lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
personal/gstrauss/master
personal/stbuehler/ci-build
personal/stbuehler/fix-fdevent
personal/stbuehler/1.4.48-mod-proxy-fix
personal/stbuehler/cleanup-build
personal/stbuehler/mod-csrf
personal/stbuehler/mod-csrf-old
lighttpd-1.4.69
lighttpd-1.4.68
lighttpd-1.4.67
lighttpd-1.4.66
lighttpd-1.4.65
lighttpd-1.4.64
lighttpd-1.4.63
lighttpd-1.4.62
lighttpd-1.4.61
lighttpd-1.4.60
lighttpd-1.4.59
lighttpd-1.4.58
lighttpd-1.4.57
lighttpd-1.4.56
lighttpd-1.4.56-rc7
lighttpd-1.4.56-rc6
lighttpd-1.4.56-rc5
lighttpd-1.4.56-rc4
lighttpd-1.4.56-rc3
lighttpd-1.4.56-rc2
lighttpd-1.4.56-rc1
lighttpd-1.4.55
lighttpd-1.4.54
lighttpd-1.4.53
lighttpd-1.4.52
lighttpd-1.4.51
lighttpd-1.4.50
lighttpd-1.4.49
lighttpd-1.4.48
lighttpd-1.4.47
lighttpd-1.4.46
lighttpd-1.4.45
lighttpd-1.4.44
lighttpd-1.4.43
lighttpd-1.4.42
lighttpd-1.4.41
lighttpd-1.4.40
lighttpd-1.4.39
lighttpd-1.4.38
lighttpd-1.4.37
lighttpd-1.4.36
lighttpd-1.4.36--rc1
lighttpd-1.4.35
lighttpd-1.4.34
lighttpd-1.4.33
lighttpd-1.4.32
lighttpd-1.4.31
lighttpd-1.4.30
lighttpd-1.4.29
lighttpd-1.4.24
lighttpd-1.3.11
lighttpd-1.3.12
lighttpd-1.3.13
lighttpd-1.3.14
lighttpd-1.3.15
lighttpd-1.3.16
lighttpd-1.4.1
lighttpd-1.4.10
lighttpd-1.4.11
lighttpd-1.4.12
lighttpd-1.4.13
lighttpd-1.4.14
lighttpd-1.4.15
lighttpd-1.4.16
lighttpd-1.4.17
lighttpd-1.4.18
lighttpd-1.4.19
lighttpd-1.4.2
lighttpd-1.4.20
lighttpd-1.4.21
lighttpd-1.4.22
lighttpd-1.4.23
lighttpd-1.4.25
lighttpd-1.4.26
lighttpd-1.4.27
lighttpd-1.4.28
lighttpd-1.4.3
lighttpd-1.4.4
lighttpd-1.4.5
lighttpd-1.4.6
lighttpd-1.4.7
lighttpd-1.4.8
lighttpd-1.4.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '32a2145f67'
${ noResults }
lighttpd1.4/src/mod_mbedtls.c

3479 lines
133 KiB
C
Raw Normal View History Unescape Escape

[mod_mbedtls] mbedTLS option for TLS (experimental) mod_mbedtls supports most ssl.* config options supported by mod_openssl thx Ward Willats for the initial discussion and attempt in the comments https://redmine.lighttpd.net/boards/3/topics/7029
3 years ago
/*
* mod_mbedtls - mbedTLS support for lighttpd
*
* Copyright(c) 2020 Glenn Strauss gstrauss()gluelogic.com All rights reserved
* License: BSD 3-clause (same as lighttpd)
*/
/*
* reference:
* https://tls.mbed.org/high-level-design
* https://tls.mbed.org/tech-updates/blog/mbedtls-2.0-defaults-best-practices
* mbedTLS header files (mbedtls/ssl.h and others) are extremely well-documented
* https://tls.mbed.org/api/ (generated from mbedTLS headers and code)
*
* mbedTLS limitations:
* - mbedTLS does not currently support TLSv1.3
* - mbedTLS does not currently support OCSP
* https://tls.mbed.org/discussions/feature-request/ocsp-stapling
* TLS/DTLS: OCSP Stapling support #880
* https://github.com/ARMmbed/mbedtls/issues/880
* Add support for writing OCSP requests and parsing OCSP responses #1197
* https://github.com/ARMmbed/mbedtls/issues/1197
*
* future possible enhancements to lighttpd mod_mbedtls:
* - session cache (though session tickets are implemented)
* sample code in mbedtls:programs/ssl/ssl_server2.c
*
* Note: session tickets are disabled by default
* If enabled, mbedtls rotates the session ticket key according to 2x timeout
* set with mbedtls_ssl_ticket_setup() (currently 43200 sec in mod_mbedtls).
* This is fine for use with a single lighttpd instance, but with multiple
* lighttpd workers, no coordinated STEK (server ticket encryption key)
* rotation occurs other than by (some external job) restarting lighttpd.
* Restarting lighttpd generates a new key that is shared by lighttpd workers
* for the lifetime of the new key. If the rotation period expires and
* lighttpd has not been restarted, lighttpd workers will generate new
* independent keys, making session tickets less effective for session
* resumption, since clients have a lower chance for future connections to
* reach the same lighttpd worker. However, things will still work, and a new
* session will be created if session resumption fails. Admins should plan to
* restart lighttpd at least every 24 hours if session tickets are enabled and
* multiple lighttpd workers are configured.
*/
#include "first.h"
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h> /* vsnprintf() */
#include <string.h>
#include <unistd.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/dhm.h>
#include <mbedtls/error.h>
#include <mbedtls/entropy.h>
#include <mbedtls/oid.h>
#include <mbedtls/pem.h>
#include <mbedtls/ssl.h>
#include <mbedtls/ssl_internal.h> /* struct mbedtls_ssl_transform */
#include <mbedtls/x509.h>
#include <mbedtls/x509_crt.h>
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER >= 0x02040000 /* mbedtls 2.04.0 */
#include <mbedtls/net_sockets.h>
#else
#include <mbedtls/net.h>
#endif
#if defined(MBEDTLS_SSL_TICKET_C)
#include <mbedtls/ssl_ticket.h>
#endif
#ifndef MBEDTLS_X509_CRT_PARSE_C
#error "lighttpd requires that mbedtls be built with MBEDTLS_X509_CRT_PARSE_C"
#endif
#include "base.h"
#include "http_header.h"
#include "log.h"
#include "plugin.h"
typedef struct {
/* SNI per host: with COMP_SERVER_SOCKET, COMP_HTTP_SCHEME, COMP_HTTP_HOST */
mbedtls_pk_context ssl_pemfile_pkey;/* parsed private key structure */
mbedtls_x509_crt ssl_pemfile_x509; /* parsed public key structure */
const buffer *ssl_pemfile;
const buffer *ssl_privkey;
int8_t need_chain;
} plugin_cert;
typedef struct {
mbedtls_ssl_config *ssl_ctx; /* context shared between mbedtls_ssl_CONTEXT structures */
int *ciphersuites;
mbedtls_ecp_group_id *curves;
} plugin_ssl_ctx;
typedef struct {
mbedtls_ssl_config *ssl_ctx; /* output from network_init_ssl() */
int *ciphersuites; /* output from network_init_ssl() */
mbedtls_ecp_group_id *curves; /* output from network_init_ssl() */
/*(used only during startup; not patched)*/
unsigned char ssl_enabled; /* only interesting for setting up listening sockets. don't use at runtime */
unsigned char ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
unsigned char ssl_empty_fragments;
unsigned char ssl_use_sslv2;
unsigned char ssl_use_sslv3;
const buffer *ssl_cipher_list;
const buffer *ssl_dh_file;
const buffer *ssl_ec_curve;
const buffer *ssl_acme_tls_1;
array *ssl_conf_cmd;
/*(copied from plugin_data for socket ssl_ctx config)*/
plugin_cert *pc;
mbedtls_pk_context *ssl_pemfile_pkey; /* parsed private key structure */
mbedtls_x509_crt *ssl_pemfile_x509; /* parsed public key structure */
mbedtls_x509_crt *ssl_ca_file;
const buffer *ssl_pemfile;
const buffer *ssl_privkey;
unsigned char ssl_session_ticket;
unsigned char ssl_verifyclient;
unsigned char ssl_verifyclient_enforce;
unsigned char ssl_verifyclient_depth;
} plugin_config_socket; /*(used at startup during configuration)*/
typedef struct {
/* SNI per host: w/ COMP_SERVER_SOCKET, COMP_HTTP_SCHEME, COMP_HTTP_HOST */
plugin_cert *pc;
mbedtls_pk_context *ssl_pemfile_pkey; /* parsed private key structure */
mbedtls_x509_crt *ssl_pemfile_x509; /* parsed public key structure */
const buffer *ssl_pemfile;
mbedtls_x509_crt *ssl_ca_file;
mbedtls_x509_crt *ssl_ca_dn_file;
mbedtls_x509_crl *ssl_ca_crl_file;
unsigned char ssl_verifyclient;
unsigned char ssl_verifyclient_enforce;
unsigned char ssl_verifyclient_depth;
unsigned char ssl_verifyclient_export_cert;
unsigned char ssl_read_ahead;
unsigned char ssl_log_noise;
unsigned char ssl_disable_client_renegotiation;
const buffer *ssl_verifyclient_username;
const buffer *ssl_acme_tls_1;
} plugin_config;
typedef struct {
PLUGIN_DATA;
plugin_ssl_ctx *ssl_ctxs;
plugin_config defaults;
server *srv;
/* NIST counter-mode deterministic random byte generator */
mbedtls_ctr_drbg_context ctr_drbg;
/* entropy collection and state management */
mbedtls_entropy_context entropy;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_context ticket_ctx;
#endif
} plugin_data;
static int ssl_is_init;
/* need assigned p->id for deep access of module handler_ctx for connection
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
static plugin_data *plugin_data_singleton;
#define LOCAL_SEND_BUFSIZE MBEDTLS_SSL_MAX_CONTENT_LEN
static char *local_send_buffer;
typedef struct {
mbedtls_ssl_context ssl; /* mbedtls request/connection context */
request_st *r;
connection *con;
int8_t request_env_patched;
int8_t close_notify;
unsigned short alpn;
int handshake_done;
size_t pending_write;
plugin_config conf;
buffer *tmp_buf;
mbedtls_pk_context *acme_tls_1_pkey;
mbedtls_x509_crt *acme_tls_1_x509;
} handler_ctx;
static handler_ctx *
handler_ctx_init (void)
{
handler_ctx *hctx = calloc(1, sizeof(*hctx));
force_assert(hctx);
return hctx;
}
static void
handler_ctx_free (handler_ctx *hctx)
{
mbedtls_ssl_free(&hctx->ssl);
if (hctx->acme_tls_1_pkey) {
mbedtls_pk_free(hctx->acme_tls_1_pkey);
free(hctx->acme_tls_1_pkey);
}
if (hctx->acme_tls_1_x509) {
mbedtls_x509_crt_free(hctx->acme_tls_1_x509);
free(hctx->acme_tls_1_x509);
}
free(hctx);
}
#ifdef MBEDTLS_ERROR_C
__attribute_cold__
static void elog(log_error_st * const errh,
const char * const file, const int line,
const int rc, const char * const msg)
{
/* error logging convenience function that decodes mbedtls result codes */
char buf[256];
mbedtls_strerror(rc, buf, sizeof(buf));
log_error(errh, file, line, "MTLS: %s: %s (-0x%04x)", msg, buf, -rc);
}
#else
#define elog(errh, file, line, rc, msg) \
log_error((errh), (file), (line), "MTLS: %s: (-0x%04x)", (msg), -(rc))
#endif
__attribute_cold__
__attribute_format__((__printf__, 5, 6))
static void elogf(log_error_st * const errh,
const char * const file, const int line,
const int rc, const char * const fmt, ...)
{
char msg[1024];
va_list ap;
va_start(ap, fmt);
vsnprintf(msg, sizeof(msg), fmt, ap);
va_end(ap);
elog(errh, file, line, rc, msg);
}
INIT_FUNC(mod_mbedtls_init)
{
plugin_data_singleton = (plugin_data *)calloc(1, sizeof(plugin_data));
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_init(&plugin_data_singleton->ticket_ctx);
#endif
return plugin_data_singleton;
}
static int mod_mbedtls_init_once_mbedtls (server *srv)
{
if (ssl_is_init) return 1;
ssl_is_init = 1;
plugin_data * const p = plugin_data_singleton;
mbedtls_ctr_drbg_init(&p->ctr_drbg); /* init empty NSIT random num gen */
mbedtls_entropy_init(&p->entropy); /* init empty entropy collection struct
.. could add sources here too */
int rc = /* init RNG */
mbedtls_ctr_drbg_seed(&p->ctr_drbg, /* random number generator */
mbedtls_entropy_func, /* default entropy func */
&p->entropy, /* entropy context */
NULL, 0); /* no personalization data */
if (0 != rc) {
elog(srv->errh, __FILE__,__LINE__, rc,
"Init of random number generator failed");
return 0;
}
local_send_buffer = malloc(LOCAL_SEND_BUFSIZE);
force_assert(NULL != local_send_buffer);
return 1;
}
static void mod_mbedtls_free_mbedtls (void)
{
if (!ssl_is_init) return;
plugin_data * const p = plugin_data_singleton;
mbedtls_ctr_drbg_free(&p->ctr_drbg);
mbedtls_entropy_free(&p->entropy);
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_free(&p->ticket_ctx);
#endif
free(local_send_buffer);
ssl_is_init = 0;
}
static void
mod_mbedtls_free_config (server *srv, plugin_data * const p)
{
if (NULL != p->ssl_ctxs) {
mbedtls_ssl_config * const ssl_ctx_global_scope = p->ssl_ctxs->ssl_ctx;
/* free ssl_ctx from $SERVER["socket"] (if not copy of global scope) */
for (uint32_t i = 1; i < srv->config_context->used; ++i) {
plugin_ssl_ctx * const s = p->ssl_ctxs + i;
if (s->ssl_ctx && s->ssl_ctx != ssl_ctx_global_scope) {
mbedtls_ssl_config_free(s->ssl_ctx);
free(s->ciphersuites);
free(s->curves);
}
}
/* free ssl_ctx from global scope */
if (ssl_ctx_global_scope) {
mbedtls_ssl_config_free(ssl_ctx_global_scope);
free(p->ssl_ctxs[0].ciphersuites);
free(p->ssl_ctxs[0].curves);
}
free(p->ssl_ctxs);
}
if (NULL == p->cvlist) return;
/* (init i to 0 if global context; to 1 to skip empty global context) */
for (int i = !p->cvlist[0].v.u2[1], used = p->nconfig; i < used; ++i) {
config_plugin_value_t *cpv = p->cvlist + p->cvlist[i].v.u2[0];
for (; -1 != cpv->k_id; ++cpv) {
switch (cpv->k_id) {
case 0: /* ssl.pemfile */
if (cpv->vtype == T_CONFIG_LOCAL) {
plugin_cert *pc = cpv->v.v;
mbedtls_pk_free(&pc->ssl_pemfile_pkey);
mbedtls_x509_crt_free(&pc->ssl_pemfile_x509);
}
break;
case 2: /* ssl.ca-file */
case 3: /* ssl.ca-dn-file */
if (cpv->vtype == T_CONFIG_LOCAL) {
mbedtls_x509_crt *cacert = cpv->v.v;
mbedtls_x509_crt_free(cacert);
free(cacert);
}
break;
case 4: /* ssl.ca-dn-file */
if (cpv->vtype == T_CONFIG_LOCAL) {
mbedtls_x509_crl *crl = cpv->v.v;
mbedtls_x509_crl_free(crl);
free(crl);
}
break;
default:
break;
}
}
}
}
FREE_FUNC(mod_mbedtls_free)
{
plugin_data *p = p_d;
if (NULL == p->srv) return;
mod_mbedtls_free_config(p->srv, p);
mod_mbedtls_free_mbedtls();
}
static void
mod_mbedtls_merge_config_cpv (plugin_config * const pconf, const config_plugin_value_t * const cpv)
{
switch (cpv->k_id) { /* index into static config_plugin_keys_t cpk[] */
case 0: /* ssl.pemfile */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->pc = cpv->v.v;
break;
case 1: /* ssl.privkey */
break;
case 2: /* ssl.ca-file */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->ssl_ca_file = cpv->v.v;
break;
case 3: /* ssl.ca-dn-file */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->ssl_ca_dn_file = cpv->v.v;
break;
case 4: /* ssl.ca-crl-file */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->ssl_ca_dn_file = cpv->v.v;
break;
case 5: /* ssl.read-ahead */
pconf->ssl_read_ahead = (0 != cpv->v.u);
break;
case 6: /* ssl.disable-client-renegotiation */
pconf->ssl_disable_client_renegotiation = (0 != cpv->v.u);
break;
case 7: /* ssl.verifyclient.activate */
pconf->ssl_verifyclient = (0 != cpv->v.u);
break;
case 8: /* ssl.verifyclient.enforce */
pconf->ssl_verifyclient_enforce = (0 != cpv->v.u);
break;
case 9: /* ssl.verifyclient.depth */
pconf->ssl_verifyclient_depth = (unsigned char)cpv->v.shrt;
break;
case 10:/* ssl.verifyclient.username */
pconf->ssl_verifyclient_username = cpv->v.b;
break;
case 11:/* ssl.verifyclient.exportcert */
pconf->ssl_verifyclient_export_cert = (0 != cpv->v.u);
break;
case 12:/* ssl.acme-tls-1 */
pconf->ssl_acme_tls_1 = cpv->v.b;
break;
case 13:/* debug.log-ssl-noise */
pconf->ssl_log_noise = (unsigned char)cpv->v.shrt;
break;
default:/* should not happen */
return;
}
}
static void
mod_mbedtls_merge_config(plugin_config * const pconf, const config_plugin_value_t *cpv)
{
do {
mod_mbedtls_merge_config_cpv(pconf, cpv);
} while ((++cpv)->k_id != -1);
}
static void
mod_mbedtls_patch_config (request_st * const r, plugin_config * const pconf)
{
plugin_data * const p = plugin_data_singleton;
memcpy(pconf, &p->defaults, sizeof(plugin_config));
for (int i = 1, used = p->nconfig; i < used; ++i) {
if (config_check_cond(r, (uint32_t)p->cvlist[i].k_id))
mod_mbedtls_merge_config(pconf, p->cvlist + p->cvlist[i].v.u2[0]);
}
}
__attribute_pure__
static int
mod_mbedtls_crt_is_self_issued (const mbedtls_x509_crt * const crt)
{
const mbedtls_x509_buf * const issuer = &crt->issuer_raw;
const mbedtls_x509_buf * const subject = &crt->subject_raw;
return subject->len == issuer->len
&& 0 == memcmp(issuer->p, subject->p, subject->len);
}
static int
mod_mbedtls_construct_crt_chain (mbedtls_x509_crt *leaf, mbedtls_x509_crt *store, log_error_st *errh)
{
/* Historically, openssl will use the cert chain in (SSL_CTX *) if a cert
* does not have a chain configured in (SSL *). While similar behavior
* could be achieved with mbedtls_x509_crt_parse_file(crt, ssl_ca_file->ptr)
* instead attempt to do better and build a proper, ordered cert chain. */
if (leaf->next) return 0; /*(presume chain has already been provided)*/
if (store == NULL) return 0;/*(unable to proceed; chain may be incomplete)*/
/* attempt to construct certificate chain from certificate store */
for (mbedtls_x509_crt *crt = leaf; crt; ) {
const mbedtls_x509_buf * const issuer = &crt->issuer_raw;
/*(walk entire store in case certs are not properly sorted)*/
for (crt = store; crt; crt = crt->next) {
/* The raw issuer/subject data (DER) is used for quick comparison */
/* (see comments in mod_mbedtls_verify_cb())*/
const mbedtls_x509_buf * const subject = &crt->subject_raw;
if (issuer->len != subject->len
|| 0 != memcmp(subject->p, issuer->p, issuer->len)) continue;
/* root cert is end condition; omit from chain of intermediates */
if (mod_mbedtls_crt_is_self_issued(crt))
return 0;
int rc =
#if MBEDTLS_VERSION_NUMBER >= 0x02110000 /* mbedtls 2.17.0 */
/* save memory by eliding copy of already-loaded raw DER */
mbedtls_x509_crt_parse_der_nocopy(leaf, crt->raw.p, crt->raw.len);
#else
mbedtls_x509_crt_parse_der(leaf, crt->raw.p, crt->raw.len);
#endif
if (0 != rc) { /*(failure not unexpected since already parsed)*/
elog(errh, __FILE__, __LINE__, rc, "cert copy failed");
return rc;
}
break;
}
}
return 0; /*(no error, though cert chain may or may not be complete)*/
}
static int
mod_mbedtls_verify_cb (void *arg, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
{
handler_ctx * const hctx = (handler_ctx *)arg;
if (depth > hctx->conf.ssl_verifyclient_depth) {
log_error(hctx->r->conf.errh, __FILE__, __LINE__,
"MTLS: client cert chain too long");
*flags |= MBEDTLS_X509_BADCERT_OTHER; /* cert chain too long */
}
else if (0 == depth && NULL != hctx->conf.ssl_ca_dn_file) {
/* verify that client cert is issued by CA in ssl.ca-dn-file
* if both ssl.ca-dn-file and ssl.ca-file were configured */
/* The raw issuer/subject data (DER) is used for quick comparison. */
const size_t len = crt->issuer_raw.len;
mbedtls_x509_crt *chain = hctx->conf.ssl_ca_dn_file;
do {
#if 0 /* x509_name_cmp() is not a public func in mbedtls */
if (0 == x509_name_cmp(&crt->issuer, &chain->subject))
break;
#else
if (len == chain->subject_raw.len
&& 0 == memcmp(chain->subject_raw.p, crt->issuer_raw.p, len))
break;
#endif
} while ((chain = chain->next));
if (NULL == chain)
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
}
if (*flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
log_error(hctx->r->conf.errh, __FILE__, __LINE__,
"MTLS: client cert not trusted");
}
return 0;
}
#ifdef MBEDTLS_SSL_SERVER_NAME_INDICATION
static int
mod_mbedtls_SNI (void *arg, mbedtls_ssl_context *ssl, const unsigned char *servername, size_t len)
{
handler_ctx * const hctx = (handler_ctx *) arg;
buffer_copy_string(&hctx->r->uri.scheme, "https");
request_st * const r = hctx->r;
if (len >= 1024) { /*(expecting < 256; TLSEXT_MAXLEN_host_name is 255)*/
log_error(r->conf.errh, __FILE__, __LINE__,
"MTLS: SNI name too long %.*s", (int)len, servername);
return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
/* use SNI to patch mod_mbedtls config and then reset COMP_HTTP_HOST */
buffer_copy_string_len(&r->uri.authority, (const char *)servername, len);
buffer_to_lower(&r->uri.authority);
#if 0
/*(r->uri.authority used below for configuration before request read;
* revisit for h2)*/
if (0 != http_request_host_policy(&r->uri.authority,
r->conf.http_parseopts, 443))
return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
#endif
const buffer * const ssl_pemfile = hctx->conf.pc->ssl_pemfile;
r->conditional_is_valid |= (1 << COMP_HTTP_SCHEME)
| (1 << COMP_HTTP_HOST);
mod_mbedtls_patch_config(r, &hctx->conf);
/* reset COMP_HTTP_HOST so that conditions re-run after request hdrs read */
/*(done in configfile-glue.c:config_cond_cache_reset() after request hdrs read)*/
/*config_cond_cache_reset_item(r, COMP_HTTP_HOST);*/
/*buffer_clear(&r->uri.authority);*/
/*(compare strings as ssl.pemfile might repeat same file in lighttpd.conf
* and mod_mbedtls does not attempt to de-dup)*/
if (!buffer_is_equal(hctx->conf.pc->ssl_pemfile, ssl_pemfile)) {
/* if needed, attempt to construct certificate chain for server cert */
if (hctx->conf.pc->need_chain) {
hctx->conf.pc->need_chain = 0; /*(attempt once to complete chain)*/
mbedtls_x509_crt *ssl_cred = &hctx->conf.pc->ssl_pemfile_x509;
mbedtls_x509_crt *store = hctx->conf.ssl_ca_file;
if (!mod_mbedtls_construct_crt_chain(ssl_cred, store, r->conf.errh))
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/* reconfigure to use SNI-specific cert */
int rc =
mbedtls_ssl_set_hs_own_cert(ssl,
&hctx->conf.pc->ssl_pemfile_x509,
&hctx->conf.pc->ssl_pemfile_pkey);
if (0 != rc) {
elogf(r->conf.errh, __FILE__, __LINE__, rc,
"failed to set SNI certificate for TLS server name %s",
r->uri.authority.ptr);
return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
}
}
return 0;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
static int
mod_mbedtls_conf_verify (handler_ctx *hctx, mbedtls_ssl_config *ssl_ctx)
{
if (NULL == hctx->conf.ssl_ca_file) {
log_error(hctx->r->conf.errh, __FILE__, __LINE__,
"MTLS: can't verify client without ssl.ca-file "
"for TLS server name %s",
hctx->r->uri.authority.ptr);
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
/* send ssl_ca_dn_file (if set) in client certificate request
* (later changed to ssl_ca_file before client certificate verification) */
mbedtls_x509_crt *ca_certs = hctx->conf.ssl_ca_dn_file
? hctx->conf.ssl_ca_dn_file
: hctx->conf.ssl_ca_file;
mbedtls_ssl_context * const ssl = &hctx->ssl;
mbedtls_ssl_set_hs_ca_chain(ssl, ca_certs, hctx->conf.ssl_ca_crl_file);
#if MBEDTLS_VERSION_NUMBER >= 0x02120000 /* mbedtls 2.18.0 */
mbedtls_ssl_set_verify(ssl, mod_mbedtls_verify_cb, hctx);
#else
mbedtls_ssl_conf_verify(ssl_ctx, mod_mbedtls_verify_cb, hctx);
#endif
return 0;
}
static void *
network_mbedtls_load_pemfile (server *srv, const buffer *pemfile, const buffer *privkey)
{
mbedtls_x509_crt ssl_pemfile_x509; /* parsed public key structure */
mbedtls_pk_context ssl_pemfile_pkey; /* parsed private key structure */
int rc;
mbedtls_x509_crt_init(&ssl_pemfile_x509); /* init cert structure */
rc = mbedtls_x509_crt_parse_file(&ssl_pemfile_x509, pemfile->ptr);
if (0 != rc) {
elogf(srv->errh, __FILE__, __LINE__, rc,
"PEM file cert read failed (%s)", pemfile->ptr);
return NULL;
}
mbedtls_pk_init(&ssl_pemfile_pkey); /* init private key context */
rc = mbedtls_pk_parse_keyfile(&ssl_pemfile_pkey, privkey->ptr, NULL);
if (0 != rc) {
elogf(srv->errh, __FILE__, __LINE__, rc,
"PEM file private key read failed %s", privkey->ptr);
mbedtls_x509_crt_free(&ssl_pemfile_x509);
return NULL;
}
rc = mbedtls_pk_check_pair(&ssl_pemfile_x509.pk, &ssl_pemfile_pkey);
if (0 != rc) {
elogf(srv->errh, __FILE__, __LINE__, rc,
"PEM cert and private key did not verify (%s) (%s)",
pemfile->ptr, privkey->ptr);
mbedtls_pk_free(&ssl_pemfile_pkey);
mbedtls_x509_crt_free(&ssl_pemfile_x509);
return NULL;
}
plugin_cert *pc = malloc(sizeof(plugin_cert));
force_assert(pc);
pc->ssl_pemfile_pkey = ssl_pemfile_pkey;
pc->ssl_pemfile_x509 = ssl_pemfile_x509;
pc->ssl_pemfile = pemfile;
pc->ssl_privkey = privkey;
pc->need_chain = (ssl_pemfile_x509.next == NULL
&& !mod_mbedtls_crt_is_self_issued(&ssl_pemfile_x509));
mbedtls_platform_zeroize(&ssl_pemfile_pkey, sizeof(ssl_pemfile_pkey));
return pc;
}
#ifdef MBEDTLS_SSL_ALPN
static int
mod_mbedtls_acme_tls_1 (handler_ctx *hctx)
{
buffer * const b = hctx->tmp_buf;
const buffer * const name = &hctx->r->uri.authority;
log_error_st * const errh = hctx->r->conf.errh;
mbedtls_x509_crt *ssl_pemfile_x509 = NULL;
mbedtls_pk_context *ssl_pemfile_pkey = NULL;
size_t len;
int rc = MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO;
/* check if acme-tls/1 protocol is enabled (path to dir of cert(s) is set)*/
if (buffer_string_is_empty(hctx->conf.ssl_acme_tls_1))
return 0; /*(should not happen)*/
buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1);
buffer_append_slash(b);
/* check if SNI set server name (required for acme-tls/1 protocol)
* and perform simple path checks for no '/'
* and no leading '.' (e.g. ignore "." or ".." or anything beginning '.') */
if (buffer_string_is_empty(name)) return rc;
if (NULL != strchr(name->ptr, '/')) return rc;
if (name->ptr[0] == '.') return rc;
#if 0
if (0 != http_request_host_policy(name,hctx->r->conf.http_parseopts,443))
return rc;
#endif
buffer_append_string_buffer(b, name);
len = buffer_string_length(b);
do {
buffer_append_string_len(b, CONST_STR_LEN(".crt.pem"));
ssl_pemfile_x509 = malloc(sizeof(*ssl_pemfile_x509));
force_assert(ssl_pemfile_x509);
mbedtls_x509_crt_init(ssl_pemfile_x509); /* init cert structure */
rc = mbedtls_x509_crt_parse_file(ssl_pemfile_x509, b->ptr);
if (0 != rc) {
elogf(errh, __FILE__, __LINE__, rc,
"Failed to load acme-tls/1 pemfile: %s", b->ptr);
break;
}
buffer_string_set_length(b, len); /*(remove ".crt.pem")*/
buffer_append_string_len(b, CONST_STR_LEN(".key.pem"));
ssl_pemfile_pkey = malloc(sizeof(*ssl_pemfile_pkey));
force_assert(ssl_pemfile_pkey);
mbedtls_pk_init(ssl_pemfile_pkey); /* init private key context */
rc = mbedtls_pk_parse_keyfile(ssl_pemfile_pkey, b->ptr, NULL);
if (0 != rc) {
elogf(errh, __FILE__, __LINE__, rc,
"Failed to load acme-tls/1 pemfile: %s", b->ptr);
break;
}
rc = mbedtls_ssl_set_hs_own_cert(&hctx->ssl,
ssl_pemfile_x509, ssl_pemfile_pkey);
if (0 != rc) {
elogf(errh, __FILE__, __LINE__, rc,
"failed to set acme-tls/1 certificate for TLS server "
"name %s", name->ptr);
break;
}
hctx->acme_tls_1_pkey = ssl_pemfile_pkey; /* save ptr and free later */
hctx->acme_tls_1_x509 = ssl_pemfile_x509; /* save ptr and free later */
return 0;
} while (0);
if (ssl_pemfile_pkey) {
mbedtls_pk_free(ssl_pemfile_pkey);
free(ssl_pemfile_pkey);
}
if (ssl_pemfile_x509) {
mbedtls_x509_crt_free(ssl_pemfile_x509);
free(ssl_pemfile_x509);
}
return rc;
}
enum {
MOD_MBEDTLS_ALPN_HTTP11 = 1
,MOD_MBEDTLS_ALPN_HTTP10 = 2
,MOD_MBEDTLS_ALPN_H2 = 3
,MOD_MBEDTLS_ALPN_ACME_TLS_1 = 4
};
static int
mod_mbedtls_alpn_select_cb (handler_ctx *hctx, const char *in)
{
const int n = (int)strlen(in);
const int i = 0;
unsigned short proto;
switch (n) {
#if 0
case 2: /* "h2" */
if (in[i] == 'h' && in[i+1] == '2') {
proto = MOD_MBEDTLS_ALPN_H2;
break;
}
return 0;
#endif
case 8: /* "http/1.1" "http/1.0" */
if (0 == memcmp(in+i, "http/1.", 7)) {
if (in[i+7] == '1') {
proto = MOD_MBEDTLS_ALPN_HTTP11;
break;
}
if (in[i+7] == '0') {
proto = MOD_MBEDTLS_ALPN_HTTP10;
break;
}
}
return 0;
case 10: /* "acme-tls/1" */
if (0 == memcmp(in+i, "acme-tls/1", 10)) {
int rc = mod_mbedtls_acme_tls_1(hctx);
if (0 == rc) {
proto = MOD_MBEDTLS_ALPN_ACME_TLS_1;
break;
}
return rc;
}
return 0;
default:
return 0;
}
hctx->alpn = proto;
return 0;
}
#endif /* MBEDTLS_SSL_ALPN */
static int
mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *ciphersuites, const buffer *cipherstring);
static int
mod_mbedtls_ssl_conf_curves(server *srv, plugin_config_socket *s, const buffer *curvelist);
static void
mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max);
static int
mod_mbedtls_ssl_conf_cmd (server *srv, plugin_config_socket *s)
{
/* reference:
* https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html */
int rc = 0;
buffer *cipherstring = NULL;
buffer *ciphersuites = NULL;
for (size_t i = 0; i < s->ssl_conf_cmd->used; ++i) {
data_string *ds = (data_string *)s->ssl_conf_cmd->data[i];
if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("CipherString")))
cipherstring = &ds->value;
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Ciphersuites")))
ciphersuites = &ds->value;
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Curves"))
|| buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Groups"))) {
if (!mod_mbedtls_ssl_conf_curves(srv, s, &ds->value))
rc = -1;
}
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("MaxProtocol")))
mod_mbedtls_ssl_conf_proto(srv, s, &ds->value, 1); /* max */
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("MinProtocol")))
mod_mbedtls_ssl_conf_proto(srv, s, &ds->value, 0); /* min */
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Protocol"))) {
/* openssl config for Protocol=... is complex and deprecated */
log_error(srv->errh, __FILE__, __LINE__,
"MTLS: ssl.openssl.ssl-conf-cmd %s ignored; "
"use MinProtocol=... and MaxProtocol=... instead",
ds->key.ptr);
}
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Options"))) {
for (char *v = ds->value.ptr, *e; *v; v = e) {
while (*v == ' ' || *v == '\t' || *v == ',') ++v;
int flag = 1;
if (*v == '-') {
flag = 0;
++v;
}
for (e = v; light_isalpha(*e); ++e) ;
switch ((int)(e-v)) {
case 11:
if (buffer_eq_icase_ssn(v, "Compression", 11)) {
/* mbedtls defaults to no record compression unless
* mbedtls is built with MBEDTLS_ZLIB_SUPPORT, which
* is deprecated and slated for removal*/
if (!flag) continue;
}
break;
case 13:
if (buffer_eq_icase_ssn(v, "SessionTicket", 13)) {
s->ssl_session_ticket = flag;
continue;
}
break;
case 16:
if (buffer_eq_icase_ssn(v, "ServerPreference", 16)) {
/* Note: The server uses its own preferences
* over the preference of the client unless
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE defined! */
s->ssl_honor_cipher_order = flag;
continue;
}
break;
default:
break;
}
/* warn if not explicitly handled or ignored above */
if (!flag) --v;
log_error(srv->errh, __FILE__, __LINE__,
"MTLS: ssl.openssl.ssl-conf-cmd Options %.*s ignored",
(int)(e-v), v);
}
}
#if 0
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("..."))) {
}
#endif
else {
/* warn if not explicitly handled or ignored above */
log_error(srv->errh, __FILE__, __LINE__,
"MTLS: ssl.openssl.ssl-conf-cmd %s ignored",
ds->key.ptr);
}
}
if (!mod_mbedtls_ssl_conf_ciphersuites(srv, s, ciphersuites, cipherstring))
rc = -1;
return rc;
}
static int
network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p)
{
int rc;
s->ssl_ctx = malloc(sizeof(mbedtls_ssl_config));
force_assert(s->ssl_ctx);
mbedtls_ssl_config_init(s->ssl_ctx);
/* set the RNG in the ssl config context, using the default random func */
mbedtls_ssl_conf_rng(s->ssl_ctx, mbedtls_ctr_drbg_random, &p->ctr_drbg);
/* mbedtls defaults to disable client renegotiation
* mbedtls defaults to no record compression unless mbedtls is built
* with MBEDTLS_ZLIB_SUPPORT, which is deprecated and slated for removal
* MBEDTLS_SSL_PRESET_SUITEB is stricter than MBEDTLS_SSL_PRESET_DEFAULT
* (and is attempted to be supported in mod_mbedtls_ssl_conf_ciphersuites())
* explanation: https://github.com/ARMmbed/mbedtls/issues/1591
* reference: RFC 6460 */
rc = mbedtls_ssl_config_defaults(s->ssl_ctx,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT);
if (0 != rc) {
elog(srv->errh, __FILE__,__LINE__, rc,
"Init of ssl config context defaults failed");
return -1;
}
/* mbedtls defaults minimum accepted SSL/TLS protocol version TLS v1.0
* use of SSL v3 should be avoided, and SSL v2 is not supported */
if (s->ssl_use_sslv3)
mbedtls_ssl_conf_min_version(s->ssl_ctx, MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_0);
if (!buffer_string_is_empty(s->ssl_cipher_list)) {
if (!mod_mbedtls_ssl_conf_ciphersuites(srv,s,NULL,s->ssl_cipher_list))
return -1;
}
if (!buffer_string_is_empty(s->ssl_dh_file)) {
mbedtls_dhm_context dhm;
mbedtls_dhm_init(&dhm);
rc = mbedtls_dhm_parse_dhmfile(&dhm, s->ssl_dh_file->ptr);
if (0 != rc)
elogf(srv->errh, __FILE__,__LINE__, rc,
"mbedtls_dhm_parse_dhmfile() %s", s->ssl_dh_file->ptr);
else {
rc = mbedtls_ssl_conf_dh_param_ctx(s->ssl_ctx, &dhm);
if (0 != rc)
elogf(srv->errh, __FILE__,__LINE__, rc,
"mbedtls_ssl_conf_dh_param_ctx() %s", s->ssl_dh_file->ptr);
}
mbedtls_dhm_free(&dhm);
if (0 != rc)
return -1;
}
if (!buffer_string_is_empty(s->ssl_ec_curve)) {
if (!mod_mbedtls_ssl_conf_curves(srv, s, s->ssl_ec_curve))
return -1;
}
/* if needed, attempt to construct certificate chain for server cert */
if (s->pc->need_chain) {
s->pc->need_chain = 0; /*(attempt once to complete chain)*/
if (!mod_mbedtls_construct_crt_chain(s->ssl_pemfile_x509,
s->ssl_ca_file, srv->errh))
return -1;
}
rc = mbedtls_ssl_conf_own_cert(s->ssl_ctx,
s->ssl_pemfile_x509, s->ssl_pemfile_pkey);
if (0 != rc) {
elogf(srv->errh, __FILE__, __LINE__, rc,
"PEM cert and private key did not verify (%s) (%s)",
s->ssl_pemfile->ptr, s->ssl_privkey->ptr);
return -1;
}
#ifdef MBEDTLS_SSL_ALPN
/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids */
static const char *alpn_protos_http_acme[] = {
"http/1.1"
,"http/1.0"
,"acme-tls/1"
,NULL
};
static const char *alpn_protos_http[] = {
"http/1.1"
,"http/1.0"
,NULL
};
const char **alpn_protos = (!buffer_string_is_empty(s->ssl_acme_tls_1))
? alpn_protos_http_acme
: alpn_protos_http;
rc = mbedtls_ssl_conf_alpn_protocols(s->ssl_ctx, alpn_protos);
if (0 != rc) {
elog(srv->errh, __FILE__, __LINE__, rc, "error setting ALPN protocols");
return -1;
}
#endif
if (!s->ssl_use_sslv3 && !s->ssl_use_sslv2)
mod_mbedtls_ssl_conf_proto(srv, s, NULL, 0); /* min */
if (s->ssl_conf_cmd && s->ssl_conf_cmd->used) {
if (0 != mod_mbedtls_ssl_conf_cmd(srv, s)) return -1;
}
/* server preference is used (default) unless mbedtls is built with
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE defined (not default) */
#ifndef MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
if (!s->ssl_honor_cipher_order)
log_error(srv->errh, __FILE__, __LINE__,
"MTLS: "
"ignoring ssl.honor-cipher-order; mbedtls uses server preference "
"unless mbedtls built MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE");
#else
if (s->ssl_honor_cipher_order)
log_error(srv->errh, __FILE__, __LINE__,
"MTLS: "
"ignoring ssl.honor-cipher-order; mbedtls uses client preference "
"since mbedtls built MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE");
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (s->ssl_session_ticket && !p->ticket_ctx.ticket_lifetime) { /*init once*/
rc = mbedtls_ssl_ticket_setup(&p->ticket_ctx, mbedtls_ctr_drbg_random,
&p->ctr_drbg, MBEDTLS_CIPHER_AES_256_GCM,
43200); /* ticket timeout: 12 hours */
if (0 != rc) {
elog(srv->errh, __FILE__,__LINE__, rc,
"mbedtls_ssl_ticket_setup()");
return -1;
}
}
#if defined(MBEDTLS_SSL_TICKET_C)
if (s->ssl_session_ticket)
mbedtls_ssl_conf_session_tickets_cb(s->ssl_ctx,
mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse,
&p->ticket_ctx);
#endif
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
return 0;
}
static int
mod_mbedtls_set_defaults_sockets(server *srv, plugin_data *p)
{
static const config_plugin_keys_t cpk[] = {
{ CONST_STR_LEN("ssl.engine"),
T_CONFIG_BOOL,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.cipher-list"),
T_CONFIG_STRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.honor-cipher-order"),
T_CONFIG_BOOL,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.dh-file"),
T_CONFIG_STRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.ec-curve"),
T_CONFIG_STRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.openssl.ssl-conf-cmd"),
T_CONFIG_ARRAY_KVSTRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.pemfile"), /* included to process global scope */
T_CONFIG_STRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.empty-fragments"),
T_CONFIG_BOOL,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.use-sslv2"),
T_CONFIG_BOOL,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("ssl.use-sslv3"),
T_CONFIG_BOOL,
T_CONFIG_SCOPE_CONNECTION }
,{ NULL, 0,
T_CONFIG_UNSET,
T_CONFIG_SCOPE_UNSET }
};
static const buffer default_ssl_cipher_list = { CONST_STR_LEN("HIGH"), 0 };
p->ssl_ctxs = calloc(srv->config_context->used, sizeof(plugin_ssl_ctx));
force_assert(p->ssl_ctxs);
int rc = HANDLER_GO_ON;
plugin_data_base srvplug;
memset(&srvplug, 0, sizeof(srvplug));
plugin_data_base * const ps = &srvplug;
if (!config_plugin_values_init(srv, ps, cpk, "mod_mbedtls"))
return HANDLER_ERROR;
plugin_config_socket defaults;
memset(&defaults, 0, sizeof(defaults));
#ifndef MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
defaults.ssl_honor_cipher_order = 1;
#endif
defaults.ssl_session_ticket = 0; /* disabled by default */
defaults.ssl_cipher_list = &default_ssl_cipher_list;
/* process and validate config directives for global and $SERVER["socket"]
* (init i to 0 if global