GitLab

Thanks to George Kadianakis <desnacked@riseup.net> for the report.

It turns out it can't happen in the current code, as messagep
can't be NULL at this point if an error hasn't been flagged.
But still, better safe, in case something changes later.

Thanks to Paul Wouters <paul@cypherpunks.ca> for the report.

	* src/message.c: Returning proper gcry types to avoid
	compile warnings (detected on 64-bit environments).

Most imporantly, otrl_instag_get_new() wasn't returning the value it
computed!

	* AUTHORS:
	* README:
	* test_suite/
	* toolkit/otr_parse.c:
	* toolkit/otr_remac.c:
	* toolkit/parse.c:
	* toolkit/parse.h:
	* src/auth.c:
	* src/auth.h:
	* src/context.c:
	* src/context.h:
	* src/message.c:
	* src/message.h:
	* src/privkey.c:
	* src/privkey.h:
	* src/proto.c:
	* src/proto.h:
	* src/serial.h:
	* src/tests.c:
	* src/userstate.c:
	* src/userstate.h: More changes for instance tags (Rob Smits).

2009-06-11:

	* src/auth.c:
	* src/auth.h:
	* src/context.c:
	* src/context.h:
	* src/context_priv.h:
	* src/message.c:
	* src/message.h:
	* src/privkey.c:
	* src/privkey.h:
	* src/proto.c:
	* src/proto.h:
	* src/serial.h:
	* src/tests.c:
	* src/userstate.c:
	* src/userstate.h: Core instance tag functionality (Lisa Du).

2009-04-28:

	* src/auth.c: pubkey_type should be shifted by 8, not 16.  It
	doesn't matter right now, because it's always 0, but still.
	(Thanks to Can Tang.)

2008-08-15:

	* src/Makefile.am:
	* src/context.c:
	* src/context.h:
	* src/context_priv.c:
	* src/context_priv.h:
	* src/message.c:
	* src/message.h:
	* src/proto.c:
	* src/proto.h: Willy Lew's updates of the libotr API

2008-08-06:

	* src/proto.c: gcc 4.2 with -O2 assumes that integer overflow

	Support for applications requesting an extra session key
	that can be used for things like file transfers.

	* message.c:
	* dh.h:
	* dh.c: Support for applications requesting an extra session key
	that can be used for things like file transfers. (Almost done.)

	* version.h: Change version number to 4.0.0 (but still far from
	release).

	* tlv.h:
	* proto.h:
	* proto.c:
	* message.h:
	* message.c:
	* dh.h:
	* dh.c: Support for applications requesting an extra session key
	that can be used for things like file transfers.

	* message.h:
	* message.c: Applications now use the handle_smp_event callback
	to handle SMP events, rather than having to hardcode part of the
	SMP state machine themselves.

	* UPGRADING: Update documentation.

	* README:
	* toolkit/*.[ch]:
	* src/*.[ch]: Update copyright dates to 2004-2008.

	* src/tlv.h: Add new OTRL_TLV_SMP1Q TLV type to indicate an
	instance of the first SMP message, with an explicit question.

	* src/sm.h:
	* src/sm.c: More carefully track the progress of the SMP using a
	new smp_prog_state field.  Also keep track of whether Bob
	received an explicit question from Alice using a new
	received_question field.

	* src/message.c: Handle explicit questions for the SMP.

	* src/message.c: Behave better if an SMP message fails
	verification.

	* README:
	* configure.ac:
	* src/version.h: Update version number to 3.2.0.

	* src/sm.c:
	* src/message.c: ISO C cleanups (no mixing declarations with
	code)

	* src/sm.c: Fixed a 64-bit pointer error

	* src/message.c: Fix a typo, thanks to Anton Blanchard
	<anton@samba.org>.

	* src/message.c: Use the gone_secure callback instead of the
	still_secure callback if the other side changes its fingerprint.

	* src/auth.h:
	* src/auth.c:
	* src/message.c: Ensure version 2 AKEs are always done with
	fresh D-H parameters.

	* src/proto.h:
	* src/proto.c:
	* src/message.c: Add a "flags" field to the version 2 Data
	Message, which can indicate that the Data Message should be
	ignored if unreadable (as opposed to displaying an error).

	* toolkit/parse.h:
	* toolkit/parse.c:
	* toolkit/otr_parse.c:
	* toolkit/otr_remac.c: Deal with the new kind of Data Message.

	* src/context.h:
	* src/context.c: Added protocol_version as an explicit field in
	the ConnContext.

	* src/message.h:
	* src/message.c: protocol_version no longer needs to be
	explicitly passed to the gone_secure() and still_secure()
	callbacks.

	* Protocol: Added section describing fragments.

	* src/proto.h:
	* src/proto.c (otrl_proto_fragment_accumulate):
	* src/context.h:
	* src/context.c (new_context, otrl_context_force_setup): Keep
	track of fragments in the ConnContext structure.

	* src/message.c (otrl_message_receiving): Handle fragments in
	received messages.

	* src/message.h:
	* src/message.c: Move ops to be the first param of
	new_fingerprint, as it is with all the other callbacks.

	* src/context.h:
	* src/context.c (otrl_context_set_preshared_secret):
	* src/dh.h:
	* src/dh.c (otrl_dh_session, otrl_dh_cmpctr):
	* src/message.h:
	* src/message.c (otrl_message_sending, send_or_error, process_kem)
	(otrl_message_receiving, otrl_message_disconnect):
	* src/privkey.h:
	* src/privkey.c (otrl_privkey_hash_to_human):
	* src/proto.h:
	* src/proto.c (otrl_proto_create_data):
	* src/tlv.h:
	* src/tlv.c (otrl_tlv_new, otrl_tlv_parse): Add missing "const"s.
	* src/tlv.c (otrl_tlv_new, otrl_tlv_parse, otrl_tlv_seriallen)
	(otrl_tlv_serialize): Add missing "const"s.

	* README:
	* configure.ac:
	* packaging/fedora/libotr.spec:
	* src/version.h: Change version to 3.0.0

	* Protocol: Clarify that, if the user requests to see the secure
	session id in the middle of the conversation, the value
	displayed should be the one calculated at the time the private
	connection was established (the last Key Exchange Message that
	caused a rekeying), _not_ the DH secure id calculated from DH
	keys in more recent Data Messages.

	* libotr.m4: Have the version check require an exact match on
	the major version, since, for example, source that expects
	libotr 2.0.0 won't work with libotr 3.0.0.

	* libotr.m4: Add #include <stdlib.h> to the version test so that
	it compiles cleanly with -Wall -Werror.

	* src/proto.c:
	* src/dh.h:
	* src/dh.c:
	* src/context.h:
	* src/context.c: Save the secure session id so that it can be
	displayed to the user upon request, instead of only when the
	private session is initially set up.

	* src/privkey.c:
	* src/context.h:
	* src/context.c: Allow the app to set a "trust level" for
	fingerprints.  This is an arbitrary string, intended to indicate
	whether (or possibly by what means) the user has verified that
	this fingerprint is accurate.

	* src/context.h:
	* src/context.c: Allow the app to set an arbitrary binary
	"preshared secret" for the ConnContext.  This is currently
	unused, but in the future it would allow for users to exchange a
	secret _before_ they generate their fingerprints.  [But the
	protocol would have to be extended to support this.]

	* src/message.h:
	* src/message.c: Remove the "confirm_fingerprint" callback
	which requires the user to acknowledge the new fingerprint
	before it can be used.  Replace it with a "new_fingerprint"
	callback which merely informs the user that a new fingerprint
	has been received.