diff options
author | agc <agc@pkgsrc.org> | 2016-08-28 23:23:40 +0000 |
---|---|---|
committer | agc <agc@pkgsrc.org> | 2016-08-28 23:23:40 +0000 |
commit | 14e8c579097a071b2b168d7bff648d501ab2187e (patch) | |
tree | 8886212a2a2ab2d6e6013e0678d80902943a5c6d | |
parent | 2ce2fe9b2d95ab5100d2bddea3293c7a9a7806aa (diff) | |
download | pkgsrc-14e8c579097a071b2b168d7bff648d501ab2187e.tar.gz |
Update netpgpverify and libnetpgpverify to 20160828
+ bring over change from christos in src/crypto to check for
the end of an ASCII-armored signature
+ no need for namespace protection in array.h any more, now
that netpgp/verify.h now contains opaque structures
+ minor typo clean-up in a definition (benign, ignored by compiler)
-rw-r--r-- | security/netpgpverify/files/array.h | 4 | ||||
-rw-r--r-- | security/netpgpverify/files/libverify.c | 54 | ||||
-rw-r--r-- | security/netpgpverify/files/verify.h | 4 |
3 files changed, 34 insertions, 28 deletions
diff --git a/security/netpgpverify/files/array.h b/security/netpgpverify/files/array.h index 59827db31f6..ce249dcec47 100644 --- a/security/netpgpverify/files/array.h +++ b/security/netpgpverify/files/array.h @@ -25,10 +25,10 @@ #ifndef ARRAY_H_ #define ARRAY_H_ 20120921 -#ifndef PGPV_ARRAY +#ifndef ARRAY /* creates 2 unsigned vars called "name"c and "name"size in current scope */ /* also creates an array called "name"s in current scope */ -#define PGPV_ARRAY(type, name) \ +#define ARRAY(type, name) \ unsigned name##c; unsigned name##vsize; type *name##s #endif diff --git a/security/netpgpverify/files/libverify.c b/security/netpgpverify/files/libverify.c index 672a7f5ba69..f7c56a78a4a 100644 --- a/security/netpgpverify/files/libverify.c +++ b/security/netpgpverify/files/libverify.c @@ -166,7 +166,7 @@ typedef struct pgpv_sigpkt_t { pgpv_signature_t sig; uint16_t subslen; uint16_t unhashlen; - PGPV_ARRAY(uint64_t, subpackets); + ARRAY(uint64_t, subpackets); } pgpv_sigpkt_t; /* a one-pass signature packet */ @@ -194,7 +194,7 @@ typedef struct pgpv_litdata_t { /* user attributes - images */ typedef struct pgpv_userattr_t { size_t len; - PGPV_ARRAY(pgpv_string_t, subattrs); + ARRAY(pgpv_string_t, subattrs); } pgpv_userattr_t; /* a general PGP packet */ @@ -231,45 +231,45 @@ typedef struct pgpv_mem_t { typedef struct pgpv_signed_userid_t { pgpv_string_t userid; - PGPV_ARRAY(uint64_t, signatures); + ARRAY(uint64_t, signatures); uint8_t primary_userid; uint8_t revoked; } pgpv_signed_userid_t; typedef struct pgpv_signed_userattr_t { pgpv_userattr_t userattr; - PGPV_ARRAY(uint64_t, signatures); + ARRAY(uint64_t, signatures); uint8_t revoked; } pgpv_signed_userattr_t; typedef struct pgpv_signed_subkey_t { pgpv_pubkey_t subkey; pgpv_signature_t revoc_self_sig; - PGPV_ARRAY(uint64_t, signatures); + ARRAY(uint64_t, signatures); } pgpv_signed_subkey_t; typedef struct pgpv_primarykey_t { pgpv_pubkey_t primary; pgpv_signature_t revoc_self_sig; - PGPV_ARRAY(uint64_t, signatures); - PGPV_ARRAY(uint64_t, signed_userids); - PGPV_ARRAY(uint64_t, signed_userattrs); - PGPV_ARRAY(uint64_t, signed_subkeys); + ARRAY(uint64_t, signatures); + ARRAY(uint64_t, signed_userids); + ARRAY(uint64_t, signed_userattrs); + ARRAY(uint64_t, signed_subkeys); size_t fmtsize; uint8_t primary_userid; } pgpv_primarykey_t; /* everything stems from this structure */ struct pgpv_t { - PGPV_ARRAY(pgpv_pkt_t, pkts); /* packet array */ - PGPV_ARRAY(pgpv_primarykey_t, primaries); /* array of primary keys */ - PGPV_ARRAY(pgpv_mem_t, areas); /* areas we read packets from */ - PGPV_ARRAY(size_t, datastarts); /* starts of data packets */ - PGPV_ARRAY(pgpv_signature_t, signatures); /* all signatures */ - PGPV_ARRAY(pgpv_signed_userid_t, signed_userids); /* all signed userids */ - PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs); /* all signed user attrs */ - PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys); /* all signed subkeys */ - PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts); /* all sub packets */ + ARRAY(pgpv_pkt_t, pkts); /* packet array */ + ARRAY(pgpv_primarykey_t, primaries); /* array of primary keys */ + ARRAY(pgpv_mem_t, areas); /* areas we read packets from */ + ARRAY(size_t, datastarts); /* starts of data packets */ + ARRAY(pgpv_signature_t, signatures); /* all signatures */ + ARRAY(pgpv_signed_userid_t, signed_userids); /* all signed userids */ + ARRAY(pgpv_signed_userattr_t, signed_userattrs); /* all signed user attrs */ + ARRAY(pgpv_signed_subkey_t, signed_subkeys); /* all signed subkeys */ + ARRAY(pgpv_sigsubpkt_t, subpkts); /* all sub packets */ size_t pkt; /* when parsing, current pkt number */ const char *op; /* the operation we're doing */ unsigned ssh; /* using ssh keys */ @@ -284,8 +284,8 @@ struct pgpv_cursor_t { char *op; /* operation we're doing */ char *value; /* value we're searching for */ void *ptr; /* for regexps etc */ - PGPV_ARRAY(uint32_t, found); /* array of matched pimary key subscripts */ - PGPV_ARRAY(size_t, datacookies); /* cookies to retrieve matched data */ + ARRAY(uint32_t, found); /* array of matched pimary key subscripts */ + ARRAY(size_t, datacookies); /* cookies to retrieve matched data */ int64_t sigtime; /* time of signature */ char why[PGPV_REASON_LEN]; /* reason for bad signature */ }; @@ -334,7 +334,7 @@ struct pgpv_cursor_t { #define PUBKEY_RSA_SIGN 3 #define PUBKEY_ELGAMAL_ENCRYPT 16 #define PUBKEY_DSA 17 -#define PUBKEY_ELLIPTIC_CURVE 18 +#define PUBKEY_ECDH 18 #define PUBKEY_ECDSA 19 #define PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN 20 @@ -499,7 +499,7 @@ static uint8_t * get_ref(pgpv_ref_t *ref) { pgpv_mem_t *mem; - pgpv_t *pgp = (pgpv_t *)ref->vp;; + pgpv_t *pgp = (pgpv_t *)ref->vp; mem = &ARRAY_ELEMENT(pgp->areas, ref->mem); return &mem->mem[ref->offset]; @@ -2284,7 +2284,7 @@ read_ascii_armor(pgpv_cursor_t *cursor, pgpv_mem_t *mem, const char *filename) litdata.u.litdata.offset = (size_t)(p - mem->mem); litdata.u.litdata.filename.data = pgpv_strdup(filename); litdata.u.litdata.filename.allocated = 1; - if ((p = find_bin_string(datastart = p, mem->size - litdata.offset, SIGSTART, strlen(SIGSTART))) == NULL) { + if ((p = find_bin_string(datastart = p, mem->size - litdata.offset, SIGSTART, sizeof(SIGSTART) - 1)) == NULL) { snprintf(cursor->why, sizeof(cursor->why), "malformed armor - no sig - at %zu", (size_t)(p - mem->mem)); return 0; @@ -2298,7 +2298,13 @@ read_ascii_armor(pgpv_cursor_t *cursor, pgpv_mem_t *mem, const char *filename) return 0; } p += 2; - sigend = find_bin_string(p, mem->size, SIGEND, strlen(SIGEND)); + sigend = find_bin_string(p, mem->size, SIGEND, sizeof(SIGEND) - 1); + if (sigend == NULL) { + snprintf(cursor->why, sizeof(cursor->why), + "malformed armor - no end sig - at %zu", + (size_t)(p - mem->mem)); + return 0; + } binsigsize = b64decode((char *)p, (size_t)(sigend - p), binsig, sizeof(binsig)); read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); diff --git a/security/netpgpverify/files/verify.h b/security/netpgpverify/files/verify.h index 3f3721cd879..7dbf6196996 100644 --- a/security/netpgpverify/files/verify.h +++ b/security/netpgpverify/files/verify.h @@ -23,9 +23,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef NETPGP_VERIFY_H_ -#define NETPGP_VERIFY_H_ 20160709 +#define NETPGP_VERIFY_H_ 20160828 -#define NETPGPVERIFY_VERSION "netpgpverify portable 20160709" +#define NETPGPVERIFY_VERSION "netpgpverify portable 20160828" #include <sys/types.h> |