httpd

Christos Zoulas Sat, 12 Dec 2015 13:45:01 -0800

Module Name:    src
Committed By:   christos
Date:           Sat Dec 12 16:57:53 UTC 2015


Modified Files:
        src/libexec/httpd: bozohttpd.8 bozohttpd.h main.c ssl-bozo.c

Log Message:
- restrict the default list of ciphers to something more secure
- restrict ssl options
>From Travis Paul


To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.38 -r1.39 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.10 -r1.11 src/libexec/httpd/main.c
cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.56 src/libexec/httpd/bozohttpd.8:1.57
--- src/libexec/httpd/bozohttpd.8:1.56	Sun Nov 29 10:58:07 2015
+++ src/libexec/httpd/bozohttpd.8	Sat Dec 12 11:57:53 2015
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.56 2015/11/29 15:58:07 kamil Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.57 2015/12/12 16:57:53 christos Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 29, 2015
+.Dd December 12, 2015
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -49,6 +49,7 @@
 .Op Fl t Ar chrootdir
 .Op Fl v Ar virtualroot
 .Op Fl x Ar index
+.Op Fl z Ar ciphers
 .Ar slashdir
 .Op Ar myname
 .Sh DESCRIPTION
@@ -303,6 +304,9 @@ Changes the default file read for direct
 .Dq index.html
 to
 .Ar index .
+.It Fl z Ar ciphers
+Sets the list of SSL ciphers (see
+.Xr SSL_CTX_set_cipher_list 3 ) .
 .It Fl Z Ar certificate_path privatekey_path
 Sets the path to the server certificate file and the private key file
 in pem format.
@@ -425,7 +429,7 @@ It may require linking with the crypt li
 .Dq -lcrypt .
 .Ss SSL SUPPORT
 .Nm
-has support for SSLv2, SSLv3, and TLSv1 protocols that is included by
+has support for TLSv1.1 and TLSv1.2 protocols that are included by
 default.
 It requires linking with the crypto and ssl library, using
 .Dq -lcrypto -lssl .

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.38 src/libexec/httpd/bozohttpd.h:1.39
--- src/libexec/httpd/bozohttpd.h:1.38	Wed Oct 28 05:20:15 2015
+++ src/libexec/httpd/bozohttpd.h	Sat Dec 12 11:57:53 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.38 2015/10/28 09:20:15 shm Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.39 2015/12/12 16:57:53 christos Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -238,14 +238,18 @@ void	*bozomalloc(bozohttpd_t *, size_t);
 void	*bozorealloc(bozohttpd_t *, void *, size_t);
 char	*bozostrdup(bozohttpd_t *, const char *);
 
+#define bozo_noop	do { /* nothing */ } while (/*CONSTCOND*/0)
+
 /* ssl-bozo.c */
 #ifdef NO_SSL_SUPPORT
-#define bozo_ssl_set_opts(w, x, y)	do { /* nothing */ } while (0)
-#define bozo_ssl_init(x)		do { /* nothing */ } while (0)
+#define bozo_ssl_set_opts(w, x, y)	bozo_noop
+#define bozo_ssl_set_ciphers(w, x, y)	bozo_noop
+#define bozo_ssl_init(x)		bozo_noop
 #define bozo_ssl_accept(x)		(0)
-#define bozo_ssl_destroy(x)		do { /* nothing */ } while (0)
+#define bozo_ssl_destroy(x)		bozo_noop
 #else
 void	bozo_ssl_set_opts(bozohttpd_t *, const char *, const char *);
+void	bozo_ssl_set_ciphers(bozohttpd_t *, const char *);
 void	bozo_ssl_init(bozohttpd_t *);
 int	bozo_ssl_accept(bozohttpd_t *);
 void	bozo_ssl_destroy(bozohttpd_t *);
@@ -263,13 +267,13 @@ void	bozo_auth_check_401(bozo_httpreq_t 
 void	bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***);
 int	bozo_auth_cgi_count(bozo_httpreq_t *);
 #else
-#define	bozo_auth_init(x)			do { /* nothing */ } while (0)
+#define	bozo_auth_init(x)			bozo_noop
 #define	bozo_auth_check(x, y)			0
-#define	bozo_auth_cleanup(x)			do { /* nothing */ } while (0)
+#define	bozo_auth_cleanup(x)			bozo_noop
 #define	bozo_auth_check_headers(y, z, a, b)	0
 #define	bozo_auth_check_special_files(x, y)	0
-#define	bozo_auth_check_401(x, y)		do { /* nothing */ } while (0)
-#define	bozo_auth_cgi_setenv(x, y)		do { /* nothing */ } while (0)
+#define	bozo_auth_check_401(x, y)		bozo_noop
+#define	bozo_auth_cgi_setenv(x, y)		bozo_noop
 #define	bozo_auth_cgi_count(x)			0
 #endif /* DO_HTPASSWD */
 
@@ -296,9 +300,9 @@ int	bozo_process_lua(bozo_httpreq_t *);
 
 /* daemon-bozo.c */
 #ifdef NO_DAEMON_MODE
-#define bozo_daemon_init(x)				do { /* nothing */ } while (0)
+#define bozo_daemon_init(x)				bozo_noop
 #define bozo_daemon_fork(x)				0
-#define bozo_daemon_closefds(x)				do { /* nothing */ } while (0)
+#define bozo_daemon_closefds(x)				bozo_noop
 #else
 void	bozo_daemon_init(bozohttpd_t *);
 int	bozo_daemon_fork(bozohttpd_t *);

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.10 src/libexec/httpd/main.c:1.11
--- src/libexec/httpd/main.c:1.10	Sun Nov 29 10:26:10 2015
+++ src/libexec/httpd/main.c	Sat Dec 12 11:57:53 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.10 2015/11/29 15:26:10 kamil Exp $	*/
+/*	$NetBSD: main.c,v 1.11 2015/12/12 16:57:53 christos Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
@@ -112,6 +112,8 @@ usage(bozohttpd_t *httpd, char *progname
 		"   -x index\t\tchange default `index.html' file name");
 #ifndef NO_SSL_SUPPORT
 	bozo_warn(httpd,
+		"   -z ciphers\t\tspecify SSL ciphers");
+	bozo_warn(httpd,
 		"   -Z cert privkey\tspecify path to server certificate"
 			" and private key file\n"
 		"\t\t\tin pem format and enable bozohttpd in SSL mode");
@@ -145,7 +147,7 @@ main(int argc, char **argv)
 	 */
 
 	while ((c = getopt(argc, argv,
-	    "C:EHI:L:M:P:S:U:VXZ:bc:defhi:np:st:uv:x:")) != -1) {
+	    "C:EHI:L:M:P:S:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
 		switch (c) {
 
 		case 'L':
@@ -198,6 +200,16 @@ main(int argc, char **argv)
 			bozo_ssl_set_opts(&httpd, optarg, argv[optind++]);
 			break;
 #endif /* NO_SSL_SUPPORT */
+
+		case 'z':
+#ifdef NO_SSL_SUPPORT
+			bozo_err(&httpd, 1, "ssl support is not enabled");
+			/* NOT REACHED */
+#else
+			bozo_ssl_set_ciphers(&httpd, optarg);
+			break;
+#endif /* NO_SSL_SUPPORT */
+
 		case 'U':
 			bozo_set_pref(&prefs, "username", optarg);
 			break;

Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.18 src/libexec/httpd/ssl-bozo.c:1.19
--- src/libexec/httpd/ssl-bozo.c:1.18	Thu Jul 17 02:27:52 2014
+++ src/libexec/httpd/ssl-bozo.c	Sat Dec 12 11:57:53 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssl-bozo.c,v 1.18 2014/07/17 06:27:52 mrg Exp $	*/
+/*	$NetBSD: ssl-bozo.c,v 1.19 2015/12/12 16:57:53 christos Exp $	*/
 
 /*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -48,6 +48,25 @@
 #define USE_ARG(x)	/*LINTED*/(void)&(x)
 #endif
 
+#ifndef BOZO_SSL_CIPHERS
+#define BOZO_SSL_CIPHERS 					\
+	"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:"		\
+	"AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:"		\
+	"AES:"							\
+	"-SHA:"							\
+	"!aNULL:!eNULL:"					\
+	"!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:"			\
+	"!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:"		\
+	"!KRB5-DES-CBC3-SHA"
+#endif
+
+#ifndef BOZO_SSL_OPTIONS
+#define BOZO_SSL_OPTIONS					\
+	(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1)
+#endif
+
+  /* this structure encapsulates the ssl info */
+
 /* this structure encapsulates the ssl info */
 typedef struct sslinfo_t {
 	SSL_CTX			*ssl_context;
@@ -55,6 +74,7 @@ typedef struct sslinfo_t {
 	SSL			*bozossl;
 	char			*certificate_file;
 	char			*privatekey_file;
+	char			*ciphers;
 } sslinfo_t;
 
 /*
@@ -187,6 +207,7 @@ void
 bozo_ssl_init(bozohttpd_t *httpd)
 {
 	sslinfo_t *sslinfo = httpd->sslinfo;
+	long options;
 
 	if (sslinfo == NULL || !sslinfo->certificate_file)
 		return;
@@ -200,6 +221,18 @@ bozo_ssl_init(bozohttpd_t *httpd)
 		bozo_ssl_err(httpd, EXIT_FAILURE,
 		    "SSL context creation failed");
 
+	options = SSL_CTX_set_options(sslinfo->ssl_context,
+	    BOZO_SSL_OPTIONS);
+	if ((options & BOZO_SSL_OPTIONS) != BOZO_SSL_OPTIONS)
+		bozo_ssl_err(httpd, EXIT_FAILURE,
+		    "Error setting ssl options requested %#lx, got %#lx",
+		    BOZO_SSL_OPTIONS, options);
+
+	if (!SSL_CTX_set_cipher_list(sslinfo->ssl_context,
+	    sslinfo->ciphers ? sslinfo->ciphers : BOZO_SSL_CIPHERS))
+		bozo_ssl_err(httpd, EXIT_FAILURE,
+		    "Error setting cipher list '%s'", sslinfo->ciphers);
+
 	if (1 != SSL_CTX_use_certificate_chain_file(sslinfo->ssl_context,
 	    sslinfo->certificate_file))
 		bozo_ssl_err(httpd, EXIT_FAILURE,
@@ -251,24 +284,40 @@ bozo_ssl_destroy(bozohttpd_t *httpd)
 		SSL_free(sslinfo->bozossl);
 }
 
+static sslinfo_t *
+bozo_get_sslinfo(bozohttpd_t *httpd)
+{
+	sslinfo_t *sslinfo;
+	if (httpd->sslinfo)
+		return httpd->sslinfo;
+	sslinfo = bozomalloc(httpd, sizeof(*sslinfo));
+	if (sslinfo == NULL)
+		bozo_err(httpd, 1, "sslinfo allocation failed");
+	memset(sslinfo, 0, sizeof(*sslinfo));
+	return httpd->sslinfo = sslinfo;
+}
+
 void
 bozo_ssl_set_opts(bozohttpd_t *httpd, const char *cert, const char *priv)
 {
-	sslinfo_t *sslinfo = httpd->sslinfo;
+	sslinfo_t *sslinfo = bozo_get_sslinfo(httpd);
 
-	if (sslinfo == NULL) {
-		sslinfo = bozomalloc(httpd, sizeof(*sslinfo));
-		if (sslinfo == NULL)
-			bozo_err(httpd, 1, "sslinfo allocation failed");
-		httpd->sslinfo = sslinfo;
-	}
-	sslinfo->certificate_file = strdup(cert);
-	sslinfo->privatekey_file = strdup(priv);
+	sslinfo->certificate_file = bozostrdup(httpd, cert);
+	sslinfo->privatekey_file = bozostrdup(httpd, priv);
 	debug((httpd, DEBUG_NORMAL, "using cert/priv files: %s & %s",
-		sslinfo->certificate_file,
-		sslinfo->privatekey_file));
+	    sslinfo->certificate_file,
+	    sslinfo->privatekey_file));
 	if (!httpd->bindport)
-		httpd->bindport = strdup("https");
+		httpd->bindport = bozostrdup(httpd, "https");
+}
+
+void
+bozo_ssl_set_ciphers(bozohttpd_t *httpd, const char *ciphers)
+{
+	sslinfo_t *sslinfo = bozo_get_sslinfo(httpd);
+
+	sslinfo->ciphers = bozostrdup(httpd, ciphers);
+	debug((httpd, DEBUG_NORMAL, "using ciphers: %s", sslinfo->ciphers));
 }
 
 #endif /* NO_SSL_SUPPORT */

CVS commit: src/libexec/httpd

Reply via email to