Commit Graph

1678 Commits

Author SHA1 Message Date
lukem 0f17222c1c Provide a passphraseless test key for the testsuite.
Use gpg to import the test key until netpgp's key management is overhauled.

Per discussion with Alistair.
2009-05-27 06:47:57 +00:00
agc d70007f532 CHANGES 1.99.5 -> 1.99.6
+ made --homedir=d consistent with POLS. Default is $HOME/.gnupg, and
  if a directory is specified with --homedir=d, the directory containing
  conf file and keyrings is taken to be "d".
2009-05-27 05:42:24 +00:00
agc 2df14e286f Use a relative path, rather than an absolute one, to find the source 2009-05-27 04:47:08 +00:00
agc 419050018f bump shlib version 2009-05-27 04:46:33 +00:00
lukem b79d450ba1 simplify definition of TESTROOT 2009-05-27 01:54:22 +00:00
agc c64158a1df CHANGES 1.99.4 -> 1.99.5
+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
  use const char * for file names and user ids, not char * - suggested by
  christos
+ change some of the openpgpsdk display functions to return integer values,
  and send those values back from the netpgp functions - suggested by
  christos
+ rather than passing a shedload of variables to netpgp_init(), get rid
  of them, and set variables using the netpgp_[gs]etvar() interface
+ replace some magic constants with descriptive names
+ use a netpgp variable to skip userid checks if necessary
+ add ability to allow coredumps via --coredumps if (a) you have taken
  leave of your sanity, and (b) you have some magical persistent
  storage which doesn't spare sectors, and (c) you know how to remove
  a file securely
+ bumped library version on NetBSD to 1.0 for interface changes
2009-05-27 00:38:26 +00:00
lukem b0d9fe21fa regenerate 2009-05-26 05:47:32 +00:00
lukem 14bfdb876a rcsid fixup 2009-05-26 05:42:25 +00:00
lukem 9d4ec13409 simplify header install 2009-05-26 05:41:41 +00:00
lukem fa0f212aba Improve SHA256_CTX checks; OS/X provides it in <CommonCrypto/CommonDigest.h>
even though their <openssl/sha.h> is too old.
2009-05-26 05:40:03 +00:00
lukem 5fc6630f84 Install libnetpgp.3.
Don't build -static
2009-05-26 05:20:25 +00:00
lukem 074150647a Provide a generated config.h in the NetBSD build reachover. 2009-05-26 05:11:17 +00:00
lukem bd9a120207 regen from configure.ac 1.13 2009-05-26 05:03:57 +00:00
lukem dd536fdc21 - Require <bzlib.h> -- don't just check for it.
- Check for types: long long, size_t
- <openssl/sha.1> needs <sys/types.h> on some platforms
2009-05-26 05:03:08 +00:00
lukem 1c576705ba Overhaul build infrastructure:
- use automake to generate the Makefile.in
- style reorg in configure.ac
- ensure <openssl/sha.h> provides SHA256_CTX (openssl 0.9.8 or greater)
- move the "build helpers" to buildaux
- add a rudimentary (and not yet functional) test suite

(There's still more to do.)

Per chat with Alistair.
2009-05-26 04:27:28 +00:00
lukem 11076a94d7 remove a generated file 2009-05-26 04:20:22 +00:00
agc 6715e11a99 CHANGES 1.99.3 -> 1.99.4
+ get rid of some magic constants
+ revamped regression test script to count number of tests passed
+ made checkhash array in ops_seckey_t dynamic, rather than statically
  allocated
+ made mdc array dynamic, and added a length field to mdc for future use
+ revamped usage message to match reality
+ made portable version again for the autoconfed package sources
+ add separate netpgpdigest.h file so that separate digest sizes can be
  used without having to include "packet.h" in everything
2009-05-25 06:43:31 +00:00
stacktic 9cdc17cae0 Fixed strvisx usage (ok Christos@) 2009-05-23 14:43:36 +00:00
agc b6d342175b CHANGES 1.99.2 -> 1.99.3
+ modified regression tests to make it easier to see status messages
+ modified --encrypt, --decrypt, --sign, and --clearsign as well as --cat
  to respect the --output argument for the output file. Default behaviour
  remains unchanged - if --output is not specified, standard file names
  and suffixes apply. Note that --verify has not been changed - this is
  for compatibility with gpg, POLA/POLS, and because --verify-cat/--cat
  provides this behaviour
2009-05-22 02:28:54 +00:00
wiz 3f570851bc New sentence, new line. Add ".An -nosplit" to AUTHORS section for better
formatting. Mark up filenames with .Pa. Remove trailing whitespace. Try
only using mdoc macros. Some other minor nits fixed.
2009-05-21 09:21:35 +00:00
agc 2eb852f377 Get rid of a few TODO items that aren't needed. 2009-05-21 00:35:01 +00:00
agc 648b5a9919 CHANGES 1.99.1 -> 1.99.2
+ various minor cleanups
+ fix longstanding pasto where the key server preference packets are
  displayed with the correct ptag information
+ up until now, there has been an asymmetry in the command line
  options for netpgp(1) - whilst a file may have signature information
  added to it with the "--sign" command, there has been no way to
  retrieve the contents of the file without the signature.  The new
  "--cat" option does this (there are synonyms of "--verify-show" and
  "--verify-cat") - the signature is verified, and if it matches, the
  original contents of the file are sent to the output file (which
  defaults to stdout, and can be set with the --output option on the
  command line).  If the signature does not match, there is no output,
  and an EXIT_FAILURE code is returned.
+ revamped netpgp(1) to make it clear what commands are available, how
  these commands relate to each other, and which commands take custom
  options
2009-05-21 00:33:31 +00:00
vanhu f61fedc250 typo 2009-05-20 07:54:50 +00:00
agc 7e7091d626 Remove files which aren't used any more 2009-05-19 20:07:32 +00:00
tteras 68ab535bfd From Jukka Salmi: Fix couple of typos from previous commit. 2009-05-19 09:34:52 +00:00
agc 0df5e957ce CHANGES 1.0.0 -> 1.99.1
+ released and tagged version 1.0.0; development version now 1.99.1
+ get rid of some fields which are no longer needed
+ minor name changes
+ add mmapped field to ops_data_t struct to denote that the array needs an
  munmap(2) and not a free(3)
+ add an __ops_mem_readfile() function, and use it for reading files.
  The function does mmap(2), and then falls back to read(2) if that fails.
  Retire unused __ops_fileread() which had an unusual interface
+ drop sign_detached() from netpgp.c down into signature.c as
  __ops_sign_detached()
2009-05-19 05:13:09 +00:00
tteras 0ab43f031c From Tomas Mraz: Introduce union sockaddr_any and use it to make code
more readable. Related to trac #293.
2009-05-18 17:40:38 +00:00
tteras ef94861331 From Tomas Mraz: Remove variable that is not really used; only referenced
while uninitialized causing valgrind error.
2009-05-18 17:07:15 +00:00
tteras 5e83df8c82 From Tomas Mraz: Fix natt_flags check. 2009-05-18 17:00:42 +00:00
agc f4badd9b47 + some more name changes
+ we've had the ability to sign files with a detached signature for
  a while now. We can now verify the files using the detached signature
  file.
+ in honour of this, update version numbers - 1.0.0/20090517
2009-05-18 03:55:42 +00:00
he 8cce58a8c3 Add LDADD+= and DPADD+= settings so that this builds on sun2 as well,
where we can't rely on shared libraries expressing the needs of the
program.
2009-05-17 11:38:42 +00:00
agc 57324b9f3d + don't use arrays of length 1 to hold single instances of characters,
unsigned or not - just use a single character itself
+ misc cleanup
+ rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to
  be a bit more descriptive
+ shorten some long names
+ get rid of test for libgen.h - it's not needed anymore
+ bump to version 0.99.4, and 20090515 sources, regenerate configure and co
+ numerous name changes to be more consistent and more concise
+ add verbosity level to the variables that can be set and retrieved by
  netpgp_setvar() and netpgp_getvar()
+ added --verbose option to netpgp(1)
+ add __RCSID() to all files
2009-05-16 06:30:38 +00:00
wiz 4cb2500307 Remove trailing whitespace. 2009-05-14 09:42:09 +00:00
agc 4b3a3e1885 + got rid of "local" header files. These aren't necessary since the openpgpsdk
code was modified to all be in the same directory
+ added netpgp_getvar() and netpgp_setvar(), and use them to get and set the
  user id and hash algorithm preference
+ get rid of <stdbool.h> usage - I'm still not sure this is the way we should
  be going long term, but the bool changes got integrated with the others,
  and are there in cvs history if we want to resurrect them. Correct autoconf
  accordingly. Bump netpgp minimus version, and autoconf-based date version.
+ updated documentation to reflect these changes
2009-05-14 03:59:53 +00:00
agc 2232f8005f Commit the weekend's changes:
+ minor name changes
+ remove duplicated code (commented out) in packet-print.c
+ original code contained abstraction violations for hash size - fix them
+ get rid of some magic constants related to length of hash arrays
+ allow a choice of hash algorithms for the signature digest (rather
  than hardcoding SHA1 - it is looking as though collisions are easier
  to manufacture based on recent findings)
+ move default signature RSA hash algorithm to SHA256 (from SHA1). This is
  passed as a string parameter from the high-level interface. We'll
  revisit this later after a good way to specify the algorithm has been
  found.
+ display the size of the keys in --list-packets
+ display the keydata prior to file decryption
2009-05-12 00:37:52 +00:00
agc b1b5870651 + add a --help option
+ if setrlimit exists, set the core dump size to be 0
  (with thanks to mrg for the reference implementation)
+ get rid of __ops_start_cleartext_sig/__ops_start_msg_sig abstractions
  and just "export" the __ops_start_sig function - the function is not
  actually exported, just usable by other __ops functions
+ bump internal version number to 0.99.2, autoconf version to 20090506
+ prettify usage message output
2009-05-08 06:06:38 +00:00
agc 5b5e53256c Make it obvious what the pointer refers to, rather than its type. 2009-05-06 14:26:12 +00:00
agc 0c31095918 More cosmetic changes, no functional differences. 2009-05-06 07:01:43 +00:00
agc 3326c4c54b Change some names to something a bit less obscure.
e.g. For some unfathomable reason, I find "__ops_write_mem_from_file" a bit
counterintuitive - replace that by "__ops_fileread"
2009-05-06 03:02:02 +00:00
agc 0d85ad6ad7 Don't bother searching for assert.h, it's not needed any more 2009-05-05 15:29:46 +00:00
agc ed0df671c8 Get rid of remaining assert()s in netpgp. 2009-05-05 15:25:27 +00:00
agc bcfd85659b + __ops_packet_t -> __ops_subpacket_t
+ __ops_parser_content_t -> __ops_packet_t
+ rename some other long names
  51 chars is the record function name length so far
+ preliminary moves to support detached signatures
  as yet, incomplete
+ add back command line option to list packets in a signed or encrypted file
+ make __ops_parse() take an argument whether to print errors, and kill the
  __ops_parse_and_print_errors() function
+ get rid of some assertions in the code - this is a library - about 100 to go
2009-05-05 01:28:15 +00:00
wiz decd684ac0 Remove superfluous spaces around parentheses. 2009-05-04 22:28:30 +00:00
wiz 14a563a89f Punctuation. 2009-05-02 09:40:33 +00:00
wiz c6b94f4c8a Bump date for netpgp_sign_file signature change. 2009-05-02 09:40:01 +00:00
agc ea53d15fcc Reorder the args to a static function to mirror some other function calls.
Attempt to use mmap(2) to read a file, and fall back to multiple read(2)
calls if that fails.
2009-05-02 04:19:43 +00:00
agc 7cf9b94e1a Document the way to get detached sig files from this library 2009-05-02 02:44:36 +00:00
agc 32262391d9 Give credit where credit is due. 2009-05-02 02:43:15 +00:00
agc de70477951 Make this code WARNS=4
Add an option to the netpgp command to produce a detached signature.
2009-05-02 02:38:54 +00:00
agc 71e559c1d8 Fix a build failure reported by Perry 2009-05-02 02:31:35 +00:00
agc 1991192fb5 Retire openpgpsdk - replaced by netpgp 2009-05-01 23:10:29 +00:00
agc 794ef7cba4 Don't descend into openpgpsdk directory - it's about to go away. 2009-05-01 23:00:37 +00:00
agc 1f71d3ede1 Build the netpgp library with WARNS=3 2009-04-30 04:59:14 +00:00
agc 8507301865 WARNS=3 fixes 2009-04-30 04:57:57 +00:00
tteras ec20a1edf8 From Ross Meng: Fix a memory leak in X509 certificate validation. 2009-04-29 10:50:01 +00:00
agc b0de80b42e Sync the portable autoconfed Makefile with reality 2009-04-28 20:51:16 +00:00
agc 763288c777 Sync the portable autoconf Makefile with reality 2009-04-28 20:50:48 +00:00
agc aa732d7398 Don't try to be clever here - sizeof(uint32_t) will always be 4... 2009-04-28 20:49:57 +00:00
tteras 8bcee86f68 Reset nat_oa variables too when reusing phase two handler. Otherwise
phase2 rekeying might fail in some scenarios.
2009-04-28 13:54:07 +00:00
wiz 4ad6ecab0a Use Fl Fl for long flags. 2009-04-28 09:19:15 +00:00
wiz fefeeb6f5e Fix In argument (no <> needed). Use .Pa for paths. Drop trailing space.
Punctuation nits.
2009-04-28 07:59:35 +00:00
wiz 7d7afa233d Fix xrefs, comment out the one to libbz2 (no man page exists for that). 2009-04-28 07:56:19 +00:00
agc 167587fd07 Clean up minor pieces of lint 2009-04-28 00:41:40 +00:00
agc 702f5adb30 Use .Ar properly 2009-04-28 00:40:45 +00:00
agc f5bbd5a825 Let's allocate enough space for the keyring structure, and not a pointer to it. 2009-04-26 16:55:44 +00:00
agc ee219f892b Enable netpgp in the build, and amend set lists accordingly. 2009-04-25 05:54:50 +00:00
agc efdd9dba1e WARNS=4 changes 2009-04-25 01:29:14 +00:00
agc ea21613ec1 Remove artefacts which should not have been imported - sorry for the noise 2009-04-24 01:05:59 +00:00
agc 93bf6008f8 Import netpgp source into crypto/external - this is a heavily-modified
version of openpgpsdk, and will replace it. Differences between netpgp
and the NetBSD repository version of openpgpsdk are:

+ Wrap source code in GNU autoconf/configure
+ New high-level interface for libnetpgp(3) and netpgp(1)
+ Hide prolifery of local headers in the internal lib directory -
  there is now one exported header called netpgp.h
+ Hide all ops_* functions and structs behind __ops_* names
+ Fix long-standing bug - make decryption work with files > 8192 bytes
  (fix for signature verification of signed files > 8192 bytes was already
  brought forward from the NetBSD repository of openpgpsdk)
+ Use mmap(2) to read files, falls back to read(2) if can't do mmap
+ Compile portable package using libtool
+ Rationalise the number of source files - merge a number of smaller ones
+ Case-insensitive matching of key ids
+ Use PRIsize throughout
+ Use calloc(3) throughout to zero memory
+ Get rid of global symbols which abused a macro
+ Use more descriptive names - remove "_arg_" components, name things for their
  purpose, rather than what they are (their type)
+ No more --passphrase= argument to netpgp(1) - this is now always
  done through callbacks
+ Report source code date and build date in version number, as well as the
  version number itself

This will form the basis of the portable netpgp package.
2009-04-23 06:31:55 +00:00
joerg 4287c61008 Apply rev 1.21 from src/lib/libcrypto/man/ssl.3:
Fix typo.
2009-04-22 13:10:33 +00:00
tteras 95b420bbeb From Neil Kettle: Fix a possible null pointer dereference in fragmentation
code.
2009-04-22 11:24:20 +00:00
tteras fab62310e7 Fix strict_address to work again. The lists needs to be initialized
before configuration is read, which happens before my_addr_init() call.
2009-04-21 18:38:31 +00:00
tteras 7019ec4077 Fix a memory leak in certificate request generation. 2009-04-20 13:24:36 +00:00
tteras f273c7c2bb Orignally from Bin Li: Fix possible memory corruption in binsanitize(). 2009-04-20 13:23:54 +00:00
tteras a2f9e36ab3 From Stephen Bevan: Fix a x509 signature verification memory leak. 2009-04-20 13:22:41 +00:00
tteras b1fd61f62f Originally from Bin Li: Fix a crash with racoonctl logout user. 2009-04-20 13:22:00 +00:00
tteras 8759a6c72c Fix a memory leak in nat-t keepalive code. 2009-04-20 13:17:35 +00:00
tteras 8c22b469e0 From Paul Moore: Phase2 message id's should be unique wrt phase1, not
globally.
2009-04-20 13:16:52 +00:00
lukem 0b173a25f2 Redo previous -- cast to (unsigned char) 2009-04-14 21:58:36 +00:00
apb 74214207d5 Fix two bugs in handling banners in sshconnect2:
1) If the length of the banner is zero, don't bother printing it.
   This can happen if the remote server has a zero-length /etc/issue
   file.  Previously, ssh would die with "xmalloc: zero size".
2) strvisx() needs an extra byte for the nul terminator.
2009-04-14 11:53:40 +00:00
lukem e015e1d018 Call toupper() with an int argument. 2009-04-14 10:03:55 +00:00
yamt cdc5fc06ff restore INETD_SUPPORT. PR/40722. 2009-04-09 06:34:34 +00:00
drochner fb693f55f7 apply patches from upstream CVS to fix 3 security problems:
-ASN1 printing crash (CVE-2009-0590)
-Incorrect Error Checking During CMS verification (CVE-2009-0591)
-Invalid ASN1 clearing check (CVE-2009-0789)
2009-03-27 10:41:29 +00:00
perry 4bfc10355c add missing commas to .Dd fix, pointed out by wiz 2009-03-22 14:29:34 +00:00
perry c8a35b6227 OpenBSD uses a custom CVS hack to handle Dd fields ($Mdocdate$) which
we don't have. Replace ".Dd $Mdocdate" with ".Dd Month Day Year" so
that the date comes out right when man pages get built. This will
doubtless need hand conflict resolution whenever these pages are
re-imported.

Note that it would be interesting to have some similar facility for
NetBSD, but I don't think a custom rcs keyword is the right thing --
maybe we can teach groff to parse $Date$
2009-03-21 00:15:52 +00:00
tteras 0c68acc1de From Arnaud Ebalard: Fix couple of problems with previous commit. 2009-03-13 04:49:16 +00:00
he 976380d183 When casting to/from a pointer to an integral type (a bad practice,
if you ask me), you need to cast via intptr_t for portability.
2009-03-12 23:05:27 +00:00
wiz 2df943f931 New sentence, new line. Avoid marking up punctuation. 2009-03-12 15:18:57 +00:00
wiz 0d4480d10a Bump date for previous. Sort options to establish-sa.
Stop using Xo/Xc.
2009-03-12 14:01:09 +00:00
tteras 983cc8fecf Support multiple anonymous remotes and decide remoteconf based on identity,
received certificates and other information. General code clean up.
2009-03-12 10:57:26 +00:00
joerg 997634fe14 Fix preamble to match order set out by mdoc(7). Discussed with wiz. 2009-03-09 19:24:26 +00:00
tteras e3372d2f8f setkey: fix deleteall in Linux
Linux requires SADB_DELETE message to have SPI. So send
a SADB_DELETE message for each matching SA. Trac #284.

From: Gabriel Somlo <somlo@cmu.edu>
2009-03-06 11:45:03 +00:00
he 64be3821eb This program also uses the following libs: -lcrypto -lz -lbz2.
Add them explicitly so that this program links for sun2 as well.
2009-02-23 08:25:07 +00:00
agc 88ba3068b1 Use one struct for both zlib and bzip2 decompression. 2009-02-22 16:29:33 +00:00
agc 7bc38e3159 Use pointers to traverse some arrays, and make the code a bit more
readable.
2009-02-20 02:47:54 +00:00
agc 5d3eeabad1 Be a bit less zealous when copying memory, so that we don't copy beyond
th end of the buffer, and provoke a core dump.
2009-02-20 02:45:43 +00:00
christos ce563f1b55 CID 4960: Plug memory leak. 2009-02-18 20:10:23 +00:00
uebayasi aa58ef4867 Revert previous for now. The hidden intent was to rewrite duplicate rules
of ${TOOL_COMPILE_ET} seen in lib/*/Makefile, using make(1) suffix rule.
But I have not figured out the best way yet.

(The reason why I want to rewrite them is to strip absolute paths embedded in
/usr/include/krb5/*.h.)
2009-02-18 01:18:57 +00:00
dogcow 0d280a6b94 sig_atomic_t is long on alpha (?!); use %ld and cast to long. 2009-02-17 05:28:32 +00:00
uebayasi 5b1f280b89 To name output files, replace only suffix part exactly. 2009-02-17 05:24:14 +00:00
christos 79290a1b6f remove extra args. 2009-02-16 22:50:17 +00:00
christos 9341d6b102 put back deleted files 2009-02-16 20:55:22 +00:00
christos abbe9cc1c0 merge changes 2009-02-16 20:53:54 +00:00
tteras b1ab726a1a From Paul Moore: Fix a heap corruption bug (yacc return non-null terminated
buffer and sprintf writes over bounds).
2009-02-16 18:36:21 +00:00
christos 9d3c9d9c55 from ftp.openbsd.org 2009-02-16 17:14:22 +00:00
jmmv 44d668a632 Fix build; need to constify the return value of a function. 2009-02-13 22:01:05 +00:00
lukem d237abe695 fix -Wsign-compare issues 2009-02-12 10:43:41 +00:00
vanhu 3723c0b8cf trac#301: fixed IPsec SAs flush in purge_remote() when NAT-T enabled but no NAT-T on tunnel 2009-02-11 15:18:59 +00:00
agc 00be53a929 Remove argument names from function prototypes in header files. 2009-02-07 07:00:01 +00:00
agc fd38df44a9 Be a bit more consistent with the naming scheme (and a bit less verbose). 2009-02-07 05:57:39 +00:00
agc 47eb47e6b3 The catch-all header file also includes version.h now, in case we want
to display the version number of the openpgpsdk library.
2009-02-07 05:37:57 +00:00
agc 6aef23c4e0 Re-order header file inclusion order to be alphabetic.
Print out the version number of the openpgpsdk library when showing the
version string.

Parse the existing ~/.gnupg/gpg.conf to get the default user id, if any.

Use the actual size of the arrays in snprintf(), rather than a size which
may or may not be accurate.

Get rid of an unused 8K array on the stack - it's not needed.
2009-02-07 05:36:51 +00:00
agc 02ebfd8cdc Minor cosmetic change - no functional difference. 2009-02-07 05:32:27 +00:00
agc 852e7a06c8 Be a bit less rigid when re-allocating memory - don't just keep doubling
the size we've allocated; instead, if the current size is more than 8 MiB,
then add 1 MiB on; current behaviour remains unchanged for re-allocations
less than 8 MiB.
2009-02-07 05:31:28 +00:00
agc c62065c7b1 Check the characters we're given when trying to decide whether it's a
key id, or a user id/name.
2009-02-07 05:28:55 +00:00
agc eab6d9dfa6 Only use O_BINARY if it's defined (rather than the vague WIN32 definition
test).

Minor cosmetic changes
2009-02-07 05:26:19 +00:00
agc 203a89fce5 Fix a bug which prevented files signed with an RSA public key from being
decrypted.
2009-02-06 06:36:03 +00:00
agc 80a7466337 No need to define our own ops_boolean_t, ops_true and ops_false when
there are perfectly good values like bool, true and false waiting to
be used in <stdbool.h>
2009-02-05 06:03:49 +00:00
agc dda6c6990e When signing or encrypting files, allow the userid to be specified using
the (8 or 16) character keyid.

One more thing off the TODO list.
2009-02-05 01:42:39 +00:00
tteras ee2923bc73 From: Phil Sutter. Fix script environment variables with IPv6 addresses. 2009-02-03 20:21:45 +00:00
agc 57ef716bf6 Document the --version switch to print out the version information from
the libopenpgpsdk(3) library
2009-02-02 20:24:36 +00:00
agc c350af2e45 Document the function to get the version information for the openpgpsdk
library.
2009-02-02 20:21:26 +00:00
agc 40cade5517 Add a --version command to the openpgp utility, and document it. The
version is grabbed from the openpgpsdk library.

Make openpgp just include the one catch-all openpgpsdk header file.
2009-02-02 20:13:59 +00:00
agc fed46fd602 Remove a block of text, which wiz had commented out - it was not meant to
be.
2009-01-31 16:00:18 +00:00
wiz 127b1b6933 mdoclint cleanup:
remove trailing whitespace and a few nits.
2009-01-31 14:16:34 +00:00
wiz 8edb63eafb Add all options to SYNOPSIS.
Sort option descriptions.
Describe --passphrase, while it still is supported.
Use more markup.
Comment out block of text that didn't make sense to me in the context.
Punctuation improvements.
2009-01-31 14:14:10 +00:00
agc fce523c3f5 Get rid of 3 static functions which performed the same operation on 3
different arrays, and replace them with a function which takes the array
and size as arguments. No functional change.
2009-01-31 02:33:22 +00:00
agc aa5adc9663 Cosmetic change to surround the argument to sizeof in (brackets). No
functional change.
2009-01-31 01:44:31 +00:00
agc d2d3b6f70a Get rid of all occurrences of ops_mallocz(), since all it did was allocate
zeroed storage, and calloc(3) seems to do that just fine.
2009-01-31 01:20:32 +00:00
agc f058249f4f Add a manual page for the openpgpsdk library - very bare bones right now,
all contributions gratefully received.

Also add a convenience header file, which includes the other necessary
openpgpsdk header files - this means that

#include <openpgpsdk/openpgpsdk.h>

will get all the necessary definitions and declarations.
2009-01-31 00:48:18 +00:00
wiz 22e63019c0 mdoclint cleanup:
Sort sections.
Make HTML-ready.
Add RCS Id.
Fix section and man page names.
2009-01-30 22:59:37 +00:00
agc c804754594 Make source match the documentation (I thought I'd committed these yesterday,
but it seems not).

Bump default number of bits from 1024 to 2048.

Add --armor as a synonym for --armour, and prepare for the great spelling war
of 2009.
2009-01-30 21:39:42 +00:00
agc 990ca9e392 Mac OS X has a CommonDigest wrapper around openssl - use this if necessary. 2009-01-30 04:16:15 +00:00
agc 467d65ac1a Add a manual page for openpgp.1 (all contributions welcome, it's incomplete
right now).

Explain the reason for the WARNS=0 directive in openpgp(1)'s Makefile.
2009-01-30 04:14:19 +00:00
agc 00bc87c557 Run all the sources through indent.
Always print fingerprint information for keys when listing them.

Always display the publick key algorithm used (because of a bug, the
algorithm name was being ignored, rather than printed out).
2009-01-29 05:14:44 +00:00
martin b9c66cb587 avoid comment inside comment 2009-01-28 19:03:10 +00:00
agc fff13c1447 Fix problem in build reported by Paul Goyette 2009-01-28 17:27:35 +00:00
agc 06a360215d Move to /* ... */ style of comments in this code - facilitates running
indent on the code.
2009-01-28 16:54:20 +00:00
agc 8da84dc021 Abstract away all the %zu uses, and use a symbolic constant for them.
With thanks to uwe for the information to make this portable.

Expose the ops_memory_t structure, since we're now using it outside
its own source file.

Various cosmetic changes, mainly for debugging purposes.
2009-01-28 01:29:15 +00:00
agc ff02cd3e84 Use some symbolic constants where possible - take some of the magic out
of this.

Make the --list-keys command work again.
2009-01-28 01:24:49 +00:00
tnn c7c8fe9828 Fix previous. That should of course be %zu. 2009-01-27 17:15:26 +00:00
tnn b7888d42fa use %zd for size_t 2009-01-27 15:34:39 +00:00
agc ed31bb989a The existing code has problems verifying a signed file which is more
than 8192 bytes long, as the callback data simply assigns any data it
receives to a buffer, and then calls the hash function on that buffer
when EOF is reached.

Use an inefficient temporary workaround for this by holding the memory
in a temporary buffer in the callback argument structure.
2009-01-27 02:25:13 +00:00
tteras 98b638ac57 Argument parsing needs lcconf initialized. 2009-01-26 18:13:06 +00:00
veego 1ac066df3f Print size_t values using %zu printf format, not %ld
Thanks to Havard (and Matt Thomas) for pointing that out.
2009-01-25 13:38:17 +00:00
he 80506ca579 As Matt Thomas points out, %zu, not %zd, is the correct format
for size_t, since it's unsigned.
2009-01-25 13:31:58 +00:00
lukem 525b9d1b49 sign-compare fixes 2009-01-25 10:13:18 +00:00
agc ccc9f1a9af Make this compile after the last lint corrections 2009-01-25 01:49:20 +00:00
christos 1449463f65 try to fix the mess of headers:
- including each other
- calling non types _t
- doing forward enum declarations
- trailing , in enum
- some lint annotations
2009-01-24 19:55:33 +00:00
christos eb0c1ab347 small cleanups:
1. lint annotations
2. some size_t
3. remove silly breaks
2009-01-24 19:42:20 +00:00
he 6568aa2748 No, our openssl _encrypt routines do not take a *size_t as the 6th
argument, they take an *int, and those are not necessarily compatible.
Papering that over with a cast just gets us a warning that
de-referencing a type-punned pointer will break strict-aliasing
rules, which is turned into an error by our WARNS setting.

Instead, change the "num" field in _opt_crypt_t from size_t to int, and
get rid of the now-redundant casts.
2009-01-24 12:51:11 +00:00
he 99bb07565a Print size_t values using %zd printf format, not %d. 2009-01-24 12:07:44 +00:00
wiz 58b2161948 Sort options in usage. 2009-01-24 10:43:47 +00:00
wiz a8e14ecee0 Sort options. New sentence, new line. 2009-01-24 10:43:38 +00:00
wiz 86a90d6c4e Sort options. 2009-01-24 10:42:31 +00:00
agc df41ea2ee2 Add the build glue and sets information for the libopenpgpsdk library, and
the openpgp binary.
2009-01-24 01:15:24 +00:00
agc ea48522368 Forgot a file in big commit from yesterday:
when matching userid, cheecck if the given userid has a '@' in it.
If so, treat it as an email address, and search for a case-insensitivee
match for the text in between '<' and '>' delimiters.

Otherwise, look for a case insensitive match on the full name.
2009-01-23 17:30:52 +00:00
tteras e9d216a40d Update usage and manpage for racoonctl. 2009-01-23 11:44:08 +00:00
tteras c6d64c37e0 Racoon -v to print version and compilation information. Update usage
message.
2009-01-23 11:28:27 +00:00
tteras 1f949d3b6c Update NEWS with major changes since 0.7 release. 2009-01-23 09:40:56 +00:00
tteras 731a29e03b Fix monotonic scheduler change, to not refresh 'now' before exit. Otherwise
we can return negative timeout after spending time handling other events.
2009-01-23 09:10:13 +00:00
tteras 7bc9f9e4ee From Arnaud Ebalard:
Handle reception of MIGRATE message during Phase 1 and Phase 2 negotiation.
Also corrects some debugging statements.
2009-01-23 08:32:58 +00:00
tteras b9ba86c968 From Arnaud Ebalard:
On the responder (for instance), there is a need to not only migrate local
and remote addresses of Phase 1 that match previous addresses but also
the local and remote addresses of a Phase 1 *associated* with a migrated
Phase 2. For instance, we have that need when receiving the first
MIGRATE/KMADDRESS message because the old addresses are still the HoA and
the address of the HA (while the peer has contacted us using the CoA and
we have negotiated this address as src attribute in Phase 2). The patch
fixes that by having migrate_ph1_ike_addresses() called from
migrate_ph2_ike_addresses() callback.
2009-01-23 08:29:34 +00:00
tteras 54bcc916f5 From Arnaud Ebalard: Set phase2 spid when acting as responder. 2009-01-23 08:27:24 +00:00
tteras 5d5e4e2fa3 Detect if monotonic system clock is available, and use it for relative
time measurements to avoid complite hang if time jumps backwards.
2009-01-23 08:25:06 +00:00
tteras 49c6438a45 Fix authentication method ambiguity by internally using unique ID and
setting/interpreting the wire format based on received vendor ID:s. Fixes
trac #280.
2009-01-23 08:23:51 +00:00
tteras 69697b4655 Introduce vendorid bitmask that can be used otherwhere to detect peer
capabilities.
2009-01-23 08:06:56 +00:00
tteras 2b7d4cd554 Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.
2009-01-23 08:05:58 +00:00
agc 0306a7c61f Massive overhaul of openpgp.c, the driver program for the openpgpsdk
library.

A good signature verification now shows the filename, time of signing,
and the public keys of the signatories.

Made the interface much more standard by using any argv components after
the options have been parsed to indicate files, rather than a single
--file=filename long option.

Get rid of all assert() calls in the program - dumping core when an
argument is missing is a trifle uncompromising.

When matching userids, if the given userid contains a '@' character,
consider all characters from the rightmost '<' to the terminating
'>' of the file-based userid to be an email address. If there's no
'@' character, consider the given name as a real name, and match
from the start of the file-based userid. All comparisons are done
using case-insensitive searching. I'll consider implementing regexp
matching when enough chocolate bribes are received.

Rework the internals to call a major internal function, rather than doing
everything in main().

Run the results of all this through indent, since the current sources
bear little resemblance to what went before.
2009-01-23 06:07:18 +00:00
agc d0750f9b83 Convert another commented out printf() to a debugging statement 2009-01-22 01:46:51 +00:00
agc 29726fdfea When reading a keyring, often the failure of the initial limited_read_mpi()
when parsing a DSA signature means that we've reached the end of the keyring,
so only print out the annoying error message if we're debugging.
2009-01-22 01:45:59 +00:00
agc c785cc907d If the user hasn't passed the pass phrase in as a command line argument
(not such a great idea), use getpass() to get the passphrase.

Various debugging additions.

When verifying files, print out the file name which was verified, and exit
with either EXIT_FAILURE or EXIT_SUCCESS, depending upon the verification
result. This still needs to be reworked to print out the signatory to the
file, and the date of signing.
2009-01-22 01:43:35 +00:00
agc d26c2431dd Don't rely on a convenience macro when expanding a macro definition. 2009-01-22 01:01:47 +00:00
agc dba5f8d52a When listing keys, if a key ring has been specified, list the keys in
that key ring.  If no key ring has been specified, list the keys in
the default public key ring, rather than dying with a usage message.
Matches gpg behaviour, and stops openpgp violating the POLA.
2009-01-22 00:59:12 +00:00
agc da7f9470ea Convert commented out printf() statements into proper debugging statements 2009-01-22 00:56:13 +00:00
agc 67c903aedc Add more debugging information 2009-01-22 00:55:15 +00:00
lukem 0e88dfdc76 do the PRINTOBJDIR dance to find the (potentially uninstalled) library
in ../lib  (just like we do many other apps)
2009-01-22 00:22:20 +00:00
lukem 9b100d5b4e don't need LDADD here; LIBDPLIBS does the right thing 2009-01-22 00:20:58 +00:00
lukem 87e4630751 descend into lib first 2009-01-22 00:13:19 +00:00
lukem b8a38f2310 update paths 2009-01-22 00:01:52 +00:00
agc b3b80bc7d6 Fix a typo when printing the type of trust 2009-01-21 22:29:04 +00:00
agc bbfe341047 gmtime(3) returns a pointer to a struct tm with a month value in the
range [0,11], so add 1 to this to get a useful value for human
interpretation.
2009-01-21 20:17:14 +00:00
agc 1dbcf9a927 Avoid leaking storage in one function.
Set USE_FORT to yes, and fix the fallout.
2009-01-21 15:35:00 +00:00
agc c80363d779 WARNS=4 (w00t, no changes necessary) 2009-01-21 07:08:10 +00:00
agc 644e4c1f7f Build the openpgpsdk library with WARNS=3 2009-01-21 05:48:56 +00:00
agc 1cf88afccb Fix WARNS=2 warnings (shadow vars again), but don't switch WARNS=2 on for
the application, since WARNS=2 includes fatal warnings when linking, and we
get a warning about IDEA being a patented algorithm.
2009-01-21 03:37:12 +00:00
agc 6dfd9b1804 WARNS=2 for the library build 2009-01-21 03:32:08 +00:00
agc 5bc2794550 WARNS=2 (mainly shadow variable declarations) 2009-01-21 03:31:22 +00:00
agc 2626a640dd Previously debugging information seems to have been output by editing a
static variable and recompiling. Make this a bit more dynamic, adding a
--debug "filename" argument to the application, and by using a filename-
based debug framework to replicate previous behavior. Multiple filenames
can be provided.

In addition, add more debugging information by printing out the human
values of signature type and key algorithm when parsing packets.
2009-01-21 01:32:54 +00:00
agc 84ce5f6759 Restore the exit semantics of the original. If success, the exit code is
EXIT_SUCCESS. If failure, exit code is EXIT_FAILURE. (Duh). If an error
has occurred, use an exit code of 2.
2009-01-21 01:27:55 +00:00
agc 4442e07493 Add the dependent libs to the openpgpsdk library itself, rather than making
any program that uses the library specifically add them.

Install header files in the appropriate place
2009-01-20 19:48:23 +00:00
agc f6ab492fbf Use EXIT_* error codes rather than numeric constants 2009-01-20 19:46:08 +00:00
agc 35a399083a Get rid of a file that's not used 2009-01-20 19:44:42 +00:00
agc c86c75ce57 Add a subdir Makefile to descend into openpgpsdk 2009-01-20 19:42:56 +00:00
agc 68d230573c The openpgp application breaks its own abstraction rules by including a
header file that is meant to be local, so that it can access the content
type of a packet. This change uses an accessor function to find the packet
content type.
2009-01-20 16:58:09 +00:00
tteras 2b68c3a06a Autogenerate ChangeLog from NetBSD CVS. Put sourceforge.net changes to
ChangeLog.old.
2009-01-20 14:36:07 +00:00
agc 0055cf2b60 Add a reachover framework for the openpgp application as well. 2009-01-20 07:50:54 +00:00
agc d4beb7925c Remove duplicated functions 2009-01-20 07:35:26 +00:00
agc e4f17bf621 Also make shared lib 2009-01-20 07:34:42 +00:00
agc cba3672b08 Add a README file, derived form external/src/README, to describe the contents
of the tree rotted at this directory.
2009-01-20 07:15:30 +00:00