Browse source

Changelog

Query
From:
To:
Branch:
Path:
Message:
BugID:
User: +
Format:
: 12 checkins (+219/-75) by 2 people : 9 checkins (+129/-70) by 3 people : 6 checkins (+283/-7) by 2 people : 15 checkins (+369/-85) by 2 people : 13 checkins (+130/-54) by 5 people : 7 checkins (+85/-35) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 3 checkins (+45/-25) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 6 checkins (+166/-94) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 8 checkins (+128/-25) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 3 checkins (+81/-43) by 3 people : 3 checkins (+52/-30) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 17 checkins (+101/-140) by 3 people : 1 checkin (+27/-8) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 17 checkins (+273/-103) by 2 people : 30 checkins (+369/-244) by 2 people : 5 checkins (+199/-2) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 12 checkins (+44/-10) by 2 people : 8 checkins (+55/-142) by 2 people : 6 checkins (+30/-11) by 2 people : 3 checkins (+54/-14) by 2 people : 9 checkins (+74/-90) by 2 people : 38 checkins (+718/-787) by 2 people : 4 checkins (+37/-2) by 2 people : 3 checkins (+29/-13) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 5 checkins (+79/-37) by 3 people : 6 checkins (+201/-155) by 3 people : 19 checkins (+412/-347) by 3 people : 5 checkins (+25/-8) by 2 people : 16 checkins (+601/-248) by 3 people : 4 checkins (+56/-25) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 7 checkins (+177/-62) by 2 people : 9 checkins (+135/-45) by 2 people : 13 checkins (+775/-34) by 2 people : 16 checkins (+303/-176) by 2 people : 10 checkins (+95/-33) by 2 people : 5 checkins (+179/-3) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 6 checkins (+115/-55) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 24 checkins (+1136/-630) by 2 people : 8 checkins (+207/-53) by 2 people : 6 checkins (+658/-6) by 2 people : 17 checkins (+118/-163) by Martin Nilsson <nilsson@opera.com> Lines added/removed recently

Today; Thursday 24 April 2014

2014-04-24 19:57:37 (49 minutes ago) by Martin Nilsson <nilsson@opera.com>

Turn seq_num into an integer.

2014-04-24 19:46:42 (60 minutes ago) by Martin Nilsson <nilsson@opera.com>

Remove the backtrace mechanism in Alert.

2014-04-24 17:23:31 (3 hours ago) by Martin Nilsson <nilsson@opera.com>

Fixed comment.

2014-04-24 17:20:44 (3 hours ago) by Martin Nilsson <nilsson@opera.com>

Don't use our own PRNG. Some cleanup.

2014-04-24 17:15:10 (4 hours ago) by Martin Nilsson <nilsson@opera.com>

Using the nettle_dsa_params_init as 3.0 indicator appears safer to me than a compat header file.

2014-04-24 15:09:58 (6 hours ago) by Martin Nilsson <nilsson@opera.com>

Ignore new generated files.
Added prototypes to fix warnings.

Yesterday; Wednesday 23 April 2014

2014-04-23 21:54:06 (23 hours ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle.AEAD: Added framework for AEAD algorithms.

2014-04-23 13:58:18 (1 day ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Gmp: Complain louder when gmp is missing.

In some obscure cicumstances Gmp's configure can find a libgmp/gmp.h
combination that the C-code doesn't like. Make sure to complain
rather than to silently compile an empty Gmp module.

2014-04-23 13:40:52 (1 day ago) by Martin Nilsson <nilsson@opera.com>

Fixed some warnings

Tuesday 22 April 2014

2014-04-22 21:46:31 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Added the UMAC suite of MACs.

2014-04-22 21:28:37 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle.MAC: Typing changes.

Make it possible to skip the pike_* wrapper functions for *_set_key()
and *_set_nonce() where possible.

Also allows skipping the set_nonce() function altogether where not used.

2014-04-22 14:37:42 (2 days ago) by Martin Nilsson <nilsson@opera.com>

ASN1 Identifiers can be compared directly. Remove some DER indirections.

Monday 21 April 2014

2014-04-21 22:19:03 (3 days ago) by Martin Nilsson <nilsson@opera.com>

Rename DHParameters to Parameters to avoid name redundancy.

2014-04-21 20:52:32 (3 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Use Crypto.DH for Diffie-Hellman KEX.

Now that Crypto.DH.DHParameters exists, there's no need for
a custom copy in SSL.Cipher.

2014-04-21 20:18:02 (3 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle.POLY1305_AES: Fixed some typos.

set_iv() should now work as intended...

2014-04-21 19:45:49 (3 days ago) by Martin Nilsson <nilsson@opera.com>

Only check system time once per chain verification.

2014-04-21 19:36:27 (3 days ago) by Martin Nilsson <nilsson@opera.com>

I have no interest to debug deprecated and experimental cipher suites from unreleased version of SSL.
Verify that the root certificates can act as roots.

2014-04-21 19:35:04 (3 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle.DH_Params: Added C-code for Diffie-Hellman.

Crypto.DH.DHParams now uses Nettle.DH_Params if available.

2014-04-21 18:14:45 (3 days ago) by Martin Nilsson <nilsson@opera.com>

Simplified the reverse table creation.
Verify that the reverse tables (somewhat).

2014-04-21 18:11:21 (3 days ago) by Martin Nilsson <nilsson@opera.com>

Fixed an old OID typo.

2014-04-21 17:36:33 (3 days ago) by Martin Nilsson <nilsson@opera.com>

Added feature check for ChaCha20

2014-04-21 17:31:28 (3 days ago) by Martin Nilsson <nilsson@opera.com>

Renamed ChaCha to ChaCha20 to not confuse with ChaCha8 or ChaCha12.

2014-04-21 15:03:06 (3 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Added Crypto.MAC and Crypto.AES.POLY1305.

Crypto.MAC is an API for MAC algorithms analogous to the ones
for hashes and ciphers.

Crypto.AES.POLY1305 is the POLY1305/AES MAC algorithm.

2014-04-21 10:05:45 (3 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Support Camellia in the coming Nettle 3.0 too.

In the coming Nettle 3.0 the Camellia cipher has been splitted
into three sets of functions depending on the keylength. This
adds some glue to emulate the old API.

Sunday 20 April 2014

2014-04-20 17:15:25 (4 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: __INIT() has side effects...

Make sure that __INIT gets marked as having side effects,
or calls to it may get optimized away...

Also renames an internal variable.

2014-04-20 13:50:10 (4 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

__builtin.Nettle: Added __Hash and MAC.

This moves the base hash API to __Hash, and adds a common
API for Message Authentication Codes (MACs) analogous to
the APIs for hashes and ciphers.

2014-04-20 12:02:38 (4 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: Support __INIT with C programs.

When a C program inherits Pike code, it may need to have an __INIT.
This would previously cause fatal errors as end_program() transited
to compiler pass #2 before the __INIT symbol had been added.

end_first_pass() now transits from pass #1 to pass #2 if finish
has been set, and ensures that __INIT (if needed) exists.

Saturday 19 April 2014

2014-04-19 22:10:29 (5 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: Fixed potential NULL-deref.

If the parse tree has extraneous NULLs, the code generator could
theoretically attempt to dereference them.

Fixes complaint by Coverity.

2014-04-19 15:08:05 (5 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Added CHACHA.

This cipher will become available when Nettle 3.0 is released.

2014-04-19 12:51:25 (5 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Reduced DH overhead by a factor ~8.

The DH secret was generated ~8 times larger than needed and
then reduced to the required size. This provided for an
excellent distribution at a cost of quite a bit of overhead.

As this wasn't the intended behaviour of the code, it has
now been changed to just generate the required number of bits
plus a fixed overhead of 128 bits, which ought to be enough to
reduce the bias to a minimum.

Friday 18 April 2014

2014-04-18 23:35:23 (6 days ago) by Martin Nilsson <nilsson@opera.com>

Some Fortuna cleanup.
-l to list benchmarks.

2014-04-18 23:33:18 (6 days ago) by Martin Nilsson <nilsson@opera.com>

30% faster insignificant handshake detail.

2014-04-18 19:06:31 (6 days ago) by Martin Nilsson <nilsson@opera.com>

More doc.

2014-04-18 15:18:58 (6 days ago) by Martin Nilsson <nilsson@opera.com>

Ops. Lost the comment.
Timing stuff.

2014-04-18 13:53:26 (6 days ago) by Martin Nilsson <nilsson@opera.com>

Cleanup

2014-04-18 11:58:15 (6 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Support Nettle 3.0.

cast128_set_key() in Nettle 3.0 has a different number of arguments
than previous versions of Nettle.

2014-04-18 05:16:42 (7 days ago) by Martin Nilsson <nilsson@opera.com>

Fix m4 issue.

Thursday 17 April 2014

2014-04-17 22:31:23 (7 days ago) by Arne Goedeke <el@laramies.com>

sscanf: implement %-F support

The documentation of sscanf says that the - flag activates little byte
order scanning. This was not implemented, yet. %-F always useed big
endian byte order.
Standards.BSON: use %-8F format
Standards.BSON: test float handling
Standards.BSON: use %-8F format

2014-04-17 22:24:19 (7 days ago) by Arne Goedeke <el@laramies.com>

sscanf: implement %-F support

The documentation of sscanf says that the - flag activates little byte
order scanning. This was not implemented, yet. %-F always useed big
endian byte order.

2014-04-17 19:13:55 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Support the soon to be released Nettle 3.0.

The DSA APIs have been changed in Nettle 3.0. This adds code to
use the new API (as the compat API failed due to name conflits).

2014-04-17 17:00:35 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: More KE_rsa_fips suites.

According to comments in <nss/sslproto.h> these two suites were
old aliases for the other two KE_rsa_fips suites.

Also adjusts the names to match NSS's names for the two constants.

2014-04-17 16:37:17 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support KE_rsa_fips.

This seems to have been a key exchange method used to test the TLS 1.0 PRF
during SSL 3.0.

SSL_rsa_fips_with_3des_ede_cbc_sha interoperates with Firefox 24.4.0.

Wednesday 16 April 2014

2014-04-16 23:12:56 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Build: Get rid of some C++-style comments.

2014-04-16 23:08:57 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Build: Get rid of some C++-style comments.

2014-04-16 22:59:26 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: Fixed type derivation for attributed getters.

The getter/setter variable should now get the correct type even
when the getter/setter functions have been marked as deprecated.

2014-04-16 22:55:36 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: Fixed type derivation for attributed getters.

The getter/setter variable should now get the correct type even
when the getter/setter functions have been marked as deprecated.
Crypto.DH: Removed some debug.

2014-04-16 21:20:50 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.DH: Added module.

This module currently just contains the DHParameters class and
the MODP groups from RFC 2409, RFC 3526 and RFC 5114. Actual
Diffie-Hellman key-exchange is not implemented here (yet).

2014-04-16 21:15:32 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: Fixed variant zapping of reference #0.

The variant dispatcher collector was missing an offset, and always
zapped the modifier bits for identifier reference #0. This has the
effect that identifier reference #0 got the modifier bits intended
for the last variant dispatcher in the class.

2014-04-16 20:33:01 (1 week ago) by Arne Goedeke <el@laramies.com>

Standards.BSON: test float handling

2014-04-16 19:17:17 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Use a larger group for Diffie-Hellman.

Added MODP groups 5, 14, 15, 16, 17 and 18 from RFC 3526.

Added MODP groups 22, 23 and 24 from RFC 5114.

Now defaults to using MODP group 24 (ie a 2048-bit group with
a 256-bit prime order subgroup).

2014-04-16 12:40:27 (1 week ago) by Arne Goedeke <el@laramies.com>

Standards.BSON: use TYPEOF for compat with ATOMIC_SVALUE
Standards.BSON: some more tests
Standards.BSON: check for stack overflow
Standards.BSON: keep intermediate values on the stack

By keeping intermediate values on the pike stack, they are freed
automatically when a parsing error occurs.

Tuesday 15 April 2014

2014-04-15 23:00:05 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Reduce minimum cipher strength to 112 bits.

Reduces the default minimum allowed cipher strength in the test server
from 128 to 112 bits to allow DES3.

2014-04-15 22:56:37 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Generate SHA-1 certificates too.

There are still many clients that don't support certificates using
SHA256 (especially for DSA/DSS), so generate SHA-1 variants too.

Now uses the proper arguments to Crypto.DSA()->generate_key()
when creating the DSA/SHA256 cert.

Attempts to generate the certs with a proper CN instead of "*".

Also increases the default strengths of the generated certs,
and allows for overriding multiple parameters with defines.

2014-04-15 20:46:23 (1 week ago) by Arne Goedeke <el@laramies.com>

Standards.BSON: do not use c++ comments

2014-04-15 20:27:52 (1 week ago) by Arne Goedeke <el@laramies.com>

Standards.BSON: use ref_push_* when pushing cached values

The push_* macros do not add a reference.
Standards.BSON: test for Val.* types correctly

2014-04-15 19:46:11 (1 week ago) by Arne Goedeke <el@laramies.com>

block_allocator: always check ptr validity on free
ADT.CritBit: next() failed to find the right node when encountering a prefix
decode_value: check that identifier reference number is positive

Monday 14 April 2014

2014-04-14 20:57:12 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Probe peer for the Heartbleed vulnerability.

The first packet sent after a successful handshake is now a
packet to probe for the Heartbleed (CVE-2014-0160) vulnerability,
and the connection is aborted with an insufficient_security
failure if the peer is suffering.

Also adds a debug flag (SSL3_SIMULATE_HEARTBLEED) to simulate
this state.

2014-04-14 20:52:11 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Heartbeats now actually work.

Fixed multiple typos that caused the heartbeat code to fail.

2014-04-14 19:41:02 (1 week ago) by Martin Nilsson <nilsson@opera.com>

Replace almost unused KE_TO_SA with KE_Anonymous. Removed the SSL module internal SIGNATURE constants.

2014-04-14 18:23:56 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Select certificates in priority order.

When there are multiple certificates of the same type,
select the one with the strongest key if possible.

Sunday 13 April 2014

2014-04-13 19:45:04 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Fix client cert exchange in TLS 1.2.

TLS 1.2 has a signature_algorithms array embedded in the
client certificate request.

Removes the combination MD5 + ECDSA from the set of suggested
signature algorithms, as we don't support it in certificates.

Also refrains from suggesting any ECDSA signature algorithms
if we don't support ECDSA.

2014-04-13 19:42:59 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.session: MD5 is typically not supported with ECDSA.
Crypto.ECC.Curve.ECDSA: Added key_size().

2014-04-13 19:19:36 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Some client cert related fixes.

The client_cert_distinguished_names now contains DER-encoded DNs,
and not the decoded DNs.

Saturday 12 April 2014

2014-04-12 22:54:57 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

__builtin.Nettle.Sign: Added key_size().

2014-04-12 18:04:56 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

version is in the variable scope.

2014-04-12 16:25:18 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.DSA: Added key_size().
Gmp: size() always returns positive.

2014-04-12 15:18:17 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.ECC: Support SHA1 for signatures.

ECDSA/SHA1 signatures is the default combination to support for
ECDSA certificates in TLS 1.2 if the client hasn't said otherwise.

2014-04-12 14:39:30 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Log all alerts.

2014-04-12 13:24:46 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Use context->alert_factory().

SSL.handshake and SSL.connection now use the alert factory to
create all alerts. This allows for customized logging of alerts.

Also cleans up quite a few alert messages to have more information
than just the description code, or remove some redundant info.

2014-04-12 13:17:32 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added alert_factory().

2014-04-12 11:19:55 (2 weeks ago) by Arne Goedeke <el@laramies.com>

Parser.HTML: overlap in arguments to MEMCPY

2014-04-12 11:18:46 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.sslport: Changed API.

To allow SSL configuration via overloading of symbols in SSL.context,
SSL.sslport and SSL.https no longer inherit SSL.context. Instead
they now have an explicit SSL.context object that is passed along
to SSL.sslfile.

Also adds corresponding compat classes.

2014-04-12 11:11:47 (2 weeks ago) by Arne Goedeke <el@laramies.com>

Parser.HTML: overlap in arguments to MEMCPY

Friday 11 April 2014

2014-04-11 20:42:20 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Standards.PKCS.Identifiers: Added on_dnsSRV_id from RFC 4985.

This is the Subject Alternative Name for Expression of Service Name
X.509 extension.

2014-04-11 16:11:58 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Updated comment.

2014-04-11 15:06:05 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Fixed remaining fmt_constant() call.

2014-04-11 14:49:14 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Support any cert when there's no SNI.

If the client doesn't send an SNI, we can't filter on it...

2014-04-11 13:27:44 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Fix compilation on non-Linux.

Use the MINIMUM() macro which always exists, instead of the
MIN() macro which exists on Linux.

Thursday 10 April 2014

2014-04-10 23:33:27 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Changed argument order for fmt_constant().

The new order allows fmt_constant() to be used directly in eg map().

Also gets rid of fmt_curve().

2014-04-10 21:31:48 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Remove remnants of ecdsa_mode().

The function was removed some time ago. Now remove stale links
to it from the documentation.
SSL.handshake: Some fixes in the handling of client certs.

2014-04-10 21:29:41 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing MD5 suites.

Note: These suites are in the range earlier reserved for private use.

2014-04-10 20:44:44 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Improved debug and bugfixed ALPN parsing.
Improved debug

2014-04-10 19:14:40 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Update deprecation documentatin.

2014-04-10 19:10:56 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Moved compat code to the end, to make the file easier to read.

2014-04-10 19:03:43 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Remove NPN. ALPN will move forward as RFC.
Disable some broken certificate code.

2014-04-10 18:19:09 (2 weeks ago) by Per Hedbor <ph@opera.com>

A less intrusive version. #line does not work in cmods very well.

2014-04-10 16:13:28 (2 weeks ago) by Per Hedbor <ph@opera.com>

Fixed linenumbers when using callback-based macros

2014-04-10 00:16:34 (2 weeks ago) by Arne Goedeke <el@laramies.com>

BSON: missing bounds check

Wednesday 09 April 2014

2014-04-09 20:01:52 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Fixed typo in Autodoc.

2014-04-09 19:57:55 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Got rid of some unused arguments.

The arguments to rsa_mode() and dhe_dss_mode() were new in Pike 7.9, and
as Pike 8.0 hasn't been released yet, the API doesn't need to be stable.
SSL.context: Implemented some backward compat.

2014-04-09 17:36:01 (2 weeks ago) by Build system <distmaker@roxen.com>

release number bumped to 854 by export.pike
release number bumped to 855 by export.pike

Tuesday 08 April 2014

2014-04-08 23:16:26 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Reinstate "Runtime: Improve diagnostics from the variant dispatcher."

Process.popen(string) should now work with it enabled.

This reverts commit 50348d848ec84753a198290cf5be9425a5b69f8e, and
reinstates commit a0b635a537e32c03c6e95afd7e42dd8021efc406 + patch.

2014-04-08 22:56:32 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Typechecker: Fix indexing of this_program.

Program types are often converted to the corresponding function
type. Make sure to allow indexing of such types if they look
like program types.

Thanks to Chris Angelico <rosuav@gmail.com> for the report.

Fixes [LysLysKOM 20764345]/[Pike mailinglist 13967].

2014-04-08 19:49:36 (2 weeks ago) by Per Hedbor <ph@opera.com>

Revert "Runtime: Improve diagnostics from the variant dispatcher."

This reverts commit a0b635a537e32c03c6e95afd7e42dd8021efc406.

Now Process.popen(string) works again.

2014-04-08 12:11:15 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Added String.range.

Monday 07 April 2014

2014-04-07 20:52:54 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Runtime: Improve diagnostics from the variant dispatcher.

The variant dispatcher now informs about all potential alternatives
when there's an argument mismatch.

2014-04-07 20:50:00 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Internals: Increase visibility of f___get_first_arg_type().

It can be useful from other C-level code.

Sunday 06 April 2014

2014-04-06 18:58:32 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Support more versions of libnettle again.

The macro AES256_KEY_SIZE does not seem to exist in libnettle 2.7.1.

2014-04-06 18:02:06 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Detail what versoion different header files were added.
Updated with some more Nettle version dependent Crypto object.

2014-04-06 09:18:50 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added CipherPair variant of add_cert().

2014-04-06 01:22:55 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Address fallout from stronger random type.
Resolve DSA in 7.8 mode as well.

2014-04-06 01:20:14 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fixed a forgotten name change.

2014-04-06 00:35:16 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Runtime: Fixed object type check in match_type_svalue().

The type checker function used by the variant dispatcher
checked object types in the wrong order, which caused it
to fail when called with objects implementing a superset
of the required object type.

Saturday 05 April 2014

2014-04-05 23:55:19 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fixed a prototype mismatch
Replaced Yarrow with Fortuna. This implementation is about 35 times faster than the old one. The output has been verified against NIST statistical test suite 2.1.1.
Stronger type for random_string

2014-04-05 16:44:53 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Use find_cert() on the client too.

find_cert() in the context object is now used to select suitable
client certificates in addition to server certificates.

2014-04-05 15:51:00 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Remove last traces of SSL2 support.

2014-04-05 13:32:01 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Use fmt_version().

Cleaned up a few debug messages.

2014-04-05 13:18:36 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added fmt_version().

Added convenience function for formatting an SSL/TLS version number.

2014-04-05 13:07:34 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Protocol version handling cleanup.

The protocol version is now represented the same way everywhere;
a 16-bit integer with the major (ie 3) in the high 8 bits, and
the minor in the low 8 bits.

Previously there was a mix between having a two element array,
and just keeping track of the minor.

Also strengthens the types of version variables in a few places.

2014-04-05 12:57:02 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.sslfile: These variables are no more.

Missed this debug output when moving the version restrictions.

2014-04-05 02:43:13 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Added possibly working basic constraints check to verify_certificate_chain. Next step is probably to figure out want the API ought to look like...

2014-04-05 02:20:07 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Small simplification.

2014-04-05 02:04:38 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fix testcase, now that we generate the correct flags (verified with openssl x509 -inform -text)

2014-04-05 01:02:44 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Revert the BitString cast support. Make set_length return the object.

2014-04-05 00:50:53 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Some consts

Friday 04 April 2014

2014-04-04 21:17:33 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Moved configuration of version restrictions to the context.

The minimum and maximum accepted SSL/TLS versions are now
configured by setting the corresponding variables in the
context object.

This is in line with how other SSL parameters are configured.

2014-04-04 00:39:21 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: More high-level Autodoc.

Added some notes about Constants and Constants.CertificatePair.

Thursday 03 April 2014

2014-04-03 23:18:49 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added some more Autodoc.

Describe use of SSL.context.

2014-04-03 21:32:48 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

The serialization of keyUsage was uglier than I thought. Fixed.

Wednesday 02 April 2014

2014-04-02 23:31:53 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

AutoDoc: Improved compat for @item.

2014-04-02 22:02:10 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

AutoDoc: Support <item/> being a container.

2014-04-02 17:51:20 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Set Crypto.Random.random_string as default random generator for ECDSA.

2014-04-02 01:27:12 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Something is not working with the keyUsage extension.

2014-04-02 00:10:45 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Remove outdated certificates.
Random cleanup (pun intended)
fmt_cipher_suites is in Constants now.

Tuesday 01 April 2014

2014-04-01 21:27:20 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some module-level Autodoc.
SSL.session: Fixed some Autodoc markup typos.

2014-04-01 20:29:59 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Removed never enabled LFib PRNG

2014-04-01 14:40:07 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fixed type issues.

Monday 31 March 2014

2014-03-31 21:58:53 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Precompiler: Default to setting a base name for modules.

The default rules for running the precompiler now set the
symbol base name to the name of the module.

Note that most current modules reset the base name to the
empty string via PRECOMPILER_ARGS for now.

2014-03-31 04:31:47 (4 weeks ago) by Bill Welliver <bill@welliver.org>

release number bumped to 853 by export.pike
release number bumped to 852 by export.pike

Sunday 30 March 2014

2014-03-30 22:49:29 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Fixed typos.

2014-03-30 20:31:35 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support the heartbeat extension (RFC 6520).

Heartbeats are enabled if possible, and heartbeat responses are
sent automatically.

NB: No code for automatically sending heartbeat requests exists yet.

2014-03-30 00:39:21 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Generate appropriate extensions on self signed certificates. More WIP on certificate validation.

Saturday 29 March 2014

2014-03-29 23:41:31 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Added missing break.

2014-03-29 21:49:38 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Made the code hash block size independent.

2014-03-29 21:18:15 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Rename Nettle.Proxy to Nettle.Buffer

2014-03-29 21:07:34 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Added block_size() and digest_size() to HMAC

2014-03-29 19:15:58 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Yet another missed rename.

Fixes broken modes CTR and CCM.

2014-03-29 16:52:28 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fix a few renamed symbols.

2014-03-29 14:57:43 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Specify a base name to precompile.

The internal C-level symbols generated by precompile are now
prefixed with "Nettle_" or "NETTLE_".

2014-03-29 14:27:48 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

precompile: Support setting a symbol base name.

To avoid conflicting symbol names (especially in program_id.h),
it is often a good idea to prefix the internal symbol names
with the module base name that the cmod file belongs to.

2014-03-29 14:06:29 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.packet: Ignore unknown packet types.

RFC 4346 (aka TLS 1.1) 6 recommends that unknown packet types
should be ignored. Note also that the only new packet type that
has been added since TLS 1.1 (PACKET_heartbeat, RFC 6520)
requires that such packets are NOT to be sent during handshakes.

2014-03-29 03:22:13 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Change lucky thirteen mitigation to use hash instead of full HMAC. This is a constant reduction in time, so the difference between correct and non-correct padding is the same.

2014-03-29 03:18:45 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Some more renaming. Now all MAC objects have the same API. hash does HMAC, hash_packet does HMAC with header and hash_raw does hash with the underlying hash algorithm.

2014-03-29 02:57:35 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Name changes. hash to hash_packet and hash_raw to hash.

2014-03-29 02:34:59 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Don't add the packet data to the hmac header, to avoid creating an intermediate string.

Friday 28 March 2014

2014-03-28 23:59:14 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Allow bitstring to be casted to int.

2014-03-28 23:09:56 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Updated to tzdata2014b.

2014-03-28 23:06:49 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Updated to tzdata2014b.

2014-03-28 22:28:18 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Protocols.HTTP.Server.SSLPort: Default to all cert types.

set_default_keycert() now creates and adds one certificate of each
of RSA, DSA/DSS and ECDSA.
Protocols.HTTP.Server.SSLPort: Support ECDSA certs.

set_key() now knows about ECDSA private keys.

2014-03-28 20:03:12 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Let the data size be a prime number, so it doesn't match any block size of anything.

2014-03-28 19:51:06 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Readded lucky thirteen code, and added some early failures documented in the same paper.

Thursday 27 March 2014

2014-03-27 22:36:22 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Extend find_cert() for client side use as well.

find_cert() now supports looking up a certificate set based on
the issuer DER as well.

2014-03-27 01:28:27 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Removed a few lines too much.

2014-03-27 01:23:23 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Use C version of unpad as well.
Try harder to be constant time.

2014-03-27 00:59:27 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Make the pad type explicit. Removed unused tls_pad function.

2014-03-27 00:50:12 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Added PAD_TLS. Works as PAD_SSL did. Changed PAD_SSL to not verify the padding.

Wednesday 26 March 2014

2014-03-26 21:02:58 (4 weeks ago) by Per Hedbor <ph@opera.com>

Explicitly mark generic_extract as inline.
Significantly faster HMAC_sha calculation.
Faster encrypt_packet, using the C padding code
Significantly faster Crypto.Buffer.crypt for the most common cases.

Somewhat faster for the less common ones.

2014-03-26 19:38:19 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.sslfile: Make sure not to hang on destruct.

The destruct callbac could hang in the local backend when attempting
to close the connection cleanly. Make sure that the local backend
doesn't wait for I/O completion in this case.

Fixes [bug 7066].

2014-03-26 19:21:36 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.sslfile: Make sure not to hang on destruct.

The destruct callbac could hang in the local backend when attempting
to close the connection cleanly. Make sure that the local backend
doesn't wait for I/O completion in this case.

Fixes [bug 7066].

2014-03-26 17:53:09 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

ecdsa_mode didn't exists earlier, so no need for deprecated compat function.

Tuesday 25 March 2014

2014-03-25 23:57:46 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Use get_suites() to select the supported suites.

The previous commit also extended SSL.https to use multiple
concurrent certificates.

2014-03-25 23:46:25 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Never sort null ciphers before non-null.

Cipher suites with server authentication, but no encryption were
preferred to suites with encryption, but no authentication. Now
the level of authentication is set to none if there's no encryption,
which means that the order now is reversed in this case.

Note that this only matters if you have called get_suites() with both
a first argument of -1 (include null ciphers) and a second argument
of 2 (include anonymous key exchange methods).

Monday 24 March 2014

2014-03-24 22:03:47 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.session: Fixed FIXME in is_supported_cert().

is_supported_cert() now ensures that all signatures in the selected
certificate chain are supported by the peer in TLS 1.2 and later.

Also adds the MD5 hashes to the set assumed to be supported by the
peer as per RFC 5246 7.4.1.4.1.

2014-03-24 18:39:07 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Ensure serial is positive (+ some insignificant changes)

2014-03-24 16:10:18 (1 month ago) by Per Hedbor <ph@opera.com>

Optimized Standards.URI `== and _sprintf rather significantly.

Note that _sprintf is also used for cast-to-string (and was previously
used for `==).

For the most common case (Standards.URI(uri), where uri is a complete
url, which is then casted to a string or used as a mapping index) the
code is now about 10x faster.

Also added __hash.

Sunday 23 March 2014

2014-03-23 18:42:02 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Rotate export RSA keys.

The export RSA key is now regenerated after 5 uses.

2014-03-23 17:14:29 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: RSA server params are export mode only.

RFC 2246 7.4.3:
It is not legal to send the server key exchange message for the
following key exchange methods:

RSA
RSA_EXPORT (when the public key in the server certificate is
less than or equal to 512 bits in length)

2014-03-23 17:10:23 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.session: Make is_supported_suite() visible.

is_supported_suite() is used from SSL.handshake()->handle_handshake(),
so it needs to be visible.

2014-03-23 14:56:25 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Attempt to detect broken Safari 10.8.

The Safari browser versions 10.8.0..10.8.3 have broken support
for the ECDHE_ECDSA key exchange method, but advertise such
cipher suites anyway. Attempt to fingerprint the browser by
looking at its set of extensions, and filter the suites in
that case.

Adapted heuristics from OpenSSL 1.0.1f.

2014-03-23 13:39:00 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support the truncated_hmac extension.

NB: Currently only implemented server-side.

Saturday 22 March 2014

2014-03-22 22:44:35 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Stricter session handling compliance.

2014-03-22 14:32:02 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.session: Add version filtering to is_supported_suite().

Improves compliance with RFC 4346 A.5, and protects against negotiating
AEAD suites with TLS 1.1 or earlier.

2014-03-22 14:27:00 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Update testsuite to new get_suites() API.

2014-03-22 13:45:07 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Changed API for get_suites().

API changes as per discussion with Martin Nilsson.

get_suites() should now be more easy to use for eg client setup, and
have reasonable defaults for secure operation.

The {rsa,dsa,ecdsa}_mode() functions are now marked as deprecated,
are identical, and ignore the max_version argument.

2014-03-22 00:07:23 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added TLS_dhe_dss_with_rc4_128_sha.

This suite was part of draft-ietf-tls-56-bit-ciphersuites-01.txt
and caused the testsuite to fail by not being implemented. It
also seems to be in use by gnutls 3.2.12.

Friday 21 March 2014

2014-03-21 23:47:52 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more RFC notes.

2014-03-21 23:45:49 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more cipher suite constants.

These suites from draft-ietf-tls-56-bit-ciphersuites-01.txt
are apparently in use by some versions of MSIE.

Thursday 20 March 2014

2014-03-20 20:33:58 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for the max_fragment_length extension.

2014-03-20 12:59:10 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Fixed multiple instances of unaligned stack.

The precompile.pike RETURN (and RETURN_REF) statement(s) requires the
stack to be at the same level as at function entry. Remove the use of
RETURN from places where the stack level has changed.

Fixes the return values from set_encrypt_key() and others in multiple
wrapper classes (eg CBC, Proxy, etc).

2014-03-20 12:22:53 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Bignum: Fixed typo.

2014-03-20 12:16:19 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Bignum: Fixed the overflow checks for size_t.

The type UINT32 doesn't exist in Pike...

Fixes compilation issues on Solaris.

Wednesday 19 March 2014

2014-03-19 19:54:18 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added KE_* constants for PSK and SRP.

2014-03-19 17:57:36 (1 month ago) by Martin Nilsson <nilsson@opera.com>

PAD_SSL will now pad with the size and not random data. unpad now verifies the padding.

2014-03-19 17:46:23 (1 month ago) by Chris Angelico <rosuav@gmail.com>

Fix typo in GTK2.Widget docs

2014-03-19 15:48:27 (1 month ago) by Arne Goedeke <el@laramies.com>

encode_value: error when encoding inherits without name

This happens in certain programs (e.g. __builtin.*Error and some Nettle
hash states) where low_inherit is called with name == NULL.

2014-03-19 15:12:35 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Remove redundant defines.

2014-03-19 14:41:50 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Minor tweaks

2014-03-19 14:39:41 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Less magic numbers. Made PAD_* into proper constants.

2014-03-19 14:14:02 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Added FIXMEs

2014-03-19 12:04:53 (1 month ago) by Build system <distmaker@roxen.com>

release number bumped to 850 by export.pike
release number bumped to 851 by export.pike

Tuesday 18 March 2014

2014-03-18 23:46:41 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added the CCM cipher suites from RFC 6655.

2014-03-18 23:42:03 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Renumber the CipherModes.

Attempt to have a the cipher modes in approximate order of strength,
so that cipher_suite_sort_key() doesn't need to get more complicated.

2014-03-18 23:38:11 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.state: AEAD: Use digest_size().

Use digest_size() to determine the size of the AEAD digest, and
not block_size(), as there are AEAD suites where they differ.

2014-03-18 23:35:41 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.CCM: Added digest_size().

Also adds some related AutoDoc mk II markup.

2014-03-18 18:29:25 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Backend: Improved support for OOB with kqueue(2).

On MacOS X out-of-band data on sockets is signalled by the flag EV_OOBAND
(aka EV_FLAG1) in the EVFILT_READ notification. Unfortunately this
notification is by default only sent when there is also normal data
available. The kernel source indicates that it should be possible to get
notifications on just OOB by setting EV_OOBAND in the call to kevent(2)
(this is what poll(2) does internally). kevent(2) however masks the flag
before calling the internal function kevent_register(), so it is not
possible at this time.

On FreeBSD it seems out-of-band data is signalled as a normal EVFILT_READ
notification.

Improves the status for [bug 7063], but requires kernel changes
to fix the problem on MacOS X fully.

2014-03-18 18:23:25 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Backend: Improved support for OOB with kqueue(2).

On MacOS X out-of-band data on sockets is signalled by the flag EV_OOBAND
(aka EV_FLAG1) in the EVFILT_READ notification. Unfortunately this
notification is by default only sent when there is also normal data
available. The kernel source indicates that it should be possible to get
notifications on just OOB by setting EV_OOBAND in the call to kevent(2)
(this is what poll(2) does internally). kevent(2) however masks the flag
before calling the internal function kevent_register(), so it is not
possible at this time.

On FreeBSD it seems out-of-band data is signalled as a normal EVFILT_READ
notification.

Improves the status for [bug 7063], but requires kernel changes
to fix the problem on MacOS X fully.

2014-03-18 18:16:49 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Added SIGNATURE_any (which possibly is a misleading name) to give you all non-anonymous signatures. Improved default to not be limited to RSA.

2014-03-18 16:25:35 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Improved debug output.

2014-03-18 16:23:23 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Improved debug output.

2014-03-18 16:20:22 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Fixed a bunch of debug messages.

2014-03-18 04:00:20 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Updated for Nettle API change.

Monday 17 March 2014

2014-03-17 23:10:17 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.GCM: Added some missing functions.

Adds digest_size().

2014-03-17 21:46:47 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.CCM: Added Counter with CBC-MAC mode.

This cipher mode is specified in NIST Special Publication 800-38C.

2014-03-17 15:50:07 (1 month ago) by Martin Jonsson <marty@roxen.com>

Make sure we compile when HAVE_JPEGLIB_H is undefined.

2014-03-17 12:24:04 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Revert "decode_value: check validity of refno"

The test looked at limits for the wrong program (the refno relates
to the program at depth depth).

Revert it for now as it breaks working code.

This reverts commit c88883e028a5182d0e0e8c668f2d672a9cc7e367.

2014-03-17 00:16:37 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.CTR.State: Added getter for the wrapped object.

The wrapped object is useful when extending the class (eg to
implement CCM it is needed to calculate the MAC).

Sunday 16 March 2014

2014-03-16 23:53:53 (1 month ago) by Martin Nilsson <nilsson@opera.com>

New temp assignment for padding extension. Added some RFC references.

2014-03-16 23:37:18 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Fix a an exception for client hello packages close to 512 bytes.

2014-03-16 20:03:39 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing CCM constants from RFC 6655.

2014-03-16 14:04:42 (1 month ago) by Arne Goedeke <el@laramies.com>

CritBit: do not cast through union

2014-03-16 09:47:39 (1 month ago) by Arne Goedeke <el@laramies.com>

decode_value: check validity of refno
Bignum: generate overflow checks for size_t
decode_value: check if program area sizes overflow

Saturday 15 March 2014

2014-03-15 22:19:42 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Enable unused function warnings again.
Removed dead code.
Fixed warning with ifdefs.

2014-03-15 22:13:20 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Hide unused opcodes.

2014-03-15 22:07:08 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Fixed a warning for NEW_ARG_CHECK mode.

2014-03-15 22:05:02 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Disabled local variable optimizations even more.
CTR documentation fixes.

2014-03-15 12:44:49 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Testsuite: Support old Nettle again.

The SSL.Constants.CIPHER_SUITES validator now knows about
the exceptions in the table when features are missing.

2014-03-15 12:30:54 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Testsuite: Added validation of SSL.Constants.CIPHER_SUITES.

The testsuite now ensures that the CIPHER_SUITES table is up to date,
complete and correct, by deriving the expected table entry from the
cipher suite symbol name.
Testsuite: Added some more TLS exceptions.

2014-03-15 12:25:03 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing cipher suites.

All cipher suites that are possible to implement without adding
more code to SSL.Cipher et al, should now be present in the
CIPHER_SUITES table.

2014-03-15 12:21:06 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed some typos in CIPHER_SUITES.

Most of the typos were using Diffie-Hellman Ephemeral keyexchange
where it should be plain Diffie-Hellman.

[permalink]

Bugs mentioned

  2048RESOLVEDSite administration has screwed up tabs
  6520RESOLVEDProtocol cache memory issue
  7063NEWThe kqueue backend doesn't support out of band data.
  7066RESOLVEDThe SSL.sslfile destruct callback can hang the backend thread.
  851RESOLVEDErrors in the images in java chapter of the admin manual
  852RESOLVEDServer creation wizard bug
  853RESOLVEDBug in cgi.pike/NT
  854RESOLVEDIndexing the NULL value when adding the frontpage module
  855RESOLVEDDifferent numbering of multiple modules
Bugs? Suggestions?