solanum-vs-hackint-and-char.../include
jailbird777 8e9a741832 OpenSSL 3.0 compatibility
Edited by @aaronmdjones:

- Correct some data types and casts

- Minor style fixups (e.g. we put * on the variable name not the type)

- librb/src/openssl.c:

  - Defer call of BIO_free(3ssl) to the end of the conditional block
    to avoid having calls to it in multiple paths

  - Check the return value of SSL_CTX_set0_tmp_dh_pkey(3ssl) because if
    it fails then we must use EVP_PKEY_free(3ssl) to avoid a memory leak

    This could fail if, for example, the user supplied DSA parameters
    in the DH parameters file instead.

- ircd/newconf.c:

  - Check whether OSSL_DECODER_CTX_new_for_pkey(3ssl) was able to parse
    the given CHALLANGE public key as a valid RSA public key, and then
    check whether OSSL_DECODER_from_bio(3ssl) actually loads it
    successfully

- ircd/s_newconf.c:

  - Use EVP_PKEY_free(3ssl) instead of OPENSSL_free(3ssl) on EVP_PKEY
    pointers; this will avoid inadvertent memory leaks if the EVP_PKEY
    structure contains any dynamically-allocated child members

- modules/m_challenge.c:

  - Unconditionally use EVP(3ssl) to generate the SHA-1 digest of the
    random challenge; this API has been around for a very long time and
    is available in all supported versions of OpenSSL

  - Add lots of error checking to all steps of the process

Tested against 1.1.1 and 3.0; both with missing and provided DH parameters
(which works as you'd expect; the server will not negotiate a DHE cipher
without them), and CHALLENGE, including missing keys or keys of the wrong
type (e.g. when you supply an EdDSA key instead of an RSA key).

This does break compatibility with OpenSSL 1.1.0 and below, which are now
all end-of-life and unsupported anyway.

Closes #357
2022-08-25 00:36:47 +00:00
..
inline Innovation by sed 2020-10-15 15:52:41 +01:00
authproc.h Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
bandbi.h Add bandb IRCd APIs. 2010-01-07 17:10:16 -06:00
cache.h Change struct Dictionary(*) to rb_dictionary(_\1). 2016-03-23 08:09:58 -05:00
capability.h Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
certfp.h Innovation by sed 2020-10-15 15:52:41 +01:00
channel.h EBMASK capab, to burst BMASK metadata (#354) 2022-08-20 01:35:54 +01:00
chmode.h Stop using chm_nosuch as a sentinel value (#53) 2020-11-08 09:50:17 -08:00
class.h Add class::max_autoconn configuration 2020-10-18 20:03:05 +01:00
client.h OpenSSL 3.0 compatibility 2022-08-25 00:36:47 +00:00
defaults.h authd: rename blacklist_provider to dnsbl_provider, change auth notices accordingly 2020-07-05 21:20:34 -06:00
dns.h Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
hash.h hash.c: Save some more bytes 2016-03-27 06:29:10 -04:00
hook.h Track and inform modules of privset changes 2021-03-01 15:45:03 +00:00
hostmask.h Allow temporary K-lines to extend shorter ones (#142) 2021-04-27 14:45:04 +01:00
ircd.h ircd: functions that call exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
ircd_defs.h Innovation by sed 2020-10-15 15:52:41 +01:00
ircd_getopt.h getopt: a function that calls exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
ircd_linker.h Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
ircd_signal.h Remove $Id tags from everything. 2016-03-06 02:47:27 -06:00
listener.h listener: refactor to use rb_dlink like the other lists in ircd 2021-07-31 00:05:59 -04:00
logger.h logger: add idebug 2016-03-28 19:06:31 -05:00
m_info.h Innovation by sed 2020-10-15 15:52:41 +01:00
match.h Centralise banmask matching logic 2020-04-12 12:35:18 +01:00
messages.h chm_regmsg: don't duplicate nick in 415 2022-07-11 23:35:25 -04:00
modules.h Innovation by sed 2020-10-15 15:52:41 +01:00
monitor.h Remove $Id tags from everything. 2016-03-06 02:47:27 -06:00
msg.h remove LAST in comment too; it's a bit pointless 2020-04-19 13:05:01 +01:00
msgbuf.h Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
newconf.h config.h delenda est 2016-03-19 19:14:26 -05:00
numeric.h Delete RPL_WHOISSPECIAL 2021-06-05 20:21:45 +01:00
operhash.h Make struct operhash_entry private. 2010-03-01 01:24:00 +01:00
packet.h Remove $Id tags from everything. 2016-03-06 02:47:27 -06:00
parse.h Change struct Dictionary(*) to rb_dictionary(_\1). 2016-03-23 08:09:58 -05:00
patchlevel.h Remove $Id tags from everything. 2016-03-06 02:47:27 -06:00
privilege.h remove some header dependencies on client.h 2022-03-06 22:51:19 +00:00
ratelimit.h Innovation by sed 2020-10-15 15:52:41 +01:00
reject.h reject: Remember and send reasons for rejections 2019-12-31 01:35:31 +00:00
restart.h restart: functions that call exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
s_assert.h Innovation by sed 2020-10-15 15:52:41 +01:00
s_conf.h Add description parameter to auth blocks (#327) 2022-04-14 14:39:45 -07:00
s_newconf.h OpenSSL 3.0 compatibility 2022-08-25 00:36:47 +00:00
s_serv.h EBMASK capab, to burst BMASK metadata (#354) 2022-08-20 01:35:54 +01:00
s_stats.h Remove $Id tags from everything. 2016-03-06 02:47:27 -06:00
s_user.h Track and inform modules of privset changes 2021-03-01 15:45:03 +00:00
scache.h Remove $Id tags from everything. 2016-03-06 02:47:27 -06:00
send.h send: add sendto_one_multiline_* API 2020-11-12 19:18:01 -05:00
snomask.h add SNO_BANNED, snote for it on client k/x-line rejection (#242) 2021-08-11 17:08:31 +01:00
sslproc.h sslproc: use global ServerInfo configuration 2016-04-25 19:20:45 +01:00
stdinc.h stdinc: more cleanups 2016-03-20 01:19:07 -05:00
substitution.h Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
supported.h Innovation by sed 2020-10-15 15:52:41 +01:00
tgchange.h Innovation by sed 2020-10-15 15:52:41 +01:00
whowas.h Remove $Id tags from everything. 2016-03-06 02:47:27 -06:00
wsproc.h Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00