Felix Fietkau [Fri, 19 Apr 2024 14:43:35 +0000 (16:43 +0200)]
ustream-ssl: add support for using a fd instead of ustream as backing
This improves performance by avoiding double buffering
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 18 Apr 2024 12:55:19 +0000 (14:55 +0200)]
ustream-ssl: increase number of read buffers
Fix dealing with larger TLS transactions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 18 Apr 2024 12:54:28 +0000 (14:54 +0200)]
ustream-ssl: poll connection on incomplete reads
Reduces uloop roundtrips
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 18 Apr 2024 11:17:34 +0000 (13:17 +0200)]
mbedtls: another cosmetic ifdef fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 18 Apr 2024 11:16:45 +0000 (13:16 +0200)]
mbedtls: add ifdefs to fix legacy compatibility
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 18 Apr 2024 10:42:01 +0000 (12:42 +0200)]
mbedtls: handle session tickets for TLS 1.3
Store them inside the context in order to handle reconnect
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 7 Apr 2024 16:54:04 +0000 (18:54 +0200)]
mbedtls: add missing ifdef for build with disabled debug
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 7 Apr 2024 14:57:29 +0000 (16:57 +0200)]
mbedtls: disable TLS 1.3 in client mode when skipping verification
mbedtls currently forces verification for TLS 1.3 client connections.
At some point in the future, this can probably be worked around with an
extra callback, but for now disabling TLS 1.3 is the only way.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 7 Apr 2024 14:43:47 +0000 (16:43 +0200)]
mbedtls: add TLS 1.3 ciphers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 7 Apr 2024 14:15:34 +0000 (16:15 +0200)]
add callbacks for debug messages
This is useful for tracking down connection issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 3 Apr 2024 20:31:29 +0000 (22:31 +0200)]
ustream-mbedtls: add missing psa_crypto_init call
Required for a few features, including TLS1.3 on newer mbedtls versions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 26 Mar 2024 18:40:51 +0000 (19:40 +0100)]
mbedtls: fix build on non-linux systems
Deal with missing getrandom. Comment out linker flag.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hauke Mehrtens [Sat, 11 Nov 2023 21:18:18 +0000 (22:18 +0100)]
cmake: Fail if undefined symbols are used
Make the linking of the shared library fail when undefined symbols are
used. Linking undefined symbols in a shared library normally works and
the linking of the binary using the shared library fails. We also
compile some example applications and they failed already.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 11 Nov 2023 21:13:24 +0000 (22:13 +0100)]
ustream-mbedtls: Add compatibility with Mbed TLS 3.0.0
This adds support for compiling the code against Mbed TLS 3.0.0.
It still compiles against Mbed TLS 2.28.
The following changes were needed:
* DES and 3DES was removed
* mbedtls_pk_context->pk_info is private, use mbedtls_pk_get_type()
to check if it was initialized
* mbedtls_pk_parse_keyfile() now gets a random callback
* mbedtls/certs.h contains test data and is not installed any more and
not needed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 19 Feb 2023 20:11:12 +0000 (21:11 +0100)]
ustream-mbedtls: Use getrandom() instead of /dev/urandom
Instead of keeping a file descriptor open just use the getrandom syscall
to get random data. This is supported by musl libc, glibc and Linux for
some time now.
This also improves the error handling in case this function returns not
as many bytes as expected.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Torsten Duwe <duwe@lst.de>
Martin Schiller [Wed, 7 Dec 2022 09:45:04 +0000 (10:45 +0100)]
ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
This fixes CVE-2011-1473 and CVE-2011-5094 by disabling renegotiation in
TLSv1.2 and earlier for server context.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Petr Štetiar [Thu, 7 Apr 2022 08:34:22 +0000 (10:34 +0200)]
ci: fix building with i.MX6 SDK
imx6 target was refactored into imx/cortexa9 subtarget in upstream
commit
d2fb495a9d2a ("imx: split into arch-specific subtargets").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Tue, 22 Feb 2022 12:59:27 +0000 (13:59 +0100)]
ustream-openssl: wolfSSL: provide detailed information in debug builds
Show detailed information about the session/peer in debug builds:
$ wget https://letsencrypt.org
Alternate cert chain used
issuer : /C=US/O=Let's Encrypt/CN=R3
subject: /CN=lencr.org
altname = lencr.org
altname = letsencrypt.com
altname = letsencrypt.org
altname = www.lencr.org
altname = www.letsencrypt.com
altname = www.letsencrypt.org
serial number:03:4e:29:5a:d6:74:ae:fd:51:cd:0d:61:11:f9:e3:e3:bd:88
Certificate:
...snip...
our cert info: No Cert
Peer verify result = 39
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_256_GCM_SHA384
SSL curve name is SECP256R1
Alternate cert chain used
As it makes debugging issues like #9283 easier.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 17 Feb 2022 12:04:45 +0000 (13:04 +0100)]
cmake: add a possibility to set library version
Add a new `ABIVERSION` define which allows to control the SOVERSION used
for the built shared library. This is needed for downstream packaging to
properly track breaking ABI changes when updating to newer versions of
the library.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Sergey V. Lobanov [Sat, 1 Jan 2022 19:28:46 +0000 (22:28 +0300)]
ustream-openssl: wolfSSL: Add compatibility for wolfssl >= 5.0
NTRU support has been removed in wolfssl 5.0 so it is required to
mask NTRU specific code if wolfssl >= 5.0
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Petr Štetiar [Tue, 8 Dec 2020 15:51:44 +0000 (16:51 +0100)]
Add initial GitLab CI support
Uses currently proof-of-concept openwrt-ci[1] in order to:
* improve the quality of the codebase in various areas
* decrease code review time and help merging contributions faster
* get automagic feedback loop on various platforms and tools
- out of tree build with OpenWrt SDK on following targets:
* ath79-generic
* imx6-generic
* malta-be
* mvebu-cortexa53
- out of tree native build on x86/64 with GCC (versions 8, 9, 10) and Clang 10
- out of tree native x86/64 static code analysis with cppcheck and
scan-build from Clang 10
1. https://gitlab.com/ynezz/openwrt-ci/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 10 Dec 2020 15:00:02 +0000 (16:00 +0100)]
wolfssl: remove now deprecated compatibility code
Mainly that NO_X509_CHECK_HOST is causing certificate validation issues
in some setups:
root@OpenWrt:/# wget https://www.google.com
Downloading 'https://www.google.com'
Connecting to 172.217.23.196:443
Connection error: Server hostname does not match SSL certificate
but instead of spending time on fixing it, I've simply decided to remove
it as we're now on wolfSSL 4.5.0 and those symbols should be avaialable
so no symbol detection and handling should be needed anymore.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 10 Dec 2020 13:51:25 +0000 (14:51 +0100)]
ustream-mbedtls: fix certificate verification
Fixes certificate verification if no CA certificates are available, it's
visible when you run:
$ uclient-fetch https://www.openwrt.org
(so no explicit certificate is given) and have *not* installed
`ca-certificates` or `ca-bundle` package, mbed TLS obviously can't do
verification since no root certificates are available. But then it
simply ignores the issue and continues SSL handshake without warning.
Further, if you run it like:
$ uclient-fetch --ca-certificate=/dev/null https://www.openwrt.org
ustream-mbedtls also does not do verification at all (gives no warning
either).
References: https://lists.infradead.org/pipermail/openwrt-devel/2018-August/019183.html
Suggested-by: Paul Wassi <p.wassi@gmx.at>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 10 Dec 2020 11:21:33 +0000 (12:21 +0100)]
ustream-mbedtls: implement set_require_validation
In commit "ustream-openssl: wolfSSL: fix certificate validation" we've
added new set_require_validation() function so implement it for mbed TLS
as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Wed, 9 Dec 2020 16:51:18 +0000 (17:51 +0100)]
ustream-openssl: wolfSSL: fix certificate validation
Currently wolfSSL doesn't validate any certificates, quoting from
README:
wolfSSL takes a different approach to certificate verification than
OpenSSL does. The default policy for the client is to verify the server,
this means that if you don't load CAs to verify the server you'll get a
connect error, no signer error to confirm failure (-188).
If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
verifying the server fails and reducing security you can do this by calling:
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new();. Though it's not recommended.
wolfSSL simply behaves differently then OpenSSL so once you set
SSL_VERIFY_NONE wolfSSL doesn't care about the certificates anymore so
every call to SSL_get_verify_result() is going to succeed (returns
X509_V_OK) even for invalid certificates and current OpenSSL based post
connection verification logic thus doesn't work.
So in order to get the validation working we need to use SSL_VERIFY_PEER
for wolfSSL by default and allow disabling it explicitly by new
`context_set_require_validation()` call. In order to keep the same error
handling/messages via `notify_verify_error()` callback we as well need
to handle certificate errors manually.
Fixes: FS#3465
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Tue, 8 Dec 2020 15:43:29 +0000 (16:43 +0100)]
cmake: enable extra compiler checks
Let's enforce additional automatic checks enforced by the compiler in
order to catch possible errors during compilation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 10 Dec 2020 11:09:48 +0000 (12:09 +0100)]
ustream-mbedtls: fix comparison of integers of different signs
Fixes following compiler extra warning:
ustream-mbedtls.c:40:11: error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
if (slen > len)
~~~~ ^ ~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Wed, 9 Dec 2020 12:46:58 +0000 (13:46 +0100)]
ustream-openssl: fix BIO_method memory leak
Fixes following issues as reported by clang-12 LeakSanitizer:
$ uclient-fetch-san -q -O /dev/null 'https://expired.badssl.com/'
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x49716d in malloc (uclient-fetch-san+0x49716d)
#1 0x7f551cbabe58 in CRYPTO_zalloc (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x17ae58)
Indirect leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x49716d in malloc (uclient-fetch-san+0x49716d)
#1 0x7f551cbb51c5 in CRYPTO_strdup (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x1841c5)
SUMMARY: AddressSanitizer: 104 byte(s) leaked in 2 allocation(s).
and Valgrind:
$ valgrind --quiet --leak-check=full uclient-fetch -q -O /dev/null 'https://expired.badssl.com/'
==1966== 104 (96 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 9
==1966== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1966== by 0x5FC4E58: CRYPTO_zalloc (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==1966== by 0x5EF712F: BIO_meth_new (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==1966== by 0x5C48039: ustream_bio_new (ustream-io-openssl.c:125)
==1966== by 0x5C48039: ustream_set_io (ustream-io-openssl.c:141)
==1966== by 0x5C47CB0: _ustream_ssl_init (ustream-ssl.c:210)
==1966== by 0x4E4117A: uclient_setup_https (uclient-http.c:914)
==1966== by 0x4E4117A: uclient_http_connect (uclient-http.c:936)
==1966== by 0x401FD9: init_request (uclient-fetch.c:333)
==1966== by 0x401E08: main (uclient-fetch.c:745)
Suggested-by: Pan Chen <serial115200@outlook.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 10 Dec 2020 10:30:02 +0000 (11:30 +0100)]
ustream-openssl: fix wolfSSL includes
Fixes following compilation errors:
ustream-io-wolfssl.c:74:2: error: implicit declaration of function 'wolfSSL_SetIORecv' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
ustream-io-wolfssl.c:75:2: error: implicit declaration of function 'wolfSSL_SetIOSend' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
ustream-io-wolfssl.c:79:2: error: implicit declaration of function 'wolfSSL_SetIOReadCtx' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
ustream-io-wolfssl.c:80:2: error: implicit declaration of function 'wolfSSL_SetIOWriteCtx' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 10 Dec 2020 11:16:01 +0000 (12:16 +0100)]
cmake: fix linking when mbed TLS not in default paths
Fixes following issue when mbed TLS libs are installed in different
paths:
/usr/bin/ld: cannot find -lmbedtls
/usr/bin/ld: cannot find -lmbedcrypto
/usr/bin/ld: cannot find -lmbedx509
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 10 Dec 2020 10:38:33 +0000 (11:38 +0100)]
cmake: fix linking when wolfSSL not in default paths
Fixes following issue when wolfSSL libs are installed in different
paths:
/usr/bin/ld: cannot find -lwolfssl
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Tue, 8 Dec 2020 15:37:42 +0000 (16:37 +0100)]
cmake: fix building out of the tree
When building out of the tree, linker is unable to find the ubox library
so fix it by using find_library CMake command.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Daniel Golle [Tue, 8 Dec 2020 22:16:55 +0000 (22:16 +0000)]
Revert "ustream-ssl: openssl: fix bio memory leak"
This reverts commit
1651a795864e7a8741cb56e7ddd2208070f2cf47.
It doesn't actually compile.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Pan Chen [Mon, 2 Nov 2020 01:53:28 +0000 (09:53 +0800)]
ustream-ssl: openssl: fix bio memory leak
free memory of bio method when ustream be freed
Signed-off-by: Pan Chen <serial115200@outlook.com>
Jo-Philipp Wich [Fri, 13 Mar 2020 09:37:06 +0000 (10:37 +0100)]
ustream-openssl: clear error stack before SSL_read/SSL_write
The OpenSSL library uses a global error queue per thread which needs to
be cleared prior to calling I/O functions in order to get reliable error
results.
Failure to do so will lead to stray errors reported by SSL_get_error()
when an unrelated connection within the same thread encountered a TLS
error since the last SSL_read() or SSL_write() on the current connection.
This issue was frequently triggered by Google Chrome which usually
initiates simultaneous TLS connections (presumably for protocol support
probing) and subsequently closes most of them with a "certificate unknown"
TLS error, causing the next SSL_get_error() to report an SSL library error
instead of the expected SSL_WANT_READ or SSL_WANT_WRITE error states.
Solve this issue by invoking ERR_clear_error() prior to invoking SSL_read()
or SSL_write() to ensure that the subsequent SSL_get_error() returns
current valid results.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sat, 15 Feb 2020 20:25:26 +0000 (21:25 +0100)]
add support for specifying usable ciphers
Implement a new ustream_ssl_ops.context_set_ciphers() function which allows
to specify the usable ciphers for TLS context which is useful to restrict
the accepted cipher subset especially for ustream-ssl server applications.
For the OpenSSL backend, the given cipher string is passed as-is to the
SSL_CTX_set_cipher_list().
For mbedTLS, the given string is split on colons and each item of the list
is resolved through mbedtls_ssl_get_ciphersuite_id() to construct a numeric
list of allowed ciphers.
Note that OpenSSL and mbedTLS use different names for their ciphers but both
implementations simply ignore unknown names, so it is possible to specify
cipherstrings which are applicable to either library, e.g. `-ALL:ECDHE-
ECDSA-AES128-GCM-SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256` would
enable ChaCha20/Poly1305 in both OpenSSL and mbedTLS.
Another crucial difference between the libraries is that the cipherstring
in mbedTLS is effectively a whitelist of allowed ciphers while, without
additional syntax elements, OpenSSL's cipherstring merely appends ciphers
to the default selection.
Ref: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html
Ref: https://tls.mbed.org/api/ssl_8h.html#
a9914cdf5533e813e1ea7ca52981aa006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Danzberger [Sun, 8 Dec 2019 20:14:08 +0000 (21:14 +0100)]
ustream-ssl: mbedtls: fix ssl client verification
The ustream_ssl_update_own_cert() function should, like the name suggests, only
update the local ssl peer's own certificate and not the any of the CA's.
By overwriting the CA's certifcates when setting the own certificate, the code
broke SSL client verification.
This bug was only triggerd when:
ustream_ssl_context_set_crt_file()
was called after
ustream_ssl_context_add_ca_crt_file()
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Daniel Danzberger [Sun, 8 Dec 2019 16:14:18 +0000 (17:14 +0100)]
ustream-ssl: mbedtls: fix net_sockets.h include warning
mbedtls/net.h is deprecated in favor of mbedtls/net_sockets.h
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Jo-Philipp Wich [Wed, 11 Sep 2019 19:09:59 +0000 (21:09 +0200)]
ustream-ssl: skip writing pending data if .eof is true after connect
Check the .eof member of the underlying ustream after the call to
__ustream_ssl_connect() since existing users of the library appear
to set the eof flag as a way to signal connection termination upon
failing certificate verification.
This is a stop-gap measure to address TALOS-2019-0893 but a proper
API redesign is required to give applications proper control over
whether certificate failures are to be ignored or not and the default
implementation without custom callbacks should always terminate on
verification failures.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Eneas U de Queiroz [Tue, 29 Oct 2019 21:24:16 +0000 (18:24 -0300)]
wolfssl: adjust to new API in v4.2.0
WolfSSL has recently added many openssl 1.1+ calls, including
TLS_server_method & TLS_client_method, which were being redefined,
causing compilation failure:
ustream-openssl.c:113:0: error: "TLS_server_method" redefined [-Werror]
ustream-openssl.c:114:0: error: "TLS_client_method" redefined [-Werror]
Only define the symbols if not previously defined.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Thu, 19 Sep 2019 13:13:01 +0000 (10:13 -0300)]
Update example certificate & key, fix typo
The current crypto libraries will fail to load small RSA keys, so a new
certificate was generated with a 2048-bit RSA key.
Also fixed a typo in ustream-example-client.c
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Thu, 19 Sep 2019 02:18:03 +0000 (23:18 -0300)]
wolfssl: enable CN validation
WolfSSL added a wolfSSL_X509_check_host function to perform CN
validation in v3.10.4, depending on the build-time configure options:
--enable-nginx enables it for all supported versions;
--enable-opensslextra, since v3.14.2.
If the function is unavailable, then SSL_get_verify_result will be
called, and 'valid_cert' will be true if that call suceeds and we
have a peer certificate, just as it happens with openssl. Only
'valid_cn' will not be set.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Thu, 19 Sep 2019 02:18:02 +0000 (23:18 -0300)]
ustream-io-cyassl.c: fix client-mode connections
Starting in v3.13.2, wolfSSL stores the BIO send and recv callbacks
in the SSL struct. When the SSL session is created, it inherits the
calls from the SSL_CTX, but they do not get updated when the SSL_CTX
callbacks are changed.
Currently, ustream-ssl sets the callbacks after the SSL session is
created, causing failures. Client apps, such as uclient-fetch fail
immediately to connect to https URLs with a 'Connection failed' error
message. uhttpd seems unaffected.
New calls to set them directly to the SSL struct were added in 4.1.0, so
we can use them, with a check in CMakeLists.txt to detect their
presence. Otherwise, another call to ustream_set_io is done before
creating the SSL session to properly set the callbacks.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Thu, 19 Sep 2019 02:18:01 +0000 (23:18 -0300)]
Remove CyaSSL, WolfSSL < 3.10.4 support
This updates the CyaSSL names to wolfSSL, and removes obsolete code to
support old versions of the library < v3.10.4.
Some #include statements were moved around, so that wolfssl/options.h is
loaded before any other wolfssl/openssl header.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Mon, 5 Aug 2019 20:07:48 +0000 (17:07 -0300)]
Revise supported ciphersuites
CBC ciphersuites have been under scrutiny because of the many padding
oracle vulnerabilities that keep popping up; it seems that we won't be
able to patch up the inherent wakness of MAC-then-encrypt forever. They
have been blacklisted by HTTP/2, and recently dropped from Mozilla's
Security/Serverside TLS intermediate compatibility list:
https://wiki.mozilla.org/Security/Server_Side_TLS
This commit removes ECDSA-CBC ciphersuites. Basically, you can choose a
level of ciphersuite security, using the private-key type as a switch:
For RSA keys, CBC and RSA-key exchange ciphers will be enabled--mostly
matching Mozilla's Old backward compatibility list.
If you use an EC private key, then only ephemeral-key, authenticated
ciphers will be used, along the lines of what Mozilla's Intermediate
compatibility list prescribes.
The order does not match Mozilla's list 100% because in most embedded
systems, the server is going to be the least-capable machine. So,
chacha20-poly1305 is moved ahead of AES, and the cipher preference is
always given to the server. Also, DHE ciphers are not used for server.
The client list had the order changed to prioritize authenticated
ciphers, so DHE-chacha and DHE-GCM were moved ahead of ECDHE-CBC.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Mon, 5 Aug 2019 20:07:47 +0000 (17:07 -0300)]
wolfssl, openssl: use TLS 1.3, set ciphersuites
For wolfssl, instead of hard-coding TLS 1.2, use generic method and
disable older protocols, adding the necessary ciphersuites.
Openssl already had TLS 1.3 compatiblity, but its ciphersuite ordering
needs a separate call, so this sets the ciphersuite preference when
using TLS 1.3.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Wed, 1 Aug 2018 13:59:13 +0000 (10:59 -0300)]
ustream-ssl: mbedtls: use chacha-poly ciphersuites
These ciphersuites were added in mbedtls v2.12.0,
so we may add them to the ustream-ssl ciphersuite list.
They were already part of the list for openssl and wolfssl.
Chacha20-Poly1305 is a 256-bit cipher with AEAD, much faster than AES on
CPUs without special AES instructions (the case for most embedded
chips).
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Eneas U de Queiroz via openwrt-devel [Fri, 27 Jul 2018 19:11:36 +0000 (19:11 +0000)]
openssl, wolfssl: match mbedTLS ciphersuite list
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Use the same ciphersuite list as mbedTLS.
wolfssl was not honoring setting the minimum protocol with
SSL_CTX_set_options, so we must use TLSv1_2_server_method.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Eneas U de Queiroz via openwrt-devel [Sat, 16 Jun 2018 04:04:52 +0000 (04:04 +0000)]
ustream-ssl: Revised security on mbedtls
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
I've revised the security options, and made them more uniform across the
ssl libraries.
- use only TLS 1.2 in server mode
- changed the ciphersuite ordering
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Eneas U de Queiroz via openwrt-devel [Sat, 16 Jun 2018 04:05:14 +0000 (04:05 +0000)]
ustream-ssl: add openssl-1.1.0 compatibility
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Patch to compile ustream-ssl with openssl-1.1.0, maintaining
compatibility with openssl 1.0.2.
Fixed flag handling in ustream-io-openssl.c.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Daniel Golle [Thu, 24 May 2018 16:44:27 +0000 (18:44 +0200)]
don't use SSL_CTX_set_ecdh_auto with wolfSSL
SSL_CTX_set_ecdh_auto() isn't support by wolfSSL (yet).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hauke Mehrtens [Mon, 21 May 2018 12:05:50 +0000 (14:05 +0200)]
mbedtls: Fix setting allowed cipher suites
The cipher suites should be set after the default settings are done,
otherwise the settings will be overwritten with the defaults later on
again.
Also make the list of supported cipher suites match what Chrome tries to
use.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 21 May 2018 12:02:44 +0000 (14:02 +0200)]
mbedtls: Add support for a session cache
This allows the client to reuse the settings from a previous session and
no full key exchange is needed.
The partially key exchange takes less than 0.1 seconds compared to over
a second needed for a full key exchange.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rosen Penev [Sun, 1 Apr 2018 01:37:29 +0000 (18:37 -0700)]
ustream-ssl: Remove RC4 from ciphersuite in server mode.
SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the grade to B.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 1 Apr 2018 01:37:28 +0000 (18:37 -0700)]
ustream-ssl: Enable ECDHE with OpenSSL.
When used with LuCI, SSLlabs complains that Forward Secrecy is not enabled and thus caps the score to a B.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Felix Fietkau [Mon, 9 Jan 2017 13:38:12 +0000 (14:38 +0100)]
remove polarssl support
polarssl (aka mbedTLS 1.3) has been EOL since end of 2016
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Florian Fainelli [Fri, 1 Jul 2016 23:04:51 +0000 (16:04 -0700)]
cmake: Find libubox/ustream.h header file
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for
libubox/ustream-ssl.h. Some external toolchains which do not include
standard locations would fail to find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Karl Palsson [Mon, 6 Jun 2016 15:49:22 +0000 (15:49 +0000)]
ustream-ssl: cyassl compatibility with build time options
Adds a HAVE_CYASSL definition to be consistent with polar/mbedtls.
Uses that definition to include the wolfssl build time options.
This enables the correct pullin of the "remainder" of the wolfssl openssl
compatibility options, if they were enabled in the build of wolfssl in the
first place.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Felix Fietkau [Sun, 21 Feb 2016 20:28:58 +0000 (21:28 +0100)]
openssl: keep compatibility with older TLS/SSL protocols
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sun, 21 Feb 2016 08:10:46 +0000 (09:10 +0100)]
openssl: force TLS v1.2 instead of v1
Fixes some connection issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 26 Jan 2016 00:06:12 +0000 (01:06 +0100)]
openssl: use 1.0.2 openssl API for host name validation
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 23 Jan 2016 18:37:57 +0000 (19:37 +0100)]
polarssl: fix handling SSL close notification
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 23 Jan 2016 18:37:13 +0000 (19:37 +0100)]
mbedtls: fix handling SSL close notification
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 19 Jan 2016 22:33:01 +0000 (23:33 +0100)]
mbedtls: sync with polarssl ciphersuite changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 19 Jan 2016 22:30:38 +0000 (23:30 +0100)]
polarssl: enable DHE in default client ciphersuite
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Fri, 15 Jan 2016 23:04:45 +0000 (00:04 +0100)]
polarssl: init certificate storage
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Fri, 15 Jan 2016 23:04:12 +0000 (00:04 +0100)]
polarssl: fix memory leak
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Fri, 15 Jan 2016 19:42:25 +0000 (20:42 +0100)]
add mbedtls variant
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Fri, 15 Jan 2016 17:29:31 +0000 (18:29 +0100)]
polarssl: remove support for version 1.2
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Fri, 15 Jan 2016 17:09:42 +0000 (18:09 +0100)]
polarssl: disable RC4 support (for security reasons)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Alexander Couzens [Thu, 6 Aug 2015 11:01:34 +0000 (13:01 +0200)]
ustream-ssl: make ustream_ssl.server_name const
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Jo-Philipp Wich [Tue, 9 Jun 2015 16:50:08 +0000 (18:50 +0200)]
polarssl: add mising string include
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Luka Perkov [Sat, 11 Apr 2015 21:43:03 +0000 (23:43 +0200)]
polarssl: fix long writes
Enable to write more data then defined in SSL_MAX_CONTENT_LEN.
Signed-off-by: Luka Perkov <luka@openwrt.org>
Felix Fietkau [Mon, 30 Mar 2015 12:55:47 +0000 (14:55 +0200)]
polarssl: fix return code of entropy function
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Yousong Zhou [Tue, 11 Nov 2014 10:34:01 +0000 (18:34 +0800)]
cmake: Do not hardcode /opt/local/include for Apple.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Tue, 11 Nov 2014 10:33:59 +0000 (18:33 +0800)]
examples: add .notify_write callback.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Christoph Ziebuhr [Mon, 1 Dec 2014 13:41:36 +0000 (14:41 +0100)]
Add support for Server Name Indication
Signed-off-by: Christoph Ziebuhr <chris@codefrickler.de>
Christoph Ziebuhr [Mon, 1 Dec 2014 13:41:35 +0000 (14:41 +0100)]
openssl: Fix host_pattern_match
Signed-off-by: Christoph Ziebuhr <chris@codefrickler.de>
Christoph Ziebuhr [Mon, 1 Dec 2014 13:41:34 +0000 (14:41 +0100)]
Fix ustream_ssl_poll
Signed-off-by: Christoph Ziebuhr <chris@codefrickler.de>
Felix Fietkau [Thu, 3 Apr 2014 21:15:04 +0000 (23:15 +0200)]
openssl: set quiet shutdown flag to ensure that shutdown always succeeds
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Thu, 3 Apr 2014 21:14:05 +0000 (23:14 +0200)]
openssl: un-inline ustream_ssl_session_free
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Thu, 3 Apr 2014 14:57:38 +0000 (16:57 +0200)]
openssl: fix subjectAltNames leak
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)]
openssl: free peer certificate after validating it
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 25 Mar 2014 15:03:44 +0000 (16:03 +0100)]
add missing include files
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 25 Mar 2014 15:03:27 +0000 (16:03 +0100)]
openssl: disable host CN checks for cyassl (TODO)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 25 Mar 2014 09:14:14 +0000 (10:14 +0100)]
polarssl: check us->notify_verify_error for NULL before calling it
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 25 Mar 2014 08:45:28 +0000 (09:45 +0100)]
ustream-example-client: fix usage information
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 25 Mar 2014 08:02:39 +0000 (09:02 +0100)]
implement certificate validation (including CN verification)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Fri, 21 Mar 2014 23:39:02 +0000 (00:39 +0100)]
fix CyaSSL build
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Mon, 17 Mar 2014 22:21:53 +0000 (23:21 +0100)]
Write pending data after connecting
fixes issues with incoming writes before the ssl negotiation is complete
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 15 Mar 2014 15:16:24 +0000 (16:16 +0100)]
add client example code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 15 Mar 2014 15:01:06 +0000 (16:01 +0100)]
polarssl: enable client side ssl verification if a certificate was loaded
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 15 Mar 2014 13:23:49 +0000 (14:23 +0100)]
give the main context a type instead of making it void *
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 15 Mar 2014 12:59:07 +0000 (13:59 +0100)]
ustream-ssl: always check connection at the beginning of a session
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 15 Mar 2014 12:29:28 +0000 (13:29 +0100)]
ustream-server-example: close connection on error
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 15 Mar 2014 12:26:32 +0000 (13:26 +0100)]
example: rename to ustream-example-server
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 15 Mar 2014 12:19:01 +0000 (13:19 +0100)]
polarssl: fix error check on write
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Fri, 14 Mar 2014 13:20:59 +0000 (14:20 +0100)]
polarssl: add support for version 1.3
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Jo-Philipp Wich [Wed, 30 Oct 2013 12:53:45 +0000 (13:53 +0100)]
Add version detection of CyaSSL and make the cyassl backend compatible with both legacy and current CyaSSL versions
Felix Fietkau [Wed, 25 Sep 2013 07:06:36 +0000 (09:06 +0200)]
avoid installing internal header files
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
projects / project / ustream-ssl.git / log