blob: cbbb7eb937f735b6a01d187d18016fface7b1213 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
William Lallemand150bfa82019-09-19 17:12:49 +0200356__decl_hathreads(HA_SPINLOCK_T ckch_lock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
yanbzhube2774d2015-12-10 15:07:30 -0500465
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200466#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000467static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
468{
469 int err_code = ERR_ABORT;
470 ENGINE *engine;
471 struct ssl_engine_list *el;
472
473 /* grab the structural reference to the engine */
474 engine = ENGINE_by_id(engine_id);
475 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100476 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000477 goto fail_get;
478 }
479
480 if (!ENGINE_init(engine)) {
481 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100482 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000483 goto fail_init;
484 }
485
486 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100487 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000488 goto fail_set_method;
489 }
490
491 el = calloc(1, sizeof(*el));
492 el->e = engine;
493 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100494 nb_engines++;
495 if (global_ssl.async)
496 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000497 return 0;
498
499fail_set_method:
500 /* release the functional reference from ENGINE_init() */
501 ENGINE_finish(engine);
502
503fail_init:
504 /* release the structural reference from ENGINE_by_id() */
505 ENGINE_free(engine);
506
507fail_get:
508 return err_code;
509}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200510#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000511
Willy Tarreau5db847a2019-05-09 14:13:35 +0200512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200513/*
514 * openssl async fd handler
515 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200516void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000517{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200518 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519
Emeric Brun3854e012017-05-17 20:42:48 +0200520 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000521 * to poll this fd until it is requested
522 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000523 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000524 fd_cant_recv(fd);
525
526 /* crypto engine is available, let's notify the associated
527 * connection that it can pursue its processing.
528 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200529 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000530}
531
Emeric Brun3854e012017-05-17 20:42:48 +0200532/*
533 * openssl async delayed SSL_free handler
534 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200535void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000536{
537 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200538 OSSL_ASYNC_FD all_fd[32];
539 size_t num_all_fds = 0;
540 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000541
Emeric Brun3854e012017-05-17 20:42:48 +0200542 /* We suppose that the async job for a same SSL *
543 * are serialized. So if we are awake it is
544 * because the running job has just finished
545 * and we can remove all async fds safely
546 */
547 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
548 if (num_all_fds > 32) {
549 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
550 return;
551 }
552
553 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
554 for (i=0 ; i < num_all_fds ; i++)
555 fd_remove(all_fd[i]);
556
557 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000558 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100559 _HA_ATOMIC_SUB(&sslconns, 1);
560 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000561}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562/*
Emeric Brun3854e012017-05-17 20:42:48 +0200563 * function used to manage a returned SSL_ERROR_WANT_ASYNC
564 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000565 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200566static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100568 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200569 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200570 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000571 size_t num_add_fds = 0;
572 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200573 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000574
575 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
576 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200577 if (num_add_fds > 32 || num_del_fds > 32) {
578 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000579 return;
580 }
581
Emeric Brun3854e012017-05-17 20:42:48 +0200582 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000583
Emeric Brun3854e012017-05-17 20:42:48 +0200584 /* We remove unused fds from the fdtab */
585 for (i=0 ; i < num_del_fds ; i++)
586 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587
Emeric Brun3854e012017-05-17 20:42:48 +0200588 /* We add new fds to the fdtab */
589 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200590 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 }
592
Emeric Brun3854e012017-05-17 20:42:48 +0200593 num_add_fds = 0;
594 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
595 if (num_add_fds > 32) {
596 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
597 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000598 }
Emeric Brun3854e012017-05-17 20:42:48 +0200599
600 /* We activate the polling for all known async fds */
601 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000602 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200603 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000604 /* To ensure that the fd cache won't be used
605 * We'll prefer to catch a real RD event
606 * because handling an EAGAIN on this fd will
607 * result in a context switch and also
608 * some engines uses a fd in blocking mode.
609 */
610 fd_cant_recv(add_fd[i]);
611 }
Emeric Brun3854e012017-05-17 20:42:48 +0200612
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613}
614#endif
615
William Lallemand104a7a62019-10-14 14:14:59 +0200616#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200617/*
618 * This function returns the number of seconds elapsed
619 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
620 * date presented un ASN1_GENERALIZEDTIME.
621 *
622 * In parsing error case, it returns -1.
623 */
624static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
625{
626 long epoch;
627 char *p, *end;
628 const unsigned short month_offset[12] = {
629 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
630 };
631 int year, month;
632
633 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
634
635 p = (char *)d->data;
636 end = p + d->length;
637
638 if (end - p < 4) return -1;
639 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
640 p += 4;
641 if (end - p < 2) return -1;
642 month = 10 * (p[0] - '0') + p[1] - '0';
643 if (month < 1 || month > 12) return -1;
644 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
645 We consider leap years and the current month (<marsh or not) */
646 epoch = ( ((year - 1970) * 365)
647 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
648 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
649 + month_offset[month-1]
650 ) * 24 * 60 * 60;
651 p += 2;
652 if (end - p < 2) return -1;
653 /* Add the number of seconds of completed days of current month */
654 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
655 p += 2;
656 if (end - p < 2) return -1;
657 /* Add the completed hours of the current day */
658 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
659 p += 2;
660 if (end - p < 2) return -1;
661 /* Add the completed minutes of the current hour */
662 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
663 p += 2;
664 if (p == end) return -1;
665 /* Test if there is available seconds */
666 if (p[0] < '0' || p[0] > '9')
667 goto nosec;
668 if (end - p < 2) return -1;
669 /* Add the seconds of the current minute */
670 epoch += 10 * (p[0] - '0') + p[1] - '0';
671 p += 2;
672 if (p == end) return -1;
673 /* Ignore seconds float part if present */
674 if (p[0] == '.') {
675 do {
676 if (++p == end) return -1;
677 } while (p[0] >= '0' && p[0] <= '9');
678 }
679
680nosec:
681 if (p[0] == 'Z') {
682 if (end - p != 1) return -1;
683 return epoch;
684 }
685 else if (p[0] == '+') {
686 if (end - p != 5) return -1;
687 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700688 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200689 }
690 else if (p[0] == '-') {
691 if (end - p != 5) return -1;
692 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700693 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200694 }
695
696 return -1;
697}
698
William Lallemand104a7a62019-10-14 14:14:59 +0200699/*
700 * struct alignment works here such that the key.key is the same as key_data
701 * Do not change the placement of key_data
702 */
703struct certificate_ocsp {
704 struct ebmb_node key;
705 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
706 struct buffer response;
707 long expire;
708};
709
710struct ocsp_cbk_arg {
711 int is_single;
712 int single_kt;
713 union {
714 struct certificate_ocsp *s_ocsp;
715 /*
716 * m_ocsp will have multiple entries dependent on key type
717 * Entry 0 - DSA
718 * Entry 1 - ECDSA
719 * Entry 2 - RSA
720 */
721 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
722 };
723};
724
Emeric Brun1d3865b2014-06-20 15:37:32 +0200725static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200726
727/* This function starts to check if the OCSP response (in DER format) contained
728 * in chunk 'ocsp_response' is valid (else exits on error).
729 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
730 * contained in the OCSP Response and exits on error if no match.
731 * If it's a valid OCSP Response:
732 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
733 * pointed by 'ocsp'.
734 * If 'ocsp' is NULL, the function looks up into the OCSP response's
735 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
736 * from the response) and exits on error if not found. Finally, If an OCSP response is
737 * already present in the container, it will be overwritten.
738 *
739 * Note: OCSP response containing more than one OCSP Single response is not
740 * considered valid.
741 *
742 * Returns 0 on success, 1 in error case.
743 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200744static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
745 struct certificate_ocsp *ocsp,
746 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200747{
748 OCSP_RESPONSE *resp;
749 OCSP_BASICRESP *bs = NULL;
750 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200751 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200752 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200753 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200754 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200755 int reason;
756 int ret = 1;
757
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200758 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
759 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200760 if (!resp) {
761 memprintf(err, "Unable to parse OCSP response");
762 goto out;
763 }
764
765 rc = OCSP_response_status(resp);
766 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
767 memprintf(err, "OCSP response status not successful");
768 goto out;
769 }
770
771 bs = OCSP_response_get1_basic(resp);
772 if (!bs) {
773 memprintf(err, "Failed to get basic response from OCSP Response");
774 goto out;
775 }
776
777 count_sr = OCSP_resp_count(bs);
778 if (count_sr > 1) {
779 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
780 goto out;
781 }
782
783 sr = OCSP_resp_get0(bs, 0);
784 if (!sr) {
785 memprintf(err, "Failed to get OCSP single response");
786 goto out;
787 }
788
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200789 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
790
Emeric Brun4147b2e2014-06-16 18:36:30 +0200791 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200792 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200793 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200794 goto out;
795 }
796
Emeric Brun13a6b482014-06-20 15:44:34 +0200797 if (!nextupd) {
798 memprintf(err, "OCSP single response: missing nextupdate");
799 goto out;
800 }
801
Emeric Brunc8b27b62014-06-19 14:16:17 +0200802 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200803 if (!rc) {
804 memprintf(err, "OCSP single response: no longer valid.");
805 goto out;
806 }
807
808 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200809 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200810 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
811 goto out;
812 }
813 }
814
815 if (!ocsp) {
816 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
817 unsigned char *p;
818
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200819 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200820 if (!rc) {
821 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
822 goto out;
823 }
824
825 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
826 memprintf(err, "OCSP single response: Certificate ID too long");
827 goto out;
828 }
829
830 p = key;
831 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200832 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200833 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
834 if (!ocsp) {
835 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
836 goto out;
837 }
838 }
839
840 /* According to comments on "chunk_dup", the
841 previous chunk buffer will be freed */
842 if (!chunk_dup(&ocsp->response, ocsp_response)) {
843 memprintf(err, "OCSP response: Memory allocation error");
844 goto out;
845 }
846
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200847 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
848
Emeric Brun4147b2e2014-06-16 18:36:30 +0200849 ret = 0;
850out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100851 ERR_clear_error();
852
Emeric Brun4147b2e2014-06-16 18:36:30 +0200853 if (bs)
854 OCSP_BASICRESP_free(bs);
855
856 if (resp)
857 OCSP_RESPONSE_free(resp);
858
859 return ret;
860}
861/*
862 * External function use to update the OCSP response in the OCSP response's
863 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
864 * to update in DER format.
865 *
866 * Returns 0 on success, 1 in error case.
867 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200868int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200869{
870 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
871}
872
William Lallemand4a660132019-10-14 14:51:41 +0200873#endif
874
875#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200876/*
877 * This function load the OCSP Resonse in DER format contained in file at
William Lallemand3b5f3602019-10-16 18:05:05 +0200878 * path 'ocsp_path' or base64 in a buffer <buf>
Emeric Brun4147b2e2014-06-16 18:36:30 +0200879 *
880 * Returns 0 on success, 1 in error case.
881 */
William Lallemand3b5f3602019-10-16 18:05:05 +0200882static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200883{
884 int fd = -1;
885 int r = 0;
886 int ret = 1;
William Lallemand3b5f3602019-10-16 18:05:05 +0200887 struct buffer *ocsp_response;
888 struct buffer *src = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200889
William Lallemand3b5f3602019-10-16 18:05:05 +0200890 if (buf) {
891 int i, j;
892 /* if it's from a buffer it will be base64 */
Emeric Brun4147b2e2014-06-16 18:36:30 +0200893
William Lallemand3b5f3602019-10-16 18:05:05 +0200894 /* remove \r and \n from the payload */
895 for (i = 0, j = 0; buf[i]; i++) {
896 if (buf[i] == '\r' || buf[i] == '\n')
Emeric Brun4147b2e2014-06-16 18:36:30 +0200897 continue;
William Lallemand3b5f3602019-10-16 18:05:05 +0200898 buf[j++] = buf[i];
899 }
900 buf[j] = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200901
William Lallemand3b5f3602019-10-16 18:05:05 +0200902 ret = base64dec(buf, j, trash.area, trash.size);
903 if (ret < 0) {
904 memprintf(err, "Error reading OCSP response in base64 format");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200905 goto end;
906 }
William Lallemand3b5f3602019-10-16 18:05:05 +0200907 trash.data = ret;
908 src = &trash;
909 } else {
910 fd = open(ocsp_path, O_RDONLY);
911 if (fd == -1) {
912 memprintf(err, "Error opening OCSP response file");
913 goto end;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200914 }
William Lallemand3b5f3602019-10-16 18:05:05 +0200915
916 trash.data = 0;
917 while (trash.data < trash.size) {
918 r = read(fd, trash.area + trash.data, trash.size - trash.data);
919 if (r < 0) {
920 if (errno == EINTR)
921 continue;
922
923 memprintf(err, "Error reading OCSP response from file");
924 goto end;
925 }
926 else if (r == 0) {
927 break;
928 }
929 trash.data += r;
930 }
931 close(fd);
932 fd = -1;
933 src = &trash;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200934 }
935
William Lallemand3b5f3602019-10-16 18:05:05 +0200936 ocsp_response = calloc(1, sizeof(*ocsp_response));
937 if (!chunk_dup(ocsp_response, src)) {
938 free(ocsp_response);
939 ocsp_response = NULL;
William Lallemand246c0242019-10-11 08:59:13 +0200940 goto end;
941 }
942
William Lallemand3b5f3602019-10-16 18:05:05 +0200943 ckch->ocsp_response = ocsp_response;
William Lallemande0f48ae2019-10-15 13:44:57 +0200944 ret = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200945end:
946 if (fd != -1)
947 close(fd);
948
949 return ret;
950}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100951#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200952
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100953#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
954static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
955{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100956 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100957 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100958 struct connection *conn;
959 int head;
960 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100961 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100962
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200963 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200964 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100965 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
966
967 keys = ref->tlskeys;
968 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100969
970 if (enc) {
971 memcpy(key_name, keys[head].name, 16);
972
973 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100974 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100975
Emeric Brun9e754772019-01-10 17:51:55 +0100976 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100977
Emeric Brun9e754772019-01-10 17:51:55 +0100978 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
979 goto end;
980
Willy Tarreau9356dac2019-05-10 09:22:53 +0200981 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100982 ret = 1;
983 }
984 else if (ref->key_size_bits == 256 ) {
985
986 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
987 goto end;
988
Willy Tarreau9356dac2019-05-10 09:22:53 +0200989 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100990 ret = 1;
991 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100992 } else {
993 for (i = 0; i < TLS_TICKETS_NO; i++) {
994 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
995 goto found;
996 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100997 ret = 0;
998 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100999
Christopher Faulet16f45c82018-02-16 11:23:49 +01001000 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001001 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001002 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001003 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1004 goto end;
1005 /* 2 for key renewal, 1 if current key is still valid */
1006 ret = i ? 2 : 1;
1007 }
1008 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001009 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001010 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1011 goto end;
1012 /* 2 for key renewal, 1 if current key is still valid */
1013 ret = i ? 2 : 1;
1014 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001015 }
Emeric Brun9e754772019-01-10 17:51:55 +01001016
Christopher Faulet16f45c82018-02-16 11:23:49 +01001017 end:
1018 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1019 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001020}
1021
1022struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1023{
1024 struct tls_keys_ref *ref;
1025
1026 list_for_each_entry(ref, &tlskeys_reference, list)
1027 if (ref->filename && strcmp(filename, ref->filename) == 0)
1028 return ref;
1029 return NULL;
1030}
1031
1032struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1033{
1034 struct tls_keys_ref *ref;
1035
1036 list_for_each_entry(ref, &tlskeys_reference, list)
1037 if (ref->unique_id == unique_id)
1038 return ref;
1039 return NULL;
1040}
1041
Emeric Brun9e754772019-01-10 17:51:55 +01001042/* Update the key into ref: if keysize doesnt
1043 * match existing ones, this function returns -1
1044 * else it returns 0 on success.
1045 */
1046int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001047 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001048{
Emeric Brun9e754772019-01-10 17:51:55 +01001049 if (ref->key_size_bits == 128) {
1050 if (tlskey->data != sizeof(struct tls_sess_key_128))
1051 return -1;
1052 }
1053 else if (ref->key_size_bits == 256) {
1054 if (tlskey->data != sizeof(struct tls_sess_key_256))
1055 return -1;
1056 }
1057 else
1058 return -1;
1059
Christopher Faulet16f45c82018-02-16 11:23:49 +01001060 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001061 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1062 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001063 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1064 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001065
1066 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001067}
1068
Willy Tarreau83061a82018-07-13 11:56:34 +02001069int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001070{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001071 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1072
1073 if(!ref) {
1074 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1075 return 1;
1076 }
Emeric Brun9e754772019-01-10 17:51:55 +01001077 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1078 memprintf(err, "Invalid key size");
1079 return 1;
1080 }
1081
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001082 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001083}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001084
1085/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001086 * automatic ids. It's called just after the basic checks. It returns
1087 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001088 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001089static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001090{
1091 int i = 0;
1092 struct tls_keys_ref *ref, *ref2, *ref3;
1093 struct list tkr = LIST_HEAD_INIT(tkr);
1094
1095 list_for_each_entry(ref, &tlskeys_reference, list) {
1096 if (ref->unique_id == -1) {
1097 /* Look for the first free id. */
1098 while (1) {
1099 list_for_each_entry(ref2, &tlskeys_reference, list) {
1100 if (ref2->unique_id == i) {
1101 i++;
1102 break;
1103 }
1104 }
1105 if (&ref2->list == &tlskeys_reference)
1106 break;
1107 }
1108
1109 /* Uses the unique id and increment it for the next entry. */
1110 ref->unique_id = i;
1111 i++;
1112 }
1113 }
1114
1115 /* This sort the reference list by id. */
1116 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1117 LIST_DEL(&ref->list);
1118 list_for_each_entry(ref3, &tkr, list) {
1119 if (ref->unique_id < ref3->unique_id) {
1120 LIST_ADDQ(&ref3->list, &ref->list);
1121 break;
1122 }
1123 }
1124 if (&ref3->list == &tkr)
1125 LIST_ADDQ(&tkr, &ref->list);
1126 }
1127
1128 /* swap root */
1129 LIST_ADD(&tkr, &tlskeys_reference);
1130 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001131 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001132}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001133#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1134
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001135#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001136int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1137{
1138 switch (evp_keytype) {
1139 case EVP_PKEY_RSA:
1140 return 2;
1141 case EVP_PKEY_DSA:
1142 return 0;
1143 case EVP_PKEY_EC:
1144 return 1;
1145 }
1146
1147 return -1;
1148}
1149
Emeric Brun4147b2e2014-06-16 18:36:30 +02001150/*
1151 * Callback used to set OCSP status extension content in server hello.
1152 */
1153int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1154{
yanbzhube2774d2015-12-10 15:07:30 -05001155 struct certificate_ocsp *ocsp;
1156 struct ocsp_cbk_arg *ocsp_arg;
1157 char *ssl_buf;
1158 EVP_PKEY *ssl_pkey;
1159 int key_type;
1160 int index;
1161
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001162 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001163
1164 ssl_pkey = SSL_get_privatekey(ssl);
1165 if (!ssl_pkey)
1166 return SSL_TLSEXT_ERR_NOACK;
1167
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001168 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001169
1170 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1171 ocsp = ocsp_arg->s_ocsp;
1172 else {
1173 /* For multiple certs per context, we have to find the correct OCSP response based on
1174 * the certificate type
1175 */
1176 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1177
1178 if (index < 0)
1179 return SSL_TLSEXT_ERR_NOACK;
1180
1181 ocsp = ocsp_arg->m_ocsp[index];
1182
1183 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001184
1185 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001186 !ocsp->response.area ||
1187 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001188 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001189 return SSL_TLSEXT_ERR_NOACK;
1190
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001191 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001192 if (!ssl_buf)
1193 return SSL_TLSEXT_ERR_NOACK;
1194
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001195 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1196 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001197
1198 return SSL_TLSEXT_ERR_OK;
1199}
1200
William Lallemand4a660132019-10-14 14:51:41 +02001201#endif
1202
1203#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001204/*
1205 * This function enables the handling of OCSP status extension on 'ctx' if a
William Lallemand246c0242019-10-11 08:59:13 +02001206 * ocsp_response buffer was found in the cert_key_and_chain. To enable OCSP
1207 * status extension, the issuer's certificate is mandatory. It should be
1208 * present in ckch->ocsp_issuer.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001209 *
William Lallemand246c0242019-10-11 08:59:13 +02001210 * In addition, the ckch->ocsp_reponse buffer is loaded as a DER format of an
1211 * OCSP response. If file is empty or content is not a valid OCSP response,
1212 * OCSP status extension is enabled but OCSP response is ignored (a warning is
1213 * displayed).
Emeric Brun4147b2e2014-06-16 18:36:30 +02001214 *
1215 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001216 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001217 */
William Lallemand4a660132019-10-14 14:51:41 +02001218#ifndef OPENSSL_IS_BORINGSSL
William Lallemand246c0242019-10-11 08:59:13 +02001219static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001220{
William Lallemand246c0242019-10-11 08:59:13 +02001221 X509 *x = NULL, *issuer = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001222 OCSP_CERTID *cid = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001223 int i, ret = -1;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001224 struct certificate_ocsp *ocsp = NULL, *iocsp;
1225 char *warn = NULL;
1226 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001227 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001228
Emeric Brun4147b2e2014-06-16 18:36:30 +02001229
William Lallemand246c0242019-10-11 08:59:13 +02001230 x = ckch->cert;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001231 if (!x)
1232 goto out;
1233
William Lallemand246c0242019-10-11 08:59:13 +02001234 issuer = ckch->ocsp_issuer;
1235 if (!issuer)
1236 goto out;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001237
1238 cid = OCSP_cert_to_id(0, x, issuer);
1239 if (!cid)
1240 goto out;
1241
1242 i = i2d_OCSP_CERTID(cid, NULL);
1243 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1244 goto out;
1245
Vincent Bernat02779b62016-04-03 13:48:43 +02001246 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001247 if (!ocsp)
1248 goto out;
1249
1250 p = ocsp->key_data;
1251 i2d_OCSP_CERTID(cid, &p);
1252
1253 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1254 if (iocsp == ocsp)
1255 ocsp = NULL;
1256
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001257#ifndef SSL_CTX_get_tlsext_status_cb
1258# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1259 *cb = (void (*) (void))ctx->tlsext_status_cb;
1260#endif
1261 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1262
1263 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001264 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001265 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001266
1267 cb_arg->is_single = 1;
1268 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001269
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001270 pkey = X509_get_pubkey(x);
1271 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1272 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001273
1274 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1275 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1276 } else {
1277 /*
1278 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1279 * Update that cb_arg with the new cert's staple
1280 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001281 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001282 struct certificate_ocsp *tmp_ocsp;
1283 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001284 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001285 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001286
1287#ifdef SSL_CTX_get_tlsext_status_arg
1288 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1289#else
1290 cb_arg = ctx->tlsext_status_arg;
1291#endif
yanbzhube2774d2015-12-10 15:07:30 -05001292
1293 /*
1294 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1295 * the order of operations below matter, take care when changing it
1296 */
1297 tmp_ocsp = cb_arg->s_ocsp;
1298 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1299 cb_arg->s_ocsp = NULL;
1300 cb_arg->m_ocsp[index] = tmp_ocsp;
1301 cb_arg->is_single = 0;
1302 cb_arg->single_kt = 0;
1303
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001304 pkey = X509_get_pubkey(x);
1305 key_type = EVP_PKEY_base_id(pkey);
1306 EVP_PKEY_free(pkey);
1307
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001308 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001309 if (index >= 0 && !cb_arg->m_ocsp[index])
1310 cb_arg->m_ocsp[index] = iocsp;
1311
1312 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001313
1314 ret = 0;
1315
1316 warn = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001317 if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
William Lallemand3b5f3602019-10-16 18:05:05 +02001318 memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001319 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001320 }
1321
1322out:
Emeric Brun4147b2e2014-06-16 18:36:30 +02001323 if (cid)
1324 OCSP_CERTID_free(cid);
1325
1326 if (ocsp)
1327 free(ocsp);
1328
1329 if (warn)
1330 free(warn);
1331
Emeric Brun4147b2e2014-06-16 18:36:30 +02001332 return ret;
1333}
William Lallemand4a660132019-10-14 14:51:41 +02001334#else /* OPENSSL_IS_BORINGSSL */
1335static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001336{
William Lallemand4a660132019-10-14 14:51:41 +02001337 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)ckch->ocsp_response->area, ckch->ocsp_response->data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001338}
1339#endif
1340
William Lallemand4a660132019-10-14 14:51:41 +02001341#endif
1342
1343
Willy Tarreau5db847a2019-05-09 14:13:35 +02001344#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001345
1346#define CT_EXTENSION_TYPE 18
1347
1348static int sctl_ex_index = -1;
1349
1350/*
1351 * Try to parse Signed Certificate Timestamp List structure. This function
1352 * makes only basic test if the data seems like SCTL. No signature validation
1353 * is performed.
1354 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001355static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001356{
1357 int ret = 1;
1358 int len, pos, sct_len;
1359 unsigned char *data;
1360
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001361 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001362 goto out;
1363
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001364 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001365 len = (data[0] << 8) | data[1];
1366
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001367 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001368 goto out;
1369
1370 data = data + 2;
1371 pos = 0;
1372 while (pos < len) {
1373 if (len - pos < 2)
1374 goto out;
1375
1376 sct_len = (data[pos] << 8) | data[pos + 1];
1377 if (pos + sct_len + 2 > len)
1378 goto out;
1379
1380 pos += sct_len + 2;
1381 }
1382
1383 ret = 0;
1384
1385out:
1386 return ret;
1387}
1388
William Lallemand0dfae6c2019-10-16 18:06:58 +02001389/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
1390 * It fills the ckch->sctl buffer
1391 * return 0 on success or != 0 on failure */
1392static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001393{
1394 int fd = -1;
1395 int r = 0;
1396 int ret = 1;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001397 struct buffer tmp;
1398 struct buffer *src;
1399 struct buffer *sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001400
William Lallemand0dfae6c2019-10-16 18:06:58 +02001401 if (buf) {
1402 tmp.area = buf;
1403 tmp.data = strlen(buf);
1404 tmp.size = tmp.data + 1;
1405 src = &tmp;
1406 } else {
1407 fd = open(sctl_path, O_RDONLY);
1408 if (fd == -1)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001409 goto end;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001410
1411 trash.data = 0;
1412 while (trash.data < trash.size) {
1413 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1414 if (r < 0) {
1415 if (errno == EINTR)
1416 continue;
1417 goto end;
1418 }
1419 else if (r == 0) {
1420 break;
1421 }
1422 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001423 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001424 src = &trash;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001425 }
1426
William Lallemand0dfae6c2019-10-16 18:06:58 +02001427 ret = ssl_sock_parse_sctl(src);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001428 if (ret)
1429 goto end;
1430
William Lallemand0dfae6c2019-10-16 18:06:58 +02001431 sctl = calloc(1, sizeof(*sctl));
1432 if (!chunk_dup(sctl, src)) {
1433 free(sctl);
1434 sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001435 goto end;
1436 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001437 ret = 0;
1438 /* TODO: free the previous SCTL in the ckch */
1439 ckch->sctl = sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001440
1441end:
1442 if (fd != -1)
1443 close(fd);
1444
1445 return ret;
1446}
1447
1448int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1449{
Willy Tarreau83061a82018-07-13 11:56:34 +02001450 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001451
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001452 *out = (unsigned char *) sctl->area;
1453 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001454
1455 return 1;
1456}
1457
1458int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1459{
1460 return 1;
1461}
1462
William Lallemanda17f4112019-10-10 15:16:44 +02001463static int ssl_sock_load_sctl(SSL_CTX *ctx, struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001464{
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001465 int ret = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001466
William Lallemanda17f4112019-10-10 15:16:44 +02001467 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL))
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001468 goto out;
1469
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001470 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1471
1472 ret = 0;
1473
1474out:
1475 return ret;
1476}
1477
1478#endif
1479
Emeric Brune1f38db2012-09-03 20:36:47 +02001480void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1481{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001482 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001483 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001484 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001485 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001486
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001487#ifndef SSL_OP_NO_RENEGOTIATION
1488 /* Please note that BoringSSL defines this macro to zero so don't
1489 * change this to #if and do not assign a default value to this macro!
1490 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001491 if (where & SSL_CB_HANDSHAKE_START) {
1492 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001493 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001494 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001495 conn->err_code = CO_ER_SSL_RENEG;
1496 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001497 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001498#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001499
1500 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001501 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001502 /* Long certificate chains optimz
1503 If write and read bios are differents, we
1504 consider that the buffering was activated,
1505 so we rise the output buffer size from 4k
1506 to 16k */
1507 write_bio = SSL_get_wbio(ssl);
1508 if (write_bio != SSL_get_rbio(ssl)) {
1509 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001510 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001511 }
1512 }
1513 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001514}
1515
Emeric Brune64aef12012-09-21 13:15:06 +02001516/* Callback is called for each certificate of the chain during a verify
1517 ok is set to 1 if preverify detect no error on current certificate.
1518 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001519int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001520{
1521 SSL *ssl;
1522 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001523 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001524 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001525
1526 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001527 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001528
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001529 ctx = conn->xprt_ctx;
1530
1531 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001532
Emeric Brun81c00f02012-09-21 14:31:21 +02001533 if (ok) /* no errors */
1534 return ok;
1535
1536 depth = X509_STORE_CTX_get_error_depth(x_store);
1537 err = X509_STORE_CTX_get_error(x_store);
1538
1539 /* check if CA error needs to be ignored */
1540 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001541 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1542 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1543 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001544 }
1545
Willy Tarreau07d94e42018-09-20 10:57:52 +02001546 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001547 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001548 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001549 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001550 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001551
Willy Tarreau20879a02012-12-03 16:32:10 +01001552 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001553 return 0;
1554 }
1555
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001556 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1557 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001558
Emeric Brun81c00f02012-09-21 14:31:21 +02001559 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001560 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001561 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001562 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001563 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001564 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001565
Willy Tarreau20879a02012-12-03 16:32:10 +01001566 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001567 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001568}
1569
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001570static inline
1571void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001572 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001573{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001574 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001575 unsigned char *msg;
1576 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001577 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001578
1579 /* This function is called for "from client" and "to server"
1580 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001581 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001582 */
1583
1584 /* "write_p" is set to 0 is the bytes are received messages,
1585 * otherwise it is set to 1.
1586 */
1587 if (write_p != 0)
1588 return;
1589
1590 /* content_type contains the type of message received or sent
1591 * according with the SSL/TLS protocol spec. This message is
1592 * encoded with one byte. The value 256 (two bytes) is used
1593 * for designing the SSL/TLS record layer. According with the
1594 * rfc6101, the expected message (other than 256) are:
1595 * - change_cipher_spec(20)
1596 * - alert(21)
1597 * - handshake(22)
1598 * - application_data(23)
1599 * - (255)
1600 * We are interessed by the handshake and specially the client
1601 * hello.
1602 */
1603 if (content_type != 22)
1604 return;
1605
1606 /* The message length is at least 4 bytes, containing the
1607 * message type and the message length.
1608 */
1609 if (len < 4)
1610 return;
1611
1612 /* First byte of the handshake message id the type of
1613 * message. The konwn types are:
1614 * - hello_request(0)
1615 * - client_hello(1)
1616 * - server_hello(2)
1617 * - certificate(11)
1618 * - server_key_exchange (12)
1619 * - certificate_request(13)
1620 * - server_hello_done(14)
1621 * We are interested by the client hello.
1622 */
1623 msg = (unsigned char *)buf;
1624 if (msg[0] != 1)
1625 return;
1626
1627 /* Next three bytes are the length of the message. The total length
1628 * must be this decoded length + 4. If the length given as argument
1629 * is not the same, we abort the protocol dissector.
1630 */
1631 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1632 if (len < rec_len + 4)
1633 return;
1634 msg += 4;
1635 end = msg + rec_len;
1636 if (end < msg)
1637 return;
1638
1639 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1640 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001641 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1642 */
1643 msg += 1 + 1 + 4 + 28;
1644 if (msg > end)
1645 return;
1646
1647 /* Next, is session id:
1648 * if present, we have to jump by length + 1 for the size information
1649 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001650 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001651 if (msg[0] > 0)
1652 msg += msg[0];
1653 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001654 if (msg > end)
1655 return;
1656
1657 /* Next two bytes are the ciphersuite length. */
1658 if (msg + 2 > end)
1659 return;
1660 rec_len = (msg[0] << 8) + msg[1];
1661 msg += 2;
1662 if (msg + rec_len > end || msg + rec_len < msg)
1663 return;
1664
Willy Tarreaubafbe012017-11-24 17:34:44 +01001665 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001666 if (!capture)
1667 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001668 /* Compute the xxh64 of the ciphersuite. */
1669 capture->xxh64 = XXH64(msg, rec_len, 0);
1670
1671 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001672 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1673 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001674 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001675
1676 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001677}
1678
Emeric Brun29f037d2014-04-25 19:05:36 +02001679/* Callback is called for ssl protocol analyse */
1680void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1681{
Emeric Brun29f037d2014-04-25 19:05:36 +02001682#ifdef TLS1_RT_HEARTBEAT
1683 /* test heartbeat received (write_p is set to 0
1684 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001685 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001686 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001687 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001688 const unsigned char *p = buf;
1689 unsigned int payload;
1690
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001691 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001692
1693 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1694 if (*p != TLS1_HB_REQUEST)
1695 return;
1696
Willy Tarreauaeed6722014-04-25 23:59:58 +02001697 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001698 goto kill_it;
1699
1700 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001701 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001702 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001703 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001704 /* We have a clear heartbleed attack (CVE-2014-0160), the
1705 * advertised payload is larger than the advertised packet
1706 * length, so we have garbage in the buffer between the
1707 * payload and the end of the buffer (p+len). We can't know
1708 * if the SSL stack is patched, and we don't know if we can
1709 * safely wipe out the area between p+3+len and payload.
1710 * So instead, we prevent the response from being sent by
1711 * setting the max_send_fragment to 0 and we report an SSL
1712 * error, which will kill this connection. It will be reported
1713 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001714 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1715 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001716 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001717 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1718 return;
1719 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001720#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001721 if (global_ssl.capture_cipherlist > 0)
1722 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001723}
1724
Bernard Spil13c53f82018-02-15 13:34:58 +01001725#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001726static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1727 const unsigned char *in, unsigned int inlen,
1728 void *arg)
1729{
1730 struct server *srv = arg;
1731
1732 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1733 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1734 return SSL_TLSEXT_ERR_OK;
1735 return SSL_TLSEXT_ERR_NOACK;
1736}
1737#endif
1738
1739#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001740/* This callback is used so that the server advertises the list of
1741 * negociable protocols for NPN.
1742 */
1743static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1744 unsigned int *len, void *arg)
1745{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001746 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001747
1748 *data = (const unsigned char *)conf->npn_str;
1749 *len = conf->npn_len;
1750 return SSL_TLSEXT_ERR_OK;
1751}
1752#endif
1753
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001754#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001755/* This callback is used so that the server advertises the list of
1756 * negociable protocols for ALPN.
1757 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001758static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1759 unsigned char *outlen,
1760 const unsigned char *server,
1761 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001762{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001763 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001764
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001765 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1766 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1767 return SSL_TLSEXT_ERR_NOACK;
1768 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001769 return SSL_TLSEXT_ERR_OK;
1770}
1771#endif
1772
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001773#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001774#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001775
Christopher Faulet30548802015-06-11 13:39:32 +02001776/* Create a X509 certificate with the specified servername and serial. This
1777 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001778static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001779ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001780{
Christopher Faulet7969a332015-10-09 11:15:03 +02001781 X509 *cacert = bind_conf->ca_sign_cert;
1782 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001783 SSL_CTX *ssl_ctx = NULL;
1784 X509 *newcrt = NULL;
1785 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001786 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001787 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001788 X509_NAME *name;
1789 const EVP_MD *digest;
1790 X509V3_CTX ctx;
1791 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001792 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001793
Christopher Faulet48a83322017-07-28 16:56:09 +02001794 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001795#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001796 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1797#else
1798 tmp_ssl = SSL_new(bind_conf->default_ctx);
1799 if (tmp_ssl)
1800 pkey = SSL_get_privatekey(tmp_ssl);
1801#endif
1802 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001803 goto mkcert_error;
1804
1805 /* Create the certificate */
1806 if (!(newcrt = X509_new()))
1807 goto mkcert_error;
1808
1809 /* Set version number for the certificate (X509v3) and the serial
1810 * number */
1811 if (X509_set_version(newcrt, 2L) != 1)
1812 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001813 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001814
1815 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001816 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1817 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001818 goto mkcert_error;
1819
1820 /* set public key in the certificate */
1821 if (X509_set_pubkey(newcrt, pkey) != 1)
1822 goto mkcert_error;
1823
1824 /* Set issuer name from the CA */
1825 if (!(name = X509_get_subject_name(cacert)))
1826 goto mkcert_error;
1827 if (X509_set_issuer_name(newcrt, name) != 1)
1828 goto mkcert_error;
1829
1830 /* Set the subject name using the same, but the CN */
1831 name = X509_NAME_dup(name);
1832 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1833 (const unsigned char *)servername,
1834 -1, -1, 0) != 1) {
1835 X509_NAME_free(name);
1836 goto mkcert_error;
1837 }
1838 if (X509_set_subject_name(newcrt, name) != 1) {
1839 X509_NAME_free(name);
1840 goto mkcert_error;
1841 }
1842 X509_NAME_free(name);
1843
1844 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001845 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001846 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1847 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1848 X509_EXTENSION *ext;
1849
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001850 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001851 goto mkcert_error;
1852 if (!X509_add_ext(newcrt, ext, -1)) {
1853 X509_EXTENSION_free(ext);
1854 goto mkcert_error;
1855 }
1856 X509_EXTENSION_free(ext);
1857 }
1858
1859 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001860
1861 key_type = EVP_PKEY_base_id(capkey);
1862
1863 if (key_type == EVP_PKEY_DSA)
1864 digest = EVP_sha1();
1865 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001866 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001867 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001868 digest = EVP_sha256();
1869 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001870#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001871 int nid;
1872
1873 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1874 goto mkcert_error;
1875 if (!(digest = EVP_get_digestbynid(nid)))
1876 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001877#else
1878 goto mkcert_error;
1879#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001880 }
1881
Christopher Faulet31af49d2015-06-09 17:29:50 +02001882 if (!(X509_sign(newcrt, capkey, digest)))
1883 goto mkcert_error;
1884
1885 /* Create and set the new SSL_CTX */
1886 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1887 goto mkcert_error;
1888 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1889 goto mkcert_error;
1890 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1891 goto mkcert_error;
1892 if (!SSL_CTX_check_private_key(ssl_ctx))
1893 goto mkcert_error;
1894
1895 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001896
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001897#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001898 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001899#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001900#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1901 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001902 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001903 EC_KEY *ecc;
1904 int nid;
1905
1906 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1907 goto end;
1908 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1909 goto end;
1910 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1911 EC_KEY_free(ecc);
1912 }
1913#endif
1914 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001915 return ssl_ctx;
1916
1917 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001918 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001919 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001920 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1921 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001922 return NULL;
1923}
1924
Christopher Faulet7969a332015-10-09 11:15:03 +02001925SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001926ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001927{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001928 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001929 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001930
Olivier Houchard66ab4982019-02-26 18:37:15 +01001931 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001932}
1933
Christopher Faulet30548802015-06-11 13:39:32 +02001934/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001935 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001936SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001937ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001938{
1939 struct lru64 *lru = NULL;
1940
1941 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001942 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001943 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001944 if (lru && lru->domain) {
1945 if (ssl)
1946 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001947 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001948 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001949 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001950 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001951 }
1952 return NULL;
1953}
1954
Emeric Brun821bb9b2017-06-15 16:37:39 +02001955/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1956 * function is not thread-safe, it should only be used to check if a certificate
1957 * exists in the lru cache (with no warranty it will not be removed by another
1958 * thread). It is kept for backward compatibility. */
1959SSL_CTX *
1960ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1961{
1962 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1963}
1964
Christopher Fauletd2cab922015-07-28 16:03:47 +02001965/* Set a certificate int the LRU cache used to store generated
1966 * certificate. Return 0 on success, otherwise -1 */
1967int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001968ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001969{
1970 struct lru64 *lru = NULL;
1971
1972 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001973 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001974 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001975 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001976 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001977 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001978 }
Christopher Faulet30548802015-06-11 13:39:32 +02001979 if (lru->domain && lru->data)
1980 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001981 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001982 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001983 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001984 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001985 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001986}
1987
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001988/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001989unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001990ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001991{
1992 return XXH32(data, len, ssl_ctx_lru_seed);
1993}
1994
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001995/* Generate a cert and immediately assign it to the SSL session so that the cert's
1996 * refcount is maintained regardless of the cert's presence in the LRU cache.
1997 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001998static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001999ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002000{
2001 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002002 SSL_CTX *ssl_ctx = NULL;
2003 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002004 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002005
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002006 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002007 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002008 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002009 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002010 if (lru && lru->domain)
2011 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002012 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002013 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002014 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002015 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002016 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002017 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002018 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002019 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002020 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002021 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002022 SSL_set_SSL_CTX(ssl, ssl_ctx);
2023 /* No LRU cache, this CTX will be released as soon as the session dies */
2024 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002025 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002026 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002027 return 0;
2028}
2029static int
2030ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2031{
2032 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002033 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002034
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002035 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002036 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002037 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002038 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002039 }
2040 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002041}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002042#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002043
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002044#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002045typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2046
2047static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002048{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002049#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002050 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002051 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2052#endif
2053}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002054static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2055 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002056 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2057}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002058static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002059#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002060 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002061 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2062#endif
2063}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002064static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002065#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002066 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002067 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2068#endif
2069}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002070/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002071static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2072/* Unusable in this context. */
2073static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2074static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2075static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2076static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2077static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002078#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002079typedef enum { SET_MIN, SET_MAX } set_context_func;
2080
2081static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2082 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002083 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2084}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002085static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2086 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2087 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2088}
2089static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2090 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002091 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2092}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002093static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2094 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2095 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2096}
2097static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2098 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002099 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2100}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002101static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2102 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2103 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2104}
2105static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2106 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002107 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2108}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002109static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2110 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2111 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2112}
2113static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002114#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002115 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002116 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2117#endif
2118}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002119static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2120#if SSL_OP_NO_TLSv1_3
2121 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2122 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002123#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002124}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002125#endif
2126static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2127static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002128
2129static struct {
2130 int option;
2131 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002132 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2133 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002134 const char *name;
2135} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002136 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2137 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2138 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2139 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2140 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2141 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002142};
2143
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002144static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2145{
2146 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2147 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2148 SSL_set_SSL_CTX(ssl, ctx);
2149}
2150
Willy Tarreau5db847a2019-05-09 14:13:35 +02002151#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002152
2153static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2154{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002155 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002156 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002157
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002158 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2159 return SSL_TLSEXT_ERR_OK;
2160 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002161}
2162
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002163#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002164static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2165{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002166 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002167#else
2168static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2169{
2170#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002171 struct connection *conn;
2172 struct bind_conf *s;
2173 const uint8_t *extension_data;
2174 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002175 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002176
2177 char *wildp = NULL;
2178 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002179 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002180 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002181 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002182 int i;
2183
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002184 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002185 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002186
Olivier Houchard9679ac92017-10-27 14:58:08 +02002187 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002188 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002189#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002190 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2191 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002192#else
2193 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2194#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002195 /*
2196 * The server_name extension was given too much extensibility when it
2197 * was written, so parsing the normal case is a bit complex.
2198 */
2199 size_t len;
2200 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002201 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002202 /* Extract the length of the supplied list of names. */
2203 len = (*extension_data++) << 8;
2204 len |= *extension_data++;
2205 if (len + 2 != extension_len)
2206 goto abort;
2207 /*
2208 * The list in practice only has a single element, so we only consider
2209 * the first one.
2210 */
2211 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2212 goto abort;
2213 extension_len = len - 1;
2214 /* Now we can finally pull out the byte array with the actual hostname. */
2215 if (extension_len <= 2)
2216 goto abort;
2217 len = (*extension_data++) << 8;
2218 len |= *extension_data++;
2219 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2220 || memchr(extension_data, 0, len) != NULL)
2221 goto abort;
2222 servername = extension_data;
2223 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002224 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002225#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2226 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002227 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002228 }
2229#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002230 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002231 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002232 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002233 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002234 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002235 goto abort;
2236 }
2237
2238 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002239#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002240 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002241#else
2242 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2243#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002244 uint8_t sign;
2245 size_t len;
2246 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002247 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002248 len = (*extension_data++) << 8;
2249 len |= *extension_data++;
2250 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002251 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002252 if (len % 2 != 0)
2253 goto abort;
2254 for (; len > 0; len -= 2) {
2255 extension_data++; /* hash */
2256 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002257 switch (sign) {
2258 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002259 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002260 break;
2261 case TLSEXT_signature_ecdsa:
2262 has_ecdsa_sig = 1;
2263 break;
2264 default:
2265 continue;
2266 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002267 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002268 break;
2269 }
2270 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002271 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002272 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002273 }
2274 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002275 const SSL_CIPHER *cipher;
2276 size_t len;
2277 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002278 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002279#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002280 len = ctx->cipher_suites_len;
2281 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002282#else
2283 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2284#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002285 if (len % 2 != 0)
2286 goto abort;
2287 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002288#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002289 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002290 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002291#else
2292 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2293#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002294 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002295 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002296 break;
2297 }
2298 }
2299 }
2300
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002301 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002302 trash.area[i] = tolower(servername[i]);
2303 if (!wildp && (trash.area[i] == '.'))
2304 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002305 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002306 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002307
William Lallemand150bfa82019-09-19 17:12:49 +02002308 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002309 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002310 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002311
2312 /* lookup a not neg filter */
2313 for (n = node; n; n = ebmb_next_dup(n)) {
2314 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002315 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002316 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002317 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002318 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002319 break;
2320 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002321 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002322 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002323 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002324 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325 if (!node_anonymous)
2326 node_anonymous = n;
2327 break;
2328 }
2329 }
2330 }
2331 if (wildp) {
2332 /* lookup in wildcards names */
2333 node = ebst_lookup(&s->sni_w_ctx, wildp);
2334 for (n = node; n; n = ebmb_next_dup(n)) {
2335 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002336 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002337 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002338 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002339 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002340 break;
2341 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002342 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002343 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002344 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002345 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002346 if (!node_anonymous)
2347 node_anonymous = n;
2348 break;
2349 }
2350 }
2351 }
2352 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002353 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002354 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2355 : ((has_rsa_sig && node_rsa) ? node_rsa
2356 : (node_anonymous ? node_anonymous
2357 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2358 : node_rsa /* no rsa signature case (far far away) */
2359 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002360 if (node) {
2361 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002362 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002363 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002364 if (conf) {
2365 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2366 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2367 if (conf->early_data)
2368 allow_early = 1;
2369 }
William Lallemand02010472019-10-18 11:02:19 +02002370 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002371 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002372 }
William Lallemand150bfa82019-09-19 17:12:49 +02002373
William Lallemand02010472019-10-18 11:02:19 +02002374 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002375#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002376 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002377 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002378 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002379 }
2380#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002381 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002382 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002383 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002384 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002385allow_early:
2386#ifdef OPENSSL_IS_BORINGSSL
2387 if (allow_early)
2388 SSL_set_early_data_enabled(ssl, 1);
2389#else
2390 if (!allow_early)
2391 SSL_set_max_early_data(ssl, 0);
2392#endif
2393 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002394 abort:
2395 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2396 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002397#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002398 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002399#else
2400 *al = SSL_AD_UNRECOGNIZED_NAME;
2401 return 0;
2402#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002403}
2404
2405#else /* OPENSSL_IS_BORINGSSL */
2406
Emeric Brunfc0421f2012-09-07 17:30:07 +02002407/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2408 * warning when no match is found, which implies the default (first) cert
2409 * will keep being used.
2410 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002411static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002412{
2413 const char *servername;
2414 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002415 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002416 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002417 int i;
2418 (void)al; /* shut gcc stupid warning */
2419
2420 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002421 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002422#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002423 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2424 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002425#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002426 if (s->strict_sni)
2427 return SSL_TLSEXT_ERR_ALERT_FATAL;
2428 ssl_sock_switchctx_set(ssl, s->default_ctx);
2429 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002430 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002431
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002432 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002433 if (!servername[i])
2434 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002435 trash.area[i] = tolower(servername[i]);
2436 if (!wildp && (trash.area[i] == '.'))
2437 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002438 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002439 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002440
William Lallemand150bfa82019-09-19 17:12:49 +02002441 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002442 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002443 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002444
2445 /* lookup a not neg filter */
2446 for (n = node; n; n = ebmb_next_dup(n)) {
2447 if (!container_of(n, struct sni_ctx, name)->neg) {
2448 node = n;
2449 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002450 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002451 }
2452 if (!node && wildp) {
2453 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002454 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002455 }
2456 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002457#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002458 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2459 /* switch ctx done in ssl_sock_generate_certificate */
William Lallemand150bfa82019-09-19 17:12:49 +02002460 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002461 return SSL_TLSEXT_ERR_OK;
2462 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002463#endif
William Lallemand150bfa82019-09-19 17:12:49 +02002464 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002465 if (s->strict_sni)
2466 return SSL_TLSEXT_ERR_ALERT_FATAL;
2467 ssl_sock_switchctx_set(ssl, s->default_ctx);
2468 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002469 }
2470
2471 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002472 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
William Lallemand150bfa82019-09-19 17:12:49 +02002473 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002474 return SSL_TLSEXT_ERR_OK;
2475}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002476#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002477#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2478
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002479#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002480
2481static DH * ssl_get_dh_1024(void)
2482{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002483 static unsigned char dh1024_p[]={
2484 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2485 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2486 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2487 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2488 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2489 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2490 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2491 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2492 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2493 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2494 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2495 };
2496 static unsigned char dh1024_g[]={
2497 0x02,
2498 };
2499
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002500 BIGNUM *p;
2501 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002502 DH *dh = DH_new();
2503 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002504 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2505 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002506
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002507 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002508 DH_free(dh);
2509 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002510 } else {
2511 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002512 }
2513 }
2514 return dh;
2515}
2516
2517static DH *ssl_get_dh_2048(void)
2518{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002519 static unsigned char dh2048_p[]={
2520 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2521 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2522 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2523 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2524 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2525 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2526 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2527 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2528 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2529 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2530 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2531 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2532 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2533 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2534 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2535 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2536 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2537 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2538 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2539 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2540 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2541 0xB7,0x1F,0x77,0xF3,
2542 };
2543 static unsigned char dh2048_g[]={
2544 0x02,
2545 };
2546
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002547 BIGNUM *p;
2548 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002549 DH *dh = DH_new();
2550 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002551 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2552 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002553
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002554 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002555 DH_free(dh);
2556 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002557 } else {
2558 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002559 }
2560 }
2561 return dh;
2562}
2563
2564static DH *ssl_get_dh_4096(void)
2565{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002566 static unsigned char dh4096_p[]={
2567 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2568 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2569 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2570 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2571 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2572 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2573 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2574 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2575 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2576 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2577 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2578 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2579 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2580 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2581 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2582 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2583 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2584 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2585 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2586 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2587 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2588 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2589 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2590 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2591 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2592 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2593 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2594 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2595 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2596 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2597 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2598 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2599 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2600 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2601 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2602 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2603 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2604 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2605 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2606 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2607 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2608 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2609 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002610 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002611 static unsigned char dh4096_g[]={
2612 0x02,
2613 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002614
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002615 BIGNUM *p;
2616 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002617 DH *dh = DH_new();
2618 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002619 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2620 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002621
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002622 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002623 DH_free(dh);
2624 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002625 } else {
2626 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002627 }
2628 }
2629 return dh;
2630}
2631
2632/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002633 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002634static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2635{
2636 DH *dh = NULL;
2637 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002638 int type;
2639
2640 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002641
2642 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2643 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2644 */
2645 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2646 keylen = EVP_PKEY_bits(pkey);
2647 }
2648
Willy Tarreauef934602016-12-22 23:12:01 +01002649 if (keylen > global_ssl.default_dh_param) {
2650 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002651 }
2652
Remi Gacogned3a341a2015-05-29 16:26:17 +02002653 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002654 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002655 }
2656 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002657 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002658 }
2659 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002660 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002661 }
2662
2663 return dh;
2664}
2665
Remi Gacogne47783ef2015-05-29 15:53:22 +02002666static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002667{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002668 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002669 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002670
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002671 if (in == NULL)
2672 goto end;
2673
Remi Gacogne47783ef2015-05-29 15:53:22 +02002674 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002675 goto end;
2676
Remi Gacogne47783ef2015-05-29 15:53:22 +02002677 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2678
2679end:
2680 if (in)
2681 BIO_free(in);
2682
Emeric Brune1b4ed42018-08-16 15:14:12 +02002683 ERR_clear_error();
2684
Remi Gacogne47783ef2015-05-29 15:53:22 +02002685 return dh;
2686}
2687
2688int ssl_sock_load_global_dh_param_from_file(const char *filename)
2689{
2690 global_dh = ssl_sock_get_dh_from_file(filename);
2691
2692 if (global_dh) {
2693 return 0;
2694 }
2695
2696 return -1;
2697}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002698#endif
2699
William Lallemand9117de92019-10-04 00:29:42 +02002700/* Alloc and init a ckch_inst */
2701static struct ckch_inst *ckch_inst_new()
2702{
2703 struct ckch_inst *ckch_inst;
2704
2705 ckch_inst = calloc(1, sizeof *ckch_inst);
2706 if (ckch_inst)
2707 LIST_INIT(&ckch_inst->sni_ctx);
2708
2709 return ckch_inst;
2710}
2711
2712
2713/* This function allocates a sni_ctx and adds it to the ckch_inst */
William Lallemand1d29c742019-10-04 00:53:29 +02002714static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
William Lallemand9117de92019-10-04 00:29:42 +02002715 struct bind_conf *s, struct ssl_bind_conf *conf,
2716 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002717{
2718 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002719 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002720
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002721 if (*name == '!') {
2722 neg = 1;
2723 name++;
2724 }
2725 if (*name == '*') {
2726 wild = 1;
2727 name++;
2728 }
2729 /* !* filter is a nop */
2730 if (neg && wild)
2731 return order;
2732 if (*name) {
2733 int j, len;
2734 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002735 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002736 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002737 if (j >= trash.size)
William Lallemandfe49bb32019-10-03 23:46:33 +02002738 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002739 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002740
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002741 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002742 if (!sc)
William Lallemandfe49bb32019-10-03 23:46:33 +02002743 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002744 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002745 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002746 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002747 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002748 sc->order = order++;
2749 sc->neg = neg;
William Lallemand1d29c742019-10-04 00:53:29 +02002750 sc->wild = wild;
2751 sc->name.node.leaf_p = NULL;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002752 if (kinfo.sig != TLSEXT_signature_anonymous)
2753 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
William Lallemand9117de92019-10-04 00:29:42 +02002754
William Lallemand1d29c742019-10-04 00:53:29 +02002755 LIST_ADDQ(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002756 }
2757 return order;
2758}
2759
William Lallemand6af03992019-07-23 15:00:54 +02002760/*
William Lallemand1d29c742019-10-04 00:53:29 +02002761 * Insert the sni_ctxs that are listed in the ckch_inst, in the bind_conf's sni_ctx tree
2762 * This function can't return an error.
2763 *
2764 * *CAUTION*: The caller must lock the sni tree if called in multithreading mode
2765 */
2766static void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf)
2767{
2768
2769 struct sni_ctx *sc0, *sc0b, *sc1;
2770 struct ebmb_node *node;
2771
2772 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
2773
2774 /* ignore if sc0 was already inserted in a tree */
2775 if (sc0->name.node.leaf_p)
2776 continue;
2777
2778 /* Check for duplicates. */
2779 if (sc0->wild)
2780 node = ebst_lookup(&bind_conf->sni_w_ctx, (char *)sc0->name.key);
2781 else
2782 node = ebst_lookup(&bind_conf->sni_ctx, (char *)sc0->name.key);
2783
2784 for (; node; node = ebmb_next_dup(node)) {
2785 sc1 = ebmb_entry(node, struct sni_ctx, name);
2786 if (sc1->ctx == sc0->ctx && sc1->conf == sc0->conf
2787 && sc1->neg == sc0->neg && sc1->wild == sc0->wild) {
2788 /* it's a duplicate, we should remove and free it */
2789 LIST_DEL(&sc0->by_ckch_inst);
2790 free(sc0);
2791 sc0 = NULL;
William Lallemande15029b2019-10-14 10:46:58 +02002792 break;
William Lallemand1d29c742019-10-04 00:53:29 +02002793 }
2794 }
2795
2796 /* if duplicate, ignore the insertion */
2797 if (!sc0)
2798 continue;
2799
2800 if (sc0->wild)
2801 ebst_insert(&bind_conf->sni_w_ctx, &sc0->name);
2802 else
2803 ebst_insert(&bind_conf->sni_ctx, &sc0->name);
2804 }
2805}
2806
2807/*
William Lallemande3af8fb2019-10-08 11:36:53 +02002808 * tree used to store the ckchs ordered by filename/bundle name
William Lallemand6af03992019-07-23 15:00:54 +02002809 */
William Lallemande3af8fb2019-10-08 11:36:53 +02002810struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
William Lallemand6af03992019-07-23 15:00:54 +02002811
William Lallemandfa892222019-07-23 16:06:08 +02002812
Emeric Brun7a883362019-10-17 13:27:40 +02002813/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2814 * If there is no DH paramater availaible in the ckchs, the global
2815 * DH parameter is loaded into the SSL_CTX and if there is no
2816 * DH parameter available in ckchs nor in global, the default
2817 * DH parameters are applied on the SSL_CTX.
2818 * Returns a bitfield containing the flags:
2819 * ERR_FATAL in any fatal error case
2820 * ERR_ALERT if a reason of the error is availabine in err
2821 * ERR_WARN if a warning is available into err
2822 * The value 0 means there is no error nor warning and
2823 * the operation succeed.
2824 */
William Lallemandfa892222019-07-23 16:06:08 +02002825#ifndef OPENSSL_NO_DH
Emeric Brun7a883362019-10-17 13:27:40 +02002826static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch,
2827 const char *path, char **err)
William Lallemandfa892222019-07-23 16:06:08 +02002828{
Emeric Brun7a883362019-10-17 13:27:40 +02002829 int ret = 0;
William Lallemandfa892222019-07-23 16:06:08 +02002830 DH *dh = NULL;
2831
William Lallemanda8c73742019-07-31 18:31:34 +02002832 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02002833 dh = ckch->dh;
Emeric Bruna9363eb2019-10-17 14:53:03 +02002834 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
2835 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
2836 err && *err ? *err : "", path);
2837#if defined(SSL_CTX_set_dh_auto)
2838 SSL_CTX_set_dh_auto(ctx, 1);
2839 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2840 err && *err ? *err : "");
2841#else
2842 memprintf(err, "%s, DH ciphers won't be available.\n",
2843 err && *err ? *err : "");
2844#endif
2845 ret |= ERR_WARN;
2846 goto end;
2847 }
William Lallemandfa892222019-07-23 16:06:08 +02002848
2849 if (ssl_dh_ptr_index >= 0) {
2850 /* store a pointer to the DH params to avoid complaining about
2851 ssl-default-dh-param not being set for this SSL_CTX */
2852 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2853 }
2854 }
2855 else if (global_dh) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02002856 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
2857 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
2858 err && *err ? *err : "", path);
2859#if defined(SSL_CTX_set_dh_auto)
2860 SSL_CTX_set_dh_auto(ctx, 1);
2861 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2862 err && *err ? *err : "");
2863#else
2864 memprintf(err, "%s, DH ciphers won't be available.\n",
2865 err && *err ? *err : "");
2866#endif
2867 ret |= ERR_WARN;
2868 goto end;
2869 }
William Lallemandfa892222019-07-23 16:06:08 +02002870 }
2871 else {
2872 /* Clear openssl global errors stack */
2873 ERR_clear_error();
2874
2875 if (global_ssl.default_dh_param <= 1024) {
2876 /* we are limited to DH parameter of 1024 bits anyway */
2877 if (local_dh_1024 == NULL)
2878 local_dh_1024 = ssl_get_dh_1024();
2879
Emeric Brun7a883362019-10-17 13:27:40 +02002880 if (local_dh_1024 == NULL) {
2881 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2882 err && *err ? *err : "", path);
2883 ret |= ERR_ALERT | ERR_FATAL;
William Lallemandfa892222019-07-23 16:06:08 +02002884 goto end;
Emeric Brun7a883362019-10-17 13:27:40 +02002885 }
William Lallemandfa892222019-07-23 16:06:08 +02002886
Emeric Bruna9363eb2019-10-17 14:53:03 +02002887 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
2888 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2889 err && *err ? *err : "", path);
2890#if defined(SSL_CTX_set_dh_auto)
2891 SSL_CTX_set_dh_auto(ctx, 1);
2892 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2893 err && *err ? *err : "");
2894#else
2895 memprintf(err, "%s, DH ciphers won't be available.\n",
2896 err && *err ? *err : "");
2897#endif
2898 ret |= ERR_WARN;
2899 goto end;
2900 }
William Lallemandfa892222019-07-23 16:06:08 +02002901 }
2902 else {
2903 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2904 }
William Lallemandfa892222019-07-23 16:06:08 +02002905 }
2906
2907end:
William Lallemandfa892222019-07-23 16:06:08 +02002908 return ret;
2909}
2910#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05002911
yanbzhu488a4d22015-12-01 15:16:07 -05002912/* Frees the contents of a cert_key_and_chain
2913 */
2914static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2915{
yanbzhu488a4d22015-12-01 15:16:07 -05002916 if (!ckch)
2917 return;
2918
2919 /* Free the certificate and set pointer to NULL */
2920 if (ckch->cert)
2921 X509_free(ckch->cert);
2922 ckch->cert = NULL;
2923
2924 /* Free the key and set pointer to NULL */
2925 if (ckch->key)
2926 EVP_PKEY_free(ckch->key);
2927 ckch->key = NULL;
2928
2929 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002930 if (ckch->chain)
2931 sk_X509_pop_free(ckch->chain, X509_free);
2932 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05002933
William Lallemand455af502019-10-17 18:04:45 +02002934 if (ckch->dh)
2935 DH_free(ckch->dh);
2936 ckch->dh = NULL;
2937
2938 if (ckch->sctl) {
2939 free(ckch->sctl->area);
2940 ckch->sctl->area = NULL;
2941 free(ckch->sctl);
2942 ckch->sctl = NULL;
2943 }
2944
2945 if (ckch->ocsp_response) {
2946 free(ckch->ocsp_response->area);
2947 ckch->ocsp_response->area = NULL;
2948 free(ckch->ocsp_response);
2949 ckch->ocsp_response = NULL;
2950 }
yanbzhu488a4d22015-12-01 15:16:07 -05002951}
2952
William Lallemand8d0f8932019-10-17 18:03:58 +02002953/*
2954 *
2955 * This function copy a cert_key_and_chain in memory
2956 *
2957 * It's used to try to apply changes on a ckch before committing them, because
2958 * most of the time it's not possible to revert those changes
2959 *
2960 * Return a the dst or NULL
2961 */
2962static struct cert_key_and_chain *ssl_sock_copy_cert_key_and_chain(struct cert_key_and_chain *src,
2963 struct cert_key_and_chain *dst)
2964{
2965 if (src->cert) {
2966 dst->cert = src->cert;
2967 X509_up_ref(src->cert);
2968 }
2969
2970 if (src->key) {
2971 dst->key = src->key;
2972 EVP_PKEY_up_ref(src->key);
2973 }
2974
2975 if (src->chain) {
2976 dst->chain = X509_chain_up_ref(src->chain);
2977 }
2978
2979 if (src->dh) {
2980 DH_up_ref(src->dh);
2981 dst->dh = src->dh;
2982 }
2983
2984 if (src->sctl) {
2985 struct buffer *sctl;
2986
2987 sctl = calloc(1, sizeof(*sctl));
2988 if (!chunk_dup(sctl, src->sctl)) {
2989 free(sctl);
2990 sctl = NULL;
2991 goto error;
2992 }
2993 dst->sctl = sctl;
2994 }
2995
2996 if (src->ocsp_response) {
2997 struct buffer *ocsp_response;
2998
2999 ocsp_response = calloc(1, sizeof(*ocsp_response));
3000 if (!chunk_dup(ocsp_response, src->ocsp_response)) {
3001 free(ocsp_response);
3002 ocsp_response = NULL;
3003 goto error;
3004 }
3005 dst->ocsp_response = ocsp_response;
3006 }
3007
3008 if (src->ocsp_issuer) {
3009 X509_up_ref(src->ocsp_issuer);
3010 dst->ocsp_issuer = src->ocsp_issuer;
3011 }
3012
3013 return dst;
3014
3015error:
3016
3017 /* free everything */
3018 ssl_sock_free_cert_key_and_chain_contents(dst);
3019
3020 return NULL;
3021}
3022
3023
yanbzhu488a4d22015-12-01 15:16:07 -05003024/* checks if a key and cert exists in the ckch
3025 */
William Lallemand1633e392019-09-30 12:58:13 +02003026#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05003027static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
3028{
3029 return (ckch->cert != NULL && ckch->key != NULL);
3030}
William Lallemand1633e392019-09-30 12:58:13 +02003031#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003032
William Lallemandf9568fc2019-10-16 18:27:58 +02003033/*
3034 * return 0 on success or != 0 on failure
3035 */
3036static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch, char **err)
3037{
3038 int ret = 1;
3039 BIO *in = NULL;
3040 X509 *issuer;
3041
3042 if (buf) {
3043 /* reading from a buffer */
3044 in = BIO_new_mem_buf(buf, -1);
3045 if (in == NULL) {
3046 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3047 goto end;
3048 }
3049
3050 } else {
3051 /* reading from a file */
3052 in = BIO_new(BIO_s_file());
3053 if (in == NULL)
3054 goto end;
3055
3056 if (BIO_read_filename(in, path) <= 0)
3057 goto end;
3058 }
3059
3060 issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3061 if (!issuer) {
3062 memprintf(err, "%s'%s' cannot be read or parsed'.\n",
3063 *err ? *err : "", path);
3064 goto end;
3065 }
3066 ret = 0;
3067 ckch->ocsp_issuer = issuer;
3068
3069end:
3070
3071 ERR_clear_error();
3072 if (in)
3073 BIO_free(in);
3074
3075 return ret;
3076}
3077
William Lallemand96a9c972019-10-17 11:56:17 +02003078
3079/*
3080 * Try to load a PEM file from a <path> or a buffer <buf>
3081 * The PEM must contain at least a Private Key and a Certificate,
3082 * It could contain a DH and a certificate chain.
yanbzhu488a4d22015-12-01 15:16:07 -05003083 *
William Lallemand96a9c972019-10-17 11:56:17 +02003084 * If it failed you should not attempt to use the ckch but free it.
3085 *
3086 * Return 0 on success or != 0 on failure
yanbzhu488a4d22015-12-01 15:16:07 -05003087 */
William Lallemand96a9c972019-10-17 11:56:17 +02003088static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch , char **err)
yanbzhu488a4d22015-12-01 15:16:07 -05003089{
William Lallemandf11365b2019-09-19 14:25:58 +02003090 BIO *in = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003091 int ret = 1;
William Lallemand96a9c972019-10-17 11:56:17 +02003092 X509 *ca = NULL;
3093 X509 *cert = NULL;
3094 EVP_PKEY *key = NULL;
3095 DH *dh;
3096
3097 if (buf) {
3098 /* reading from a buffer */
3099 in = BIO_new_mem_buf(buf, -1);
3100 if (in == NULL) {
3101 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3102 goto end;
3103 }
yanbzhu488a4d22015-12-01 15:16:07 -05003104
William Lallemand96a9c972019-10-17 11:56:17 +02003105 } else {
3106 /* reading from a file */
William Lallemandf11365b2019-09-19 14:25:58 +02003107 in = BIO_new(BIO_s_file());
3108 if (in == NULL)
3109 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003110
William Lallemandf11365b2019-09-19 14:25:58 +02003111 if (BIO_read_filename(in, path) <= 0)
3112 goto end;
William Lallemandf11365b2019-09-19 14:25:58 +02003113 }
yanbzhu488a4d22015-12-01 15:16:07 -05003114
yanbzhu488a4d22015-12-01 15:16:07 -05003115 /* Read Private Key */
William Lallemand96a9c972019-10-17 11:56:17 +02003116 key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3117 if (key == NULL) {
yanbzhu488a4d22015-12-01 15:16:07 -05003118 memprintf(err, "%sunable to load private key from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003119 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003120 goto end;
3121 }
3122
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003123#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02003124 /* Seek back to beginning of file */
3125 if (BIO_reset(in) == -1) {
3126 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3127 err && *err ? *err : "", path);
3128 goto end;
3129 }
3130
William Lallemand96a9c972019-10-17 11:56:17 +02003131 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
3132 /* no need to return an error there, dh is not mandatory */
3133
3134 if (dh) {
3135 if (ckch->dh)
3136 DH_free(ckch->dh);
3137 ckch->dh = dh;
3138 }
3139
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003140#endif
William Lallemandfa892222019-07-23 16:06:08 +02003141
Willy Tarreaubb137a82016-04-06 19:02:38 +02003142 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003143 if (BIO_reset(in) == -1) {
3144 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3145 err && *err ? *err : "", path);
3146 goto end;
3147 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003148
3149 /* Read Certificate */
William Lallemand96a9c972019-10-17 11:56:17 +02003150 cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3151 if (cert == NULL) {
Willy Tarreaubb137a82016-04-06 19:02:38 +02003152 memprintf(err, "%sunable to load certificate from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003153 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02003154 goto end;
3155 }
3156
William Lallemand96a9c972019-10-17 11:56:17 +02003157 if (!X509_check_private_key(cert, key)) {
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003158 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003159 err && *err ? *err : "", path);
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003160 goto end;
3161 }
3162
William Lallemand96a9c972019-10-17 11:56:17 +02003163 /* Key and Cert are good, we can use them in the ckch */
3164 if (ckch->key) /* free the previous key */
3165 EVP_PKEY_free(ckch->key);
3166 ckch->key = key;
3167
3168 if (ckch->cert) /* free the previous cert */
3169 X509_free(ckch->cert);
3170 ckch->cert = cert;
3171
3172 /* Look for a Certificate Chain */
3173 ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
3174 if (ca) {
3175 /* there is a chain a in the PEM, clean the previous one in the CKCH */
3176 if (ckch->chain) /* free the previous chain */
3177 sk_X509_pop_free(ckch->chain, X509_free);
3178 ckch->chain = sk_X509_new_null();
3179 if (!sk_X509_push(ckch->chain, ca)) {
3180 X509_free(ca);
3181 goto end;
3182 }
3183 }
3184 /* look for other crt in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003185 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3186 if (!sk_X509_push(ckch->chain, ca)) {
3187 X509_free(ca);
3188 goto end;
3189 }
yanbzhu488a4d22015-12-01 15:16:07 -05003190
yanbzhu488a4d22015-12-01 15:16:07 -05003191 ret = ERR_get_error();
3192 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3193 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003194 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003195 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003196 }
3197
3198 ret = 0;
3199
William Lallemand96a9c972019-10-17 11:56:17 +02003200end:
William Lallemand246c0242019-10-11 08:59:13 +02003201
3202 ERR_clear_error();
William Lallemand96a9c972019-10-17 11:56:17 +02003203 if (in)
William Lallemand246c0242019-10-11 08:59:13 +02003204 BIO_free(in);
William Lallemand96a9c972019-10-17 11:56:17 +02003205 if (ret != 0) {
3206 if (key)
3207 EVP_PKEY_free(key);
3208 if (cert)
3209 X509_free(cert);
yanbzhu488a4d22015-12-01 15:16:07 -05003210 }
William Lallemanda17f4112019-10-10 15:16:44 +02003211
William Lallemand96a9c972019-10-17 11:56:17 +02003212 return ret;
3213}
3214
3215/*
3216 * Try to load in a ckch every files related to a ckch.
3217 * (PEM, sctl, ocsp, issuer etc.)
3218 *
3219 * This function is only used to load files during the configuration parsing,
3220 * it is not used with the CLI.
3221 *
3222 * This allows us to carry the contents of the file without having to read the
3223 * file multiple times. The caller must call
3224 * ssl_sock_free_cert_key_and_chain_contents.
3225 *
3226 * returns:
3227 * 0 on Success
3228 * 1 on SSL Failure
3229 */
3230static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3231{
3232 int ret = 1;
3233
3234 /* try to load the PEM */
3235 if (ssl_sock_load_pem_into_ckch(path, NULL, ckch , err) != 0) {
3236 goto end;
3237 }
3238
William Lallemanda17f4112019-10-10 15:16:44 +02003239#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3240 /* try to load the sctl file */
3241 {
3242 char fp[MAXPATHLEN+1];
3243 struct stat st;
3244
3245 snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
3246 if (stat(fp, &st) == 0) {
William Lallemand0dfae6c2019-10-16 18:06:58 +02003247 if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
William Lallemanda17f4112019-10-10 15:16:44 +02003248 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3249 *err ? *err : "", fp);
3250 ret = 1;
3251 goto end;
3252 }
3253 }
3254 }
3255#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003256
William Lallemand246c0242019-10-11 08:59:13 +02003257 /* try to load an ocsp response file */
3258 {
3259 char fp[MAXPATHLEN+1];
3260 struct stat st;
3261
3262 snprintf(fp, MAXPATHLEN+1, "%s.ocsp", path);
3263 if (stat(fp, &st) == 0) {
William Lallemand3b5f3602019-10-16 18:05:05 +02003264 if (ssl_sock_load_ocsp_response_from_file(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003265 ret = 1;
3266 goto end;
3267 }
3268 }
3269 }
3270
3271 if (ckch->ocsp_response) {
3272 X509 *issuer;
3273 int i;
3274
3275 /* check if one of the certificate of the chain is the issuer */
3276 for (i = 0; i < sk_X509_num(ckch->chain); i++) {
3277 issuer = sk_X509_value(ckch->chain, i);
3278 if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
3279 ckch->ocsp_issuer = issuer;
3280 break;
3281 } else
3282 issuer = NULL;
3283 }
3284
3285 /* if no issuer was found, try to load an issuer from the .issuer */
3286 if (!issuer) {
3287 struct stat st;
3288 char fp[MAXPATHLEN+1];
3289
3290 snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
3291 if (stat(fp, &st) == 0) {
William Lallemandf9568fc2019-10-16 18:27:58 +02003292 if (ssl_sock_load_issuer_file_into_ckch(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003293 ret = 1;
3294 goto end;
3295 }
3296
3297 if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
William Lallemand786188f2019-10-15 10:05:37 +02003298 memprintf(err, "%s '%s' is not an issuer'.\n",
William Lallemand246c0242019-10-11 08:59:13 +02003299 *err ? *err : "", fp);
3300 ret = 1;
3301 goto end;
3302 }
3303 } else {
3304 memprintf(err, "%sNo issuer found, cannot use the OCSP response'.\n",
3305 *err ? *err : "");
3306 ret = 1;
3307 goto end;
3308 }
3309 }
3310 }
3311
yanbzhu488a4d22015-12-01 15:16:07 -05003312 ret = 0;
3313
3314end:
3315
3316 ERR_clear_error();
yanbzhu488a4d22015-12-01 15:16:07 -05003317
3318 /* Something went wrong in one of the reads */
3319 if (ret != 0)
3320 ssl_sock_free_cert_key_and_chain_contents(ckch);
3321
3322 return ret;
3323}
3324
3325/* Loads the info in ckch into ctx
Emeric Bruna96b5822019-10-17 13:25:14 +02003326 * Returns a bitfield containing the flags:
3327 * ERR_FATAL in any fatal error case
3328 * ERR_ALERT if the reason of the error is available in err
3329 * ERR_WARN if a warning is available into err
3330 * The value 0 means there is no error nor warning and
3331 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003332 */
3333static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3334{
Emeric Bruna96b5822019-10-17 13:25:14 +02003335 int errcode = 0;
3336
yanbzhu488a4d22015-12-01 15:16:07 -05003337 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3338 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3339 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003340 errcode |= ERR_ALERT | ERR_FATAL;
3341 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003342 }
3343
3344 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3345 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3346 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003347 errcode |= ERR_ALERT | ERR_FATAL;
3348 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003349 }
3350
yanbzhu488a4d22015-12-01 15:16:07 -05003351 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003352#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003353 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3354 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3355 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003356 errcode |= ERR_ALERT | ERR_FATAL;
3357 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003358 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003359#else
3360 { /* legacy compat (< openssl 1.0.2) */
3361 X509 *ca;
3362 while ((ca = sk_X509_shift(ckch->chain)))
3363 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3364 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3365 err && *err ? *err : "", path);
3366 X509_free(ca);
Emeric Bruna96b5822019-10-17 13:25:14 +02003367 errcode |= ERR_ALERT | ERR_FATAL;
3368 goto end;
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003369 }
3370 }
3371#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003372
William Lallemandfa892222019-07-23 16:06:08 +02003373#ifndef OPENSSL_NO_DH
3374 /* store a NULL pointer to indicate we have not yet loaded
3375 a custom DH param file */
3376 if (ssl_dh_ptr_index >= 0) {
3377 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3378 }
3379
Emeric Brun7a883362019-10-17 13:27:40 +02003380 errcode |= ssl_sock_load_dh_params(ctx, ckch, path, err);
3381 if (errcode & ERR_CODE) {
William Lallemandfa892222019-07-23 16:06:08 +02003382 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3383 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003384 goto end;
William Lallemandfa892222019-07-23 16:06:08 +02003385 }
3386#endif
3387
William Lallemanda17f4112019-10-10 15:16:44 +02003388#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3389 if (sctl_ex_index >= 0 && ckch->sctl) {
3390 if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
3391 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3392 *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003393 errcode |= ERR_ALERT | ERR_FATAL;
3394 goto end;
William Lallemanda17f4112019-10-10 15:16:44 +02003395 }
3396 }
3397#endif
3398
William Lallemand4a660132019-10-14 14:51:41 +02003399#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand246c0242019-10-11 08:59:13 +02003400 /* Load OCSP Info into context */
3401 if (ckch->ocsp_response) {
3402 if (ssl_sock_load_ocsp(ctx, ckch) < 0) {
3403 if (err)
3404 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3405 *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003406 errcode |= ERR_ALERT | ERR_FATAL;
3407 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003408 }
3409 }
William Lallemand246c0242019-10-11 08:59:13 +02003410#endif
3411
Emeric Bruna96b5822019-10-17 13:25:14 +02003412 end:
3413 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003414}
3415
William Lallemandc4ecddf2019-07-31 16:50:08 +02003416#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003417
William Lallemand28a8fce2019-10-04 17:36:55 +02003418static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003419{
3420 struct sni_keytype *s_kt = NULL;
3421 struct ebmb_node *node;
3422 int i;
3423
3424 for (i = 0; i < trash.size; i++) {
3425 if (!str[i])
3426 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003427 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003428 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003429 trash.area[i] = 0;
3430 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003431 if (!node) {
3432 /* CN not found in tree */
3433 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3434 /* Using memcpy here instead of strncpy.
3435 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3436 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3437 */
William Lallemand28a8fce2019-10-04 17:36:55 +02003438 if (!s_kt)
3439 return -1;
3440
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003441 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003442 s_kt->keytypes = 0;
3443 ebst_insert(sni_keytypes, &s_kt->name);
3444 } else {
3445 /* CN found in tree */
3446 s_kt = container_of(node, struct sni_keytype, name);
3447 }
3448
3449 /* Mark that this CN has the keytype of key_index via keytypes mask */
3450 s_kt->keytypes |= 1<<key_index;
3451
William Lallemand28a8fce2019-10-04 17:36:55 +02003452 return 0;
3453
yanbzhu08ce6ab2015-12-02 13:01:29 -05003454}
3455
William Lallemandc4ecddf2019-07-31 16:50:08 +02003456#endif
William Lallemand8c1cdde2019-10-18 10:58:14 +02003457/*
3458 * Free a ckch_store and its ckch(s)
3459 * The linked ckch_inst are not free'd
3460 */
3461void ckchs_free(struct ckch_store *ckchs)
3462{
3463 if (!ckchs)
3464 return;
3465
3466#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3467 if (ckchs->multi) {
3468 int n;
3469
3470 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3471 ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
3472 } else
3473#endif
3474 {
3475 ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
3476 ckchs->ckch = NULL;
3477 }
3478
3479 free(ckchs);
3480}
3481
3482/* allocate and duplicate a ckch_store
3483 * Return a new ckch_store or NULL */
3484static struct ckch_store *ckchs_dup(const struct ckch_store *src)
3485{
3486 struct ckch_store *dst;
3487 int pathlen;
3488
3489 pathlen = strlen(src->path);
3490 dst = calloc(1, sizeof(*dst) + pathlen + 1);
3491 if (!dst)
3492 return NULL;
3493 /* copy previous key */
3494 memcpy(dst->path, src->path, pathlen + 1);
3495 dst->multi = src->multi;
3496 LIST_INIT(&dst->ckch_inst);
3497
3498 dst->ckch = calloc((src->multi ? SSL_SOCK_NUM_KEYTYPES : 1), sizeof(*dst->ckch));
3499 if (!dst->ckch)
3500 goto error;
3501
3502#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3503 if (src->multi) {
3504 int n;
3505
3506 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3507 if (&src->ckch[n]) {
3508 if (!ssl_sock_copy_cert_key_and_chain(&src->ckch[n], &dst->ckch[n]))
3509 goto error;
3510 }
3511 }
3512 } else
3513#endif
3514 {
3515 if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
3516 goto error;
3517 }
3518
3519 return dst;
3520
3521error:
3522 ckchs_free(dst);
3523
3524 return NULL;
3525}
William Lallemandc4ecddf2019-07-31 16:50:08 +02003526
William Lallemand36b84632019-07-18 19:28:17 +02003527/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003528 * lookup a path into the ckchs tree.
William Lallemand6af03992019-07-23 15:00:54 +02003529 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003530static inline struct ckch_store *ckchs_lookup(char *path)
William Lallemand6af03992019-07-23 15:00:54 +02003531{
3532 struct ebmb_node *eb;
3533
William Lallemande3af8fb2019-10-08 11:36:53 +02003534 eb = ebst_lookup(&ckchs_tree, path);
William Lallemand6af03992019-07-23 15:00:54 +02003535 if (!eb)
3536 return NULL;
3537
William Lallemande3af8fb2019-10-08 11:36:53 +02003538 return ebmb_entry(eb, struct ckch_store, node);
William Lallemand6af03992019-07-23 15:00:54 +02003539}
3540
3541/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003542 * This function allocate a ckch_store and populate it with certificates from files.
William Lallemand36b84632019-07-18 19:28:17 +02003543 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003544static struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err)
William Lallemand36b84632019-07-18 19:28:17 +02003545{
William Lallemande3af8fb2019-10-08 11:36:53 +02003546 struct ckch_store *ckchs;
William Lallemand36b84632019-07-18 19:28:17 +02003547
William Lallemande3af8fb2019-10-08 11:36:53 +02003548 ckchs = calloc(1, sizeof(*ckchs) + strlen(path) + 1);
3549 if (!ckchs) {
William Lallemand36b84632019-07-18 19:28:17 +02003550 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3551 goto end;
3552 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003553 ckchs->ckch = calloc(1, sizeof(*ckchs->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
William Lallemand36b84632019-07-18 19:28:17 +02003554
William Lallemande3af8fb2019-10-08 11:36:53 +02003555 if (!ckchs->ckch) {
William Lallemand36b84632019-07-18 19:28:17 +02003556 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3557 goto end;
3558 }
3559
William Lallemand9117de92019-10-04 00:29:42 +02003560 LIST_INIT(&ckchs->ckch_inst);
3561
William Lallemand36b84632019-07-18 19:28:17 +02003562 if (!multi) {
3563
William Lallemand96a9c972019-10-17 11:56:17 +02003564 if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003565 goto end;
3566
William Lallemande3af8fb2019-10-08 11:36:53 +02003567 /* insert into the ckchs tree */
3568 memcpy(ckchs->path, path, strlen(path) + 1);
3569 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003570 } else {
3571 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003572#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3573 char fp[MAXPATHLEN+1] = {0};
3574 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003575
3576 /* Load all possible certs and keys */
3577 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3578 struct stat buf;
3579 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3580 if (stat(fp, &buf) == 0) {
William Lallemand96a9c972019-10-17 11:56:17 +02003581 if (ssl_sock_load_files_into_ckch(fp, &ckchs->ckch[n], err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003582 goto end;
3583 found = 1;
William Lallemande3af8fb2019-10-08 11:36:53 +02003584 ckchs->multi = 1;
William Lallemand36b84632019-07-18 19:28:17 +02003585 }
3586 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003587#endif
William Lallemand36b84632019-07-18 19:28:17 +02003588
3589 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003590 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003591 goto end;
3592 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003593 /* insert into the ckchs tree */
3594 memcpy(ckchs->path, path, strlen(path) + 1);
3595 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003596 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003597 return ckchs;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003598
William Lallemand36b84632019-07-18 19:28:17 +02003599end:
William Lallemande3af8fb2019-10-08 11:36:53 +02003600 if (ckchs) {
3601 free(ckchs->ckch);
3602 ebmb_delete(&ckchs->node);
William Lallemand6af03992019-07-23 15:00:54 +02003603 }
3604
William Lallemande3af8fb2019-10-08 11:36:53 +02003605 free(ckchs);
William Lallemand36b84632019-07-18 19:28:17 +02003606
3607 return NULL;
3608}
3609
William Lallemandc4ecddf2019-07-31 16:50:08 +02003610#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3611
William Lallemand36b84632019-07-18 19:28:17 +02003612/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003613 * Take a ckch_store which contains a multi-certificate bundle.
William Lallemand36b84632019-07-18 19:28:17 +02003614 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003615 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3616 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003617 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003618 *
Emeric Brun054563d2019-10-17 13:16:58 +02003619 * Returns a bitfield containing the flags:
3620 * ERR_FATAL in any fatal error case
3621 * ERR_ALERT if the reason of the error is available in err
3622 * ERR_WARN if a warning is available into err
William Lallemand36b84632019-07-18 19:28:17 +02003623 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003624 */
Emeric Brun054563d2019-10-17 13:16:58 +02003625static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3626 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3627 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003628{
William Lallemand36b84632019-07-18 19:28:17 +02003629 int i = 0, n = 0;
3630 struct cert_key_and_chain *certs_and_keys;
William Lallemand4b989f22019-10-04 18:36:55 +02003631 struct eb_root sni_keytypes_map = EB_ROOT;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003632 struct ebmb_node *node;
3633 struct ebmb_node *next;
3634 /* Array of SSL_CTX pointers corresponding to each possible combo
3635 * of keytypes
3636 */
3637 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Emeric Brun054563d2019-10-17 13:16:58 +02003638 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003639 X509_NAME *xname = NULL;
3640 char *str = NULL;
3641#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3642 STACK_OF(GENERAL_NAME) *names = NULL;
3643#endif
William Lallemand614ca0d2019-10-07 13:52:11 +02003644 struct ckch_inst *ckch_inst;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003645
Emeric Brun054563d2019-10-17 13:16:58 +02003646 *ckchi = NULL;
3647
William Lallemande3af8fb2019-10-08 11:36:53 +02003648 if (!ckchs || !ckchs->ckch || !ckchs->multi) {
William Lallemand36b84632019-07-18 19:28:17 +02003649 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3650 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003651 return ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003652 }
3653
3654 ckch_inst = ckch_inst_new();
3655 if (!ckch_inst) {
3656 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3657 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003658 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003659 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003660 }
3661
William Lallemande3af8fb2019-10-08 11:36:53 +02003662 certs_and_keys = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003663
William Lallemand150bfa82019-09-19 17:12:49 +02003664 /* at least one of the instances is using filters during the config
3665 * parsing, that's ok to inherit this during loading on CLI */
3666 ckchs->filters = !!fcount;
3667
yanbzhu08ce6ab2015-12-02 13:01:29 -05003668 /* Process each ckch and update keytypes for each CN/SAN
3669 * for example, if CN/SAN www.a.com is associated with
3670 * certs with keytype 0 and 2, then at the end of the loop,
3671 * www.a.com will have:
3672 * keyindex = 0 | 1 | 4 = 5
3673 */
3674 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003675 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003676
3677 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3678 continue;
3679
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003680 if (fcount) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003681 for (i = 0; i < fcount; i++) {
3682 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3683 if (ret < 0) {
3684 memprintf(err, "%sunable to allocate SSL context.\n",
3685 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003686 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003687 goto end;
3688 }
3689 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003690 } else {
3691 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3692 * so the line that contains logic is marked via comments
3693 */
3694 xname = X509_get_subject_name(certs_and_keys[n].cert);
3695 i = -1;
3696 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3697 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003698 ASN1_STRING *value;
3699 value = X509_NAME_ENTRY_get_data(entry);
3700 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003701 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003702 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003703
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003704 OPENSSL_free(str);
3705 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003706 if (ret < 0) {
3707 memprintf(err, "%sunable to allocate SSL context.\n",
3708 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003709 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003710 goto end;
3711 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003712 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003713 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003714
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003715 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003716#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003717 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3718 if (names) {
3719 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3720 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003721
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003722 if (name->type == GEN_DNS) {
3723 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3724 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003725 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003726
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003727 OPENSSL_free(str);
3728 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003729 if (ret < 0) {
3730 memprintf(err, "%sunable to allocate SSL context.\n",
3731 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003732 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003733 goto end;
3734 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003735 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003736 }
3737 }
3738 }
3739 }
3740#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3741 }
3742
3743 /* If no files found, return error */
3744 if (eb_is_empty(&sni_keytypes_map)) {
3745 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3746 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003747 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003748 goto end;
3749 }
3750
3751 /* We now have a map of CN/SAN to keytypes that are loaded in
3752 * Iterate through the map to create the SSL_CTX's (if needed)
3753 * and add each CTX to the SNI tree
3754 *
3755 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003756 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003757 * combination is denoted by the key in the map. Each key
3758 * has a value between 1 and 2^n - 1. Conveniently, the array
3759 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3760 * entry in the array to correspond to the unique combo (key)
3761 * associated with i. This unique key combo (i) will be associated
3762 * with combos[i-1]
3763 */
3764
3765 node = ebmb_first(&sni_keytypes_map);
3766 while (node) {
3767 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003768 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003769 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003770
3771 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3772 i = container_of(node, struct sni_keytype, name)->keytypes;
3773 cur_ctx = key_combos[i-1].ctx;
3774
3775 if (cur_ctx == NULL) {
3776 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003777 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003778 if (cur_ctx == NULL) {
3779 memprintf(err, "%sunable to allocate SSL context.\n",
3780 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003781 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003782 goto end;
3783 }
3784
yanbzhube2774d2015-12-10 15:07:30 -05003785 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003786 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3787 if (i & (1<<n)) {
3788 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003789 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Bruna96b5822019-10-17 13:25:14 +02003790 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3791 if (errcode & ERR_CODE)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003792 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003793 }
3794 }
3795
yanbzhu08ce6ab2015-12-02 13:01:29 -05003796 /* Update key_combos */
3797 key_combos[i-1].ctx = cur_ctx;
3798 }
3799
3800 /* Update SNI Tree */
William Lallemand9117de92019-10-04 00:29:42 +02003801
William Lallemand1d29c742019-10-04 00:53:29 +02003802 key_combos[i-1].order = ckch_inst_add_cert_sni(cur_ctx, ckch_inst, bind_conf, ssl_conf,
William Lallemandfe49bb32019-10-03 23:46:33 +02003803 kinfo, str, key_combos[i-1].order);
3804 if (key_combos[i-1].order < 0) {
3805 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003806 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandfe49bb32019-10-03 23:46:33 +02003807 goto end;
3808 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003809 node = ebmb_next(node);
3810 }
3811
3812
3813 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3814 if (!bind_conf->default_ctx) {
3815 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3816 if (key_combos[i].ctx) {
3817 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003818 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003819 break;
3820 }
3821 }
3822 }
3823
William Lallemand614ca0d2019-10-07 13:52:11 +02003824 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02003825 ckch_inst->ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003826end:
3827
3828 if (names)
3829 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3830
yanbzhu08ce6ab2015-12-02 13:01:29 -05003831 node = ebmb_first(&sni_keytypes_map);
3832 while (node) {
3833 next = ebmb_next(node);
3834 ebmb_delete(node);
William Lallemand8ed5b962019-10-04 17:24:39 +02003835 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05003836 node = next;
3837 }
3838
Emeric Brun054563d2019-10-17 13:16:58 +02003839 if (errcode & ERR_CODE && ckch_inst) {
William Lallemand0c6d12f2019-10-04 18:38:51 +02003840 struct sni_ctx *sc0, *sc0b;
3841
3842 /* free the SSL_CTX in case of error */
3843 for (i = 0; i < SSL_SOCK_POSSIBLE_KT_COMBOS; i++) {
3844 if (key_combos[i].ctx)
3845 SSL_CTX_free(key_combos[i].ctx);
3846 }
3847
3848 /* free the sni_ctx in case of error */
3849 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
3850
3851 ebmb_delete(&sc0->name);
3852 LIST_DEL(&sc0->by_ckch_inst);
3853 free(sc0);
3854 }
William Lallemand614ca0d2019-10-07 13:52:11 +02003855 free(ckch_inst);
3856 ckch_inst = NULL;
William Lallemand0c6d12f2019-10-04 18:38:51 +02003857 }
3858
Emeric Brun054563d2019-10-17 13:16:58 +02003859 *ckchi = ckch_inst;
3860 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003861}
3862#else
3863/* This is a dummy, that just logs an error and returns error */
Emeric Brun054563d2019-10-17 13:16:58 +02003864static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3865 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3866 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003867{
3868 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3869 err && *err ? *err : "", path, strerror(errno));
Emeric Brun054563d2019-10-17 13:16:58 +02003870 return ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003871}
3872
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003873#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003874
William Lallemand614ca0d2019-10-07 13:52:11 +02003875/*
3876 * This function allocate a ckch_inst and create its snis
Emeric Brun054563d2019-10-17 13:16:58 +02003877 *
3878 * Returns a bitfield containing the flags:
3879 * ERR_FATAL in any fatal error case
3880 * ERR_ALERT if the reason of the error is available in err
3881 * ERR_WARN if a warning is available into err
William Lallemand614ca0d2019-10-07 13:52:11 +02003882 */
Emeric Brun054563d2019-10-17 13:16:58 +02003883static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
3884 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003885{
William Lallemandc9402072019-05-15 15:33:54 +02003886 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02003887 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003888 int order = 0;
3889 X509_NAME *xname;
3890 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003891 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003892 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02003893#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3894 STACK_OF(GENERAL_NAME) *names;
3895#endif
William Lallemand36b84632019-07-18 19:28:17 +02003896 struct cert_key_and_chain *ckch;
William Lallemand614ca0d2019-10-07 13:52:11 +02003897 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02003898 int errcode = 0;
3899
3900 *ckchi = NULL;
William Lallemanda59191b2019-05-15 16:08:56 +02003901
William Lallemande3af8fb2019-10-08 11:36:53 +02003902 if (!ckchs || !ckchs->ckch)
Emeric Brun054563d2019-10-17 13:16:58 +02003903 return ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003904
William Lallemande3af8fb2019-10-08 11:36:53 +02003905 ckch = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003906
William Lallemand150bfa82019-09-19 17:12:49 +02003907 /* at least one of the instances is using filters during the config
3908 * parsing, that's ok to inherit this during loading on CLI */
3909 ckchs->filters = !!fcount;
3910
William Lallemandc9402072019-05-15 15:33:54 +02003911 ctx = SSL_CTX_new(SSLv23_server_method());
3912 if (!ctx) {
3913 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3914 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003915 errcode |= ERR_ALERT | ERR_FATAL;
3916 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02003917 }
3918
Emeric Bruna96b5822019-10-17 13:25:14 +02003919 errcode |= ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err);
3920 if (errcode & ERR_CODE)
William Lallemand614ca0d2019-10-07 13:52:11 +02003921 goto error;
William Lallemand614ca0d2019-10-07 13:52:11 +02003922
3923 ckch_inst = ckch_inst_new();
3924 if (!ckch_inst) {
3925 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3926 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003927 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003928 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02003929 }
3930
William Lallemand36b84632019-07-18 19:28:17 +02003931 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003932 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003933 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003934 switch(EVP_PKEY_base_id(pkey)) {
3935 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003936 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003937 break;
3938 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003939 kinfo.sig = TLSEXT_signature_ecdsa;
3940 break;
3941 case EVP_PKEY_DSA:
3942 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003943 break;
3944 }
3945 EVP_PKEY_free(pkey);
3946 }
3947
Emeric Brun50bcecc2013-04-22 13:05:23 +02003948 if (fcount) {
William Lallemandfe49bb32019-10-03 23:46:33 +02003949 while (fcount--) {
William Lallemand1d29c742019-10-04 00:53:29 +02003950 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemandfe49bb32019-10-03 23:46:33 +02003951 if (order < 0) {
3952 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003953 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003954 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003955 }
3956 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003957 }
3958 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003959#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02003960 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003961 if (names) {
3962 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3963 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3964 if (name->type == GEN_DNS) {
3965 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02003966 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003967 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02003968 if (order < 0) {
3969 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003970 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003971 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003972 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003973 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003974 }
3975 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003976 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003977 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003978#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02003979 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003980 i = -1;
3981 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3982 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003983 ASN1_STRING *value;
3984
3985 value = X509_NAME_ENTRY_get_data(entry);
3986 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02003987 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003988 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02003989 if (order < 0) {
3990 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003991 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003992 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003993 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003994 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003995 }
3996 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003997 /* we must not free the SSL_CTX anymore below, since it's already in
3998 * the tree, so it will be discovered and cleaned in time.
3999 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004000
Emeric Brunfc0421f2012-09-07 17:30:07 +02004001#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004002 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02004003 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
4004 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004005 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004006 goto error;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004007 }
4008#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004009 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004010 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004011 bind_conf->default_ssl_conf = ssl_conf;
4012 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004013
William Lallemand9117de92019-10-04 00:29:42 +02004014 /* everything succeed, the ckch instance can be used */
4015 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004016 ckch_inst->ssl_conf = ssl_conf;
William Lallemand9117de92019-10-04 00:29:42 +02004017
Emeric Brun054563d2019-10-17 13:16:58 +02004018 *ckchi = ckch_inst;
4019 return errcode;
William Lallemandd9199372019-10-04 15:37:05 +02004020
4021error:
4022 /* free the allocated sni_ctxs */
William Lallemand614ca0d2019-10-07 13:52:11 +02004023 if (ckch_inst) {
William Lallemandd9199372019-10-04 15:37:05 +02004024 struct sni_ctx *sc0, *sc0b;
4025
4026 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4027
4028 ebmb_delete(&sc0->name);
4029 LIST_DEL(&sc0->by_ckch_inst);
4030 free(sc0);
4031 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004032 free(ckch_inst);
4033 ckch_inst = NULL;
William Lallemandd9199372019-10-04 15:37:05 +02004034 }
4035 /* We only created 1 SSL_CTX so we can free it there */
4036 SSL_CTX_free(ctx);
4037
Emeric Brun054563d2019-10-17 13:16:58 +02004038 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004039}
4040
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004041/* Returns a set of ERR_* flags possibly with an error in <err>. */
William Lallemand614ca0d2019-10-07 13:52:11 +02004042static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
4043 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4044 char **sni_filter, int fcount, char **err)
4045{
4046 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004047 int errcode = 0;
William Lallemand614ca0d2019-10-07 13:52:11 +02004048
4049 /* we found the ckchs in the tree, we can use it directly */
4050 if (ckchs->multi)
Emeric Brun054563d2019-10-17 13:16:58 +02004051 errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004052 else
Emeric Brun054563d2019-10-17 13:16:58 +02004053 errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004054
Emeric Brun054563d2019-10-17 13:16:58 +02004055 if (errcode & ERR_CODE)
4056 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004057
4058 ssl_sock_load_cert_sni(ckch_inst, bind_conf);
4059
4060 /* succeed, add the instance to the ckch_store's list of instance */
4061 LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
Emeric Brun054563d2019-10-17 13:16:58 +02004062 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004063}
4064
4065
Willy Tarreaubbc91962019-10-16 16:42:19 +02004066/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01004067int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004068{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004069 struct dirent **de_list;
4070 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004071 DIR *dir;
4072 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01004073 char *end;
4074 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02004075 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004076 struct ckch_store *ckchs;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004077#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004078 int is_bundle;
4079 int j;
4080#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004081 if ((ckchs = ckchs_lookup(path))) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004082 /* we found the ckchs in the tree, we can use it directly */
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004083 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand6af03992019-07-23 15:00:54 +02004084 }
4085
yanbzhu08ce6ab2015-12-02 13:01:29 -05004086 if (stat(path, &buf) == 0) {
4087 dir = opendir(path);
William Lallemand36b84632019-07-18 19:28:17 +02004088 if (!dir) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004089 ckchs = ckchs_load_cert_file(path, 0, err);
4090 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004091 return ERR_ALERT | ERR_FATAL;
4092
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004093 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004094 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004095
yanbzhu08ce6ab2015-12-02 13:01:29 -05004096 /* strip trailing slashes, including first one */
4097 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
4098 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004099
yanbzhu08ce6ab2015-12-02 13:01:29 -05004100 n = scandir(path, &de_list, 0, alphasort);
4101 if (n < 0) {
4102 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
4103 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004104 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004105 }
4106 else {
4107 for (i = 0; i < n; i++) {
4108 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02004109
yanbzhu08ce6ab2015-12-02 13:01:29 -05004110 end = strrchr(de->d_name, '.');
4111 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
4112 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004113
yanbzhu08ce6ab2015-12-02 13:01:29 -05004114 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
4115 if (stat(fp, &buf) != 0) {
4116 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4117 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004118 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004119 goto ignore_entry;
4120 }
4121 if (!S_ISREG(buf.st_mode))
4122 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05004123
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004124#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004125 is_bundle = 0;
4126 /* Check if current entry in directory is part of a multi-cert bundle */
4127
4128 if (end) {
4129 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
4130 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
4131 is_bundle = 1;
4132 break;
4133 }
4134 }
4135
4136 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05004137 int dp_len;
4138
4139 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05004140
4141 /* increment i and free de until we get to a non-bundle cert
4142 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau05800522019-10-29 10:48:50 +01004143 * this is important since ignore_entry will free de. This also
4144 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05004145 */
Willy Tarreau05800522019-10-29 10:48:50 +01004146 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05004147 free(de);
4148 i++;
4149 de = de_list[i];
4150 }
4151
Willy Tarreau05800522019-10-29 10:48:50 +01004152 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
William Lallemande3af8fb2019-10-08 11:36:53 +02004153 if ((ckchs = ckchs_lookup(fp)) == NULL)
4154 ckchs = ckchs_load_cert_file(fp, 1, err);
4155 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004156 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004157 else
4158 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05004159 /* Successfully processed the bundle */
4160 goto ignore_entry;
4161 }
4162 }
4163
4164#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004165 if ((ckchs = ckchs_lookup(fp)) == NULL)
4166 ckchs = ckchs_load_cert_file(fp, 0, err);
4167 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004168 cfgerr |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02004169 else
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004170 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004171
yanbzhu08ce6ab2015-12-02 13:01:29 -05004172ignore_entry:
4173 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004174 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004175 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004176 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004177 closedir(dir);
4178 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004179 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004180
William Lallemande3af8fb2019-10-08 11:36:53 +02004181 ckchs = ckchs_load_cert_file(path, 1, err);
4182 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004183 return ERR_ALERT | ERR_FATAL;
4184
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004185 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05004186
Emeric Brunfc0421f2012-09-07 17:30:07 +02004187 return cfgerr;
4188}
4189
Thierry Fournier383085f2013-01-24 14:15:43 +01004190/* Make sure openssl opens /dev/urandom before the chroot. The work is only
4191 * done once. Zero is returned if the operation fails. No error is returned
4192 * if the random is said as not implemented, because we expect that openssl
4193 * will use another method once needed.
4194 */
4195static int ssl_initialize_random()
4196{
4197 unsigned char random;
4198 static int random_initialized = 0;
4199
4200 if (!random_initialized && RAND_bytes(&random, 1) != 0)
4201 random_initialized = 1;
4202
4203 return random_initialized;
4204}
4205
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004206/* release ssl bind conf */
4207void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004208{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004209 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01004210#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004211 free(conf->npn_str);
4212 conf->npn_str = NULL;
4213#endif
4214#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4215 free(conf->alpn_str);
4216 conf->alpn_str = NULL;
4217#endif
4218 free(conf->ca_file);
4219 conf->ca_file = NULL;
4220 free(conf->crl_file);
4221 conf->crl_file = NULL;
4222 free(conf->ciphers);
4223 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004224#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004225 free(conf->ciphersuites);
4226 conf->ciphersuites = NULL;
4227#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004228 free(conf->curves);
4229 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004230 free(conf->ecdhe);
4231 conf->ecdhe = NULL;
4232 }
4233}
4234
Willy Tarreaubbc91962019-10-16 16:42:19 +02004235/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004236int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
4237{
4238 char thisline[CRT_LINESIZE];
4239 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004240 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05004241 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004242 int linenum = 0;
4243 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004244 struct ckch_store *ckchs;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004245
Willy Tarreauad1731d2013-04-02 17:35:58 +02004246 if ((f = fopen(file, "r")) == NULL) {
4247 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004248 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004249 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004250
4251 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004252 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004253 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004254 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004255 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004256 char *crt_path;
4257 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004258
4259 linenum++;
4260 end = line + strlen(line);
4261 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
4262 /* Check if we reached the limit and the last char is not \n.
4263 * Watch out for the last line without the terminating '\n'!
4264 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02004265 memprintf(err, "line %d too long in file '%s', limit is %d characters",
4266 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004267 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004268 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004269 }
4270
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004271 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004272 newarg = 1;
4273 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004274 if (*line == '#' || *line == '\n' || *line == '\r') {
4275 /* end of string, end of loop */
4276 *line = 0;
4277 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004278 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02004279 newarg = 1;
4280 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004281 } else if (*line == '[') {
4282 if (ssl_b) {
4283 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004284 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004285 break;
4286 }
4287 if (!arg) {
4288 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004289 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004290 break;
4291 }
4292 ssl_b = arg;
4293 newarg = 1;
4294 *line = 0;
4295 } else if (*line == ']') {
4296 if (ssl_e) {
4297 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004298 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004299 break;
4300 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004301 if (!ssl_b) {
4302 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004303 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004304 break;
4305 }
4306 ssl_e = arg;
4307 newarg = 1;
4308 *line = 0;
4309 } else if (newarg) {
4310 if (arg == MAX_CRT_ARGS) {
4311 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004312 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004313 break;
4314 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004315 newarg = 0;
4316 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004317 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004318 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004319 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02004320 if (cfgerr)
4321 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004322 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004323
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004324 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004325 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004326 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004327
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004328 crt_path = args[0];
4329 if (*crt_path != '/' && global_ssl.crt_base) {
4330 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
4331 memprintf(err, "'%s' : path too long on line %d in file '%s'",
4332 crt_path, linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004333 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004334 break;
4335 }
4336 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
4337 crt_path = path;
4338 }
4339
4340 ssl_conf = calloc(1, sizeof *ssl_conf);
4341 cur_arg = ssl_b ? ssl_b : 1;
4342 while (cur_arg < ssl_e) {
4343 newarg = 0;
4344 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
4345 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
4346 newarg = 1;
Willy Tarreaubbc91962019-10-16 16:42:19 +02004347 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004348 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
4349 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
4350 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004351 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004352 }
4353 cur_arg += 1 + ssl_bind_kws[i].skip;
4354 break;
4355 }
4356 }
4357 if (!cfgerr && !newarg) {
4358 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
4359 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004360 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004361 break;
4362 }
4363 }
Willy Tarreaubbc91962019-10-16 16:42:19 +02004364
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004365 if (cfgerr) {
4366 ssl_sock_free_ssl_conf(ssl_conf);
4367 free(ssl_conf);
4368 ssl_conf = NULL;
4369 break;
4370 }
4371
William Lallemande3af8fb2019-10-08 11:36:53 +02004372 if ((ckchs = ckchs_lookup(crt_path)) == NULL) {
William Lallemandeed4bf22019-10-10 11:38:13 +02004373 if (stat(crt_path, &buf) == 0)
William Lallemande3af8fb2019-10-08 11:36:53 +02004374 ckchs = ckchs_load_cert_file(crt_path, 0, err);
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02004375 else
William Lallemande3af8fb2019-10-08 11:36:53 +02004376 ckchs = ckchs_load_cert_file(crt_path, 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05004377 }
4378
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004379 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004380 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004381 else
4382 cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
William Lallemandeed4bf22019-10-10 11:38:13 +02004383
Willy Tarreauad1731d2013-04-02 17:35:58 +02004384 if (cfgerr) {
4385 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004386 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004387 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004388 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004389 fclose(f);
4390 return cfgerr;
4391}
4392
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004393/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004394static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004395ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004396{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004397 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004398 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004399 SSL_OP_ALL | /* all known workarounds for bugs */
4400 SSL_OP_NO_SSLv2 |
4401 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004402 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02004403 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004404 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02004405 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004406 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004407 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004408 SSL_MODE_ENABLE_PARTIAL_WRITE |
4409 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004410 SSL_MODE_RELEASE_BUFFERS |
4411 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004412 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004413 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004414 int flags = MC_SSL_O_ALL;
4415 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004416
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004417 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004418 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004419
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004420 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004421 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
4422 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4423 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004424 else
4425 flags = conf_ssl_methods->flags;
4426
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004427 min = conf_ssl_methods->min;
4428 max = conf_ssl_methods->max;
4429 /* start with TLSv10 to remove SSLv3 per default */
4430 if (!min && (!max || max >= CONF_TLSV10))
4431 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004432 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004433 if (min)
4434 flags |= (methodVersions[min].flag - 1);
4435 if (max)
4436 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004437 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004438 min = max = CONF_TLSV_NONE;
4439 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004440 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004441 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004442 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004443 if (min) {
4444 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004445 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
4446 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4447 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
4448 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004449 hole = 0;
4450 }
4451 max = i;
4452 }
4453 else {
4454 min = max = i;
4455 }
4456 }
4457 else {
4458 if (min)
4459 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004460 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004461 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004462 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4463 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004464 cfgerr += 1;
4465 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004466 /* save real min/max in bind_conf */
4467 conf_ssl_methods->min = min;
4468 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004469
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004470#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004471 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004472 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004473 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004474 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004475 else
4476 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4477 if (flags & methodVersions[i].flag)
4478 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004479#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004480 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004481 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4482 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004483#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004484
4485 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4486 options |= SSL_OP_NO_TICKET;
4487 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4488 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004489
4490#ifdef SSL_OP_NO_RENEGOTIATION
4491 options |= SSL_OP_NO_RENEGOTIATION;
4492#endif
4493
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004494 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004495
Willy Tarreau5db847a2019-05-09 14:13:35 +02004496#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004497 if (global_ssl.async)
4498 mode |= SSL_MODE_ASYNC;
4499#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004500 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004501 if (global_ssl.life_time)
4502 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004503
4504#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4505#ifdef OPENSSL_IS_BORINGSSL
4506 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4507 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004508#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004509 if (bind_conf->ssl_conf.early_data) {
4510 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
4511 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4512 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004513 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4514 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004515#else
4516 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004517#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004518 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004519#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004520 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004521}
4522
William Lallemand4f45bb92017-10-30 20:08:51 +01004523
4524static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4525{
4526 if (first == block) {
4527 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4528 if (first->len > 0)
4529 sh_ssl_sess_tree_delete(sh_ssl_sess);
4530 }
4531}
4532
4533/* return first block from sh_ssl_sess */
4534static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4535{
4536 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4537
4538}
4539
4540/* store a session into the cache
4541 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4542 * data: asn1 encoded session
4543 * data_len: asn1 encoded session length
4544 * Returns 1 id session was stored (else 0)
4545 */
4546static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4547{
4548 struct shared_block *first;
4549 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4550
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004551 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004552 if (!first) {
4553 /* Could not retrieve enough free blocks to store that session */
4554 return 0;
4555 }
4556
4557 /* STORE the key in the first elem */
4558 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4559 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4560 first->len = sizeof(struct sh_ssl_sess_hdr);
4561
4562 /* it returns the already existing node
4563 or current node if none, never returns null */
4564 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4565 if (oldsh_ssl_sess != sh_ssl_sess) {
4566 /* NOTE: Row couldn't be in use because we lock read & write function */
4567 /* release the reserved row */
4568 shctx_row_dec_hot(ssl_shctx, first);
4569 /* replace the previous session already in the tree */
4570 sh_ssl_sess = oldsh_ssl_sess;
4571 /* ignore the previous session data, only use the header */
4572 first = sh_ssl_sess_first_block(sh_ssl_sess);
4573 shctx_row_inc_hot(ssl_shctx, first);
4574 first->len = sizeof(struct sh_ssl_sess_hdr);
4575 }
4576
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004577 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004578 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004579 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004580 }
4581
4582 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004583
4584 return 1;
4585}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004586
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004587/* SSL callback used when a new session is created while connecting to a server */
4588static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4589{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004590 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004591 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004592
Willy Tarreau07d94e42018-09-20 10:57:52 +02004593 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004594
Olivier Houcharde6060c52017-11-16 17:42:52 +01004595 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4596 int len;
4597 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004598
Olivier Houcharde6060c52017-11-16 17:42:52 +01004599 len = i2d_SSL_SESSION(sess, NULL);
4600 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4601 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4602 } else {
4603 free(s->ssl_ctx.reused_sess[tid].ptr);
4604 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4605 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4606 }
4607 if (s->ssl_ctx.reused_sess[tid].ptr) {
4608 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4609 &ptr);
4610 }
4611 } else {
4612 free(s->ssl_ctx.reused_sess[tid].ptr);
4613 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4614 }
4615
4616 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004617}
4618
Olivier Houcharde6060c52017-11-16 17:42:52 +01004619
William Lallemanded0b5ad2017-10-30 19:36:36 +01004620/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004621int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004622{
4623 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4624 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4625 unsigned char *p;
4626 int data_len;
Emeric Bruneb469652019-10-08 18:27:37 +02004627 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004628 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004629
4630 /* Session id is already stored in to key and session id is known
4631 * so we dont store it to keep size.
Emeric Bruneb469652019-10-08 18:27:37 +02004632 * note: SSL_SESSION_set1_id is using
4633 * a memcpy so we need to use a different pointer
4634 * than sid_data or sid_ctx_data to avoid valgrind
4635 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004636 */
4637
4638 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Bruneb469652019-10-08 18:27:37 +02004639
4640 /* copy value in an other buffer */
4641 memcpy(encid, sid_data, sid_length);
4642
4643 /* pad with 0 */
4644 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4645 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4646
4647 /* force length to zero to avoid ASN1 encoding */
4648 SSL_SESSION_set1_id(sess, encid, 0);
4649
4650 /* force length to zero to avoid ASN1 encoding */
4651 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004652
4653 /* check if buffer is large enough for the ASN1 encoded session */
4654 data_len = i2d_SSL_SESSION(sess, NULL);
4655 if (data_len > SHSESS_MAX_DATA_LEN)
4656 goto err;
4657
4658 p = encsess;
4659
4660 /* process ASN1 session encoding before the lock */
4661 i2d_SSL_SESSION(sess, &p);
4662
William Lallemanded0b5ad2017-10-30 19:36:36 +01004663
William Lallemanda3c77cf2017-10-30 23:44:40 +01004664 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004665 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004666 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004667 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004668err:
4669 /* reset original length values */
Emeric Bruneb469652019-10-08 18:27:37 +02004670 SSL_SESSION_set1_id(sess, encid, sid_length);
4671 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004672
4673 return 0; /* do not increment session reference count */
4674}
4675
4676/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004677SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004678{
William Lallemand4f45bb92017-10-30 20:08:51 +01004679 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004680 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4681 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004682 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004683 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004684
4685 global.shctx_lookups++;
4686
4687 /* allow the session to be freed automatically by openssl */
4688 *do_copy = 0;
4689
4690 /* tree key is zeros padded sessionid */
4691 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4692 memcpy(tmpkey, key, key_len);
4693 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4694 key = tmpkey;
4695 }
4696
4697 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004698 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004699
4700 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004701 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4702 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004703 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004704 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004705 global.shctx_misses++;
4706 return NULL;
4707 }
4708
William Lallemand4f45bb92017-10-30 20:08:51 +01004709 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4710 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004711
William Lallemand4f45bb92017-10-30 20:08:51 +01004712 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004713
William Lallemanda3c77cf2017-10-30 23:44:40 +01004714 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004715
4716 /* decode ASN1 session */
4717 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004718 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004719 /* Reset session id and session id contenxt */
4720 if (sess) {
4721 SSL_SESSION_set1_id(sess, key, key_len);
4722 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4723 }
4724
4725 return sess;
4726}
4727
William Lallemand4f45bb92017-10-30 20:08:51 +01004728
William Lallemanded0b5ad2017-10-30 19:36:36 +01004729/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004730void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004731{
William Lallemand4f45bb92017-10-30 20:08:51 +01004732 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004733 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4734 unsigned int sid_length;
4735 const unsigned char *sid_data;
4736 (void)ctx;
4737
4738 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4739 /* tree key is zeros padded sessionid */
4740 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4741 memcpy(tmpkey, sid_data, sid_length);
4742 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4743 sid_data = tmpkey;
4744 }
4745
William Lallemanda3c77cf2017-10-30 23:44:40 +01004746 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004747
4748 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004749 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4750 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004751 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004752 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004753 }
4754
4755 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004756 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004757}
4758
4759/* Set session cache mode to server and disable openssl internal cache.
4760 * Set shared cache callbacks on an ssl context.
4761 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004762void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004763{
4764 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4765
4766 if (!ssl_shctx) {
4767 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4768 return;
4769 }
4770
4771 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4772 SSL_SESS_CACHE_NO_INTERNAL |
4773 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4774
4775 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004776 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4777 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4778 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004779}
4780
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004781int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4782{
4783 struct proxy *curproxy = bind_conf->frontend;
4784 int cfgerr = 0;
4785 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004786 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004787 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004788#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004789 const char *conf_ciphersuites;
4790#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004791 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004792
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004793 if (ssl_conf) {
4794 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4795 int i, min, max;
4796 int flags = MC_SSL_O_ALL;
4797
4798 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004799 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4800 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004801 if (min)
4802 flags |= (methodVersions[min].flag - 1);
4803 if (max)
4804 flags |= ~((methodVersions[max].flag << 1) - 1);
4805 min = max = CONF_TLSV_NONE;
4806 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4807 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4808 if (min)
4809 max = i;
4810 else
4811 min = max = i;
4812 }
4813 /* save real min/max */
4814 conf_ssl_methods->min = min;
4815 conf_ssl_methods->max = max;
4816 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004817 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4818 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004819 cfgerr += 1;
4820 }
4821 }
4822
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004823 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004824 case SSL_SOCK_VERIFY_NONE:
4825 verify = SSL_VERIFY_NONE;
4826 break;
4827 case SSL_SOCK_VERIFY_OPTIONAL:
4828 verify = SSL_VERIFY_PEER;
4829 break;
4830 case SSL_SOCK_VERIFY_REQUIRED:
4831 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4832 break;
4833 }
4834 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4835 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004836 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4837 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4838 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004839 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004840 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004841 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4842 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004843 cfgerr++;
4844 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004845 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4846 /* set CA names for client cert request, function returns void */
4847 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4848 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004849 }
Emeric Brun850efd52014-01-29 12:24:34 +01004850 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004851 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4852 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004853 cfgerr++;
4854 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004855#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004856 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004857 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4858
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004859 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004860 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4861 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004862 cfgerr++;
4863 }
Emeric Brun561e5742012-10-02 15:20:55 +02004864 else {
4865 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4866 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004867 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004868#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004869 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004870 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004871#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004872 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004873 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004874 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4875 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004876 cfgerr++;
4877 }
4878 }
4879#endif
4880
William Lallemand4f45bb92017-10-30 20:08:51 +01004881 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004882 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4883 if (conf_ciphers &&
4884 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004885 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4886 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004887 cfgerr++;
4888 }
4889
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004890#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004891 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4892 if (conf_ciphersuites &&
4893 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4894 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4895 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4896 cfgerr++;
4897 }
4898#endif
4899
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004900#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004901 /* If tune.ssl.default-dh-param has not been set,
4902 neither has ssl-default-dh-file and no static DH
4903 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004904 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004905 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004906 (ssl_dh_ptr_index == -1 ||
4907 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004908 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4909 const SSL_CIPHER * cipher = NULL;
4910 char cipher_description[128];
4911 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4912 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4913 which is not ephemeral DH. */
4914 const char dhe_description[] = " Kx=DH ";
4915 const char dhe_export_description[] = " Kx=DH(";
4916 int idx = 0;
4917 int dhe_found = 0;
4918 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004919
Remi Gacogne23d5d372014-10-10 17:04:26 +02004920 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004921
Remi Gacogne23d5d372014-10-10 17:04:26 +02004922 if (ssl) {
4923 ciphers = SSL_get_ciphers(ssl);
4924
4925 if (ciphers) {
4926 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4927 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4928 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4929 if (strstr(cipher_description, dhe_description) != NULL ||
4930 strstr(cipher_description, dhe_export_description) != NULL) {
4931 dhe_found = 1;
4932 break;
4933 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004934 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004935 }
4936 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004937 SSL_free(ssl);
4938 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004939 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004940
Lukas Tribus90132722014-08-18 00:56:33 +02004941 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004942 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004943 }
4944
Willy Tarreauef934602016-12-22 23:12:01 +01004945 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004946 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004947
Willy Tarreauef934602016-12-22 23:12:01 +01004948 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004949 if (local_dh_1024 == NULL) {
4950 local_dh_1024 = ssl_get_dh_1024();
4951 }
Willy Tarreauef934602016-12-22 23:12:01 +01004952 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004953 if (local_dh_2048 == NULL) {
4954 local_dh_2048 = ssl_get_dh_2048();
4955 }
Willy Tarreauef934602016-12-22 23:12:01 +01004956 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004957 if (local_dh_4096 == NULL) {
4958 local_dh_4096 = ssl_get_dh_4096();
4959 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004960 }
4961 }
4962 }
4963#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004964
Emeric Brunfc0421f2012-09-07 17:30:07 +02004965 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004966#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004967 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004968#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004969
Bernard Spil13c53f82018-02-15 13:34:58 +01004970#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004971 ssl_conf_cur = NULL;
4972 if (ssl_conf && ssl_conf->npn_str)
4973 ssl_conf_cur = ssl_conf;
4974 else if (bind_conf->ssl_conf.npn_str)
4975 ssl_conf_cur = &bind_conf->ssl_conf;
4976 if (ssl_conf_cur)
4977 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004978#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004979#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004980 ssl_conf_cur = NULL;
4981 if (ssl_conf && ssl_conf->alpn_str)
4982 ssl_conf_cur = ssl_conf;
4983 else if (bind_conf->ssl_conf.alpn_str)
4984 ssl_conf_cur = &bind_conf->ssl_conf;
4985 if (ssl_conf_cur)
4986 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004987#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004988#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004989 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4990 if (conf_curves) {
4991 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004992 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4993 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004994 cfgerr++;
4995 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004996#if defined(SSL_CTX_set_ecdh_auto)
4997 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4998#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004999 }
5000#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005001#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005002 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02005003 int i;
5004 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005005#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005006 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02005007 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5008 NULL);
5009
5010 if (ecdhe == NULL) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02005011 SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005012 return cfgerr;
5013 }
5014#else
5015 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
5016 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5017 ECDHE_DEFAULT_CURVE);
5018#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005019
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005020 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02005021 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005022 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
5023 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02005024 cfgerr++;
5025 }
5026 else {
5027 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
5028 EC_KEY_free(ecdh);
5029 }
5030 }
5031#endif
5032
Emeric Brunfc0421f2012-09-07 17:30:07 +02005033 return cfgerr;
5034}
5035
Evan Broderbe554312013-06-27 00:05:25 -07005036static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
5037{
5038 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
5039 size_t prefixlen, suffixlen;
5040
5041 /* Trivial case */
5042 if (strcmp(pattern, hostname) == 0)
5043 return 1;
5044
Evan Broderbe554312013-06-27 00:05:25 -07005045 /* The rest of this logic is based on RFC 6125, section 6.4.3
5046 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
5047
Emeric Bruna848dae2013-10-08 11:27:28 +02005048 pattern_wildcard = NULL;
5049 pattern_left_label_end = pattern;
5050 while (*pattern_left_label_end != '.') {
5051 switch (*pattern_left_label_end) {
5052 case 0:
5053 /* End of label not found */
5054 return 0;
5055 case '*':
5056 /* If there is more than one wildcards */
5057 if (pattern_wildcard)
5058 return 0;
5059 pattern_wildcard = pattern_left_label_end;
5060 break;
5061 }
5062 pattern_left_label_end++;
5063 }
5064
5065 /* If it's not trivial and there is no wildcard, it can't
5066 * match */
5067 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07005068 return 0;
5069
5070 /* Make sure all labels match except the leftmost */
5071 hostname_left_label_end = strchr(hostname, '.');
5072 if (!hostname_left_label_end
5073 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
5074 return 0;
5075
5076 /* Make sure the leftmost label of the hostname is long enough
5077 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02005078 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07005079 return 0;
5080
5081 /* Finally compare the string on either side of the
5082 * wildcard */
5083 prefixlen = pattern_wildcard - pattern;
5084 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02005085 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
5086 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07005087 return 0;
5088
5089 return 1;
5090}
5091
5092static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
5093{
5094 SSL *ssl;
5095 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005096 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005097 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02005098 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07005099
5100 int depth;
5101 X509 *cert;
5102 STACK_OF(GENERAL_NAME) *alt_names;
5103 int i;
5104 X509_NAME *cert_subject;
5105 char *str;
5106
5107 if (ok == 0)
5108 return ok;
5109
5110 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005111 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005112 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07005113
Willy Tarreauad92a9a2017-07-28 11:38:41 +02005114 /* We're checking if the provided hostnames match the desired one. The
5115 * desired hostname comes from the SNI we presented if any, or if not
5116 * provided then it may have been explicitly stated using a "verifyhost"
5117 * directive. If neither is set, we don't care about the name so the
5118 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02005119 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005120 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02005121 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005122 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02005123 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005124 if (!servername)
5125 return ok;
5126 }
Evan Broderbe554312013-06-27 00:05:25 -07005127
5128 /* We only need to verify the CN on the actual server cert,
5129 * not the indirect CAs */
5130 depth = X509_STORE_CTX_get_error_depth(ctx);
5131 if (depth != 0)
5132 return ok;
5133
5134 /* At this point, the cert is *not* OK unless we can find a
5135 * hostname match */
5136 ok = 0;
5137
5138 cert = X509_STORE_CTX_get_current_cert(ctx);
5139 /* It seems like this might happen if verify peer isn't set */
5140 if (!cert)
5141 return ok;
5142
5143 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
5144 if (alt_names) {
5145 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
5146 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
5147 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005148#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02005149 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
5150#else
Evan Broderbe554312013-06-27 00:05:25 -07005151 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02005152#endif
Evan Broderbe554312013-06-27 00:05:25 -07005153 ok = ssl_sock_srv_hostcheck(str, servername);
5154 OPENSSL_free(str);
5155 }
5156 }
5157 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02005158 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07005159 }
5160
5161 cert_subject = X509_get_subject_name(cert);
5162 i = -1;
5163 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
5164 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005165 ASN1_STRING *value;
5166 value = X509_NAME_ENTRY_get_data(entry);
5167 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07005168 ok = ssl_sock_srv_hostcheck(str, servername);
5169 OPENSSL_free(str);
5170 }
5171 }
5172
Willy Tarreau71d058c2017-07-26 20:09:56 +02005173 /* report the mismatch and indicate if SNI was used or not */
5174 if (!ok && !conn->err_code)
5175 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07005176 return ok;
5177}
5178
Emeric Brun94324a42012-10-11 14:00:19 +02005179/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01005180int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02005181{
Willy Tarreau03209342016-12-22 17:08:28 +01005182 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02005183 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005184 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02005185 SSL_OP_ALL | /* all known workarounds for bugs */
5186 SSL_OP_NO_SSLv2 |
5187 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005188 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02005189 SSL_MODE_ENABLE_PARTIAL_WRITE |
5190 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01005191 SSL_MODE_RELEASE_BUFFERS |
5192 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01005193 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005194 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005195 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005196 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005197 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02005198
Thierry Fournier383085f2013-01-24 14:15:43 +01005199 /* Make sure openssl opens /dev/urandom before the chroot */
5200 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005201 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01005202 cfgerr++;
5203 }
5204
Willy Tarreaufce03112015-01-15 21:32:40 +01005205 /* Automatic memory computations need to know we use SSL there */
5206 global.ssl_used_backend = 1;
5207
5208 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005209 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005210 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005211 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
5212 curproxy->id, srv->id,
5213 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005214 cfgerr++;
5215 return cfgerr;
5216 }
5217 }
Emeric Brun94324a42012-10-11 14:00:19 +02005218 if (srv->use_ssl)
5219 srv->xprt = &ssl_sock;
5220 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01005221 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02005222
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005223 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005224 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005225 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
5226 proxy_type_str(curproxy), curproxy->id,
5227 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02005228 cfgerr++;
5229 return cfgerr;
5230 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005231
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005232 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01005233 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
5234 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5235 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005236 else
5237 flags = conf_ssl_methods->flags;
5238
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005239 /* Real min and max should be determinate with configuration and openssl's capabilities */
5240 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005241 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005242 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005243 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005244
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005245 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005246 min = max = CONF_TLSV_NONE;
5247 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005248 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005249 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005250 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005251 if (min) {
5252 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005253 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
5254 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5255 proxy_type_str(curproxy), curproxy->id, srv->id,
5256 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005257 hole = 0;
5258 }
5259 max = i;
5260 }
5261 else {
5262 min = max = i;
5263 }
5264 }
5265 else {
5266 if (min)
5267 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005268 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005269 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005270 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
5271 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005272 cfgerr += 1;
5273 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005274
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005275#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005276 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08005277 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005278 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005279 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005280 else
5281 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
5282 if (flags & methodVersions[i].flag)
5283 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005284#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005285 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005286 methodVersions[min].ctx_set_version(ctx, SET_MIN);
5287 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005288#endif
5289
5290 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
5291 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005292 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005293
Willy Tarreau5db847a2019-05-09 14:13:35 +02005294#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005295 if (global_ssl.async)
5296 mode |= SSL_MODE_ASYNC;
5297#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005298 SSL_CTX_set_mode(ctx, mode);
5299 srv->ssl_ctx.ctx = ctx;
5300
Emeric Bruna7aa3092012-10-26 12:58:00 +02005301 if (srv->ssl_ctx.client_crt) {
5302 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005303 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
5304 proxy_type_str(curproxy), curproxy->id,
5305 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005306 cfgerr++;
5307 }
5308 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005309 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
5310 proxy_type_str(curproxy), curproxy->id,
5311 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005312 cfgerr++;
5313 }
5314 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005315 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
5316 proxy_type_str(curproxy), curproxy->id,
5317 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005318 cfgerr++;
5319 }
5320 }
Emeric Brun94324a42012-10-11 14:00:19 +02005321
Emeric Brun850efd52014-01-29 12:24:34 +01005322 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
5323 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01005324 switch (srv->ssl_ctx.verify) {
5325 case SSL_SOCK_VERIFY_NONE:
5326 verify = SSL_VERIFY_NONE;
5327 break;
5328 case SSL_SOCK_VERIFY_REQUIRED:
5329 verify = SSL_VERIFY_PEER;
5330 break;
5331 }
Evan Broderbe554312013-06-27 00:05:25 -07005332 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01005333 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02005334 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01005335 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02005336 if (srv->ssl_ctx.ca_file) {
5337 /* load CAfile to verify */
5338 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005339 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
5340 curproxy->id, srv->id,
5341 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005342 cfgerr++;
5343 }
5344 }
Emeric Brun850efd52014-01-29 12:24:34 +01005345 else {
5346 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01005347 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
5348 curproxy->id, srv->id,
5349 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005350 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01005351 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
5352 curproxy->id, srv->id,
5353 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005354 cfgerr++;
5355 }
Emeric Brunef42d922012-10-11 16:11:36 +02005356#ifdef X509_V_FLAG_CRL_CHECK
5357 if (srv->ssl_ctx.crl_file) {
5358 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
5359
5360 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005361 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
5362 curproxy->id, srv->id,
5363 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005364 cfgerr++;
5365 }
5366 else {
5367 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5368 }
5369 }
5370#endif
5371 }
5372
Olivier Houchardbd84ac82017-11-03 13:43:35 +01005373 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
5374 SSL_SESS_CACHE_NO_INTERNAL_STORE);
5375 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02005376 if (srv->ssl_ctx.ciphers &&
5377 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005378 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
5379 curproxy->id, srv->id,
5380 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02005381 cfgerr++;
5382 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005383
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005384#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005385 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00005386 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005387 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
5388 curproxy->id, srv->id,
5389 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
5390 cfgerr++;
5391 }
5392#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01005393#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
5394 if (srv->ssl_ctx.npn_str)
5395 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
5396#endif
5397#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5398 if (srv->ssl_ctx.alpn_str)
5399 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
5400#endif
5401
Emeric Brun94324a42012-10-11 14:00:19 +02005402
5403 return cfgerr;
5404}
5405
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005406/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005407 * be NULL, in which case nothing is done. Returns the number of errors
5408 * encountered.
5409 */
Willy Tarreau03209342016-12-22 17:08:28 +01005410int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005411{
5412 struct ebmb_node *node;
5413 struct sni_ctx *sni;
5414 int err = 0;
5415
Willy Tarreaufce03112015-01-15 21:32:40 +01005416 /* Automatic memory computations need to know we use SSL there */
5417 global.ssl_used_frontend = 1;
5418
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005419 /* Make sure openssl opens /dev/urandom before the chroot */
5420 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005421 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005422 err++;
5423 }
5424 /* Create initial_ctx used to start the ssl connection before do switchctx */
5425 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005426 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005427 /* It should not be necessary to call this function, but it's
5428 necessary first to check and move all initialisation related
5429 to initial_ctx in ssl_sock_initial_ctx. */
5430 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
5431 }
Emeric Brun0bed9942014-10-30 19:25:24 +01005432 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005433 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01005434
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005435 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005436 while (node) {
5437 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005438 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5439 /* only initialize the CTX on its first occurrence and
5440 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005441 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005442 node = ebmb_next(node);
5443 }
5444
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005445 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005446 while (node) {
5447 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005448 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5449 /* only initialize the CTX on its first occurrence and
5450 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005451 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005452 node = ebmb_next(node);
5453 }
5454 return err;
5455}
5456
Willy Tarreau55d37912016-12-21 23:38:39 +01005457/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5458 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5459 * alerts are directly emitted since the rest of the stack does it below.
5460 */
5461int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5462{
5463 struct proxy *px = bind_conf->frontend;
5464 int alloc_ctx;
5465 int err;
5466
5467 if (!bind_conf->is_ssl) {
5468 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005469 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5470 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005471 }
5472 return 0;
5473 }
5474 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005475 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005476 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5477 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005478 }
5479 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005480 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5481 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005482 return -1;
5483 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005484 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005485 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005486 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005487 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005488 sizeof(*sh_ssl_sess_tree),
5489 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005490 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005491 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5492 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5493 else
5494 ha_alert("Unable to allocate SSL session cache.\n");
5495 return -1;
5496 }
5497 /* free block callback */
5498 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5499 /* init the root tree within the extra space */
5500 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5501 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005502 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005503 err = 0;
5504 /* initialize all certificate contexts */
5505 err += ssl_sock_prepare_all_ctx(bind_conf);
5506
5507 /* initialize CA variables if the certificates generation is enabled */
5508 err += ssl_sock_load_ca(bind_conf);
5509
5510 return -err;
5511}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005512
5513/* release ssl context allocated for servers. */
5514void ssl_sock_free_srv_ctx(struct server *srv)
5515{
Olivier Houchardc7566002018-11-20 23:33:50 +01005516#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5517 if (srv->ssl_ctx.alpn_str)
5518 free(srv->ssl_ctx.alpn_str);
5519#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005520#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005521 if (srv->ssl_ctx.npn_str)
5522 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005523#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005524 if (srv->ssl_ctx.ctx)
5525 SSL_CTX_free(srv->ssl_ctx.ctx);
5526}
5527
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005528/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005529 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5530 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005531void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005532{
5533 struct ebmb_node *node, *back;
5534 struct sni_ctx *sni;
5535
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005536 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005537 while (node) {
5538 sni = ebmb_entry(node, struct sni_ctx, name);
5539 back = ebmb_next(node);
5540 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005541 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005542 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005543 ssl_sock_free_ssl_conf(sni->conf);
5544 free(sni->conf);
5545 sni->conf = NULL;
5546 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005547 free(sni);
5548 node = back;
5549 }
5550
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005551 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005552 while (node) {
5553 sni = ebmb_entry(node, struct sni_ctx, name);
5554 back = ebmb_next(node);
5555 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005556 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005557 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005558 ssl_sock_free_ssl_conf(sni->conf);
5559 free(sni->conf);
5560 sni->conf = NULL;
5561 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005562 free(sni);
5563 node = back;
5564 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005565 SSL_CTX_free(bind_conf->initial_ctx);
5566 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005567 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005568 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005569}
5570
Willy Tarreau795cdab2016-12-22 17:30:54 +01005571/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5572void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5573{
5574 ssl_sock_free_ca(bind_conf);
5575 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005576 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005577 free(bind_conf->ca_sign_file);
5578 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005579 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005580 free(bind_conf->keys_ref->filename);
5581 free(bind_conf->keys_ref->tlskeys);
5582 LIST_DEL(&bind_conf->keys_ref->list);
5583 free(bind_conf->keys_ref);
5584 }
5585 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005586 bind_conf->ca_sign_pass = NULL;
5587 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005588}
5589
Christopher Faulet31af49d2015-06-09 17:29:50 +02005590/* Load CA cert file and private key used to generate certificates */
5591int
Willy Tarreau03209342016-12-22 17:08:28 +01005592ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005593{
Willy Tarreau03209342016-12-22 17:08:28 +01005594 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005595 FILE *fp;
5596 X509 *cacert = NULL;
5597 EVP_PKEY *capkey = NULL;
5598 int err = 0;
5599
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005600 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005601 return err;
5602
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005603#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005604 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005605 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005606 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005607 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005608 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005609#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005610
Christopher Faulet31af49d2015-06-09 17:29:50 +02005611 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005612 ha_alert("Proxy '%s': cannot enable certificate generation, "
5613 "no CA certificate File configured at [%s:%d].\n",
5614 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005615 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005616 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005617
5618 /* read in the CA certificate */
5619 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005620 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5621 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005622 goto load_error;
5623 }
5624 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005625 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5626 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005627 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005628 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005629 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005630 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005631 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5632 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005633 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005634 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005635
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005636 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005637 bind_conf->ca_sign_cert = cacert;
5638 bind_conf->ca_sign_pkey = capkey;
5639 return err;
5640
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005641 read_error:
5642 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005643 if (capkey) EVP_PKEY_free(capkey);
5644 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005645 load_error:
5646 bind_conf->generate_certs = 0;
5647 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005648 return err;
5649}
5650
5651/* Release CA cert and private key used to generate certificated */
5652void
5653ssl_sock_free_ca(struct bind_conf *bind_conf)
5654{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005655 if (bind_conf->ca_sign_pkey)
5656 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5657 if (bind_conf->ca_sign_cert)
5658 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005659 bind_conf->ca_sign_pkey = NULL;
5660 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005661}
5662
Emeric Brun46591952012-05-18 15:47:34 +02005663/*
5664 * This function is called if SSL * context is not yet allocated. The function
5665 * is designed to be called before any other data-layer operation and sets the
5666 * handshake flag on the connection. It is safe to call it multiple times.
5667 * It returns 0 on success and -1 in error case.
5668 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005669static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005670{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005671 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005672 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005673 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005674 return 0;
5675
Willy Tarreau3c728722014-01-23 13:50:42 +01005676 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005677 return 0;
5678
Olivier Houchard66ab4982019-02-26 18:37:15 +01005679 ctx = pool_alloc(ssl_sock_ctx_pool);
5680 if (!ctx) {
5681 conn->err_code = CO_ER_SSL_NO_MEM;
5682 return -1;
5683 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005684 ctx->wait_event.tasklet = tasklet_new();
5685 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005686 conn->err_code = CO_ER_SSL_NO_MEM;
5687 pool_free(ssl_sock_ctx_pool, ctx);
5688 return -1;
5689 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005690 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5691 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005692 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005693 ctx->sent_early_data = 0;
5694 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005695 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005696 ctx->send_wait = NULL;
5697 ctx->recv_wait = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005698 ctx->xprt_st = 0;
5699 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005700
5701 /* Only work with sockets for now, this should be adapted when we'll
5702 * add QUIC support.
5703 */
5704 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005705 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005706 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5707 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005708 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005709
Willy Tarreau20879a02012-12-03 16:32:10 +01005710 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5711 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005712 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005713 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005714
Emeric Brun46591952012-05-18 15:47:34 +02005715 /* If it is in client mode initiate SSL session
5716 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005717 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005718 int may_retry = 1;
5719
5720 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005721 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005722 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5723 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005724 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005725 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005726 goto retry_connect;
5727 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005728 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005729 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005730 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005731 ctx->bio = BIO_new(ha_meth);
5732 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005733 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005734 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005735 goto retry_connect;
5736 }
Emeric Brun55476152014-11-12 17:35:37 +01005737 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005738 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005739 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005740 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005741 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005742
Evan Broderbe554312013-06-27 00:05:25 -07005743 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005744 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5745 SSL_free(ctx->ssl);
5746 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005747 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005748 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005749 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005750 goto retry_connect;
5751 }
Emeric Brun55476152014-11-12 17:35:37 +01005752 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005753 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005754 }
5755
Olivier Houchard66ab4982019-02-26 18:37:15 +01005756 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005757 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5758 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5759 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005760 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005761 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005762 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5763 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005764 } else if (sess) {
5765 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005766 }
5767 }
Evan Broderbe554312013-06-27 00:05:25 -07005768
Emeric Brun46591952012-05-18 15:47:34 +02005769 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005770 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005771
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005772 _HA_ATOMIC_ADD(&sslconns, 1);
5773 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005774 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005775 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005776 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005777 if (conn->flags & CO_FL_ERROR)
5778 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005779 return 0;
5780 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005781 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005782 int may_retry = 1;
5783
5784 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005785 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005786 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5787 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005788 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005789 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005790 goto retry_accept;
5791 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005792 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005793 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005794 }
Emeric Brun46591952012-05-18 15:47:34 +02005795
Olivier Houcharda8955d52019-04-07 22:00:38 +02005796 ctx->bio = BIO_new(ha_meth);
5797 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005798 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005799 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005800 goto retry_accept;
5801 }
Emeric Brun55476152014-11-12 17:35:37 +01005802 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005803 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005804 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005805 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005806 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005807
Emeric Brune1f38db2012-09-03 20:36:47 +02005808 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005809 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5810 SSL_free(ctx->ssl);
5811 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005812 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005813 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005814 goto retry_accept;
5815 }
Emeric Brun55476152014-11-12 17:35:37 +01005816 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005817 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005818 }
5819
Olivier Houchard66ab4982019-02-26 18:37:15 +01005820 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005821
Emeric Brun46591952012-05-18 15:47:34 +02005822 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005823 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02005824#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005825 conn->flags |= CO_FL_EARLY_SSL_HS;
5826#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005827
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005828 _HA_ATOMIC_ADD(&sslconns, 1);
5829 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005830 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005831 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005832 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005833 if (conn->flags & CO_FL_ERROR)
5834 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005835 return 0;
5836 }
5837 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005838 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005839err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005840 if (ctx && ctx->wait_event.tasklet)
5841 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005842 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005843 return -1;
5844}
5845
5846
5847/* This is the callback which is used when an SSL handshake is pending. It
5848 * updates the FD status if it wants some polling before being called again.
5849 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5850 * otherwise it returns non-zero and removes itself from the connection's
5851 * flags (the bit is provided in <flag> by the caller).
5852 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005853static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005854{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005855 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005856 int ret;
5857
Willy Tarreau3c728722014-01-23 13:50:42 +01005858 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005859 return 0;
5860
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005861 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005862 goto out_error;
5863
Willy Tarreau5db847a2019-05-09 14:13:35 +02005864#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005865 /*
5866 * Check if we have early data. If we do, we have to read them
5867 * before SSL_do_handshake() is called, And there's no way to
5868 * detect early data, except to try to read them
5869 */
5870 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5871 size_t read_data;
5872
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005873 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005874 1, &read_data);
5875 if (ret == SSL_READ_EARLY_DATA_ERROR)
5876 goto check_error;
5877 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5878 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5879 return 1;
5880 } else
5881 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5882 }
5883#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005884 /* If we use SSL_do_handshake to process a reneg initiated by
5885 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5886 * Usually SSL_write and SSL_read are used and process implicitly
5887 * the reneg handshake.
5888 * Here we use SSL_peek as a workaround for reneg.
5889 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005890 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005891 char c;
5892
Olivier Houchard66ab4982019-02-26 18:37:15 +01005893 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005894 if (ret <= 0) {
5895 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005896 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005897
Emeric Brun674b7432012-11-08 19:21:55 +01005898 if (ret == SSL_ERROR_WANT_WRITE) {
5899 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005900 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005901 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005902 return 0;
5903 }
5904 else if (ret == SSL_ERROR_WANT_READ) {
5905 /* handshake may have been completed but we have
5906 * no more data to read.
5907 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005908 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005909 ret = 1;
5910 goto reneg_ok;
5911 }
5912 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005913 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005914 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005915 return 0;
5916 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005917#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005918 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005919 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005920 return 0;
5921 }
5922#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005923 else if (ret == SSL_ERROR_SYSCALL) {
5924 /* if errno is null, then connection was successfully established */
5925 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5926 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005927 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005928#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5929 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005930 conn->err_code = CO_ER_SSL_HANDSHAKE;
5931#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005932 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005933#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005934 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005935 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005936 empty_handshake = state == TLS_ST_BEFORE;
5937#else
Lukas Tribus49799162019-07-08 14:29:15 +02005938 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5939 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005940#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005941 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005942 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005943 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005944 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5945 else
5946 conn->err_code = CO_ER_SSL_EMPTY;
5947 }
5948 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005949 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005950 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5951 else
5952 conn->err_code = CO_ER_SSL_ABORT;
5953 }
5954 }
5955 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005956 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005957 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005958 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005959 conn->err_code = CO_ER_SSL_HANDSHAKE;
5960 }
Lukas Tribus49799162019-07-08 14:29:15 +02005961#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005962 }
Emeric Brun674b7432012-11-08 19:21:55 +01005963 goto out_error;
5964 }
5965 else {
5966 /* Fail on all other handshake errors */
5967 /* Note: OpenSSL may leave unread bytes in the socket's
5968 * buffer, causing an RST to be emitted upon close() on
5969 * TCP sockets. We first try to drain possibly pending
5970 * data to avoid this as much as possible.
5971 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005972 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005973 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005974 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005975 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005976 goto out_error;
5977 }
5978 }
5979 /* read some data: consider handshake completed */
5980 goto reneg_ok;
5981 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005982 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005983check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005984 if (ret != 1) {
5985 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005986 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005987
5988 if (ret == SSL_ERROR_WANT_WRITE) {
5989 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005990 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005991 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005992 return 0;
5993 }
5994 else if (ret == SSL_ERROR_WANT_READ) {
5995 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005996 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005997 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5998 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005999 return 0;
6000 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006001#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006002 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006003 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006004 return 0;
6005 }
6006#endif
Willy Tarreau89230192012-09-28 20:22:13 +02006007 else if (ret == SSL_ERROR_SYSCALL) {
6008 /* if errno is null, then connection was successfully established */
6009 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6010 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006011 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006012#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6013 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006014 conn->err_code = CO_ER_SSL_HANDSHAKE;
6015#else
6016 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006017#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006018 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006019 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006020 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006021#else
Lukas Tribus49799162019-07-08 14:29:15 +02006022 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6023 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006024#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006025 if (empty_handshake) {
6026 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006027 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006028 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6029 else
6030 conn->err_code = CO_ER_SSL_EMPTY;
6031 }
6032 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006033 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006034 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6035 else
6036 conn->err_code = CO_ER_SSL_ABORT;
6037 }
Emeric Brun29f037d2014-04-25 19:05:36 +02006038 }
6039 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006040 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006041 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6042 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006043 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02006044 }
Lukas Tribus49799162019-07-08 14:29:15 +02006045#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02006046 }
Willy Tarreau89230192012-09-28 20:22:13 +02006047 goto out_error;
6048 }
Emeric Brun46591952012-05-18 15:47:34 +02006049 else {
6050 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02006051 /* Note: OpenSSL may leave unread bytes in the socket's
6052 * buffer, causing an RST to be emitted upon close() on
6053 * TCP sockets. We first try to drain possibly pending
6054 * data to avoid this as much as possible.
6055 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006056 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006057 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006058 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006059 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006060 goto out_error;
6061 }
6062 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006063#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01006064 else {
6065 /*
6066 * If the server refused the early data, we have to send a
6067 * 425 to the client, as we no longer have the data to sent
6068 * them again.
6069 */
6070 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006071 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006072 conn->err_code = CO_ER_SSL_EARLY_FAILED;
6073 goto out_error;
6074 }
6075 }
6076 }
6077#endif
6078
Emeric Brun46591952012-05-18 15:47:34 +02006079
Emeric Brun674b7432012-11-08 19:21:55 +01006080reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00006081
Willy Tarreau5db847a2019-05-09 14:13:35 +02006082#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006083 /* ASYNC engine API doesn't support moving read/write
6084 * buffers. So we disable ASYNC mode right after
6085 * the handshake to avoid buffer oveflows.
6086 */
6087 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006088 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006089#endif
Emeric Brun46591952012-05-18 15:47:34 +02006090 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006091 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006092 if (objt_server(conn->target)) {
6093 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
6094 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
6095 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02006096 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006097 else {
6098 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
6099 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
6100 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
6101 }
Emeric Brun46591952012-05-18 15:47:34 +02006102 }
6103
6104 /* The connection is now established at both layers, it's time to leave */
6105 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
6106 return 1;
6107
6108 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006109 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006110 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006111 ERR_clear_error();
6112
Emeric Brun9fa89732012-10-04 17:09:56 +02006113 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02006114 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
6115 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
6116 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02006117 }
6118
Emeric Brun46591952012-05-18 15:47:34 +02006119 /* Fail on all other handshake errors */
6120 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01006121 if (!conn->err_code)
6122 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006123 return 0;
6124}
6125
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006126static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006127{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006128 struct wait_event *sw;
6129 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006130
Olivier Houchard0ff28652019-06-24 18:57:39 +02006131 if (!ctx)
6132 return -1;
6133
Olivier Houchardea8dd942019-05-20 14:02:16 +02006134 if (event_type & SUB_RETRY_RECV) {
6135 sw = param;
6136 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
6137 sw->events |= SUB_RETRY_RECV;
6138 ctx->recv_wait = sw;
6139 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6140 !(ctx->wait_event.events & SUB_RETRY_RECV))
6141 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
6142 event_type &= ~SUB_RETRY_RECV;
6143 }
6144 if (event_type & SUB_RETRY_SEND) {
6145sw = param;
6146 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
6147 sw->events |= SUB_RETRY_SEND;
6148 ctx->send_wait = sw;
6149 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6150 !(ctx->wait_event.events & SUB_RETRY_SEND))
6151 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
6152 event_type &= ~SUB_RETRY_SEND;
6153
6154 }
6155 if (event_type != 0)
6156 return -1;
6157 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006158}
6159
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006160static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006161{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006162 struct wait_event *sw;
6163 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006164
Olivier Houchardea8dd942019-05-20 14:02:16 +02006165 if (event_type & SUB_RETRY_RECV) {
6166 sw = param;
6167 BUG_ON(ctx->recv_wait != sw);
6168 ctx->recv_wait = NULL;
6169 sw->events &= ~SUB_RETRY_RECV;
6170 /* If we subscribed, and we're not doing the handshake,
6171 * then we subscribed because the upper layer asked for it,
6172 * as the upper layer is no longer interested, we can
6173 * unsubscribe too.
6174 */
6175 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6176 (ctx->wait_event.events & SUB_RETRY_RECV))
6177 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
6178 &ctx->wait_event);
6179 }
6180 if (event_type & SUB_RETRY_SEND) {
6181 sw = param;
6182 BUG_ON(ctx->send_wait != sw);
6183 ctx->send_wait = NULL;
6184 sw->events &= ~SUB_RETRY_SEND;
6185 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6186 (ctx->wait_event.events & SUB_RETRY_SEND))
6187 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
6188 &ctx->wait_event);
6189
6190 }
6191
6192 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006193}
6194
Olivier Houchard2e055482019-05-27 19:50:12 +02006195/* Use the provided XPRT as an underlying XPRT, and provide the old one.
6196 * Returns 0 on success, and non-zero on failure.
6197 */
6198static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
6199{
6200 struct ssl_sock_ctx *ctx = xprt_ctx;
6201
6202 if (oldxprt_ops != NULL)
6203 *oldxprt_ops = ctx->xprt;
6204 if (oldxprt_ctx != NULL)
6205 *oldxprt_ctx = ctx->xprt_ctx;
6206 ctx->xprt = toadd_ops;
6207 ctx->xprt_ctx = toadd_ctx;
6208 return 0;
6209}
6210
Olivier Houchard5149b592019-05-23 17:47:36 +02006211/* Remove the specified xprt. If if it our underlying XPRT, remove it and
6212 * return 0, otherwise just call the remove_xprt method from the underlying
6213 * XPRT.
6214 */
6215static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
6216{
6217 struct ssl_sock_ctx *ctx = xprt_ctx;
6218
6219 if (ctx->xprt_ctx == toremove_ctx) {
6220 ctx->xprt_ctx = newctx;
6221 ctx->xprt = newops;
6222 return 0;
6223 }
6224 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
6225}
6226
Olivier Houchardea8dd942019-05-20 14:02:16 +02006227static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
6228{
6229 struct ssl_sock_ctx *ctx = context;
6230
6231 /* First if we're doing an handshake, try that */
6232 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
6233 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
6234 /* If we had an error, or the handshake is done and I/O is available,
6235 * let the upper layer know.
6236 * If no mux was set up yet, and nobody subscribed, then call
6237 * xprt_done_cb() ourself if it's set, or destroy the connection,
6238 * we can't be sure conn_fd_handler() will be called again.
6239 */
6240 if ((ctx->conn->flags & CO_FL_ERROR) ||
6241 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
6242 int ret = 0;
6243 int woke = 0;
6244
6245 /* On error, wake any waiter */
6246 if (ctx->recv_wait) {
6247 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006248 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006249 ctx->recv_wait = NULL;
6250 woke = 1;
6251 }
6252 if (ctx->send_wait) {
6253 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006254 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006255 ctx->send_wait = NULL;
6256 woke = 1;
6257 }
6258 /* If we're the first xprt for the connection, let the
6259 * upper layers know. If xprt_done_cb() is set, call it,
6260 * otherwise, we should have a mux, so call its wake
6261 * method if we didn't woke a tasklet already.
6262 */
6263 if (ctx->conn->xprt_ctx == ctx) {
6264 if (ctx->conn->xprt_done_cb)
6265 ret = ctx->conn->xprt_done_cb(ctx->conn);
6266 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
6267 ctx->conn->mux->wake(ctx->conn);
6268 return NULL;
6269 }
6270 }
6271 return NULL;
6272}
6273
Emeric Brun46591952012-05-18 15:47:34 +02006274/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01006275 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02006276 * buffer wraps, in which case a second call may be performed. The connection's
6277 * flags are updated with whatever special event is detected (error, read0,
6278 * empty). The caller is responsible for taking care of those events and
6279 * avoiding the call if inappropriate. The function does not call the
6280 * connection's polling update function, so the caller is responsible for this.
6281 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006282static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006283{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006284 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02006285 ssize_t ret;
6286 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02006287
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006288 conn_refresh_polling_flags(conn);
6289
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006290 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006291 goto out_error;
6292
6293 if (conn->flags & CO_FL_HANDSHAKE)
6294 /* a handshake was requested */
6295 return 0;
6296
Emeric Brun46591952012-05-18 15:47:34 +02006297 /* read the largest possible block. For this, we perform only one call
6298 * to recv() unless the buffer wraps and we exactly fill the first hunk,
6299 * in which case we accept to do it once again. A new attempt is made on
6300 * EINTR too.
6301 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01006302 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006303 int need_out = 0;
6304
Willy Tarreau591d4452018-06-15 17:21:00 +02006305 try = b_contig_space(buf);
6306 if (!try)
6307 break;
6308
Willy Tarreauabf08d92014-01-14 11:31:27 +01006309 if (try > count)
6310 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02006311
Olivier Houchardc2aae742017-09-22 18:26:28 +02006312 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006313 ctx->tmp_early_data != -1) {
6314 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006315 done++;
6316 try--;
6317 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02006318 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006319 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006320 continue;
6321 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01006322
Willy Tarreau5db847a2019-05-09 14:13:35 +02006323#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006324 if (conn->flags & CO_FL_EARLY_SSL_HS) {
6325 size_t read_length;
6326
Olivier Houchard66ab4982019-02-26 18:37:15 +01006327 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02006328 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01006329 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
6330 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006331 conn->flags |= CO_FL_EARLY_DATA;
6332 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
6333 ret == SSL_READ_EARLY_DATA_FINISH) {
6334 if (ret == SSL_READ_EARLY_DATA_FINISH) {
6335 /*
6336 * We're done reading the early data,
6337 * let's make the handshake
6338 */
6339 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6340 conn->flags |= CO_FL_SSL_WAIT_HS;
6341 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006342 /* Now initiate the handshake */
6343 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006344 if (read_length == 0)
6345 break;
6346 }
6347 ret = read_length;
6348 }
6349 } else
6350#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006351 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006352
Emeric Brune1f38db2012-09-03 20:36:47 +02006353 if (conn->flags & CO_FL_ERROR) {
6354 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006355 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006356 }
Emeric Brun46591952012-05-18 15:47:34 +02006357 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02006358 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006359 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006360 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006361 }
Emeric Brun46591952012-05-18 15:47:34 +02006362 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006363 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006364 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006365 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02006366 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006367 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006368#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006369 /* Async mode can be re-enabled, because we're leaving data state.*/
6370 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006371 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006372#endif
Emeric Brun46591952012-05-18 15:47:34 +02006373 break;
6374 }
6375 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006376 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006377 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6378 SUB_RETRY_RECV,
6379 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01006380 /* handshake is running, and it may need to re-enable read */
6381 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006382#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006383 /* Async mode can be re-enabled, because we're leaving data state.*/
6384 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006385 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006386#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006387 break;
6388 }
Emeric Brun46591952012-05-18 15:47:34 +02006389 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006390 } else if (ret == SSL_ERROR_ZERO_RETURN)
6391 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006392 /* For SSL_ERROR_SYSCALL, make sure to clear the error
6393 * stack before shutting down the connection for
6394 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006395 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
6396 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02006397 /* otherwise it's a real error */
6398 goto out_error;
6399 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006400 if (need_out)
6401 break;
Emeric Brun46591952012-05-18 15:47:34 +02006402 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006403 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006404 return done;
6405
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006406 clear_ssl_error:
6407 /* Clear openssl global errors stack */
6408 ssl_sock_dump_errors(conn);
6409 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02006410 read0:
6411 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006412 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006413
Emeric Brun46591952012-05-18 15:47:34 +02006414 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006415 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01006416 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006417 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006418 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006419 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006420}
6421
6422
Willy Tarreau787db9a2018-06-14 18:31:46 +02006423/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
6424 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
6425 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02006426 * Only one call to send() is performed, unless the buffer wraps, in which case
6427 * a second call may be performed. The connection's flags are updated with
6428 * whatever special event is detected (error, empty). The caller is responsible
6429 * for taking care of those events and avoiding the call if inappropriate. The
6430 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02006431 * is responsible for this. The buffer's output is not adjusted, it's up to the
6432 * caller to take care of this. It's up to the caller to update the buffer's
6433 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02006434 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006435static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006436{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006437 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006438 ssize_t ret;
6439 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02006440
6441 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006442 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02006443
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006444 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006445 goto out_error;
6446
Olivier Houchard010941f2019-05-03 20:56:19 +02006447 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006448 /* a handshake was requested */
6449 return 0;
6450
6451 /* send the largest possible block. For this we perform only one call
6452 * to send() unless the buffer wraps and we exactly fill the first hunk,
6453 * in which case we accept to do it once again.
6454 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006455 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02006456#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006457 size_t written_data;
6458#endif
6459
Willy Tarreau787db9a2018-06-14 18:31:46 +02006460 try = b_contig_data(buf, done);
6461 if (try > count)
6462 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006463
Willy Tarreau7bed9452014-02-02 02:00:24 +01006464 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006465 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006466 global_ssl.max_record && try > global_ssl.max_record) {
6467 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006468 }
6469 else {
6470 /* we need to keep the information about the fact that
6471 * we're not limiting the upcoming send(), because if it
6472 * fails, we'll have to retry with at least as many data.
6473 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006474 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006475 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006476
Willy Tarreau5db847a2019-05-09 14:13:35 +02006477#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006478 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006479 unsigned int max_early;
6480
Olivier Houchard522eea72017-11-03 16:27:47 +01006481 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006482 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006483 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006484 if (SSL_get0_session(ctx->ssl))
6485 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006486 else
6487 max_early = 0;
6488 }
6489
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006490 if (try + ctx->sent_early_data > max_early) {
6491 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006492 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006493 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006494 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006495 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006496 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006497 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006498 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006499 if (ret == 1) {
6500 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006501 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006502 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006503 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006504 /* Initiate the handshake, now */
6505 tasklet_wakeup(ctx->wait_event.tasklet);
6506 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006507
Olivier Houchardc2aae742017-09-22 18:26:28 +02006508 }
6509
6510 } else
6511#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006512 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006513
Emeric Brune1f38db2012-09-03 20:36:47 +02006514 if (conn->flags & CO_FL_ERROR) {
6515 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006516 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006517 }
Emeric Brun46591952012-05-18 15:47:34 +02006518 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006519 /* A send succeeded, so we can consier ourself connected */
6520 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006521 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006522 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006523 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006524 }
6525 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006526 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006527
Emeric Brun46591952012-05-18 15:47:34 +02006528 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006529 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006530 /* handshake is running, and it may need to re-enable write */
6531 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006532 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006533#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006534 /* Async mode can be re-enabled, because we're leaving data state.*/
6535 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006536 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006537#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006538 break;
6539 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006540
Emeric Brun46591952012-05-18 15:47:34 +02006541 break;
6542 }
6543 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006544 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006545 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006546 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6547 SUB_RETRY_RECV,
6548 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006549#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006550 /* Async mode can be re-enabled, because we're leaving data state.*/
6551 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006552 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006553#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006554 break;
6555 }
Emeric Brun46591952012-05-18 15:47:34 +02006556 goto out_error;
6557 }
6558 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006559 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006560 return done;
6561
6562 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006563 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006564 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006565 ERR_clear_error();
6566
Emeric Brun46591952012-05-18 15:47:34 +02006567 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006568 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006569}
6570
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006571static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006572
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006573 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006574
Olivier Houchardea8dd942019-05-20 14:02:16 +02006575
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006576 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006577 if (ctx->wait_event.events != 0)
6578 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6579 ctx->wait_event.events,
6580 &ctx->wait_event);
6581 if (ctx->send_wait) {
6582 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006583 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006584 }
6585 if (ctx->recv_wait) {
6586 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006587 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006588 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006589 if (ctx->xprt->close)
6590 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006591#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006592 if (global_ssl.async) {
6593 OSSL_ASYNC_FD all_fd[32], afd;
6594 size_t num_all_fds = 0;
6595 int i;
6596
Olivier Houchard66ab4982019-02-26 18:37:15 +01006597 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006598 if (num_all_fds > 32) {
6599 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6600 return;
6601 }
6602
Olivier Houchard66ab4982019-02-26 18:37:15 +01006603 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006604
6605 /* If an async job is pending, we must try to
6606 to catch the end using polling before calling
6607 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006608 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006609 for (i=0 ; i < num_all_fds ; i++) {
6610 /* switch on an handler designed to
6611 * handle the SSL_free
6612 */
6613 afd = all_fd[i];
6614 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006615 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006616 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006617 /* To ensure that the fd cache won't be used
6618 * and we'll catch a real RD event.
6619 */
6620 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006621 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006622 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006623 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006624 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006625 return;
6626 }
Emeric Brun3854e012017-05-17 20:42:48 +02006627 /* Else we can remove the fds from the fdtab
6628 * and call SSL_free.
6629 * note: we do a fd_remove and not a delete
6630 * because the fd is owned by the engine.
6631 * the engine is responsible to close
6632 */
6633 for (i=0 ; i < num_all_fds ; i++)
6634 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006635 }
6636#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006637 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006638 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006639 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006640 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006641 }
Emeric Brun46591952012-05-18 15:47:34 +02006642}
6643
6644/* This function tries to perform a clean shutdown on an SSL connection, and in
6645 * any case, flags the connection as reusable if no handshake was in progress.
6646 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006647static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006648{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006649 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006650
Emeric Brun46591952012-05-18 15:47:34 +02006651 if (conn->flags & CO_FL_HANDSHAKE)
6652 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006653 if (!clean)
6654 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006655 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006656 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006657 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006658 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006659 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006660 ERR_clear_error();
6661 }
Emeric Brun46591952012-05-18 15:47:34 +02006662}
6663
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006664/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006665int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006666{
Christopher Faulet82004142019-09-10 10:12:03 +02006667 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006668 struct pkey_info *pkinfo;
6669 int bits = 0;
6670 int sig = TLSEXT_signature_anonymous;
6671 int len = -1;
6672
6673 if (!ssl_sock_is_ssl(conn))
6674 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02006675 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006676 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006677 if (pkinfo) {
6678 sig = pkinfo->sig;
6679 bits = pkinfo->bits;
6680 } else {
6681 /* multicert and generated cert have no pkey info */
6682 X509 *crt;
6683 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006684 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006685 if (!crt)
6686 return 0;
6687 pkey = X509_get_pubkey(crt);
6688 if (pkey) {
6689 bits = EVP_PKEY_bits(pkey);
6690 switch(EVP_PKEY_base_id(pkey)) {
6691 case EVP_PKEY_RSA:
6692 sig = TLSEXT_signature_rsa;
6693 break;
6694 case EVP_PKEY_EC:
6695 sig = TLSEXT_signature_ecdsa;
6696 break;
6697 case EVP_PKEY_DSA:
6698 sig = TLSEXT_signature_dsa;
6699 break;
6700 }
6701 EVP_PKEY_free(pkey);
6702 }
6703 }
6704
6705 switch(sig) {
6706 case TLSEXT_signature_rsa:
6707 len = chunk_printf(out, "RSA%d", bits);
6708 break;
6709 case TLSEXT_signature_ecdsa:
6710 len = chunk_printf(out, "EC%d", bits);
6711 break;
6712 case TLSEXT_signature_dsa:
6713 len = chunk_printf(out, "DSA%d", bits);
6714 break;
6715 default:
6716 return 0;
6717 }
6718 if (len < 0)
6719 return 0;
6720 return 1;
6721}
6722
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006723/* used for ppv2 cert signature (can be used for logging) */
6724const char *ssl_sock_get_cert_sig(struct connection *conn)
6725{
Christopher Faulet82004142019-09-10 10:12:03 +02006726 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006727
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006728 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6729 X509 *crt;
6730
6731 if (!ssl_sock_is_ssl(conn))
6732 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006733 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006734 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006735 if (!crt)
6736 return NULL;
6737 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6738 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6739}
6740
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006741/* used for ppv2 authority */
6742const char *ssl_sock_get_sni(struct connection *conn)
6743{
6744#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006745 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006746
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006747 if (!ssl_sock_is_ssl(conn))
6748 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006749 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006750 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006751#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006752 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006753#endif
6754}
6755
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006756/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006757const char *ssl_sock_get_cipher_name(struct connection *conn)
6758{
Christopher Faulet82004142019-09-10 10:12:03 +02006759 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006760
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006761 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006762 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006763 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006764 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006765}
6766
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006767/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006768const char *ssl_sock_get_proto_version(struct connection *conn)
6769{
Christopher Faulet82004142019-09-10 10:12:03 +02006770 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006771
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006772 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006773 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006774 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006775 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006776}
6777
Willy Tarreau8d598402012-10-22 17:58:39 +02006778/* Extract a serial from a cert, and copy it to a chunk.
6779 * Returns 1 if serial is found and copied, 0 if no serial found and
6780 * -1 if output is not large enough.
6781 */
6782static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006783ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006784{
6785 ASN1_INTEGER *serial;
6786
6787 serial = X509_get_serialNumber(crt);
6788 if (!serial)
6789 return 0;
6790
6791 if (out->size < serial->length)
6792 return -1;
6793
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006794 memcpy(out->area, serial->data, serial->length);
6795 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006796 return 1;
6797}
6798
Emeric Brun43e79582014-10-29 19:03:26 +01006799/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006800 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6801 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006802 */
6803static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006804ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006805{
6806 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006807 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006808
6809 len =i2d_X509(crt, NULL);
6810 if (len <= 0)
6811 return 1;
6812
6813 if (out->size < len)
6814 return -1;
6815
6816 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006817 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006818 return 1;
6819}
6820
Emeric Brunce5ad802012-10-22 14:11:22 +02006821
Willy Tarreau83061a82018-07-13 11:56:34 +02006822/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006823 * Returns 1 if serial is found and copied, 0 if no valid time found
6824 * and -1 if output is not large enough.
6825 */
6826static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006827ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006828{
6829 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6830 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6831
6832 if (gentm->length < 12)
6833 return 0;
6834 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6835 return 0;
6836 if (out->size < gentm->length-2)
6837 return -1;
6838
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006839 memcpy(out->area, gentm->data+2, gentm->length-2);
6840 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006841 return 1;
6842 }
6843 else if (tm->type == V_ASN1_UTCTIME) {
6844 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6845
6846 if (utctm->length < 10)
6847 return 0;
6848 if (utctm->data[0] >= 0x35)
6849 return 0;
6850 if (out->size < utctm->length)
6851 return -1;
6852
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006853 memcpy(out->area, utctm->data, utctm->length);
6854 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006855 return 1;
6856 }
6857
6858 return 0;
6859}
6860
Emeric Brun87855892012-10-17 17:39:35 +02006861/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6862 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6863 */
6864static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006865ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6866 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006867{
6868 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006869 ASN1_OBJECT *obj;
6870 ASN1_STRING *data;
6871 const unsigned char *data_ptr;
6872 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006873 int i, j, n;
6874 int cur = 0;
6875 const char *s;
6876 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006877 int name_count;
6878
6879 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006880
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006881 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006882 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006883 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006884 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006885 else
6886 j = i;
6887
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006888 ne = X509_NAME_get_entry(a, j);
6889 obj = X509_NAME_ENTRY_get_object(ne);
6890 data = X509_NAME_ENTRY_get_data(ne);
6891 data_ptr = ASN1_STRING_get0_data(data);
6892 data_len = ASN1_STRING_length(data);
6893 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006894 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006895 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006896 s = tmp;
6897 }
6898
6899 if (chunk_strcasecmp(entry, s) != 0)
6900 continue;
6901
6902 if (pos < 0)
6903 cur--;
6904 else
6905 cur++;
6906
6907 if (cur != pos)
6908 continue;
6909
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006910 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006911 return -1;
6912
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006913 memcpy(out->area, data_ptr, data_len);
6914 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006915 return 1;
6916 }
6917
6918 return 0;
6919
6920}
6921
6922/* Extract and format full DN from a X509_NAME and copy result into a chunk
6923 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6924 */
6925static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006926ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006927{
6928 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006929 ASN1_OBJECT *obj;
6930 ASN1_STRING *data;
6931 const unsigned char *data_ptr;
6932 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006933 int i, n, ln;
6934 int l = 0;
6935 const char *s;
6936 char *p;
6937 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006938 int name_count;
6939
6940
6941 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006942
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006943 out->data = 0;
6944 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006945 for (i = 0; i < name_count; i++) {
6946 ne = X509_NAME_get_entry(a, i);
6947 obj = X509_NAME_ENTRY_get_object(ne);
6948 data = X509_NAME_ENTRY_get_data(ne);
6949 data_ptr = ASN1_STRING_get0_data(data);
6950 data_len = ASN1_STRING_length(data);
6951 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006952 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006953 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006954 s = tmp;
6955 }
6956 ln = strlen(s);
6957
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006958 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006959 if (l > out->size)
6960 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006961 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006962
6963 *(p++)='/';
6964 memcpy(p, s, ln);
6965 p += ln;
6966 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006967 memcpy(p, data_ptr, data_len);
6968 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006969 }
6970
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006971 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006972 return 0;
6973
6974 return 1;
6975}
6976
Olivier Houchardab28a322018-12-21 19:45:40 +01006977void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6978{
6979#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet82004142019-09-10 10:12:03 +02006980 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006981
Olivier Houcharde488ea82019-06-28 14:10:33 +02006982 if (!ssl_sock_is_ssl(conn))
6983 return;
Christopher Faulet82004142019-09-10 10:12:03 +02006984 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006985 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006986#endif
6987}
6988
Willy Tarreau119a4082016-12-22 21:58:38 +01006989/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6990 * to disable SNI.
6991 */
Willy Tarreau63076412015-07-10 11:33:32 +02006992void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6993{
6994#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006995 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006996
Willy Tarreau119a4082016-12-22 21:58:38 +01006997 char *prev_name;
6998
Willy Tarreau63076412015-07-10 11:33:32 +02006999 if (!ssl_sock_is_ssl(conn))
7000 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007001 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02007002
Willy Tarreau119a4082016-12-22 21:58:38 +01007003 /* if the SNI changes, we must destroy the reusable context so that a
7004 * new connection will present a new SNI. As an optimization we could
7005 * later imagine having a small cache of ssl_ctx to hold a few SNI per
7006 * server.
7007 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007008 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01007009 if ((!prev_name && hostname) ||
7010 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01007011 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01007012
Olivier Houchard66ab4982019-02-26 18:37:15 +01007013 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02007014#endif
7015}
7016
Emeric Brun0abf8362014-06-24 18:26:41 +02007017/* Extract peer certificate's common name into the chunk dest
7018 * Returns
7019 * the len of the extracted common name
7020 * or 0 if no CN found in DN
7021 * or -1 on error case (i.e. no peer certificate)
7022 */
Willy Tarreau83061a82018-07-13 11:56:34 +02007023int ssl_sock_get_remote_common_name(struct connection *conn,
7024 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04007025{
Christopher Faulet82004142019-09-10 10:12:03 +02007026 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04007027 X509 *crt = NULL;
7028 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04007029 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02007030 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007031 .area = (char *)&find_cn,
7032 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04007033 };
Emeric Brun0abf8362014-06-24 18:26:41 +02007034 int result = -1;
David Safb76832014-05-08 23:42:08 -04007035
7036 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02007037 goto out;
Christopher Faulet82004142019-09-10 10:12:03 +02007038 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04007039
7040 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007041 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007042 if (!crt)
7043 goto out;
7044
7045 name = X509_get_subject_name(crt);
7046 if (!name)
7047 goto out;
David Safb76832014-05-08 23:42:08 -04007048
Emeric Brun0abf8362014-06-24 18:26:41 +02007049 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
7050out:
David Safb76832014-05-08 23:42:08 -04007051 if (crt)
7052 X509_free(crt);
7053
7054 return result;
7055}
7056
Dave McCowan328fb582014-07-30 10:39:13 -04007057/* returns 1 if client passed a certificate for this session, 0 if not */
7058int ssl_sock_get_cert_used_sess(struct connection *conn)
7059{
Christopher Faulet82004142019-09-10 10:12:03 +02007060 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007061 X509 *crt = NULL;
7062
7063 if (!ssl_sock_is_ssl(conn))
7064 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007065 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007066
7067 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007068 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04007069 if (!crt)
7070 return 0;
7071
7072 X509_free(crt);
7073 return 1;
7074}
7075
7076/* returns 1 if client passed a certificate for this connection, 0 if not */
7077int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04007078{
Christopher Faulet82004142019-09-10 10:12:03 +02007079 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007080
David Safb76832014-05-08 23:42:08 -04007081 if (!ssl_sock_is_ssl(conn))
7082 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007083 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007084 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04007085}
7086
7087/* returns result from SSL verify */
7088unsigned int ssl_sock_get_verify_result(struct connection *conn)
7089{
Christopher Faulet82004142019-09-10 10:12:03 +02007090 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007091
David Safb76832014-05-08 23:42:08 -04007092 if (!ssl_sock_is_ssl(conn))
7093 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet82004142019-09-10 10:12:03 +02007094 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007095 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007096}
7097
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007098/* Returns the application layer protocol name in <str> and <len> when known.
7099 * Zero is returned if the protocol name was not found, otherwise non-zero is
7100 * returned. The string is allocated in the SSL context and doesn't have to be
7101 * freed by the caller. NPN is also checked if available since older versions
7102 * of openssl (1.0.1) which are more common in field only support this one.
7103 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007104static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007105{
Olivier Houchard66ab4982019-02-26 18:37:15 +01007106#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
7107 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007108 struct ssl_sock_ctx *ctx = xprt_ctx;
7109 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007110 return 0;
7111
7112 *str = NULL;
7113
7114#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01007115 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007116 if (*str)
7117 return 1;
7118#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01007119#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007120 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007121 if (*str)
7122 return 1;
7123#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007124#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007125 return 0;
7126}
7127
Willy Tarreau7875d092012-09-10 08:20:03 +02007128/***** Below are some sample fetching functions for ACL/patterns *****/
7129
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007130static int
7131smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
7132{
7133 struct connection *conn;
7134
7135 conn = objt_conn(smp->sess->origin);
7136 if (!conn || conn->xprt != &ssl_sock)
7137 return 0;
7138
7139 smp->flags = 0;
7140 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007141#ifdef OPENSSL_IS_BORINGSSL
7142 {
7143 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7144 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
7145 SSL_early_data_accepted(ctx->ssl));
7146 }
7147#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01007148 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
7149 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007150#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007151 return 1;
7152}
7153
Emeric Brune64aef12012-09-21 13:15:06 +02007154/* boolean, returns true if client cert was present */
7155static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007156smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02007157{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007158 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007159 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007160
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007161 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007162 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02007163 return 0;
7164
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007165 ctx = conn->xprt_ctx;
7166
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007167 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02007168 smp->flags |= SMP_F_MAY_CHANGE;
7169 return 0;
7170 }
7171
7172 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007173 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007174 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02007175
7176 return 1;
7177}
7178
Emeric Brun43e79582014-10-29 19:03:26 +01007179/* binary, returns a certificate in a binary chunk (der/raw).
7180 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7181 * should be use.
7182 */
7183static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007184smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01007185{
7186 int cert_peer = (kw[4] == 'c') ? 1 : 0;
7187 X509 *crt = NULL;
7188 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007189 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01007190 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007191 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007192
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007193 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01007194 if (!conn || conn->xprt != &ssl_sock)
7195 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007196 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007197
7198 if (!(conn->flags & CO_FL_CONNECTED)) {
7199 smp->flags |= SMP_F_MAY_CHANGE;
7200 return 0;
7201 }
7202
7203 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007204 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007205 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007206 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007207
7208 if (!crt)
7209 goto out;
7210
7211 smp_trash = get_trash_chunk();
7212 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
7213 goto out;
7214
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007215 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007216 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01007217 ret = 1;
7218out:
7219 /* SSL_get_peer_certificate, it increase X509 * ref count */
7220 if (cert_peer && crt)
7221 X509_free(crt);
7222 return ret;
7223}
7224
Emeric Brunba841a12014-04-30 17:05:08 +02007225/* binary, returns serial of certificate in a binary chunk.
7226 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7227 * should be use.
7228 */
Willy Tarreau8d598402012-10-22 17:58:39 +02007229static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007230smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02007231{
Emeric Brunba841a12014-04-30 17:05:08 +02007232 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02007233 X509 *crt = NULL;
7234 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007235 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007236 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007237 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007238
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007239 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007240 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02007241 return 0;
7242
Olivier Houchard66ab4982019-02-26 18:37:15 +01007243 ctx = conn->xprt_ctx;
7244
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007245 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02007246 smp->flags |= SMP_F_MAY_CHANGE;
7247 return 0;
7248 }
7249
Emeric Brunba841a12014-04-30 17:05:08 +02007250 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007251 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007252 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007253 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007254
Willy Tarreau8d598402012-10-22 17:58:39 +02007255 if (!crt)
7256 goto out;
7257
Willy Tarreau47ca5452012-12-23 20:22:19 +01007258 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02007259 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
7260 goto out;
7261
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007262 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007263 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02007264 ret = 1;
7265out:
Emeric Brunba841a12014-04-30 17:05:08 +02007266 /* SSL_get_peer_certificate, it increase X509 * ref count */
7267 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02007268 X509_free(crt);
7269 return ret;
7270}
Emeric Brune64aef12012-09-21 13:15:06 +02007271
Emeric Brunba841a12014-04-30 17:05:08 +02007272/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
7273 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7274 * should be use.
7275 */
James Votha051b4a2013-05-14 20:37:59 +02007276static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007277smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02007278{
Emeric Brunba841a12014-04-30 17:05:08 +02007279 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02007280 X509 *crt = NULL;
7281 const EVP_MD *digest;
7282 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007283 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007284 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007285 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02007286
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007287 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007288 if (!conn || conn->xprt != &ssl_sock)
7289 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007290 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007291
7292 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02007293 smp->flags |= SMP_F_MAY_CHANGE;
7294 return 0;
7295 }
7296
Emeric Brunba841a12014-04-30 17:05:08 +02007297 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007298 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007299 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007300 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02007301 if (!crt)
7302 goto out;
7303
7304 smp_trash = get_trash_chunk();
7305 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007306 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
7307 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02007308
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007309 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007310 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02007311 ret = 1;
7312out:
Emeric Brunba841a12014-04-30 17:05:08 +02007313 /* SSL_get_peer_certificate, it increase X509 * ref count */
7314 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02007315 X509_free(crt);
7316 return ret;
7317}
7318
Emeric Brunba841a12014-04-30 17:05:08 +02007319/* string, returns certificate's notafter date in ASN1_UTCTIME format.
7320 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7321 * should be use.
7322 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007323static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007324smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007325{
Emeric Brunba841a12014-04-30 17:05:08 +02007326 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007327 X509 *crt = NULL;
7328 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007329 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007330 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007331 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007332
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007333 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007334 if (!conn || conn->xprt != &ssl_sock)
7335 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007336 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007337
7338 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007339 smp->flags |= SMP_F_MAY_CHANGE;
7340 return 0;
7341 }
7342
Emeric Brunba841a12014-04-30 17:05:08 +02007343 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007344 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007345 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007346 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007347 if (!crt)
7348 goto out;
7349
Willy Tarreau47ca5452012-12-23 20:22:19 +01007350 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007351 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007352 goto out;
7353
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007354 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007355 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007356 ret = 1;
7357out:
Emeric Brunba841a12014-04-30 17:05:08 +02007358 /* SSL_get_peer_certificate, it increase X509 * ref count */
7359 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007360 X509_free(crt);
7361 return ret;
7362}
7363
Emeric Brunba841a12014-04-30 17:05:08 +02007364/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
7365 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7366 * should be use.
7367 */
Emeric Brun87855892012-10-17 17:39:35 +02007368static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007369smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007370{
Emeric Brunba841a12014-04-30 17:05:08 +02007371 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007372 X509 *crt = NULL;
7373 X509_NAME *name;
7374 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007375 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007376 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007377 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007378
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007379 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007380 if (!conn || conn->xprt != &ssl_sock)
7381 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007382 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007383
7384 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007385 smp->flags |= SMP_F_MAY_CHANGE;
7386 return 0;
7387 }
7388
Emeric Brunba841a12014-04-30 17:05:08 +02007389 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007390 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007391 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007392 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007393 if (!crt)
7394 goto out;
7395
7396 name = X509_get_issuer_name(crt);
7397 if (!name)
7398 goto out;
7399
Willy Tarreau47ca5452012-12-23 20:22:19 +01007400 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007401 if (args && args[0].type == ARGT_STR) {
7402 int pos = 1;
7403
7404 if (args[1].type == ARGT_SINT)
7405 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007406
7407 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7408 goto out;
7409 }
7410 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7411 goto out;
7412
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007413 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007414 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007415 ret = 1;
7416out:
Emeric Brunba841a12014-04-30 17:05:08 +02007417 /* SSL_get_peer_certificate, it increase X509 * ref count */
7418 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007419 X509_free(crt);
7420 return ret;
7421}
7422
Emeric Brunba841a12014-04-30 17:05:08 +02007423/* string, returns notbefore date in ASN1_UTCTIME format.
7424 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7425 * should be use.
7426 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007427static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007428smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007429{
Emeric Brunba841a12014-04-30 17:05:08 +02007430 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007431 X509 *crt = NULL;
7432 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007433 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007434 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007435 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007436
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007437 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007438 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02007439 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007440 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007441
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007442 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007443 smp->flags |= SMP_F_MAY_CHANGE;
7444 return 0;
7445 }
7446
Emeric Brunba841a12014-04-30 17:05:08 +02007447 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007448 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007449 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007450 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007451 if (!crt)
7452 goto out;
7453
Willy Tarreau47ca5452012-12-23 20:22:19 +01007454 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007455 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007456 goto out;
7457
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007458 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007459 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007460 ret = 1;
7461out:
Emeric Brunba841a12014-04-30 17:05:08 +02007462 /* SSL_get_peer_certificate, it increase X509 * ref count */
7463 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007464 X509_free(crt);
7465 return ret;
7466}
7467
Emeric Brunba841a12014-04-30 17:05:08 +02007468/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7469 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7470 * should be use.
7471 */
Emeric Brun87855892012-10-17 17:39:35 +02007472static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007473smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007474{
Emeric Brunba841a12014-04-30 17:05:08 +02007475 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007476 X509 *crt = NULL;
7477 X509_NAME *name;
7478 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007479 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007480 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007481 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007482
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007483 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007484 if (!conn || conn->xprt != &ssl_sock)
7485 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007486 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007487
7488 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007489 smp->flags |= SMP_F_MAY_CHANGE;
7490 return 0;
7491 }
7492
Emeric Brunba841a12014-04-30 17:05:08 +02007493 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007494 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007495 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007496 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007497 if (!crt)
7498 goto out;
7499
7500 name = X509_get_subject_name(crt);
7501 if (!name)
7502 goto out;
7503
Willy Tarreau47ca5452012-12-23 20:22:19 +01007504 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007505 if (args && args[0].type == ARGT_STR) {
7506 int pos = 1;
7507
7508 if (args[1].type == ARGT_SINT)
7509 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007510
7511 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7512 goto out;
7513 }
7514 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7515 goto out;
7516
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007517 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007518 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007519 ret = 1;
7520out:
Emeric Brunba841a12014-04-30 17:05:08 +02007521 /* SSL_get_peer_certificate, it increase X509 * ref count */
7522 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007523 X509_free(crt);
7524 return ret;
7525}
Emeric Brun9143d372012-12-20 15:44:16 +01007526
7527/* integer, returns true if current session use a client certificate */
7528static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007529smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007530{
7531 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007532 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007533 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007534
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007535 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007536 if (!conn || conn->xprt != &ssl_sock)
7537 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007538 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007539
7540 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007541 smp->flags |= SMP_F_MAY_CHANGE;
7542 return 0;
7543 }
7544
7545 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007546 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007547 if (crt) {
7548 X509_free(crt);
7549 }
7550
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007551 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007552 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007553 return 1;
7554}
7555
Emeric Brunba841a12014-04-30 17:05:08 +02007556/* integer, returns the certificate version
7557 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7558 * should be use.
7559 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007560static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007561smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007562{
Emeric Brunba841a12014-04-30 17:05:08 +02007563 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007564 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007565 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007566 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007567
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007568 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007569 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007570 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007571 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007572
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007573 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007574 smp->flags |= SMP_F_MAY_CHANGE;
7575 return 0;
7576 }
7577
Emeric Brunba841a12014-04-30 17:05:08 +02007578 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007579 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007580 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007581 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007582 if (!crt)
7583 return 0;
7584
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007585 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007586 /* SSL_get_peer_certificate increase X509 * ref count */
7587 if (cert_peer)
7588 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007589 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007590
7591 return 1;
7592}
7593
Emeric Brunba841a12014-04-30 17:05:08 +02007594/* string, returns the certificate's signature algorithm.
7595 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7596 * should be use.
7597 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007598static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007599smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007600{
Emeric Brunba841a12014-04-30 17:05:08 +02007601 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007602 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007603 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007604 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007605 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007606 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007607
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007608 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007609 if (!conn || conn->xprt != &ssl_sock)
7610 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007611 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007612
7613 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007614 smp->flags |= SMP_F_MAY_CHANGE;
7615 return 0;
7616 }
7617
Emeric Brunba841a12014-04-30 17:05:08 +02007618 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007619 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007620 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007621 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007622 if (!crt)
7623 return 0;
7624
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007625 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7626 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007627
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007628 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7629 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007630 /* SSL_get_peer_certificate increase X509 * ref count */
7631 if (cert_peer)
7632 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007633 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007634 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007635
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007636 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007637 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007638 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007639 /* SSL_get_peer_certificate increase X509 * ref count */
7640 if (cert_peer)
7641 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007642
7643 return 1;
7644}
7645
Emeric Brunba841a12014-04-30 17:05:08 +02007646/* string, returns the certificate's key algorithm.
7647 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7648 * should be use.
7649 */
Emeric Brun521a0112012-10-22 12:22:55 +02007650static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007651smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007652{
Emeric Brunba841a12014-04-30 17:05:08 +02007653 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007654 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007655 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007656 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007657 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007658 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007659
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007660 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007661 if (!conn || conn->xprt != &ssl_sock)
7662 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007663 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007664
7665 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007666 smp->flags |= SMP_F_MAY_CHANGE;
7667 return 0;
7668 }
7669
Emeric Brunba841a12014-04-30 17:05:08 +02007670 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007671 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007672 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007673 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007674 if (!crt)
7675 return 0;
7676
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007677 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7678 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007679
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007680 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7681 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007682 /* SSL_get_peer_certificate increase X509 * ref count */
7683 if (cert_peer)
7684 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007685 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007686 }
Emeric Brun521a0112012-10-22 12:22:55 +02007687
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007688 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007689 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007690 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007691 if (cert_peer)
7692 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007693
7694 return 1;
7695}
7696
Emeric Brun645ae792014-04-30 14:21:06 +02007697/* boolean, returns true if front conn. transport layer is SSL.
7698 * This function is also usable on backend conn if the fetch keyword 5th
7699 * char is 'b'.
7700 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007701static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007702smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007703{
Emeric Bruneb8def92018-02-19 15:59:48 +01007704 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7705 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007706
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007707 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007708 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007709 return 1;
7710}
7711
Emeric Brun2525b6b2012-10-18 15:59:43 +02007712/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007713static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007714smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007715{
7716#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007717 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007718 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007719
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007720 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007721 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007722 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007723 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007724 return 1;
7725#else
7726 return 0;
7727#endif
7728}
7729
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007730/* boolean, returns true if client session has been resumed.
7731 * This function is also usable on backend conn if the fetch keyword 5th
7732 * char is 'b'.
7733 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007734static int
7735smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7736{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007737 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7738 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007739 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007740
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007741
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007742 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007743 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007744 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007745 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007746 return 1;
7747}
7748
Emeric Brun645ae792014-04-30 14:21:06 +02007749/* string, returns the used cipher if front conn. transport layer is SSL.
7750 * This function is also usable on backend conn if the fetch keyword 5th
7751 * char is 'b'.
7752 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007753static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007754smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007755{
Emeric Bruneb8def92018-02-19 15:59:48 +01007756 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7757 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007758 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007759
Willy Tarreaube508f12016-03-10 11:47:01 +01007760 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007761 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007762 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007763 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007764
Olivier Houchard66ab4982019-02-26 18:37:15 +01007765 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007766 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007767 return 0;
7768
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007769 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007770 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007771 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007772
7773 return 1;
7774}
7775
Emeric Brun645ae792014-04-30 14:21:06 +02007776/* integer, returns the algoritm's keysize if front conn. transport layer
7777 * is SSL.
7778 * This function is also usable on backend conn if the fetch keyword 5th
7779 * char is 'b'.
7780 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007781static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007782smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007783{
Emeric Bruneb8def92018-02-19 15:59:48 +01007784 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7785 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007786 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007787 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007788
Emeric Brun589fcad2012-10-16 14:13:26 +02007789 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007790 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007791 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007792 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007793
Olivier Houchard66ab4982019-02-26 18:37:15 +01007794 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007795 return 0;
7796
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007797 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007798 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007799
7800 return 1;
7801}
7802
Emeric Brun645ae792014-04-30 14:21:06 +02007803/* integer, returns the used keysize if front conn. transport layer is SSL.
7804 * This function is also usable on backend conn if the fetch keyword 5th
7805 * char is 'b'.
7806 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007807static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007808smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007809{
Emeric Bruneb8def92018-02-19 15:59:48 +01007810 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7811 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007812 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007813
Emeric Brun589fcad2012-10-16 14:13:26 +02007814 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007815 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7816 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007817 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007818
Olivier Houchard66ab4982019-02-26 18:37:15 +01007819 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007820 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007821 return 0;
7822
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007823 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007824
7825 return 1;
7826}
7827
Bernard Spil13c53f82018-02-15 13:34:58 +01007828#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007829static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007830smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007831{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007832 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007833 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007834
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007835 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007836 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007837
Olivier Houchard6b77f492018-11-22 18:18:29 +01007838 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7839 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007840 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7841 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007842 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007843
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007844 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007845 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007846 (const unsigned char **)&smp->data.u.str.area,
7847 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007848
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007849 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007850 return 0;
7851
7852 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007853}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007854#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007855
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007856#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007857static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007858smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007859{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007860 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007861 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007862
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007863 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007864 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007865
Olivier Houchard6b77f492018-11-22 18:18:29 +01007866 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7867 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7868
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007869 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007870 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007871 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007872
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007873 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007874 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007875 (const unsigned char **)&smp->data.u.str.area,
7876 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007877
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007878 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007879 return 0;
7880
7881 return 1;
7882}
7883#endif
7884
Emeric Brun645ae792014-04-30 14:21:06 +02007885/* string, returns the used protocol if front conn. transport layer is SSL.
7886 * This function is also usable on backend conn if the fetch keyword 5th
7887 * char is 'b'.
7888 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007889static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007890smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007891{
Emeric Bruneb8def92018-02-19 15:59:48 +01007892 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7893 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007894 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007895
Emeric Brun589fcad2012-10-16 14:13:26 +02007896 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007897 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7898 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007899 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007900
Olivier Houchard66ab4982019-02-26 18:37:15 +01007901 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007902 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007903 return 0;
7904
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007905 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007906 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007907 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007908
7909 return 1;
7910}
7911
Willy Tarreau87b09662015-04-03 00:22:06 +02007912/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007913 * This function is also usable on backend conn if the fetch keyword 5th
7914 * char is 'b'.
7915 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007916#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007917static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007918smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007919{
Emeric Bruneb8def92018-02-19 15:59:48 +01007920 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7921 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007922 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007923 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007924
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007925 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007926 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007927
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007928 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7929 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007930 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007931
Olivier Houchard66ab4982019-02-26 18:37:15 +01007932 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007933 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007934 return 0;
7935
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007936 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7937 (unsigned int *)&smp->data.u.str.data);
7938 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007939 return 0;
7940
7941 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007942}
Patrick Hemmer41966772018-04-28 19:15:48 -04007943#endif
7944
Emeric Brunfe68f682012-10-16 14:59:28 +02007945
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007946#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007947static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007948smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7949{
7950 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7951 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7952 struct buffer *data;
7953 struct ssl_sock_ctx *ctx;
7954
7955 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7956 return 0;
7957 ctx = conn->xprt_ctx;
7958
7959 data = get_trash_chunk();
7960 if (kw[7] == 'c')
7961 data->data = SSL_get_client_random(ctx->ssl,
7962 (unsigned char *) data->area,
7963 data->size);
7964 else
7965 data->data = SSL_get_server_random(ctx->ssl,
7966 (unsigned char *) data->area,
7967 data->size);
7968 if (!data->data)
7969 return 0;
7970
7971 smp->flags = 0;
7972 smp->data.type = SMP_T_BIN;
7973 smp->data.u.str = *data;
7974
7975 return 1;
7976}
7977
7978static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007979smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7980{
7981 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7982 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7983 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007984 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007985 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007986
7987 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7988 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007989 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007990
Olivier Houchard66ab4982019-02-26 18:37:15 +01007991 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007992 if (!ssl_sess)
7993 return 0;
7994
7995 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007996 data->data = SSL_SESSION_get_master_key(ssl_sess,
7997 (unsigned char *) data->area,
7998 data->size);
7999 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04008000 return 0;
8001
8002 smp->flags = 0;
8003 smp->data.type = SMP_T_BIN;
8004 smp->data.u.str = *data;
8005
8006 return 1;
8007}
8008#endif
8009
Patrick Hemmer41966772018-04-28 19:15:48 -04008010#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02008011static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008012smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02008013{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008014 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008015 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008016
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008017 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008018 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02008019
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008020 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008021 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8022 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008023 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008024
Olivier Houchard66ab4982019-02-26 18:37:15 +01008025 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008026 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02008027 return 0;
8028
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008029 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02008030 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02008031}
Patrick Hemmer41966772018-04-28 19:15:48 -04008032#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02008033
David Sc1ad52e2014-04-08 18:48:47 -04008034static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008035smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
8036{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008037 struct connection *conn;
8038 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008039 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008040
8041 conn = objt_conn(smp->sess->origin);
8042 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8043 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008044 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008045
Olivier Houchard66ab4982019-02-26 18:37:15 +01008046 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008047 if (!capture)
8048 return 0;
8049
8050 smp->flags = SMP_F_CONST;
8051 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008052 smp->data.u.str.area = capture->ciphersuite;
8053 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008054 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008055}
8056
8057static int
8058smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
8059{
Willy Tarreau83061a82018-07-13 11:56:34 +02008060 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008061
8062 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8063 return 0;
8064
8065 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008066 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008067 smp->data.type = SMP_T_BIN;
8068 smp->data.u.str = *data;
8069 return 1;
8070}
8071
8072static int
8073smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
8074{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008075 struct connection *conn;
8076 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008077 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008078
8079 conn = objt_conn(smp->sess->origin);
8080 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8081 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008082 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008083
Olivier Houchard66ab4982019-02-26 18:37:15 +01008084 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008085 if (!capture)
8086 return 0;
8087
8088 smp->data.type = SMP_T_SINT;
8089 smp->data.u.sint = capture->xxh64;
8090 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008091}
8092
8093static int
8094smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
8095{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008096#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02008097 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008098 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008099
8100 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8101 return 0;
8102
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008103 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008104 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008105 const char *str;
8106 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008107 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008108 uint16_t id = (bin[0] << 8) | bin[1];
8109#if defined(OPENSSL_IS_BORINGSSL)
8110 cipher = SSL_get_cipher_by_value(id);
8111#else
Willy Tarreaub7290772018-10-15 11:01:59 +02008112 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01008113 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
8114 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008115#endif
8116 str = SSL_CIPHER_get_name(cipher);
8117 if (!str || strcmp(str, "(NONE)") == 0)
8118 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008119 else
8120 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
8121 }
8122 smp->data.type = SMP_T_STR;
8123 smp->data.u.str = *data;
8124 return 1;
8125#else
8126 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
8127#endif
8128}
8129
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008130#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008131static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008132smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04008133{
Emeric Bruneb8def92018-02-19 15:59:48 +01008134 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8135 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04008136 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02008137 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008138 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008139
8140 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04008141 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8142 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008143 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008144
8145 if (!(conn->flags & CO_FL_CONNECTED)) {
8146 smp->flags |= SMP_F_MAY_CHANGE;
8147 return 0;
8148 }
8149
8150 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01008151 if (!SSL_session_reused(ctx->ssl))
8152 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008153 finished_trash->area,
8154 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008155 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01008156 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008157 finished_trash->area,
8158 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008159
8160 if (!finished_len)
8161 return 0;
8162
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008163 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008164 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008165 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04008166
8167 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04008168}
Patrick Hemmer41966772018-04-28 19:15:48 -04008169#endif
David Sc1ad52e2014-04-08 18:48:47 -04008170
Emeric Brun2525b6b2012-10-18 15:59:43 +02008171/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008172static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008173smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008174{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008175 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008176 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008177
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008178 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008179 if (!conn || conn->xprt != &ssl_sock)
8180 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008181 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008182
8183 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008184 smp->flags = SMP_F_MAY_CHANGE;
8185 return 0;
8186 }
8187
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008188 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008189 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008190 smp->flags = 0;
8191
8192 return 1;
8193}
8194
Emeric Brun2525b6b2012-10-18 15:59:43 +02008195/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008196static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008197smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008198{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008199 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008200 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008201
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008202 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008203 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02008204 return 0;
8205
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008206 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008207 smp->flags = SMP_F_MAY_CHANGE;
8208 return 0;
8209 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008210 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02008211
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008212 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008213 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008214 smp->flags = 0;
8215
8216 return 1;
8217}
8218
Emeric Brun2525b6b2012-10-18 15:59:43 +02008219/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02008220static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008221smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008222{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008223 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008224 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008225
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008226 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008227 if (!conn || conn->xprt != &ssl_sock)
8228 return 0;
8229
8230 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008231 smp->flags = SMP_F_MAY_CHANGE;
8232 return 0;
8233 }
8234
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008235 ctx = conn->xprt_ctx;
8236
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008237 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008238 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008239 smp->flags = 0;
8240
8241 return 1;
8242}
8243
Emeric Brun2525b6b2012-10-18 15:59:43 +02008244/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008245static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008246smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008247{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008248 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008249 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008250
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008251 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008252 if (!conn || conn->xprt != &ssl_sock)
8253 return 0;
8254
8255 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008256 smp->flags = SMP_F_MAY_CHANGE;
8257 return 0;
8258 }
8259
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008260 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008261 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008262 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008263
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008264 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008265 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008266 smp->flags = 0;
8267
8268 return 1;
8269}
8270
Emeric Brunfb510ea2012-10-05 12:00:26 +02008271/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008272static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008273{
8274 if (!*args[cur_arg + 1]) {
8275 if (err)
8276 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
8277 return ERR_ALERT | ERR_FATAL;
8278 }
8279
Willy Tarreauef934602016-12-22 23:12:01 +01008280 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8281 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008282 else
8283 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008284
Emeric Brund94b3fe2012-09-20 18:23:56 +02008285 return 0;
8286}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008287static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8288{
8289 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
8290}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008291
Christopher Faulet31af49d2015-06-09 17:29:50 +02008292/* parse the "ca-sign-file" bind keyword */
8293static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8294{
8295 if (!*args[cur_arg + 1]) {
8296 if (err)
8297 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
8298 return ERR_ALERT | ERR_FATAL;
8299 }
8300
Willy Tarreauef934602016-12-22 23:12:01 +01008301 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8302 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008303 else
8304 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
8305
8306 return 0;
8307}
8308
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008309/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02008310static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8311{
8312 if (!*args[cur_arg + 1]) {
8313 if (err)
8314 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
8315 return ERR_ALERT | ERR_FATAL;
8316 }
8317 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
8318 return 0;
8319}
8320
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008321/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008322static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008323{
8324 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008325 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008326 return ERR_ALERT | ERR_FATAL;
8327 }
8328
Emeric Brun76d88952012-10-05 15:47:31 +02008329 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02008330 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008331 return 0;
8332}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008333static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8334{
8335 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
8336}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008337
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008338#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008339/* parse the "ciphersuites" bind keyword */
8340static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8341{
8342 if (!*args[cur_arg + 1]) {
8343 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
8344 return ERR_ALERT | ERR_FATAL;
8345 }
8346
8347 free(conf->ciphersuites);
8348 conf->ciphersuites = strdup(args[cur_arg + 1]);
8349 return 0;
8350}
8351static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8352{
8353 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
8354}
8355#endif
8356
Willy Tarreaubbc91962019-10-16 16:42:19 +02008357/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008358static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008359{
Willy Tarreau38011032013-08-13 16:59:39 +02008360 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02008361
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008362 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008363 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008364 return ERR_ALERT | ERR_FATAL;
8365 }
8366
Willy Tarreauef934602016-12-22 23:12:01 +01008367 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
8368 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02008369 memprintf(err, "'%s' : path too long", args[cur_arg]);
8370 return ERR_ALERT | ERR_FATAL;
8371 }
Willy Tarreauef934602016-12-22 23:12:01 +01008372 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaubbc91962019-10-16 16:42:19 +02008373 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008374 }
8375
Willy Tarreaubbc91962019-10-16 16:42:19 +02008376 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008377}
8378
Willy Tarreaubbc91962019-10-16 16:42:19 +02008379/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008380static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8381{
Willy Tarreaubbc91962019-10-16 16:42:19 +02008382 int err_code;
8383
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008384 if (!*args[cur_arg + 1]) {
8385 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
8386 return ERR_ALERT | ERR_FATAL;
8387 }
8388
Willy Tarreaubbc91962019-10-16 16:42:19 +02008389 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
8390 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02008391 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008392
Willy Tarreaubbc91962019-10-16 16:42:19 +02008393 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008394}
8395
Emeric Brunfb510ea2012-10-05 12:00:26 +02008396/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008397static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008398{
Emeric Brun051cdab2012-10-02 19:25:50 +02008399#ifndef X509_V_FLAG_CRL_CHECK
8400 if (err)
8401 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
8402 return ERR_ALERT | ERR_FATAL;
8403#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02008404 if (!*args[cur_arg + 1]) {
8405 if (err)
8406 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
8407 return ERR_ALERT | ERR_FATAL;
8408 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008409
Willy Tarreauef934602016-12-22 23:12:01 +01008410 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8411 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008412 else
8413 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008414
Emeric Brun2b58d042012-09-20 17:10:03 +02008415 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02008416#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02008417}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008418static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8419{
8420 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
8421}
Emeric Brun2b58d042012-09-20 17:10:03 +02008422
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008423/* parse the "curves" bind keyword keyword */
8424static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8425{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008426#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008427 if (!*args[cur_arg + 1]) {
8428 if (err)
8429 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
8430 return ERR_ALERT | ERR_FATAL;
8431 }
8432 conf->curves = strdup(args[cur_arg + 1]);
8433 return 0;
8434#else
8435 if (err)
8436 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
8437 return ERR_ALERT | ERR_FATAL;
8438#endif
8439}
8440static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8441{
8442 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
8443}
8444
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008445/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008446static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02008447{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008448#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02008449 if (err)
8450 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
8451 return ERR_ALERT | ERR_FATAL;
8452#elif defined(OPENSSL_NO_ECDH)
8453 if (err)
8454 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
8455 return ERR_ALERT | ERR_FATAL;
8456#else
8457 if (!*args[cur_arg + 1]) {
8458 if (err)
8459 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
8460 return ERR_ALERT | ERR_FATAL;
8461 }
8462
8463 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008464
8465 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008466#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008467}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008468static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8469{
8470 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8471}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008472
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008473/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008474static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8475{
8476 int code;
8477 char *p = args[cur_arg + 1];
8478 unsigned long long *ignerr = &conf->crt_ignerr;
8479
8480 if (!*p) {
8481 if (err)
8482 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
8483 return ERR_ALERT | ERR_FATAL;
8484 }
8485
8486 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8487 ignerr = &conf->ca_ignerr;
8488
8489 if (strcmp(p, "all") == 0) {
8490 *ignerr = ~0ULL;
8491 return 0;
8492 }
8493
8494 while (p) {
8495 code = atoi(p);
8496 if ((code <= 0) || (code > 63)) {
8497 if (err)
8498 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8499 args[cur_arg], code, args[cur_arg + 1]);
8500 return ERR_ALERT | ERR_FATAL;
8501 }
8502 *ignerr |= 1ULL << code;
8503 p = strchr(p, ',');
8504 if (p)
8505 p++;
8506 }
8507
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008508 return 0;
8509}
8510
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008511/* parse tls_method_options "no-xxx" and "force-xxx" */
8512static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008513{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008514 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008515 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008516 p = strchr(arg, '-');
8517 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008518 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008519 p++;
8520 if (!strcmp(p, "sslv3"))
8521 v = CONF_SSLV3;
8522 else if (!strcmp(p, "tlsv10"))
8523 v = CONF_TLSV10;
8524 else if (!strcmp(p, "tlsv11"))
8525 v = CONF_TLSV11;
8526 else if (!strcmp(p, "tlsv12"))
8527 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008528 else if (!strcmp(p, "tlsv13"))
8529 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008530 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008531 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008532 if (!strncmp(arg, "no-", 3))
8533 methods->flags |= methodVersions[v].flag;
8534 else if (!strncmp(arg, "force-", 6))
8535 methods->min = methods->max = v;
8536 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008537 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008538 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008539 fail:
8540 if (err)
8541 memprintf(err, "'%s' : option not implemented", arg);
8542 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008543}
8544
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008545static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008546{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008547 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008548}
8549
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008550static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008551{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008552 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8553}
8554
8555/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8556static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8557{
8558 uint16_t i, v = 0;
8559 char *argv = args[cur_arg + 1];
8560 if (!*argv) {
8561 if (err)
8562 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8563 return ERR_ALERT | ERR_FATAL;
8564 }
8565 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8566 if (!strcmp(argv, methodVersions[i].name))
8567 v = i;
8568 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008569 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008570 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008571 return ERR_ALERT | ERR_FATAL;
8572 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008573 if (!strcmp("ssl-min-ver", args[cur_arg]))
8574 methods->min = v;
8575 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8576 methods->max = v;
8577 else {
8578 if (err)
8579 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8580 return ERR_ALERT | ERR_FATAL;
8581 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008582 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008583}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008584
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008585static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8586{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008587#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008588 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008589#endif
8590 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8591}
8592
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008593static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8594{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008595 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008596}
8597
8598static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8599{
8600 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8601}
8602
Emeric Brun2d0c4822012-10-02 13:45:20 +02008603/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008604static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008605{
Emeric Brun89675492012-10-05 13:48:26 +02008606 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008607 return 0;
8608}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008609
Olivier Houchardc2aae742017-09-22 18:26:28 +02008610/* parse the "allow-0rtt" bind keyword */
8611static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8612{
8613 conf->early_data = 1;
8614 return 0;
8615}
8616
8617static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8618{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008619 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008620 return 0;
8621}
8622
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008623/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008624static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008625{
Bernard Spil13c53f82018-02-15 13:34:58 +01008626#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008627 char *p1, *p2;
8628
8629 if (!*args[cur_arg + 1]) {
8630 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8631 return ERR_ALERT | ERR_FATAL;
8632 }
8633
8634 free(conf->npn_str);
8635
Willy Tarreau3724da12016-02-12 17:11:12 +01008636 /* the NPN string is built as a suite of (<len> <name>)*,
8637 * so we reuse each comma to store the next <len> and need
8638 * one more for the end of the string.
8639 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008640 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008641 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008642 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8643
8644 /* replace commas with the name length */
8645 p1 = conf->npn_str;
8646 p2 = p1 + 1;
8647 while (1) {
8648 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8649 if (!p2)
8650 p2 = p1 + 1 + strlen(p1 + 1);
8651
8652 if (p2 - (p1 + 1) > 255) {
8653 *p2 = '\0';
8654 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8655 return ERR_ALERT | ERR_FATAL;
8656 }
8657
8658 *p1 = p2 - (p1 + 1);
8659 p1 = p2;
8660
8661 if (!*p2)
8662 break;
8663
8664 *(p2++) = '\0';
8665 }
8666 return 0;
8667#else
8668 if (err)
8669 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8670 return ERR_ALERT | ERR_FATAL;
8671#endif
8672}
8673
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008674static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8675{
8676 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8677}
8678
Willy Tarreauab861d32013-04-02 02:30:41 +02008679/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008680static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008681{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008682#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008683 char *p1, *p2;
8684
8685 if (!*args[cur_arg + 1]) {
8686 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8687 return ERR_ALERT | ERR_FATAL;
8688 }
8689
8690 free(conf->alpn_str);
8691
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008692 /* the ALPN string is built as a suite of (<len> <name>)*,
8693 * so we reuse each comma to store the next <len> and need
8694 * one more for the end of the string.
8695 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008696 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008697 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008698 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8699
8700 /* replace commas with the name length */
8701 p1 = conf->alpn_str;
8702 p2 = p1 + 1;
8703 while (1) {
8704 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8705 if (!p2)
8706 p2 = p1 + 1 + strlen(p1 + 1);
8707
8708 if (p2 - (p1 + 1) > 255) {
8709 *p2 = '\0';
8710 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8711 return ERR_ALERT | ERR_FATAL;
8712 }
8713
8714 *p1 = p2 - (p1 + 1);
8715 p1 = p2;
8716
8717 if (!*p2)
8718 break;
8719
8720 *(p2++) = '\0';
8721 }
8722 return 0;
8723#else
8724 if (err)
8725 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8726 return ERR_ALERT | ERR_FATAL;
8727#endif
8728}
8729
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008730static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8731{
8732 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8733}
8734
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008735/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008736static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008737{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008738 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008739 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008740
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008741 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8742 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008743#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008744 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8745 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8746#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008747 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008748 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8749 if (!conf->ssl_conf.ssl_methods.min)
8750 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8751 if (!conf->ssl_conf.ssl_methods.max)
8752 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008753
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008754 return 0;
8755}
8756
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008757/* parse the "prefer-client-ciphers" bind keyword */
8758static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8759{
8760 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8761 return 0;
8762}
8763
Christopher Faulet31af49d2015-06-09 17:29:50 +02008764/* parse the "generate-certificates" bind keyword */
8765static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8766{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008767#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008768 conf->generate_certs = 1;
8769#else
8770 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8771 err && *err ? *err : "");
8772#endif
8773 return 0;
8774}
8775
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008776/* parse the "strict-sni" bind keyword */
8777static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8778{
8779 conf->strict_sni = 1;
8780 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008781}
8782
8783/* parse the "tls-ticket-keys" bind keyword */
8784static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8785{
8786#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulete566f3d2019-10-21 09:55:49 +02008787 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008788 int i = 0;
8789 char thisline[LINESIZE];
Christopher Faulete566f3d2019-10-21 09:55:49 +02008790 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008791
8792 if (!*args[cur_arg + 1]) {
8793 if (err)
8794 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008795 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008796 }
8797
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008798 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008799 if (keys_ref) {
8800 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008801 conf->keys_ref = keys_ref;
8802 return 0;
8803 }
8804
Christopher Faulete566f3d2019-10-21 09:55:49 +02008805 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008806 if (!keys_ref) {
8807 if (err)
8808 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008809 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008810 }
8811
Emeric Brun9e754772019-01-10 17:51:55 +01008812 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008813 if (!keys_ref->tlskeys) {
Emeric Brun09852f72019-01-10 10:51:13 +01008814 if (err)
8815 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008816 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008817 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008818
8819 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
8820 if (err)
8821 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008822 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008823 }
8824
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008825 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008826 if (!keys_ref->filename) {
Emeric Brun09852f72019-01-10 10:51:13 +01008827 if (err)
8828 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008829 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008830 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008831
Emeric Brun9e754772019-01-10 17:51:55 +01008832 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008833 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8834 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008835 int dec_size;
8836
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008837 /* Strip newline characters from the end */
8838 if(thisline[len - 1] == '\n')
8839 thisline[--len] = 0;
8840
8841 if(thisline[len - 1] == '\r')
8842 thisline[--len] = 0;
8843
Emeric Brun9e754772019-01-10 17:51:55 +01008844 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8845 if (dec_size < 0) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008846 if (err)
8847 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008848 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008849 }
Emeric Brun9e754772019-01-10 17:51:55 +01008850 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8851 keys_ref->key_size_bits = 128;
8852 }
8853 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8854 keys_ref->key_size_bits = 256;
8855 }
8856 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8857 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8858 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Emeric Brun9e754772019-01-10 17:51:55 +01008859 if (err)
8860 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008861 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01008862 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008863 i++;
8864 }
8865
8866 if (i < TLS_TICKETS_NO) {
8867 if (err)
8868 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008869 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008870 }
8871
8872 fclose(f);
8873
8874 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008875 i -= 2;
8876 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008877 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008878 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008879 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008880 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008881
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008882 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8883
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008884 return 0;
Christopher Faulete566f3d2019-10-21 09:55:49 +02008885
8886 fail:
8887 if (f)
8888 fclose(f);
8889 if (keys_ref) {
8890 free(keys_ref->filename);
8891 free(keys_ref->tlskeys);
8892 free(keys_ref);
8893 }
8894 return ERR_ALERT | ERR_FATAL;
8895
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008896#else
8897 if (err)
8898 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8899 return ERR_ALERT | ERR_FATAL;
8900#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008901}
8902
Emeric Brund94b3fe2012-09-20 18:23:56 +02008903/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008904static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008905{
8906 if (!*args[cur_arg + 1]) {
8907 if (err)
8908 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8909 return ERR_ALERT | ERR_FATAL;
8910 }
8911
8912 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008913 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008914 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008915 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008916 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008917 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008918 else {
8919 if (err)
8920 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8921 args[cur_arg], args[cur_arg + 1]);
8922 return ERR_ALERT | ERR_FATAL;
8923 }
8924
8925 return 0;
8926}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008927static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8928{
8929 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8930}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008931
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008932/* parse the "no-ca-names" bind keyword */
8933static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8934{
8935 conf->no_ca_names = 1;
8936 return 0;
8937}
8938static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8939{
8940 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8941}
8942
Willy Tarreau92faadf2012-10-10 23:04:25 +02008943/************** "server" keywords ****************/
8944
Olivier Houchardc7566002018-11-20 23:33:50 +01008945/* parse the "npn" bind keyword */
8946static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8947{
8948#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8949 char *p1, *p2;
8950
8951 if (!*args[*cur_arg + 1]) {
8952 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8953 return ERR_ALERT | ERR_FATAL;
8954 }
8955
8956 free(newsrv->ssl_ctx.npn_str);
8957
8958 /* the NPN string is built as a suite of (<len> <name>)*,
8959 * so we reuse each comma to store the next <len> and need
8960 * one more for the end of the string.
8961 */
8962 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8963 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8964 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8965 newsrv->ssl_ctx.npn_len);
8966
8967 /* replace commas with the name length */
8968 p1 = newsrv->ssl_ctx.npn_str;
8969 p2 = p1 + 1;
8970 while (1) {
8971 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8972 newsrv->ssl_ctx.npn_len - (p1 + 1));
8973 if (!p2)
8974 p2 = p1 + 1 + strlen(p1 + 1);
8975
8976 if (p2 - (p1 + 1) > 255) {
8977 *p2 = '\0';
8978 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8979 return ERR_ALERT | ERR_FATAL;
8980 }
8981
8982 *p1 = p2 - (p1 + 1);
8983 p1 = p2;
8984
8985 if (!*p2)
8986 break;
8987
8988 *(p2++) = '\0';
8989 }
8990 return 0;
8991#else
8992 if (err)
8993 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8994 return ERR_ALERT | ERR_FATAL;
8995#endif
8996}
8997
Olivier Houchard92150142018-12-21 19:47:01 +01008998/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008999static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9000{
9001#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
9002 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01009003 char **alpn_str;
9004 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01009005
Olivier Houchard92150142018-12-21 19:47:01 +01009006 if (*args[*cur_arg] == 'c') {
9007 alpn_str = &newsrv->check.alpn_str;
9008 alpn_len = &newsrv->check.alpn_len;
9009 } else {
9010 alpn_str = &newsrv->ssl_ctx.alpn_str;
9011 alpn_len = &newsrv->ssl_ctx.alpn_len;
9012
9013 }
Olivier Houchardc7566002018-11-20 23:33:50 +01009014 if (!*args[*cur_arg + 1]) {
9015 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
9016 return ERR_ALERT | ERR_FATAL;
9017 }
9018
Olivier Houchard92150142018-12-21 19:47:01 +01009019 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01009020
9021 /* the ALPN string is built as a suite of (<len> <name>)*,
9022 * so we reuse each comma to store the next <len> and need
9023 * one more for the end of the string.
9024 */
Olivier Houchard92150142018-12-21 19:47:01 +01009025 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
9026 *alpn_str = calloc(1, *alpn_len + 1);
9027 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01009028
9029 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01009030 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01009031 p2 = p1 + 1;
9032 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01009033 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01009034 if (!p2)
9035 p2 = p1 + 1 + strlen(p1 + 1);
9036
9037 if (p2 - (p1 + 1) > 255) {
9038 *p2 = '\0';
9039 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9040 return ERR_ALERT | ERR_FATAL;
9041 }
9042
9043 *p1 = p2 - (p1 + 1);
9044 p1 = p2;
9045
9046 if (!*p2)
9047 break;
9048
9049 *(p2++) = '\0';
9050 }
9051 return 0;
9052#else
9053 if (err)
9054 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
9055 return ERR_ALERT | ERR_FATAL;
9056#endif
9057}
9058
Emeric Brunef42d922012-10-11 16:11:36 +02009059/* parse the "ca-file" server keyword */
9060static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9061{
9062 if (!*args[*cur_arg + 1]) {
9063 if (err)
9064 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
9065 return ERR_ALERT | ERR_FATAL;
9066 }
9067
Willy Tarreauef934602016-12-22 23:12:01 +01009068 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9069 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009070 else
9071 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
9072
9073 return 0;
9074}
9075
Olivier Houchard9130a962017-10-17 17:33:43 +02009076/* parse the "check-sni" server keyword */
9077static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9078{
9079 if (!*args[*cur_arg + 1]) {
9080 if (err)
9081 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
9082 return ERR_ALERT | ERR_FATAL;
9083 }
9084
9085 newsrv->check.sni = strdup(args[*cur_arg + 1]);
9086 if (!newsrv->check.sni) {
9087 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
9088 return ERR_ALERT | ERR_FATAL;
9089 }
9090 return 0;
9091
9092}
9093
Willy Tarreau92faadf2012-10-10 23:04:25 +02009094/* parse the "check-ssl" server keyword */
9095static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9096{
9097 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009098 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9099 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009100#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009101 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9102 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9103#endif
Willy Tarreauef934602016-12-22 23:12:01 +01009104 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009105 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
9106 if (!newsrv->ssl_ctx.methods.min)
9107 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
9108 if (!newsrv->ssl_ctx.methods.max)
9109 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
9110
Willy Tarreau92faadf2012-10-10 23:04:25 +02009111 return 0;
9112}
9113
9114/* parse the "ciphers" server keyword */
9115static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9116{
9117 if (!*args[*cur_arg + 1]) {
9118 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9119 return ERR_ALERT | ERR_FATAL;
9120 }
9121
9122 free(newsrv->ssl_ctx.ciphers);
9123 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
9124 return 0;
9125}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009126
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009127#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009128/* parse the "ciphersuites" server keyword */
9129static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9130{
9131 if (!*args[*cur_arg + 1]) {
9132 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9133 return ERR_ALERT | ERR_FATAL;
9134 }
9135
9136 free(newsrv->ssl_ctx.ciphersuites);
9137 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
9138 return 0;
9139}
9140#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009141
Emeric Brunef42d922012-10-11 16:11:36 +02009142/* parse the "crl-file" server keyword */
9143static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9144{
9145#ifndef X509_V_FLAG_CRL_CHECK
9146 if (err)
9147 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
9148 return ERR_ALERT | ERR_FATAL;
9149#else
9150 if (!*args[*cur_arg + 1]) {
9151 if (err)
9152 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
9153 return ERR_ALERT | ERR_FATAL;
9154 }
9155
Willy Tarreauef934602016-12-22 23:12:01 +01009156 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9157 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009158 else
9159 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
9160
9161 return 0;
9162#endif
9163}
9164
Emeric Bruna7aa3092012-10-26 12:58:00 +02009165/* parse the "crt" server keyword */
9166static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9167{
9168 if (!*args[*cur_arg + 1]) {
9169 if (err)
9170 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
9171 return ERR_ALERT | ERR_FATAL;
9172 }
9173
Willy Tarreauef934602016-12-22 23:12:01 +01009174 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01009175 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009176 else
9177 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
9178
9179 return 0;
9180}
Emeric Brunef42d922012-10-11 16:11:36 +02009181
Frédéric Lécaille340ae602017-03-13 10:38:04 +01009182/* parse the "no-check-ssl" server keyword */
9183static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9184{
9185 newsrv->check.use_ssl = 0;
9186 free(newsrv->ssl_ctx.ciphers);
9187 newsrv->ssl_ctx.ciphers = NULL;
9188 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
9189 return 0;
9190}
9191
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01009192/* parse the "no-send-proxy-v2-ssl" server keyword */
9193static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9194{
9195 newsrv->pp_opts &= ~SRV_PP_V2;
9196 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9197 return 0;
9198}
9199
9200/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
9201static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9202{
9203 newsrv->pp_opts &= ~SRV_PP_V2;
9204 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9205 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
9206 return 0;
9207}
9208
Frédéric Lécaillee381d762017-03-13 11:54:17 +01009209/* parse the "no-ssl" server keyword */
9210static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9211{
9212 newsrv->use_ssl = 0;
9213 free(newsrv->ssl_ctx.ciphers);
9214 newsrv->ssl_ctx.ciphers = NULL;
9215 return 0;
9216}
9217
Olivier Houchard522eea72017-11-03 16:27:47 +01009218/* parse the "allow-0rtt" server keyword */
9219static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9220{
9221 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
9222 return 0;
9223}
9224
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01009225/* parse the "no-ssl-reuse" server keyword */
9226static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9227{
9228 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
9229 return 0;
9230}
9231
Emeric Brunf9c5c472012-10-11 15:28:34 +02009232/* parse the "no-tls-tickets" server keyword */
9233static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9234{
9235 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
9236 return 0;
9237}
David Safb76832014-05-08 23:42:08 -04009238/* parse the "send-proxy-v2-ssl" server keyword */
9239static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9240{
9241 newsrv->pp_opts |= SRV_PP_V2;
9242 newsrv->pp_opts |= SRV_PP_V2_SSL;
9243 return 0;
9244}
9245
9246/* parse the "send-proxy-v2-ssl-cn" server keyword */
9247static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9248{
9249 newsrv->pp_opts |= SRV_PP_V2;
9250 newsrv->pp_opts |= SRV_PP_V2_SSL;
9251 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
9252 return 0;
9253}
Emeric Brunf9c5c472012-10-11 15:28:34 +02009254
Willy Tarreau732eac42015-07-09 11:40:25 +02009255/* parse the "sni" server keyword */
9256static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9257{
9258#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
9259 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
9260 return ERR_ALERT | ERR_FATAL;
9261#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009262 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02009263
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009264 arg = args[*cur_arg + 1];
9265 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02009266 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
9267 return ERR_ALERT | ERR_FATAL;
9268 }
9269
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009270 free(newsrv->sni_expr);
9271 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02009272
Willy Tarreau732eac42015-07-09 11:40:25 +02009273 return 0;
9274#endif
9275}
9276
Willy Tarreau92faadf2012-10-10 23:04:25 +02009277/* parse the "ssl" server keyword */
9278static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9279{
9280 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009281 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9282 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009283#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009284 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9285 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9286#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009287 return 0;
9288}
9289
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009290/* parse the "ssl-reuse" server keyword */
9291static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9292{
9293 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
9294 return 0;
9295}
9296
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009297/* parse the "tls-tickets" server keyword */
9298static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9299{
9300 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
9301 return 0;
9302}
9303
Emeric Brunef42d922012-10-11 16:11:36 +02009304/* parse the "verify" server keyword */
9305static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9306{
9307 if (!*args[*cur_arg + 1]) {
9308 if (err)
9309 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
9310 return ERR_ALERT | ERR_FATAL;
9311 }
9312
9313 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009314 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02009315 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009316 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02009317 else {
9318 if (err)
9319 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
9320 args[*cur_arg], args[*cur_arg + 1]);
9321 return ERR_ALERT | ERR_FATAL;
9322 }
9323
Evan Broderbe554312013-06-27 00:05:25 -07009324 return 0;
9325}
9326
9327/* parse the "verifyhost" server keyword */
9328static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9329{
9330 if (!*args[*cur_arg + 1]) {
9331 if (err)
9332 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
9333 return ERR_ALERT | ERR_FATAL;
9334 }
9335
Frédéric Lécaille273f3212017-03-13 15:52:01 +01009336 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07009337 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
9338
Emeric Brunef42d922012-10-11 16:11:36 +02009339 return 0;
9340}
9341
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009342/* parse the "ssl-default-bind-options" keyword in global section */
9343static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
9344 struct proxy *defpx, const char *file, int line,
9345 char **err) {
9346 int i = 1;
9347
9348 if (*(args[i]) == 0) {
9349 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9350 return -1;
9351 }
9352 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009353 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009354 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00009355 else if (!strcmp(args[i], "prefer-client-ciphers"))
9356 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009357 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9358 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
9359 i++;
9360 else {
9361 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9362 return -1;
9363 }
9364 }
9365 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009366 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9367 return -1;
9368 }
9369 i++;
9370 }
9371 return 0;
9372}
9373
9374/* parse the "ssl-default-server-options" keyword in global section */
9375static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
9376 struct proxy *defpx, const char *file, int line,
9377 char **err) {
9378 int i = 1;
9379
9380 if (*(args[i]) == 0) {
9381 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9382 return -1;
9383 }
9384 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009385 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009386 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009387 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9388 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
9389 i++;
9390 else {
9391 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9392 return -1;
9393 }
9394 }
9395 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009396 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9397 return -1;
9398 }
9399 i++;
9400 }
9401 return 0;
9402}
9403
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009404/* parse the "ca-base" / "crt-base" keywords in global section.
9405 * Returns <0 on alert, >0 on warning, 0 on success.
9406 */
9407static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
9408 struct proxy *defpx, const char *file, int line,
9409 char **err)
9410{
9411 char **target;
9412
Willy Tarreauef934602016-12-22 23:12:01 +01009413 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009414
9415 if (too_many_args(1, args, err, NULL))
9416 return -1;
9417
9418 if (*target) {
9419 memprintf(err, "'%s' already specified.", args[0]);
9420 return -1;
9421 }
9422
9423 if (*(args[1]) == 0) {
9424 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
9425 return -1;
9426 }
9427 *target = strdup(args[1]);
9428 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009429}
9430
9431/* parse the "ssl-mode-async" keyword in global section.
9432 * Returns <0 on alert, >0 on warning, 0 on success.
9433 */
9434static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
9435 struct proxy *defpx, const char *file, int line,
9436 char **err)
9437{
Willy Tarreau5db847a2019-05-09 14:13:35 +02009438#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009439 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01009440 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009441 return 0;
9442#else
9443 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
9444 return -1;
9445#endif
9446}
9447
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009448#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009449static int ssl_check_async_engine_count(void) {
9450 int err_code = 0;
9451
Emeric Brun3854e012017-05-17 20:42:48 +02009452 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01009453 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009454 err_code = ERR_ABORT;
9455 }
9456 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009457}
9458
Grant Zhang872f9c22017-01-21 01:10:18 +00009459/* parse the "ssl-engine" keyword in global section.
9460 * Returns <0 on alert, >0 on warning, 0 on success.
9461 */
9462static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9463 struct proxy *defpx, const char *file, int line,
9464 char **err)
9465{
9466 char *algo;
9467 int ret = -1;
9468
9469 if (*(args[1]) == 0) {
9470 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9471 return ret;
9472 }
9473
9474 if (*(args[2]) == 0) {
9475 /* if no list of algorithms is given, it defaults to ALL */
9476 algo = strdup("ALL");
9477 goto add_engine;
9478 }
9479
9480 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9481 if (strcmp(args[2], "algo") != 0) {
9482 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9483 return ret;
9484 }
9485
9486 if (*(args[3]) == 0) {
9487 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9488 return ret;
9489 }
9490 algo = strdup(args[3]);
9491
9492add_engine:
9493 if (ssl_init_single_engine(args[1], algo)==0) {
9494 openssl_engines_initialized++;
9495 ret = 0;
9496 }
9497 free(algo);
9498 return ret;
9499}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009500#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009501
Willy Tarreauf22e9682016-12-21 23:23:19 +01009502/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9503 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9504 */
9505static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9506 struct proxy *defpx, const char *file, int line,
9507 char **err)
9508{
9509 char **target;
9510
Willy Tarreauef934602016-12-22 23:12:01 +01009511 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009512
9513 if (too_many_args(1, args, err, NULL))
9514 return -1;
9515
9516 if (*(args[1]) == 0) {
9517 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9518 return -1;
9519 }
9520
9521 free(*target);
9522 *target = strdup(args[1]);
9523 return 0;
9524}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009525
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009526#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009527/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9528 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9529 */
9530static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9531 struct proxy *defpx, const char *file, int line,
9532 char **err)
9533{
9534 char **target;
9535
9536 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9537
9538 if (too_many_args(1, args, err, NULL))
9539 return -1;
9540
9541 if (*(args[1]) == 0) {
9542 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9543 return -1;
9544 }
9545
9546 free(*target);
9547 *target = strdup(args[1]);
9548 return 0;
9549}
9550#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009551
Willy Tarreau9ceda382016-12-21 23:13:03 +01009552/* parse various global tune.ssl settings consisting in positive integers.
9553 * Returns <0 on alert, >0 on warning, 0 on success.
9554 */
9555static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9556 struct proxy *defpx, const char *file, int line,
9557 char **err)
9558{
9559 int *target;
9560
9561 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9562 target = &global.tune.sslcachesize;
9563 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009564 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009565 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009566 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009567 else if (strcmp(args[0], "maxsslconn") == 0)
9568 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009569 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9570 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009571 else {
9572 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9573 return -1;
9574 }
9575
9576 if (too_many_args(1, args, err, NULL))
9577 return -1;
9578
9579 if (*(args[1]) == 0) {
9580 memprintf(err, "'%s' expects an integer argument.", args[0]);
9581 return -1;
9582 }
9583
9584 *target = atoi(args[1]);
9585 if (*target < 0) {
9586 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9587 return -1;
9588 }
9589 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009590}
9591
9592static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9593 struct proxy *defpx, const char *file, int line,
9594 char **err)
9595{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009596 int ret;
9597
9598 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9599 if (ret != 0)
9600 return ret;
9601
Willy Tarreaubafbe012017-11-24 17:34:44 +01009602 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009603 memprintf(err, "'%s' is already configured.", args[0]);
9604 return -1;
9605 }
9606
Willy Tarreaubafbe012017-11-24 17:34:44 +01009607 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9608 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009609 memprintf(err, "Out of memory error.");
9610 return -1;
9611 }
9612 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009613}
9614
9615/* parse "ssl.force-private-cache".
9616 * Returns <0 on alert, >0 on warning, 0 on success.
9617 */
9618static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9619 struct proxy *defpx, const char *file, int line,
9620 char **err)
9621{
9622 if (too_many_args(0, args, err, NULL))
9623 return -1;
9624
Willy Tarreauef934602016-12-22 23:12:01 +01009625 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009626 return 0;
9627}
9628
9629/* parse "ssl.lifetime".
9630 * Returns <0 on alert, >0 on warning, 0 on success.
9631 */
9632static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9633 struct proxy *defpx, const char *file, int line,
9634 char **err)
9635{
9636 const char *res;
9637
9638 if (too_many_args(1, args, err, NULL))
9639 return -1;
9640
9641 if (*(args[1]) == 0) {
9642 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9643 return -1;
9644 }
9645
Willy Tarreauef934602016-12-22 23:12:01 +01009646 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009647 if (res == PARSE_TIME_OVER) {
9648 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9649 args[1], args[0]);
9650 return -1;
9651 }
9652 else if (res == PARSE_TIME_UNDER) {
9653 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9654 args[1], args[0]);
9655 return -1;
9656 }
9657 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009658 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9659 return -1;
9660 }
9661 return 0;
9662}
9663
9664#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009665/* parse "ssl-dh-param-file".
9666 * Returns <0 on alert, >0 on warning, 0 on success.
9667 */
9668static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9669 struct proxy *defpx, const char *file, int line,
9670 char **err)
9671{
9672 if (too_many_args(1, args, err, NULL))
9673 return -1;
9674
9675 if (*(args[1]) == 0) {
9676 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9677 return -1;
9678 }
9679
9680 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9681 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9682 return -1;
9683 }
9684 return 0;
9685}
9686
Willy Tarreau9ceda382016-12-21 23:13:03 +01009687/* parse "ssl.default-dh-param".
9688 * Returns <0 on alert, >0 on warning, 0 on success.
9689 */
9690static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9691 struct proxy *defpx, const char *file, int line,
9692 char **err)
9693{
9694 if (too_many_args(1, args, err, NULL))
9695 return -1;
9696
9697 if (*(args[1]) == 0) {
9698 memprintf(err, "'%s' expects an integer argument.", args[0]);
9699 return -1;
9700 }
9701
Willy Tarreauef934602016-12-22 23:12:01 +01009702 global_ssl.default_dh_param = atoi(args[1]);
9703 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009704 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9705 return -1;
9706 }
9707 return 0;
9708}
9709#endif
9710
9711
William Lallemand32af2032016-10-29 18:09:35 +02009712/* This function is used with TLS ticket keys management. It permits to browse
9713 * each reference. The variable <getnext> must contain the current node,
9714 * <end> point to the root node.
9715 */
9716#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9717static inline
9718struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9719{
9720 struct tls_keys_ref *ref = getnext;
9721
9722 while (1) {
9723
9724 /* Get next list entry. */
9725 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9726
9727 /* If the entry is the last of the list, return NULL. */
9728 if (&ref->list == end)
9729 return NULL;
9730
9731 return ref;
9732 }
9733}
9734
9735static inline
9736struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9737{
9738 int id;
9739 char *error;
9740
9741 /* If the reference starts by a '#', this is numeric id. */
9742 if (reference[0] == '#') {
9743 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9744 id = strtol(reference + 1, &error, 10);
9745 if (*error != '\0')
9746 return NULL;
9747
9748 /* Perform the unique id lookup. */
9749 return tlskeys_ref_lookupid(id);
9750 }
9751
9752 /* Perform the string lookup. */
9753 return tlskeys_ref_lookup(reference);
9754}
9755#endif
9756
9757
9758#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9759
9760static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9761
9762static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9763 return cli_io_handler_tlskeys_files(appctx);
9764}
9765
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009766/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9767 * (next index to be dumped), and cli.p0 (next key reference).
9768 */
William Lallemand32af2032016-10-29 18:09:35 +02009769static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9770
9771 struct stream_interface *si = appctx->owner;
9772
9773 switch (appctx->st2) {
9774 case STAT_ST_INIT:
9775 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009776 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009777 * later and restart at the state "STAT_ST_INIT".
9778 */
9779 chunk_reset(&trash);
9780
9781 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9782 chunk_appendf(&trash, "# id secret\n");
9783 else
9784 chunk_appendf(&trash, "# id (file)\n");
9785
Willy Tarreau06d80a92017-10-19 14:32:15 +02009786 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009787 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009788 return 0;
9789 }
9790
William Lallemand32af2032016-10-29 18:09:35 +02009791 /* Now, we start the browsing of the references lists.
9792 * Note that the following call to LIST_ELEM return bad pointer. The only
9793 * available field of this pointer is <list>. It is used with the function
9794 * tlskeys_list_get_next() for retruning the first available entry
9795 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009796 if (appctx->ctx.cli.p0 == NULL) {
9797 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9798 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009799 }
9800
9801 appctx->st2 = STAT_ST_LIST;
9802 /* fall through */
9803
9804 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009805 while (appctx->ctx.cli.p0) {
9806 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009807
9808 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009809 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009810 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009811
9812 if (appctx->ctx.cli.i1 == 0)
9813 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9814
William Lallemand32af2032016-10-29 18:09:35 +02009815 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009816 int head;
9817
9818 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9819 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009820 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009821 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009822
9823 chunk_reset(t2);
9824 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009825 if (ref->key_size_bits == 128) {
9826 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9827 sizeof(struct tls_sess_key_128),
9828 t2->area, t2->size);
9829 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9830 t2->area);
9831 }
9832 else if (ref->key_size_bits == 256) {
9833 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9834 sizeof(struct tls_sess_key_256),
9835 t2->area, t2->size);
9836 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9837 t2->area);
9838 }
9839 else {
9840 /* This case should never happen */
9841 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9842 }
William Lallemand32af2032016-10-29 18:09:35 +02009843
Willy Tarreau06d80a92017-10-19 14:32:15 +02009844 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009845 /* let's try again later from this stream. We add ourselves into
9846 * this stream's users so that it can remove us upon termination.
9847 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009848 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009849 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009850 return 0;
9851 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009852 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009853 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009854 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009855 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009856 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009857 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009858 /* let's try again later from this stream. We add ourselves into
9859 * this stream's users so that it can remove us upon termination.
9860 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009861 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009862 return 0;
9863 }
9864
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009865 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009866 break;
9867
9868 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009869 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009870 }
9871
9872 appctx->st2 = STAT_ST_FIN;
9873 /* fall through */
9874
9875 default:
9876 appctx->st2 = STAT_ST_FIN;
9877 return 1;
9878 }
9879 return 0;
9880}
9881
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009882/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009883static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009884{
William Lallemand32af2032016-10-29 18:09:35 +02009885 /* no parameter, shows only file list */
9886 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009887 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009888 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009889 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009890 }
9891
9892 if (args[2][0] == '*') {
9893 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009894 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009895 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009896 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
Willy Tarreau9d008692019-08-09 11:21:01 +02009897 if (!appctx->ctx.cli.p0)
9898 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02009899 }
William Lallemand32af2032016-10-29 18:09:35 +02009900 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009901 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009902}
9903
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009904static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009905{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009906 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009907 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009908
William Lallemand32af2032016-10-29 18:09:35 +02009909 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +02009910 if (!*args[3] || !*args[4])
9911 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009912
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009913 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +02009914 if (!ref)
9915 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02009916
Willy Tarreau1c913e42018-08-22 05:26:57 +02009917 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +02009918 if (ret < 0)
9919 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +01009920
Willy Tarreau1c913e42018-08-22 05:26:57 +02009921 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +02009922 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
9923 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009924
Willy Tarreau9d008692019-08-09 11:21:01 +02009925 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +02009926}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009927#endif
William Lallemand32af2032016-10-29 18:09:35 +02009928
William Lallemand44b35322019-10-17 16:28:40 +02009929
9930/* Type of SSL payloads that can be updated over the CLI */
9931
9932enum {
9933 CERT_TYPE_PEM = 0,
9934 CERT_TYPE_OCSP,
9935 CERT_TYPE_ISSUER,
9936 CERT_TYPE_SCTL,
9937 CERT_TYPE_MAX,
9938};
9939
9940struct {
9941 const char *ext;
9942 int type;
9943 int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err);
9944 /* add a parsing callback */
William Lallemandf29cdef2019-10-23 15:00:52 +02009945} cert_exts[CERT_TYPE_MAX+1] = {
William Lallemand44b35322019-10-17 16:28:40 +02009946 [CERT_TYPE_PEM] = { "", CERT_TYPE_PEM, &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */
William Lallemand541a5342019-10-23 14:11:54 +02009947#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +02009948 [CERT_TYPE_OCSP] = { "ocsp", CERT_TYPE_OCSP, &ssl_sock_load_ocsp_response_from_file },
William Lallemand541a5342019-10-23 14:11:54 +02009949#endif
9950#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +02009951 [CERT_TYPE_SCTL] = { "sctl", CERT_TYPE_SCTL, &ssl_sock_load_sctl_from_file },
William Lallemand541a5342019-10-23 14:11:54 +02009952#endif
William Lallemand44b35322019-10-17 16:28:40 +02009953 [CERT_TYPE_ISSUER] = { "issuer", CERT_TYPE_ISSUER, &ssl_sock_load_issuer_file_into_ckch },
William Lallemandf29cdef2019-10-23 15:00:52 +02009954 [CERT_TYPE_MAX] = { NULL, CERT_TYPE_MAX, NULL },
William Lallemand44b35322019-10-17 16:28:40 +02009955};
9956
William Lallemand430413e2019-10-28 14:30:47 +01009957/* states of the CLI IO handler for 'set ssl cert' */
9958enum {
9959 SETCERT_ST_INIT = 0,
9960 SETCERT_ST_GEN,
9961 SETCERT_ST_INSERT,
9962 SETCERT_ST_FIN,
9963};
William Lallemand8f840d72019-10-23 10:53:05 +02009964
William Lallemand430413e2019-10-28 14:30:47 +01009965/* release function of the `set ssl cert' command, free things and unlock the spinlock */
William Lallemand8f840d72019-10-23 10:53:05 +02009966static void cli_release_set_cert(struct appctx *appctx)
9967{
9968 struct ckch_store *new_ckchs;
9969 struct ckch_inst *ckchi, *ckchis;
9970 int it;
9971
William Lallemand430413e2019-10-28 14:30:47 +01009972 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand8f840d72019-10-23 10:53:05 +02009973
William Lallemand430413e2019-10-28 14:30:47 +01009974 if (appctx->st2 != SETCERT_ST_FIN) {
William Lallemand8f840d72019-10-23 10:53:05 +02009975 /* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
9976 for (it = 0; it < 2; it++) {
9977 new_ckchs = appctx->ctx.ssl.n[it].new_ckchs;
9978
9979 if (!new_ckchs)
9980 continue;
9981
9982 /* if the allocation failed, we need to free everything from the temporary list */
9983 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
9984 struct sni_ctx *sc0, *sc0s;
9985
9986 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
9987 if (sc0->order == 0) /* we only free if it's the first inserted */
9988 SSL_CTX_free(sc0->ctx);
9989 LIST_DEL(&sc0->by_ckch_inst);
9990 free(sc0);
9991 }
9992 LIST_DEL(&ckchi->by_ckchs);
9993 free(ckchi);
9994 }
9995 ckchs_free(new_ckchs);
9996 }
9997 }
9998}
9999
10000
10001/*
10002 * This function tries to create the new ckch_inst and their SNIs
10003 */
10004static int cli_io_handler_set_cert(struct appctx *appctx)
10005{
10006 struct stream_interface *si = appctx->owner;
10007 int y = 0;
10008 char *err = NULL;
10009 int errcode = 0;
10010 struct ckch_store *old_ckchs, *new_ckchs = NULL;
10011 struct ckch_inst *ckchi, *ckchis;
10012 char *path = appctx->ctx.ssl.path;
10013 int it = appctx->ctx.ssl.it; /* 0 non-bundle, 1 = bundle */
10014 struct buffer *trash = alloc_trash_chunk();
10015
10016 if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
10017 goto error;
10018
William Lallemand430413e2019-10-28 14:30:47 +010010019 while (1) {
10020 switch (appctx->st2) {
10021 case SETCERT_ST_INIT:
10022 /* This state just print the update message */
10023 chunk_printf(trash, "Updating %s", path);
10024 if (ci_putchk(si_ic(si), trash) == -1) {
10025 si_rx_room_blk(si);
William Lallemand8f840d72019-10-23 10:53:05 +020010026 goto yield;
William Lallemand430413e2019-10-28 14:30:47 +010010027 }
10028 appctx->st2 = SETCERT_ST_GEN;
10029 /* fallthrough */
10030 case SETCERT_ST_GEN:
10031 /*
10032 * This state generates the ckch instances with their
10033 * sni_ctxs and SSL_CTX.
10034 *
10035 * This step could be done twice (without considering
10036 * the yields), once for a cert, and once for a bundle.
10037 *
10038 * Since the SSL_CTX generation can be CPU consumer, we
10039 * yield every 10 instances.
10040 */
10041 for (; it < 2; it++) { /* we don't init it there because of the yield */
William Lallemand8f840d72019-10-23 10:53:05 +020010042
William Lallemand430413e2019-10-28 14:30:47 +010010043 old_ckchs = appctx->ctx.ssl.n[it].old_ckchs;
10044 new_ckchs = appctx->ctx.ssl.n[it].new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010045
William Lallemand430413e2019-10-28 14:30:47 +010010046 if (!new_ckchs)
10047 continue;
William Lallemand8f840d72019-10-23 10:53:05 +020010048
William Lallemand430413e2019-10-28 14:30:47 +010010049 /* get the next ckchi to regenerate */
10050 ckchi = appctx->ctx.ssl.n[it].next_ckchi;
10051 /* we didn't start yet, set it to the first elem */
10052 if (ckchi == NULL)
10053 ckchi = LIST_ELEM(old_ckchs->ckch_inst.n, typeof(ckchi), by_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010054
William Lallemand430413e2019-10-28 14:30:47 +010010055 /* walk through the old ckch_inst and creates new ckch_inst using the updated ckchs */
10056 list_for_each_entry_from(ckchi, &old_ckchs->ckch_inst, by_ckchs) {
10057 struct ckch_inst *new_inst;
William Lallemand8f840d72019-10-23 10:53:05 +020010058
William Lallemand430413e2019-10-28 14:30:47 +010010059 /* it takes a lot of CPU to creates SSL_CTXs, so we yield every 10 CKCH instances */
10060 if (y >= 10) {
10061 /* save the next ckchi to compute */
10062 appctx->ctx.ssl.n[it].next_ckchi = ckchi;
10063 appctx->ctx.ssl.it = it;
10064 goto yield;
10065 }
William Lallemand8f840d72019-10-23 10:53:05 +020010066
William Lallemand430413e2019-10-28 14:30:47 +010010067 if (new_ckchs->multi)
10068 errcode |= ckch_inst_new_load_multi_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
10069 else
10070 errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
William Lallemand8f840d72019-10-23 10:53:05 +020010071
William Lallemand430413e2019-10-28 14:30:47 +010010072 if (errcode & ERR_CODE)
10073 goto error;
William Lallemand8f840d72019-10-23 10:53:05 +020010074
William Lallemand430413e2019-10-28 14:30:47 +010010075 /* display one dot per new instance */
10076 chunk_appendf(trash, ".");
10077 /* link the new ckch_inst to the duplicate */
10078 LIST_ADDQ(&new_ckchs->ckch_inst, &new_inst->by_ckchs);
10079 y++;
10080 }
William Lallemand8f840d72019-10-23 10:53:05 +020010081 }
William Lallemand430413e2019-10-28 14:30:47 +010010082 appctx->st2 = SETCERT_ST_INSERT;
10083 /* fallthrough */
10084 case SETCERT_ST_INSERT:
10085 /* The generation is finished, we can insert everything */
William Lallemand8f840d72019-10-23 10:53:05 +020010086
William Lallemand430413e2019-10-28 14:30:47 +010010087 for (it = 0; it < 2; it++) {
10088 old_ckchs = appctx->ctx.ssl.n[it].old_ckchs;
10089 new_ckchs = appctx->ctx.ssl.n[it].new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010090
William Lallemand430413e2019-10-28 14:30:47 +010010091 if (!new_ckchs)
10092 continue;
10093
10094 /* First, we insert every new SNIs in the trees */
10095 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10096 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10097 ssl_sock_load_cert_sni(ckchi, ckchi->bind_conf);
10098 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
William Lallemand8f840d72019-10-23 10:53:05 +020010099 }
William Lallemand8f840d72019-10-23 10:53:05 +020010100
William Lallemand430413e2019-10-28 14:30:47 +010010101 /* delete the old sni_ctx, the old ckch_insts and the ckch_store */
10102 list_for_each_entry_safe(ckchi, ckchis, &old_ckchs->ckch_inst, by_ckchs) {
10103 struct sni_ctx *sc0, *sc0s;
10104
10105 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10106 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10107 ebmb_delete(&sc0->name);
10108 LIST_DEL(&sc0->by_ckch_inst);
10109 free(sc0);
10110 }
10111 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10112 LIST_DEL(&ckchi->by_ckchs);
10113 free(ckchi);
10114 }
William Lallemand8f840d72019-10-23 10:53:05 +020010115
William Lallemand430413e2019-10-28 14:30:47 +010010116 /* Replace the old ckchs by the new one */
10117 ebmb_delete(&old_ckchs->node);
10118 ckchs_free(old_ckchs);
10119 ebst_insert(&ckchs_tree, &new_ckchs->node);
10120 }
10121 appctx->st2 = SETCERT_ST_FIN;
10122 /* fallthrough */
10123 case SETCERT_ST_FIN:
10124 goto end;
10125 }
William Lallemand8f840d72019-10-23 10:53:05 +020010126 }
William Lallemand430413e2019-10-28 14:30:47 +010010127end:
William Lallemand8f840d72019-10-23 10:53:05 +020010128
William Lallemand430413e2019-10-28 14:30:47 +010010129 chunk_appendf(trash, "\nSuccess!");
10130 if (ci_putchk(si_ic(si), trash) == -1)
10131 si_rx_room_blk(si);
10132 free_trash_chunk(trash);
10133 /* success: call the release function and don't come back */
10134 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010135yield:
10136 /* store the state */
10137 if (ci_putchk(si_ic(si), trash) == -1)
10138 si_rx_room_blk(si);
10139 free_trash_chunk(trash);
10140 si_rx_endp_more(si); /* let's come back later */
William Lallemand8f840d72019-10-23 10:53:05 +020010141 return 0; /* should come back */
10142
10143error:
10144 /* spin unlock and free are done in the release function */
William Lallemand8f840d72019-10-23 10:53:05 +020010145 chunk_appendf(trash, "\n%sFailed!", err);
10146 if (ci_putchk(si_ic(si), trash) == -1)
10147 si_rx_room_blk(si);
10148 free_trash_chunk(trash);
William Lallemand430413e2019-10-28 14:30:47 +010010149 /* error: call the release function and don't come back */
10150 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010151}
10152/*
10153 * Parsing function of `set ssl cert`, try
10154 */
William Lallemand150bfa82019-09-19 17:12:49 +020010155static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, void *private)
10156{
William Lallemand0c3b7d92019-10-18 11:27:07 +020010157 struct ckch_store *new_ckchs = NULL;
William Lallemand8f840d72019-10-23 10:53:05 +020010158 struct ckch_store *old_ckchs = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010159 struct cert_key_and_chain *ckch;
William Lallemand44b35322019-10-17 16:28:40 +020010160 char *tmpfp = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010161 char *err = NULL;
William Lallemand963b2e72019-10-14 11:38:36 +020010162 int i;
William Lallemand150bfa82019-09-19 17:12:49 +020010163 int found = 0;
William Lallemand849eed62019-10-17 16:23:50 +020010164 int bundle = -1; /* TRUE if >= 0 (ckch index) */
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010165 int errcode = 0;
William Lallemand44b35322019-10-17 16:28:40 +020010166 char *end;
10167 int type = CERT_TYPE_PEM;
William Lallemand8f840d72019-10-23 10:53:05 +020010168 struct buffer *buf = alloc_trash_chunk();
10169
10170 /* init the appctx structure */
William Lallemand430413e2019-10-28 14:30:47 +010010171 appctx->st2 = SETCERT_ST_INIT;
William Lallemand8f840d72019-10-23 10:53:05 +020010172 appctx->ctx.ssl.it = 0;
10173 appctx->ctx.ssl.n[0].next_ckchi = NULL;
10174 appctx->ctx.ssl.n[0].new_ckchs = NULL;
10175 appctx->ctx.ssl.n[0].old_ckchs = NULL;
10176 appctx->ctx.ssl.n[1].next_ckchi = NULL;
10177 appctx->ctx.ssl.n[1].new_ckchs = NULL;
10178 appctx->ctx.ssl.n[1].old_ckchs = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010179
10180 if (!*args[3] || !payload)
10181 return cli_err(appctx, "'set ssl cert expects a filename and a certificat as a payload\n");
10182
10183 /* The operations on the CKCH architecture are locked so we can
10184 * manipulate ckch_store and ckch_inst */
10185 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10186 return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
10187
William Lallemand8f840d72019-10-23 10:53:05 +020010188
10189 appctx->ctx.ssl.path = strdup(args[3]);
10190 if (!appctx->ctx.ssl.path) {
10191 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10192 errcode |= ERR_ALERT | ERR_FATAL;
10193 goto end;
10194 }
10195
10196 if (!chunk_strcpy(buf, args[3])) {
10197 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10198 errcode |= ERR_ALERT | ERR_FATAL;
10199 goto end;
10200 }
10201
William Lallemand44b35322019-10-17 16:28:40 +020010202 /* check which type of file we want to update */
William Lallemandf29cdef2019-10-23 15:00:52 +020010203 for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) {
William Lallemand8f840d72019-10-23 10:53:05 +020010204 end = strrchr(buf->area, '.');
William Lallemand44b35322019-10-17 16:28:40 +020010205 if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) {
10206 *end = '\0';
10207 type = cert_exts[i].type;
10208 break;
10209 }
10210 }
10211
William Lallemand150bfa82019-09-19 17:12:49 +020010212 for (i = 0; i < 2; i++) {
10213
William Lallemand8f840d72019-10-23 10:53:05 +020010214 if ((old_ckchs = ckchs_lookup(buf->area)) != NULL) {
10215 /* only the bundle name is in the tree and you should
10216 * never update a bundle name, only a filename */
10217 if (bundle < 0 && old_ckchs->multi) {
10218 /* we tried to look for a non-bundle and we found a bundle */
William Lallemand150bfa82019-09-19 17:12:49 +020010219 memprintf(&err, "%s%s is a multi-cert bundle. Try updating %s.{dsa,rsa,ecdsa}\n",
10220 err ? err : "", args[3], args[3]);
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010221 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand150bfa82019-09-19 17:12:49 +020010222 goto end;
10223 }
10224
William Lallemand8f840d72019-10-23 10:53:05 +020010225 /* If we want a bundle but this is not a bundle */
10226 /* note that it should never happen */
10227 if (bundle >= 0 && old_ckchs->multi == 0)
10228 goto end;
William Lallemand849eed62019-10-17 16:23:50 +020010229
William Lallemand8f840d72019-10-23 10:53:05 +020010230 /* TODO: handle filters */
10231 if (old_ckchs->filters) {
William Lallemand150bfa82019-09-19 17:12:49 +020010232 memprintf(&err, "%sCertificates used in crt-list with filters are not supported!\n",
10233 err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010234 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand150bfa82019-09-19 17:12:49 +020010235 goto end;
10236 }
10237
William Lallemand0c3b7d92019-10-18 11:27:07 +020010238 /* duplicate the ckch store */
William Lallemand8f840d72019-10-23 10:53:05 +020010239 new_ckchs = ckchs_dup(old_ckchs);
William Lallemand0c3b7d92019-10-18 11:27:07 +020010240 if (!new_ckchs) {
10241 memprintf(&err, "%sCannot allocate memory!\n",
10242 err ? err : "");
10243 errcode |= ERR_ALERT | ERR_FATAL;
10244 goto end;
10245 }
10246
10247 if (bundle < 0)
10248 ckch = new_ckchs->ckch;
10249 else
10250 ckch = &new_ckchs->ckch[bundle];
10251
William Lallemand0c3b7d92019-10-18 11:27:07 +020010252 /* appply the change on the duplicate */
William Lallemand44b35322019-10-17 16:28:40 +020010253 if (cert_exts[type].load(tmpfp, payload, ckch, &err) != 0) {
William Lallemand8f840d72019-10-23 10:53:05 +020010254 memprintf(&err, "%sCan't load the payload\n", err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010255 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand150bfa82019-09-19 17:12:49 +020010256 goto end;
10257 }
10258
William Lallemand8f840d72019-10-23 10:53:05 +020010259 /* we store the ptr in the appctx to be processed in the IO handler */
10260 appctx->ctx.ssl.n[i].new_ckchs = new_ckchs;
10261 appctx->ctx.ssl.n[i].old_ckchs = old_ckchs;
William Lallemand150bfa82019-09-19 17:12:49 +020010262
William Lallemand8f840d72019-10-23 10:53:05 +020010263 found = 1;
William Lallemand150bfa82019-09-19 17:12:49 +020010264 }
William Lallemand963b2e72019-10-14 11:38:36 +020010265#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
10266 {
10267 char *end = NULL;
10268 int j;
William Lallemand150bfa82019-09-19 17:12:49 +020010269
William Lallemand8f840d72019-10-23 10:53:05 +020010270 if (bundle >= 0) /* we already looked for a bundle */
10271 break;
William Lallemand963b2e72019-10-14 11:38:36 +020010272 /* check if it was also used as a bundle by removing the
10273 * .dsa/.rsa/.ecdsa at the end of the filename */
William Lallemand8f840d72019-10-23 10:53:05 +020010274 end = strrchr(buf->area, '.');
William Lallemand963b2e72019-10-14 11:38:36 +020010275 for (j = 0; *end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
10276 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10277 bundle = j; /* keep the type of certificate so we insert it at the right place */
10278 *end = '\0'; /* it's a bundle let's end the string*/
10279 break;
10280 }
William Lallemand150bfa82019-09-19 17:12:49 +020010281 }
William Lallemand8f840d72019-10-23 10:53:05 +020010282 if (bundle < 0) /* we didn't find a bundle extension */
10283 break;
William Lallemand150bfa82019-09-19 17:12:49 +020010284 }
William Lallemand963b2e72019-10-14 11:38:36 +020010285#else
10286 /* bundles are not supported here, so we don't need to lookup again */
10287 break;
10288#endif
William Lallemand150bfa82019-09-19 17:12:49 +020010289 }
10290
10291 if (!found) {
William Lallemand150bfa82019-09-19 17:12:49 +020010292 memprintf(&err, "%sCan't replace a certificate name which is not referenced by the configuration!\n",
10293 err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010294 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand8f840d72019-10-23 10:53:05 +020010295 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010296 }
10297
William Lallemand8f840d72019-10-23 10:53:05 +020010298 /* creates the SNI ctxs later in the IO handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010299
William Lallemand8f840d72019-10-23 10:53:05 +020010300end:
10301 free_trash_chunk(buf);
William Lallemand150bfa82019-09-19 17:12:49 +020010302
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010303 if (errcode & ERR_CODE) {
William Lallemand8f840d72019-10-23 10:53:05 +020010304 /* we release the spinlock and free the unused structures in the release function */
William Lallemand1212db42019-10-28 14:26:56 +010010305 cli_release_set_cert(appctx);
William Lallemand44b35322019-10-17 16:28:40 +020010306 return cli_dynerr(appctx, memprintf(&err, "%sCan't update %s!\n", err ? err : "", args[3]));
William Lallemand430413e2019-10-28 14:30:47 +010010307 } else {
William Lallemand8f840d72019-10-23 10:53:05 +020010308 return 0;
William Lallemand430413e2019-10-28 14:30:47 +010010309 }
William Lallemand8f840d72019-10-23 10:53:05 +020010310 /* TODO: handle the ERR_WARN which are not handled because of the io_handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010311}
10312
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010313static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010314{
10315#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
10316 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010317 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010318
10319 if (!payload)
10320 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +020010321
10322 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010323 if (!*payload)
10324 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010325
10326 /* remove \r and \n from the payload */
10327 for (i = 0, j = 0; payload[i]; i++) {
10328 if (payload[i] == '\r' || payload[i] == '\n')
10329 continue;
10330 payload[j++] = payload[i];
10331 }
10332 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010333
Willy Tarreau1c913e42018-08-22 05:26:57 +020010334 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010335 if (ret < 0)
10336 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010337
Willy Tarreau1c913e42018-08-22 05:26:57 +020010338 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +020010339 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +020010340 if (err)
10341 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
10342 else
10343 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010344 }
Willy Tarreau9d008692019-08-09 11:21:01 +020010345
10346 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010347#else
Willy Tarreau9d008692019-08-09 11:21:01 +020010348 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010349#endif
10350
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010351}
10352
Willy Tarreau86a394e2019-05-09 14:15:32 +020010353#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010354static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
10355{
10356 switch (arg->type) {
10357 case ARGT_STR:
10358 smp->data.type = SMP_T_STR;
10359 smp->data.u.str = arg->data.str;
10360 return 1;
10361 case ARGT_VAR:
10362 if (!vars_get_by_desc(&arg->data.var, smp))
10363 return 0;
10364 if (!sample_casts[smp->data.type][SMP_T_STR])
10365 return 0;
10366 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
10367 return 0;
10368 return 1;
10369 default:
10370 return 0;
10371 }
10372}
10373
10374static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
10375 const char *file, int line, char **err)
10376{
10377 switch(args[0].data.sint) {
10378 case 128:
10379 case 192:
10380 case 256:
10381 break;
10382 default:
10383 memprintf(err, "key size must be 128, 192 or 256 (bits).");
10384 return 0;
10385 }
10386 /* Try to decode a variable. */
10387 vars_check_arg(&args[1], NULL);
10388 vars_check_arg(&args[2], NULL);
10389 vars_check_arg(&args[3], NULL);
10390 return 1;
10391}
10392
10393/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
10394static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
10395{
10396 struct sample nonce, key, aead_tag;
10397 struct buffer *smp_trash, *smp_trash_alloc;
10398 EVP_CIPHER_CTX *ctx;
10399 int dec_size, ret;
10400
10401 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
10402 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
10403 return 0;
10404
10405 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
10406 if (!sample_conv_var2smp_str(&arg_p[2], &key))
10407 return 0;
10408
10409 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
10410 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
10411 return 0;
10412
10413 smp_trash = get_trash_chunk();
10414 smp_trash_alloc = alloc_trash_chunk();
10415 if (!smp_trash_alloc)
10416 return 0;
10417
10418 ctx = EVP_CIPHER_CTX_new();
10419
10420 if (!ctx)
10421 goto err;
10422
10423 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
10424 if (dec_size < 0)
10425 goto err;
10426 smp_trash->data = dec_size;
10427
10428 /* Set cipher type and mode */
10429 switch(arg_p[0].data.sint) {
10430 case 128:
10431 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
10432 break;
10433 case 192:
10434 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
10435 break;
10436 case 256:
10437 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
10438 break;
10439 }
10440
10441 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
10442
10443 /* Initialise IV */
10444 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
10445 goto err;
10446
10447 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
10448 if (dec_size < 0)
10449 goto err;
10450 smp_trash->data = dec_size;
10451
10452 /* Initialise key */
10453 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
10454 goto err;
10455
10456 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
10457 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
10458 goto err;
10459
10460 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
10461 if (dec_size < 0)
10462 goto err;
10463 smp_trash_alloc->data = dec_size;
10464 dec_size = smp_trash->data;
10465
10466 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
10467 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
10468
10469 if (ret <= 0)
10470 goto err;
10471
10472 smp->data.u.str.data = dec_size + smp_trash->data;
10473 smp->data.u.str.area = smp_trash->area;
10474 smp->data.type = SMP_T_BIN;
10475 smp->flags &= ~SMP_F_CONST;
10476 free_trash_chunk(smp_trash_alloc);
10477 return 1;
10478
10479err:
10480 free_trash_chunk(smp_trash_alloc);
10481 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010482}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010483# endif
William Lallemand32af2032016-10-29 18:09:35 +020010484
10485/* register cli keywords */
10486static struct cli_kw_list cli_kws = {{ },{
10487#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10488 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +020010489 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +020010490#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010010491 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand8f840d72019-10-23 10:53:05 +020010492 { { "set", "ssl", "cert", NULL }, "set ssl cert <certfile> <payload> : replace a certificate file", cli_parse_set_cert, cli_io_handler_set_cert, cli_release_set_cert },
William Lallemand32af2032016-10-29 18:09:35 +020010493 { { NULL }, NULL, NULL, NULL }
10494}};
10495
Willy Tarreau0108d902018-11-25 19:14:37 +010010496INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +020010497
Willy Tarreau7875d092012-09-10 08:20:03 +020010498/* Note: must not be declared <const> as its list will be overwritten.
10499 * Please take care of keeping this list alphabetically sorted.
10500 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010501static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +020010502 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010503 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010504#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +010010505 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010506#endif
Emeric Brun645ae792014-04-30 14:21:06 +020010507 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010508#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
10509 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
10510#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +010010511 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +020010512 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +020010513 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010514 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010515#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +020010516 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -040010517#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010518#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040010519 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
10520 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -040010521 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
10522#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010523 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
10524 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010010525 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010526 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020010527 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10528 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10529 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10530 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10531 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10532 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10533 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10534 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010535 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010536 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
10537 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010010538 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020010539 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10540 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10541 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10542 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10543 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10544 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10545 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +020010546 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010547 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010548 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010549 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010550 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010551 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010552 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010553 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +020010554 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +010010555#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010556 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +020010557#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +010010558#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010559 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +020010560#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010561 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010562#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +020010563 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010564#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010565 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010566#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010567 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010568#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010569#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040010570 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10571 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -040010572 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10573#endif
Patrick Hemmer41966772018-04-28 19:15:48 -040010574#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010575 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010576#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010010577 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10578 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10579 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10580 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +020010581 { NULL, NULL, 0, 0, 0 },
10582}};
10583
Willy Tarreau0108d902018-11-25 19:14:37 +010010584INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
10585
Willy Tarreau7875d092012-09-10 08:20:03 +020010586/* Note: must not be declared <const> as its list will be overwritten.
10587 * Please take care of keeping this list alphabetically sorted.
10588 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010589static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010590 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
10591 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +010010592 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +020010593}};
10594
Willy Tarreau0108d902018-11-25 19:14:37 +010010595INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
10596
Willy Tarreau79eeafa2012-09-14 07:53:05 +020010597/* Note: must not be declared <const> as its list will be overwritten.
10598 * Please take care of keeping this list alphabetically sorted, doing so helps
10599 * all code contributors.
10600 * Optional keywords are also declared with a NULL ->parse() function so that
10601 * the config parser can report an appropriate error when a known keyword was
10602 * not enabled.
10603 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010604static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +020010605 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010606 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
10607 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
10608 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010609#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010610 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
10611#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010612 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +010010613 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010614 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020010615 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010616 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +020010617 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
10618 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010619 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
10620 { NULL, NULL, 0 },
10621};
10622
Willy Tarreau0108d902018-11-25 19:14:37 +010010623/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
10624
Willy Tarreau51fb7652012-09-18 18:24:39 +020010625static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +020010626 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010627 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
10628 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
10629 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
10630 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
10631 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
10632 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010633#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010634 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
10635#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010636 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
10637 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
10638 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
10639 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
10640 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
10641 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
10642 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
10643 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
10644 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
10645 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020010646 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010647 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020010648 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010649 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
10650 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
10651 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
10652 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020010653 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010654 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
10655 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010656 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
10657 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010658 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
10659 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
10660 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
10661 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
10662 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +020010663 { NULL, NULL, 0 },
10664}};
Emeric Brun46591952012-05-18 15:47:34 +020010665
Willy Tarreau0108d902018-11-25 19:14:37 +010010666INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
10667
Willy Tarreau92faadf2012-10-10 23:04:25 +020010668/* Note: must not be declared <const> as its list will be overwritten.
10669 * Please take care of keeping this list alphabetically sorted, doing so helps
10670 * all code contributors.
10671 * Optional keywords are also declared with a NULL ->parse() function so that
10672 * the config parser can report an appropriate error when a known keyword was
10673 * not enabled.
10674 */
10675static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +010010676 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +010010677 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010678 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +010010679 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +020010680 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010681 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
10682 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010683#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010684 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
10685#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010686 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
10687 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
10688 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
10689 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
10690 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
10691 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
10692 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
10693 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
10694 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
10695 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
10696 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
10697 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
10698 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
10699 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
10700 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
10701 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
10702 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
10703 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +010010704 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010705 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
10706 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
10707 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
10708 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
10709 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
10710 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
10711 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
10712 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
10713 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
10714 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +020010715 { NULL, NULL, 0, 0 },
10716}};
10717
Willy Tarreau0108d902018-11-25 19:14:37 +010010718INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
10719
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010720static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +010010721 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
10722 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +010010723 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010724 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
10725 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +010010726#ifndef OPENSSL_NO_DH
10727 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
10728#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010729 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010730#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010731 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010732#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +010010733 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
10734#ifndef OPENSSL_NO_DH
10735 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
10736#endif
10737 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
10738 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
10739 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
10740 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010010741 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +010010742 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
10743 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010744#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010745 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
10746 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
10747#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010748 { 0, NULL, NULL },
10749}};
10750
Willy Tarreau0108d902018-11-25 19:14:37 +010010751INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
10752
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010753/* Note: must not be declared <const> as its list will be overwritten */
10754static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +020010755#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010756 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
10757#endif
10758 { NULL, NULL, 0, 0, 0 },
10759}};
10760
10761INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
10762
Willy Tarreauf7bc57c2012-10-03 00:19:48 +020010763/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +010010764static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +020010765 .snd_buf = ssl_sock_from_buf,
10766 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +010010767 .subscribe = ssl_subscribe,
10768 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +020010769 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +020010770 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +020010771 .rcv_pipe = NULL,
10772 .snd_pipe = NULL,
10773 .shutr = NULL,
10774 .shutw = ssl_sock_shutw,
10775 .close = ssl_sock_close,
10776 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +010010777 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +010010778 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +010010779 .prepare_srv = ssl_sock_prepare_srv_ctx,
10780 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +010010781 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +010010782 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +020010783};
10784
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010785enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
10786 struct session *sess, struct stream *s, int flags)
10787{
10788 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010789 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010790
10791 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010792 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010793
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010794 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010795 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010796 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010797 s->req.flags |= CF_READ_NULL;
10798 return ACT_RET_YIELD;
10799 }
10800 }
10801 return (ACT_RET_CONT);
10802}
10803
10804static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
10805{
10806 rule->action_ptr = ssl_action_wait_for_hs;
10807
10808 return ACT_RET_PRS_OK;
10809}
10810
10811static struct action_kw_list http_req_actions = {ILH, {
10812 { "wait-for-handshake", ssl_parse_wait_for_hs },
10813 { /* END */ }
10814}};
10815
Willy Tarreau0108d902018-11-25 19:14:37 +010010816INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
10817
Willy Tarreau5db847a2019-05-09 14:13:35 +020010818#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010819
10820static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10821{
10822 if (ptr) {
10823 chunk_destroy(ptr);
10824 free(ptr);
10825 }
10826}
10827
10828#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010829static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10830{
Willy Tarreaubafbe012017-11-24 17:34:44 +010010831 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010832}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010833
Emeric Brun46591952012-05-18 15:47:34 +020010834__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020010835static void __ssl_sock_init(void)
10836{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010837#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010838 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010839 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010840#endif
Emeric Brun46591952012-05-18 15:47:34 +020010841
Willy Tarreauef934602016-12-22 23:12:01 +010010842 if (global_ssl.listen_default_ciphers)
10843 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
10844 if (global_ssl.connect_default_ciphers)
10845 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010846#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010847 if (global_ssl.listen_default_ciphersuites)
10848 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
10849 if (global_ssl.connect_default_ciphersuites)
10850 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
10851#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010010852
Willy Tarreau13e14102016-12-22 20:25:26 +010010853 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010854#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020010855 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080010856#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010857#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010858 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010859 n = sk_SSL_COMP_num(cm);
10860 while (n--) {
10861 (void) sk_SSL_COMP_pop(cm);
10862 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010863#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010864
Willy Tarreau5db847a2019-05-09 14:13:35 +020010865#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010866 ssl_locking_init();
10867#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020010868#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010869 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
10870#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020010871 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020010872 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +010010873 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010874#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010875 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010876 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010877#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010010878#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10879 hap_register_post_check(tlskeys_finalize_config);
10880#endif
Willy Tarreau80713382018-11-26 10:19:54 +010010881
10882 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
10883 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
10884
10885#ifndef OPENSSL_NO_DH
10886 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
10887 hap_register_post_deinit(ssl_free_dh);
10888#endif
10889#ifndef OPENSSL_NO_ENGINE
10890 hap_register_post_deinit(ssl_free_engines);
10891#endif
10892 /* Load SSL string for the verbose & debug mode. */
10893 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020010894 ha_meth = BIO_meth_new(0x666, "ha methods");
10895 BIO_meth_set_write(ha_meth, ha_ssl_write);
10896 BIO_meth_set_read(ha_meth, ha_ssl_read);
10897 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
10898 BIO_meth_set_create(ha_meth, ha_ssl_new);
10899 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
10900 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
10901 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
William Lallemand150bfa82019-09-19 17:12:49 +020010902
10903 HA_SPIN_INIT(&ckch_lock);
Willy Tarreau80713382018-11-26 10:19:54 +010010904}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010010905
Willy Tarreau80713382018-11-26 10:19:54 +010010906/* Compute and register the version string */
10907static void ssl_register_build_options()
10908{
10909 char *ptr = NULL;
10910 int i;
10911
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010912 memprintf(&ptr, "Built with OpenSSL version : "
10913#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010914 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010915#else /* OPENSSL_IS_BORINGSSL */
10916 OPENSSL_VERSION_TEXT
10917 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010918 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010919 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010920#endif
10921 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010922#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010923 "no (library version too old)"
10924#elif defined(OPENSSL_NO_TLSEXT)
10925 "no (disabled via OPENSSL_NO_TLSEXT)"
10926#else
10927 "yes"
10928#endif
10929 "", ptr);
10930
10931 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10932#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10933 "yes"
10934#else
10935#ifdef OPENSSL_NO_TLSEXT
10936 "no (because of OPENSSL_NO_TLSEXT)"
10937#else
10938 "no (version might be too old, 0.9.8f min needed)"
10939#endif
10940#endif
10941 "", ptr);
10942
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010943 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10944 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10945 if (methodVersions[i].option)
10946 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010947
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010948 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010949}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010950
Willy Tarreau80713382018-11-26 10:19:54 +010010951INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010952
Emeric Brun46591952012-05-18 15:47:34 +020010953
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010954#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010955void ssl_free_engines(void) {
10956 struct ssl_engine_list *wl, *wlb;
10957 /* free up engine list */
10958 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10959 ENGINE_finish(wl->e);
10960 ENGINE_free(wl->e);
10961 LIST_DEL(&wl->list);
10962 free(wl);
10963 }
10964}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010965#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010966
Remi Gacogned3a23c32015-05-28 16:39:47 +020010967#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010968void ssl_free_dh(void) {
10969 if (local_dh_1024) {
10970 DH_free(local_dh_1024);
10971 local_dh_1024 = NULL;
10972 }
10973 if (local_dh_2048) {
10974 DH_free(local_dh_2048);
10975 local_dh_2048 = NULL;
10976 }
10977 if (local_dh_4096) {
10978 DH_free(local_dh_4096);
10979 local_dh_4096 = NULL;
10980 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010981 if (global_dh) {
10982 DH_free(global_dh);
10983 global_dh = NULL;
10984 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010985}
10986#endif
10987
10988__attribute__((destructor))
10989static void __ssl_sock_deinit(void)
10990{
10991#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010992 if (ssl_ctx_lru_tree) {
10993 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010994 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010995 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010996#endif
10997
Willy Tarreau5db847a2019-05-09 14:13:35 +020010998#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010999 ERR_remove_state(0);
11000 ERR_free_strings();
11001
11002 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080011003#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020011004
Willy Tarreau5db847a2019-05-09 14:13:35 +020011005#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011006 CRYPTO_cleanup_all_ex_data();
11007#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020011008 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020011009}
11010
11011
Emeric Brun46591952012-05-18 15:47:34 +020011012/*
11013 * Local variables:
11014 * c-indent-level: 8
11015 * c-basic-offset: 8
11016 * End:
11017 */