Commit Graph

415 Commits

Author SHA1 Message Date
Dmitry Podgorny
b3e355736f event: move xmpp_ctx_set_timeout() to the Event loop module
xmpp_ctx_set_timeout() belongs to the event loop. Move it to provide
better doxygen documentation.
2021-11-25 19:29:07 +02:00
Steffen Jaeckel
bf1348e89d add required internal TLS API's for dummy and schannel
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-10-28 17:23:32 +02:00
Steffen Jaeckel
795675d1aa implement certificate verification API for GnuTLS
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-10-28 17:23:32 +02:00
Steffen Jaeckel
12009a009d implement certificate verification API for OpenSSL
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-10-28 17:23:32 +02:00
Steffen Jaeckel
f23ac83c95 add callback functionality on certificate verification failure
Based on the differences to libmesode this functionality has been added.

It allows a library-user to set a callback for cases where the TLS stack
can't verify a received certificate and let the end-user decide what to
do.

examples/basic implements an example handler of said functionality.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-10-28 14:42:11 +02:00
Steffen Jaeckel
2dc20d13fb declare function static
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-10-26 14:11:43 +02:00
Steffen Jaeckel
e26548375e move "SENT: ..." debug statement to the place where it belongs
This also adds a "QUEUED: ..." debug statement at verbosity level 2.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-07-22 23:44:40 +02:00
Steffen Jaeckel
e73cdb57f3 More debug printing of queue details
This adds a new API function xmpp_ctx_set_verbosity() to set increased
verbosity levels.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-07-22 23:44:40 +02:00
Steffen Jaeckel
fcc4f8c680 skip further processing on TLS error
While reading through the code this seemed logical to do.
I haven't seen this occuring in the wild!

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-07-22 23:44:40 +02:00
Steffen Jaeckel
a1de389e45 return early when nothing would be logged
This returns early in case

1. no log handler is set
2. the default log handler is set and the log level would result in nothing
   being printed.

No need to snprintf() and whatnot if there's no consumer.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-07-22 23:44:40 +02:00
Steffen Jaeckel
4ef5b2d449 re-factor sending
Put sending of data into its own function which takes ownership of the
data and therefor minimizes the number of allocations and frees.

This also slightly improves error handling and printing of debug
information.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-07-22 23:44:40 +02:00
Steffen Jaeckel
ad9e9d5dbd add xmpp_strndup()
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-07-22 23:44:40 +02:00
Dmitry Podgorny
f19ed572f0 stanza: remove trailing spaces 2021-07-17 01:21:49 +03:00
sshikaree
f27d95fe43 Checking for errros in a xmpp_stanza_reply_error() 2021-07-08 09:44:23 +03:00
Dmitry Podgorny
2bf1988b3c parser: fix memory leak in error path for depth more than 1
If parser has an unfinished stanza with depth > 1, it can happen that
parser->stanza points to a child. Releasing the child doesn't free the
parent stanza.

Instead of releasing parser->stanza in parser_reset() and parser_free(),
find the top most parent and release the whole tree. Also add a test
case for this memory leak.
2021-06-27 03:44:55 +03:00
Steffen Jaeckel
2509ed8424 fixup minor gnutls things
* gcc complained about missing include
* remove unnecessary debug statement

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-03-24 14:47:18 +02:00
Dmitry Podgorny
e77cd53215 conn: fix segfault in xmpp_connect_client() when jid not set 2021-03-23 02:12:55 +02:00
Dmitry Podgorny
588aea4f54 tls/gnutls: zeroize allocated tls object
Initialize tls object with 0. This also sets tls->client_cert to NULL.
2021-03-23 02:11:09 +02:00
Dmitry Podgorny
ee5f9fb77b tls/openssl: fix openssl-3.0.0 support
3.0.0 includes the "id-on-xmppAddr" object and OBJ_create() returns
NID_undef if we try to create a new one.
2021-03-23 02:08:22 +02:00
Dmitry Podgorny
4790a61437 tls/openssl: fix openssl-0.9.8 support
0.9.8 doesn't implement GENERAL_NAME_get0_otherName().
2021-03-23 02:07:00 +02:00
Steffen Jaeckel
27be6acaeb add tls_id_on_xmppaddr() for GnuTLS
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-03-23 02:04:59 +02:00
Steffen Jaeckel
9a0e070c24 add missing API to other TLS implementations
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-03-23 02:04:59 +02:00
Steffen Jaeckel
18c95fa7bd add support for client authentication via certificates
The SASL EXTERNAL method is implemented to make this possible.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-03-23 02:04:59 +02:00
Dmitry Podgorny
ecf6457cdb conn: send stream attribute "from" after TLS negotiation
RFC6120 states that client SHOULD send the "from" attribute in <stream>.

Because of privacy concerns attribute "from" should be sent only after
TLS negotiation. This step ensures that the server is verified by its
certificate and protects JID from MITM attack.

Fixes #163.
Also should be helpful for #162.
2021-03-21 17:09:35 +02:00
Dmitry Podgorny
db8a511f68 style: remove extra const keyword from interfaces
Const variables in prototypes don't add much value, but make the code
larger and redundant. Remove these const keywords.
Note, this doesn't apply to pointers to const memory.
2021-03-19 22:12:15 +02:00
Dmitry Podgorny
09229e2cd5 conn: remove extra ; symbol 2020-10-07 20:18:20 +03:00
Dmitry Podgorny
c07ac0a68d conn: don't crash when user sets password to NULL
Make it possible to reset password to NULL. It is not required for
ANONYMOUS authentication. Also, report an error and disconnect if
password is not set and libstrophe should try authentication mechanisms
other than ANONYMOUS.
2020-09-30 20:56:52 +03:00
Dmitry Podgorny
60ce94c267 auth: add missed space in log message 2020-09-30 20:43:32 +03:00
Dmitry Podgorny
acced31192 tls/openssl: Fix undefined error codes for LibreSSL
LibreSSL doesn't define all error codes which OpenSSL defines. Wrap them
with #ifndef.

Reference: https://bugs.gentoo.org/744127
2020-09-24 13:34:49 +03:00
Dmitry Podgorny
4d93b6c0d6 Check for va_copy declaration
ctx.c contains a workaround for systems without va_copy() support.
Improve this workaround in the way which is described in the autoconf
manual.

Also check for va_copy declaration in configure time.

Fixes #160.
2020-09-16 00:07:41 +03:00
Dmitry Podgorny
4dd78be10d tls/openssl: fix compilation with older openssl
Not all error codes are present in older versions of openssl.
2020-09-15 03:07:02 +03:00
Dmitry Podgorny
8c076ac969 stanza: remove attribute xmlns in xmpp_stanza_reply() 2020-09-15 02:21:18 +03:00
Dmitry Podgorny
7c68aced35 stanza: add xmpp_stanza_reply_error()
This function makes an error reply stanza as described in
https://tools.ietf.org/html/rfc6120#section-8.3
2020-09-15 02:19:20 +03:00
Dmitry Podgorny
197896ba1b tls/openssl: improve logging
Log error names and codes to increase verbosity in debug mode.
2020-06-18 22:18:59 +03:00
Dmitry Podgorny
bef411f319 sha1: fix zeroing storage
Compilers remove dead assignments in optimization phase. But SHA1 code
uses them for wiping of sensitive data.  Fix this with the trick used
by openssl.
2020-06-18 22:14:04 +03:00
Dmitry Podgorny
7f5ce7d2ae sha1: remove SHA1HANDSOFF
We don't support configuration when SHA1 functions overwrite user's
data. So remove this code not to confuse.
2020-06-19 00:51:33 +03:00
Dmitry Podgorny
50a4a983cd handler: add documentation for global timed handlers 2020-06-06 00:11:24 +03:00
Dmitry Podgorny
428681a185 stanza: add xmpp_stanza_new_from_string()
This function creates a stanza object from a string. The string must
contain a single complete stanza. Multiple stanzas will lead to memory
leak and this is not handled in the patch.
2020-06-04 03:44:21 +03:00
Dmitry Podgorny
3dcc5a60f2 Introduce global timed handlers
There are situations when applications need more predictable timed
handlers that don't depend on connection status. Other usecase of
the global handlers is to manage offline connections, for example,
reconnect after a disconnection.
2020-06-03 02:11:40 +03:00
Dmitry Podgorny
a65dd1059d resolver: don't build legacy win32 code with c-ares
Fix ifdef macros to exclude legacy win32 code when it is not needed.
2020-05-31 21:43:09 +03:00
Dmitry Podgorny
7c83eb0efa windows: rewrite headers in lower case
Otherwise, compilation fails on systems that are case sensitive.

Reference: #159.
2020-05-31 21:03:44 +03:00
Steffen Jaeckel
f2c658723f clean-up 2020-04-30 12:03:57 +02:00
Dmitry Podgorny
1c4cb66f5a conn: remove ternary operator
Remove ternary operator where it is redundant.
2020-04-28 23:40:46 +03:00
Dmitry Podgorny
3063d886bd sasl: remove unused argument
_add_key() is a static function which is used only for DIGEST_MD5. Its
argument 'len' is not used and remains 0. Remove it.
2020-03-31 18:58:36 +03:00
Oleg Synelnykov
198bdd77d0 Remove -Wno-unused-parameter
Introduced UNUSED macro with cast to void in commoh.h for internal
use. Used cast to void directly in those files which do not
include common.h. Although this change doesn't fix semantic issues
with unused function parameters, it does explicitly mark all those
places, which might require attention in future.
2020-03-31 17:37:12 +03:00
Dmitry Podgorny
20c039fdb8 sock: replace sockaddr with sockaddr_storage
sockaddr structure may be insufficient to hold IPv6 address. Replace it
with sockaddr_storage structure.

Fixes #153.
2020-03-31 16:29:09 +03:00
Dmitry Podgorny
c92fc849e7 Remove C++ files
Libstrophe used to provide incomplete C++ API which missed connection
class and wasn't supported for a long time. Remove this API.
2020-02-22 23:19:40 +02:00
Dmitry Podgorny
faa46d28a5 scram: fix HMAC-SHA-512
HMAC was originally implemented for SHA1 digest according to RFC2104.
The RFC defined blocksize for all digests as 64 bytes. But RFC4868
requires blocksize for SHA384/SHA512 to be 128 bytes.

Extend HMAC implementation to support variable blocksize and fix it for
SHA384/SHA512.
2020-01-31 01:59:42 +02:00
Dmitry Podgorny
1ca10fd167 Fix SASL SCRAM implementation
* Add SCRAM_DIGEST_SIZE macro for maximum possible digest size. It will
  avoid new buffer overflow errors when new digests are added.
* Fix buffer overflow in sasl_scram(). Buffers were allocated for SHA1
  digest size.
* Fix bug with handler re-registration when a SASL SCRAM mechanism
  fails.
2020-01-31 01:59:42 +02:00
Steffen Jaeckel
771d5865ae add SCRAM-SHA-256 and SCRAM-SHA-512 support 2020-01-31 01:59:42 +02:00