tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

merge netpgpverify on agc-netpgp-standalone branch

netpgpverify on the agc-netpgp-standalone branch now verifies all the
signed files i've thrown at it, and the added bonus of using no
functionality from libcrypto - all of its bignum functionality comes
from its own libnetpgpverify.so.  it now works better than the
netpgpverify program in HEAD (which is embarassing because that
program can verify signatures on binary files just fine, but has
trouble with text documents, there's an open PR that this will fix. 
please don't start me on the hoops i had to jump through to calculate
the digests on text files; trust me, you will regret it).

% l lib/verify/libnetpgpverify.so*
lrwxr-xr-x  1 agc  agc      22 Nov  1 09:20 lib/verify/libnetpgpverify.so -> 
libnetpgpverify.so.4.0
lrwxr-xr-x  1 agc  agc      22 Nov  1 09:20 lib/verify/libnetpgpverify.so.4 -> 
libnetpgpverify.so.4.0
-rwxr-xr-x  1 agc  agc  120487 Nov  1 09:20 lib/verify/libnetpgpverify.so.4.0
% ldd bin/netpgpverify/netpgpverify
bin/netpgpverify/netpgpverify:
        -lz.1 => /usr/lib/libz.so.1
        -lgcc_s.1 => /usr/lib/libgcc_s.so.1
        -lc.12 => /usr/lib/libc.so.12
        -lbz2.1 => /usr/lib/libbz2.so.1
        -lnetpgpverify.4 => /usr/lib/libnetpgpverify.so.4
% ldd lib/verify/libnetpgpverify.so
lib/verify/libnetpgpverify.so:
        -lc.12 => /usr/lib/libc.so.12
%

there's an atf/kyua test suite, as well as some existing regression tests
in there too.

% make t
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify 
./netpgpverify -c verify b.gpg > output16
diff expected16 output16
rm -f output16
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify 
./netpgpverify -c verify a.gpg > output17
diff expected17 output17
rm -f output17
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify 
./netpgpverify -c verify gpgsigned-a.gpg > output18
diff expected18 output18
rm -f output18
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify 
./netpgpverify -c verify NetBSD-6.0_RC2_hashes.asc > output19
diff expected19 output19
rm -f output19
...
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify 
./netpgpverify -k dsa-pubring.gpg in2.asc > output45
diff expected45 output45
rm -f output45
env LD_LIBRARY_PATH=/usr/src/crypto/external/bsd/netpgp-standalone/lib/verify 
./netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc > output46
diff expected46 output46
rm -f output46
cd tests/netpgpverify && make && atf-run
atf2kyua: I: Removing stale Kyuafiles from /tmp/.XXXXXX.004966aa
atf2kyua: I: Converting 
/usr/src/crypto/external/bsd/netpgp-standalone/tests/netpgpverify/Atffile -> 
/tmp/.XXXXXX.004966aa/Kyuafile
t_netpgpverify:netpgpverify_rsa  ->  passed  [0.221s]
t_netpgpverify:netpgpverify_dsa  ->  passed  [0.117s]

2/2 passed (0 failed)
Committed action 19
%

especially in light of the recent compromise at freebsd.org, i'd like
to merge netpgpverify and libnetpgpverify to HEAD fairly soon.

regards,
alistair
Home | Main Index | Thread Index | Old Index