9pfs/solanum-vs-hackint-and-charybdis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
solanum-vs-hackint-and-char.../librb
History
jailbird777 8e9a741832 OpenSSL 3.0 compatibility 
Edited by @aaronmdjones:

- Correct some data types and casts

- Minor style fixups (e.g. we put * on the variable name not the type)

- librb/src/openssl.c:

  - Defer call of BIO_free(3ssl) to the end of the conditional block
    to avoid having calls to it in multiple paths

  - Check the return value of SSL_CTX_set0_tmp_dh_pkey(3ssl) because if
    it fails then we must use EVP_PKEY_free(3ssl) to avoid a memory leak

    This could fail if, for example, the user supplied DSA parameters
    in the DH parameters file instead.

- ircd/newconf.c:

  - Check whether OSSL_DECODER_CTX_new_for_pkey(3ssl) was able to parse
    the given CHALLANGE public key as a valid RSA public key, and then
    check whether OSSL_DECODER_from_bio(3ssl) actually loads it
    successfully

- ircd/s_newconf.c:

  - Use EVP_PKEY_free(3ssl) instead of OPENSSL_free(3ssl) on EVP_PKEY
    pointers; this will avoid inadvertent memory leaks if the EVP_PKEY
    structure contains any dynamically-allocated child members

- modules/m_challenge.c:

  - Unconditionally use EVP(3ssl) to generate the SHA-1 digest of the
    random challenge; this API has been around for a very long time and
    is available in all supported versions of OpenSSL

  - Add lots of error checking to all steps of the process

Tested against 1.1.1 and 3.0; both with missing and provided DH parameters
(which works as you'd expect; the server will not negotiate a DHE cipher
without them), and CHALLENGE, including missing keys or keys of the wrong
type (e.g. when you supply an EdDSA key instead of an RSA key).

This does break compatibility with OpenSSL 1.1.0 and below, which are now
all end-of-life and unsupported anyway.

Closes #357
2022-08-25 00:36:47 +00:00
..
include librb: make free_fds() public as rb_close_pending_fds() 2021-07-31 00:05:59 -04:00
src OpenSSL 3.0 compatibility 2022-08-25 00:36:47 +00:00
acinclude.m4 Remove Windows support 2021-07-30 14:17:47 -04:00
autogen.sh *sigh* comment these out until travis is fixed. 2016-04-10 17:12:42 -05:00
configure.ac Fix assert = hard assignments 2022-08-24 18:15:43 -04:00
COPYING rename libratbox to librb, since its pretty modified anyway 2016-03-06 02:30:20 -06:00
CREDITS Innovation by sed 2020-10-15 15:52:41 +01:00
install-sh Add these for now until travis actually gets their shit together. 2016-04-10 17:07:33 -05:00
librb.pc.in Innovation by sed 2020-10-15 15:52:41 +01:00
Makefile.am Properly clean up build artifacts. 2016-04-09 04:55:57 -05:00
README.md update librb README to explain the namechange 2016-03-06 02:33:48 -06:00
TODO rename libratbox to librb, since its pretty modified anyway 2016-03-06 02:30:20 -06:00

README.md

librb

This is based on libratbox, the common runtime support code in ircd-ratbox. It has significant modifications and is no longer compatible with libratbox itself (nor can be used as a dropin replacement), so we renamed it.

original libratbox notes

  1. Most of this code isn't anywhere near threadsafe at this point. Don't hold your breath on this either.
  2. The linebuf code is designed to deal with pretty much 512 bytes per line and that is it. Anything beyond that length unless in raw mode, gets discard. For some non-irc purposes, this can be a problem, but for ircd stuff its fine.
  3. The helper code when transmitting data between helpers, the same 512 byte limit applies there as we recycle the linebuf code for this.