Remove extra semicolon.

check the correct field in the structure in dsa_verify - pointed out by
joerg - thanks!

Update to version 20140220

Changes from previous version:

+ portability fixes from xtraeme for his Linux distribution:
+ add search for ar(1) into autoconf
+ define __printflike if it's not already defined
+ fix missing asprintf (I fixed this differently)

Fix build (cast to const char *).

Move __printflike to the prototype. Add explicit cast for void * ->
char * to make GCC happy.

Add __printflike.

branches: 1.4.2; 1.4.6;
Initialize "ok" (and thereby fix the vax build)

fix problem on 32-bit problems - with thanks to Alan Barrett and
Jonathan Kollasch

Merge netpgpverify(1) and libnetpgpverify(3) from the
agc-netpgp-standalone branch.

Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a
completely new implementation, and uses its own bignum library derived
from libtommath. Apart from libz and libbz2, it just uses its own
library and is self-contained - this makes it easier to embed, and to
use from scripting languages.

netpgpverify(1) now verifies all the signed files i've thrown at it,
and the added bonus of using no functionality from libcrypto - all of
its bignum functionality comes from its own libnetpgpverify.so.
netpgpverify(1) now verifies not only signatures on binary files, but
also signatures on text documents. This fixes PR/46930. Please don't
start me on the hoops I had to jump through to calculate the digests
on text files; trust me, you will regret it.

% supersize `which netpgpverify`
text data bss dec hex filename
4452 860 72 5384 1508 /usr/bin/netpgpverify
79542 1408 0 80950 13c36 /usr/lib/libz.so.1
43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1
1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12
57253 4184 0 61437 effd /usr/lib/libbz2.so.1
108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4
1612083 58792 69832 1740707 0x1a8fa3 total
%

% make t
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16
diff expected16 output16
rm -f output16
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17
diff expected17 output17
rm -f output17
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18
diff expected18 output18
rm -f output18
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19
diff expected19 output19
rm -f output19
...
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45
diff expected45 output45
rm -f output45
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46
diff expected46 output46
rm -f output46
cd tests/netpgpverify && make && atf-run
atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa
atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile
t_netpgpverify:netpgpverify_rsa -> passed [0.221s]
t_netpgpverify:netpgpverify_dsa -> passed [0.117s]

2/2 passed (0 failed)
Committed action 19
%

branches: 1.1.2;
file libverify.c was initially added on branch agc-netpgp-standalone.

check the correct field in the structure in dsa_verify - pointed out by
joerg - thanks!

Update to version 20140220

Changes from previous version:

+ portability fixes from xtraeme for his Linux distribution:
+ add search for ar(1) into autoconf
+ define __printflike if it's not already defined
+ fix missing asprintf (I fixed this differently)

Fix build (cast to const char *).

Move __printflike to the prototype. Add explicit cast for void * ->
char * to make GCC happy.

Add __printflike.

branches: 1.4.2; 1.4.6;
Initialize "ok" (and thereby fix the vax build)

fix problem on 32-bit problems - with thanks to Alan Barrett and
Jonathan Kollasch

Merge netpgpverify(1) and libnetpgpverify(3) from the
agc-netpgp-standalone branch.

Rewrite the netpgpverify(1) functionality from RFC4880 up. This is a
completely new implementation, and uses its own bignum library derived
from libtommath. Apart from libz and libbz2, it just uses its own
library and is self-contained - this makes it easier to embed, and to
use from scripting languages.

netpgpverify(1) now verifies all the signed files i've thrown at it,
and the added bonus of using no functionality from libcrypto - all of
its bignum functionality comes from its own libnetpgpverify.so.
netpgpverify(1) now verifies not only signatures on binary files, but
also signatures on text documents. This fixes PR/46930. Please don't
start me on the hoops I had to jump through to calculate the digests
on text files; trust me, you will regret it.

% supersize `which netpgpverify`
text data bss dec hex filename
4452 860 72 5384 1508 /usr/bin/netpgpverify
79542 1408 0 80950 13c36 /usr/lib/libz.so.1
43994 984 488 45466 b19a /usr/lib/libgcc_s.so.1
1318116 49644 69272 1437032 15ed68 /usr/lib/libc.so.12
57253 4184 0 61437 effd /usr/lib/libbz2.so.1
108726 1712 0 110438 1af66 /usr/lib/libnetpgpverify.so.4
1612083 58792 69832 1740707 0x1a8fa3 total
%

% make t
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify b.gpg > output16
diff expected16 output16
rm -f output16
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify a.gpg > output17
diff expected17 output17
rm -f output17
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify gpgsigned-a.gpg > output18
diff expected18 output18
rm -f output18
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19
diff expected19 output19
rm -f output19
...
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k dsa-pubring.gpg in2.asc > output45
diff expected45 output45
rm -f output45
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify ./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46
diff expected46 output46
rm -f output46
cd tests/netpgpverify && make && atf-run
atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa
atf2kyua: I: Converting /usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> /tmp/.XXXXXX.004966aa/Kyuafile
t_netpgpverify:netpgpverify_rsa -> passed [0.221s]
t_netpgpverify:netpgpverify_dsa -> passed [0.117s]

2/2 passed (0 failed)
Committed action 19
%

branches: 1.1.2;
file libverify.c was initially added on branch agc-netpgp-standalone.

more changes to netpgpverify on agc-netpgp-standalone branch:

+ remove the copy of digest.h from libbn sources, use the one in
libdigest, and fix up lib/verify/Makefile to accommodate

+ get rid of header files we don't need, and pick up header files
from the correct directory

+ remove the hexdump utility routine from the libbn misc support
routines, it's not needed

+ add a comment describing the pubring primary key parser structure

display revoked userids, and particularly, compromised and revoked userids

changes to libnetpgpverify:

+ isolate the RSA verification code (the DSA verification code was
isolated previously), and include it in our sources, rather than
including the source for librsa, (and thus bringing in all the code
for signing and encryption/decryption) - no crypto is involved in
signature verification, just the digest calculation, and the BIGNUM
expmod.

+ check some more arguments

+ order the user ids as expected in public keys (i.e. if there's a
primary user id signature sub-packet, honor it), and fix up the
regression test results accordingly.

minor changes to libnetpgpverify(3)

+ allow more signature types in subkey signatures when parsing
signatures in the pubring trust entries, which allows more existing,
valid pubring.gpg files (constructed by gpg) to be recognised. with
thanks to jakallsch for the data.

+ provide a nonnull_getenv() function and use it in the one place
getenv(3) was previously used, following a nudge from dsl.

change the signature (ha!) of the pgpv_read_pubring() function to allow a
key to be specified as a string in memory, as well as in a file. as always,
the pubring must precede the signature.

various improvements in netpgpverify:

+ store the revocation code in the signature

+ attempt to be bug compatible with gpg - if a signature on a text
document does not match the first time, try again, this time trimming
trailing white space (' ' and '\t' characters) from the text document.
this makes the verification work the same as gpg. this behavior is
not activated for binary documents. i have absolutely no idea why
this is done in the first place; christoph badura thinks it may be to
do with original pgp compatibility. this and the stripping of the
trailing \r\n on text document digest calculation make no sense to me.

+ only compare the leading Q bits (i.e. the length of the DSA Q
value) when verifying a DSA signature, per RFC 4880. helps with
sha256 digests and smaller keys.

+ calculate the displayed size of DSA keys a bit differently, no functional
difference.

Fix a tyop in the getopt string so that it specifies that -k takes an
argument - makes the specification of public keyrings work again.

Make pgpv_verify return a cookie if the signature matches, rather than
just a plain pseudo-boolean value. The cookie can be used
subsequently to retrieve the verified data

Use the cookie as input to pgp_get_verified()

Add tests for DSA key verification

fix DSA signature verification so it DTRT

Get rid of a debugging inclusion which is no longer needed.

add preliminary support for DSA signatures to libnetpgpverify(3) and
netpgpverify(1)

implement a new pgpv_get_verified() exported function, which returns the
data and its size to the caller.

implement pgpv_verify_print() in terms of pgpv_get_verified()

Replace the netpgpverify command and libnetpgpverify in the
agc-netpgp-standalone branch with a completely rewritten "from the RFC
up" version designed to be small, standalone, and easy to maintain.

% ldd bin/netpgpverify/netpgpverify
bin/netpgpverify/netpgpverify:
-lz.1 => /usr/lib/libz.so.1
-lgcc_s.1 => /usr/lib/libgcc_s.so.1
-lc.12 => /usr/lib/libc.so.12
-lbz2.1 => /usr/lib/libbz2.so.1
-lnetpgpverify.4 => /usr/lib/libnetpgpverify.so.4
% ldd lib/verify/libnetpgpverify.so
lib/verify/libnetpgpverify.so:
-lc.12 => /usr/lib/libc.so.12
% ls -al lib/verify/libnetpgpverify* bin/netpgpverify/netpgpverify
-rwxr-xr-x 1 agc agc 10502 Oct 18 20:59 bin/netpgpverify/netpgpverify
-rw-r--r-- 1 agc agc 159720 Oct 18 20:59 lib/verify/libnetpgpverify.a
-rw-r--r-- 1 agc agc 4822 Oct 18 20:59 lib/verify/libnetpgpverify.html3
lrwxr-xr-x 1 agc agc 22 Oct 18 20:59 lib/verify/libnetpgpverify.so -> libnetpgpverify.so.4.0
lrwxr-xr-x 1 agc agc 22 Oct 18 20:59 lib/verify/libnetpgpverify.so.4 -> libnetpgpverify.so.4.0
-rwxr-xr-x 1 agc agc 123069 Oct 18 20:59 lib/verify/libnetpgpverify.so.4.0
-rw-r--r-- 1 agc agc 169696 Oct 18 20:59 lib/verify/libnetpgpverify_p.a
-rw-r--r-- 1 agc agc 149968 Oct 18 20:59 lib/verify/libnetpgpverify_pic.a
%

("Small" here includes the full BIGNUM/mpi functionality required to
verify signatures).

Instead of using extensive callbacks for input data, which have proved
to be fragile and difficult to maintain, as well as precluding uses
elsewhere, this uses straight mmaping of input files where possible,
and falls back to reading if unavailable.

RFC 4880 makes provision for two types of data to be signed, binary
data and text, and text is subject to modification of data before the
signature is made, and is usually opaque. The new netpgpverify(1) can
handle this, our old version could not. DSA signatures are not yet
supported -- watch this space -- but full RSA ones, including those of
text documents like the signed NetBSD release hashes (see PR
bin/46930) are recognised and are included in the regression tests.

% env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify < NetBSD-6.0_hashes.asc
Good signature for [stdin] made Mon Oct 15 09:28:54 2012
signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
fingerprint: ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
uid NetBSD Security Officer <security-officer@NetBSD.org>
encryption 4096/RSA (Encrypt or Sign) 9ff2c24fdf2ce620 2009-06-23 [Expiry 2019-06-21]
fingerprint: 1915 0801 fbd8 f45d 89f2 0205 9ff2 c24f df2c e620

%

Redirection from stdin is also supported, as are multiple files, and
detached signatures. Another interesting use is to verify the
signatures, and to retrieve the data only if a signature matches -
this was the old "--cat" command to netpgpverify(1), and it has been
brought forward into the newer version.

% env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify -c cat det.sig | diff det -
%

This is implemented as a library and a small program to call so
that it is easier to embed verification of signatures in scripting
languages, or other source code.

Rebase to HEAD as of a few days ago.

resync with head

file libverify.c was added on branch tls-maxphys on 2013-02-25 00:24:06 +0000

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")

sync with (a bit old) head

file libverify.c was added on branch yamt-pagecache on 2013-01-16 05:25:58 +0000