Commit graph

122 commits

Author SHA1 Message Date
William Pitcock
673ec98e71 gnutls: allow priorities to be configured 2015-12-12 08:03:59 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
5225f83df1 libratbox: import zstring functions 2015-12-11 15:56:33 -06:00
William Pitcock
7c16cc9085 libratbox: implement nossl variants of rb_get_ssl_certfp() and rb_get_ssl_cipher() 2015-12-11 08:36:21 -06:00
William Pitcock
833b2f9cbf libratbox: implement rb_get_ssl_cipher() 2015-12-11 08:32:02 -06:00
Elizabeth Myers
e6bbb41030 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
William Pitcock
677d3cb1a3 mbedtls: implement rb_get_ssl_certfp() 2015-12-05 06:37:04 -06:00
William Pitcock
493897d67c mbedtls: use server certificate for client mode too 2015-12-04 22:42:10 -06:00
William Pitcock
162a91d6ed mbedtls: make client mode work too 2015-12-04 22:41:02 -06:00
William Pitcock
539d912b95 libratbox: fix up mbedtls backend 2015-12-04 00:01:40 -06:00
William Pitcock
fab6f9e80e libratbox: gnutls: we want to pass F, not F->fd to rb_listen() 2015-12-03 22:38:54 -06:00
William Pitcock
cd492e44b5 libratbox: initial cut at an mbedtls implementation, which will replace openssl and gnutls backends in charybdis 3.6
notably, it presently is lacking CertFP support, but everything else is implemented
2015-12-03 22:32:33 -06:00
William Pitcock
6f57a957b0 libratbox: prepare build system for mbed tls backend 2015-12-03 18:37:32 -06:00
Aaron Jones
0b05d1aad5
[libratbox] Remove an unused random function
Nothing in the Charybdis or libratbox code calls rb_get_pseudo_random
and under OpenSSL it uses RAND_pseudo_bytes() which is both dangerous
and removed in OpenSSL version 1.1.0.
2015-10-25 16:04:57 +00:00
Aaron Jones
25f7ee7dd6
Improve the versions of TLS used for server to server linking
When building against current OpenSSL (<= 1.0.2) or old LibreSSL
(< 2.2.2) the server will use TLSv1.0 only when connecting to other
servers.

This patch corrects that.
2015-10-23 16:08:15 +00:00
Aaron Jones
3ae24413ca
Use new TLS method APIs with new LibreSSL
OpenBSD 5.8 includes LibreSSL 2.2.2, which finally brings the API up to
what they claim it is by implementing the new TLS client and server
method APIs. Therefore, in furtherance of commits a4c8c827 and 1a4e224a
we can build with the new APIs if building against (real) OpenSSL 1.1.0
or LibreSSL 2.2.2.

Reported-by: Juuso Lapinlampi <wub@partyvan.eu>
2015-10-23 16:05:33 +00:00
Jilles Tjoelker
df3de4e913 kqueue: Remove unnecessary cast. 2015-09-13 22:59:03 +02:00
William Pitcock
23e6a59007 Merge pull request #95 from jailbird777/master
Spring cleaning redux
2015-07-06 17:13:50 -05:00
Aaron Jones
1a4e224a4e LibreSSL have far advanced OPENSSL_VERSION_NUMBER beyond the
feature set they support (2.0 even!), deliberately breaking
backward compatibility. Therefore, in order to fix a regression
introduced by commit a4c8c827 with regard to LibreSSL's stupidity,
unconditionally use the old TLS API if building against LibreSSL.
2015-06-25 13:57:07 +00:00
Aaron Jones
cb266283f8 libratbox/openssl: Set explicit cipher list for the client context aswell
This is in furtherance of commits 9799bea4 and 1f384464 and addresses
any potential vulnerability to LogJam <https://weakdh.org/>
2015-05-20 16:41:34 +00:00
Aaron Jones
c86f11da1c Fix regression introduced by previous commit
I really shouldn't copy and paste code.
2015-05-20 10:39:04 +00:00
Aaron Jones
a4c8c82703 Tidy up OpenSSL options code, support new version-agnostic client and server APIs 2015-05-20 02:27:59 +00:00
Jail Bird
29c92cf95f Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls

Thanks Jilles!
2015-04-20 00:55:20 -05:00
Aaron Jones
614502a63c Generate fingerprints for chained certificates with an unknown root 2015-03-24 05:25:38 +00:00
Aaron Jones
d3806d0503 Use X509_digest() instead of memcpy() to obtain cert fingerprint
This will continue to work even if the OpenSSL developers make the
X509* structure opaque, the current approach will not.
2015-03-24 05:22:25 +00:00
Aaron Jones
1f384464fa Update ciphersuite string to prohibit RC4
This is in accordance with RFC 7465
<https://tools.ietf.org/html/rfc7465>

Also correct the key exchange mechanism strings; these should be
prefixed with 'k'.
2015-03-22 06:14:39 +00:00
William Pitcock
e861902fd9 libratbox: remove RB_PRNG_EGD in its entirety (closes #85) 2015-03-01 01:05:14 -06:00
William Pitcock
4cb0a93d25 libratbox/gnutls: call gnutls_rnd_refresh() to ensure our PRNG is initialized 2015-02-16 17:40:25 -06:00
Attila Molnar
989652e7a8 openssl: Disable session caching 2015-02-09 21:19:09 +01:00
Attila Molnar
6b6a579925 openssl: Disable session tickets 2015-02-09 21:18:32 +01:00
Jilles Tjoelker
7db54a1f97 libratbox: Fix sizeof in two memsets.
This fixes a compiler warning. The necessary fields of the struct sigevent
were initialized so there was no problem.

Submitted by:	Aaron (via IRC)
Reviewed by:	Attila
2015-01-15 23:38:50 +01:00
Jilles Tjoelker
1c864688bb linebuf: Fix possible memory corruption when receiving many CR/LF.
The last byte of balloc.c's block pointer could be changed from 10 or 13 to
0. On amd64, this is not possible. On i386, this is possible and usually
causes a crash soon.
2014-11-05 21:42:35 +01:00
Patrick Godschalk
d072eb2350 Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-capable clients that still depend on SSLv23 handshake 2014-10-26 13:15:30 +01:00
Jilles Tjoelker
8c04f89623 libratbox: Add comment that case fallthrough is deliberate. 2014-09-21 17:44:34 +02:00
Keith Buck
8db50c03e6 BAN: Don't schedule check_klines for 0 seconds in the future.
When receiving bans from a bursting server, if kline_delay is set to 0
(the default), rb_event_addonce will be called to schedule an event for
0 seconds in the future. While this works fine for the fallback
rb_event_run function, the epoll implementation ends up scheduling a
timerfd for the event in the past, which is then never executed.

While fixing this, I also made rb_event_add and rb_event_addonce reject
attempts to add events scheduled for 0 seconds in the future; they're
instead rewritten to run 1 second in the future.
2014-08-17 09:06:01 +00:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Keith Buck
9e26f0008b libratbox openssl: Don't leak EC_KEY structures. 2014-03-03 01:43:33 +00:00
Keith Buck
1d39324556 Fix a couple more string leaks. 2014-03-02 22:05:30 +00:00
Jilles Tjoelker
ee2d4c2d9d commio: Properly zero a struct msghdr.
This bug is probably not noticeable because all specified fields are
initialized later.
2014-03-02 22:12:19 +01:00
Jilles Tjoelker
e053adc87e commio: Explicitly ignore return value from setsockopt(TCP_DEFER_ACCEPT). 2014-03-02 22:09:08 +01:00
Jilles Tjoelker
6993ae2760 libratbox: Abort if the restart callback returns. 2014-02-28 00:53:13 +01:00
Jilles Tjoelker
3cbcc11195 commio: Add error string for SSL trouble. 2014-02-24 00:06:19 +01:00
Jilles Tjoelker
5ef68b1398 Replace double semicolons with single; place null statement on its own line.
No functional change is intended.
2014-02-23 22:23:34 +01:00
Jilles Tjoelker
899b05d387 balloc: Fix memory leak when get_block() fails. 2014-02-23 22:14:47 +01:00
Keith Buck
784ce5c1cc Remove SSL_OP_NO_COMPRESSION from openssl initialization.
SSL_OP_NO_COMPRESSION was presumably added in an attempt to prevent
information leakage in a manner similar to recent attacks on HTTPS.
However, assuming that IRC is vulnerable to the same class of attacks is
incorrect: the behavior of the IRC protocol (a single long-running
connection) is not the same as that of HTTPS (multiple ephemeral
connections). HTTPS's use of ephemeral connections means that certain
assumptions can be made about the contents of the compression
algorithm's dictionaries and the content exchanged between the client
and server (e.g. the content being nearly the same for each connection),
which is not true for IRC. Additionally, they rely on the attacker being
able to coerce the client into creating many HTTPS connections (and
resending some secret token belonging to the user, along with
attacker-controlled data) each time, none of which is possible with IRC.
Lastly, since compression is no longer performed, this option will
result in leaking the lengths of messages transmitted to and from the
client. This option does reduce CPU utilization on Charybdis servers but
also increases bandwidth consumed.
2014-02-21 09:17:29 +00:00
Jilles Tjoelker
fab79c5d25 libratbox: Fix undefined behaviour advancing pointer beyond end of array.
The C standard does not allow constructing pointers beyond one past the end
of an array. Therefore, if size is an unsigned type (size_t), then
buf + size is never less than buf.

Clang on 32-bit took advantage of the undefined behaviour, causing
segfaults.

Lightly tested.
2014-02-16 16:06:01 +01:00
William Pitcock
bf4e01a427 libratbox: regenerate autotools files 2014-02-08 18:35:24 +00:00
William Pitcock
7aa40f6d2c libratbox/gnutls: add gnutls v3 api compatibility without breaking v2 2014-02-08 18:34:49 +00:00
Jilles Tjoelker
362ef2d9ee openssl: Improve security using options recommanded by Argure.
Note that these are not available in old versions of OpenSSL (like FreeBSD
9.x base OpenSSL), so allow them to be missing.

A side effect may be slightly higher CPU consumption and network traffic.
2014-01-15 22:25:26 +01:00
Jilles Tjoelker
9799bea4a1 openssl: Use cipher list suggested by Argure. 2014-01-15 22:13:47 +01:00