Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [agc-netpgp-standalone] src/crypto/external/bsd/netpgp



Module Name:    src
Committed By:   agc
Date:           Sat Oct 20 04:59:54 UTC 2012

Modified Files:
        src/crypto/external/bsd/netpgp/bin/netpgp [agc-netpgp-standalone]:
            Makefile
        src/crypto/external/bsd/netpgp/bin/netpgpverify [agc-netpgp-standalone]:
            Makefile
        src/crypto/external/bsd/netpgp/bin/pgp2ssh [agc-netpgp-standalone]:
            Makefile
        src/crypto/external/bsd/netpgp/dist/include [agc-netpgp-standalone]:
            netpgp.h
        src/crypto/external/bsd/netpgp/dist/src/lib [agc-netpgp-standalone]:
            validate.c
        src/crypto/external/bsd/netpgp/dist/src/librsa [agc-netpgp-standalone]:
            rsa.c rsa.h
        src/crypto/external/bsd/netpgp/dist/src/libverify 
[agc-netpgp-standalone]:
            Makefile libnetpgpverify.3 verify.h
        src/crypto/external/bsd/netpgp/dist/src/netpgpverify 
[agc-netpgp-standalone]:
            netpgpverify.1
        src/crypto/external/bsd/netpgp/lib [agc-netpgp-standalone]: Makefile
        src/crypto/external/bsd/netpgp/lib/bn [agc-netpgp-standalone]: Makefile
            shlib_version
        src/crypto/external/bsd/netpgp/lib/cipher [agc-netpgp-standalone]:
            shlib_version
        src/crypto/external/bsd/netpgp/lib/mj [agc-netpgp-standalone]:
            shlib_version
        src/crypto/external/bsd/netpgp/lib/netpgp [agc-netpgp-standalone]:
            shlib_version
        src/crypto/external/bsd/netpgp/lib/paa [agc-netpgp-standalone]:
            shlib_version
        src/crypto/external/bsd/netpgp/lib/rsa [agc-netpgp-standalone]:
            shlib_version
        src/crypto/external/bsd/netpgp/lib/verify [agc-netpgp-standalone]:
            Makefile shlib_version
Added Files:
        src/crypto/external/bsd/netpgp/dist/src/libverify 
[agc-netpgp-standalone]:
            array.h b64.c b64.h dump.c libverify.c pgpsum.c pgpsum.h
        src/crypto/external/bsd/netpgp/dist/src/netpgpverify 
[agc-netpgp-standalone]:
            main.c
Removed Files:
        src/crypto/external/bsd/netpgp/dist/src/netpgpverify 
[agc-netpgp-standalone]:
            verify.c

Log Message:
Replace the netpgpverify command and libnetpgpverify in the
agc-netpgp-standalone branch with a completely rewritten "from the RFC
up" version designed to be small, standalone, and easy to maintain.

        % ldd bin/netpgpverify/netpgpverify
        bin/netpgpverify/netpgpverify:
                -lz.1 => /usr/lib/libz.so.1
                -lgcc_s.1 => /usr/lib/libgcc_s.so.1
                -lc.12 => /usr/lib/libc.so.12
                -lbz2.1 => /usr/lib/libbz2.so.1
                -lnetpgpverify.4 => /usr/lib/libnetpgpverify.so.4
        % ldd lib/verify/libnetpgpverify.so
        lib/verify/libnetpgpverify.so:
                -lc.12 => /usr/lib/libc.so.12
        % ls -al lib/verify/libnetpgpverify* bin/netpgpverify/netpgpverify
        -rwxr-xr-x  1 agc  agc   10502 Oct 18 20:59 
bin/netpgpverify/netpgpverify
        -rw-r--r--  1 agc  agc  159720 Oct 18 20:59 lib/verify/libnetpgpverify.a
        -rw-r--r--  1 agc  agc    4822 Oct 18 20:59 
lib/verify/libnetpgpverify.html3
        lrwxr-xr-x  1 agc  agc      22 Oct 18 20:59 
lib/verify/libnetpgpverify.so -> libnetpgpverify.so.4.0
        lrwxr-xr-x  1 agc  agc      22 Oct 18 20:59 
lib/verify/libnetpgpverify.so.4 -> libnetpgpverify.so.4.0
        -rwxr-xr-x  1 agc  agc  123069 Oct 18 20:59 
lib/verify/libnetpgpverify.so.4.0
        -rw-r--r--  1 agc  agc  169696 Oct 18 20:59 
lib/verify/libnetpgpverify_p.a
        -rw-r--r--  1 agc  agc  149968 Oct 18 20:59 
lib/verify/libnetpgpverify_pic.a
        %

("Small" here includes the full BIGNUM/mpi functionality required to
verify signatures).

Instead of using extensive callbacks for input data, which have proved
to be fragile and difficult to maintain, as well as precluding uses
elsewhere, this uses straight mmaping of input files where possible,
and falls back to reading if unavailable.

RFC 4880 makes provision for two types of data to be signed, binary
data and text, and text is subject to modification of data before the
signature is made, and is usually opaque.  The new netpgpverify(1) can
handle this, our old version could not.  DSA signatures are not yet
supported -- watch this space -- but full RSA ones, including those of
text documents like the signed NetBSD release hashes (see PR
bin/46930) are recognised and are included in the regression tests.

        % env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify < 
NetBSD-6.0_hashes.asc
        Good signature for [stdin] made Mon Oct 15 09:28:54 2012
        signature  4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
        fingerprint:  ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
        uid              NetBSD Security Officer 
<security-officer%NetBSD.org@localhost>
        encryption 4096/RSA (Encrypt or Sign) 9ff2c24fdf2ce620 2009-06-23 
[Expiry 2019-06-21]
        fingerprint:  1915 0801 fbd8 f45d 89f2 0205 9ff2 c24f df2c e620

        %

Redirection from stdin is also supported, as are multiple files, and
detached signatures.  Another interesting use is to verify the
signatures, and to retrieve the data only if a signature matches -
this was the old "--cat" command to netpgpverify(1), and it has been
brought forward into the newer version.

        % env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify -c cat det.sig | 
diff det -
        %

This is implemented as a library and a small program to call so
that it is easier to embed verification of signatures in scripting
languages, or other source code.


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/bin/netpgp/Makefile
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/bin/pgp2ssh/Makefile
cvs rdiff -u -r1.21 -r1.21.10.1 \
    src/crypto/external/bsd/netpgp/dist/include/netpgp.h
cvs rdiff -u -r1.44 -r1.44.2.1 \
    src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/dist/src/librsa/rsa.c \
    src/crypto/external/bsd/netpgp/dist/src/librsa/rsa.h
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/Makefile \
    src/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h
cvs rdiff -u -r0 -r1.1.2.1 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/array.h \
    src/crypto/external/bsd/netpgp/dist/src/libverify/b64.c \
    src/crypto/external/bsd/netpgp/dist/src/libverify/b64.h \
    src/crypto/external/bsd/netpgp/dist/src/libverify/dump.c \
    src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c \
    src/crypto/external/bsd/netpgp/dist/src/libverify/pgpsum.c \
    src/crypto/external/bsd/netpgp/dist/src/libverify/pgpsum.h
cvs rdiff -u -r0 -r1.1.2.1 \
    src/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c
cvs rdiff -u -r1.5 -r1.5.10.1 \
    src/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1
cvs rdiff -u -r1.15 -r0 \
    src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c
cvs rdiff -u -r1.13.6.1 -r1.13.6.2 \
    src/crypto/external/bsd/netpgp/lib/Makefile
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/lib/bn/Makefile \
    src/crypto/external/bsd/netpgp/lib/bn/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/lib/cipher/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/lib/mj/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/lib/netpgp/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/lib/paa/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/lib/rsa/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/lib/verify/Makefile \
    src/crypto/external/bsd/netpgp/lib/verify/shlib_version

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index