Rename crypt.c -> openssl.c. The old name made sense back when we had only one crypto backend. These days paraslash can be compiled against either openssl or gcrypt, so the new name makes it clear that the file is only compiled in if the openssl library was selected as the crypto backend.
crypt.c: Plug memory leak in get_public_key(). If server.users refers to an existing file which is not a ssh public key, we leak 4 bytes of memory: ==27302== 4 bytes in 1 blocks are definitely lost in loss record 1 of 8 ==27302== at 0x402C201: malloc (vg_replace_malloc.c:299) ==27302== by 0x8052FF3: para_malloc (string.c:63) ==27302== by 0x8066532: get_public_key (crypt.c:151) ==27302== by 0x80569D1: user_list_init (user_list.c:90) ==27302== by 0x804D74D: parse_config_or_die (server.c:279) ==27302== by 0x804C719: server_init (server.c:554) ==27302== by 0x804C719: main (server.c:655) Furtunately, this issue is trivial to fix.
crypt.c: Fix two typos in comment. s/adds/add and s/random/urandom. Also add the man section to random().
Shorten copyright notice. The GPLv2 line does not add any additional information, so drop it. This leaves a single line of legalese text for most files, which is about the amount of screen real estate it deserves. This patch was created with the following script (plus some manual fixups): awk '{ if (NR <= 5) { gs = gensub(/.*Copyright.* ([0-9]+).*Andre Noll.*/, "\\1", "g") if (gs != $0) year = gs next } if (NR == 6 && year != "") printf("/* Copyright (C) %s Andre Noll <maan@tuebingen.mpg.de>, see file COPYING. */\n", year) print }'
crypt: Remove read_ssh_u32(). It was just another implementation of read_u32_be(). This commit makes the crypto code use the helper of portable_io.h instead.
Merge branch 'refs/heads/t/rm_rc4' This patch removes support for RC4, making the AES-based stream cipher mandadory. The aes_ctr128 server feature is made a no-op, breaking support with very old clients (<= 0.5.1). Cooking for three months. * refs/heads/t/rm_rc4: crypt: Remove RC4 support.
crypt: Remove RC4 support. Multiple vulnerabilities have been discovered in the RC4 stream cipher, rendering it insecure. paraslash stopped using RC4 as the default stream cipher since version 0.5.2 (2014-04-11), but server and client still supported the broken cipher for backward compatibility. This commit removes the compatibility code from both the openssl and the libgcrypt code base, leaving aes_ctr128 as the only remaining stream cipher. The server still announces the aes_ctr128 feature, although it is now mandatory because the server will enable aes_ctr128 unconditionally, no matter whether it was requested by the client or not. The client, on the other hand, still requests this feature, regardless of whether it was announced by the server or not. This keeps unpatched clients => 0.5.2 working with new servers and vice versa. Regarding the public crypto API, sc_new() loses its boolean use_aes parameter. Otherwise the API remains the same. The patch also rewrites the crypto section of the manual to not mention RC4 any more.
crypt.c: Combine load_key() and get_private_key(). Both functions are short and the former is only called by the latter.
crypto: Remove support for ASN public keys. These have been deprecated for some years in favor of ssh keys generated with ssh-keygen(1). Removing support for the deprecated format allows to get rid of quite some ugly ASN parsing code. Private ASN keys, however, still need to be parsed in case libgcrypt is employed as the crypto API. So the parser in find_privkey_bignum_offset() needs to stay.
crypto: Simplify asymetric key handling. get_asymmetric_key() and free_asymmetric_key() are public because para_server maintains a copy to the public key of each user so that the keys need to be loaded only once. On the other hand, for private keys (used in para_client) key allocation and freeing is performed implicitly in priv_decrypt(), and no reference to the key is ever returned. So the crypto API can be simplified by exposing the interface only for public keys. Hence this patch renames get_asymmetric_key() to get_public_key() and drops the "private" argument. Similarly, free_asymmetric_key() is renamed to free_public_key().
crypto: Rename check_key_file() -> check_private_key_file(). For public keys the function only called stat(2), which is unnecessary because only an error from the subsequent open(2) call requires to fail the operation. The stat() call is needed for loading private keys though, to make sure permissions are restrictive enough. This commit renames the function as indicated in the subject and drops the second parameter. In crypt.c we now call this function for private keys only.
Merge branch 'refs/heads/t/openssl-1.1' In openssl-1.1 several structures have been made opaque, breaking both the stream cipher and the public key functions in crypt.c. This series deals with these issues, trying to minimize the ifdeffery. * refs/heads/t/openssl-1.1 (cooking for three months): openssl: RSA fixes for openssl-1.1. openssl: Use EVP API for AES.
openssl: RSA fixes for openssl-1.1. In openssl-1.1 the RSA structure has been made opaque, causing compilation of crypt.c to fail because the code accesses ->n and ->e directly to set the modulus and the public exponent according to the values read from the public ssh key. With openssl-1.1 applications are supposed to call RSA_set0_key() to set n and e. Unfortunately, this function does not exist in openssl-1.0.2. This patch adds a configure check which defines HAVE_RSA_SET0_KEY if RSA_set0_key() is available. In crypt.c we either call the function or set ->n and ->e directly, depending on whether HAVE_RSA_SET0_KEY is defined. This results in code which works on both openssl-1.0.2 and openssl-1.1.0.
openssl: Use EVP API for AES. opensssl-1.1 no longer exports AES_set_encrypt_key() and AES_ctr128_encrypt(). Applications are supposed to use the high-level EVP interface instead. Fortunately, the EVP library functions necessary for our use of the AES_ctr128 stream cipher are available in openssl version 1.0.1 and above, so switching to the EVP API makes the code work with all versions >= 1.0.1.
base64: Saner semantics for base64_decode() and uudecode(). Currently the callers of these functions must allocate a suitably sized buffer for the decoded data. It is easier to let the decoders allocate the result buffer, as implemented in this commit. The callers in crypt.c and gcrypt.c are adjusted accordingly.
Move base64 implementation to own file. The base64 decoder is independent of anything else, so it should not be part of the crypto API. This patch moves the two public functions uudecode() and base64_decode() to a new file, base64.c, and introduces base64.h to declare them.
Update year in copyright headers. Done with files=$(git grep -l 'Copyright (C) [0-9]\{4\}\(-2014\)* Andre Noll') sed --in-place= -e 's/Copyright (C) \([0-9]\{4\}\)-2014 Andre Noll/Copyright (C) \1 Andre Noll/1' $files In previous years we ran a similar script to set the second year in the range to the current year. This is kind of silly, so let's get rid of this useless information. This commit replaces "Copyright (C) A-B" by "Copyright (C) A" in all file headers, i.e. only the first year (A) is left in. Accurate information including time stamps for each change can be obtained from the git history.
doc: Change email address to maan@tuebingen.mpg.de The mail server on systemlinux.org was down for more than a week lately, so let's use an alternative official address. This commit changes all maan@systemlinux.org addresses to maan@tuebingen.mpg.de. Most .c and .h files contain the email address in the copyright header, so they must all be patched. Three other files contain the address for a different reason: * README lists email and git, gitweb and home page URLs * configure.ac needs it for configure -h * version.c contains it for the -V option of all commands
Merge branch 't/misc' Various fixes, improvements, cleanups. Cooking since 2014-02-22. * t/misc: (29 commits) build: Don't link with -lreadline if readline was not found. audiod: Skip NULL pointer check in compute_time_diff(). audiod: Make compute_time_diff() return void. com_stat(): Remove pointless uptime variable. gcrypt: Fix gcc warning on Ubuntu Lucid. flac: Try to link also without -logg. version.c: Fix comment of version_single_line(). doxygen: Expand all macros, in particular config.h. recv_common.c: Improve documentation of check_receiver_arg(). audiod: get_time_string() comment fix. configure: Really print opus audio file handler if opus lib was found. Overhaul doxygen main page. afs.h: Don't try to list all supported audio formats. Change copyright year to 2014. Add link to sideband.h in doxygen main page. Doxify error2.c and add GPL header. Add -Wdeclaration-after-statement. Add some missing includes. Makefile.real: Add clean2 to the list of phony targets. mood.c: Fix a trivial whitespace issue. ...
Change copyright year to 2014. This year, we're really on time. The changes in this patch were created by the following silly script: files=$(git grep -l 'Copyright (C) [0-9]\{4\}\(-2013\)* Andre Noll') sed --in-place= -e 's/Copyright (C) \([0-9]\{4\}\)-2013 Andre Noll/Copyright (C) \1-2014 Andre Noll/1' $files sed --in-place= -e 's/Copyright (C) 2013 Andre Noll/Copyright (C) 2013-2014 Andre Noll/1' $files