X-Git-Url: http://git.silcnet.org/gitweb/?p=website.git;a=blobdiff_plain;f=docs%2Ftoolkit%2FChangeLog;fp=docs%2Ftoolkit%2FChangeLog;h=3ac6259e5073ad07c4fa720a6a63fa0a61ded7ac;hp=e15f48fc3e68a10471e6f7c30e2fda5ebb335eec;hb=682202d356751ad60393c9a68fe612b8baacce43;hpb=82530c375f5f6f643bc0fd544e7529efde887f7d diff --git a/docs/toolkit/ChangeLog b/docs/toolkit/ChangeLog index e15f48f..3ac6259 100644 --- a/docs/toolkit/ChangeLog +++ b/docs/toolkit/ChangeLog @@ -1,356 +1,43 @@ -commit bd463a75d37dd2ec164dc14dee4bb2550d6a778a +commit 7e1faf1493d6aad22c298a6d3bd3b01731c79bce Author: Pekka Riikonen -Date: Mon May 5 13:53:08 2014 +0300 +Date: Sun May 11 15:40:25 2014 +0300 - silcclient: check packet type as responder before starting AKE - - Do not immediately start the private message key autonegotiation as - responder when a packet comes in but wait until it is decoded from the - private message payload so that responder can properly set up the SKE - properties and start the SKE in proper state. Initiator is allowed to - start SKE with SILC_PACKET_KEY_EXCHANGE at any time, including when a key - already exists and it would be error to expect that initiator should have - sent SILC_PACKET_KEY_EXCHANGE_1 just because key exists in responder side. - -commit c849f909fc98a2460ffc1c7becf17b7417e391e7 -Author: Pekka Riikonen -Date: Mon May 5 11:23:48 2014 +0300 - - Fix compilation warnings - -commit b7c5d77228c07bf2974e986c362e5fb0014f9fff -Author: Pekka Riikonen -Date: Mon May 5 11:24:08 2014 +0300 + toolkit: update MAC OS X build instructions - silc-toolkit: rpm packaging updates - -commit 0c5b4cf8af092fd6c3d3d4cd03efd299c7020cc1 -Author: Pekka Riikonen -Date: Tue Apr 29 10:56:24 2014 +0300 - - SKE: handle invalid protocol state errors - - With SKE over UDP we can receive packets in wrong order or do - retransmissions but in TCP receiving wrong SKE packet at wrong time is - a protocol error and must result to end of the key exchange. - -commit fb7bc4b5172fd6fa0ae96f876a33cd2ec5139b6e +commit 5647fc7838a3358928c3bc8ed8e32e6b7e6f26ab Author: Pekka Riikonen -Date: Mon Apr 28 23:00:02 2014 +0300 +Date: Sat May 10 17:15:17 2014 +0300 - Bump version numbers + silcclient: associate context with verify_public_key - Bump library version numbers, API has changed. + To allow application to better target the public key verification request + add support to have the client or server entry associated with the request + inside SilcClientConnection context. -commit 80d10dbf48785c2163551a7f94a46f6f5849c4a7 +commit 071aff87b3b9aa4005ab3012ffd688fe10dcee9e Author: Pekka Riikonen -Date: Mon Apr 28 22:59:28 2014 +0300 - - silcclient: auto-negotiation of private message key using SKE over SILCnet - - Previously in SILC private messages have been protected in normal mode - using the session key shared between the client and server and other - servers in the network. This obviously has security implications if - the SILC servers cannot be trusted. - - To overcome this issue silcclient library has offered user the ability to - use pre-shared key (or password) as the secret key to protect private - message, or to negotiate fresh key material using SKE peer-to-peer over - the internet (key agreement). - - However, both of these feature have severe limitations. The first one - requiring coordinated effort to somehow share the key or password and - the second requiring peer-to-peer connection which may not be possible - due to NAT and firewalls. - - This commit adds a new private message protection method and takes it - into use as the default protection method. The commits adds support - for automatic negotiation of the private message key using SKE but instead - of doing it peer-to-peer over the internet it is done client-to-client - over the SILC network itself. This is accomplished by tunneling the - SKE protocol inside private message packets. As SKE is safe over the - unprotected and untrusted internet it is safe also over the SILC network. - - The end result of the auto-negotiation is a shared secret known only - to the two clients. The SKE provides mutual authentication with digital - signatures to prevent man-in-the-middle attack. The private messages - protected with this key can be read only by the two clients. SILC servers - along the way cannot decrypt them. The key is periodically re-keyed - (5 minutes or so) and it provides Perfect Forward Secrecy. - - The auto-negotiation is enabled by default. It can detect within seconds - if the remote client supports the method and if it doesn't it gives a - notification that the private message protection has been reverted back - to session keys. Application can disable the feature, if wanted. - - This feature does not require any changes to SILC servers. - -commit d7f1e81fea0d1da2ac870b8dfa600669aa280cd5 -Author: Pekka Riikonen -Date: Mon Apr 28 22:43:44 2014 +0300 - - silcclient: fix packet stream coder function - - Generate correct FTP packet after, after the packet stream coder function - semantics changed in commit 705167687caeaa66c371dce7cc88719687337b9e. +Date: Sat May 10 13:51:44 2014 +0300 -commit 77774e96ef3f5011bb85f7e0ec68a7f3a4a4d6e8 -Author: Pekka Riikonen -Date: Mon Apr 28 22:42:43 2014 +0300 - - silcclient: Add generic client entry operation context - - Add generic client entry async operation context to the internal - context. Change the key agreement to start using it. - - Add support for aborting client entry operations when the client entry - is deleted or when the connection is closed to the server. - -commit 7f26bf8964b7269f9a9f295afdff1b870ecc68e2 -Author: Pekka Riikonen -Date: Mon Apr 28 22:39:06 2014 +0300 - - SKE: support for simplified key exchange - - This commit adds support for simplified SILC Key Exchange protocol by - allowing the caller to specify the security properties to be used in - the key exchange. This will stop the library from exchanging the - SILC_PACKET_KEY_EXCHANGE packet containing the properties. - - Support for not sending the SILC_PACKET_SUCCESS acks after a successful - key exchange. - - These two changes allow the SKE to be simplified to exchanging only - the SILC_PACKET_KEY_EXHANGE_1 and SILC_PACKET_KEY_EXCHANGE_2 packets - to produce the shared key and to do mutual authentication. - - The commit also adds support for generating small proposals in - SILC_PACKET_KEY_EXCHANGE packet by including only one security property - per item instead of listing all of them in the proposal. - - Additionally the commit adds support for probe timeout which affects - the first packet sent by initiator. If responder does not respond to - the first packet in the specified timeframe the key exchange will - timeout. If it replies the normal key exchange timeout has effect after - that. - -commit 705167687caeaa66c371dce7cc88719687337b9e -Author: Pekka Riikonen -Date: Mon Apr 28 22:31:35 2014 +0300 - - silccore: packet injection and stream wrap improvements - - Add silc_packet_stream_inject to allow injecting of packets to the - specified packet stream. - - Add support for specifying the source and destination ids for the - wrapped packet stream allowing to use them in packet sending and using - them in packet reception to take only packets with the specified ids. - - The semantics of CAN_WRITE and CAN_READ of wrapped packet stream coder - function has been changed to allow the coder to filter out packets it - does not want or to handle errors in coding. - -commit 2d1796c19aaf7b3e1f07f95e0271e64fdea1da2f -Author: Pekka Riikonen -Date: Mon Apr 28 21:55:33 2014 +0300 - - Robodoc compilation update - - Update robodoc compilation. + silcclient: fix error reporting in silc_client_init -commit 39e99da8fc2c49fe989ef50b040866f735fefd5b +commit 02745be76c1b9cee66b66a5e5bcd79b4b7f6d2a2 Author: Pekka Riikonen -Date: Sun Apr 27 10:48:43 2014 +0300 +Date: Tue May 6 18:24:58 2014 +0300 - Use backtrace() in stack tracing for prettier output + silcclient: handle command timeout error correctly - This commit takes the backtrace() call in use to produce stack trace - outputs, plus it gives us x86-64 support for stack trace. - -commit 2559c5da3d5353f97f16b387bff02373b258a3df -Author: Pekka Riikonen -Date: Sun Apr 27 10:38:34 2014 +0300 - - Static analyzer fixes - - More small fixes resulting from clang static analysis. - -commit 644f8b14010e05d55b5cde8514f6efdca8c21c5b -Author: Pekka Riikonen -Date: Tue Apr 22 15:29:07 2014 +0300 - - Enable higher security messages MACs - - The code to include the source and destination ID in the message payload - MAC has been there for a long time but the use of it has been disabled. - This commit enables it but preserves the backwards support for those - clients unable to verify the MACs. The support for the newer MACs - have been there for several years. - -commit e7ecca35b79220f947ae30c98f80688db1d2a101 -Author: Pekka Riikonen -Date: Tue Apr 22 15:26:55 2014 +0300 - - Remove obsolete backwards support code - - Remove the old zero-client id backwards support when starting SKE protocol. - -commit 40df0fe9d2a0a7648a111ca03de16f7a740cf5ad -Author: Pekka Riikonen -Date: Tue Apr 22 15:25:37 2014 +0300 - - Longer default PKCS keys - - This commit changes the default PKCS key length from 2048 bits to 4096 - bits. It adds warnings to both SILC client and SILC server in start up - in case the existing key is shorter than 4096 to encourage people to - generate new key longer key pair. - - This commit also changes the default SKE DH group from 1024 to 1536 bits. - The old group is still supported. - -commit d4ead7075692a4abdc487fcb422cb9fd5b41a596 -Author: Pekka Riikonen -Date: Tue Apr 22 15:22:38 2014 +0300 - - Static analyzer bug fixes - - Bunch of small bugs fixed here and there found during static analysis. - -commit f38b21315fc72df3914664227ebcece766f01f66 -Author: Pekka Riikonen -Date: Fri Jun 22 22:21:38 2012 +0300 - - Mac OS X >= 10.7 support - - Add support for compiling on Mac OS X > 10.7 and newer. Summary of - changes: - - - Remove config.guess and config.sub, let the autodist copy proper - versions from the system. - - - Add support for autoconfg 2.68 and newer. - - - Add support for compiing x86-64 AES code with NASM. - - - Update Mac OS X installation instructions. - -commit 27a4ad25c65fa7b4fdbbe53b3551a687a9b43214 -Author: Pekka Riikonen -Date: Tue May 25 07:24:28 2010 +0300 - - Client: Fix signature verification double free - - When client receives public key in the message payload and is compared - against the client's own public key, when the keys differ we have to - return immediately and not try to verify the signature. - -commit a2f2afc03242a6f8b77953203f8e3767a6e703c4 -Author: Pekka Riikonen -Date: Tue May 11 07:44:09 2010 +0300 - - Packet engine: prevent divide by 0 - -commit 5fff0bf9cd2c72027c9f42f2e60b415ba4848ae6 -Author: Pekka Riikonen -Date: Tue May 11 07:41:03 2010 +0300 - - SKE: Make sure failure received from remote is error status. - -commit bb61286f7ac90ebcdaa9b00991a9a98b6cd8663f -Author: Pekka Riikonen -Date: Fri Sep 25 12:07:41 2009 +0300 - - Set SO_KEEPALIVE for all accept()ed sockets. - -commit 80bb7b35c2a1f44702631f1a5cf5685d5ce4b2c7 -Author: Pekka Riikonen -Date: Fri Sep 25 12:06:45 2009 +0300 - - clientlib: Close connection after failed rekey + If command which can return a list of entries such as the LIST command + timeouts the cmd->status may be something other than SILC_STATUS_OK, + ie. _LIST_END for example which then means ERROR_CALLBACK won't update + the SILC_STATUS_ERR_TIMEOUT correctly to the cmd context. This can + crash the application handling the command reply. Clear the cmd->status + in case the command timedout. - .cvsignore => .gitignore | 18 + - INSTALL | 3 + - README | 114 +- - README.MACOSX | 33 +- - TODO | 304 +- - config.guess | 1471 ----- - config.sub | 1599 ----- - configure.ad | 62 +- - distdir/pre-run | 2 +- - lib/Makefile.ad | 8 +- - lib/configure.ad | 16 +- - lib/contrib/nfkc.c | 3 + - lib/doc/LIBINDEX | 2 +- - lib/silcapputil/silcapputil.c | 4 +- - lib/silcapputil/silcapputil.h | 2 +- - lib/silcasn1/silcasn1.c | 4 +- - lib/silcasn1/silcasn1_decode.c | 2 +- - lib/silcasn1/silcasn1_encode.c | 2 +- - lib/silcclient/client.c | 27 +- - lib/silcclient/client.h | 11 +- - lib/silcclient/client_attrs.c | 2 +- - lib/silcclient/client_channel.c | 20 +- - lib/silcclient/client_connect.c | 14 +- - lib/silcclient/client_entry.c | 22 +- - lib/silcclient/client_ftp.c | 17 +- - lib/silcclient/client_internal.h | 6 +- - lib/silcclient/client_keyagr.c | 32 +- - lib/silcclient/client_listener.c | 2 +- - lib/silcclient/client_notify.c | 2 +- - lib/silcclient/client_prvmsg.c | 720 ++- - lib/silcclient/client_prvmsg.h | 12 +- - lib/silcclient/client_register.c | 2 +- - lib/silcclient/command_reply.c | 12 +- - lib/silcclient/silcclient.h | 24 +- - lib/silcclient/tests/test_silcclient.c | 4 +- - lib/silccore/silcargument.c | 2 - - lib/silccore/silcattrs.c | 9 +- - lib/silccore/silcauth.c | 2 +- - lib/silccore/silcmessage.c | 21 +- - lib/silccore/silcmessage.h | 5 +- - lib/silccore/silcpacket.c | 145 +- - lib/silccore/silcpacket.h | 60 +- - lib/silccore/tests/test_silcmessage.c | 4 +- - lib/silccrypt/aes.c | 18 +- - lib/silccrypt/aes_x86_64.asm | 8 +- - lib/silccrypt/md5.c | 2 +- - lib/silccrypt/silccipher.c | 3 +- - lib/silccrypt/silchash.c | 3 +- - lib/silccrypt/silchmac.c | 3 +- - lib/silccrypt/silcpk.h | 4 +- - lib/silccrypt/silcpkcs.c | 3 +- - lib/silccrypt/silcpkcs1.c | 32 +- - lib/silccrypt/silcrng.c | 18 +- - lib/silccrypt/tests/test_silcpkcs.c | 4 +- - lib/silccrypt/twofish.c | 2 +- - lib/silchttp/silchttpserver.c | 3 + - lib/silcmath/mp_gmp.c | 3 +- - lib/silcmath/mp_tfm.c | 3 +- - lib/silcmath/mp_tma.c | 3 +- - lib/silcmath/silcmp.h | 2 +- - lib/silcmath/tma.c | 5 + - lib/silcserver/tests/test_silcserver.c | 2 +- - lib/silcsftp/sftp_fs_memory.c | 2 + - lib/silcske/groups.c | 44 +- - lib/silcske/payload.c | 11 +- - lib/silcske/silcske.c | 531 +- - lib/silcske/silcske.h | 23 +- - lib/silcske/silcske_groups.h | 7 +- - lib/silcske/silcske_i.h | 4 +- - lib/silcutil/Makefile.ad | 2 - - lib/silcutil/silcbuffmt.c | 4 +- - lib/silcutil/silcfileutil.c | 2 +- - lib/silcutil/silcmemory.h | 4 - - lib/silcutil/silcmime.c | 5 +- - lib/silcutil/silcnet.c | 54 +- - lib/silcutil/silcschedule.c | 9 +- - lib/silcutil/silctime.c | 8 +- - lib/silcutil/stacktrace.c | 58 +- - lib/silcutil/unix/silcunixnet.c | 1 + - silc-toolkit.spec.in | 250 +- - 179 files changed, 15541 insertions(+), 8210 deletions(-) - rename .cvsignore => .gitignore (70%) - delete mode 100755 config.guess - delete mode 100755 config.sub + .gitignore | 2 - + configure.ad | 2 +- + doc/Makefile.ad | 8 +- + lib/doc/building.html | 18 +- + lib/silcclient/client.c | 6 +- + lib/silcclient/client_prvmsg.c | 5 + + lib/silcclient/command_reply.c | 1 + + lib/silcclient/silcclient.h | 15 +-