+ bring over change from christos in src/crypto to check for
the end of an ASCII-armored signature
+ no need for namespace protection in array.h any more, now
that netpgp/verify.h now contains opaque structures
+ minor typo clean-up in a definition (benign, ignored by compiler)
unusual build errors shown by old gcc versions (works fine for
gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32)
+ use ULL suffix on unsigned 64bit constants, not UL
+ don't typedef the public structs twice - second time just define it
without the typedef
Fixes PR pkg/51327
+ 20160705 introduced a bug whereby a key subid would match and verify
fine, but, if formatted, would not display the correct subkey
information. Fix to show the correct information in this case.
External API changes
====================
+ add a pgpv_cursor_close() function to free resources associated with
a cursor
Better memory management
========================
+ restructure the way dynamic arrays are used, to avoid memory
corruption issues and memory leaks - keep all dynamic arrays in the global
data structure, and use indices in the other data structures to index them.
Means lack of data localisation, but avoids stale pointers, and leaks.
+ make signer field of signature a uint8_t array, rather than a pointer
+ use our own version of strdup(3) - don't depend on it being
available in standard library
+ keep track of whether litdata filenames and userid were allocated or not,
and free memory in pgpv_close() if it was allocated
+ free up allocated resources which were allocated in pgpv_close()
+ get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when
the definitions moved from verify.h
+ fix obuf_add_mem() to use a const void *, as any struct can be
dumped using it
+ remove redundant NO_SUBKEYS definition - unused
+ add an (unused as yet) ARRAY_FREE() macro
+ make the pgpv_t and pgpv_cursor_t structures opaque
+ add new accessor functions for fields in the pgpv_cursor_t struct
+ add new creation functions for the pgpv_t and pgpv_cursor_t structs
+ Perform digest on correctly dash-escaped text, per RFC 4880.
Problem pointed out by Dimitri John Ledkov, fixed in a different way
(in case the last line is itself dash-escaped).
+ add test case
+ remove use of asprintf and vasprintf from libverify. Inspired
by work from Dimitri John Ledkov. Should allow building on Linux
without superfluous definitions.
+ also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri
John Ledkov
+ bring over joerg's printflike change from the netpgpverify
version in src/crypto
+ add a test for cleartext signatures with version information
to complement the one with no version information
Simplify the method of finding the end of the versioning information
in the signature - back up to the "\n" character at the end of the
signature start:
"-----BEGIN PGP SIGNATURE-----\n"
and then find the "\n\n" character sequence to denote the start of the
signature itself. The previous version worked, but this is more efficient.
+ handle signatures created by gpg with "--no-emit-version", don't assume
there will always be a version string.
+ add a test for above
Fixes security PR/51240.
Thanks to xnox@ubuntu.com for reporting the error
+ get rid of calls to snprintf which simply add the returned value to
the number of characters used so far. This practice is unsafe. Instead,
use a dynamic buffer and grow its size to accommodate the contents.
+ add USE_ARG definition to some files which use it but don't check to
see that it's been defined
pkgsrc changes:
+ Bump version number to 20160214
+ Use the same method as libnetpgpverify for finding the version number
from the sources.
Changes since 20150919:
+ fixed minor bug in BN_rand() function - used field wasn't set
+ added BN_gcd() function
+ added translation layer in header file, so that library
can be called as a BIGNUM/BN_* replacement if USE_BN_INTERFACE
is defined at compile-time
Changes since previous version (20150901)
+ Apparently, OS X 10.4 does not have an implementation of le32dec().
Instead, unroll the inline function.
Bug report from Sevan - thanks!
+ recognise signatures made by subkeys as well as by primary keys
+ print out the relevant key which signed the file, even if it's
a subkey and not the primary key itself.
+ keep the same API as before
with many thanks to Jonathan Perkin
+ dump the huge output to /dev/null so that we can see what's
happening with the other tests in testit.sh
+ fix from jperkin@, don't try to be clever when selecting the only
key id in a keyring
+ add a test for single key (non-ssh) pubring
+ dump the huge output in testing script to /dev/null so that we can
see what's happening with the other tests in testit.sh
+ fix from jperkin@, don't try to be clever when selecting the only
key id in a keyring
+ add a test for single key (non-ssh) pubring
This version includes support for the '-c dump' command, which dumps
the contents of all PGP packets to stdout. Note that since we're
verifying, no private keys are involved.
Changes since 20141129:
+ bring over lint changes from src/crypto version of this utility
+ add a helper function to get an element from a cursor
+ added a small compile and test script, which uses BSD makefiles
+ change WARNS level in BSD Makefile from 6 to 5 - changes to make
WARNS=6 compile are way too intrusive and distracting to be useful
+ bump version to 20141204
+ Check the correct field in the struct is not NULL in sig_verify_dsa()
+ Move to using our own byte-swapping routines - portability
+ Check for errors in bzlib
+ Bump version number to 20140304
Switch over to using the zero-pre-requisite netpgpverify sources by
using reachover infrastructure to make sure we have one set of
sources.
This also brings with it the benefit of being able to use SSH
public keys, as well as PGP pub keys, when verifying signatures.
Extend the package building mechanism so that it can be built using
libtool (the default), or without libtool, depending on whether
"BOOTSTRAP" is defined at package build time.
Changes from previous version:
Add the ability for netpgpverify to verify ssh-pub-key-based signatures.
It is much more likely for ssh (rather than pgp) keys to be available,
and used, as a source of authentication data. These changes add the
ability for netpgpverify(1) -- the standalone, zero-prereq utility -
to verify signatures made by netpgp when using ssh keys.
Running the regression tests in WRKDIR gives the following output:
% mk -f *.bsd tst
./netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012
signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
uid NetBSD Security Officer <security-officer@NetBSD.org>
./netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.gpg
Good signature for NetBSD-6.0_RC1_hashes.gpg made Thu Mar 14 13:32:59 2013
signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
uid NetBSD Security Officer <security-officer@NetBSD.org>
./netpgpverify -v
netpgpverify portable 20140202
./netpgpverify -S sshtest-20140202.pub data.gpg
Good signature for data.gpg made Mon Feb 3 17:54:21 2014
signature 4096/RSA (Encrypt or Sign) 4d129225945bbb8f 1970-01-01
fingerprint 874b 75de d6a3 341f 2d5a 2219 4d12 9225 945b bb8f
uid netbsd-001.cupertino.alistaircrooks.com (sshtest-20140202.pub) <agc@netbsd-001.cupertino.alistaircrooks.com>
./netpgpverify -S sshtest-20140202.pub data.sig
Good signature for data.sig made Sun Feb 2 21:45:05 2014
signature 4096/RSA (Encrypt or Sign) 4d129225945bbb8f 1970-01-01
fingerprint 874b 75de d6a3 341f 2d5a 2219 4d12 9225 945b bb8f
uid netbsd-001.cupertino.alistaircrooks.com (sshtest-20140202.pub) <agc@netbsd-001.cupertino.alistaircrooks.com>
expected failure, to check bad signatures fail to verify
sed -e 's|A|B|' data.gpg | ./netpgpverify -S sshtest-20140202.pub
Signature did not match contents -- Signature on data did not match
*** Error code 1 (ignored)
%
A new HOWTO file is provided in the sources (files/HOWTO) to show how
to sign data using ssh keys and netpgp(1).
Fix a call to mp_radix_size to use a pointer to the BIGNUM, not the
address of the pointer, when accessing. Fixes a problem observed in
other software when using the same code. The problem was obscured
from the compiler because of the use of __UNCONST(). This makes the
BN_dec2bn() and BN_hex2bn() functions (in libnetpgpverify) work
properly.
OK: wiz
