diff options
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | src/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/meson.build | 2 | ||||
| -rw-r--r-- | src/mod_mbedtls.c | 262 | ||||
| -rw-r--r-- | src/sys-crypto-md.h | 51 |
5 files changed, 256 insertions, 65 deletions
diff --git a/configure.ac b/configure.ac index 518747eb..1e1539bb 100644 --- a/configure.ac +++ b/configure.ac @@ -772,9 +772,9 @@ AM_CONDITIONAL(BUILD_WITH_MBEDTLS, test ! $WITH_MBEDTLS = no) if test "x$use_mbedtls" = "xyes"; then AC_CHECK_HEADERS([mbedtls/ssl.h]) OLDLIBS="$LIBS" - AC_CHECK_LIB(mbedcrypto,mbedtls_base64_encode, + AC_CHECK_LIB(mbedcrypto, mbedtls_base64_encode, [AC_CHECK_LIB(mbedx509, mbedtls_x509_get_name, - [AC_CHECK_LIB(mbedtls, mbedtls_cipher_info_from_type, + [AC_CHECK_LIB(mbedtls, mbedtls_ssl_init, [MTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto" CRYPTO_LIB="-lmbedcrypto" AC_DEFINE(HAVE_LIBMBEDTLS, [1], [Have libmbedtls library]) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index b73083cc..9480261f 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -462,7 +462,7 @@ if(WITH_MBEDTLS) check_library_exists(mbedcrypto mbedtls_base64_encode "" HAVE_LIBMBEDCRYPTO) if(HAVE_LIBMBEDCRYPTO) set(CRYPTO_LIBRARY mbedcrypto) - check_library_exists(mbedtls mbedtls_cipher_info_from_type "" HAVE_LIBMBEDTLS) + check_library_exists(mbedtls mbedtls_ssl_init "" HAVE_LIBMBEDTLS) if(HAVE_LIBMBEDTLS) check_library_exists(mbedx509 mbedtls_x509_get_name "" HAVE_LIBMBEDX509) endif() diff --git a/src/meson.build b/src/meson.build index dce00b04..4ee16346 100644 --- a/src/meson.build +++ b/src/meson.build @@ -468,7 +468,7 @@ endif if get_option('with_mbedtls') # manual search: # header: mbedtls/ssl.h - # function: mbedtls_cipher_info_from_type (-lmbedtls) + # function: mbedtls_ssl_init (-lmbedtls) # function: mbedtls_x509_get_name (-lmbedx509) # function: mbedtls_base64_encode (-lmbedcrypto) libmbedtls = [ compiler.find_library('mbedtls') ] diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c index 5441bbd3..8365f600 100644 --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c @@ -55,7 +55,12 @@ #include <stdio.h> /* vsnprintf() */ #include <string.h> -#include <mbedtls/config.h> +/*(temporary while waiting for future mbedtls 3.x interfaces)*/ +#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#endif + +#include <mbedtls/version.h> #include <mbedtls/ctr_drbg.h> #include <mbedtls/debug.h> #include <mbedtls/dhm.h> @@ -64,10 +69,11 @@ #include <mbedtls/oid.h> #include <mbedtls/pem.h> #include <mbedtls/ssl.h> +#if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */ #include <mbedtls/ssl_internal.h> /* struct mbedtls_ssl_transform */ +#endif #include <mbedtls/x509.h> #include <mbedtls/x509_crt.h> -#include <mbedtls/version.h> #include <mbedtls/platform_util.h> /* mbedtls_platform_zeroize() */ #if MBEDTLS_VERSION_NUMBER >= 0x02040000 /* mbedtls 2.04.0 */ @@ -84,6 +90,10 @@ #error "lighttpd requires that mbedtls be built with MBEDTLS_X509_CRT_PARSE_C" #endif +#ifndef MBEDTLS_PRIVATE +#define MBEDTLS_PRIVATE(x) x +#endif + #include "base.h" #include "ck.h" #include "fdevent.h" @@ -177,7 +187,11 @@ static int ssl_is_init; /* need assigned p->id for deep access of module handler_ctx for connection * i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */ static plugin_data *plugin_data_singleton; +#ifdef MBEDTLS_SSL_OUT_CONTENT_LEN +#define LOCAL_SEND_BUFSIZE MBEDTLS_SSL_OUT_CONTENT_LEN +#else #define LOCAL_SEND_BUFSIZE MBEDTLS_SSL_MAX_CONTENT_LEN +#endif static char *local_send_buffer; typedef struct { @@ -698,6 +712,12 @@ mod_mbedtls_acme_tls_1 (handler_ctx *hctx); #endif +#if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */ +#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO +#define MBEDTLS_ERR_SSL_DECODE_ERROR MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO +#endif + + #ifdef MBEDTLS_SSL_SERVER_NAME_INDICATION static int mod_mbedtls_SNI (void *arg, mbedtls_ssl_context *ssl, const unsigned char *servername, size_t len) @@ -709,7 +729,7 @@ mod_mbedtls_SNI (void *arg, mbedtls_ssl_context *ssl, const unsigned char *serve if (len >= 1024) { /*(expecting < 256; TLSEXT_MAXLEN_host_name is 255)*/ log_error(r->conf.errh, __FILE__, __LINE__, "MTLS: SNI name too long %.*s", (int)len, servername); - return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } /* use SNI to patch mod_mbedtls config and then reset COMP_HTTP_HOST */ @@ -719,7 +739,7 @@ mod_mbedtls_SNI (void *arg, mbedtls_ssl_context *ssl, const unsigned char *serve * revisit for h2)*/ if (0 != http_request_host_policy(&r->uri.authority, r->conf.http_parseopts, 443)) - return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; #endif const buffer * const ssl_pemfile = hctx->conf.pc->ssl_pemfile; @@ -759,7 +779,7 @@ mod_mbedtls_SNI (void *arg, mbedtls_ssl_context *ssl, const unsigned char *serve elogf(r->conf.errh, __FILE__, __LINE__, rc, "failed to set SNI certificate for TLS server name %s", r->uri.authority.ptr); - return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } @@ -928,9 +948,17 @@ mod_mbedtls_pk_parse_keyfile (mbedtls_pk_context *ctx, const char *fn, const cha char *data = fdevent_load_file(fn, &dlen, NULL, malloc, free); if (NULL == data) return rc; + #if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.00.0 */ + plugin_data * const p = plugin_data_singleton; + rc = mbedtls_pk_parse_key(ctx, (unsigned char *)data, (size_t)dlen+1, + (const unsigned char *)pwd, + pwd ? strlen(pwd) : 0, + mbedtls_ctr_drbg_random, &p->ctr_drbg); + #else rc = mbedtls_pk_parse_key(ctx, (unsigned char *)data, (size_t)dlen+1, (const unsigned char *)pwd, pwd ? strlen(pwd) : 0); + #endif if (dlen) ck_memzero(data, (size_t)dlen); free(data); @@ -963,7 +991,13 @@ network_mbedtls_load_pemfile (server *srv, const buffer *pemfile, const buffer * return NULL; } + #if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.00.0 */ + plugin_data * const p = plugin_data_singleton; + rc = mbedtls_pk_check_pair(&ssl_pemfile_x509.pk, &ssl_pemfile_pkey, + mbedtls_ctr_drbg_random, &p->ctr_drbg); + #else rc = mbedtls_pk_check_pair(&ssl_pemfile_x509.pk, &ssl_pemfile_pkey); + #endif if (0 != rc) { elogf(srv->errh, __FILE__, __LINE__, rc, "PEM cert and private key did not verify (%s) (%s)", @@ -998,7 +1032,7 @@ mod_mbedtls_acme_tls_1 (handler_ctx *hctx) mbedtls_x509_crt *ssl_pemfile_x509 = NULL; mbedtls_pk_context *ssl_pemfile_pkey = NULL; size_t len; - int rc = MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; + int rc = MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; /* check if acme-tls/1 protocol is enabled (path to dir of cert(s) is set)*/ if (!hctx->conf.ssl_acme_tls_1) @@ -1086,12 +1120,16 @@ mod_mbedtls_alpn_h2_policy (handler_ctx * const hctx) return -1; } #endif + #if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */ if (hctx->ssl.major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && hctx->ssl.minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) { log_error(hctx->errh, __FILE__, __LINE__, "SSL: error ALPN h2 requires TLSv1.2 or later"); return -1; } + #else /*(mbedTLS 3.0.0 dropped support for TLSv1.1 and earlier)*/ + UNUSED(hctx); + #endif return 0; } @@ -1139,6 +1177,8 @@ mod_mbedtls_alpn_selected (handler_ctx * const hctx, const char * const in) } +#if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */ +#ifdef MBEDTLS_SSL_SERVER_NAME_INDICATION static int mod_mbedtls_alpn_select_cb (handler_ctx *hctx, const unsigned char *in, const unsigned int inlen) { @@ -1180,6 +1220,8 @@ mod_mbedtls_alpn_select_cb (handler_ctx *hctx, const unsigned char *in, const un return 0; } +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ +#endif /* MBEDTLS_VERSION_NUMBER < 0x03000000 */ /* mbedtls 3.00.0 */ #endif /* MBEDTLS_SSL_ALPN */ @@ -1253,8 +1295,8 @@ mod_mbedtls_ssl_conf_cmd (server *srv, plugin_config_socket *s) break; case 16: if (buffer_eq_icase_ssn(v, "ServerPreference", 16)) { - /* Note: The server uses its own preferences - * over the preference of the client unless + /* Note: before mbedTLS 3.0.0, the server uses its own + * preferences over the preference of the client unless * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE defined! */ s->ssl_honor_cipher_order = flag; continue; @@ -1320,9 +1362,11 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p) /* mbedtls defaults minimum accepted SSL/TLS protocol version TLS v1.0 * use of SSL v3 should be avoided, and SSL v2 is not supported */ + #ifdef MBEDTLS_SSL_PROTO_SSL3 if (s->ssl_use_sslv3) mbedtls_ssl_conf_min_version(s->ssl_ctx, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0); + #endif if (s->ssl_cipher_list) { if (!mod_mbedtls_ssl_conf_ciphersuites(srv,s,NULL,s->ssl_cipher_list)) @@ -1402,6 +1446,12 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p) if (0 != mod_mbedtls_ssl_conf_cmd(srv, s)) return -1; } + #if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.00.0 */ + int order = s->ssl_honor_cipher_order + ? MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER + : MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT; + mbedtls_ssl_conf_preference_order(s->ssl_ctx, order); + #else /* server preference is used (default) unless mbedtls is built with * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE defined (not default) */ #ifndef MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE @@ -1417,6 +1467,7 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p) "ignoring ssl.honor-cipher-order; mbedtls uses client preference " "since mbedtls built MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE"); #endif + #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (s->ssl_session_ticket && !p->ticket_ctx.ticket_lifetime) { /*init once*/ @@ -2044,11 +2095,18 @@ connection_write_cq_ssl (connection * const con, chunkqueue * const cq, off_t ma } +#if MBEDTLS_VERSION_NUMBER >= 0x03020000 /* mbedtls 3.02.0 */ +#define handshake_state(ssl) (ssl)->MBEDTLS_PRIVATE(state) +#elif MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.00.0 */ +#define handshake_state(ssl) (ssl)->MBEDTLS_PRIVATE(state) +#else /* MBEDTLS_VERSION_NUMBER < 0x03000000 */ /* mbedtls 3.00.0 */ +#define handshake_state(ssl) (ssl)->state #ifdef MBEDTLS_SSL_SERVER_NAME_INDICATION #ifdef MBEDTLS_SSL_ALPN static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ); #endif #endif +#endif /* MBEDTLS_VERSION_NUMBER < 0x03000000 */ /* mbedtls 3.00.0 */ static int @@ -2064,9 +2122,12 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx) mbedtls_ssl_conf_sni(hctx->ssl_ctx, mod_mbedtls_SNI, hctx); #endif - if (hctx->ssl.state < MBEDTLS_SSL_SERVER_HELLO) { - while (hctx->ssl.state != MBEDTLS_SSL_SERVER_HELLO - && hctx->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) { + if (handshake_state(&hctx->ssl) < MBEDTLS_SSL_SERVER_HELLO) { + while (handshake_state(&hctx->ssl) != MBEDTLS_SSL_SERVER_HELLO + && handshake_state(&hctx->ssl) != MBEDTLS_SSL_HANDSHAKE_OVER) { + /* disable in mbedtls 3.0+ until alternative callbacks are available + * https://github.com/ARMmbed/mbedtls/issues/5430 */ + #if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */ #ifdef MBEDTLS_SSL_SERVER_NAME_INDICATION #ifdef MBEDTLS_SSL_ALPN /* parse client_hello for ALPN extension prior to mbedtls handshake @@ -2077,10 +2138,12 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx) } #endif #endif + #endif /* MBEDTLS_VERSION_NUMBER < 0x03000000 */ /* mbedtls 3.00.0 */ rc = mbedtls_ssl_handshake_step(&hctx->ssl); if (0 != rc) break; } - if (0 == rc && hctx->ssl.state == MBEDTLS_SSL_SERVER_HELLO) { + if (0 == rc + && handshake_state(&hctx->ssl) == MBEDTLS_SSL_SERVER_HELLO) { #ifdef MBEDTLS_SSL_ALPN const char *alpn = mbedtls_ssl_get_alpn_protocol(&hctx->ssl); if (NULL != alpn) @@ -2089,20 +2152,21 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx) } } - if (0 == rc && hctx->conf.ssl_verifyclient - && hctx->ssl.state >= MBEDTLS_SSL_SERVER_HELLO /*(after SNI and ALPN)*/ - && hctx->ssl.state <= MBEDTLS_SSL_SERVER_HELLO_DONE + if (0 == rc && hctx->conf.ssl_verifyclient /*(after SNI and ALPN)*/ + && handshake_state(&hctx->ssl) >= MBEDTLS_SSL_SERVER_HELLO + && handshake_state(&hctx->ssl) <= MBEDTLS_SSL_SERVER_HELLO_DONE && hctx->alpn != MOD_MBEDTLS_ALPN_ACME_TLS_1) { /*(not "acme-tls/1")*/ int mode = (hctx->conf.ssl_verifyclient_enforce) ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_OPTIONAL; mbedtls_ssl_set_hs_authmode(&hctx->ssl, mode); - while (hctx->ssl.state != MBEDTLS_SSL_CERTIFICATE_REQUEST - && hctx->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) { + while (handshake_state(&hctx->ssl) != MBEDTLS_SSL_CERTIFICATE_REQUEST + && handshake_state(&hctx->ssl) != MBEDTLS_SSL_HANDSHAKE_OVER) { rc = mbedtls_ssl_handshake_step(&hctx->ssl); if (0 != rc) break; } - if (0 == rc && hctx->ssl.state == MBEDTLS_SSL_CERTIFICATE_REQUEST) { + if (0 == rc + && handshake_state(&hctx->ssl) == MBEDTLS_SSL_CERTIFICATE_REQUEST) { rc = mod_mbedtls_conf_verify(hctx); if (0 == rc) rc = mbedtls_ssl_handshake_step(&hctx->ssl); @@ -2110,7 +2174,7 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx) * request (if ssl_ca_dn_file is set), before client certificate * verification (MBEDTLS_SSL_CERTIFICATE_VERIFY) */ if (0 == rc && hctx->conf.ssl_ca_dn_file - && hctx->ssl.state == MBEDTLS_SSL_SERVER_HELLO_DONE) { + && handshake_state(&hctx->ssl)==MBEDTLS_SSL_SERVER_HELLO_DONE) { mbedtls_ssl_context * const ssl = &hctx->ssl; mbedtls_x509_crt *ca_certs = hctx->conf.ssl_ca_file; mbedtls_x509_crl *ca_crl = hctx->conf.ssl_ca_crl_file; @@ -2119,7 +2183,7 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx) } } - if (0 == rc && hctx->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) { + if (0 == rc && handshake_state(&hctx->ssl) != MBEDTLS_SSL_HANDSHAKE_OVER) { rc = mbedtls_ssl_handshake(&hctx->ssl); } @@ -2449,6 +2513,7 @@ __attribute_cold__ static void https_add_ssl_client_verify_err (buffer * const b, uint32_t status) { + #ifndef MBEDTLS_X509_REMOVE_INFO /* get failure string and translate newline to ':', removing last one */ char buf[512]; int n = mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", status); @@ -2457,6 +2522,10 @@ https_add_ssl_client_verify_err (buffer * const b, uint32_t status) nl[0] = ('\0' == nl[1] ? (--n, '\0') : ':'); buffer_append_string_len(b, buf, n); } + #else + UNUSED(b); + UNUSED(status); + #endif } @@ -2525,42 +2594,64 @@ https_add_ssl_client_entries (request_st * const r, handler_ctx * const hctx) } +#if MBEDTLS_VERSION_NUMBER < 0x03020000 /* mbedtls 3.02.0 */ +#define mbedtls_ssl_get_ciphersuite_id_from_ssl(ssl) \ + (ssl)->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(ciphersuite) +#define mbedtls_ssl_ciphersuite_get_name(info) \ + (info)->MBEDTLS_PRIVATE(name) +#endif + static void http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx) { - #if 1 - /* XXX: reaching into ssl_internal.h here for mbedtls_ssl_transform */ - const mbedtls_cipher_info_t *cipher_info = - hctx->ssl.transform->cipher_ctx_enc.cipher_info; - #else - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(hctx->ssl.session->ciphersuite); - const mbedtls_cipher_info_t *cipher_info = - mbedtls_cipher_info_from_type(ciphersuite_info->cipher); - #endif const char *s; s = mbedtls_ssl_get_version(&hctx->ssl); http_header_env_set(r, CONST_STR_LEN("SSL_PROTOCOL"), s, strlen(s)); - /*s = ciphersuite_info->name;*/ /*mbedtls_ssl_get_ciphersuite(&hctx->ssl);*/ - s = cipher_info->name; + const int ciphersuite_id = + mbedtls_ssl_get_ciphersuite_id_from_ssl(&hctx->ssl); + const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); + if (__builtin_expect( (NULL == ciphersuite_info), 0)) return; + + s = mbedtls_ssl_ciphersuite_get_name(ciphersuite_info); http_header_env_set(r, CONST_STR_LEN("SSL_CIPHER"), s, strlen(s)); - #if 0 /*(for use with mbedtls_cipher_info_from_type() above)*/ - if (cipher_info != NULL) - #endif { /* SSL_CIPHER_ALGKEYSIZE - Number of cipher bits (possible) */ /* SSL_CIPHER_USEKEYSIZE - Number of cipher bits (actually used) */ + #if MBEDTLS_VERSION_NUMBER >= 0x03020000 /* mbedtls 3.02.0 */ + size_t algkeysize = + mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info); + #elif MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.00.0 */ + #ifdef MBEDTLS_CIPHER_C + /*(messy transition; ssl->transform is hidden in ssl_internal.h)*/ + const mbedtls_cipher_info_t * const cipher_info = + mbedtls_cipher_info_from_type( + ciphersuite_info->MBEDTLS_PRIVATE(cipher)); + if (__builtin_expect( (NULL == cipher_info), 0)) return; + unsigned int algkeysize = cipher_info->MBEDTLS_PRIVATE(key_bitlen); + #else + if (1) return; + #endif + unsigned int usekeysize = algkeysize; /*(equivalent in modern ciphers)*/ + #else /* XXX: is usekeysize correct? XXX: reaching into ssl_internal.h here */ - int usekeysize = hctx->ssl.transform->cipher_ctx_enc.key_bitlen; - unsigned int algkeysize = cipher_info->key_bitlen; + unsigned int usekeysize = + hctx->ssl.transform->cipher_ctx_enc.key_bitlen; + #ifdef MBEDTLS_CIPHER_C + unsigned int algkeysize = + hctx->ssl.transform->cipher_ctx_enc.cipher_info->key_bitlen; + #else + unsigned int algkeysize = usekeysize; + #endif + #endif char buf[LI_ITOSTRING_LENGTH]; - http_header_env_set(r, CONST_STR_LEN("SSL_CIPHER_USEKEYSIZE"), - buf, li_itostrn(buf, sizeof(buf), usekeysize)); http_header_env_set(r, CONST_STR_LEN("SSL_CIPHER_ALGKEYSIZE"), buf, li_utostrn(buf, sizeof(buf), algkeysize)); + http_header_env_set(r, CONST_STR_LEN("SSL_CIPHER_USEKEYSIZE"), + buf, li_utostrn(buf, sizeof(buf), usekeysize)); } } @@ -2890,6 +2981,7 @@ static const int suite_PSK[] = { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 }; +#ifdef MBEDTLS_SSL_PROTO_TLS1 static const int suite_3DES[] = { /* 3DES suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, @@ -2903,7 +2995,9 @@ static const int suite_3DES[] = { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA }; +#endif +#ifdef MBEDTLS_SSL_PROTO_TLS1 static const int suite_RC4[] = { /* RC4 suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, @@ -2917,12 +3011,15 @@ static const int suite_RC4[] = { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, MBEDTLS_TLS_PSK_WITH_RC4_128_SHA }; +#endif +#ifdef MBEDTLS_SSL_PROTO_SSL3 static const int suite_weak[] = { /* Weak suites */ MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA }; +#endif static const int suite_null[] = { /* NULL suites */ @@ -3073,6 +3170,7 @@ static const int suite_TLSv12[] = { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 }; +#ifdef MBEDTLS_SSL_PROTO_TLS1 /* TLSv1.0 cipher list (supported in mbedtls) * marked with minimum version MBEDTLS_SSL_MINOR_VERSION_1 in * ciphersuite_definitions[] and then sorted by ciphersuite_preference[] @@ -3128,7 +3226,9 @@ static const int suite_TLSv10[] = { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA }; +#endif +#ifdef MBEDTLS_SSL_PROTO_SSL3 /* SSLv3 cipher list (supported in mbedtls) * marked with minimum version MBEDTLS_SSL_MINOR_VERSION_0 in * ciphersuite_definitions[] and then sorted by ciphersuite_preference[] @@ -3158,6 +3258,7 @@ static const int suite_SSLv3[] = { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA }; +#endif /* HIGH cipher list (mapped from openssl list to mbedtls) */ static const int suite_HIGH[] = { @@ -3277,12 +3378,16 @@ static const int suite_HIGH[] = { static int mod_mbedtls_ssl_is_weak_ciphersuite (int id) { + #ifdef MBEDTLS_SSL_PROTO_TLS1 for (uint32_t i = 0; i < sizeof(suite_RC4)/sizeof(suite_RC4[0]); ++i) { if (id == suite_RC4[i]) return 1; } + #endif + #ifdef MBEDTLS_SSL_PROTO_SSL3 for (uint32_t i = 0; i < sizeof(suite_weak)/sizeof(suite_weak[0]); ++i) { if (id == suite_weak[i]) return 1; } + #endif for (uint32_t i = 0; i < sizeof(suite_null)/sizeof(suite_null[0]); ++i) { if (id == suite_null[i]) return 1; } @@ -3440,8 +3545,10 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer mbedtls_ssl_conf_cert_profile(s->ssl_ctx, &mbedtls_x509_crt_profile_suiteb); /* re-initialize mbedtls_ssl_config defaults */ - mbedtls_mpi_free(&s->ssl_ctx->dhm_P); - mbedtls_mpi_free(&s->ssl_ctx->dhm_G); + #if MBEDTLS_VERSION_NUMBER < 0x03020000 /* mbedtls 3.02.0 */ + mbedtls_mpi_free(&s->ssl_ctx->MBEDTLS_PRIVATE(dhm_P)); + mbedtls_mpi_free(&s->ssl_ctx->MBEDTLS_PRIVATE(dhm_G)); + #endif int rc = mbedtls_ssl_config_defaults(s->ssl_ctx, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -3538,6 +3645,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer continue; } + #ifdef MBEDTLS_SSL_PROTO_TLS1 if (buffer_eq_icase_ss(n, nlen, CONST_STR_LEN("TLSv1.0"))) { crt_profile_default = 1; nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, @@ -3546,7 +3654,9 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer if (-1 == nids) return 0; continue; } + #endif + #ifdef MBEDTLS_SSL_PROTO_SSL3 if (buffer_eq_icase_ss(n, nlen, CONST_STR_LEN("SSLv3"))) { crt_profile_default = 1; nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, @@ -3555,6 +3665,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer if (-1 == nids) return 0; continue; } + #endif /* handle a popular recommendations * ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM" @@ -3742,6 +3853,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer continue; } + #ifdef MBEDTLS_SSL_PROTO_TLS1 if (buffer_eq_icase_ss(n, nlen, CONST_STR_LEN("3DES"))) { crt_profile_default = 1; nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, @@ -3750,7 +3862,9 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer if (-1 == nids) return 0; continue; } + #endif + #ifdef MBEDTLS_SSL_PROTO_TLS1 /* not recommended, but permitted if explicitly requested */ /* "RC4" is same as openssl "COMPLEMENTOFALL" */ if (buffer_eq_icase_ss(n, nlen, CONST_STR_LEN("RC4"))) { @@ -3761,6 +3875,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer if (-1 == nids) return 0; continue; } + #endif /* not recommended, but permitted if explicitly requested */ if (buffer_eq_icase_ss(n, nlen, CONST_STR_LEN("NULL")) @@ -3898,28 +4013,53 @@ mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer * #else MBEDTLS_SSL_MINOR_VERSION_3 /* TLS v1.2 */ #endif - : s->ssl_use_sslv3 - ? MBEDTLS_SSL_MINOR_VERSION_0 /* SSL v3.0 */ - : MBEDTLS_SSL_MINOR_VERSION_1; /* TLS v1.0 */ + : + #if defined(MBEDTLS_SSL_MINOR_VERSION_0) \ + || defined(MBEDTLS_SSL_MINOR_VERSION_1) + s->ssl_use_sslv3 + ? + #ifdef MBEDTLS_SSL_MINOR_VERSION_0 + MBEDTLS_SSL_MINOR_VERSION_0 /* SSL v3.0 */ + #else + MBEDTLS_SSL_MINOR_VERSION_1 /* TLS v1.0 */ + #endif + : MBEDTLS_SSL_MINOR_VERSION_1 /* TLS v1.0 */ + #elif defined(MBEDTLS_SSL_MINOR_VERSION_2) + MBEDTLS_SSL_MINOR_VERSION_2 /* TLS v1.1 */ + #else + MBEDTLS_SSL_MINOR_VERSION_3 /* TLS v1.2 */ + #endif + ; + #ifdef MBEDTLS_SSL_MINOR_VERSION_0 else if (buffer_eq_icase_slen(b, CONST_STR_LEN("SSLv3"))) v = MBEDTLS_SSL_MINOR_VERSION_0; /* SSL v3.0 */ + #endif + #ifdef MBEDTLS_SSL_MINOR_VERSION_1 else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) v = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS v1.0 */ + #endif + #ifdef MBEDTLS_SSL_MINOR_VERSION_2 else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.1"))) v = MBEDTLS_SSL_MINOR_VERSION_2; /* TLS v1.1 */ + #endif + #ifdef MBEDTLS_SSL_MINOR_VERSION_3 else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.2"))) v = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS v1.2 */ + #endif #ifdef MBEDTLS_SSL_MINOR_VERSION_4 else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.3"))) v = MBEDTLS_SSL_MINOR_VERSION_4; /* TLS v1.3 */ #endif else { + #ifndef MBEDTLS_SSL_MINOR_VERSION_4 if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.3"))) log_error(srv->errh, __FILE__, __LINE__, "MTLS: ssl.openssl.ssl-conf-cmd %s TLSv1.3 not supported " "by mod_mbedtls; using TLSv1.2", max ? "MaxProtocol" : "MinProtocol"); - else if (buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1")) + else + #endif + if (buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1")) || buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1.2"))) { log_error(srv->errh, __FILE__, __LINE__, "MTLS: ssl.openssl.ssl-conf-cmd %s %s ignored", @@ -3939,6 +4079,7 @@ mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer * : mbedtls_ssl_conf_min_version(s->ssl_ctx,MBEDTLS_SSL_MAJOR_VERSION_3,v); } +#if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */ #ifdef MBEDTLS_SSL_SERVER_NAME_INDICATION #ifdef MBEDTLS_SSL_ALPN /* @@ -3982,7 +4123,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) buf = ssl->in_hdr; /* - * SSLv3/TLS Client Hello + * TLS Client Hello * * Record layer: * 0 . 0 message type @@ -3992,7 +4133,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) */ if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -4000,7 +4141,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) /*(mbedtls_ssl_in_hdr_len() and mbedtls_ssl_hs_hdr_len() are in * mbedtls/ssl_internal.h but simple enough to repeat here) */ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; @@ -4016,7 +4157,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) { if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } if( ( ret = mbedtls_ssl_fetch_input( ssl, @@ -4039,19 +4180,19 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) */ if( msg_len < 4 /*mbedtls_ssl_hs_hdr_len( ssl )*/ ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } /* We don't support fragmentation of ClientHello (yet?) */ if( buf[1] != 0 || msg_len != 4u /*mbedtls_ssl_hs_hdr_len( ssl )*/ + ( ( buf[2] << 8 ) | buf[3] ) ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } buf += 4; /* mbedtls_ssl_hs_hdr_len( ssl ); */ @@ -4080,7 +4221,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) */ if( msg_len < 38 ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -4098,7 +4239,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) if( sess_len > sizeof( ssl->session_negotiate->id ) || sess_len + 34 + 2 > msg_len ) /* 2 for cipherlist length field */ { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -4113,7 +4254,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ ( ciph_len % 2 ) != 0 ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -4127,7 +4268,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) comp_len > 16 || comp_len + comp_offset + 1 > msg_len ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Do not parse the extensions if the protocol is SSLv3 */ @@ -4144,7 +4285,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) { if( msg_len < ext_offset + 2 ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ext_len = ( buf[ext_offset + 0] << 8 ) @@ -4152,7 +4293,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) if( msg_len != ext_offset + 2 + ext_len ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } } else @@ -4165,14 +4306,14 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) unsigned int ext_id; unsigned int ext_size; if ( ext_len < 4 ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) ); ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) ); if( ext_size + 4 > ext_len ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } switch( ext_id ) { @@ -4202,3 +4343,4 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl, handler_ctx *hctx ) } #endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ +#endif /* MBEDTLS_VERSION_NUMBER < 0x03000000 */ /* mbedtls 3.00.0 */ diff --git a/src/sys-crypto-md.h b/src/sys-crypto-md.h index db77aac2..3e0eccf1 100644 --- a/src/sys-crypto-md.h +++ b/src/sys-crypto-md.h @@ -150,7 +150,8 @@ SHA512_Update(SHA512_CTX *ctx, const void *data, size_t length) #elif defined(USE_MBEDTLS_CRYPTO) -#include <mbedtls/config.h> +#include <mbedtls/version.h> +/*#include <mbedtls/compat-2.x.h>*//*(func renames ifdef'd below)*/ #ifdef MBEDTLS_MD4_C #define USE_LIB_CRYPTO_MD4 @@ -184,19 +185,31 @@ static inline int MD5_Init(MD5_CTX *ctx) { mbedtls_md5_init(ctx); + #if MBEDTLS_VERSION_MAJOR >= 3 + return (0 == mbedtls_md5_starts(ctx)); + #else return (0 == mbedtls_md5_starts_ret(ctx)); + #endif } static inline int MD5_Final(unsigned char *digest, MD5_CTX *ctx) { + #if MBEDTLS_VERSION_MAJOR >= 3 + int rc = mbedtls_md5_finish(ctx, digest); + #else int rc = mbedtls_md5_finish_ret(ctx, digest); + #endif mbedtls_md5_free(ctx); return (0 == rc); } static inline int MD5_Update(MD5_CTX *ctx, const void *data, size_t length) { + #if MBEDTLS_VERSION_MAJOR >= 3 + return (0 == mbedtls_md5_update(ctx, data, length)); + #else return (0 == mbedtls_md5_update_ret(ctx, data, length)); + #endif } #endif @@ -208,19 +221,31 @@ static inline int SHA1_Init(SHA_CTX *ctx) { mbedtls_sha1_init(ctx); + #if MBEDTLS_VERSION_MAJOR >= 3 + return (0 == mbedtls_sha1_starts(ctx)); + #else return (0 == mbedtls_sha1_starts_ret(ctx)); + #endif } static inline int SHA1_Final(unsigned char *digest, SHA_CTX *ctx) { + #if MBEDTLS_VERSION_MAJOR >= 3 + int rc = mbedtls_sha1_finish(ctx, digest); + #else int rc = mbedtls_sha1_finish_ret(ctx, digest); + #endif mbedtls_sha1_free(ctx); return (0 == rc); } static inline int SHA1_Update(SHA_CTX *ctx, const void *data, size_t length) { + #if MBEDTLS_VERSION_MAJOR >= 3 + return (0 == mbedtls_sha1_update(ctx, data, length)); + #else return (0 == mbedtls_sha1_update_ret(ctx, data, length)); + #endif } #endif @@ -232,19 +257,31 @@ static inline int SHA256_Init(SHA256_CTX *ctx) { mbedtls_sha256_init(ctx); + #if MBEDTLS_VERSION_MAJOR >= 3 + return (0 == mbedtls_sha256_starts(ctx, 0)); + #else return (0 == mbedtls_sha256_starts_ret(ctx, 0)); + #endif } static inline int SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) { + #if MBEDTLS_VERSION_MAJOR >= 3 + int rc = mbedtls_sha256_finish(ctx, digest); + #else int rc = mbedtls_sha256_finish_ret(ctx, digest); + #endif mbedtls_sha256_free(ctx); return (0 == rc); } static inline int SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length) { + #if MBEDTLS_VERSION_MAJOR >= 3 + return (0 == mbedtls_sha256_update(ctx, data, length)); + #else return (0 == mbedtls_sha256_update_ret(ctx, data, length)); + #endif } #endif @@ -256,19 +293,31 @@ static inline int SHA512_Init(SHA512_CTX *ctx) { mbedtls_sha512_init(ctx); + #if MBEDTLS_VERSION_MAJOR >= 3 + return (0 == mbedtls_sha512_starts(ctx, 0)); + #else return (0 == mbedtls_sha512_starts_ret(ctx, 0)); + #endif } static inline int SHA512_Final(unsigned char *digest, SHA512_CTX *ctx) { + #if MBEDTLS_VERSION_MAJOR >= 3 + int rc = mbedtls_sha512_finish(ctx, digest); + #else int rc = mbedtls_sha512_finish_ret(ctx, digest); + #endif mbedtls_sha512_free(ctx); return (0 == rc); } static inline int SHA512_Update(SHA512_CTX *ctx, const void *data, size_t length) { + #if MBEDTLS_VERSION_MAJOR >= 3 + return (0 == mbedtls_sha512_update(ctx, data, length)); + #else return (0 == mbedtls_sha512_update_ret(ctx, data, length)); + #endif } #endif |