From: Andre Noll Date: Sat, 23 Nov 2019 17:20:21 +0000 (+0100) Subject: Merge branch 'refs/heads/t/ssh' X-Git-Tag: v0.6.3~33 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=0d1918752a18755bf701b82cf57fad79d9b18bc9;p=paraslash.git Merge branch 'refs/heads/t/ssh' A medium sized series which teaches both crypto backends about the RFC4716 key format, which has become the default for ssh-keygen as of openssh-7.8. Was cooking for almost a year. * refs/heads/t/ssh: manual: Instruct the user to create RFC4716 keys. openssl: Add support for RFC4716 keys openssl: Move get_private_key() down. gcrypt: Add support for RFC4716 private keys. crypt: Rename decoding functions. gcrypt: Introduce read_openssh_bignum(). gcrypt: Factor out read_pem_rsa_params(). gcrypt: Let read_bignum() return bits, not bytes. gcrypt: Let decode_key() return blob size through additional argument. gcrypt: Drop unnecessary arguments of decode_key(). --- 0d1918752a18755bf701b82cf57fad79d9b18bc9 diff --cc NEWS.md index eda654a6,55ef3be9..fd587fab --- a/NEWS.md +++ b/NEWS.md @@@ -1,26 -1,6 +1,28 @@@ NEWS ==== +---------------------------------------------- +0.6.3 (to be announced) "generalized activity" +---------------------------------------------- + +- The ff command now accepts a negative argument to instruct the + virtual streaming system to jump backwards in the current audio + stream. The old syntax (e.g., "ff 30-") is still supported but it + is deprecated and no longer documented. The compatibility code is + sheduled for removal after 0.7.0. +- para_afh: New option: --preserve to reset the modification time to + the value of the original file after meta data modification. +- Overhaul of the compress filter code. The refined algorithm should + reduce clipping. The meaning of --aggressiveness has changed, see the + updated and extended documentation of the compress filter for details. +- Cleanup of the audio format handler code. +- We now build the tree using the .ONESHELL feature of GNU make, + which results in a significant speedup. +- Two robustness fixes for FreeBSD. - ++- para_client now supports RFC4716 private keys as generated with ++ ssh-keygen -m RFC4716. In fact, this key format has been made the ++ default, and the former PEM keys will be depreciated at some point. + -------------------------------------- 0.6.2 (2018-06-30) "elastic diversity" -------------------------------------- diff --cc openssl.c index d11b1049,9782b5e2..5f04c845 --- a/openssl.c +++ b/openssl.c @@@ -57,31 -57,9 +57,11 @@@ void crypt_init(void void crypt_shutdown(void) { +#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA CRYPTO_cleanup_all_ex_data(); +#endif } - static int get_private_key(const char *path, RSA **rsa) - { - EVP_PKEY *pkey; - BIO *bio = BIO_new(BIO_s_file()); - - *rsa = NULL; - if (!bio) - return -E_PRIVATE_KEY; - if (BIO_read_filename(bio, path) <= 0) - goto bio_free; - pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); - if (!pkey) - goto bio_free; - *rsa = EVP_PKEY_get1_RSA(pkey); - EVP_PKEY_free(pkey); - bio_free: - BIO_free(bio); - return *rsa? RSA_size(*rsa) : -E_PRIVATE_KEY; - } - /* * The public key loading functions below were inspired by corresponding code * of openssh-5.2p1, Copyright (c) 1995 Tatu Ylonen , Espoo,