Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/agc-netpgp-standalone]: src/crypto/external/bsd/netpgp/dist/src/libverif...
details: https://anonhg.NetBSD.org/src/rev/e308a1c14492
branches: agc-netpgp-standalone
changeset: 777827:e308a1c14492
user: agc <agc%NetBSD.org@localhost>
date: Sat Oct 27 02:27:50 2012 +0000
description:
minor changes to libnetpgpverify(3)
+ allow more signature types in subkey signatures when parsing
signatures in the pubring trust entries, which allows more existing,
valid pubring.gpg files (constructed by gpg) to be recognised. with
thanks to jakallsch for the data.
+ provide a nonnull_getenv() function and use it in the one place
getenv(3) was previously used, following a nudge from dsl.
diffstat:
crypto/external/bsd/netpgp/dist/src/libverify/libverify.c | 53 ++++++++------
crypto/external/bsd/netpgp/dist/src/libverify/verify.h | 6 +-
2 files changed, 36 insertions(+), 23 deletions(-)
diffs (131 lines):
diff -r ef1e0c672bcf -r e308a1c14492 crypto/external/bsd/netpgp/dist/src/libverify/libverify.c
--- a/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c Thu Oct 25 04:03:16 2012 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c Sat Oct 27 02:27:50 2012 +0000
@@ -51,23 +51,16 @@
#define BITS_TO_BYTES(b) (((b) + (CHAR_BIT - 1)) / CHAR_BIT)
/* packet types */
-#define PUBKEY_ENC_SESSKEY_PKT 1
-#define SIGNATURE_PKT 2 /* done */
-#define SYMMKEY_ENC_SESSKEY_PKT 3
-#define ONEPASS_SIGNATURE_PKT 4 /* done */
-#define SECKEY_PKT 5
-#define PUBKEY_PKT 6 /* done */
-#define SEC_SUBKEY_PKT 7
-#define COMPRESSED_DATA_PKT 8 /* done */
-#define SYMMKEY_ENC_DATA_PKT 9
+#define SIGNATURE_PKT 2
+#define ONEPASS_SIGNATURE_PKT 4
+#define PUBKEY_PKT 6
+#define COMPRESSED_DATA_PKT 8
#define MARKER_PKT 10
-#define LITDATA_PKT 11 /* done */
-#define TRUST_PKT 12 /* done */
-#define USERID_PKT 13 /* done */
-#define PUB_SUBKEY_PKT 14 /* done */
-#define USER_ATTRIBUTE_PKT 17 /* done */
-#define SYMM_ENC_INTEG_PROT_PKT 18
-#define MODIFY_DETECTION_PKT 19
+#define LITDATA_PKT 11
+#define TRUST_PKT 12
+#define USERID_PKT 13
+#define PUB_SUBKEY_PKT 14
+#define USER_ATTRIBUTE_PKT 17
/* only allow certain packets at certain times */
#define PUBRING_ALLOWED "\002\006\014\015\016\021"
@@ -759,6 +752,11 @@
case SUBPKT_PREF_SYMMETRIC_ALG:
sigpkt->sig.pref_symm_alg = *p;
break;
+ case SUBPKT_REVOCATION_KEY:
+ sigpkt->sig.revoke_sensitive = (*p & 0x40);
+ sigpkt->sig.revoke_alg = p[1];
+ sigpkt->sig.revoke_fingerprint = &p[2];
+ break;
case SUBPKT_NOTATION:
sigpkt->sig.notation = *p;
break;
@@ -768,8 +766,11 @@
case SUBPKT_PREF_COMPRESS_ALG:
sigpkt->sig.pref_compress_alg = *p;
break;
+ case SUBPKT_PREF_KEY_SERVER:
+ sigpkt->sig.pref_key_server = (char *)(void *)p;
+ break;
case SUBPKT_KEY_SERVER_PREFS:
- sigpkt->sig.key_server_prefs = (char *)(void *)p;
+ sigpkt->sig.key_server_modify = *p;
break;
case SUBPKT_KEY_FLAGS:
sigpkt->sig.type_key = *p;
@@ -788,7 +789,7 @@
sigpkt->sig.why_revoked = (char *)(void *)p;
break;
default:
- printf("hi, need to implement sigpkt %d\n", subpkt.tag);
+ printf("Ignoring unusual/reserved signature subpacket %d\n", subpkt.tag);
break;
}
subpkt.s.data = p;
@@ -1274,9 +1275,8 @@
subkey->revoc_self_sig = signature;
}
do {
- if (!pkt_sigtype_is(pgp, SIGTYPE_SUBKEY_BINDING) &&
- !pkt_sigtype_is(pgp, SIGTYPE_SUBKEY_REVOCATION)) {
- printf("recog_subkey: not SIGNATURE_PKT/SUBKEY_BINDING at %zu\n", pgp->pkt);
+ if (!pkt_is(pgp, SIGNATURE_PKT)) {
+ printf("recog_subkey: not signature packet at %zu\n", pgp->pkt);
return 0;
}
if (!recog_signature(pgp, &signature)) {
@@ -1995,6 +1995,15 @@
return 1;
}
+/* check return value from getenv */
+static const char *
+nonnull_getenv(const char *key)
+{
+ char *value;
+
+ return ((value = getenv(key)) == NULL) ? "" : value;
+}
+
/************************************************************************/
/* start of exported functions */
/************************************************************************/
@@ -2141,7 +2150,7 @@
read_binary_memory(pgp, "pubring", keyring, (size_t)size) :
read_binary_file(pgp, "pubring", "%s", keyring);
}
- return read_binary_file(pgp, "pubring", "%s/%s", getenv("HOME"), ".gnupg/pubring.gpg");
+ return read_binary_file(pgp, "pubring", "%s/%s", nonnull_getenv("HOME"), ".gnupg/pubring.gpg");
}
/* get verified data as a string, return its size */
diff -r ef1e0c672bcf -r e308a1c14492 crypto/external/bsd/netpgp/dist/src/libverify/verify.h
--- a/crypto/external/bsd/netpgp/dist/src/libverify/verify.h Thu Oct 25 04:03:16 2012 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/verify.h Sat Oct 27 02:27:50 2012 +0000
@@ -122,15 +122,19 @@
uint8_t trustamount;
pgpv_bignum_t bn[PGPV_MAX_SIG_BN];
char *regexp;
- char *key_server_prefs;
+ char *pref_key_server;
char *policy;
char *features;
char *why_revoked;
+ uint8_t *revoke_fingerprint;
+ uint8_t revoke_alg;
+ uint8_t revoke_sensitive;
uint8_t trustsig;
uint8_t revocable;
uint8_t pref_symm_alg;
uint8_t pref_hash_alg;
uint8_t pref_compress_alg;
+ uint8_t key_server_modify;
uint8_t notation;
uint8_t type_key;
uint8_t revoked; /* subtract 1 to get real reason, 0 == not revoked */
Home |
Main Index |
Thread Index |
Old Index