blob: 9aa101b2ba090e609e6fc9bad24da17475d0a8fe [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020042#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020043#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020044#include <openssl/x509.h>
45#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020046#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010047#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020048#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010049#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020050#include <openssl/ocsp.h>
51#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020052#ifndef OPENSSL_NO_DH
53#include <openssl/dh.h>
54#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020055#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000056#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020057#endif
Emeric Brun46591952012-05-18 15:47:34 +020058
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020059#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000060#include <openssl/async.h>
61#endif
62
Christopher Faulet31af49d2015-06-09 17:29:50 +020063#include <import/lru.h>
64#include <import/xxhash.h>
65
Emeric Brun46591952012-05-18 15:47:34 +020066#include <common/buffer.h>
67#include <common/compat.h>
68#include <common/config.h>
69#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020070#include <common/errors.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <common/standard.h>
72#include <common/ticks.h>
73#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010074#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010075#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020076
Emeric Brunfc0421f2012-09-07 17:30:07 +020077#include <ebsttree.h>
78
William Lallemand32af2032016-10-29 18:09:35 +020079#include <types/applet.h>
80#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020081#include <types/global.h>
82#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020083#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020084
Willy Tarreau7875d092012-09-10 08:20:03 +020085#include <proto/acl.h>
86#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020087#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020089#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020090#include <proto/fd.h>
91#include <proto/freq_ctr.h>
92#include <proto/frontend.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020093#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020094#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010095#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020096#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020097#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020098#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020099#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200100#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200101#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200102#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200103#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200104#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200105#include <proto/task.h>
106
Willy Tarreau518cedd2014-02-17 15:43:01 +0100107/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200108#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100109#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100110#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200111#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
112
Emeric Brunf282a812012-09-21 15:27:54 +0200113/* bits 0xFFFF0000 are reserved to store verify errors */
114
115/* Verify errors macros */
116#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
117#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
118#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
119
120#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
121#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
122#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200123
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100124/* Supported hash function for TLS tickets */
125#ifdef OPENSSL_NO_SHA256
126#define HASH_FUNCT EVP_sha1
127#else
128#define HASH_FUNCT EVP_sha256
129#endif /* OPENSSL_NO_SHA256 */
130
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200131/* ssl_methods flags for ssl options */
132#define MC_SSL_O_ALL 0x0000
133#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
134#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
135#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
136#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200137#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200138
139/* ssl_methods versions */
140enum {
141 CONF_TLSV_NONE = 0,
142 CONF_TLSV_MIN = 1,
143 CONF_SSLV3 = 1,
144 CONF_TLSV10 = 2,
145 CONF_TLSV11 = 3,
146 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200147 CONF_TLSV13 = 5,
148 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200149};
150
Emeric Brun850efd52014-01-29 12:24:34 +0100151/* server and bind verify method, it uses a global value as default */
152enum {
153 SSL_SOCK_VERIFY_DEFAULT = 0,
154 SSL_SOCK_VERIFY_REQUIRED = 1,
155 SSL_SOCK_VERIFY_OPTIONAL = 2,
156 SSL_SOCK_VERIFY_NONE = 3,
157};
158
William Lallemand3f85c9a2017-10-09 16:30:50 +0200159
Willy Tarreau71b734c2014-01-28 15:19:44 +0100160int sslconns = 0;
161int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100162static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100163int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200164
Willy Tarreauef934602016-12-22 23:12:01 +0100165static struct {
166 char *crt_base; /* base directory path for certificates */
167 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000168 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100169
170 char *listen_default_ciphers;
171 char *connect_default_ciphers;
172 int listen_default_ssloptions;
173 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200174 struct tls_version_filter listen_default_sslmethods;
175 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100176
177 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
178 unsigned int life_time; /* SSL session lifetime in seconds */
179 unsigned int max_record; /* SSL max record size */
180 unsigned int default_dh_param; /* SSL maximum DH parameter size */
181 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100182 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100183} global_ssl = {
184#ifdef LISTEN_DEFAULT_CIPHERS
185 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
186#endif
187#ifdef CONNECT_DEFAULT_CIPHERS
188 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
189#endif
190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Emeric Brun821bb9b2017-06-15 16:37:39 +0200208#ifdef USE_THREAD
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100209
Emeric Brun821bb9b2017-06-15 16:37:39 +0200210static HA_RWLOCK_T *ssl_rwlocks;
211
212
213unsigned long ssl_id_function(void)
214{
215 return (unsigned long)tid;
216}
217
218void ssl_locking_function(int mode, int n, const char * file, int line)
219{
220 if (mode & CRYPTO_LOCK) {
221 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100222 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200223 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100224 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200225 }
226 else {
227 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100228 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200229 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100230 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200231 }
232}
233
234static int ssl_locking_init(void)
235{
236 int i;
237
238 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
239 if (!ssl_rwlocks)
240 return -1;
241
242 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100243 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200244
245 CRYPTO_set_id_callback(ssl_id_function);
246 CRYPTO_set_locking_callback(ssl_locking_function);
247
248 return 0;
249}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100250
Emeric Brun821bb9b2017-06-15 16:37:39 +0200251#endif
252
253
254
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100255/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100256struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100257 unsigned long long int xxh64;
258 unsigned char ciphersuite_len;
259 char ciphersuite[0];
260};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100261struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100262static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200263static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100264
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100265static int ssl_pkey_info_index = -1;
266
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200267#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
268struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
269#endif
270
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200271#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000272static unsigned int openssl_engines_initialized;
273struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
274struct ssl_engine_list {
275 struct list list;
276 ENGINE *e;
277};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200278#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000279
Remi Gacogne8de54152014-07-15 11:36:40 +0200280#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200281static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200282static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200283static DH *local_dh_1024 = NULL;
284static DH *local_dh_2048 = NULL;
285static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100286static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200287#endif /* OPENSSL_NO_DH */
288
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100289#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200290/* X509V3 Extensions that will be added on generated certificates */
291#define X509V3_EXT_SIZE 5
292static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
293 "basicConstraints",
294 "nsComment",
295 "subjectKeyIdentifier",
296 "authorityKeyIdentifier",
297 "keyUsage",
298};
299static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
300 "CA:FALSE",
301 "\"OpenSSL Generated Certificate\"",
302 "hash",
303 "keyid,issuer:always",
304 "nonRepudiation,digitalSignature,keyEncipherment"
305};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200306/* LRU cache to store generated certificate */
307static struct lru64_head *ssl_ctx_lru_tree = NULL;
308static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200309static unsigned int ssl_ctx_serial;
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100310__decl_hathreads(static HA_RWLOCK_T ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200311
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200312#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
313
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100314static struct ssl_bind_kw ssl_bind_kws[];
315
yanbzhube2774d2015-12-10 15:07:30 -0500316#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
317/* The order here matters for picking a default context,
318 * keep the most common keytype at the bottom of the list
319 */
320const char *SSL_SOCK_KEYTYPE_NAMES[] = {
321 "dsa",
322 "ecdsa",
323 "rsa"
324};
325#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100326#else
327#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500328#endif
329
William Lallemandc3cd35f2017-11-28 11:04:43 +0100330static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100331static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
332
333#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
334
335#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
336 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
337
338#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
339 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200340
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100341/*
342 * This function gives the detail of the SSL error. It is used only
343 * if the debug mode and the verbose mode are activated. It dump all
344 * the SSL error until the stack was empty.
345 */
346static forceinline void ssl_sock_dump_errors(struct connection *conn)
347{
348 unsigned long ret;
349
350 if (unlikely(global.mode & MODE_DEBUG)) {
351 while(1) {
352 ret = ERR_get_error();
353 if (ret == 0)
354 return;
355 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200356 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100357 ERR_func_error_string(ret), ERR_reason_error_string(ret));
358 }
359 }
360}
361
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200362#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500363/*
364 * struct alignment works here such that the key.key is the same as key_data
365 * Do not change the placement of key_data
366 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200367struct certificate_ocsp {
368 struct ebmb_node key;
369 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
370 struct chunk response;
371 long expire;
372};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200373
yanbzhube2774d2015-12-10 15:07:30 -0500374struct ocsp_cbk_arg {
375 int is_single;
376 int single_kt;
377 union {
378 struct certificate_ocsp *s_ocsp;
379 /*
380 * m_ocsp will have multiple entries dependent on key type
381 * Entry 0 - DSA
382 * Entry 1 - ECDSA
383 * Entry 2 - RSA
384 */
385 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
386 };
387};
388
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200389#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000390static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
391{
392 int err_code = ERR_ABORT;
393 ENGINE *engine;
394 struct ssl_engine_list *el;
395
396 /* grab the structural reference to the engine */
397 engine = ENGINE_by_id(engine_id);
398 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100399 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000400 goto fail_get;
401 }
402
403 if (!ENGINE_init(engine)) {
404 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100405 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000406 goto fail_init;
407 }
408
409 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100410 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000411 goto fail_set_method;
412 }
413
414 el = calloc(1, sizeof(*el));
415 el->e = engine;
416 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100417 nb_engines++;
418 if (global_ssl.async)
419 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000420 return 0;
421
422fail_set_method:
423 /* release the functional reference from ENGINE_init() */
424 ENGINE_finish(engine);
425
426fail_init:
427 /* release the structural reference from ENGINE_by_id() */
428 ENGINE_free(engine);
429
430fail_get:
431 return err_code;
432}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200433#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000434
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200435#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200436/*
437 * openssl async fd handler
438 */
439static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000440{
441 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000442
Emeric Brun3854e012017-05-17 20:42:48 +0200443 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000444 * to poll this fd until it is requested
445 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000446 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000447 fd_cant_recv(fd);
448
449 /* crypto engine is available, let's notify the associated
450 * connection that it can pursue its processing.
451 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000452 __conn_sock_want_recv(conn);
453 __conn_sock_want_send(conn);
454 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000455}
456
Emeric Brun3854e012017-05-17 20:42:48 +0200457/*
458 * openssl async delayed SSL_free handler
459 */
460static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000461{
462 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200463 OSSL_ASYNC_FD all_fd[32];
464 size_t num_all_fds = 0;
465 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000466
Emeric Brun3854e012017-05-17 20:42:48 +0200467 /* We suppose that the async job for a same SSL *
468 * are serialized. So if we are awake it is
469 * because the running job has just finished
470 * and we can remove all async fds safely
471 */
472 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
473 if (num_all_fds > 32) {
474 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
475 return;
476 }
477
478 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
479 for (i=0 ; i < num_all_fds ; i++)
480 fd_remove(all_fd[i]);
481
482 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000483 SSL_free(ssl);
484 sslconns--;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +0200485 HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000486}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000487/*
Emeric Brun3854e012017-05-17 20:42:48 +0200488 * function used to manage a returned SSL_ERROR_WANT_ASYNC
489 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000490 */
Emeric Brun3854e012017-05-17 20:42:48 +0200491static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000492{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100493 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200494 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000495 size_t num_add_fds = 0;
496 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200497 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000498
499 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
500 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200501 if (num_add_fds > 32 || num_del_fds > 32) {
502 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000503 return;
504 }
505
Emeric Brun3854e012017-05-17 20:42:48 +0200506 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000507
Emeric Brun3854e012017-05-17 20:42:48 +0200508 /* We remove unused fds from the fdtab */
509 for (i=0 ; i < num_del_fds ; i++)
510 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000511
Emeric Brun3854e012017-05-17 20:42:48 +0200512 /* We add new fds to the fdtab */
513 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100514 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000515 }
516
Emeric Brun3854e012017-05-17 20:42:48 +0200517 num_add_fds = 0;
518 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
519 if (num_add_fds > 32) {
520 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
521 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000522 }
Emeric Brun3854e012017-05-17 20:42:48 +0200523
524 /* We activate the polling for all known async fds */
525 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000526 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200527 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000528 /* To ensure that the fd cache won't be used
529 * We'll prefer to catch a real RD event
530 * because handling an EAGAIN on this fd will
531 * result in a context switch and also
532 * some engines uses a fd in blocking mode.
533 */
534 fd_cant_recv(add_fd[i]);
535 }
Emeric Brun3854e012017-05-17 20:42:48 +0200536
537 /* We must also prevent the conn_handler
538 * to be called until a read event was
539 * polled on an async fd
540 */
541 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000542}
543#endif
544
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200545/*
546 * This function returns the number of seconds elapsed
547 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
548 * date presented un ASN1_GENERALIZEDTIME.
549 *
550 * In parsing error case, it returns -1.
551 */
552static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
553{
554 long epoch;
555 char *p, *end;
556 const unsigned short month_offset[12] = {
557 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
558 };
559 int year, month;
560
561 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
562
563 p = (char *)d->data;
564 end = p + d->length;
565
566 if (end - p < 4) return -1;
567 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
568 p += 4;
569 if (end - p < 2) return -1;
570 month = 10 * (p[0] - '0') + p[1] - '0';
571 if (month < 1 || month > 12) return -1;
572 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
573 We consider leap years and the current month (<marsh or not) */
574 epoch = ( ((year - 1970) * 365)
575 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
576 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
577 + month_offset[month-1]
578 ) * 24 * 60 * 60;
579 p += 2;
580 if (end - p < 2) return -1;
581 /* Add the number of seconds of completed days of current month */
582 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
583 p += 2;
584 if (end - p < 2) return -1;
585 /* Add the completed hours of the current day */
586 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
587 p += 2;
588 if (end - p < 2) return -1;
589 /* Add the completed minutes of the current hour */
590 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
591 p += 2;
592 if (p == end) return -1;
593 /* Test if there is available seconds */
594 if (p[0] < '0' || p[0] > '9')
595 goto nosec;
596 if (end - p < 2) return -1;
597 /* Add the seconds of the current minute */
598 epoch += 10 * (p[0] - '0') + p[1] - '0';
599 p += 2;
600 if (p == end) return -1;
601 /* Ignore seconds float part if present */
602 if (p[0] == '.') {
603 do {
604 if (++p == end) return -1;
605 } while (p[0] >= '0' && p[0] <= '9');
606 }
607
608nosec:
609 if (p[0] == 'Z') {
610 if (end - p != 1) return -1;
611 return epoch;
612 }
613 else if (p[0] == '+') {
614 if (end - p != 5) return -1;
615 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700616 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200617 }
618 else if (p[0] == '-') {
619 if (end - p != 5) return -1;
620 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700621 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200622 }
623
624 return -1;
625}
626
Emeric Brun1d3865b2014-06-20 15:37:32 +0200627static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200628
629/* This function starts to check if the OCSP response (in DER format) contained
630 * in chunk 'ocsp_response' is valid (else exits on error).
631 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
632 * contained in the OCSP Response and exits on error if no match.
633 * If it's a valid OCSP Response:
634 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
635 * pointed by 'ocsp'.
636 * If 'ocsp' is NULL, the function looks up into the OCSP response's
637 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
638 * from the response) and exits on error if not found. Finally, If an OCSP response is
639 * already present in the container, it will be overwritten.
640 *
641 * Note: OCSP response containing more than one OCSP Single response is not
642 * considered valid.
643 *
644 * Returns 0 on success, 1 in error case.
645 */
646static int ssl_sock_load_ocsp_response(struct chunk *ocsp_response, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
647{
648 OCSP_RESPONSE *resp;
649 OCSP_BASICRESP *bs = NULL;
650 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200651 OCSP_CERTID *id;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200652 unsigned char *p = (unsigned char *)ocsp_response->str;
653 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200654 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200655 int reason;
656 int ret = 1;
657
658 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p, ocsp_response->len);
659 if (!resp) {
660 memprintf(err, "Unable to parse OCSP response");
661 goto out;
662 }
663
664 rc = OCSP_response_status(resp);
665 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
666 memprintf(err, "OCSP response status not successful");
667 goto out;
668 }
669
670 bs = OCSP_response_get1_basic(resp);
671 if (!bs) {
672 memprintf(err, "Failed to get basic response from OCSP Response");
673 goto out;
674 }
675
676 count_sr = OCSP_resp_count(bs);
677 if (count_sr > 1) {
678 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
679 goto out;
680 }
681
682 sr = OCSP_resp_get0(bs, 0);
683 if (!sr) {
684 memprintf(err, "Failed to get OCSP single response");
685 goto out;
686 }
687
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200688 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
689
Emeric Brun4147b2e2014-06-16 18:36:30 +0200690 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200691 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200692 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200693 goto out;
694 }
695
Emeric Brun13a6b482014-06-20 15:44:34 +0200696 if (!nextupd) {
697 memprintf(err, "OCSP single response: missing nextupdate");
698 goto out;
699 }
700
Emeric Brunc8b27b62014-06-19 14:16:17 +0200701 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200702 if (!rc) {
703 memprintf(err, "OCSP single response: no longer valid.");
704 goto out;
705 }
706
707 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200708 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200709 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
710 goto out;
711 }
712 }
713
714 if (!ocsp) {
715 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
716 unsigned char *p;
717
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200718 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200719 if (!rc) {
720 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
721 goto out;
722 }
723
724 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
725 memprintf(err, "OCSP single response: Certificate ID too long");
726 goto out;
727 }
728
729 p = key;
730 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200731 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200732 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
733 if (!ocsp) {
734 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
735 goto out;
736 }
737 }
738
739 /* According to comments on "chunk_dup", the
740 previous chunk buffer will be freed */
741 if (!chunk_dup(&ocsp->response, ocsp_response)) {
742 memprintf(err, "OCSP response: Memory allocation error");
743 goto out;
744 }
745
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200746 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
747
Emeric Brun4147b2e2014-06-16 18:36:30 +0200748 ret = 0;
749out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100750 ERR_clear_error();
751
Emeric Brun4147b2e2014-06-16 18:36:30 +0200752 if (bs)
753 OCSP_BASICRESP_free(bs);
754
755 if (resp)
756 OCSP_RESPONSE_free(resp);
757
758 return ret;
759}
760/*
761 * External function use to update the OCSP response in the OCSP response's
762 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
763 * to update in DER format.
764 *
765 * Returns 0 on success, 1 in error case.
766 */
767int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err)
768{
769 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
770}
771
772/*
773 * This function load the OCSP Resonse in DER format contained in file at
774 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
775 *
776 * Returns 0 on success, 1 in error case.
777 */
778static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
779{
780 int fd = -1;
781 int r = 0;
782 int ret = 1;
783
784 fd = open(ocsp_path, O_RDONLY);
785 if (fd == -1) {
786 memprintf(err, "Error opening OCSP response file");
787 goto end;
788 }
789
790 trash.len = 0;
791 while (trash.len < trash.size) {
792 r = read(fd, trash.str + trash.len, trash.size - trash.len);
793 if (r < 0) {
794 if (errno == EINTR)
795 continue;
796
797 memprintf(err, "Error reading OCSP response from file");
798 goto end;
799 }
800 else if (r == 0) {
801 break;
802 }
803 trash.len += r;
804 }
805
806 close(fd);
807 fd = -1;
808
809 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
810end:
811 if (fd != -1)
812 close(fd);
813
814 return ret;
815}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100816#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200817
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100818#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
819static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
820{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100821 struct tls_keys_ref *ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100822 struct tls_sess_key *keys;
823 struct connection *conn;
824 int head;
825 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100826 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100827
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200828 conn = SSL_get_ex_data(s, ssl_app_data_index);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100829 ref = objt_listener(conn->target)->bind_conf->keys_ref;
830 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
831
832 keys = ref->tlskeys;
833 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100834
835 if (enc) {
836 memcpy(key_name, keys[head].name, 16);
837
838 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100839 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100840
841 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100842 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100843
844 HMAC_Init_ex(hctx, keys[head].hmac_key, 16, HASH_FUNCT(), NULL);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100845 ret = 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100846 } else {
847 for (i = 0; i < TLS_TICKETS_NO; i++) {
848 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
849 goto found;
850 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100851 ret = 0;
852 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100853
Christopher Faulet16f45c82018-02-16 11:23:49 +0100854 found:
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100855 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].hmac_key, 16, HASH_FUNCT(), NULL);
856 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100857 goto end;
858
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100859 /* 2 for key renewal, 1 if current key is still valid */
Christopher Faulet16f45c82018-02-16 11:23:49 +0100860 ret = i ? 2 : 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100861 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100862 end:
863 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
864 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200865}
866
867struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
868{
869 struct tls_keys_ref *ref;
870
871 list_for_each_entry(ref, &tlskeys_reference, list)
872 if (ref->filename && strcmp(filename, ref->filename) == 0)
873 return ref;
874 return NULL;
875}
876
877struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
878{
879 struct tls_keys_ref *ref;
880
881 list_for_each_entry(ref, &tlskeys_reference, list)
882 if (ref->unique_id == unique_id)
883 return ref;
884 return NULL;
885}
886
Christopher Faulet16f45c82018-02-16 11:23:49 +0100887void ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref, struct chunk *tlskey)
888{
889 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
890 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)), tlskey->str, tlskey->len);
891 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
892 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
893}
894
895int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err)
896{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200897 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
898
899 if(!ref) {
900 memprintf(err, "Unable to locate the referenced filename: %s", filename);
901 return 1;
902 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100903 ssl_sock_update_tlskey_ref(ref, tlskey);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200904 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100905}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200906
907/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100908 * automatic ids. It's called just after the basic checks. It returns
909 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200910 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100911static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200912{
913 int i = 0;
914 struct tls_keys_ref *ref, *ref2, *ref3;
915 struct list tkr = LIST_HEAD_INIT(tkr);
916
917 list_for_each_entry(ref, &tlskeys_reference, list) {
918 if (ref->unique_id == -1) {
919 /* Look for the first free id. */
920 while (1) {
921 list_for_each_entry(ref2, &tlskeys_reference, list) {
922 if (ref2->unique_id == i) {
923 i++;
924 break;
925 }
926 }
927 if (&ref2->list == &tlskeys_reference)
928 break;
929 }
930
931 /* Uses the unique id and increment it for the next entry. */
932 ref->unique_id = i;
933 i++;
934 }
935 }
936
937 /* This sort the reference list by id. */
938 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
939 LIST_DEL(&ref->list);
940 list_for_each_entry(ref3, &tkr, list) {
941 if (ref->unique_id < ref3->unique_id) {
942 LIST_ADDQ(&ref3->list, &ref->list);
943 break;
944 }
945 }
946 if (&ref3->list == &tkr)
947 LIST_ADDQ(&tkr, &ref->list);
948 }
949
950 /* swap root */
951 LIST_ADD(&tkr, &tlskeys_reference);
952 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +0100953 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200954}
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100955#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
956
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100957#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -0500958int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
959{
960 switch (evp_keytype) {
961 case EVP_PKEY_RSA:
962 return 2;
963 case EVP_PKEY_DSA:
964 return 0;
965 case EVP_PKEY_EC:
966 return 1;
967 }
968
969 return -1;
970}
971
Emeric Brun4147b2e2014-06-16 18:36:30 +0200972/*
973 * Callback used to set OCSP status extension content in server hello.
974 */
975int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
976{
yanbzhube2774d2015-12-10 15:07:30 -0500977 struct certificate_ocsp *ocsp;
978 struct ocsp_cbk_arg *ocsp_arg;
979 char *ssl_buf;
980 EVP_PKEY *ssl_pkey;
981 int key_type;
982 int index;
983
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200984 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -0500985
986 ssl_pkey = SSL_get_privatekey(ssl);
987 if (!ssl_pkey)
988 return SSL_TLSEXT_ERR_NOACK;
989
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200990 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -0500991
992 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
993 ocsp = ocsp_arg->s_ocsp;
994 else {
995 /* For multiple certs per context, we have to find the correct OCSP response based on
996 * the certificate type
997 */
998 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
999
1000 if (index < 0)
1001 return SSL_TLSEXT_ERR_NOACK;
1002
1003 ocsp = ocsp_arg->m_ocsp[index];
1004
1005 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001006
1007 if (!ocsp ||
1008 !ocsp->response.str ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001009 !ocsp->response.len ||
1010 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001011 return SSL_TLSEXT_ERR_NOACK;
1012
1013 ssl_buf = OPENSSL_malloc(ocsp->response.len);
1014 if (!ssl_buf)
1015 return SSL_TLSEXT_ERR_NOACK;
1016
1017 memcpy(ssl_buf, ocsp->response.str, ocsp->response.len);
1018 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.len);
1019
1020 return SSL_TLSEXT_ERR_OK;
1021}
1022
1023/*
1024 * This function enables the handling of OCSP status extension on 'ctx' if a
1025 * file name 'cert_path' suffixed using ".ocsp" is present.
1026 * To enable OCSP status extension, the issuer's certificate is mandatory.
1027 * It should be present in the certificate's extra chain builded from file
1028 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1029 * named 'cert_path' suffixed using '.issuer'.
1030 *
1031 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1032 * response. If file is empty or content is not a valid OCSP response,
1033 * OCSP status extension is enabled but OCSP response is ignored (a warning
1034 * is displayed).
1035 *
1036 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
1037 * succesfully enabled, or -1 in other error case.
1038 */
1039static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1040{
1041
1042 BIO *in = NULL;
1043 X509 *x, *xi = NULL, *issuer = NULL;
1044 STACK_OF(X509) *chain = NULL;
1045 OCSP_CERTID *cid = NULL;
1046 SSL *ssl;
1047 char ocsp_path[MAXPATHLEN+1];
1048 int i, ret = -1;
1049 struct stat st;
1050 struct certificate_ocsp *ocsp = NULL, *iocsp;
1051 char *warn = NULL;
1052 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001053 pem_password_cb *passwd_cb;
1054 void *passwd_cb_userdata;
1055 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001056
1057 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1058
1059 if (stat(ocsp_path, &st))
1060 return 1;
1061
1062 ssl = SSL_new(ctx);
1063 if (!ssl)
1064 goto out;
1065
1066 x = SSL_get_certificate(ssl);
1067 if (!x)
1068 goto out;
1069
1070 /* Try to lookup for issuer in certificate extra chain */
1071#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1072 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1073#else
1074 chain = ctx->extra_certs;
1075#endif
1076 for (i = 0; i < sk_X509_num(chain); i++) {
1077 issuer = sk_X509_value(chain, i);
1078 if (X509_check_issued(issuer, x) == X509_V_OK)
1079 break;
1080 else
1081 issuer = NULL;
1082 }
1083
1084 /* If not found try to load issuer from a suffixed file */
1085 if (!issuer) {
1086 char issuer_path[MAXPATHLEN+1];
1087
1088 in = BIO_new(BIO_s_file());
1089 if (!in)
1090 goto out;
1091
1092 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1093 if (BIO_read_filename(in, issuer_path) <= 0)
1094 goto out;
1095
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001096 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1097 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1098
1099 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001100 if (!xi)
1101 goto out;
1102
1103 if (X509_check_issued(xi, x) != X509_V_OK)
1104 goto out;
1105
1106 issuer = xi;
1107 }
1108
1109 cid = OCSP_cert_to_id(0, x, issuer);
1110 if (!cid)
1111 goto out;
1112
1113 i = i2d_OCSP_CERTID(cid, NULL);
1114 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1115 goto out;
1116
Vincent Bernat02779b62016-04-03 13:48:43 +02001117 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001118 if (!ocsp)
1119 goto out;
1120
1121 p = ocsp->key_data;
1122 i2d_OCSP_CERTID(cid, &p);
1123
1124 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1125 if (iocsp == ocsp)
1126 ocsp = NULL;
1127
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001128#ifndef SSL_CTX_get_tlsext_status_cb
1129# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1130 *cb = (void (*) (void))ctx->tlsext_status_cb;
1131#endif
1132 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1133
1134 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001135 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001136 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001137
1138 cb_arg->is_single = 1;
1139 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001140
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001141 pkey = X509_get_pubkey(x);
1142 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1143 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001144
1145 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1146 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1147 } else {
1148 /*
1149 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1150 * Update that cb_arg with the new cert's staple
1151 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001152 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001153 struct certificate_ocsp *tmp_ocsp;
1154 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001155 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001156 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001157
1158#ifdef SSL_CTX_get_tlsext_status_arg
1159 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1160#else
1161 cb_arg = ctx->tlsext_status_arg;
1162#endif
yanbzhube2774d2015-12-10 15:07:30 -05001163
1164 /*
1165 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1166 * the order of operations below matter, take care when changing it
1167 */
1168 tmp_ocsp = cb_arg->s_ocsp;
1169 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1170 cb_arg->s_ocsp = NULL;
1171 cb_arg->m_ocsp[index] = tmp_ocsp;
1172 cb_arg->is_single = 0;
1173 cb_arg->single_kt = 0;
1174
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001175 pkey = X509_get_pubkey(x);
1176 key_type = EVP_PKEY_base_id(pkey);
1177 EVP_PKEY_free(pkey);
1178
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001179 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001180 if (index >= 0 && !cb_arg->m_ocsp[index])
1181 cb_arg->m_ocsp[index] = iocsp;
1182
1183 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001184
1185 ret = 0;
1186
1187 warn = NULL;
1188 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1189 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001190 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001191 }
1192
1193out:
1194 if (ssl)
1195 SSL_free(ssl);
1196
1197 if (in)
1198 BIO_free(in);
1199
1200 if (xi)
1201 X509_free(xi);
1202
1203 if (cid)
1204 OCSP_CERTID_free(cid);
1205
1206 if (ocsp)
1207 free(ocsp);
1208
1209 if (warn)
1210 free(warn);
1211
1212
1213 return ret;
1214}
1215
1216#endif
1217
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001218#ifdef OPENSSL_IS_BORINGSSL
1219static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1220{
1221 char ocsp_path[MAXPATHLEN+1];
1222 struct stat st;
1223 int fd = -1, r = 0;
1224
1225 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1226 if (stat(ocsp_path, &st))
1227 return 0;
1228
1229 fd = open(ocsp_path, O_RDONLY);
1230 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001231 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001232 return -1;
1233 }
1234
1235 trash.len = 0;
1236 while (trash.len < trash.size) {
1237 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1238 if (r < 0) {
1239 if (errno == EINTR)
1240 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001241 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001242 close(fd);
1243 return -1;
1244 }
1245 else if (r == 0) {
1246 break;
1247 }
1248 trash.len += r;
1249 }
1250 close(fd);
1251 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)trash.str, trash.len);
1252}
1253#endif
1254
Daniel Jakots54ffb912015-11-06 20:02:41 +01001255#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001256
1257#define CT_EXTENSION_TYPE 18
1258
1259static int sctl_ex_index = -1;
1260
1261/*
1262 * Try to parse Signed Certificate Timestamp List structure. This function
1263 * makes only basic test if the data seems like SCTL. No signature validation
1264 * is performed.
1265 */
1266static int ssl_sock_parse_sctl(struct chunk *sctl)
1267{
1268 int ret = 1;
1269 int len, pos, sct_len;
1270 unsigned char *data;
1271
1272 if (sctl->len < 2)
1273 goto out;
1274
1275 data = (unsigned char *)sctl->str;
1276 len = (data[0] << 8) | data[1];
1277
1278 if (len + 2 != sctl->len)
1279 goto out;
1280
1281 data = data + 2;
1282 pos = 0;
1283 while (pos < len) {
1284 if (len - pos < 2)
1285 goto out;
1286
1287 sct_len = (data[pos] << 8) | data[pos + 1];
1288 if (pos + sct_len + 2 > len)
1289 goto out;
1290
1291 pos += sct_len + 2;
1292 }
1293
1294 ret = 0;
1295
1296out:
1297 return ret;
1298}
1299
1300static int ssl_sock_load_sctl_from_file(const char *sctl_path, struct chunk **sctl)
1301{
1302 int fd = -1;
1303 int r = 0;
1304 int ret = 1;
1305
1306 *sctl = NULL;
1307
1308 fd = open(sctl_path, O_RDONLY);
1309 if (fd == -1)
1310 goto end;
1311
1312 trash.len = 0;
1313 while (trash.len < trash.size) {
1314 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1315 if (r < 0) {
1316 if (errno == EINTR)
1317 continue;
1318
1319 goto end;
1320 }
1321 else if (r == 0) {
1322 break;
1323 }
1324 trash.len += r;
1325 }
1326
1327 ret = ssl_sock_parse_sctl(&trash);
1328 if (ret)
1329 goto end;
1330
Vincent Bernat02779b62016-04-03 13:48:43 +02001331 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001332 if (!chunk_dup(*sctl, &trash)) {
1333 free(*sctl);
1334 *sctl = NULL;
1335 goto end;
1336 }
1337
1338end:
1339 if (fd != -1)
1340 close(fd);
1341
1342 return ret;
1343}
1344
1345int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1346{
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001347 struct chunk *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001348
1349 *out = (unsigned char *)sctl->str;
1350 *outlen = sctl->len;
1351
1352 return 1;
1353}
1354
1355int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1356{
1357 return 1;
1358}
1359
1360static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1361{
1362 char sctl_path[MAXPATHLEN+1];
1363 int ret = -1;
1364 struct stat st;
1365 struct chunk *sctl = NULL;
1366
1367 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1368
1369 if (stat(sctl_path, &st))
1370 return 1;
1371
1372 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1373 goto out;
1374
1375 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1376 free(sctl);
1377 goto out;
1378 }
1379
1380 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1381
1382 ret = 0;
1383
1384out:
1385 return ret;
1386}
1387
1388#endif
1389
Emeric Brune1f38db2012-09-03 20:36:47 +02001390void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1391{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001392 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001393 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001394 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001395
1396 if (where & SSL_CB_HANDSHAKE_START) {
1397 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001398 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001399 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001400 conn->err_code = CO_ER_SSL_RENEG;
1401 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001402 }
Emeric Brund8b2bb52014-01-28 15:43:53 +01001403
1404 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1405 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1406 /* Long certificate chains optimz
1407 If write and read bios are differents, we
1408 consider that the buffering was activated,
1409 so we rise the output buffer size from 4k
1410 to 16k */
1411 write_bio = SSL_get_wbio(ssl);
1412 if (write_bio != SSL_get_rbio(ssl)) {
1413 BIO_set_write_buffer_size(write_bio, 16384);
1414 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1415 }
1416 }
1417 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001418}
1419
Emeric Brune64aef12012-09-21 13:15:06 +02001420/* Callback is called for each certificate of the chain during a verify
1421 ok is set to 1 if preverify detect no error on current certificate.
1422 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001423int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001424{
1425 SSL *ssl;
1426 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001427 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001428
1429 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001430 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001431
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001432 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001433
Emeric Brun81c00f02012-09-21 14:31:21 +02001434 if (ok) /* no errors */
1435 return ok;
1436
1437 depth = X509_STORE_CTX_get_error_depth(x_store);
1438 err = X509_STORE_CTX_get_error(x_store);
1439
1440 /* check if CA error needs to be ignored */
1441 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001442 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1443 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1444 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001445 }
1446
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001447 if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001448 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001449 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001450 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001451 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001452
Willy Tarreau20879a02012-12-03 16:32:10 +01001453 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001454 return 0;
1455 }
1456
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001457 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1458 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001459
Emeric Brun81c00f02012-09-21 14:31:21 +02001460 /* check if certificate error needs to be ignored */
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001461 if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001462 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001463 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001464 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001465 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001466
Willy Tarreau20879a02012-12-03 16:32:10 +01001467 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001468 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001469}
1470
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001471static inline
1472void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001473 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001474{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001475 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001476 unsigned char *msg;
1477 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001478 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001479
1480 /* This function is called for "from client" and "to server"
1481 * connections. The combination of write_p == 0 and content_type == 22
1482 * is only avalaible during "from client" connection.
1483 */
1484
1485 /* "write_p" is set to 0 is the bytes are received messages,
1486 * otherwise it is set to 1.
1487 */
1488 if (write_p != 0)
1489 return;
1490
1491 /* content_type contains the type of message received or sent
1492 * according with the SSL/TLS protocol spec. This message is
1493 * encoded with one byte. The value 256 (two bytes) is used
1494 * for designing the SSL/TLS record layer. According with the
1495 * rfc6101, the expected message (other than 256) are:
1496 * - change_cipher_spec(20)
1497 * - alert(21)
1498 * - handshake(22)
1499 * - application_data(23)
1500 * - (255)
1501 * We are interessed by the handshake and specially the client
1502 * hello.
1503 */
1504 if (content_type != 22)
1505 return;
1506
1507 /* The message length is at least 4 bytes, containing the
1508 * message type and the message length.
1509 */
1510 if (len < 4)
1511 return;
1512
1513 /* First byte of the handshake message id the type of
1514 * message. The konwn types are:
1515 * - hello_request(0)
1516 * - client_hello(1)
1517 * - server_hello(2)
1518 * - certificate(11)
1519 * - server_key_exchange (12)
1520 * - certificate_request(13)
1521 * - server_hello_done(14)
1522 * We are interested by the client hello.
1523 */
1524 msg = (unsigned char *)buf;
1525 if (msg[0] != 1)
1526 return;
1527
1528 /* Next three bytes are the length of the message. The total length
1529 * must be this decoded length + 4. If the length given as argument
1530 * is not the same, we abort the protocol dissector.
1531 */
1532 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1533 if (len < rec_len + 4)
1534 return;
1535 msg += 4;
1536 end = msg + rec_len;
1537 if (end < msg)
1538 return;
1539
1540 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1541 * for minor, the random, composed by 4 bytes for the unix time and
1542 * 28 bytes for unix payload, and them 1 byte for the session id. So
1543 * we jump 1 + 1 + 4 + 28 + 1 bytes.
1544 */
1545 msg += 1 + 1 + 4 + 28 + 1;
1546 if (msg > end)
1547 return;
1548
1549 /* Next two bytes are the ciphersuite length. */
1550 if (msg + 2 > end)
1551 return;
1552 rec_len = (msg[0] << 8) + msg[1];
1553 msg += 2;
1554 if (msg + rec_len > end || msg + rec_len < msg)
1555 return;
1556
Willy Tarreaubafbe012017-11-24 17:34:44 +01001557 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001558 if (!capture)
1559 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001560 /* Compute the xxh64 of the ciphersuite. */
1561 capture->xxh64 = XXH64(msg, rec_len, 0);
1562
1563 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001564 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1565 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001566 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001567
1568 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001569}
1570
Emeric Brun29f037d2014-04-25 19:05:36 +02001571/* Callback is called for ssl protocol analyse */
1572void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1573{
Emeric Brun29f037d2014-04-25 19:05:36 +02001574#ifdef TLS1_RT_HEARTBEAT
1575 /* test heartbeat received (write_p is set to 0
1576 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001577 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001578 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001579 const unsigned char *p = buf;
1580 unsigned int payload;
1581
Emeric Brun29f037d2014-04-25 19:05:36 +02001582 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001583
1584 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1585 if (*p != TLS1_HB_REQUEST)
1586 return;
1587
Willy Tarreauaeed6722014-04-25 23:59:58 +02001588 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001589 goto kill_it;
1590
1591 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001592 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001593 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001594 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001595 /* We have a clear heartbleed attack (CVE-2014-0160), the
1596 * advertised payload is larger than the advertised packet
1597 * length, so we have garbage in the buffer between the
1598 * payload and the end of the buffer (p+len). We can't know
1599 * if the SSL stack is patched, and we don't know if we can
1600 * safely wipe out the area between p+3+len and payload.
1601 * So instead, we prevent the response from being sent by
1602 * setting the max_send_fragment to 0 and we report an SSL
1603 * error, which will kill this connection. It will be reported
1604 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001605 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1606 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001607 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001608 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1609 return;
1610 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001611#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001612 if (global_ssl.capture_cipherlist > 0)
1613 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001614}
1615
Bernard Spil13c53f82018-02-15 13:34:58 +01001616#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001617/* This callback is used so that the server advertises the list of
1618 * negociable protocols for NPN.
1619 */
1620static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1621 unsigned int *len, void *arg)
1622{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001623 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001624
1625 *data = (const unsigned char *)conf->npn_str;
1626 *len = conf->npn_len;
1627 return SSL_TLSEXT_ERR_OK;
1628}
1629#endif
1630
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001631#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001632/* This callback is used so that the server advertises the list of
1633 * negociable protocols for ALPN.
1634 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001635static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1636 unsigned char *outlen,
1637 const unsigned char *server,
1638 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001639{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001640 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001641
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001642 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1643 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1644 return SSL_TLSEXT_ERR_NOACK;
1645 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001646 return SSL_TLSEXT_ERR_OK;
1647}
1648#endif
1649
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001650#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001651#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001652
Christopher Faulet30548802015-06-11 13:39:32 +02001653/* Create a X509 certificate with the specified servername and serial. This
1654 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001655static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001656ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001657{
Christopher Faulet7969a332015-10-09 11:15:03 +02001658 X509 *cacert = bind_conf->ca_sign_cert;
1659 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001660 SSL_CTX *ssl_ctx = NULL;
1661 X509 *newcrt = NULL;
1662 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001663 SSL *tmp_ssl = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001664 X509_NAME *name;
1665 const EVP_MD *digest;
1666 X509V3_CTX ctx;
1667 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001668 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001669
Christopher Faulet48a83322017-07-28 16:56:09 +02001670 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001671#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1672 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1673#else
1674 tmp_ssl = SSL_new(bind_conf->default_ctx);
1675 if (tmp_ssl)
1676 pkey = SSL_get_privatekey(tmp_ssl);
1677#endif
1678 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001679 goto mkcert_error;
1680
1681 /* Create the certificate */
1682 if (!(newcrt = X509_new()))
1683 goto mkcert_error;
1684
1685 /* Set version number for the certificate (X509v3) and the serial
1686 * number */
1687 if (X509_set_version(newcrt, 2L) != 1)
1688 goto mkcert_error;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001689 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001690
1691 /* Set duration for the certificate */
1692 if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
1693 !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
1694 goto mkcert_error;
1695
1696 /* set public key in the certificate */
1697 if (X509_set_pubkey(newcrt, pkey) != 1)
1698 goto mkcert_error;
1699
1700 /* Set issuer name from the CA */
1701 if (!(name = X509_get_subject_name(cacert)))
1702 goto mkcert_error;
1703 if (X509_set_issuer_name(newcrt, name) != 1)
1704 goto mkcert_error;
1705
1706 /* Set the subject name using the same, but the CN */
1707 name = X509_NAME_dup(name);
1708 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1709 (const unsigned char *)servername,
1710 -1, -1, 0) != 1) {
1711 X509_NAME_free(name);
1712 goto mkcert_error;
1713 }
1714 if (X509_set_subject_name(newcrt, name) != 1) {
1715 X509_NAME_free(name);
1716 goto mkcert_error;
1717 }
1718 X509_NAME_free(name);
1719
1720 /* Add x509v3 extensions as specified */
1721 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1722 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1723 X509_EXTENSION *ext;
1724
1725 if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
1726 goto mkcert_error;
1727 if (!X509_add_ext(newcrt, ext, -1)) {
1728 X509_EXTENSION_free(ext);
1729 goto mkcert_error;
1730 }
1731 X509_EXTENSION_free(ext);
1732 }
1733
1734 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001735
1736 key_type = EVP_PKEY_base_id(capkey);
1737
1738 if (key_type == EVP_PKEY_DSA)
1739 digest = EVP_sha1();
1740 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001741 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001742 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001743 digest = EVP_sha256();
1744 else {
Christopher Faulete7db2162015-10-19 13:59:24 +02001745#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001746 int nid;
1747
1748 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1749 goto mkcert_error;
1750 if (!(digest = EVP_get_digestbynid(nid)))
1751 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001752#else
1753 goto mkcert_error;
1754#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001755 }
1756
Christopher Faulet31af49d2015-06-09 17:29:50 +02001757 if (!(X509_sign(newcrt, capkey, digest)))
1758 goto mkcert_error;
1759
1760 /* Create and set the new SSL_CTX */
1761 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1762 goto mkcert_error;
1763 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1764 goto mkcert_error;
1765 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1766 goto mkcert_error;
1767 if (!SSL_CTX_check_private_key(ssl_ctx))
1768 goto mkcert_error;
1769
1770 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001771
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001772#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001773 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001774#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001775#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1776 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001777 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001778 EC_KEY *ecc;
1779 int nid;
1780
1781 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1782 goto end;
1783 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1784 goto end;
1785 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1786 EC_KEY_free(ecc);
1787 }
1788#endif
1789 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001790 return ssl_ctx;
1791
1792 mkcert_error:
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001793 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001794 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1795 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001796 return NULL;
1797}
1798
Christopher Faulet7969a332015-10-09 11:15:03 +02001799SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001800ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001801{
1802 struct bind_conf *bind_conf = objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001803
1804 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001805}
1806
Christopher Faulet30548802015-06-11 13:39:32 +02001807/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001808 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001809SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001810ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001811{
1812 struct lru64 *lru = NULL;
1813
1814 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001815 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001816 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001817 if (lru && lru->domain) {
1818 if (ssl)
1819 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001820 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001821 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001822 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001823 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001824 }
1825 return NULL;
1826}
1827
Emeric Brun821bb9b2017-06-15 16:37:39 +02001828/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1829 * function is not thread-safe, it should only be used to check if a certificate
1830 * exists in the lru cache (with no warranty it will not be removed by another
1831 * thread). It is kept for backward compatibility. */
1832SSL_CTX *
1833ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1834{
1835 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1836}
1837
Christopher Fauletd2cab922015-07-28 16:03:47 +02001838/* Set a certificate int the LRU cache used to store generated
1839 * certificate. Return 0 on success, otherwise -1 */
1840int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001841ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001842{
1843 struct lru64 *lru = NULL;
1844
1845 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001846 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001847 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001848 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001849 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001850 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001851 }
Christopher Faulet30548802015-06-11 13:39:32 +02001852 if (lru->domain && lru->data)
1853 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001854 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001855 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001856 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001857 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001858 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001859}
1860
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001861/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001862unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001863ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001864{
1865 return XXH32(data, len, ssl_ctx_lru_seed);
1866}
1867
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001868/* Generate a cert and immediately assign it to the SSL session so that the cert's
1869 * refcount is maintained regardless of the cert's presence in the LRU cache.
1870 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001871static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001872ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001873{
1874 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001875 SSL_CTX *ssl_ctx = NULL;
1876 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001877 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001878
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001879 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001880 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001881 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001882 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001883 if (lru && lru->domain)
1884 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001885 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001886 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001887 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001888 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001889 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001890 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001891 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001892 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001893 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001894 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001895 SSL_set_SSL_CTX(ssl, ssl_ctx);
1896 /* No LRU cache, this CTX will be released as soon as the session dies */
1897 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001898 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001899 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001900 return 0;
1901}
1902static int
1903ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
1904{
1905 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001906 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001907
1908 conn_get_to_addr(conn);
1909 if (conn->flags & CO_FL_ADDR_TO_SET) {
1910 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02001911 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001912 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001913 }
1914 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001915}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001916#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02001917
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001918
1919#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
1920#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
1921#endif
1922
1923#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
1924#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
1925#define SSL_renegotiate_pending(arg) 0
1926#endif
1927#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
1928#define SSL_OP_SINGLE_ECDH_USE 0
1929#endif
1930#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
1931#define SSL_OP_NO_TICKET 0
1932#endif
1933#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
1934#define SSL_OP_NO_COMPRESSION 0
1935#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001936#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
1937#undef SSL_OP_NO_SSLv3
1938#define SSL_OP_NO_SSLv3 0
1939#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001940#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
1941#define SSL_OP_NO_TLSv1_1 0
1942#endif
1943#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
1944#define SSL_OP_NO_TLSv1_2 0
1945#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02001946#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001947#define SSL_OP_NO_TLSv1_3 0
1948#endif
1949#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
1950#define SSL_OP_SINGLE_DH_USE 0
1951#endif
1952#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
1953#define SSL_OP_SINGLE_ECDH_USE 0
1954#endif
1955#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
1956#define SSL_MODE_RELEASE_BUFFERS 0
1957#endif
1958#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
1959#define SSL_MODE_SMALL_BUFFERS 0
1960#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02001961#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
1962#define SSL_OP_PRIORITIZE_CHACHA 0
1963#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001964
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02001965#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001966typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
1967
1968static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001969{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001970#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001971 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001972 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
1973#endif
1974}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001975static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
1976 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001977 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
1978}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001979static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001980#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001981 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001982 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
1983#endif
1984}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001985static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001986#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001987 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001988 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
1989#endif
1990}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001991/* TLS 1.2 is the last supported version in this context. */
1992static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
1993/* Unusable in this context. */
1994static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
1995static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
1996static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
1997static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
1998static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001999#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002000typedef enum { SET_MIN, SET_MAX } set_context_func;
2001
2002static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2003 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002004 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2005}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002006static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2007 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2008 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2009}
2010static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2011 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002012 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2013}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002014static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2015 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2016 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2017}
2018static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2019 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002020 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2021}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002022static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2023 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2024 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2025}
2026static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2027 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002028 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2029}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002030static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2031 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2032 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2033}
2034static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002035#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002036 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002037 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2038#endif
2039}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002040static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2041#if SSL_OP_NO_TLSv1_3
2042 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2043 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002044#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002045}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002046#endif
2047static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2048static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002049
2050static struct {
2051 int option;
2052 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002053 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2054 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002055 const char *name;
2056} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002057 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2058 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2059 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2060 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2061 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2062 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002063};
2064
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002065static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2066{
2067 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2068 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2069 SSL_set_SSL_CTX(ssl, ctx);
2070}
2071
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002072#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002073
2074static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2075{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002076 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002077 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002078
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002079 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2080 return SSL_TLSEXT_ERR_OK;
2081 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002082}
2083
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002084#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002085static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2086{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002087 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002088#else
2089static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2090{
2091#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002092 struct connection *conn;
2093 struct bind_conf *s;
2094 const uint8_t *extension_data;
2095 size_t extension_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002096 int has_rsa = 0, has_ecdsa = 0, has_ecdsa_sig = 0;
2097
2098 char *wildp = NULL;
2099 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002100 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002101 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002102 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002103 int i;
2104
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002105 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002106 s = objt_listener(conn->target)->bind_conf;
2107
Olivier Houchard9679ac92017-10-27 14:58:08 +02002108 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002109 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002110#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002111 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2112 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002113#else
2114 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2115#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002116 /*
2117 * The server_name extension was given too much extensibility when it
2118 * was written, so parsing the normal case is a bit complex.
2119 */
2120 size_t len;
2121 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002122 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002123 /* Extract the length of the supplied list of names. */
2124 len = (*extension_data++) << 8;
2125 len |= *extension_data++;
2126 if (len + 2 != extension_len)
2127 goto abort;
2128 /*
2129 * The list in practice only has a single element, so we only consider
2130 * the first one.
2131 */
2132 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2133 goto abort;
2134 extension_len = len - 1;
2135 /* Now we can finally pull out the byte array with the actual hostname. */
2136 if (extension_len <= 2)
2137 goto abort;
2138 len = (*extension_data++) << 8;
2139 len |= *extension_data++;
2140 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2141 || memchr(extension_data, 0, len) != NULL)
2142 goto abort;
2143 servername = extension_data;
2144 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002145 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002146#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2147 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002148 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002149 }
2150#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002151 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002152 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002153 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002154 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002155 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002156 goto abort;
2157 }
2158
2159 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002160#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002161 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002162#else
2163 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2164#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002165 uint8_t sign;
2166 size_t len;
2167 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002168 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002169 len = (*extension_data++) << 8;
2170 len |= *extension_data++;
2171 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002172 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002173 if (len % 2 != 0)
2174 goto abort;
2175 for (; len > 0; len -= 2) {
2176 extension_data++; /* hash */
2177 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002178 switch (sign) {
2179 case TLSEXT_signature_rsa:
2180 has_rsa = 1;
2181 break;
2182 case TLSEXT_signature_ecdsa:
2183 has_ecdsa_sig = 1;
2184 break;
2185 default:
2186 continue;
2187 }
2188 if (has_ecdsa_sig && has_rsa)
2189 break;
2190 }
2191 } else {
2192 /* without TLSEXT_TYPE_signature_algorithms extension (< TLS 1.2) */
2193 has_rsa = 1;
2194 }
2195 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002196 const SSL_CIPHER *cipher;
2197 size_t len;
2198 const uint8_t *cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002199#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002200 len = ctx->cipher_suites_len;
2201 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002202#else
2203 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2204#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002205 if (len % 2 != 0)
2206 goto abort;
2207 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002208#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002209 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002210 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002211#else
2212 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2213#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002214 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002215 has_ecdsa = 1;
2216 break;
2217 }
2218 }
2219 }
2220
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002221 for (i = 0; i < trash.size && i < servername_len; i++) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002222 trash.str[i] = tolower(servername[i]);
2223 if (!wildp && (trash.str[i] == '.'))
2224 wildp = &trash.str[i];
2225 }
2226 trash.str[i] = 0;
2227
2228 /* lookup in full qualified names */
2229 node = ebst_lookup(&s->sni_ctx, trash.str);
2230
2231 /* lookup a not neg filter */
2232 for (n = node; n; n = ebmb_next_dup(n)) {
2233 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002234 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002235 case TLSEXT_signature_ecdsa:
2236 if (has_ecdsa) {
2237 node_ecdsa = n;
2238 goto find_one;
2239 }
2240 break;
2241 case TLSEXT_signature_rsa:
2242 if (has_rsa && !node_rsa) {
2243 node_rsa = n;
2244 if (!has_ecdsa)
2245 goto find_one;
2246 }
2247 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002248 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002249 if (!node_anonymous)
2250 node_anonymous = n;
2251 break;
2252 }
2253 }
2254 }
2255 if (wildp) {
2256 /* lookup in wildcards names */
2257 node = ebst_lookup(&s->sni_w_ctx, wildp);
2258 for (n = node; n; n = ebmb_next_dup(n)) {
2259 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002260 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002261 case TLSEXT_signature_ecdsa:
2262 if (has_ecdsa) {
2263 node_ecdsa = n;
2264 goto find_one;
2265 }
2266 break;
2267 case TLSEXT_signature_rsa:
2268 if (has_rsa && !node_rsa) {
2269 node_rsa = n;
2270 if (!has_ecdsa)
2271 goto find_one;
2272 }
2273 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002274 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002275 if (!node_anonymous)
2276 node_anonymous = n;
2277 break;
2278 }
2279 }
2280 }
2281 }
2282 find_one:
2283 /* select by key_signature priority order */
2284 node = node_ecdsa ? node_ecdsa : (node_rsa ? node_rsa : node_anonymous);
2285
2286 if (node) {
2287 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002288 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002289 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002290 if (conf) {
2291 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2292 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2293 if (conf->early_data)
2294 allow_early = 1;
2295 }
2296 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002297 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002298#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2299 if (s->generate_certs && ssl_sock_generate_certificate(trash.str, s, ssl)) {
2300 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002301 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002302 }
2303#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002304 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002305 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002306 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002307 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002308allow_early:
2309#ifdef OPENSSL_IS_BORINGSSL
2310 if (allow_early)
2311 SSL_set_early_data_enabled(ssl, 1);
2312#else
2313 if (!allow_early)
2314 SSL_set_max_early_data(ssl, 0);
2315#endif
2316 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002317 abort:
2318 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2319 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002320#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002321 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002322#else
2323 *al = SSL_AD_UNRECOGNIZED_NAME;
2324 return 0;
2325#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002326}
2327
2328#else /* OPENSSL_IS_BORINGSSL */
2329
Emeric Brunfc0421f2012-09-07 17:30:07 +02002330/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2331 * warning when no match is found, which implies the default (first) cert
2332 * will keep being used.
2333 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002334static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002335{
2336 const char *servername;
2337 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002338 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002339 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002340 int i;
2341 (void)al; /* shut gcc stupid warning */
2342
2343 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002344 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002345#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002346 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2347 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002348#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002349 if (s->strict_sni)
2350 return SSL_TLSEXT_ERR_ALERT_FATAL;
2351 ssl_sock_switchctx_set(ssl, s->default_ctx);
2352 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002353 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002354
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002355 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002356 if (!servername[i])
2357 break;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002358 trash.str[i] = tolower(servername[i]);
2359 if (!wildp && (trash.str[i] == '.'))
2360 wildp = &trash.str[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002361 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002362 trash.str[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002363
2364 /* lookup in full qualified names */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002365 node = ebst_lookup(&s->sni_ctx, trash.str);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002366
2367 /* lookup a not neg filter */
2368 for (n = node; n; n = ebmb_next_dup(n)) {
2369 if (!container_of(n, struct sni_ctx, name)->neg) {
2370 node = n;
2371 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002372 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002373 }
2374 if (!node && wildp) {
2375 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002376 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002377 }
2378 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002379#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002380 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2381 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002382 return SSL_TLSEXT_ERR_OK;
2383 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002384#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002385 if (s->strict_sni)
2386 return SSL_TLSEXT_ERR_ALERT_FATAL;
2387 ssl_sock_switchctx_set(ssl, s->default_ctx);
2388 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002389 }
2390
2391 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002392 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002393 return SSL_TLSEXT_ERR_OK;
2394}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002395#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002396#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2397
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002398#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002399
2400static DH * ssl_get_dh_1024(void)
2401{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002402 static unsigned char dh1024_p[]={
2403 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2404 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2405 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2406 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2407 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2408 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2409 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2410 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2411 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2412 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2413 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2414 };
2415 static unsigned char dh1024_g[]={
2416 0x02,
2417 };
2418
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002419 BIGNUM *p;
2420 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002421 DH *dh = DH_new();
2422 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002423 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2424 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002425
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002426 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002427 DH_free(dh);
2428 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002429 } else {
2430 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002431 }
2432 }
2433 return dh;
2434}
2435
2436static DH *ssl_get_dh_2048(void)
2437{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002438 static unsigned char dh2048_p[]={
2439 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2440 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2441 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2442 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2443 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2444 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2445 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2446 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2447 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2448 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2449 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2450 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2451 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2452 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2453 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2454 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2455 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2456 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2457 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2458 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2459 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2460 0xB7,0x1F,0x77,0xF3,
2461 };
2462 static unsigned char dh2048_g[]={
2463 0x02,
2464 };
2465
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002466 BIGNUM *p;
2467 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002468 DH *dh = DH_new();
2469 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002470 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2471 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002472
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002473 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002474 DH_free(dh);
2475 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002476 } else {
2477 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002478 }
2479 }
2480 return dh;
2481}
2482
2483static DH *ssl_get_dh_4096(void)
2484{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002485 static unsigned char dh4096_p[]={
2486 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2487 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2488 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2489 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2490 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2491 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2492 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2493 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2494 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2495 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2496 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2497 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2498 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2499 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2500 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2501 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2502 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2503 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2504 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2505 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2506 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2507 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2508 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2509 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2510 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2511 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2512 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2513 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2514 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2515 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2516 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2517 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2518 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2519 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2520 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2521 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2522 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2523 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2524 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2525 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2526 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2527 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2528 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002529 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002530 static unsigned char dh4096_g[]={
2531 0x02,
2532 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002533
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002534 BIGNUM *p;
2535 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002536 DH *dh = DH_new();
2537 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002538 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2539 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002540
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002541 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002542 DH_free(dh);
2543 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002544 } else {
2545 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002546 }
2547 }
2548 return dh;
2549}
2550
2551/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002552 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002553static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2554{
2555 DH *dh = NULL;
2556 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002557 int type;
2558
2559 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002560
2561 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2562 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2563 */
2564 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2565 keylen = EVP_PKEY_bits(pkey);
2566 }
2567
Willy Tarreauef934602016-12-22 23:12:01 +01002568 if (keylen > global_ssl.default_dh_param) {
2569 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002570 }
2571
Remi Gacogned3a341a2015-05-29 16:26:17 +02002572 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002573 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002574 }
2575 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002576 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002577 }
2578 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002579 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002580 }
2581
2582 return dh;
2583}
2584
Remi Gacogne47783ef2015-05-29 15:53:22 +02002585static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002586{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002587 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002588 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002589
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002590 if (in == NULL)
2591 goto end;
2592
Remi Gacogne47783ef2015-05-29 15:53:22 +02002593 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002594 goto end;
2595
Remi Gacogne47783ef2015-05-29 15:53:22 +02002596 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2597
2598end:
2599 if (in)
2600 BIO_free(in);
2601
2602 return dh;
2603}
2604
2605int ssl_sock_load_global_dh_param_from_file(const char *filename)
2606{
2607 global_dh = ssl_sock_get_dh_from_file(filename);
2608
2609 if (global_dh) {
2610 return 0;
2611 }
2612
2613 return -1;
2614}
2615
2616/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
2617 if an error occured, and 0 if parameter not found. */
2618int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2619{
2620 int ret = -1;
2621 DH *dh = ssl_sock_get_dh_from_file(file);
2622
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002623 if (dh) {
2624 ret = 1;
2625 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002626
2627 if (ssl_dh_ptr_index >= 0) {
2628 /* store a pointer to the DH params to avoid complaining about
2629 ssl-default-dh-param not being set for this SSL_CTX */
2630 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2631 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002632 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002633 else if (global_dh) {
2634 SSL_CTX_set_tmp_dh(ctx, global_dh);
2635 ret = 0; /* DH params not found */
2636 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002637 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002638 /* Clear openssl global errors stack */
2639 ERR_clear_error();
2640
Willy Tarreauef934602016-12-22 23:12:01 +01002641 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002642 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002643 if (local_dh_1024 == NULL)
2644 local_dh_1024 = ssl_get_dh_1024();
2645
Remi Gacogne8de54152014-07-15 11:36:40 +02002646 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002647 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002648
Remi Gacogne8de54152014-07-15 11:36:40 +02002649 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002650 }
2651 else {
2652 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2653 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002654
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002655 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002656 }
Emeric Brun644cde02012-12-14 11:21:13 +01002657
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002658end:
2659 if (dh)
2660 DH_free(dh);
2661
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002662 return ret;
2663}
2664#endif
2665
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002666static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002667 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002668{
2669 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002670 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002671 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002672
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002673 if (*name == '!') {
2674 neg = 1;
2675 name++;
2676 }
2677 if (*name == '*') {
2678 wild = 1;
2679 name++;
2680 }
2681 /* !* filter is a nop */
2682 if (neg && wild)
2683 return order;
2684 if (*name) {
2685 int j, len;
2686 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002687 for (j = 0; j < len && j < trash.size; j++)
2688 trash.str[j] = tolower(name[j]);
2689 if (j >= trash.size)
2690 return order;
2691 trash.str[j] = 0;
2692
2693 /* Check for duplicates. */
2694 if (wild)
2695 node = ebst_lookup(&s->sni_w_ctx, trash.str);
2696 else
2697 node = ebst_lookup(&s->sni_ctx, trash.str);
2698 for (; node; node = ebmb_next_dup(node)) {
2699 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002700 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002701 return order;
2702 }
2703
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002704 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002705 if (!sc)
2706 return order;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002707 memcpy(sc->name.key, trash.str, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002708 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002709 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002710 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002711 sc->order = order++;
2712 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002713 if (kinfo.sig != TLSEXT_signature_anonymous)
2714 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002715 if (wild)
2716 ebst_insert(&s->sni_w_ctx, &sc->name);
2717 else
2718 ebst_insert(&s->sni_ctx, &sc->name);
2719 }
2720 return order;
2721}
2722
yanbzhu488a4d22015-12-01 15:16:07 -05002723
2724/* The following code is used for loading multiple crt files into
2725 * SSL_CTX's based on CN/SAN
2726 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002727#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002728/* This is used to preload the certifcate, private key
2729 * and Cert Chain of a file passed in via the crt
2730 * argument
2731 *
2732 * This way, we do not have to read the file multiple times
2733 */
2734struct cert_key_and_chain {
2735 X509 *cert;
2736 EVP_PKEY *key;
2737 unsigned int num_chain_certs;
2738 /* This is an array of X509 pointers */
2739 X509 **chain_certs;
2740};
2741
yanbzhu08ce6ab2015-12-02 13:01:29 -05002742#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2743
2744struct key_combo_ctx {
2745 SSL_CTX *ctx;
2746 int order;
2747};
2748
2749/* Map used for processing multiple keypairs for a single purpose
2750 *
2751 * This maps CN/SNI name to certificate type
2752 */
2753struct sni_keytype {
2754 int keytypes; /* BITMASK for keytypes */
2755 struct ebmb_node name; /* node holding the servername value */
2756};
2757
2758
yanbzhu488a4d22015-12-01 15:16:07 -05002759/* Frees the contents of a cert_key_and_chain
2760 */
2761static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2762{
2763 int i;
2764
2765 if (!ckch)
2766 return;
2767
2768 /* Free the certificate and set pointer to NULL */
2769 if (ckch->cert)
2770 X509_free(ckch->cert);
2771 ckch->cert = NULL;
2772
2773 /* Free the key and set pointer to NULL */
2774 if (ckch->key)
2775 EVP_PKEY_free(ckch->key);
2776 ckch->key = NULL;
2777
2778 /* Free each certificate in the chain */
2779 for (i = 0; i < ckch->num_chain_certs; i++) {
2780 if (ckch->chain_certs[i])
2781 X509_free(ckch->chain_certs[i]);
2782 }
2783
2784 /* Free the chain obj itself and set to NULL */
2785 if (ckch->num_chain_certs > 0) {
2786 free(ckch->chain_certs);
2787 ckch->num_chain_certs = 0;
2788 ckch->chain_certs = NULL;
2789 }
2790
2791}
2792
2793/* checks if a key and cert exists in the ckch
2794 */
2795static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2796{
2797 return (ckch->cert != NULL && ckch->key != NULL);
2798}
2799
2800
2801/* Loads the contents of a crt file (path) into a cert_key_and_chain
2802 * This allows us to carry the contents of the file without having to
2803 * read the file multiple times.
2804 *
2805 * returns:
2806 * 0 on Success
2807 * 1 on SSL Failure
2808 * 2 on file not found
2809 */
2810static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2811{
2812
2813 BIO *in;
2814 X509 *ca = NULL;
2815 int ret = 1;
2816
2817 ssl_sock_free_cert_key_and_chain_contents(ckch);
2818
2819 in = BIO_new(BIO_s_file());
2820 if (in == NULL)
2821 goto end;
2822
2823 if (BIO_read_filename(in, path) <= 0)
2824 goto end;
2825
yanbzhu488a4d22015-12-01 15:16:07 -05002826 /* Read Private Key */
2827 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2828 if (ckch->key == NULL) {
2829 memprintf(err, "%sunable to load private key from file '%s'.\n",
2830 err && *err ? *err : "", path);
2831 goto end;
2832 }
2833
Willy Tarreaubb137a82016-04-06 19:02:38 +02002834 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002835 if (BIO_reset(in) == -1) {
2836 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2837 err && *err ? *err : "", path);
2838 goto end;
2839 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002840
2841 /* Read Certificate */
2842 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2843 if (ckch->cert == NULL) {
2844 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2845 err && *err ? *err : "", path);
2846 goto end;
2847 }
2848
yanbzhu488a4d22015-12-01 15:16:07 -05002849 /* Read Certificate Chain */
2850 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2851 /* Grow the chain certs */
2852 ckch->num_chain_certs++;
2853 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2854
2855 /* use - 1 here since we just incremented it above */
2856 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2857 }
2858 ret = ERR_get_error();
2859 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2860 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2861 err && *err ? *err : "", path);
2862 ret = 1;
2863 goto end;
2864 }
2865
2866 ret = 0;
2867
2868end:
2869
2870 ERR_clear_error();
2871 if (in)
2872 BIO_free(in);
2873
2874 /* Something went wrong in one of the reads */
2875 if (ret != 0)
2876 ssl_sock_free_cert_key_and_chain_contents(ckch);
2877
2878 return ret;
2879}
2880
2881/* Loads the info in ckch into ctx
2882 * Currently, this does not process any information about ocsp, dhparams or
2883 * sctl
2884 * Returns
2885 * 0 on success
2886 * 1 on failure
2887 */
2888static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2889{
2890 int i = 0;
2891
2892 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2893 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2894 err && *err ? *err : "", path);
2895 return 1;
2896 }
2897
2898 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
2899 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
2900 err && *err ? *err : "", path);
2901 return 1;
2902 }
2903
yanbzhu488a4d22015-12-01 15:16:07 -05002904 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
2905 for (i = 0; i < ckch->num_chain_certs; i++) {
2906 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05002907 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
2908 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05002909 return 1;
2910 }
2911 }
2912
2913 if (SSL_CTX_check_private_key(ctx) <= 0) {
2914 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2915 err && *err ? *err : "", path);
2916 return 1;
2917 }
2918
2919 return 0;
2920}
2921
yanbzhu08ce6ab2015-12-02 13:01:29 -05002922
2923static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
2924{
2925 struct sni_keytype *s_kt = NULL;
2926 struct ebmb_node *node;
2927 int i;
2928
2929 for (i = 0; i < trash.size; i++) {
2930 if (!str[i])
2931 break;
2932 trash.str[i] = tolower(str[i]);
2933 }
2934 trash.str[i] = 0;
2935 node = ebst_lookup(sni_keytypes, trash.str);
2936 if (!node) {
2937 /* CN not found in tree */
2938 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
2939 /* Using memcpy here instead of strncpy.
2940 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
2941 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
2942 */
2943 memcpy(s_kt->name.key, trash.str, i+1);
2944 s_kt->keytypes = 0;
2945 ebst_insert(sni_keytypes, &s_kt->name);
2946 } else {
2947 /* CN found in tree */
2948 s_kt = container_of(node, struct sni_keytype, name);
2949 }
2950
2951 /* Mark that this CN has the keytype of key_index via keytypes mask */
2952 s_kt->keytypes |= 1<<key_index;
2953
2954}
2955
2956
2957/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
2958 * If any are found, group these files into a set of SSL_CTX*
2959 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
2960 *
2961 * This will allow the user to explictly group multiple cert/keys for a single purpose
2962 *
2963 * Returns
2964 * 0 on success
2965 * 1 on failure
2966 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002967static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
2968 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05002969{
2970 char fp[MAXPATHLEN+1] = {0};
2971 int n = 0;
2972 int i = 0;
2973 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
2974 struct eb_root sni_keytypes_map = { {0} };
2975 struct ebmb_node *node;
2976 struct ebmb_node *next;
2977 /* Array of SSL_CTX pointers corresponding to each possible combo
2978 * of keytypes
2979 */
2980 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
2981 int rv = 0;
2982 X509_NAME *xname = NULL;
2983 char *str = NULL;
2984#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2985 STACK_OF(GENERAL_NAME) *names = NULL;
2986#endif
2987
2988 /* Load all possible certs and keys */
2989 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
2990 struct stat buf;
2991
2992 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
2993 if (stat(fp, &buf) == 0) {
2994 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
2995 rv = 1;
2996 goto end;
2997 }
2998 }
2999 }
3000
3001 /* Process each ckch and update keytypes for each CN/SAN
3002 * for example, if CN/SAN www.a.com is associated with
3003 * certs with keytype 0 and 2, then at the end of the loop,
3004 * www.a.com will have:
3005 * keyindex = 0 | 1 | 4 = 5
3006 */
3007 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3008
3009 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3010 continue;
3011
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003012 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003013 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003014 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3015 } else {
3016 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3017 * so the line that contains logic is marked via comments
3018 */
3019 xname = X509_get_subject_name(certs_and_keys[n].cert);
3020 i = -1;
3021 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3022 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003023 ASN1_STRING *value;
3024 value = X509_NAME_ENTRY_get_data(entry);
3025 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003026 /* Important line is here */
3027 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003028
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003029 OPENSSL_free(str);
3030 str = NULL;
3031 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003032 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003033
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003034 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003035#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003036 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3037 if (names) {
3038 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3039 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003040
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003041 if (name->type == GEN_DNS) {
3042 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3043 /* Important line is here */
3044 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003045
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003046 OPENSSL_free(str);
3047 str = NULL;
3048 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003049 }
3050 }
3051 }
3052 }
3053#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3054 }
3055
3056 /* If no files found, return error */
3057 if (eb_is_empty(&sni_keytypes_map)) {
3058 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3059 err && *err ? *err : "", path);
3060 rv = 1;
3061 goto end;
3062 }
3063
3064 /* We now have a map of CN/SAN to keytypes that are loaded in
3065 * Iterate through the map to create the SSL_CTX's (if needed)
3066 * and add each CTX to the SNI tree
3067 *
3068 * Some math here:
3069 * There are 2^n - 1 possibile combinations, each unique
3070 * combination is denoted by the key in the map. Each key
3071 * has a value between 1 and 2^n - 1. Conveniently, the array
3072 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3073 * entry in the array to correspond to the unique combo (key)
3074 * associated with i. This unique key combo (i) will be associated
3075 * with combos[i-1]
3076 */
3077
3078 node = ebmb_first(&sni_keytypes_map);
3079 while (node) {
3080 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003081 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003082 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003083
3084 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3085 i = container_of(node, struct sni_keytype, name)->keytypes;
3086 cur_ctx = key_combos[i-1].ctx;
3087
3088 if (cur_ctx == NULL) {
3089 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003090 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003091 if (cur_ctx == NULL) {
3092 memprintf(err, "%sunable to allocate SSL context.\n",
3093 err && *err ? *err : "");
3094 rv = 1;
3095 goto end;
3096 }
3097
yanbzhube2774d2015-12-10 15:07:30 -05003098 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003099 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3100 if (i & (1<<n)) {
3101 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003102 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3103 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003104 SSL_CTX_free(cur_ctx);
3105 rv = 1;
3106 goto end;
3107 }
yanbzhube2774d2015-12-10 15:07:30 -05003108
3109#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3110 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003111 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003112 if (err)
3113 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003114 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003115 SSL_CTX_free(cur_ctx);
3116 rv = 1;
3117 goto end;
3118 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003119#elif (defined OPENSSL_IS_BORINGSSL)
3120 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003121#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003122 }
3123 }
3124
3125 /* Load DH params into the ctx to support DHE keys */
3126#ifndef OPENSSL_NO_DH
3127 if (ssl_dh_ptr_index >= 0)
3128 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3129
3130 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3131 if (rv < 0) {
3132 if (err)
3133 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3134 *err ? *err : "", path);
3135 rv = 1;
3136 goto end;
3137 }
3138#endif
3139
3140 /* Update key_combos */
3141 key_combos[i-1].ctx = cur_ctx;
3142 }
3143
3144 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003145 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003146 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003147 node = ebmb_next(node);
3148 }
3149
3150
3151 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3152 if (!bind_conf->default_ctx) {
3153 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3154 if (key_combos[i].ctx) {
3155 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003156 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003157 break;
3158 }
3159 }
3160 }
3161
3162end:
3163
3164 if (names)
3165 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3166
3167 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3168 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3169
3170 node = ebmb_first(&sni_keytypes_map);
3171 while (node) {
3172 next = ebmb_next(node);
3173 ebmb_delete(node);
3174 node = next;
3175 }
3176
3177 return rv;
3178}
3179#else
3180/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003181static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3182 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003183{
3184 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3185 err && *err ? *err : "", path, strerror(errno));
3186 return 1;
3187}
3188
yanbzhu488a4d22015-12-01 15:16:07 -05003189#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3190
Emeric Brunfc0421f2012-09-07 17:30:07 +02003191/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3192 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3193 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003194static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3195 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003196{
3197 BIO *in;
3198 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003199 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003200 int ret = -1;
3201 int order = 0;
3202 X509_NAME *xname;
3203 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003204 pem_password_cb *passwd_cb;
3205 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003206 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003207 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003208
Emeric Brunfc0421f2012-09-07 17:30:07 +02003209#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3210 STACK_OF(GENERAL_NAME) *names;
3211#endif
3212
3213 in = BIO_new(BIO_s_file());
3214 if (in == NULL)
3215 goto end;
3216
3217 if (BIO_read_filename(in, file) <= 0)
3218 goto end;
3219
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003220
3221 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3222 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3223
3224 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003225 if (x == NULL)
3226 goto end;
3227
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003228 pkey = X509_get_pubkey(x);
3229 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003230 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003231 switch(EVP_PKEY_base_id(pkey)) {
3232 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003233 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003234 break;
3235 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003236 kinfo.sig = TLSEXT_signature_ecdsa;
3237 break;
3238 case EVP_PKEY_DSA:
3239 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003240 break;
3241 }
3242 EVP_PKEY_free(pkey);
3243 }
3244
Emeric Brun50bcecc2013-04-22 13:05:23 +02003245 if (fcount) {
3246 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003247 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003248 }
3249 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003250#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003251 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3252 if (names) {
3253 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3254 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3255 if (name->type == GEN_DNS) {
3256 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003257 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003258 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003259 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003260 }
3261 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003262 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003263 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003264#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003265 xname = X509_get_subject_name(x);
3266 i = -1;
3267 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3268 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003269 ASN1_STRING *value;
3270
3271 value = X509_NAME_ENTRY_get_data(entry);
3272 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003273 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003274 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003275 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003276 }
3277 }
3278
3279 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3280 if (!SSL_CTX_use_certificate(ctx, x))
3281 goto end;
3282
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003283#ifdef SSL_CTX_clear_extra_chain_certs
3284 SSL_CTX_clear_extra_chain_certs(ctx);
3285#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003286 if (ctx->extra_certs != NULL) {
3287 sk_X509_pop_free(ctx->extra_certs, X509_free);
3288 ctx->extra_certs = NULL;
3289 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003290#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003291
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003292 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003293 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3294 X509_free(ca);
3295 goto end;
3296 }
3297 }
3298
3299 err = ERR_get_error();
3300 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3301 /* we successfully reached the last cert in the file */
3302 ret = 1;
3303 }
3304 ERR_clear_error();
3305
3306end:
3307 if (x)
3308 X509_free(x);
3309
3310 if (in)
3311 BIO_free(in);
3312
3313 return ret;
3314}
3315
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003316static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3317 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003318{
3319 int ret;
3320 SSL_CTX *ctx;
3321
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003322 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003323 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003324 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3325 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003326 return 1;
3327 }
3328
3329 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003330 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3331 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003332 SSL_CTX_free(ctx);
3333 return 1;
3334 }
3335
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003336 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003337 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003338 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3339 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003340 if (ret < 0) /* serious error, must do that ourselves */
3341 SSL_CTX_free(ctx);
3342 return 1;
3343 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003344
3345 if (SSL_CTX_check_private_key(ctx) <= 0) {
3346 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3347 err && *err ? *err : "", path);
3348 return 1;
3349 }
3350
Emeric Brunfc0421f2012-09-07 17:30:07 +02003351 /* we must not free the SSL_CTX anymore below, since it's already in
3352 * the tree, so it will be discovered and cleaned in time.
3353 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003354#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003355 /* store a NULL pointer to indicate we have not yet loaded
3356 a custom DH param file */
3357 if (ssl_dh_ptr_index >= 0) {
3358 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3359 }
3360
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003361 ret = ssl_sock_load_dh_params(ctx, path);
3362 if (ret < 0) {
3363 if (err)
3364 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3365 *err ? *err : "", path);
3366 return 1;
3367 }
3368#endif
3369
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003370#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003371 ret = ssl_sock_load_ocsp(ctx, path);
3372 if (ret < 0) {
3373 if (err)
3374 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3375 *err ? *err : "", path);
3376 return 1;
3377 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003378#elif (defined OPENSSL_IS_BORINGSSL)
3379 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003380#endif
3381
Daniel Jakots54ffb912015-11-06 20:02:41 +01003382#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003383 if (sctl_ex_index >= 0) {
3384 ret = ssl_sock_load_sctl(ctx, path);
3385 if (ret < 0) {
3386 if (err)
3387 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3388 *err ? *err : "", path);
3389 return 1;
3390 }
3391 }
3392#endif
3393
Emeric Brunfc0421f2012-09-07 17:30:07 +02003394#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003395 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003396 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3397 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003398 return 1;
3399 }
3400#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003401 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003402 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003403 bind_conf->default_ssl_conf = ssl_conf;
3404 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003405
3406 return 0;
3407}
3408
Willy Tarreau03209342016-12-22 17:08:28 +01003409int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003410{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003411 struct dirent **de_list;
3412 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003413 DIR *dir;
3414 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003415 char *end;
3416 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003417 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003418#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3419 int is_bundle;
3420 int j;
3421#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003422
yanbzhu08ce6ab2015-12-02 13:01:29 -05003423 if (stat(path, &buf) == 0) {
3424 dir = opendir(path);
3425 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003426 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003427
yanbzhu08ce6ab2015-12-02 13:01:29 -05003428 /* strip trailing slashes, including first one */
3429 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3430 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003431
yanbzhu08ce6ab2015-12-02 13:01:29 -05003432 n = scandir(path, &de_list, 0, alphasort);
3433 if (n < 0) {
3434 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3435 err && *err ? *err : "", path, strerror(errno));
3436 cfgerr++;
3437 }
3438 else {
3439 for (i = 0; i < n; i++) {
3440 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003441
yanbzhu08ce6ab2015-12-02 13:01:29 -05003442 end = strrchr(de->d_name, '.');
3443 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3444 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003445
yanbzhu08ce6ab2015-12-02 13:01:29 -05003446 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3447 if (stat(fp, &buf) != 0) {
3448 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3449 err && *err ? *err : "", fp, strerror(errno));
3450 cfgerr++;
3451 goto ignore_entry;
3452 }
3453 if (!S_ISREG(buf.st_mode))
3454 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003455
3456#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3457 is_bundle = 0;
3458 /* Check if current entry in directory is part of a multi-cert bundle */
3459
3460 if (end) {
3461 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3462 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3463 is_bundle = 1;
3464 break;
3465 }
3466 }
3467
3468 if (is_bundle) {
3469 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3470 int dp_len;
3471
3472 dp_len = end - de->d_name;
3473 snprintf(dp, dp_len + 1, "%s", de->d_name);
3474
3475 /* increment i and free de until we get to a non-bundle cert
3476 * Note here that we look at de_list[i + 1] before freeing de
3477 * this is important since ignore_entry will free de
3478 */
3479 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3480 free(de);
3481 i++;
3482 de = de_list[i];
3483 }
3484
3485 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003486 ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003487
3488 /* Successfully processed the bundle */
3489 goto ignore_entry;
3490 }
3491 }
3492
3493#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003494 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003495ignore_entry:
3496 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003497 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003498 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003499 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003500 closedir(dir);
3501 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003502 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003503
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003504 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003505
Emeric Brunfc0421f2012-09-07 17:30:07 +02003506 return cfgerr;
3507}
3508
Thierry Fournier383085f2013-01-24 14:15:43 +01003509/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3510 * done once. Zero is returned if the operation fails. No error is returned
3511 * if the random is said as not implemented, because we expect that openssl
3512 * will use another method once needed.
3513 */
3514static int ssl_initialize_random()
3515{
3516 unsigned char random;
3517 static int random_initialized = 0;
3518
3519 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3520 random_initialized = 1;
3521
3522 return random_initialized;
3523}
3524
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003525/* release ssl bind conf */
3526void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003527{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003528 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003529#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003530 free(conf->npn_str);
3531 conf->npn_str = NULL;
3532#endif
3533#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3534 free(conf->alpn_str);
3535 conf->alpn_str = NULL;
3536#endif
3537 free(conf->ca_file);
3538 conf->ca_file = NULL;
3539 free(conf->crl_file);
3540 conf->crl_file = NULL;
3541 free(conf->ciphers);
3542 conf->ciphers = NULL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003543 free(conf->curves);
3544 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003545 free(conf->ecdhe);
3546 conf->ecdhe = NULL;
3547 }
3548}
3549
3550int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3551{
3552 char thisline[CRT_LINESIZE];
3553 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003554 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003555 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003556 int linenum = 0;
3557 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003558
Willy Tarreauad1731d2013-04-02 17:35:58 +02003559 if ((f = fopen(file, "r")) == NULL) {
3560 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003561 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003562 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003563
3564 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003565 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003566 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003567 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003568 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003569 char *crt_path;
3570 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003571
3572 linenum++;
3573 end = line + strlen(line);
3574 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3575 /* Check if we reached the limit and the last char is not \n.
3576 * Watch out for the last line without the terminating '\n'!
3577 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003578 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3579 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003580 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003581 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003582 }
3583
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003584 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003585 newarg = 1;
3586 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003587 if (*line == '#' || *line == '\n' || *line == '\r') {
3588 /* end of string, end of loop */
3589 *line = 0;
3590 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003591 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003592 newarg = 1;
3593 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003594 } else if (*line == '[') {
3595 if (ssl_b) {
3596 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3597 cfgerr = 1;
3598 break;
3599 }
3600 if (!arg) {
3601 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3602 cfgerr = 1;
3603 break;
3604 }
3605 ssl_b = arg;
3606 newarg = 1;
3607 *line = 0;
3608 } else if (*line == ']') {
3609 if (ssl_e) {
3610 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003611 cfgerr = 1;
3612 break;
3613 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003614 if (!ssl_b) {
3615 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3616 cfgerr = 1;
3617 break;
3618 }
3619 ssl_e = arg;
3620 newarg = 1;
3621 *line = 0;
3622 } else if (newarg) {
3623 if (arg == MAX_CRT_ARGS) {
3624 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3625 cfgerr = 1;
3626 break;
3627 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003628 newarg = 0;
3629 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003630 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003631 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003632 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003633 if (cfgerr)
3634 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003635 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003636
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003637 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003638 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003639 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003640
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003641 crt_path = args[0];
3642 if (*crt_path != '/' && global_ssl.crt_base) {
3643 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3644 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3645 crt_path, linenum, file);
3646 cfgerr = 1;
3647 break;
3648 }
3649 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3650 crt_path = path;
3651 }
3652
3653 ssl_conf = calloc(1, sizeof *ssl_conf);
3654 cur_arg = ssl_b ? ssl_b : 1;
3655 while (cur_arg < ssl_e) {
3656 newarg = 0;
3657 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3658 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3659 newarg = 1;
3660 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3661 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3662 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3663 args[cur_arg], linenum, file);
3664 cfgerr = 1;
3665 }
3666 cur_arg += 1 + ssl_bind_kws[i].skip;
3667 break;
3668 }
3669 }
3670 if (!cfgerr && !newarg) {
3671 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3672 args[cur_arg], linenum, file);
3673 cfgerr = 1;
3674 break;
3675 }
3676 }
3677 if (cfgerr) {
3678 ssl_sock_free_ssl_conf(ssl_conf);
3679 free(ssl_conf);
3680 ssl_conf = NULL;
3681 break;
3682 }
3683
3684 if (stat(crt_path, &buf) == 0) {
3685 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3686 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003687 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003688 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3689 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003690 }
3691
Willy Tarreauad1731d2013-04-02 17:35:58 +02003692 if (cfgerr) {
3693 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003694 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003695 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003696 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003697 fclose(f);
3698 return cfgerr;
3699}
3700
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003701/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003702static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003703ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003704{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003705 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003706 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003707 SSL_OP_ALL | /* all known workarounds for bugs */
3708 SSL_OP_NO_SSLv2 |
3709 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003710 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003711 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003712 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003713 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003714 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003715 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003716 SSL_MODE_ENABLE_PARTIAL_WRITE |
3717 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003718 SSL_MODE_RELEASE_BUFFERS |
3719 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003720 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003721 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003722 int flags = MC_SSL_O_ALL;
3723 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003724
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003725 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003726 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003727
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003728 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003729 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3730 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3731 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003732 else
3733 flags = conf_ssl_methods->flags;
3734
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003735 min = conf_ssl_methods->min;
3736 max = conf_ssl_methods->max;
3737 /* start with TLSv10 to remove SSLv3 per default */
3738 if (!min && (!max || max >= CONF_TLSV10))
3739 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003740 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003741 if (min)
3742 flags |= (methodVersions[min].flag - 1);
3743 if (max)
3744 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003745 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003746 min = max = CONF_TLSV_NONE;
3747 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003748 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003749 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003750 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003751 if (min) {
3752 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003753 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3754 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3755 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3756 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003757 hole = 0;
3758 }
3759 max = i;
3760 }
3761 else {
3762 min = max = i;
3763 }
3764 }
3765 else {
3766 if (min)
3767 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003768 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003769 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003770 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3771 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003772 cfgerr += 1;
3773 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003774 /* save real min/max in bind_conf */
3775 conf_ssl_methods->min = min;
3776 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003777
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003778#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003779 /* Keep force-xxx implementation as it is in older haproxy. It's a
3780 precautionary measure to avoid any suprise with older openssl version. */
3781 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003782 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003783 else
3784 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3785 if (flags & methodVersions[i].flag)
3786 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003787#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003788 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003789 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3790 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003791#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003792
3793 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3794 options |= SSL_OP_NO_TICKET;
3795 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3796 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
3797 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003798
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003799#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003800 if (global_ssl.async)
3801 mode |= SSL_MODE_ASYNC;
3802#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003803 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003804 if (global_ssl.life_time)
3805 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003806
3807#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3808#ifdef OPENSSL_IS_BORINGSSL
3809 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3810 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003811#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
3812 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3813 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003814#else
3815 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003816#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003817 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003818#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003819 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003820}
3821
William Lallemand4f45bb92017-10-30 20:08:51 +01003822
3823static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3824{
3825 if (first == block) {
3826 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3827 if (first->len > 0)
3828 sh_ssl_sess_tree_delete(sh_ssl_sess);
3829 }
3830}
3831
3832/* return first block from sh_ssl_sess */
3833static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3834{
3835 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3836
3837}
3838
3839/* store a session into the cache
3840 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3841 * data: asn1 encoded session
3842 * data_len: asn1 encoded session length
3843 * Returns 1 id session was stored (else 0)
3844 */
3845static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3846{
3847 struct shared_block *first;
3848 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3849
3850 first = shctx_row_reserve_hot(ssl_shctx, data_len + sizeof(struct sh_ssl_sess_hdr));
3851 if (!first) {
3852 /* Could not retrieve enough free blocks to store that session */
3853 return 0;
3854 }
3855
3856 /* STORE the key in the first elem */
3857 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3858 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3859 first->len = sizeof(struct sh_ssl_sess_hdr);
3860
3861 /* it returns the already existing node
3862 or current node if none, never returns null */
3863 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3864 if (oldsh_ssl_sess != sh_ssl_sess) {
3865 /* NOTE: Row couldn't be in use because we lock read & write function */
3866 /* release the reserved row */
3867 shctx_row_dec_hot(ssl_shctx, first);
3868 /* replace the previous session already in the tree */
3869 sh_ssl_sess = oldsh_ssl_sess;
3870 /* ignore the previous session data, only use the header */
3871 first = sh_ssl_sess_first_block(sh_ssl_sess);
3872 shctx_row_inc_hot(ssl_shctx, first);
3873 first->len = sizeof(struct sh_ssl_sess_hdr);
3874 }
3875
William Lallemand99b90af2018-01-03 19:15:51 +01003876 if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) {
3877 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003878 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01003879 }
3880
3881 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003882
3883 return 1;
3884}
William Lallemanded0b5ad2017-10-30 19:36:36 +01003885
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003886/* SSL callback used when a new session is created while connecting to a server */
3887static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
3888{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02003889 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01003890 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003891
Olivier Houcharde6060c52017-11-16 17:42:52 +01003892 s = objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003893
Olivier Houcharde6060c52017-11-16 17:42:52 +01003894 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
3895 int len;
3896 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003897
Olivier Houcharde6060c52017-11-16 17:42:52 +01003898 len = i2d_SSL_SESSION(sess, NULL);
3899 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
3900 ptr = s->ssl_ctx.reused_sess[tid].ptr;
3901 } else {
3902 free(s->ssl_ctx.reused_sess[tid].ptr);
3903 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
3904 s->ssl_ctx.reused_sess[tid].allocated_size = len;
3905 }
3906 if (s->ssl_ctx.reused_sess[tid].ptr) {
3907 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
3908 &ptr);
3909 }
3910 } else {
3911 free(s->ssl_ctx.reused_sess[tid].ptr);
3912 s->ssl_ctx.reused_sess[tid].ptr = NULL;
3913 }
3914
3915 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003916}
3917
Olivier Houcharde6060c52017-11-16 17:42:52 +01003918
William Lallemanded0b5ad2017-10-30 19:36:36 +01003919/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01003920int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003921{
3922 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
3923 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
3924 unsigned char *p;
3925 int data_len;
3926 unsigned int sid_length, sid_ctx_length;
3927 const unsigned char *sid_data;
3928 const unsigned char *sid_ctx_data;
3929
3930 /* Session id is already stored in to key and session id is known
3931 * so we dont store it to keep size.
3932 */
3933
3934 sid_data = SSL_SESSION_get_id(sess, &sid_length);
3935 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
3936 SSL_SESSION_set1_id(sess, sid_data, 0);
3937 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
3938
3939 /* check if buffer is large enough for the ASN1 encoded session */
3940 data_len = i2d_SSL_SESSION(sess, NULL);
3941 if (data_len > SHSESS_MAX_DATA_LEN)
3942 goto err;
3943
3944 p = encsess;
3945
3946 /* process ASN1 session encoding before the lock */
3947 i2d_SSL_SESSION(sess, &p);
3948
3949 memcpy(encid, sid_data, sid_length);
3950 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
3951 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
3952
William Lallemanda3c77cf2017-10-30 23:44:40 +01003953 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003954 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003955 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01003956 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003957err:
3958 /* reset original length values */
3959 SSL_SESSION_set1_id(sess, sid_data, sid_length);
3960 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
3961
3962 return 0; /* do not increment session reference count */
3963}
3964
3965/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003966SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003967{
William Lallemand4f45bb92017-10-30 20:08:51 +01003968 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003969 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
3970 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01003971 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01003972 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003973
3974 global.shctx_lookups++;
3975
3976 /* allow the session to be freed automatically by openssl */
3977 *do_copy = 0;
3978
3979 /* tree key is zeros padded sessionid */
3980 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
3981 memcpy(tmpkey, key, key_len);
3982 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
3983 key = tmpkey;
3984 }
3985
3986 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003987 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003988
3989 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003990 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
3991 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01003992 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003993 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003994 global.shctx_misses++;
3995 return NULL;
3996 }
3997
William Lallemand4f45bb92017-10-30 20:08:51 +01003998 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
3999 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004000
William Lallemand4f45bb92017-10-30 20:08:51 +01004001 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004002
William Lallemanda3c77cf2017-10-30 23:44:40 +01004003 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004004
4005 /* decode ASN1 session */
4006 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004007 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004008 /* Reset session id and session id contenxt */
4009 if (sess) {
4010 SSL_SESSION_set1_id(sess, key, key_len);
4011 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4012 }
4013
4014 return sess;
4015}
4016
William Lallemand4f45bb92017-10-30 20:08:51 +01004017
William Lallemanded0b5ad2017-10-30 19:36:36 +01004018/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004019void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004020{
William Lallemand4f45bb92017-10-30 20:08:51 +01004021 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004022 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4023 unsigned int sid_length;
4024 const unsigned char *sid_data;
4025 (void)ctx;
4026
4027 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4028 /* tree key is zeros padded sessionid */
4029 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4030 memcpy(tmpkey, sid_data, sid_length);
4031 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4032 sid_data = tmpkey;
4033 }
4034
William Lallemanda3c77cf2017-10-30 23:44:40 +01004035 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004036
4037 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004038 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4039 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004040 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004041 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004042 }
4043
4044 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004045 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004046}
4047
4048/* Set session cache mode to server and disable openssl internal cache.
4049 * Set shared cache callbacks on an ssl context.
4050 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004051void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004052{
4053 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4054
4055 if (!ssl_shctx) {
4056 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4057 return;
4058 }
4059
4060 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4061 SSL_SESS_CACHE_NO_INTERNAL |
4062 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4063
4064 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004065 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4066 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4067 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004068}
4069
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004070int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4071{
4072 struct proxy *curproxy = bind_conf->frontend;
4073 int cfgerr = 0;
4074 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004075 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004076 const char *conf_ciphers;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004077 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004078
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004079 if (ssl_conf) {
4080 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4081 int i, min, max;
4082 int flags = MC_SSL_O_ALL;
4083
4084 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004085 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4086 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004087 if (min)
4088 flags |= (methodVersions[min].flag - 1);
4089 if (max)
4090 flags |= ~((methodVersions[max].flag << 1) - 1);
4091 min = max = CONF_TLSV_NONE;
4092 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4093 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4094 if (min)
4095 max = i;
4096 else
4097 min = max = i;
4098 }
4099 /* save real min/max */
4100 conf_ssl_methods->min = min;
4101 conf_ssl_methods->max = max;
4102 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004103 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4104 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004105 cfgerr += 1;
4106 }
4107 }
4108
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004109 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004110 case SSL_SOCK_VERIFY_NONE:
4111 verify = SSL_VERIFY_NONE;
4112 break;
4113 case SSL_SOCK_VERIFY_OPTIONAL:
4114 verify = SSL_VERIFY_PEER;
4115 break;
4116 case SSL_SOCK_VERIFY_REQUIRED:
4117 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4118 break;
4119 }
4120 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4121 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004122 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4123 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4124 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004125 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004126 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004127 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4128 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004129 cfgerr++;
4130 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004131 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4132 /* set CA names for client cert request, function returns void */
4133 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4134 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004135 }
Emeric Brun850efd52014-01-29 12:24:34 +01004136 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004137 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4138 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004139 cfgerr++;
4140 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004141#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004142 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004143 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4144
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004145 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004146 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4147 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004148 cfgerr++;
4149 }
Emeric Brun561e5742012-10-02 15:20:55 +02004150 else {
4151 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4152 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004153 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004154#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004155 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004156 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004157#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004158 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004159 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004160 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4161 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004162 cfgerr++;
4163 }
4164 }
4165#endif
4166
William Lallemand4f45bb92017-10-30 20:08:51 +01004167 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004168 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4169 if (conf_ciphers &&
4170 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004171 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4172 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004173 cfgerr++;
4174 }
4175
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004176#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004177 /* If tune.ssl.default-dh-param has not been set,
4178 neither has ssl-default-dh-file and no static DH
4179 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004180 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004181 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004182 (ssl_dh_ptr_index == -1 ||
4183 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004184 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4185 const SSL_CIPHER * cipher = NULL;
4186 char cipher_description[128];
4187 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4188 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4189 which is not ephemeral DH. */
4190 const char dhe_description[] = " Kx=DH ";
4191 const char dhe_export_description[] = " Kx=DH(";
4192 int idx = 0;
4193 int dhe_found = 0;
4194 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004195
Remi Gacogne23d5d372014-10-10 17:04:26 +02004196 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004197
Remi Gacogne23d5d372014-10-10 17:04:26 +02004198 if (ssl) {
4199 ciphers = SSL_get_ciphers(ssl);
4200
4201 if (ciphers) {
4202 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4203 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4204 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4205 if (strstr(cipher_description, dhe_description) != NULL ||
4206 strstr(cipher_description, dhe_export_description) != NULL) {
4207 dhe_found = 1;
4208 break;
4209 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004210 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004211 }
4212 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004213 SSL_free(ssl);
4214 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004215 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004216
Lukas Tribus90132722014-08-18 00:56:33 +02004217 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004218 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004219 }
4220
Willy Tarreauef934602016-12-22 23:12:01 +01004221 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004222 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004223
Willy Tarreauef934602016-12-22 23:12:01 +01004224 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004225 if (local_dh_1024 == NULL) {
4226 local_dh_1024 = ssl_get_dh_1024();
4227 }
Willy Tarreauef934602016-12-22 23:12:01 +01004228 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004229 if (local_dh_2048 == NULL) {
4230 local_dh_2048 = ssl_get_dh_2048();
4231 }
Willy Tarreauef934602016-12-22 23:12:01 +01004232 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004233 if (local_dh_4096 == NULL) {
4234 local_dh_4096 = ssl_get_dh_4096();
4235 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004236 }
4237 }
4238 }
4239#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004240
Emeric Brunfc0421f2012-09-07 17:30:07 +02004241 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004242#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004243 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004244#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004245
Bernard Spil13c53f82018-02-15 13:34:58 +01004246#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004247 ssl_conf_cur = NULL;
4248 if (ssl_conf && ssl_conf->npn_str)
4249 ssl_conf_cur = ssl_conf;
4250 else if (bind_conf->ssl_conf.npn_str)
4251 ssl_conf_cur = &bind_conf->ssl_conf;
4252 if (ssl_conf_cur)
4253 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004254#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004255#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004256 ssl_conf_cur = NULL;
4257 if (ssl_conf && ssl_conf->alpn_str)
4258 ssl_conf_cur = ssl_conf;
4259 else if (bind_conf->ssl_conf.alpn_str)
4260 ssl_conf_cur = &bind_conf->ssl_conf;
4261 if (ssl_conf_cur)
4262 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004263#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004264#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4265 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4266 if (conf_curves) {
4267 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004268 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4269 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004270 cfgerr++;
4271 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004272#if defined(SSL_CTX_set_ecdh_auto)
4273 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4274#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004275 }
4276#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004277#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004278 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004279 int i;
4280 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004281#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004282 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004283 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4284 NULL);
4285
4286 if (ecdhe == NULL) {
4287 SSL_CTX_set_dh_auto(ctx, 1);
4288 return cfgerr;
4289 }
4290#else
4291 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4292 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4293 ECDHE_DEFAULT_CURVE);
4294#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004295
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004296 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004297 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004298 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4299 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004300 cfgerr++;
4301 }
4302 else {
4303 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4304 EC_KEY_free(ecdh);
4305 }
4306 }
4307#endif
4308
Emeric Brunfc0421f2012-09-07 17:30:07 +02004309 return cfgerr;
4310}
4311
Evan Broderbe554312013-06-27 00:05:25 -07004312static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4313{
4314 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4315 size_t prefixlen, suffixlen;
4316
4317 /* Trivial case */
4318 if (strcmp(pattern, hostname) == 0)
4319 return 1;
4320
Evan Broderbe554312013-06-27 00:05:25 -07004321 /* The rest of this logic is based on RFC 6125, section 6.4.3
4322 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4323
Emeric Bruna848dae2013-10-08 11:27:28 +02004324 pattern_wildcard = NULL;
4325 pattern_left_label_end = pattern;
4326 while (*pattern_left_label_end != '.') {
4327 switch (*pattern_left_label_end) {
4328 case 0:
4329 /* End of label not found */
4330 return 0;
4331 case '*':
4332 /* If there is more than one wildcards */
4333 if (pattern_wildcard)
4334 return 0;
4335 pattern_wildcard = pattern_left_label_end;
4336 break;
4337 }
4338 pattern_left_label_end++;
4339 }
4340
4341 /* If it's not trivial and there is no wildcard, it can't
4342 * match */
4343 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004344 return 0;
4345
4346 /* Make sure all labels match except the leftmost */
4347 hostname_left_label_end = strchr(hostname, '.');
4348 if (!hostname_left_label_end
4349 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4350 return 0;
4351
4352 /* Make sure the leftmost label of the hostname is long enough
4353 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004354 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004355 return 0;
4356
4357 /* Finally compare the string on either side of the
4358 * wildcard */
4359 prefixlen = pattern_wildcard - pattern;
4360 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004361 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4362 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004363 return 0;
4364
4365 return 1;
4366}
4367
4368static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4369{
4370 SSL *ssl;
4371 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004372 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004373 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004374
4375 int depth;
4376 X509 *cert;
4377 STACK_OF(GENERAL_NAME) *alt_names;
4378 int i;
4379 X509_NAME *cert_subject;
4380 char *str;
4381
4382 if (ok == 0)
4383 return ok;
4384
4385 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004386 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Evan Broderbe554312013-06-27 00:05:25 -07004387
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004388 /* We're checking if the provided hostnames match the desired one. The
4389 * desired hostname comes from the SNI we presented if any, or if not
4390 * provided then it may have been explicitly stated using a "verifyhost"
4391 * directive. If neither is set, we don't care about the name so the
4392 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004393 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004394 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004395 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004396 if (!servername) {
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004397 servername = objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004398 if (!servername)
4399 return ok;
4400 }
Evan Broderbe554312013-06-27 00:05:25 -07004401
4402 /* We only need to verify the CN on the actual server cert,
4403 * not the indirect CAs */
4404 depth = X509_STORE_CTX_get_error_depth(ctx);
4405 if (depth != 0)
4406 return ok;
4407
4408 /* At this point, the cert is *not* OK unless we can find a
4409 * hostname match */
4410 ok = 0;
4411
4412 cert = X509_STORE_CTX_get_current_cert(ctx);
4413 /* It seems like this might happen if verify peer isn't set */
4414 if (!cert)
4415 return ok;
4416
4417 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4418 if (alt_names) {
4419 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4420 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4421 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004422#if OPENSSL_VERSION_NUMBER < 0x00907000L
4423 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4424#else
Evan Broderbe554312013-06-27 00:05:25 -07004425 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004426#endif
Evan Broderbe554312013-06-27 00:05:25 -07004427 ok = ssl_sock_srv_hostcheck(str, servername);
4428 OPENSSL_free(str);
4429 }
4430 }
4431 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004432 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004433 }
4434
4435 cert_subject = X509_get_subject_name(cert);
4436 i = -1;
4437 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4438 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004439 ASN1_STRING *value;
4440 value = X509_NAME_ENTRY_get_data(entry);
4441 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004442 ok = ssl_sock_srv_hostcheck(str, servername);
4443 OPENSSL_free(str);
4444 }
4445 }
4446
Willy Tarreau71d058c2017-07-26 20:09:56 +02004447 /* report the mismatch and indicate if SNI was used or not */
4448 if (!ok && !conn->err_code)
4449 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004450 return ok;
4451}
4452
Emeric Brun94324a42012-10-11 14:00:19 +02004453/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004454int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004455{
Willy Tarreau03209342016-12-22 17:08:28 +01004456 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004457 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004458 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004459 SSL_OP_ALL | /* all known workarounds for bugs */
4460 SSL_OP_NO_SSLv2 |
4461 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004462 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004463 SSL_MODE_ENABLE_PARTIAL_WRITE |
4464 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004465 SSL_MODE_RELEASE_BUFFERS |
4466 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004467 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004468 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004469 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004470 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004471 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004472
Thierry Fournier383085f2013-01-24 14:15:43 +01004473 /* Make sure openssl opens /dev/urandom before the chroot */
4474 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004475 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004476 cfgerr++;
4477 }
4478
Willy Tarreaufce03112015-01-15 21:32:40 +01004479 /* Automatic memory computations need to know we use SSL there */
4480 global.ssl_used_backend = 1;
4481
4482 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004483 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004484 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004485 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4486 curproxy->id, srv->id,
4487 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004488 cfgerr++;
4489 return cfgerr;
4490 }
4491 }
Emeric Brun94324a42012-10-11 14:00:19 +02004492 if (srv->use_ssl)
4493 srv->xprt = &ssl_sock;
4494 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004495 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004496
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004497 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004498 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004499 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4500 proxy_type_str(curproxy), curproxy->id,
4501 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004502 cfgerr++;
4503 return cfgerr;
4504 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004505
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004506 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004507 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4508 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4509 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004510 else
4511 flags = conf_ssl_methods->flags;
4512
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004513 /* Real min and max should be determinate with configuration and openssl's capabilities */
4514 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004515 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004516 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004517 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004518
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004519 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004520 min = max = CONF_TLSV_NONE;
4521 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004522 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004523 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004524 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004525 if (min) {
4526 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004527 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4528 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4529 proxy_type_str(curproxy), curproxy->id, srv->id,
4530 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004531 hole = 0;
4532 }
4533 max = i;
4534 }
4535 else {
4536 min = max = i;
4537 }
4538 }
4539 else {
4540 if (min)
4541 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004542 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004543 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004544 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4545 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004546 cfgerr += 1;
4547 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004548
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004549#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004550 /* Keep force-xxx implementation as it is in older haproxy. It's a
4551 precautionary measure to avoid any suprise with older openssl version. */
4552 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004553 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004554 else
4555 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4556 if (flags & methodVersions[i].flag)
4557 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004558#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004559 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004560 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4561 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004562#endif
4563
4564 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4565 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004566 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004567
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004568#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004569 if (global_ssl.async)
4570 mode |= SSL_MODE_ASYNC;
4571#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004572 SSL_CTX_set_mode(ctx, mode);
4573 srv->ssl_ctx.ctx = ctx;
4574
Emeric Bruna7aa3092012-10-26 12:58:00 +02004575 if (srv->ssl_ctx.client_crt) {
4576 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004577 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4578 proxy_type_str(curproxy), curproxy->id,
4579 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004580 cfgerr++;
4581 }
4582 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004583 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4584 proxy_type_str(curproxy), curproxy->id,
4585 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004586 cfgerr++;
4587 }
4588 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004589 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4590 proxy_type_str(curproxy), curproxy->id,
4591 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004592 cfgerr++;
4593 }
4594 }
Emeric Brun94324a42012-10-11 14:00:19 +02004595
Emeric Brun850efd52014-01-29 12:24:34 +01004596 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4597 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004598 switch (srv->ssl_ctx.verify) {
4599 case SSL_SOCK_VERIFY_NONE:
4600 verify = SSL_VERIFY_NONE;
4601 break;
4602 case SSL_SOCK_VERIFY_REQUIRED:
4603 verify = SSL_VERIFY_PEER;
4604 break;
4605 }
Evan Broderbe554312013-06-27 00:05:25 -07004606 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004607 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004608 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004609 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004610 if (srv->ssl_ctx.ca_file) {
4611 /* load CAfile to verify */
4612 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004613 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4614 curproxy->id, srv->id,
4615 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004616 cfgerr++;
4617 }
4618 }
Emeric Brun850efd52014-01-29 12:24:34 +01004619 else {
4620 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004621 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4622 curproxy->id, srv->id,
4623 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004624 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004625 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4626 curproxy->id, srv->id,
4627 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004628 cfgerr++;
4629 }
Emeric Brunef42d922012-10-11 16:11:36 +02004630#ifdef X509_V_FLAG_CRL_CHECK
4631 if (srv->ssl_ctx.crl_file) {
4632 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4633
4634 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004635 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4636 curproxy->id, srv->id,
4637 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004638 cfgerr++;
4639 }
4640 else {
4641 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4642 }
4643 }
4644#endif
4645 }
4646
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004647 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4648 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4649 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004650 if (srv->ssl_ctx.ciphers &&
4651 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004652 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4653 curproxy->id, srv->id,
4654 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004655 cfgerr++;
4656 }
4657
4658 return cfgerr;
4659}
4660
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004661/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004662 * be NULL, in which case nothing is done. Returns the number of errors
4663 * encountered.
4664 */
Willy Tarreau03209342016-12-22 17:08:28 +01004665int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004666{
4667 struct ebmb_node *node;
4668 struct sni_ctx *sni;
4669 int err = 0;
4670
Willy Tarreaufce03112015-01-15 21:32:40 +01004671 /* Automatic memory computations need to know we use SSL there */
4672 global.ssl_used_frontend = 1;
4673
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004674 /* Make sure openssl opens /dev/urandom before the chroot */
4675 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004676 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004677 err++;
4678 }
4679 /* Create initial_ctx used to start the ssl connection before do switchctx */
4680 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004681 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004682 /* It should not be necessary to call this function, but it's
4683 necessary first to check and move all initialisation related
4684 to initial_ctx in ssl_sock_initial_ctx. */
4685 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4686 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004687 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004688 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004689
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004690 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004691 while (node) {
4692 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004693 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4694 /* only initialize the CTX on its first occurrence and
4695 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004696 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004697 node = ebmb_next(node);
4698 }
4699
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004700 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004701 while (node) {
4702 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004703 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4704 /* only initialize the CTX on its first occurrence and
4705 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004706 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004707 node = ebmb_next(node);
4708 }
4709 return err;
4710}
4711
Willy Tarreau55d37912016-12-21 23:38:39 +01004712/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4713 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4714 * alerts are directly emitted since the rest of the stack does it below.
4715 */
4716int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4717{
4718 struct proxy *px = bind_conf->frontend;
4719 int alloc_ctx;
4720 int err;
4721
4722 if (!bind_conf->is_ssl) {
4723 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004724 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4725 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004726 }
4727 return 0;
4728 }
4729 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004730 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004731 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4732 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004733 }
4734 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004735 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4736 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004737 return -1;
4738 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004739 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004740 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004741 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
4742 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
4743 sizeof(*sh_ssl_sess_tree),
4744 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
4745 if (alloc_ctx < 0) {
4746 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4747 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4748 else
4749 ha_alert("Unable to allocate SSL session cache.\n");
4750 return -1;
4751 }
4752 /* free block callback */
4753 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4754 /* init the root tree within the extra space */
4755 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4756 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004757 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004758 err = 0;
4759 /* initialize all certificate contexts */
4760 err += ssl_sock_prepare_all_ctx(bind_conf);
4761
4762 /* initialize CA variables if the certificates generation is enabled */
4763 err += ssl_sock_load_ca(bind_conf);
4764
4765 return -err;
4766}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004767
4768/* release ssl context allocated for servers. */
4769void ssl_sock_free_srv_ctx(struct server *srv)
4770{
4771 if (srv->ssl_ctx.ctx)
4772 SSL_CTX_free(srv->ssl_ctx.ctx);
4773}
4774
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004775/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004776 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4777 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004778void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004779{
4780 struct ebmb_node *node, *back;
4781 struct sni_ctx *sni;
4782
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004783 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004784 while (node) {
4785 sni = ebmb_entry(node, struct sni_ctx, name);
4786 back = ebmb_next(node);
4787 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004788 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004789 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004790 ssl_sock_free_ssl_conf(sni->conf);
4791 free(sni->conf);
4792 sni->conf = NULL;
4793 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004794 free(sni);
4795 node = back;
4796 }
4797
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004798 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004799 while (node) {
4800 sni = ebmb_entry(node, struct sni_ctx, name);
4801 back = ebmb_next(node);
4802 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004803 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004804 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004805 ssl_sock_free_ssl_conf(sni->conf);
4806 free(sni->conf);
4807 sni->conf = NULL;
4808 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004809 free(sni);
4810 node = back;
4811 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004812 SSL_CTX_free(bind_conf->initial_ctx);
4813 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004814 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004815 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004816}
4817
Willy Tarreau795cdab2016-12-22 17:30:54 +01004818/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4819void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4820{
4821 ssl_sock_free_ca(bind_conf);
4822 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004823 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004824 free(bind_conf->ca_sign_file);
4825 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02004826 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01004827 free(bind_conf->keys_ref->filename);
4828 free(bind_conf->keys_ref->tlskeys);
4829 LIST_DEL(&bind_conf->keys_ref->list);
4830 free(bind_conf->keys_ref);
4831 }
4832 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004833 bind_conf->ca_sign_pass = NULL;
4834 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004835}
4836
Christopher Faulet31af49d2015-06-09 17:29:50 +02004837/* Load CA cert file and private key used to generate certificates */
4838int
Willy Tarreau03209342016-12-22 17:08:28 +01004839ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004840{
Willy Tarreau03209342016-12-22 17:08:28 +01004841 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004842 FILE *fp;
4843 X509 *cacert = NULL;
4844 EVP_PKEY *capkey = NULL;
4845 int err = 0;
4846
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02004847 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004848 return err;
4849
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01004850#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02004851 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01004852 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01004853 HA_RWLOCK_INIT(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004854 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02004855 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004856 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02004857#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02004858
Christopher Faulet31af49d2015-06-09 17:29:50 +02004859 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004860 ha_alert("Proxy '%s': cannot enable certificate generation, "
4861 "no CA certificate File configured at [%s:%d].\n",
4862 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004863 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004864 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004865
4866 /* read in the CA certificate */
4867 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004868 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4869 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004870 goto load_error;
4871 }
4872 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004873 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4874 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004875 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004876 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004877 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004878 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004879 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
4880 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004881 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004882 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004883
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004884 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004885 bind_conf->ca_sign_cert = cacert;
4886 bind_conf->ca_sign_pkey = capkey;
4887 return err;
4888
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004889 read_error:
4890 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004891 if (capkey) EVP_PKEY_free(capkey);
4892 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004893 load_error:
4894 bind_conf->generate_certs = 0;
4895 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004896 return err;
4897}
4898
4899/* Release CA cert and private key used to generate certificated */
4900void
4901ssl_sock_free_ca(struct bind_conf *bind_conf)
4902{
Christopher Faulet31af49d2015-06-09 17:29:50 +02004903 if (bind_conf->ca_sign_pkey)
4904 EVP_PKEY_free(bind_conf->ca_sign_pkey);
4905 if (bind_conf->ca_sign_cert)
4906 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01004907 bind_conf->ca_sign_pkey = NULL;
4908 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004909}
4910
Emeric Brun46591952012-05-18 15:47:34 +02004911/*
4912 * This function is called if SSL * context is not yet allocated. The function
4913 * is designed to be called before any other data-layer operation and sets the
4914 * handshake flag on the connection. It is safe to call it multiple times.
4915 * It returns 0 on success and -1 in error case.
4916 */
4917static int ssl_sock_init(struct connection *conn)
4918{
4919 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004920 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02004921 return 0;
4922
Willy Tarreau3c728722014-01-23 13:50:42 +01004923 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02004924 return 0;
4925
Willy Tarreau20879a02012-12-03 16:32:10 +01004926 if (global.maxsslconn && sslconns >= global.maxsslconn) {
4927 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02004928 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004929 }
Willy Tarreau403edff2012-09-06 11:58:37 +02004930
Emeric Brun46591952012-05-18 15:47:34 +02004931 /* If it is in client mode initiate SSL session
4932 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004933 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004934 int may_retry = 1;
4935
4936 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02004937 /* Alloc a new SSL session ctx */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004938 conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004939 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004940 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004941 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004942 goto retry_connect;
4943 }
Willy Tarreau20879a02012-12-03 16:32:10 +01004944 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02004945 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004946 }
Emeric Brun46591952012-05-18 15:47:34 +02004947
Emeric Brun46591952012-05-18 15:47:34 +02004948 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02004949 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01004950 SSL_free(conn->xprt_ctx);
4951 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004952 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004953 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004954 goto retry_connect;
4955 }
Emeric Brun55476152014-11-12 17:35:37 +01004956 conn->err_code = CO_ER_SSL_NO_MEM;
4957 return -1;
4958 }
Emeric Brun46591952012-05-18 15:47:34 +02004959
Evan Broderbe554312013-06-27 00:05:25 -07004960 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004961 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01004962 SSL_free(conn->xprt_ctx);
4963 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004964 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004965 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004966 goto retry_connect;
4967 }
Emeric Brun55476152014-11-12 17:35:37 +01004968 conn->err_code = CO_ER_SSL_NO_MEM;
4969 return -1;
4970 }
4971
4972 SSL_set_connect_state(conn->xprt_ctx);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004973 if (objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
4974 const unsigned char *ptr = objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
4975 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
4976 if(sess && !SSL_set_session(conn->xprt_ctx, sess)) {
4977 SSL_SESSION_free(sess);
4978 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
4979 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
4980 } else if (sess) {
4981 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01004982 }
4983 }
Evan Broderbe554312013-06-27 00:05:25 -07004984
Emeric Brun46591952012-05-18 15:47:34 +02004985 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02004986 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02004987
4988 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01004989 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02004990 return 0;
4991 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004992 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004993 int may_retry = 1;
4994
4995 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02004996 /* Alloc a new SSL session ctx */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004997 conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004998 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004999 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005000 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005001 goto retry_accept;
5002 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005003 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005004 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005005 }
Emeric Brun46591952012-05-18 15:47:34 +02005006
Emeric Brun46591952012-05-18 15:47:34 +02005007 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005008 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005009 SSL_free(conn->xprt_ctx);
5010 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005011 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005012 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005013 goto retry_accept;
5014 }
Emeric Brun55476152014-11-12 17:35:37 +01005015 conn->err_code = CO_ER_SSL_NO_MEM;
5016 return -1;
5017 }
Emeric Brun46591952012-05-18 15:47:34 +02005018
Emeric Brune1f38db2012-09-03 20:36:47 +02005019 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005020 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005021 SSL_free(conn->xprt_ctx);
5022 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005023 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005024 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005025 goto retry_accept;
5026 }
Emeric Brun55476152014-11-12 17:35:37 +01005027 conn->err_code = CO_ER_SSL_NO_MEM;
5028 return -1;
5029 }
5030
5031 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005032
Emeric Brun46591952012-05-18 15:47:34 +02005033 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005034 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005035#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005036 conn->flags |= CO_FL_EARLY_SSL_HS;
5037#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005038
5039 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01005040 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02005041 return 0;
5042 }
5043 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005044 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005045 return -1;
5046}
5047
5048
5049/* This is the callback which is used when an SSL handshake is pending. It
5050 * updates the FD status if it wants some polling before being called again.
5051 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5052 * otherwise it returns non-zero and removes itself from the connection's
5053 * flags (the bit is provided in <flag> by the caller).
5054 */
5055int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5056{
5057 int ret;
5058
Willy Tarreau3c728722014-01-23 13:50:42 +01005059 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005060 return 0;
5061
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005062 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005063 goto out_error;
5064
Olivier Houchardc2aae742017-09-22 18:26:28 +02005065#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5066 /*
5067 * Check if we have early data. If we do, we have to read them
5068 * before SSL_do_handshake() is called, And there's no way to
5069 * detect early data, except to try to read them
5070 */
5071 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5072 size_t read_data;
5073
5074 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5075 1, &read_data);
5076 if (ret == SSL_READ_EARLY_DATA_ERROR)
5077 goto check_error;
5078 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5079 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5080 return 1;
5081 } else
5082 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5083 }
5084#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005085 /* If we use SSL_do_handshake to process a reneg initiated by
5086 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5087 * Usually SSL_write and SSL_read are used and process implicitly
5088 * the reneg handshake.
5089 * Here we use SSL_peek as a workaround for reneg.
5090 */
5091 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5092 char c;
5093
5094 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5095 if (ret <= 0) {
5096 /* handshake may have not been completed, let's find why */
5097 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005098
Emeric Brun674b7432012-11-08 19:21:55 +01005099 if (ret == SSL_ERROR_WANT_WRITE) {
5100 /* SSL handshake needs to write, L4 connection may not be ready */
5101 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005102 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005103 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005104 return 0;
5105 }
5106 else if (ret == SSL_ERROR_WANT_READ) {
5107 /* handshake may have been completed but we have
5108 * no more data to read.
5109 */
5110 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5111 ret = 1;
5112 goto reneg_ok;
5113 }
5114 /* SSL handshake needs to read, L4 connection is ready */
5115 if (conn->flags & CO_FL_WAIT_L4_CONN)
5116 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5117 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005118 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005119 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005120 return 0;
5121 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005122#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005123 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005124 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005125 return 0;
5126 }
5127#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005128 else if (ret == SSL_ERROR_SYSCALL) {
5129 /* if errno is null, then connection was successfully established */
5130 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5131 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005132 if (!conn->err_code) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005133#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5134 conn->err_code = CO_ER_SSL_HANDSHAKE;
5135#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005136 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005137#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005138 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5139 empty_handshake = state == TLS_ST_BEFORE;
5140#else
5141 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5142#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005143 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005144 if (!errno) {
5145 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5146 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5147 else
5148 conn->err_code = CO_ER_SSL_EMPTY;
5149 }
5150 else {
5151 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5152 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5153 else
5154 conn->err_code = CO_ER_SSL_ABORT;
5155 }
5156 }
5157 else {
5158 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5159 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005160 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005161 conn->err_code = CO_ER_SSL_HANDSHAKE;
5162 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005163#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005164 }
Emeric Brun674b7432012-11-08 19:21:55 +01005165 goto out_error;
5166 }
5167 else {
5168 /* Fail on all other handshake errors */
5169 /* Note: OpenSSL may leave unread bytes in the socket's
5170 * buffer, causing an RST to be emitted upon close() on
5171 * TCP sockets. We first try to drain possibly pending
5172 * data to avoid this as much as possible.
5173 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005174 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005175 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005176 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5177 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005178 goto out_error;
5179 }
5180 }
5181 /* read some data: consider handshake completed */
5182 goto reneg_ok;
5183 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005184 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005185check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005186 if (ret != 1) {
5187 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005188 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005189
5190 if (ret == SSL_ERROR_WANT_WRITE) {
5191 /* SSL handshake needs to write, L4 connection may not be ready */
5192 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005193 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005194 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005195 return 0;
5196 }
5197 else if (ret == SSL_ERROR_WANT_READ) {
5198 /* SSL handshake needs to read, L4 connection is ready */
5199 if (conn->flags & CO_FL_WAIT_L4_CONN)
5200 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5201 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005202 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005203 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005204 return 0;
5205 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005206#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005207 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005208 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005209 return 0;
5210 }
5211#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005212 else if (ret == SSL_ERROR_SYSCALL) {
5213 /* if errno is null, then connection was successfully established */
5214 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5215 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005216 if (!conn->err_code) {
5217#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5218 conn->err_code = CO_ER_SSL_HANDSHAKE;
5219#else
5220 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005221#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005222 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5223 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005224#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005225 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005226#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005227 if (empty_handshake) {
5228 if (!errno) {
5229 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5230 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5231 else
5232 conn->err_code = CO_ER_SSL_EMPTY;
5233 }
5234 else {
5235 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5236 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5237 else
5238 conn->err_code = CO_ER_SSL_ABORT;
5239 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005240 }
5241 else {
5242 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5243 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5244 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005245 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005246 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005247#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005248 }
Willy Tarreau89230192012-09-28 20:22:13 +02005249 goto out_error;
5250 }
Emeric Brun46591952012-05-18 15:47:34 +02005251 else {
5252 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005253 /* Note: OpenSSL may leave unread bytes in the socket's
5254 * buffer, causing an RST to be emitted upon close() on
5255 * TCP sockets. We first try to drain possibly pending
5256 * data to avoid this as much as possible.
5257 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005258 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005259 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005260 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5261 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005262 goto out_error;
5263 }
5264 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005265#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5266 else {
5267 /*
5268 * If the server refused the early data, we have to send a
5269 * 425 to the client, as we no longer have the data to sent
5270 * them again.
5271 */
5272 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5273 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5274 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5275 goto out_error;
5276 }
5277 }
5278 }
5279#endif
5280
Emeric Brun46591952012-05-18 15:47:34 +02005281
Emeric Brun674b7432012-11-08 19:21:55 +01005282reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005283
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005284#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005285 /* ASYNC engine API doesn't support moving read/write
5286 * buffers. So we disable ASYNC mode right after
5287 * the handshake to avoid buffer oveflows.
5288 */
5289 if (global_ssl.async)
5290 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5291#endif
Emeric Brun46591952012-05-18 15:47:34 +02005292 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005293 if (!SSL_session_reused(conn->xprt_ctx)) {
5294 if (objt_server(conn->target)) {
5295 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5296 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5297 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005298 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005299 else {
5300 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5301 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5302 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5303 }
Emeric Brun46591952012-05-18 15:47:34 +02005304 }
5305
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005306#ifdef OPENSSL_IS_BORINGSSL
5307 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5308 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5309#endif
Emeric Brun46591952012-05-18 15:47:34 +02005310 /* The connection is now established at both layers, it's time to leave */
5311 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5312 return 1;
5313
5314 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005315 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005316 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005317 ERR_clear_error();
5318
Emeric Brun9fa89732012-10-04 17:09:56 +02005319 /* free resumed session if exists */
Olivier Houcharde6060c52017-11-16 17:42:52 +01005320 if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5321 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5322 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005323 }
5324
Emeric Brun46591952012-05-18 15:47:34 +02005325 /* Fail on all other handshake errors */
5326 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005327 if (!conn->err_code)
5328 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005329 return 0;
5330}
5331
5332/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005333 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005334 * buffer wraps, in which case a second call may be performed. The connection's
5335 * flags are updated with whatever special event is detected (error, read0,
5336 * empty). The caller is responsible for taking care of those events and
5337 * avoiding the call if inappropriate. The function does not call the
5338 * connection's polling update function, so the caller is responsible for this.
5339 */
Willy Tarreau7f3225f2018-06-19 06:15:17 +02005340static size_t ssl_sock_to_buf(struct connection *conn, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005341{
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005342 ssize_t ret;
5343 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005344
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005345 conn_refresh_polling_flags(conn);
5346
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005347 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005348 goto out_error;
5349
5350 if (conn->flags & CO_FL_HANDSHAKE)
5351 /* a handshake was requested */
5352 return 0;
5353
Willy Tarreau0c7ed5d2018-07-10 09:53:31 +02005354 b_realign_if_empty(buf);
Emeric Brun46591952012-05-18 15:47:34 +02005355
5356 /* read the largest possible block. For this, we perform only one call
5357 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5358 * in which case we accept to do it once again. A new attempt is made on
5359 * EINTR too.
5360 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005361 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005362 int need_out = 0;
5363
Willy Tarreauabf08d92014-01-14 11:31:27 +01005364 /* first check if we have some room after p+i */
5365 try = buf->data + buf->size - (buf->p + buf->i);
5366 /* otherwise continue between data and p-o */
5367 if (try <= 0) {
5368 try = buf->p - (buf->data + buf->o);
5369 if (try <= 0)
5370 break;
5371 }
5372 if (try > count)
5373 try = count;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005374 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5375 conn->tmp_early_data != -1) {
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005376 *b_tail(buf) = conn->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005377 done++;
5378 try--;
5379 count--;
5380 buf->i++;
5381 conn->tmp_early_data = -1;
5382 continue;
5383 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005384
Olivier Houchardc2aae742017-09-22 18:26:28 +02005385#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5386 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5387 size_t read_length;
5388
5389 ret = SSL_read_early_data(conn->xprt_ctx,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005390 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005391 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5392 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005393 conn->flags |= CO_FL_EARLY_DATA;
5394 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5395 ret == SSL_READ_EARLY_DATA_FINISH) {
5396 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5397 /*
5398 * We're done reading the early data,
5399 * let's make the handshake
5400 */
5401 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5402 conn->flags |= CO_FL_SSL_WAIT_HS;
5403 need_out = 1;
5404 if (read_length == 0)
5405 break;
5406 }
5407 ret = read_length;
5408 }
5409 } else
5410#endif
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005411 ret = SSL_read(conn->xprt_ctx, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005412#ifdef OPENSSL_IS_BORINGSSL
5413 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5414 if (SSL_in_early_data(conn->xprt_ctx)) {
5415 if (ret > 0)
5416 conn->flags |= CO_FL_EARLY_DATA;
5417 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005418 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005419 }
5420 }
5421#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005422 if (conn->flags & CO_FL_ERROR) {
5423 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005424 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005425 }
Emeric Brun46591952012-05-18 15:47:34 +02005426 if (ret > 0) {
5427 buf->i += ret;
5428 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005429 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005430 }
Emeric Brun46591952012-05-18 15:47:34 +02005431 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005432 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005433 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005434 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005435 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005436 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005437#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005438 /* Async mode can be re-enabled, because we're leaving data state.*/
5439 if (global_ssl.async)
5440 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5441#endif
Emeric Brun46591952012-05-18 15:47:34 +02005442 break;
5443 }
5444 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005445 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5446 /* handshake is running, and it may need to re-enable read */
5447 conn->flags |= CO_FL_SSL_WAIT_HS;
5448 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005449#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005450 /* Async mode can be re-enabled, because we're leaving data state.*/
5451 if (global_ssl.async)
5452 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5453#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005454 break;
5455 }
Emeric Brun46591952012-05-18 15:47:34 +02005456 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005457 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005458 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005459 } else if (ret == SSL_ERROR_ZERO_RETURN)
5460 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005461 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5462 * stack before shutting down the connection for
5463 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005464 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5465 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005466 /* otherwise it's a real error */
5467 goto out_error;
5468 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005469 if (need_out)
5470 break;
Emeric Brun46591952012-05-18 15:47:34 +02005471 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005472 leave:
5473 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005474 return done;
5475
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005476 clear_ssl_error:
5477 /* Clear openssl global errors stack */
5478 ssl_sock_dump_errors(conn);
5479 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005480 read0:
5481 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005482 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005483
Emeric Brun46591952012-05-18 15:47:34 +02005484 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005485 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005486 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005487 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005488 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005489 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005490}
5491
5492
Willy Tarreau787db9a2018-06-14 18:31:46 +02005493/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5494 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5495 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005496 * Only one call to send() is performed, unless the buffer wraps, in which case
5497 * a second call may be performed. The connection's flags are updated with
5498 * whatever special event is detected (error, empty). The caller is responsible
5499 * for taking care of those events and avoiding the call if inappropriate. The
5500 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005501 * is responsible for this. The buffer's output is not adjusted, it's up to the
5502 * caller to take care of this. It's up to the caller to update the buffer's
5503 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005504 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005505static size_t ssl_sock_from_buf(struct connection *conn, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005506{
Willy Tarreau787db9a2018-06-14 18:31:46 +02005507 ssize_t ret;
5508 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005509
5510 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005511 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005512
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005513 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005514 goto out_error;
5515
5516 if (conn->flags & CO_FL_HANDSHAKE)
5517 /* a handshake was requested */
5518 return 0;
5519
5520 /* send the largest possible block. For this we perform only one call
5521 * to send() unless the buffer wraps and we exactly fill the first hunk,
5522 * in which case we accept to do it once again.
5523 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005524 while (count) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005525#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5526 size_t written_data;
5527#endif
5528
Willy Tarreau787db9a2018-06-14 18:31:46 +02005529 try = b_contig_data(buf, done);
5530 if (try > count)
5531 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005532
Willy Tarreau7bed9452014-02-02 02:00:24 +01005533 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005534 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005535 global_ssl.max_record && try > global_ssl.max_record) {
5536 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005537 }
5538 else {
5539 /* we need to keep the information about the fact that
5540 * we're not limiting the upcoming send(), because if it
5541 * fails, we'll have to retry with at least as many data.
5542 */
5543 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5544 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005545
Olivier Houchardc2aae742017-09-22 18:26:28 +02005546#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5547 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5548 unsigned int max_early;
5549
Olivier Houchard522eea72017-11-03 16:27:47 +01005550 if (objt_listener(conn->target))
5551 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5552 else {
5553 if (SSL_get0_session(conn->xprt_ctx))
5554 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5555 else
5556 max_early = 0;
5557 }
5558
Olivier Houchard90084a12017-11-23 18:21:29 +01005559 if (try + conn->sent_early_data > max_early) {
5560 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005561 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005562 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5563 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005564 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005565 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005566 }
Willy Tarreau787db9a2018-06-14 18:31:46 +02005567 ret = SSL_write_early_data(conn->xprt_ctx, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005568 if (ret == 1) {
5569 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005570 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005571 if (objt_server(conn->target)) {
5572 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5573 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5574 }
5575
Olivier Houchardc2aae742017-09-22 18:26:28 +02005576 }
5577
5578 } else
5579#endif
Willy Tarreau787db9a2018-06-14 18:31:46 +02005580 ret = SSL_write(conn->xprt_ctx, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005581
Emeric Brune1f38db2012-09-03 20:36:47 +02005582 if (conn->flags & CO_FL_ERROR) {
5583 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005584 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005585 }
Emeric Brun46591952012-05-18 15:47:34 +02005586 if (ret > 0) {
Willy Tarreau518cedd2014-02-17 15:43:01 +01005587 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005588 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005589 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005590 }
5591 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005592 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005593
Emeric Brun46591952012-05-18 15:47:34 +02005594 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005595 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5596 /* handshake is running, and it may need to re-enable write */
5597 conn->flags |= CO_FL_SSL_WAIT_HS;
5598 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005599#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005600 /* Async mode can be re-enabled, because we're leaving data state.*/
5601 if (global_ssl.async)
5602 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5603#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005604 break;
5605 }
Emeric Brun46591952012-05-18 15:47:34 +02005606 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005607 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005608 break;
5609 }
5610 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005611 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005612 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005613 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005614#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005615 /* Async mode can be re-enabled, because we're leaving data state.*/
5616 if (global_ssl.async)
5617 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5618#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005619 break;
5620 }
Emeric Brun46591952012-05-18 15:47:34 +02005621 goto out_error;
5622 }
5623 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005624 leave:
5625 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005626 return done;
5627
5628 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005629 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005630 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005631 ERR_clear_error();
5632
Emeric Brun46591952012-05-18 15:47:34 +02005633 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005634 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005635}
5636
Emeric Brun46591952012-05-18 15:47:34 +02005637static void ssl_sock_close(struct connection *conn) {
5638
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005639 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005640#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005641 if (global_ssl.async) {
5642 OSSL_ASYNC_FD all_fd[32], afd;
5643 size_t num_all_fds = 0;
5644 int i;
5645
5646 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5647 if (num_all_fds > 32) {
5648 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5649 return;
5650 }
5651
5652 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5653
5654 /* If an async job is pending, we must try to
5655 to catch the end using polling before calling
5656 SSL_free */
5657 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5658 for (i=0 ; i < num_all_fds ; i++) {
5659 /* switch on an handler designed to
5660 * handle the SSL_free
5661 */
5662 afd = all_fd[i];
5663 fdtab[afd].iocb = ssl_async_fd_free;
5664 fdtab[afd].owner = conn->xprt_ctx;
5665 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005666 /* To ensure that the fd cache won't be used
5667 * and we'll catch a real RD event.
5668 */
5669 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005670 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005671 conn->xprt_ctx = NULL;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +02005672 HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005673 return;
5674 }
Emeric Brun3854e012017-05-17 20:42:48 +02005675 /* Else we can remove the fds from the fdtab
5676 * and call SSL_free.
5677 * note: we do a fd_remove and not a delete
5678 * because the fd is owned by the engine.
5679 * the engine is responsible to close
5680 */
5681 for (i=0 ; i < num_all_fds ; i++)
5682 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005683 }
5684#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005685 SSL_free(conn->xprt_ctx);
5686 conn->xprt_ctx = NULL;
Willy Tarreau403edff2012-09-06 11:58:37 +02005687 sslconns--;
Emeric Brun46591952012-05-18 15:47:34 +02005688 }
Emeric Brun46591952012-05-18 15:47:34 +02005689}
5690
5691/* This function tries to perform a clean shutdown on an SSL connection, and in
5692 * any case, flags the connection as reusable if no handshake was in progress.
5693 */
5694static void ssl_sock_shutw(struct connection *conn, int clean)
5695{
5696 if (conn->flags & CO_FL_HANDSHAKE)
5697 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005698 if (!clean)
5699 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005700 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005701 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005702 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005703 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005704 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005705 ERR_clear_error();
5706 }
Emeric Brun46591952012-05-18 15:47:34 +02005707}
5708
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005709/* used for ppv2 pkey alog (can be used for logging) */
5710int ssl_sock_get_pkey_algo(struct connection *conn, struct chunk *out)
5711{
5712 struct pkey_info *pkinfo;
5713 int bits = 0;
5714 int sig = TLSEXT_signature_anonymous;
5715 int len = -1;
5716
5717 if (!ssl_sock_is_ssl(conn))
5718 return 0;
5719
Emmanuel Hocdet3448c492018-06-18 12:44:19 +02005720 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005721 if (pkinfo) {
5722 sig = pkinfo->sig;
5723 bits = pkinfo->bits;
5724 } else {
5725 /* multicert and generated cert have no pkey info */
5726 X509 *crt;
5727 EVP_PKEY *pkey;
5728 crt = SSL_get_certificate(conn->xprt_ctx);
5729 if (!crt)
5730 return 0;
5731 pkey = X509_get_pubkey(crt);
5732 if (pkey) {
5733 bits = EVP_PKEY_bits(pkey);
5734 switch(EVP_PKEY_base_id(pkey)) {
5735 case EVP_PKEY_RSA:
5736 sig = TLSEXT_signature_rsa;
5737 break;
5738 case EVP_PKEY_EC:
5739 sig = TLSEXT_signature_ecdsa;
5740 break;
5741 case EVP_PKEY_DSA:
5742 sig = TLSEXT_signature_dsa;
5743 break;
5744 }
5745 EVP_PKEY_free(pkey);
5746 }
5747 }
5748
5749 switch(sig) {
5750 case TLSEXT_signature_rsa:
5751 len = chunk_printf(out, "RSA%d", bits);
5752 break;
5753 case TLSEXT_signature_ecdsa:
5754 len = chunk_printf(out, "EC%d", bits);
5755 break;
5756 case TLSEXT_signature_dsa:
5757 len = chunk_printf(out, "DSA%d", bits);
5758 break;
5759 default:
5760 return 0;
5761 }
5762 if (len < 0)
5763 return 0;
5764 return 1;
5765}
5766
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005767/* used for ppv2 cert signature (can be used for logging) */
5768const char *ssl_sock_get_cert_sig(struct connection *conn)
5769{
5770 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5771 X509 *crt;
5772
5773 if (!ssl_sock_is_ssl(conn))
5774 return NULL;
5775 crt = SSL_get_certificate(conn->xprt_ctx);
5776 if (!crt)
5777 return NULL;
5778 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5779 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5780}
5781
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005782/* used for ppv2 authority */
5783const char *ssl_sock_get_sni(struct connection *conn)
5784{
5785#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5786 if (!ssl_sock_is_ssl(conn))
5787 return NULL;
5788 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5789#else
5790 return 0;
5791#endif
5792}
5793
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005794/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005795const char *ssl_sock_get_cipher_name(struct connection *conn)
5796{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005797 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005798 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005799
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005800 return SSL_get_cipher_name(conn->xprt_ctx);
5801}
5802
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005803/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005804const char *ssl_sock_get_proto_version(struct connection *conn)
5805{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005806 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005807 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005808
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005809 return SSL_get_version(conn->xprt_ctx);
5810}
5811
Willy Tarreau8d598402012-10-22 17:58:39 +02005812/* Extract a serial from a cert, and copy it to a chunk.
5813 * Returns 1 if serial is found and copied, 0 if no serial found and
5814 * -1 if output is not large enough.
5815 */
5816static int
5817ssl_sock_get_serial(X509 *crt, struct chunk *out)
5818{
5819 ASN1_INTEGER *serial;
5820
5821 serial = X509_get_serialNumber(crt);
5822 if (!serial)
5823 return 0;
5824
5825 if (out->size < serial->length)
5826 return -1;
5827
5828 memcpy(out->str, serial->data, serial->length);
5829 out->len = serial->length;
5830 return 1;
5831}
5832
Emeric Brun43e79582014-10-29 19:03:26 +01005833/* Extract a cert to der, and copy it to a chunk.
5834 * Returns 1 if cert is found and copied, 0 on der convertion failure and
5835 * -1 if output is not large enough.
5836 */
5837static int
5838ssl_sock_crt2der(X509 *crt, struct chunk *out)
5839{
5840 int len;
5841 unsigned char *p = (unsigned char *)out->str;;
5842
5843 len =i2d_X509(crt, NULL);
5844 if (len <= 0)
5845 return 1;
5846
5847 if (out->size < len)
5848 return -1;
5849
5850 i2d_X509(crt,&p);
5851 out->len = len;
5852 return 1;
5853}
5854
Emeric Brunce5ad802012-10-22 14:11:22 +02005855
5856/* Copy Date in ASN1_UTCTIME format in struct chunk out.
5857 * Returns 1 if serial is found and copied, 0 if no valid time found
5858 * and -1 if output is not large enough.
5859 */
5860static int
5861ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out)
5862{
5863 if (tm->type == V_ASN1_GENERALIZEDTIME) {
5864 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
5865
5866 if (gentm->length < 12)
5867 return 0;
5868 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
5869 return 0;
5870 if (out->size < gentm->length-2)
5871 return -1;
5872
5873 memcpy(out->str, gentm->data+2, gentm->length-2);
5874 out->len = gentm->length-2;
5875 return 1;
5876 }
5877 else if (tm->type == V_ASN1_UTCTIME) {
5878 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
5879
5880 if (utctm->length < 10)
5881 return 0;
5882 if (utctm->data[0] >= 0x35)
5883 return 0;
5884 if (out->size < utctm->length)
5885 return -1;
5886
5887 memcpy(out->str, utctm->data, utctm->length);
5888 out->len = utctm->length;
5889 return 1;
5890 }
5891
5892 return 0;
5893}
5894
Emeric Brun87855892012-10-17 17:39:35 +02005895/* Extract an entry from a X509_NAME and copy its value to an output chunk.
5896 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
5897 */
5898static int
5899ssl_sock_get_dn_entry(X509_NAME *a, const struct chunk *entry, int pos, struct chunk *out)
5900{
5901 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005902 ASN1_OBJECT *obj;
5903 ASN1_STRING *data;
5904 const unsigned char *data_ptr;
5905 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005906 int i, j, n;
5907 int cur = 0;
5908 const char *s;
5909 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005910 int name_count;
5911
5912 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005913
5914 out->len = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005915 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02005916 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005917 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02005918 else
5919 j = i;
5920
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005921 ne = X509_NAME_get_entry(a, j);
5922 obj = X509_NAME_ENTRY_get_object(ne);
5923 data = X509_NAME_ENTRY_get_data(ne);
5924 data_ptr = ASN1_STRING_get0_data(data);
5925 data_len = ASN1_STRING_length(data);
5926 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005927 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005928 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005929 s = tmp;
5930 }
5931
5932 if (chunk_strcasecmp(entry, s) != 0)
5933 continue;
5934
5935 if (pos < 0)
5936 cur--;
5937 else
5938 cur++;
5939
5940 if (cur != pos)
5941 continue;
5942
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005943 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02005944 return -1;
5945
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005946 memcpy(out->str, data_ptr, data_len);
5947 out->len = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005948 return 1;
5949 }
5950
5951 return 0;
5952
5953}
5954
5955/* Extract and format full DN from a X509_NAME and copy result into a chunk
5956 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
5957 */
5958static int
5959ssl_sock_get_dn_oneline(X509_NAME *a, struct chunk *out)
5960{
5961 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005962 ASN1_OBJECT *obj;
5963 ASN1_STRING *data;
5964 const unsigned char *data_ptr;
5965 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005966 int i, n, ln;
5967 int l = 0;
5968 const char *s;
5969 char *p;
5970 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005971 int name_count;
5972
5973
5974 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005975
5976 out->len = 0;
5977 p = out->str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005978 for (i = 0; i < name_count; i++) {
5979 ne = X509_NAME_get_entry(a, i);
5980 obj = X509_NAME_ENTRY_get_object(ne);
5981 data = X509_NAME_ENTRY_get_data(ne);
5982 data_ptr = ASN1_STRING_get0_data(data);
5983 data_len = ASN1_STRING_length(data);
5984 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005985 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005986 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005987 s = tmp;
5988 }
5989 ln = strlen(s);
5990
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005991 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005992 if (l > out->size)
5993 return -1;
5994 out->len = l;
5995
5996 *(p++)='/';
5997 memcpy(p, s, ln);
5998 p += ln;
5999 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006000 memcpy(p, data_ptr, data_len);
6001 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006002 }
6003
6004 if (!out->len)
6005 return 0;
6006
6007 return 1;
6008}
6009
Willy Tarreau119a4082016-12-22 21:58:38 +01006010/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6011 * to disable SNI.
6012 */
Willy Tarreau63076412015-07-10 11:33:32 +02006013void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6014{
6015#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006016 char *prev_name;
6017
Willy Tarreau63076412015-07-10 11:33:32 +02006018 if (!ssl_sock_is_ssl(conn))
6019 return;
6020
Willy Tarreau119a4082016-12-22 21:58:38 +01006021 /* if the SNI changes, we must destroy the reusable context so that a
6022 * new connection will present a new SNI. As an optimization we could
6023 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6024 * server.
6025 */
6026 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6027 if ((!prev_name && hostname) ||
6028 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6029 SSL_set_session(conn->xprt_ctx, NULL);
6030
Willy Tarreau63076412015-07-10 11:33:32 +02006031 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6032#endif
6033}
6034
Emeric Brun0abf8362014-06-24 18:26:41 +02006035/* Extract peer certificate's common name into the chunk dest
6036 * Returns
6037 * the len of the extracted common name
6038 * or 0 if no CN found in DN
6039 * or -1 on error case (i.e. no peer certificate)
6040 */
6041int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest)
David Safb76832014-05-08 23:42:08 -04006042{
6043 X509 *crt = NULL;
6044 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006045 const char find_cn[] = "CN";
6046 const struct chunk find_cn_chunk = {
6047 .str = (char *)&find_cn,
6048 .len = sizeof(find_cn)-1
6049 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006050 int result = -1;
David Safb76832014-05-08 23:42:08 -04006051
6052 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006053 goto out;
David Safb76832014-05-08 23:42:08 -04006054
6055 /* SSL_get_peer_certificate, it increase X509 * ref count */
6056 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6057 if (!crt)
6058 goto out;
6059
6060 name = X509_get_subject_name(crt);
6061 if (!name)
6062 goto out;
David Safb76832014-05-08 23:42:08 -04006063
Emeric Brun0abf8362014-06-24 18:26:41 +02006064 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6065out:
David Safb76832014-05-08 23:42:08 -04006066 if (crt)
6067 X509_free(crt);
6068
6069 return result;
6070}
6071
Dave McCowan328fb582014-07-30 10:39:13 -04006072/* returns 1 if client passed a certificate for this session, 0 if not */
6073int ssl_sock_get_cert_used_sess(struct connection *conn)
6074{
6075 X509 *crt = NULL;
6076
6077 if (!ssl_sock_is_ssl(conn))
6078 return 0;
6079
6080 /* SSL_get_peer_certificate, it increase X509 * ref count */
6081 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6082 if (!crt)
6083 return 0;
6084
6085 X509_free(crt);
6086 return 1;
6087}
6088
6089/* returns 1 if client passed a certificate for this connection, 0 if not */
6090int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006091{
6092 if (!ssl_sock_is_ssl(conn))
6093 return 0;
6094
6095 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6096}
6097
6098/* returns result from SSL verify */
6099unsigned int ssl_sock_get_verify_result(struct connection *conn)
6100{
6101 if (!ssl_sock_is_ssl(conn))
6102 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6103
6104 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6105}
6106
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006107/* Returns the application layer protocol name in <str> and <len> when known.
6108 * Zero is returned if the protocol name was not found, otherwise non-zero is
6109 * returned. The string is allocated in the SSL context and doesn't have to be
6110 * freed by the caller. NPN is also checked if available since older versions
6111 * of openssl (1.0.1) which are more common in field only support this one.
6112 */
6113static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6114{
6115 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6116 return 0;
6117
6118 *str = NULL;
6119
6120#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6121 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6122 if (*str)
6123 return 1;
6124#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006125#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006126 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6127 if (*str)
6128 return 1;
6129#endif
6130 return 0;
6131}
6132
Willy Tarreau7875d092012-09-10 08:20:03 +02006133/***** Below are some sample fetching functions for ACL/patterns *****/
6134
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006135static int
6136smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6137{
6138 struct connection *conn;
6139
6140 conn = objt_conn(smp->sess->origin);
6141 if (!conn || conn->xprt != &ssl_sock)
6142 return 0;
6143
6144 smp->flags = 0;
6145 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006146 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6147 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006148
6149 return 1;
6150}
6151
Emeric Brune64aef12012-09-21 13:15:06 +02006152/* boolean, returns true if client cert was present */
6153static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006154smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006155{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006156 struct connection *conn;
6157
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006158 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006159 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006160 return 0;
6161
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006162 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006163 smp->flags |= SMP_F_MAY_CHANGE;
6164 return 0;
6165 }
6166
6167 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006168 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006169 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006170
6171 return 1;
6172}
6173
Emeric Brun43e79582014-10-29 19:03:26 +01006174/* binary, returns a certificate in a binary chunk (der/raw).
6175 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6176 * should be use.
6177 */
6178static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006179smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006180{
6181 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6182 X509 *crt = NULL;
6183 int ret = 0;
6184 struct chunk *smp_trash;
6185 struct connection *conn;
6186
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006187 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006188 if (!conn || conn->xprt != &ssl_sock)
6189 return 0;
6190
6191 if (!(conn->flags & CO_FL_CONNECTED)) {
6192 smp->flags |= SMP_F_MAY_CHANGE;
6193 return 0;
6194 }
6195
6196 if (cert_peer)
6197 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6198 else
6199 crt = SSL_get_certificate(conn->xprt_ctx);
6200
6201 if (!crt)
6202 goto out;
6203
6204 smp_trash = get_trash_chunk();
6205 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6206 goto out;
6207
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006208 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006209 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006210 ret = 1;
6211out:
6212 /* SSL_get_peer_certificate, it increase X509 * ref count */
6213 if (cert_peer && crt)
6214 X509_free(crt);
6215 return ret;
6216}
6217
Emeric Brunba841a12014-04-30 17:05:08 +02006218/* binary, returns serial of certificate in a binary chunk.
6219 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6220 * should be use.
6221 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006222static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006223smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006224{
Emeric Brunba841a12014-04-30 17:05:08 +02006225 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006226 X509 *crt = NULL;
6227 int ret = 0;
6228 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006229 struct connection *conn;
6230
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006231 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006232 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006233 return 0;
6234
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006235 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006236 smp->flags |= SMP_F_MAY_CHANGE;
6237 return 0;
6238 }
6239
Emeric Brunba841a12014-04-30 17:05:08 +02006240 if (cert_peer)
6241 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6242 else
6243 crt = SSL_get_certificate(conn->xprt_ctx);
6244
Willy Tarreau8d598402012-10-22 17:58:39 +02006245 if (!crt)
6246 goto out;
6247
Willy Tarreau47ca5452012-12-23 20:22:19 +01006248 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006249 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6250 goto out;
6251
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006252 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006253 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006254 ret = 1;
6255out:
Emeric Brunba841a12014-04-30 17:05:08 +02006256 /* SSL_get_peer_certificate, it increase X509 * ref count */
6257 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006258 X509_free(crt);
6259 return ret;
6260}
Emeric Brune64aef12012-09-21 13:15:06 +02006261
Emeric Brunba841a12014-04-30 17:05:08 +02006262/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6263 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6264 * should be use.
6265 */
James Votha051b4a2013-05-14 20:37:59 +02006266static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006267smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006268{
Emeric Brunba841a12014-04-30 17:05:08 +02006269 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006270 X509 *crt = NULL;
6271 const EVP_MD *digest;
6272 int ret = 0;
6273 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006274 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006275
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006276 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006277 if (!conn || conn->xprt != &ssl_sock)
6278 return 0;
6279
6280 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006281 smp->flags |= SMP_F_MAY_CHANGE;
6282 return 0;
6283 }
6284
Emeric Brunba841a12014-04-30 17:05:08 +02006285 if (cert_peer)
6286 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6287 else
6288 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006289 if (!crt)
6290 goto out;
6291
6292 smp_trash = get_trash_chunk();
6293 digest = EVP_sha1();
6294 X509_digest(crt, digest, (unsigned char *)smp_trash->str, (unsigned int *)&smp_trash->len);
6295
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006296 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006297 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006298 ret = 1;
6299out:
Emeric Brunba841a12014-04-30 17:05:08 +02006300 /* SSL_get_peer_certificate, it increase X509 * ref count */
6301 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006302 X509_free(crt);
6303 return ret;
6304}
6305
Emeric Brunba841a12014-04-30 17:05:08 +02006306/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6307 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6308 * should be use.
6309 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006310static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006311smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006312{
Emeric Brunba841a12014-04-30 17:05:08 +02006313 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006314 X509 *crt = NULL;
6315 int ret = 0;
6316 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006317 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006318
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006319 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006320 if (!conn || conn->xprt != &ssl_sock)
6321 return 0;
6322
6323 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006324 smp->flags |= SMP_F_MAY_CHANGE;
6325 return 0;
6326 }
6327
Emeric Brunba841a12014-04-30 17:05:08 +02006328 if (cert_peer)
6329 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6330 else
6331 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006332 if (!crt)
6333 goto out;
6334
Willy Tarreau47ca5452012-12-23 20:22:19 +01006335 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006336 if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
6337 goto out;
6338
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006339 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006340 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006341 ret = 1;
6342out:
Emeric Brunba841a12014-04-30 17:05:08 +02006343 /* SSL_get_peer_certificate, it increase X509 * ref count */
6344 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006345 X509_free(crt);
6346 return ret;
6347}
6348
Emeric Brunba841a12014-04-30 17:05:08 +02006349/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6350 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6351 * should be use.
6352 */
Emeric Brun87855892012-10-17 17:39:35 +02006353static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006354smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006355{
Emeric Brunba841a12014-04-30 17:05:08 +02006356 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006357 X509 *crt = NULL;
6358 X509_NAME *name;
6359 int ret = 0;
6360 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006361 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006362
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006363 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006364 if (!conn || conn->xprt != &ssl_sock)
6365 return 0;
6366
6367 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006368 smp->flags |= SMP_F_MAY_CHANGE;
6369 return 0;
6370 }
6371
Emeric Brunba841a12014-04-30 17:05:08 +02006372 if (cert_peer)
6373 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6374 else
6375 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006376 if (!crt)
6377 goto out;
6378
6379 name = X509_get_issuer_name(crt);
6380 if (!name)
6381 goto out;
6382
Willy Tarreau47ca5452012-12-23 20:22:19 +01006383 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006384 if (args && args[0].type == ARGT_STR) {
6385 int pos = 1;
6386
6387 if (args[1].type == ARGT_SINT)
6388 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006389
6390 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6391 goto out;
6392 }
6393 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6394 goto out;
6395
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006396 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006397 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006398 ret = 1;
6399out:
Emeric Brunba841a12014-04-30 17:05:08 +02006400 /* SSL_get_peer_certificate, it increase X509 * ref count */
6401 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006402 X509_free(crt);
6403 return ret;
6404}
6405
Emeric Brunba841a12014-04-30 17:05:08 +02006406/* string, returns notbefore date in ASN1_UTCTIME format.
6407 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6408 * should be use.
6409 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006410static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006411smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006412{
Emeric Brunba841a12014-04-30 17:05:08 +02006413 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006414 X509 *crt = NULL;
6415 int ret = 0;
6416 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006417 struct connection *conn;
6418
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006419 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006420 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006421 return 0;
6422
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006423 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006424 smp->flags |= SMP_F_MAY_CHANGE;
6425 return 0;
6426 }
6427
Emeric Brunba841a12014-04-30 17:05:08 +02006428 if (cert_peer)
6429 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6430 else
6431 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006432 if (!crt)
6433 goto out;
6434
Willy Tarreau47ca5452012-12-23 20:22:19 +01006435 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006436 if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
6437 goto out;
6438
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006439 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006440 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006441 ret = 1;
6442out:
Emeric Brunba841a12014-04-30 17:05:08 +02006443 /* SSL_get_peer_certificate, it increase X509 * ref count */
6444 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006445 X509_free(crt);
6446 return ret;
6447}
6448
Emeric Brunba841a12014-04-30 17:05:08 +02006449/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6450 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6451 * should be use.
6452 */
Emeric Brun87855892012-10-17 17:39:35 +02006453static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006454smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006455{
Emeric Brunba841a12014-04-30 17:05:08 +02006456 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006457 X509 *crt = NULL;
6458 X509_NAME *name;
6459 int ret = 0;
6460 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006461 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006462
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006463 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006464 if (!conn || conn->xprt != &ssl_sock)
6465 return 0;
6466
6467 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006468 smp->flags |= SMP_F_MAY_CHANGE;
6469 return 0;
6470 }
6471
Emeric Brunba841a12014-04-30 17:05:08 +02006472 if (cert_peer)
6473 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6474 else
6475 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006476 if (!crt)
6477 goto out;
6478
6479 name = X509_get_subject_name(crt);
6480 if (!name)
6481 goto out;
6482
Willy Tarreau47ca5452012-12-23 20:22:19 +01006483 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006484 if (args && args[0].type == ARGT_STR) {
6485 int pos = 1;
6486
6487 if (args[1].type == ARGT_SINT)
6488 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006489
6490 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6491 goto out;
6492 }
6493 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6494 goto out;
6495
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006496 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006497 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006498 ret = 1;
6499out:
Emeric Brunba841a12014-04-30 17:05:08 +02006500 /* SSL_get_peer_certificate, it increase X509 * ref count */
6501 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006502 X509_free(crt);
6503 return ret;
6504}
Emeric Brun9143d372012-12-20 15:44:16 +01006505
6506/* integer, returns true if current session use a client certificate */
6507static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006508smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006509{
6510 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006511 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006512
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006513 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006514 if (!conn || conn->xprt != &ssl_sock)
6515 return 0;
6516
6517 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006518 smp->flags |= SMP_F_MAY_CHANGE;
6519 return 0;
6520 }
6521
6522 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006523 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006524 if (crt) {
6525 X509_free(crt);
6526 }
6527
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006528 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006529 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006530 return 1;
6531}
6532
Emeric Brunba841a12014-04-30 17:05:08 +02006533/* integer, returns the certificate version
6534 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6535 * should be use.
6536 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006537static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006538smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006539{
Emeric Brunba841a12014-04-30 17:05:08 +02006540 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006541 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006542 struct connection *conn;
6543
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006544 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006545 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006546 return 0;
6547
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006548 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006549 smp->flags |= SMP_F_MAY_CHANGE;
6550 return 0;
6551 }
6552
Emeric Brunba841a12014-04-30 17:05:08 +02006553 if (cert_peer)
6554 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6555 else
6556 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006557 if (!crt)
6558 return 0;
6559
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006560 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006561 /* SSL_get_peer_certificate increase X509 * ref count */
6562 if (cert_peer)
6563 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006564 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006565
6566 return 1;
6567}
6568
Emeric Brunba841a12014-04-30 17:05:08 +02006569/* string, returns the certificate's signature algorithm.
6570 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6571 * should be use.
6572 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006573static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006574smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006575{
Emeric Brunba841a12014-04-30 17:05:08 +02006576 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006577 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006578 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006579 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006580 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006581
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006582 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006583 if (!conn || conn->xprt != &ssl_sock)
6584 return 0;
6585
6586 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006587 smp->flags |= SMP_F_MAY_CHANGE;
6588 return 0;
6589 }
6590
Emeric Brunba841a12014-04-30 17:05:08 +02006591 if (cert_peer)
6592 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6593 else
6594 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006595 if (!crt)
6596 return 0;
6597
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006598 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6599 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006600
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006601 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6602 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006603 /* SSL_get_peer_certificate increase X509 * ref count */
6604 if (cert_peer)
6605 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006606 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006607 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006608
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006609 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006610 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006611 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006612 /* SSL_get_peer_certificate increase X509 * ref count */
6613 if (cert_peer)
6614 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006615
6616 return 1;
6617}
6618
Emeric Brunba841a12014-04-30 17:05:08 +02006619/* string, returns the certificate's key algorithm.
6620 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6621 * should be use.
6622 */
Emeric Brun521a0112012-10-22 12:22:55 +02006623static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006624smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006625{
Emeric Brunba841a12014-04-30 17:05:08 +02006626 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006627 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006628 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006629 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006630 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006631
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006632 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006633 if (!conn || conn->xprt != &ssl_sock)
6634 return 0;
6635
6636 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006637 smp->flags |= SMP_F_MAY_CHANGE;
6638 return 0;
6639 }
6640
Emeric Brunba841a12014-04-30 17:05:08 +02006641 if (cert_peer)
6642 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6643 else
6644 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006645 if (!crt)
6646 return 0;
6647
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006648 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6649 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006650
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006651 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6652 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006653 /* SSL_get_peer_certificate increase X509 * ref count */
6654 if (cert_peer)
6655 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006656 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006657 }
Emeric Brun521a0112012-10-22 12:22:55 +02006658
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006659 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006660 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006661 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006662 if (cert_peer)
6663 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006664
6665 return 1;
6666}
6667
Emeric Brun645ae792014-04-30 14:21:06 +02006668/* boolean, returns true if front conn. transport layer is SSL.
6669 * This function is also usable on backend conn if the fetch keyword 5th
6670 * char is 'b'.
6671 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006672static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006673smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006674{
Emeric Bruneb8def92018-02-19 15:59:48 +01006675 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6676 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006677
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006678 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006679 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006680 return 1;
6681}
6682
Emeric Brun2525b6b2012-10-18 15:59:43 +02006683/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006684static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006685smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006686{
6687#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006688 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006689
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006690 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006691 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006692 conn->xprt_ctx &&
6693 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006694 return 1;
6695#else
6696 return 0;
6697#endif
6698}
6699
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006700/* boolean, returns true if client session has been resumed.
6701 * This function is also usable on backend conn if the fetch keyword 5th
6702 * char is 'b'.
6703 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006704static int
6705smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6706{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006707 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6708 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6709
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006710
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006711 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006712 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006713 conn->xprt_ctx &&
6714 SSL_session_reused(conn->xprt_ctx);
6715 return 1;
6716}
6717
Emeric Brun645ae792014-04-30 14:21:06 +02006718/* string, returns the used cipher if front conn. transport layer is SSL.
6719 * This function is also usable on backend conn if the fetch keyword 5th
6720 * char is 'b'.
6721 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006722static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006723smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006724{
Emeric Bruneb8def92018-02-19 15:59:48 +01006725 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6726 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006727
Willy Tarreaube508f12016-03-10 11:47:01 +01006728 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006729 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006730 return 0;
6731
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006732 smp->data.u.str.str = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6733 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006734 return 0;
6735
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006736 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006737 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006738 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006739
6740 return 1;
6741}
6742
Emeric Brun645ae792014-04-30 14:21:06 +02006743/* integer, returns the algoritm's keysize if front conn. transport layer
6744 * is SSL.
6745 * This function is also usable on backend conn if the fetch keyword 5th
6746 * char is 'b'.
6747 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006748static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006749smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006750{
Emeric Bruneb8def92018-02-19 15:59:48 +01006751 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6752 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006753 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006754
Emeric Brun589fcad2012-10-16 14:13:26 +02006755 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006756 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006757 return 0;
6758
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006759 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006760 return 0;
6761
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006762 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006763 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006764
6765 return 1;
6766}
6767
Emeric Brun645ae792014-04-30 14:21:06 +02006768/* integer, returns the used keysize if front conn. transport layer is SSL.
6769 * This function is also usable on backend conn if the fetch keyword 5th
6770 * char is 'b'.
6771 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006772static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006773smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006774{
Emeric Bruneb8def92018-02-19 15:59:48 +01006775 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6776 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006777
Emeric Brun589fcad2012-10-16 14:13:26 +02006778 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006779 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6780 return 0;
6781
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006782 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6783 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006784 return 0;
6785
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006786 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006787
6788 return 1;
6789}
6790
Bernard Spil13c53f82018-02-15 13:34:58 +01006791#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02006792static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006793smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006794{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006795 struct connection *conn;
6796
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006797 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006798 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006799
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006800 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006801 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6802 return 0;
6803
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006804 smp->data.u.str.str = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006805 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006806 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006807
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006808 if (!smp->data.u.str.str)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006809 return 0;
6810
6811 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006812}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006813#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006814
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006815#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006816static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006817smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006818{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006819 struct connection *conn;
6820
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006821 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006822 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006823
Willy Tarreaue26bf052015-05-12 10:30:12 +02006824 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006825 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006826 return 0;
6827
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006828 smp->data.u.str.str = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006829 SSL_get0_alpn_selected(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006830 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreauab861d32013-04-02 02:30:41 +02006831
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006832 if (!smp->data.u.str.str)
Willy Tarreauab861d32013-04-02 02:30:41 +02006833 return 0;
6834
6835 return 1;
6836}
6837#endif
6838
Emeric Brun645ae792014-04-30 14:21:06 +02006839/* string, returns the used protocol if front conn. transport layer is SSL.
6840 * This function is also usable on backend conn if the fetch keyword 5th
6841 * char is 'b'.
6842 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02006843static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006844smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006845{
Emeric Bruneb8def92018-02-19 15:59:48 +01006846 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6847 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006848
Emeric Brun589fcad2012-10-16 14:13:26 +02006849 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006850 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6851 return 0;
6852
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006853 smp->data.u.str.str = (char *)SSL_get_version(conn->xprt_ctx);
6854 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006855 return 0;
6856
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006857 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006858 smp->flags = SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006859 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006860
6861 return 1;
6862}
6863
Willy Tarreau87b09662015-04-03 00:22:06 +02006864/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02006865 * This function is also usable on backend conn if the fetch keyword 5th
6866 * char is 'b'.
6867 */
Patrick Hemmer41966772018-04-28 19:15:48 -04006868#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02006869static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006870smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02006871{
Emeric Bruneb8def92018-02-19 15:59:48 +01006872 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6873 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006874 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01006875
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006876 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006877 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02006878
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006879 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6880 return 0;
6881
Willy Tarreau192252e2015-04-04 01:47:55 +02006882 ssl_sess = SSL_get_session(conn->xprt_ctx);
6883 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02006884 return 0;
6885
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006886 smp->data.u.str.str = (char *)SSL_SESSION_get_id(ssl_sess, (unsigned int *)&smp->data.u.str.len);
6887 if (!smp->data.u.str.str || !smp->data.u.str.len)
Emeric Brunfe68f682012-10-16 14:59:28 +02006888 return 0;
6889
6890 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02006891}
Patrick Hemmer41966772018-04-28 19:15:48 -04006892#endif
6893
Emeric Brunfe68f682012-10-16 14:59:28 +02006894
Patrick Hemmere0275472018-04-28 19:15:51 -04006895#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
6896static int
6897smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
6898{
6899 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6900 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6901 SSL_SESSION *ssl_sess;
6902 struct chunk *data;
6903
6904 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6905 return 0;
6906
6907 ssl_sess = SSL_get_session(conn->xprt_ctx);
6908 if (!ssl_sess)
6909 return 0;
6910
6911 data = get_trash_chunk();
6912 data->len = SSL_SESSION_get_master_key(ssl_sess, (unsigned char *)data->str, data->size);
6913 if (!data->len)
6914 return 0;
6915
6916 smp->flags = 0;
6917 smp->data.type = SMP_T_BIN;
6918 smp->data.u.str = *data;
6919
6920 return 1;
6921}
6922#endif
6923
Patrick Hemmer41966772018-04-28 19:15:48 -04006924#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02006925static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006926smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006927{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006928 struct connection *conn;
6929
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006930 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006931 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02006932
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006933 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006934 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6935 return 0;
6936
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006937 smp->data.u.str.str = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6938 if (!smp->data.u.str.str)
Willy Tarreau3e394c92012-09-14 23:56:58 +02006939 return 0;
6940
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006941 smp->data.u.str.len = strlen(smp->data.u.str.str);
Willy Tarreau7875d092012-09-10 08:20:03 +02006942 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02006943}
Patrick Hemmer41966772018-04-28 19:15:48 -04006944#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02006945
David Sc1ad52e2014-04-08 18:48:47 -04006946static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006947smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
6948{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006949 struct connection *conn;
6950 struct ssl_capture *capture;
6951
6952 conn = objt_conn(smp->sess->origin);
6953 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6954 return 0;
6955
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006956 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006957 if (!capture)
6958 return 0;
6959
6960 smp->flags = SMP_F_CONST;
6961 smp->data.type = SMP_T_BIN;
6962 smp->data.u.str.str = capture->ciphersuite;
6963 smp->data.u.str.len = capture->ciphersuite_len;
6964 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006965}
6966
6967static int
6968smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
6969{
6970 struct chunk *data;
6971
6972 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6973 return 0;
6974
6975 data = get_trash_chunk();
6976 dump_binary(data, smp->data.u.str.str, smp->data.u.str.len);
6977 smp->data.type = SMP_T_BIN;
6978 smp->data.u.str = *data;
6979 return 1;
6980}
6981
6982static int
6983smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
6984{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006985 struct connection *conn;
6986 struct ssl_capture *capture;
6987
6988 conn = objt_conn(smp->sess->origin);
6989 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6990 return 0;
6991
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006992 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006993 if (!capture)
6994 return 0;
6995
6996 smp->data.type = SMP_T_SINT;
6997 smp->data.u.sint = capture->xxh64;
6998 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006999}
7000
7001static int
7002smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7003{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007004#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007005 struct chunk *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007006 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007007
7008 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7009 return 0;
7010
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007011 data = get_trash_chunk();
7012 for (i = 0; i + 1 < smp->data.u.str.len; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007013 const char *str;
7014 const SSL_CIPHER *cipher;
7015 const unsigned char *bin = (const unsigned char *)smp->data.u.str.str + i;
7016 uint16_t id = (bin[0] << 8) | bin[1];
7017#if defined(OPENSSL_IS_BORINGSSL)
7018 cipher = SSL_get_cipher_by_value(id);
7019#else
7020 struct connection *conn = objt_conn(smp->sess->origin);
7021 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
7022#endif
7023 str = SSL_CIPHER_get_name(cipher);
7024 if (!str || strcmp(str, "(NONE)") == 0)
7025 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007026 else
7027 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7028 }
7029 smp->data.type = SMP_T_STR;
7030 smp->data.u.str = *data;
7031 return 1;
7032#else
7033 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7034#endif
7035}
7036
Patrick Hemmer41966772018-04-28 19:15:48 -04007037#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007038static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007039smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007040{
Emeric Bruneb8def92018-02-19 15:59:48 +01007041 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7042 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007043 int finished_len;
David Sc1ad52e2014-04-08 18:48:47 -04007044 struct chunk *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007045
7046 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007047 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7048 return 0;
7049
7050 if (!(conn->flags & CO_FL_CONNECTED)) {
7051 smp->flags |= SMP_F_MAY_CHANGE;
7052 return 0;
7053 }
7054
7055 finished_trash = get_trash_chunk();
7056 if (!SSL_session_reused(conn->xprt_ctx))
7057 finished_len = SSL_get_peer_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
7058 else
7059 finished_len = SSL_get_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
7060
7061 if (!finished_len)
7062 return 0;
7063
Emeric Brunb73a9b02014-04-30 18:49:19 +02007064 finished_trash->len = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007065 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007066 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007067
7068 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007069}
Patrick Hemmer41966772018-04-28 19:15:48 -04007070#endif
David Sc1ad52e2014-04-08 18:48:47 -04007071
Emeric Brun2525b6b2012-10-18 15:59:43 +02007072/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007073static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007074smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007075{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007076 struct connection *conn;
7077
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007078 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007079 if (!conn || conn->xprt != &ssl_sock)
7080 return 0;
7081
7082 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007083 smp->flags = SMP_F_MAY_CHANGE;
7084 return 0;
7085 }
7086
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007087 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007088 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007089 smp->flags = 0;
7090
7091 return 1;
7092}
7093
Emeric Brun2525b6b2012-10-18 15:59:43 +02007094/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007095static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007096smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007097{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007098 struct connection *conn;
7099
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007100 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007101 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007102 return 0;
7103
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007104 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007105 smp->flags = SMP_F_MAY_CHANGE;
7106 return 0;
7107 }
7108
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007109 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007110 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007111 smp->flags = 0;
7112
7113 return 1;
7114}
7115
Emeric Brun2525b6b2012-10-18 15:59:43 +02007116/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007117static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007118smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007119{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007120 struct connection *conn;
7121
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007122 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007123 if (!conn || conn->xprt != &ssl_sock)
7124 return 0;
7125
7126 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007127 smp->flags = SMP_F_MAY_CHANGE;
7128 return 0;
7129 }
7130
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007131 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007132 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007133 smp->flags = 0;
7134
7135 return 1;
7136}
7137
Emeric Brun2525b6b2012-10-18 15:59:43 +02007138/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007139static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007140smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007141{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007142 struct connection *conn;
7143
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007144 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007145 if (!conn || conn->xprt != &ssl_sock)
7146 return 0;
7147
7148 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007149 smp->flags = SMP_F_MAY_CHANGE;
7150 return 0;
7151 }
7152
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007153 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007154 return 0;
7155
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007156 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007157 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007158 smp->flags = 0;
7159
7160 return 1;
7161}
7162
Emeric Brunfb510ea2012-10-05 12:00:26 +02007163/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007164static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007165{
7166 if (!*args[cur_arg + 1]) {
7167 if (err)
7168 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7169 return ERR_ALERT | ERR_FATAL;
7170 }
7171
Willy Tarreauef934602016-12-22 23:12:01 +01007172 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7173 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007174 else
7175 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007176
Emeric Brund94b3fe2012-09-20 18:23:56 +02007177 return 0;
7178}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007179static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7180{
7181 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7182}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007183
Christopher Faulet31af49d2015-06-09 17:29:50 +02007184/* parse the "ca-sign-file" bind keyword */
7185static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7186{
7187 if (!*args[cur_arg + 1]) {
7188 if (err)
7189 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7190 return ERR_ALERT | ERR_FATAL;
7191 }
7192
Willy Tarreauef934602016-12-22 23:12:01 +01007193 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7194 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007195 else
7196 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7197
7198 return 0;
7199}
7200
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007201/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007202static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7203{
7204 if (!*args[cur_arg + 1]) {
7205 if (err)
7206 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7207 return ERR_ALERT | ERR_FATAL;
7208 }
7209 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7210 return 0;
7211}
7212
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007213/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007214static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007215{
7216 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007217 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007218 return ERR_ALERT | ERR_FATAL;
7219 }
7220
Emeric Brun76d88952012-10-05 15:47:31 +02007221 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007222 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007223 return 0;
7224}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007225static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7226{
7227 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7228}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007229/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007230static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007231{
Willy Tarreau38011032013-08-13 16:59:39 +02007232 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007233
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007234 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007235 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007236 return ERR_ALERT | ERR_FATAL;
7237 }
7238
Willy Tarreauef934602016-12-22 23:12:01 +01007239 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7240 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007241 memprintf(err, "'%s' : path too long", args[cur_arg]);
7242 return ERR_ALERT | ERR_FATAL;
7243 }
Willy Tarreauef934602016-12-22 23:12:01 +01007244 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007245 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007246 return ERR_ALERT | ERR_FATAL;
7247
7248 return 0;
7249 }
7250
Willy Tarreau03209342016-12-22 17:08:28 +01007251 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007252 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007253
7254 return 0;
7255}
7256
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007257/* parse the "crt-list" bind keyword */
7258static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7259{
7260 if (!*args[cur_arg + 1]) {
7261 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7262 return ERR_ALERT | ERR_FATAL;
7263 }
7264
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007265 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007266 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007267 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007268 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007269
7270 return 0;
7271}
7272
Emeric Brunfb510ea2012-10-05 12:00:26 +02007273/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007274static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007275{
Emeric Brun051cdab2012-10-02 19:25:50 +02007276#ifndef X509_V_FLAG_CRL_CHECK
7277 if (err)
7278 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7279 return ERR_ALERT | ERR_FATAL;
7280#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007281 if (!*args[cur_arg + 1]) {
7282 if (err)
7283 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7284 return ERR_ALERT | ERR_FATAL;
7285 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007286
Willy Tarreauef934602016-12-22 23:12:01 +01007287 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7288 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007289 else
7290 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007291
Emeric Brun2b58d042012-09-20 17:10:03 +02007292 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007293#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007294}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007295static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7296{
7297 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7298}
Emeric Brun2b58d042012-09-20 17:10:03 +02007299
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007300/* parse the "curves" bind keyword keyword */
7301static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7302{
7303#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7304 if (!*args[cur_arg + 1]) {
7305 if (err)
7306 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7307 return ERR_ALERT | ERR_FATAL;
7308 }
7309 conf->curves = strdup(args[cur_arg + 1]);
7310 return 0;
7311#else
7312 if (err)
7313 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7314 return ERR_ALERT | ERR_FATAL;
7315#endif
7316}
7317static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7318{
7319 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7320}
7321
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007322/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007323static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007324{
7325#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7326 if (err)
7327 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7328 return ERR_ALERT | ERR_FATAL;
7329#elif defined(OPENSSL_NO_ECDH)
7330 if (err)
7331 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7332 return ERR_ALERT | ERR_FATAL;
7333#else
7334 if (!*args[cur_arg + 1]) {
7335 if (err)
7336 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7337 return ERR_ALERT | ERR_FATAL;
7338 }
7339
7340 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007341
7342 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007343#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007344}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007345static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7346{
7347 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7348}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007349
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007350/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007351static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7352{
7353 int code;
7354 char *p = args[cur_arg + 1];
7355 unsigned long long *ignerr = &conf->crt_ignerr;
7356
7357 if (!*p) {
7358 if (err)
7359 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7360 return ERR_ALERT | ERR_FATAL;
7361 }
7362
7363 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7364 ignerr = &conf->ca_ignerr;
7365
7366 if (strcmp(p, "all") == 0) {
7367 *ignerr = ~0ULL;
7368 return 0;
7369 }
7370
7371 while (p) {
7372 code = atoi(p);
7373 if ((code <= 0) || (code > 63)) {
7374 if (err)
7375 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7376 args[cur_arg], code, args[cur_arg + 1]);
7377 return ERR_ALERT | ERR_FATAL;
7378 }
7379 *ignerr |= 1ULL << code;
7380 p = strchr(p, ',');
7381 if (p)
7382 p++;
7383 }
7384
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007385 return 0;
7386}
7387
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007388/* parse tls_method_options "no-xxx" and "force-xxx" */
7389static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007390{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007391 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007392 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007393 p = strchr(arg, '-');
7394 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007395 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007396 p++;
7397 if (!strcmp(p, "sslv3"))
7398 v = CONF_SSLV3;
7399 else if (!strcmp(p, "tlsv10"))
7400 v = CONF_TLSV10;
7401 else if (!strcmp(p, "tlsv11"))
7402 v = CONF_TLSV11;
7403 else if (!strcmp(p, "tlsv12"))
7404 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007405 else if (!strcmp(p, "tlsv13"))
7406 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007407 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007408 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007409 if (!strncmp(arg, "no-", 3))
7410 methods->flags |= methodVersions[v].flag;
7411 else if (!strncmp(arg, "force-", 6))
7412 methods->min = methods->max = v;
7413 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007414 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007415 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007416 fail:
7417 if (err)
7418 memprintf(err, "'%s' : option not implemented", arg);
7419 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007420}
7421
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007422static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007423{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007424 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007425}
7426
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007427static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007428{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007429 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7430}
7431
7432/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7433static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7434{
7435 uint16_t i, v = 0;
7436 char *argv = args[cur_arg + 1];
7437 if (!*argv) {
7438 if (err)
7439 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7440 return ERR_ALERT | ERR_FATAL;
7441 }
7442 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7443 if (!strcmp(argv, methodVersions[i].name))
7444 v = i;
7445 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007446 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007447 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007448 return ERR_ALERT | ERR_FATAL;
7449 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007450 if (!strcmp("ssl-min-ver", args[cur_arg]))
7451 methods->min = v;
7452 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7453 methods->max = v;
7454 else {
7455 if (err)
7456 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7457 return ERR_ALERT | ERR_FATAL;
7458 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007459 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007460}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007461
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007462static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7463{
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02007464#if (OPENSSL_VERSION_NUMBER < 0x10101000L) || !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007465 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007466#endif
7467 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7468}
7469
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007470static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7471{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007472 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007473}
7474
7475static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7476{
7477 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7478}
7479
Emeric Brun2d0c4822012-10-02 13:45:20 +02007480/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007481static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007482{
Emeric Brun89675492012-10-05 13:48:26 +02007483 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007484 return 0;
7485}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007486
Olivier Houchardc2aae742017-09-22 18:26:28 +02007487/* parse the "allow-0rtt" bind keyword */
7488static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7489{
7490 conf->early_data = 1;
7491 return 0;
7492}
7493
7494static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7495{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007496 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007497 return 0;
7498}
7499
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007500/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007501static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007502{
Bernard Spil13c53f82018-02-15 13:34:58 +01007503#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007504 char *p1, *p2;
7505
7506 if (!*args[cur_arg + 1]) {
7507 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7508 return ERR_ALERT | ERR_FATAL;
7509 }
7510
7511 free(conf->npn_str);
7512
Willy Tarreau3724da12016-02-12 17:11:12 +01007513 /* the NPN string is built as a suite of (<len> <name>)*,
7514 * so we reuse each comma to store the next <len> and need
7515 * one more for the end of the string.
7516 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007517 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007518 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007519 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7520
7521 /* replace commas with the name length */
7522 p1 = conf->npn_str;
7523 p2 = p1 + 1;
7524 while (1) {
7525 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7526 if (!p2)
7527 p2 = p1 + 1 + strlen(p1 + 1);
7528
7529 if (p2 - (p1 + 1) > 255) {
7530 *p2 = '\0';
7531 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7532 return ERR_ALERT | ERR_FATAL;
7533 }
7534
7535 *p1 = p2 - (p1 + 1);
7536 p1 = p2;
7537
7538 if (!*p2)
7539 break;
7540
7541 *(p2++) = '\0';
7542 }
7543 return 0;
7544#else
7545 if (err)
7546 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7547 return ERR_ALERT | ERR_FATAL;
7548#endif
7549}
7550
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007551static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7552{
7553 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7554}
7555
Willy Tarreauab861d32013-04-02 02:30:41 +02007556/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007557static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007558{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007559#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007560 char *p1, *p2;
7561
7562 if (!*args[cur_arg + 1]) {
7563 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7564 return ERR_ALERT | ERR_FATAL;
7565 }
7566
7567 free(conf->alpn_str);
7568
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007569 /* the ALPN string is built as a suite of (<len> <name>)*,
7570 * so we reuse each comma to store the next <len> and need
7571 * one more for the end of the string.
7572 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007573 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007574 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007575 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7576
7577 /* replace commas with the name length */
7578 p1 = conf->alpn_str;
7579 p2 = p1 + 1;
7580 while (1) {
7581 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7582 if (!p2)
7583 p2 = p1 + 1 + strlen(p1 + 1);
7584
7585 if (p2 - (p1 + 1) > 255) {
7586 *p2 = '\0';
7587 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7588 return ERR_ALERT | ERR_FATAL;
7589 }
7590
7591 *p1 = p2 - (p1 + 1);
7592 p1 = p2;
7593
7594 if (!*p2)
7595 break;
7596
7597 *(p2++) = '\0';
7598 }
7599 return 0;
7600#else
7601 if (err)
7602 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7603 return ERR_ALERT | ERR_FATAL;
7604#endif
7605}
7606
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007607static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7608{
7609 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7610}
7611
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007612/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007613static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007614{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007615 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007616 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007617
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007618 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7619 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007620 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007621 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7622 if (!conf->ssl_conf.ssl_methods.min)
7623 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7624 if (!conf->ssl_conf.ssl_methods.max)
7625 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007626
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007627 return 0;
7628}
7629
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007630/* parse the "prefer-client-ciphers" bind keyword */
7631static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7632{
7633 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7634 return 0;
7635}
7636
Christopher Faulet31af49d2015-06-09 17:29:50 +02007637/* parse the "generate-certificates" bind keyword */
7638static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7639{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007640#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007641 conf->generate_certs = 1;
7642#else
7643 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7644 err && *err ? *err : "");
7645#endif
7646 return 0;
7647}
7648
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007649/* parse the "strict-sni" bind keyword */
7650static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7651{
7652 conf->strict_sni = 1;
7653 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007654}
7655
7656/* parse the "tls-ticket-keys" bind keyword */
7657static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7658{
7659#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7660 FILE *f;
7661 int i = 0;
7662 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007663 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007664
7665 if (!*args[cur_arg + 1]) {
7666 if (err)
7667 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7668 return ERR_ALERT | ERR_FATAL;
7669 }
7670
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007671 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007672 if (keys_ref) {
7673 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007674 conf->keys_ref = keys_ref;
7675 return 0;
7676 }
7677
Vincent Bernat02779b62016-04-03 13:48:43 +02007678 keys_ref = malloc(sizeof(*keys_ref));
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007679 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007680
7681 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
7682 if (err)
7683 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7684 return ERR_ALERT | ERR_FATAL;
7685 }
7686
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007687 keys_ref->filename = strdup(args[cur_arg + 1]);
7688
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007689 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7690 int len = strlen(thisline);
7691 /* Strip newline characters from the end */
7692 if(thisline[len - 1] == '\n')
7693 thisline[--len] = 0;
7694
7695 if(thisline[len - 1] == '\r')
7696 thisline[--len] = 0;
7697
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007698 if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007699 if (err)
7700 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007701 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007702 return ERR_ALERT | ERR_FATAL;
7703 }
7704 i++;
7705 }
7706
7707 if (i < TLS_TICKETS_NO) {
7708 if (err)
7709 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007710 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007711 return ERR_ALERT | ERR_FATAL;
7712 }
7713
7714 fclose(f);
7715
7716 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007717 i -= 2;
7718 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007719 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007720 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007721 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007722 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007723
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007724 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7725
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007726 return 0;
7727#else
7728 if (err)
7729 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7730 return ERR_ALERT | ERR_FATAL;
7731#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007732}
7733
Emeric Brund94b3fe2012-09-20 18:23:56 +02007734/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007735static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007736{
7737 if (!*args[cur_arg + 1]) {
7738 if (err)
7739 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7740 return ERR_ALERT | ERR_FATAL;
7741 }
7742
7743 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007744 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007745 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007746 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007747 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007748 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007749 else {
7750 if (err)
7751 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7752 args[cur_arg], args[cur_arg + 1]);
7753 return ERR_ALERT | ERR_FATAL;
7754 }
7755
7756 return 0;
7757}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007758static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7759{
7760 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
7761}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007762
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02007763/* parse the "no-ca-names" bind keyword */
7764static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7765{
7766 conf->no_ca_names = 1;
7767 return 0;
7768}
7769static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7770{
7771 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
7772}
7773
Willy Tarreau92faadf2012-10-10 23:04:25 +02007774/************** "server" keywords ****************/
7775
Emeric Brunef42d922012-10-11 16:11:36 +02007776/* parse the "ca-file" server keyword */
7777static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7778{
7779 if (!*args[*cur_arg + 1]) {
7780 if (err)
7781 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
7782 return ERR_ALERT | ERR_FATAL;
7783 }
7784
Willy Tarreauef934602016-12-22 23:12:01 +01007785 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7786 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007787 else
7788 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
7789
7790 return 0;
7791}
7792
Olivier Houchard9130a962017-10-17 17:33:43 +02007793/* parse the "check-sni" server keyword */
7794static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7795{
7796 if (!*args[*cur_arg + 1]) {
7797 if (err)
7798 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
7799 return ERR_ALERT | ERR_FATAL;
7800 }
7801
7802 newsrv->check.sni = strdup(args[*cur_arg + 1]);
7803 if (!newsrv->check.sni) {
7804 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
7805 return ERR_ALERT | ERR_FATAL;
7806 }
7807 return 0;
7808
7809}
7810
Willy Tarreau92faadf2012-10-10 23:04:25 +02007811/* parse the "check-ssl" server keyword */
7812static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7813{
7814 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007815 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7816 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
7817 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007818 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
7819 if (!newsrv->ssl_ctx.methods.min)
7820 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
7821 if (!newsrv->ssl_ctx.methods.max)
7822 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
7823
Willy Tarreau92faadf2012-10-10 23:04:25 +02007824 return 0;
7825}
7826
7827/* parse the "ciphers" server keyword */
7828static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7829{
7830 if (!*args[*cur_arg + 1]) {
7831 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
7832 return ERR_ALERT | ERR_FATAL;
7833 }
7834
7835 free(newsrv->ssl_ctx.ciphers);
7836 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
7837 return 0;
7838}
7839
Emeric Brunef42d922012-10-11 16:11:36 +02007840/* parse the "crl-file" server keyword */
7841static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7842{
7843#ifndef X509_V_FLAG_CRL_CHECK
7844 if (err)
7845 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
7846 return ERR_ALERT | ERR_FATAL;
7847#else
7848 if (!*args[*cur_arg + 1]) {
7849 if (err)
7850 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
7851 return ERR_ALERT | ERR_FATAL;
7852 }
7853
Willy Tarreauef934602016-12-22 23:12:01 +01007854 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7855 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007856 else
7857 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
7858
7859 return 0;
7860#endif
7861}
7862
Emeric Bruna7aa3092012-10-26 12:58:00 +02007863/* parse the "crt" server keyword */
7864static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7865{
7866 if (!*args[*cur_arg + 1]) {
7867 if (err)
7868 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
7869 return ERR_ALERT | ERR_FATAL;
7870 }
7871
Willy Tarreauef934602016-12-22 23:12:01 +01007872 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01007873 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02007874 else
7875 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
7876
7877 return 0;
7878}
Emeric Brunef42d922012-10-11 16:11:36 +02007879
Frédéric Lécaille340ae602017-03-13 10:38:04 +01007880/* parse the "no-check-ssl" server keyword */
7881static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7882{
7883 newsrv->check.use_ssl = 0;
7884 free(newsrv->ssl_ctx.ciphers);
7885 newsrv->ssl_ctx.ciphers = NULL;
7886 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
7887 return 0;
7888}
7889
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01007890/* parse the "no-send-proxy-v2-ssl" server keyword */
7891static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7892{
7893 newsrv->pp_opts &= ~SRV_PP_V2;
7894 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7895 return 0;
7896}
7897
7898/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
7899static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7900{
7901 newsrv->pp_opts &= ~SRV_PP_V2;
7902 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7903 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
7904 return 0;
7905}
7906
Frédéric Lécaillee381d762017-03-13 11:54:17 +01007907/* parse the "no-ssl" server keyword */
7908static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7909{
7910 newsrv->use_ssl = 0;
7911 free(newsrv->ssl_ctx.ciphers);
7912 newsrv->ssl_ctx.ciphers = NULL;
7913 return 0;
7914}
7915
Olivier Houchard522eea72017-11-03 16:27:47 +01007916/* parse the "allow-0rtt" server keyword */
7917static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7918{
7919 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
7920 return 0;
7921}
7922
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01007923/* parse the "no-ssl-reuse" server keyword */
7924static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7925{
7926 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
7927 return 0;
7928}
7929
Emeric Brunf9c5c472012-10-11 15:28:34 +02007930/* parse the "no-tls-tickets" server keyword */
7931static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7932{
7933 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
7934 return 0;
7935}
David Safb76832014-05-08 23:42:08 -04007936/* parse the "send-proxy-v2-ssl" server keyword */
7937static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7938{
7939 newsrv->pp_opts |= SRV_PP_V2;
7940 newsrv->pp_opts |= SRV_PP_V2_SSL;
7941 return 0;
7942}
7943
7944/* parse the "send-proxy-v2-ssl-cn" server keyword */
7945static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7946{
7947 newsrv->pp_opts |= SRV_PP_V2;
7948 newsrv->pp_opts |= SRV_PP_V2_SSL;
7949 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
7950 return 0;
7951}
Emeric Brunf9c5c472012-10-11 15:28:34 +02007952
Willy Tarreau732eac42015-07-09 11:40:25 +02007953/* parse the "sni" server keyword */
7954static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7955{
7956#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
7957 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
7958 return ERR_ALERT | ERR_FATAL;
7959#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007960 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02007961
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007962 arg = args[*cur_arg + 1];
7963 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02007964 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
7965 return ERR_ALERT | ERR_FATAL;
7966 }
7967
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007968 free(newsrv->sni_expr);
7969 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02007970
Willy Tarreau732eac42015-07-09 11:40:25 +02007971 return 0;
7972#endif
7973}
7974
Willy Tarreau92faadf2012-10-10 23:04:25 +02007975/* parse the "ssl" server keyword */
7976static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7977{
7978 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007979 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7980 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau92faadf2012-10-10 23:04:25 +02007981 return 0;
7982}
7983
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007984/* parse the "ssl-reuse" server keyword */
7985static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7986{
7987 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
7988 return 0;
7989}
7990
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007991/* parse the "tls-tickets" server keyword */
7992static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7993{
7994 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
7995 return 0;
7996}
7997
Emeric Brunef42d922012-10-11 16:11:36 +02007998/* parse the "verify" server keyword */
7999static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8000{
8001 if (!*args[*cur_arg + 1]) {
8002 if (err)
8003 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8004 return ERR_ALERT | ERR_FATAL;
8005 }
8006
8007 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008008 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008009 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008010 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008011 else {
8012 if (err)
8013 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8014 args[*cur_arg], args[*cur_arg + 1]);
8015 return ERR_ALERT | ERR_FATAL;
8016 }
8017
Evan Broderbe554312013-06-27 00:05:25 -07008018 return 0;
8019}
8020
8021/* parse the "verifyhost" server keyword */
8022static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8023{
8024 if (!*args[*cur_arg + 1]) {
8025 if (err)
8026 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8027 return ERR_ALERT | ERR_FATAL;
8028 }
8029
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008030 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008031 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8032
Emeric Brunef42d922012-10-11 16:11:36 +02008033 return 0;
8034}
8035
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008036/* parse the "ssl-default-bind-options" keyword in global section */
8037static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8038 struct proxy *defpx, const char *file, int line,
8039 char **err) {
8040 int i = 1;
8041
8042 if (*(args[i]) == 0) {
8043 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8044 return -1;
8045 }
8046 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008047 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008048 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008049 else if (!strcmp(args[i], "prefer-client-ciphers"))
8050 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008051 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8052 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8053 i++;
8054 else {
8055 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8056 return -1;
8057 }
8058 }
8059 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008060 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8061 return -1;
8062 }
8063 i++;
8064 }
8065 return 0;
8066}
8067
8068/* parse the "ssl-default-server-options" keyword in global section */
8069static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8070 struct proxy *defpx, const char *file, int line,
8071 char **err) {
8072 int i = 1;
8073
8074 if (*(args[i]) == 0) {
8075 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8076 return -1;
8077 }
8078 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008079 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008080 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008081 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8082 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8083 i++;
8084 else {
8085 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8086 return -1;
8087 }
8088 }
8089 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008090 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8091 return -1;
8092 }
8093 i++;
8094 }
8095 return 0;
8096}
8097
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008098/* parse the "ca-base" / "crt-base" keywords in global section.
8099 * Returns <0 on alert, >0 on warning, 0 on success.
8100 */
8101static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8102 struct proxy *defpx, const char *file, int line,
8103 char **err)
8104{
8105 char **target;
8106
Willy Tarreauef934602016-12-22 23:12:01 +01008107 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008108
8109 if (too_many_args(1, args, err, NULL))
8110 return -1;
8111
8112 if (*target) {
8113 memprintf(err, "'%s' already specified.", args[0]);
8114 return -1;
8115 }
8116
8117 if (*(args[1]) == 0) {
8118 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8119 return -1;
8120 }
8121 *target = strdup(args[1]);
8122 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008123}
8124
8125/* parse the "ssl-mode-async" keyword in global section.
8126 * Returns <0 on alert, >0 on warning, 0 on success.
8127 */
8128static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8129 struct proxy *defpx, const char *file, int line,
8130 char **err)
8131{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008132#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008133 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008134 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008135 return 0;
8136#else
8137 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8138 return -1;
8139#endif
8140}
8141
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008142#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008143static int ssl_check_async_engine_count(void) {
8144 int err_code = 0;
8145
Emeric Brun3854e012017-05-17 20:42:48 +02008146 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008147 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008148 err_code = ERR_ABORT;
8149 }
8150 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008151}
8152
Grant Zhang872f9c22017-01-21 01:10:18 +00008153/* parse the "ssl-engine" keyword in global section.
8154 * Returns <0 on alert, >0 on warning, 0 on success.
8155 */
8156static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8157 struct proxy *defpx, const char *file, int line,
8158 char **err)
8159{
8160 char *algo;
8161 int ret = -1;
8162
8163 if (*(args[1]) == 0) {
8164 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8165 return ret;
8166 }
8167
8168 if (*(args[2]) == 0) {
8169 /* if no list of algorithms is given, it defaults to ALL */
8170 algo = strdup("ALL");
8171 goto add_engine;
8172 }
8173
8174 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8175 if (strcmp(args[2], "algo") != 0) {
8176 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8177 return ret;
8178 }
8179
8180 if (*(args[3]) == 0) {
8181 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8182 return ret;
8183 }
8184 algo = strdup(args[3]);
8185
8186add_engine:
8187 if (ssl_init_single_engine(args[1], algo)==0) {
8188 openssl_engines_initialized++;
8189 ret = 0;
8190 }
8191 free(algo);
8192 return ret;
8193}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008194#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008195
Willy Tarreauf22e9682016-12-21 23:23:19 +01008196/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8197 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8198 */
8199static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8200 struct proxy *defpx, const char *file, int line,
8201 char **err)
8202{
8203 char **target;
8204
Willy Tarreauef934602016-12-22 23:12:01 +01008205 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008206
8207 if (too_many_args(1, args, err, NULL))
8208 return -1;
8209
8210 if (*(args[1]) == 0) {
8211 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8212 return -1;
8213 }
8214
8215 free(*target);
8216 *target = strdup(args[1]);
8217 return 0;
8218}
8219
Willy Tarreau9ceda382016-12-21 23:13:03 +01008220/* parse various global tune.ssl settings consisting in positive integers.
8221 * Returns <0 on alert, >0 on warning, 0 on success.
8222 */
8223static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8224 struct proxy *defpx, const char *file, int line,
8225 char **err)
8226{
8227 int *target;
8228
8229 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8230 target = &global.tune.sslcachesize;
8231 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008232 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008233 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008234 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008235 else if (strcmp(args[0], "maxsslconn") == 0)
8236 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008237 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8238 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008239 else {
8240 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8241 return -1;
8242 }
8243
8244 if (too_many_args(1, args, err, NULL))
8245 return -1;
8246
8247 if (*(args[1]) == 0) {
8248 memprintf(err, "'%s' expects an integer argument.", args[0]);
8249 return -1;
8250 }
8251
8252 *target = atoi(args[1]);
8253 if (*target < 0) {
8254 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8255 return -1;
8256 }
8257 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008258}
8259
8260static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8261 struct proxy *defpx, const char *file, int line,
8262 char **err)
8263{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008264 int ret;
8265
8266 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8267 if (ret != 0)
8268 return ret;
8269
Willy Tarreaubafbe012017-11-24 17:34:44 +01008270 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008271 memprintf(err, "'%s' is already configured.", args[0]);
8272 return -1;
8273 }
8274
Willy Tarreaubafbe012017-11-24 17:34:44 +01008275 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8276 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008277 memprintf(err, "Out of memory error.");
8278 return -1;
8279 }
8280 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008281}
8282
8283/* parse "ssl.force-private-cache".
8284 * Returns <0 on alert, >0 on warning, 0 on success.
8285 */
8286static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8287 struct proxy *defpx, const char *file, int line,
8288 char **err)
8289{
8290 if (too_many_args(0, args, err, NULL))
8291 return -1;
8292
Willy Tarreauef934602016-12-22 23:12:01 +01008293 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008294 return 0;
8295}
8296
8297/* parse "ssl.lifetime".
8298 * Returns <0 on alert, >0 on warning, 0 on success.
8299 */
8300static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8301 struct proxy *defpx, const char *file, int line,
8302 char **err)
8303{
8304 const char *res;
8305
8306 if (too_many_args(1, args, err, NULL))
8307 return -1;
8308
8309 if (*(args[1]) == 0) {
8310 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8311 return -1;
8312 }
8313
Willy Tarreauef934602016-12-22 23:12:01 +01008314 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008315 if (res) {
8316 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8317 return -1;
8318 }
8319 return 0;
8320}
8321
8322#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008323/* parse "ssl-dh-param-file".
8324 * Returns <0 on alert, >0 on warning, 0 on success.
8325 */
8326static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8327 struct proxy *defpx, const char *file, int line,
8328 char **err)
8329{
8330 if (too_many_args(1, args, err, NULL))
8331 return -1;
8332
8333 if (*(args[1]) == 0) {
8334 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8335 return -1;
8336 }
8337
8338 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8339 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8340 return -1;
8341 }
8342 return 0;
8343}
8344
Willy Tarreau9ceda382016-12-21 23:13:03 +01008345/* parse "ssl.default-dh-param".
8346 * Returns <0 on alert, >0 on warning, 0 on success.
8347 */
8348static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8349 struct proxy *defpx, const char *file, int line,
8350 char **err)
8351{
8352 if (too_many_args(1, args, err, NULL))
8353 return -1;
8354
8355 if (*(args[1]) == 0) {
8356 memprintf(err, "'%s' expects an integer argument.", args[0]);
8357 return -1;
8358 }
8359
Willy Tarreauef934602016-12-22 23:12:01 +01008360 global_ssl.default_dh_param = atoi(args[1]);
8361 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008362 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8363 return -1;
8364 }
8365 return 0;
8366}
8367#endif
8368
8369
William Lallemand32af2032016-10-29 18:09:35 +02008370/* This function is used with TLS ticket keys management. It permits to browse
8371 * each reference. The variable <getnext> must contain the current node,
8372 * <end> point to the root node.
8373 */
8374#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8375static inline
8376struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8377{
8378 struct tls_keys_ref *ref = getnext;
8379
8380 while (1) {
8381
8382 /* Get next list entry. */
8383 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8384
8385 /* If the entry is the last of the list, return NULL. */
8386 if (&ref->list == end)
8387 return NULL;
8388
8389 return ref;
8390 }
8391}
8392
8393static inline
8394struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8395{
8396 int id;
8397 char *error;
8398
8399 /* If the reference starts by a '#', this is numeric id. */
8400 if (reference[0] == '#') {
8401 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8402 id = strtol(reference + 1, &error, 10);
8403 if (*error != '\0')
8404 return NULL;
8405
8406 /* Perform the unique id lookup. */
8407 return tlskeys_ref_lookupid(id);
8408 }
8409
8410 /* Perform the string lookup. */
8411 return tlskeys_ref_lookup(reference);
8412}
8413#endif
8414
8415
8416#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8417
8418static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8419
8420static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8421 return cli_io_handler_tlskeys_files(appctx);
8422}
8423
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008424/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8425 * (next index to be dumped), and cli.p0 (next key reference).
8426 */
William Lallemand32af2032016-10-29 18:09:35 +02008427static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8428
8429 struct stream_interface *si = appctx->owner;
8430
8431 switch (appctx->st2) {
8432 case STAT_ST_INIT:
8433 /* Display the column headers. If the message cannot be sent,
8434 * quit the fucntion with returning 0. The function is called
8435 * later and restart at the state "STAT_ST_INIT".
8436 */
8437 chunk_reset(&trash);
8438
8439 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8440 chunk_appendf(&trash, "# id secret\n");
8441 else
8442 chunk_appendf(&trash, "# id (file)\n");
8443
Willy Tarreau06d80a92017-10-19 14:32:15 +02008444 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008445 si_applet_cant_put(si);
8446 return 0;
8447 }
8448
William Lallemand32af2032016-10-29 18:09:35 +02008449 /* Now, we start the browsing of the references lists.
8450 * Note that the following call to LIST_ELEM return bad pointer. The only
8451 * available field of this pointer is <list>. It is used with the function
8452 * tlskeys_list_get_next() for retruning the first available entry
8453 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008454 if (appctx->ctx.cli.p0 == NULL) {
8455 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8456 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008457 }
8458
8459 appctx->st2 = STAT_ST_LIST;
8460 /* fall through */
8461
8462 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008463 while (appctx->ctx.cli.p0) {
8464 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008465
8466 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008467 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008468 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008469
8470 if (appctx->ctx.cli.i1 == 0)
8471 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8472
William Lallemand32af2032016-10-29 18:09:35 +02008473 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008474 int head;
8475
8476 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8477 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008478 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
William Lallemand32af2032016-10-29 18:09:35 +02008479 struct chunk *t2 = get_trash_chunk();
8480
8481 chunk_reset(t2);
8482 /* should never fail here because we dump only a key in the t2 buffer */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008483 t2->len = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
William Lallemand32af2032016-10-29 18:09:35 +02008484 sizeof(struct tls_sess_key), t2->str, t2->size);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008485 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1, t2->str);
William Lallemand32af2032016-10-29 18:09:35 +02008486
Willy Tarreau06d80a92017-10-19 14:32:15 +02008487 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008488 /* let's try again later from this stream. We add ourselves into
8489 * this stream's users so that it can remove us upon termination.
8490 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008491 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
William Lallemand32af2032016-10-29 18:09:35 +02008492 si_applet_cant_put(si);
8493 return 0;
8494 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008495 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008496 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008497 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008498 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008499 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008500 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008501 /* let's try again later from this stream. We add ourselves into
8502 * this stream's users so that it can remove us upon termination.
8503 */
8504 si_applet_cant_put(si);
8505 return 0;
8506 }
8507
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008508 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008509 break;
8510
8511 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008512 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008513 }
8514
8515 appctx->st2 = STAT_ST_FIN;
8516 /* fall through */
8517
8518 default:
8519 appctx->st2 = STAT_ST_FIN;
8520 return 1;
8521 }
8522 return 0;
8523}
8524
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008525/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008526static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008527{
William Lallemand32af2032016-10-29 18:09:35 +02008528 /* no parameter, shows only file list */
8529 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008530 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008531 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008532 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008533 }
8534
8535 if (args[2][0] == '*') {
8536 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008537 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008538 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008539 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8540 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008541 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008542 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008543 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008544 return 1;
8545 }
8546 }
William Lallemand32af2032016-10-29 18:09:35 +02008547 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008548 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008549}
8550
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008551static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008552{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008553 struct tls_keys_ref *ref;
8554
William Lallemand32af2032016-10-29 18:09:35 +02008555 /* Expect two parameters: the filename and the new new TLS key in encoding */
8556 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008557 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008558 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008559 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008560 return 1;
8561 }
8562
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008563 ref = tlskeys_ref_lookup_ref(args[3]);
8564 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008565 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008566 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008567 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008568 return 1;
8569 }
8570
8571 trash.len = base64dec(args[4], strlen(args[4]), trash.str, trash.size);
8572 if (trash.len != sizeof(struct tls_sess_key)) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008573 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008574 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008575 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008576 return 1;
8577 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008578 ssl_sock_update_tlskey_ref(ref, &trash);
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008579 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008580 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008581 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008582 return 1;
8583
8584}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008585#endif
William Lallemand32af2032016-10-29 18:09:35 +02008586
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008587static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008588{
8589#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
8590 char *err = NULL;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008591 int i, j;
8592
8593 if (!payload)
8594 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02008595
8596 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008597 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008598 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008599 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008600 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008601 return 1;
8602 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008603
8604 /* remove \r and \n from the payload */
8605 for (i = 0, j = 0; payload[i]; i++) {
8606 if (payload[i] == '\r' || payload[i] == '\n')
8607 continue;
8608 payload[j++] = payload[i];
8609 }
8610 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008611
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008612 trash.len = base64dec(payload, j, trash.str, trash.size);
William Lallemand32af2032016-10-29 18:09:35 +02008613 if (trash.len < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008614 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008615 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008616 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008617 return 1;
8618 }
8619
8620 if (ssl_sock_update_ocsp_response(&trash, &err)) {
8621 if (err) {
8622 memprintf(&err, "%s.\n", err);
8623 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008624 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02008625 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02008626 else {
8627 appctx->ctx.cli.severity = LOG_ERR;
8628 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
8629 appctx->st0 = CLI_ST_PRINT;
8630 }
William Lallemand32af2032016-10-29 18:09:35 +02008631 return 1;
8632 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008633 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008634 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008635 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008636 return 1;
8637#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008638 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008639 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008640 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008641 return 1;
8642#endif
8643
8644}
8645
8646/* register cli keywords */
8647static struct cli_kw_list cli_kws = {{ },{
8648#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8649 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02008650 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008651#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008652 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008653 { { NULL }, NULL, NULL, NULL }
8654}};
8655
8656
Willy Tarreau7875d092012-09-10 08:20:03 +02008657/* Note: must not be declared <const> as its list will be overwritten.
8658 * Please take care of keeping this list alphabetically sorted.
8659 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008660static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02008661 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008662 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008663 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brun74f7ffa2018-02-19 16:14:12 +01008664 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008665 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008666 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008667 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008668#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02008669 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008670#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008671#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8672 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
8673#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008674 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8675 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008676 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008677 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008678 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8679 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8680 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8681 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8682 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8683 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8684 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8685 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008686 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008687 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8688 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008689 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008690 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8691 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8692 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8693 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8694 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8695 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8696 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02008697 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008698 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008699 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008700 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008701 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008702 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008703 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008704 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02008705 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01008706#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008707 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008708#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008709#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008710 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02008711#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008712 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008713#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02008714 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008715#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008716 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008717#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008718 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008719#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008720#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8721 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8722#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04008723#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008724 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008725#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008726 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8727 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8728 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8729 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02008730 { NULL, NULL, 0, 0, 0 },
8731}};
8732
8733/* Note: must not be declared <const> as its list will be overwritten.
8734 * Please take care of keeping this list alphabetically sorted.
8735 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008736static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01008737 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
8738 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01008739 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02008740}};
8741
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008742/* Note: must not be declared <const> as its list will be overwritten.
8743 * Please take care of keeping this list alphabetically sorted, doing so helps
8744 * all code contributors.
8745 * Optional keywords are also declared with a NULL ->parse() function so that
8746 * the config parser can report an appropriate error when a known keyword was
8747 * not enabled.
8748 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008749static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008750 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008751 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8752 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8753 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8754 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008755 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008756 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008757 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008758 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008759 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
8760 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008761 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
8762 { NULL, NULL, 0 },
8763};
8764
Willy Tarreau51fb7652012-09-18 18:24:39 +02008765static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008766 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008767 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8768 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8769 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
8770 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
8771 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
8772 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8773 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
8774 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
8775 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
8776 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
8777 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
8778 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
8779 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
8780 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
8781 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
8782 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008783 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008784 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008785 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008786 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
8787 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
8788 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
8789 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008790 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008791 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
8792 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008793 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
8794 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008795 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
8796 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
8797 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
8798 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
8799 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008800 { NULL, NULL, 0 },
8801}};
Emeric Brun46591952012-05-18 15:47:34 +02008802
Willy Tarreau92faadf2012-10-10 23:04:25 +02008803/* Note: must not be declared <const> as its list will be overwritten.
8804 * Please take care of keeping this list alphabetically sorted, doing so helps
8805 * all code contributors.
8806 * Optional keywords are also declared with a NULL ->parse() function so that
8807 * the config parser can report an appropriate error when a known keyword was
8808 * not enabled.
8809 */
8810static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01008811 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008812 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard9130a962017-10-17 17:33:43 +02008813 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008814 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
8815 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
8816 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
8817 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
8818 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
8819 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
8820 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
8821 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
8822 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
8823 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
8824 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
8825 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
8826 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
8827 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
8828 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
8829 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
8830 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
8831 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
8832 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
8833 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
8834 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
8835 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
8836 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
8837 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
8838 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
8839 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
8840 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
8841 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
8842 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
8843 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02008844 { NULL, NULL, 0, 0 },
8845}};
8846
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008847static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008848 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
8849 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008850 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008851 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
8852 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01008853#ifndef OPENSSL_NO_DH
8854 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
8855#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008856 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008857#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008858 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008859#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01008860 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
8861#ifndef OPENSSL_NO_DH
8862 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
8863#endif
8864 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
8865 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
8866 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
8867 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008868 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01008869 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
8870 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008871 { 0, NULL, NULL },
8872}};
8873
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02008874/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01008875static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02008876 .snd_buf = ssl_sock_from_buf,
8877 .rcv_buf = ssl_sock_to_buf,
8878 .rcv_pipe = NULL,
8879 .snd_pipe = NULL,
8880 .shutr = NULL,
8881 .shutw = ssl_sock_shutw,
8882 .close = ssl_sock_close,
8883 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01008884 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01008885 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01008886 .prepare_srv = ssl_sock_prepare_srv_ctx,
8887 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01008888 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01008889 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02008890};
8891
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008892enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
8893 struct session *sess, struct stream *s, int flags)
8894{
8895 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008896 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008897
8898 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008899 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008900
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008901 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008902 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008903 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008904 s->req.flags |= CF_READ_NULL;
8905 return ACT_RET_YIELD;
8906 }
8907 }
8908 return (ACT_RET_CONT);
8909}
8910
8911static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
8912{
8913 rule->action_ptr = ssl_action_wait_for_hs;
8914
8915 return ACT_RET_PRS_OK;
8916}
8917
8918static struct action_kw_list http_req_actions = {ILH, {
8919 { "wait-for-handshake", ssl_parse_wait_for_hs },
8920 { /* END */ }
8921}};
8922
Daniel Jakots54ffb912015-11-06 20:02:41 +01008923#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008924
8925static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8926{
8927 if (ptr) {
8928 chunk_destroy(ptr);
8929 free(ptr);
8930 }
8931}
8932
8933#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008934static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8935{
Willy Tarreaubafbe012017-11-24 17:34:44 +01008936 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008937}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008938
Emeric Brun46591952012-05-18 15:47:34 +02008939__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02008940static void __ssl_sock_init(void)
8941{
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008942 char *ptr;
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008943 int i;
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008944
Emeric Brun46591952012-05-18 15:47:34 +02008945 STACK_OF(SSL_COMP)* cm;
8946
Willy Tarreauef934602016-12-22 23:12:01 +01008947 if (global_ssl.listen_default_ciphers)
8948 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
8949 if (global_ssl.connect_default_ciphers)
8950 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau610f04b2014-02-13 11:36:41 +01008951
Willy Tarreau13e14102016-12-22 20:25:26 +01008952 xprt_register(XPRT_SSL, &ssl_sock);
Emeric Brun46591952012-05-18 15:47:34 +02008953 SSL_library_init();
8954 cm = SSL_COMP_get_compression_methods();
8955 sk_SSL_COMP_zero(cm);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008956#ifdef USE_THREAD
8957 ssl_locking_init();
8958#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01008959#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008960 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
8961#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02008962 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02008963 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01008964 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Willy Tarreau7875d092012-09-10 08:20:03 +02008965 sample_register_fetches(&sample_fetch_keywords);
8966 acl_register_keywords(&acl_kws);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008967 bind_register_keywords(&bind_kws);
Willy Tarreau92faadf2012-10-10 23:04:25 +02008968 srv_register_keywords(&srv_kws);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008969 cfg_register_keywords(&cfg_kws);
William Lallemand32af2032016-10-29 18:09:35 +02008970 cli_register_kw(&cli_kws);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008971#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008972 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008973 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008974#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01008975#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8976 hap_register_post_check(tlskeys_finalize_config);
8977#endif
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008978
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008979 ptr = NULL;
8980 memprintf(&ptr, "Built with OpenSSL version : "
8981#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008982 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008983#else /* OPENSSL_IS_BORINGSSL */
8984 OPENSSL_VERSION_TEXT
8985 "\nRunning on OpenSSL version : %s%s",
8986 SSLeay_version(SSLEAY_VERSION),
8987 ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
8988#endif
8989 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
8990#if OPENSSL_VERSION_NUMBER < 0x00907000L
8991 "no (library version too old)"
8992#elif defined(OPENSSL_NO_TLSEXT)
8993 "no (disabled via OPENSSL_NO_TLSEXT)"
8994#else
8995 "yes"
8996#endif
8997 "", ptr);
8998
8999 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9000#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9001 "yes"
9002#else
9003#ifdef OPENSSL_NO_TLSEXT
9004 "no (because of OPENSSL_NO_TLSEXT)"
9005#else
9006 "no (version might be too old, 0.9.8f min needed)"
9007#endif
9008#endif
9009 "", ptr);
9010
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009011 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9012 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9013 if (methodVersions[i].option)
9014 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009015
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009016 hap_register_build_opts(ptr, 1);
9017
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009018 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9019 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
Remi Gacogne4f902b82015-05-28 16:23:00 +02009020
9021#ifndef OPENSSL_NO_DH
9022 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Grant Zhang872f9c22017-01-21 01:10:18 +00009023 hap_register_post_deinit(ssl_free_dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009024#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009025#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009026 hap_register_post_deinit(ssl_free_engines);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009027#endif
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02009028 /* Load SSL string for the verbose & debug mode. */
9029 ERR_load_SSL_strings();
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009030
9031 http_req_keywords_register(&http_req_actions);
Emeric Brun46591952012-05-18 15:47:34 +02009032}
9033
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009034#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009035void ssl_free_engines(void) {
9036 struct ssl_engine_list *wl, *wlb;
9037 /* free up engine list */
9038 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9039 ENGINE_finish(wl->e);
9040 ENGINE_free(wl->e);
9041 LIST_DEL(&wl->list);
9042 free(wl);
9043 }
9044}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009045#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009046
Remi Gacogned3a23c32015-05-28 16:39:47 +02009047#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009048void ssl_free_dh(void) {
9049 if (local_dh_1024) {
9050 DH_free(local_dh_1024);
9051 local_dh_1024 = NULL;
9052 }
9053 if (local_dh_2048) {
9054 DH_free(local_dh_2048);
9055 local_dh_2048 = NULL;
9056 }
9057 if (local_dh_4096) {
9058 DH_free(local_dh_4096);
9059 local_dh_4096 = NULL;
9060 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009061 if (global_dh) {
9062 DH_free(global_dh);
9063 global_dh = NULL;
9064 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009065}
9066#endif
9067
9068__attribute__((destructor))
9069static void __ssl_sock_deinit(void)
9070{
9071#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009072 if (ssl_ctx_lru_tree) {
9073 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009074 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009075 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009076#endif
9077
9078 ERR_remove_state(0);
9079 ERR_free_strings();
9080
9081 EVP_cleanup();
9082
9083#if OPENSSL_VERSION_NUMBER >= 0x00907000L
9084 CRYPTO_cleanup_all_ex_data();
9085#endif
9086}
9087
9088
Emeric Brun46591952012-05-18 15:47:34 +02009089/*
9090 * Local variables:
9091 * c-indent-level: 8
9092 * c-basic-offset: 8
9093 * End:
9094 */