#
1.21 |
|
03-Jun-2023 |
lukem |
adapt to ${CC_WNO_IMPLICIT_FALLTHROUGH}
Use ${CC_WNO_IMPLICIT_FALLTHROUGH} instead of the older style more complex expressions.
|
#
1.20 |
|
03-Jun-2023 |
lukem |
bsd.own.mk: rename GCC_NO_* to CC_WNO_*
Rename compiler-warning-disable variables from GCC_NO_warning to CC_WNO_warning where warning is the full warning name as used by the compiler.
GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH
Using the convention CC_compilerflag, where compilerflag is based on the full compiler flag name.
|
Revision tags: netbsd-10-base
|
#
1.19 |
|
27-Aug-2022 |
rillig |
netpgp: fix or suppress a few lint warnings
No functional change.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 phil-wifi-20191119
|
#
1.18 |
|
13-Oct-2019 |
mrg |
introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8) GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8) GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8) GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many of these are false positives, most of the real bugs are already commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the "-Wno-error=" form, which still displays the warnings but does not make it an error, and all of the above will be re-considered as either being "fix me" (warning still displayed) or "warning is wrong."
|
#
1.17 |
|
29-Sep-2019 |
mrg |
convert HAVE_GCC == 7 to HAVE_GCC >= 7.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609
|
#
1.16 |
|
04-Feb-2019 |
mrg |
- use -Wno-error=implicit-fallthrough with GCC7.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.15 |
|
17-Apr-2017 |
agc |
branches: 1.15.12; Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):
Changes:
Update netpgpverify (and libnetpgpverify) to 20160614 + handle signatures created by gpg with "--no-emit-version", don't assume there will always be a version string. + add a test for above Fixes security PR 51240. Thanks to xnox@ubuntu.com for reporting the error
Update netpgpverify and libnetpgpverify to 20160615: Simplify the method of finding the end of the versioning information in the signature - back up to the "\n" character at the end of the signature start:
"-----BEGIN PGP SIGNATURE-----\n"
and then find the "\n\n" character sequence to denote the start of the signature itself. The previous version worked, but this is more efficient.
Update netpgpverify and libnetpgpverify to 20160616 + bring over joerg's printflike change from the netpgpverify version in src/crypto + add a test for cleartext signatures with version information to complement the one with no version information
Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262 + take a bit of a step backwards, and don't use stdbool.h, just to appease Solaris 10 compiler
Update netpgpverify and libnetpgpverify to 20160623 + remove use of asprintf and vasprintf from libverify. Inspired by work from Dimitri John Ledkov. Should allow building on Linux without superfluous definitions. + also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri John Ledkov
Update netpgpverify and libnetpgpverify to 20160626 + make the pgpv_t and pgpv_cursor_t structures opaque + add new accessor functions for fields in the pgpv_cursor_t struct + add new creation functions for the pgpv_t and pgpv_cursor_t structs
Update netpgpverify and libnetpgpverify to 20160704 + get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when the definitions moved from verify.h + fix obuf_add_mem() to use a const void *, as any struct can be dumped using it + remove redundant NO_SUBKEYS definition - unused + add an (unused as yet) ARRAY_FREE() macro
Update netpgpverify and libnetpgpverify to 20160705 External API changes ==================== + add a pgpv_cursor_close() function to free resources associated with a cursor Better memory management ======================== + restructure the way dynamic arrays are used, to avoid memory corruption issues and memory leaks - keep all dynamic arrays in the global data structure, and use indices in the other data structures to index them. Means lack of data localisation, but avoids stale pointers, and leaks. + make signer field of signature a uint8_t array, rather than a pointer + use our own version of strdup(3) - don't depend on it being available in standard library + keep track of whether litdata filenames and userid were allocated or not, and free memory in pgpv_close() if it was allocated + free up allocated resources which were allocated in pgpv_close()
Update netpgpverify and libnetpgpverify to 20160706 + 20160705 introduced a bug whereby a key subid would match and verify fine, but, if formatted, would not display the correct subkey information. Fix to show the correct information in this case.
Update netpgpverify and libnetpgpverify to 20160707 to fix some unusual build errors shown by old gcc versions (works fine for gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32) + use ULL suffix on unsigned 64bit constants, not UL + don't typedef the public structs twice - second time just define it without the typedef Fixes PR 51327
Update netpgpverify and libnetpgpverify to 20160708 + clear and free bignums properly - helps immensely with plugging memory leaks
Update netpgpverify and libnetpgpverify to 20160828 + bring over change from christos in src/crypto to check for the end of an ASCII-armored signature + no need for namespace protection in array.h any more, now that netpgp/verify.h now contains opaque structures + minor typo clean-up in a definition (benign, ignored by compiler)
update netpgpverify and libnetpgpverify to 20170201 + make sure howmany() macro is defined pointed out by cube - thanks!
|
Revision tags: pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.14 |
|
14-Jun-2016 |
agc |
branches: 1.14.2; 1.14.4; add test for signatures produced by gpg --no-emit-version
|
#
1.13 |
|
05-Dec-2014 |
agc |
Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility.
+ libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.12 |
|
13-Mar-2014 |
joerg |
branches: 1.12.4; It's nonliteral format strings it should not warn about.
|
#
1.11 |
|
13-Mar-2014 |
martin |
Older gcc does not support -Wno-format-literal
|
#
1.10 |
|
12-Mar-2014 |
agc |
Turn off literal format string warnings for one file
A better fix is coming
|
#
1.9 |
|
10-Mar-2014 |
agc |
fix typo in previous commit
|
#
1.8 |
|
09-Mar-2014 |
christos |
WARNS=6 is impossible for this code :-)
|
#
1.7 |
|
09-Mar-2014 |
christos |
proper include
|
#
1.6 |
|
09-Mar-2014 |
agc |
Install the binary in the correct location
|
#
1.5 |
|
09-Mar-2014 |
agc |
Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify.
No functional change.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.4 |
|
22-Nov-2012 |
agc |
branches: 1.4.2; 1.4.6; revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs
|
#
1.3 |
|
22-Nov-2012 |
agc |
link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS.
|
#
1.2 |
|
20-Nov-2012 |
agc |
Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch.
Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages.
netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it.
% supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total %
% make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s]
2/2 passed (0 failed) Committed action 19 %
|
Revision tags: yamt-pagecache-base6 yamt-pagecache-base5
|
#
1.1 |
|
06-May-2012 |
agc |
branches: 1.1.2; file Makefile was initially added on branch agc-netpgp-standalone.
|
#
1.19 |
|
27-Aug-2022 |
rillig |
netpgp: fix or suppress a few lint warnings
No functional change.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 phil-wifi-20191119
|
#
1.18 |
|
13-Oct-2019 |
mrg |
introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8) GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8) GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8) GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many of these are false positives, most of the real bugs are already commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the "-Wno-error=" form, which still displays the warnings but does not make it an error, and all of the above will be re-considered as either being "fix me" (warning still displayed) or "warning is wrong."
|
#
1.17 |
|
29-Sep-2019 |
mrg |
convert HAVE_GCC == 7 to HAVE_GCC >= 7.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609
|
#
1.16 |
|
04-Feb-2019 |
mrg |
- use -Wno-error=implicit-fallthrough with GCC7.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.15 |
|
17-Apr-2017 |
agc |
branches: 1.15.12; Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):
Changes:
Update netpgpverify (and libnetpgpverify) to 20160614 + handle signatures created by gpg with "--no-emit-version", don't assume there will always be a version string. + add a test for above Fixes security PR 51240. Thanks to xnox@ubuntu.com for reporting the error
Update netpgpverify and libnetpgpverify to 20160615: Simplify the method of finding the end of the versioning information in the signature - back up to the "\n" character at the end of the signature start:
"-----BEGIN PGP SIGNATURE-----\n"
and then find the "\n\n" character sequence to denote the start of the signature itself. The previous version worked, but this is more efficient.
Update netpgpverify and libnetpgpverify to 20160616 + bring over joerg's printflike change from the netpgpverify version in src/crypto + add a test for cleartext signatures with version information to complement the one with no version information
Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262 + take a bit of a step backwards, and don't use stdbool.h, just to appease Solaris 10 compiler
Update netpgpverify and libnetpgpverify to 20160623 + remove use of asprintf and vasprintf from libverify. Inspired by work from Dimitri John Ledkov. Should allow building on Linux without superfluous definitions. + also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri John Ledkov
Update netpgpverify and libnetpgpverify to 20160626 + make the pgpv_t and pgpv_cursor_t structures opaque + add new accessor functions for fields in the pgpv_cursor_t struct + add new creation functions for the pgpv_t and pgpv_cursor_t structs
Update netpgpverify and libnetpgpverify to 20160704 + get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when the definitions moved from verify.h + fix obuf_add_mem() to use a const void *, as any struct can be dumped using it + remove redundant NO_SUBKEYS definition - unused + add an (unused as yet) ARRAY_FREE() macro
Update netpgpverify and libnetpgpverify to 20160705 External API changes ==================== + add a pgpv_cursor_close() function to free resources associated with a cursor Better memory management ======================== + restructure the way dynamic arrays are used, to avoid memory corruption issues and memory leaks - keep all dynamic arrays in the global data structure, and use indices in the other data structures to index them. Means lack of data localisation, but avoids stale pointers, and leaks. + make signer field of signature a uint8_t array, rather than a pointer + use our own version of strdup(3) - don't depend on it being available in standard library + keep track of whether litdata filenames and userid were allocated or not, and free memory in pgpv_close() if it was allocated + free up allocated resources which were allocated in pgpv_close()
Update netpgpverify and libnetpgpverify to 20160706 + 20160705 introduced a bug whereby a key subid would match and verify fine, but, if formatted, would not display the correct subkey information. Fix to show the correct information in this case.
Update netpgpverify and libnetpgpverify to 20160707 to fix some unusual build errors shown by old gcc versions (works fine for gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32) + use ULL suffix on unsigned 64bit constants, not UL + don't typedef the public structs twice - second time just define it without the typedef Fixes PR 51327
Update netpgpverify and libnetpgpverify to 20160708 + clear and free bignums properly - helps immensely with plugging memory leaks
Update netpgpverify and libnetpgpverify to 20160828 + bring over change from christos in src/crypto to check for the end of an ASCII-armored signature + no need for namespace protection in array.h any more, now that netpgp/verify.h now contains opaque structures + minor typo clean-up in a definition (benign, ignored by compiler)
update netpgpverify and libnetpgpverify to 20170201 + make sure howmany() macro is defined pointed out by cube - thanks!
|
Revision tags: pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.14 |
|
14-Jun-2016 |
agc |
branches: 1.14.2; 1.14.4; add test for signatures produced by gpg --no-emit-version
|
#
1.13 |
|
05-Dec-2014 |
agc |
Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility.
+ libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.12 |
|
13-Mar-2014 |
joerg |
branches: 1.12.4; It's nonliteral format strings it should not warn about.
|
#
1.11 |
|
13-Mar-2014 |
martin |
Older gcc does not support -Wno-format-literal
|
#
1.10 |
|
12-Mar-2014 |
agc |
Turn off literal format string warnings for one file
A better fix is coming
|
#
1.9 |
|
10-Mar-2014 |
agc |
fix typo in previous commit
|
#
1.8 |
|
09-Mar-2014 |
christos |
WARNS=6 is impossible for this code :-)
|
#
1.7 |
|
09-Mar-2014 |
christos |
proper include
|
#
1.6 |
|
09-Mar-2014 |
agc |
Install the binary in the correct location
|
#
1.5 |
|
09-Mar-2014 |
agc |
Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify.
No functional change.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.4 |
|
22-Nov-2012 |
agc |
branches: 1.4.2; 1.4.6; revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs
|
#
1.3 |
|
22-Nov-2012 |
agc |
link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS.
|
#
1.2 |
|
20-Nov-2012 |
agc |
Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch.
Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages.
netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it.
% supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total %
% make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s]
2/2 passed (0 failed) Committed action 19 %
|
Revision tags: yamt-pagecache-base6 yamt-pagecache-base5
|
#
1.1 |
|
06-May-2012 |
agc |
branches: 1.1.2; file Makefile was initially added on branch agc-netpgp-standalone.
|
#
1.18 |
|
13-Oct-2019 |
mrg |
introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8) GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8) GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8) GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many of these are false positives, most of the real bugs are already commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the "-Wno-error=" form, which still displays the warnings but does not make it an error, and all of the above will be re-considered as either being "fix me" (warning still displayed) or "warning is wrong."
|
#
1.17 |
|
29-Sep-2019 |
mrg |
convert HAVE_GCC == 7 to HAVE_GCC >= 7.
|
Revision tags: netbsd-9-base phil-wifi-20190609
|
#
1.16 |
|
04-Feb-2019 |
mrg |
- use -Wno-error=implicit-fallthrough with GCC7.
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.15 |
|
17-Apr-2017 |
agc |
branches: 1.15.12; Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):
Changes:
Update netpgpverify (and libnetpgpverify) to 20160614 + handle signatures created by gpg with "--no-emit-version", don't assume there will always be a version string. + add a test for above Fixes security PR 51240. Thanks to xnox@ubuntu.com for reporting the error
Update netpgpverify and libnetpgpverify to 20160615: Simplify the method of finding the end of the versioning information in the signature - back up to the "\n" character at the end of the signature start:
"-----BEGIN PGP SIGNATURE-----\n"
and then find the "\n\n" character sequence to denote the start of the signature itself. The previous version worked, but this is more efficient.
Update netpgpverify and libnetpgpverify to 20160616 + bring over joerg's printflike change from the netpgpverify version in src/crypto + add a test for cleartext signatures with version information to complement the one with no version information
Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262 + take a bit of a step backwards, and don't use stdbool.h, just to appease Solaris 10 compiler
Update netpgpverify and libnetpgpverify to 20160623 + remove use of asprintf and vasprintf from libverify. Inspired by work from Dimitri John Ledkov. Should allow building on Linux without superfluous definitions. + also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri John Ledkov
Update netpgpverify and libnetpgpverify to 20160626 + make the pgpv_t and pgpv_cursor_t structures opaque + add new accessor functions for fields in the pgpv_cursor_t struct + add new creation functions for the pgpv_t and pgpv_cursor_t structs
Update netpgpverify and libnetpgpverify to 20160704 + get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when the definitions moved from verify.h + fix obuf_add_mem() to use a const void *, as any struct can be dumped using it + remove redundant NO_SUBKEYS definition - unused + add an (unused as yet) ARRAY_FREE() macro
Update netpgpverify and libnetpgpverify to 20160705 External API changes ==================== + add a pgpv_cursor_close() function to free resources associated with a cursor Better memory management ======================== + restructure the way dynamic arrays are used, to avoid memory corruption issues and memory leaks - keep all dynamic arrays in the global data structure, and use indices in the other data structures to index them. Means lack of data localisation, but avoids stale pointers, and leaks. + make signer field of signature a uint8_t array, rather than a pointer + use our own version of strdup(3) - don't depend on it being available in standard library + keep track of whether litdata filenames and userid were allocated or not, and free memory in pgpv_close() if it was allocated + free up allocated resources which were allocated in pgpv_close()
Update netpgpverify and libnetpgpverify to 20160706 + 20160705 introduced a bug whereby a key subid would match and verify fine, but, if formatted, would not display the correct subkey information. Fix to show the correct information in this case.
Update netpgpverify and libnetpgpverify to 20160707 to fix some unusual build errors shown by old gcc versions (works fine for gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32) + use ULL suffix on unsigned 64bit constants, not UL + don't typedef the public structs twice - second time just define it without the typedef Fixes PR 51327
Update netpgpverify and libnetpgpverify to 20160708 + clear and free bignums properly - helps immensely with plugging memory leaks
Update netpgpverify and libnetpgpverify to 20160828 + bring over change from christos in src/crypto to check for the end of an ASCII-armored signature + no need for namespace protection in array.h any more, now that netpgp/verify.h now contains opaque structures + minor typo clean-up in a definition (benign, ignored by compiler)
update netpgpverify and libnetpgpverify to 20170201 + make sure howmany() macro is defined pointed out by cube - thanks!
|
Revision tags: pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.14 |
|
14-Jun-2016 |
agc |
branches: 1.14.2; 1.14.4; add test for signatures produced by gpg --no-emit-version
|
#
1.13 |
|
05-Dec-2014 |
agc |
Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility.
+ libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.12 |
|
13-Mar-2014 |
joerg |
branches: 1.12.4; It's nonliteral format strings it should not warn about.
|
#
1.11 |
|
13-Mar-2014 |
martin |
Older gcc does not support -Wno-format-literal
|
#
1.10 |
|
12-Mar-2014 |
agc |
Turn off literal format string warnings for one file
A better fix is coming
|
#
1.9 |
|
10-Mar-2014 |
agc |
fix typo in previous commit
|
#
1.8 |
|
09-Mar-2014 |
christos |
WARNS=6 is impossible for this code :-)
|
#
1.7 |
|
09-Mar-2014 |
christos |
proper include
|
#
1.6 |
|
09-Mar-2014 |
agc |
Install the binary in the correct location
|
#
1.5 |
|
09-Mar-2014 |
agc |
Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify.
No functional change.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.4 |
|
22-Nov-2012 |
agc |
branches: 1.4.2; 1.4.6; revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs
|
#
1.3 |
|
22-Nov-2012 |
agc |
link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS.
|
#
1.2 |
|
20-Nov-2012 |
agc |
Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch.
Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages.
netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it.
% supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total %
% make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s]
2/2 passed (0 failed) Committed action 19 %
|
Revision tags: yamt-pagecache-base6 yamt-pagecache-base5
|
#
1.1 |
|
06-May-2012 |
agc |
branches: 1.1.2; file Makefile was initially added on branch agc-netpgp-standalone.
|
#
1.17 |
|
29-Sep-2019 |
mrg |
convert HAVE_GCC == 7 to HAVE_GCC >= 7.
|
Revision tags: netbsd-9-base phil-wifi-20190609
|
#
1.16 |
|
04-Feb-2019 |
mrg |
- use -Wno-error=implicit-fallthrough with GCC7.
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.15 |
|
17-Apr-2017 |
agc |
branches: 1.15.12; Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):
Changes:
Update netpgpverify (and libnetpgpverify) to 20160614 + handle signatures created by gpg with "--no-emit-version", don't assume there will always be a version string. + add a test for above Fixes security PR 51240. Thanks to xnox@ubuntu.com for reporting the error
Update netpgpverify and libnetpgpverify to 20160615: Simplify the method of finding the end of the versioning information in the signature - back up to the "\n" character at the end of the signature start:
"-----BEGIN PGP SIGNATURE-----\n"
and then find the "\n\n" character sequence to denote the start of the signature itself. The previous version worked, but this is more efficient.
Update netpgpverify and libnetpgpverify to 20160616 + bring over joerg's printflike change from the netpgpverify version in src/crypto + add a test for cleartext signatures with version information to complement the one with no version information
Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262 + take a bit of a step backwards, and don't use stdbool.h, just to appease Solaris 10 compiler
Update netpgpverify and libnetpgpverify to 20160623 + remove use of asprintf and vasprintf from libverify. Inspired by work from Dimitri John Ledkov. Should allow building on Linux without superfluous definitions. + also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri John Ledkov
Update netpgpverify and libnetpgpverify to 20160626 + make the pgpv_t and pgpv_cursor_t structures opaque + add new accessor functions for fields in the pgpv_cursor_t struct + add new creation functions for the pgpv_t and pgpv_cursor_t structs
Update netpgpverify and libnetpgpverify to 20160704 + get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when the definitions moved from verify.h + fix obuf_add_mem() to use a const void *, as any struct can be dumped using it + remove redundant NO_SUBKEYS definition - unused + add an (unused as yet) ARRAY_FREE() macro
Update netpgpverify and libnetpgpverify to 20160705 External API changes ==================== + add a pgpv_cursor_close() function to free resources associated with a cursor Better memory management ======================== + restructure the way dynamic arrays are used, to avoid memory corruption issues and memory leaks - keep all dynamic arrays in the global data structure, and use indices in the other data structures to index them. Means lack of data localisation, but avoids stale pointers, and leaks. + make signer field of signature a uint8_t array, rather than a pointer + use our own version of strdup(3) - don't depend on it being available in standard library + keep track of whether litdata filenames and userid were allocated or not, and free memory in pgpv_close() if it was allocated + free up allocated resources which were allocated in pgpv_close()
Update netpgpverify and libnetpgpverify to 20160706 + 20160705 introduced a bug whereby a key subid would match and verify fine, but, if formatted, would not display the correct subkey information. Fix to show the correct information in this case.
Update netpgpverify and libnetpgpverify to 20160707 to fix some unusual build errors shown by old gcc versions (works fine for gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32) + use ULL suffix on unsigned 64bit constants, not UL + don't typedef the public structs twice - second time just define it without the typedef Fixes PR 51327
Update netpgpverify and libnetpgpverify to 20160708 + clear and free bignums properly - helps immensely with plugging memory leaks
Update netpgpverify and libnetpgpverify to 20160828 + bring over change from christos in src/crypto to check for the end of an ASCII-armored signature + no need for namespace protection in array.h any more, now that netpgp/verify.h now contains opaque structures + minor typo clean-up in a definition (benign, ignored by compiler)
update netpgpverify and libnetpgpverify to 20170201 + make sure howmany() macro is defined pointed out by cube - thanks!
|
Revision tags: pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.14 |
|
14-Jun-2016 |
agc |
branches: 1.14.2; 1.14.4; add test for signatures produced by gpg --no-emit-version
|
#
1.13 |
|
05-Dec-2014 |
agc |
Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility.
+ libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.12 |
|
13-Mar-2014 |
joerg |
branches: 1.12.4; It's nonliteral format strings it should not warn about.
|
#
1.11 |
|
13-Mar-2014 |
martin |
Older gcc does not support -Wno-format-literal
|
#
1.10 |
|
12-Mar-2014 |
agc |
Turn off literal format string warnings for one file
A better fix is coming
|
#
1.9 |
|
10-Mar-2014 |
agc |
fix typo in previous commit
|
#
1.8 |
|
09-Mar-2014 |
christos |
WARNS=6 is impossible for this code :-)
|
#
1.7 |
|
09-Mar-2014 |
christos |
proper include
|
#
1.6 |
|
09-Mar-2014 |
agc |
Install the binary in the correct location
|
#
1.5 |
|
09-Mar-2014 |
agc |
Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify.
No functional change.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.4 |
|
22-Nov-2012 |
agc |
branches: 1.4.2; 1.4.6; revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs
|
#
1.3 |
|
22-Nov-2012 |
agc |
link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS.
|
#
1.2 |
|
20-Nov-2012 |
agc |
Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch.
Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages.
netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it.
% supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total %
% make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s]
2/2 passed (0 failed) Committed action 19 %
|
Revision tags: yamt-pagecache-base6 yamt-pagecache-base5
|
#
1.1 |
|
06-May-2012 |
agc |
branches: 1.1.2; file Makefile was initially added on branch agc-netpgp-standalone.
|
#
1.16 |
|
04-Feb-2019 |
mrg |
- use -Wno-error=implicit-fallthrough with GCC7.
|
Revision tags: pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.15 |
|
17-Apr-2017 |
agc |
Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):
Changes:
Update netpgpverify (and libnetpgpverify) to 20160614 + handle signatures created by gpg with "--no-emit-version", don't assume there will always be a version string. + add a test for above Fixes security PR 51240. Thanks to xnox@ubuntu.com for reporting the error
Update netpgpverify and libnetpgpverify to 20160615: Simplify the method of finding the end of the versioning information in the signature - back up to the "\n" character at the end of the signature start:
"-----BEGIN PGP SIGNATURE-----\n"
and then find the "\n\n" character sequence to denote the start of the signature itself. The previous version worked, but this is more efficient.
Update netpgpverify and libnetpgpverify to 20160616 + bring over joerg's printflike change from the netpgpverify version in src/crypto + add a test for cleartext signatures with version information to complement the one with no version information
Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262 + take a bit of a step backwards, and don't use stdbool.h, just to appease Solaris 10 compiler
Update netpgpverify and libnetpgpverify to 20160623 + remove use of asprintf and vasprintf from libverify. Inspired by work from Dimitri John Ledkov. Should allow building on Linux without superfluous definitions. + also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri John Ledkov
Update netpgpverify and libnetpgpverify to 20160626 + make the pgpv_t and pgpv_cursor_t structures opaque + add new accessor functions for fields in the pgpv_cursor_t struct + add new creation functions for the pgpv_t and pgpv_cursor_t structs
Update netpgpverify and libnetpgpverify to 20160704 + get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when the definitions moved from verify.h + fix obuf_add_mem() to use a const void *, as any struct can be dumped using it + remove redundant NO_SUBKEYS definition - unused + add an (unused as yet) ARRAY_FREE() macro
Update netpgpverify and libnetpgpverify to 20160705 External API changes ==================== + add a pgpv_cursor_close() function to free resources associated with a cursor Better memory management ======================== + restructure the way dynamic arrays are used, to avoid memory corruption issues and memory leaks - keep all dynamic arrays in the global data structure, and use indices in the other data structures to index them. Means lack of data localisation, but avoids stale pointers, and leaks. + make signer field of signature a uint8_t array, rather than a pointer + use our own version of strdup(3) - don't depend on it being available in standard library + keep track of whether litdata filenames and userid were allocated or not, and free memory in pgpv_close() if it was allocated + free up allocated resources which were allocated in pgpv_close()
Update netpgpverify and libnetpgpverify to 20160706 + 20160705 introduced a bug whereby a key subid would match and verify fine, but, if formatted, would not display the correct subkey information. Fix to show the correct information in this case.
Update netpgpverify and libnetpgpverify to 20160707 to fix some unusual build errors shown by old gcc versions (works fine for gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32) + use ULL suffix on unsigned 64bit constants, not UL + don't typedef the public structs twice - second time just define it without the typedef Fixes PR 51327
Update netpgpverify and libnetpgpverify to 20160708 + clear and free bignums properly - helps immensely with plugging memory leaks
Update netpgpverify and libnetpgpverify to 20160828 + bring over change from christos in src/crypto to check for the end of an ASCII-armored signature + no need for namespace protection in array.h any more, now that netpgp/verify.h now contains opaque structures + minor typo clean-up in a definition (benign, ignored by compiler)
update netpgpverify and libnetpgpverify to 20170201 + make sure howmany() macro is defined pointed out by cube - thanks!
|
Revision tags: pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.14 |
|
14-Jun-2016 |
agc |
branches: 1.14.2; 1.14.4; add test for signatures produced by gpg --no-emit-version
|
#
1.13 |
|
05-Dec-2014 |
agc |
Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility.
+ libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.12 |
|
13-Mar-2014 |
joerg |
branches: 1.12.4; It's nonliteral format strings it should not warn about.
|
#
1.11 |
|
13-Mar-2014 |
martin |
Older gcc does not support -Wno-format-literal
|
#
1.10 |
|
12-Mar-2014 |
agc |
Turn off literal format string warnings for one file
A better fix is coming
|
#
1.9 |
|
10-Mar-2014 |
agc |
fix typo in previous commit
|
#
1.8 |
|
09-Mar-2014 |
christos |
WARNS=6 is impossible for this code :-)
|
#
1.7 |
|
09-Mar-2014 |
christos |
proper include
|
#
1.6 |
|
09-Mar-2014 |
agc |
Install the binary in the correct location
|
#
1.5 |
|
09-Mar-2014 |
agc |
Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify.
No functional change.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.4 |
|
22-Nov-2012 |
agc |
branches: 1.4.2; 1.4.6; revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs
|
#
1.3 |
|
22-Nov-2012 |
agc |
link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS.
|
#
1.2 |
|
20-Nov-2012 |
agc |
Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch.
Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages.
netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it.
% supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total %
% make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s]
2/2 passed (0 failed) Committed action 19 %
|
Revision tags: yamt-pagecache-base6 yamt-pagecache-base5
|
#
1.1 |
|
06-May-2012 |
agc |
branches: 1.1.2; file Makefile was initially added on branch agc-netpgp-standalone.
|
Revision tags: prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.15 |
|
17-Apr-2017 |
agc |
Update netpgpverify sources in base from 20160617 to 20170201 (i.e. bring over changes from master sources in pkgsrc/security/netpgpverify, version 20170201):
Changes:
Update netpgpverify (and libnetpgpverify) to 20160614 + handle signatures created by gpg with "--no-emit-version", don't assume there will always be a version string. + add a test for above Fixes security PR 51240. Thanks to xnox@ubuntu.com for reporting the error
Update netpgpverify and libnetpgpverify to 20160615: Simplify the method of finding the end of the versioning information in the signature - back up to the "\n" character at the end of the signature start:
"-----BEGIN PGP SIGNATURE-----\n"
and then find the "\n\n" character sequence to denote the start of the signature itself. The previous version worked, but this is more efficient.
Update netpgpverify and libnetpgpverify to 20160616 + bring over joerg's printflike change from the netpgpverify version in src/crypto + add a test for cleartext signatures with version information to complement the one with no version information
Update netpgpverify and libnetpgpverify to 20160622 during freeze to fix PR 51262 + take a bit of a step backwards, and don't use stdbool.h, just to appease Solaris 10 compiler
Update netpgpverify and libnetpgpverify to 20160623 + remove use of asprintf and vasprintf from libverify. Inspired by work from Dimitri John Ledkov. Should allow building on Linux without superfluous definitions. + also free the BIGNUM struct in PGPV_BN_clear() - from Dimitri John Ledkov
Update netpgpverify and libnetpgpverify to 20160626 + make the pgpv_t and pgpv_cursor_t structures opaque + add new accessor functions for fields in the pgpv_cursor_t struct + add new creation functions for the pgpv_t and pgpv_cursor_t structs
Update netpgpverify and libnetpgpverify to 20160704 + get rid of redundant PGPV_ARRAY definition in libverify.c, brought in when the definitions moved from verify.h + fix obuf_add_mem() to use a const void *, as any struct can be dumped using it + remove redundant NO_SUBKEYS definition - unused + add an (unused as yet) ARRAY_FREE() macro
Update netpgpverify and libnetpgpverify to 20160705 External API changes ==================== + add a pgpv_cursor_close() function to free resources associated with a cursor Better memory management ======================== + restructure the way dynamic arrays are used, to avoid memory corruption issues and memory leaks - keep all dynamic arrays in the global data structure, and use indices in the other data structures to index them. Means lack of data localisation, but avoids stale pointers, and leaks. + make signer field of signature a uint8_t array, rather than a pointer + use our own version of strdup(3) - don't depend on it being available in standard library + keep track of whether litdata filenames and userid were allocated or not, and free memory in pgpv_close() if it was allocated + free up allocated resources which were allocated in pgpv_close()
Update netpgpverify and libnetpgpverify to 20160706 + 20160705 introduced a bug whereby a key subid would match and verify fine, but, if formatted, would not display the correct subkey information. Fix to show the correct information in this case.
Update netpgpverify and libnetpgpverify to 20160707 to fix some unusual build errors shown by old gcc versions (works fine for gcc-5.2.1 on ubuntu and gcc-5.3.0 on NetBSD 7.99.32) + use ULL suffix on unsigned 64bit constants, not UL + don't typedef the public structs twice - second time just define it without the typedef Fixes PR 51327
Update netpgpverify and libnetpgpverify to 20160708 + clear and free bignums properly - helps immensely with plugging memory leaks
Update netpgpverify and libnetpgpverify to 20160828 + bring over change from christos in src/crypto to check for the end of an ASCII-armored signature + no need for namespace protection in array.h any more, now that netpgp/verify.h now contains opaque structures + minor typo clean-up in a definition (benign, ignored by compiler)
update netpgpverify and libnetpgpverify to 20170201 + make sure howmany() macro is defined pointed out by cube - thanks!
|
Revision tags: pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.14 |
|
14-Jun-2016 |
agc |
branches: 1.14.2; 1.14.4; add test for signatures produced by gpg --no-emit-version
|
#
1.13 |
|
05-Dec-2014 |
agc |
Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility.
+ libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.12 |
|
13-Mar-2014 |
joerg |
branches: 1.12.4; It's nonliteral format strings it should not warn about.
|
#
1.11 |
|
13-Mar-2014 |
martin |
Older gcc does not support -Wno-format-literal
|
#
1.10 |
|
12-Mar-2014 |
agc |
Turn off literal format string warnings for one file
A better fix is coming
|
#
1.9 |
|
10-Mar-2014 |
agc |
fix typo in previous commit
|
#
1.8 |
|
09-Mar-2014 |
christos |
WARNS=6 is impossible for this code :-)
|
#
1.7 |
|
09-Mar-2014 |
christos |
proper include
|
#
1.6 |
|
09-Mar-2014 |
agc |
Install the binary in the correct location
|
#
1.5 |
|
09-Mar-2014 |
agc |
Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify.
No functional change.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.4 |
|
22-Nov-2012 |
agc |
branches: 1.4.2; 1.4.6; revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs
|
#
1.3 |
|
22-Nov-2012 |
agc |
link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS.
|
#
1.2 |
|
20-Nov-2012 |
agc |
Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch.
Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages.
netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it.
% supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total %
% make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s]
2/2 passed (0 failed) Committed action 19 %
|
Revision tags: yamt-pagecache-base6 yamt-pagecache-base5
|
#
1.1 |
|
06-May-2012 |
agc |
branches: 1.1.2; file Makefile was initially added on branch agc-netpgp-standalone.
|
Revision tags: pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.14 |
|
14-Jun-2016 |
agc |
add test for signatures produced by gpg --no-emit-version
|
#
1.13 |
|
04-Dec-2014 |
agc |
Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility.
+ libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.12 |
|
12-Mar-2014 |
joerg |
branches: 1.12.4; It's nonliteral format strings it should not warn about.
|
#
1.11 |
|
13-Mar-2014 |
martin |
Older gcc does not support -Wno-format-literal
|
#
1.10 |
|
12-Mar-2014 |
agc |
Turn off literal format string warnings for one file
A better fix is coming
|
#
1.9 |
|
10-Mar-2014 |
agc |
fix typo in previous commit
|
#
1.8 |
|
09-Mar-2014 |
christos |
WARNS=6 is impossible for this code :-)
|
#
1.7 |
|
08-Mar-2014 |
christos |
proper include
|
#
1.6 |
|
08-Mar-2014 |
agc |
Install the binary in the correct location
|
#
1.5 |
|
08-Mar-2014 |
agc |
Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify.
No functional change.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.4 |
|
22-Nov-2012 |
agc |
branches: 1.4.2; 1.4.6; revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs
|
#
1.3 |
|
21-Nov-2012 |
agc |
link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS.
|
#
1.2 |
|
19-Nov-2012 |
agc |
Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch.
Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages.
netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it.
% supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total %
% make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s]
2/2 passed (0 failed) Committed action 19 %
|
Revision tags: yamt-pagecache-base6 yamt-pagecache-base5
|
#
1.1 |
|
06-May-2012 |
agc |
branches: 1.1.2; file Makefile was initially added on branch agc-netpgp-standalone.
|
#
1.13 |
|
04-Dec-2014 |
agc |
Bring over the 20141204 portable version of netpgpverify from pkgsrc
+ Remove unused logmessage helper function
+ Add pgpv_get_cursor_element for easier manipulation of results returned.
+ libnetpgpverify(3) man page improvements
+ Standardise on WARNS=5 settings (6 is too intrusive and distracting)
+ Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility.
+ libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|
#
1.12 |
|
13-Mar-2014 |
joerg |
branches: 1.12.4; It's nonliteral format strings it should not warn about.
|
#
1.11 |
|
13-Mar-2014 |
martin |
Older gcc does not support -Wno-format-literal
|
#
1.10 |
|
12-Mar-2014 |
agc |
Turn off literal format string warnings for one file
A better fix is coming
|
#
1.9 |
|
10-Mar-2014 |
agc |
fix typo in previous commit
|
#
1.8 |
|
09-Mar-2014 |
christos |
WARNS=6 is impossible for this code :-)
|
#
1.7 |
|
08-Mar-2014 |
christos |
proper include
|
#
1.6 |
|
08-Mar-2014 |
agc |
Install the binary in the correct location
|
#
1.5 |
|
08-Mar-2014 |
agc |
Bring over the standalone netpgpverify sources from pkgsrc/security/netpgpverify.
No functional change.
|
#
1.4 |
|
22-Nov-2012 |
agc |
branches: 1.4.2; 1.4.6; revert previous change for LIBDPLIBS until I have a chance to work out the order for building pre-req libs
|
#
1.3 |
|
21-Nov-2012 |
agc |
link libz and libbz2 into the netpgpverify library, rather than into the executable, via LIBDPLIBS.
|
#
1.2 |
|
19-Nov-2012 |
agc |
Merge netpgpverify(1) and libnetpgpverify(3) from the agc-netpgp-standalone branch.
Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a completely new implementation, and uses its own bignum library derived from libtommath. Apart from libz and libbz2, it just uses its own library and is self-contained - this makes it easier to embed, and to use from scripting languages.
netpgpverify(1) now verifies all the signed files i've thrown at it, and the added bonus of using no functionality from libcrypto - all of its bignum functionality comes from its own libnetpgpverify.so. netpgpverify(1) now verifies not only signatures on binary files, but also signatures on text documents. This fixes PR/46930. Please don't start me on the hoops I had to jump through to calculate the digests on text files; trust me, you will regret it.
% supersize `which netpgpverify` text data bss dec hex filename 4452 860 72 5384 1508 /usr/bin/netpgpverify 79542 1408 0 80950 13c36 /usr/lib/libz.so.1 43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1 1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12 57253 4184 0 61437 effd /usr/lib/libbz2.so.1 108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4 1612083 58792 69832 1740707 0x1a8fa3 total %
% make t env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16 diff expected16 output16 rm -f output16 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17 diff expected17 output17 rm -f output17 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18 diff expected18 output18 rm -f output18 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19 diff expected19 output19 rm -f output19 ... env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45 diff expected45 output45 rm -f output45 env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46 diff expected46 output46 rm -f output46 cd tests/netpgpverify && make && atf-run atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile t_netpgpverify:netpgpverify_rsa -> passed [0.221s] t_netpgpverify:netpgpverify_dsa -> passed [0.117s]
2/2 passed (0 failed) Committed action 19 %
|
#
1.1 |
|
06-May-2012 |
agc |
branches: 1.1.2; file Makefile was initially added on branch agc-netpgp-standalone.
|
#
1.1.2.6 |
|
29-Oct-2012 |
agc |
changes to libnetpgpverify:
+ isolate the RSA verification code (the DSA verification code was isolated previously), and include it in our sources, rather than including the source for librsa, (and thus bringing in all the code for signing and encryption/decryption) - no crypto is involved in signature verification, just the digest calculation, and the BIGNUM expmod.
+ check some more arguments
+ order the user ids as expected in public keys (i.e. if there's a primary user id signature sub-packet, honor it), and fix up the regression test results accordingly.
|
#
1.1.2.5 |
|
23-Oct-2012 |
agc |
get rid of RCS Ids in test files - both input and expected output
|
#
1.1.2.4 |
|
23-Oct-2012 |
agc |
Fix a tyop in the getopt string so that it specifies that -k takes an argument - makes the specification of public keyrings work again.
Make pgpv_verify return a cookie if the signature matches, rather than just a plain pseudo-boolean value. The cookie can be used subsequently to retrieve the verified data
Use the cookie as input to pgp_get_verified()
Add tests for DSA key verification
|
#
1.1.2.3 |
|
20-Oct-2012 |
agc |
install into the correct place
|
#
1.1.2.2 |
|
19-Oct-2012 |
agc |
Replace the netpgpverify command and libnetpgpverify in the agc-netpgp-standalone branch with a completely rewritten "from the RFC up" version designed to be small, standalone, and easy to maintain.
% ldd bin/netpgpverify/netpgpverify bin/netpgpverify/netpgpverify: -lz.1 => /usr/lib/libz.so.1 -lgcc_s.1 => /usr/lib/libgcc_s.so.1 -lc.12 => /usr/lib/libc.so.12 -lbz2.1 => /usr/lib/libbz2.so.1 -lnetpgpverify.4 => /usr/lib/libnetpgpverify.so.4 % ldd lib/verify/libnetpgpverify.so lib/verify/libnetpgpverify.so: -lc.12 => /usr/lib/libc.so.12 % ls -al lib/verify/libnetpgpverify* bin/netpgpverify/netpgpverify -rwxr-xr-x 1 agc agc 10502 Oct 18 20:59 bin/netpgpverify/netpgpverify -rw-r--r-- 1 agc agc 159720 Oct 18 20:59 lib/verify/libnetpgpverify.a -rw-r--r-- 1 agc agc 4822 Oct 18 20:59 lib/verify/libnetpgpverify.html3 lrwxr-xr-x 1 agc agc 22 Oct 18 20:59 lib/verify/libnetpgpverify.so -> libnetpgpverify.so.4.0 lrwxr-xr-x 1 agc agc 22 Oct 18 20:59 lib/verify/libnetpgpverify.so.4 -> libnetpgpverify.so.4.0 -rwxr-xr-x 1 agc agc 123069 Oct 18 20:59 lib/verify/libnetpgpverify.so.4.0 -rw-r--r-- 1 agc agc 169696 Oct 18 20:59 lib/verify/libnetpgpverify_p.a -rw-r--r-- 1 agc agc 149968 Oct 18 20:59 lib/verify/libnetpgpverify_pic.a %
("Small" here includes the full BIGNUM/mpi functionality required to verify signatures).
Instead of using extensive callbacks for input data, which have proved to be fragile and difficult to maintain, as well as precluding uses elsewhere, this uses straight mmaping of input files where possible, and falls back to reading if unavailable.
RFC 4880 makes provision for two types of data to be signed, binary data and text, and text is subject to modification of data before the signature is made, and is usually opaque. The new netpgpverify(1) can handle this, our old version could not. DSA signatures are not yet supported -- watch this space -- but full RSA ones, including those of text documents like the signed NetBSD release hashes (see PR bin/46930) are recognised and are included in the regression tests.
% env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify < NetBSD-6.0_hashes.asc Good signature for [stdin] made Mon Oct 15 09:28:54 2012 signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23 fingerprint: ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e uid NetBSD Security Officer <security-officer@NetBSD.org> encryption 4096/RSA (Encrypt or Sign) 9ff2c24fdf2ce620 2009-06-23 [Expiry 2019-06-21] fingerprint: 1915 0801 fbd8 f45d 89f2 0205 9ff2 c24f df2c e620
%
Redirection from stdin is also supported, as are multiple files, and detached signatures. Another interesting use is to verify the signatures, and to retrieve the data only if a signature matches - this was the old "--cat" command to netpgpverify(1), and it has been brought forward into the newer version.
% env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify -c cat det.sig | diff det - %
This is implemented as a library and a small program to call so that it is easier to embed verification of signatures in scripting languages, or other source code.
|
#
1.1.2.1 |
|
06-May-2012 |
agc |
reachover build infrastructure for standalone version of netpgp
|
#
1.4.6.3 |
|
19-Aug-2014 |
tls |
Rebase to HEAD as of a few days ago.
|
#
1.4.6.2 |
|
24-Feb-2013 |
tls |
resync with head
|
#
1.4.6.1 |
|
22-Nov-2012 |
tls |
file Makefile was added on branch tls-maxphys on 2013-02-25 00:24:04 +0000
|
#
1.4.2.3 |
|
22-May-2014 |
yamt |
sync with head.
for a reference, the tree before this commit was tagged as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
|
#
1.4.2.2 |
|
15-Jan-2013 |
yamt |
sync with (a bit old) head
|
#
1.4.2.1 |
|
22-Nov-2012 |
yamt |
file Makefile was added on branch yamt-pagecache on 2013-01-16 05:25:56 +0000
|
#
1.12.4.1 |
|
08-Dec-2014 |
martin |
Pull up following revision(s) (requested by agc in ticket #297): crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h: revision 1.3 crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.c: revision 1.2 crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c: revision 1.2 crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c: revision 1.5 crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c: revision 1.5 crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.h: revision 1.3 crypto/external/bsd/netpgp/lib/verify/Makefile: revision 1.7 crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd: revision 1.2 crypto/external/bsd/netpgp/lib/verify/config.h: revision 1.1 crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3: revision 1.2 crypto/external/bsd/netpgp/bin/netpgpverify/Makefile: revision 1.13
Bring over the 20141204 portable version of netpgpverify from pkgsrc + Remove unused logmessage helper function + Add pgpv_get_cursor_element for easier manipulation of results returned. + libnetpgpverify(3) man page improvements + Standardise on WARNS=5 settings (6 is too intrusive and distracting) + Also install the library and header file for netpgpverify. This allows scripting languages to use the same verification methods via a shared library, rather than being forced to exec the netpgpverify(1) command line utility. + libnetpgpverify is now a standalone library, and requires no pre-requsisite libraries to function
|