Module Name: src
Committed By: agc
Date: Sat Oct 20 04:59:54 UTC 2012
Modified Files:
src/crypto/external/bsd/netpgp/bin/netpgp [agc-netpgp-standalone]:
Makefile
src/crypto/external/bsd/netpgp/bin/netpgpverify [agc-netpgp-standalone]:
Makefile
src/crypto/external/bsd/netpgp/bin/pgp2ssh [agc-netpgp-standalone]:
Makefile
src/crypto/external/bsd/netpgp/dist/include [agc-netpgp-standalone]:
netpgp.h
src/crypto/external/bsd/netpgp/dist/src/lib [agc-netpgp-standalone]:
validate.c
src/crypto/external/bsd/netpgp/dist/src/librsa [agc-netpgp-standalone]:
rsa.c rsa.h
src/crypto/external/bsd/netpgp/dist/src/libverify
[agc-netpgp-standalone]:
Makefile libnetpgpverify.3 verify.h
src/crypto/external/bsd/netpgp/dist/src/netpgpverify
[agc-netpgp-standalone]:
netpgpverify.1
src/crypto/external/bsd/netpgp/lib [agc-netpgp-standalone]: Makefile
src/crypto/external/bsd/netpgp/lib/bn [agc-netpgp-standalone]: Makefile
shlib_version
src/crypto/external/bsd/netpgp/lib/cipher [agc-netpgp-standalone]:
shlib_version
src/crypto/external/bsd/netpgp/lib/mj [agc-netpgp-standalone]:
shlib_version
src/crypto/external/bsd/netpgp/lib/netpgp [agc-netpgp-standalone]:
shlib_version
src/crypto/external/bsd/netpgp/lib/paa [agc-netpgp-standalone]:
shlib_version
src/crypto/external/bsd/netpgp/lib/rsa [agc-netpgp-standalone]:
shlib_version
src/crypto/external/bsd/netpgp/lib/verify [agc-netpgp-standalone]:
Makefile shlib_version
Added Files:
src/crypto/external/bsd/netpgp/dist/src/libverify
[agc-netpgp-standalone]:
array.h b64.c b64.h dump.c libverify.c pgpsum.c pgpsum.h
src/crypto/external/bsd/netpgp/dist/src/netpgpverify
[agc-netpgp-standalone]:
main.c
Removed Files:
src/crypto/external/bsd/netpgp/dist/src/netpgpverify
[agc-netpgp-standalone]:
verify.c
Log Message:
Replace the netpgpverify command and libnetpgpverify in the
agc-netpgp-standalone branch with a completely rewritten "from the RFC
up" version designed to be small, standalone, and easy to maintain.
% ldd bin/netpgpverify/netpgpverify
bin/netpgpverify/netpgpverify:
-lz.1 => /usr/lib/libz.so.1
-lgcc_s.1 => /usr/lib/libgcc_s.so.1
-lc.12 => /usr/lib/libc.so.12
-lbz2.1 => /usr/lib/libbz2.so.1
-lnetpgpverify.4 => /usr/lib/libnetpgpverify.so.4
% ldd lib/verify/libnetpgpverify.so
lib/verify/libnetpgpverify.so:
-lc.12 => /usr/lib/libc.so.12
% ls -al lib/verify/libnetpgpverify* bin/netpgpverify/netpgpverify
-rwxr-xr-x 1 agc agc 10502 Oct 18 20:59
bin/netpgpverify/netpgpverify
-rw-r--r-- 1 agc agc 159720 Oct 18 20:59 lib/verify/libnetpgpverify.a
-rw-r--r-- 1 agc agc 4822 Oct 18 20:59
lib/verify/libnetpgpverify.html3
lrwxr-xr-x 1 agc agc 22 Oct 18 20:59
lib/verify/libnetpgpverify.so -> libnetpgpverify.so.4.0
lrwxr-xr-x 1 agc agc 22 Oct 18 20:59
lib/verify/libnetpgpverify.so.4 -> libnetpgpverify.so.4.0
-rwxr-xr-x 1 agc agc 123069 Oct 18 20:59
lib/verify/libnetpgpverify.so.4.0
-rw-r--r-- 1 agc agc 169696 Oct 18 20:59
lib/verify/libnetpgpverify_p.a
-rw-r--r-- 1 agc agc 149968 Oct 18 20:59
lib/verify/libnetpgpverify_pic.a
%
("Small" here includes the full BIGNUM/mpi functionality required to
verify signatures).
Instead of using extensive callbacks for input data, which have proved
to be fragile and difficult to maintain, as well as precluding uses
elsewhere, this uses straight mmaping of input files where possible,
and falls back to reading if unavailable.
RFC 4880 makes provision for two types of data to be signed, binary
data and text, and text is subject to modification of data before the
signature is made, and is usually opaque. The new netpgpverify(1) can
handle this, our old version could not. DSA signatures are not yet
supported -- watch this space -- but full RSA ones, including those of
text documents like the signed NetBSD release hashes (see PR
bin/46930) are recognised and are included in the regression tests.
% env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify <
NetBSD-6.0_hashes.asc
Good signature for [stdin] made Mon Oct 15 09:28:54 2012
signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
fingerprint: ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
uid NetBSD Security Officer <security-offi...@netbsd.org>
encryption 4096/RSA (Encrypt or Sign) 9ff2c24fdf2ce620 2009-06-23
[Expiry 2019-06-21]
fingerprint: 1915 0801 fbd8 f45d 89f2 0205 9ff2 c24f df2c e620
%
Redirection from stdin is also supported, as are multiple files, and
detached signatures. Another interesting use is to verify the
signatures, and to retrieve the data only if a signature matches -
this was the old "--cat" command to netpgpverify(1), and it has been
brought forward into the newer version.
% env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify -c cat det.sig |
diff det -
%
This is implemented as a library and a small program to call so
that it is easier to embed verification of signatures in scripting
languages, or other source code.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/bin/netpgp/Makefile
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/bin/pgp2ssh/Makefile
cvs rdiff -u -r1.21 -r1.21.10.1 \
src/crypto/external/bsd/netpgp/dist/include/netpgp.h
cvs rdiff -u -r1.44 -r1.44.2.1 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/dist/src/librsa/rsa.c \
src/crypto/external/bsd/netpgp/dist/src/librsa/rsa.h
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/dist/src/libverify/Makefile \
src/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3 \
src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h
cvs rdiff -u -r0 -r1.1.2.1 \
src/crypto/external/bsd/netpgp/dist/src/libverify/array.h \
src/crypto/external/bsd/netpgp/dist/src/libverify/b64.c \
src/crypto/external/bsd/netpgp/dist/src/libverify/b64.h \
src/crypto/external/bsd/netpgp/dist/src/libverify/dump.c \
src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c \
src/crypto/external/bsd/netpgp/dist/src/libverify/pgpsum.c \
src/crypto/external/bsd/netpgp/dist/src/libverify/pgpsum.h
cvs rdiff -u -r0 -r1.1.2.1 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c
cvs rdiff -u -r1.5 -r1.5.10.1 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1
cvs rdiff -u -r1.15 -r0 \
src/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c
cvs rdiff -u -r1.13.6.1 -r1.13.6.2 \
src/crypto/external/bsd/netpgp/lib/Makefile
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/lib/bn/Makefile \
src/crypto/external/bsd/netpgp/lib/bn/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/lib/cipher/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/lib/mj/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/lib/netpgp/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/lib/paa/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/lib/rsa/shlib_version
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
src/crypto/external/bsd/netpgp/lib/verify/Makefile \
src/crypto/external/bsd/netpgp/lib/verify/shlib_version
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
