Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
185,969 Commits 606 Branches 0 Tags 3.1 GiB
d6c0ee4fff
Commit Graph

252 Commits

Author SHA1 Message Date
agc
d6c0ee4fff One more thing in the "Done" section - add ssh host keys 2009-12-05 07:21:07 +00:00
agc
561d2d6ad0 Add new files into netpgp lib 2009-12-05 07:17:29 +00:00
agc
91c29c7450 Add the ability to use ssh host keys (on the fly) to provide RSA keys. 
These keys can be used in the same way as normal PGP keys - to sign, verify,
encrypt and decrypt files and data.

	% cp configure a
	% sudo netpgp --ssh-keys --sign --userid 1e00404a a
	Password:
	pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
	Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
	% sudo chmod 644 a.gpg
	% netpgp --ssh-keys --verify a.gpg
	netpgp: default key set to "C0596823"
	can't open '/etc/ssh/ssh_host_rsa_key'
	Good signature for a.gpg made Fri Dec  4 23:04:36 2009
	using RSA (Encrypt or Sign) key 040180871e00404a
	pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
	Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
	uid              osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
	% uname -a
	NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.20 NetBSD 5.99.20 (ISCSI) #0: Wed Oct  7 17:16:33 PDT 2009  agc@osx-vm1.crowthorne.alistaircrooks.co.uk:/usr/obj/i386/usr/src/sys/arch/i386/compile/ISCSI i386
	%

The ssh host keys do not need to be manipulated in any way - the information
is read from existing files.
 2009-12-05 07:08:18 +00:00
christos
4ab80ffe22 Disable SSL V3 session renegotiation since the protocol parameters of the 
old session are not cryptographically tied to the new session ones.
NB: Applications that require session re-negotiation will fail after this
update.
 2009-12-03 23:44:33 +00:00
agc
7d576ad983 Add python bindings for netpgp, via swig. 
When using python, always add the dumb symbolic link to the library name.
 2009-12-02 00:32:06 +00:00
agc
e5e6e15318 Re-instate perl taint checking by re-defining the possible taint check in 
swig. Fix a bug whereby the generated shlib_version file got appended to,
rather than rewritten.
 2009-12-01 20:44:50 +00:00
agc
f17a59eb6a Turns out that swig and tainted don't play well together - perl has no way 
of knowing whether the memory will be modified. For now, the gross hack is
to switch off tainting
 2009-12-01 08:02:50 +00:00
agc
e1d61885e2 Add language bindings for tcl and perl 2009-12-01 06:43:57 +00:00
agc
6b13238156 Use the right field for the prefix 2009-12-01 06:33:31 +00:00
agc
e502623fdd Add a swig interface file, and a wrapper script, for calling swig for 
various language bindings for netpgp.
 2009-12-01 05:19:51 +00:00
agc
b4d6642e10 Recognise the hash algorithm in a case-insensitive manner. 2009-12-01 02:36:32 +00:00
agc
f8429fa3c9 Remove vestiges of debugging 2009-11-20 15:23:37 +00:00
agc
33ee8138ba When writing an ascii-armoured message, push the linebreak writer onto 
the write function stack for the body of the message as well as the
headers.

This means that an ascii-armoured signed file created by netpgp conforms
to RFC 4880 (and 2440, thanks, moof[1]), and can be verified by gpg now, as
well as netpgp.

[1] Are there any other RFCs which are superceded by their double?
 2009-11-20 15:21:18 +00:00
agc
632dc3ac9b Unbreak the creation of ascii-armoured signatures. 
Add automatic detection of ascii-armoured signatures.

Add tests for same - with small and large source files.
 2009-11-20 07:17:07 +00:00
agc
ad7bc21d21 Commit some changes that have been in a private tree for a while: 
+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions
 2009-11-19 21:56:00 +00:00
agc
a2dd3398cd Add 'a' and 'a.sig' to CLEANFILES - from Marc Balmer 
Wrap long lines
 2009-10-19 05:17:46 +00:00
agc
5ea8497ecf Use LD_LIBRARY_PATH to manage the library path, and don't try to second 
guess from the lua driver program
 2009-10-19 01:07:08 +00:00
agc
9470081fd3 Use a lua for loop in preference to a while and increment in the lua 
example code - suggested by Marc Balmer.

	% make USETOOLS=no t
	cp Makefile a
	./netpgp.lua --sign --detached a
	netpgp: default key set to "C0596823"
	pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
	Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
	uid              Alistair Crooks <agc@netbsd.org>
	uid              Alistair Crooks <agc@pkgsrc.org>
	uid              Alistair Crooks <agc@alistaircrooks.com>
	uid              Alistair Crooks <alistair@hockley-crooks.com>
	netpgp passphrase:
	-rw-r--r--  1 agc  agc  287 Oct 17 15:58 a.sig
	./netpgp.lua --verify a.sig
	netpgp: default key set to "C0596823"
	netpgp: assuming signed data in "a"
	Good signature for a.sig made Sat Oct 17 15:58:09 2009
	using RSA (Encrypt or Sign) key 1b68dcfcc0596823
	pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
	Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
	uid              Alistair Crooks <alistair@hockley-crooks.com>
	uid              Alistair Crooks <agc@pkgsrc.org>
	uid              Alistair Crooks <agc@netbsd.org>
	uid              Alistair Crooks <agc@alistaircrooks.com>
	%
 2009-10-18 07:23:37 +00:00
agc
1f8267516a Minor changes to find lua glue library, and to set the home directory on 
the correct C/Lua structure
 2009-10-18 07:17:28 +00:00
agc
606ee0c668 Link in the netpgp shared library to the lua glue library 2009-10-18 07:15:43 +00:00
agc
faff2f64a8 Create .so from the lua interface library 2009-10-18 07:14:55 +00:00
agc
829fc7a59b Minor renaming of lua array 
Zero allocated storage after return from lua_newuserdata()
 2009-10-18 07:14:19 +00:00
joerg
37ee8ee594 Don't use .Xo/.Xc to work around ancient groff limits. 2009-10-14 17:33:20 +00:00
agc
eb8043c766 Add lua language bindings for netpgp 2009-10-12 02:55:46 +00:00
agc
0aa9bcca65 Add some checks for return value from allocation routines 2009-10-09 06:02:55 +00:00
agc
7affbacab9 More checking of allocation return values where not already done. 
Revamp hash initialisation to return a success/failure error code.

Document places where we prefer to continue with a NULL buffer,
rather than silently continue with possibly erroneous results.
 2009-10-07 16:19:51 +00:00
agc
e82f21eb7a More checks for the return value from memory allocation. 2009-10-07 04:56:51 +00:00
agc
83cfb9deb0 Clean up some Flexelint (issues pointed out by phk - many thanks!). 
Also make sure the return value for each memory allocation is checked - this
is still a WIP.
 2009-10-07 04:18:47 +00:00
agc
57036e7063 More Flexelint cleanup from issues pointed out by phk - thanks! - just easy 
low-hanging fruit for now.
 2009-10-06 05:54:24 +00:00
agc
b491010d02 More Flexelint cleanup from phk - many thanks! - low-hanging fruit for 
just now.
 2009-10-06 03:30:59 +00:00
agc
1603af0219 Clean up more Flexelint, from phk - many thanks! - just low-hanging fruit 
for just now.
 2009-10-06 02:46:17 +00:00
agc
814ccb85bf Clean up Flexelint warnings - from phk, many thanks - just low-hanging 
fruit for just now.
 2009-10-06 02:39:53 +00:00
agc
5a83dba05a More Flexelint fixes from phk - just low-hanging fruit for just now - 
many thanks!
 2009-10-06 02:26:05 +00:00
agc
3574ef6dec Get rid of some lint-style issues - pointed out by Poul-Henning Kamp 
and FlexeLint (many thanks!)
 2009-10-04 21:58:25 +00:00
agc
e8be961ca7 Get rid of multiple prototypes - pointed out by Poul-Henning Kamp and 
FlexeLint (many thanks!)
 2009-10-04 21:57:09 +00:00
agc
f462900c00 const poisoning - pointed out by Poul-Henning Kamp and FlexeLint (many 
thanks!)
 2009-10-04 21:55:55 +00:00
dyoung
40ca2d34bc Delete trailing whitespace. 2009-08-17 22:58:28 +00:00
christos
13492ada53 This code is really broken. It allocates struct sockaddr on the stack 
and expects to work with IPV6. Tell the hints that we only want IPV4
for now, so that we don't try to bind to an IPV6 address as returned
by getaddrinfo, and then we bash in V4 in the family!
jeez
 2009-08-15 01:25:54 +00:00
christos
e70d1f0896 don't try to free a buffer that came from the arguments, make a copy instead. 
This can happen if we specify --port
 2009-08-15 01:03:03 +00:00
christos
bb8cb2851b resolve conflicts 2009-08-05 18:38:21 +00:00
christos
86adef1b84 import 20090805 snapshot. 2009-08-05 18:31:57 +00:00
joerg
15895248c1 Use OpenSSL's SHA256 support directly. 2009-08-03 20:56:25 +00:00
mrg
03f1126058 set SSHDIST to the new location. HI CHRISTOS! 2009-07-21 00:47:23 +00:00
christos
d7ed66ca45 make tests compile! 2009-07-20 20:41:05 +00:00
christos
75efea6592 bump libcrypto and friends; OpenSSL abi change: do_cipher last argument 
changed from u_int to size_t. Affects _LP64 only.
 2009-07-20 17:30:52 +00:00
christos
35bdca4d17 use the proper libcrypto 2009-07-20 15:48:16 +00:00
christos
58e8878cb5 use the proper libcrypto 2009-07-20 15:43:51 +00:00
christos
9610bc301c make sha256/512 binary compatible with the libc version which we now use. 2009-07-20 15:34:49 +00:00
christos
c9c3cfbcf5 catch up with openssl's abi change. do_cipher length changed from u_int to 
size_t.
 2009-07-20 15:33:44 +00:00
christos
22505a154a add openssl 2009-07-19 23:44:20 +00:00