23 Commits

Author SHA1 Message Date
Steffen Jaeckel
70a908e18b Release libstrophe-0.12.2
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-08-08 11:48:47 +02:00
Steffen Jaeckel
004a5bf7fc fix infitite looping in resolver
...this time for real ...hopefully :)

fixup of 870f2174d5

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-08-05 14:54:50 +02:00
Steffen Jaeckel
e9bd06354a always print the broken message in the resolver tests
If Valgrind complains in this testcase we found a bug in the internal
resolver implementation, but as we didn't have the broken message we also
couldn't reproduce the failure.
Now we can reproduce it if it happens again.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-08-05 13:59:17 +02:00
Steffen Jaeckel
54b92c0255 re-use _auth_success() instead of copying ...
... and forgetting to 1. clear the password cache and 2. print a message
of what exactly happened ...

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-08-05 12:36:31 +02:00
Steffen Jaeckel
6881a2e770 add option to use clock_gettime() in perf example
This is done to support architectures where `rdtsc()` is not implemented.
In case it is available use `clock_gettime()`. Otherwise still fall back
to use `clock()`.

The first approach was to always use `clock_gettime()` if it is available
but the overhead it brings compared to `rdtsc()` is high, so I chose to
only try to use it if `rdtsc()` is not implemented.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-08-05 12:36:22 +02:00
Steffen Jaeckel
e29f422511 reset relevant parts of SM state on disconnect
Prevent assuming SM is enabled if the connection gets re-used without a
complete destroy&re-create of the connection object.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-08-04 11:54:36 +02:00
Tu Duong Quyet
1a8be1d617 Make it right to check/implement va_copy 2022-08-04 11:52:35 +02:00
Steffen Jaeckel
8ea15cf656 disable ASM in libressl
Valgrind spits a false-positive when the AESNI extension is used from ASM.

https://github.com/libressl-portable/portable/issues/760#issuecomment-1175461956

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-07-11 13:05:57 +02:00
Steffen Jaeckel
a8807feb5c Release libstrophe-0.12.1
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-07-05 00:08:47 +02:00
Steffen Jaeckel
4d15f1db0b disable some LibreSSL builds
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-07-04 20:13:00 +02:00
Steffen Jaeckel
957725348e also run CI tests with OpenSSL 3.0
... and extend build matrix of libressl.

Most of those new libressl build jobs are marked as `continue: true` since
either they don't build or they cause memory leaks (3.5/OPENBSD_7_1)
The `OPENBSD_X_Y` branches are also marked like that since they will
evolve and maybe break at a later point in time. Currently they represent
the buildable versions of their respective releases (3.3.6 resp. 3.4.3).

Also change CI distro to ubuntu-22.04 as using OpenSSL 3 on 20.04 fails.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-07-04 20:12:54 +02:00
Stu Tomlinson
357edbd367 Add XMPP_CONN_FLAG_DISABLE_SM to docs 2022-06-23 17:24:38 +01:00
Stu Tomlinson
3d01915407 Accept PKCS#12 file in either key or cert 2022-06-23 17:24:38 +01:00
Stu Tomlinson
e90a6e9f71 Add getpass() for Windows 2022-06-23 09:44:00 +01:00
Stu Tomlinson
3891b73c44 Open PKCS12 files as binary
Opening as text on Windows causes read failures:
tls DEBUG error:0680008E:asn1 encoding routines::not enough data
2022-06-23 09:44:00 +01:00
Stu Tomlinson
a66c3234d7 Fix tests with OpenSSL 3
RC2-40-CBC is disabled in OpenSSL 3, so recreate cert.emptypass.pfx
using AES-256-CBC
2022-06-23 09:44:00 +01:00
Stu Tomlinson
2a81327ab0 Ignore coding style change in git blame
github supports .git-blame-ignore-revs to ignore certain commits in
blame view, add the coding style change commit to this file

Can be used locally too with:
$ git blame --ignore-revs-file .git-blame-ignore-revs
2022-06-23 09:44:00 +01:00
Stu Tomlinson
1d6714c59b Fix 'make check' when builddir != srcdir 2022-06-23 09:44:00 +01:00
Stu Tomlinson
a771b3d4fe Support building docs when builddir != srcdir 2022-06-23 09:44:00 +01:00
Stu Tomlinson
700abd95b6 Add schannel option to autotools build 2022-06-23 09:43:59 +01:00
Fabrice Fontaine
476dd4c4f7 add --disable-examples
Allow the user to disable build of examples

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2022-06-11 23:31:08 +02:00
Michael Vetter
f0383d50cd Include unistd.h for ssize_t
When compiling on buildroot I get:
`src/tls.c:235:28: error: ‘ssize_t’ undeclared (first use in this
function); did you mean ‘size_t’? `

To have this POSIX type available we will need to include
`sys/types.h` or `unistd.h`.
2022-06-08 10:36:35 +02:00
Steffen Jaeckel
044398eeba update README
* fix link to CI
* improve "Documentation" part
* add comment regarding signing key

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-05-10 13:08:29 +02:00
23 changed files with 374 additions and 93 deletions

2
.git-blame-ignore-revs Normal file
View File

@@ -0,0 +1,2 @@
# Unify coding style with clang-format
562a06425b96450481cdbc88e8872a2bf5a7d8aa

View File

@@ -42,34 +42,45 @@ jobs:
run: |
cat test-suite*.log || true
libressl-tests:
runs-on: ubuntu-20.04
xssl-tests:
runs-on: ubuntu-22.04
strategy:
matrix:
libressl_versions:
- { version: "v3.4.2", continue: true }
- { version: "v3.1.5", continue: false }
- { version: "v2.1.10", continue: false }
xssl_versions:
- { version: "master", continue: true, libressl: true }
- { version: "OPENBSD_7_1", continue: true, libressl: true }
# https://github.com/libressl-portable/portable/issues/760
# - { version: "v3.5.2", continue: true, libressl: true }
- { version: "OPENBSD_7_0", continue: true, libressl: true }
# OPENBSD_7_0 is basically the "fixed v3.4.3"
# - { version: "v3.4.3", continue: true, libressl: true }
- { version: "v3.4.2", continue: true, libressl: true }
- { version: "OPENBSD_6_9", continue: true, libressl: true }
- { version: "v3.1.5", continue: true, libressl: true }
- { version: "v2.1.10", continue: true, libressl: true }
- { version: "openssl-3.0", continue: true, libressl: false }
- { version: "openssl-3.0.4", continue: false, libressl: false }
valgrind:
- { configure: '' , make: 'check' }
- { configure: '--enable-valgrind' , make: 'check-valgrind' }
name: LibreSSL tests
continue-on-error: ${{ matrix.libressl_versions.continue }}
name: xSSL tests
continue-on-error: ${{ matrix.xssl_versions.continue }}
steps:
- uses: actions/checkout@v2
- name: install dependencies
run: |
sudo apt update
sudo apt install -y libtool pkg-config libexpat1-dev valgrind
- name: build&install libressl
- name: build&install the TLS stack
env:
LIBRESSL_COMMIT: ${{ matrix.libressl_versions.version }}
XSSL_COMMITISH: ${{ matrix.xssl_versions.version }}
LIBRESSL: ${{ matrix.xssl_versions.libressl }}
run: |
./travis/before_script.sh
- name: Build the library
run: |
./bootstrap.sh
./configure ${{ matrix.valgrind.configure }} PKG_CONFIG_PATH="${HOME}/libressl/lib/pkgconfig" CFLAGS="-Werror -g3" --prefix="${HOME}/libressl"
./configure ${{ matrix.valgrind.configure }} PKG_CONFIG_PATH="${HOME}/xssl/lib/pkgconfig" CFLAGS="-Werror -g3" --prefix="${HOME}/xssl"
make -j$(nproc)
- name: Run tests
run: |

View File

@@ -1,3 +1,22 @@
0.12.2
- Fix reconnect issues when Stream Management is enabled (#211)
- Fix resolver ... this time for real hopefully (fixup of #200) (#214)
- Fix clearing of password cache on resumed connection (#214)
- Improve detection&implementation of `va_copy` (#213)
- Fix Valgrind CI builds against LibreSSL (#212)
- Fix perf example on platforms where an `rdtsc()` equivalent isn't implemented (#212)
0.12.1
- Fix compilation in buildroot (#207)
- Fixes regarding OpenSSL (#208)
- Fix some build steps when builddir != srcdir (#208)
- Allow the user to disable build of examples (#209)
- CI builds against OpenSSL 3 (#206)
- Change the call signature of the following API:
- xmpp_conn_set_client_cert() - the PKCS#12 file has now to be passed via the `cert`
parameter. Originally it was via `key`. Currently both styles are supported,
but in a future release only passing via `cert` will be accepted.
0.12.0
- Fix potential infinite loop in resolver (#200)
- Prevent potential memory leak in `xmpp_stanza_new_from_string()` (#205)

View File

@@ -874,7 +874,7 @@ WARN_LOGFILE =
# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
# Note: If this tag is empty the current directory is searched.
INPUT = ./
INPUT = $(SRCDIR)
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses

View File

@@ -14,9 +14,11 @@ if TLS_WITH_GNUTLS
SSL_CFLAGS = @gnutls_CFLAGS@
SSL_LIBS = @gnutls_LIBS@
else
if !TLS_WITH_SCHANNEL
SSL_CFLAGS = @openssl_CFLAGS@
SSL_LIBS = @openssl_LIBS@
endif
endif
MINGW_LIBS = @MINGW_LIBS@
@@ -86,9 +88,13 @@ else
if TLS_WITH_GNUTLS
libstrophe_la_SOURCES += src/tls_gnutls.c
else
if TLS_WITH_SCHANNEL
libstrophe_la_SOURCES += src/tls_schannel.c
else
libstrophe_la_SOURCES += src/tls_openssl.c
endif
endif
endif
if PARSER_EXPAT
libstrophe_la_SOURCES += src/parser_expat.c
@@ -113,7 +119,6 @@ EXTRA_DIST = \
jni/Android.mk \
jni/Application.mk \
m4/ax_valgrind_check.m4 \
src/tls_schannel.c \
tests/cert.pem \
tests/cert.pfx \
tests/cert.emptypass.pfx \
@@ -122,6 +127,7 @@ EXTRA_DIST = \
tests/key_encrypted.pem \
tests/res_query_dump.c
if EXAMPLES
## Examples
noinst_PROGRAMS = \
examples/active \
@@ -165,6 +171,7 @@ examples_uuid_LDADD = $(STROPHE_LIBS)
examples_vcard_SOURCES = examples/vcard.c
examples_vcard_CFLAGS = $(STROPHE_FLAGS)
examples_vcard_LDADD = $(STROPHE_LIBS)
endif
## Tests
@@ -318,7 +325,7 @@ test-release-all: dist-archives
echo "Success" && popd
docs:
@doxygen -q
@SRCDIR=$(top_srcdir) doxygen -q $(top_srcdir)/Doxyfile
@VALGRIND_CHECK_RULES@

View File

@@ -1,4 +1,4 @@
libstrophe [![Build Status](https://travis-ci.org/strophe/libstrophe.png?branch=master)](https://travis-ci.org/strophe/libstrophe)
libstrophe [![Build Status](https://github.com/strophe/libstrophe/actions/workflows/main.yml/badge.svg?branch=master)](https://github.com/strophe/libstrophe/actions/workflows/main.yml?query=branch%3Amaster+++)
==========
libstrophe is a lightweight XMPP client library written in C. It has
@@ -82,4 +82,17 @@ by running:
doxygen
or if you have everything configured properly:
make docs
Then open `docs/html/index.html`.
An online version of the documentation of the latest release is available on http://strophe.im/libstrophe/
Releases
--------
Releases are signed with the GPG key with ID `F8ADC1F9A68A7AFF0E2C89E4391A5EFC2D1709DE`.
It can be found e.g. on https://keys.openpgp.org/

View File

@@ -1,6 +1,6 @@
m4_define([v_maj], [0])
m4_define([v_min], [12])
m4_define([v_patch], [0])
m4_define([v_patch], [2])
m4_define([project_version], [v_maj.v_min.v_patch])
m4_define([lt_cur], m4_eval(v_maj + v_min))
@@ -35,10 +35,16 @@ AS_CASE([$PLATFORM],
[haiku], [],
[WARNING_FLAGS="$WARNING_FLAGS -Wextra"])
AC_ARG_ENABLE([examples],
[AS_HELP_STRING([--disable-examples], [turn off examples])],
[case "${enableval}" in yes) examples=true ;; no) examples=false ;; *) AC_MSG_ERROR([bad value ${enableval} for --disable-examples]) ;; esac],[examples=true])
AM_CONDITIONAL([EXAMPLES], [test x$examples = xtrue])
AC_ARG_WITH([libxml2],
[AS_HELP_STRING([--with-libxml2], [use libxml2 for XML parsing, expat is the default])])
AC_ARG_WITH([gnutls],
[AS_HELP_STRING([--with-gnutls], [use GnuTLS for TLS support, OpenSSL is the default])])
AC_ARG_WITH([schannel],
[AS_HELP_STRING([--with-schannel], [use Windows Schannel for TLS support, OpenSSL is the default])])
AC_ARG_ENABLE([tls],
[AS_HELP_STRING([--disable-tls], [disable TLS support])])
AC_ARG_ENABLE([cares],
@@ -80,9 +86,42 @@ AX_VALGRIND_DFLT([helgrind], [off])
AX_VALGRIND_DFLT([sgcheck], [off])
AX_VALGRIND_CHECK
AC_SEARCH_LIBS([clock_gettime], [rt], AC_DEFINE(HAVE_CLOCK_GETTIME,1))
AC_SEARCH_LIBS([socket], [network socket])
AC_CHECK_FUNCS([snprintf vsnprintf], [], [have_snprintf=no])
AC_CHECK_DECLS([va_copy], [], [], [#include <stdarg.h>])
dnl Checking for va_copy availability
AC_MSG_CHECKING([for va_copy])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdarg.h>
va_list ap1,ap2;]], [[va_copy(ap1,ap2);]])],
have_va_copy=yes,
have_va_copy=no)
AC_MSG_RESULT($have_va_copy)
if test x"$have_va_copy" = x"yes"; then
AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
else
AC_MSG_CHECKING([for __va_copy])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdarg.h>
va_list ap1,ap2;]], [[__va_copy(ap1,ap2);]])],
have___va_copy=yes,
have___va_copy=no)
AC_MSG_RESULT($have___va_copy)
if test x"$have___va_copy" = x"yes"; then
AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
fi
fi
if test x"$have_va_copy$have___va_copy" = x"nono"; then
dnl Checking whether va_list is an array type
AC_MSG_CHECKING([whether va_list is an array type])
AC_TRY_COMPILE2([
#include <stdarg.h>
void a(va_list * ap) {}],[
va_list ap1, ap2; a(&ap1); ap2 = (va_list) ap1],[
AC_MSG_RESULT(no)],[
AC_MSG_RESULT(yes)
AC_DEFINE([VA_LIST_IS_ARRAY], [1],[Define if va_list is an array type])])
fi
if test "x$enable_tls" != xno -a "x$with_gnutls" == xyes; then
PKG_CHECK_MODULES([gnutls], [gnutls],
@@ -94,6 +133,10 @@ if test "x$enable_tls" != xno -a "x$with_gnutls" == xyes; then
],
[AC_MSG_ERROR([gnutls not found; gnutls required])]
)])
elif test "x$enable_tls" != xno -a "x$with_schannel" == xyes; then
if test "x$PLATFORM" != xwin32; then
AC_MSG_ERROR([schannel is only supported on Windows])
fi
elif test "x$enable_tls" != xno; then
PKG_CHECK_MODULES([openssl], [openssl],
[PC_REQUIRES="openssl ${PC_REQUIRES}"],
@@ -215,6 +258,7 @@ AM_CONDITIONAL([PARSER_EXPAT], [test x$with_parser != xlibxml2])
AM_CONDITIONAL([DISABLE_TLS], [test x$enable_tls = xno])
AM_CONDITIONAL([NEED_SNPRINTF], [test x$have_snprintf = xno])
AM_CONDITIONAL([TLS_WITH_GNUTLS], [test x$with_gnutls = xyes])
AM_CONDITIONAL([TLS_WITH_SCHANNEL], [test x$with_schannel = xyes])
# define while compiling
AC_DEFINE_UNQUOTED(LIBXMPP_VERSION_MAJOR, [v_maj], [Major version])

View File

@@ -21,6 +21,11 @@
#include <string.h>
#include <unistd.h>
#ifdef _WIN32
#include <conio.h>
#include <ctype.h>
#endif
#include <strophe.h>
static int reconnect;
@@ -149,12 +154,34 @@ void conn_handler(xmpp_conn_t *conn,
}
}
#ifdef _WIN32
static char *getpassword(const char *prompt, size_t maxlen)
{
char *b, *buffer = malloc(maxlen);
size_t i = 0;
b = buffer;
fputs(prompt, stderr);
for (i = 0; i < maxlen; i++, b++) {
char c = _getch();
if (c == '\r' || c == '\n')
break;
*b = c;
}
*b = '\0';
fputs("\n", stderr);
return buffer;
}
#else
#define getpassword(prompt, maxlen) getpass(prompt)
#endif
static int
password_callback(char *pw, size_t pw_max, xmpp_conn_t *conn, void *userdata)
{
(void)userdata;
printf("Trying to unlock %s\n", xmpp_conn_get_keyfile(conn));
char *pass = getpass("Please enter password: ");
char *pass = getpassword("Please enter password: ", pw_max);
if (!pass)
return -1;
size_t passlen = strlen(pass);

View File

@@ -15,6 +15,8 @@
#include <unistd.h>
#ifdef _WIN32
#include <conio.h>
#include <ctype.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <iphlpapi.h>
@@ -94,12 +96,34 @@ static int certfail_handler(const xmpp_tlscert_t *cert,
return read_char[0] == 'y' || read_char[0] == 'Y';
}
#ifdef _WIN32
static char *getpassword(const char *prompt, size_t maxlen)
{
char *b, *buffer = malloc(maxlen);
size_t i = 0;
b = buffer;
fputs(prompt, stderr);
for (i = 0; i < maxlen; i++, b++) {
char c = _getch();
if (c == '\r' || c == '\n')
break;
*b = c;
}
*b = '\0';
fputs("\n", stderr);
return buffer;
}
#else
#define getpassword(prompt, maxlen) getpass(prompt)
#endif
static int
password_callback(char *pw, size_t pw_max, xmpp_conn_t *conn, void *userdata)
{
(void)userdata;
printf("Trying to unlock %s\n", xmpp_conn_get_keyfile(conn));
char *pass = getpass("Please enter password: ");
char *pass = getpassword("Please enter password: ", pw_max);
if (!pass)
return -1;
size_t passlen = strlen(pass);

View File

@@ -20,16 +20,20 @@
#include <stdio.h>
#include <stdint.h>
#include <inttypes.h>
#include <time.h>
static void init_timer(void);
static void t_start(void);
static uint64_t t_read(void);
static const char *perf_time_unit;
#define NUM_SAMPLES 1000u
static void perf_rand(xmpp_ctx_t *ctx)
{
xmpp_rand_t *rng = xmpp_rand_new(ctx);
uint64_t t1, t2;
uint64_t t1, t2, t3 = 0;
unsigned int n;
const size_t alloc_sz = 0x1000u;
size_t sz;
@@ -37,12 +41,12 @@ static void perf_rand(xmpp_ctx_t *ctx)
/* pre-heat */
for (n = 1; n < 4; ++n) {
xmpp_rand_bytes(rng, buf, n * 10);
xmpp_rand_bytes(rng, buf, alloc_sz / n);
}
for (sz = 2; sz <= alloc_sz; sz <<= 1) {
t2 = 0;
for (n = 0; n < 1000u; ++n) {
for (n = 0; n < NUM_SAMPLES; ++n) {
t_start();
t1 = t_read();
@@ -52,10 +56,15 @@ static void perf_rand(xmpp_ctx_t *ctx)
t1 = t_read() - t1;
t2 += t1;
}
t2 /= 1000;
fprintf(stderr,
"Reading %6zu bytes from PRNG took %8" PRIu64 " cycles\n", sz,
t2);
t2 /= NUM_SAMPLES;
fprintf(stderr, "Reading %6zu bytes from PRNG took %8" PRIu64 " %s\n",
sz, t2, perf_time_unit);
if (t3) {
double d3 = (double)t3, d2 = (double)t2;
fprintf(stderr, " +%.2f%%\n",
(d2 - d3) / ((d2 + d3) * 0.5) * 100.);
}
t3 = t2;
}
free(buf);
xmpp_rand_free(ctx, rng);
@@ -90,7 +99,7 @@ static uint64_t rdtsc(void)
unsigned hi, lo;
__asm__ __volatile__("rdtsc" : "=a"(lo), "=d"(hi));
return ((uint64_t)lo) | (((uint64_t)hi) << 32);
#elif defined(LTC_PPC32) || defined(TFM_PPC32)
#elif defined(__POWERPC__)
unsigned long a, b;
__asm__ __volatile__("mftbu %1 \nmftb %0\n" : "=r"(a), "=r"(b));
return (((uint64_t)b) << 32ULL) | ((uint64_t)a);
@@ -116,25 +125,41 @@ static uint64_t rdtsc(void)
uint64_t CNTVCT_EL0;
__asm__ __volatile__("mrs %0, cntvct_el0" : "=r"(CNTVCT_EL0));
return CNTVCT_EL0;
#elif defined HAVE_CLOCK_GETTIME
#define USE_CLOCK_GETTIME
struct timespec result;
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &result);
return result.tv_sec * 1000000000 + result.tv_nsec;
#else
return clock();
#endif
#endif /* __GNUC__ */
/* Microsoft and Intel Windows compilers */
#elif defined _M_IX86 && !defined(LTC_NO_ASM)
#elif defined _M_IX86
__asm rdtsc
#elif defined _M_AMD64 && !defined(LTC_NO_ASM)
#elif defined _M_AMD64
return __rdtsc();
#elif defined _M_IA64 && !defined(LTC_NO_ASM)
#elif defined _M_IA64
#if defined __INTEL_COMPILER
#include <ia64intrin.h>
#endif
return __getReg(3116);
#elif defined HAVE_CLOCK_GETTIME
#define USE_CLOCK_GETTIME
struct timespec result;
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &result);
return result.tv_sec * 1000000000 + result.tv_nsec;
#else
return clock();
#endif
}
#if defined USE_CLOCK_GETTIME
static const char *perf_time_unit = "ns";
#else
static const char *perf_time_unit = "cycles";
#endif
static void t_start(void)
{
timer = rdtsc();

28
m4/ac_try_compile2.m4 Normal file
View File

@@ -0,0 +1,28 @@
dnl Like AC_TRY_EVAL but also errors out if the compiler generates
dnl _any_ output. Some compilers might issue warnings which we want
dnl to catch.
AC_DEFUN([AC_TRY_EVAL2],
[{ (eval echo configure:__oline__: \"[$]$1\") 1>&AS_MESSAGE_LOG_FD; dnl
(eval [$]$1) 2>&AS_MESSAGE_LOG_FD; _out=`eval [$]$1 2>&1` && test "x$_out" = x; }])
dnl Like AC_TRY_COMPILE but calls AC_TRY_EVAL2 instead of AC_TRY_EVAL
AC_DEFUN([AC_TRY_COMPILE2],
[cat > conftest.$ac_ext <<EOF
[#]line __oline__ "configure"
#include "confdefs.h"
[$1]
int main(void) {
[$2]
; return 0; }
EOF
if AC_TRY_EVAL2(ac_compile); then
ifelse([$3], , :, [rm -rf conftest*
$3])
else
echo "configure: failed program was:" >&AS_MESSAGE_LOG_FD
cat conftest.$ac_ext >&AS_MESSAGE_LOG_FD
ifelse([$4], , , [ rm -rf conftest*
$4
])dnl
fi
rm -f conftest*])

View File

@@ -1239,10 +1239,8 @@ static int _handle_sm(xmpp_conn_t *const conn,
}
strophe_free(conn->ctx, queue_element_free(conn->ctx, e));
}
conn->authenticated = 1;
/* call connection handler */
conn->conn_handler(conn, XMPP_CONN_CONNECT, 0, NULL, conn->userdata);
strophe_debug(conn->ctx, "xmpp", "Session resumed successfully.");
_auth_success(conn);
} else if (strcmp(name, "failed") == 0) {
name = NULL;

View File

@@ -79,6 +79,7 @@
#endif
static int _disconnect_cleanup(xmpp_conn_t *conn, void *userdata);
static void _reset_sm_state_for_reconnect(xmpp_conn_t *conn);
static char *_conn_build_stream_tag(xmpp_conn_t *conn,
char **attributes,
size_t attributes_len);
@@ -573,11 +574,12 @@ const char *xmpp_conn_get_keyfile(const xmpp_conn_t *conn)
* \ref xmpp_conn_set_password_callback so the TLS stack can retrieve the
* password.
*
* In case one wants to use a PKCS#12 encoded file, it must be passed via
* the `key` parameter and `cert` must be NULL.
* In case one wants to use a PKCS#12 encoded file, it should be passed via
* the `cert` parameter and `key` should be NULL. Passing a PKCS#12 file in
* `key` is deprecated.
*
* @param conn a Strophe connection object
* @param cert path to a certificate file
* @param cert path to a certificate file or a P12 file
* @param key path to a private key file or a P12 file
*
* @ingroup TLS
@@ -589,13 +591,21 @@ void xmpp_conn_set_client_cert(xmpp_conn_t *const conn,
strophe_debug(conn->ctx, "conn", "set client cert %s %s", cert, key);
if (conn->tls_client_cert)
strophe_free(conn->ctx, conn->tls_client_cert);
if (cert)
conn->tls_client_cert = strophe_strdup(conn->ctx, cert);
else
conn->tls_client_cert = NULL;
conn->tls_client_cert = NULL;
if (conn->tls_client_key)
strophe_free(conn->ctx, conn->tls_client_key);
conn->tls_client_key = strophe_strdup(conn->ctx, key);
conn->tls_client_key = NULL;
if (cert && key) {
conn->tls_client_cert = strophe_strdup(conn->ctx, cert);
conn->tls_client_key = strophe_strdup(conn->ctx, key);
} else if (cert && !key) {
conn->tls_client_cert = strophe_strdup(conn->ctx, cert);
} else if (!cert && key) {
strophe_warn(conn->ctx, "xmpp",
"xmpp_conn_set_client_cert: Passing PKCS#12 in 'key' "
"parameter is deprecated. Use 'cert' instead");
conn->tls_client_cert = strophe_strdup(conn->ctx, key);
}
}
/** Get the number of xmppAddr entries in the client certificate.
@@ -966,6 +976,7 @@ void conn_disconnect(xmpp_conn_t *conn)
conn->tls = NULL;
}
sock_close(conn->sock);
_reset_sm_state_for_reconnect(conn);
/* fire off connection handler */
conn->conn_handler(conn, XMPP_CONN_DISCONNECT, conn->error,
@@ -1168,6 +1179,7 @@ long xmpp_conn_get_flags(const xmpp_conn_t *conn)
* - XMPP_CONN_FLAG_LEGACY_SSL
* - XMPP_CONN_FLAG_TRUST_TLS
* - XMPP_CONN_FLAG_LEGACY_AUTH
* - XMPP_CONN_FLAG_DISABLE_SM
*
* @param conn a Strophe connection object
* @param flags ORed connection flags
@@ -1288,32 +1300,38 @@ xmpp_sm_state_t *xmpp_conn_get_sm_state(xmpp_conn_t *conn)
ret = conn->sm_state;
conn->sm_state = NULL;
if (ret->previd) {
strophe_free(conn->ctx, ret->previd);
ret->previd = NULL;
}
if (ret->can_resume) {
ret->previd = ret->id;
ret->id = NULL;
ret->bound_jid = conn->bound_jid;
conn->bound_jid = NULL;
} else if (ret->id) {
strophe_free(conn->ctx, ret->id);
ret->id = NULL;
}
ret->sm_enabled = ret->sm_support = ret->resume = 0;
if (ret->bind) {
xmpp_stanza_release(ret->bind);
ret->bind = NULL;
}
return ret;
}
static void _reset_sm_state_for_reconnect(xmpp_conn_t *conn)
{
xmpp_sm_state_t *s = conn->sm_state;
if (s->previd) {
strophe_free(conn->ctx, s->previd);
s->previd = NULL;
}
if (s->can_resume) {
s->previd = s->id;
s->id = NULL;
s->bound_jid = conn->bound_jid;
conn->bound_jid = NULL;
} else if (s->id) {
strophe_free(conn->ctx, s->id);
s->id = NULL;
}
s->sm_enabled = s->sm_support = s->resume = 0;
if (s->bind) {
xmpp_stanza_release(s->bind);
s->bind = NULL;
}
}
/**
* @param conn a Strophe connection object
* @param sm_state A Stream Management state returned from a call to

View File

@@ -50,10 +50,22 @@
#include "resolver.h"
#include "util.h"
/* Workaround for systems without va_copy support. */
#if defined(_MSC_VER) && _MSC_VER < 1800 || \
!defined(_MSC_VER) && !defined(HAVE_DECL_VA_COPY)
#define va_copy(d, s) (memcpy(&d, &s, sizeof(va_list)))
#ifndef va_copy
#ifdef HAVE_VA_COPY
#define va_copy(dest, src) va_copy(dest, src)
#else
#ifdef HAVE___VA_COPY
#define va_copy(dest, src) __va_copy(dest, src)
#else
#ifndef VA_LIST_IS_ARRAY
#define va_copy(dest, src) (dest) = (src)
#else
#include <string.h>
#define va_copy(dest, src) \
memcpy((char *)(dest), (char *)(src), sizeof(va_list))
#endif
#endif
#endif
#endif
/** Initialize the Strophe library.

View File

@@ -23,6 +23,10 @@
#include <string.h> /* memeset */
#include <time.h> /* clock, time */
#if !defined(_WIN32)
#include <unistd.h>
#endif
#if !defined(DONT_USE_GETRANDOM) && defined(__linux__) && \
defined(__GLIBC_PREREQ)
#if __GLIBC_PREREQ(2, 25)

View File

@@ -322,7 +322,7 @@ static unsigned message_name_get(const unsigned char *buf,
return 0;
pointer = (label_len & 0x3f) << 8 | buf[i++];
/* Prevent infinite looping */
if (pointer == buf_offset)
if (pointer >= buf_offset)
return 0;
if (name != NULL && name_len >= name_max && name_max > 0) {
/* We have filled the name buffer. Don't pass it recursively. */

View File

@@ -21,6 +21,10 @@
#include <stdarg.h>
#include <string.h>
#if !defined(_WIN32)
#include <unistd.h>
#endif
#include "strophe.h"
#include "common.h"
@@ -217,7 +221,7 @@ int tls_caching_password_callback(char *pw, size_t pw_max, xmpp_conn_t *conn)
int ret;
unsigned char hash[XMPP_SHA1_DIGEST_SIZE];
const char *fname = conn->tls_client_key;
const char *fname = conn->tls_client_cert;
size_t fname_len = strlen(fname);
xmpp_sha1_digest((void *)fname, fname_len, hash);
if (fname_len && fname_len == conn->password_cache.fnamelen &&

View File

@@ -95,7 +95,7 @@ static gnutls_x509_crt_t _tls_load_cert_p12(xmpp_conn_t *conn)
int err = -1;
if (gnutls_pkcs12_init(&p12) < 0)
return NULL;
if (gnutls_load_file(conn->tls_client_key, &data) < 0)
if (gnutls_load_file(conn->tls_client_cert, &data) < 0)
goto error_out;
if (gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0) < 0)
goto error_out2;
@@ -168,7 +168,7 @@ static gnutls_x509_crt_t _tls_load_cert(xmpp_conn_t *conn)
{
if (conn->tls && conn->tls->client_cert)
return conn->tls->client_cert;
if (!conn->tls_client_cert && conn->tls_client_key) {
if (conn->tls_client_cert && !conn->tls_client_key) {
return _tls_load_cert_p12(conn);
}
return _tls_load_cert_x509(conn);
@@ -459,7 +459,7 @@ tls_t *tls_new(xmpp_conn_t *conn)
}
strophe_debug(tls->ctx, "tls", "wrong password?");
}
} else if (conn->tls_client_key) {
} else if (conn->tls_client_cert) {
unsigned int retries = 0;
while (retries++ < conn->password_retries) {
@@ -470,7 +470,8 @@ tls_t *tls_new(xmpp_conn_t *conn)
if (passlen < 0)
continue;
int err = gnutls_certificate_set_x509_simple_pkcs12_file(
tls->cred, conn->tls_client_key, GNUTLS_X509_FMT_DER, pass);
tls->cred, conn->tls_client_cert, GNUTLS_X509_FMT_DER,
pass);
memset(pass, 0, sizeof(pass));
if (err == 0)
break;

View File

@@ -616,7 +616,7 @@ tls_t *tls_new(xmpp_conn_t *conn)
ERR_GET_LIB(err), ERR_GET_REASON(err));
goto err_free_ctx;
}
} else if (conn->tls_client_key) {
} else if (conn->tls_client_cert) {
EVP_PKEY *pkey = NULL;
STACK_OF(X509) *ca = NULL;
X509 *cert = _tls_cert_read_p12(conn, &pkey, &ca);
@@ -974,7 +974,7 @@ _tls_cert_read_p12(xmpp_conn_t *conn, EVP_PKEY **pkey, STACK_OF(X509) * *ca)
return conn->tls->client_cert;
X509 *cert = NULL;
PKCS12 *p12 = NULL;
BIO *f = BIO_new_file(conn->tls_client_key, "r");
BIO *f = BIO_new_file(conn->tls_client_cert, "rb");
if (!f) {
strophe_debug(conn->ctx, "tls", "f == NULL");
goto error_out;
@@ -1034,7 +1034,7 @@ static X509 *_tls_cert_read(xmpp_conn_t *conn)
{
if (conn->tls && conn->tls->client_cert)
return conn->tls->client_cert;
if (!conn->tls_client_cert && conn->tls_client_key) {
if (conn->tls_client_cert && !conn->tls_client_key) {
return _tls_cert_read_p12(conn, NULL, NULL);
}
return _tls_cert_read_x509(conn);

Binary file not shown.

View File

@@ -174,10 +174,10 @@ int main()
xmpp_ctx_t *ctx;
xmpp_rand_t *rand;
resolver_srv_rr_t *srv_rr_list;
char *domain;
char *domain, *rnd_b64;
unsigned char *buf;
unsigned short port;
size_t i;
size_t i, slen;
int ret;
ctx = xmpp_ctx_new(NULL, NULL);
@@ -223,10 +223,18 @@ int main()
ret = resolver_srv_lookup_buf(ctx, buf, sizeof(data2), &srv_rr_list);
if (ret == XMPP_DOMAIN_FOUND && srv_rr_list != NULL)
resolver_srv_free(ctx, srv_rr_list);
strophe_free(ctx, buf);
xmpp_rand_free(ctx, rand);
printf("ok\n");
printf("Broken message was:\n");
rnd_b64 = xmpp_base64_encode(ctx, buf, sizeof(data2));
slen = strlen(rnd_b64);
for (i = 0; i < slen; i += 64) {
printf("%.64s\n", &rnd_b64[i]);
}
strophe_free(ctx, buf);
strophe_free(ctx, rnd_b64);
xmpp_ctx_free(ctx);
return 0;

View File

@@ -13,6 +13,7 @@
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <sys/param.h>
#include "strophe.h"
@@ -42,8 +43,13 @@ int main()
{0, NULL, "tests/cert.emptypass.pfx"},
{0, NULL, "tests/cert.nopass.pfx"},
{1, NULL, "tests/cert.pfx"},
{0, "tests/cert.emptypass.pfx", NULL},
{0, "tests/cert.nopass.pfx", NULL},
{1, "tests/cert.pfx", NULL},
};
const char *srcdir;
char *certbuf, *keybuf;
char xmppaddr_num[] = "0";
unsigned int m, n;
@@ -51,13 +57,29 @@ int main()
log = xmpp_get_default_logger(XMPP_LEVEL_DEBUG);
ctx = xmpp_ctx_new(NULL, log);
srcdir = getenv("srcdir");
certbuf = malloc(MAXPATHLEN);
keybuf = malloc(MAXPATHLEN);
for (m = 0; m < sizeof(client_cert) / sizeof(client_cert[0]); ++m) {
char *certfile = certbuf, *keyfile = keybuf;
conn = xmpp_conn_new(ctx);
if (client_cert[m].pem)
snprintf(certfile, MAXPATHLEN, "%s/%s", srcdir, client_cert[m].pem);
else
certfile = NULL;
if (client_cert[m].key)
snprintf(keyfile, MAXPATHLEN, "%s/%s", srcdir, client_cert[m].key);
else
keyfile = NULL;
if (client_cert[m].needs_callback)
xmpp_conn_set_password_callback(conn, password_callback, NULL);
xmpp_conn_set_client_cert(conn, client_cert[m].pem, client_cert[m].key);
xmpp_conn_set_client_cert(conn, certfile, keyfile);
xmppaddr_num[0] = '0' + xmpp_conn_cert_xmppaddr_num(conn);
@@ -88,6 +110,8 @@ int main()
}
xmpp_conn_release(conn);
}
free(certbuf);
free(keybuf);
xmpp_ctx_free(ctx);
xmpp_shutdown();

View File

@@ -1,14 +1,26 @@
#!/bin/sh
if [ "x$LIBRESSL_COMMIT" != "x" ]; then
cd "$HOME"
git clone https://github.com/libressl-portable/portable.git libressl-git
cd libressl-git
if [ -n "$LIBRESSL_COMMIT" ]; then
git checkout "$LIBRESSL_COMMIT"
fi
./autogen.sh
./configure --prefix="$HOME/libressl"
make -j"$(nproc)"
make install
set -e
[ "x$XSSL_COMMITISH" != "x" ]
if [ "x$LIBRESSL" = "xtrue" ]; then
REPO_URL="https://github.com/libressl-portable/portable.git"
AUTOGEN_CMD="./autogen.sh"
CONFIG_CMD="./configure --prefix=$HOME/xssl --disable-asm"
MAKE_TARGET="install"
else
REPO_URL="https://github.com/openssl/openssl.git"
AUTOGEN_CMD="true"
CONFIG_CMD="./Configure --prefix=$HOME/xssl --libdir=lib"
MAKE_TARGET="install_sw"
fi
cd "$HOME"
git clone --no-checkout "$REPO_URL" xssl-git
cd xssl-git
git checkout "$XSSL_COMMITISH"
$AUTOGEN_CMD
$CONFIG_CMD
make -j"$(nproc)"
make $MAKE_TARGET