Commit graph

214 commits

Author SHA1 Message Date
Aaron Jones
9114e3a2dc
OpenSSL: Improve rb_setup_ssl_server()
* Move file/data assignments to the top of the function

* Don't attempt to set a hardcoded P-384 ECDH key if we have the new
  SSL_CTX_set1_curves_list() function (OpenSSL 1.0.2+)

* Rename variables consistent with other backends and wrap the function
  arguments.

* Disable OpenSSL's disabling of TLS 1/n-1 record splitting.
  In other words, enable TLS 1/n-1 record splitting.

* Other misc cleanups.
2016-09-15 20:12:21 +00:00
Aaron Jones
47d51fe3ac
OpenSSL: Use C99 __func__ declaration instead of writing function names 2016-09-15 20:12:21 +00:00
Aaron Jones
cc04fbe3f9
OpenSSL: Fix up rb_init_ssl() to use proper define from openssl_ratbox.h 2016-09-15 20:12:21 +00:00
Aaron Jones
62fc0eab03
OpenSSL: Rename error functions consistent with other backends. 2016-09-15 20:12:21 +00:00
Aaron Jones
4e9441a1cb
OpenSSL: Add generic direction enum for negotiation setup.
Also define an SSL_P(x) macro as in other backends and use that to refer
to the client session context.
2016-09-15 20:12:21 +00:00
Aaron Jones
e569720fe1
OpenSSL: Misc code cleanups
Make use of C99 for loop initialisers, declarations with immediate
rvalues, etc.
2016-09-15 20:12:20 +00:00
Aaron Jones
a61e06e1d1
OpenSSL: Add const-correctness to function and variable declarations. 2016-09-15 20:12:20 +00:00
Aaron Jones
1c39c519fe
OpenSSL: Reorder functions in line with the MbedTLS backend.
The diff for this commit will look like I have changed a lot of code;
in reality, nothing was changed, just whole functions moved up or down.
2016-09-15 20:12:20 +00:00
Aaron Jones
1c7d295320
OpenSSL: Move connect structure declaration to top of file 2016-09-15 20:12:20 +00:00
Aaron Jones
8a40573369
OpenSSL: Remove context duplication
OpenSSL is perfectly capable of having a single context that is shared
by both client and server sessions alike; one simply needs to call
SSL_set_accept_state (for server) or SSL_set_connect_state (for client)
before attempting handshaking.
2016-09-15 20:12:20 +00:00
Aaron Jones
2aec9b6d68
OpenSSL: Remove unnecessary handshake info callback 2016-09-15 20:12:20 +00:00
Aaron Jones
1f30c8943b
OpenSSL: Tidy up headers
Move all the header includes to a single header file, rename said file.
2016-09-15 20:12:20 +00:00
Aaron Jones
f66a6390b0
MbedTLS: More const correctness 2016-09-15 13:24:29 +00:00
Aaron Jones
101c659117
MbedTLS: Cast addrlen rb_ssl_accept_setup to avoid compiler warnings 2016-09-15 13:24:29 +00:00
Aaron Jones
1083d8557b
MbedTLS: Cast return types for reading/writing only on success 2016-09-15 13:24:29 +00:00
Aaron Jones
f0ad82013c
MbedTLS: More const correctness 2016-09-15 13:24:28 +00:00
Aaron Jones
ac62792970
MbedTLS: Correct NULL checks for functions in line with other backends 2016-09-15 13:24:28 +00:00
Aaron Jones
988fedf212
MbedTLS: Move structure cert/key assignment to after cert/key loading 2016-09-15 13:24:28 +00:00
Aaron Jones
bef81a5d45
MbedTLS: Use C99 __func__ declaration instead of writing function names 2016-09-15 13:24:28 +00:00
Aaron Jones
8cd8b24ffb
MbedTLS: Make error string printing prettier. 2016-09-15 13:24:28 +00:00
Aaron Jones
db12df5c16
MbedTLS: Store error codes properly.
OpenSSL uses `unsigned long' type for its error codes, so that's
what (lib)ratbox used to store the error values.

Unfortunately, MbedTLS uses int, and its error codes are negative.
On machines where `int' and `long' are the same size, this could
result in storing a truncated error code.

This patch inverts the sign bit on error codes and then casts them
to unsigned long for storage.

MbedTLS itself (specifically, `mbedtls_strerror()') will function
properly with negative or positive input values. It even converts
negative input values to positive before checking them against the
list of known error codes!

See also: `library/error.c' in the MbedTLS 2.1+ distribution.
2016-09-15 13:24:28 +00:00
Aaron Jones
8668cb9b9d
MbedTLS: Const correctness in rb_ssl_init_fd
We shouldn't ever change this input variable.
Tell the compiler that we won't.
2016-09-15 13:24:28 +00:00
Aaron Jones
46c61dd478
MbedTLS: Set socket send/receive functions after initialising session 2016-09-15 13:24:28 +00:00
Aaron Jones
978c8ae828
MbedTLS: Move memory allocation to the beginning of rb_ssl_init_fd 2016-09-15 13:24:28 +00:00
Aaron Jones
163a4a9d06
MbedTLS: Remove default case in switch for an enum with all values
Having default here doesn't make sense (using something not in that
enum will generate a compile-time warning).
2016-09-15 13:24:28 +00:00
Aaron Jones
5b900411bf
MbedTLS: Rename error printing function
All 3 backends (MbedTLS, OpenSSL, GNUTLS) are going to have the same
function name for returning error strings. This will help to reduce the
diffs between them.
2016-09-15 13:24:28 +00:00
Aaron Jones
295c8f7d37
MbedTLS: Tidy up headers
Move all the header includes to a single header file, rename said file.
2016-09-15 13:24:25 +00:00
Aaron Jones
566f46785f
MbedTLS: Misc backend cleanups
* Add generic direction enum for negotiation setup.

* Rename a rather long wrapper function to a shorter one consistent with
  what it does.

* Rework context setup function.

* Don't check for handshake state before beginning handshaking.

  The old backend began a handshake and then stepped into the callback
  function if it was interrupted; the current one just jumps right into
  it, so there is no need to check if it has previously succeeded,
  because it hasn't been attempted yet.

* Add missing errno assignment to one of the handshake wrappers.

* Don't bother checking if SSL_P(F) is NULL when we already checked if
  F->ssl is NULL -- this should be impossible.

* Don't bother checking if SSL_C(F) is NULL -- this was a no-op.

* Change the socket send and recv functions to not peer into a foreign
  ratbox structure -- use the correct function to get the socket fd.

* Rewrap some lines and function arguments.

Other backends will be brought into line with this backend soon.

This will enable easier maintenance of the backends, by reducing the
diffs between them, which should make different behaviour easier to
spot.
2016-09-10 08:42:04 +00:00
Aaron Jones
2a8ec58c15
MbedTLS: Treat 0 bytes read/written to socket properly
At the moment, if a link quits in just the right (wrong [1]) way,
the quit reason will resemble:

    <-- foo (~bar@baz) has quit (Read error: (-0x0) )

This should resolve that.

[1] Peers should send a close_notify alert before abruptly shutting
    down their socket. This will result in a sane quit message:

    <-- foo (~bar@baz) has quit (Read error: (-0x7880) SSL -
    The peer notified us that the connection is going to be closed)

[ci skip]
2016-09-09 01:47:08 +00:00
William Pitcock
89d4c468b6 Merge pull request #214 from aaronmdjones/release/3.5
Fix up the MbedTLS backend
2016-09-03 10:34:43 -07:00
Aaron Jones
be31ac33d5 MbedTLS: Use correct error code for failed socket writes
This should make writing more efficient.
2016-09-02 00:28:17 +00:00
Aaron Jones
0db0805ed5 MbedTLS: Don't include the sentinel in suites count calculation 2016-09-01 20:57:07 +00:00
Aaron Jones
df51e80717 MbedTLS: Provide default list of configured ciphersuites 2016-09-01 20:47:34 +00:00
Aaron Jones
f92b4d81d4
OpenSSL: Initialise if LibreSSL
LibreSSL's definition of OPENSSL_VERSION_NUMBER bites us in the ass,
*again*.
2016-09-01 19:28:18 +00:00
Aaron Jones
6df12e8169 MbedTLS: Cleaner iteration of ciphersuite list 2016-09-01 18:18:09 +00:00
Aaron Jones
ede25e0a8a MbedTLS: Log success or failure to parse ciphersuite list 2016-08-31 22:03:42 +00:00
Aaron Jones
6f3651f8ec MbedTLS: Remove pointless no-op cast 2016-08-31 18:34:21 +00:00
Aaron Jones
b21ed5c0aa MbedTLS: Ciphersuite configuration fixes 2016-08-31 17:06:51 +00:00
Aaron Jones
42b029d0d6 MbedTLS: Preliminary attempt at ciphersuite configuration 2016-08-31 17:03:02 +00:00
Aaron Jones
865e70f529
Revert "Backport c1fc044c to release/3.5"
This reverts commit c9c2d6ea12.

This commit included some as yet untested and unrelated code by mistake.
2016-08-31 14:19:43 +00:00
Aaron Jones
c9c2d6ea12
Backport c1fc044c to release/3.5 2016-08-31 14:13:45 +00:00
Aaron Jones
531e6323d8 MbedTLS: Explicitly ignore rb_snprintf() return value 2016-08-31 01:01:42 +00:00
Aaron Jones
036419c344 MbedTLS: Misc security improvements
As a client, require all peers (i.e. other IRC servers) to support secure
renegotiation. Break handshakes with servers that don't. We do not
renegotiate our sessions, but this is the most secure option regardless.

As a client, disable TLS Session Tickets. The server side MbedTLS code
does not have any ticket callbacks configured, so an MbedTLS IRC Server
will not issue tickets -- however, others could. Server connections are
not expected to be short-lived enough to benefit from the usage of tickets,
and their issuance harms forward secrecy.
2016-08-31 00:13:56 +00:00
Aaron Jones
19d9c417af MbedTLS: Fix casing on opening comment block 2016-08-30 23:38:25 +00:00
Aaron Jones
f2fbec4510 MbedTLS: More const-correctness 2016-08-30 23:31:47 +00:00
Aaron Jones
f89406ac72 MbedTLS: Misc sizeof prettiness 2016-08-30 23:22:41 +00:00
Aaron Jones
c1007a93d5 MbedTLS: Move more code to appropriate section 2016-08-30 23:16:33 +00:00
Aaron Jones
3ba0923c0e MbedTLS: Move some MbedTLS-specific code to the appropriate section 2016-08-30 23:13:53 +00:00
Aaron Jones
4c9ab80f6b MbedTLS: Major restructuring
I have removed all non-MbedTLS-specific code from this backend and
copied the non-OpenSSL-specific portions of the OpenSSL backend code
over; as it seems to be more reliable.
2016-08-30 22:57:25 +00:00
Aaron Jones
07b6e728b5
OpenSSL: Initialise one context at a time
If initialising the server context fails, but the client one succeeds,
we will not only leak memory, but the error message reported for
initialising the server context might not make sense, because we
initialise the client context after and that could erase or change the
list of queued errors.

This scenario is considered rare. Nevertheless, we now initialise the
client context after *successfully* initialising the server context.
2016-08-30 10:21:46 +00:00