- Incompatible encrypted packet format change: payload and pad
sizes are sent in-bound in the encrypted stream. That gives ability to
streamingly create encrypted packets, without knowing sizes in advance,
without creating temporary file or buffer data in memory.
- Proper encrypted packet padding verification is done now. This is not
critical issue, but previously neither padding value, nor its size were
authenticated, giving ability to iteratively strip trailing bytes and
determine payload’s size by observing the reaction of the encrypted
nncp-exec loses its -use-tmp option, because of
streaming-compatible encrypted packets format.
nncp-exec commands have
-maxsize option, limiting maximal resulting encrypted packet’s
maximal size (returning error if it is exceeded). Could be useful,
because no payload size could be known in advance.