Commit Graph

127 Commits

Author SHA1 Message Date
csoler
0d7df568b4 moved rsconfigitems and rshistoryitems to rsitems/ 2017-04-24 22:47:08 +02:00
csoler
e75487e48a suppressed a few warnings (suggested by Phenom) 2017-02-25 23:16:43 +01:00
csoler
8c3f553579 fixed compilation with openssl1.0.1 broken by previous commits 2017-02-20 22:54:25 +01:00
csoler
5c95b88095 compilation fix for openssl-1.1.0 (pqissl+authssl part) 2017-02-19 22:38:02 +01:00
Phenom
674b6de381 Fix Some gcc warnings 383 to 208 lines
Left explicit #warning and deprecated.
Some lines are wrong indented and produce mal formed code.
2016-11-30 22:01:01 +01:00
Phenom
275c47eff9 Add Title when ask for password. 2016-08-09 01:22:14 +02:00
Cyril Soler
f3aed813af added test over signature size to avoid possible memory corruption (Anonymous source) 2016-05-17 10:39:56 -04:00
cave beat
9843c8381b added openSSL option SSL_OP_SINGLE_DH_USE regarding CVE-2016-0701
tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL 1.0.2 users should upgrade to 1.0.2f. If an application is using DH configured with parameters based on primes that are not "safe" or not Lim-Lee (as the one in RFC 5114) and either Static DH ciphersuites are used or DHE ciphersuites with the default OpenSSL configuration (in particular SSL_OP_SINGLE_DH_USE is not set) then is vulnerable to this attack.
2016-02-14 18:49:37 +01:00
csoler
d55993d1e4 removed two instances of malloc(0) captured by new rs_malloc funtion 2016-01-12 21:43:04 -05:00
csoler
d13526facd added a new method rs_malloc that checks its arguments and prints a stacktrace on error/weird call. Changed the code everywhere to use this instead of malloc. Removed some mallocs and replaced with RsTemporaryMemory 2016-01-12 21:10:11 -05:00
csoler
8a41554754 fixed some leaking memory issues in loadList() methods, and also increased consistency by not returning non empty list with deleted items inside 2015-12-30 18:20:09 -05:00
csoler
39672b2df6 fixed typo causing non free of mutex_buf structure in pqissl.cc 2015-10-07 18:59:58 -04:00
thunder2
0ee754939e Removed some unused parameter warnings.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8481 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2015-06-15 22:41:18 +00:00
electron128
7e03f3944b don't store name, location name and date in new SSL certs. Location name is now stored in an extra file. Backwards compatible to old locations and old peers.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8072 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2015-03-25 08:19:45 +00:00
csoler
b02fdce3ad Allow TLSv1.2 while keeping compatibility with TLS1 and 1.1 (Patch from cave)
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7958 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2015-02-19 20:07:40 +00:00
csoler
352d8413c0 fixed stupid mistake in commit 7858 in SSL error handling causing impossibility to connect
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7866 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2015-01-23 19:17:33 +00:00
csoler
2e211a6904 fixed missing error checking in X509 Verify callback
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7858 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2015-01-23 08:13:26 +00:00
thunder2
40bfa50b29 Fixed utf8 issue when using strings with openssl
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7726 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-12-03 23:03:03 +00:00
csoler
d547cb6fdb changed post fixed operator++ into prefixed. More efficient on some systems. Patch from Phenom.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7630 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-10-24 22:07:26 +00:00
csoler
f6db432c74 Merge of branch v0.6-rssocialnet 7419 to 7488. Changes from electron and myself:
- added possibility to modify groups (e.g. edit circles)
- fixed mismatched free/delete in fimonitor.cc, authssl.cc, pqibin.cc (saving encrypted hash cache file)
- improved plugin interface class to allow plugins to access GXS objects.
- added method to un-register notify clients from RsNotify
- fixed pqisslproxy for windows, due to win not properly supporting sockets in non blocking mode.
- removed static members form RsInitConfig and made RsAccounts object a pointer. This prevents plugin initialisation problems at symbol resolving time.
- removed bool return from p3IdService::getOwnIds()



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7492 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-08-25 21:07:07 +00:00
csoler
9aba04982e improved cipher string for higher security
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7365 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-05-11 18:42:16 +00:00
drbob
0e6302ac6a Removed configuration type (uint32) as its not needed or really used.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7212 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-03-29 05:20:57 +00:00
chrisparker126
0f29d28b1b merge of branch v0.6-idclean 7180
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7187 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-03-17 20:56:06 +00:00
drbob
c0738eec7f Merging branches/v0.6-initdev into trunk.
These split at 6672 -> 7075, so quite a bit merge.
libretroshare compiles - but untested.
retroshare-gui needs GenCertDialog.ui and IdEditDialog.ui to be properly merged. (compile errors).
some plugins will be broken.
retroshare-nogui is untested.



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7078 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-02-01 14:16:15 +00:00
csoler
730554d397 improved gui message for known peers that are not friends
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7066 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-01-28 21:33:17 +00:00
csoler
bbdc978d00 improved display/fixed bugs in security item
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7021 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-01-16 19:57:08 +00:00
csoler
613f822133 added new feed item types and logic to show connection attempts from forged certificates (e.g. bad signature, bad certificate)
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7018 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-01-15 20:19:17 +00:00
csoler
630824aa1b Updated the notification system. Main changes are:
- the notification system is now a service, p3Notify, that is a public RsNotify.
- RsNotify does nothing except providing a registration system for new notify clients.
- Clients should derive a notify client from the NotifyClient class and register it to rsNotify
- all registered clients get all notifications, so only derive the needed methods. This should allow 
  plugins to get notifications as well.
- updated the code to call RsServer::notify()->[notification method] from inside libretroshare
- pqiNotify has been removed.



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6996 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2014-01-07 22:51:22 +00:00
csoler
146465a53f fixed cipher list for openssl, since ECDHE is not configured, it cannot be used
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6974 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2013-12-28 21:41:43 +00:00
thunder2
9095e9bd75 Code maintenance for Qt 5:
- Added some more includes needed by MinGW-w64

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6860 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2013-10-21 11:00:49 +00:00
thunder2
72c7569619 Fixed compile of libretroshare on Windows.
Cleaned some includes of openssl.

git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.6-initdev@6769 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2013-09-26 23:53:06 +00:00
csoler
4b44304aec Enabled PFS for SSH connections, based on a 4096 bits safe prime. This is retro-compatible, meaning that old peers will connect to the new one using PFS if they act as a client (meaning they request the connection)
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6738 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2013-09-14 12:28:45 +00:00
drbob
6290d8fed9 Massive commit - changing from sockaddr_in => sockaddr_storage.
In preparation for making RS support IPv6.

NB: This breaks the build of retroshare-gui, as the
sockaddr_storage_xxx fns are only defined as prototypes for now.

All the aux libraries like udp / stun / tcponudp / dht have still to be converted.

These changes will probably break various things and need to be tested thoroughly.




git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.6-initdev@6735 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2013-09-13 14:35:19 +00:00
drbob
f93ed1fb6e - Removed RsIface, and moved configuration options to RsServerConfig (rsconfig.h)
- Fixed cipher list to "HIGH:!DSS:!aNULL:!3DES", which should disable the weak ones, no idea how to force it to PFS (which it should use).
 - fixed void * pointer maths.




git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6584 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2013-08-21 21:36:33 +00:00
csoler
2b9a211184 fixed memory leak in cert signature verification at connect (Patch from Phenom). Also removed some unused variables reported by gcc
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6516 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2013-07-18 22:10:30 +00:00
csoler
4868a90d81 patch from Henry morgan to fix soem typos (e.g misspelled connexion into connection)
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6460 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2013-06-24 21:23:50 +00:00
csoler
66207b81e5 - made the names consistent between ftdata, ftdatamultiplex and tests/
- added missing virtual functions in ftDataRecv
- setup initSSL instance as a static member of AuthSSL, instead of an external (does not change much except the init in rsinit.cc)
- changed p3PeerMgrIMPL to take SSL and PGP ids as parameters. This avoids calling AuthSSL and AuthGPG from the constructor => very helpful for tests.
- added random creation function in t_RsGenericId<>
- added functions setAuthSSL_debug() and setAuthGPG_debug() to manually setup the authSSL and authGPG objects to use. Used in tests.



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6035 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-12-26 18:12:19 +00:00
drbob
069b72e0b2 Merged branch v0.5-gxs-b1 into trunk (from -r 5351 -> 5995)
This brings a huge amount of goodness into the trunk,
but there is still a big chunk todo before it can be released.

 * GXS Backend.
 * GXS Services:
	- Identities.
	- Circles
	- Photos
	- Wiki
	- GxsForums
	- Posted.
 * SSH no-gui server.

See branch commits for more info.

To switch on GXS stuff, enable CONFIG += gxs
in both libretroshare.pro and retroshare-gui.pro



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5996 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-12-16 19:17:11 +00:00
thunder2
78edc7687e Fixed compile of libretroshare on Windows. The corrected pro files are not included.
Moved the includes of rswin.h from the header files to the c files.

git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-gxs-b1@5655 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-10-09 23:07:51 +00:00
csoler
ea29fd624a removed debug info
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5564 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-09-17 20:49:52 +00:00
csoler
8cca9608f2 Fixed report of failing connexion attempts/recepts. Cleaned the code a little bit
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5550 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-09-14 21:04:16 +00:00
csoler
b8cee76fa5 added display of IP address for incoming failed connexion attempts
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5532 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-09-09 20:25:39 +00:00
csoler
60f51c358c - added new certificate format in ConfCertDialog and ConnectFriendWizard, with a button to switch to old format if necessary
- added automatic cleaning of certificates in both formats
- grouped all certificate cleaning/parsing code in rscertificate.cc
- removed unused files cleanupxpgp.h/cc
- added upper/lower case to rsid template.

The new format is to be tested. It is supposed to be much more robust than the previous format,
in particular, allowing any string for location names.


git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5410 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-08-13 19:37:50 +00:00
csoler
fc8dfcf65b Merged branch v0.5-OpenPGP into trunk:
User-level changes:
==================
- libgpgme is not used anymore; it is replaced by a built-in piece of code called OpenPGP-SDK 
  (http://openpgp.nominet.org.uk/cgi-bin/trac.cgi) that was improved to be used by RetroShare
  for handling PGP keys.

- the gnupg keyring is not used anymore. Now, RetroShare has it's own gpg keyring, shared by all instances.
  On linux it's located in ~/.retroshare/pgp/. A lock system prevents multiple locations to read/write keyrings
  simultaneously.

- the trust database from gnupg is not documented, so RetroShare cannot import it. This comes from the fact that
  the GPG standard (RFC4880) asks explicitly not to export trust information. So RetroShare has it's own 
  trust DB shared by locations. This means you need to re-trust people. Sorry for that!

- at start, if no keyring is found, RS will propose to copy the gnupg keyring to use your existing keys. Clicking on 
  "OK" will do the copy, and you should find back all existing locations, except for DSA keys.

- locations for which the suitable keypair is not in the keyring will not be displayed in the login window
- locations for which the suitable keypair is not a RSA/RSA key will not be displayed. RetroShare does not
  support DSA/Elgamal keypairs yet.

- a key import/export exchange function has been added in the certificate creation window (you go there from the login
  window by clicking on "manage keys/locations". This allows to easily create a new location with the same pgp key on
  another computer. To obtain a suitable keypair using gnupg, you need to concatenate the encrypted private key and the 
  public key into an ascii file. This can be done using:
  		gpg -a --export-secret-keys [your ID] > mykey.asc
		gpg -a --export [your ID] >> mykey.asc

- importing a key with subkeys in not yet possible. Please remove subkeys before importing.

- The code has been tested for a reasonnable amount of time, but it's not possible to prevent some new bugs 
  to appear. Please report them asap supplying: call-stacks if possible, and terminal output. In particular,
  openpgp has some assert()'s that should not be triggered unless RetroShare is calling it in an improper way.

Internal changes
================
- a specific component, PGPHandler, takes care of the interface between openpgp-sdk and RetroShare
  openpgp-sdk is c-code, with it's own memory management, which has been kept well separated from 
  RetroShare.

- GPG Ids are now a specific class (not a std::string anymore) for code consistency reasons. As strings are
  still used in many places, this requires a few conversions. In particular, AuthGPG takes strings as
  function params and calls GPGHandler with the proper PGPIdType class. In the future, RetroShare should
  only use PGPIdType. The same will be done for SSL ids.

- signature cleaning is still handled by the Retroshare built-in function, not by openpgp, but we will 
  do this later.

Still to do
===========
- DSA needs subkey handling, since the encryption is performed by a Elgamal subkey. Not sure this will be done.
- GPGIds/SSLIds cleaning (meaning replace strings by appropriate types). Lots of confusion throughout the code in retroshare-gui in particular.
- key removal from keyring. This is a challenge to keep locations synchronised.



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5293 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-07-13 21:53:39 +00:00
csoler
54511ad390 fixed bug in certificate signature
git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5283 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-07-09 20:20:36 +00:00
csoler
0a6c60d2df added filtering of private key for login window, and fixed uid at cert creation time
git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5282 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-07-08 21:06:41 +00:00
thunder2
1885fb66c4 - Enabled compile on Windows (bzip2 library needed).
- Fixed crash after the second call to RsInit::InitRetroShare when keyring does not exist.
The instance of AuthSSL was created twice and AuthGPG was deleted without stopping the thread. Stopped the AuthGPG thread on exit of RetroShare.
- Added the correct path to the keyring for Windows in RsInit::copyGnuPGKeyrings.
- Changed the detection of the portable version on Windows from the file "gpg.exe" to the file "portable".

git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5211 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-06-10 00:29:46 +00:00
thunder2
14c1f9f599 Added dynamic locking function for the OpenSSL library.
This is needed when using OpenSSL from multiple threads.

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5168 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-05-15 13:51:24 +00:00
thunder2
c331098203 Added new message flag for system messages like friend request.
Show "RetroShare" as sender of system messages to myself.
Added new quick view in MessagesDialog to filter system messages.
Changed RetroShare link in friend request message to certificate.
Added new subject image for the system messages (defnax).
Removed not used notify in message service.
Recompile needed.

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5129 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-05-01 09:18:55 +00:00
thunder2
9501a4fe2c Added new friend request toaster from defnax.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5120 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2012-04-25 19:19:16 +00:00