Commit Graph

373 Commits

Author SHA1 Message Date
agc
c1b0e8cc6b avoid another compiler warning 2010-06-01 06:07:56 +00:00
agc
b74565db46 remove an unused variable 2010-06-01 06:01:29 +00:00
agc
2ecd1d0a69 Update netpgp to 3.99.3
Changes since 3.99.2:
+ avoid possible free() of new value passed to netpgp_setvar(),
  with thanks to Anon Ymous.
+ netpgpkeys(1):  print keys to stdout, not stderr - reported by Anon
  Ymous.
+ fix DSA signatures and verification
+ simplify and shorten the internals of packet processing by getting rid of
  the intermediate pseudo-abstraction layer, which detracted from understanding
  and had no benefit whatsoever. Rename some enums and some definitions.
+ add some checking to new key generation, and don't try to read in
  the keys after writing them - reported by Tyler Retzlaff
2010-06-01 05:55:55 +00:00
agc
0e3d0b8191 make sure we have created a directory when generating a new key.
don't try to re-read the key after writing it - that's done by a separate
function. Problem found by Tyler Retzlaff, fixed in a different way.

check that keyrings are non-NULL before attempting to free them - from a
nudge by Tyler Retzlaff.
2010-06-01 05:22:38 +00:00
agc
9fc2904ac1 when cleaning up, don't try to free the public key which is part of the
secret key - shown up by Mac OS X malloc.
2010-06-01 03:19:26 +00:00
agc
806171a804 catch up with new structure for netpgpverify - from Tyler Retzlaff 2010-05-31 06:09:41 +00:00
agc
352d609304 WARNS=5 now 2010-05-25 01:06:41 +00:00
agc
d427c17d1e Simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enums and some definitions.
2010-05-25 01:05:10 +00:00
agc
2f931ff55c correct indentation - no functional change 2010-05-21 14:28:44 +00:00
agc
b70f7cde8e Protect against NULL pointers in key output in a different way - only
advance its counter if it's non-NULL.

Regression test for this is:

	netpgpkeys --list-key '\.de\>'

with my standard keyring (to list all keys which have at least one subuid
with a German email address).
2010-05-21 06:53:51 +00:00
agc
85e1ce333a avoid a duplicated error message 2010-05-20 14:43:42 +00:00
agc
8f036637a6 extend the resolve_userid() function to take a keyring, and use it for
functions which require a secret key as well.
2010-05-20 14:42:21 +00:00
agc
c2035aa4d5 add a static function to resolve the userid in one place, and start to use it 2010-05-20 00:36:31 +00:00
agc
9ec81417ee The experiment in keeping a separate, trimmed-down codebase for just the
verify functionality was useful, but the time has come to learn lessons
and move on.

Replace the trimmed down code with a call to the verification code from
libnetpgp(3).
2010-05-20 00:33:01 +00:00
agc
0eeb5498cc One more reason not to use DSA keys:
The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.

If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.

This fixes DSA signatures with netpgp:

% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid              Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid              Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%
2010-05-19 02:50:16 +00:00
agc
8755cbec2a When setting up res (results), errs (error) and outs (outputs) streams,
change the pre-defined stdio streams to be denoted by "<stdout>" and
"<stderr>", to distinguish them from file names.

In netpgpkeys(1), send the default "res" (results) stream to stdout,
rather than stderr. Requested by Anon Ymous (and makes perfect sense).
2010-05-16 06:48:52 +00:00
agc
b4f06d28e0 Avoid a possible overwrite of a value in the (key, value) array, in
the event that a reference to the value is passed to the
netpgp_setvar() function as the new value.  Problem noted, cause
detected, and most of the fix contributed by, Anon Ymous.  Thanks!
2010-05-16 06:21:14 +00:00
agc
37bb0457f6 fix a piece of lint 2010-05-16 02:46:25 +00:00
joerg
c0597ae815 RETURN VALUES -> EXIT STATUS 2010-05-14 17:27:35 +00:00
joerg
db8ff3b4ab Fix .Dd format. 2010-05-14 01:46:04 +00:00
joerg
5289091371 Fix date. Fix trailing whitespace. 2010-05-14 01:44:05 +00:00
jnemeth
ee8753142e Fix tunnelling (ssh -w). The kernel expects a device to be passed
to the socked, not a path.
2010-05-10 20:28:05 +00:00
agc
5111f71337 if the home directory does not exist, still set its value as a netpgp
variable, as the netpgpkeys(1) program, for one, will try to create the
home directory if it does not exist.

should fix PR 42435
2010-05-08 04:17:45 +00:00
agc
763a92f619 create the home directory, if it doesn't exist, in a slightly less opaque manner 2010-05-08 04:16:20 +00:00
agc
313fa53dd5 use the correct filed type for a size_t 2010-05-08 02:54:25 +00:00
agc
5c29ffdc5b regen for netpgp 3.99.2, 20100507 version 2010-05-08 02:45:45 +00:00
agc
3c1d4d3626 enumerate all the tests to see easily which ones failed.
add a test for signed armored detached signature and verification
2010-05-08 02:18:05 +00:00
agc
a6115c8c26 more uses of hexdump() rather than open-coded equivalents 2010-05-08 02:17:15 +00:00
agc
651dd2889a use hexdump() where possible.
get rid of all traces of dmalloc - it's not used anymore. we can now g/c
initialisation functions which do not do anything.

also get rid of the pkeyid() functions, which just prints a
hexadecimal string
2010-05-08 00:33:28 +00:00
agc
afcc02d5b5 use hexdump() function where appropriate.
change the way that we generate a detached signature file, so that ascii
armour is used if --armor is specified. addresses PR 43248 from Juan RP.
2010-05-08 00:31:07 +00:00
agc
c31f7586f7 minor cosmetic indentation fixes - no functional change 2010-05-08 00:27:08 +00:00
agc
026af9fa14 don't try to be too clever and guess the signature file name from the
raw data - just conform to expected practice, and only infer names if
given an ascii armoured detached signature, or a binary detached
signature.
2010-05-08 00:26:39 +00:00
agc
3c9ac68a81 not much point in defining a function to dump in hexadecimal if we don't
use it.
2010-05-08 00:24:47 +00:00
agc
2c8603b102 Sync with reality using patch provided by Juan RP in PR 43259. Thanks! 2010-05-07 16:29:09 +00:00
agc
24bfedc52f Don't rely on \r\n line endings when doing comparisons on strings for
the presence of ASCII armored signatures. Be consistent with the spelling
of certain transatlanticly-munged words.
2010-05-07 16:22:39 +00:00
agc
3644eb843e Overhaul the mechanism used to decide what is a detached signature, and
a detached armoured signature, as well as just a plain standard signed
file.

This is in response to PR 43245 from Juan RP, and addresses the
verification of detached armoured signatures, but in a different way
to the patch provided in the PR which is hopefully more generic, and
less reliant upon size of detached signature files.
2010-05-07 16:20:07 +00:00
agc
4a8a90f84b Remove a duplicate example - from Juan RP in private mail - thanks! 2010-05-07 05:58:25 +00:00
agc
3b87f49f1b refer to the key fingerprint, and show how to find it in normal output. 2010-05-07 05:55:46 +00:00
agc
9ce8176ea5 Make this compile with gcc 4.5 - patch from Juan RP in PR pkg/43244 2010-05-04 00:02:46 +00:00
wiz
45d13a5b07 Fix date strings. 2010-04-29 18:14:09 +00:00
tron
ed8d7a6df6 Don't mention "umac-64@openssh.com" MAC algorithm which is not enabled
in our SSH client and daemon as it causes crashes on architectures which
strict aligment requirements (e.g. NetBSD/sparc64).

This fixes PR bin/43221 by myself.
2010-04-29 17:56:53 +00:00
agc
902794345f update python bindings to work with newer library interface 2010-04-28 14:41:13 +00:00
agc
cc1edcab1c refresh the perl bindings to catch up with the changes in the library 2010-04-28 14:01:27 +00:00
wiz
5543ce710d Remove trailing whitespace; use standard section headers. 2010-04-14 08:14:26 +00:00
agc
67957bdf5e Update netpgp to version 3.99.1
Changes to 3.99.1/20100413

+ bump major command versions to be compatible with shlib major
+ fixed a number of bugs in (RSA) key generation
+ modified netpgpkeys(1) to take an optional argument to --generate-key
  if the argument is provided, it is used as the equivalent of the gecos
  field for the newly-generated key.
2010-04-14 06:31:23 +00:00
agc
a01ab05761 WARNS=4 fix for an unused arg 2010-04-14 06:23:37 +00:00
agc
8c81a236f7 add a test for RSA key generation 2010-04-14 06:22:55 +00:00
agc
dbd4d2db70 sync manual page with reality, catch up with key generation 2010-04-14 04:01:55 +00:00
agc
d10356af5f allow the user to pass the equivalent of the gecos information into the
key generation function.
2010-04-14 00:26:25 +00:00
agc
38beab948a get rid of a hardcoded test for the hash agorithm being SHA1, which was just
plain wrong these days.

don't duplicate functionality needlessly.
2010-04-14 00:25:10 +00:00