Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp Update netpgpverify sources in ba...
details: https://anonhg.NetBSD.org/src/rev/5034121bf992
branches: trunk
changeset: 353025:5034121bf992
user: agc <agc%NetBSD.org@localhost>
date: Mon Apr 17 19:50:27 2017 +0000
description:
Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring
over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):
Changes:
Update netpgpverify (and libnetpgpverify) to 20160614
+ handle signatures created by gpg with "--no-emit-version", don't assume
there will always be a version string.
+ add a test for above
Fixes security PR 51240.
Thanks to xnox%ubuntu.com@localhost for reporting the error
Update netpgpverify and libnetpgpverify to 20160615:
Simplify the method of finding the end of the versioning information
in the signature - back up to the "\n" character at the end of the
signature start:
"-----BEGIN PGP SIGNATURE-----\n"
and then find the "\n\n" character sequence to denote the start of the
signature itself. The previous version worked, but this is more efficient.
Update netpgpverify and libnetpgpverify to 20160616
+ bring over joerg's printflike change from the netpgpverify
version in src/crypto
+ add a test for cleartext signatures with version information
to complement the one with no version information
Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262
+ take a bit of a step backwards, and don't use stdbool.h, just to appease
Solaris 10 compiler
Update netpgpverify and libnetpgpverify to 20160623
+ remove use of asprintf and vasprintf from libverify. Inspired
by work from Dimitri John Ledkov. Should allow building on Linux
without superfluous definitions.
+ also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri
John Ledkov
Update netpgpverify and libnetpgpverify to 20160626
+ make the pgpv_t and pgpv_cursor_t structures opaque
+ add new accessor functions for fields in the pgpv_cursor_t struct
+ add new creation functions for the pgpv_t and pgpv_cursor_t structs
Update netpgpverify and libnetpgpverify to 20160704
+ get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when
the definitions moved from verify.h
+ fix obuf_add_mem() to use a const void *, as any struct can be
dumped using it
+ remove redundant NO_SUBKEYS definition - unused
+ add an (unused as yet) ARRAY_FREE() macro
Update netpgpverify and libnetpgpverify to 20160705
External API changes
====================
+ add a pgpv_cursor_close() function to free resources associated with
a cursor
Better memory management
========================
+ restructure the way dynamic arrays are used, to avoid memory
corruption issues and memory leaks - keep all dynamic arrays in the global
data structure, and use indices in the other data structures to index them.
Means lack of data localisation, but avoids stale pointers, and leaks.
+ make signer field of signature a uint8_t array, rather than a pointer
+ use our own version of strdup(3) - don't depend on it being
available in standard library
+ keep track of whether litdata filenames and userid were allocated or not,
and free memory in pgpv_close() if it was allocated
+ free up allocated resources which were allocated in pgpv_close()
Update netpgpverify and libnetpgpverify to 20160706
+ 20160705 introduced a bug whereby a key subid would match and verify
fine, but, if formatted, would not display the correct subkey
information. Fix to show the correct information in this case.
Update netpgpverify and libnetpgpverify to 20160707 to fix some
unusual build errors shown by old gcc versions (works fine for
gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32)
+ use ULL suffix on unsigned 64bit constants, not UL
+ don't typedef the public structs twice - second time just define it
without the typedef
Fixes PR 51327
Update netpgpverify and libnetpgpverify to 20160708
+ clear and free bignums properly - helps immensely with plugging
memory leaks
Update netpgpverify and libnetpgpverify to 20160828
+ bring over change from christos in src/crypto to check for
the end of an ASCII-armored signature
+ no need for namespace protection in array.h any more, now
that netpgp/verify.h now contains opaque structures
+ minor typo clean-up in a definition (benign, ignored by compiler)
update netpgpverify and libnetpgpverify to 20170201
+ make sure howmany() macro is defined
pointed out by cube - thanks!
diffstat:
crypto/external/bsd/netpgp/bin/netpgpverify/Makefile | 4 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd | 6 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.in | 6 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.lib.in | 4 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.libtool.in | 4 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/array.h | 6 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/bignum.c | 6 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.c | 32 -
crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.h | 4 -
crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3 | 22 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c | 829 ++++++--
crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c | 45 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1 | 8 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/pgpsum.c | 16 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.c | 906 ----------
crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.h | 65 -
crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h | 253 +--
crypto/external/bsd/netpgp/lib/verify/Makefile | 3 +-
18 files changed, 713 insertions(+), 1506 deletions(-)
diffs (truncated from 3070 to 300 lines):
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/bin/netpgpverify/Makefile
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile Mon Apr 17 19:50:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.14 2016/06/14 20:47:43 agc Exp $
+# $NetBSD: Makefile,v 1.15 2017/04/17 19:50:27 agc Exp $
PROG=netpgpverify
BINDIR= /usr/bin
@@ -9,7 +9,7 @@
SRCS+= bzlib.c zlib.c
-SRCS+= md5c.c rmd160.c sha1.c sha2.c tiger.c
+SRCS+= md5c.c rmd160.c sha1.c sha2.c
CPPFLAGS+=-I${.CURDIR} -I${EXTDIST}/src/netpgpverify
COPTS.libverify.c+= -Wno-format-nonliteral
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd Mon Apr 17 19:50:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.bsd,v 1.6 2016/06/15 16:51:46 agc Exp $
+# $NetBSD: Makefile.bsd,v 1.7 2017/04/17 19:50:28 agc Exp $
PROG=netpgpverify
@@ -8,7 +8,7 @@
SRCS+= bzlib.c zlib.c
-SRCS+= md5c.c rmd160.c sha1.c sha2.c tiger.c
+SRCS+= md5c.c rmd160.c sha1.c sha2.c
CPPFLAGS+=-I.
@@ -47,3 +47,5 @@
./${PROG} -k pubring.gpg version.asc
@echo "testing signatures with no version"
./${PROG} -k pubring.gpg noversion.asc
+ @echo "testing dash-escaped text"
+ ./${PROG} -k pubring.gpg dash-escaped-text.asc
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.in
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.in Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.in Mon Apr 17 19:50:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.in,v 1.10 2016/06/15 16:51:46 agc Exp $
+# $NetBSD: Makefile.in,v 1.11 2017/04/17 19:50:28 agc Exp $
PROG=netpgpverify
@@ -8,7 +8,7 @@
OBJS+= bzlib.o zlib.o
-OBJS+= sha1.o sha2.o md5c.o rmd160.o tiger.o
+OBJS+= sha1.o sha2.o md5c.o rmd160.o
PREFIX=@PREFIX@
MANDIR=@MANDIR@
@@ -47,6 +47,8 @@
./${PROG} -k pubring.gpg version.asc
@echo "testing signatures with no version"
./${PROG} -k pubring.gpg noversion.asc
+ @echo "testing dash-escaped text"
+ ./${PROG} -k pubring.gpg dash-escaped-text.asc
clean:
rm -rf *.core ${OBJS} ${PROG}
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.lib.in
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.lib.in Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.lib.in Mon Apr 17 19:50:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.lib.in,v 1.1 2014/03/09 00:15:45 agc Exp $
+# $NetBSD: Makefile.lib.in,v 1.2 2017/04/17 19:50:28 agc Exp $
LIB= libnetpgpverify.a
@@ -8,7 +8,7 @@
OBJS+= bzlib.o zlib.o
-OBJS+= sha1.o sha2.o md5c.o rmd160.o tiger.o
+OBJS+= sha1.o sha2.o md5c.o rmd160.o
PREFIX=@PREFIX@
MANDIR=@MANDIR@
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.libtool.in
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.libtool.in Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.libtool.in Mon Apr 17 19:50:27 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.libtool.in,v 1.1 2014/03/09 00:15:45 agc Exp $
+# $NetBSD: Makefile.libtool.in,v 1.2 2017/04/17 19:50:28 agc Exp $
LIB= libnetpgpverify.a
@@ -8,7 +8,7 @@
OBJS+= bzlib.o zlib.o
-OBJS+= sha1.o sha2.o md5c.o rmd160.o tiger.o
+OBJS+= sha1.o sha2.o md5c.o rmd160.o
PREFIX=@PREFIX@
MANDIR=@MANDIR@
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/array.h
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/array.h Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/array.h Mon Apr 17 19:50:27 2017 +0000
@@ -25,10 +25,10 @@
#ifndef ARRAY_H_
#define ARRAY_H_ 20120921
-#ifndef PGPV_ARRAY
+#ifndef ARRAY
/* creates 2 unsigned vars called "name"c and "name"size in current scope */
/* also creates an array called "name"s in current scope */
-#define PGPV_ARRAY(type, name) \
+#define ARRAY(type, name) \
unsigned name##c; unsigned name##vsize; type *name##s
#endif
@@ -67,6 +67,8 @@
#define ARRAY_SIZE(name) name##vsize
#define ARRAY_ARRAY(name) name##s
+#define ARRAY_FREE(name) free(name##s)
+
#define ARRAY_APPEND(name, newel) do { \
ARRAY_EXPAND(name); \
ARRAY_COUNT(name) += 1; \
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/bignum.c
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/bignum.c Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/bignum.c Mon Apr 17 19:50:27 2017 +0000
@@ -5438,6 +5438,7 @@
{
if (a) {
mp_clear(a);
+ free(a);
}
}
@@ -5452,9 +5453,8 @@
void
PGPV_BN_clear_free(PGPV_BIGNUM *a)
{
- if (a) {
- mp_clear(a);
- }
+ PGPV_BN_clear(a);
+ free(a);
}
int
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.c
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.c Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.c Mon Apr 17 19:50:27 2017 +0000
@@ -64,12 +64,6 @@
0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
-static uint64_t prefix_tiger[] = {
- 0x0123456789ABCDEFLL,
- 0xFEDCBA9876543210LL,
- 0xF096A5B4C3B2E187LL
-};
-
static uint8_t prefix_rmd160[] = {
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24,
0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14
@@ -99,9 +93,6 @@
return 32;
case SHA512_HASH_ALG:
return 64;
- case TIGER_HASH_ALG:
- case TIGER2_HASH_ALG:
- return TIGER_DIGEST_LENGTH;
default:
printf("hash_any: bad algorithm\n");
return 0;
@@ -151,20 +142,6 @@
hash->len = sizeof(prefix_sha512);
hash->ctx = &hash->u.sha512ctx;
return 1;
- case TIGER_HASH_ALG:
- netpgpv_TIGER_Init(&hash->u.tigerctx);
- hash->size = TIGER_DIGEST_LENGTH;
- hash->prefix = prefix_tiger;
- hash->len = sizeof(prefix_tiger);
- hash->ctx = &hash->u.tigerctx;
- return 1;
- case TIGER2_HASH_ALG:
- netpgpv_TIGER2_Init(&hash->u.tigerctx);
- hash->size = TIGER_DIGEST_LENGTH;
- hash->prefix = prefix_tiger;
- hash->len = sizeof(prefix_tiger);
- hash->ctx = &hash->u.tigerctx;
- return 1;
default:
printf("hash_any: bad algorithm\n");
return 0;
@@ -182,8 +159,6 @@
{ "ripemd", RIPEMD_HASH_ALG },
{ "sha256", SHA256_HASH_ALG },
{ "sha512", SHA512_HASH_ALG },
- { "tiger", TIGER_HASH_ALG },
- { "tiger2", TIGER2_HASH_ALG },
{ NULL, 0 }
};
@@ -223,10 +198,6 @@
case SHA512_HASH_ALG:
netpgpv_SHA512_Update(hash->ctx, data, length);
return 1;
- case TIGER_HASH_ALG:
- case TIGER2_HASH_ALG:
- netpgpv_TIGER_Update(hash->ctx, data, length);
- return 1;
default:
printf("hash_any: bad algorithm\n");
return 0;
@@ -255,9 +226,6 @@
case SHA512_HASH_ALG:
netpgpv_SHA512_Final(out, hash->ctx);
break;
- case TIGER_HASH_ALG:
- netpgpv_TIGER_Final(out, hash->ctx);
- break;
default:
printf("hash_any: bad algorithm\n");
return 0;
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.h
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.h Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.h Mon Apr 17 19:50:27 2017 +0000
@@ -33,7 +33,6 @@
#include "sha1.h"
#include "sha2.h"
#include "rmd160.h"
-#include "tiger.h"
#ifndef __BEGIN_DECLS
# if defined(__cplusplus)
@@ -50,12 +49,10 @@
#define MD5_HASH_ALG 1
#define SHA1_HASH_ALG 2
#define RIPEMD_HASH_ALG 3
-#define TIGER_HASH_ALG 6 /* from rfc2440 */
#define SHA256_HASH_ALG 8
#define SHA384_HASH_ALG 9
#define SHA512_HASH_ALG 10
#define SHA224_HASH_ALG 11
-#define TIGER2_HASH_ALG 100 /* private/experimental from rfc4880 */
/* structure to describe digest methods */
typedef struct digest_t {
@@ -67,7 +64,6 @@
NETPGPV_RMD160_CTX rmd160ctx; /* RIPEMD */
NETPGPV_SHA256_CTX sha256ctx; /* SHA256 */
NETPGPV_SHA512_CTX sha512ctx; /* SHA512 */
- NETPGPV_TIGER_CTX tigerctx; /* TIGER/TIGER2 */
} u;
void *prefix; /* points to specific prefix */
uint32_t len; /* prefix length */
diff -r ae140e8c09d2 -r 5034121bf992 crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3 Mon Apr 17 18:57:23 2017 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3 Mon Apr 17 19:50:27 2017 +0000
@@ -1,6 +1,6 @@
-.\" $NetBSD: libnetpgpverify.3,v 1.3 2015/02/05 01:26:54 agc Exp $
+.\" $NetBSD: libnetpgpverify.3,v 1.4 2017/04/17 19:50:28 agc Exp $
.\"
-.\" Copyright (c) 2014 Alistair Crooks <agc%NetBSD.org@localhost>
+.\" Copyright (c) 2014,2015,2016 Alistair Crooks <agc%NetBSD.org@localhost>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd January 15, 2015
+.Dd June 26, 2016
.Dt LIBNETPGPVERIFY 3
.Os
.Sh NAME
@@ -34,6 +34,14 @@
.Sh SYNOPSIS
.In netpgp/verify.h
.Ft int
+.Fo pgpv_new
+.Fa "void"
+.Fc
+.Ft int
+.Fo pgpv_new_cursor
+.Fa "void"
+.Fc
+.Ft int
.Fo pgpv_read_pubring
.Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size"
.Fc
@@ -61,6 +69,14 @@
.Fo pgpv_get_entry
Home |
Main Index |
Thread Index |
Old Index