diff options
author | agc <agc@pkgsrc.org> | 2014-03-05 04:51:37 +0000 |
---|---|---|
committer | agc <agc@pkgsrc.org> | 2014-03-05 04:51:37 +0000 |
commit | 731a120e6438c6995a894aee3adccce70fceac3f (patch) | |
tree | c29ef629f0e4a64b401b1a041110c4621f3905b2 /security/netpgpverify | |
parent | d5cd8eccf502cec27b22352057ac8fff8540ca5f (diff) | |
download | pkgsrc-731a120e6438c6995a894aee3adccce70fceac3f.tar.gz |
netpgpverify-20140304:
+ Check the correct field in the struct is not NULL in sig_verify_dsa()
+ Move to using our own byte-swapping routines - portability
+ Check for errors in bzlib
+ Bump version number to 20140304
Diffstat (limited to 'security/netpgpverify')
-rw-r--r-- | security/netpgpverify/Makefile | 4 | ||||
-rw-r--r-- | security/netpgpverify/files/Makefile.in | 2 | ||||
-rw-r--r-- | security/netpgpverify/files/bzlib.c | 14 | ||||
-rw-r--r-- | security/netpgpverify/files/libverify.c | 16 | ||||
-rw-r--r-- | security/netpgpverify/files/pgpsum.c | 74 | ||||
-rw-r--r-- | security/netpgpverify/files/pgpsum.h | 5 | ||||
-rw-r--r-- | security/netpgpverify/files/verify.h | 4 |
7 files changed, 100 insertions, 19 deletions
diff --git a/security/netpgpverify/Makefile b/security/netpgpverify/Makefile index bef70ef5d75..70428eede59 100644 --- a/security/netpgpverify/Makefile +++ b/security/netpgpverify/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.6 2014/02/16 17:21:15 agc Exp $ +# $NetBSD: Makefile,v 1.7 2014/03/05 04:51:37 agc Exp $ -DISTNAME= netpgpverify-20140210 +DISTNAME= netpgpverify-20140304 CATEGORIES= security MASTER_SITES= # empty DISTFILES= # empty diff --git a/security/netpgpverify/files/Makefile.in b/security/netpgpverify/files/Makefile.in index b5556238865..b5ba487a01d 100644 --- a/security/netpgpverify/files/Makefile.in +++ b/security/netpgpverify/files/Makefile.in @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.in,v 1.2 2014/02/04 02:11:18 agc Exp $ +# $NetBSD: Makefile.in,v 1.3 2014/03/05 04:51:37 agc Exp $ PROG=netpgpverify diff --git a/security/netpgpverify/files/bzlib.c b/security/netpgpverify/files/bzlib.c index 6c37e1d8d53..c607adfd030 100644 --- a/security/netpgpverify/files/bzlib.c +++ b/security/netpgpverify/files/bzlib.c @@ -1,4 +1,4 @@ -/* $NetBSD: bzlib.c,v 1.1 2013/03/16 07:32:34 agc Exp $ */ +/* $NetBSD: bzlib.c,v 1.2 2014/03/05 04:51:37 agc Exp $ */ /*-------------------------------------------------------------*/ @@ -35,7 +35,7 @@ #include "bzlib_private.h" -/* $NetBSD: bzlib.c,v 1.1 2013/03/16 07:32:34 agc Exp $ */ +/* $NetBSD: bzlib.c,v 1.2 2014/03/05 04:51:37 agc Exp $ */ /*-------------------------------------------------------------*/ @@ -680,6 +680,10 @@ BZFILE* BZ_API(BZ2_bzReadOpen) bzFile* bzf = NULL; int ret; + if (bzerror == NULL) { + return NULL; + } + BZ_SETERR(BZ_OK); if (f == NULL || @@ -1076,7 +1080,7 @@ const char * BZ_API(BZ2_bzerror) (BZFILE *b, int *errnum) /*-------------------------------------------------------------*/ /*--- end bzlib.c ---*/ /*-------------------------------------------------------------*/ -/* $NetBSD: bzlib.c,v 1.1 2013/03/16 07:32:34 agc Exp $ */ +/* $NetBSD: bzlib.c,v 1.2 2014/03/05 04:51:37 agc Exp $ */ /*-------------------------------------------------------------*/ @@ -1722,7 +1726,7 @@ Int32 BZ2_decompress ( DState* s ) /*-------------------------------------------------------------*/ /*--- end decompress.c ---*/ /*-------------------------------------------------------------*/ -/* $NetBSD: bzlib.c,v 1.1 2013/03/16 07:32:34 agc Exp $ */ +/* $NetBSD: bzlib.c,v 1.2 2014/03/05 04:51:37 agc Exp $ */ /*-------------------------------------------------------------*/ @@ -1826,7 +1830,7 @@ UInt32 BZ2_crc32Table[256] = { /*-------------------------------------------------------------*/ /*--- end crctable.c ---*/ /*-------------------------------------------------------------*/ -/* $NetBSD: bzlib.c,v 1.1 2013/03/16 07:32:34 agc Exp $ */ +/* $NetBSD: bzlib.c,v 1.2 2014/03/05 04:51:37 agc Exp $ */ /*-------------------------------------------------------------*/ diff --git a/security/netpgpverify/files/libverify.c b/security/netpgpverify/files/libverify.c index e1063483772..9bd02f4ce63 100644 --- a/security/netpgpverify/files/libverify.c +++ b/security/netpgpverify/files/libverify.c @@ -386,7 +386,7 @@ get_pkt_len_len(uint8_t newfmt, uint8_t *p, int isprimary) static unsigned fmt_32(uint8_t *p, uint32_t a) { - a = htonl(a); + a = pgp_hton32(a); memcpy(p, &a, sizeof(a)); return sizeof(a); } @@ -395,7 +395,7 @@ fmt_32(uint8_t *p, uint32_t a) static unsigned fmt_16(uint8_t *p, uint16_t a) { - a = htons(a); + a = pgp_hton16(a); memcpy(p, &a, sizeof(a)); return sizeof(a); } @@ -626,7 +626,7 @@ get_16(uint8_t *p) uint16_t u16; memcpy(&u16, p, sizeof(u16)); - return ntohs(u16); + return pgp_ntoh16(u16); } /* get a 32 bit integer, in host order */ @@ -636,7 +636,7 @@ get_32(uint8_t *p) uint32_t u32; memcpy(&u32, p, sizeof(u32)); - return ntohl(u32); + return pgp_ntoh32(u32); } #define HOURSECS (int64_t)(60 * 60) @@ -1696,7 +1696,9 @@ verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_p BIGNUM *t1; int ret; - if (pubkey[DSA_P].bn == NULL || pubkey[DSA_Q].bn == NULL || pubkey[DSA_G].bn == NULL) { + if (pubkey->bn[DSA_P].bn == NULL || + pubkey->bn[DSA_Q].bn == NULL || + pubkey->bn[DSA_G].bn == NULL) { return 0; } M = W = t1 = NULL; @@ -2181,7 +2183,7 @@ getbignum(pgpv_bignum_t *bignum, bufgap_t *bg, char *buf, const char *header) uint32_t len; (void) bufgap_getbin(bg, &len, sizeof(len)); - len = ntohl(len); + len = pgp_ntoh32(len); (void) bufgap_seek(bg, sizeof(len), BGFromHere, BGByte); (void) bufgap_getbin(bg, buf, len); bignum->bn = BN_bin2bn((const uint8_t *)buf, (int)len, NULL); @@ -2296,7 +2298,7 @@ read_ssh_file(pgpv_t *pgp, pgpv_primarykey_t *primary, const char *fmt, ...) /* get the type of key */ (void) bufgap_getbin(&bg, &len, sizeof(len)); - len = ntohl(len); + len = pgp_ntoh32(len); if (len >= st.st_size) { (void) fprintf(stderr, "bad public key file '%s'\n", f); return 0; diff --git a/security/netpgpverify/files/pgpsum.c b/security/netpgpverify/files/pgpsum.c index 6bf6cc42538..fdf61a73c0d 100644 --- a/security/netpgpverify/files/pgpsum.c +++ b/security/netpgpverify/files/pgpsum.c @@ -120,8 +120,8 @@ calcsum(uint8_t *out, size_t size, uint8_t *mem, size_t cc, const uint8_t *hashe /* hashed data is non-null (previously checked) */ hashalg = hashed[3]; memcpy(&len16, &hashed[4], sizeof(len16)); - len32 = ntohs(len16) + 6; - len32 = htonl(len32); + len32 = pgp_ntoh16(len16) + 6; + len32 = pgp_hton32(len32); trailer[0] = 0x04; trailer[1] = 0xff; memcpy(&trailer[2], &len32, sizeof(len32)); @@ -142,6 +142,48 @@ calcsum(uint8_t *out, size_t size, uint8_t *mem, size_t cc, const uint8_t *hashe return digest_final(out, &hash); } +/* used to byteswap 16 bit words */ +typedef union { + uint16_t i16; + uint8_t i8[2]; +} u16; + +/* used to byte swap 32 bit words */ +typedef union { + uint32_t i32; + uint8_t i8[4]; +} u32; + +static inline uint16_t +swap16(uint16_t in) +{ + u16 u; + + u.i16 = in; + return (u.i8[0] << 8) | u.i8[1]; +} + +static inline uint32_t +swap32(uint32_t in) +{ + u32 u; + + u.i32 = in; + return (u.i8[0] << 24) | (u.i8[1] << 16) | (u.i8[2] << 8) | u.i8[3]; +} + +static inline int +is_little_endian(void) +{ + static const int indian = 1; + + return (*(const char *)(const void *)&indian != 0); +} + +/************************************************************/ + +/* exportable routines */ + /* open the file, mmap it, and then get the checksum on that */ int pgpv_digest_file(uint8_t *data, size_t size, const char *name, const uint8_t *hashed, size_t hashsize, int doarmor) @@ -191,3 +233,31 @@ pgpv_digest_memory(uint8_t *data, size_t size, void *mem, size_t cc, const uint8 } return calcsum(data, size, mem, cc, hashed, hashsize, doarmor); } + +/* our 16bit byte swap if LE host */ +uint16_t +pgp_ntoh16(uint16_t in) +{ + return (is_little_endian()) ? swap16(in) : in; +} + +/* our 16bit byte swap if LE host */ +uint16_t +pgp_hton16(uint16_t in) +{ + return (is_little_endian()) ? swap16(in) : in; +} + +/* our 32bit byte swap if LE host */ +uint32_t +pgp_ntoh32(uint32_t in) +{ + return (is_little_endian()) ? swap32(in) : in; +} + +/* our 32bit byte swap if LE host */ +uint32_t +pgp_hton32(uint32_t in) +{ + return (is_little_endian()) ? swap32(in) : in; +} diff --git a/security/netpgpverify/files/pgpsum.h b/security/netpgpverify/files/pgpsum.h index 75eb2276248..cab2a7f5b37 100644 --- a/security/netpgpverify/files/pgpsum.h +++ b/security/netpgpverify/files/pgpsum.h @@ -29,6 +29,11 @@ #include <inttypes.h> +uint16_t pgp_ntoh16(uint16_t /*in*/); +uint16_t pgp_hton16(uint16_t /*in*/); +uint32_t pgp_ntoh32(uint32_t /*in*/); +uint32_t pgp_hton32(uint32_t /*in*/); + int pgpv_digest_file(uint8_t */*buf*/, size_t /*size*/, const char */*name*/, const uint8_t */*hashed*/, size_t /*hashsize*/, int /*doarmor*/); int pgpv_digest_memory(uint8_t */*buf*/, size_t /*size*/, void */*memory*/, size_t /*cc*/, const uint8_t */*hashed*/, size_t /*hashsize*/, int /*doarmor*/); diff --git a/security/netpgpverify/files/verify.h b/security/netpgpverify/files/verify.h index 2f14426ad2f..c2e889fc3f1 100644 --- a/security/netpgpverify/files/verify.h +++ b/security/netpgpverify/files/verify.h @@ -23,9 +23,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef NETPGP_VERIFY_H_ -#define NETPGP_VERIFY_H_ 20140210 +#define NETPGP_VERIFY_H_ 20140304 -#define NETPGPVERIFY_VERSION "netpgpverify portable 20140210" +#define NETPGPVERIFY_VERSION "netpgpverify portable 20140304" #include <sys/types.h> |