verify functionality was useful, but the time has come to learn lessons
and move on.
Replace the trimmed down code with a call to the verification code from
libnetpgp(3).
The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.
If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.
This fixes DSA signatures with netpgp:
% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%
change the pre-defined stdio streams to be denoted by "<stdout>" and
"<stderr>", to distinguish them from file names.
In netpgpkeys(1), send the default "res" (results) stream to stdout,
rather than stderr. Requested by Anon Ymous (and makes perfect sense).
the event that a reference to the value is passed to the
netpgp_setvar() function as the new value. Problem noted, cause
detected, and most of the fix contributed by, Anon Ymous. Thanks!
get rid of all traces of dmalloc - it's not used anymore. we can now g/c
initialisation functions which do not do anything.
also get rid of the pkeyid() functions, which just prints a
hexadecimal string
a detached armoured signature, as well as just a plain standard signed
file.
This is in response to PR 43245 from Juan RP, and addresses the
verification of detached armoured signatures, but in a different way
to the patch provided in the PR which is hopefully more generic, and
less reliant upon size of detached signature files.
in our SSH client and daemon as it causes crashes on architectures which
strict aligment requirements (e.g. NetBSD/sparc64).
This fixes PR bin/43221 by myself.
Changes to 3.99.1/20100413
+ bump major command versions to be compatible with shlib major
+ fixed a number of bugs in (RSA) key generation
+ modified netpgpkeys(1) to take an optional argument to --generate-key
if the argument is provided, it is used as the equivalent of the gecos
field for the newly-generated key.
BIGNUM fields - part of long-standing bug inherited from openpgpsdk.
Part of the fix for PR 42435 from Jukka Ruohonen.
Also pass the desired hash algorithm down, so that SHA1 is no longer
hardcoded.
handshake_dgst[] may be used without being allocated, causing NULL
pointer dereference.
Fix by checking that handshake_dgst is not NULL before use.
Reported to openssl as ticket openssl.org #2214.
Fix tested on netbsd-5 by Luke Mewburn with apache, and by me with
freeradius (fixing segmentation fault in both cases).
