;
+    CK_OBJECT_HANDLE encrypt_key;
+    CK_OBJECT_HANDLE decrypt_key;
+#endif
 };
 
 typedef struct pgp_validation_t {
-	unsigned		 validc;
-	pgp_sig_info_t	*valid_sigs;
-	unsigned		 invalidc;
-	pgp_sig_info_t	*invalid_sigs;
-	unsigned		 unknownc;
-	pgp_sig_info_t	*unknown_sigs;
-	time_t			 birthtime;
-	time_t			 duration;
+    unsigned         validc;
+    pgp_sig_info_t    *valid_sigs;
+    unsigned         invalidc;
+    pgp_sig_info_t    *invalid_sigs;
+    unsigned         unknownc;
+    pgp_sig_info_t    *unknown_sigs;
+    time_t             birthtime;
+    time_t             duration;
 } pgp_validation_t;
 
 void pgp_crypto_finish(void);
@@ -127,18 +153,18 @@ unsigned pgp_hash(uint8_t *, pgp_hash_alg_t, const void *, size_t);
 void pgp_hash_add_int(pgp_hash_t *, unsigned, unsigned);
 
 unsigned pgp_dsa_verify(const uint8_t *, size_t,
-			const pgp_dsa_sig_t *,
-			const pgp_dsa_pubkey_t *);
+            const pgp_dsa_sig_t *,
+            const pgp_dsa_pubkey_t *);
 
 int pgp_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t,
-			const pgp_rsa_pubkey_t *);
+            const pgp_rsa_pubkey_t *);
 int pgp_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t,
-			const pgp_rsa_pubkey_t *);
+            const pgp_rsa_pubkey_t *);
 
 int pgp_rsa_private_encrypt(uint8_t *, const uint8_t *, size_t,
-			const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *);
+            const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *);
 int pgp_rsa_private_decrypt(uint8_t *, const uint8_t *, size_t,
-			const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *);
+            const pgp_rsa_seckey_t *, const pgp_rsa_pubkey_t *);
 int pgp_rsa_private_check(const pgp_seckey_t *seckey);
 int pgp_dsa_private_check(const pgp_dsa_seckey_t *seckey);
 int pgp_elgamal_private_check(const pgp_elgamal_seckey_t *seckey);
@@ -146,16 +172,16 @@ int pgp_elgamal_private_check(const pgp_elgamal_seckey_t *seckey);
 
 
 int pgp_elgamal_public_encrypt(uint8_t *, uint8_t *, const uint8_t *, size_t,
-			const pgp_elgamal_pubkey_t *);
+            const pgp_elgamal_pubkey_t *);
 int pgp_elgamal_private_decrypt(uint8_t *, const uint8_t *, const uint8_t *, size_t,
-			const pgp_elgamal_seckey_t *, const pgp_elgamal_pubkey_t *);
+            const pgp_elgamal_seckey_t *, const pgp_elgamal_pubkey_t *);
 
 pgp_symm_alg_t pgp_str_to_cipher(const char *);
 unsigned pgp_block_size(pgp_symm_alg_t);
 unsigned pgp_key_size(pgp_symm_alg_t);
 
 int pgp_decrypt_data(pgp_content_enum, pgp_region_t *,
-			pgp_stream_t *);
+            pgp_stream_t *);
 
 int pgp_crypt_any(pgp_crypt_t *, pgp_symm_alg_t);
 void pgp_decrypt_init(pgp_crypt_t *);
@@ -167,107 +193,107 @@ size_t pgp_encrypt_se_ip(pgp_crypt_t *, void *, const void *, size_t);
 unsigned pgp_is_sa_supported(pgp_symm_alg_t);
 
 void pgp_reader_push_decrypt(pgp_stream_t *, pgp_crypt_t *,
-			pgp_region_t *);
+            pgp_region_t *);
 void pgp_reader_pop_decrypt(pgp_stream_t *);
 
 /* Hash everything that's read */
 void pgp_reader_push_hash(pgp_stream_t *, pgp_hash_t *);
 void pgp_reader_pop_hash(pgp_stream_t *);
 
+#if defined(HAVE_OPENSSL)
 int pgp_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *,
-			const BIGNUM *, const pgp_seckey_t *);
+            const BIGNUM *, const pgp_seckey_t *);
+#elif defined(HAVE_GSKSSL)
+int pgp_decrypt_decode_mpi(uint8_t *, unsigned, const gsk_buffer*,
+            const gsk_buffer*, const pgp_seckey_t *);
+#endif
+
 
 unsigned pgp_rsa_encrypt_mpi(const uint8_t *, const size_t,
-			const pgp_pubkey_t *,
-			pgp_pk_sesskey_params_t *);
+            const pgp_pubkey_t *,
+            pgp_pk_sesskey_params_t *);
 unsigned pgp_elgamal_encrypt_mpi(const uint8_t *, const size_t,
-			const pgp_pubkey_t *,
-			pgp_pk_sesskey_params_t *);
+            const pgp_pubkey_t *,
+            pgp_pk_sesskey_params_t *);
 
 /* Encrypt everything that's written */
 struct pgp_key_data;
 void pgp_writer_push_encrypt(pgp_output_t *,
-			const struct pgp_key_data *);
-
-unsigned   pgp_encrypt_file(pgp_io_t *, const char *, const char *,
-			const pgp_key_t *,
-			const unsigned, const unsigned, const char *);
-unsigned   pgp_decrypt_file(pgp_io_t *,
-			const char *,
-			const char *,
-			pgp_keyring_t *,
-			pgp_keyring_t *,
-			const unsigned,
-			const unsigned,
-			const unsigned,
-			void *,
-			int,
-			pgp_cbfunc_t *);
+            const struct pgp_key_data *);
 
 pgp_memory_t *
-pgp_encrypt_buf(pgp_io_t *, const void *, const size_t,
-			const pgp_keyring_t *,
-			const unsigned, const char *, unsigned);
+pgp_encrypt_buf(
+            pgp_io_t *,
+            const void *,
+            const size_t,
+            const pgp_keyring_t *,
+            const unsigned,
+            const char *,
+            unsigned);
+
 pgp_memory_t *
-pgp_decrypt_buf(pgp_io_t *,
-			const void *,
-			const size_t,
-			pgp_keyring_t *,
-			pgp_keyring_t *,
-			const unsigned,
-			const unsigned,
-			void *,
-			int,
-			pgp_cbfunc_t *);
+pgp_decrypt_and_validate_buf(
+            netpgp_t *netpgp,
+            pgp_validation_t *result,
+            const void *input,
+            const size_t insize,
+            pgp_keyring_t *secring,
+            pgp_keyring_t *pubring,
+            const unsigned use_armour,
+            key_id_t **recipients_key_ids,
+            unsigned *recipients_count
+            );
 
 pgp_memory_t *
-pgp_decrypt_and_validate_buf(pgp_io_t *io,
-			pgp_validation_t *result,
-			const void *input,
-			const size_t insize,
-			pgp_keyring_t *secring,
-			pgp_keyring_t *pubring,
-			const unsigned use_armour,
+pgp_validate_buf(
+            netpgp_t *netpgp,
+            pgp_validation_t *result,
+            const void *input,
+            const size_t insize,
+            //pgp_keyring_t *secring,
+            //pgp_keyring_t *pubring,
+            const unsigned use_armour,
             key_id_t **recipients_key_ids,
-            unsigned *recipients_count);
+            unsigned *recipients_count
+            );
 
 /* Keys */
 pgp_key_t  *pgp_rsa_new_selfsign_key(const int,
-			const unsigned long, uint8_t *, const char *,
-			const char *);
+            const unsigned long, uint8_t *, const char *,
+            const char *);
 
 unsigned    pgp_rsa_generate_keypair(pgp_key_t *,
-			const int,
-			const unsigned long,
-			const char *,
-			const char *,
+            const int,
+            const unsigned long,
+            const char *,
+            const char *,
             const uint8_t *,
             const size_t);
 
 int pgp_dsa_size(const pgp_dsa_pubkey_t *);
 pgp_dsa_sig_t *pgp_dsa_sign(uint8_t *, unsigned,
-				const pgp_dsa_seckey_t *,
-				const pgp_dsa_pubkey_t *);
+                const pgp_dsa_seckey_t *,
+                const pgp_dsa_pubkey_t *);
 
 /** pgp_reader_t */
 struct pgp_reader_t {
-	pgp_reader_func_t	*reader; /* reader func to get parse data */
-	pgp_reader_destroyer_t	*destroyer;
-	void			*arg;	/* args to pass to reader function */
-	unsigned		 accumulate:1;	/* set to gather packet data */
-	uint8_t			*accumulated;	/* the accumulated data */
-	unsigned		 asize;	/* size of the buffer */
-	unsigned		 alength;/* used buffer */
-	unsigned		 position;	/* reader-specific offset */
-	pgp_reader_t		*next;
-	pgp_stream_t		*parent;/* parent parse_info structure */
+    pgp_reader_func_t    *reader; /* reader func to get parse data */
+    pgp_reader_destroyer_t    *destroyer;
+    void            *arg;    /* args to pass to reader function */
+    unsigned         accumulate:1;    /* set to gather packet data */
+    uint8_t            *accumulated;    /* the accumulated data */
+    unsigned         asize;    /* size of the buffer */
+    unsigned         alength;/* used buffer */
+    unsigned         position;    /* reader-specific offset */
+    pgp_reader_t        *next;
+    pgp_stream_t        *parent;/* parent parse_info structure */
     
-    unsigned		 partial_read:1;
-    unsigned		 coalescing:1;
+    unsigned         partial_read:1;
+    unsigned         coalescing:1;
     /* used for partial length coalescing */
-    unsigned		 virtualc;
-    unsigned		 virtualoff;
-    uint8_t			*virtualpkt;
+    unsigned         virtualc;
+    unsigned         virtualoff;
+    uint8_t            *virtualpkt;
 };
 
 
@@ -275,37 +301,33 @@ struct pgp_reader_t {
  Encrypt/decrypt settings
 */
 struct pgp_cryptinfo_t {
-	char			*passphrase;
-	pgp_keyring_t		*secring;
-    pgp_key_t		*keydata;
-	pgp_cbfunc_t		*getpassphrase;
-	pgp_keyring_t		*pubring;
-	DYNARRAY(key_id_t, recipients_key_ids);
+    char            *passphrase;
+    pgp_keyring_t        *secring;
+    pgp_key_t        *keydata;
+    pgp_keyring_t        *pubring;
+    DYNARRAY(key_id_t, recipients_key_ids);
 };
 
 /** pgp_cbdata_t */
 struct pgp_cbdata_t {
-	pgp_cbfunc_t		*cbfunc;	/* callback function */
-	void			*arg;	/* args to pass to callback func */
-	pgp_error_t		**errors; /* address of error stack */
-	pgp_cbdata_t		*next;
-	pgp_output_t		*output;	/* when writing out parsed info */
-	pgp_io_t		*io;		/* error/output messages */
-	void			*passfp;	/* fp for passphrase input */
-	pgp_cryptinfo_t		 cryptinfo;	/* used when decrypting */
-	pgp_printstate_t	 printstate;	/* used to keep printing state */
-	pgp_seckey_t		*sshseckey;	/* secret key for ssh */
-	int			 numtries;	/* # of passphrase attempts */
-	int			 gotpass;	/* when passphrase entered */
+    pgp_cbfunc_t        *cbfunc;    /* callback function */
+    void            *arg;    /* args to pass to callback func */
+    pgp_error_t        **errors; /* address of error stack */
+    pgp_cbdata_t        *next;
+    pgp_output_t        *output;    /* when writing out parsed info */
+    pgp_io_t        *io;        /* error/output messages */
+    pgp_cryptinfo_t         cryptinfo;    /* used when decrypting */
+    pgp_printstate_t     printstate;    /* used to keep printing state */
+    char *passphrase;
 };
 
 /** pgp_hashtype_t */
 typedef struct {
-	pgp_hash_t	hash;	/* hashes we should hash data with */
-	uint8_t	keyid[PGP_KEY_ID_SIZE];
+    pgp_hash_t    hash;    /* hashes we should hash data with */
+    uint8_t    keyid[PGP_KEY_ID_SIZE];
 } pgp_hashtype_t;
 
-#define NTAGS	0x100	/* == 256 */
+#define NTAGS    0x100    /* == 256 */
 
 /** \brief Structure to hold information about a packet parse.
  *
@@ -330,21 +352,21 @@ typedef struct {
  */
 
 struct pgp_stream_t {
-	uint8_t		 	ss_raw[NTAGS / 8];
-		/* 1 bit / sig-subpkt type; set to get raw data */
-	uint8_t		 	ss_parsed[NTAGS / 8];
-		/* 1 bit / sig-subpkt type; set to get parsed data */
-	pgp_reader_t	 	 readinfo;
-	pgp_cbdata_t		 cbinfo;
-	pgp_error_t		*errors;
-	void			*io;		/* io streams */
-	pgp_crypt_t		 decrypt;
-	pgp_cryptinfo_t		 cryptinfo;
-	size_t			 hashc;
-	pgp_hashtype_t		*hashes;
-	//unsigned		 reading_v3_secret:1;
-	//unsigned		 reading_mpi_len:1;
-	//unsigned		 exact_read:1;
+    uint8_t             ss_raw[NTAGS / 8];
+        /* 1 bit / sig-subpkt type; set to get raw data */
+    uint8_t             ss_parsed[NTAGS / 8];
+        /* 1 bit / sig-subpkt type; set to get parsed data */
+    pgp_reader_t          readinfo;
+    pgp_cbdata_t         cbinfo;
+    pgp_error_t        *errors;
+    void            *io;        /* io streams */
+    pgp_crypt_t         decrypt;
+    pgp_cryptinfo_t         cryptinfo;
+    size_t             hashc;
+    pgp_hashtype_t        *hashes;
+    //unsigned         reading_v3_secret:1;
+    //unsigned         reading_mpi_len:1;
+    //unsigned         exact_read:1;
 
 };
 

include/netpgp/defs.h

@@ -32,7 +32,9 @@
 #define DEFS_H_
 
 #include <sys/types.h>
+#ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
+#endif
 
 #ifdef HAVE_INTTYPES_H
 #include <inttypes.h>

include/netpgp/getopt.h

@@ -0,0 +1,130 @@
+/* Declarations for getopt.
+Copyright (C) 1989-2016 Free Software Foundation, Inc.
+
+NOTE: The canonical source of this file is maintained with the GNU C Library.
+Bugs can be reported to bug-glibc@gnu.org.
+
+GNU Make is free software; you can redistribute it and/or modify it under the
+terms of the GNU General Public License as published by the Free Software
+Foundation; either version 3 of the License, or (at your option) any later
+version.
+
+GNU Make is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with
+this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#ifndef _GETOPT_H
+#define _GETOPT_H 1
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+/* For communication from `getopt' to the caller.
+   When `getopt' finds an option that takes an argument,
+   the argument value is returned here.
+   Also, when `ordering' is RETURN_IN_ORDER,
+   each non-option ARGV-element is returned here.  */
+
+extern char *optarg;
+
+/* Index in ARGV of the next element to be scanned.
+   This is used for communication to and from the caller
+   and for communication between successive calls to `getopt'.
+
+   On entry to `getopt', zero means this is the first call; initialize.
+
+   When `getopt' returns -1, this is the index of the first of the
+   non-option elements that the caller should itself scan.
+
+   Otherwise, `optind' communicates from one call to the next
+   how much of ARGV has been scanned so far.  */
+
+extern int optind;
+
+/* Callers store zero here to inhibit the error message `getopt' prints
+   for unrecognized options.  */
+
+extern int opterr;
+
+/* Set to an option character which was unrecognized.  */
+
+extern int optopt;
+
+/* Describe the long-named options requested by the application.
+   The LONG_OPTIONS argument to getopt_long or getopt_long_only is a vector
+   of `struct option' terminated by an element containing a name which is
+   zero.
+
+   The field `has_arg' is:
+   no_argument		(or 0) if the option does not take an argument,
+   required_argument	(or 1) if the option requires an argument,
+   optional_argument 	(or 2) if the option takes an optional argument.
+
+   If the field `flag' is not NULL, it points to a variable that is set
+   to the value given in the field `val' when the option is found, but
+   left unchanged if the option is not found.
+
+   To have a long-named option do something other than set an `int' to
+   a compiled-in constant, such as set a value from `optarg', set the
+   option's `flag' field to zero and its `val' field to a nonzero
+   value (the equivalent single-letter option character, if there is
+   one).  For long options that have a zero `flag' field, `getopt'
+   returns the contents of the `val' field.  */
+
+struct option
+{
+#if defined (__STDC__) && __STDC__
+  const char *name;
+#else
+  char *name;
+#endif
+  /* has_arg can't be an enum because some compilers complain about
+     type mismatches in all the code that assumes it is an int.  */
+  int has_arg;
+  int *flag;
+  int val;
+};
+
+/* Names for the values of the `has_arg' field of `struct option'.  */
+
+#define	no_argument		0
+#define required_argument	1
+#define optional_argument	2
+
+#if defined (__STDC__) && __STDC__
+#ifdef __GNU_LIBRARY__
+/* Many other libraries have conflicting prototypes for getopt, with
+   differences in the consts, in stdlib.h.  To avoid compilation
+   errors, only prototype getopt for the GNU C library.  */
+extern int getopt (int argc, char *const *argv, const char *shortopts);
+#else /* not __GNU_LIBRARY__ */
+extern int getopt ();
+#endif /* __GNU_LIBRARY__ */
+extern int getopt_long (int argc, char *const *argv, const char *shortopts,
+		        const struct option *longopts, int *longind);
+extern int getopt_long_only (int argc, char *const *argv,
+			     const char *shortopts,
+		             const struct option *longopts, int *longind);
+
+/* Internal only.  Users should not call this directly.  */
+extern int _getopt_internal (int argc, char *const *argv,
+			     const char *shortopts,
+		             const struct option *longopts, int *longind,
+			     int long_only);
+#else /* not __STDC__ */
+extern int getopt ();
+extern int getopt_long ();
+extern int getopt_long_only ();
+
+extern int _getopt_internal ();
+#endif /* __STDC__ */
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif /* getopt.h */

include/netpgp/gettext.h

@@ -0,0 +1,57 @@
+/* Convenience header for conditional use of GNU <libintl.h>.
+Copyright (C) 1995-2016 Free Software Foundation, Inc.
+This file is part of GNU Make.
+
+GNU Make is free software; you can redistribute it and/or modify it under the
+terms of the GNU General Public License as published by the Free Software
+Foundation; either version 3 of the License, or (at your option) any later
+version.
+
+GNU Make is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with
+this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#ifndef _LIBGETTEXT_H
+#define _LIBGETTEXT_H 1
+
+/* NLS can be disabled through the configure --disable-nls option.  */
+#if ENABLE_NLS
+
+/* Get declarations of GNU message catalog functions.  */
+# include <libintl.h>
+
+#else
+
+/* Disabled NLS.
+   The casts to 'const char *' serve the purpose of producing warnings
+   for invalid uses of the value returned from these functions.
+   On pre-ANSI systems without 'const', the config.h file is supposed to
+   contain "#define const".  */
+# define gettext(Msgid) ((const char *) (Msgid))
+# define dgettext(Domainname, Msgid) ((const char *) (Msgid))
+# define dcgettext(Domainname, Msgid, Category) ((const char *) (Msgid))
+# define ngettext(Msgid1, Msgid2, N) \
+    ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
+# define dngettext(Domainname, Msgid1, Msgid2, N) \
+    ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
+# define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \
+    ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
+# define textdomain(Domainname) ((const char *) (Domainname))
+# define bindtextdomain(Domainname, Dirname) ((const char *) (Dirname))
+# define bind_textdomain_codeset(Domainname, Codeset) ((const char *) (Codeset))
+
+#endif
+
+/* A pseudo function call that serves as a marker for the automated
+   extraction of messages, but does not call gettext().  The run-time
+   translation is done at a different place in the code.
+   The argument, String, should be a literal string.  Concatenated strings
+   and other string expressions won't work.
+   The macro's expansion is not parenthesized, so that it is suitable as
+   initializer for static 'char[]' or 'const char[]' variables.  */
+#define gettext_noop(String) String
+
+#endif /* _LIBGETTEXT_H */

include/netpgp/gskssl_glue.h

@@ -0,0 +1,33 @@
+#ifndef _GSKSSL_GLUE_H
+#define _GSKSSL_GLUE_H
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <csnpdefs.h>
+#include <gskcms.h>
+#include <csfbext.h>
+#include <dlfcn.h>
+
+#define CAST_KEY_LENGTH 16
+#define SHA_DIGEST_LENGTH 20
+#define SHA224_DIGEST_LENGTH 28
+#define MAXPATHLEN _POSIX_PATH_MAX
+#define SHA384_DIGEST_LENGTH 48
+#define MD5_DIGEST_LENGTH 16
+#define AES_BLOCK_SIZE 16
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAST_BLOCK 8
+#define IDEA_BLOCK 8
+#define IDEA_KEY_LENGTH 16
+#define KEYBITS_AES128 128
+#define KEYBITS_AES256 256
+#define KEYBITS_CAMELLIA128 128
+#define KEYBITS_CAMELLIA256 256
+
+CK_FUNCTION_LIST *funcs;
+
+CK_RV getSession(CK_SESSION_HANDLE *session);
+CK_RV getFunctionList(void);
+
+#endif

include/netpgp/keyring.h

@@ -53,9 +53,9 @@
 #ifndef KEYRING_H_
 #define KEYRING_H_
 
-#include "packet.h"
-#include "packet-parse.h"
-#include "memory.h"
+#include <netpgp/packet.h>
+#include <netpgp/packet-parse.h>
+#include <netpgp/memory.h>
 
 enum {
 	MAX_ID_LENGTH		= 128,
@@ -111,21 +111,27 @@ pgp_pubkey_t *pgp_key_get_pubkey(pgp_key_t *);
 unsigned   pgp_is_key_secret(pgp_key_t *);
 pgp_seckey_t *pgp_get_seckey(pgp_key_t *);
 pgp_seckey_t *pgp_get_writable_seckey(pgp_key_t *);
-// pgp_seckey_t *pgp_decrypt_seckey(const pgp_key_t *, void *);
+pgp_seckey_t *pgp_decrypt_seckey(const pgp_key_t *, char *);
+
+typedef struct netpgp_t netpgp_t;
 
 unsigned 
-pgp_keyring_fileread(pgp_io_t *io,
+pgp_keyring_fileread(
+            netpgp_t *netpgp,
             pgp_keyring_t *pubring,
             pgp_keyring_t *secring,
 			const unsigned armour,
 			const char *filename);
 
 unsigned 
-pgp_keyring_read_from_mem(pgp_io_t *io,
+pgp_keyring_read_from_mem(
+            netpgp_t *netpgp,
             pgp_keyring_t *pubring,
             pgp_keyring_t *secring,
             const unsigned armour,
-            pgp_memory_t *mem);
+            pgp_memory_t *mem,
+            const int import
+);
 
 int pgp_keyring_list(pgp_io_t *, const pgp_keyring_t *, const int);
 
@@ -144,6 +150,7 @@ unsigned pgp_update_userid(
 //                                        const pgp_subpacket_t *,
 //                                        unsigned );
 
+
 unsigned pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_t *userid, time_t duration);
 
 pgp_key_t  *pgp_keydata_new(void);
@@ -171,7 +178,6 @@ unsigned pgp_update_subkey(
         pgp_keydata_key_t *subkey,
         const pgp_subpacket_t *sigpkt,
         pgp_sig_info_t *siginfo);
-// int pgp_add_to_secring(pgp_keyring_t *, const pgp_seckey_t *);
 
 int pgp_append_keyring(pgp_keyring_t *, pgp_keyring_t *);
 

include/netpgp/netpgpdefs.h

@@ -29,6 +29,11 @@
 #ifndef NETPGPDEFS_H_
 #define NETPGPDEFS_H_	1
 
+#include <netpgp/config.h>
+
+#include <stdio.h>
+#include <limits.h>
+
 #define PRItime		"ll"
 
 #ifdef WIN32
@@ -65,4 +70,13 @@ void		*pgp_new(size_t);
 	}								\
 } while(/* CONSTCOND */0)
 
+#ifdef HAVE_GSKSSL
+#define CAST_KEY_LENGTH 16
+#define SHA_DIGEST_LENGTH 20
+#define SHA224_DIGEST_LENGTH 28
+#define MAXPATHLEN _POSIX_PATH_MAX
+#define SHA384_DIGEST_LENGTH 48
+#define MD5_DIGEST_LENGTH 16
+#endif
+
 #endif /* !NETPGPDEFS_H_ */

include/netpgp/netpgpdigest.h

@@ -37,6 +37,9 @@
 
 #ifdef HAVE_OPENSSL_SHA_H
 #include <openssl/sha.h>
+#else
+#define SHA256_DIGEST_LENGTH 32
+#define SHA512_DIGEST_LENGTH 64
 #endif
 
 /* Apple */

include/netpgp/netpgpsdk.h

@@ -41,9 +41,7 @@
 void            pgp_validate_result_free(pgp_validation_t *);
 
 unsigned
-pgp_validate_all_sigs(pgp_validation_t *,
-		const pgp_keyring_t *,
-		pgp_cb_ret_t cb(const pgp_packet_t *, pgp_cbdata_t *));
+pgp_validate_all_sigs(pgp_validation_t *, const pgp_keyring_t *, pgp_cb_ret_t cb(const pgp_packet_t *, pgp_cbdata_t *));
 
 unsigned   pgp_check_sig(const uint8_t *,
 		unsigned, const pgp_sig_t *, const pgp_pubkey_t *);

include/netpgp/packet-parse.h

@@ -134,7 +134,7 @@ pgp_cb_ret_t pgp_stacked_callback(const pgp_packet_t *,
 					pgp_cbdata_t *);
 pgp_reader_t *pgp_readinfo(pgp_stream_t *);
 
-int pgp_parse(pgp_stream_t *, const int);
+int pgp_parse(pgp_stream_t *, const int, const int);
 
 /** Used to specify whether subpackets should be returned raw, parsed
 * or ignored.  */

include/netpgp/readerwriter.h

@@ -55,7 +55,7 @@
 #include "memory.h"
 
 /* if this is defined, we'll use mmap in preference to file ops */
-#define USE_MMAP_FOR_FILES      1
+#define USE_MMAP_FOR_FILES 1
 
 void pgp_reader_set_fd(pgp_stream_t *, int);
 void pgp_reader_set_mmap(pgp_stream_t *, int);