Some slight alterations are necessary; librb instead of libratbox,
snprintf() instead of rb_snprintf(), etc. Also, release/4 has
offline certificate digesting functionality. For more insight,
simply diff the mbedtls.c between release/3.5 and release/4.
Some slight alterations are necessary; librb instead of libratbox,
snprintf() instead of rb_snprintf(), etc. Also, release/4 has
offline certificate digesting functionality. For more insight,
simply diff the openssl.c between release/3.5 and release/4.
William Pitcock [Fri, 16 Sep 2016 22:18:55 +0000 (17:18 -0500)]
ircd: introduce 'no-export' links
Links that are 'no-export' are not distributed to the rest of the IRC network (including local peers).
This provides a core primitive for 'anycasting' services (but the actual issue of synchronizing data in
a services package is left to the authors of the services package).
Aaron Jones [Sat, 10 Sep 2016 08:51:09 +0000 (08:51 +0000)]
MbedTLS: Misc backend cleanups
This is a forward-port of release/3.5 commit 566f4678
* Add generic direction enum for negotiation setup.
* Rename a rather long wrapper function to a shorter one consistent with
what it does.
* Rework context setup function.
* Don't check for handshake state before beginning handshaking.
The old backend began a handshake and then stepped into the callback
function if it was interrupted; the current one just jumps right into
it, so there is no need to check if it has previously succeeded,
because it hasn't been attempted yet.
* Add missing errno assignment to one of the handshake wrappers.
* Don't bother checking if SSL_P(F) is NULL when we already checked if
F->ssl is NULL -- this should be impossible.
* Don't bother checking if SSL_C(F) is NULL -- this was a no-op.
* Change the socket send and recv functions to not peer into a foreign
ratbox structure -- use the correct function to get the socket fd.
* Rewrap some lines and function arguments.
Other backends will be brought into line with this backend soon.
This will enable easier maintenance of the backends, by reducing the
diffs between them, which should make different behaviour easier to
spot.
Aaron Jones [Sat, 3 Sep 2016 17:29:53 +0000 (17:29 +0000)]
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
Aaron Jones [Tue, 30 Aug 2016 10:30:17 +0000 (10:30 +0000)]
OpenSSL: Initialise one context at a time
If initialising the server context fails, but the client one succeeds,
we will not only leak memory, but the error message reported for
initialising the server context might not make sense, because we
initialise the client context after and that could erase or change the
list of queued errors.
This scenario is considered rare. Nevertheless, we now initialise the
client context after *successfully* initialising the server context.
Aaron Jones [Mon, 15 Aug 2016 09:50:53 +0000 (09:50 +0000)]
mkpasswd: use urandom for salts, cleanup
Using /dev/random for salt generation is pointless -- it can block, and
any extra randomness it would provide (which is debatable) is not needed,
as salts only need to be unique, not unpredictable.
Aaron Jones [Fri, 12 Aug 2016 13:34:13 +0000 (13:34 +0000)]
openssl: Avoid use-after-free when rehashing fails to load new files
Commit cf12678 introduced a fix for issue #186 by freeing the old SSL_CTX
structure before constructing a new one, which could disconnect existing
clients otherwise.
Unfortunately, the freeing is done first, which means that if setting up
a new structure fails for any reason, there will be no usable structures
left, but they are still referenced.
This fix moves the freeing to the end of the function, using intermediate
new variables in the meantime. This problem was discovered while testing
against OpenSSL 1.1.0 RC6.
Jason Volk [Wed, 22 Jun 2016 00:39:44 +0000 (17:39 -0700)]
Core modules cannot be unloaded, otherwise bad things happen.
Additionally some information is logged and passed to the operator
conducting a MODRESTART.
Jason Volk [Wed, 22 Jun 2016 00:32:28 +0000 (17:32 -0700)]
ircd: Fix capability entry name string ownership.
The entry->cap must be copied and exclusive to the entry for the
cap to be orphaned, even if literals are expected. Because modules.
Aaron Jones [Wed, 1 Jun 2016 20:55:32 +0000 (20:55 +0000)]
Preliminary code tidying complete.
These issues (commits 47a66e15 through 906fd91f inclusive) were
identified with the Clang compiler. Please raise concerns about
them on the issue tracker or in the support channel.