Commit graph

162 commits

Author SHA1 Message Date
Aaron Jones
f15a30a16f
GNUTLS: I need to wake up. Fix more. 2016-08-17 17:37:03 +00:00
Aaron Jones
b24cfd7c50
GNUTLS: Fix typo on previous commit 2016-08-17 17:27:26 +00:00
Aaron Jones
06feeb244d
GNUTLS: Avoid null derefence in constructing ciphersuite 2016-08-17 16:58:40 +00:00
Aaron Jones
0bd2f0b710
openssl: Avoid use-after-free when rehashing fails to load new files
Commit 5c8da48 introduced a fix for issue #186 by freeing the old SSL_CTX
structure before constructing a new one, which could disconnect existing
clients otherwise.

Unfortunately, the freeing is done first, which means that if setting up
a new structure fails for any reason, there will be no usable structures
left, but they are still referenced.

This fix moves the freeing to the end of the function, using intermediate
new variables in the meantime. This problem was discovered while testing
against OpenSSL 1.1.0 RC6.
2016-08-12 13:29:02 +00:00
Aaron Jones
e719e46d27
mbedtls backend: indicate reason for TLS session termination
[ci skip]
2016-06-12 11:32:30 +00:00
Aaron Jones
03e6030ed2
openssl: More LibreSSL compatibility
LibreSSL does not have the new version macros & functions that OpenSSL
1.1.0 implements. This causes a compile-time failure against LibreSSL.

Further, the runtime function for returning the library version returns
the wrong number (the hardcoded constant number SSLEAY_VERSION_NUMBER
aka OPENSSL_VERSION_NUMBER, instead of LIBRESSL_VERSION_NUMBER).

Add more ifdef soup to remedy the situation.
2016-06-01 17:45:36 +00:00
Aaron Jones
82d827469c
openssl: change how we load DH parameters
The code already assumes the presence of fopen(3) and errno, and, by
extension, fclose(3) and strerror(3), so just use those instead of the
BIO wrappers.

Additionally, don't fail to initialise if the DH file does exist but
parsing it fails, as per the pre-existing comment about them being
optional.
2016-05-25 21:53:09 +00:00
William Pitcock
96129f7d4d charybdis 3.5.2. 2016-05-14 17:00:59 -05:00
Aaron Jones
57d3cd1159
[mbedtls] Fix up backend to allow fingerprint generation
See the comments in the newly created file for an explanation.
2016-05-04 09:09:01 +00:00
Aaron Jones
fd5af836b7
[mbedtls] Various fixes and improvements
* Move certificate, key, DH parameters and configuration to heap
  (Documentation states that setting new configuration, e.g.
   during a rehash, is unsupported while connections using that
   configuration are active)

  This is the same approach as the fix for #186

  Refcount these structures so as to not introduce a memory leak

  On rehash, it will use new structures only if there are no
  errors in constructing them

* Add better error-reporting (strings in addition to numbers)
  where possible

* Coalesce several connection memory allocations into one function

* Reduce boilerplate where possible (Charybdis targets C99)

* Support private key being in certificate file, and having no
  DH parameters file

* Correct erroneous closing comment
2016-05-04 02:12:23 +00:00
Aaron Jones
d35caf56cb
[TLS backends] Make version strings more useful and consistent 2016-05-04 00:20:07 +00:00
Aaron Jones
5c8da48264
Backport more TLS backend and ssld fixes & improvements from 3.6
openssl:
 * Don't manually initialise libssl 1.1.0 -- it does this automatically
 * SSL_library_init() should be called first otherwise
 * Move SSL_CTX construction to rb_setup_ssl_server()
 * Test for all required files (certificate & key) before doing anything
 * Free the old CTX before constructing a new one (Fixes #186)
 * Properly abort rb_setup_ssl_server() on CTX construction failures
 * Support ECDHE on more than one curve on OpenSSL 1.0.2 and above
 * Clean up ifdef indentation
 * Fix DH parameters memory leak

mbedtls:
 * Fix certificate fingerprint generation
 * Fix library linking order
 * Fix incorrect printf()-esque argument count
 * Return digest length for fingerprints instead of 1, consistent
   with the other backends

sslproc / ssld:
 * Fingerprint methods have no assocated file descriptors
 * Send TLS information (cipher, fingerprint) before data
 * Use correct header length for fingerprint method

Authored-by: Aaron Jones <aaronmdjones@gmail.com>
Authored-by: William Pitcock <nenolod@dereferenced.org>
Authored-by: Simon Arlott <sa.me.uk>
2016-04-30 21:39:05 +00:00
Valerii Iatsko
bf9e0a6ed5 Fixed compilation w/ gnutls v3 2016-04-02 17:28:37 -05:00
William Pitcock
e253d010ed libratbox: gnutls: add gnutls 3.4 support (closes #123) 2016-01-24 14:52:40 -05:00
William Pitcock
6dcf35b167 libratbox: don't build arc4random support if mbedtls is present. libratbox r29245 2015-12-27 21:21:33 -06:00
William Pitcock
5cc7ba2577 libratbox: fix scoping issue with alloca()'d buffer which could result in undefined behaviour.
this is ported from upstream libratbox r29267
2015-12-27 21:19:17 -06:00
William Pitcock
7233e364cc gnutls: fix typo 2015-12-12 08:19:58 -06:00
William Pitcock
673ec98e71 gnutls: allow priorities to be configured 2015-12-12 08:03:59 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
5225f83df1 libratbox: import zstring functions 2015-12-11 15:56:33 -06:00
William Pitcock
7c16cc9085 libratbox: implement nossl variants of rb_get_ssl_certfp() and rb_get_ssl_cipher() 2015-12-11 08:36:21 -06:00
William Pitcock
833b2f9cbf libratbox: implement rb_get_ssl_cipher() 2015-12-11 08:32:02 -06:00
Elizabeth Myers
e6bbb41030 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
William Pitcock
677d3cb1a3 mbedtls: implement rb_get_ssl_certfp() 2015-12-05 06:37:04 -06:00
William Pitcock
493897d67c mbedtls: use server certificate for client mode too 2015-12-04 22:42:10 -06:00
William Pitcock
162a91d6ed mbedtls: make client mode work too 2015-12-04 22:41:02 -06:00
William Pitcock
539d912b95 libratbox: fix up mbedtls backend 2015-12-04 00:01:40 -06:00
William Pitcock
fab6f9e80e libratbox: gnutls: we want to pass F, not F->fd to rb_listen() 2015-12-03 22:38:54 -06:00
William Pitcock
cd492e44b5 libratbox: initial cut at an mbedtls implementation, which will replace openssl and gnutls backends in charybdis 3.6
notably, it presently is lacking CertFP support, but everything else is implemented
2015-12-03 22:32:33 -06:00
William Pitcock
6f57a957b0 libratbox: prepare build system for mbed tls backend 2015-12-03 18:37:32 -06:00
Aaron Jones
0b05d1aad5
[libratbox] Remove an unused random function
Nothing in the Charybdis or libratbox code calls rb_get_pseudo_random
and under OpenSSL it uses RAND_pseudo_bytes() which is both dangerous
and removed in OpenSSL version 1.1.0.
2015-10-25 16:04:57 +00:00
Aaron Jones
25f7ee7dd6
Improve the versions of TLS used for server to server linking
When building against current OpenSSL (<= 1.0.2) or old LibreSSL
(< 2.2.2) the server will use TLSv1.0 only when connecting to other
servers.

This patch corrects that.
2015-10-23 16:08:15 +00:00
Aaron Jones
3ae24413ca
Use new TLS method APIs with new LibreSSL
OpenBSD 5.8 includes LibreSSL 2.2.2, which finally brings the API up to
what they claim it is by implementing the new TLS client and server
method APIs. Therefore, in furtherance of commits a4c8c827 and 1a4e224a
we can build with the new APIs if building against (real) OpenSSL 1.1.0
or LibreSSL 2.2.2.

Reported-by: Juuso Lapinlampi <wub@partyvan.eu>
2015-10-23 16:05:33 +00:00
Jilles Tjoelker
df3de4e913 kqueue: Remove unnecessary cast. 2015-09-13 22:59:03 +02:00
William Pitcock
23e6a59007 Merge pull request #95 from jailbird777/master
Spring cleaning redux
2015-07-06 17:13:50 -05:00
Aaron Jones
1a4e224a4e LibreSSL have far advanced OPENSSL_VERSION_NUMBER beyond the
feature set they support (2.0 even!), deliberately breaking
backward compatibility. Therefore, in order to fix a regression
introduced by commit a4c8c827 with regard to LibreSSL's stupidity,
unconditionally use the old TLS API if building against LibreSSL.
2015-06-25 13:57:07 +00:00
Aaron Jones
cb266283f8 libratbox/openssl: Set explicit cipher list for the client context aswell
This is in furtherance of commits 9799bea4 and 1f384464 and addresses
any potential vulnerability to LogJam <https://weakdh.org/>
2015-05-20 16:41:34 +00:00
Aaron Jones
c86f11da1c Fix regression introduced by previous commit
I really shouldn't copy and paste code.
2015-05-20 10:39:04 +00:00
Aaron Jones
a4c8c82703 Tidy up OpenSSL options code, support new version-agnostic client and server APIs 2015-05-20 02:27:59 +00:00
Jail Bird
29c92cf95f Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls

Thanks Jilles!
2015-04-20 00:55:20 -05:00
Aaron Jones
614502a63c Generate fingerprints for chained certificates with an unknown root 2015-03-24 05:25:38 +00:00
Aaron Jones
d3806d0503 Use X509_digest() instead of memcpy() to obtain cert fingerprint
This will continue to work even if the OpenSSL developers make the
X509* structure opaque, the current approach will not.
2015-03-24 05:22:25 +00:00
Aaron Jones
1f384464fa Update ciphersuite string to prohibit RC4
This is in accordance with RFC 7465
<https://tools.ietf.org/html/rfc7465>

Also correct the key exchange mechanism strings; these should be
prefixed with 'k'.
2015-03-22 06:14:39 +00:00
William Pitcock
e861902fd9 libratbox: remove RB_PRNG_EGD in its entirety (closes #85) 2015-03-01 01:05:14 -06:00
William Pitcock
4cb0a93d25 libratbox/gnutls: call gnutls_rnd_refresh() to ensure our PRNG is initialized 2015-02-16 17:40:25 -06:00
Attila Molnar
989652e7a8 openssl: Disable session caching 2015-02-09 21:19:09 +01:00
Attila Molnar
6b6a579925 openssl: Disable session tickets 2015-02-09 21:18:32 +01:00
Jilles Tjoelker
7db54a1f97 libratbox: Fix sizeof in two memsets.
This fixes a compiler warning. The necessary fields of the struct sigevent
were initialized so there was no problem.

Submitted by:	Aaron (via IRC)
Reviewed by:	Attila
2015-01-15 23:38:50 +01:00
Jilles Tjoelker
1c864688bb linebuf: Fix possible memory corruption when receiving many CR/LF.
The last byte of balloc.c's block pointer could be changed from 10 or 13 to
0. On amd64, this is not possible. On i386, this is possible and usually
causes a crash soon.
2014-11-05 21:42:35 +01:00
Patrick Godschalk
d072eb2350 Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-capable clients that still depend on SSLv23 handshake 2014-10-26 13:15:30 +01:00