Commit Graph

433 Commits

Author SHA1 Message Date
moneromooo-monero bc09766bf9
abstract_tcp_server2: improve DoS resistance 2019-06-14 08:47:26 +00:00
moneromooo-monero 39169ace09
epee: basic sanity check on allocation size from untrusted source
Reported by guidov
2019-06-14 08:47:01 +00:00
luigi1111 9c0e9c40ec
Merge pull request #5618
b0a04f7 epee: fix SSL autodetect on reconnection (xiphon)
2019-06-11 18:15:48 -05:00
xiphon b0a04f7d45 epee: fix SSL autodetect on reconnection 2019-06-10 10:40:16 +00:00
moneromooo-monero 35c20c4332
Fix GCC 9.1 build warnings
GCC wants operator= aand copy ctor to be both defined, or neither
2019-06-09 09:39:18 +00:00
Lee Clagett 3544596f9f Add ssl_options support to monerod's rpc mode. 2019-05-22 00:09:11 -04:00
Riccardo Spagni c0bc6d96cd
Merge pull request #5509
a62e0725 net_ssl: SSL config tweaks for compatibility and security (moneromooo-monero)
2019-05-07 17:39:20 +02:00
Riccardo Spagni 2d04b0e500
Merge pull request #5499
a4c4a2d8 blockchain: keep a rolling long term block weight median (moneromooo-monero)
2019-05-07 17:31:45 +02:00
moneromooo-monero a62e072571
net_ssl: SSL config tweaks for compatibility and security
add two RSA based ciphers for Windows/depends compatibility
also enforce server cipher ordering
also set ECDH to auto because vtnerd says it is good :)

When built with the depends system, openssl does not include any
cipher on the current whitelist, so add this one, which fixes the
problem, and does seem sensible.
2019-05-07 10:01:42 +00:00
moneromooo-monero a4c4a2d8aa
blockchain: keep a rolling long term block weight median 2019-05-02 09:47:01 +00:00
moneromooo-monero 5e0da6fb68
change SSL certificate fingerprint whitelisting from SHA1 to SHA-256
SHA1 is too close to bruteforceable
2019-04-26 11:37:15 +00:00
Riccardo Spagni 5d09e39174
Merge pull request #5482
9956500d net_helper: clear recv buffer on eof (moneromooo-monero)
2019-04-24 22:40:12 +02:00
Riccardo Spagni d86dd5fa7c
Merge pull request #5479
edbae2d0 levin_protocol_handler_async: tune down preallocation a fair bit (moneromooo-monero)
2019-04-24 22:39:30 +02:00
moneromooo-monero 9956500d14
net_helper: clear recv buffer on eof 2019-04-23 13:23:17 +00:00
moneromooo-monero edbae2d05b
levin_protocol_handler_async: tune down preallocation a fair bit
It can allocate a lot when getting a lot of connections
(in particular, the stress test on windows apparently pushes
that memory to actual use, rather than just allocated)
2019-04-22 22:35:32 +00:00
moneromooo-monero 7a9316ebef
serialization: set default log category 2019-04-21 09:26:25 +00:00
moneromooo-monero b672d4d6e5
epee: use boost/timer/timer.hpp, boost/timer.hpp is deprecated 2019-04-18 15:12:34 +00:00
Riccardo Spagni c8ce4217cf
Merge pull request #5445
b18f0b10 wallet: new --offline option (moneromooo-monero)
2019-04-16 22:46:53 +02:00
Riccardo Spagni e9527f5eed
Merge pull request #5436
61d63900 net_helper: avoid unnecessary memcpy (moneromooo-monero)
2019-04-16 22:43:15 +02:00
moneromooo-monero b18f0b1051
wallet: new --offline option
It will avoid connecting to a daemon (so useful for cold signing
using a RPC wallet), and not perform DNS queries.
2019-04-15 09:14:12 +00:00
moneromooo-monero 61d63900b9
net_helper: avoid unnecessary memcpy 2019-04-13 13:24:58 +00:00
moneromooo-monero c3cf930f75
abstract_tcp_server2: fix timeout on exit
When closing connections due to exiting, the IO service is
already gone, so the data exchange needed for a gracious SSL
shutdown cannot happen. We just close the socket in that case.
2019-04-12 18:13:31 +00:00
moneromooo-monero 4b3bb829c2
epee: init a new ssl related variable in ctor 2019-04-11 11:10:15 +00:00
moneromooo-monero 9f8dc4ce51
simplewallet: new net_stats command
displays total sent and received bytes
2019-04-11 10:46:41 +00:00
Lee Clagett 2e578b8214 Enabling daemon-rpc SSL now requires non-system CA verification
If `--daemon-ssl enabled` is set in the wallet, then a user certificate,
fingerprint, or onion/i2p address must be provided.
2019-04-07 13:02:43 -04:00
Lee Clagett d58f368289 Require manual override for user chain certificates.
An override for the wallet to daemon connection is provided, but not for
other SSL contexts. The intent is to prevent users from supplying a
system CA as the "user" whitelisted certificate, which is less secure
since the key is controlled by a third party.
2019-04-07 00:44:37 -04:00
Lee Clagett eca0fea45a Perform RFC 2818 hostname verification in client SSL handshakes
If the verification mode is `system_ca`, clients will now do hostname
verification. Thus, only certificates from expected hostnames are
allowed when SSL is enabled. This can be overridden by forcible setting
the SSL mode to autodetect.

Clients will also send the hostname even when `system_ca` is not being
performed. This leaks possible metadata, but allows servers providing
multiple hostnames to respond with the correct certificate. One example
is cloudflare, which getmonero.org is currently using.
2019-04-07 00:44:37 -04:00
Lee Clagett 0416764cae Require server verification when SSL is enabled.
If SSL is "enabled" via command line without specifying a fingerprint or
certificate, the system CA list is checked for server verification and
_now_ fails the handshake if that check fails. This change was made to
remain consistent with standard SSL/TLS client behavior. This can still
be overridden by using the allow any certificate flag.

If the SSL behavior is autodetect, the system CA list is still checked
but a warning is logged if this fails. The stream is not rejected
because a re-connect will be attempted - its better to have an
unverified encrypted stream than an unverified + unencrypted stream.
2019-04-07 00:44:37 -04:00
Lee Clagett 21eb1b0725 Pass SSL arguments via one class and use shared_ptr instead of reference 2019-04-07 00:44:37 -04:00
Lee Clagett a3b0284837 Change SSL certificate file list to OpenSSL builtin load_verify_location
Specifying SSL certificates for peer verification does an exact match,
making it a not-so-obvious alias for the fingerprints option. This
changes the checks to OpenSSL which loads concatenated certificate(s)
from a single file and does a certificate-authority (chain of trust)
check instead. There is no drop in security - a compromised exact match
fingerprint has the same worse case failure. There is increased security
in allowing separate long-term CA key and short-term SSL server keys.

This also removes loading of the system-default CA files if a custom
CA file or certificate fingerprint is specified.
2019-04-06 23:47:06 -04:00
Riccardo Spagni 0baf26c8d6
Merge pull request #5375
1569776a Add missing include (Leon Klingele)
2019-04-06 16:04:06 +02:00
Riccardo Spagni 38317f384c
Merge pull request #5348
59776a64 epee: some more minor JSON parsing speedup (moneromooo-monero)
2019-04-06 16:00:18 +02:00
Riccardo Spagni 1ed6441925
Merge pull request #5327
c23ea796 New interactive daemon command 'print_net_stats': Global traffic stats (rbrunner7)
2019-04-01 17:32:01 +02:00
Riccardo Spagni 87840192dd
Merge pull request #5309
43042a28 Implement array_entry_t copy constructor (Guido Vranken)
2019-04-01 17:28:08 +02:00
Leon Klingele 1569776a52
Add missing include 2019-03-31 18:39:25 +02:00
moneromooo-monero 59776a64ff
epee: some more minor JSON parsing speedup 2019-03-25 14:29:29 +00:00
Lee Clagett 7acfa9f3cc Added socks proxy (tor/i2pd/kovri) support to wallet 2019-03-25 01:35:13 +00:00
Riccardo Spagni 676b17d36d
Merge pull request #5285
6ef816de console_handler: print newline on EOF (moneromooo-monero)
2019-03-24 19:38:04 +02:00
rbrunner7 c23ea7962d New interactive daemon command 'print_net_stats': Global traffic stats 2019-03-24 16:58:57 +01:00
Riccardo Spagni f5d7652f73
Merge pull request #5283
16590294 abstract_tcp_server2: fix crashy race on socket shutdown (moneromooo-monero)
2019-03-21 14:53:03 +02:00
moneromooo-monero 17769db946
epee: fix build with boost 1.70.0
get_io_service was deprecated, and got removed
2019-03-21 11:02:02 +00:00
moneromooo-monero 1659029469
abstract_tcp_server2: fix crashy race on socket shutdown 2019-03-19 16:50:00 +00:00
Guido Vranken 43042a28ec Implement array_entry_t copy constructor
Manually initialize the array_entry_t iterator to ensure it points
to the correct m_array, thereby preventing a potential use-after-free
situation.

Signed-off-by: Guido Vranken <guidovranken@gmail.com>
2019-03-18 00:49:12 +01:00
Riccardo Spagni 4c91eb23a0
Merge pull request #5061
1f2930ce Update 2019 copyright (binaryFate)
2019-03-17 17:49:30 +02:00
moneromooo-monero 6ef816de2b
console_handler: print newline on EOF
This avoids the annoying case where the shell prints its prompt
after the last line from Monero output, causing line editing to
sometimes go wonky, for lack of a better term
2019-03-13 16:52:22 +00:00
Howard Chu b8c2e21cba
Fix startup errors with SSL cert generation
Use SSL API directly, skip boost layer
2019-03-08 15:15:24 +00:00
binaryFate 1f2930ce0b Update 2019 copyright 2019-03-05 22:05:34 +01:00
Martijn Otto 057c279cb4
epee: add SSL support
RPC connections now have optional tranparent SSL.

An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.

SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.

Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.

To generate long term certificates:

openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT

/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.

SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
2019-03-05 14:16:08 +01:00
moneromooo-monero e396146aee
default initialize rpc structures 2019-03-04 22:38:03 +00:00
Riccardo Spagni c83e80c263
Merge pull request #5162
4d3b61a3 Use io_service::work in epee tcp server (Lee Clagett)
2019-03-04 21:33:48 +02:00