diff options
| -rw-r--r-- | vchat-connection.c | 2 | ||||
| -rwxr-xr-x | vchat-keygen | 7 | ||||
| -rw-r--r-- | vchat-tls.c | 6 | ||||
| -rw-r--r-- | vchat-tls.h | 2 | ||||
| -rw-r--r-- | vchat-ui.c | 13 |
5 files changed, 17 insertions, 13 deletions
diff --git a/vchat-connection.c b/vchat-connection.c index dea69d0..d0abc0d 100644 --- a/vchat-connection.c +++ b/vchat-connection.c | |||
| @@ -166,7 +166,7 @@ int vc_connect(const char *server, const char *port) { | |||
| 166 | #endif | 166 | #endif |
| 167 | #ifdef TLS_LIB_MBEDTLS | 167 | #ifdef TLS_LIB_MBEDTLS |
| 168 | if (_engine == TLS_ENGINE_MBEDTLS) | 168 | if (_engine == TLS_ENGINE_MBEDTLS) |
| 169 | result = vc_mbedtls_connect(serverfd, &vc_store); | 169 | result = vc_mbedtls_connect(server, serverfd, &vc_store); |
| 170 | #endif | 170 | #endif |
| 171 | vc_cleanup_x509store(&vc_store); | 171 | vc_cleanup_x509store(&vc_store); |
| 172 | 172 | ||
diff --git a/vchat-keygen b/vchat-keygen index 91fcbba..4163838 100755 --- a/vchat-keygen +++ b/vchat-keygen | |||
| @@ -29,7 +29,8 @@ if [ ! -e $KEYBASE.key ]; then | |||
| 29 | echo "vchat-keygen: generating RSA key $KEYBASE.key" | 29 | echo "vchat-keygen: generating RSA key $KEYBASE.key" |
| 30 | echo "vchat-keygen: please set passphrase for local security" | 30 | echo "vchat-keygen: please set passphrase for local security" |
| 31 | umask 0077 | 31 | umask 0077 |
| 32 | openssl genrsa -des3 -out $KEYBASE.key 4096 | 32 | openssl ecparam -genkey -name secp384r1 | \ |
| 33 | openssl ec -out $KEYBASE.key -aes256 | ||
| 33 | else | 34 | else |
| 34 | echo "vchat-keygen: private key $KEYBASE.key exists" | 35 | echo "vchat-keygen: private key $KEYBASE.key exists" |
| 35 | fi | 36 | fi |
| @@ -40,11 +41,11 @@ fi | |||
| 40 | echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" | 41 | echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" |
| 41 | cat >$KEYBASE.ca.keyconf <<EOT | 42 | cat >$KEYBASE.ca.keyconf <<EOT |
| 42 | [ req ] | 43 | [ req ] |
| 43 | default_bits = 4096 | ||
| 44 | default_keyfile = user.key | 44 | default_keyfile = user.key |
| 45 | distinguished_name = req_distinguished_name | 45 | distinguished_name = req_distinguished_name |
| 46 | string_mask = nombstr | 46 | string_mask = nombstr |
| 47 | req_extensions = v3_req | 47 | req_extensions = v3_req |
| 48 | default_md = sha384 | ||
| 48 | [ req_distinguished_name ] | 49 | [ req_distinguished_name ] |
| 49 | commonName = Name | 50 | commonName = Name |
| 50 | commonName_max = 64 | 51 | commonName_max = 64 |
| @@ -57,7 +58,7 @@ EOT | |||
| 57 | fi | 58 | fi |
| 58 | echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr" | 59 | echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr" |
| 59 | echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt" | 60 | echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt" |
| 60 | openssl req -new -sha1 -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr | 61 | openssl req -new -sha256 -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr |
| 61 | echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to | 62 | echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to |
| 62 | vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will | 63 | vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will |
| 63 | receive your signed Certificate shortly." | 64 | receive your signed Certificate shortly." |
diff --git a/vchat-tls.c b/vchat-tls.c index eaa12f4..e230487 100644 --- a/vchat-tls.c +++ b/vchat-tls.c | |||
| @@ -475,7 +475,7 @@ static void vc_tls_report_error(int error, char *message) { | |||
| 475 | writecf(FS_ERR, tmpstr); | 475 | writecf(FS_ERR, tmpstr); |
| 476 | } | 476 | } |
| 477 | 477 | ||
| 478 | int vc_mbedtls_connect(int serverfd, vc_x509store_t *vc_store) { | 478 | int vc_mbedtls_connect(const char *servername, int serverfd, vc_x509store_t *vc_store) { |
| 479 | /* Some aliases for shorter references */ | 479 | /* Some aliases for shorter references */ |
| 480 | mbedstate *s = &_mbedtls_state; | 480 | mbedstate *s = &_mbedtls_state; |
| 481 | mbedtls_ssl_config *conf = &_mbedtls_state._conf; | 481 | mbedtls_ssl_config *conf = &_mbedtls_state._conf; |
| @@ -510,7 +510,7 @@ int vc_mbedtls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
| 510 | 510 | ||
| 511 | char *ciphers = getstroption(CF_CIPHERSUITE); | 511 | char *ciphers = getstroption(CF_CIPHERSUITE); |
| 512 | if (!ciphers) | 512 | if (!ciphers) |
| 513 | ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA"; | 513 | ciphers = "TLS1-3-AES-256-GCM-SHA384:TLS1-3-AES-128-GCM-SHA256:TLS1-3-AES-128-CCM-SHA256:TLS1-3-AES-128-CCM-8-SHA256:TLS1-3-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA"; |
| 514 | ciphers = strdup(ciphers); | 514 | ciphers = strdup(ciphers); |
| 515 | for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1; | 515 | for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1; |
| 516 | token = strtok(NULL, ":")) { | 516 | token = strtok(NULL, ":")) { |
| @@ -601,7 +601,7 @@ int vc_mbedtls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
| 601 | ret, "Can not configure parameters on tls context, mbedtls reports: "); | 601 | ret, "Can not configure parameters on tls context, mbedtls reports: "); |
| 602 | return -1; | 602 | return -1; |
| 603 | } | 603 | } |
| 604 | /* TODO: mbedtls_ssl_set_hostname(&ssl, SERVER_NAME) */ | 604 | mbedtls_ssl_set_hostname(ssl, strdup(servername)); |
| 605 | 605 | ||
| 606 | mbedtls_ssl_set_bio(ssl, (void *)(intptr_t)serverfd, static_tcp_send, | 606 | mbedtls_ssl_set_bio(ssl, (void *)(intptr_t)serverfd, static_tcp_send, |
| 607 | static_tcp_recv, NULL); | 607 | static_tcp_recv, NULL); |
diff --git a/vchat-tls.h b/vchat-tls.h index 2771173..60856e2 100644 --- a/vchat-tls.h +++ b/vchat-tls.h | |||
| @@ -40,7 +40,7 @@ char *vc_openssl_version(); | |||
| 40 | 40 | ||
| 41 | #ifdef TLS_LIB_MBEDTLS | 41 | #ifdef TLS_LIB_MBEDTLS |
| 42 | void vc_mbedtls_init_x509store(vc_x509store_t *); | 42 | void vc_mbedtls_init_x509store(vc_x509store_t *); |
| 43 | int vc_mbedtls_connect(int serverfd, vc_x509store_t *); | 43 | int vc_mbedtls_connect(const char* servername, int serverfd, vc_x509store_t *); |
| 44 | ssize_t vc_mbedtls_sendmessage(const void *buf, size_t size); | 44 | ssize_t vc_mbedtls_sendmessage(const void *buf, size_t size); |
| 45 | ssize_t vc_mbedtls_receivemessage(void *buf, size_t size); | 45 | ssize_t vc_mbedtls_receivemessage(void *buf, size_t size); |
| 46 | void vc_mbedtls_cleanup(); | 46 | void vc_mbedtls_cleanup(); |
| @@ -305,9 +305,9 @@ static void sb_flush(struct sb_data *sb) { | |||
| 305 | struct sb_entry *now = sb->entries, *prev = NULL, *tmp; | 305 | struct sb_entry *now = sb->entries, *prev = NULL, *tmp; |
| 306 | while (now) { | 306 | while (now) { |
| 307 | tmp = (struct sb_entry *)((unsigned long)prev ^ (unsigned long)now->link); | 307 | tmp = (struct sb_entry *)((unsigned long)prev ^ (unsigned long)now->link); |
| 308 | prev = now; | ||
| 308 | free(now->what); | 309 | free(now->what); |
| 309 | free(now); | 310 | free(now); |
| 310 | prev = now; | ||
| 311 | now = tmp; | 311 | now = tmp; |
| 312 | } | 312 | } |
| 313 | sb->entries = NULL; | 313 | sb->entries = NULL; |
| @@ -398,7 +398,8 @@ int writecf(formtstr id, char *str) { | |||
| 398 | struct sb_entry *tmp; | 398 | struct sb_entry *tmp; |
| 399 | int i = 0; | 399 | int i = 0; |
| 400 | time_t now = time(NULL); | 400 | time_t now = time(NULL); |
| 401 | snprintf(tmpstr, TMPSTRSIZE, getformatstr(id), str); | 401 | if (snprintf(tmpstr, TMPSTRSIZE, getformatstr(id), str) < 0) |
| 402 | return 0; | ||
| 402 | tmp = sb_add(sb_pub, tmpstr, now); | 403 | tmp = sb_add(sb_pub, tmpstr, now); |
| 403 | 404 | ||
| 404 | if ((sb_pub->scroll == sb_pub->count) && | 405 | if ((sb_pub->scroll == sb_pub->count) && |
| @@ -1369,15 +1370,17 @@ void consoleline(char *message) { | |||
| 1369 | char date[10]; | 1370 | char date[10]; |
| 1370 | time_t now = time(NULL); | 1371 | time_t now = time(NULL); |
| 1371 | strftime(date, sizeof(date), getformatstr(FS_CONSOLETIME), localtime(&now)); | 1372 | strftime(date, sizeof(date), getformatstr(FS_CONSOLETIME), localtime(&now)); |
| 1372 | snprintf(tmpstr, TMPSTRSIZE, "%s%s", date, consolestr); | 1373 | if (snprintf(tmpstr, TMPSTRSIZE, "%s%s", date, consolestr) < 0) |
| 1374 | return; | ||
| 1373 | mvwaddnstr(console, 0, 0, tmpstr, getmaxx(console) - 1); | 1375 | mvwaddnstr(console, 0, 0, tmpstr, getmaxx(console) - 1); |
| 1374 | } else { | 1376 | } else { |
| 1375 | mvwaddnstr(console, 0, 0, message ? message : consolestr, | 1377 | mvwaddnstr(console, 0, 0, message ? message : consolestr, |
| 1376 | getmaxx(console) - 1); | 1378 | getmaxx(console) - 1); |
| 1377 | } | 1379 | } |
| 1378 | 1380 | ||
| 1379 | snprintf(tmpstr, TMPSTRSIZE, getformatstr(FS_SBINF), sb_pub->scroll, | 1381 | if (snprintf(tmpstr, TMPSTRSIZE, getformatstr(FS_SBINF), sb_pub->scroll, |
| 1380 | sb_pub->count); | 1382 | sb_pub->count) < 0) |
| 1383 | return; | ||
| 1381 | mvwaddstr(console, 0, getmaxx(console) - 1 - (strlen(tmpstr) - 1), tmpstr); | 1384 | mvwaddstr(console, 0, getmaxx(console) - 1 - (strlen(tmpstr) - 1), tmpstr); |
| 1382 | if (sb_win == 0) | 1385 | if (sb_win == 0) |
| 1383 | mvwaddch(console, 0, getmaxx(console) - 1, '*'); | 1386 | mvwaddch(console, 0, getmaxx(console) - 1, '*'); |