Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/agc-netpgp-standalone]: src/crypto/external/bsd/netpgp changes to libnet...
details: https://anonhg.NetBSD.org/src/rev/a66284f67d69
branches: agc-netpgp-standalone
changeset: 777829:a66284f67d69
user: agc <agc%NetBSD.org@localhost>
date: Tue Oct 30 02:10:42 2012 +0000
description:
changes to libnetpgpverify:
+ isolate the RSA verification code (the DSA verification code was
isolated previously), and include it in our sources, rather than
including the source for librsa, (and thus bringing in all the code
for signing and encryption/decryption) - no crypto is involved in
signature verification, just the digest calculation, and the BIGNUM
expmod.
+ check some more arguments
+ order the user ids as expected in public keys (i.e. if there's a
primary user id signature sub-packet, honor it), and fix up the
regression test results accordingly.
diffstat:
crypto/external/bsd/netpgp/bin/netpgpverify/Makefile | 5 +-
crypto/external/bsd/netpgp/bin/netpgpverify/expected16 | 2 +-
crypto/external/bsd/netpgp/bin/netpgpverify/expected17 | 2 +-
crypto/external/bsd/netpgp/bin/netpgpverify/expected18 | 2 +-
crypto/external/bsd/netpgp/bin/netpgpverify/expected21 | 2 +-
crypto/external/bsd/netpgp/bin/netpgpverify/expected22 | 2 +-
crypto/external/bsd/netpgp/bin/netpgpverify/expected24 | 2 +-
crypto/external/bsd/netpgp/bin/netpgpverify/expected32 | 6 +-
crypto/external/bsd/netpgp/bin/netpgpverify/expected34 | 2 +-
crypto/external/bsd/netpgp/dist/src/libbn/bignum.c | 5 +-
crypto/external/bsd/netpgp/dist/src/libverify/libverify.c | 179 +++++++++++-
crypto/external/bsd/netpgp/dist/src/libverify/verify.c | 145 ----------
crypto/external/bsd/netpgp/dist/src/libverify/verify.h | 199 +++++++------
crypto/external/bsd/netpgp/lib/verify/Makefile | 3 +-
14 files changed, 278 insertions(+), 278 deletions(-)
diffs (truncated from 939 to 300 lines):
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/Makefile
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile Tue Oct 30 02:10:42 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1.2.5 2012/10/24 02:18:56 agc Exp $
+# $NetBSD: Makefile,v 1.1.2.6 2012/10/30 02:10:42 agc Exp $
.include <bsd.own.mk>
@@ -114,3 +114,6 @@
env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in2.asc > output45
diff expected45 output45
rm -f output45
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46
+ diff expected46 output46
+ rm -f output46
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/expected16
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/expected16 Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected16 Tue Oct 30 02:10:42 2012 +0000
@@ -1,9 +1,9 @@
Good signature for b.gpg made Mon Sep 10 00:15:38 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/expected17
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/expected17 Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected17 Tue Oct 30 02:10:42 2012 +0000
@@ -1,9 +1,9 @@
Good signature for a.gpg made Sun Sep 9 17:44:11 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/expected18
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/expected18 Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected18 Tue Oct 30 02:10:42 2012 +0000
@@ -1,9 +1,9 @@
Good signature for gpgsigned-a.gpg made Sun Sep 9 17:43:01 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/expected21
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/expected21 Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected21 Tue Oct 30 02:10:42 2012 +0000
@@ -1,9 +1,9 @@
Good signature for [stdin] made Sun Sep 9 17:44:11 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/expected22
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/expected22 Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected22 Tue Oct 30 02:10:42 2012 +0000
@@ -1,9 +1,9 @@
Good signature for [stdin] made Sun Sep 30 10:50:20 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/expected24
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/expected24 Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected24 Tue Oct 30 02:10:42 2012 +0000
@@ -1,9 +1,9 @@
Good signature for [stdin] made Mon Sep 10 00:15:38 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/expected32
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/expected32 Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected32 Tue Oct 30 02:10:42 2012 +0000
@@ -1,9 +1,9 @@
Good signature for b.gpg made Mon Sep 10 00:15:38 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
@@ -11,9 +11,9 @@
Good signature for b.gpg made Mon Sep 10 00:15:38 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
@@ -21,9 +21,9 @@
Good signature for b.gpg made Mon Sep 10 00:15:38 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/bin/netpgpverify/expected34
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/expected34 Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected34 Tue Oct 30 02:10:42 2012 +0000
@@ -1,9 +1,9 @@
Good signature for det.sig made Thu Oct 18 02:12:33 2012
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
-uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks <agc%netflix.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
fingerprint: 57c0 c1e6 bf71 8845 416b 9522 79de b61e 488e ee74
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/dist/src/libbn/bignum.c
--- a/crypto/external/bsd/netpgp/dist/src/libbn/bignum.c Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libbn/bignum.c Tue Oct 30 02:10:42 2012 +0000
@@ -5356,10 +5356,10 @@
int
BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, BN_CTX *ctx)
{
- USE_ARG(ctx);
if ((dv == NULL && rem == NULL) || a == NULL || d == NULL) {
return 0;
}
+ USE_ARG(ctx);
return mp_div(dv, rem, __UNCONST(a), __UNCONST(d)) == MP_OKAY;
}
@@ -5585,6 +5585,9 @@
{
int primality;
+ if (a == NULL) {
+ return 0;
+ }
USE_ARG(ctx);
USE_ARG(cb_arg);
USE_ARG(callback);
diff -r 22099ac9b954 -r a66284f67d69 crypto/external/bsd/netpgp/dist/src/libverify/libverify.c
--- a/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c Mon Oct 29 15:46:49 2012 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c Tue Oct 30 02:10:42 2012 +0000
@@ -48,6 +48,10 @@
#include "rsa.h"
#include "verify.h"
+#ifndef USE_ARG
+#define USE_ARG(x) /*LINTED*/(void)&(x)
+#endif
+
#define BITS_TO_BYTES(b) (((b) + (CHAR_BIT - 1)) / CHAR_BIT)
/* packet types */
@@ -510,10 +514,10 @@
memcpy(keyid, &u64, PGPV_KEYID_LEN);
}
-#define PKT_ALWAYS_ON 0x80
-#define PKT_NEWFMT_MASK 0x40
-#define PKT_NEWFMT_TAG_MASK 0x3f
-#define PKT_OLDFMT_TAG_MASK 0x3c
+#define PKT_ALWAYS_ON 0x80
+#define PKT_NEWFMT_MASK 0x40
+#define PKT_NEWFMT_TAG_MASK 0x3f
+#define PKT_OLDFMT_TAG_MASK 0x3c
#define SUBPKT_CRITICAL_MASK 0x80
#define SUBPKT_TAG_MASK 0x7f
@@ -776,7 +780,7 @@
sigpkt->sig.type_key = *p;
break;
case SUBPKT_PRIMARY_USER_ID:
- sigpkt->sig.userid = p;
+ sigpkt->sig.primary_userid = *p;
break;
case SUBPKT_POLICY_URI:
sigpkt->sig.policy = (char *)(void *)p;
@@ -1213,7 +1217,7 @@
recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid)
{
pgpv_signature_t signature;
- pgpv_pkt_t *pkt;
+ pgpv_pkt_t *pkt;
memset(userid, 0x0, sizeof(*userid));
if (!pkt_is(pgp, USERID_PKT)) {
@@ -1230,6 +1234,9 @@
return 0;
}
ARRAY_APPEND(userid->sigs, signature);
+ if (signature.primary_userid) {
+ userid->primary_userid = signature.primary_userid;
+ }
}
return 1;
}
@@ -1262,7 +1269,7 @@
recog_subkey(pgpv_t *pgp, pgpv_signed_subkey_t *subkey)
{
pgpv_signature_t signature;
- pgpv_pkt_t *pkt;
+ pgpv_pkt_t *pkt;
pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt);
memset(subkey, 0x0, sizeof(*subkey));
@@ -1354,19 +1361,30 @@
return cc;
}
+/* format a userid - used to order the userids when formatting */
+static size_t
+fmt_userid(char *s, size_t size, pgpv_primarykey_t *primary, uint8_t u)
+{
+ pgpv_signed_userid_t *userid;
+
+ userid = &ARRAY_ELEMENT(primary->signed_userids, u);
+ return snprintf(s, size, "uid %.*s\n",
+ (int)userid->userid.size, userid->userid.data);
+}
+
/* print a primary key, per RFC 4880 */
static size_t
fmt_primary(char *s, size_t size, pgpv_primarykey_t *primary)
{
- pgpv_signed_userid_t *userid;
- unsigned i;
- size_t cc;
+ unsigned i;
+ size_t cc;
cc = fmt_pubkey(s, size, &primary->primary, "signature ");
+ cc += fmt_userid(&s[cc], size - cc, primary, primary->primary_userid);
for (i = 0 ; i < ARRAY_COUNT(primary->signed_userids) ; i++) {
- userid = &ARRAY_ELEMENT(primary->signed_userids, i);
- cc += snprintf(&s[cc], size - cc, "uid %.*s\n",
- (int)userid->userid.size, userid->userid.data);
+ if (i != primary->primary_userid) {
+ cc += fmt_userid(&s[cc], size - cc, primary, i);
+ }
}
for (i = 0 ; i < ARRAY_COUNT(primary->signed_subkeys) ; i++) {
cc += fmt_pubkey(&s[cc], size - cc, &ARRAY_ELEMENT(primary->signed_subkeys, i).subkey, "encryption");
@@ -1375,6 +1393,110 @@
return cc;
}
+
+/* check the padding on the signature */
+static int
+rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num)
+{
+ USE_ARG(num);
+ if (flen > tlen) {
+ printf("from length larger than to length\n");
+ return -1;
+ }
+ (void) memset(to, 0x0, tlen - flen);
+ (void) memcpy(to + tlen - flen, from, flen);
+ return tlen;
+}
+
+#define RSA_MAX_MODULUS_BITS 16384
+#define RSA_SMALL_MODULUS_BITS 3072
+#define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
Home |
Main Index |
Thread Index |
Old Index