Sync the src version of netpgpverify with the version in pkgsrc

> ----------------------------
> revision 1.10
> date: 2015-02-04 16:58:02 -0800;  author: agc;  state: Exp;  lines: +1 -0;  commitid: 0v3HoBPFTnhDSK8y;
> appease compiler warning police - initialise a variable in case it's otherwise
> "used uninitialised". ride previous version bump.
> ----------------------------
> revision 1.9
> date: 2015-02-04 16:21:57 -0800;  author: agc;  state: Exp;  lines: +48 -21;  commitid: ElUADrlljB46GK8y;
> Update netpgpverify (and libnetpgpverify) to version 20150205
>
> + recognise signatures made by subkeys as well as by primary keys
>
> + print out the relevant key which signed the file, even if it's
> a subkey and not the primary key itself.
>
> + keep the same API as before
>
> with many thanks to Jonathan Perkin
> ----------------------------
> revision 1.8
> date: 2015-02-03 13:34:57 -0800;  author: agc;  state: Exp;  lines: +1 -3;  commitid: 6qTclEbv7hmZMB8y;
> Update netpgpverify, and libnetpgpverify, to 20150204
>
> + dump the huge output in testing script to /dev/null so that we can
> see what's happening with the other tests in testit.sh
>
> + fix from jperkin@, don't try to be clever when selecting the only
> key id in a keyring
>
> + add a test for single key (non-ssh) pubring
> ----------------------------
> revision 1.7
> date: 2015-02-03 13:13:17 -0800;  author: agc;  state: Exp;  lines: +3 -0;  commitid: ztXbqAi9ocXGFB8y;
> Update netpgpverify, and libnetpgpverify, to 20150203
>
> + portability fixes to make netpgpverify build on freebsd 10.1 with WARNS=5
>
> + fixed an oversight in the testit.sh script
This commit is contained in:
agc 2015-02-05 01:26:54 +00:00
parent a203ea21a9
commit 530ddfcba7
15 changed files with 217 additions and 54 deletions

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,86 @@
begin 644 1keytest.gpg
MQ`T#``@!;&)E`*V%)+`!R\N08@``````+RH@)$YE=$)31#H@9&5F<RYH+'8@
M,2XQ(#(P,30O,#(O,#0@,#(Z,3$Z,3@@86=C($5X<"`D("HO"@HO*BT*("H@
M0V]P>7)I9VAT("AC*2`R,#`Y(%1H92!.971"4T0@1F]U;F1A=&EO;BP@26YC
M+@H@*B!!;&P@<FEG:'1S(')E<V5R=F5D+@H@*@H@*B!4:&ES(&-O9&4@:7,@
M9&5R:79E9"!F<F]M('-O9G1W87)E(&-O;G1R:6)U=&5D('1O(%1H92!.971"
M4T0@1F]U;F1A=&EO;@H@*B!B>2!!;&ES=&%I<B!#<F]O:W,@*&%G8T!.971"
M4T0N;W)G*0H@*@H@*B!2961I<W1R:6)U=&EO;B!A;F0@=7-E(&EN('-O=7)C
M92!A;F0@8FEN87)Y(&9O<FUS+"!W:71H(&]R('=I=&AO=70*("H@;6]D:69I
M8V%T:6]N+"!A<F4@<&5R;6ET=&5D('!R;W9I9&5D('1H870@=&AE(&9O;&QO
M=VEN9R!C;VYD:71I;VYS"B`J(&%R92!M970Z"B`J(#$N(%)E9&ES=')I8G5T
M:6]N<R!O9B!S;W5R8V4@8V]D92!M=7-T(')E=&%I;B!T:&4@86)O=F4@8V]P
M>7)I9VAT"B`J("`@(&YO=&EC92P@=&AI<R!L:7-T(&]F(&-O;F1I=&EO;G,@
M86YD('1H92!F;VQL;W=I;F<@9&ES8VQA:6UE<BX*("H@,BX@4F5D:7-T<FEB
M=71I;VYS(&EN(&)I;F%R>2!F;W)M(&UU<W0@<F5P<F]D=6-E('1H92!A8F]V
M92!C;W!Y<FEG:'0*("H@("`@;F]T:6-E+"!T:&ES(&QI<W0@;V8@8V]N9&ET
M:6]N<R!A;F0@=&AE(&9O;&QO=VEN9R!D:7-C;&%I;65R(&EN('1H90H@*B`@
M("!D;V-U;65N=&%T:6]N(&%N9"]O<B!O=&AE<B!M871E<FEA;',@<')O=FED
M960@=VET:"!T:&4@9&ES=')I8G5T:6]N+@H@*@H@*B!42$E3(%-/1E1705)%
M($E3(%!23U9)1$5$($)9(%1(12!.151"4T0@1D]53D1!5$E/3BP@24Y#+B!!
M3D0@0T].5%))0E543U)3"B`J(&!@05,@25,G)R!!3D0@04Y9($584%)%4U,@
M3U(@24U03$E%1"!705)204Y42453+"!)3D-,541)3D<L($)55"!.3U0@3$E-
M251%1`H@*B!43RP@5$A%($E-4$Q)140@5T%24D%.5$E%4R!/1B!-15)#2$%.
M5$%"24Q)5%D@04Y$($9)5$Y%4U,@1D]2($$@4$%25$E#54Q!4@H@*B!055)0
M3U-%($%212!$25-#3$%)345$+B`@24X@3D\@159%3E0@4TA!3$P@5$A%($9/
M54Y$051)3TX@3U(@0T].5%))0E543U)3"B`J($)%($Q)04),12!&3U(@04Y9
M($1)4D5#5"P@24Y$25)%0U0L($E.0TE$14Y404PL(%-014-)04PL($5814U0
M3$%262P@3U(*("H@0T].4T51545.5$E!3"!$04U!1T53("A)3D-,541)3D<L
M($)55"!.3U0@3$E-251%1"!43RP@4%)/0U5214U%3E0@3T8*("H@4U5"4U1)
M5%5412!'3T]$4R!/4B!315)624-%4SL@3$]34R!/1B!54T4L($1!5$$L($]2
M(%!23T9)5%,[($]2($)54TE.15-3"B`J($E.5$524E505$E/3BD@2$]7159%
M4B!#0553140@04Y$($].($%.62!42$5/4ED@3T8@3$E!0DE,2519+"!72$54
M2$52($E."B`J($-/3E1204-4+"!35%))0U0@3$E!0DE,2519+"!/4B!43U)4
M("A)3D-,541)3D<@3D5'3$E'14Y#12!/4B!/5$A%4E=)4T4I"B`J($%225-)
M3D<@24X@04Y9(%=!62!/550@3T8@5$A%(%5312!/1B!42$E3(%-/1E1705)%
M+"!%5D5.($E&($%$5DE3140@3T8@5$A%"B`J(%!/4U-)0DE,2519($]&(%-5
M0T@@1$%-04=%+@H@*B\*(VEF;F1E9B!$14937TA?"B-D969I;F4@1$5&4U](
M7PH*(VEN8VQU9&4@/'-Y<R]T>7!E<RYH/@HC:6YC;'5D92`\<WES+W!A<F%M
M+F@^"@HC:69D968@2$%615])3E1465!%4U]("B-I;F-L=61E(#QI;G1T>7!E
M<RYH/@HC96YD:68*"B-I9F1E9B!(059%7U-41$E.5%]("B-I;F-L=61E(#QS
M=&1I;G0N:#X*(V5N9&EF"@HC:6YC;'5D92`\<W1D:6\N:#X*(VEN8VQU9&4@
M/'-T9&QI8BYH/@HC:6YC;'5D92`\<W1R:6YG+F@^"@HC9&5F:6YE($Y%5T%2
M4D%9*'1Y<&4L<'1R+'-I>F4L=VAE<F4L86-T:6]N*2!D;R!["0D)7`H):68@
M*"AP='(@/2!C86QL;V,H<VEZ96]F*'1Y<&4I+"`H=6YS:6=N960I*'-I>F4I
M*2D@/3T@3E5,3"D@>PE<"@D)*'9O:60I(&9P<FEN=&8H<W1D97)R+"`B)7,Z
M(&-A;B=T(&%L;&]C871E("5L=2!B>71E<UQN(BP@7`H)"0EW:&5R92P@*'5N
M<VEG;F5D(&QO;F<I*'-I>F4@*B!S:7IE;V8H='EP92DI*3L)7`H)"6%C=&EO
M;CL)"0D)"0D)7`H)?0D)"0D)"0D)7`I]('=H:6QE*"`O*B!#3TY35$-/3D0@
M*B\@,"D*"B-D969I;F4@4D5.15<H='EP92QP='(L<VEZ92QW:&5R92QA8W1I
M;VXI(&1O('L)"0D)7`H)='EP92`J7VYE=W!T<CL)"0D)"0D)7`H)7VYE=W!T
M<B`](')E86QL;V,H<'1R+"`H<VEZ95]T*2AS:7IE;V8H='EP92D@*B`H<VEZ
M92DI*3L)7`H):68@*%]N97=P='(@/3T@3E5,3"D@>PD)"0D)"5P*"0DH=F]I
M9"D@9G!R:6YT9BAS=&1E<G(L("(E<SH@8V%N)W0@<F5A;&QO8R`E;'4@8GET
M97-<;B(L"5P*"0D)=VAE<F4L("AU;G-I9VYE9"!L;VYG*2AS:7IE("H@<VEZ
M96]F*'1Y<&4I*2D["5P*"0EA8W1I;VX["0D)"0D)"5P*"7T@96QS92!["0D)
M"0D)"5P*"0EP='(@/2!?;F5W<'1R.PD)"0D)"5P*"7T)"0D)"0D)"5P*?2!W
M:&EL92@@+RH@0T].4U1#3TY$("HO(#`I"@HC9&5F:6YE($Y%5RAT>7!E+"!P
M='(L('=H97)E+"!A8W1I;VXI"4Y%5T%24D%9*'1Y<&4L('!T<BP@,2P@=VAE
M<F4L(&%C=&EO;BD*"B-D969I;F4@1E)%12AP='(I"2AV;VED*2!F<F5E*'!T
M<BD*"B-D969I;F4@04Q,3T,H='EP92P@=BP@<VEZ92P@8RP@:6YI="P@:6YC
M<BP@=VAE<F4L(&%C=&EO;BD@9&\@>PD)7`H)=6EN=#,R7W0)7VYE=W-I>F4@
M/2!S:7IE.PD)"0E<"@EI9B`H<VEZ92`]/2`P*2!["0D)"0D)7`H)"5]N97=S
M:7IE(#T@:6YI=#L)"0D)"5P*"0E.15=!4E)!62AT>7!E+"!V+"!?;F5W<VEZ
M92P@=VAE<F4@(CH@;F5W(BP@86-T:6]N*3L)7`H)?2!E;'-E(&EF("AC(#T]
M('-I>F4I('L)"0D)"0E<"@D)7VYE=W-I>F4@/2!S:7IE("L@:6YC<CL)"0D)
M"5P*"0E214Y%5RAT>7!E+"!V+"!?;F5W<VEZ92P@=VAE<F4@(CH@<F5N97<B
M+"!A8W1I;VXI.PE<"@E]"0D)"0D)"0E<"@ES:7IE(#T@7VYE=W-I>F4["0D)
M"0D)7`I]('=H:6QE*"`O*B!#3TY35$-/3D0@*B\@,"D*"B-D969I;F4@1$5&
M24Y%7T%24D%9*&YA;64L('1Y<&4I"0D)"0E<"G1Y<&5D968@<W1R=6-T(&YA
M;64@>PD)"0D)"0E<"@EU:6YT,S)?=`EC.PD)"0D)"5P*"75I;G0S,E]T"7-I
M>F4["0D)"0D)7`H)='EP90D@("`@("`@*G8["0D)"0D)7`I](&YA;64*"B-E
M;F1I9B`O*B`A1$5&4U](7R`J+PK"P6($``$(`!8%`E31?2X%`P`````)$&QB
M90"MA22P``",=!``R2^C8"/Z(.]^N&Z\EI0D7OD:'ZCU!'UF5Y]7&[DR)G\'
M0()`BLY[_^^=IL!XDWJV27+@.J_O)C#?OX5?C/=,6ERU)E-Z6879??U_%57[
M#GZGRW)HO4D"'RF&XC`1_WM?]SHB'%S'^.%!W=SF.K\^+,P@%I<T\OEXC6L&
M*>$9,ZZ)7&ZPS0'*9LS>BW"FH5EMYA!ZW8]*D%:F$J`6VR`>$Z</'`_C7KR>
MH-$^_G+1].)F[.VWN2P=?1*GT_TG<'22PV'8X>M>'".JW)BZ"'!&0-/1=CZE
M`[T@-*0@IZ";+?LQ8UOG"/8MHG:MO"+/$&H)Z,7/P\B9Y(BGO:>:EKK-<L)\
M;^-D&1Q])%-><1,L?H6R(._?U3U88B-3)Y]<KK?9I![G*NN)@V62IISM8=:R
MFI5Y\[_DPS40H$4RR"$6>*P?MQ&`+)S1YA)^/#5Q`/'2Z[4WP<MM"<E'0@3<
M?@)S`Y@Y+HZ"=8M5!M1X/=E61^8#76UVD./*N#KN%+K\@F``YD)39=KU%_`T
M*;<#>_BBN\8O-O@?D/!-B]3!5H;2%:.Q;\OTKC;3TWYL:L:T,_]@1`HL1#[F
ML#H/G5N<Z&(QE4&.C(1"`:6PZC[F-?+BC,.3!9J+/X(9O&;>0SN#?.`)5Y_]
=*CT.Q56883<>]E&=6=.!4%:1H5]1;`SHG5#'WD.+
`
end

View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile.bsd,v 1.3 2015/01/30 18:58:59 agc Exp $
# $NetBSD: Makefile.bsd,v 1.4 2015/02/05 01:26:54 agc Exp $
PROG=netpgpverify
@ -34,6 +34,12 @@ tst:
@echo "expected failure, no valid key for verification"
-./${PROG} -k /dev/null NetBSD-6.0_RC1_hashes.gpg
@echo "dumping now"
./${PROG} -c dump -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
./${PROG} -c dump -k pubring.gpg NetBSD-6.0_RC1_hashes.asc > /dev/null
@echo "dumping ssh now"
./${PROG} -c dump -S sshtest-20140202.pub data.gpg
@echo "testing pubring with one key"
uudecode 1keytest.gpg.uu
./${PROG} -k 1keypubring.gpg 1keytest.gpg
rm -f 1keytest.gpg
@echo "testing signing with a subkey"
./chk.sh -k joyent-pubring.gpg digest-20121220.tgz

View File

@ -1,4 +1,4 @@
/* $NetBSD: bzlib.c,v 1.2 2014/03/09 07:01:42 christos Exp $ */
/* $NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $ */
/*-------------------------------------------------------------*/
@ -35,7 +35,7 @@
#include "bzlib_private.h"
/* $NetBSD: bzlib.c,v 1.2 2014/03/09 07:01:42 christos Exp $ */
/* $NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $ */
/*-------------------------------------------------------------*/
@ -930,7 +930,7 @@ BZFILE * bzopen_or_bzdopen
int smallMode = 0;
int nUnused = 0;
__USE(blockSize100k);
USE_ARG(blockSize100k);
if (mode == NULL) return NULL;
while (*mode) {
@ -1082,7 +1082,7 @@ const char * BZ_API(BZ2_bzerror) (BZFILE *b, int *errnum)
/*-------------------------------------------------------------*/
/*--- end bzlib.c ---*/
/*-------------------------------------------------------------*/
/* $NetBSD: bzlib.c,v 1.2 2014/03/09 07:01:42 christos Exp $ */
/* $NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $ */
/*-------------------------------------------------------------*/
@ -1728,7 +1728,7 @@ Int32 BZ2_decompress ( DState* s )
/*-------------------------------------------------------------*/
/*--- end decompress.c ---*/
/*-------------------------------------------------------------*/
/* $NetBSD: bzlib.c,v 1.2 2014/03/09 07:01:42 christos Exp $ */
/* $NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $ */
/*-------------------------------------------------------------*/
@ -1832,7 +1832,7 @@ UInt32 BZ2_crc32Table[256] = {
/*-------------------------------------------------------------*/
/*--- end crctable.c ---*/
/*-------------------------------------------------------------*/
/* $NetBSD: bzlib.c,v 1.2 2014/03/09 07:01:42 christos Exp $ */
/* $NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $ */
/*-------------------------------------------------------------*/

View File

@ -1,4 +1,4 @@
/* $NetBSD: bzlib_private.h,v 1.2 2014/03/11 17:20:23 joerg Exp $ */
/* $NetBSD: bzlib_private.h,v 1.3 2015/02/05 01:26:54 agc Exp $ */
/*-------------------------------------------------------------*/
@ -57,6 +57,10 @@ typedef unsigned short UInt16;
#ifndef BZ_NO_STDIO
#ifndef __dead
#define __dead
#endif
void BZ2_bz__AssertH__fail ( int errcode ) __dead;
#define AssertH(cond,errcode) \
{ if (!(cond)) BZ2_bz__AssertH__fail ( errcode ); }

View File

@ -1,6 +1,6 @@
#! /bin/sh
# $NetBSD: chk.sh,v 1.2 2015/01/30 18:58:59 agc Exp $
# $NetBSD: chk.sh,v 1.3 2015/02/05 01:26:54 agc Exp $
# Copyright (c) 2013,2014,2015 Alistair Crooks <agc@NetBSD.org>
# All rights reserved.
@ -35,9 +35,11 @@ os=EdgeBSD
osrev=6
arch=amd64
pkgsrc=pkgsrc-2013Q1
keyring=pubring.gpg
while [ $# -gt 0 ]; do
case "$1" in
--arch|-a) arch=$2; shift ;;
--keyring|-k) keyring=$2; shift ;;
--os|-o) os=$2; shift ;;
--pkgsrc) pkgsrc=$2; shift ;;
-v) set -x ;;
@ -95,13 +97,13 @@ diff ${dir}/+PKG_HASH ${dir}/calc || die "Bad hashes generated"
if [ -x /usr/bin/netpgpverify -o -x /usr/pkg/bin/netpgpverify ]; then
echo "=== Using netpgpverify to verify the package signature ==="
# check the signature in +PKG_GPG_SIGNATURE
cp ${here}/pubring.pub ${dir}/pubring.gpg
cp ${keyring} ${dir}/pubring.gpg
# calculate the sig file we want to verify
echo "-----BEGIN PGP SIGNED MESSAGE-----" > ${dir}/${name}.sig
echo "Hash: ${digest}" >> ${dir}/${name}.sig
echo "" >> ${dir}/${name}.sig
cat ${dir}/+PKG_HASH ${dir}/+PKG_GPG_SIGNATURE >> ${dir}/${name}.sig
(cd ${dir} && netpgpverify -k pubring.gpg ${name}.sig) || die "Bad signature"
(cd ${dir} && ${here}/netpgpverify -k pubring.gpg ${name}.sig) || die "Bad signature"
else
echo "=== Using gpg to verify the package signature ==="
gpg --recv --keyserver pgp.mit.edu 0x6F3AF5E2

Binary file not shown.

View File

@ -1,4 +1,4 @@
.\" $NetBSD: libnetpgpverify.3,v 1.2 2014/12/05 04:42:36 agc Exp $
.\" $NetBSD: libnetpgpverify.3,v 1.3 2015/02/05 01:26:54 agc Exp $
.\"
.\" Copyright (c) 2014 Alistair Crooks <agc@NetBSD.org>
.\" All rights reserved.
@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd December 4, 2014
.Dd January 15, 2015
.Dt LIBNETPGPVERIFY 3
.Os
.Sh NAME
@ -54,6 +54,10 @@
.Fa "pgpv_cursor_t *cursor" "size_t element"
.Fc
.Ft size_t
.Fo pgpv_dump
.Fa "pgpv_t *pgp" "char **data"
.Fc
.Ft size_t
.Fo pgpv_get_entry
.Fa "pgpv_t *pgp" "unsigned ent" "char **ret" "const char *modifiers"
.Fc

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org>
* Copyright (c) 2012,2013,2014,2015 Alistair Crooks <agc@NetBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -1473,14 +1473,16 @@ fmt_trust(char *s, size_t size, pgpv_signed_userid_t *userid, uint32_t u)
/* print a primary key, per RFC 4880 */
static size_t
fmt_primary(char *s, size_t size, pgpv_primarykey_t *primary, const char *modifiers)
fmt_primary(char *s, size_t size, pgpv_primarykey_t *primary, unsigned subkey, const char *modifiers)
{
pgpv_signed_userid_t *userid;
pgpv_pubkey_t *pubkey;
unsigned i;
unsigned j;
size_t cc;
cc = fmt_pubkey(s, size, &primary->primary, "signature ");
pubkey = (subkey == 0) ? &primary->primary : &ARRAY_ELEMENT(primary->signed_subkeys, subkey - 1).subkey;
cc = fmt_pubkey(s, size, pubkey, "signature ");
cc += fmt_userid(&s[cc], size - cc, primary, primary->primary_userid);
for (i = 0 ; i < ARRAY_COUNT(primary->signed_userids) ; i++) {
if (i != primary->primary_userid) {
@ -2190,6 +2192,7 @@ getbignum(pgpv_bignum_t *bignum, bufgap_t *bg, char *buf, const char *header)
{
uint32_t len;
USE_ARG(header);
(void) bufgap_getbin(bg, &len, sizeof(len));
len = pgp_ntoh32(len);
(void) bufgap_seek(bg, sizeof(len), BGFromHere, BGByte);
@ -2248,6 +2251,7 @@ read_ssh_file(pgpv_t *pgp, pgpv_primarykey_t *primary, const char *fmt, ...)
int ok;
int cc;
USE_ARG(pgp);
memset(primary, 0x0, sizeof(*primary));
(void) memset(&bg, 0x0, sizeof(bg));
va_start(args, fmt);
@ -2436,7 +2440,7 @@ fixup_detached(pgpv_cursor_t *cursor, const char *f)
return 1;
}
/* match the calculated signature against the oen in the signature packet */
/* match the calculated signature against the one in the signature packet */
static int
match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, uint8_t *data, size_t size)
{
@ -2518,25 +2522,29 @@ pgpv_close(pgpv_t *pgp)
/* return the formatted entry for the primary key desired */
size_t
pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **ret, const char *modifiers)
pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **s, const char *modifiers)
{
unsigned subkey;
unsigned prim;
size_t cc;
if (ret == NULL || pgp == NULL || ent >= ARRAY_COUNT(pgp->primaries)) {
prim = ((ent >> 8) & 0xffffff);
subkey = (ent & 0xff);
if (s == NULL || pgp == NULL || prim >= ARRAY_COUNT(pgp->primaries)) {
return 0;
}
*ret = NULL;
cc = ARRAY_ELEMENT(pgp->primaries, ent).fmtsize;
*s = NULL;
cc = ARRAY_ELEMENT(pgp->primaries, prim).fmtsize;
if (modifiers == NULL || (strcasecmp(modifiers, "trust") != 0 && strcasecmp(modifiers, "subkeys") != 0)) {
modifiers = "no-subkeys";
}
if (strcasecmp(modifiers, "trust") == 0) {
cc *= 2048;
}
if ((*ret = calloc(1, cc)) == NULL) {
if ((*s = calloc(1, cc)) == NULL) {
return 0;
}
return fmt_primary(*ret, cc, &ARRAY_ELEMENT(pgp->primaries, ent), modifiers);
return fmt_primary(*s, cc, &ARRAY_ELEMENT(pgp->primaries, prim), subkey, modifiers);
}
/* fixup key id, with birth, keyalg and hashalg value from signature */
@ -2556,9 +2564,12 @@ fixup_ssh_keyid(pgpv_t *pgp, pgpv_signature_t *signature, const char *hashtype)
/* find key id */
static int
find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid)
find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid, unsigned *sub)
{
pgpv_signed_subkey_t *subkey;
pgpv_primarykey_t *prim;
unsigned i;
unsigned j;
uint8_t binkeyid[PGPV_KEYID_LEN];
size_t off;
size_t cmp;
@ -2573,27 +2584,43 @@ find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid)
memcpy(binkeyid, keyid, sizeof(binkeyid));
cmp = PGPV_KEYID_LEN;
}
*sub = 0;
off = PGPV_KEYID_LEN - cmp;
for (i = 0 ; i < ARRAY_COUNT(pgp->primaries) ; i++) {
if (memcmp(&ARRAY_ELEMENT(pgp->primaries, i).primary.keyid[off], &binkeyid[off], cmp) == 0) {
prim = &ARRAY_ELEMENT(pgp->primaries, i);
if (memcmp(&prim->primary.keyid[off], &binkeyid[off], cmp) == 0) {
return i;
}
for (j = 0 ; j < ARRAY_COUNT(prim->signed_subkeys) ; j++) {
subkey = &ARRAY_ELEMENT(prim->signed_subkeys, j);
if (memcmp(&subkey->subkey.keyid[off], &binkeyid[off], cmp) == 0) {
*sub = j + 1;
return i;
}
}
}
return -1;
}
/* match the signature with the id indexed by 'primary' */
static int
match_sig_id(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_litdata_t *litdata, unsigned primary)
match_sig_id(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_litdata_t *litdata, unsigned primary, unsigned sub)
{
pgpv_primarykey_t *prim;
pgpv_pubkey_t *pubkey;
uint8_t *data;
size_t insize;
pubkey = &ARRAY_ELEMENT(cursor->pgp->primaries, primary).primary;
cursor->sigtime = signature->birth;
/* calc hash on data packet */
data = get_literal_data(cursor, litdata, &insize);
if (sub == 0) {
pubkey = &ARRAY_ELEMENT(cursor->pgp->primaries, primary).primary;
return match_sig(cursor, signature, pubkey, data, insize);
}
prim = &ARRAY_ELEMENT(cursor->pgp->primaries, primary);
pubkey = &ARRAY_ELEMENT(prim->signed_subkeys, sub - 1).subkey;
return match_sig(cursor, signature, pubkey, data, insize);
}
@ -2644,6 +2671,7 @@ pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
pgpv_signature_t *signature;
pgpv_onepass_t *onepass;
pgpv_litdata_t *litdata;
unsigned sub;
size_t pkt;
char strkeyid[PGPV_STR_KEYID_LEN];
int j;
@ -2695,17 +2723,17 @@ pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
if (cursor->pgp->ssh) {
fixup_ssh_keyid(cursor->pgp, signature, "sha1");
}
if (ARRAY_COUNT(cursor->pgp->primaries) == 1) {
j = 0;
} else if ((j = find_keyid(cursor->pgp, NULL, onepass->keyid)) < 0) {
sub = 0;
if ((j = find_keyid(cursor->pgp, NULL, onepass->keyid, &sub)) < 0) {
fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid));
snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s not found ", strkeyid);
return 0;
}
if (!match_sig_id(cursor, signature, litdata, (unsigned)j)) {
if (!match_sig_id(cursor, signature, litdata, (unsigned)j, sub)) {
return 0;
}
ARRAY_APPEND(cursor->datacookies, pkt);
j = ((j & 0xffffff) << 8) | (sub & 0xff);
ARRAY_APPEND(cursor->found, j);
return pkt + 1;
}
@ -2731,6 +2759,7 @@ pgpv_read_ssh_pubkeys(pgpv_t *pgp, const void *keyring, ssize_t size)
{
pgpv_primarykey_t primary;
USE_ARG(size);
if (pgp == NULL) {
return 0;
}

View File

@ -0,0 +1,11 @@
#! /bin/sh
version=$(awk '/^#define[ \t]+NETPGP_VERIFY_H_/ { print $3 }' verify.h)
name=netpgpverify-${version}
(cd .. &&
mv files ${name} &&
tar --exclude CVS -cvzf $HOME/${name}.tar.gz ${name} &&
ls -al $HOME/${name}.tar.gz &&
mv ${name} files)

View File

@ -0,0 +1,21 @@
#! /bin/sh
tmp=$(mktemp -d ../netpgpverify-test.XXXXXX)
pax -rwpp . ${tmp}
cat > ${tmp}/config.h <<EOF
#ifndef CONFIG_H_
#define CONFIG_H_ 20141204
#ifndef __UNCONST
#define __UNCONST(a) ((void *)(unsigned long)(const void *)(a))
#endif /* __UNCONST */
#ifndef USE_ARG
#define USE_ARG(x) /*LINTED*/(void)&(x)
#endif /* USE_ARG */
#endif /* CONFIG_H_ */
EOF
(cd ${tmp} && env USETOOLS=no make -f Makefile.bsd && make -f Makefile.bsd tst)
rm -rf ${tmp}

View File

@ -23,9 +23,9 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef NETPGP_VERIFY_H_
#define NETPGP_VERIFY_H_ 20150115
#define NETPGP_VERIFY_H_ 20150205
#define NETPGPVERIFY_VERSION "netpgpverify portable 20150115"
#define NETPGPVERIFY_VERSION "netpgpverify portable 20150205"
#include <sys/types.h>
@ -263,7 +263,7 @@ typedef struct pgpv_cursor_t {
char *op; /* operation we're doing */
char *value; /* value we're searching for */
void *ptr; /* for regexps etc */
PGPV_ARRAY(uint32_t, found); /* array of matched subscripts */
PGPV_ARRAY(uint32_t, found); /* array of matched pimary key subscripts */
PGPV_ARRAY(size_t, datacookies); /* cookies to retrieve matched data */
int64_t sigtime; /* time of signature */
char why[PGPV_REASON_LEN]; /* reason for bad signature */

View File

@ -1,4 +1,4 @@
/* $NetBSD: zlib.c,v 1.1 2014/03/09 00:15:45 agc Exp $ */
/* $NetBSD: zlib.c,v 1.2 2015/02/05 01:26:54 agc Exp $ */
/* inflate.c -- zlib decompression
* Copyright (C) 1995-2005 Mark Adler
@ -272,7 +272,7 @@ int ZEXPORT inflateReset(z_streamp strm)
struct inflate_state FAR *state;
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
strm->total_in = strm->total_out = state->total = 0;
strm->msg = Z_NULL;
strm->adler = 1; /* to support ill-conceived Java test suite */
@ -296,7 +296,7 @@ int ZEXPORT inflatePrime(z_streamp strm, int bits, int value)
struct inflate_state FAR *state;
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
if (bits > 16 || state->bits + bits > 32) return Z_STREAM_ERROR;
value &= (1L << bits) - 1;
state->hold += value << state->bits;
@ -322,7 +322,7 @@ int ZEXPORT inflateInit2_(z_streamp strm, int windowBits, const char *version, i
ZALLOC(strm, 1, sizeof(struct inflate_state));
if (state == Z_NULL) return Z_MEM_ERROR;
Tracev((stderr, "inflate: allocated\n"));
strm->state = (struct internal_state FAR *)state;
strm->state = (struct internal_state FAR *)(void *)state;
if (windowBits < 0) {
state->wrap = 0;
windowBits = -windowBits;
@ -361,7 +361,7 @@ int ZEXPORT inflateInit_( z_streamp strm, const char *version, int stream_size)
local void
fixedtables(struct inflate_state FAR *state)
{
/* $NetBSD: zlib.c,v 1.1 2014/03/09 00:15:45 agc Exp $ */
/* $NetBSD: zlib.c,v 1.2 2015/02/05 01:26:54 agc Exp $ */
/* inffixed.h -- table for decoding fixed codes
* Generated automatically by makefixed().
@ -483,7 +483,7 @@ updatewindow(z_streamp strm, unsigned out)
struct inflate_state FAR *state;
unsigned copy, dist;
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
/* if it hasn't been done already, allocate space for the window */
if (state->window == Z_NULL) {
@ -1141,7 +1141,7 @@ inflate_fast(z_streamp strm, unsigned start)
unsigned char FAR *from; /* where to copy match from */
/* copy state to local variables */
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
in = strm->next_in - OFF;
last = in + (strm->avail_in - 5);
out = strm->next_out - OFF;
@ -1462,7 +1462,7 @@ inflate(z_streamp strm, int flush)
return Z_STREAM_ERROR;
#endif
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
if (state->mode == TYPE) state->mode = TYPEDO; /* skip check */
LOAD();
in = have;
@ -2043,7 +2043,7 @@ inflateEnd(z_streamp strm)
struct inflate_state FAR *state;
if (strm == Z_NULL || strm->state == Z_NULL || strm->zfree == (free_func)0)
return Z_STREAM_ERROR;
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
if (state->window != Z_NULL) ZFREE(strm, state->window);
ZFREE(strm, strm->state);
strm->state = Z_NULL;
@ -2059,7 +2059,7 @@ inflateSetDictionary(z_streamp strm, const Bytef *dictionary, uInt dictLength)
/* check state */
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
if (state->wrap != 0 && state->mode != DICT)
return Z_STREAM_ERROR;
@ -2098,7 +2098,7 @@ inflateGetHeader(z_streamp strm, gz_headerp head)
/* check state */
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
if ((state->wrap & 2) == 0) return Z_STREAM_ERROR;
/* save header structure */
@ -2149,7 +2149,7 @@ inflateSync(z_streamp strm)
/* check parameters */
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
if (strm->avail_in == 0 && state->bits < 8) return Z_BUF_ERROR;
/* if first time, start search in bit buffer */
@ -2196,7 +2196,7 @@ inflateSyncPoint(z_streamp strm)
struct inflate_state FAR *state;
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
state = (struct inflate_state FAR *)strm->state;
state = (struct inflate_state FAR *)(void *)strm->state;
return state->mode == STORED && state->bits == 0;
}
@ -2212,7 +2212,7 @@ inflateCopy(z_streamp dest, z_streamp source)
if (dest == Z_NULL || source == Z_NULL || source->state == Z_NULL ||
source->zalloc == (alloc_func)0 || source->zfree == (free_func)0)
return Z_STREAM_ERROR;
state = (struct inflate_state FAR *)source->state;
state = (struct inflate_state FAR *)(void *)source->state;
/* allocate space */
copy = (struct inflate_state FAR *)