11 months agoAlways pad fingerprints to 16 characters master
Matthias Schiffer [Sat, 16 May 2020 15:29:00 +0000 (17:29 +0200)]
Always pad fingerprints to 16 characters

Fingerprints were not padded with zeros. This led to a ucert failure
when the first byte of the fingerprint is 00, as it expects the
fingerprint to have a constant length (and this expectation seems
reasonable to me).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Jo-Philipp Wich <jo@mein.io>
19 months agomain: fix some resource leaks
Hauke Mehrtens [Mon, 2 Sep 2019 19:34:15 +0000 (21:34 +0200)]
main: fix some resource leaks

This fixes some resources leaks mostly in error patches.

Coverity: #1330236, #1330237, #1330238
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agosha512: fix bad hardcoded constant in sha512_final()
Jo-Philipp Wich [Tue, 6 Aug 2019 17:30:12 +0000 (19:30 +0200)]
sha512: fix bad hardcoded constant in sha512_final()

The SHA512 implementation shipped with usign uses a wrong hardcoded
numeric constant in the final block padding code.

An additional transform step must be done when there are at least
SHA512_BLOCK_SIZE - 16 = 112 bytes in the state buffer, however the
existing code incorrectly transformed buffer data larger than or
equal to 110 bytes as well, resulting in invalid hash calculations
when exactly 110 or 111 remaining bytes were left in the buffer.

To reproduce the issue, sign a plaintext file with a size of exactly
128 * N + 64 + 110 or 128 * N + 64 + 111 bytes using signify-openbsd
and attempt to verify the signature using usign:

    $ signify-openbsd -G -n -p test.pub -s test.key
    $ dd if=/dev/zero of=test.msg bs=1 count=$((64 + 110))
    $ signify-openbsd -S -x test.sig -s test.key -m test.msg
    $ usign -V -p test.pub -x test.sig -m test.msg

Fix this issue by replacing the bad numeric constanct with a macro
expression resulting in the proper value.

The fix has been verified by cross checking the intermedia hash
results with results from OpenSSL's SHA512 implementation and by
comparing the usign SHA512 code with the hashing code shipped with

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years agoREADME: replace unicode character
xypron.glpk@gmx.de [Sat, 22 Oct 2016 20:13:23 +0000 (22:13 +0200)]
README: replace unicode character

Only use ASCII characters in README.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
4 years agoREADME: add reference to OpenBSD signify
Felix Fietkau [Tue, 18 Oct 2016 09:20:43 +0000 (11:20 +0200)]
README: add reference to OpenBSD signify

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agoREADME: provide reference for ed25519 algorithm
xypron.glpk@gmx.de [Sun, 16 Oct 2016 05:43:50 +0000 (07:43 +0200)]
README: provide reference for ed25519 algorithm

Add reference information for the ed25519 algorithm.
Add build instructions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
4 years agousign: main.c: describe necessary arguments for -G
Heinrich Schuchardt [Sat, 15 Oct 2016 16:27:23 +0000 (18:27 +0200)]
usign: main.c: describe necessary arguments for -G

Generation of keys requires -p and -s.
The usage help should indicate this.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
4 years agoAdd empty README
Ted Hess [Sat, 2 Jul 2016 15:51:08 +0000 (11:51 -0400)]
Add empty README

Signed-off-by: Ted Hess <thess@kitschensync.net>
4 years agocmake: Find libubox/utils.h header file
Florian Fainelli [Fri, 1 Jul 2016 23:04:05 +0000 (16:04 -0700)]
cmake: Find libubox/utils.h header file

Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for
libubox/utils.h.  Some external toolchains which do not include standard
locations would fail to find the header otherwise.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
5 years agofix accidental swapping of public vs private key comment
Felix Fietkau [Thu, 17 Dec 2015 16:06:27 +0000 (17:06 +0100)]
fix accidental swapping of public vs private key comment

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
6 years agoadd build flag to use libubox instead of provided base64 implementation
Felix Fietkau [Sun, 19 Apr 2015 10:42:10 +0000 (12:42 +0200)]
add build flag to use libubox instead of provided base64 implementation

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
6 years agobase64: sync with libubox modifications
Felix Fietkau [Sun, 19 Apr 2015 10:38:05 +0000 (12:38 +0200)]
base64: sync with libubox modifications

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
6 years agoadd support for overriding the comment data
Felix Fietkau [Mon, 6 Apr 2015 15:06:04 +0000 (17:06 +0200)]
add support for overriding the comment data

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
6 years agoInitial import
Felix Fietkau [Mon, 6 Apr 2015 14:00:52 +0000 (16:00 +0200)]
Initial import

Signed-off-by: Felix Fietkau <nbd@openwrt.org>