Commit graph

2437 commits

Author SHA1 Message Date
Aaron Jones
8668cb9b9d
MbedTLS: Const correctness in rb_ssl_init_fd
We shouldn't ever change this input variable.
Tell the compiler that we won't.
2016-09-15 13:24:28 +00:00
Aaron Jones
46c61dd478
MbedTLS: Set socket send/receive functions after initialising session 2016-09-15 13:24:28 +00:00
Aaron Jones
978c8ae828
MbedTLS: Move memory allocation to the beginning of rb_ssl_init_fd 2016-09-15 13:24:28 +00:00
Aaron Jones
163a4a9d06
MbedTLS: Remove default case in switch for an enum with all values
Having default here doesn't make sense (using something not in that
enum will generate a compile-time warning).
2016-09-15 13:24:28 +00:00
Aaron Jones
5b900411bf
MbedTLS: Rename error printing function
All 3 backends (MbedTLS, OpenSSL, GNUTLS) are going to have the same
function name for returning error strings. This will help to reduce the
diffs between them.
2016-09-15 13:24:28 +00:00
Aaron Jones
295c8f7d37
MbedTLS: Tidy up headers
Move all the header includes to a single header file, rename said file.
2016-09-15 13:24:25 +00:00
Aaron Jones
354e61b4c2
README: Update location of support channel
This was done on v4 and master already, 3.5 slipped between the cracks.

[ci skip]
2016-09-15 09:45:41 +00:00
Aaron Jones
566f46785f
MbedTLS: Misc backend cleanups
* Add generic direction enum for negotiation setup.

* Rename a rather long wrapper function to a shorter one consistent with
  what it does.

* Rework context setup function.

* Don't check for handshake state before beginning handshaking.

  The old backend began a handshake and then stepped into the callback
  function if it was interrupted; the current one just jumps right into
  it, so there is no need to check if it has previously succeeded,
  because it hasn't been attempted yet.

* Add missing errno assignment to one of the handshake wrappers.

* Don't bother checking if SSL_P(F) is NULL when we already checked if
  F->ssl is NULL -- this should be impossible.

* Don't bother checking if SSL_C(F) is NULL -- this was a no-op.

* Change the socket send and recv functions to not peer into a foreign
  ratbox structure -- use the correct function to get the socket fd.

* Rewrap some lines and function arguments.

Other backends will be brought into line with this backend soon.

This will enable easier maintenance of the backends, by reducing the
diffs between them, which should make different behaviour easier to
spot.
2016-09-10 08:42:04 +00:00
Aaron Jones
2a8ec58c15
MbedTLS: Treat 0 bytes read/written to socket properly
At the moment, if a link quits in just the right (wrong [1]) way,
the quit reason will resemble:

    <-- foo (~bar@baz) has quit (Read error: (-0x0) )

This should resolve that.

[1] Peers should send a close_notify alert before abruptly shutting
    down their socket. This will result in a sane quit message:

    <-- foo (~bar@baz) has quit (Read error: (-0x7880) SSL -
    The peer notified us that the connection is going to be closed)

[ci skip]
2016-09-09 01:47:08 +00:00
William Pitcock
ee10f6cdcc rebuild configure 2016-09-05 17:33:24 -05:00
William Pitcock
50851b0b55 update NEWS for charybdis 3.5.3. 2016-09-05 17:31:49 -05:00
William Pitcock
1bc097d1ec charybdis 3.5.3. 2016-09-05 17:09:30 -05:00
William Pitcock
89d4c468b6 Merge pull request #214 from aaronmdjones/release/3.5
Fix up the MbedTLS backend
2016-09-03 10:34:43 -07:00
Aaron Jones
818a3fda94
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
2016-09-03 17:28:41 +00:00
Aaron Jones
be31ac33d5 MbedTLS: Use correct error code for failed socket writes
This should make writing more efficient.
2016-09-02 00:28:17 +00:00
Aaron Jones
0db0805ed5 MbedTLS: Don't include the sentinel in suites count calculation 2016-09-01 20:57:07 +00:00
Aaron Jones
df51e80717 MbedTLS: Provide default list of configured ciphersuites 2016-09-01 20:47:34 +00:00
Aaron Jones
f92b4d81d4
OpenSSL: Initialise if LibreSSL
LibreSSL's definition of OPENSSL_VERSION_NUMBER bites us in the ass,
*again*.
2016-09-01 19:28:18 +00:00
Aaron Jones
6df12e8169 MbedTLS: Cleaner iteration of ciphersuite list 2016-09-01 18:18:09 +00:00
Aaron Jones
ede25e0a8a MbedTLS: Log success or failure to parse ciphersuite list 2016-08-31 22:03:42 +00:00
Aaron Jones
6f3651f8ec MbedTLS: Remove pointless no-op cast 2016-08-31 18:34:21 +00:00
Aaron Jones
b21ed5c0aa MbedTLS: Ciphersuite configuration fixes 2016-08-31 17:06:51 +00:00
Aaron Jones
42b029d0d6 MbedTLS: Preliminary attempt at ciphersuite configuration 2016-08-31 17:03:02 +00:00
Aaron Jones
6008896554
Backport ffedad8d to release/3.5 2016-08-31 14:21:16 +00:00
Aaron Jones
865e70f529
Revert "Backport c1fc044c to release/3.5"
This reverts commit c9c2d6ea12.

This commit included some as yet untested and unrelated code by mistake.
2016-08-31 14:19:43 +00:00
Aaron Jones
c2af499d4d
Backport c1fc044c to release/3.5 2016-08-31 14:15:28 +00:00
Aaron Jones
c9c2d6ea12
Backport c1fc044c to release/3.5 2016-08-31 14:13:45 +00:00
Aaron Jones
531e6323d8 MbedTLS: Explicitly ignore rb_snprintf() return value 2016-08-31 01:01:42 +00:00
Aaron Jones
036419c344 MbedTLS: Misc security improvements
As a client, require all peers (i.e. other IRC servers) to support secure
renegotiation. Break handshakes with servers that don't. We do not
renegotiate our sessions, but this is the most secure option regardless.

As a client, disable TLS Session Tickets. The server side MbedTLS code
does not have any ticket callbacks configured, so an MbedTLS IRC Server
will not issue tickets -- however, others could. Server connections are
not expected to be short-lived enough to benefit from the usage of tickets,
and their issuance harms forward secrecy.
2016-08-31 00:13:56 +00:00
Aaron Jones
cfcd4615ed README: Fix more MbedTLS casing 2016-08-30 23:39:22 +00:00
Aaron Jones
19d9c417af MbedTLS: Fix casing on opening comment block 2016-08-30 23:38:25 +00:00
Aaron Jones
f2fbec4510 MbedTLS: More const-correctness 2016-08-30 23:31:47 +00:00
Aaron Jones
f89406ac72 MbedTLS: Misc sizeof prettiness 2016-08-30 23:22:41 +00:00
Aaron Jones
c1007a93d5 MbedTLS: Move more code to appropriate section 2016-08-30 23:16:33 +00:00
Aaron Jones
3ba0923c0e MbedTLS: Move some MbedTLS-specific code to the appropriate section 2016-08-30 23:13:53 +00:00
Aaron Jones
4c9ab80f6b MbedTLS: Major restructuring
I have removed all non-MbedTLS-specific code from this backend and
copied the non-OpenSSL-specific portions of the OpenSSL backend code
over; as it seems to be more reliable.
2016-08-30 22:57:25 +00:00
Aaron Jones
07b6e728b5
OpenSSL: Initialise one context at a time
If initialising the server context fails, but the client one succeeds,
we will not only leak memory, but the error message reported for
initialising the server context might not make sense, because we
initialise the client context after and that could erase or change the
list of queued errors.

This scenario is considered rare. Nevertheless, we now initialise the
client context after *successfully* initialising the server context.
2016-08-30 10:21:46 +00:00
Aaron Jones
545668de33
Print initialisation notice before forking 2016-08-24 16:43:45 +00:00
Aaron Jones
856ecd0011
startup: fork before initialising the event subsystem
On FreeBSD 4.8, fork(2) doesn't actually behave like fork(2).

Namely, kqueue(2) descriptors are not inherited by the child.
IOW, we can't fork(2) after we get the kqueue(2) descriptor.

So we'll just have to rely on people to actually read the
server log file if they want to understand why their server
is dying during startup.
2016-08-21 22:18:52 +00:00
Aaron Jones
24ba10b6b1
Tidy up daemonisation with regard to file descriptor mess
This moves daemonisation to the end of initialisation which
vastly simplifies the reporting logic and eliminates the need
for the child to communicate to the parent.

This is a backport from the release/4 branch.
2016-08-21 00:34:38 +00:00
Aaron Jones
f70b6f55f9
TLS Backends: Harmomise the rb_ssl_get_cipher() function
The GNUTLS backend reports the version in use for the client as well
as its ciphersuite -- do the same for the other 2 backends.
2016-08-20 04:08:30 +01:00
Aaron Jones
1554951205
Prod AppVeyor into (possible) inaction. Maybe. 2016-08-19 19:59:42 +00:00
Aaron Jones
36335ea3f2
Attempt to disable AppVeyor on this branch 2016-08-19 19:48:30 +00:00
Aaron Jones
3288fc4648
GNUTLS: Fixup fingerprint generation across library versions
Also remove some unnecessary variables, e.g. write directy to the
return buffer, in line with the other backends.
2016-08-19 19:05:22 +00:00
Aaron Jones
f15a30a16f
GNUTLS: I need to wake up. Fix more. 2016-08-17 17:37:03 +00:00
Aaron Jones
b24cfd7c50
GNUTLS: Fix typo on previous commit 2016-08-17 17:27:26 +00:00
Aaron Jones
06feeb244d
GNUTLS: Avoid null derefence in constructing ciphersuite 2016-08-17 16:58:40 +00:00
Aaron Jones
897c10749d
README: Clarify that OpenSSL is not required for ECDHE 2016-08-15 10:53:23 +00:00
Aaron Jones
e5afd80775
mkpasswd: use urandom for salts, cleanup
Using /dev/random for salt generation is pointless -- it can block, and
any extra randomness it would provide (which is debatable) is not needed,
as salts only need to be unique, not unpredictable.
2016-08-15 09:49:57 +00:00
Aaron Jones
0bd2f0b710
openssl: Avoid use-after-free when rehashing fails to load new files
Commit 5c8da48 introduced a fix for issue #186 by freeing the old SSL_CTX
structure before constructing a new one, which could disconnect existing
clients otherwise.

Unfortunately, the freeing is done first, which means that if setting up
a new structure fails for any reason, there will be no usable structures
left, but they are still referenced.

This fix moves the freeing to the end of the function, using intermediate
new variables in the meantime. This problem was discovered while testing
against OpenSSL 1.1.0 RC6.
2016-08-12 13:29:02 +00:00