Commit b527ef4e authored by Niels Möller's avatar Niels Möller
Browse files

*** empty log message ***

Rev: ChangeLog:1.450
Rev: doc/TODO:1.123
parent 2c5a6003
2002-01-14 Niels Mller <nisse@cuckoo.hack.org>
* src/spki.c (spki_hash_sexp): Bugfix, don't hash the data once.
Bug reported by Werner Koch.
* src/sexp_parser.c (sexp_parse): Added advanced-hex syntax, as an
alias for the ordinary (but not implemented) advanced syntax.
* src/sexp.c: Added new format "advanced-hex" that uses hex
instead of base64.
(encode_hex): New function.
* src/rsa_keygen.c (rsa_generate_key): Renamed key type to
"rsa-pkcs1".
* src/rsa.c: Use nettle's rsa implementation. Deleted support for
rsa-md5. Needs some more cleanup.
* src/publickey_crypto.h: Moved rsa-related declarations here.
* src/rsa.h: rsa.h is now obsolete.
* src/lsh.c (read_user_keys): Added ATOM_RSA_PKCS1.
* src/server.c (read_host_key): Likewise.
* src/format.c (format_hex_string): Export this function.
* src/atoms.in: Added "rsa-pkcs1".
* src/algorithms.c (all_signature_algorithms): Deleted support for
rsa-md5.
2002-01-13 Niels Mller <nisse@cuckoo.hack.org>
* configure.in (lsh_cv_c_attribute): Consider __FUNCTION__ broken
in gcc-3.
2002-01-09 Niels Mller <nisse@cuckoo.hack.org>
* src/dsa.c (dsa_hash): Don't call sha1_final.
......
......@@ -120,18 +120,18 @@ inconsistent.
RANDOMNESS
Get a decent source of random (the current version will fall back to a
really poorly seeded generator if /dev/urandom is not available). Two
main alternatives are Werner Koch's code in GnuPG, and Peter Gutmann's
libcrypt. Even on systems with /dev/random, it might be suboptimal to
use it directly.
Look at prngd,
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
(recommended by Oystein Viggen <oysteivi@tihlde.org>), and perhaps
also at egd.
SPKI ISSUES
Use the name "rsa-pkcs1" consistently for all keys, and perhaps
include the name of the hash function in the signature objects.
DENIAL OF SERVICE
Implement some limit on the amount of data that may be buffered for
......@@ -453,3 +453,15 @@ RANDOM_POLL_BACKGROUND.
: 3. it tries to waitpid the process created in 1, but it's no longer
: the parent of that process, so waiting fails.
When a forwarding created with lshg -L ... goes down (at the local
end, I think), the channel is not taken down properly, and there are a
lot of "lsh: write_buffer: Attempt to write data to closed buffer."
warnings by lsh:
: bash-2.03$ lshg: Exiting: Connection reset by peer
: lsh: write_buffer: Attempt to write data to closed buffer.
: lsh: write_buffer: Attempt to write data to closed buffer.
To fix this, we must put some resources on the lsh's
gateway-connection's resource list, that closes the chained
connections.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment