the event that a reference to the value is passed to the
netpgp_setvar() function as the new value. Problem noted, cause
detected, and most of the fix contributed by, Anon Ymous. Thanks!
get rid of all traces of dmalloc - it's not used anymore. we can now g/c
initialisation functions which do not do anything.
also get rid of the pkeyid() functions, which just prints a
hexadecimal string
a detached armoured signature, as well as just a plain standard signed
file.
This is in response to PR 43245 from Juan RP, and addresses the
verification of detached armoured signatures, but in a different way
to the patch provided in the PR which is hopefully more generic, and
less reliant upon size of detached signature files.
in our SSH client and daemon as it causes crashes on architectures which
strict aligment requirements (e.g. NetBSD/sparc64).
This fixes PR bin/43221 by myself.
Changes to 3.99.1/20100413
+ bump major command versions to be compatible with shlib major
+ fixed a number of bugs in (RSA) key generation
+ modified netpgpkeys(1) to take an optional argument to --generate-key
if the argument is provided, it is used as the equivalent of the gecos
field for the newly-generated key.
BIGNUM fields - part of long-standing bug inherited from openpgpsdk.
Part of the fix for PR 42435 from Jukka Ruohonen.
Also pass the desired hash algorithm down, so that SHA1 is no longer
hardcoded.
handshake_dgst[] may be used without being allocated, causing NULL
pointer dereference.
Fix by checking that handshake_dgst is not NULL before use.
Reported to openssl as ticket openssl.org #2214.
Fix tested on netbsd-5 by Luke Mewburn with apache, and by me with
freeradius (fixing segmentation fault in both cases).
from http://www.openssl.org/news/secadv_20100324.txt:
"In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL".
+ make subkey sigs available by hkp as well as on the command line
+ use the sketchily-defined vindex option to the hkp protocol to
return the subkey signature information
+ add a netpgp_unsetvar() function as a corollary to netpgp_setvar()
+ use a variable name of ''subkey sigs'' to denote that subkey
signatures should be returned with the pubkey uids
+ add a man page for hkpd(8)
+ add support for ipv6 as well as ipv4. individual families can be specified
on the command line using the -f argument. default to inet4 and inet6.
+ rationalise the process of getting a socket and binding to it for hkpd.
+ add functionality to parse basic signature subkeys
+ in doing so, add expiration of keys
+ at the same time, add revocation of keys
+ recognise the primary user id, and use it when displaying user ids
+ recognise self signed keys and subkeys
+ rework the indentation of output
+ add the --list-sigs [userid] option to netpgpkeys(1)
+ use memcmp(3) rather than strcmp(3) when checking binary user ids to
be exported
+ add expiration display to subkey signature output
+ update libnetpgp library version major number to 3
Changes to 1.99.20/20100304
+ move args to some functions around to be consistent
+ use uint*_t where appropriate
+ fix bug in verify memory
+ add documentation to manual pages to show how to do combined
signing/encryption and decryption/verification
+ make verification of ascii-armoured memory work the same as binary
+ eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc
PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for
newer linux platforms with glibc 2.10.1. solved a bit differently, by
implementing strdup(3) and strcasecmp(3) independently, and using regexps
to avoid calling strptime(3).
discontinued draft for hkp servers, in lieu of any official rfc.
the post method for adding keys to the server has not been implemented.
not until i've gone through all of the implications, anyway.
hkp servers serve up pgp public keys over http. the default port is 11371,
but it can be any port, specifiable at run time. whilst this hkpd will
return valid html to browsers, it is aimed at the ''machine readable''
side, using the ''&options=mr'' option to the http get string.
this hkpd server will get hooked into the build at a later date.
+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
+ make the singular of time units read correctly
+ print decryption key info properly when prompting for passphrase
small steps, but lots of them - this is the first one.
+ print out the correct key information when signing files and memory.
what used to be printed out was the copy of the public key which is
stored as part of the private key(!). does not address the info shown
when decrypting, since that is done in a different way, by callback.
this whole part needs to be re-written, but will have to wait for two
good hands.
Changes to 1.99.17/20100208
+ get rid of last 2 static variables - use the __ops_printstate_t struct
passed down, and add the indent variable here too
+ get rid of 3 occurrences in reader.c where an automatic buffer was
addressed (as part of a subsequent callback) by a struct field from
a calling scope, and only valid within the callback. Found by
Flexelint and phk - many thanks.
+ print filename/"memory" when time problems occur when validating signatures
+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature
commands with no file arguments, as input will now be taken from stdin,
and output will go to stdout, if no file arguments are given on the
command line.
+ some ssh host keys do not have the username of the generator included
in the key itself. If there is no username in there, create one.
+ added netpgp_encrypt_memory() and netpgp_decrypt_memory()
+ overhaul netpgp(1) to work with stdin/stdout if no filenames specified:
% netpgp --encrypt < a | netpgp --decrypt > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
% diff a b
% ls -al a b
-rw-r--r-- 1 agc agc 15243 Dec 20 08:55 a
-rw-r--r-- 1 agc agc 15243 Dec 21 17:15 b
%
% netpgp --sign < a | netpgp --cat > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
Good signature for <stdin> made Mon Dec 21 18:25:02 2009
using RSA (Encrypt or Sign) key 1b68dcfcc0596823
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
%
+ add explanations of memory-based operations to manual pages
Apart from infrastructure changes, there are the following functional ones:
+ Update to version 20091210
+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.
+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library
+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library
+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file
+ autoconf infrastructure changes
+ take a hammer to the _GNU_SOURCE definitions problems
+ don't rely on strnlen(3) being present everywhere
