ssl_engine_init.c

Checkout Tools
  • last updated 3 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
mod_ssl: Update the ssl_var_lookup() API:

a) constify return value and variable name passed-in

b) require that pool argument is non-NULL

c) add gcc warning attributes for NULL arguments or ignored result.

This allows removal of inefficient internal duplication of constant

strings which was necessary only to allow non-const char *, and

removal of unsafe casts to/from const in various places.

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup): Assume pool is

non-NULL; return constant and remove apr_pstrdup of constant

result string. Also constify variable name.

(ssl_var_lookup_*): Update to return const char * and avoid

duplication where now possible.

* modules/ssl/mod_ssl.h: Update ssl_var_lookup() optional function

API description and add GCC warning attributes as per private API.

* modules/ssl/ssl_engine_init.c (ssl_add_version_components): Adjust

for const return value.

* modules/ssl/ssl_engine_io.c (ssl_io_filter_handshake): Pass c->pool

to ssl_var_lookup.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Pass r->pool to

ssl_var_lookup, expect const return and dup the string since r->user

is char *.

(log_tracing_state): Pass c->pool to ssl_var_lookup.

* modules/http2/h2_h2.c (h2_is_acceptable_connection): Assume

return value of ssl_var_lookup is const.

Github: closes #120

  1. … 7 more files in changeset.
mod_ssl: Drop SSLRandomSeed implementation with OpenSSL 1.1.1.

Require that OpenSSL is configured with a suitable entropy source,

or fail startup otherwise.

* modules/ssl/ssl_private.h:

Define MODSSL_USE_SSLRAND for OpenSSL < 1.1.1.

(SSLModConfigRec): Only define pid, aRandSeed for <1.1.1.

(ssl_rand_seed): Define as noop if !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_init.c (ssl_init_Module):

Only initialize mc->pid for MODSSL_USE_SSLRAND.

Fail if RAND_status() returns zero.

(ssl_init_Child): Drop getpid and srand for !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_rand.c: ifdef-out for !MODSSL_USE_SSLRAND.

(ssl_rand_seed): Drop warning if PRNG not seeded (now a startup

error as above).

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Drop

aRandSeed initialization. (ssl_cmd_SSLRandomSeed): Log a warning if

used w/!MODSSL_USE_SSLRAND.

Github: closes #123

  1. … 5 more files in changeset.
mod_ssl: Switch to using SSL_OP_NO_RENEGOTATION (where available) to

block client-initiated renegotiation with TLSv1.2 and earlier.

* modules/ssl/ssl_private.h: Define modssl_reneg_state enum,

modssl_set_reneg_state function.

* modules/ssl/ssl_engine_io.c (bio_filter_out_write,

bio_filter_in_read): #ifdef-out reneg protection if

SSL_OP_NO_RENEGOTATION is defined.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol):

Enable SSL_OP_NO_RENEGOTATION.

(ssl_init_ctx_callbacks): Only enable the "info" callback if

debug-level logging *or* OpenSSL doesn't support SSL_OP_NO_RENEGOTATION.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_classic): Use

modssl_set_reneg_state to set the reneg protection mode.

(ssl_hook_Access_modern): Drop manipulation of the reneg mode which

does nothing for TLSv1.3 already.

(ssl_callback_Info): Only enable reneg protection if

SSL_OP_NO_RENEGOTATION is *not* defined.

* modules/ssl/ssl_util_ssl.c (modssl_set_reneg_state): New function.

  1. … 5 more files in changeset.
mod_ssl: Calculate the MD5 digest used as the session context once per

vhost at startup, rather than building it for each new connection.

* modules/ssl/ssl_private.h (struct SSLSrvConfigRec):

Replace vhost_id_len field with vhost_md5.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Build the

sc->vhost_md5 hash here.

* modules/ssl/mod_ssl.c: Fail at compile time if the

SSL_set_session_id_context() API constraint on context length is

violated.

(ssl_init_ssl_connection): Use sc->vhost_md5.

* modules/ssl/ssl_engine_kernel.c (ssl_find_vhost): Use sc->vhost_md5

after renegotiation.

  1. … 4 more files in changeset.
Prior to r1877345 mc->pPool was the process pool (s->process->pool).

Drop the field from SSLModConfigRec and use pconf instead (where

appropriate) to match the new SSLModConfigRec lifetime.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_DelSessionCacheEntry):

Explicitly (and probably unsafely) use the process pool.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLRandomSeed): Use

cmd->pool to allocate paths.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Use pconf

to allocate the keylog_file.

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup): Drop lookup

of SSLModConfigRec and use s->process->pool when no pool is

passed.

  1. … 4 more files in changeset.
mod_ssl: Use retained data API for storing private keys across reloads.

Allocate SSLModConfigRec from pconf rather than the process pool.

* modules/ssl/ssl_private.h: Add modssl_retained_data_t structure and

move private key storage here from SSLModConfigRec. Add retained

pointer to SSLModConfigRec.

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Take

pool argument; allocate SSLModConfigRec from there and

initialize mc->retained. SSLModConfigRec no longer cached for the

process lifetime.

(ssl_init_Module): Sanity check that sc->mc is correct.

(ssl_init_server_certs): Use private keys from mc->retained.

* modules/ssl/ssl_engine_pphrase.c

(privkey_vhost_keyid): Rename from asn1_table_vhost_key and

update to use the retained structure.

(ssl_load_encrypted_pkey): Update for above.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Remove

(apparently) redundant call to ssl_config_global_create and

add debug asserts to validate that is safe.

Github: closes #119

  1. … 3 more files in changeset.
* modules/ssl/ssl_engine_init.c (ssl_add_version_components,

ssl_init_Module): Use temporary pool for variable lookup results

which don't need to live in pconf.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Pass base_server in

OpenSSL init log message rather than NULL (and likely dropping the

log entry).

Move FIPS mode config option to SSLModConfigRec since it is a global

SSL library setting. Additionally, always log the FIPS mode since it

can be set outside of the httpd config.

* modules/ssl/ssl_private.h (SSLModConfigRec): Move fips field here.

(SSLSrvConfigRec): ... from here.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLFIPS): Adjust for fips

field move.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Adjust for fips

field move. Always log the OpenSSL FIPS mode state even if SSLFIPS

is not used.

  1. … 2 more files in changeset.
mod_ssl: follow up to r1876934: use OPENSSL_cleanse().

memset() might be optimized away by the compiler since buf[] (on the stack)

is not used anymore.

mod_ssl: follow up to r1876934: wrap DH_bits()

DH_get0_p() seems to be undefined for some openssl versions, so it can't

be used to implement DH_bits() generically.

Add new a modssl_DH_bits() wrapper to call DH_bits() for openssl < 3,

and BN_num_bits(DH_get0_p(dh)) otherwise.

mod_ssl: follow up to r1876934: OSSL_PARAM_construct_*() make no copy.

Pass OSSL_PARAM_construct_octet_string() an explicit copy of the MAC key

to avoid saving a pointer to stack.

While at it, cleanup secret data from buf before leaving.

mod_ssl: follow up to r1876934: fix !modssl_X509_STORE_load_locations() logic.

mod_ssl: add compatibility with OpenSSL 3.0.0

Wrappers around deprecated API:

* X509_STORE_load_locations() => modssl_X509_STORE_load_locations(),

* CTX_load_verify_locations() => modssl_CTX_load_verify_locations(),

* ERR_peek_error_line_data() => modssl_ERR_peek_error_data(),

* DH_bits(dh) => BN_num_bits(DH_get0_p(dh)).

Provide a compatible version of ssl_callback_SessionTicket() which does not

use the deprecated HMAC_CTX and HMAC_Init_ex(), replaced by EVP_MAC_CTX and

EVP_MAC_CTX_set_params() respectively. This requires adapting struct

modssl_ticket_key_t to replace hmac_secret[] with OSSL_PARAM mac_params[],

created once at load time still.

The callback is registered by SSL_CTX_set_tlsext_ticket_key_evp_cb() instead

of SSL_CTX_set_tlsext_ticket_key_cb().

Since BIO_eof() may now be called openssl-3 state machine, the never-called

assertion in bio_filter_in_ctrl() does not hold anymore, and we have to

handle BIO_CTRL_EOF. For any other cmd, we continue to AP_DEBUG_ASSERT(0) and

log an error, yet the return value is changed from -1 to 0 which is the usual

unhandled value.

Note that OpenSSL 3.0.0 is still in alpha stage as of now, the API shouldn't

change though, neither breakage to 1.x.x API.

  1. … 4 more files in changeset.
fix build with LibreSSL 2.0.7+

bz 64047

  1. … 1 more file in changeset.
* modules/ssl/ssl_engine_init.c (ssl_init_Module): Avoid some bogus

gcc -Wmaybe-uninitialized warnings in (slightly odd) SSLFIPS

handling.

mod_ssl: Log private key material to file set by $SSLKEYLOGFILE in the

environment, using the standard format which can be parsed by (e.g.)

wireshark for decoding SSL/TLS traffic; supported from OpenSSL 1.1.1.

* modules/ssl/ssl_private.h: Add keylog_file to SSLModConfigRec.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Open log file if

SSLKEYLOGFILE is set in the environment.

(ssl_init_ctx_protocol): Register the keylog callback with OpenSSL.

* modules/ssl/ssl_engine_kernel.c (modssl_callback_keylog):

New function.

PR: 63391

Github: closes #74

  1. … 5 more files in changeset.
mod_ssl: follow up to r1868645.

Restore ssl_callback_ServerNameIndication() even with OpenSSL 1.1.1+, which

depends on its return value (OK/NOACK), mainly on session resumption, for

SSL_get_servername() to consider or ignore the SNI (returning NULL thus

making SSLStrictSNIVHostCheck fail for possibly legitimate cases).

This means that init_vhost() should accurately return whether the SNI exists

in the configured vhosts, even when it's called multiple times (e.g. first

from ClientHello callback and then from SNI callback), so save that state in

sslconn->vhost_found and reuse it.

  1. … 2 more files in changeset.
mod_ssl: negotiate the TLS protocol version per name based vhost configuration.

By using the new ClientHello callback provided by OpenSSL 1.1.1, which runs at

the earliest connection stage, we can switch the SSL_CTX of the SSL connection

early enough for OpenSSL to take into account the protocol configuration of the

vhost.

In other words:

SSL_set_SSL_CTX(c->SSL, s->SSL_CTX)

followed by:

SSL_set_{min,max}_proto_version(SSL_CTX_get_{min,max}_proto_version(s->SSL_CTX))

works as expected at this stage (while the same from the SNI callback is

ignored by/due to OpenSSL's state machine).

Extracting the SNI (to select the relevant vhost) in the ClientHello callback

is not as easy as calling SSL_get_servername() though, we have to work with

the raw TLS extensions helpers provided by OpenSSL. I stole this code from a

test in the OpenSSL source code (i.e. client_hello_select_server_ctx() in

test/handshake_helper.c).

We can then call init_vhost() as with the SNI callback (in use only for OpenSSL

versions earlier than 1.1.1 now), and pass it the extracted SNI.

  1. … 2 more files in changeset.
*) mod_ssl: reverting a 2.4.40 change where a superfluous SSLCertificateChainFile configuration

for a domain managed by mod_md caused a startup error. This happened when mod_md installed

its fallback certificate, before it got the first real certificate from Lets Encrypt.

  1. … 1 more file in changeset.
* moving the openssl related new hooks into mod_ssl_openssl.h

* chaning type parameter to openssl types

* adding explanation of return value in get_stapling_status()

* adding array element description for add_cert_files and add_fallback_cert_files hooks

  1. … 3 more files in changeset.
*) mod_ssl/mod_md:

Adding 2 new hooks for init/get of OCSP stapling status information when

other modules want to provide those. Falls back to own implementation with

same behaviour as before.

  1. … 3 more files in changeset.
*) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks for

adding certificates and keys to a virtual host. An additional hook allows

answering special TLS connections as used in ACME challenges.

  1. … 4 more files in changeset.
After reinstatement of DSO support in APR/APR-util, revert r1837437,

r1837435, r1834553, r1833598, r1833452, r1833383, r1833368.

Undoes the following:

mod_ssl: OpenSSL now initializes fully through APR, use that.

mod_ssl: build with LibreSSL.

LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).

So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7

compatibility-exceptions are handled explicitely but overall it's simpler.

Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the

former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,

while the latter has never been (and will never be) defined. So don't call any

with LibreSSL.

Follow up to r1833368: share openssl between modules.

Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto

can use the same crypto library (e.g. openssl), use the new APR crypto loading

API so that they can work together and initialize/terminate the lib either once

for all or on demand and reusable by the others.

Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.

Make use of the new apr_crypto_rng API if available.

  1. … 5 more files in changeset.
mod_ssl: unset FIPS mode only if we set it.

If FIPS mode is set by default per openssl lib/module, we should not

unset it on restart or it might never be set again.

PR 63136

  1. … 1 more file in changeset.
*) mod_ssl: clear *SSL errors before loading certificates and checking

afterwards. Otherwise errors are reported when other SSL using modules

are in play. Fixes PR 62880. [Michael Kaufmann]

  1. … 2 more files in changeset.
* modules/ssl/ssl_engine_init.c: Fix typo in log message.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol):

Disable AUTO_RETRY mode for OpenSSL 1.1.1, which fixes

post-handshake authentication.

(ssl_init_proxy_certs): Fix proxy client cert support with

TLSv1.3, which is now crippled by default.

mod_ssl: OpenSSL now initializes fully through APR, use that.

Follow up to r1833368 and r1833452.

  1. … 1 more file in changeset.
Hook up PKCS#11 PIN entry through configured passphrase entry method.

* modules/ssl/ssl_engine_pphrase.c: Add wrappers for OpenSSL UI * API

around passphrase entry.

(modssl_load_engine_keypair): Take vhost ID and use above rather than

default OpenSSL UI.

* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Pass vhost ID.

Submitted by: Anderson Sasaki<ansaski redhat.com>, jorton

  1. … 2 more files in changeset.