Commit Graph

48 Commits (5a58f6963cc93801b49268bfe2b59d8e6bfe3f10)

Author SHA1 Message Date
Glenn Strauss 309c1693ac [multiple] Y2038 32-bit signed time_t mitigations
Most OS platforms have already provided solutions to
Y2038 32-bit signed time_t 5 - 10 years ago (or more!)
Notable exceptions are Linux i686 and FreeBSD i386.

Since 32-bit systems tend to be embedded systems,
and since many distros take years to pick up new software,
this commit aims to provide Y2038 mitigations for lighttpd
running on 32-bit systems with Y2038-unsafe 32-bit signed time_t

* Y2038: lighttpd 1.4.60 and later report Y2038 safety
  $ lighttpd -V
    + Y2038 support                                    # Y2038-SAFE
  $ lighttpd -V
    - Y2038 support (unsafe 32-bit signed time_t)      # Y2038-UNSAFE

* Y2038: general platform info
  * Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t
      - all major 64-bit platforms (known to this author) use 64-bit time_t
  * Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t
      - Linux x32 ABI (different from i686)
      - FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386
      - NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures
      - OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures
      - Microsoft Windows XP and Visual Studio 2005 (? unsure ?)
        Another reference suggests Visual Studio 2015 defaults to 64-bit time_t
      - MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps
  * Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t
      - e.g. OpenVMS (unknown if lighttpd builds on this platform)
  * Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t
      - Linux 32-bit (including i686)
          - glibc 32-bit library support not yet available for 64-bit time_t
              - Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t
                "Note: at this point, 64-bit time support in dual-time
                 configurations is work-in-progress, so for these
                 configurations, the public API only makes the 32-bit time
                 support available. In a later change, the public API will
                 allow user code to choose the time size for a given
                 compilation unit."
              - compiling with -D_TIME_BITS=64 currently has no effect
          - glibc recent (Jul 2021) mailing list discussion
      - FreeBSD i386
      - DragonFlyBSD 32-bit

* Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t)
  * lighttpd prefers system monotonic clock instead of realtime clock
    in places where realtime clock is not required
  * lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT
  * (lighttpd presumes that lighttpd will not encounter dates before 1970
    during normal operation.)
  * lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t
    to convert negative timestamps for comparisions with 64-bit timestamps
    (treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT)
  * lighttpd provides unix_time64_t (int64_t) and
  * lighttpd provides struct unix_timespec64 (unix_timespec64_t)
    (struct timespec equivalent using unix_time64_t tv_sec member)
  * lighttpd provides gmtime64_r() and localtime64_r() wrappers
    for platforms 32-bit platforms using 32-bit time_t and
    lighttpd temporarily shifts the year in order to use
    gmtime_r() and localtime_r() (or gmtime() and localtime())
    from standard libraries, before readjusting year and passing
    struct tm to formatting functions such as strftime()
  * lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to
    unsigned 32-bit and then to unix_time64_t

* Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT
  on 32-bit platforms using 32-bit signed time_t, underlying libraries and
  underlying filesystems might not behave properly after 32-bit signed time_t
  overflows (19 Jan 2038 03:14:08 GMT).  If a given 32-bit OS does not work
  properly using negative time_t values, then lighttpd likely will not work
  properly on that system.

* Other references and blogs
2021-09-04 08:08:26 -04:00
Glenn Strauss f490078d0f [multiple] buffer_copy_string_len_lc()
convenience wrapper combining
and making a single pass over string
2021-08-27 02:16:53 -04:00
Glenn Strauss af3df29ae8 [multiple] reduce redundant NULL buffer checks
This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.

Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.

In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func.  In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.

- check for empty strings at config time and set value to NULL if blank
  string will be ignored at runtime; at runtime, simple pointer check
  for NULL can be used to check for a value that has been set and is not
  blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
  and use buffer_is_unset() instead of buffer_is_empty(),
  where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
  known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
  truncate string, and use buffer_extend() to extend

Examples where buffer known not to be NULL:
  - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
    (though we might set it to NULL if buffer_is_blank(cpv->v.b))
  - address of buffer is arg (&foo)
    (compiler optimizer detects this in most, but not all, cases)
  - buffer is checked for NULL earlier in func
  - buffer is accessed in same scope without a NULL check (e.g. b->ptr)

internal behavior change:
  callers must not pass a NULL buffer to some funcs.
  - buffer_init_buffer() requires non-null args
  - buffer_copy_buffer() requires non-null args
  - buffer_append_string_buffer() requires non-null args
  - buffer_string_space() requires non-null arg
2021-08-27 02:16:53 -04:00
Glenn Strauss 4a246a8754 [TLS] write_cq_ssl defer remove_finished_chunks
not expecting 0-length chunks, but handle within loops as cold path

mark some cold paths in read_cq_ssl and write_cq_ssl callback funcs
2021-08-27 02:16:53 -04:00
Glenn Strauss 3538f8f2a4 [mod_auth*] rename http_auth.* -> mod_auth_api.*
rename http_auth.[ch] -> mod_auth_api.[ch]
2021-08-27 02:16:52 -04:00
Glenn Strauss 08c03cd450 [multiple] rename safe_memclear() -> ck_memzero() 2021-08-27 02:16:52 -04:00
Glenn Strauss 924d3c9bd6 [multiple] mark con->srv_socket a const ptr 2021-05-13 02:09:48 -04:00
Glenn Strauss 92d467b45e [TLS] ALPN h2 policy
HTTP/2 requires that TLS protocol >= TLSv1.2
HTTP/2 requires that TLS record compression be disabled
HTTP/2 requires that TLSv1.2 renegotiation be disabled

HTTP/2 requires that TLS SNI extension be presented with ALPN h2
  (not enforced;
   SNI omitted by client when connecting to IP instead of to name)

RFC 7540 9.2 Use of TLS Features
"Implementations are encouraged to provide defaults that comply,
 but it is recognized that deployments are ultimately responsible
 for compliance."

If TLS record compression or renegotiation are for some reason required
(which is strongly discouraged), then disable HTTP/2 in lighttpd with
  server.feature-flags = ("server.h2proto" => "disable")
2021-05-06 17:34:58 -04:00
Glenn Strauss f13752f3da [multiple] quiet coverity warnings
includes rejigger of some code in buffer.c for Coverity to have better
visibility into what is happening in internal, private funcs
2021-04-07 01:06:55 -04:00
Glenn Strauss 454ecaa5f9 [TLS] rename*file options
rename to reflect use for verifying client certificate
(old names are still accepted, but are discouraged)     ->  -> ->
2021-04-06 22:31:08 -04:00
Glenn Strauss 680e6b3bca [multiple] buffer_copy_path_len2() aggregate 2021-04-02 01:16:42 -04:00
Glenn Strauss 4863c9a63c [multiple] pass len when copying constant strings 2021-04-02 01:16:12 -04:00
Glenn Strauss 0ffb8167c1 [TLS] use stack for SSL_CLIENT_S_DN_* tag
(reduce use of r->tmp_buf in TLS modules)
2021-03-26 22:38:36 -04:00
Glenn Strauss 250ced26d8 [TLS] https_add_ssl_client_verify_err()
separate routine for printing client certificate verification error

more consistent SSL_CLIENT_M_SERIAL between modules
2021-03-26 22:38:36 -04:00
Glenn Strauss 26f354cb37 [multiple] http_header APIs to reduce str copies 2021-03-26 22:38:36 -04:00
Glenn Strauss d50d4dc0e5 [TLS] init STEK even if time is 1970 (fixes #3075)
(thx DamienT)

  "TLS 1.3 with SessionTicket fail for the first 8 hours of 1970"
2021-03-26 07:33:42 -04:00
Glenn Strauss 46269cf3a3 [mod_mbedtls] preproc wrap ssl_parse_client_hello
wrap ssl_parse_client_hello() with preprocessor definitions
2021-02-09 13:24:24 -05:00
Glenn Strauss 2403cc4f09 [mod_gnutls,mod_mbedtls] recog common cipherstring
recognize and translate a common recommended cipherstring

 without CBC ciphers reported as weak by SSLLabs)
2021-02-05 02:26:20 -05:00
Glenn Strauss b0439d8fa8 [mod_mbedtls] remove redundant condition check
(identified by coverity)
2021-02-02 01:06:58 -05:00
Glenn Strauss 3edeb6b432 [mod_mbedtls] restore ALPN chk after client hello
(removed two commits ago)

must check selected ALPN after client hello has completed
for case where hctx->conf.ssl_acme_tls_1 is not enabled
or else ALPN "h2" will not be detected
2021-02-01 08:18:08 -05:00
Glenn Strauss b80d287df7 [mod_mbedtls] fix acme-tls/1 challenge bootstrap
mbedtls does not provide a callback for ALPN and expects certificate to
be set in SNI callback (if set), while still in MBEDTLS_SSL_CLIENT_HELLO
state.  Waiting until after MBEDTLS_SSL_CLIENT_HELLO would be fine for
using ALPN for "h2", but is too late to set acme-tls/1 challenge cert.
Therefore, parse client hello for ALPN prior to initiating mbedtls
processing of handshake.
2021-02-01 03:08:48 -05:00
Glenn Strauss 889d53aea4 [mod_mbedtls] fix acme-tls/1 challenge bootstrap
handle id-pe-acmeIdentifier OID in custom callback
(requires mbedtls 2.23.0 or later)
2021-02-01 03:06:52 -05:00
Glenn Strauss 2d78182546 [TLS] set r->uri.authority empty str upon accept()
ensure not NULL for error messages
2021-01-30 22:17:40 -05:00
Glenn Strauss 18fc244a8e [TLS] fix invalid cfg warning 2021-01-30 22:17:40 -05:00
Glenn Strauss 1098de533a [mod_gnutls,mod_mbedtls] recog common cipherstring
recognize and translate a common recommended cipherstring

 without CBC ciphers reported as weak by SSLLabs)
2021-01-29 13:11:19 -05:00
Glenn Strauss 915b4ef3fc [multiple] fix TLS config string parsing
flagged by coverity

(incomplete fix a few commits back)
2021-01-17 15:50:28 -05:00
Glenn Strauss d5b166c04d [multiple] fix TLS config string parsing
flagged by coverity

final segment of colon (':') separated string was being ignored
in some TLS config strings in mod_gnutls and mod_mbedtls

workaround: add ':' at end of config string (or apply this patch)
2021-01-17 14:33:19 -05:00
Glenn Strauss 0e2a14921e [multiple] fix coverity warnings 2021-01-17 14:32:46 -05:00
Glenn Strauss 3088c76c8c [mod_mbedtls] use local strncmp_const()
On some older gcc, strncmp is a macro and expects three arguments,
but does not see expansion of lighttpd CONST_STR_LEN() macro before
warning/error about incorrect number of arguments
2020-12-28 09:13:21 -05:00
Glenn Strauss 171a064036 [mod_mbedtls] include mbedtls/platform_util.h
include mbedtls/platform_util.h for mbedtls_platform_zeroize()
(instead of relying on an indirect include)

(fixes build with (very old) mbedtls-2.14.0)
2020-12-28 08:54:50 -05:00
Glenn Strauss 1212f60991 buffer_append_path_len() to join paths
use buffer_append_path_len() to join path segments
2020-12-24 16:13:20 -05:00
Glenn Strauss 6fb63fa8d6 [multiple] include mbedtls/config.h after select
include mbedtls/config.h crypto lib config
after selecting crypto lib to use
2020-10-29 16:41:27 -04:00
Glenn Strauss 31fc3a0773 [TLS] server.feature-flags "ssl.session-cache"
disabled by default, but can be enabled
(session tickets should be preferred)

applies to mod_openssl, mod_wolfssl, mod_nss

session cache is not currently implemented in mod_mbedtls or mod_gnutls
2020-10-29 01:05:55 -04:00
Glenn Strauss 1d27391c29 [mod_mbedtls] wrap addtl code in preproc defines
wrap additional code in preprocessor defines to check if enabled in lib
2020-10-28 22:58:47 -04:00
Glenn Strauss 949662d27e [multiple] add some missing config cleanup
(thx stbuehler)
2020-10-24 16:08:21 -04:00
Glenn Strauss 61f7d531eb [mod_mbedtls] newer mbedTLS vers support TLSv1.3 2020-10-24 02:03:05 -04:00
Glenn Strauss f98dff9bc3 [mod_mbedtls] quiet unused variable warning 2020-10-20 23:16:00 -04:00
Glenn Strauss d865d8c330 [TLS] ignore empty "CipherString" in ssl-conf-cmd
e.g. ssl.openssl.ssl-conf-cmd = ("CipherString" => "")
2020-10-19 21:40:14 -04:00
Glenn Strauss 496cd8ff44 [mod_mbedtls] quiet CLOSE_NOTIFY after conn reset
do not log error after connection reset
2020-10-13 22:31:10 -04:00
Glenn Strauss 874707cd66 [TLS] use fdevent_load_file_bytes() for STEK file
remove direct dependency on <unistd.h> from lighttpd TLS modules
2020-10-11 12:19:27 -04:00
Glenn Strauss 16a70b9253 [multiple] TLS modules use chunkqueue_peek_data() 2020-10-11 12:19:27 -04:00
Glenn Strauss a330746f06 [TLS] error if inherit empty TLS cfg from globals
error if $SERVER["socket"] inherits empty TLS config from global scope
and ssl.engine = "enable" in the $SERVER["socket"]
2020-10-11 12:19:26 -04:00
Glenn Strauss bbcc2f229a [multiple] allow TLS ALPN "h2" if "server.h2proto" 2020-10-03 09:05:38 -04:00
Glenn Strauss 33c8cf41db [multiple] rename connection_reset hook to request
rename connection_reset to handle_request_reset
2020-08-02 07:47:41 -04:00
Glenn Strauss 164f7600b7 [multiple] con hooks store ctx in con->plugin_ctx
modules with connection level hooks now store ctx in con->plugin_ctx
2020-08-02 07:47:41 -04:00
Glenn Strauss 0ad57da55b [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file
employ fdevent_load_file() to load CRL, X509 cert, and private key files
into memory
2020-07-08 22:51:32 -04:00
Glenn Strauss 3e2e8e6d29 [mod_mbedtls] ssl.stek-file to specify encrypt key
difference from mod_openssl:

Admin should schedule an independent job to periodically
generate a new STEK up to 2 times during key lifetime
(mbedtls internals store up to 2 keys)

(more details in prior commit message for mod_openssl)
2020-07-08 22:51:31 -04:00
Glenn Strauss cb753ec5b5 [mod_mbedtls] mbedTLS option for TLS

mod_mbedtls supports most ssl.* config options supported by mod_openssl

thx Ward Willats for the initial discussion and attempt in the comments
2020-07-08 22:51:31 -04:00