solanum-vs-hackint-and-char.../modules
jailbird777 8e9a741832 OpenSSL 3.0 compatibility
Edited by @aaronmdjones:

- Correct some data types and casts

- Minor style fixups (e.g. we put * on the variable name not the type)

- librb/src/openssl.c:

  - Defer call of BIO_free(3ssl) to the end of the conditional block
    to avoid having calls to it in multiple paths

  - Check the return value of SSL_CTX_set0_tmp_dh_pkey(3ssl) because if
    it fails then we must use EVP_PKEY_free(3ssl) to avoid a memory leak

    This could fail if, for example, the user supplied DSA parameters
    in the DH parameters file instead.

- ircd/newconf.c:

  - Check whether OSSL_DECODER_CTX_new_for_pkey(3ssl) was able to parse
    the given CHALLANGE public key as a valid RSA public key, and then
    check whether OSSL_DECODER_from_bio(3ssl) actually loads it
    successfully

- ircd/s_newconf.c:

  - Use EVP_PKEY_free(3ssl) instead of OPENSSL_free(3ssl) on EVP_PKEY
    pointers; this will avoid inadvertent memory leaks if the EVP_PKEY
    structure contains any dynamically-allocated child members

- modules/m_challenge.c:

  - Unconditionally use EVP(3ssl) to generate the SHA-1 digest of the
    random challenge; this API has been around for a very long time and
    is available in all supported versions of OpenSSL

  - Add lots of error checking to all steps of the process

Tested against 1.1.1 and 3.0; both with missing and provided DH parameters
(which works as you'd expect; the server will not negotiate a DHE cipher
without them), and CHALLENGE, including missing keys or keys of the wrong
type (e.g. when you supply an EdDSA key instead of an RSA key).

This does break compatibility with OpenSSL 1.1.0 and below, which are now
all end-of-life and unsupported anyway.

Closes #357
2022-08-25 00:36:47 +00:00
..
core EBMASK capab, to burst BMASK metadata (#354) 2022-08-20 01:35:54 +01:00
cap_account_tag.c hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
cap_server_time.c hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
chm_nocolour.c hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
chm_noctcp.c Apply cmode C to replies (#328) 2022-04-14 13:14:12 -07:00
m_accept.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_admin.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_alias.c hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
m_away.c Replace most checks for +o with oper:general 2020-08-04 22:58:30 +01:00
m_cap.c Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
m_capab.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_certfp.c common.h: raison d'être is gone, so out it goes. 2016-03-23 09:33:56 -05:00
m_challenge.c OpenSSL 3.0 compatibility 2022-08-25 00:36:47 +00:00
m_chghost.c Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
m_close.c m_close: remove dangling return [ci skip] 2016-03-09 01:45:01 -06:00
m_connect.c ircd: do not shadow internal openssl symbol "ssl_ok" (yeah, i know) 2016-03-19 00:57:32 -05:00
m_dline.c m_dline: make the private reason private 2021-07-13 23:38:59 +01:00
m_encap.c common.h: raison d'être is gone, so out it goes. 2016-03-23 09:33:56 -05:00
m_etrace.c global masktrace doesn't need to be an operspy action 2022-07-01 00:07:02 +01:00
m_grant.c Track and inform modules of privset changes 2021-03-01 15:45:03 +00:00
m_help.c cppcheck: fix various warnings/errors 2016-10-28 20:13:36 +01:00
m_info.c Create configurations for user-facing messages within registration (#238) 2021-07-29 21:44:23 -04:00
m_invite.c m_invite: send message tags (#173) 2021-06-05 15:57:03 +01:00
m_ison.c m_ison: Do not report unregistered connections 2020-06-26 20:36:43 +00:00
m_kline.c refuse opers setting an invalidly long k-line reason 2022-06-30 23:59:17 +01:00
m_knock.c Replace most checks for +o with oper:general 2020-08-04 22:58:30 +01:00
m_links.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_list.c m_list: fail on invalid parameters 2021-10-20 11:35:53 +01:00
m_lusers.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_map.c Normalize snprintf size to use sizeof where possible 2022-06-24 01:42:08 -04:00
m_monitor.c m_monitor: refactor to use multiline 2020-11-12 19:18:01 -05:00
m_motd.c m_motd: don't ratelimit with no server argument 2019-09-15 20:05:51 +01:00
m_names.c m_names: use ITER_COMM_CHANNELS 2021-10-17 17:36:53 +01:00
m_oper.c Allow privset-less OPER bursting 2021-06-05 19:42:18 +01:00
m_operspy.c common.h: raison d'être is gone, so out it goes. 2016-03-23 09:33:56 -05:00
m_pass.c m_pass: store unverified SID in preClient for use in m_server 2018-08-15 22:48:20 +01:00
m_ping.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_pong.c send "End of burst" snote to L_NETWIDE (#356) 2022-08-19 03:17:05 +01:00
m_post.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_privs.c Make privilegeset_privs more const 2021-03-01 15:45:03 +00:00
m_rehash.c Remove shared blocks 2020-11-01 04:20:44 +00:00
m_restart.c Remove shared blocks 2020-11-01 04:20:44 +00:00
m_resv.c Keep propagated bans in a dictionary, not a list 2021-06-08 21:57:43 +01:00
m_sasl.c hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
m_scan.c Normalize snprintf size to use sizeof where possible 2022-06-24 01:42:08 -04:00
m_services.c hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
m_set.c make more snotes L_NETWIDE 2020-11-08 14:30:41 -05:00
m_signon.c Manage IsDynSpoof when effecting a (post-reg) SIGNON 2021-06-08 23:17:18 +01:00
m_snote.c Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
m_starttls.c Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
m_stats.c m_stats: z: remove unnecessary casting and fix format strings 2022-08-24 20:31:08 -04:00
m_svinfo.c make more snotes L_NETWIDE 2020-11-08 14:30:41 -05:00
m_tb.c ircd: send tags on every message 2017-08-06 16:21:29 +01:00
m_testline.c Add description parameter to auth blocks (#327) 2022-04-14 14:39:45 -07:00
m_testmask.c common.h: raison d'être is gone, so out it goes. 2016-03-23 09:33:56 -05:00
m_tginfo.c common.h: raison d'être is gone, so out it goes. 2016-03-23 09:33:56 -05:00
m_time.c cppcheck: fix various warnings/errors 2016-10-28 20:13:36 +01:00
m_topic.c Cast time_t to long long when printing 2022-07-01 03:43:36 -04:00
m_trace.c Replace most checks for +o with oper:general 2020-08-04 22:58:30 +01:00
m_unreject.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_user.c m_nick/m_sasl/m_user: restore check for mixing of client and server protocol 2018-08-15 22:48:21 +01:00
m_userhost.c m_userhost: hide user's own IP if iline spoofed 2021-06-13 18:26:49 +01:00
m_users.c Message handlers should return void. 2016-03-09 01:37:03 -06:00
m_version.c make VERSION not include sid (#118) 2021-04-10 15:19:27 +01:00
m_wallops.c wallops: require new oper:wallops right (#110) 2021-01-28 14:09:31 +00:00
m_who.c don't truncate operspy WHO 2022-06-10 18:15:56 +01:00
m_whois.c m_whois: show services even if they lack opernames 2021-06-05 20:21:45 +01:00
m_whowas.c Replace most checks for +o with oper:general 2020-08-04 22:58:30 +01:00
m_xline.c Keep propagated bans in a dictionary, not a list 2021-06-08 21:57:43 +01:00
Makefile.am Remove Windows support 2021-07-30 14:17:47 -04:00
sno_routing.c hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
um_callerid.c Make opers talking through +g controllable by user mode +M (#275) 2022-04-12 17:54:58 -04:00
um_regonlymsg.c um_regonlymsg: prevent unregistered users from NOTICEing +R users too 2022-08-24 17:16:39 -04:00