Switch to BearSSL

[michaelforney]

We should try to use BearSSL whenever possible.

To do:

• nginx
  OpenSSL code is mostly contained in one file. It seems possible, but difficult to port to libtls.
• python
  Used by hashlib and ssl modules. hashlib has already ported. _ssl.c is over 6000 lines, though possibly could be ported to libtls.

Done:

• catgirl
  Using libtls-bearssl.
• curl
  Upstream in 7.68.0.
• ffmpeg
  Using libtls-bearssl.
• hostap
  Patched to use BearSSL digests and HMAC.
• libfido2
  Ported to use BearSSL crypto. EdDSA is disabled for now until BearSSL has an implementation.
• msmtp
  libtls support added upstream by @noocsharp.
• openntpd
  Using libtls-bearssl.
• openssh
  Ported to BearSSL (mostly). DH key exchange methods are not yet implemented.
• pounce
  Using libtls-bearssl.
• rsync
  Added an MD4 fallback.
• tinyemu
  Patched to use BearSSL HMAC-SHA256 and AES-CBC.
• transmission
  Patched to use BearSSL SHA1 and PRNG. Added an RC4 fallback.
• acme-client
  Using libtls-bearssl, libx509cert, and BearSSL.

[noocsharp]

If there's still interest, I have ported msmtp to libtls, and have been using it for a few days without any problems. I did not implement fingerprint based certificate verification (although it is possible, at least with SHA256), as it is deprecated and due to be removed in the next major version anyway.
Support won't make it way upstream any time soon, but my branch is available here: https://git.nihaljere.xyz/msmtp/log.html

[michaelforney]

If there's still interest, I have ported msmtp to libtls, and have been using it for a few days without any problems.

That's great!

I did not implement fingerprint based certificate verification (although it is possible, at least with SHA256), as it is deprecated and due to be removed in the next major version anyway.

Do you have a reference for that? I can see that SHA1 fingerprint is deprecated, but I don't see anything about SHA256.

Support won't make it way upstream any time soon, but my branch is available here: https://git.nihaljere.xyz/msmtp/log.html

I will take a look, thanks. On first glance it looks like good work.

[michaelforney]

memcpy(&tci->sha256_fingerprint, sha256_fingerprint, 32);

I don't think this is quite right. According to https://man.openbsd.org/tls_conn_version.3, the format of tls_peer_cert_hash is a string SHA256:hex-fingerprint. So I think we just need to verify the prefix, and then decode the hex string into binary.

[noocsharp]

I did not implement fingerprint based certificate verification (although it is possible, at least with SHA256), as it is deprecated and due to be removed in the next major version anyway.

Do you have a reference for that? I can see that SHA1 fingerprint is deprecated, but I don't see anything about SHA256.

There is a comment near the beginning of tlsw_check_cert that implies so. I sent an email to the Martin Lambers (the maintainer) for clarification, and you are right, only SHA1 is deprecated. I'll try to implement fingeprint verification sometime soon.

memcpy(&tci->sha256_fingerprint, sha256_fingerprint, 32);

I don't think this is quite right. According to https://man.openbsd.org/tls_conn_version.3, the format of tls_peer_cert_hash is a string SHA256:hex-fingerprint. So I think we just need to verify the prefix, and then decode the hex string into binary.

I totally missed this, thanks for pointing it out.

[noocsharp]

Sorry for the delay in responding, but I have fixed the issue above (and a number of other ones), and libtls support is now present upstream.

[michaelforney]

Thanks so much for submitting this upstream. I just updated the msmtp version to latest git with libtls-bearssl and it seems to be working well.

Only three left to go!

[shua]

I've banged out a proof of concept integration of libtls for nginx at https://github.com/shua/nginx/tree/tls . Is there still interest in this? Currently the code is very much a hacky addon, but I could spend more time on it to make it fit a little better and maybe upstream would accept 🤷

[tsklxiv]

Not related to this but what is the catgirl library? Have never heard of it before.

[thanhminhmr]

It is an IRC client.