Rename renamed nsm.el variables and functions back

* doc/emacs/misc.texi (Network Security): Start working on
updating the NSM bits, but it's unclear how much of the new stuff
to document.

* lisp/net/nsm.el: Rename all nsm-tls-check-* functions to
nsm-protocol-check--* to bring them back into line with the
documentation.
(network-security-protocol-checks): Renamed back again from
`nsm-tls-checks', as this variable is documented and can't just go
away.

diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
index 5877c4b0de1451c617498412282b6768e74c7a56..83fb8acf7c2e41269685562f3f71f16a5fd26a4b 100644 (file)
--- a/doc/emacs/misc.texi
+++ b/doc/emacs/misc.texi
@@ -302,7 +302,10 @@ the Transport Layer Security (@acronym{TLS}) features.
 @vindex network-security-level
 The @code{network-security-level} variable determines the security
 level that @acronym{NSM} enforces.  If its value is @code{low}, no
-security checks are performed.
+security checks are performed.  This is not recommended, and will
+basically mean that your network connections can't be trusted.
+However, the setting can be useful in limited circumstances, as when
+testing network issues.
 
 If this variable is @code{medium} (which is the default), a number of
 checks will be performed.  If as result @acronym{NSM} determines that
@@ -325,13 +328,12 @@ The protocol network checks is controlled via the
 @code{network-security-protocol-checks} variable.
 
 It's an alist where the first element of each association is the name
-of the check, the second element is the security level where the check
-should be used, and the optional third element is a parameter supplied
-to the check.
+of the check, and the second element is the security level where the
+check should be used.
 
 An element like @code{(rc4 medium)} will result in the function
 @code{nsm-protocol-check--rc4} being called like thus:
-@w{@code{(nsm-protocol-check--rc4 host port status optional-parameter)}}.
+@w{@code{(nsm-protocol-check--rc4 host port status settings)}}.
 The function should return non-@code{nil} if the connection should
 proceed and @code{nil} otherwise.
 

diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 69dc86f76fda6594eba48168505ab61469b45f4b..ed700bc9b5defa819ca8744a3de57d671681bfb7 100644 (file)
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -138,27 +138,27 @@ unencrypted."
           (nsm-save-host host port status 'fingerprint nil 'always))
         process)))))
 
-(defcustom nsm-tls-checks
+(defcustom network-security-protocol-checks
   '(;; Old Known Weaknesses.
-    (nsm-tls-check-version                . medium)
-    (nsm-tls-check-compression            . medium)
-    (nsm-tls-check-renegotiation-info-ext . medium)
-    (nsm-tls-check-verify-cert            . medium)
-    (nsm-tls-check-same-cert              . medium)
-    (nsm-tls-check-null-suite             . medium)
-    (nsm-tls-check-export-kx              . medium)
-    (nsm-tls-check-anon-kx                . medium)
-    (nsm-tls-check-md5-sig                . medium)
-    (nsm-tls-check-rc4-cipher             . medium)
+    (version                medium)
+    (compression            medium)
+    (renegotiation-info-ext medium)
+    (verify-cert            medium)
+    (same-cert              medium)
+    (null-suite             medium)
+    (export-kx              medium)
+    (anon-kx                medium)
+    (md5-sig                medium)
+    (rc4-cipher             medium)
     ;; Weaknesses made known after 2013.
-    (nsm-tls-check-dhe-prime-kx           . medium)
-    (nsm-tls-check-sha1-sig               . medium)
-    (nsm-tls-check-ecdsa-cbc-cipher       . medium)
+    (dhe-prime-kx           medium)
+    (sha1-sig               medium)
+    (ecdsa-cbc-cipher       medium)
     ;; Towards TLS 1.3
-    (nsm-tls-check-dhe-kx                 . high)
-    (nsm-tls-check-rsa-kx                 . high)
-    (nsm-tls-check-3des-cipher            . high)
-    (nsm-tls-check-cbc-cipher             . high))
+    (dhe-kx                 high)
+    (rsa-kx                 high)
+    (3des-cipher            high)
+    (cbc-cipher             high))
   "This variable specifies what TLS connection checks to perform.
 It's an alist where the key is the name of the check, and the
 value is the minimum security level the check should begin.
@@ -252,9 +252,10 @@ otherwise."
 (defun nsm-check-tls-connection (process host port status settings)
   "Check TLS connection against potential security problems.
 
-This function runs each test defined in `nsm-tls-checks' in the
-order specified against the TLS connection's peer status STATUS
-for the host HOST and port PORT.
+This function runs each test defined in
+`network-security-protocol-checks' in the order specified against
+the TLS connection's peer status STATUS for the host HOST and
+port PORT.
 
 If one or more problems are found, this function will collect all
 the error messages returned by the check functions, and confirm
@@ -268,23 +269,23 @@ terminating the connection.
 This function returns the process PROCESS if no problems are
 found, and nil otherwise.
 
-See also: `nsm-tls-checks' and `nsm-noninteractive'"
+See also: `network-security-protocol-checks' and `nsm-noninteractive'"
   (when (nsm-should-check host)
     (let* ((results
             (cl-loop
-             for check in nsm-tls-checks
-             for type = (intern (format ":%s"
-                                        (string-remove-prefix
-                                         "nsm-tls-check-"
-                                         (symbol-name (car check))))
-                                obarray)
+             for check in network-security-protocol-checks
+             for type = (intern (format ":%s" (car check)) obarray)
              ;; Skip the check if the user has already said that this
              ;; host is OK for this type of "error".
              for result = (and (not (memq type
                                           (plist-get settings :conditions)))
                                (>= (nsm-level network-security-level)
-                                   (nsm-level (cdr check)))
-                               (funcall (car check) host port status settings))
+                                   (nsm-level (cadr check)))
+                               (funcall
+                                (intern (format "nsm-protocol-check--%s"
+                                                (car check))
+                                        obarray)
+                                host port status settings))
              when result
              collect (cons type result)))
            (problems (nconc (plist-get status :warnings) (map-keys results))))
@@ -325,21 +326,18 @@ See also: `nsm-tls-checks' and `nsm-noninteractive'"
 (declare-function gnutls-peer-status-warning-describe "gnutls.c"
                   (status-symbol))
 
-(defun nsm-tls-check-verify-cert (host port status settings)
+(defun nsm-protocol-check--verify-cert (host port status settings)
   "Check for warnings from the certificate verification status.
 
 This is the most basic security check for a TLS connection.  If
  certificate verification fails, it means the server's identity
- cannot be verified by the credentials received.
-
-Think very carefully before removing this check from
-`nsm-tls-checks'."
+ cannot be verified by the credentials received."
   (let ((warnings (plist-get status :warnings)))
     (and warnings
          (not (nsm-warnings-ok-p status settings))
          (mapconcat #'gnutls-peer-status-warning-describe warnings "\n"))))
 
-(defun nsm-tls-check-same-cert (host port status settings)
+(defun nsm-protocol-check--same-cert (host port status settings)
   "Check for certificate fingerprint mismatch.
 
 If the fingerprints saved do not match the fingerprint of the
@@ -351,7 +349,7 @@ man-in-the-middle attack."
 
 ;; Key exchange checks
 
-(defun nsm-tls-check-rsa-kx (host port status &optional settings)
+(defun nsm-protocol-check--rsa-kx (host port status &optional settings)
   "Check for static RSA key exchange.
 
 Static RSA key exchange methods do not offer perfect forward
@@ -381,7 +379,7 @@ Security (DTLS)\", \"(4.1.  General Guidelines)\"
           "RSA key exchange method (%s) does not offer perfect forward secrecy"
           kx))))
 
-(defun nsm-tls-check-dhe-prime-kx (host port status &optional settings)
+(defun nsm-protocol-check--dhe-prime-kx (host port status &optional settings)
   "Check for the key strength of DH key exchange based on integer factorization.
 
 This check is a response to Logjam[1].  Logjam is an attack that
@@ -397,7 +395,7 @@ exchange in June 2018[2].  To provide a balance between
 compatibility and security, this function only checks for a
 minimum key strength of 1024-bit.
 
-See also: `nsm-tls-check-dhe-kx'
+See also: `nsm-protocol-check--dhe-kx'
 
 Reference:
 
@@ -412,7 +410,7 @@ Diffie-Hellman Fails in Practice\", `https://weakdh.org/'
          "Diffie-Hellman key strength (%s bits) too weak (%s bits)"
          prime-bits 1024))))
 
-(defun nsm-tls-check-dhe-kx (host port status &optional settings)
+(defun nsm-protocol-check--dhe-kx (host port status &optional settings)
   "Check for existence of DH key exchange based on integer factorization.
 
 In the years since the discovery of Logjam, it was discovered
@@ -436,7 +434,7 @@ Diffie-Hellman Backdoors in TLS.\",
        "unable to verify Diffie-Hellman key exchange method (%s) parameters"
        kx))))
 
-(defun nsm-tls-check-export-kx (host port status &optional settings)
+(defun nsm-protocol-check--export-kx (host port status &optional settings)
   "Check for RSA-EXPORT key exchange.
 
 EXPORT cipher suites are a family of 40-bit and 56-bit effective
@@ -461,7 +459,7 @@ of user-visible changes.\" Version 3.4.0,
             "EXPORT level key exchange (%s) is insecure"
             kx)))))
 
-(defun nsm-tls-check-anon-kx (host port status &optional settings)
+(defun nsm-protocol-check--anon-kx (host port status &optional settings)
   "Check for anonymous key exchange.
 
 Anonymous key exchange exposes the connection to
@@ -480,7 +478,7 @@ authentication\",
 
 ;; Cipher checks
 
-(defun nsm-tls-check-cbc-cipher (host port status &optional settings)
+(defun nsm-protocol-check--cbc-cipher (host port status &optional settings)
   "Check for CBC mode ciphers.
 
 CBC mode cipher in TLS versions earlier than 1.3 are problematic
@@ -509,7 +507,7 @@ Security (TLS) and Datagram Transport Layer Security (DTLS)\",
             "CBC mode cipher (%s) can be insecure"
             cipher)))))
 
-(defun nsm-tls-check-ecdsa-cbc-cipher (host port status &optional settings)
+(defun nsm-protocol-check--ecdsa-cbc-cipher (host port status &optional settings)
   "Check for CBC mode cipher usage under ECDSA key exchange.
 
 CBC mode cipher in TLS versions earlier than 1.3 are problematic
@@ -547,7 +545,7 @@ Security (TLS) and Datagram Transport Layer Security (DTLS)\",
             "CBC mode cipher (%s) can be insecure"
             cipher)))))
 
-(defun nsm-tls-check-3des-cipher (host port status &optional settings)
+(defun nsm-protocol-check--3des-cipher (host port status &optional settings)
   "Check for 3DES ciphers.
 
 Due to its use of 64-bit block size, it is known that a
@@ -568,7 +566,7 @@ Current Use and Deprecation of TDEA\",
           "3DES cipher (%s) is weak"
           cipher))))
 
-(defun nsm-tls-check-rc4-cipher (host port status &optional settings)
+(defun nsm-protocol-check--rc4-cipher (host port status &optional settings)
   "Check for RC4 ciphers.
 
 RC4 cipher has been prohibited by RFC 7465[1].
@@ -592,7 +590,7 @@ Reference:
 
 ;; Signature checks
 
-(defun nsm-tls-check-sha1-sig (host port status &optional settings)
+(defun nsm-protocol-check--sha1-sig (host port status &optional settings)
   "Check for SHA1 signatures on certificates.
 
 The first SHA1 collision was found in 2017[1], as a precaution
@@ -627,7 +625,7 @@ SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer
                    algo)
            end))
 
-(defun nsm-tls-check-md5-sig (host port status &optional settings)
+(defun nsm-protocol-check--md5-sig (host port status &optional settings)
   "Check for MD5 signatures on certificates.
 
 In 2008, a group of researchers were able to forge an
@@ -660,7 +658,7 @@ the MD5 Message-Digest and the HMAC-MD5 Algorithms\",
 
 ;; Extension checks
 
-(defun nsm-tls-check-renegotiation-info-ext (host port status
+(defun nsm-protocol-check--renegotiation-info-ext (host port status
                                                   &optional settings)
   "Check for renegotiation_info TLS extension status.
 
@@ -681,7 +679,7 @@ Layer Security (TLS) Renegotiation Indication Extension\",
 
 ;; Compression checks
 
-(defun nsm-tls-check-compression (host port status &optional settings)
+(defun nsm-protocol-check--compression (host port status &optional settings)
   "Check for TLS compression.
 
 TLS compression attacks such as CRIME would allow an attacker to
@@ -701,7 +699,7 @@ Security (DTLS)\", `https://tools.ietf.org/html/rfc7525'"
 
 ;; Protocol version checks
 
-(defun nsm-tls-check-version (host port status &optional settings)
+(defun nsm-protocol-check--version (host port status &optional settings)
   "Check for SSL/TLS protocol version.
 
 This function guards against the usage of SSL3.0, which has been
@@ -726,7 +724,7 @@ Early TLS\"
 
 ;; Full suite checks
 
-(defun nsm-tls-check-null-suite (host port status &optional settings)
+(defun nsm-protocol-check--null-suite (host port status &optional settings)
   "Check for NULL cipher suites.
 
 This function checks for NULL key exchange, cipher and message