1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/ssl.c

    From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Monday, December 18, 2023 22:03:04
    https://gitlab.synchro.net/main/sbbs/-/commit/6ae3c80132f7f2707a4aaa1e
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Add lprintf declaration here (hack)

    This is always going to call the terminal server's lprintf function (when used with libsbbs.so/sbbs.dll) which is probably not what was intended.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Tuesday, December 19, 2023 01:36:24
    https://gitlab.synchro.net/main/sbbs/-/commit/c9a18cc4dffcd3be240d32aa
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Don't load a cert unless the scfg_t is prepped.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Tuesday, December 19, 2023 01:37:33
    https://gitlab.synchro.net/main/sbbs/-/commit/e3365aa3e9db55b43c07d21d
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    No point checking prepped here

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Wednesday, December 20, 2023 15:15:17
    https://gitlab.synchro.net/main/sbbs/-/commit/8f089bf01169601da4275d7a
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Fix DO() macro in ssl.c

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Wednesday, December 20, 2023 15:44:22
    https://gitlab.synchro.net/main/sbbs/-/commit/9d06452d26d4495e10bcbb9d
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Properly handle the cert when adding private key fails

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Wednesday, December 20, 2023 15:47:32
    https://gitlab.synchro.net/main/sbbs/-/commit/c56af712ad619df69b93b0ad
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Fix bug in last commit to this file.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Wednesday, December 20, 2023 15:49:24
    https://gitlab.synchro.net/main/sbbs/-/commit/6b0df81a4a032587c2486460
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    A little bit more fixins...

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thursday, December 21, 2023 18:07:29
    https://gitlab.synchro.net/main/sbbs/-/commit/798f1d058a73c9549830f787
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Check return value of malloc() and log failure

    Fix CID 471381

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Tuesday, January 09, 2024 09:15:22
    https://gitlab.synchro.net/main/sbbs/-/commit/7d157b980e97dbb87258b49e
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    You can't just screw around with a pair of shared linked lists
    without locking! That's chaos!

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Tuesday, January 09, 2024 09:18:47
    https://gitlab.synchro.net/main/sbbs/-/commit/4050fabe5ff89660555f9183
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Eliminate LOR introduced in previous commit.

    Since lock_ssl_cert() is a reader lock, there shouldn't be a whole
    lot of contention on aquiring it anyway, and we can thundering herd
    our way out of it when it clears.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Friday, January 19, 2024 12:09:37
    https://gitlab.synchro.net/main/sbbs/-/commit/88bbe26bf67384f213df0dc1
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Use new rwlock for ssl certificate.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Friday, January 19, 2024 12:09:37
    https://gitlab.synchro.net/main/sbbs/-/commit/c2499626c59ea535f8dc2b5e
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Merge branch 'use-rwlock' into 'master'

    Use new rwlock for ssl certificate.

    See merge request main/sbbs!386

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Friday, January 19, 2024 16:22:20
    https://gitlab.synchro.net/main/sbbs/-/commit/c47e29612c1f78bf1bb835ba
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Clean up and push down locks.

    Now each lock has an easily understandable purpose, and covers the
    lowest possible amount of code.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Friday, January 19, 2024 16:30:19
    https://gitlab.synchro.net/main/sbbs/-/commit/9fdb5950548fe41960d8bbe0
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Fix GCC warnings

    warning: value computed is not used

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Friday, January 19, 2024 16:49:50
    https://gitlab.synchro.net/main/sbbs/-/commit/5e3c60b9a154ee1e64710f83
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Have get_sess_list_entry() verify the correct epoch

    With this, it's not strictly necessary to clear cert_list in ssl_sync()
    when the certificate changes, but it's still a good idea to prevent
    unusable memory from being held onto.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Friday, January 19, 2024 16:49:50
    https://gitlab.synchro.net/main/sbbs/-/commit/a437c173ec7c7dfa35625e2e
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    May as well make sure internal_do_cryptInit() actually works.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Monday, January 22, 2024 14:57:23
    https://gitlab.synchro.net/main/sbbs/-/commit/0700951f70912e516305c181
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Mutex-protect access to cryptfail.

    Totally not sketchy, trust me.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Monday, January 22, 2024 19:40:40
    https://gitlab.synchro.net/main/sbbs/-/commit/0aa72717d5701c3d52259674
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Friendly cryptlib version check failure handling

    <Deuce> Feel free to not lock the mutex and never free/NULLify that string. <Deuce> Should be nicer for people with separate logs, and a few bytes never hurt anyone.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Wednesday, February 07, 2024 23:00:19
    https://gitlab.synchro.net/main/sbbs/-/commit/bffceeba0fcdcacfd828351e
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    asprintf() on Linux does not guarantee to set the ptr to NULL on error.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Sunday, March 09, 2025 06:51:55
    https://gitlab.synchro.net/main/sbbs/-/commit/d1c741d07362a4a3327532f7
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Incremental backoff on loading SSL cert

    Try for 16 seconds (14 loops) to load the SSL certificate.

    On the first time through the loop, create self-signed certificate
    if configured to do so.

    This also splits the generation of the self-signed certificate into
    a separate function.

    While we're here, split the new SSL epoch out into a separate function
    as well, and explicitly call it when we create a new self-signed
    cert. This at least partially fixes the epoch thing, but there's
    still the possibility of creating it multiple times in the same
    second... the file date isn't really enough.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 19:41:53
    https://gitlab.synchro.net/main/sbbs/-/commit/e3c1569fc5a74ca9bb76c62c
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    ssl: assert CRYPTLIB_PATCHES literal is at least 32 chars (CID 483188)

    CRYPTLIB_PATCHES is generated at build time by 3rdp/build/hashpatch.pl
    as a 32-char MD5 plus " -" (36 bytes including NUL). If hashpatch.pl
    fails to run, the macro can be left empty, and the existing
    memcmp(patches, CRYPTLIB_PATCHES, 32) reads 32 bytes off the end of a
    1-byte empty literal Ä Coverity flags this as OVERRUN. Add a
    _Static_assert at the top of internal_do_cryptInit() so a malformed
    build fails to compile instead of producing a binary that may either
    overrun or run a broken patch check.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 19:41:53
    https://gitlab.synchro.net/main/sbbs/-/commit/c34274cdbba23fb7f5bcba2a
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    ssl: suppress destroy_session false positives (CIDs 479100, 530506)

    CID 530506 (psess->next MISSING_LOCK): Coverity confused the two
    distinct list mutexes. sess_list nodes (and their next fields) are
    protected by ssl_sess_list_mutex, which IS held at the flagged write.
    The cert_list (separate list, separate mutex) shares the cert_list
    struct type but has no overlap Ä a node lives in exactly one list at
    a time.

    CID 479100 (sess ATOMICITY across two locked sections): After sess is
    removed from sess_list under ssl_sess_list_mutex, no other thread can
    reach it via either list. It's thread-local until appended to
    cert_list under ssl_cert_list_mutex. The "second locked section" only
    touches a pointer this thread exclusively owns.

    Add SUPPRESS comments documenting both invariants.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 22:36:57
    https://gitlab.synchro.net/main/sbbs/-/commit/0f04514cb45809851b631961
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    ssl: cast DO() to void in get_ssl_cert key load (CID 544155)

    The cryptGetPrivateKey result is captured via the cert_entry->cert out-parameter and the loop's 'cert == -1' check, which is the actual
    condition the caller acts on. The DO() macro return is informational
    only here. Make the discarded return explicit.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Thursday, May 07, 2026 01:03:39
    https://gitlab.synchro.net/main/sbbs/-/commit/a62f38d5ba9491e2c89227d7
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    ssl: fix macOS build of internal_do_cryptInit (CID 483188 follow-up)

    e3c1569fc added a _Static_assert that CRYPTLIB_PATCHES is at least
    32 chars, but some build configs (macOS, exec/testbuild.js nightly)
    define it empty to deliberately skip the patch-version check. The
    assert tripped that build.

    Replace the assert with a sizeof() runtime guard wrapping the cryptGetAttributeString / memcmp / asprintf block. Compilers fold
    the sizeof comparison constant per build, so:
    - When CRYPTLIB_PATCHES is the real 36-byte literal, the block is
    kept and Coverity sees the memcmp is safely bounded.
    - When CRYPTLIB_PATCHES is "", the block is dropped entirely and
    we never attempt the 32-byte read past the empty literal.

    GitLab CI pipelines pass; this only affects the nightly testbuild configurations that leave CRYPTLIB_PATCHES empty.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net