CVS commit: [agc-netpgp-standalone] src/crypto/external/bsd/netpgp/dist/src/libverify

["Alistair G. Crooks" <agc%netbsd.org@localhost>]

Module Name:    src
Committed By:   agc
Date:           Wed Oct 24 02:27:25 UTC 2012

Modified Files:
        src/crypto/external/bsd/netpgp/dist/src/libverify 
[agc-netpgp-standalone]:
            libverify.c pgpsum.c verify.h

Log Message:
various improvements in netpgpverify:

+ store the revocation code in the signature

+ attempt to be bug compatible with gpg - if a signature on a text
document does not match the first time, try again, this time trimming
trailing white space (' ' and '\t' characters) from the text document.
this makes the verification work the same as gpg.  this behavior is
not activated for binary documents.  i have absolutely no idea why
this is done in the first place; christoph badura thinks it may be to
do with original pgp compatibility.  this and the stripping of the
trailing \r\n on text document digest calculation make no sense to me.

+ only compare the leading Q bits (i.e.  the length of the DSA Q
value) when verifying a DSA signature, per RFC 4880.  helps with
sha256 digests and smaller keys.

+ calculate the displayed size of DSA keys a bit differently, no functional
difference.


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.6 -r1.1.2.7 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/pgpsum.c
cvs rdiff -u -r1.1.2.5 -r1.1.2.6 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.