Browse source

Changelog

Query
From:
To:
Branch:
Path:
Message:
BugID:
User: +
Format:
: 18 checkins (+195/-84) by 2 people : 28 checkins (+688/-294) by 6 people : 24 checkins (+354/-144) by 4 people : 12 checkins (+299/-149) by 2 people : 11 checkins (+136/-56) by 3 people : 12 checkins (+219/-75) by 2 people : 9 checkins (+129/-70) by 3 people : 6 checkins (+283/-7) by 2 people : 15 checkins (+369/-85) by 2 people : 13 checkins (+130/-54) by 5 people : 7 checkins (+85/-35) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 3 checkins (+45/-25) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 6 checkins (+166/-94) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 8 checkins (+128/-25) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 3 checkins (+81/-43) by 3 people : 3 checkins (+52/-30) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 17 checkins (+101/-140) by 3 people : 1 checkin (+27/-8) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 17 checkins (+273/-103) by 2 people : 30 checkins (+369/-244) by 2 people : 5 checkins (+199/-2) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 12 checkins (+44/-10) by 2 people : 8 checkins (+55/-142) by 2 people : 6 checkins (+30/-11) by 2 people : 3 checkins (+54/-14) by 2 people : 9 checkins (+74/-90) by 2 people : 38 checkins (+718/-787) by 2 people : 4 checkins (+37/-2) by 2 people : 3 checkins (+29/-13) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 5 checkins (+79/-37) by 3 people : 6 checkins (+201/-155) by 3 people : 19 checkins (+412/-347) by 3 people : 5 checkins (+25/-8) by 2 people : 16 checkins (+601/-248) by 3 people : 4 checkins (+56/-25) by Henrik Grubbström (Grubba) <grubba@grubba.org> : 7 checkins (+177/-62) by 2 people : 9 checkins (+135/-45) by 2 people : 13 checkins (+775/-34) by 2 people : 16 checkins (+303/-176) by 2 people : 10 checkins (+95/-33) by 2 people Lines added/removed recently

Yesterday; Friday 18 April 2014

2014-04-18 23:35:23 (9 hours ago) by Martin Nilsson <nilsson@opera.com>

Some Fortuna cleanup.
-l to list benchmarks.

2014-04-18 23:33:18 (9 hours ago) by Martin Nilsson <nilsson@opera.com>

30% faster insignificant handshake detail.

2014-04-18 19:06:31 (14 hours ago) by Martin Nilsson <nilsson@opera.com>

More doc.

2014-04-18 15:18:58 (18 hours ago) by Martin Nilsson <nilsson@opera.com>

Ops. Lost the comment.
Timing stuff.

2014-04-18 13:53:26 (19 hours ago) by Martin Nilsson <nilsson@opera.com>

Cleanup

2014-04-18 11:58:15 (21 hours ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Support Nettle 3.0.

cast128_set_key() in Nettle 3.0 has a different number of arguments
than previous versions of Nettle.

2014-04-18 05:16:42 (1 day ago) by Martin Nilsson <nilsson@opera.com>

Fix m4 issue.

Thursday 17 April 2014

2014-04-17 22:31:23 (1 day ago) by Arne Goedeke <el@laramies.com>

sscanf: implement %-F support

The documentation of sscanf says that the - flag activates little byte
order scanning. This was not implemented, yet. %-F always useed big
endian byte order.
Standards.BSON: use %-8F format
Standards.BSON: test float handling
Standards.BSON: use %-8F format

2014-04-17 22:24:19 (1 day ago) by Arne Goedeke <el@laramies.com>

sscanf: implement %-F support

The documentation of sscanf says that the - flag activates little byte
order scanning. This was not implemented, yet. %-F always useed big
endian byte order.

2014-04-17 19:13:55 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Support the soon to be released Nettle 3.0.

The DSA APIs have been changed in Nettle 3.0. This adds code to
use the new API (as the compat API failed due to name conflits).

2014-04-17 17:00:35 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: More KE_rsa_fips suites.

According to comments in <nss/sslproto.h> these two suites were
old aliases for the other two KE_rsa_fips suites.

Also adjusts the names to match NSS's names for the two constants.

2014-04-17 16:37:17 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support KE_rsa_fips.

This seems to have been a key exchange method used to test the TLS 1.0 PRF
during SSL 3.0.

SSL_rsa_fips_with_3des_ede_cbc_sha interoperates with Firefox 24.4.0.

Wednesday 16 April 2014

2014-04-16 23:12:56 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Build: Get rid of some C++-style comments.

2014-04-16 23:08:57 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Build: Get rid of some C++-style comments.

2014-04-16 22:59:26 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: Fixed type derivation for attributed getters.

The getter/setter variable should now get the correct type even
when the getter/setter functions have been marked as deprecated.

2014-04-16 22:55:36 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: Fixed type derivation for attributed getters.

The getter/setter variable should now get the correct type even
when the getter/setter functions have been marked as deprecated.
Crypto.DH: Removed some debug.

2014-04-16 21:20:50 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.DH: Added module.

This module currently just contains the DHParameters class and
the MODP groups from RFC 2409, RFC 3526 and RFC 5114. Actual
Diffie-Hellman key-exchange is not implemented here (yet).

2014-04-16 21:15:32 (2 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler: Fixed variant zapping of reference #0.

The variant dispatcher collector was missing an offset, and always
zapped the modifier bits for identifier reference #0. This has the
effect that identifier reference #0 got the modifier bits intended
for the last variant dispatcher in the class.

2014-04-16 20:33:01 (3 days ago) by Arne Goedeke <el@laramies.com>

Standards.BSON: test float handling

2014-04-16 19:17:17 (3 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Use a larger group for Diffie-Hellman.

Added MODP groups 5, 14, 15, 16, 17 and 18 from RFC 3526.

Added MODP groups 22, 23 and 24 from RFC 5114.

Now defaults to using MODP group 24 (ie a 2048-bit group with
a 256-bit prime order subgroup).

2014-04-16 12:40:27 (3 days ago) by Arne Goedeke <el@laramies.com>

Standards.BSON: check for stack overflow
Standards.BSON: some more tests
Standards.BSON: keep intermediate values on the stack

By keeping intermediate values on the pike stack, they are freed
automatically when a parsing error occurs.
Standards.BSON: use TYPEOF for compat with ATOMIC_SVALUE

Tuesday 15 April 2014

2014-04-15 23:00:05 (3 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Reduce minimum cipher strength to 112 bits.

Reduces the default minimum allowed cipher strength in the test server
from 128 to 112 bits to allow DES3.

2014-04-15 22:56:37 (3 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Generate SHA-1 certificates too.

There are still many clients that don't support certificates using
SHA256 (especially for DSA/DSS), so generate SHA-1 variants too.

Now uses the proper arguments to Crypto.DSA()->generate_key()
when creating the DSA/SHA256 cert.

Attempts to generate the certs with a proper CN instead of "*".

Also increases the default strengths of the generated certs,
and allows for overriding multiple parameters with defines.

2014-04-15 20:46:23 (4 days ago) by Arne Goedeke <el@laramies.com>

Standards.BSON: do not use c++ comments

2014-04-15 20:27:52 (4 days ago) by Arne Goedeke <el@laramies.com>

Standards.BSON: use ref_push_* when pushing cached values

The push_* macros do not add a reference.
Standards.BSON: test for Val.* types correctly

2014-04-15 19:46:11 (4 days ago) by Arne Goedeke <el@laramies.com>

ADT.CritBit: next() failed to find the right node when encountering a prefix
block_allocator: always check ptr validity on free
decode_value: check that identifier reference number is positive

Monday 14 April 2014

2014-04-14 20:57:12 (5 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Probe peer for the Heartbleed vulnerability.

The first packet sent after a successful handshake is now a
packet to probe for the Heartbleed (CVE-2014-0160) vulnerability,
and the connection is aborted with an insufficient_security
failure if the peer is suffering.

Also adds a debug flag (SSL3_SIMULATE_HEARTBLEED) to simulate
this state.

2014-04-14 20:52:11 (5 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Heartbeats now actually work.

Fixed multiple typos that caused the heartbeat code to fail.

2014-04-14 19:41:02 (5 days ago) by Martin Nilsson <nilsson@opera.com>

Replace almost unused KE_TO_SA with KE_Anonymous. Removed the SSL module internal SIGNATURE constants.

2014-04-14 18:23:56 (5 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Select certificates in priority order.

When there are multiple certificates of the same type,
select the one with the strongest key if possible.

Sunday 13 April 2014

2014-04-13 19:45:04 (6 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Fix client cert exchange in TLS 1.2.

TLS 1.2 has a signature_algorithms array embedded in the
client certificate request.

Removes the combination MD5 + ECDSA from the set of suggested
signature algorithms, as we don't support it in certificates.

Also refrains from suggesting any ECDSA signature algorithms
if we don't support ECDSA.

2014-04-13 19:42:59 (6 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.session: MD5 is typically not supported with ECDSA.
Crypto.ECC.Curve.ECDSA: Added key_size().

2014-04-13 19:19:36 (6 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Some client cert related fixes.

The client_cert_distinguished_names now contains DER-encoded DNs,
and not the decoded DNs.

Saturday 12 April 2014

2014-04-12 22:54:57 (6 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

__builtin.Nettle.Sign: Added key_size().

2014-04-12 18:04:56 (7 days ago) by Martin Nilsson <nilsson@opera.com>

version is in the variable scope.

2014-04-12 16:25:18 (7 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.DSA: Added key_size().
Gmp: size() always returns positive.

2014-04-12 15:18:17 (7 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.ECC: Support SHA1 for signatures.

ECDSA/SHA1 signatures is the default combination to support for
ECDSA certificates in TLS 1.2 if the client hasn't said otherwise.

2014-04-12 14:39:30 (7 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Log all alerts.

2014-04-12 13:24:46 (7 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Use context->alert_factory().

SSL.handshake and SSL.connection now use the alert factory to
create all alerts. This allows for customized logging of alerts.

Also cleans up quite a few alert messages to have more information
than just the description code, or remove some redundant info.

2014-04-12 13:17:32 (7 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added alert_factory().

2014-04-12 11:19:55 (7 days ago) by Arne Goedeke <el@laramies.com>

Parser.HTML: overlap in arguments to MEMCPY

2014-04-12 11:18:46 (7 days ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.sslport: Changed API.

To allow SSL configuration via overloading of symbols in SSL.context,
SSL.sslport and SSL.https no longer inherit SSL.context. Instead
they now have an explicit SSL.context object that is passed along
to SSL.sslfile.

Also adds corresponding compat classes.

2014-04-12 11:11:47 (7 days ago) by Arne Goedeke <el@laramies.com>

Parser.HTML: overlap in arguments to MEMCPY

Friday 11 April 2014

2014-04-11 20:42:20 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Standards.PKCS.Identifiers: Added on_dnsSRV_id from RFC 4985.

This is the Subject Alternative Name for Expression of Service Name
X.509 extension.

2014-04-11 16:11:58 (1 week ago) by Martin Nilsson <nilsson@opera.com>

Updated comment.

2014-04-11 15:06:05 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Fixed remaining fmt_constant() call.

2014-04-11 14:49:14 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Support any cert when there's no SNI.

If the client doesn't send an SNI, we can't filter on it...

2014-04-11 13:27:44 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Fix compilation on non-Linux.

Use the MINIMUM() macro which always exists, instead of the
MIN() macro which exists on Linux.

Thursday 10 April 2014

2014-04-10 23:33:27 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Changed argument order for fmt_constant().

The new order allows fmt_constant() to be used directly in eg map().

Also gets rid of fmt_curve().

2014-04-10 21:31:48 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Remove remnants of ecdsa_mode().

The function was removed some time ago. Now remove stale links
to it from the documentation.
SSL.handshake: Some fixes in the handling of client certs.

2014-04-10 21:29:41 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing MD5 suites.

Note: These suites are in the range earlier reserved for private use.

2014-04-10 20:44:44 (1 week ago) by Martin Nilsson <nilsson@opera.com>

Improved debug and bugfixed ALPN parsing.
Improved debug

2014-04-10 19:14:40 (1 week ago) by Martin Nilsson <nilsson@opera.com>

Update deprecation documentatin.

2014-04-10 19:10:56 (1 week ago) by Martin Nilsson <nilsson@opera.com>

Moved compat code to the end, to make the file easier to read.

2014-04-10 19:03:43 (1 week ago) by Martin Nilsson <nilsson@opera.com>

Remove NPN. ALPN will move forward as RFC.
Disable some broken certificate code.

2014-04-10 18:19:09 (1 week ago) by Per Hedbor <ph@opera.com>

A less intrusive version. #line does not work in cmods very well.

2014-04-10 16:13:28 (1 week ago) by Per Hedbor <ph@opera.com>

Fixed linenumbers when using callback-based macros

2014-04-10 00:16:34 (1 week ago) by Arne Goedeke <el@laramies.com>

BSON: missing bounds check

Wednesday 09 April 2014

2014-04-09 20:01:52 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Fixed typo in Autodoc.

2014-04-09 19:57:55 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Got rid of some unused arguments.

The arguments to rsa_mode() and dhe_dss_mode() were new in Pike 7.9, and
as Pike 8.0 hasn't been released yet, the API doesn't need to be stable.
SSL.context: Implemented some backward compat.

2014-04-09 17:36:01 (1 week ago) by Build system <distmaker@roxen.com>

release number bumped to 854 by export.pike
release number bumped to 855 by export.pike

Tuesday 08 April 2014

2014-04-08 23:16:26 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Reinstate "Runtime: Improve diagnostics from the variant dispatcher."

Process.popen(string) should now work with it enabled.

This reverts commit 50348d848ec84753a198290cf5be9425a5b69f8e, and
reinstates commit a0b635a537e32c03c6e95afd7e42dd8021efc406 + patch.

2014-04-08 22:56:32 (1 week ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Typechecker: Fix indexing of this_program.

Program types are often converted to the corresponding function
type. Make sure to allow indexing of such types if they look
like program types.

Thanks to Chris Angelico <rosuav@gmail.com> for the report.

Fixes [LysLysKOM 20764345]/[Pike mailinglist 13967].

2014-04-08 19:49:36 (2 weeks ago) by Per Hedbor <ph@opera.com>

Revert "Runtime: Improve diagnostics from the variant dispatcher."

This reverts commit a0b635a537e32c03c6e95afd7e42dd8021efc406.

Now Process.popen(string) works again.

2014-04-08 12:11:15 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Added String.range.

Monday 07 April 2014

2014-04-07 20:52:54 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Runtime: Improve diagnostics from the variant dispatcher.

The variant dispatcher now informs about all potential alternatives
when there's an argument mismatch.

2014-04-07 20:50:00 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Internals: Increase visibility of f___get_first_arg_type().

It can be useful from other C-level code.

Sunday 06 April 2014

2014-04-06 18:58:32 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Support more versions of libnettle again.

The macro AES256_KEY_SIZE does not seem to exist in libnettle 2.7.1.

2014-04-06 18:02:06 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Detail what versoion different header files were added.
Updated with some more Nettle version dependent Crypto object.

2014-04-06 09:18:50 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added CipherPair variant of add_cert().

2014-04-06 01:22:55 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Address fallout from stronger random type.
Resolve DSA in 7.8 mode as well.

2014-04-06 01:20:14 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fixed a forgotten name change.

2014-04-06 00:35:16 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Runtime: Fixed object type check in match_type_svalue().

The type checker function used by the variant dispatcher
checked object types in the wrong order, which caused it
to fail when called with objects implementing a superset
of the required object type.

Saturday 05 April 2014

2014-04-05 23:55:19 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fixed a prototype mismatch
Stronger type for random_string
Replaced Yarrow with Fortuna. This implementation is about 35 times faster than the old one. The output has been verified against NIST statistical test suite 2.1.1.

2014-04-05 16:44:53 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Use find_cert() on the client too.

find_cert() in the context object is now used to select suitable
client certificates in addition to server certificates.

2014-04-05 15:51:00 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Remove last traces of SSL2 support.

2014-04-05 13:32:01 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Use fmt_version().

Cleaned up a few debug messages.

2014-04-05 13:18:36 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added fmt_version().

Added convenience function for formatting an SSL/TLS version number.

2014-04-05 13:07:34 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Protocol version handling cleanup.

The protocol version is now represented the same way everywhere;
a 16-bit integer with the major (ie 3) in the high 8 bits, and
the minor in the low 8 bits.

Previously there was a mix between having a two element array,
and just keeping track of the minor.

Also strengthens the types of version variables in a few places.

2014-04-05 12:57:02 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.sslfile: These variables are no more.

Missed this debug output when moving the version restrictions.

2014-04-05 02:43:13 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Added possibly working basic constraints check to verify_certificate_chain. Next step is probably to figure out want the API ought to look like...

2014-04-05 02:20:07 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Small simplification.

2014-04-05 02:04:38 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fix testcase, now that we generate the correct flags (verified with openssl x509 -inform -text)

2014-04-05 01:02:44 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Revert the BitString cast support. Make set_length return the object.

2014-04-05 00:50:53 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Some consts

Friday 04 April 2014

2014-04-04 21:17:33 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Moved configuration of version restrictions to the context.

The minimum and maximum accepted SSL/TLS versions are now
configured by setting the corresponding variables in the
context object.

This is in line with how other SSL parameters are configured.

2014-04-04 00:39:21 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: More high-level Autodoc.

Added some notes about Constants and Constants.CertificatePair.

Thursday 03 April 2014

2014-04-03 23:18:49 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added some more Autodoc.

Describe use of SSL.context.

2014-04-03 21:32:48 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

The serialization of keyUsage was uglier than I thought. Fixed.

Wednesday 02 April 2014

2014-04-02 23:31:53 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

AutoDoc: Improved compat for @item.

2014-04-02 22:02:10 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

AutoDoc: Support <item/> being a container.

2014-04-02 17:51:20 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Set Crypto.Random.random_string as default random generator for ECDSA.

2014-04-02 01:27:12 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

Something is not working with the keyUsage extension.

2014-04-02 00:10:45 (2 weeks ago) by Martin Nilsson <nilsson@opera.com>

fmt_cipher_suites is in Constants now.
Remove outdated certificates.
Random cleanup (pun intended)

Tuesday 01 April 2014

2014-04-01 21:27:20 (2 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some module-level Autodoc.
SSL.session: Fixed some Autodoc markup typos.

2014-04-01 20:29:59 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Removed never enabled LFib PRNG

2014-04-01 14:40:07 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fixed type issues.

Monday 31 March 2014

2014-03-31 21:58:53 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Precompiler: Default to setting a base name for modules.

The default rules for running the precompiler now set the
symbol base name to the name of the module.

Note that most current modules reset the base name to the
empty string via PRECOMPILER_ARGS for now.

2014-03-31 04:31:47 (3 weeks ago) by Bill Welliver <bill@welliver.org>

release number bumped to 852 by export.pike
release number bumped to 853 by export.pike

Sunday 30 March 2014

2014-03-30 22:49:29 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Fixed typos.

2014-03-30 20:31:35 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support the heartbeat extension (RFC 6520).

Heartbeats are enabled if possible, and heartbeat responses are
sent automatically.

NB: No code for automatically sending heartbeat requests exists yet.

2014-03-30 00:39:21 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Generate appropriate extensions on self signed certificates. More WIP on certificate validation.

Saturday 29 March 2014

2014-03-29 23:41:31 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Added missing break.

2014-03-29 21:49:38 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Made the code hash block size independent.

2014-03-29 21:18:15 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Rename Nettle.Proxy to Nettle.Buffer

2014-03-29 21:07:34 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Added block_size() and digest_size() to HMAC

2014-03-29 19:15:58 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Yet another missed rename.

Fixes broken modes CTR and CCM.

2014-03-29 16:52:28 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Fix a few renamed symbols.

2014-03-29 14:57:43 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Specify a base name to precompile.

The internal C-level symbols generated by precompile are now
prefixed with "Nettle_" or "NETTLE_".

2014-03-29 14:27:48 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

precompile: Support setting a symbol base name.

To avoid conflicting symbol names (especially in program_id.h),
it is often a good idea to prefix the internal symbol names
with the module base name that the cmod file belongs to.

2014-03-29 14:06:29 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.packet: Ignore unknown packet types.

RFC 4346 (aka TLS 1.1) 6 recommends that unknown packet types
should be ignored. Note also that the only new packet type that
has been added since TLS 1.1 (PACKET_heartbeat, RFC 6520)
requires that such packets are NOT to be sent during handshakes.

2014-03-29 03:22:13 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Change lucky thirteen mitigation to use hash instead of full HMAC. This is a constant reduction in time, so the difference between correct and non-correct padding is the same.

2014-03-29 03:18:45 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Some more renaming. Now all MAC objects have the same API. hash does HMAC, hash_packet does HMAC with header and hash_raw does hash with the underlying hash algorithm.

2014-03-29 02:57:35 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Name changes. hash to hash_packet and hash_raw to hash.

2014-03-29 02:34:59 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Don't add the packet data to the hmac header, to avoid creating an intermediate string.

Friday 28 March 2014

2014-03-28 23:59:14 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Allow bitstring to be casted to int.

2014-03-28 23:09:56 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Updated to tzdata2014b.

2014-03-28 23:06:49 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Updated to tzdata2014b.

2014-03-28 22:28:18 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Protocols.HTTP.Server.SSLPort: Default to all cert types.

set_default_keycert() now creates and adds one certificate of each
of RSA, DSA/DSS and ECDSA.
Protocols.HTTP.Server.SSLPort: Support ECDSA certs.

set_key() now knows about ECDSA private keys.

2014-03-28 20:03:12 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Let the data size be a prime number, so it doesn't match any block size of anything.

2014-03-28 19:51:06 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Readded lucky thirteen code, and added some early failures documented in the same paper.

Thursday 27 March 2014

2014-03-27 22:36:22 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Extend find_cert() for client side use as well.

find_cert() now supports looking up a certificate set based on
the issuer DER as well.

2014-03-27 01:28:27 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Removed a few lines too much.

2014-03-27 01:23:23 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Use C version of unpad as well.
Try harder to be constant time.

2014-03-27 00:59:27 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Make the pad type explicit. Removed unused tls_pad function.

2014-03-27 00:50:12 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

Added PAD_TLS. Works as PAD_SSL did. Changed PAD_SSL to not verify the padding.

Wednesday 26 March 2014

2014-03-26 21:02:58 (3 weeks ago) by Per Hedbor <ph@opera.com>

Significantly faster HMAC_sha calculation.
Explicitly mark generic_extract as inline.
Faster encrypt_packet, using the C padding code
Significantly faster Crypto.Buffer.crypt for the most common cases.

Somewhat faster for the less common ones.

2014-03-26 19:38:19 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.sslfile: Make sure not to hang on destruct.

The destruct callbac could hang in the local backend when attempting
to close the connection cleanly. Make sure that the local backend
doesn't wait for I/O completion in this case.

Fixes [bug 7066].

2014-03-26 19:21:36 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.sslfile: Make sure not to hang on destruct.

The destruct callbac could hang in the local backend when attempting
to close the connection cleanly. Make sure that the local backend
doesn't wait for I/O completion in this case.

Fixes [bug 7066].

2014-03-26 17:53:09 (3 weeks ago) by Martin Nilsson <nilsson@opera.com>

ecdsa_mode didn't exists earlier, so no need for deprecated compat function.

Tuesday 25 March 2014

2014-03-25 23:57:46 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Use get_suites() to select the supported suites.

The previous commit also extended SSL.https to use multiple
concurrent certificates.

2014-03-25 23:46:25 (3 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Never sort null ciphers before non-null.

Cipher suites with server authentication, but no encryption were
preferred to suites with encryption, but no authentication. Now
the level of authentication is set to none if there's no encryption,
which means that the order now is reversed in this case.

Note that this only matters if you have called get_suites() with both
a first argument of -1 (include null ciphers) and a second argument
of 2 (include anonymous key exchange methods).

Monday 24 March 2014

2014-03-24 22:03:47 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.session: Fixed FIXME in is_supported_cert().

is_supported_cert() now ensures that all signatures in the selected
certificate chain are supported by the peer in TLS 1.2 and later.

Also adds the MD5 hashes to the set assumed to be supported by the
peer as per RFC 5246 7.4.1.4.1.

2014-03-24 18:39:07 (4 weeks ago) by Martin Nilsson <nilsson@opera.com>

Ensure serial is positive (+ some insignificant changes)

2014-03-24 16:10:18 (4 weeks ago) by Per Hedbor <ph@opera.com>

Optimized Standards.URI `== and _sprintf rather significantly.

Note that _sprintf is also used for cast-to-string (and was previously
used for `==).

For the most common case (Standards.URI(uri), where uri is a complete
url, which is then casted to a string or used as a mapping index) the
code is now about 10x faster.

Also added __hash.

Sunday 23 March 2014

2014-03-23 18:42:02 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Rotate export RSA keys.

The export RSA key is now regenerated after 5 uses.

2014-03-23 17:14:29 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: RSA server params are export mode only.

RFC 2246 7.4.3:
It is not legal to send the server key exchange message for the
following key exchange methods:

RSA
RSA_EXPORT (when the public key in the server certificate is
less than or equal to 512 bits in length)

2014-03-23 17:10:23 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.session: Make is_supported_suite() visible.

is_supported_suite() is used from SSL.handshake()->handle_handshake(),
so it needs to be visible.

2014-03-23 14:56:25 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Attempt to detect broken Safari 10.8.

The Safari browser versions 10.8.0..10.8.3 have broken support
for the ECDHE_ECDSA key exchange method, but advertise such
cipher suites anyway. Attempt to fingerprint the browser by
looking at its set of extensions, and filter the suites in
that case.

Adapted heuristics from OpenSSL 1.0.1f.

2014-03-23 13:39:00 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support the truncated_hmac extension.

NB: Currently only implemented server-side.

Saturday 22 March 2014

2014-03-22 22:44:35 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Stricter session handling compliance.

2014-03-22 14:32:02 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.session: Add version filtering to is_supported_suite().

Improves compliance with RFC 4346 A.5, and protects against negotiating
AEAD suites with TLS 1.1 or earlier.

2014-03-22 14:27:00 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Update testsuite to new get_suites() API.

2014-03-22 13:45:07 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Changed API for get_suites().

API changes as per discussion with Martin Nilsson.

get_suites() should now be more easy to use for eg client setup, and
have reasonable defaults for secure operation.

The {rsa,dsa,ecdsa}_mode() functions are now marked as deprecated,
are identical, and ignore the max_version argument.

2014-03-22 00:07:23 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added TLS_dhe_dss_with_rc4_128_sha.

This suite was part of draft-ietf-tls-56-bit-ciphersuites-01.txt
and caused the testsuite to fail by not being implemented. It
also seems to be in use by gnutls 3.2.12.

Friday 21 March 2014

2014-03-21 23:47:52 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more RFC notes.

2014-03-21 23:45:49 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more cipher suite constants.

These suites from draft-ietf-tls-56-bit-ciphersuites-01.txt
are apparently in use by some versions of MSIE.

Thursday 20 March 2014

2014-03-20 20:33:58 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for the max_fragment_length extension.

2014-03-20 12:59:10 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Fixed multiple instances of unaligned stack.

The precompile.pike RETURN (and RETURN_REF) statement(s) requires the
stack to be at the same level as at function entry. Remove the use of
RETURN from places where the stack level has changed.

Fixes the return values from set_encrypt_key() and others in multiple
wrapper classes (eg CBC, Proxy, etc).

2014-03-20 12:22:53 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Bignum: Fixed typo.

2014-03-20 12:16:19 (4 weeks ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Bignum: Fixed the overflow checks for size_t.

The type UINT32 doesn't exist in Pike...

Fixes compilation issues on Solaris.

Wednesday 19 March 2014

2014-03-19 19:54:18 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added KE_* constants for PSK and SRP.

2014-03-19 17:57:36 (1 month ago) by Martin Nilsson <nilsson@opera.com>

PAD_SSL will now pad with the size and not random data. unpad now verifies the padding.

2014-03-19 17:46:23 (1 month ago) by Chris Angelico <rosuav@gmail.com>

Fix typo in GTK2.Widget docs

2014-03-19 15:48:27 (1 month ago) by Arne Goedeke <el@laramies.com>

encode_value: error when encoding inherits without name

This happens in certain programs (e.g. __builtin.*Error and some Nettle
hash states) where low_inherit is called with name == NULL.

2014-03-19 15:12:35 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Remove redundant defines.

2014-03-19 14:41:50 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Minor tweaks

2014-03-19 14:39:41 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Less magic numbers. Made PAD_* into proper constants.

2014-03-19 14:14:02 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Added FIXMEs

2014-03-19 12:04:53 (1 month ago) by Build system <distmaker@roxen.com>

release number bumped to 850 by export.pike
release number bumped to 851 by export.pike

Tuesday 18 March 2014

2014-03-18 23:46:41 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added the CCM cipher suites from RFC 6655.

2014-03-18 23:42:03 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Renumber the CipherModes.

Attempt to have a the cipher modes in approximate order of strength,
so that cipher_suite_sort_key() doesn't need to get more complicated.

2014-03-18 23:38:11 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.state: AEAD: Use digest_size().

Use digest_size() to determine the size of the AEAD digest, and
not block_size(), as there are AEAD suites where they differ.

2014-03-18 23:35:41 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.CCM: Added digest_size().

Also adds some related AutoDoc mk II markup.

2014-03-18 18:29:25 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Backend: Improved support for OOB with kqueue(2).

On MacOS X out-of-band data on sockets is signalled by the flag EV_OOBAND
(aka EV_FLAG1) in the EVFILT_READ notification. Unfortunately this
notification is by default only sent when there is also normal data
available. The kernel source indicates that it should be possible to get
notifications on just OOB by setting EV_OOBAND in the call to kevent(2)
(this is what poll(2) does internally). kevent(2) however masks the flag
before calling the internal function kevent_register(), so it is not
possible at this time.

On FreeBSD it seems out-of-band data is signalled as a normal EVFILT_READ
notification.

Improves the status for [bug 7063], but requires kernel changes
to fix the problem on MacOS X fully.

2014-03-18 18:23:25 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Backend: Improved support for OOB with kqueue(2).

On MacOS X out-of-band data on sockets is signalled by the flag EV_OOBAND
(aka EV_FLAG1) in the EVFILT_READ notification. Unfortunately this
notification is by default only sent when there is also normal data
available. The kernel source indicates that it should be possible to get
notifications on just OOB by setting EV_OOBAND in the call to kevent(2)
(this is what poll(2) does internally). kevent(2) however masks the flag
before calling the internal function kevent_register(), so it is not
possible at this time.

On FreeBSD it seems out-of-band data is signalled as a normal EVFILT_READ
notification.

Improves the status for [bug 7063], but requires kernel changes
to fix the problem on MacOS X fully.

2014-03-18 18:16:49 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Added SIGNATURE_any (which possibly is a misleading name) to give you all non-anonymous signatures. Improved default to not be limited to RSA.

2014-03-18 16:25:35 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Improved debug output.

2014-03-18 16:23:23 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Improved debug output.

2014-03-18 16:20:22 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Fixed a bunch of debug messages.

2014-03-18 04:00:20 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Updated for Nettle API change.

Monday 17 March 2014

2014-03-17 23:10:17 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.GCM: Added some missing functions.

Adds digest_size().

2014-03-17 21:46:47 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.CCM: Added Counter with CBC-MAC mode.

This cipher mode is specified in NIST Special Publication 800-38C.

2014-03-17 15:50:07 (1 month ago) by Martin Jonsson <marty@roxen.com>

Make sure we compile when HAVE_JPEGLIB_H is undefined.

2014-03-17 12:24:04 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Revert "decode_value: check validity of refno"

The test looked at limits for the wrong program (the refno relates
to the program at depth depth).

Revert it for now as it breaks working code.

This reverts commit c88883e028a5182d0e0e8c668f2d672a9cc7e367.

2014-03-17 00:16:37 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.CTR.State: Added getter for the wrapped object.

The wrapped object is useful when extending the class (eg to
implement CCM it is needed to calculate the MAC).

Sunday 16 March 2014

2014-03-16 23:53:53 (1 month ago) by Martin Nilsson <nilsson@opera.com>

New temp assignment for padding extension. Added some RFC references.

2014-03-16 23:37:18 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Fix a an exception for client hello packages close to 512 bytes.

2014-03-16 20:03:39 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing CCM constants from RFC 6655.

2014-03-16 14:04:42 (1 month ago) by Arne Goedeke <el@laramies.com>

CritBit: do not cast through union

2014-03-16 09:47:39 (1 month ago) by Arne Goedeke <el@laramies.com>

decode_value: check if program area sizes overflow
decode_value: check validity of refno
Bignum: generate overflow checks for size_t

Saturday 15 March 2014

2014-03-15 22:19:42 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Enable unused function warnings again.
Removed dead code.
Fixed warning with ifdefs.

2014-03-15 22:13:20 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Hide unused opcodes.

2014-03-15 22:07:08 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Fixed a warning for NEW_ARG_CHECK mode.

2014-03-15 22:05:02 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Disabled local variable optimizations even more.
CTR documentation fixes.

2014-03-15 12:44:49 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Testsuite: Support old Nettle again.

The SSL.Constants.CIPHER_SUITES validator now knows about
the exceptions in the table when features are missing.

2014-03-15 12:30:54 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Testsuite: Added validation of SSL.Constants.CIPHER_SUITES.

The testsuite now ensures that the CIPHER_SUITES table is up to date,
complete and correct, by deriving the expected table entry from the
cipher suite symbol name.
Testsuite: Added some more TLS exceptions.

2014-03-15 12:25:03 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing cipher suites.

All cipher suites that are possible to implement without adding
more code to SSL.Cipher et al, should now be present in the
CIPHER_SUITES table.

2014-03-15 12:21:06 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed some typos in CIPHER_SUITES.

Most of the typos were using Diffie-Hellman Ephemeral keyexchange
where it should be plain Diffie-Hellman.

2014-03-15 00:00:42 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Applied errata to RFC 6367.

The constant TLS_psk_with_camellia_128_gcm_sha256 had a typo in the RFC,
which made it conflict with TLS_ecdh_rsa_with_camellia_256_gcm_sha384.

Friday 14 March 2014

2014-03-14 20:47:19 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added filtering of DH_DSS/DH_RSA on cert type.

Refactors the certificate selection by using bitmasks on
the key exchange algorithm. This should provide a minor
speedup of the certificate selection code.

Also unifies handling of DH_DSS/DH_RSA and ECDH_ECDSA/ECDH_RSA
when TLS 1.2 or later is in use.

2014-03-14 17:27:19 (1 month ago) by Jonas Walldén <jonasw@roxen.com>

Fix several errors in test for <mysql/mysqld_ername.h>.

2014-03-14 15:59:57 (1 month ago) by Build system <distmaker@roxen.com>

release number bumped to 848 by export.pike
release number bumped to 849 by export.pike

2014-03-14 15:49:09 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Runtime: Increase the default thread C stack size to 1MB.

The old default (256KB) is a bit too little on current 64-bit hardware.

This essentially reverts 78797d06 (aka src/threads.c:1.157).

Most likely fixes [bug 7061].
Runtime: Increase the default thread C stack size to 1MB.

The old default (256KB) is a bit too little on current 64-bit hardware.

This essentially reverts 78797d06 (aka src/threads.c:1.157).

Most likely fixes [bug 7061].

2014-03-14 08:59:40 (1 month ago) by Build system <distmaker@roxen.com>

release number bumped to 847 by export.pike
release number bumped to 846 by export.pike

Thursday 13 March 2014

2014-03-13 20:37:33 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for some DH cipher suites.

This adds support for the DH_DSS and DH_RSA key exchange
methods, and adds the corresponding cipher suites.

Note that the only difference between the two is whether the
server certificate is signed with DSS or RSA.

2014-03-13 19:04:40 (1 month ago) by Per Hedbor <ph@opera.com>

Added LinuxThreads configure test.

HAVE_BROKEN_LINUX_THREAD_EUID is now only defined
when euid is indeed broken.
Removed some unused preprocessor macros.
Fixed warning when compiling on Linux < 2.6 with gcc >= 4.9

2014-03-13 18:52:27 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Bignum: Fixed aliasing problem with DO_INT_TYPE_*_OVERFLOW().

Gcc 4.1.2 doesn't alias pointers to INT_TYPE and the corresponding
pointer to INT32/INT64, so stores to the target variable could get
lost in when the DO_INT_TYPE_*_OVERFLOW() functions were used in
eg loops.

Also fixes some related compiler warnings.

Fixes [bug 7057].

2014-03-13 18:49:09 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Bignum: Fixed aliasing problem with DO_INT_TYPE_*_OVERFLOW().

Gcc 4.1.2 doesn't alias pointers to INT_TYPE and the corresponding
pointer to INT32/INT64, so stores to the target variable could get
lost in when the DO_INT_TYPE_*_OVERFLOW() functions were used in
eg loops.

Also fixes some related compiler warnings.

Fixes [bug 7057].

2014-03-13 12:59:20 (1 month ago) by Per Hedbor <ph@opera.com>

Removed unused function
Micro optimization, removed some unused things.

Wednesday 12 March 2014

2014-03-12 22:47:24 (1 month ago) by Arne Goedeke <el@laramies.com>

BSON: insufficient out of bounds check

2014-03-12 21:07:37 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Fix compilation issue. Should it be possible to set key and cert independently?

2014-03-12 20:09:56 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for some ECDH cipher suites.

This adds support for the ECDH_ECDSA and ECDH_RSA key exchange
methods, and adds the corresponding cipher suites.

Note that the only difference between the two is whether the
server certificate is signed with ECDSA or RSA.

2014-03-12 19:46:27 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Hide some debug code.

2014-03-12 19:41:11 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Silence some warning by reordering includes.
Hide some debug code.

2014-03-12 19:36:45 (1 month ago) by Martin Nilsson <nilsson@opera.com>

sb_copy_selectors isn't just with HAVE_POLL

2014-03-12 19:22:25 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Hide stub function f_compilation_env_filter_exception.

2014-03-12 19:18:40 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Inline find_object_type() to fix const warning.

2014-03-12 17:04:18 (1 month ago) by Arne Goedeke <el@laramies.com>

decode_value: check if decoded offsets are out of bounds
decode_value: avoid using decoded integers operations that overflow

2014-03-12 15:04:23 (1 month ago) by Build system <distmaker@roxen.com>

release number bumped to 845 by export.pike
release number bumped to 844 by export.pike

2014-03-12 14:45:26 (1 month ago) by Build system <distmaker@roxen.com>

release number bumped to 842 by export.pike
release number bumped to 843 by export.pike

2014-03-12 13:24:46 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Export: Make sure to display diagnostics on failure.

2014-03-12 12:44:05 (1 month ago) by Build system <distmaker@roxen.com>

release number bumped to 840 by export.pike
release number bumped to 841 by export.pike

Tuesday 11 March 2014

2014-03-11 20:48:19 (1 month ago) by Jonas Walldén <jonasw@roxen.com>

Corrections to merge bugs.

2014-03-11 20:30:44 (1 month ago) by Arne Goedeke <el@laramies.com>

bignum: fix overflow check semantics with clang

The clang builtins for checking integer overflow set the result even if
overflow occurs. Added wrapper functions to make the bahavior
equivalent to non clang builds.
By not exposing the undefined result of the overflow operation,
undefined behavior cannot propagate.

2014-03-11 20:30:26 (1 month ago) by Tobias S. Josefowitz <tobij@tobij.de>

bignum: always define unsigned sub overflow check

The unsigned sub overflow check was not defined on x86_32, but
referenced.

2014-03-11 20:30:13 (1 month ago) by Arne Goedeke <el@laramies.com>

bignum: reorganized overflow checks and use clang intrinsics

Conflicts:
src/bignum.h
src/lexer.h
src/operators.c

2014-03-11 20:07:11 (1 month ago) by Martin Nilsson <nilsson@opera.com>

Some double include protections.

2014-03-11 20:06:47 (1 month ago) by Arne Goedeke <el@laramies.com>

bignum: added missing definitions for mod overflow checks
`%: add overflow checks

Conflicts:
src/operators.c
src/testsuite.in

2014-03-11 20:03:24 (1 month ago) by Jonas Walldén <jonasw@roxen.com>

Add detection of unsigned 128-bit integer.

Define UINT128 as distinct type since "unsigned __int128_t" does not always work even when __int128_t does. Adds UINT64 as well for macro expansion in bignum.h.

2014-03-11 20:03:14 (1 month ago) by Arne Goedeke <el@laramies.com>

bignum: added standard compliant overflow checks
auto_bignum: make multiply overflow checks static

2014-03-11 20:02:46 (1 month ago) by Jonas Walldén <jonasw@roxen.com>

Clang appears to short-circuit the overflow test so we flag parameters as volatile
to bring back bignums. Removed HAVE_NICE_FPU_DIVISION code path which isn't triggered
anywhere.

2014-03-11 18:39:43 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Support SSLv2 hello again.

The initialization of the session got lost for SSLv2 hellos
when the storage for several extensions was moved to the session.

Fixes support for *old* ssl clients (like check_http from Nagios).

2014-03-11 15:35:57 (1 month ago) by Arne Goedeke <el@laramies.com>

Inotify: do not assume that strings are aligned

2014-03-11 12:48:01 (1 month ago) by Build system <distmaker@roxen.com>

release number bumped to 838 by export.pike
release number bumped to 839 by export.pike

Monday 10 March 2014

2014-03-10 22:13:43 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants.CertificatePair: Fixed typo in debug.

2014-03-10 22:04:33 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Updated to tzdata2014a.
Updated to tzdata2014a.

2014-03-10 19:53:40 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants.CertificatePair: Added _sprintf().

2014-03-10 19:50:29 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.https: Accept all SNI's with the test cert.

The inlined test certificate is for "demo server", which causes
it to not be selected by the new SNI-based code unless forced.

2014-03-10 19:03:18 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

Backend: Repaired support for /dev/poll.

The support for /dev/poll got broken by an extraneous PDUNUSED().

2014-03-10 14:41:27 (1 month ago) by Per Hedbor <ph@opera.com>

Disabled unused-function. We have too many of those.

2014-03-10 11:01:36 (1 month ago) by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Default the session curve from the cert on clients too.

[permalink]

Bugs mentioned

  2048RESOLVEDSite administration has screwed up tabs
  6520RESOLVEDProtocol cache memory issue
  7057RESOLVEDChecksum calculation in tarfilter.pike on Linux/x86 broken.
  7063NEWThe kqueue backend doesn't support out of band data.
  7066RESOLVEDThe SSL.sslfile destruct callback can hang the backend thread.
  838RESOLVEDParser.HTML()->parse_tag_args failed to parse />
  840RESOLVEDredirect-tag in 404 -pages does not work at all
  841RESOLVEDModule Preferred Language Analyzer
  842RESOLVEDIncomplete url:s returned from query_internal_location
  843RESOLVEDUrls are not reregistered on SIGHUP.
  844RESOLVEDthrow in ADT.Table.table triggers error in handle_error
  847RESOLVEDnonuseful default font after switching to Czech locale
  848RESOLVED<insert realfile> hangs the server.
  849RESOLVEDconfigure adds warning flags not supported by all versions of gcc when $CC=gcc
  851RESOLVEDErrors in the images in java chapter of the admin manual
  852RESOLVEDServer creation wizard bug
  853RESOLVEDBug in cgi.pike/NT
  854RESOLVEDIndexing the NULL value when adding the frontpage module
  855RESOLVEDDifferent numbering of multiple modules
Bugs? Suggestions?