Commit Graph

932 Commits

Author SHA1 Message Date
drochner 4c2e6ed1da pull in upstream rev.22547:
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1
and DTLS to fix DoS attack.
(CVE-2012-2333)
2012-05-11 18:07:33 +00:00
christos 845f0e2763 bump 2012-05-02 02:41:13 +00:00
christos 091c4109a8 merge OpenSSH 6.0
Features:

 * ssh-keygen(1): Add optional checkpoints for moduli screening
 * ssh-add(1): new -k option to load plain keys (skipping certificates)
 * sshd(8): Add wildcard support to PermitOpen, allowing things like
   "PermitOpen localhost:*".  bz #1857
 * ssh(1): support for cancelling local and remote port forwards via the
   multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host"
   to request the cancellation of the specified forwardings
 * support cancellation of local/dynamic forwardings from ~C commandline

Bugfixes:

 * ssh(1): ensure that $DISPLAY contains only valid characters before
   using it to extract xauth data so that it can't be used to play local
   shell metacharacter games.
 * ssh(1): unbreak remote portforwarding with dynamic allocated listen ports
 * scp(1): uppress adding '--' to remote commandlines when the first
   argument does not start with '-'. saves breakage on some
   difficult-to-upgrade embedded/router platforms
 * ssh(1)/sshd(8): fix typo in IPQoS parsing: there is no "AF14" class,
   but there is an "AF21" class
 * ssh(1)/sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during
   rekeying
 * ssh(1): skip attempting to create ~/.ssh when -F is passed
 * sshd(8): unbreak stdio forwarding when ControlPersist is in use; bz#1943
 * sshd(1): send tty break to pty master instead of (probably already
   closed) slave side; bz#1859
 * sftp(1): silence error spam for "ls */foo" in directory with files;
   bz#1683
 * Fixed a number of memory and file descriptor leaks
2012-05-02 02:41:08 +00:00
tls 011988ad52 Add new "SendVersionFirst" option to OpenSSH client. This option makes
the client send its version string first if it is configured to speak
v2 only (the old hack of waiting to see the server version is only
really useful if you might be speaking v1 to some servers).  The option
is on by default but can be disabled from the config file.

This aligns the OpenSSH client behavior with most other implementations
and eliminates a major source of connection delays and failures when
speaking SSH through particularly stupid proxies, of which, sadly, there
are many.

This change has also been submitted to OpenSSH as their bug #1999.
2012-04-27 15:45:37 +00:00
drochner b0eecc93cf fix for previous fix: correct error code (upstream rev.22474) 2012-04-25 11:02:46 +00:00
drochner c89bad5193 pull in upstream SVN rev. 22439:
check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean. (CVE-2012-2110)
2012-04-19 20:20:56 +00:00
christos 07636659d9 Minimize diffs. 2012-04-14 01:34:37 +00:00
christos 4dd26a2880 use getpassfd() 2012-04-13 23:57:08 +00:00
tls 36a4733e75 Fix applications that call RAND_bytes() before any other RAND function.
Last change was...a bit too simple.
2012-03-07 10:17:47 +00:00
tls 48b3ca7292 Patch OpenSSL RNG to allow explicit initial seeding. Patch OpenSSH to
explicitly seed the OpenSSL RNG in each new process rather than letting
it repeatedly open /dev/urandom to reseed, which depletes entropy severely.

Note that the OpenSSH part of this fix works better on NetBSD than it would
on many other platforms because on NetBSD, if you don't reopen /dev/urandom,
repeated reads don't deplete entropy.  On other platforms, some other
approach might be required.

Note also that this problem does not arise on OpenBSD because OpenBSD seems
to have patched OpenSSL to seed the RAND functions from arc4random()!  That
seems dangerous, so I am not taking that approach here.
2012-03-05 20:13:36 +00:00
christos 94fcde8eaf Fix compilation:
kill PGP_ERROR() and make everything use a format.
XXX: Fixme to use __VA_ARGS__ instead of the silly PGP_ERROR_N() macros.
2012-03-05 02:20:18 +00:00
agc ddccfadc5f Use %s for the format string, as pointed out by joerg in the diff for
__printflike attributions (on tech-userlevel, March 1st 2012).
2012-03-04 19:52:02 +00:00
drochner 582e7c9a93 apply upstream rev.22146: Tolerate bad MIME headers in parser.
avoids possible NULL dereference (CVE-2006-7248)
2012-02-28 17:23:58 +00:00
agc 1ce8f15ce5 Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
machine-readable manner.
2012-02-22 06:58:54 +00:00
agc c636a2b399 re-order the fields that we print out in the pgp_sprint_pubkey() function
to be more usual.

print out the name from within pgp_sprint_pubkey() rather than tagging it
onto the end of the output from the function.
2012-02-22 06:29:40 +00:00
christos 2552839412 Add configuration glue 2012-01-28 16:05:20 +00:00
christos 5936836493 Add build glue: no pkcs11 yes. 2012-01-28 16:04:12 +00:00
christos a3508f9e3b remove stray .TP 2012-01-28 16:03:46 +00:00
christos def4b137e5 we don't have -ldl 2012-01-28 03:05:53 +00:00
christos 9571548fef handle ctype lossage 2012-01-28 03:04:27 +00:00
christos 431955c163 import tpm-tools from sourceforge 2012-01-28 02:56:55 +00:00
christos 125dcfd019 add libtcs 2012-01-28 02:51:19 +00:00
christos 03a31f348d add build glue 2012-01-28 02:15:25 +00:00
christos 6af45b0d65 we only have <sys/endian.h> not <endian.h> 2012-01-28 02:11:18 +00:00
christos ed30c0ec40 add && defined(__NetBSD__) 2012-01-28 02:10:12 +00:00
christos 2134a889e1 - add && defined(__NetBSS__) where appropriate.
- we don't have <endian.h>, perhaps we should?
2012-01-28 02:09:08 +00:00
christos 8c24f147ac add && defined(__NetBSD__) 2012-01-28 02:08:11 +00:00
christos 0924657c8e cast to long the thread id before printing 2012-01-28 02:06:51 +00:00
christos 6a35549fad add && defined(__NetBSD__) where appropriate 2012-01-28 02:05:55 +00:00
christos 139fa20f38 don't inline functions whose body is not visible in all places used. 2012-01-28 02:03:41 +00:00
christos 5a1e8d4ef0 we want our role accounts to start with _ 2012-01-28 02:00:51 +00:00
christos 77931e2b39 remove erroneous extra .TP 2012-01-28 01:58:25 +00:00
christos 2d5f7628c5 import trousers 0.3.8 from sourceforge.
TrouSerS is the open-source TCG Software Stack
2012-01-28 01:35:04 +00:00
christos 3cbaf51ab7 description of cpl 2012-01-28 01:30:42 +00:00
drochner 2d831187ff pull in rev.22050 from upstream CVS, following secadv_20120118.txt:
Fix for DTLS DoS issue introduced by fix for CVE-2011-4108 (CVE-2012-0050)
2012-01-18 20:08:49 +00:00
drochner 4352041ede also pull in patches for older security problems (secadv_20110906.txt):
-rev.21358 for CRL verification vulnerability in OpenSSL (CVE-2011-3207)
-rev.21336 for TLS ephemeral ECDH crashes in OpenSSL (CVE-2011-3210)
2012-01-05 18:59:51 +00:00
drochner 716cca6308 pull in some patches from upstream CVS, following secadv_20120104.txt:
-rev.21964 for DTLS Plaintext Recovery Attack (CVE-2011-4108)
-rev.21961 for Uninitialized SSL 3.0 Padding (CVE-2011-4576)
-rev.21456+21954 for Malformed RFC 3779 Data Can Cause Assertion Failures
 (CVE-2011-4577)
 (rev.21456 is not mentioned in the advisory, but there is code overlap)
-rev.21958 for SGC Restart DoS Attack (CVE-2011-4619)
-rev.21956 for Invalid GOST parameters DoS Attack (CVE-2012-0027)
2012-01-05 17:32:02 +00:00
agc 1dafd61846 get rid of an old merge conflict which managed to creep through 2011-11-28 06:36:14 +00:00
joerg e7b856ae43 Unbreak MKINET6=no 2011-11-08 22:13:58 +00:00
joerg 9fa0321aa9 Separate strings correctly with ': ', not embedded NUL. Found by
mlelstv.
2011-11-04 11:54:46 +00:00
christos eaa3f157e9 Put back support for non PIC. 2011-10-21 17:57:45 +00:00
chs ed58cde6e4 add PIC support. 2011-10-21 15:08:41 +00:00
plunky f65a48c2ec max WARNS is 4 2011-10-13 17:23:28 +00:00
christos 002b0b4308 use cleantags 2011-10-08 19:30:02 +00:00
wiz 6b97660a0d Sort sections. 2011-09-23 16:22:00 +00:00
jruoho 008d0db94d Also note /etc/saslc.d. 2011-09-23 15:24:35 +00:00
jruoho ce1c27eb07 Build and install MLINKS for the libsaslc(3) functions. 2011-09-23 15:17:31 +00:00
joerg a85aba86f0 Use __dead. 2011-09-16 15:36:18 +00:00
joerg 6a878ae49f Reapply formatting cleanup 2011-09-16 15:36:00 +00:00
christos 6f47b6603c merge openssh-5.9 2011-09-07 17:49:19 +00:00
christos 7c6477cfd2 new openssh:
See http://www.openssh.com/txt/release-5.9
2011-09-06 20:17:08 +00:00
christos c708dfc2ea some stuff got removed in 5.9 2011-09-06 20:14:35 +00:00
joerg 90ee948ed8 Use __dead 2011-08-29 21:08:54 +00:00
elric 9f9617f826 Change the location of version.h from the old Heimdal srcs to the
new srcs.
2011-08-28 11:20:16 +00:00
elric 1ea30656a2 Change the location of version.h from the old Heimdal srcs to the
new srcs.
2011-08-28 10:28:35 +00:00
joerg 5cfa560df9 Avoid using non-literal format strings and optimizing code a bit at the
same time.
2011-08-25 15:37:00 +00:00
joerg cc096ecebe msg.c uses non-literal format strings 2011-08-25 15:30:54 +00:00
elric 0a56de1dcb This file should not have been imported. 2011-08-25 00:25:47 +00:00
dholland 84c562e368 Previous here required stdint.h. 2011-08-22 00:24:42 +00:00
christos 5434bb1cbb Remove gcc-4.5 hacks. I must have fixed them in a different pass. 2011-08-17 05:32:09 +00:00
christos 5573cb4a88 remove gcc-4.5 hacks; gcc-4.5 does not like fileno() to be unchecked, and
produces an unhelpful out of bounds array warning, so check it.
2011-08-17 05:30:01 +00:00
christos 0a61f86410 undo junk committed. 2011-08-16 09:43:03 +00:00
christos 6c83058fe2 kill non-literal format strings or document them. 2011-08-16 09:42:21 +00:00
christos 4e1d834d15 add extra cast for systems where sizeof(time_t) < sizeof(intmax_t) 2011-08-16 02:59:00 +00:00
elric 51efa0609e We shouldn't cast client_time to (intmax_t) because it is a char * not
an integer.
2011-08-16 01:14:57 +00:00
christos b4f44e540e use intmax_t to print times. 2011-08-15 21:00:49 +00:00
christos 641b42eda3 simplify the code; this is what asprintf() is for, don't re-invent it. 2011-08-14 11:19:51 +00:00
agc 6b77872003 default the format for recovering key data to be "human", rather than hard
coding it in the embedded calls.
2011-08-02 07:18:13 +00:00
agc 7c7d9aa184 plug some memory leaks in error paths 2011-08-02 07:16:56 +00:00
agc 5f50489b1b when matching pubkeys, also return the first (pgp) uid for the key in the
resultant key listing

when using json to format keys returned from libnetpgp, also prepare for
machine-readable format ("mr") as well as human ("human"), even though
it's not yet used.
2011-08-02 05:36:45 +00:00
christos 18eab2817e PR/45200: : J. Hannken-Illjes: Scp hangs after sending:
- check for vwrite() instead of read() to avoid read() being renamed by SSP
2011-08-01 15:55:00 +00:00
plunky 84e06c949d revert previous, actually cleanup the *_asn1-template.c files
in Makefile.rules.inc. They are generated when -one-code-file
is passed.
2011-07-31 09:58:19 +00:00
plunky 7d2b0ea36f Clean up intermediate asn1 template files
(this should reeally be fixed in <${HEIMBASE}/Makefile.rules.inc>
but I don't see where since they are not generated for all asn1 sources)
2011-07-31 06:49:03 +00:00
plunky d38e8168f4 cleanup vars.texi 2011-07-31 06:43:56 +00:00
joerg aa1008d816 Drop @GOTPCREL when accessing local variables. For yet unknown reasons,
our version of GNU as decides to silently ignore it. Never versions on
other systems and Clang actually keep it around and create bad object
files. The object files are identical after the changes modulo the GOT
entry in the symbol table.
2011-07-28 20:24:36 +00:00
matt 376bdd7ba0 Workaround around make bug by using an intermediate file/rule. 2011-07-27 03:18:52 +00:00
jym 767a408b3c Get rid of the "rep ret" trick in places where it is not needed. FWIW,
the "rep ret" trick is recommended by AMD as a branch prediction
optimization in certain circumstances (quoting their manual):

- any kind of branch (either conditional or unconditional) that has the
single-byte near-return RET instruction as its target

- a conditional branch that occurs in the code directly before the
single-byte near-return RET instruction.
2011-07-25 19:11:49 +00:00
joerg 9c5ebc857f Works with the integrated assembler again. 2011-07-25 09:36:10 +00:00
joerg f40b364521 Fix obvious logic error 2011-07-25 08:51:10 +00:00
christos 185c8f9719 - Merge conflicts
- WARNS=5
2011-07-25 03:03:09 +00:00
christos 9921411534 from ftp.openbsd.org 2011-07-24 15:08:11 +00:00
jym 714fcad23a Turn AES NI support code into something more readable.
i386 and amd64 both tested with their own chroot. No regression observed.
2011-07-22 22:50:55 +00:00
joerg 5158e28f3b Disable Clang's integrated assembler for the AES-NI files for now.
Somewhere in this mess of .byte streams, corruption happens. Disassembly
only shows slightly different filling of alignment sequences, further
analysis is needed.

XXX This should be rewritten to be proper assembler code
2011-07-17 19:48:31 +00:00
drochner 929391d8b0 remove SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -- openssl uses
another mechanism now, and these remainders break renogotiation with
(at least) tor and postgres
2011-07-07 18:11:18 +00:00
spz c22e711e00 cpuid and aesni additions for i386 2011-07-05 16:53:58 +00:00
spz 7d2aeb8d2a more pieces to enable using the assembler routines and aes-ni for amd64 2011-07-05 10:42:54 +00:00
spz e910cee8f4 fix some define and cleanliness issues relevant when test compiling
in dist (which we normally don't do)
2011-07-05 10:29:22 +00:00
spz 0d71cd5d7d use aes-ni for i386 also: from jym@ 2011-07-05 10:25:45 +00:00
spz 3619dd3d7c version bump second part 2011-07-05 10:06:10 +00:00
joerg fa1a81643b Fix memset usage. 2011-07-01 02:10:19 +00:00
agc 2008a1289b get some things off the TODO list
when initialising, recognise keys in a different order.

1. read the public keyring

2. if a userid has been specified, use it

3.  if not, check the configuration file (~/.gnupg/gpg.conf) for a
default user id

4, only read the secret keyring if we need to (decrypting or signing)

5.  if signing, and we still don't have a userid, use the first key in
the secret keyring

6.  if encrypting, and we still have no userid, use the first in the
public keyring

ssh keys remain the same as previously.
2011-06-28 03:35:28 +00:00
agc 00f7aade09 re-do the tests so that it's much easier to see at a glance which tests
passed and which failed.
2011-06-28 03:29:38 +00:00
agc e5bfab614c only attempt to load the secret key if we need to (for signing or for
decrypting).
2011-06-27 07:05:31 +00:00
wiz 7b95ccb149 Quote minus so it does not become a dash. 2011-06-25 12:43:03 +00:00
agc e63e4d57f9 change mj library to take an additional argument for a string type,
denoting its length. this allows binary strings to be encoded using
libmj.

escape magic characters in json strings in a more efficient manner.
the previous method was not scalable.

update callers to suit

bump libmj major version number

add examples to the libmj(3) man page
2011-06-25 00:37:44 +00:00
mrg c111245a78 apply some -Wno-error and/or -fno-strict-aliasing.
all of this should be looked at closer, but some of them are not
very trivial.
2011-06-22 02:49:41 +00:00
mrg 7496e29126 adjust a grep pattern to (only) match the right line with GCC 4.5.
from chuq.
2011-06-21 02:19:30 +00:00
mrg 493d341048 various build fixes for gcc 4.5. from chuq. XXX i'm not sure all of
these work properly wtf pointer aliasing, but there are no casts at
least...

the lib/libpuffs/puffs_priv.h is definately a real bug fix.

from chuq.
2011-06-20 09:11:16 +00:00
mrg 75e42fa7da remove most of the remaining HAVE_GCC tests that are always true in
the modern world.
2011-06-20 07:43:56 +00:00
spz 82dcaa0984 - fix a typo in libcrypto.pl
- refresh manpages
2011-06-13 18:53:31 +00:00
spz 9574586d3a fix AES-NI (using David Woodhouse's patch for OpenSSL 1.0.0) & re-enable
inclusion of AES-NI capability
builds, but is untested due to lack of hardware
2011-06-13 14:19:48 +00:00
spz f946e5a9cd remove unhelpful '.file' paths, just name the file itself 2011-06-13 06:22:08 +00:00
christos fd1d0fa83b fix warnings for the patented algos 2011-06-12 16:15:42 +00:00
christos abf33ee14d format fixes, prototype fixes, const fixes 2011-06-11 16:54:56 +00:00
spz f7ec5c1e8b more missing file mentions, kudos Kurt Schreiner (ks at ub.uni-mainz.de) 2011-06-06 13:43:48 +00:00
spz 0f31b40708 more missing files. Are we there yet? 2011-06-06 08:04:19 +00:00
spz 5865763239 add a bunch of files to the lib that we build. 2011-06-06 06:44:57 +00:00
spz 4a68bbbf8c re-gen of the assembler files created these
(changed files were committed previously)
2011-06-06 06:08:52 +00:00
spz 5bf0fb60b1 merge
It builds, which is an improvement to before. It may not work.
AES-NI is disabled and needs to be retrofitted yet
2011-06-05 23:09:44 +00:00
spz 4e3dcb232d Import OpenSSL 1.0.1 stable of 20110605:
this is sort of a sidegrade onto the release branch. Changes against the
last version imported:

*) Backport libcrypto audit of return value checking from HEAD, not
   all cases can be covered as some introduce binary incompatibilities.
   [Steve Henson]

*) Redirect RSA operations to FIPS module including keygen,
   encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
   [Steve Henson]

*) Add similar low level API blocking to ciphers.
   [Steve Henson]

*) Low level digest APIs are not approved in FIPS mode: any attempt
   to use these will cause a fatal error. Applications that *really* want
   to use them can use the private_* version instead.
   [Steve Henson]

*) Redirect cipher operations to FIPS module for FIPS builds.
   [Steve Henson]

*) Redirect digest operations to FIPS module for FIPS builds.
   [Steve Henson]

*) Update build system to add "fips" flag which will link in fipscanister.o
   for static and shared library builds embedding a signature if needed.
   [Steve Henson]

*) Output TLS supported curves in preference order instead of numerical
   order. This is currently hardcoded for the highest order curves first.
   This should be configurable so applications can judge speed vs strength.
   [Steve Henson]

*) Add protection against ECDSA timing attacks as mentioned in the paper
   by Billy Bob Brumley and Nicola Tuveri, see:

      http://eprint.iacr.org/2011/232.pdf

   [Billy Bob Brumley and Nicola Tuveri]

*) Add TLS v1.2 server support for client authentication.
   [Steve Henson]

*) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
   and enable MD5.
   [Steve Henson]

*) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
   FIPS modules versions.
   [Steve Henson]

*) Add TLS v1.2 client side support for client authentication. Keep cache
   of handshake records longer as we don't know the hash algorithm to use
   until after the certificate request message is received.
   [Steve Henson]

*) Initial TLS v1.2 client support. Add a default signature algorithms
   extension including all the algorithms we support. Parse new signature
   format in client key exchange. Relax some ECC signing restrictions for
   TLS v1.2 as indicated in RFC5246.
   [Steve Henson]

*) Add server support for TLS v1.2 signature algorithms extension. Switch
   to new signature format when needed using client digest preference.
   All server ciphersuites should now work correctly in TLS v1.2. No client
   support yet and no support for client certificates.
   [Steve Henson]

*) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch
   to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based
   ciphersuites. At present only RSA key exchange ciphersuites work with
   TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete
   SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods
   and version checking.
   [Steve Henson]

*) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled
   with this defined it will not be affected by any changes to ssl internal
   structures. Add several utility functions to allow openssl application
   to work with OPENSSL_NO_SSL_INTERN defined.
   [Steve Henson]

*) Add SRP support.
   [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]

*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
   [Steve Henson]

*) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
   elliptic curve NIST-P224 with constant-time single point multiplication on
   typical inputs.  EC_GROUP_new_by_curve_name() will automatically use this
   (while EC_GROUP_new_curve_GFp() currently won't and prefers the more
   flexible implementations).

   The implementation requires support for the nonstandard type __uint128_t,
   and so is disabled by default.  To include this in your build of OpenSSL,
   use -DEC_NISTP224_64_GCC_128 on the Configure (or config) command line,
   and run "make depend" (or "make update").
   [Emilia K<E4>sper <emilia.kasper@esat.kuleuven.be> (Google)]

*) Permit abbreviated handshakes when renegotiating using the function
   SSL_renegotiate_abbreviated().
   [Robin Seggelmann <seggelmann@fh-muenster.de>]

*) Add call to ENGINE_register_all_complete() to
   ENGINE_load_builtin_engines(), so some implementations get used
   automatically instead of needing explicit application support.
   [Steve Henson]

*) Add support for TLS key exporter as described in RFC5705.
   [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
2011-06-05 14:55:58 +00:00
tsutsui 5fbf2258b9 Handle implicit library dependency for static builds:
- libheimbase is required by libkrb5
 - libwind is required by libhx509
2011-06-04 02:08:50 +00:00
joerg a216da57a6 Default to -Wno-sign-compare -Wno-pointer-sign for clang.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
2011-05-26 12:56:24 +00:00
he 6cf367a4a1 Fix up Heimdal so that it can be built statically, allowing the
sun2 port to proceed beyond trying and failing to build Heimdal.
This is done by:

1) Stop pretending that libipc is a separate library, and instead
   build it as part of libkrb5.  The version map for libkrb5 needed
   to be updated to expose the required symbols from libipc.

2) The lexer in libhx509 needs to use its own prefix, so that the
   resulting library can be statically linked with a lexer which
   uses the default prefix.  This was hidden because libhx509's
   version map file (which is only used for the shared libs) hid
   away the lexer symbols.  Some defines needed tweaking as well
   to restore buildability.

3) Excplicitly mention all the required libraries in LDADD+= and
   make sure DPADD is set to correspond.  This allows static linking;
   earlier this relied on shared library dependencies to have all the
   libs pulled in.  In the process, convert to single-line LDADD+=
   and DPADD+= settings.  Use Makefile.inc for the common libraries
   to the extent possible.

Successfully built from scratch for i386 and sun2 several times,
and for lots of other ports as well.

Discussed with elric@ and christos@.
2011-05-25 19:21:16 +00:00
joerg e6f855c3ea Kill redundant unused extern. 2011-05-24 14:27:07 +00:00
joerg b4141daf2b Use proper format string 2011-05-24 14:26:55 +00:00
joerg 6b4fe8bf2c Revert, breaks the build. 2011-05-20 20:09:37 +00:00
christos 3076ce9d4c Let's see if we can get away with this for the sun2 port or we are going
to need to:
1. put the contents of libipc.a in libkrb5.a
or
2. install libipc.a [perhaps call it libkrbipc.a?]
2011-05-20 02:04:59 +00:00
christos 5db3bccf35 add missing prototypes. 2011-05-17 12:56:44 +00:00
christos 8d814b5aa6 fix main prototypes. 2011-05-16 00:08:33 +00:00
christos 0648f64e9b no more implicit types in c99 2011-05-15 23:43:56 +00:00
tsutsui df5bdfa0ca - fix build failure on CentOS 5
(it looks bash doesn't like redirection operators before commands)
- use ${TOOL_SED}
2011-05-15 15:10:12 +00:00
drochner 075df8afa4 remove generated binary files 2011-05-05 18:40:24 +00:00
jruoho ab0275b298 Clarify the comment on how to disable password authentication (i.e. the
combination of PasswordAuthentication=no and UsePam=yes still allow password
authentication). Fixes PR bin/32313 from Curt Sampson.
2011-05-03 13:04:00 +00:00
wiz ec676bfa64 Fix a typo. 2011-04-28 14:55:59 +00:00
wiz 968fda6223 Fix a typo. 2011-04-28 14:40:42 +00:00
wiz 9b5852d027 Typo fix. 2011-04-28 14:38:49 +00:00
wiz 7dd3adc79d Fix a typo and punctuation. 2011-04-28 14:34:33 +00:00
wiz 7c8df5b473 Fix typo. 2011-04-28 14:29:53 +00:00
wiz 5cdd89dee6 Typo fix. 2011-04-28 14:28:47 +00:00
wiz b319995661 Improve wording in description. 2011-04-28 14:24:18 +00:00
wiz 2fed8df9e0 Fix typo. 2011-04-28 14:21:52 +00:00
wiz 3643fab3aa Punctuation fix. 2011-04-28 14:18:08 +00:00
wiz 48b93558a9 Fix typo. 2011-04-28 14:16:40 +00:00
wiz db9c61275b Punctuation fix. 2011-04-28 14:15:53 +00:00
wiz ce5b3bb1f9 Heimdal is not an OS. 2011-04-28 14:04:02 +00:00
elric bf89f75cd0 Remove the definition of various X_DEPRECATED as userland has been fixed
to stop using functions defined as deprecated by Heimdal.
2011-04-24 22:24:14 +00:00
elric d4c49b6d11 Stop using -I/usr/include/gssapi and -I/usr/include/krb5. We must in this
case find kafs.h as krb5/kafs.h.
2011-04-24 14:09:39 +00:00
elric 25a58ef3ee Stop using functions that are marked as deprecated in Heimdal. 2011-04-24 14:01:46 +00:00
christos 1abb5f1349 Fix signed/unsigned warnings. Discover bug where < 0 case cannot happen,
and change it to >= 0 as intended.
2011-04-21 17:58:56 +00:00
christos aa50e01f38 Don't compare a pointer < 0; this is obviously a missed * here.
While here, remove shadow variable warnings.
2011-04-21 17:56:24 +00:00
elric fa5d8eb474 openssh and libsaslc depend on heimdal, so we need to wait for it to be
built.
2011-04-20 08:36:07 +00:00
he 847614d665 Some ports don't (need to) construct separate _pic libraries, so where
MKPICLIB != "yes", refer to libipc.a instead of libipc_pic.a.
Fixes the build for mips and vax.
2011-04-16 18:41:58 +00:00
martin a6bdf6b9f3 Use <sys/atomic.h> ops on NetBSD (instead of MD gcc-isms). Stopgap fix
to unbreak the build on some risc platforms.
OK: elric
2011-04-16 17:45:44 +00:00
elric 9b1e92ba03 Randomness isn't terribly necessary when we are building tools. 2011-04-15 21:03:51 +00:00
elric 649d0dafa9 No need to -lfl -ly. 2011-04-15 21:02:47 +00:00
elric 46d08ee707 We need to include nbtool_config.h when we build tools. 2011-04-15 21:01:22 +00:00
elric f321446158 Define an empty libinstall:: target instead of the prior methodology
which doesn't necessarily work everywhere.
2011-04-15 20:56:51 +00:00
elric b125a0825f I forgot to fix this. .BEGIN: is not appropriate for the creation of
these symlinks as during the make obj phase it would attempt to create
them in the current directory.
2011-04-15 19:41:11 +00:00
elric 98fbe74f8c Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal
to crypto/external/bsd/heimdal.  The latter was just imported as the head
of the Heimdal tree as of a few days ago.
2011-04-15 18:05:42 +00:00
elric f8f7efe31c On reasonably modern versions of Heimdal, you should not include krb5.h
to get the krb5 GSS functions.  gssapi/gssapi_krb5.h should be included.

[this is necesary for the next Heimdal upgrade as krb5.h inclusion is no
longer effective.]
2011-04-15 14:51:22 +00:00
elric d8282bb7a4 Also define GSSAPI_DEPRECATED and KRB5_DEPRECATED as NULL to complete the
work of the prior check in.
2011-04-15 14:41:11 +00:00
elric 8cb5359ca5 Need a variable to disable using an existent version-script.map as
dist/lib/kadm5 contains one but builds two libs only one of which
uses it.
2011-04-15 14:39:32 +00:00
elric 8263f47726 Fix $Id$ -> $NetBSD$ in our own include. 2011-04-15 12:19:20 +00:00
elric ecb7f4c28c For the duration of the import and upgrade, we eliminate the marking of
older interfaces as deprecated as this breaks the build and we want to
commit the changes in logical chunks.  We will revert this commit later.
2011-04-15 12:18:22 +00:00
elric 0037cd16e7 Quick makefile bits that will use a version-script.map file if it exists
when building libraries.
2011-04-15 12:16:31 +00:00
elric df8cd236ea Updates to man pages found as diffs in prior location in a batch. 2011-04-14 19:19:19 +00:00
elric c5a976719f From prior location. 2011-04-14 18:23:23 +00:00
elric b20725a7b5 From prior location:
revision 1.2
	date: 2010/04/02 15:26:17;  author: christos;  state: Exp;
	handle ctime returning NULL.
2011-04-14 18:22:35 +00:00
elric fb2eb8459a From prior location, handle ctime returning NULL.
revision 1.11
	date: 2010/04/02 15:25:04;  author: christos;  state: Exp;
	make it obvious to grep that ctime is being checked.

and

	revision 1.10
	date: 2010/04/02 15:23:17;  author: christos;  state: Exp;
	handle ctime returning NULL.
2011-04-14 18:21:32 +00:00
elric 54d91f2bd2 Turn inetd support back on. 2011-04-14 18:18:16 +00:00
elric 5792ac62ee Also take the $'s out from around $Id.*$ as well as $Id.* $. This change
was required because there are many unexanded $Id$'s in Heimdal when you
git clone.
2011-04-14 18:16:21 +00:00
elric 5d94aee4a8 Replicate changes to get_window_size() made in previous location:
revision 1.7
	date: 2010/01/24 16:45:57;  author: christos;  state: Exp;
	make the window size function return the lines and columns
	variables separately instead of depending on the existance
	of struct winsize. Technically I should bump the library
	version or version the symbol, but nothing seems to use
	this outside the library!
2011-04-14 18:12:08 +00:00
elric 363455e6cf Turn on the hack which disables Kerberos if there is no /etc/krb5.conf.
We should review this logic and come up with a better way to do this as
now that there are DNS SRV RRs for locating KDCs, the lack of a config
does not imply that Kerberos should be turned off.
2011-04-14 18:02:07 +00:00
elric 37b2f04395 Copy coverity alloc comments from old location. 2011-04-14 18:00:30 +00:00
elric b40995a48b Reimport Heimdal dist converted into NetBSD dist format. The prior
import did not catch all of the $Id$ tags because many of them are
unexpanded and the RE was only looking for expanded keywords.
2011-04-14 14:08:03 +00:00
christos 6a493f9311 no more amd, factor out more stuff. 2011-04-13 22:16:52 +00:00
elric 7a6a7ae08a Build framework for Heimdal. 2011-04-13 19:16:44 +00:00
elric bca0060340 Autogenerated headers for heimdal head-20110412. 2011-04-13 19:15:27 +00:00
elric 0b13a02041 Autogenerated files for HEIMDAL head-20110412. 2011-04-13 19:08:57 +00:00
elric b8d761750a Script to convert a git clone of Heimdal into our dist format. 2011-04-13 19:04:40 +00:00
elric 170f4091e1 Autogenerated headers for heimdal head-20110412. 2011-04-13 19:03:58 +00:00
elric 893dd9bedb _gss_DES3_get_mic_compat() requires that ctx->target has been defined, and,
well, it hasn't yet.  Move the call down to after it is defined and things
are better.
2011-04-13 18:30:04 +00:00
elric f22e4d20b3 Conditionalise the sqlite3 HDB backend. 2011-04-13 18:23:42 +00:00
elric ca1c9b0c53 Import latest Heimdal from the head of their git repository into the
new location for externally maintained software.
2011-04-13 18:14:29 +00:00
agc a2e4cd88b7 fix a repeated typo 2011-03-29 21:43:17 +00:00
wiz f96ea8d1d8 Sort sections. 2011-03-22 09:42:00 +00:00
jruoho bed0d8a5ad * Remove saslc_strmech(), which does not appear in the sources.
Instead, document saslc_sess_getmech().

* Add FUNCTIONS and describe the functions in a list for readability.

* Sort SYNOPSIS in the order of appearance in FUNCTIONS.

* Split couple of long paragraphs for readability.

* Split the code example into EXAMPLES.

* Add missing prototypes to SYNOPSIS.

* Small markup improvements.

No contextual change.
2011-03-22 07:06:02 +00:00
joerg 9674b81ed9 Introduce __weakref_visible to handle the different required visibility
for weak references. GCC 4.2+ and Clang require static, older GCC wants
extern. Change __weak_reference to include sym. This requires changes
the existing users to not reuse the name of the symbol, but avoids
further differences between GCC 4.1 and GCC 4.2+/clang.
2011-02-22 05:45:05 +00:00
joerg 729a0eaa85 Include bsd.prog.mk to ensure that make includes actually works. 2011-02-20 05:42:34 +00:00
christos 743bf4fef9 Re-do using bsd.files.mk 2011-02-20 05:17:47 +00:00
christos 761d5d7e88 don't install dirs. 2011-02-20 02:14:42 +00:00
christos 0498c1530c Add example configuration file from Anon Ymous and a README file from me. 2011-02-20 02:12:31 +00:00
christos 09484ebb41 improve error handling, from Anon Ymous 2011-02-20 01:59:46 +00:00
christos acb231545c Property name change:
SASLC_PROP_SERVICENAME ("SERVICENAME")
to
  SASLC_PROP_SERVNAME ("SERVNAME")

Hopefully this will avoid confusion with SASLC_PROP_SERVICE ("SERVICE").
SERVNAME is also closer to the name used in the RFC2831 ("serv-name").
(Discussed with christos@.)

Change the hash parameters to keep that collision-less after the above
name change.

While here, go back to using .Sh in the manpage for unknown section
headers as the PostScript output from .Ss is slightly different.
(Discussed with wiz@.)
2011-02-16 02:14:22 +00:00
christos 1fa7e8d953 From Anon Ymous:
1) Fix a memory leak in cipher_context_create().
2) Fix a goof in the construction of the digest-uri.
3) Allow SASLC_PROP_SERVICENAME to be a hostname qualified comma
delimited list of service names to select from and update the manpage
to reflect this.
4) Make libsaslc.3 pass mdoclint(1).
2011-02-15 18:36:08 +00:00
christos d02347a68e fix the loop sentinel. 2011-02-14 12:45:31 +00:00
christos 561e85ba95 Make all mechanisms optional, so we can compile in only the ones we want. 2011-02-13 05:39:52 +00:00
christos beea8b97d4 Fix botched merges of the patch that Anon Ymous sent. From Anon Ymous 2011-02-12 23:21:32 +00:00
christos 16e81cb945 fix size_t inconsistencies. 2011-02-12 22:46:14 +00:00
matt 97519f2fe4 Fix some LP64/IPL32 issues 2011-02-12 22:24:01 +00:00
matt bb5019fabd Don't use DPADD/LDADD for libraries. Use LIBDPLIBS instead. 2011-02-12 22:23:11 +00:00
christos e9a3875280 glue in saslc 2011-02-12 19:07:35 +00:00
christos e43cceb285 just include <sys/types.h>; don't inclue stdbool.h because postfix does not
like it.
2011-02-12 19:03:39 +00:00
wiz 17646a9411 Various formatting fixes and a typo or two. 2011-02-12 16:08:18 +00:00
wiz 35a4803959 Remove trailing whitespace and superfluous Pp before new sections.
Use Nm instead of Xr'ing itself.
2011-02-12 15:58:03 +00:00
christos 1fca038b42 remove NULL check, can't happen. 2011-02-12 14:24:18 +00:00
christos 19c14409b9 Changes from Anon Ymous:
Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
  stuff I can't recall at the moment)
- rewrite the manpage

The API changes have been heavily influenced by hooking this up to
postfix(1).

The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)

The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.

The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers.  Do any SMTP servers really support these security
layers?  Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.

The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else.  As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard.  The "auth-int" layer is much more likely
to be in compliance.

Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000).  This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared).  AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007.  rfc2831 is
still listed as standards track.  The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.

Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors.  My apologies in advance.

BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.
2011-02-11 23:44:42 +00:00
spz 03e283f07f fix for CVE-2011-0014 (OCSP stapling vulnerability in OpenSSL)
patch taken from http://www.openssl.org/news/secadv_20110208.txt
2011-02-10 06:04:54 +00:00
christos 8d527ef179 we have arc4random_buf and uniform now; no need for random.c 2011-02-05 16:01:57 +00:00
spz 0284f45be2 revert previous 2011-02-05 06:42:44 +00:00
spz 8b14c14461 fix compile 2011-02-05 06:23:58 +00:00
christos afbb9156b8 Fix CVE-2011-0539:
Legacy certificates generated by OpenSSH might contain data
from the stack thus leaking confidential information.
2011-02-04 22:11:09 +00:00
drochner 0bac615281 fix some merge botch and enable cryptodev support on NetBSD again 2011-02-03 19:44:05 +00:00
enami 342e3df70b Note that our installed sshd_config overwrite the LoginGraceTime to 600s. 2011-02-03 04:24:23 +00:00
wiz c147060a75 Remove trailing whitespace; new sentence, new line; mark up
NULL with Dv; fix Dd argument.
2011-01-29 23:38:34 +00:00
agc 6b63829157 sync sources with sourceforge repository, prompted by Mateusz Kocielski.
+ minor changes to free resources in error cases
+ update return values from some functions
+ wrap some long lines
+ more tests
+ add length argument to digest functions

an additional minor fix to make this build, and to libsaslc.3 man
page, by myself.
2011-01-29 23:35:30 +00:00
christos f10f86e23c avoid unused variable warning. 2011-01-09 23:17:36 +00:00
stacktic 5df88f3e65 Fixed strvisx usage 2011-01-03 18:55:41 +00:00
agc 70fd33655d avoid a double free - from Anthony Bentley. 2011-01-03 05:34:53 +00:00
agc 61b29b3185 Fix a double free[*], pointed out by Anthony Bentley.
[*] This was actually a triple free. We go all the way to 11.
2011-01-02 18:13:10 +00:00
agc 03e4221328 clean up lint (on amd64) 2011-01-01 23:00:24 +00:00
agc 8f197579aa get rid of some lint on amd64 platform 2011-01-01 22:29:00 +00:00
agc f14b9450fa Fix a problem with overrunning a base64 decoded number when decoding ssh
keys, from Anthony Bentley.

	% netpgpkeys --ssh -l --hash=md5
	1 key found
	signature  1024/RSA (Encrypt or Sign) 666f47feddcdb77d 2002-07-02
	Key fingerprint: e1d6 b328 8126 e8e3 666f 47fe ddcd b77d
	uid              machinename.com (/home/user/.ssh/id_rsa.pub) <user@machinename.com>

	% ssh-keygen -l -f ~/.ssh/id_rsa.pub
	1024 e1:d6:b3:28:81:26:e8:e3:66:6f:47:fe:dd💿b7:7d /home/user/.ssh/id_rsa.pub (RSA)
	%

ssh keys and netpgp work as above.
2011-01-01 19:53:53 +00:00
christos 3a75b4abed obvious pasto from Anon Ymous 2010-12-18 18:22:24 +00:00
joerg 5aa0f88941 Inline string that should have been const char [] in first place. 2010-12-07 22:50:37 +00:00
drochner ee60145ccf fix bug introduced by last security patch, from upstream CVS:
Don't assume a decode error if session tlsext_ecpointformatlist is
not NULL: it can be legitimately set elsewhere.
2010-12-07 10:03:29 +00:00
drochner ad512a613f openssl security patch of the day:
Fix a flaw in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one
on subsequent connections. See
http://www.openssl.org/news/secadv_20101202.txt
(CVE-2010-4180)
2010-12-07 09:10:21 +00:00
plunky f33b316b63 Remove the do-external-lib and do-gnu-lib targets, along with
external/lib/Makefile and crypto/external/lib/Makefile, replacing
them all with SUBDIRs directly from lib/Makefile.

compat/compatsubdirs.mk becomes simpler now, as everything is built
from lib/Makefile, meaning all the libraries will now be built under
compat so update the set lists to account for that.
2010-12-03 21:38:46 +00:00
he 1498aa522e Make this build for platforms which don't define HAVE_DLOPEN, notably
our sun2 port.  Eliminates "defined but not used" warnings turned into
errors by our setup.
2010-12-02 10:23:51 +00:00
he c9162fb054 Don't rely on the shared library dependencies to pull in the ssl and lber
libraries, for the benefit of static linking and our sun2 port.
2010-12-02 10:21:28 +00:00
agc e914232be0 avoid nameclash - call the generated user id variable "generated userid"
also keep the time of structure initialisation as an internal variable.
2010-12-01 22:14:52 +00:00
agc 735f63ec03 When generating a key, set the new key's userid (last 16 bytes of
fingerprint) as an internal netpgp variable.

This can then be queried using netpgp_getvar(netpgp, "userid") to find the
new key's id.
2010-12-01 22:01:41 +00:00
agc 2f97867c2d fastctype.[ch] source files are gone - use native <ctype.h> 2010-11-29 06:22:20 +00:00
agc fdfbba4976 I forgot that the fastctype.[ch] files were still in this directory, and
have no need to be here - remove them, and just use native <ctype.h>
2010-11-29 06:21:40 +00:00
agc ea16259905 Fix PR 44075 from Peter Pentchev, but do this by adding a
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3).  The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.
2010-11-29 04:20:12 +00:00
agc 231558cb25 Initial import of Mateusz Kociels SASL client library Summer of Code
project into the repository. The project was mentored by Christos
Zoulas, and written up here:

	http://netbsd-soc.sourceforge.net/projects/sasl_client_lib/

As discussed with Christos Zoulas.
2010-11-27 21:23:57 +00:00
adam 1d1ee67612 Removed roaming_common.c from COPTS sections 2010-11-23 07:12:01 +00:00
christos e0b2bf0fed - Remove ifdefs for roaming support, and enable by default
- Put roaming_dummy.c in libssh.a to satisfy linking needs for most programs
  other than ssh and sshd. ssh and sshd override the shared library (and static
  library) functions by linking in their own copy of the roaming functions.
- Bump libssh major.
- Fix compilation issue in evp hash buffer.
2010-11-22 22:19:53 +00:00
christos cfdd905320 add a missing GLOB_LIMIT to the new glob for completion. 2010-11-22 13:45:26 +00:00
adam b1f1f2bb9c Fix compiler warnings 2010-11-22 09:53:01 +00:00
adam 5db11ae917 Updated custom makefiles for OpenSSH 5.6 2010-11-21 19:19:21 +00:00
adam e2e742d499 We don't need dist/ssh-pkcs11-helper/Makefile 2010-11-21 19:11:09 +00:00
adam aef795aa71 Merge in our changes:
- Updated OpenSSH-HPN to hpn13v10
- Added OpenSSH-LPK patches to retrive pubkey from LDAP
- Replaced arc4random_buf() (which is not available on NetBSD) with arc4random
- Disabled roaming reconnect (otherwise: problem with undef symbols in libssh)
2010-11-21 18:59:04 +00:00
adam 34b27b53f1 Resolve conflicts 2010-11-21 18:29:48 +00:00
adam 264ec8a849 Imported openssh-5.6 2010-11-21 17:05:52 +00:00
drochner fe04c71aa0 apply patch from http://www.openssl.org/news/secadv_20101116.txt
to fix a race condition which can be exploited in a buffer
overrun attack (CVE-2010-3864)
2010-11-17 12:09:34 +00:00
wiz 9d2172fc04 Remove trailing whitespace. 2010-11-15 21:29:21 +00:00
agc 6b3f11714a There were still some throwbacks with the prefix '_ops' - rectify that to
be the standard "pgp_" - no functional change.
2010-11-15 08:56:30 +00:00
agc e2c60ad188 Don't prefix function names with "pgp_" if the functions are static. 2010-11-15 08:50:32 +00:00
agc 451e742596 Use a regular expression to match the various ASCII-armoured headers we
may encounter - fixes PR 44074 from Peter Pentchev in a different way.
2010-11-15 08:27:40 +00:00
agc 05e6b0bbe6 Changes to help with netpgp key generation and interoperability:
+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
  since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
  secret-sharing functionality for netpgp
2010-11-15 08:03:39 +00:00
agc b2d38cefdf Bring the netpgpverify(1) manual page into line with current output, etc.
With thanks to Jeremy Reed for the fixes.
2010-11-11 04:51:18 +00:00
agc 98c5ed6b49 make this compile on amd64: clean up a debug statement, pointed out by jak 2010-11-11 01:08:26 +00:00
agc b0df0a2281 Changes to 3.99.15/20101110
+ add support for partial blocks, defined in rfc 4880, and used fairly
extensively by gnupg where the input size may not be known in advance
(e.g. for encrypted compressed data, as produced by default by gpg -e)
2010-11-11 00:58:04 +00:00
agc 2e1539dfc7 Rename internal ops-ssh.h header file to ssh2pgp.h to better reflect its
use.
2010-11-07 21:41:38 +00:00
agc 67149907d3 Fix a build problem on OpenBSD (we're not the only one who has trouble
with their header files, it seems - insight from the tor project mailing
list).

And just so that the search engines can find it:

> In file included from ssh2pgp.c:39:
> /usr/include/arpa/inet.h:74: warning: 'struct in_addr' declared inside parameter list
> /usr/include/arpa/inet.h:74: warning: its scope is only this definition or declaration, which is probably not what you want
> /usr/include/arpa/inet.h:75: warning: 'struct in_addr' declared inside parameter list
> *** Error code 1

is fixed by including <netinet/in.h> before <arpa/inet.h> - found after a
long-distance debug session with Anthony Bentley - thanks!
2010-11-07 21:16:00 +00:00
agc fc1f8641b7 Take the internal functions and definitions back out of the implementation
namespace:

	:g/\<__ops/s//pgp/g
	:g/\<__OPS/s//__PGP/g
	:g/\<OPS/s//PGP/g

No functional change, regression tests complete successfully.
2010-11-07 08:39:59 +00:00
agc 3184965a25 Elgamal encryption and decryption has been done - take it off the list of
tasks to do.
2010-11-07 07:34:27 +00:00
agc c2430ca2f9 Add Elgamal decryption to netpgp. Inspired by (BSD-licensed) the
Elgamal decryption code from Postgresql by Marko Kreen.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp -d < f.gpg > f.netpgp
netpgp: default key set to "d4a643c5"
signature  1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid              Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% ls -al f*
-rw-r--r--  1 agc  agc  5730 Nov  6 23:53 f
-rw-------  1 agc  agc  1727 Nov  6 23:53 f.gpg
-rw-r--r--  1 agc  agc  5730 Nov  6 23:54 f.netpgp
% diff f f.netpgp
%

This makes DSA keys into first class citizens, since encryption and
decryption using DSA/Elgamal is now supported.
2010-11-07 06:56:52 +00:00
agc 37d8b79b30 Add the ability to perform Elgamal encryption to netpgp. Some of this
code is inspired by the (BSD-licensed) Elgamal crypto code in
Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of
MPIs, and its keys have a completely different structure, so much has
changed.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% gpg -d f.gpg > f2

You need a passphrase to unlock the secret key for
user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5)

gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19
      "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
% diff f f2
% ls -al f*
-rw-r--r--  1 agc  agc  5730 Nov  6 05:40 f
-rw-------  1 agc  agc  1727 Nov  6 05:40 f.gpg
-rw-r--r--  1 agc  agc  5730 Nov  6 05:41 f2
%
2010-11-07 02:29:28 +00:00