blob: cf1b860f76e906bbf81057d8c196bac3137048c4 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Rosen Penev68185952018-12-14 08:47:02 -080042#include <openssl/bn.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020043#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020044#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020045#include <openssl/x509.h>
46#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020047#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010048#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020049#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010050#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020051#include <openssl/ocsp.h>
52#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020053#ifndef OPENSSL_NO_DH
54#include <openssl/dh.h>
55#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020056#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000057#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020058#endif
Emeric Brun46591952012-05-18 15:47:34 +020059
Ilya Shipitsin54832b92019-05-05 23:27:54 +050060#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000061#include <openssl/async.h>
62#endif
63
Rosen Penev68185952018-12-14 08:47:02 -080064#ifndef OPENSSL_VERSION
65#define OPENSSL_VERSION SSLEAY_VERSION
66#define OpenSSL_version(x) SSLeay_version(x)
67#define OpenSSL_version_num SSLeay
68#endif
69
70#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
71#define X509_getm_notBefore X509_get_notBefore
72#define X509_getm_notAfter X509_get_notAfter
73#endif
74
Emmanuel Hocdet2b4edfb2019-04-01 18:24:38 +020075#if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010076#define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
77#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
78#endif
79
Christopher Faulet31af49d2015-06-09 17:29:50 +020080#include <import/lru.h>
81#include <import/xxhash.h>
82
Emeric Brun46591952012-05-18 15:47:34 +020083#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020084#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020085#include <common/compat.h>
86#include <common/config.h>
87#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020088#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010089#include <common/initcall.h>
Emeric Brun46591952012-05-18 15:47:34 +020090#include <common/standard.h>
91#include <common/ticks.h>
92#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010093#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010094#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020095
Emeric Brunfc0421f2012-09-07 17:30:07 +020096#include <ebsttree.h>
97
William Lallemand32af2032016-10-29 18:09:35 +020098#include <types/applet.h>
99#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200100#include <types/global.h>
101#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +0200102#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200103
Willy Tarreau7875d092012-09-10 08:20:03 +0200104#include <proto/acl.h>
105#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +0200106#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +0200107#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +0200108#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +0200109#include <proto/fd.h>
110#include <proto/freq_ctr.h>
111#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +0200112#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +0200113#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200114#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +0100115#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +0200116#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +0200117#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +0200118#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +0200119#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200120#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200121#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200122#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200123#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200124#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200125#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +0100126#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +0200127
Willy Tarreau518cedd2014-02-17 15:43:01 +0100128/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200129#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100130#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100131#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200132#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
133
Emeric Brunf282a812012-09-21 15:27:54 +0200134/* bits 0xFFFF0000 are reserved to store verify errors */
135
136/* Verify errors macros */
137#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
138#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
139#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
140
141#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
142#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
143#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200144
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100145/* Supported hash function for TLS tickets */
146#ifdef OPENSSL_NO_SHA256
147#define HASH_FUNCT EVP_sha1
148#else
149#define HASH_FUNCT EVP_sha256
150#endif /* OPENSSL_NO_SHA256 */
151
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200152/* ssl_methods flags for ssl options */
153#define MC_SSL_O_ALL 0x0000
154#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
155#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
156#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
157#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200158#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200159
160/* ssl_methods versions */
161enum {
162 CONF_TLSV_NONE = 0,
163 CONF_TLSV_MIN = 1,
164 CONF_SSLV3 = 1,
165 CONF_TLSV10 = 2,
166 CONF_TLSV11 = 3,
167 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200168 CONF_TLSV13 = 5,
169 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200170};
171
Emeric Brun850efd52014-01-29 12:24:34 +0100172/* server and bind verify method, it uses a global value as default */
173enum {
174 SSL_SOCK_VERIFY_DEFAULT = 0,
175 SSL_SOCK_VERIFY_REQUIRED = 1,
176 SSL_SOCK_VERIFY_OPTIONAL = 2,
177 SSL_SOCK_VERIFY_NONE = 3,
178};
179
William Lallemand3f85c9a2017-10-09 16:30:50 +0200180
Willy Tarreau71b734c2014-01-28 15:19:44 +0100181int sslconns = 0;
182int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100183static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100184int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200185
Willy Tarreauef934602016-12-22 23:12:01 +0100186static struct {
187 char *crt_base; /* base directory path for certificates */
188 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000189 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100190
191 char *listen_default_ciphers;
192 char *connect_default_ciphers;
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200193#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
194 char *listen_default_ciphersuites;
195 char *connect_default_ciphersuites;
196#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100197 int listen_default_ssloptions;
198 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200199 struct tls_version_filter listen_default_sslmethods;
200 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100201
202 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
203 unsigned int life_time; /* SSL session lifetime in seconds */
204 unsigned int max_record; /* SSL max record size */
205 unsigned int default_dh_param; /* SSL maximum DH parameter size */
206 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100207 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100208} global_ssl = {
209#ifdef LISTEN_DEFAULT_CIPHERS
210 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
211#endif
212#ifdef CONNECT_DEFAULT_CIPHERS
213 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
214#endif
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200215#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
216#ifdef LISTEN_DEFAULT_CIPHERSUITES
217 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
218#endif
219#ifdef CONNECT_DEFAULT_CIPHERSUITES
220 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
221#endif
222#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100223 .listen_default_ssloptions = BC_SSL_O_NONE,
224 .connect_default_ssloptions = SRV_SSL_O_NONE,
225
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200226 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
227 .listen_default_sslmethods.min = CONF_TLSV_NONE,
228 .listen_default_sslmethods.max = CONF_TLSV_NONE,
229 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
230 .connect_default_sslmethods.min = CONF_TLSV_NONE,
231 .connect_default_sslmethods.max = CONF_TLSV_NONE,
232
Willy Tarreauef934602016-12-22 23:12:01 +0100233#ifdef DEFAULT_SSL_MAX_RECORD
234 .max_record = DEFAULT_SSL_MAX_RECORD,
235#endif
236 .default_dh_param = SSL_DEFAULT_DH_PARAM,
237 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100238 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100239};
240
Olivier Houcharda8955d52019-04-07 22:00:38 +0200241static BIO_METHOD *ha_meth;
242
Olivier Houchard66ab4982019-02-26 18:37:15 +0100243struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100245 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200246 BIO *bio;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100247 struct xprt_ops *xprt;
248 void *xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100249 int xprt_st; /* transport layer state, initialized to zero */
250 int tmp_early_data; /* 1st byte of early data, if any */
251 int sent_early_data; /* Amount of early data we sent so far */
252
Olivier Houchard66ab4982019-02-26 18:37:15 +0100253};
254
255DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
256
Olivier Houcharda8955d52019-04-07 22:00:38 +0200257/* Methods to implement OpenSSL BIO */
258static int ha_ssl_write(BIO *h, const char *buf, int num)
259{
260 struct buffer tmpbuf;
261 struct ssl_sock_ctx *ctx;
262 int ret;
263
Olivier Houchard66a7b332019-04-18 15:58:15 +0200264#if OPENSSL_VERSION_NUMBER < 0x10100000
265 ctx = h->ptr;
266#else
Olivier Houcharda8955d52019-04-07 22:00:38 +0200267 ctx = BIO_get_data(h);
Olivier Houchard66a7b332019-04-18 15:58:15 +0200268#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +0200269 tmpbuf.size = num;
270 tmpbuf.area = (void *)(uintptr_t)buf;
271 tmpbuf.data = num;
272 tmpbuf.head = 0;
273 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200274 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200275 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200276 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200277 } else if (ret == 0)
278 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200279 return ret;
280}
281
282static int ha_ssl_gets(BIO *h, char *buf, int size)
283{
284
285 return 0;
286}
287
288static int ha_ssl_puts(BIO *h, const char *str)
289{
290
291 return ha_ssl_write(h, str, strlen(str));
292}
293
294static int ha_ssl_read(BIO *h, char *buf, int size)
295{
296 struct buffer tmpbuf;
297 struct ssl_sock_ctx *ctx;
298 int ret;
299
Olivier Houchard66a7b332019-04-18 15:58:15 +0200300#if OPENSSL_VERSION_NUMBER < 0x10100000
301 ctx = h->ptr;
302#else
Olivier Houcharda8955d52019-04-07 22:00:38 +0200303 ctx = BIO_get_data(h);
Olivier Houchard66a7b332019-04-18 15:58:15 +0200304#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +0200305 tmpbuf.size = size;
306 tmpbuf.area = buf;
307 tmpbuf.data = 0;
308 tmpbuf.head = 0;
309 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200310 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200311 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200312 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200313 } else if (ret == 0)
314 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200315
316 return ret;
317}
318
319static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
320{
321 int ret = 0;
322 switch (cmd) {
323 case BIO_CTRL_DUP:
324 case BIO_CTRL_FLUSH:
325 ret = 1;
326 break;
327 }
328 return ret;
329}
330
331static int ha_ssl_new(BIO *h)
332{
Olivier Houchard66a7b332019-04-18 15:58:15 +0200333#if OPENSSL_VERSION_NUMBER < 0x10100000L
334 h->init = 1;
335 h->ptr = NULL;
336#else
Olivier Houcharda8955d52019-04-07 22:00:38 +0200337 BIO_set_init(h, 1);
338 BIO_set_data(h, NULL);
Olivier Houchard66a7b332019-04-18 15:58:15 +0200339#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +0200340 BIO_clear_flags(h, ~0);
341 return 1;
342}
343
344static int ha_ssl_free(BIO *data)
345{
346
347 return 1;
348}
349
350
Rosen Penev68185952018-12-14 08:47:02 -0800351#if defined(USE_THREAD) && ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100352
Emeric Brun821bb9b2017-06-15 16:37:39 +0200353static HA_RWLOCK_T *ssl_rwlocks;
354
355
356unsigned long ssl_id_function(void)
357{
358 return (unsigned long)tid;
359}
360
361void ssl_locking_function(int mode, int n, const char * file, int line)
362{
363 if (mode & CRYPTO_LOCK) {
364 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100365 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200366 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100367 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200368 }
369 else {
370 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100371 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200372 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100373 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200374 }
375}
376
377static int ssl_locking_init(void)
378{
379 int i;
380
381 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
382 if (!ssl_rwlocks)
383 return -1;
384
385 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100386 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200387
388 CRYPTO_set_id_callback(ssl_id_function);
389 CRYPTO_set_locking_callback(ssl_locking_function);
390
391 return 0;
392}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100393
Emeric Brun821bb9b2017-06-15 16:37:39 +0200394#endif
395
396
397
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100398/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100399struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100400 unsigned long long int xxh64;
401 unsigned char ciphersuite_len;
402 char ciphersuite[0];
403};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100404struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100405static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200406static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100407
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100408static int ssl_pkey_info_index = -1;
409
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200410#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
411struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
412#endif
413
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200414#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000415static unsigned int openssl_engines_initialized;
416struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
417struct ssl_engine_list {
418 struct list list;
419 ENGINE *e;
420};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200421#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000422
Remi Gacogne8de54152014-07-15 11:36:40 +0200423#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200424static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200425static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200426static DH *local_dh_1024 = NULL;
427static DH *local_dh_2048 = NULL;
428static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100429static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200430#endif /* OPENSSL_NO_DH */
431
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100432#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200433/* X509V3 Extensions that will be added on generated certificates */
434#define X509V3_EXT_SIZE 5
435static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
436 "basicConstraints",
437 "nsComment",
438 "subjectKeyIdentifier",
439 "authorityKeyIdentifier",
440 "keyUsage",
441};
442static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
443 "CA:FALSE",
444 "\"OpenSSL Generated Certificate\"",
445 "hash",
446 "keyid,issuer:always",
447 "nonRepudiation,digitalSignature,keyEncipherment"
448};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200449/* LRU cache to store generated certificate */
450static struct lru64_head *ssl_ctx_lru_tree = NULL;
451static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200452static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100453__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200454
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200455#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
456
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100457static struct ssl_bind_kw ssl_bind_kws[];
458
yanbzhube2774d2015-12-10 15:07:30 -0500459#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
460/* The order here matters for picking a default context,
461 * keep the most common keytype at the bottom of the list
462 */
463const char *SSL_SOCK_KEYTYPE_NAMES[] = {
464 "dsa",
465 "ecdsa",
466 "rsa"
467};
468#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100469#else
470#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500471#endif
472
William Lallemandc3cd35f2017-11-28 11:04:43 +0100473static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100474static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
475
476#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
477
478#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
479 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
480
481#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
482 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200483
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100484/*
485 * This function gives the detail of the SSL error. It is used only
486 * if the debug mode and the verbose mode are activated. It dump all
487 * the SSL error until the stack was empty.
488 */
489static forceinline void ssl_sock_dump_errors(struct connection *conn)
490{
491 unsigned long ret;
492
493 if (unlikely(global.mode & MODE_DEBUG)) {
494 while(1) {
495 ret = ERR_get_error();
496 if (ret == 0)
497 return;
498 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200499 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100500 ERR_func_error_string(ret), ERR_reason_error_string(ret));
501 }
502 }
503}
504
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200505#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500506/*
507 * struct alignment works here such that the key.key is the same as key_data
508 * Do not change the placement of key_data
509 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200510struct certificate_ocsp {
511 struct ebmb_node key;
512 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200513 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200514 long expire;
515};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200516
yanbzhube2774d2015-12-10 15:07:30 -0500517struct ocsp_cbk_arg {
518 int is_single;
519 int single_kt;
520 union {
521 struct certificate_ocsp *s_ocsp;
522 /*
523 * m_ocsp will have multiple entries dependent on key type
524 * Entry 0 - DSA
525 * Entry 1 - ECDSA
526 * Entry 2 - RSA
527 */
528 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
529 };
530};
531
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200532#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000533static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
534{
535 int err_code = ERR_ABORT;
536 ENGINE *engine;
537 struct ssl_engine_list *el;
538
539 /* grab the structural reference to the engine */
540 engine = ENGINE_by_id(engine_id);
541 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100542 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000543 goto fail_get;
544 }
545
546 if (!ENGINE_init(engine)) {
547 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100548 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000549 goto fail_init;
550 }
551
552 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100553 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000554 goto fail_set_method;
555 }
556
557 el = calloc(1, sizeof(*el));
558 el->e = engine;
559 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100560 nb_engines++;
561 if (global_ssl.async)
562 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000563 return 0;
564
565fail_set_method:
566 /* release the functional reference from ENGINE_init() */
567 ENGINE_finish(engine);
568
569fail_init:
570 /* release the structural reference from ENGINE_by_id() */
571 ENGINE_free(engine);
572
573fail_get:
574 return err_code;
575}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200576#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000577
Ilya Shipitsin54832b92019-05-05 23:27:54 +0500578#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Emeric Brun3854e012017-05-17 20:42:48 +0200579/*
580 * openssl async fd handler
581 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200582void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000583{
584 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000585
Emeric Brun3854e012017-05-17 20:42:48 +0200586 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587 * to poll this fd until it is requested
588 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000589 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000590 fd_cant_recv(fd);
591
592 /* crypto engine is available, let's notify the associated
593 * connection that it can pursue its processing.
594 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000595 __conn_sock_want_recv(conn);
596 __conn_sock_want_send(conn);
597 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000598}
599
Emeric Brun3854e012017-05-17 20:42:48 +0200600/*
601 * openssl async delayed SSL_free handler
602 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200603void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000604{
605 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200606 OSSL_ASYNC_FD all_fd[32];
607 size_t num_all_fds = 0;
608 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000609
Emeric Brun3854e012017-05-17 20:42:48 +0200610 /* We suppose that the async job for a same SSL *
611 * are serialized. So if we are awake it is
612 * because the running job has just finished
613 * and we can remove all async fds safely
614 */
615 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
616 if (num_all_fds > 32) {
617 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
618 return;
619 }
620
621 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
622 for (i=0 ; i < num_all_fds ; i++)
623 fd_remove(all_fd[i]);
624
625 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000626 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100627 _HA_ATOMIC_SUB(&sslconns, 1);
628 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000629}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000630/*
Emeric Brun3854e012017-05-17 20:42:48 +0200631 * function used to manage a returned SSL_ERROR_WANT_ASYNC
632 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000633 */
Willy Tarreau0e492e22019-04-15 21:25:03 +0200634static inline void ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000635{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100636 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200637 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000638 size_t num_add_fds = 0;
639 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200640 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000641
642 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
643 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200644 if (num_add_fds > 32 || num_del_fds > 32) {
645 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000646 return;
647 }
648
Emeric Brun3854e012017-05-17 20:42:48 +0200649 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000650
Emeric Brun3854e012017-05-17 20:42:48 +0200651 /* We remove unused fds from the fdtab */
652 for (i=0 ; i < num_del_fds ; i++)
653 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000654
Emeric Brun3854e012017-05-17 20:42:48 +0200655 /* We add new fds to the fdtab */
656 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100657 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000658 }
659
Emeric Brun3854e012017-05-17 20:42:48 +0200660 num_add_fds = 0;
661 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
662 if (num_add_fds > 32) {
663 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
664 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000665 }
Emeric Brun3854e012017-05-17 20:42:48 +0200666
667 /* We activate the polling for all known async fds */
668 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000669 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200670 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000671 /* To ensure that the fd cache won't be used
672 * We'll prefer to catch a real RD event
673 * because handling an EAGAIN on this fd will
674 * result in a context switch and also
675 * some engines uses a fd in blocking mode.
676 */
677 fd_cant_recv(add_fd[i]);
678 }
Emeric Brun3854e012017-05-17 20:42:48 +0200679
680 /* We must also prevent the conn_handler
681 * to be called until a read event was
682 * polled on an async fd
683 */
684 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000685}
686#endif
687
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200688/*
689 * This function returns the number of seconds elapsed
690 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
691 * date presented un ASN1_GENERALIZEDTIME.
692 *
693 * In parsing error case, it returns -1.
694 */
695static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
696{
697 long epoch;
698 char *p, *end;
699 const unsigned short month_offset[12] = {
700 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
701 };
702 int year, month;
703
704 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
705
706 p = (char *)d->data;
707 end = p + d->length;
708
709 if (end - p < 4) return -1;
710 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
711 p += 4;
712 if (end - p < 2) return -1;
713 month = 10 * (p[0] - '0') + p[1] - '0';
714 if (month < 1 || month > 12) return -1;
715 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
716 We consider leap years and the current month (<marsh or not) */
717 epoch = ( ((year - 1970) * 365)
718 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
719 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
720 + month_offset[month-1]
721 ) * 24 * 60 * 60;
722 p += 2;
723 if (end - p < 2) return -1;
724 /* Add the number of seconds of completed days of current month */
725 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
726 p += 2;
727 if (end - p < 2) return -1;
728 /* Add the completed hours of the current day */
729 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
730 p += 2;
731 if (end - p < 2) return -1;
732 /* Add the completed minutes of the current hour */
733 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
734 p += 2;
735 if (p == end) return -1;
736 /* Test if there is available seconds */
737 if (p[0] < '0' || p[0] > '9')
738 goto nosec;
739 if (end - p < 2) return -1;
740 /* Add the seconds of the current minute */
741 epoch += 10 * (p[0] - '0') + p[1] - '0';
742 p += 2;
743 if (p == end) return -1;
744 /* Ignore seconds float part if present */
745 if (p[0] == '.') {
746 do {
747 if (++p == end) return -1;
748 } while (p[0] >= '0' && p[0] <= '9');
749 }
750
751nosec:
752 if (p[0] == 'Z') {
753 if (end - p != 1) return -1;
754 return epoch;
755 }
756 else if (p[0] == '+') {
757 if (end - p != 5) return -1;
758 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700759 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200760 }
761 else if (p[0] == '-') {
762 if (end - p != 5) return -1;
763 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700764 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200765 }
766
767 return -1;
768}
769
Emeric Brun1d3865b2014-06-20 15:37:32 +0200770static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200771
772/* This function starts to check if the OCSP response (in DER format) contained
773 * in chunk 'ocsp_response' is valid (else exits on error).
774 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
775 * contained in the OCSP Response and exits on error if no match.
776 * If it's a valid OCSP Response:
777 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
778 * pointed by 'ocsp'.
779 * If 'ocsp' is NULL, the function looks up into the OCSP response's
780 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
781 * from the response) and exits on error if not found. Finally, If an OCSP response is
782 * already present in the container, it will be overwritten.
783 *
784 * Note: OCSP response containing more than one OCSP Single response is not
785 * considered valid.
786 *
787 * Returns 0 on success, 1 in error case.
788 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200789static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
790 struct certificate_ocsp *ocsp,
791 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200792{
793 OCSP_RESPONSE *resp;
794 OCSP_BASICRESP *bs = NULL;
795 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200796 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200797 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200798 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200799 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200800 int reason;
801 int ret = 1;
802
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200803 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
804 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200805 if (!resp) {
806 memprintf(err, "Unable to parse OCSP response");
807 goto out;
808 }
809
810 rc = OCSP_response_status(resp);
811 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
812 memprintf(err, "OCSP response status not successful");
813 goto out;
814 }
815
816 bs = OCSP_response_get1_basic(resp);
817 if (!bs) {
818 memprintf(err, "Failed to get basic response from OCSP Response");
819 goto out;
820 }
821
822 count_sr = OCSP_resp_count(bs);
823 if (count_sr > 1) {
824 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
825 goto out;
826 }
827
828 sr = OCSP_resp_get0(bs, 0);
829 if (!sr) {
830 memprintf(err, "Failed to get OCSP single response");
831 goto out;
832 }
833
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200834 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
835
Emeric Brun4147b2e2014-06-16 18:36:30 +0200836 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200837 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200838 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200839 goto out;
840 }
841
Emeric Brun13a6b482014-06-20 15:44:34 +0200842 if (!nextupd) {
843 memprintf(err, "OCSP single response: missing nextupdate");
844 goto out;
845 }
846
Emeric Brunc8b27b62014-06-19 14:16:17 +0200847 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200848 if (!rc) {
849 memprintf(err, "OCSP single response: no longer valid.");
850 goto out;
851 }
852
853 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200854 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200855 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
856 goto out;
857 }
858 }
859
860 if (!ocsp) {
861 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
862 unsigned char *p;
863
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200864 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200865 if (!rc) {
866 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
867 goto out;
868 }
869
870 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
871 memprintf(err, "OCSP single response: Certificate ID too long");
872 goto out;
873 }
874
875 p = key;
876 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200877 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200878 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
879 if (!ocsp) {
880 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
881 goto out;
882 }
883 }
884
885 /* According to comments on "chunk_dup", the
886 previous chunk buffer will be freed */
887 if (!chunk_dup(&ocsp->response, ocsp_response)) {
888 memprintf(err, "OCSP response: Memory allocation error");
889 goto out;
890 }
891
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200892 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
893
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894 ret = 0;
895out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100896 ERR_clear_error();
897
Emeric Brun4147b2e2014-06-16 18:36:30 +0200898 if (bs)
899 OCSP_BASICRESP_free(bs);
900
901 if (resp)
902 OCSP_RESPONSE_free(resp);
903
904 return ret;
905}
906/*
907 * External function use to update the OCSP response in the OCSP response's
908 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
909 * to update in DER format.
910 *
911 * Returns 0 on success, 1 in error case.
912 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200913int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200914{
915 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
916}
917
918/*
919 * This function load the OCSP Resonse in DER format contained in file at
920 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
921 *
922 * Returns 0 on success, 1 in error case.
923 */
924static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
925{
926 int fd = -1;
927 int r = 0;
928 int ret = 1;
929
930 fd = open(ocsp_path, O_RDONLY);
931 if (fd == -1) {
932 memprintf(err, "Error opening OCSP response file");
933 goto end;
934 }
935
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200936 trash.data = 0;
937 while (trash.data < trash.size) {
938 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200939 if (r < 0) {
940 if (errno == EINTR)
941 continue;
942
943 memprintf(err, "Error reading OCSP response from file");
944 goto end;
945 }
946 else if (r == 0) {
947 break;
948 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200949 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200950 }
951
952 close(fd);
953 fd = -1;
954
955 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
956end:
957 if (fd != -1)
958 close(fd);
959
960 return ret;
961}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100962#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200963
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100964#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
965static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
966{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100967 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100968 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100969 struct connection *conn;
970 int head;
971 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100972 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100973
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200974 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200975 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100976 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
977
978 keys = ref->tlskeys;
979 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100980
981 if (enc) {
982 memcpy(key_name, keys[head].name, 16);
983
984 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100985 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100986
Emeric Brun9e754772019-01-10 17:51:55 +0100987 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100988
Emeric Brun9e754772019-01-10 17:51:55 +0100989 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
990 goto end;
991
992 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, HASH_FUNCT(), NULL);
993 ret = 1;
994 }
995 else if (ref->key_size_bits == 256 ) {
996
997 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
998 goto end;
999
1000 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, HASH_FUNCT(), NULL);
1001 ret = 1;
1002 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001003 } else {
1004 for (i = 0; i < TLS_TICKETS_NO; i++) {
1005 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
1006 goto found;
1007 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01001008 ret = 0;
1009 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001010
Christopher Faulet16f45c82018-02-16 11:23:49 +01001011 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001012 if (ref->key_size_bits == 128) {
1013 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, HASH_FUNCT(), NULL);
1014 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1015 goto end;
1016 /* 2 for key renewal, 1 if current key is still valid */
1017 ret = i ? 2 : 1;
1018 }
1019 else if (ref->key_size_bits == 256) {
1020 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, HASH_FUNCT(), NULL);
1021 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1022 goto end;
1023 /* 2 for key renewal, 1 if current key is still valid */
1024 ret = i ? 2 : 1;
1025 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001026 }
Emeric Brun9e754772019-01-10 17:51:55 +01001027
Christopher Faulet16f45c82018-02-16 11:23:49 +01001028 end:
1029 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1030 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001031}
1032
1033struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1034{
1035 struct tls_keys_ref *ref;
1036
1037 list_for_each_entry(ref, &tlskeys_reference, list)
1038 if (ref->filename && strcmp(filename, ref->filename) == 0)
1039 return ref;
1040 return NULL;
1041}
1042
1043struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1044{
1045 struct tls_keys_ref *ref;
1046
1047 list_for_each_entry(ref, &tlskeys_reference, list)
1048 if (ref->unique_id == unique_id)
1049 return ref;
1050 return NULL;
1051}
1052
Emeric Brun9e754772019-01-10 17:51:55 +01001053/* Update the key into ref: if keysize doesnt
1054 * match existing ones, this function returns -1
1055 * else it returns 0 on success.
1056 */
1057int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001058 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001059{
Emeric Brun9e754772019-01-10 17:51:55 +01001060 if (ref->key_size_bits == 128) {
1061 if (tlskey->data != sizeof(struct tls_sess_key_128))
1062 return -1;
1063 }
1064 else if (ref->key_size_bits == 256) {
1065 if (tlskey->data != sizeof(struct tls_sess_key_256))
1066 return -1;
1067 }
1068 else
1069 return -1;
1070
Christopher Faulet16f45c82018-02-16 11:23:49 +01001071 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001072 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1073 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001074 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1075 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001076
1077 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001078}
1079
Willy Tarreau83061a82018-07-13 11:56:34 +02001080int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001081{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001082 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1083
1084 if(!ref) {
1085 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1086 return 1;
1087 }
Emeric Brun9e754772019-01-10 17:51:55 +01001088 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1089 memprintf(err, "Invalid key size");
1090 return 1;
1091 }
1092
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001093 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001094}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001095
1096/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001097 * automatic ids. It's called just after the basic checks. It returns
1098 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001099 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001100static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001101{
1102 int i = 0;
1103 struct tls_keys_ref *ref, *ref2, *ref3;
1104 struct list tkr = LIST_HEAD_INIT(tkr);
1105
1106 list_for_each_entry(ref, &tlskeys_reference, list) {
1107 if (ref->unique_id == -1) {
1108 /* Look for the first free id. */
1109 while (1) {
1110 list_for_each_entry(ref2, &tlskeys_reference, list) {
1111 if (ref2->unique_id == i) {
1112 i++;
1113 break;
1114 }
1115 }
1116 if (&ref2->list == &tlskeys_reference)
1117 break;
1118 }
1119
1120 /* Uses the unique id and increment it for the next entry. */
1121 ref->unique_id = i;
1122 i++;
1123 }
1124 }
1125
1126 /* This sort the reference list by id. */
1127 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1128 LIST_DEL(&ref->list);
1129 list_for_each_entry(ref3, &tkr, list) {
1130 if (ref->unique_id < ref3->unique_id) {
1131 LIST_ADDQ(&ref3->list, &ref->list);
1132 break;
1133 }
1134 }
1135 if (&ref3->list == &tkr)
1136 LIST_ADDQ(&tkr, &ref->list);
1137 }
1138
1139 /* swap root */
1140 LIST_ADD(&tkr, &tlskeys_reference);
1141 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001142 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001143}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001144#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1145
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001146#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001147int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1148{
1149 switch (evp_keytype) {
1150 case EVP_PKEY_RSA:
1151 return 2;
1152 case EVP_PKEY_DSA:
1153 return 0;
1154 case EVP_PKEY_EC:
1155 return 1;
1156 }
1157
1158 return -1;
1159}
1160
Emeric Brun4147b2e2014-06-16 18:36:30 +02001161/*
1162 * Callback used to set OCSP status extension content in server hello.
1163 */
1164int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1165{
yanbzhube2774d2015-12-10 15:07:30 -05001166 struct certificate_ocsp *ocsp;
1167 struct ocsp_cbk_arg *ocsp_arg;
1168 char *ssl_buf;
1169 EVP_PKEY *ssl_pkey;
1170 int key_type;
1171 int index;
1172
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001173 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001174
1175 ssl_pkey = SSL_get_privatekey(ssl);
1176 if (!ssl_pkey)
1177 return SSL_TLSEXT_ERR_NOACK;
1178
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001179 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001180
1181 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1182 ocsp = ocsp_arg->s_ocsp;
1183 else {
1184 /* For multiple certs per context, we have to find the correct OCSP response based on
1185 * the certificate type
1186 */
1187 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1188
1189 if (index < 0)
1190 return SSL_TLSEXT_ERR_NOACK;
1191
1192 ocsp = ocsp_arg->m_ocsp[index];
1193
1194 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001195
1196 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001197 !ocsp->response.area ||
1198 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001199 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001200 return SSL_TLSEXT_ERR_NOACK;
1201
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001202 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001203 if (!ssl_buf)
1204 return SSL_TLSEXT_ERR_NOACK;
1205
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001206 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1207 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001208
1209 return SSL_TLSEXT_ERR_OK;
1210}
1211
1212/*
1213 * This function enables the handling of OCSP status extension on 'ctx' if a
1214 * file name 'cert_path' suffixed using ".ocsp" is present.
1215 * To enable OCSP status extension, the issuer's certificate is mandatory.
1216 * It should be present in the certificate's extra chain builded from file
1217 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1218 * named 'cert_path' suffixed using '.issuer'.
1219 *
1220 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1221 * response. If file is empty or content is not a valid OCSP response,
1222 * OCSP status extension is enabled but OCSP response is ignored (a warning
1223 * is displayed).
1224 *
1225 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001226 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001227 */
1228static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1229{
1230
1231 BIO *in = NULL;
1232 X509 *x, *xi = NULL, *issuer = NULL;
1233 STACK_OF(X509) *chain = NULL;
1234 OCSP_CERTID *cid = NULL;
1235 SSL *ssl;
1236 char ocsp_path[MAXPATHLEN+1];
1237 int i, ret = -1;
1238 struct stat st;
1239 struct certificate_ocsp *ocsp = NULL, *iocsp;
1240 char *warn = NULL;
1241 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001242 pem_password_cb *passwd_cb;
1243 void *passwd_cb_userdata;
1244 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001245
1246 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1247
1248 if (stat(ocsp_path, &st))
1249 return 1;
1250
1251 ssl = SSL_new(ctx);
1252 if (!ssl)
1253 goto out;
1254
1255 x = SSL_get_certificate(ssl);
1256 if (!x)
1257 goto out;
1258
1259 /* Try to lookup for issuer in certificate extra chain */
1260#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1261 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1262#else
1263 chain = ctx->extra_certs;
1264#endif
1265 for (i = 0; i < sk_X509_num(chain); i++) {
1266 issuer = sk_X509_value(chain, i);
1267 if (X509_check_issued(issuer, x) == X509_V_OK)
1268 break;
1269 else
1270 issuer = NULL;
1271 }
1272
1273 /* If not found try to load issuer from a suffixed file */
1274 if (!issuer) {
1275 char issuer_path[MAXPATHLEN+1];
1276
1277 in = BIO_new(BIO_s_file());
1278 if (!in)
1279 goto out;
1280
1281 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1282 if (BIO_read_filename(in, issuer_path) <= 0)
1283 goto out;
1284
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001285 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1286 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1287
1288 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001289 if (!xi)
1290 goto out;
1291
1292 if (X509_check_issued(xi, x) != X509_V_OK)
1293 goto out;
1294
1295 issuer = xi;
1296 }
1297
1298 cid = OCSP_cert_to_id(0, x, issuer);
1299 if (!cid)
1300 goto out;
1301
1302 i = i2d_OCSP_CERTID(cid, NULL);
1303 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1304 goto out;
1305
Vincent Bernat02779b62016-04-03 13:48:43 +02001306 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001307 if (!ocsp)
1308 goto out;
1309
1310 p = ocsp->key_data;
1311 i2d_OCSP_CERTID(cid, &p);
1312
1313 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1314 if (iocsp == ocsp)
1315 ocsp = NULL;
1316
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001317#ifndef SSL_CTX_get_tlsext_status_cb
1318# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1319 *cb = (void (*) (void))ctx->tlsext_status_cb;
1320#endif
1321 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1322
1323 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001324 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001325 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001326
1327 cb_arg->is_single = 1;
1328 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001329
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001330 pkey = X509_get_pubkey(x);
1331 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1332 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001333
1334 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1335 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1336 } else {
1337 /*
1338 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1339 * Update that cb_arg with the new cert's staple
1340 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001341 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001342 struct certificate_ocsp *tmp_ocsp;
1343 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001344 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001345 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001346
1347#ifdef SSL_CTX_get_tlsext_status_arg
1348 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1349#else
1350 cb_arg = ctx->tlsext_status_arg;
1351#endif
yanbzhube2774d2015-12-10 15:07:30 -05001352
1353 /*
1354 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1355 * the order of operations below matter, take care when changing it
1356 */
1357 tmp_ocsp = cb_arg->s_ocsp;
1358 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1359 cb_arg->s_ocsp = NULL;
1360 cb_arg->m_ocsp[index] = tmp_ocsp;
1361 cb_arg->is_single = 0;
1362 cb_arg->single_kt = 0;
1363
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001364 pkey = X509_get_pubkey(x);
1365 key_type = EVP_PKEY_base_id(pkey);
1366 EVP_PKEY_free(pkey);
1367
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001368 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001369 if (index >= 0 && !cb_arg->m_ocsp[index])
1370 cb_arg->m_ocsp[index] = iocsp;
1371
1372 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001373
1374 ret = 0;
1375
1376 warn = NULL;
1377 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1378 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001379 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001380 }
1381
1382out:
1383 if (ssl)
1384 SSL_free(ssl);
1385
1386 if (in)
1387 BIO_free(in);
1388
1389 if (xi)
1390 X509_free(xi);
1391
1392 if (cid)
1393 OCSP_CERTID_free(cid);
1394
1395 if (ocsp)
1396 free(ocsp);
1397
1398 if (warn)
1399 free(warn);
1400
1401
1402 return ret;
1403}
1404
1405#endif
1406
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001407#ifdef OPENSSL_IS_BORINGSSL
1408static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1409{
1410 char ocsp_path[MAXPATHLEN+1];
1411 struct stat st;
1412 int fd = -1, r = 0;
1413
1414 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1415 if (stat(ocsp_path, &st))
1416 return 0;
1417
1418 fd = open(ocsp_path, O_RDONLY);
1419 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001420 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001421 return -1;
1422 }
1423
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001424 trash.data = 0;
1425 while (trash.data < trash.size) {
1426 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001427 if (r < 0) {
1428 if (errno == EINTR)
1429 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001430 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001431 close(fd);
1432 return -1;
1433 }
1434 else if (r == 0) {
1435 break;
1436 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001437 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001438 }
1439 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001440 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1441 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001442}
1443#endif
1444
Daniel Jakots54ffb912015-11-06 20:02:41 +01001445#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001446
1447#define CT_EXTENSION_TYPE 18
1448
1449static int sctl_ex_index = -1;
1450
1451/*
1452 * Try to parse Signed Certificate Timestamp List structure. This function
1453 * makes only basic test if the data seems like SCTL. No signature validation
1454 * is performed.
1455 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001456static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001457{
1458 int ret = 1;
1459 int len, pos, sct_len;
1460 unsigned char *data;
1461
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001462 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001463 goto out;
1464
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001465 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001466 len = (data[0] << 8) | data[1];
1467
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001468 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001469 goto out;
1470
1471 data = data + 2;
1472 pos = 0;
1473 while (pos < len) {
1474 if (len - pos < 2)
1475 goto out;
1476
1477 sct_len = (data[pos] << 8) | data[pos + 1];
1478 if (pos + sct_len + 2 > len)
1479 goto out;
1480
1481 pos += sct_len + 2;
1482 }
1483
1484 ret = 0;
1485
1486out:
1487 return ret;
1488}
1489
Willy Tarreau83061a82018-07-13 11:56:34 +02001490static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1491 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001492{
1493 int fd = -1;
1494 int r = 0;
1495 int ret = 1;
1496
1497 *sctl = NULL;
1498
1499 fd = open(sctl_path, O_RDONLY);
1500 if (fd == -1)
1501 goto end;
1502
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001503 trash.data = 0;
1504 while (trash.data < trash.size) {
1505 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001506 if (r < 0) {
1507 if (errno == EINTR)
1508 continue;
1509
1510 goto end;
1511 }
1512 else if (r == 0) {
1513 break;
1514 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001515 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001516 }
1517
1518 ret = ssl_sock_parse_sctl(&trash);
1519 if (ret)
1520 goto end;
1521
Vincent Bernat02779b62016-04-03 13:48:43 +02001522 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001523 if (!chunk_dup(*sctl, &trash)) {
1524 free(*sctl);
1525 *sctl = NULL;
1526 goto end;
1527 }
1528
1529end:
1530 if (fd != -1)
1531 close(fd);
1532
1533 return ret;
1534}
1535
1536int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1537{
Willy Tarreau83061a82018-07-13 11:56:34 +02001538 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001539
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001540 *out = (unsigned char *) sctl->area;
1541 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001542
1543 return 1;
1544}
1545
1546int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1547{
1548 return 1;
1549}
1550
1551static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1552{
1553 char sctl_path[MAXPATHLEN+1];
1554 int ret = -1;
1555 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001556 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001557
1558 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1559
1560 if (stat(sctl_path, &st))
1561 return 1;
1562
1563 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1564 goto out;
1565
1566 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1567 free(sctl);
1568 goto out;
1569 }
1570
1571 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1572
1573 ret = 0;
1574
1575out:
1576 return ret;
1577}
1578
1579#endif
1580
Emeric Brune1f38db2012-09-03 20:36:47 +02001581void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1582{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001583 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001584 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001585 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001586 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001587
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001588#ifndef SSL_OP_NO_RENEGOTIATION
1589 /* Please note that BoringSSL defines this macro to zero so don't
1590 * change this to #if and do not assign a default value to this macro!
1591 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001592 if (where & SSL_CB_HANDSHAKE_START) {
1593 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001594 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001595 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001596 conn->err_code = CO_ER_SSL_RENEG;
1597 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001598 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001599#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001600
1601 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001602 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001603 /* Long certificate chains optimz
1604 If write and read bios are differents, we
1605 consider that the buffering was activated,
1606 so we rise the output buffer size from 4k
1607 to 16k */
1608 write_bio = SSL_get_wbio(ssl);
1609 if (write_bio != SSL_get_rbio(ssl)) {
1610 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001611 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001612 }
1613 }
1614 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001615}
1616
Emeric Brune64aef12012-09-21 13:15:06 +02001617/* Callback is called for each certificate of the chain during a verify
1618 ok is set to 1 if preverify detect no error on current certificate.
1619 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001620int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001621{
1622 SSL *ssl;
1623 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001624 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001625 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001626
1627 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001628 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001629
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001630 ctx = conn->xprt_ctx;
1631
1632 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001633
Emeric Brun81c00f02012-09-21 14:31:21 +02001634 if (ok) /* no errors */
1635 return ok;
1636
1637 depth = X509_STORE_CTX_get_error_depth(x_store);
1638 err = X509_STORE_CTX_get_error(x_store);
1639
1640 /* check if CA error needs to be ignored */
1641 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001642 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1643 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1644 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001645 }
1646
Willy Tarreau07d94e42018-09-20 10:57:52 +02001647 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001648 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001649 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001650 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001651 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001652
Willy Tarreau20879a02012-12-03 16:32:10 +01001653 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001654 return 0;
1655 }
1656
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001657 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1658 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001659
Emeric Brun81c00f02012-09-21 14:31:21 +02001660 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001661 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001662 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001663 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001664 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001665 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001666
Willy Tarreau20879a02012-12-03 16:32:10 +01001667 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001668 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001669}
1670
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001671static inline
1672void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001673 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001674{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001675 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001676 unsigned char *msg;
1677 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001678 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001679
1680 /* This function is called for "from client" and "to server"
1681 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001682 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001683 */
1684
1685 /* "write_p" is set to 0 is the bytes are received messages,
1686 * otherwise it is set to 1.
1687 */
1688 if (write_p != 0)
1689 return;
1690
1691 /* content_type contains the type of message received or sent
1692 * according with the SSL/TLS protocol spec. This message is
1693 * encoded with one byte. The value 256 (two bytes) is used
1694 * for designing the SSL/TLS record layer. According with the
1695 * rfc6101, the expected message (other than 256) are:
1696 * - change_cipher_spec(20)
1697 * - alert(21)
1698 * - handshake(22)
1699 * - application_data(23)
1700 * - (255)
1701 * We are interessed by the handshake and specially the client
1702 * hello.
1703 */
1704 if (content_type != 22)
1705 return;
1706
1707 /* The message length is at least 4 bytes, containing the
1708 * message type and the message length.
1709 */
1710 if (len < 4)
1711 return;
1712
1713 /* First byte of the handshake message id the type of
1714 * message. The konwn types are:
1715 * - hello_request(0)
1716 * - client_hello(1)
1717 * - server_hello(2)
1718 * - certificate(11)
1719 * - server_key_exchange (12)
1720 * - certificate_request(13)
1721 * - server_hello_done(14)
1722 * We are interested by the client hello.
1723 */
1724 msg = (unsigned char *)buf;
1725 if (msg[0] != 1)
1726 return;
1727
1728 /* Next three bytes are the length of the message. The total length
1729 * must be this decoded length + 4. If the length given as argument
1730 * is not the same, we abort the protocol dissector.
1731 */
1732 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1733 if (len < rec_len + 4)
1734 return;
1735 msg += 4;
1736 end = msg + rec_len;
1737 if (end < msg)
1738 return;
1739
1740 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1741 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001742 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1743 */
1744 msg += 1 + 1 + 4 + 28;
1745 if (msg > end)
1746 return;
1747
1748 /* Next, is session id:
1749 * if present, we have to jump by length + 1 for the size information
1750 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001751 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001752 if (msg[0] > 0)
1753 msg += msg[0];
1754 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001755 if (msg > end)
1756 return;
1757
1758 /* Next two bytes are the ciphersuite length. */
1759 if (msg + 2 > end)
1760 return;
1761 rec_len = (msg[0] << 8) + msg[1];
1762 msg += 2;
1763 if (msg + rec_len > end || msg + rec_len < msg)
1764 return;
1765
Willy Tarreaubafbe012017-11-24 17:34:44 +01001766 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001767 if (!capture)
1768 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001769 /* Compute the xxh64 of the ciphersuite. */
1770 capture->xxh64 = XXH64(msg, rec_len, 0);
1771
1772 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001773 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1774 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001775 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001776
1777 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001778}
1779
Emeric Brun29f037d2014-04-25 19:05:36 +02001780/* Callback is called for ssl protocol analyse */
1781void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1782{
Emeric Brun29f037d2014-04-25 19:05:36 +02001783#ifdef TLS1_RT_HEARTBEAT
1784 /* test heartbeat received (write_p is set to 0
1785 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001786 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001787 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001788 struct ssl_sock_ctx *ctx = conn->ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001789 const unsigned char *p = buf;
1790 unsigned int payload;
1791
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001792 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001793
1794 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1795 if (*p != TLS1_HB_REQUEST)
1796 return;
1797
Willy Tarreauaeed6722014-04-25 23:59:58 +02001798 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001799 goto kill_it;
1800
1801 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001802 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001803 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001804 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001805 /* We have a clear heartbleed attack (CVE-2014-0160), the
1806 * advertised payload is larger than the advertised packet
1807 * length, so we have garbage in the buffer between the
1808 * payload and the end of the buffer (p+len). We can't know
1809 * if the SSL stack is patched, and we don't know if we can
1810 * safely wipe out the area between p+3+len and payload.
1811 * So instead, we prevent the response from being sent by
1812 * setting the max_send_fragment to 0 and we report an SSL
1813 * error, which will kill this connection. It will be reported
1814 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001815 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1816 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001817 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001818 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1819 return;
1820 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001821#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001822 if (global_ssl.capture_cipherlist > 0)
1823 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001824}
1825
Bernard Spil13c53f82018-02-15 13:34:58 +01001826#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001827static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1828 const unsigned char *in, unsigned int inlen,
1829 void *arg)
1830{
1831 struct server *srv = arg;
1832
1833 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1834 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1835 return SSL_TLSEXT_ERR_OK;
1836 return SSL_TLSEXT_ERR_NOACK;
1837}
1838#endif
1839
1840#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001841/* This callback is used so that the server advertises the list of
1842 * negociable protocols for NPN.
1843 */
1844static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1845 unsigned int *len, void *arg)
1846{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001847 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001848
1849 *data = (const unsigned char *)conf->npn_str;
1850 *len = conf->npn_len;
1851 return SSL_TLSEXT_ERR_OK;
1852}
1853#endif
1854
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001855#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001856/* This callback is used so that the server advertises the list of
1857 * negociable protocols for ALPN.
1858 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001859static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1860 unsigned char *outlen,
1861 const unsigned char *server,
1862 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001863{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001864 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001865
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001866 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1867 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1868 return SSL_TLSEXT_ERR_NOACK;
1869 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001870 return SSL_TLSEXT_ERR_OK;
1871}
1872#endif
1873
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001874#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001875#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001876
Christopher Faulet30548802015-06-11 13:39:32 +02001877/* Create a X509 certificate with the specified servername and serial. This
1878 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001879static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001880ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001881{
Christopher Faulet7969a332015-10-09 11:15:03 +02001882 X509 *cacert = bind_conf->ca_sign_cert;
1883 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001884 SSL_CTX *ssl_ctx = NULL;
1885 X509 *newcrt = NULL;
1886 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001887 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001888 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001889 X509_NAME *name;
1890 const EVP_MD *digest;
1891 X509V3_CTX ctx;
1892 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001893 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001894
Christopher Faulet48a83322017-07-28 16:56:09 +02001895 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001896#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1897 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1898#else
1899 tmp_ssl = SSL_new(bind_conf->default_ctx);
1900 if (tmp_ssl)
1901 pkey = SSL_get_privatekey(tmp_ssl);
1902#endif
1903 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001904 goto mkcert_error;
1905
1906 /* Create the certificate */
1907 if (!(newcrt = X509_new()))
1908 goto mkcert_error;
1909
1910 /* Set version number for the certificate (X509v3) and the serial
1911 * number */
1912 if (X509_set_version(newcrt, 2L) != 1)
1913 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001914 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001915
1916 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001917 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1918 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001919 goto mkcert_error;
1920
1921 /* set public key in the certificate */
1922 if (X509_set_pubkey(newcrt, pkey) != 1)
1923 goto mkcert_error;
1924
1925 /* Set issuer name from the CA */
1926 if (!(name = X509_get_subject_name(cacert)))
1927 goto mkcert_error;
1928 if (X509_set_issuer_name(newcrt, name) != 1)
1929 goto mkcert_error;
1930
1931 /* Set the subject name using the same, but the CN */
1932 name = X509_NAME_dup(name);
1933 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1934 (const unsigned char *)servername,
1935 -1, -1, 0) != 1) {
1936 X509_NAME_free(name);
1937 goto mkcert_error;
1938 }
1939 if (X509_set_subject_name(newcrt, name) != 1) {
1940 X509_NAME_free(name);
1941 goto mkcert_error;
1942 }
1943 X509_NAME_free(name);
1944
1945 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001946 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001947 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1948 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1949 X509_EXTENSION *ext;
1950
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001951 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001952 goto mkcert_error;
1953 if (!X509_add_ext(newcrt, ext, -1)) {
1954 X509_EXTENSION_free(ext);
1955 goto mkcert_error;
1956 }
1957 X509_EXTENSION_free(ext);
1958 }
1959
1960 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001961
1962 key_type = EVP_PKEY_base_id(capkey);
1963
1964 if (key_type == EVP_PKEY_DSA)
1965 digest = EVP_sha1();
1966 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001967 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001968 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001969 digest = EVP_sha256();
1970 else {
Emmanuel Hocdet747ca612018-10-01 18:45:19 +02001971#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001972 int nid;
1973
1974 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1975 goto mkcert_error;
1976 if (!(digest = EVP_get_digestbynid(nid)))
1977 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001978#else
1979 goto mkcert_error;
1980#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001981 }
1982
Christopher Faulet31af49d2015-06-09 17:29:50 +02001983 if (!(X509_sign(newcrt, capkey, digest)))
1984 goto mkcert_error;
1985
1986 /* Create and set the new SSL_CTX */
1987 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1988 goto mkcert_error;
1989 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1990 goto mkcert_error;
1991 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1992 goto mkcert_error;
1993 if (!SSL_CTX_check_private_key(ssl_ctx))
1994 goto mkcert_error;
1995
1996 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001997
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001998#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001999 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002000#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002001#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
2002 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002003 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002004 EC_KEY *ecc;
2005 int nid;
2006
2007 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
2008 goto end;
2009 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
2010 goto end;
2011 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
2012 EC_KEY_free(ecc);
2013 }
2014#endif
2015 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02002016 return ssl_ctx;
2017
2018 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002019 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02002020 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002021 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
2022 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002023 return NULL;
2024}
2025
Christopher Faulet7969a332015-10-09 11:15:03 +02002026SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002027ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02002028{
Willy Tarreau07d94e42018-09-20 10:57:52 +02002029 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01002030 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002031
Olivier Houchard66ab4982019-02-26 18:37:15 +01002032 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02002033}
2034
Christopher Faulet30548802015-06-11 13:39:32 +02002035/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02002036 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02002037SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02002038ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02002039{
2040 struct lru64 *lru = NULL;
2041
2042 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002043 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002044 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002045 if (lru && lru->domain) {
2046 if (ssl)
2047 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002048 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002049 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002050 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002051 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002052 }
2053 return NULL;
2054}
2055
Emeric Brun821bb9b2017-06-15 16:37:39 +02002056/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2057 * function is not thread-safe, it should only be used to check if a certificate
2058 * exists in the lru cache (with no warranty it will not be removed by another
2059 * thread). It is kept for backward compatibility. */
2060SSL_CTX *
2061ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2062{
2063 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2064}
2065
Christopher Fauletd2cab922015-07-28 16:03:47 +02002066/* Set a certificate int the LRU cache used to store generated
2067 * certificate. Return 0 on success, otherwise -1 */
2068int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002069ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002070{
2071 struct lru64 *lru = NULL;
2072
2073 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002074 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002075 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002076 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002077 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002078 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002079 }
Christopher Faulet30548802015-06-11 13:39:32 +02002080 if (lru->domain && lru->data)
2081 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002082 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002083 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002084 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002085 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002086 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002087}
2088
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002089/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002090unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002091ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002092{
2093 return XXH32(data, len, ssl_ctx_lru_seed);
2094}
2095
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002096/* Generate a cert and immediately assign it to the SSL session so that the cert's
2097 * refcount is maintained regardless of the cert's presence in the LRU cache.
2098 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002099static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002100ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002101{
2102 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002103 SSL_CTX *ssl_ctx = NULL;
2104 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002105 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002106
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002107 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002108 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002109 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002110 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002111 if (lru && lru->domain)
2112 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002113 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002114 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002115 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002116 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002117 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002118 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002119 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002120 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002121 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002122 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002123 SSL_set_SSL_CTX(ssl, ssl_ctx);
2124 /* No LRU cache, this CTX will be released as soon as the session dies */
2125 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002126 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002127 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002128 return 0;
2129}
2130static int
2131ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2132{
2133 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002134 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002135
2136 conn_get_to_addr(conn);
2137 if (conn->flags & CO_FL_ADDR_TO_SET) {
2138 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002139 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002140 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002141 }
2142 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002143}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002144#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002145
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002146
2147#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
2148#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
2149#endif
2150
2151#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
2152#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
2153#define SSL_renegotiate_pending(arg) 0
2154#endif
2155#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
2156#define SSL_OP_SINGLE_ECDH_USE 0
2157#endif
2158#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
2159#define SSL_OP_NO_TICKET 0
2160#endif
2161#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
2162#define SSL_OP_NO_COMPRESSION 0
2163#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002164#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
2165#undef SSL_OP_NO_SSLv3
2166#define SSL_OP_NO_SSLv3 0
2167#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002168#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
2169#define SSL_OP_NO_TLSv1_1 0
2170#endif
2171#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
2172#define SSL_OP_NO_TLSv1_2 0
2173#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002174#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002175#define SSL_OP_NO_TLSv1_3 0
2176#endif
2177#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
2178#define SSL_OP_SINGLE_DH_USE 0
2179#endif
2180#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
2181#define SSL_OP_SINGLE_ECDH_USE 0
2182#endif
2183#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
2184#define SSL_MODE_RELEASE_BUFFERS 0
2185#endif
2186#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
2187#define SSL_MODE_SMALL_BUFFERS 0
2188#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02002189#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
2190#define SSL_OP_PRIORITIZE_CHACHA 0
2191#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002192
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002193#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002194typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2195
2196static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002197{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002198#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002199 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002200 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2201#endif
2202}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002203static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2204 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002205 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2206}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002207static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002208#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002209 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002210 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2211#endif
2212}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002213static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002214#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002215 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002216 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2217#endif
2218}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002219/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002220static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2221/* Unusable in this context. */
2222static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2223static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2224static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2225static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2226static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002227#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002228typedef enum { SET_MIN, SET_MAX } set_context_func;
2229
2230static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2231 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002232 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2233}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002234static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2235 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2236 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2237}
2238static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2239 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002240 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2241}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002242static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2243 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2244 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2245}
2246static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2247 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002248 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2249}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002250static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2251 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2252 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2253}
2254static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2255 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002256 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2257}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002258static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2259 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2260 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2261}
2262static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002263#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002264 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002265 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2266#endif
2267}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002268static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2269#if SSL_OP_NO_TLSv1_3
2270 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2271 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002272#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002273}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002274#endif
2275static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2276static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002277
2278static struct {
2279 int option;
2280 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002281 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2282 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002283 const char *name;
2284} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002285 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2286 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2287 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2288 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2289 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2290 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002291};
2292
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002293static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2294{
2295 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2296 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2297 SSL_set_SSL_CTX(ssl, ctx);
2298}
2299
Ilya Shipitsin54832b92019-05-05 23:27:54 +05002300#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002301
2302static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2303{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002304 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002305 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002306
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002307 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2308 return SSL_TLSEXT_ERR_OK;
2309 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002310}
2311
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002312#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002313static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2314{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002315 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002316#else
2317static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2318{
2319#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002320 struct connection *conn;
2321 struct bind_conf *s;
2322 const uint8_t *extension_data;
2323 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002324 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325
2326 char *wildp = NULL;
2327 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002328 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002329 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002330 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002331 int i;
2332
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002333 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002334 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002335
Olivier Houchard9679ac92017-10-27 14:58:08 +02002336 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002337 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002338#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002339 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2340 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002341#else
2342 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2343#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002344 /*
2345 * The server_name extension was given too much extensibility when it
2346 * was written, so parsing the normal case is a bit complex.
2347 */
2348 size_t len;
2349 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002350 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002351 /* Extract the length of the supplied list of names. */
2352 len = (*extension_data++) << 8;
2353 len |= *extension_data++;
2354 if (len + 2 != extension_len)
2355 goto abort;
2356 /*
2357 * The list in practice only has a single element, so we only consider
2358 * the first one.
2359 */
2360 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2361 goto abort;
2362 extension_len = len - 1;
2363 /* Now we can finally pull out the byte array with the actual hostname. */
2364 if (extension_len <= 2)
2365 goto abort;
2366 len = (*extension_data++) << 8;
2367 len |= *extension_data++;
2368 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2369 || memchr(extension_data, 0, len) != NULL)
2370 goto abort;
2371 servername = extension_data;
2372 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002373 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002374#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2375 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002376 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002377 }
2378#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002379 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002380 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002381 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002382 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002383 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002384 goto abort;
2385 }
2386
2387 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002388#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002389 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002390#else
2391 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2392#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002393 uint8_t sign;
2394 size_t len;
2395 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002396 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002397 len = (*extension_data++) << 8;
2398 len |= *extension_data++;
2399 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002400 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002401 if (len % 2 != 0)
2402 goto abort;
2403 for (; len > 0; len -= 2) {
2404 extension_data++; /* hash */
2405 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002406 switch (sign) {
2407 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002408 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002409 break;
2410 case TLSEXT_signature_ecdsa:
2411 has_ecdsa_sig = 1;
2412 break;
2413 default:
2414 continue;
2415 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002416 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002417 break;
2418 }
2419 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002420 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002421 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002422 }
2423 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002424 const SSL_CIPHER *cipher;
2425 size_t len;
2426 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002427 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002428#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002429 len = ctx->cipher_suites_len;
2430 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002431#else
2432 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2433#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002434 if (len % 2 != 0)
2435 goto abort;
2436 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002437#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002438 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002439 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002440#else
2441 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2442#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002443 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002444 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002445 break;
2446 }
2447 }
2448 }
2449
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002450 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002451 trash.area[i] = tolower(servername[i]);
2452 if (!wildp && (trash.area[i] == '.'))
2453 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002454 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002455 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002456
2457 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002458 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002459
2460 /* lookup a not neg filter */
2461 for (n = node; n; n = ebmb_next_dup(n)) {
2462 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002463 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002464 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002465 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002466 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002467 break;
2468 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002469 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002470 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002471 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002472 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002473 if (!node_anonymous)
2474 node_anonymous = n;
2475 break;
2476 }
2477 }
2478 }
2479 if (wildp) {
2480 /* lookup in wildcards names */
2481 node = ebst_lookup(&s->sni_w_ctx, wildp);
2482 for (n = node; n; n = ebmb_next_dup(n)) {
2483 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002484 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002485 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002486 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002487 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002488 break;
2489 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002490 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002491 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002492 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002493 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002494 if (!node_anonymous)
2495 node_anonymous = n;
2496 break;
2497 }
2498 }
2499 }
2500 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002501 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002502 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2503 : ((has_rsa_sig && node_rsa) ? node_rsa
2504 : (node_anonymous ? node_anonymous
2505 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2506 : node_rsa /* no rsa signature case (far far away) */
2507 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002508 if (node) {
2509 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002510 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002511 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002512 if (conf) {
2513 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2514 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2515 if (conf->early_data)
2516 allow_early = 1;
2517 }
2518 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002519 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002520#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002521 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002522 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002523 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002524 }
2525#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002526 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002527 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002528 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002529 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002530allow_early:
2531#ifdef OPENSSL_IS_BORINGSSL
2532 if (allow_early)
2533 SSL_set_early_data_enabled(ssl, 1);
2534#else
2535 if (!allow_early)
2536 SSL_set_max_early_data(ssl, 0);
2537#endif
2538 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002539 abort:
2540 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2541 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002542#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002543 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002544#else
2545 *al = SSL_AD_UNRECOGNIZED_NAME;
2546 return 0;
2547#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002548}
2549
2550#else /* OPENSSL_IS_BORINGSSL */
2551
Emeric Brunfc0421f2012-09-07 17:30:07 +02002552/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2553 * warning when no match is found, which implies the default (first) cert
2554 * will keep being used.
2555 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002556static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002557{
2558 const char *servername;
2559 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002560 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002561 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002562 int i;
2563 (void)al; /* shut gcc stupid warning */
2564
2565 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002566 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002567#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002568 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2569 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002570#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002571 if (s->strict_sni)
2572 return SSL_TLSEXT_ERR_ALERT_FATAL;
2573 ssl_sock_switchctx_set(ssl, s->default_ctx);
2574 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002575 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002576
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002577 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002578 if (!servername[i])
2579 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002580 trash.area[i] = tolower(servername[i]);
2581 if (!wildp && (trash.area[i] == '.'))
2582 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002583 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002584 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002585
2586 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002587 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002588
2589 /* lookup a not neg filter */
2590 for (n = node; n; n = ebmb_next_dup(n)) {
2591 if (!container_of(n, struct sni_ctx, name)->neg) {
2592 node = n;
2593 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002594 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002595 }
2596 if (!node && wildp) {
2597 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002598 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002599 }
2600 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002601#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002602 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2603 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002604 return SSL_TLSEXT_ERR_OK;
2605 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002606#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002607 if (s->strict_sni)
2608 return SSL_TLSEXT_ERR_ALERT_FATAL;
2609 ssl_sock_switchctx_set(ssl, s->default_ctx);
2610 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002611 }
2612
2613 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002614 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002615 return SSL_TLSEXT_ERR_OK;
2616}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002617#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002618#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2619
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002620#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002621
2622static DH * ssl_get_dh_1024(void)
2623{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002624 static unsigned char dh1024_p[]={
2625 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2626 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2627 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2628 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2629 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2630 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2631 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2632 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2633 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2634 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2635 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2636 };
2637 static unsigned char dh1024_g[]={
2638 0x02,
2639 };
2640
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002641 BIGNUM *p;
2642 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002643 DH *dh = DH_new();
2644 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002645 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2646 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002647
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002648 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002649 DH_free(dh);
2650 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002651 } else {
2652 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002653 }
2654 }
2655 return dh;
2656}
2657
2658static DH *ssl_get_dh_2048(void)
2659{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002660 static unsigned char dh2048_p[]={
2661 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2662 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2663 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2664 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2665 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2666 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2667 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2668 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2669 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2670 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2671 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2672 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2673 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2674 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2675 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2676 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2677 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2678 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2679 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2680 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2681 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2682 0xB7,0x1F,0x77,0xF3,
2683 };
2684 static unsigned char dh2048_g[]={
2685 0x02,
2686 };
2687
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002688 BIGNUM *p;
2689 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002690 DH *dh = DH_new();
2691 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002692 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2693 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002694
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002695 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002696 DH_free(dh);
2697 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002698 } else {
2699 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002700 }
2701 }
2702 return dh;
2703}
2704
2705static DH *ssl_get_dh_4096(void)
2706{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002707 static unsigned char dh4096_p[]={
2708 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2709 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2710 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2711 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2712 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2713 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2714 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2715 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2716 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2717 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2718 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2719 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2720 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2721 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2722 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2723 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2724 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2725 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2726 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2727 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2728 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2729 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2730 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2731 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2732 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2733 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2734 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2735 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2736 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2737 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2738 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2739 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2740 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2741 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2742 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2743 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2744 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2745 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2746 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2747 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2748 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2749 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2750 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002751 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002752 static unsigned char dh4096_g[]={
2753 0x02,
2754 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002755
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002756 BIGNUM *p;
2757 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002758 DH *dh = DH_new();
2759 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002760 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2761 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002762
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002763 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002764 DH_free(dh);
2765 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002766 } else {
2767 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002768 }
2769 }
2770 return dh;
2771}
2772
2773/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002774 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002775static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2776{
2777 DH *dh = NULL;
2778 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002779 int type;
2780
2781 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002782
2783 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2784 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2785 */
2786 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2787 keylen = EVP_PKEY_bits(pkey);
2788 }
2789
Willy Tarreauef934602016-12-22 23:12:01 +01002790 if (keylen > global_ssl.default_dh_param) {
2791 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002792 }
2793
Remi Gacogned3a341a2015-05-29 16:26:17 +02002794 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002795 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002796 }
2797 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002798 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002799 }
2800 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002801 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002802 }
2803
2804 return dh;
2805}
2806
Remi Gacogne47783ef2015-05-29 15:53:22 +02002807static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002808{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002809 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002810 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002811
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002812 if (in == NULL)
2813 goto end;
2814
Remi Gacogne47783ef2015-05-29 15:53:22 +02002815 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002816 goto end;
2817
Remi Gacogne47783ef2015-05-29 15:53:22 +02002818 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2819
2820end:
2821 if (in)
2822 BIO_free(in);
2823
Emeric Brune1b4ed42018-08-16 15:14:12 +02002824 ERR_clear_error();
2825
Remi Gacogne47783ef2015-05-29 15:53:22 +02002826 return dh;
2827}
2828
2829int ssl_sock_load_global_dh_param_from_file(const char *filename)
2830{
2831 global_dh = ssl_sock_get_dh_from_file(filename);
2832
2833 if (global_dh) {
2834 return 0;
2835 }
2836
2837 return -1;
2838}
2839
2840/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
Joseph Herlant017b3da2018-11-15 09:07:59 -08002841 if an error occurred, and 0 if parameter not found. */
Remi Gacogne47783ef2015-05-29 15:53:22 +02002842int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2843{
2844 int ret = -1;
2845 DH *dh = ssl_sock_get_dh_from_file(file);
2846
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002847 if (dh) {
2848 ret = 1;
2849 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002850
2851 if (ssl_dh_ptr_index >= 0) {
2852 /* store a pointer to the DH params to avoid complaining about
2853 ssl-default-dh-param not being set for this SSL_CTX */
2854 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2855 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002856 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002857 else if (global_dh) {
2858 SSL_CTX_set_tmp_dh(ctx, global_dh);
2859 ret = 0; /* DH params not found */
2860 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002861 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002862 /* Clear openssl global errors stack */
2863 ERR_clear_error();
2864
Willy Tarreauef934602016-12-22 23:12:01 +01002865 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002866 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002867 if (local_dh_1024 == NULL)
2868 local_dh_1024 = ssl_get_dh_1024();
2869
Remi Gacogne8de54152014-07-15 11:36:40 +02002870 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002871 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002872
Remi Gacogne8de54152014-07-15 11:36:40 +02002873 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002874 }
2875 else {
2876 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2877 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002878
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002879 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002880 }
Emeric Brun644cde02012-12-14 11:21:13 +01002881
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002882end:
2883 if (dh)
2884 DH_free(dh);
2885
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002886 return ret;
2887}
2888#endif
2889
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002890static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002891 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002892{
2893 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002894 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002895 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002896
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002897 if (*name == '!') {
2898 neg = 1;
2899 name++;
2900 }
2901 if (*name == '*') {
2902 wild = 1;
2903 name++;
2904 }
2905 /* !* filter is a nop */
2906 if (neg && wild)
2907 return order;
2908 if (*name) {
2909 int j, len;
2910 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002911 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002912 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002913 if (j >= trash.size)
2914 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002915 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002916
2917 /* Check for duplicates. */
2918 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002919 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002920 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002921 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002922 for (; node; node = ebmb_next_dup(node)) {
2923 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002924 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002925 return order;
2926 }
2927
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002928 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002929 if (!sc)
2930 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002931 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002932 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002933 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002934 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002935 sc->order = order++;
2936 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002937 if (kinfo.sig != TLSEXT_signature_anonymous)
2938 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002939 if (wild)
2940 ebst_insert(&s->sni_w_ctx, &sc->name);
2941 else
2942 ebst_insert(&s->sni_ctx, &sc->name);
2943 }
2944 return order;
2945}
2946
yanbzhu488a4d22015-12-01 15:16:07 -05002947
2948/* The following code is used for loading multiple crt files into
2949 * SSL_CTX's based on CN/SAN
2950 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002951#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002952/* This is used to preload the certifcate, private key
2953 * and Cert Chain of a file passed in via the crt
2954 * argument
2955 *
2956 * This way, we do not have to read the file multiple times
2957 */
2958struct cert_key_and_chain {
2959 X509 *cert;
2960 EVP_PKEY *key;
2961 unsigned int num_chain_certs;
2962 /* This is an array of X509 pointers */
2963 X509 **chain_certs;
2964};
2965
yanbzhu08ce6ab2015-12-02 13:01:29 -05002966#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2967
2968struct key_combo_ctx {
2969 SSL_CTX *ctx;
2970 int order;
2971};
2972
2973/* Map used for processing multiple keypairs for a single purpose
2974 *
2975 * This maps CN/SNI name to certificate type
2976 */
2977struct sni_keytype {
2978 int keytypes; /* BITMASK for keytypes */
2979 struct ebmb_node name; /* node holding the servername value */
2980};
2981
2982
yanbzhu488a4d22015-12-01 15:16:07 -05002983/* Frees the contents of a cert_key_and_chain
2984 */
2985static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2986{
2987 int i;
2988
2989 if (!ckch)
2990 return;
2991
2992 /* Free the certificate and set pointer to NULL */
2993 if (ckch->cert)
2994 X509_free(ckch->cert);
2995 ckch->cert = NULL;
2996
2997 /* Free the key and set pointer to NULL */
2998 if (ckch->key)
2999 EVP_PKEY_free(ckch->key);
3000 ckch->key = NULL;
3001
3002 /* Free each certificate in the chain */
3003 for (i = 0; i < ckch->num_chain_certs; i++) {
3004 if (ckch->chain_certs[i])
3005 X509_free(ckch->chain_certs[i]);
3006 }
3007
3008 /* Free the chain obj itself and set to NULL */
3009 if (ckch->num_chain_certs > 0) {
3010 free(ckch->chain_certs);
3011 ckch->num_chain_certs = 0;
3012 ckch->chain_certs = NULL;
3013 }
3014
3015}
3016
3017/* checks if a key and cert exists in the ckch
3018 */
3019static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
3020{
3021 return (ckch->cert != NULL && ckch->key != NULL);
3022}
3023
3024
3025/* Loads the contents of a crt file (path) into a cert_key_and_chain
3026 * This allows us to carry the contents of the file without having to
3027 * read the file multiple times.
3028 *
3029 * returns:
3030 * 0 on Success
3031 * 1 on SSL Failure
3032 * 2 on file not found
3033 */
3034static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3035{
3036
3037 BIO *in;
3038 X509 *ca = NULL;
3039 int ret = 1;
3040
3041 ssl_sock_free_cert_key_and_chain_contents(ckch);
3042
3043 in = BIO_new(BIO_s_file());
3044 if (in == NULL)
3045 goto end;
3046
3047 if (BIO_read_filename(in, path) <= 0)
3048 goto end;
3049
yanbzhu488a4d22015-12-01 15:16:07 -05003050 /* Read Private Key */
3051 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3052 if (ckch->key == NULL) {
3053 memprintf(err, "%sunable to load private key from file '%s'.\n",
3054 err && *err ? *err : "", path);
3055 goto end;
3056 }
3057
Willy Tarreaubb137a82016-04-06 19:02:38 +02003058 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003059 if (BIO_reset(in) == -1) {
3060 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3061 err && *err ? *err : "", path);
3062 goto end;
3063 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003064
3065 /* Read Certificate */
3066 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3067 if (ckch->cert == NULL) {
3068 memprintf(err, "%sunable to load certificate from file '%s'.\n",
3069 err && *err ? *err : "", path);
3070 goto end;
3071 }
3072
yanbzhu488a4d22015-12-01 15:16:07 -05003073 /* Read Certificate Chain */
3074 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
3075 /* Grow the chain certs */
3076 ckch->num_chain_certs++;
3077 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
3078
3079 /* use - 1 here since we just incremented it above */
3080 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
3081 }
3082 ret = ERR_get_error();
3083 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3084 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
3085 err && *err ? *err : "", path);
3086 ret = 1;
3087 goto end;
3088 }
3089
3090 ret = 0;
3091
3092end:
3093
3094 ERR_clear_error();
3095 if (in)
3096 BIO_free(in);
3097
3098 /* Something went wrong in one of the reads */
3099 if (ret != 0)
3100 ssl_sock_free_cert_key_and_chain_contents(ckch);
3101
3102 return ret;
3103}
3104
3105/* Loads the info in ckch into ctx
3106 * Currently, this does not process any information about ocsp, dhparams or
3107 * sctl
3108 * Returns
3109 * 0 on success
3110 * 1 on failure
3111 */
3112static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3113{
3114 int i = 0;
3115
3116 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3117 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3118 err && *err ? *err : "", path);
3119 return 1;
3120 }
3121
3122 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3123 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3124 err && *err ? *err : "", path);
3125 return 1;
3126 }
3127
yanbzhu488a4d22015-12-01 15:16:07 -05003128 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3129 for (i = 0; i < ckch->num_chain_certs; i++) {
3130 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003131 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3132 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05003133 return 1;
3134 }
3135 }
3136
3137 if (SSL_CTX_check_private_key(ctx) <= 0) {
3138 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3139 err && *err ? *err : "", path);
3140 return 1;
3141 }
3142
3143 return 0;
3144}
3145
yanbzhu08ce6ab2015-12-02 13:01:29 -05003146
3147static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3148{
3149 struct sni_keytype *s_kt = NULL;
3150 struct ebmb_node *node;
3151 int i;
3152
3153 for (i = 0; i < trash.size; i++) {
3154 if (!str[i])
3155 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003156 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003157 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003158 trash.area[i] = 0;
3159 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003160 if (!node) {
3161 /* CN not found in tree */
3162 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3163 /* Using memcpy here instead of strncpy.
3164 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3165 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3166 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003167 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003168 s_kt->keytypes = 0;
3169 ebst_insert(sni_keytypes, &s_kt->name);
3170 } else {
3171 /* CN found in tree */
3172 s_kt = container_of(node, struct sni_keytype, name);
3173 }
3174
3175 /* Mark that this CN has the keytype of key_index via keytypes mask */
3176 s_kt->keytypes |= 1<<key_index;
3177
3178}
3179
3180
3181/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3182 * If any are found, group these files into a set of SSL_CTX*
3183 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3184 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003185 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003186 *
3187 * Returns
3188 * 0 on success
3189 * 1 on failure
3190 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003191static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3192 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003193{
3194 char fp[MAXPATHLEN+1] = {0};
3195 int n = 0;
3196 int i = 0;
3197 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3198 struct eb_root sni_keytypes_map = { {0} };
3199 struct ebmb_node *node;
3200 struct ebmb_node *next;
3201 /* Array of SSL_CTX pointers corresponding to each possible combo
3202 * of keytypes
3203 */
3204 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3205 int rv = 0;
3206 X509_NAME *xname = NULL;
3207 char *str = NULL;
3208#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3209 STACK_OF(GENERAL_NAME) *names = NULL;
3210#endif
3211
3212 /* Load all possible certs and keys */
3213 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3214 struct stat buf;
3215
3216 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3217 if (stat(fp, &buf) == 0) {
3218 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3219 rv = 1;
3220 goto end;
3221 }
3222 }
3223 }
3224
3225 /* Process each ckch and update keytypes for each CN/SAN
3226 * for example, if CN/SAN www.a.com is associated with
3227 * certs with keytype 0 and 2, then at the end of the loop,
3228 * www.a.com will have:
3229 * keyindex = 0 | 1 | 4 = 5
3230 */
3231 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3232
3233 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3234 continue;
3235
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003236 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003237 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003238 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3239 } else {
3240 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3241 * so the line that contains logic is marked via comments
3242 */
3243 xname = X509_get_subject_name(certs_and_keys[n].cert);
3244 i = -1;
3245 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3246 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003247 ASN1_STRING *value;
3248 value = X509_NAME_ENTRY_get_data(entry);
3249 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003250 /* Important line is here */
3251 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003252
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003253 OPENSSL_free(str);
3254 str = NULL;
3255 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003256 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003257
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003258 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003259#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003260 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3261 if (names) {
3262 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3263 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003264
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003265 if (name->type == GEN_DNS) {
3266 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3267 /* Important line is here */
3268 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003269
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003270 OPENSSL_free(str);
3271 str = NULL;
3272 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003273 }
3274 }
3275 }
3276 }
3277#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3278 }
3279
3280 /* If no files found, return error */
3281 if (eb_is_empty(&sni_keytypes_map)) {
3282 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3283 err && *err ? *err : "", path);
3284 rv = 1;
3285 goto end;
3286 }
3287
3288 /* We now have a map of CN/SAN to keytypes that are loaded in
3289 * Iterate through the map to create the SSL_CTX's (if needed)
3290 * and add each CTX to the SNI tree
3291 *
3292 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003293 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003294 * combination is denoted by the key in the map. Each key
3295 * has a value between 1 and 2^n - 1. Conveniently, the array
3296 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3297 * entry in the array to correspond to the unique combo (key)
3298 * associated with i. This unique key combo (i) will be associated
3299 * with combos[i-1]
3300 */
3301
3302 node = ebmb_first(&sni_keytypes_map);
3303 while (node) {
3304 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003305 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003306 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003307
3308 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3309 i = container_of(node, struct sni_keytype, name)->keytypes;
3310 cur_ctx = key_combos[i-1].ctx;
3311
3312 if (cur_ctx == NULL) {
3313 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003314 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003315 if (cur_ctx == NULL) {
3316 memprintf(err, "%sunable to allocate SSL context.\n",
3317 err && *err ? *err : "");
3318 rv = 1;
3319 goto end;
3320 }
3321
yanbzhube2774d2015-12-10 15:07:30 -05003322 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003323 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3324 if (i & (1<<n)) {
3325 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003326 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3327 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003328 SSL_CTX_free(cur_ctx);
3329 rv = 1;
3330 goto end;
3331 }
yanbzhube2774d2015-12-10 15:07:30 -05003332
3333#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3334 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003335 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003336 if (err)
3337 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003338 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003339 SSL_CTX_free(cur_ctx);
3340 rv = 1;
3341 goto end;
3342 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003343#elif (defined OPENSSL_IS_BORINGSSL)
3344 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003345#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003346 }
3347 }
3348
3349 /* Load DH params into the ctx to support DHE keys */
3350#ifndef OPENSSL_NO_DH
3351 if (ssl_dh_ptr_index >= 0)
3352 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3353
3354 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3355 if (rv < 0) {
3356 if (err)
3357 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3358 *err ? *err : "", path);
3359 rv = 1;
3360 goto end;
3361 }
3362#endif
3363
3364 /* Update key_combos */
3365 key_combos[i-1].ctx = cur_ctx;
3366 }
3367
3368 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003369 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003370 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003371 node = ebmb_next(node);
3372 }
3373
3374
3375 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3376 if (!bind_conf->default_ctx) {
3377 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3378 if (key_combos[i].ctx) {
3379 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003380 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003381 break;
3382 }
3383 }
3384 }
3385
3386end:
3387
3388 if (names)
3389 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3390
3391 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3392 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3393
3394 node = ebmb_first(&sni_keytypes_map);
3395 while (node) {
3396 next = ebmb_next(node);
3397 ebmb_delete(node);
3398 node = next;
3399 }
3400
3401 return rv;
3402}
3403#else
3404/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003405static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3406 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003407{
3408 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3409 err && *err ? *err : "", path, strerror(errno));
3410 return 1;
3411}
3412
yanbzhu488a4d22015-12-01 15:16:07 -05003413#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3414
Emeric Brunfc0421f2012-09-07 17:30:07 +02003415/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3416 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3417 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003418static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3419 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003420{
3421 BIO *in;
3422 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003423 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003424 int ret = -1;
3425 int order = 0;
3426 X509_NAME *xname;
3427 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003428 pem_password_cb *passwd_cb;
3429 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003430 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003431 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003432
Emeric Brunfc0421f2012-09-07 17:30:07 +02003433#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3434 STACK_OF(GENERAL_NAME) *names;
3435#endif
3436
3437 in = BIO_new(BIO_s_file());
3438 if (in == NULL)
3439 goto end;
3440
3441 if (BIO_read_filename(in, file) <= 0)
3442 goto end;
3443
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003444
3445 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3446 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3447
3448 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003449 if (x == NULL)
3450 goto end;
3451
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003452 pkey = X509_get_pubkey(x);
3453 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003454 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003455 switch(EVP_PKEY_base_id(pkey)) {
3456 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003457 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003458 break;
3459 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003460 kinfo.sig = TLSEXT_signature_ecdsa;
3461 break;
3462 case EVP_PKEY_DSA:
3463 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003464 break;
3465 }
3466 EVP_PKEY_free(pkey);
3467 }
3468
Emeric Brun50bcecc2013-04-22 13:05:23 +02003469 if (fcount) {
3470 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003471 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003472 }
3473 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003474#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003475 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3476 if (names) {
3477 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3478 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3479 if (name->type == GEN_DNS) {
3480 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003481 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003482 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003483 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003484 }
3485 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003486 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003487 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003488#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003489 xname = X509_get_subject_name(x);
3490 i = -1;
3491 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3492 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003493 ASN1_STRING *value;
3494
3495 value = X509_NAME_ENTRY_get_data(entry);
3496 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003497 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003498 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003499 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003500 }
3501 }
3502
3503 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3504 if (!SSL_CTX_use_certificate(ctx, x))
3505 goto end;
3506
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003507#ifdef SSL_CTX_clear_extra_chain_certs
3508 SSL_CTX_clear_extra_chain_certs(ctx);
3509#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003510 if (ctx->extra_certs != NULL) {
3511 sk_X509_pop_free(ctx->extra_certs, X509_free);
3512 ctx->extra_certs = NULL;
3513 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003514#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003515
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003516 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003517 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3518 X509_free(ca);
3519 goto end;
3520 }
3521 }
3522
3523 err = ERR_get_error();
3524 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3525 /* we successfully reached the last cert in the file */
3526 ret = 1;
3527 }
3528 ERR_clear_error();
3529
3530end:
3531 if (x)
3532 X509_free(x);
3533
3534 if (in)
3535 BIO_free(in);
3536
3537 return ret;
3538}
3539
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003540static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3541 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003542{
3543 int ret;
3544 SSL_CTX *ctx;
3545
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003546 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003547 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003548 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3549 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003550 return 1;
3551 }
3552
3553 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003554 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3555 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003556 SSL_CTX_free(ctx);
3557 return 1;
3558 }
3559
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003560 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003561 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003562 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3563 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003564 if (ret < 0) /* serious error, must do that ourselves */
3565 SSL_CTX_free(ctx);
3566 return 1;
3567 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003568
3569 if (SSL_CTX_check_private_key(ctx) <= 0) {
3570 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3571 err && *err ? *err : "", path);
3572 return 1;
3573 }
3574
Emeric Brunfc0421f2012-09-07 17:30:07 +02003575 /* we must not free the SSL_CTX anymore below, since it's already in
3576 * the tree, so it will be discovered and cleaned in time.
3577 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003578#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003579 /* store a NULL pointer to indicate we have not yet loaded
3580 a custom DH param file */
3581 if (ssl_dh_ptr_index >= 0) {
3582 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3583 }
3584
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003585 ret = ssl_sock_load_dh_params(ctx, path);
3586 if (ret < 0) {
3587 if (err)
3588 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3589 *err ? *err : "", path);
3590 return 1;
3591 }
3592#endif
3593
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003594#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003595 ret = ssl_sock_load_ocsp(ctx, path);
3596 if (ret < 0) {
3597 if (err)
3598 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3599 *err ? *err : "", path);
3600 return 1;
3601 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003602#elif (defined OPENSSL_IS_BORINGSSL)
3603 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003604#endif
3605
Daniel Jakots54ffb912015-11-06 20:02:41 +01003606#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003607 if (sctl_ex_index >= 0) {
3608 ret = ssl_sock_load_sctl(ctx, path);
3609 if (ret < 0) {
3610 if (err)
3611 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3612 *err ? *err : "", path);
3613 return 1;
3614 }
3615 }
3616#endif
3617
Emeric Brunfc0421f2012-09-07 17:30:07 +02003618#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003619 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003620 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3621 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003622 return 1;
3623 }
3624#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003625 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003626 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003627 bind_conf->default_ssl_conf = ssl_conf;
3628 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003629
3630 return 0;
3631}
3632
Willy Tarreau03209342016-12-22 17:08:28 +01003633int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003634{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003635 struct dirent **de_list;
3636 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003637 DIR *dir;
3638 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003639 char *end;
3640 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003641 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003642#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3643 int is_bundle;
3644 int j;
3645#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003646
yanbzhu08ce6ab2015-12-02 13:01:29 -05003647 if (stat(path, &buf) == 0) {
3648 dir = opendir(path);
3649 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003650 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003651
yanbzhu08ce6ab2015-12-02 13:01:29 -05003652 /* strip trailing slashes, including first one */
3653 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3654 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003655
yanbzhu08ce6ab2015-12-02 13:01:29 -05003656 n = scandir(path, &de_list, 0, alphasort);
3657 if (n < 0) {
3658 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3659 err && *err ? *err : "", path, strerror(errno));
3660 cfgerr++;
3661 }
3662 else {
3663 for (i = 0; i < n; i++) {
3664 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003665
yanbzhu08ce6ab2015-12-02 13:01:29 -05003666 end = strrchr(de->d_name, '.');
3667 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3668 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003669
yanbzhu08ce6ab2015-12-02 13:01:29 -05003670 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3671 if (stat(fp, &buf) != 0) {
3672 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3673 err && *err ? *err : "", fp, strerror(errno));
3674 cfgerr++;
3675 goto ignore_entry;
3676 }
3677 if (!S_ISREG(buf.st_mode))
3678 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003679
3680#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3681 is_bundle = 0;
3682 /* Check if current entry in directory is part of a multi-cert bundle */
3683
3684 if (end) {
3685 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3686 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3687 is_bundle = 1;
3688 break;
3689 }
3690 }
3691
3692 if (is_bundle) {
3693 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3694 int dp_len;
3695
3696 dp_len = end - de->d_name;
3697 snprintf(dp, dp_len + 1, "%s", de->d_name);
3698
3699 /* increment i and free de until we get to a non-bundle cert
3700 * Note here that we look at de_list[i + 1] before freeing de
3701 * this is important since ignore_entry will free de
3702 */
3703 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3704 free(de);
3705 i++;
3706 de = de_list[i];
3707 }
3708
3709 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003710 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003711
3712 /* Successfully processed the bundle */
3713 goto ignore_entry;
3714 }
3715 }
3716
3717#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003718 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003719ignore_entry:
3720 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003721 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003722 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003723 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003724 closedir(dir);
3725 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003726 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003727
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003728 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003729
Emeric Brunfc0421f2012-09-07 17:30:07 +02003730 return cfgerr;
3731}
3732
Thierry Fournier383085f2013-01-24 14:15:43 +01003733/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3734 * done once. Zero is returned if the operation fails. No error is returned
3735 * if the random is said as not implemented, because we expect that openssl
3736 * will use another method once needed.
3737 */
3738static int ssl_initialize_random()
3739{
3740 unsigned char random;
3741 static int random_initialized = 0;
3742
3743 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3744 random_initialized = 1;
3745
3746 return random_initialized;
3747}
3748
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003749/* release ssl bind conf */
3750void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003751{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003752 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003753#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003754 free(conf->npn_str);
3755 conf->npn_str = NULL;
3756#endif
3757#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3758 free(conf->alpn_str);
3759 conf->alpn_str = NULL;
3760#endif
3761 free(conf->ca_file);
3762 conf->ca_file = NULL;
3763 free(conf->crl_file);
3764 conf->crl_file = NULL;
3765 free(conf->ciphers);
3766 conf->ciphers = NULL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003767#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
3768 free(conf->ciphersuites);
3769 conf->ciphersuites = NULL;
3770#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003771 free(conf->curves);
3772 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003773 free(conf->ecdhe);
3774 conf->ecdhe = NULL;
3775 }
3776}
3777
3778int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3779{
3780 char thisline[CRT_LINESIZE];
3781 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003782 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003783 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003784 int linenum = 0;
3785 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003786
Willy Tarreauad1731d2013-04-02 17:35:58 +02003787 if ((f = fopen(file, "r")) == NULL) {
3788 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003789 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003790 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003791
3792 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003793 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003794 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003795 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003796 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003797 char *crt_path;
3798 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003799
3800 linenum++;
3801 end = line + strlen(line);
3802 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3803 /* Check if we reached the limit and the last char is not \n.
3804 * Watch out for the last line without the terminating '\n'!
3805 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003806 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3807 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003808 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003809 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003810 }
3811
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003812 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003813 newarg = 1;
3814 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003815 if (*line == '#' || *line == '\n' || *line == '\r') {
3816 /* end of string, end of loop */
3817 *line = 0;
3818 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003819 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003820 newarg = 1;
3821 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003822 } else if (*line == '[') {
3823 if (ssl_b) {
3824 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3825 cfgerr = 1;
3826 break;
3827 }
3828 if (!arg) {
3829 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3830 cfgerr = 1;
3831 break;
3832 }
3833 ssl_b = arg;
3834 newarg = 1;
3835 *line = 0;
3836 } else if (*line == ']') {
3837 if (ssl_e) {
3838 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003839 cfgerr = 1;
3840 break;
3841 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003842 if (!ssl_b) {
3843 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3844 cfgerr = 1;
3845 break;
3846 }
3847 ssl_e = arg;
3848 newarg = 1;
3849 *line = 0;
3850 } else if (newarg) {
3851 if (arg == MAX_CRT_ARGS) {
3852 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3853 cfgerr = 1;
3854 break;
3855 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003856 newarg = 0;
3857 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003858 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003859 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003860 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003861 if (cfgerr)
3862 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003863 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003864
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003865 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003866 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003867 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003868
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003869 crt_path = args[0];
3870 if (*crt_path != '/' && global_ssl.crt_base) {
3871 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3872 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3873 crt_path, linenum, file);
3874 cfgerr = 1;
3875 break;
3876 }
3877 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3878 crt_path = path;
3879 }
3880
3881 ssl_conf = calloc(1, sizeof *ssl_conf);
3882 cur_arg = ssl_b ? ssl_b : 1;
3883 while (cur_arg < ssl_e) {
3884 newarg = 0;
3885 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3886 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3887 newarg = 1;
3888 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3889 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3890 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3891 args[cur_arg], linenum, file);
3892 cfgerr = 1;
3893 }
3894 cur_arg += 1 + ssl_bind_kws[i].skip;
3895 break;
3896 }
3897 }
3898 if (!cfgerr && !newarg) {
3899 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3900 args[cur_arg], linenum, file);
3901 cfgerr = 1;
3902 break;
3903 }
3904 }
3905 if (cfgerr) {
3906 ssl_sock_free_ssl_conf(ssl_conf);
3907 free(ssl_conf);
3908 ssl_conf = NULL;
3909 break;
3910 }
3911
3912 if (stat(crt_path, &buf) == 0) {
3913 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3914 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003915 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003916 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3917 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003918 }
3919
Willy Tarreauad1731d2013-04-02 17:35:58 +02003920 if (cfgerr) {
3921 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003922 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003923 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003924 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003925 fclose(f);
3926 return cfgerr;
3927}
3928
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003929/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003930static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003931ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003932{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003933 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003934 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003935 SSL_OP_ALL | /* all known workarounds for bugs */
3936 SSL_OP_NO_SSLv2 |
3937 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003938 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003939 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003940 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003941 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003942 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003943 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003944 SSL_MODE_ENABLE_PARTIAL_WRITE |
3945 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003946 SSL_MODE_RELEASE_BUFFERS |
3947 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003948 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003949 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003950 int flags = MC_SSL_O_ALL;
3951 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003952
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003953 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003954 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003955
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003956 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003957 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3958 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3959 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003960 else
3961 flags = conf_ssl_methods->flags;
3962
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003963 min = conf_ssl_methods->min;
3964 max = conf_ssl_methods->max;
3965 /* start with TLSv10 to remove SSLv3 per default */
3966 if (!min && (!max || max >= CONF_TLSV10))
3967 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003968 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003969 if (min)
3970 flags |= (methodVersions[min].flag - 1);
3971 if (max)
3972 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003973 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003974 min = max = CONF_TLSV_NONE;
3975 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003976 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003977 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003978 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003979 if (min) {
3980 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003981 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3982 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3983 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3984 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003985 hole = 0;
3986 }
3987 max = i;
3988 }
3989 else {
3990 min = max = i;
3991 }
3992 }
3993 else {
3994 if (min)
3995 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003996 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003997 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003998 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3999 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004000 cfgerr += 1;
4001 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004002 /* save real min/max in bind_conf */
4003 conf_ssl_methods->min = min;
4004 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004005
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004006#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004007 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004008 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004009 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004010 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004011 else
4012 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4013 if (flags & methodVersions[i].flag)
4014 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004015#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004016 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004017 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4018 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004019#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004020
4021 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4022 options |= SSL_OP_NO_TICKET;
4023 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4024 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004025
4026#ifdef SSL_OP_NO_RENEGOTIATION
4027 options |= SSL_OP_NO_RENEGOTIATION;
4028#endif
4029
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004030 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004031
Ilya Shipitsin54832b92019-05-05 23:27:54 +05004032#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004033 if (global_ssl.async)
4034 mode |= SSL_MODE_ASYNC;
4035#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004036 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004037 if (global_ssl.life_time)
4038 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004039
4040#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4041#ifdef OPENSSL_IS_BORINGSSL
4042 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4043 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Ilya Shipitsin54832b92019-05-05 23:27:54 +05004044#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004045 if (bind_conf->ssl_conf.early_data) {
4046 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
4047 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4048 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004049 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4050 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004051#else
4052 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004053#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004054 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004055#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004056 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004057}
4058
William Lallemand4f45bb92017-10-30 20:08:51 +01004059
4060static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4061{
4062 if (first == block) {
4063 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4064 if (first->len > 0)
4065 sh_ssl_sess_tree_delete(sh_ssl_sess);
4066 }
4067}
4068
4069/* return first block from sh_ssl_sess */
4070static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4071{
4072 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4073
4074}
4075
4076/* store a session into the cache
4077 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4078 * data: asn1 encoded session
4079 * data_len: asn1 encoded session length
4080 * Returns 1 id session was stored (else 0)
4081 */
4082static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4083{
4084 struct shared_block *first;
4085 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4086
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004087 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004088 if (!first) {
4089 /* Could not retrieve enough free blocks to store that session */
4090 return 0;
4091 }
4092
4093 /* STORE the key in the first elem */
4094 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4095 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4096 first->len = sizeof(struct sh_ssl_sess_hdr);
4097
4098 /* it returns the already existing node
4099 or current node if none, never returns null */
4100 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4101 if (oldsh_ssl_sess != sh_ssl_sess) {
4102 /* NOTE: Row couldn't be in use because we lock read & write function */
4103 /* release the reserved row */
4104 shctx_row_dec_hot(ssl_shctx, first);
4105 /* replace the previous session already in the tree */
4106 sh_ssl_sess = oldsh_ssl_sess;
4107 /* ignore the previous session data, only use the header */
4108 first = sh_ssl_sess_first_block(sh_ssl_sess);
4109 shctx_row_inc_hot(ssl_shctx, first);
4110 first->len = sizeof(struct sh_ssl_sess_hdr);
4111 }
4112
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004113 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004114 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004115 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004116 }
4117
4118 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004119
4120 return 1;
4121}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004122
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004123/* SSL callback used when a new session is created while connecting to a server */
4124static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4125{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004126 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004127 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004128
Willy Tarreau07d94e42018-09-20 10:57:52 +02004129 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004130
Olivier Houcharde6060c52017-11-16 17:42:52 +01004131 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4132 int len;
4133 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004134
Olivier Houcharde6060c52017-11-16 17:42:52 +01004135 len = i2d_SSL_SESSION(sess, NULL);
4136 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4137 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4138 } else {
4139 free(s->ssl_ctx.reused_sess[tid].ptr);
4140 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4141 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4142 }
4143 if (s->ssl_ctx.reused_sess[tid].ptr) {
4144 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4145 &ptr);
4146 }
4147 } else {
4148 free(s->ssl_ctx.reused_sess[tid].ptr);
4149 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4150 }
4151
4152 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004153}
4154
Olivier Houcharde6060c52017-11-16 17:42:52 +01004155
William Lallemanded0b5ad2017-10-30 19:36:36 +01004156/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004157int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004158{
4159 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4160 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4161 unsigned char *p;
4162 int data_len;
4163 unsigned int sid_length, sid_ctx_length;
4164 const unsigned char *sid_data;
4165 const unsigned char *sid_ctx_data;
4166
4167 /* Session id is already stored in to key and session id is known
4168 * so we dont store it to keep size.
4169 */
4170
4171 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4172 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4173 SSL_SESSION_set1_id(sess, sid_data, 0);
4174 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4175
4176 /* check if buffer is large enough for the ASN1 encoded session */
4177 data_len = i2d_SSL_SESSION(sess, NULL);
4178 if (data_len > SHSESS_MAX_DATA_LEN)
4179 goto err;
4180
4181 p = encsess;
4182
4183 /* process ASN1 session encoding before the lock */
4184 i2d_SSL_SESSION(sess, &p);
4185
4186 memcpy(encid, sid_data, sid_length);
4187 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4188 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4189
William Lallemanda3c77cf2017-10-30 23:44:40 +01004190 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004191 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004192 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004193 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004194err:
4195 /* reset original length values */
4196 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4197 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4198
4199 return 0; /* do not increment session reference count */
4200}
4201
4202/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004203SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004204{
William Lallemand4f45bb92017-10-30 20:08:51 +01004205 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004206 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4207 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004208 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004209 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004210
4211 global.shctx_lookups++;
4212
4213 /* allow the session to be freed automatically by openssl */
4214 *do_copy = 0;
4215
4216 /* tree key is zeros padded sessionid */
4217 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4218 memcpy(tmpkey, key, key_len);
4219 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4220 key = tmpkey;
4221 }
4222
4223 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004224 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004225
4226 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004227 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4228 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004229 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004230 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004231 global.shctx_misses++;
4232 return NULL;
4233 }
4234
William Lallemand4f45bb92017-10-30 20:08:51 +01004235 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4236 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004237
William Lallemand4f45bb92017-10-30 20:08:51 +01004238 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004239
William Lallemanda3c77cf2017-10-30 23:44:40 +01004240 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004241
4242 /* decode ASN1 session */
4243 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004244 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004245 /* Reset session id and session id contenxt */
4246 if (sess) {
4247 SSL_SESSION_set1_id(sess, key, key_len);
4248 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4249 }
4250
4251 return sess;
4252}
4253
William Lallemand4f45bb92017-10-30 20:08:51 +01004254
William Lallemanded0b5ad2017-10-30 19:36:36 +01004255/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004256void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004257{
William Lallemand4f45bb92017-10-30 20:08:51 +01004258 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004259 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4260 unsigned int sid_length;
4261 const unsigned char *sid_data;
4262 (void)ctx;
4263
4264 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4265 /* tree key is zeros padded sessionid */
4266 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4267 memcpy(tmpkey, sid_data, sid_length);
4268 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4269 sid_data = tmpkey;
4270 }
4271
William Lallemanda3c77cf2017-10-30 23:44:40 +01004272 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004273
4274 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004275 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4276 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004277 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004278 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004279 }
4280
4281 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004282 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004283}
4284
4285/* Set session cache mode to server and disable openssl internal cache.
4286 * Set shared cache callbacks on an ssl context.
4287 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004288void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004289{
4290 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4291
4292 if (!ssl_shctx) {
4293 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4294 return;
4295 }
4296
4297 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4298 SSL_SESS_CACHE_NO_INTERNAL |
4299 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4300
4301 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004302 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4303 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4304 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004305}
4306
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004307int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4308{
4309 struct proxy *curproxy = bind_conf->frontend;
4310 int cfgerr = 0;
4311 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004312 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004313 const char *conf_ciphers;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004314#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4315 const char *conf_ciphersuites;
4316#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004317 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004318
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004319 if (ssl_conf) {
4320 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4321 int i, min, max;
4322 int flags = MC_SSL_O_ALL;
4323
4324 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004325 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4326 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004327 if (min)
4328 flags |= (methodVersions[min].flag - 1);
4329 if (max)
4330 flags |= ~((methodVersions[max].flag << 1) - 1);
4331 min = max = CONF_TLSV_NONE;
4332 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4333 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4334 if (min)
4335 max = i;
4336 else
4337 min = max = i;
4338 }
4339 /* save real min/max */
4340 conf_ssl_methods->min = min;
4341 conf_ssl_methods->max = max;
4342 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004343 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4344 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004345 cfgerr += 1;
4346 }
4347 }
4348
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004349 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004350 case SSL_SOCK_VERIFY_NONE:
4351 verify = SSL_VERIFY_NONE;
4352 break;
4353 case SSL_SOCK_VERIFY_OPTIONAL:
4354 verify = SSL_VERIFY_PEER;
4355 break;
4356 case SSL_SOCK_VERIFY_REQUIRED:
4357 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4358 break;
4359 }
4360 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4361 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004362 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4363 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4364 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004365 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004366 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004367 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4368 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004369 cfgerr++;
4370 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004371 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4372 /* set CA names for client cert request, function returns void */
4373 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4374 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004375 }
Emeric Brun850efd52014-01-29 12:24:34 +01004376 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004377 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4378 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004379 cfgerr++;
4380 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004381#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004382 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004383 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4384
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004385 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004386 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4387 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004388 cfgerr++;
4389 }
Emeric Brun561e5742012-10-02 15:20:55 +02004390 else {
4391 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4392 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004393 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004394#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004395 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004396 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004397#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004398 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004399 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004400 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4401 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004402 cfgerr++;
4403 }
4404 }
4405#endif
4406
William Lallemand4f45bb92017-10-30 20:08:51 +01004407 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004408 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4409 if (conf_ciphers &&
4410 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004411 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4412 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004413 cfgerr++;
4414 }
4415
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004416#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4417 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4418 if (conf_ciphersuites &&
4419 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4420 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4421 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4422 cfgerr++;
4423 }
4424#endif
4425
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004426#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004427 /* If tune.ssl.default-dh-param has not been set,
4428 neither has ssl-default-dh-file and no static DH
4429 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004430 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004431 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004432 (ssl_dh_ptr_index == -1 ||
4433 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004434 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4435 const SSL_CIPHER * cipher = NULL;
4436 char cipher_description[128];
4437 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4438 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4439 which is not ephemeral DH. */
4440 const char dhe_description[] = " Kx=DH ";
4441 const char dhe_export_description[] = " Kx=DH(";
4442 int idx = 0;
4443 int dhe_found = 0;
4444 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004445
Remi Gacogne23d5d372014-10-10 17:04:26 +02004446 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004447
Remi Gacogne23d5d372014-10-10 17:04:26 +02004448 if (ssl) {
4449 ciphers = SSL_get_ciphers(ssl);
4450
4451 if (ciphers) {
4452 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4453 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4454 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4455 if (strstr(cipher_description, dhe_description) != NULL ||
4456 strstr(cipher_description, dhe_export_description) != NULL) {
4457 dhe_found = 1;
4458 break;
4459 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004460 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004461 }
4462 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004463 SSL_free(ssl);
4464 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004465 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004466
Lukas Tribus90132722014-08-18 00:56:33 +02004467 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004468 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004469 }
4470
Willy Tarreauef934602016-12-22 23:12:01 +01004471 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004472 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004473
Willy Tarreauef934602016-12-22 23:12:01 +01004474 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004475 if (local_dh_1024 == NULL) {
4476 local_dh_1024 = ssl_get_dh_1024();
4477 }
Willy Tarreauef934602016-12-22 23:12:01 +01004478 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004479 if (local_dh_2048 == NULL) {
4480 local_dh_2048 = ssl_get_dh_2048();
4481 }
Willy Tarreauef934602016-12-22 23:12:01 +01004482 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004483 if (local_dh_4096 == NULL) {
4484 local_dh_4096 = ssl_get_dh_4096();
4485 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004486 }
4487 }
4488 }
4489#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004490
Emeric Brunfc0421f2012-09-07 17:30:07 +02004491 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004492#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004493 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004494#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004495
Bernard Spil13c53f82018-02-15 13:34:58 +01004496#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004497 ssl_conf_cur = NULL;
4498 if (ssl_conf && ssl_conf->npn_str)
4499 ssl_conf_cur = ssl_conf;
4500 else if (bind_conf->ssl_conf.npn_str)
4501 ssl_conf_cur = &bind_conf->ssl_conf;
4502 if (ssl_conf_cur)
4503 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004504#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004505#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004506 ssl_conf_cur = NULL;
4507 if (ssl_conf && ssl_conf->alpn_str)
4508 ssl_conf_cur = ssl_conf;
4509 else if (bind_conf->ssl_conf.alpn_str)
4510 ssl_conf_cur = &bind_conf->ssl_conf;
4511 if (ssl_conf_cur)
4512 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004513#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004514#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4515 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4516 if (conf_curves) {
4517 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004518 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4519 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004520 cfgerr++;
4521 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004522#if defined(SSL_CTX_set_ecdh_auto)
4523 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4524#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004525 }
4526#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004527#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004528 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004529 int i;
4530 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004531#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004532 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004533 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4534 NULL);
4535
4536 if (ecdhe == NULL) {
4537 SSL_CTX_set_dh_auto(ctx, 1);
4538 return cfgerr;
4539 }
4540#else
4541 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4542 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4543 ECDHE_DEFAULT_CURVE);
4544#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004545
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004546 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004547 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004548 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4549 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004550 cfgerr++;
4551 }
4552 else {
4553 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4554 EC_KEY_free(ecdh);
4555 }
4556 }
4557#endif
4558
Emeric Brunfc0421f2012-09-07 17:30:07 +02004559 return cfgerr;
4560}
4561
Evan Broderbe554312013-06-27 00:05:25 -07004562static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4563{
4564 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4565 size_t prefixlen, suffixlen;
4566
4567 /* Trivial case */
4568 if (strcmp(pattern, hostname) == 0)
4569 return 1;
4570
Evan Broderbe554312013-06-27 00:05:25 -07004571 /* The rest of this logic is based on RFC 6125, section 6.4.3
4572 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4573
Emeric Bruna848dae2013-10-08 11:27:28 +02004574 pattern_wildcard = NULL;
4575 pattern_left_label_end = pattern;
4576 while (*pattern_left_label_end != '.') {
4577 switch (*pattern_left_label_end) {
4578 case 0:
4579 /* End of label not found */
4580 return 0;
4581 case '*':
4582 /* If there is more than one wildcards */
4583 if (pattern_wildcard)
4584 return 0;
4585 pattern_wildcard = pattern_left_label_end;
4586 break;
4587 }
4588 pattern_left_label_end++;
4589 }
4590
4591 /* If it's not trivial and there is no wildcard, it can't
4592 * match */
4593 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004594 return 0;
4595
4596 /* Make sure all labels match except the leftmost */
4597 hostname_left_label_end = strchr(hostname, '.');
4598 if (!hostname_left_label_end
4599 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4600 return 0;
4601
4602 /* Make sure the leftmost label of the hostname is long enough
4603 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004604 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004605 return 0;
4606
4607 /* Finally compare the string on either side of the
4608 * wildcard */
4609 prefixlen = pattern_wildcard - pattern;
4610 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004611 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4612 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004613 return 0;
4614
4615 return 1;
4616}
4617
4618static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4619{
4620 SSL *ssl;
4621 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004622 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004623 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004624 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004625
4626 int depth;
4627 X509 *cert;
4628 STACK_OF(GENERAL_NAME) *alt_names;
4629 int i;
4630 X509_NAME *cert_subject;
4631 char *str;
4632
4633 if (ok == 0)
4634 return ok;
4635
4636 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004637 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004638 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004639
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004640 /* We're checking if the provided hostnames match the desired one. The
4641 * desired hostname comes from the SNI we presented if any, or if not
4642 * provided then it may have been explicitly stated using a "verifyhost"
4643 * directive. If neither is set, we don't care about the name so the
4644 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004645 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004646 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004647 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004648 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004649 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004650 if (!servername)
4651 return ok;
4652 }
Evan Broderbe554312013-06-27 00:05:25 -07004653
4654 /* We only need to verify the CN on the actual server cert,
4655 * not the indirect CAs */
4656 depth = X509_STORE_CTX_get_error_depth(ctx);
4657 if (depth != 0)
4658 return ok;
4659
4660 /* At this point, the cert is *not* OK unless we can find a
4661 * hostname match */
4662 ok = 0;
4663
4664 cert = X509_STORE_CTX_get_current_cert(ctx);
4665 /* It seems like this might happen if verify peer isn't set */
4666 if (!cert)
4667 return ok;
4668
4669 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4670 if (alt_names) {
4671 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4672 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4673 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004674#if OPENSSL_VERSION_NUMBER < 0x00907000L
4675 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4676#else
Evan Broderbe554312013-06-27 00:05:25 -07004677 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004678#endif
Evan Broderbe554312013-06-27 00:05:25 -07004679 ok = ssl_sock_srv_hostcheck(str, servername);
4680 OPENSSL_free(str);
4681 }
4682 }
4683 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004684 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004685 }
4686
4687 cert_subject = X509_get_subject_name(cert);
4688 i = -1;
4689 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4690 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004691 ASN1_STRING *value;
4692 value = X509_NAME_ENTRY_get_data(entry);
4693 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004694 ok = ssl_sock_srv_hostcheck(str, servername);
4695 OPENSSL_free(str);
4696 }
4697 }
4698
Willy Tarreau71d058c2017-07-26 20:09:56 +02004699 /* report the mismatch and indicate if SNI was used or not */
4700 if (!ok && !conn->err_code)
4701 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004702 return ok;
4703}
4704
Emeric Brun94324a42012-10-11 14:00:19 +02004705/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004706int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004707{
Willy Tarreau03209342016-12-22 17:08:28 +01004708 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004709 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004710 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004711 SSL_OP_ALL | /* all known workarounds for bugs */
4712 SSL_OP_NO_SSLv2 |
4713 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004714 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004715 SSL_MODE_ENABLE_PARTIAL_WRITE |
4716 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004717 SSL_MODE_RELEASE_BUFFERS |
4718 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004719 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004720 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004721 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004722 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004723 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004724
Thierry Fournier383085f2013-01-24 14:15:43 +01004725 /* Make sure openssl opens /dev/urandom before the chroot */
4726 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004727 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004728 cfgerr++;
4729 }
4730
Willy Tarreaufce03112015-01-15 21:32:40 +01004731 /* Automatic memory computations need to know we use SSL there */
4732 global.ssl_used_backend = 1;
4733
4734 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004735 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004736 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004737 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4738 curproxy->id, srv->id,
4739 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004740 cfgerr++;
4741 return cfgerr;
4742 }
4743 }
Emeric Brun94324a42012-10-11 14:00:19 +02004744 if (srv->use_ssl)
4745 srv->xprt = &ssl_sock;
4746 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004747 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004748
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004749 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004750 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004751 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4752 proxy_type_str(curproxy), curproxy->id,
4753 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004754 cfgerr++;
4755 return cfgerr;
4756 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004757
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004758 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004759 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4760 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4761 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004762 else
4763 flags = conf_ssl_methods->flags;
4764
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004765 /* Real min and max should be determinate with configuration and openssl's capabilities */
4766 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004767 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004768 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004769 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004770
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004771 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004772 min = max = CONF_TLSV_NONE;
4773 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004774 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004775 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004776 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004777 if (min) {
4778 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004779 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4780 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4781 proxy_type_str(curproxy), curproxy->id, srv->id,
4782 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004783 hole = 0;
4784 }
4785 max = i;
4786 }
4787 else {
4788 min = max = i;
4789 }
4790 }
4791 else {
4792 if (min)
4793 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004794 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004795 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004796 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4797 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004798 cfgerr += 1;
4799 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004800
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004801#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004802 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004803 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004804 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004805 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004806 else
4807 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4808 if (flags & methodVersions[i].flag)
4809 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004810#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004811 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004812 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4813 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004814#endif
4815
4816 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4817 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004818 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004819
Ilya Shipitsin54832b92019-05-05 23:27:54 +05004820#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004821 if (global_ssl.async)
4822 mode |= SSL_MODE_ASYNC;
4823#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004824 SSL_CTX_set_mode(ctx, mode);
4825 srv->ssl_ctx.ctx = ctx;
4826
Emeric Bruna7aa3092012-10-26 12:58:00 +02004827 if (srv->ssl_ctx.client_crt) {
4828 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004829 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4830 proxy_type_str(curproxy), curproxy->id,
4831 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004832 cfgerr++;
4833 }
4834 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004835 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4836 proxy_type_str(curproxy), curproxy->id,
4837 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004838 cfgerr++;
4839 }
4840 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004841 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4842 proxy_type_str(curproxy), curproxy->id,
4843 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004844 cfgerr++;
4845 }
4846 }
Emeric Brun94324a42012-10-11 14:00:19 +02004847
Emeric Brun850efd52014-01-29 12:24:34 +01004848 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4849 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004850 switch (srv->ssl_ctx.verify) {
4851 case SSL_SOCK_VERIFY_NONE:
4852 verify = SSL_VERIFY_NONE;
4853 break;
4854 case SSL_SOCK_VERIFY_REQUIRED:
4855 verify = SSL_VERIFY_PEER;
4856 break;
4857 }
Evan Broderbe554312013-06-27 00:05:25 -07004858 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004859 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004860 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004861 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004862 if (srv->ssl_ctx.ca_file) {
4863 /* load CAfile to verify */
4864 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004865 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4866 curproxy->id, srv->id,
4867 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004868 cfgerr++;
4869 }
4870 }
Emeric Brun850efd52014-01-29 12:24:34 +01004871 else {
4872 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004873 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4874 curproxy->id, srv->id,
4875 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004876 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004877 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4878 curproxy->id, srv->id,
4879 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004880 cfgerr++;
4881 }
Emeric Brunef42d922012-10-11 16:11:36 +02004882#ifdef X509_V_FLAG_CRL_CHECK
4883 if (srv->ssl_ctx.crl_file) {
4884 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4885
4886 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004887 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4888 curproxy->id, srv->id,
4889 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004890 cfgerr++;
4891 }
4892 else {
4893 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4894 }
4895 }
4896#endif
4897 }
4898
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004899 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4900 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4901 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004902 if (srv->ssl_ctx.ciphers &&
4903 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004904 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4905 curproxy->id, srv->id,
4906 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004907 cfgerr++;
4908 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004909
4910#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4911 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004912 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004913 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4914 curproxy->id, srv->id,
4915 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4916 cfgerr++;
4917 }
4918#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004919#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4920 if (srv->ssl_ctx.npn_str)
4921 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4922#endif
4923#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4924 if (srv->ssl_ctx.alpn_str)
4925 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4926#endif
4927
Emeric Brun94324a42012-10-11 14:00:19 +02004928
4929 return cfgerr;
4930}
4931
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004932/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004933 * be NULL, in which case nothing is done. Returns the number of errors
4934 * encountered.
4935 */
Willy Tarreau03209342016-12-22 17:08:28 +01004936int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004937{
4938 struct ebmb_node *node;
4939 struct sni_ctx *sni;
4940 int err = 0;
4941
Willy Tarreaufce03112015-01-15 21:32:40 +01004942 /* Automatic memory computations need to know we use SSL there */
4943 global.ssl_used_frontend = 1;
4944
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004945 /* Make sure openssl opens /dev/urandom before the chroot */
4946 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004947 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004948 err++;
4949 }
4950 /* Create initial_ctx used to start the ssl connection before do switchctx */
4951 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004952 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004953 /* It should not be necessary to call this function, but it's
4954 necessary first to check and move all initialisation related
4955 to initial_ctx in ssl_sock_initial_ctx. */
4956 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4957 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004958 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004959 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004960
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004961 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004962 while (node) {
4963 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004964 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4965 /* only initialize the CTX on its first occurrence and
4966 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004967 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004968 node = ebmb_next(node);
4969 }
4970
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004971 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004972 while (node) {
4973 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004974 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4975 /* only initialize the CTX on its first occurrence and
4976 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004977 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004978 node = ebmb_next(node);
4979 }
4980 return err;
4981}
4982
Willy Tarreau55d37912016-12-21 23:38:39 +01004983/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4984 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4985 * alerts are directly emitted since the rest of the stack does it below.
4986 */
4987int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4988{
4989 struct proxy *px = bind_conf->frontend;
4990 int alloc_ctx;
4991 int err;
4992
4993 if (!bind_conf->is_ssl) {
4994 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004995 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4996 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004997 }
4998 return 0;
4999 }
5000 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005001 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005002 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5003 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005004 }
5005 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005006 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5007 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005008 return -1;
5009 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005010 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005011 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005012 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005013 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005014 sizeof(*sh_ssl_sess_tree),
5015 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005016 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005017 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5018 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5019 else
5020 ha_alert("Unable to allocate SSL session cache.\n");
5021 return -1;
5022 }
5023 /* free block callback */
5024 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5025 /* init the root tree within the extra space */
5026 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5027 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005028 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005029 err = 0;
5030 /* initialize all certificate contexts */
5031 err += ssl_sock_prepare_all_ctx(bind_conf);
5032
5033 /* initialize CA variables if the certificates generation is enabled */
5034 err += ssl_sock_load_ca(bind_conf);
5035
5036 return -err;
5037}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005038
5039/* release ssl context allocated for servers. */
5040void ssl_sock_free_srv_ctx(struct server *srv)
5041{
Olivier Houchardc7566002018-11-20 23:33:50 +01005042#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5043 if (srv->ssl_ctx.alpn_str)
5044 free(srv->ssl_ctx.alpn_str);
5045#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005046#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005047 if (srv->ssl_ctx.npn_str)
5048 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005049#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005050 if (srv->ssl_ctx.ctx)
5051 SSL_CTX_free(srv->ssl_ctx.ctx);
5052}
5053
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005054/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005055 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5056 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005057void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005058{
5059 struct ebmb_node *node, *back;
5060 struct sni_ctx *sni;
5061
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005062 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005063 while (node) {
5064 sni = ebmb_entry(node, struct sni_ctx, name);
5065 back = ebmb_next(node);
5066 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005067 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005068 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005069 ssl_sock_free_ssl_conf(sni->conf);
5070 free(sni->conf);
5071 sni->conf = NULL;
5072 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005073 free(sni);
5074 node = back;
5075 }
5076
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005077 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005078 while (node) {
5079 sni = ebmb_entry(node, struct sni_ctx, name);
5080 back = ebmb_next(node);
5081 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005082 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005083 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005084 ssl_sock_free_ssl_conf(sni->conf);
5085 free(sni->conf);
5086 sni->conf = NULL;
5087 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005088 free(sni);
5089 node = back;
5090 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005091 SSL_CTX_free(bind_conf->initial_ctx);
5092 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005093 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005094 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005095}
5096
Willy Tarreau795cdab2016-12-22 17:30:54 +01005097/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5098void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5099{
5100 ssl_sock_free_ca(bind_conf);
5101 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005102 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005103 free(bind_conf->ca_sign_file);
5104 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005105 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005106 free(bind_conf->keys_ref->filename);
5107 free(bind_conf->keys_ref->tlskeys);
5108 LIST_DEL(&bind_conf->keys_ref->list);
5109 free(bind_conf->keys_ref);
5110 }
5111 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005112 bind_conf->ca_sign_pass = NULL;
5113 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005114}
5115
Christopher Faulet31af49d2015-06-09 17:29:50 +02005116/* Load CA cert file and private key used to generate certificates */
5117int
Willy Tarreau03209342016-12-22 17:08:28 +01005118ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005119{
Willy Tarreau03209342016-12-22 17:08:28 +01005120 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005121 FILE *fp;
5122 X509 *cacert = NULL;
5123 EVP_PKEY *capkey = NULL;
5124 int err = 0;
5125
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005126 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005127 return err;
5128
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005129#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005130 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005131 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005132 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005133 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005134 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005135#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005136
Christopher Faulet31af49d2015-06-09 17:29:50 +02005137 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005138 ha_alert("Proxy '%s': cannot enable certificate generation, "
5139 "no CA certificate File configured at [%s:%d].\n",
5140 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005141 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005142 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005143
5144 /* read in the CA certificate */
5145 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005146 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5147 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005148 goto load_error;
5149 }
5150 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005151 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5152 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005153 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005154 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005155 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005156 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005157 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5158 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005159 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005160 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005161
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005162 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005163 bind_conf->ca_sign_cert = cacert;
5164 bind_conf->ca_sign_pkey = capkey;
5165 return err;
5166
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005167 read_error:
5168 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005169 if (capkey) EVP_PKEY_free(capkey);
5170 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005171 load_error:
5172 bind_conf->generate_certs = 0;
5173 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005174 return err;
5175}
5176
5177/* Release CA cert and private key used to generate certificated */
5178void
5179ssl_sock_free_ca(struct bind_conf *bind_conf)
5180{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005181 if (bind_conf->ca_sign_pkey)
5182 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5183 if (bind_conf->ca_sign_cert)
5184 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005185 bind_conf->ca_sign_pkey = NULL;
5186 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005187}
5188
Emeric Brun46591952012-05-18 15:47:34 +02005189/*
5190 * This function is called if SSL * context is not yet allocated. The function
5191 * is designed to be called before any other data-layer operation and sets the
5192 * handshake flag on the connection. It is safe to call it multiple times.
5193 * It returns 0 on success and -1 in error case.
5194 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005195static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005196{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005197 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005198 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005199 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005200 return 0;
5201
Willy Tarreau3c728722014-01-23 13:50:42 +01005202 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005203 return 0;
5204
Olivier Houchard66ab4982019-02-26 18:37:15 +01005205 ctx = pool_alloc(ssl_sock_ctx_pool);
5206 if (!ctx) {
5207 conn->err_code = CO_ER_SSL_NO_MEM;
5208 return -1;
5209 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005210 ctx->sent_early_data = 0;
5211 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005212 ctx->conn = conn;
5213
5214 /* Only work with sockets for now, this should be adapted when we'll
5215 * add QUIC support.
5216 */
5217 ctx->xprt = xprt_get(XPRT_RAW);
5218 if (ctx->xprt->init)
5219 ctx->xprt->init(conn, &ctx->xprt_ctx);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005220
Willy Tarreau20879a02012-12-03 16:32:10 +01005221 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5222 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02005223 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005224 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005225
Emeric Brun46591952012-05-18 15:47:34 +02005226 /* If it is in client mode initiate SSL session
5227 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005228 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005229 int may_retry = 1;
5230
5231 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005232 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005233 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5234 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005235 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005236 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005237 goto retry_connect;
5238 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005239 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005240 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005241 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005242 ctx->bio = BIO_new(ha_meth);
5243 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005244 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005245 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005246 goto retry_connect;
5247 }
Emeric Brun55476152014-11-12 17:35:37 +01005248 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005249 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005250 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005251#if OPENSSL_VERSION_NUMBER < 0x10100000
5252 ctx->bio->ptr = ctx;
5253#else
5254 BIO_set_data(ctx->bio, ctx);
5255#endif
5256 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005257
Evan Broderbe554312013-06-27 00:05:25 -07005258 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005259 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5260 SSL_free(ctx->ssl);
5261 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005262 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005263 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005264 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005265 goto retry_connect;
5266 }
Emeric Brun55476152014-11-12 17:35:37 +01005267 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005268 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005269 }
5270
Olivier Houchard66ab4982019-02-26 18:37:15 +01005271 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005272 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5273 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5274 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005275 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005276 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005277 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5278 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005279 } else if (sess) {
5280 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005281 }
5282 }
Evan Broderbe554312013-06-27 00:05:25 -07005283
Emeric Brun46591952012-05-18 15:47:34 +02005284 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005285 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005286
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005287 _HA_ATOMIC_ADD(&sslconns, 1);
5288 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005289 *xprt_ctx = ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005290 return 0;
5291 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005292 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005293 int may_retry = 1;
5294
5295 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005296 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005297 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5298 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005299 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005300 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005301 goto retry_accept;
5302 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005303 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005304 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005305 }
Emeric Brun46591952012-05-18 15:47:34 +02005306
Olivier Houcharda8955d52019-04-07 22:00:38 +02005307 ctx->bio = BIO_new(ha_meth);
5308 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005309 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005310 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005311 goto retry_accept;
5312 }
Emeric Brun55476152014-11-12 17:35:37 +01005313 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005314 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005315 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005316#if OPENSSL_VERSION_NUMBER < 0x10100000
5317 ctx->bio->ptr = ctx;
5318#else
5319 BIO_set_data(ctx->bio, ctx);
5320#endif
5321 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005322
Emeric Brune1f38db2012-09-03 20:36:47 +02005323 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005324 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5325 SSL_free(ctx->ssl);
5326 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005327 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005328 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005329 goto retry_accept;
5330 }
Emeric Brun55476152014-11-12 17:35:37 +01005331 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005332 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005333 }
5334
Olivier Houchard66ab4982019-02-26 18:37:15 +01005335 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005336
Emeric Brun46591952012-05-18 15:47:34 +02005337 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005338 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard4cd2af42019-05-06 15:18:27 +02005339#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)) || \
5340 defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005341 conn->flags |= CO_FL_EARLY_SSL_HS;
5342#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005343
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005344 _HA_ATOMIC_ADD(&sslconns, 1);
5345 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005346 *xprt_ctx = ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005347 return 0;
5348 }
5349 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005350 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005351err:
5352 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005353 return -1;
5354}
5355
5356
5357/* This is the callback which is used when an SSL handshake is pending. It
5358 * updates the FD status if it wants some polling before being called again.
5359 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5360 * otherwise it returns non-zero and removes itself from the connection's
5361 * flags (the bit is provided in <flag> by the caller).
5362 */
5363int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5364{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005365 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005366 int ret;
5367
Willy Tarreau3c728722014-01-23 13:50:42 +01005368 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005369 return 0;
5370
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005371 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005372 goto out_error;
5373
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005374#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined (LIBRESSL_VERSION_NUMBER)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005375 /*
5376 * Check if we have early data. If we do, we have to read them
5377 * before SSL_do_handshake() is called, And there's no way to
5378 * detect early data, except to try to read them
5379 */
5380 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5381 size_t read_data;
5382
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005383 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005384 1, &read_data);
5385 if (ret == SSL_READ_EARLY_DATA_ERROR)
5386 goto check_error;
5387 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5388 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5389 return 1;
5390 } else
5391 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5392 }
5393#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005394 /* If we use SSL_do_handshake to process a reneg initiated by
5395 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5396 * Usually SSL_write and SSL_read are used and process implicitly
5397 * the reneg handshake.
5398 * Here we use SSL_peek as a workaround for reneg.
5399 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005400 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005401 char c;
5402
Olivier Houchard66ab4982019-02-26 18:37:15 +01005403 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005404 if (ret <= 0) {
5405 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005406 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005407
Emeric Brun674b7432012-11-08 19:21:55 +01005408 if (ret == SSL_ERROR_WANT_WRITE) {
5409 /* SSL handshake needs to write, L4 connection may not be ready */
5410 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005411 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005412 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005413 return 0;
5414 }
5415 else if (ret == SSL_ERROR_WANT_READ) {
5416 /* handshake may have been completed but we have
5417 * no more data to read.
5418 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005419 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005420 ret = 1;
5421 goto reneg_ok;
5422 }
5423 /* SSL handshake needs to read, L4 connection is ready */
5424 if (conn->flags & CO_FL_WAIT_L4_CONN)
5425 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5426 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005427 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005428 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005429 return 0;
5430 }
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005431#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005432 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005433 ssl_async_process_fds(conn, ctx->ssl);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005434 return 0;
5435 }
5436#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005437 else if (ret == SSL_ERROR_SYSCALL) {
5438 /* if errno is null, then connection was successfully established */
5439 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5440 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005441 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005442#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005443 conn->err_code = CO_ER_SSL_HANDSHAKE;
5444#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005445 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005446#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005447 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005448 empty_handshake = state == TLS_ST_BEFORE;
5449#else
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005450 empty_handshake = SSL_state((SSL *)ctx->ssl) == SSL_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005451#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005452 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005453 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005454 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005455 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5456 else
5457 conn->err_code = CO_ER_SSL_EMPTY;
5458 }
5459 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005460 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005461 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5462 else
5463 conn->err_code = CO_ER_SSL_ABORT;
5464 }
5465 }
5466 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005467 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005468 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005469 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005470 conn->err_code = CO_ER_SSL_HANDSHAKE;
5471 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005472#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005473 }
Emeric Brun674b7432012-11-08 19:21:55 +01005474 goto out_error;
5475 }
5476 else {
5477 /* Fail on all other handshake errors */
5478 /* Note: OpenSSL may leave unread bytes in the socket's
5479 * buffer, causing an RST to be emitted upon close() on
5480 * TCP sockets. We first try to drain possibly pending
5481 * data to avoid this as much as possible.
5482 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005483 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005484 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005485 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005486 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005487 goto out_error;
5488 }
5489 }
5490 /* read some data: consider handshake completed */
5491 goto reneg_ok;
5492 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005493 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005494check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005495 if (ret != 1) {
5496 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005497 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005498
5499 if (ret == SSL_ERROR_WANT_WRITE) {
5500 /* SSL handshake needs to write, L4 connection may not be ready */
5501 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005502 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005503 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005504 return 0;
5505 }
5506 else if (ret == SSL_ERROR_WANT_READ) {
5507 /* SSL handshake needs to read, L4 connection is ready */
5508 if (conn->flags & CO_FL_WAIT_L4_CONN)
5509 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5510 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005511 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005512 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005513 return 0;
5514 }
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005515#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005516 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005517 ssl_async_process_fds(conn, ctx->ssl);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005518 return 0;
5519 }
5520#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005521 else if (ret == SSL_ERROR_SYSCALL) {
5522 /* if errno is null, then connection was successfully established */
5523 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5524 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005525 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005526#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005527 conn->err_code = CO_ER_SSL_HANDSHAKE;
5528#else
5529 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005530#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005531 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005532 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005533#else
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005534 empty_handshake = SSL_state((SSL *)ctx->ssl) == SSL_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005535#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005536 if (empty_handshake) {
5537 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005538 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005539 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5540 else
5541 conn->err_code = CO_ER_SSL_EMPTY;
5542 }
5543 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005544 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005545 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5546 else
5547 conn->err_code = CO_ER_SSL_ABORT;
5548 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005549 }
5550 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005551 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005552 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5553 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005554 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005555 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005556#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005557 }
Willy Tarreau89230192012-09-28 20:22:13 +02005558 goto out_error;
5559 }
Emeric Brun46591952012-05-18 15:47:34 +02005560 else {
5561 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005562 /* Note: OpenSSL may leave unread bytes in the socket's
5563 * buffer, causing an RST to be emitted upon close() on
5564 * TCP sockets. We first try to drain possibly pending
5565 * data to avoid this as much as possible.
5566 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005567 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005568 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005569 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005570 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005571 goto out_error;
5572 }
5573 }
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005574#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
Olivier Houchard522eea72017-11-03 16:27:47 +01005575 else {
5576 /*
5577 * If the server refused the early data, we have to send a
5578 * 425 to the client, as we no longer have the data to sent
5579 * them again.
5580 */
5581 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005582 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005583 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5584 goto out_error;
5585 }
5586 }
5587 }
5588#endif
5589
Emeric Brun46591952012-05-18 15:47:34 +02005590
Emeric Brun674b7432012-11-08 19:21:55 +01005591reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005592
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005593#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005594 /* ASYNC engine API doesn't support moving read/write
5595 * buffers. So we disable ASYNC mode right after
5596 * the handshake to avoid buffer oveflows.
5597 */
5598 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005599 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005600#endif
Emeric Brun46591952012-05-18 15:47:34 +02005601 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005602 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005603 if (objt_server(conn->target)) {
5604 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5605 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5606 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005607 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005608 else {
5609 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5610 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5611 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5612 }
Emeric Brun46591952012-05-18 15:47:34 +02005613 }
5614
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005615#ifdef OPENSSL_IS_BORINGSSL
Olivier Houchard66ab4982019-02-26 18:37:15 +01005616 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(ctx->ssl))
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005617 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5618#endif
Emeric Brun46591952012-05-18 15:47:34 +02005619 /* The connection is now established at both layers, it's time to leave */
5620 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5621 return 1;
5622
5623 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005624 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005625 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005626 ERR_clear_error();
5627
Emeric Brun9fa89732012-10-04 17:09:56 +02005628 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005629 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5630 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5631 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005632 }
5633
Emeric Brun46591952012-05-18 15:47:34 +02005634 /* Fail on all other handshake errors */
5635 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005636 if (!conn->err_code)
5637 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005638 return 0;
5639}
5640
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005641static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005642{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005643
5644 return conn_subscribe(conn, NULL, event_type, param);
Olivier Houcharddf357842019-03-21 16:30:07 +01005645}
5646
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005647static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005648{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005649
5650 return conn_unsubscribe(conn, NULL, event_type, param);
Olivier Houcharddf357842019-03-21 16:30:07 +01005651}
5652
Emeric Brun46591952012-05-18 15:47:34 +02005653/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005654 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005655 * buffer wraps, in which case a second call may be performed. The connection's
5656 * flags are updated with whatever special event is detected (error, read0,
5657 * empty). The caller is responsible for taking care of those events and
5658 * avoiding the call if inappropriate. The function does not call the
5659 * connection's polling update function, so the caller is responsible for this.
5660 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005661static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005662{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005663 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005664 ssize_t ret;
5665 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005666
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005667 conn_refresh_polling_flags(conn);
5668
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005669 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005670 goto out_error;
5671
5672 if (conn->flags & CO_FL_HANDSHAKE)
5673 /* a handshake was requested */
5674 return 0;
5675
Emeric Brun46591952012-05-18 15:47:34 +02005676 /* read the largest possible block. For this, we perform only one call
5677 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5678 * in which case we accept to do it once again. A new attempt is made on
5679 * EINTR too.
5680 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005681 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005682 int need_out = 0;
5683
Willy Tarreau591d4452018-06-15 17:21:00 +02005684 try = b_contig_space(buf);
5685 if (!try)
5686 break;
5687
Willy Tarreauabf08d92014-01-14 11:31:27 +01005688 if (try > count)
5689 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005690
Olivier Houchardc2aae742017-09-22 18:26:28 +02005691 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005692 ctx->tmp_early_data != -1) {
5693 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005694 done++;
5695 try--;
5696 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005697 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005698 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005699 continue;
5700 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005701
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005702#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005703 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5704 size_t read_length;
5705
Olivier Houchard66ab4982019-02-26 18:37:15 +01005706 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005707 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005708 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5709 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005710 conn->flags |= CO_FL_EARLY_DATA;
5711 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5712 ret == SSL_READ_EARLY_DATA_FINISH) {
5713 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5714 /*
5715 * We're done reading the early data,
5716 * let's make the handshake
5717 */
5718 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5719 conn->flags |= CO_FL_SSL_WAIT_HS;
5720 need_out = 1;
5721 if (read_length == 0)
5722 break;
5723 }
5724 ret = read_length;
5725 }
5726 } else
5727#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005728 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005729#ifdef OPENSSL_IS_BORINGSSL
5730 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005731 if (SSL_in_early_data(ctx->ssl)) {
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005732 if (ret > 0)
5733 conn->flags |= CO_FL_EARLY_DATA;
5734 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005735 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005736 }
5737 }
5738#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005739 if (conn->flags & CO_FL_ERROR) {
5740 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005741 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005742 }
Emeric Brun46591952012-05-18 15:47:34 +02005743 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005744 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005745 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005746 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005747 }
Emeric Brun46591952012-05-18 15:47:34 +02005748 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005749 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005750 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005751 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005752 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005753 __conn_sock_want_send(conn);
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005754#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005755 /* Async mode can be re-enabled, because we're leaving data state.*/
5756 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005757 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005758#endif
Emeric Brun46591952012-05-18 15:47:34 +02005759 break;
5760 }
5761 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005762 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005763 /* handshake is running, and it may need to re-enable read */
5764 conn->flags |= CO_FL_SSL_WAIT_HS;
5765 __conn_sock_want_recv(conn);
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005766#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005767 /* Async mode can be re-enabled, because we're leaving data state.*/
5768 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005769 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005770#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005771 break;
5772 }
Emeric Brun46591952012-05-18 15:47:34 +02005773 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005774 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005775 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005776 } else if (ret == SSL_ERROR_ZERO_RETURN)
5777 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005778 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5779 * stack before shutting down the connection for
5780 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005781 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5782 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005783 /* otherwise it's a real error */
5784 goto out_error;
5785 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005786 if (need_out)
5787 break;
Emeric Brun46591952012-05-18 15:47:34 +02005788 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005789 leave:
5790 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005791 return done;
5792
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005793 clear_ssl_error:
5794 /* Clear openssl global errors stack */
5795 ssl_sock_dump_errors(conn);
5796 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005797 read0:
5798 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005799 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005800
Emeric Brun46591952012-05-18 15:47:34 +02005801 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005802 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005803 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005804 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005805 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005806 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005807}
5808
5809
Willy Tarreau787db9a2018-06-14 18:31:46 +02005810/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5811 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5812 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005813 * Only one call to send() is performed, unless the buffer wraps, in which case
5814 * a second call may be performed. The connection's flags are updated with
5815 * whatever special event is detected (error, empty). The caller is responsible
5816 * for taking care of those events and avoiding the call if inappropriate. The
5817 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005818 * is responsible for this. The buffer's output is not adjusted, it's up to the
5819 * caller to take care of this. It's up to the caller to update the buffer's
5820 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005821 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005822static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005823{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005824 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005825 ssize_t ret;
5826 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005827
5828 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005829 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005830
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005831 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005832 goto out_error;
5833
Olivier Houchard010941f2019-05-03 20:56:19 +02005834 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005835 /* a handshake was requested */
5836 return 0;
5837
5838 /* send the largest possible block. For this we perform only one call
5839 * to send() unless the buffer wraps and we exactly fill the first hunk,
5840 * in which case we accept to do it once again.
5841 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005842 while (count) {
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005843#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined (LIBRESSL_VERSION_NUMBER)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005844 size_t written_data;
5845#endif
5846
Willy Tarreau787db9a2018-06-14 18:31:46 +02005847 try = b_contig_data(buf, done);
5848 if (try > count)
5849 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005850
Willy Tarreau7bed9452014-02-02 02:00:24 +01005851 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005852 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005853 global_ssl.max_record && try > global_ssl.max_record) {
5854 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005855 }
5856 else {
5857 /* we need to keep the information about the fact that
5858 * we're not limiting the upcoming send(), because if it
5859 * fails, we'll have to retry with at least as many data.
5860 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005861 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005862 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005863
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005864#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined (LIBRESSL_VERSION_NUMBER)
Olivier Houchard010941f2019-05-03 20:56:19 +02005865 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005866 unsigned int max_early;
5867
Olivier Houchard522eea72017-11-03 16:27:47 +01005868 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01005869 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01005870 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005871 if (SSL_get0_session(ctx->ssl))
5872 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01005873 else
5874 max_early = 0;
5875 }
5876
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005877 if (try + ctx->sent_early_data > max_early) {
5878 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005879 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02005880 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005881 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005882 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005883 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005884 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005885 if (ret == 1) {
5886 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005887 ctx->sent_early_data += ret;
Olivier Houchard010941f2019-05-03 20:56:19 +02005888 if (objt_server(conn->target))
Olivier Houchard522eea72017-11-03 16:27:47 +01005889 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard522eea72017-11-03 16:27:47 +01005890
Olivier Houchardc2aae742017-09-22 18:26:28 +02005891 }
5892
5893 } else
5894#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005895 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005896
Emeric Brune1f38db2012-09-03 20:36:47 +02005897 if (conn->flags & CO_FL_ERROR) {
5898 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005899 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005900 }
Emeric Brun46591952012-05-18 15:47:34 +02005901 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005902 /* A send succeeded, so we can consier ourself connected */
5903 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005904 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005905 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005906 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005907 }
5908 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005909 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005910
Emeric Brun46591952012-05-18 15:47:34 +02005911 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005912 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005913 /* handshake is running, and it may need to re-enable write */
5914 conn->flags |= CO_FL_SSL_WAIT_HS;
5915 __conn_sock_want_send(conn);
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005916#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005917 /* Async mode can be re-enabled, because we're leaving data state.*/
5918 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005919 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005920#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005921 break;
5922 }
Emeric Brun46591952012-05-18 15:47:34 +02005923 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005924 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005925 break;
5926 }
5927 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005928 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005929 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005930 __conn_sock_want_recv(conn);
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005931#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005932 /* Async mode can be re-enabled, because we're leaving data state.*/
5933 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005934 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005935#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005936 break;
5937 }
Emeric Brun46591952012-05-18 15:47:34 +02005938 goto out_error;
5939 }
5940 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005941 leave:
5942 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005943 return done;
5944
5945 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005946 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005947 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005948 ERR_clear_error();
5949
Emeric Brun46591952012-05-18 15:47:34 +02005950 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005951 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005952}
5953
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005954static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02005955
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005956 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005957
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005958 if (ctx) {
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005959#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Emeric Brun3854e012017-05-17 20:42:48 +02005960 if (global_ssl.async) {
5961 OSSL_ASYNC_FD all_fd[32], afd;
5962 size_t num_all_fds = 0;
5963 int i;
5964
Olivier Houchard66ab4982019-02-26 18:37:15 +01005965 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02005966 if (num_all_fds > 32) {
5967 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5968 return;
5969 }
5970
Olivier Houchard66ab4982019-02-26 18:37:15 +01005971 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02005972
5973 /* If an async job is pending, we must try to
5974 to catch the end using polling before calling
5975 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005976 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02005977 for (i=0 ; i < num_all_fds ; i++) {
5978 /* switch on an handler designed to
5979 * handle the SSL_free
5980 */
5981 afd = all_fd[i];
5982 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005983 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02005984 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005985 /* To ensure that the fd cache won't be used
5986 * and we'll catch a real RD event.
5987 */
5988 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005989 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005990 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005991 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005992 return;
5993 }
Emeric Brun3854e012017-05-17 20:42:48 +02005994 /* Else we can remove the fds from the fdtab
5995 * and call SSL_free.
5996 * note: we do a fd_remove and not a delete
5997 * because the fd is owned by the engine.
5998 * the engine is responsible to close
5999 */
6000 for (i=0 ; i < num_all_fds ; i++)
6001 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006002 }
6003#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006004 SSL_free(ctx->ssl);
6005 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006006 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006007 }
Emeric Brun46591952012-05-18 15:47:34 +02006008}
6009
6010/* This function tries to perform a clean shutdown on an SSL connection, and in
6011 * any case, flags the connection as reusable if no handshake was in progress.
6012 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006013static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006014{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006015 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006016
Emeric Brun46591952012-05-18 15:47:34 +02006017 if (conn->flags & CO_FL_HANDSHAKE)
6018 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006019 if (!clean)
6020 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006021 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006022 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006023 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006024 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006025 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006026 ERR_clear_error();
6027 }
Emeric Brun46591952012-05-18 15:47:34 +02006028}
6029
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006030/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006031int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006032{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006033 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006034 struct pkey_info *pkinfo;
6035 int bits = 0;
6036 int sig = TLSEXT_signature_anonymous;
6037 int len = -1;
6038
6039 if (!ssl_sock_is_ssl(conn))
6040 return 0;
6041
Olivier Houchard66ab4982019-02-26 18:37:15 +01006042 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006043 if (pkinfo) {
6044 sig = pkinfo->sig;
6045 bits = pkinfo->bits;
6046 } else {
6047 /* multicert and generated cert have no pkey info */
6048 X509 *crt;
6049 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006050 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006051 if (!crt)
6052 return 0;
6053 pkey = X509_get_pubkey(crt);
6054 if (pkey) {
6055 bits = EVP_PKEY_bits(pkey);
6056 switch(EVP_PKEY_base_id(pkey)) {
6057 case EVP_PKEY_RSA:
6058 sig = TLSEXT_signature_rsa;
6059 break;
6060 case EVP_PKEY_EC:
6061 sig = TLSEXT_signature_ecdsa;
6062 break;
6063 case EVP_PKEY_DSA:
6064 sig = TLSEXT_signature_dsa;
6065 break;
6066 }
6067 EVP_PKEY_free(pkey);
6068 }
6069 }
6070
6071 switch(sig) {
6072 case TLSEXT_signature_rsa:
6073 len = chunk_printf(out, "RSA%d", bits);
6074 break;
6075 case TLSEXT_signature_ecdsa:
6076 len = chunk_printf(out, "EC%d", bits);
6077 break;
6078 case TLSEXT_signature_dsa:
6079 len = chunk_printf(out, "DSA%d", bits);
6080 break;
6081 default:
6082 return 0;
6083 }
6084 if (len < 0)
6085 return 0;
6086 return 1;
6087}
6088
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006089/* used for ppv2 cert signature (can be used for logging) */
6090const char *ssl_sock_get_cert_sig(struct connection *conn)
6091{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006092 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6093
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006094 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6095 X509 *crt;
6096
6097 if (!ssl_sock_is_ssl(conn))
6098 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006099 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006100 if (!crt)
6101 return NULL;
6102 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6103 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6104}
6105
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006106/* used for ppv2 authority */
6107const char *ssl_sock_get_sni(struct connection *conn)
6108{
6109#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Olivier Houchard66ab4982019-02-26 18:37:15 +01006110 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6111
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006112 if (!ssl_sock_is_ssl(conn))
6113 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006114 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006115#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006116 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006117#endif
6118}
6119
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006120/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006121const char *ssl_sock_get_cipher_name(struct connection *conn)
6122{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006123 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6124
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006125 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006126 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006127
Olivier Houchard66ab4982019-02-26 18:37:15 +01006128 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006129}
6130
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006131/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006132const char *ssl_sock_get_proto_version(struct connection *conn)
6133{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006134 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6135
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006136 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006137 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006138
Olivier Houchard66ab4982019-02-26 18:37:15 +01006139 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006140}
6141
Willy Tarreau8d598402012-10-22 17:58:39 +02006142/* Extract a serial from a cert, and copy it to a chunk.
6143 * Returns 1 if serial is found and copied, 0 if no serial found and
6144 * -1 if output is not large enough.
6145 */
6146static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006147ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006148{
6149 ASN1_INTEGER *serial;
6150
6151 serial = X509_get_serialNumber(crt);
6152 if (!serial)
6153 return 0;
6154
6155 if (out->size < serial->length)
6156 return -1;
6157
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006158 memcpy(out->area, serial->data, serial->length);
6159 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006160 return 1;
6161}
6162
Emeric Brun43e79582014-10-29 19:03:26 +01006163/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006164 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6165 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006166 */
6167static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006168ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006169{
6170 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006171 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006172
6173 len =i2d_X509(crt, NULL);
6174 if (len <= 0)
6175 return 1;
6176
6177 if (out->size < len)
6178 return -1;
6179
6180 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006181 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006182 return 1;
6183}
6184
Emeric Brunce5ad802012-10-22 14:11:22 +02006185
Willy Tarreau83061a82018-07-13 11:56:34 +02006186/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006187 * Returns 1 if serial is found and copied, 0 if no valid time found
6188 * and -1 if output is not large enough.
6189 */
6190static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006191ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006192{
6193 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6194 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6195
6196 if (gentm->length < 12)
6197 return 0;
6198 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6199 return 0;
6200 if (out->size < gentm->length-2)
6201 return -1;
6202
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006203 memcpy(out->area, gentm->data+2, gentm->length-2);
6204 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006205 return 1;
6206 }
6207 else if (tm->type == V_ASN1_UTCTIME) {
6208 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6209
6210 if (utctm->length < 10)
6211 return 0;
6212 if (utctm->data[0] >= 0x35)
6213 return 0;
6214 if (out->size < utctm->length)
6215 return -1;
6216
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006217 memcpy(out->area, utctm->data, utctm->length);
6218 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006219 return 1;
6220 }
6221
6222 return 0;
6223}
6224
Emeric Brun87855892012-10-17 17:39:35 +02006225/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6226 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6227 */
6228static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006229ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6230 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006231{
6232 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006233 ASN1_OBJECT *obj;
6234 ASN1_STRING *data;
6235 const unsigned char *data_ptr;
6236 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006237 int i, j, n;
6238 int cur = 0;
6239 const char *s;
6240 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006241 int name_count;
6242
6243 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006244
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006245 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006246 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006247 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006248 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006249 else
6250 j = i;
6251
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006252 ne = X509_NAME_get_entry(a, j);
6253 obj = X509_NAME_ENTRY_get_object(ne);
6254 data = X509_NAME_ENTRY_get_data(ne);
6255 data_ptr = ASN1_STRING_get0_data(data);
6256 data_len = ASN1_STRING_length(data);
6257 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006258 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006259 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006260 s = tmp;
6261 }
6262
6263 if (chunk_strcasecmp(entry, s) != 0)
6264 continue;
6265
6266 if (pos < 0)
6267 cur--;
6268 else
6269 cur++;
6270
6271 if (cur != pos)
6272 continue;
6273
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006274 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006275 return -1;
6276
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006277 memcpy(out->area, data_ptr, data_len);
6278 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006279 return 1;
6280 }
6281
6282 return 0;
6283
6284}
6285
6286/* Extract and format full DN from a X509_NAME and copy result into a chunk
6287 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6288 */
6289static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006290ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006291{
6292 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006293 ASN1_OBJECT *obj;
6294 ASN1_STRING *data;
6295 const unsigned char *data_ptr;
6296 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006297 int i, n, ln;
6298 int l = 0;
6299 const char *s;
6300 char *p;
6301 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006302 int name_count;
6303
6304
6305 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006306
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006307 out->data = 0;
6308 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006309 for (i = 0; i < name_count; i++) {
6310 ne = X509_NAME_get_entry(a, i);
6311 obj = X509_NAME_ENTRY_get_object(ne);
6312 data = X509_NAME_ENTRY_get_data(ne);
6313 data_ptr = ASN1_STRING_get0_data(data);
6314 data_len = ASN1_STRING_length(data);
6315 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006316 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006317 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006318 s = tmp;
6319 }
6320 ln = strlen(s);
6321
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006322 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006323 if (l > out->size)
6324 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006325 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006326
6327 *(p++)='/';
6328 memcpy(p, s, ln);
6329 p += ln;
6330 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006331 memcpy(p, data_ptr, data_len);
6332 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006333 }
6334
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006335 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006336 return 0;
6337
6338 return 1;
6339}
6340
Olivier Houchardab28a322018-12-21 19:45:40 +01006341void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6342{
6343#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006344 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6345
6346 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006347#endif
6348}
6349
Willy Tarreau119a4082016-12-22 21:58:38 +01006350/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6351 * to disable SNI.
6352 */
Willy Tarreau63076412015-07-10 11:33:32 +02006353void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6354{
6355#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Olivier Houchard66ab4982019-02-26 18:37:15 +01006356 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6357
Willy Tarreau119a4082016-12-22 21:58:38 +01006358 char *prev_name;
6359
Willy Tarreau63076412015-07-10 11:33:32 +02006360 if (!ssl_sock_is_ssl(conn))
6361 return;
6362
Willy Tarreau119a4082016-12-22 21:58:38 +01006363 /* if the SNI changes, we must destroy the reusable context so that a
6364 * new connection will present a new SNI. As an optimization we could
6365 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6366 * server.
6367 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006368 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006369 if ((!prev_name && hostname) ||
6370 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006371 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006372
Olivier Houchard66ab4982019-02-26 18:37:15 +01006373 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006374#endif
6375}
6376
Emeric Brun0abf8362014-06-24 18:26:41 +02006377/* Extract peer certificate's common name into the chunk dest
6378 * Returns
6379 * the len of the extracted common name
6380 * or 0 if no CN found in DN
6381 * or -1 on error case (i.e. no peer certificate)
6382 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006383int ssl_sock_get_remote_common_name(struct connection *conn,
6384 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006385{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006386 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006387 X509 *crt = NULL;
6388 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006389 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006390 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006391 .area = (char *)&find_cn,
6392 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006393 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006394 int result = -1;
David Safb76832014-05-08 23:42:08 -04006395
6396 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006397 goto out;
David Safb76832014-05-08 23:42:08 -04006398
6399 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006400 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006401 if (!crt)
6402 goto out;
6403
6404 name = X509_get_subject_name(crt);
6405 if (!name)
6406 goto out;
David Safb76832014-05-08 23:42:08 -04006407
Emeric Brun0abf8362014-06-24 18:26:41 +02006408 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6409out:
David Safb76832014-05-08 23:42:08 -04006410 if (crt)
6411 X509_free(crt);
6412
6413 return result;
6414}
6415
Dave McCowan328fb582014-07-30 10:39:13 -04006416/* returns 1 if client passed a certificate for this session, 0 if not */
6417int ssl_sock_get_cert_used_sess(struct connection *conn)
6418{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006419 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006420 X509 *crt = NULL;
6421
6422 if (!ssl_sock_is_ssl(conn))
6423 return 0;
6424
6425 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006426 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006427 if (!crt)
6428 return 0;
6429
6430 X509_free(crt);
6431 return 1;
6432}
6433
6434/* returns 1 if client passed a certificate for this connection, 0 if not */
6435int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006436{
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006437 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6438
David Safb76832014-05-08 23:42:08 -04006439 if (!ssl_sock_is_ssl(conn))
6440 return 0;
6441
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006442 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006443}
6444
6445/* returns result from SSL verify */
6446unsigned int ssl_sock_get_verify_result(struct connection *conn)
6447{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006448 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6449
David Safb76832014-05-08 23:42:08 -04006450 if (!ssl_sock_is_ssl(conn))
6451 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6452
Olivier Houchard66ab4982019-02-26 18:37:15 +01006453 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006454}
6455
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006456/* Returns the application layer protocol name in <str> and <len> when known.
6457 * Zero is returned if the protocol name was not found, otherwise non-zero is
6458 * returned. The string is allocated in the SSL context and doesn't have to be
6459 * freed by the caller. NPN is also checked if available since older versions
6460 * of openssl (1.0.1) which are more common in field only support this one.
6461 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006462static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006463{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006464#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6465 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006466 struct ssl_sock_ctx *ctx = xprt_ctx;
6467 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006468 return 0;
6469
6470 *str = NULL;
6471
6472#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006473 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006474 if (*str)
6475 return 1;
6476#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006477#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006478 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006479 if (*str)
6480 return 1;
6481#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006482#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006483 return 0;
6484}
6485
Willy Tarreau7875d092012-09-10 08:20:03 +02006486/***** Below are some sample fetching functions for ACL/patterns *****/
6487
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006488static int
6489smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6490{
6491 struct connection *conn;
6492
6493 conn = objt_conn(smp->sess->origin);
6494 if (!conn || conn->xprt != &ssl_sock)
6495 return 0;
6496
6497 smp->flags = 0;
6498 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006499 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6500 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006501
6502 return 1;
6503}
6504
Emeric Brune64aef12012-09-21 13:15:06 +02006505/* boolean, returns true if client cert was present */
6506static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006507smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006508{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006509 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006510 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006511
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006512 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006513 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006514 return 0;
6515
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006516 ctx = conn->xprt_ctx;
6517
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006518 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006519 smp->flags |= SMP_F_MAY_CHANGE;
6520 return 0;
6521 }
6522
6523 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006524 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006525 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006526
6527 return 1;
6528}
6529
Emeric Brun43e79582014-10-29 19:03:26 +01006530/* binary, returns a certificate in a binary chunk (der/raw).
6531 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6532 * should be use.
6533 */
6534static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006535smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006536{
6537 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6538 X509 *crt = NULL;
6539 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006540 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006541 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006542 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006543
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006544 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006545 if (!conn || conn->xprt != &ssl_sock)
6546 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006547 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006548
6549 if (!(conn->flags & CO_FL_CONNECTED)) {
6550 smp->flags |= SMP_F_MAY_CHANGE;
6551 return 0;
6552 }
6553
6554 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006555 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006556 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006557 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006558
6559 if (!crt)
6560 goto out;
6561
6562 smp_trash = get_trash_chunk();
6563 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6564 goto out;
6565
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006566 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006567 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006568 ret = 1;
6569out:
6570 /* SSL_get_peer_certificate, it increase X509 * ref count */
6571 if (cert_peer && crt)
6572 X509_free(crt);
6573 return ret;
6574}
6575
Emeric Brunba841a12014-04-30 17:05:08 +02006576/* binary, returns serial of certificate in a binary chunk.
6577 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6578 * should be use.
6579 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006580static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006581smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006582{
Emeric Brunba841a12014-04-30 17:05:08 +02006583 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006584 X509 *crt = NULL;
6585 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006586 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006587 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006588 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006589
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006590 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006591 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006592 return 0;
6593
Olivier Houchard66ab4982019-02-26 18:37:15 +01006594 ctx = conn->xprt_ctx;
6595
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006596 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006597 smp->flags |= SMP_F_MAY_CHANGE;
6598 return 0;
6599 }
6600
Emeric Brunba841a12014-04-30 17:05:08 +02006601 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006602 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006603 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006604 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006605
Willy Tarreau8d598402012-10-22 17:58:39 +02006606 if (!crt)
6607 goto out;
6608
Willy Tarreau47ca5452012-12-23 20:22:19 +01006609 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006610 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6611 goto out;
6612
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006613 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006614 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006615 ret = 1;
6616out:
Emeric Brunba841a12014-04-30 17:05:08 +02006617 /* SSL_get_peer_certificate, it increase X509 * ref count */
6618 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006619 X509_free(crt);
6620 return ret;
6621}
Emeric Brune64aef12012-09-21 13:15:06 +02006622
Emeric Brunba841a12014-04-30 17:05:08 +02006623/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6624 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6625 * should be use.
6626 */
James Votha051b4a2013-05-14 20:37:59 +02006627static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006628smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006629{
Emeric Brunba841a12014-04-30 17:05:08 +02006630 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006631 X509 *crt = NULL;
6632 const EVP_MD *digest;
6633 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006634 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006635 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006636 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006637
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006638 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006639 if (!conn || conn->xprt != &ssl_sock)
6640 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006641 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006642
6643 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006644 smp->flags |= SMP_F_MAY_CHANGE;
6645 return 0;
6646 }
6647
Emeric Brunba841a12014-04-30 17:05:08 +02006648 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006649 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006650 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006651 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006652 if (!crt)
6653 goto out;
6654
6655 smp_trash = get_trash_chunk();
6656 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006657 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6658 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006659
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006660 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006661 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006662 ret = 1;
6663out:
Emeric Brunba841a12014-04-30 17:05:08 +02006664 /* SSL_get_peer_certificate, it increase X509 * ref count */
6665 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006666 X509_free(crt);
6667 return ret;
6668}
6669
Emeric Brunba841a12014-04-30 17:05:08 +02006670/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6671 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6672 * should be use.
6673 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006674static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006675smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006676{
Emeric Brunba841a12014-04-30 17:05:08 +02006677 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006678 X509 *crt = NULL;
6679 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006680 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006681 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006682 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006683
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006684 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006685 if (!conn || conn->xprt != &ssl_sock)
6686 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006687 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006688
6689 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006690 smp->flags |= SMP_F_MAY_CHANGE;
6691 return 0;
6692 }
6693
Emeric Brunba841a12014-04-30 17:05:08 +02006694 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006695 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006696 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006697 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006698 if (!crt)
6699 goto out;
6700
Willy Tarreau47ca5452012-12-23 20:22:19 +01006701 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006702 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006703 goto out;
6704
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006705 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006706 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006707 ret = 1;
6708out:
Emeric Brunba841a12014-04-30 17:05:08 +02006709 /* SSL_get_peer_certificate, it increase X509 * ref count */
6710 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006711 X509_free(crt);
6712 return ret;
6713}
6714
Emeric Brunba841a12014-04-30 17:05:08 +02006715/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6716 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6717 * should be use.
6718 */
Emeric Brun87855892012-10-17 17:39:35 +02006719static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006720smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006721{
Emeric Brunba841a12014-04-30 17:05:08 +02006722 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006723 X509 *crt = NULL;
6724 X509_NAME *name;
6725 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006726 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006727 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006728 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006729
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006730 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006731 if (!conn || conn->xprt != &ssl_sock)
6732 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006733 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006734
6735 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006736 smp->flags |= SMP_F_MAY_CHANGE;
6737 return 0;
6738 }
6739
Emeric Brunba841a12014-04-30 17:05:08 +02006740 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006741 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006742 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006743 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006744 if (!crt)
6745 goto out;
6746
6747 name = X509_get_issuer_name(crt);
6748 if (!name)
6749 goto out;
6750
Willy Tarreau47ca5452012-12-23 20:22:19 +01006751 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006752 if (args && args[0].type == ARGT_STR) {
6753 int pos = 1;
6754
6755 if (args[1].type == ARGT_SINT)
6756 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006757
6758 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6759 goto out;
6760 }
6761 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6762 goto out;
6763
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006764 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006765 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006766 ret = 1;
6767out:
Emeric Brunba841a12014-04-30 17:05:08 +02006768 /* SSL_get_peer_certificate, it increase X509 * ref count */
6769 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006770 X509_free(crt);
6771 return ret;
6772}
6773
Emeric Brunba841a12014-04-30 17:05:08 +02006774/* string, returns notbefore date in ASN1_UTCTIME format.
6775 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6776 * should be use.
6777 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006778static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006779smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006780{
Emeric Brunba841a12014-04-30 17:05:08 +02006781 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006782 X509 *crt = NULL;
6783 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006784 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006785 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006786 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006787
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006788 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006789 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006790 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006791 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006792
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006793 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006794 smp->flags |= SMP_F_MAY_CHANGE;
6795 return 0;
6796 }
6797
Emeric Brunba841a12014-04-30 17:05:08 +02006798 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006799 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006800 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006801 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006802 if (!crt)
6803 goto out;
6804
Willy Tarreau47ca5452012-12-23 20:22:19 +01006805 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006806 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006807 goto out;
6808
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006809 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006810 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006811 ret = 1;
6812out:
Emeric Brunba841a12014-04-30 17:05:08 +02006813 /* SSL_get_peer_certificate, it increase X509 * ref count */
6814 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006815 X509_free(crt);
6816 return ret;
6817}
6818
Emeric Brunba841a12014-04-30 17:05:08 +02006819/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6820 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6821 * should be use.
6822 */
Emeric Brun87855892012-10-17 17:39:35 +02006823static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006824smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006825{
Emeric Brunba841a12014-04-30 17:05:08 +02006826 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006827 X509 *crt = NULL;
6828 X509_NAME *name;
6829 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006830 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006831 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006832 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006833
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006834 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006835 if (!conn || conn->xprt != &ssl_sock)
6836 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006837 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006838
6839 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006840 smp->flags |= SMP_F_MAY_CHANGE;
6841 return 0;
6842 }
6843
Emeric Brunba841a12014-04-30 17:05:08 +02006844 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006845 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006846 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006847 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006848 if (!crt)
6849 goto out;
6850
6851 name = X509_get_subject_name(crt);
6852 if (!name)
6853 goto out;
6854
Willy Tarreau47ca5452012-12-23 20:22:19 +01006855 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006856 if (args && args[0].type == ARGT_STR) {
6857 int pos = 1;
6858
6859 if (args[1].type == ARGT_SINT)
6860 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006861
6862 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6863 goto out;
6864 }
6865 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6866 goto out;
6867
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006868 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006869 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006870 ret = 1;
6871out:
Emeric Brunba841a12014-04-30 17:05:08 +02006872 /* SSL_get_peer_certificate, it increase X509 * ref count */
6873 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006874 X509_free(crt);
6875 return ret;
6876}
Emeric Brun9143d372012-12-20 15:44:16 +01006877
6878/* integer, returns true if current session use a client certificate */
6879static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006880smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006881{
6882 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006883 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006884 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01006885
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006886 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006887 if (!conn || conn->xprt != &ssl_sock)
6888 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006889 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006890
6891 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006892 smp->flags |= SMP_F_MAY_CHANGE;
6893 return 0;
6894 }
6895
6896 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006897 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01006898 if (crt) {
6899 X509_free(crt);
6900 }
6901
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006902 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006903 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006904 return 1;
6905}
6906
Emeric Brunba841a12014-04-30 17:05:08 +02006907/* integer, returns the certificate version
6908 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6909 * should be use.
6910 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006911static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006912smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006913{
Emeric Brunba841a12014-04-30 17:05:08 +02006914 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006915 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006916 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006917 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006918
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006919 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006920 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006921 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006922 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006923
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006924 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006925 smp->flags |= SMP_F_MAY_CHANGE;
6926 return 0;
6927 }
6928
Emeric Brunba841a12014-04-30 17:05:08 +02006929 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006930 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006931 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006932 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006933 if (!crt)
6934 return 0;
6935
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006936 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006937 /* SSL_get_peer_certificate increase X509 * ref count */
6938 if (cert_peer)
6939 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006940 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006941
6942 return 1;
6943}
6944
Emeric Brunba841a12014-04-30 17:05:08 +02006945/* string, returns the certificate's signature algorithm.
6946 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6947 * should be use.
6948 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006949static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006950smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006951{
Emeric Brunba841a12014-04-30 17:05:08 +02006952 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006953 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006954 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006955 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006956 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006957 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02006958
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006959 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006960 if (!conn || conn->xprt != &ssl_sock)
6961 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006962 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006963
6964 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006965 smp->flags |= SMP_F_MAY_CHANGE;
6966 return 0;
6967 }
6968
Emeric Brunba841a12014-04-30 17:05:08 +02006969 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006970 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006971 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006972 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02006973 if (!crt)
6974 return 0;
6975
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006976 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6977 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006978
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006979 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6980 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006981 /* SSL_get_peer_certificate increase X509 * ref count */
6982 if (cert_peer)
6983 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006984 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006985 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006986
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006987 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006988 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006989 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006990 /* SSL_get_peer_certificate increase X509 * ref count */
6991 if (cert_peer)
6992 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006993
6994 return 1;
6995}
6996
Emeric Brunba841a12014-04-30 17:05:08 +02006997/* string, returns the certificate's key algorithm.
6998 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6999 * should be use.
7000 */
Emeric Brun521a0112012-10-22 12:22:55 +02007001static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007002smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007003{
Emeric Brunba841a12014-04-30 17:05:08 +02007004 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007005 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007006 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007007 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007008 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007009 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007010
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007011 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007012 if (!conn || conn->xprt != &ssl_sock)
7013 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007014 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007015
7016 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007017 smp->flags |= SMP_F_MAY_CHANGE;
7018 return 0;
7019 }
7020
Emeric Brunba841a12014-04-30 17:05:08 +02007021 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007022 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007023 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007024 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007025 if (!crt)
7026 return 0;
7027
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007028 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7029 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007030
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007031 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7032 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007033 /* SSL_get_peer_certificate increase X509 * ref count */
7034 if (cert_peer)
7035 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007036 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007037 }
Emeric Brun521a0112012-10-22 12:22:55 +02007038
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007039 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007040 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007041 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007042 if (cert_peer)
7043 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007044
7045 return 1;
7046}
7047
Emeric Brun645ae792014-04-30 14:21:06 +02007048/* boolean, returns true if front conn. transport layer is SSL.
7049 * This function is also usable on backend conn if the fetch keyword 5th
7050 * char is 'b'.
7051 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007052static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007053smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007054{
Emeric Bruneb8def92018-02-19 15:59:48 +01007055 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7056 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007057
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007058 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007059 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007060 return 1;
7061}
7062
Emeric Brun2525b6b2012-10-18 15:59:43 +02007063/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007064static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007065smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007066{
7067#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007068 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007069 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007070
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007071 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007072 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007073 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007074 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007075 return 1;
7076#else
7077 return 0;
7078#endif
7079}
7080
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007081/* boolean, returns true if client session has been resumed.
7082 * This function is also usable on backend conn if the fetch keyword 5th
7083 * char is 'b'.
7084 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007085static int
7086smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7087{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007088 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7089 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007090 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007091
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007092
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007093 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007094 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007095 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007096 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007097 return 1;
7098}
7099
Emeric Brun645ae792014-04-30 14:21:06 +02007100/* string, returns the used cipher if front conn. transport layer is SSL.
7101 * This function is also usable on backend conn if the fetch keyword 5th
7102 * char is 'b'.
7103 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007104static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007105smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007106{
Emeric Bruneb8def92018-02-19 15:59:48 +01007107 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7108 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007109 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007110
Willy Tarreaube508f12016-03-10 11:47:01 +01007111 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007112 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007113 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007114 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007115
Olivier Houchard66ab4982019-02-26 18:37:15 +01007116 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007117 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007118 return 0;
7119
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007120 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007121 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007122 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007123
7124 return 1;
7125}
7126
Emeric Brun645ae792014-04-30 14:21:06 +02007127/* integer, returns the algoritm's keysize if front conn. transport layer
7128 * is SSL.
7129 * This function is also usable on backend conn if the fetch keyword 5th
7130 * char is 'b'.
7131 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007132static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007133smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007134{
Emeric Bruneb8def92018-02-19 15:59:48 +01007135 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7136 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007137 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007138 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007139
Emeric Brun589fcad2012-10-16 14:13:26 +02007140 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007141 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007142 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007143 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007144
Olivier Houchard66ab4982019-02-26 18:37:15 +01007145 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007146 return 0;
7147
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007148 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007149 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007150
7151 return 1;
7152}
7153
Emeric Brun645ae792014-04-30 14:21:06 +02007154/* integer, returns the used keysize if front conn. transport layer is SSL.
7155 * This function is also usable on backend conn if the fetch keyword 5th
7156 * char is 'b'.
7157 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007158static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007159smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007160{
Emeric Bruneb8def92018-02-19 15:59:48 +01007161 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7162 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007163 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007164
Emeric Brun589fcad2012-10-16 14:13:26 +02007165 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007166 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7167 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007168 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007169
Olivier Houchard66ab4982019-02-26 18:37:15 +01007170 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007171 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007172 return 0;
7173
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007174 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007175
7176 return 1;
7177}
7178
Bernard Spil13c53f82018-02-15 13:34:58 +01007179#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007180static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007181smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007182{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007183 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007184 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007185
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007186 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007187 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007188
Olivier Houchard6b77f492018-11-22 18:18:29 +01007189 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7190 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007191 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7192 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007193 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007194
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007195 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007196 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007197 (const unsigned char **)&smp->data.u.str.area,
7198 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007199
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007200 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007201 return 0;
7202
7203 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007204}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007205#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007206
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007207#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007208static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007209smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007210{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007212 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007213
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007214 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007215 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007216
Olivier Houchard6b77f492018-11-22 18:18:29 +01007217 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7218 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7219
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007220 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007221 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007222 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007223
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007224 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007225 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007226 (const unsigned char **)&smp->data.u.str.area,
7227 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007228
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007229 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007230 return 0;
7231
7232 return 1;
7233}
7234#endif
7235
Emeric Brun645ae792014-04-30 14:21:06 +02007236/* string, returns the used protocol if front conn. transport layer is SSL.
7237 * This function is also usable on backend conn if the fetch keyword 5th
7238 * char is 'b'.
7239 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007240static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007241smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007242{
Emeric Bruneb8def92018-02-19 15:59:48 +01007243 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7244 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007245 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007246
Emeric Brun589fcad2012-10-16 14:13:26 +02007247 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007248 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7249 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007250 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007251
Olivier Houchard66ab4982019-02-26 18:37:15 +01007252 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007253 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007254 return 0;
7255
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007256 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007257 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007258 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007259
7260 return 1;
7261}
7262
Willy Tarreau87b09662015-04-03 00:22:06 +02007263/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007264 * This function is also usable on backend conn if the fetch keyword 5th
7265 * char is 'b'.
7266 */
Patrick Hemmer41966772018-04-28 19:15:48 -04007267#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007268static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007269smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007270{
Emeric Bruneb8def92018-02-19 15:59:48 +01007271 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7272 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007273 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007274 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007275
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007276 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007277 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007278
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007279 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7280 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007281 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007282
Olivier Houchard66ab4982019-02-26 18:37:15 +01007283 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007284 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007285 return 0;
7286
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007287 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7288 (unsigned int *)&smp->data.u.str.data);
7289 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007290 return 0;
7291
7292 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007293}
Patrick Hemmer41966772018-04-28 19:15:48 -04007294#endif
7295
Emeric Brunfe68f682012-10-16 14:59:28 +02007296
Patrick Hemmere0275472018-04-28 19:15:51 -04007297#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
7298static int
7299smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7300{
7301 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7302 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7303 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007304 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007305 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007306
7307 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7308 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007309 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007310
Olivier Houchard66ab4982019-02-26 18:37:15 +01007311 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007312 if (!ssl_sess)
7313 return 0;
7314
7315 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007316 data->data = SSL_SESSION_get_master_key(ssl_sess,
7317 (unsigned char *) data->area,
7318 data->size);
7319 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007320 return 0;
7321
7322 smp->flags = 0;
7323 smp->data.type = SMP_T_BIN;
7324 smp->data.u.str = *data;
7325
7326 return 1;
7327}
7328#endif
7329
Patrick Hemmer41966772018-04-28 19:15:48 -04007330#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007331static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007332smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007333{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007334 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007335 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007336
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007337 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007338 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007339
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007340 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007341 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7342 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007343 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007344
Olivier Houchard66ab4982019-02-26 18:37:15 +01007345 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007346 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007347 return 0;
7348
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007349 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007350 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007351}
Patrick Hemmer41966772018-04-28 19:15:48 -04007352#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007353
David Sc1ad52e2014-04-08 18:48:47 -04007354static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007355smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7356{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007357 struct connection *conn;
7358 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007359 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007360
7361 conn = objt_conn(smp->sess->origin);
7362 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7363 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007364 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007365
Olivier Houchard66ab4982019-02-26 18:37:15 +01007366 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007367 if (!capture)
7368 return 0;
7369
7370 smp->flags = SMP_F_CONST;
7371 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007372 smp->data.u.str.area = capture->ciphersuite;
7373 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007374 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007375}
7376
7377static int
7378smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7379{
Willy Tarreau83061a82018-07-13 11:56:34 +02007380 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007381
7382 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7383 return 0;
7384
7385 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007386 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007387 smp->data.type = SMP_T_BIN;
7388 smp->data.u.str = *data;
7389 return 1;
7390}
7391
7392static int
7393smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7394{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007395 struct connection *conn;
7396 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007397 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007398
7399 conn = objt_conn(smp->sess->origin);
7400 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7401 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007402 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007403
Olivier Houchard66ab4982019-02-26 18:37:15 +01007404 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007405 if (!capture)
7406 return 0;
7407
7408 smp->data.type = SMP_T_SINT;
7409 smp->data.u.sint = capture->xxh64;
7410 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007411}
7412
7413static int
7414smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7415{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007416#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Willy Tarreau83061a82018-07-13 11:56:34 +02007417 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007418 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007419
7420 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7421 return 0;
7422
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007423 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007424 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007425 const char *str;
7426 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007427 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007428 uint16_t id = (bin[0] << 8) | bin[1];
7429#if defined(OPENSSL_IS_BORINGSSL)
7430 cipher = SSL_get_cipher_by_value(id);
7431#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007432 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007433 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7434 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007435#endif
7436 str = SSL_CIPHER_get_name(cipher);
7437 if (!str || strcmp(str, "(NONE)") == 0)
7438 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007439 else
7440 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7441 }
7442 smp->data.type = SMP_T_STR;
7443 smp->data.u.str = *data;
7444 return 1;
7445#else
7446 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7447#endif
7448}
7449
Patrick Hemmer41966772018-04-28 19:15:48 -04007450#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007451static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007452smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007453{
Emeric Bruneb8def92018-02-19 15:59:48 +01007454 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7455 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007456 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007457 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007458 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007459
7460 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007461 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7462 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007463 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007464
7465 if (!(conn->flags & CO_FL_CONNECTED)) {
7466 smp->flags |= SMP_F_MAY_CHANGE;
7467 return 0;
7468 }
7469
7470 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007471 if (!SSL_session_reused(ctx->ssl))
7472 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007473 finished_trash->area,
7474 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007475 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007476 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007477 finished_trash->area,
7478 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007479
7480 if (!finished_len)
7481 return 0;
7482
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007483 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007484 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007485 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007486
7487 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007488}
Patrick Hemmer41966772018-04-28 19:15:48 -04007489#endif
David Sc1ad52e2014-04-08 18:48:47 -04007490
Emeric Brun2525b6b2012-10-18 15:59:43 +02007491/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007492static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007493smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007494{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007495 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007496 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007497
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007498 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007499 if (!conn || conn->xprt != &ssl_sock)
7500 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007501 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007502
7503 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007504 smp->flags = SMP_F_MAY_CHANGE;
7505 return 0;
7506 }
7507
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007508 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007509 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007510 smp->flags = 0;
7511
7512 return 1;
7513}
7514
Emeric Brun2525b6b2012-10-18 15:59:43 +02007515/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007516static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007517smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007518{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007519 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007520 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007521
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007522 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007523 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007524 return 0;
7525
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007526 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007527 smp->flags = SMP_F_MAY_CHANGE;
7528 return 0;
7529 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007530 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007531
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007532 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007533 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007534 smp->flags = 0;
7535
7536 return 1;
7537}
7538
Emeric Brun2525b6b2012-10-18 15:59:43 +02007539/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007540static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007541smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007542{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007543 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007544 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007545
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007546 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007547 if (!conn || conn->xprt != &ssl_sock)
7548 return 0;
7549
7550 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007551 smp->flags = SMP_F_MAY_CHANGE;
7552 return 0;
7553 }
7554
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007555 ctx = conn->xprt_ctx;
7556
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007557 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007558 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007559 smp->flags = 0;
7560
7561 return 1;
7562}
7563
Emeric Brun2525b6b2012-10-18 15:59:43 +02007564/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007565static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007566smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007567{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007568 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007569 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007570
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007571 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007572 if (!conn || conn->xprt != &ssl_sock)
7573 return 0;
7574
7575 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007576 smp->flags = SMP_F_MAY_CHANGE;
7577 return 0;
7578 }
7579
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007580 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007581 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007582 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007583
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007584 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007585 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007586 smp->flags = 0;
7587
7588 return 1;
7589}
7590
Emeric Brunfb510ea2012-10-05 12:00:26 +02007591/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007592static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007593{
7594 if (!*args[cur_arg + 1]) {
7595 if (err)
7596 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7597 return ERR_ALERT | ERR_FATAL;
7598 }
7599
Willy Tarreauef934602016-12-22 23:12:01 +01007600 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7601 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007602 else
7603 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007604
Emeric Brund94b3fe2012-09-20 18:23:56 +02007605 return 0;
7606}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007607static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7608{
7609 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7610}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007611
Christopher Faulet31af49d2015-06-09 17:29:50 +02007612/* parse the "ca-sign-file" bind keyword */
7613static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7614{
7615 if (!*args[cur_arg + 1]) {
7616 if (err)
7617 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7618 return ERR_ALERT | ERR_FATAL;
7619 }
7620
Willy Tarreauef934602016-12-22 23:12:01 +01007621 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7622 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007623 else
7624 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7625
7626 return 0;
7627}
7628
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007629/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007630static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7631{
7632 if (!*args[cur_arg + 1]) {
7633 if (err)
7634 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7635 return ERR_ALERT | ERR_FATAL;
7636 }
7637 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7638 return 0;
7639}
7640
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007641/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007642static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007643{
7644 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007645 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007646 return ERR_ALERT | ERR_FATAL;
7647 }
7648
Emeric Brun76d88952012-10-05 15:47:31 +02007649 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007650 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007651 return 0;
7652}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007653static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7654{
7655 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7656}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007657
7658#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
7659/* parse the "ciphersuites" bind keyword */
7660static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7661{
7662 if (!*args[cur_arg + 1]) {
7663 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7664 return ERR_ALERT | ERR_FATAL;
7665 }
7666
7667 free(conf->ciphersuites);
7668 conf->ciphersuites = strdup(args[cur_arg + 1]);
7669 return 0;
7670}
7671static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7672{
7673 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7674}
7675#endif
7676
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007677/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007678static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007679{
Willy Tarreau38011032013-08-13 16:59:39 +02007680 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007681
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007682 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007683 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007684 return ERR_ALERT | ERR_FATAL;
7685 }
7686
Willy Tarreauef934602016-12-22 23:12:01 +01007687 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7688 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007689 memprintf(err, "'%s' : path too long", args[cur_arg]);
7690 return ERR_ALERT | ERR_FATAL;
7691 }
Willy Tarreauef934602016-12-22 23:12:01 +01007692 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007693 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007694 return ERR_ALERT | ERR_FATAL;
7695
7696 return 0;
7697 }
7698
Willy Tarreau03209342016-12-22 17:08:28 +01007699 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007700 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007701
7702 return 0;
7703}
7704
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007705/* parse the "crt-list" bind keyword */
7706static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7707{
7708 if (!*args[cur_arg + 1]) {
7709 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7710 return ERR_ALERT | ERR_FATAL;
7711 }
7712
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007713 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007714 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007715 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007716 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007717
7718 return 0;
7719}
7720
Emeric Brunfb510ea2012-10-05 12:00:26 +02007721/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007722static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007723{
Emeric Brun051cdab2012-10-02 19:25:50 +02007724#ifndef X509_V_FLAG_CRL_CHECK
7725 if (err)
7726 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7727 return ERR_ALERT | ERR_FATAL;
7728#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007729 if (!*args[cur_arg + 1]) {
7730 if (err)
7731 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7732 return ERR_ALERT | ERR_FATAL;
7733 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007734
Willy Tarreauef934602016-12-22 23:12:01 +01007735 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7736 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007737 else
7738 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007739
Emeric Brun2b58d042012-09-20 17:10:03 +02007740 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007741#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007742}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007743static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7744{
7745 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7746}
Emeric Brun2b58d042012-09-20 17:10:03 +02007747
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007748/* parse the "curves" bind keyword keyword */
7749static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7750{
7751#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7752 if (!*args[cur_arg + 1]) {
7753 if (err)
7754 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7755 return ERR_ALERT | ERR_FATAL;
7756 }
7757 conf->curves = strdup(args[cur_arg + 1]);
7758 return 0;
7759#else
7760 if (err)
7761 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7762 return ERR_ALERT | ERR_FATAL;
7763#endif
7764}
7765static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7766{
7767 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7768}
7769
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007770/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007771static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007772{
7773#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7774 if (err)
7775 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7776 return ERR_ALERT | ERR_FATAL;
7777#elif defined(OPENSSL_NO_ECDH)
7778 if (err)
7779 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7780 return ERR_ALERT | ERR_FATAL;
7781#else
7782 if (!*args[cur_arg + 1]) {
7783 if (err)
7784 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7785 return ERR_ALERT | ERR_FATAL;
7786 }
7787
7788 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007789
7790 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007791#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007792}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007793static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7794{
7795 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7796}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007797
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007798/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007799static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7800{
7801 int code;
7802 char *p = args[cur_arg + 1];
7803 unsigned long long *ignerr = &conf->crt_ignerr;
7804
7805 if (!*p) {
7806 if (err)
7807 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7808 return ERR_ALERT | ERR_FATAL;
7809 }
7810
7811 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7812 ignerr = &conf->ca_ignerr;
7813
7814 if (strcmp(p, "all") == 0) {
7815 *ignerr = ~0ULL;
7816 return 0;
7817 }
7818
7819 while (p) {
7820 code = atoi(p);
7821 if ((code <= 0) || (code > 63)) {
7822 if (err)
7823 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7824 args[cur_arg], code, args[cur_arg + 1]);
7825 return ERR_ALERT | ERR_FATAL;
7826 }
7827 *ignerr |= 1ULL << code;
7828 p = strchr(p, ',');
7829 if (p)
7830 p++;
7831 }
7832
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007833 return 0;
7834}
7835
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007836/* parse tls_method_options "no-xxx" and "force-xxx" */
7837static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007838{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007839 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007840 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007841 p = strchr(arg, '-');
7842 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007843 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007844 p++;
7845 if (!strcmp(p, "sslv3"))
7846 v = CONF_SSLV3;
7847 else if (!strcmp(p, "tlsv10"))
7848 v = CONF_TLSV10;
7849 else if (!strcmp(p, "tlsv11"))
7850 v = CONF_TLSV11;
7851 else if (!strcmp(p, "tlsv12"))
7852 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007853 else if (!strcmp(p, "tlsv13"))
7854 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007855 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007856 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007857 if (!strncmp(arg, "no-", 3))
7858 methods->flags |= methodVersions[v].flag;
7859 else if (!strncmp(arg, "force-", 6))
7860 methods->min = methods->max = v;
7861 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007862 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007863 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007864 fail:
7865 if (err)
7866 memprintf(err, "'%s' : option not implemented", arg);
7867 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007868}
7869
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007870static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007871{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007872 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007873}
7874
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007875static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007876{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007877 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7878}
7879
7880/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7881static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7882{
7883 uint16_t i, v = 0;
7884 char *argv = args[cur_arg + 1];
7885 if (!*argv) {
7886 if (err)
7887 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7888 return ERR_ALERT | ERR_FATAL;
7889 }
7890 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7891 if (!strcmp(argv, methodVersions[i].name))
7892 v = i;
7893 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007894 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007895 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007896 return ERR_ALERT | ERR_FATAL;
7897 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007898 if (!strcmp("ssl-min-ver", args[cur_arg]))
7899 methods->min = v;
7900 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7901 methods->max = v;
7902 else {
7903 if (err)
7904 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7905 return ERR_ALERT | ERR_FATAL;
7906 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007907 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007908}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007909
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007910static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7911{
Lukas Tribus1aabc932019-03-05 23:14:32 +01007912#if (OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007913 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007914#endif
7915 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7916}
7917
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007918static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7919{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007920 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007921}
7922
7923static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7924{
7925 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7926}
7927
Emeric Brun2d0c4822012-10-02 13:45:20 +02007928/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007929static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007930{
Emeric Brun89675492012-10-05 13:48:26 +02007931 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007932 return 0;
7933}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007934
Olivier Houchardc2aae742017-09-22 18:26:28 +02007935/* parse the "allow-0rtt" bind keyword */
7936static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7937{
7938 conf->early_data = 1;
7939 return 0;
7940}
7941
7942static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7943{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007944 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007945 return 0;
7946}
7947
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007948/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007949static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007950{
Bernard Spil13c53f82018-02-15 13:34:58 +01007951#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007952 char *p1, *p2;
7953
7954 if (!*args[cur_arg + 1]) {
7955 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7956 return ERR_ALERT | ERR_FATAL;
7957 }
7958
7959 free(conf->npn_str);
7960
Willy Tarreau3724da12016-02-12 17:11:12 +01007961 /* the NPN string is built as a suite of (<len> <name>)*,
7962 * so we reuse each comma to store the next <len> and need
7963 * one more for the end of the string.
7964 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007965 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007966 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007967 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7968
7969 /* replace commas with the name length */
7970 p1 = conf->npn_str;
7971 p2 = p1 + 1;
7972 while (1) {
7973 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7974 if (!p2)
7975 p2 = p1 + 1 + strlen(p1 + 1);
7976
7977 if (p2 - (p1 + 1) > 255) {
7978 *p2 = '\0';
7979 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7980 return ERR_ALERT | ERR_FATAL;
7981 }
7982
7983 *p1 = p2 - (p1 + 1);
7984 p1 = p2;
7985
7986 if (!*p2)
7987 break;
7988
7989 *(p2++) = '\0';
7990 }
7991 return 0;
7992#else
7993 if (err)
7994 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7995 return ERR_ALERT | ERR_FATAL;
7996#endif
7997}
7998
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007999static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8000{
8001 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8002}
8003
Willy Tarreauab861d32013-04-02 02:30:41 +02008004/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008005static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008006{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008007#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008008 char *p1, *p2;
8009
8010 if (!*args[cur_arg + 1]) {
8011 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8012 return ERR_ALERT | ERR_FATAL;
8013 }
8014
8015 free(conf->alpn_str);
8016
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008017 /* the ALPN string is built as a suite of (<len> <name>)*,
8018 * so we reuse each comma to store the next <len> and need
8019 * one more for the end of the string.
8020 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008021 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008022 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008023 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8024
8025 /* replace commas with the name length */
8026 p1 = conf->alpn_str;
8027 p2 = p1 + 1;
8028 while (1) {
8029 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8030 if (!p2)
8031 p2 = p1 + 1 + strlen(p1 + 1);
8032
8033 if (p2 - (p1 + 1) > 255) {
8034 *p2 = '\0';
8035 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8036 return ERR_ALERT | ERR_FATAL;
8037 }
8038
8039 *p1 = p2 - (p1 + 1);
8040 p1 = p2;
8041
8042 if (!*p2)
8043 break;
8044
8045 *(p2++) = '\0';
8046 }
8047 return 0;
8048#else
8049 if (err)
8050 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8051 return ERR_ALERT | ERR_FATAL;
8052#endif
8053}
8054
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008055static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8056{
8057 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8058}
8059
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008060/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008061static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008062{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008063 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008064 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008065
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008066 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8067 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008068#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8069 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8070 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8071#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008072 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008073 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8074 if (!conf->ssl_conf.ssl_methods.min)
8075 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8076 if (!conf->ssl_conf.ssl_methods.max)
8077 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008078
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008079 return 0;
8080}
8081
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008082/* parse the "prefer-client-ciphers" bind keyword */
8083static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8084{
8085 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8086 return 0;
8087}
8088
Christopher Faulet31af49d2015-06-09 17:29:50 +02008089/* parse the "generate-certificates" bind keyword */
8090static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8091{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008092#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008093 conf->generate_certs = 1;
8094#else
8095 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8096 err && *err ? *err : "");
8097#endif
8098 return 0;
8099}
8100
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008101/* parse the "strict-sni" bind keyword */
8102static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8103{
8104 conf->strict_sni = 1;
8105 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008106}
8107
8108/* parse the "tls-ticket-keys" bind keyword */
8109static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8110{
8111#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8112 FILE *f;
8113 int i = 0;
8114 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008115 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008116
8117 if (!*args[cur_arg + 1]) {
8118 if (err)
8119 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
8120 return ERR_ALERT | ERR_FATAL;
8121 }
8122
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008123 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008124 if (keys_ref) {
8125 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008126 conf->keys_ref = keys_ref;
8127 return 0;
8128 }
8129
Vincent Bernat02779b62016-04-03 13:48:43 +02008130 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008131 if (!keys_ref) {
8132 if (err)
8133 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8134 return ERR_ALERT | ERR_FATAL;
8135 }
8136
Emeric Brun9e754772019-01-10 17:51:55 +01008137 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008138 if (!keys_ref->tlskeys) {
8139 free(keys_ref);
8140 if (err)
8141 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8142 return ERR_ALERT | ERR_FATAL;
8143 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008144
8145 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01008146 free(keys_ref->tlskeys);
8147 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008148 if (err)
8149 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
8150 return ERR_ALERT | ERR_FATAL;
8151 }
8152
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008153 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008154 if (!keys_ref->filename) {
8155 free(keys_ref->tlskeys);
8156 free(keys_ref);
8157 if (err)
8158 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8159 return ERR_ALERT | ERR_FATAL;
8160 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008161
Emeric Brun9e754772019-01-10 17:51:55 +01008162 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008163 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8164 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008165 int dec_size;
8166
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008167 /* Strip newline characters from the end */
8168 if(thisline[len - 1] == '\n')
8169 thisline[--len] = 0;
8170
8171 if(thisline[len - 1] == '\r')
8172 thisline[--len] = 0;
8173
Emeric Brun9e754772019-01-10 17:51:55 +01008174 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8175 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01008176 free(keys_ref->filename);
8177 free(keys_ref->tlskeys);
8178 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008179 if (err)
8180 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02008181 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008182 return ERR_ALERT | ERR_FATAL;
8183 }
Emeric Brun9e754772019-01-10 17:51:55 +01008184 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8185 keys_ref->key_size_bits = 128;
8186 }
8187 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8188 keys_ref->key_size_bits = 256;
8189 }
8190 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8191 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8192 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
8193 free(keys_ref->filename);
8194 free(keys_ref->tlskeys);
8195 free(keys_ref);
8196 if (err)
8197 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
8198 fclose(f);
8199 return ERR_ALERT | ERR_FATAL;
8200 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008201 i++;
8202 }
8203
8204 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01008205 free(keys_ref->filename);
8206 free(keys_ref->tlskeys);
8207 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008208 if (err)
8209 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02008210 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008211 return ERR_ALERT | ERR_FATAL;
8212 }
8213
8214 fclose(f);
8215
8216 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008217 i -= 2;
8218 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008219 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008220 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008221 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008222 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008223
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008224 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8225
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008226 return 0;
8227#else
8228 if (err)
8229 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8230 return ERR_ALERT | ERR_FATAL;
8231#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008232}
8233
Emeric Brund94b3fe2012-09-20 18:23:56 +02008234/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008235static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008236{
8237 if (!*args[cur_arg + 1]) {
8238 if (err)
8239 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8240 return ERR_ALERT | ERR_FATAL;
8241 }
8242
8243 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008244 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008245 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008246 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008247 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008248 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008249 else {
8250 if (err)
8251 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8252 args[cur_arg], args[cur_arg + 1]);
8253 return ERR_ALERT | ERR_FATAL;
8254 }
8255
8256 return 0;
8257}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008258static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8259{
8260 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8261}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008262
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008263/* parse the "no-ca-names" bind keyword */
8264static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8265{
8266 conf->no_ca_names = 1;
8267 return 0;
8268}
8269static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8270{
8271 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8272}
8273
Willy Tarreau92faadf2012-10-10 23:04:25 +02008274/************** "server" keywords ****************/
8275
Olivier Houchardc7566002018-11-20 23:33:50 +01008276/* parse the "npn" bind keyword */
8277static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8278{
8279#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8280 char *p1, *p2;
8281
8282 if (!*args[*cur_arg + 1]) {
8283 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8284 return ERR_ALERT | ERR_FATAL;
8285 }
8286
8287 free(newsrv->ssl_ctx.npn_str);
8288
8289 /* the NPN string is built as a suite of (<len> <name>)*,
8290 * so we reuse each comma to store the next <len> and need
8291 * one more for the end of the string.
8292 */
8293 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8294 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8295 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8296 newsrv->ssl_ctx.npn_len);
8297
8298 /* replace commas with the name length */
8299 p1 = newsrv->ssl_ctx.npn_str;
8300 p2 = p1 + 1;
8301 while (1) {
8302 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8303 newsrv->ssl_ctx.npn_len - (p1 + 1));
8304 if (!p2)
8305 p2 = p1 + 1 + strlen(p1 + 1);
8306
8307 if (p2 - (p1 + 1) > 255) {
8308 *p2 = '\0';
8309 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8310 return ERR_ALERT | ERR_FATAL;
8311 }
8312
8313 *p1 = p2 - (p1 + 1);
8314 p1 = p2;
8315
8316 if (!*p2)
8317 break;
8318
8319 *(p2++) = '\0';
8320 }
8321 return 0;
8322#else
8323 if (err)
8324 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8325 return ERR_ALERT | ERR_FATAL;
8326#endif
8327}
8328
Olivier Houchard92150142018-12-21 19:47:01 +01008329/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008330static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8331{
8332#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8333 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008334 char **alpn_str;
8335 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008336
Olivier Houchard92150142018-12-21 19:47:01 +01008337 if (*args[*cur_arg] == 'c') {
8338 alpn_str = &newsrv->check.alpn_str;
8339 alpn_len = &newsrv->check.alpn_len;
8340 } else {
8341 alpn_str = &newsrv->ssl_ctx.alpn_str;
8342 alpn_len = &newsrv->ssl_ctx.alpn_len;
8343
8344 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008345 if (!*args[*cur_arg + 1]) {
8346 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8347 return ERR_ALERT | ERR_FATAL;
8348 }
8349
Olivier Houchard92150142018-12-21 19:47:01 +01008350 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008351
8352 /* the ALPN string is built as a suite of (<len> <name>)*,
8353 * so we reuse each comma to store the next <len> and need
8354 * one more for the end of the string.
8355 */
Olivier Houchard92150142018-12-21 19:47:01 +01008356 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8357 *alpn_str = calloc(1, *alpn_len + 1);
8358 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008359
8360 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008361 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008362 p2 = p1 + 1;
8363 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008364 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008365 if (!p2)
8366 p2 = p1 + 1 + strlen(p1 + 1);
8367
8368 if (p2 - (p1 + 1) > 255) {
8369 *p2 = '\0';
8370 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8371 return ERR_ALERT | ERR_FATAL;
8372 }
8373
8374 *p1 = p2 - (p1 + 1);
8375 p1 = p2;
8376
8377 if (!*p2)
8378 break;
8379
8380 *(p2++) = '\0';
8381 }
8382 return 0;
8383#else
8384 if (err)
8385 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8386 return ERR_ALERT | ERR_FATAL;
8387#endif
8388}
8389
Emeric Brunef42d922012-10-11 16:11:36 +02008390/* parse the "ca-file" server keyword */
8391static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8392{
8393 if (!*args[*cur_arg + 1]) {
8394 if (err)
8395 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8396 return ERR_ALERT | ERR_FATAL;
8397 }
8398
Willy Tarreauef934602016-12-22 23:12:01 +01008399 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8400 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008401 else
8402 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8403
8404 return 0;
8405}
8406
Olivier Houchard9130a962017-10-17 17:33:43 +02008407/* parse the "check-sni" server keyword */
8408static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8409{
8410 if (!*args[*cur_arg + 1]) {
8411 if (err)
8412 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8413 return ERR_ALERT | ERR_FATAL;
8414 }
8415
8416 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8417 if (!newsrv->check.sni) {
8418 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8419 return ERR_ALERT | ERR_FATAL;
8420 }
8421 return 0;
8422
8423}
8424
Willy Tarreau92faadf2012-10-10 23:04:25 +02008425/* parse the "check-ssl" server keyword */
8426static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8427{
8428 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008429 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8430 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008431#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8432 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8433 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8434#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008435 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008436 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8437 if (!newsrv->ssl_ctx.methods.min)
8438 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8439 if (!newsrv->ssl_ctx.methods.max)
8440 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8441
Willy Tarreau92faadf2012-10-10 23:04:25 +02008442 return 0;
8443}
8444
8445/* parse the "ciphers" server keyword */
8446static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8447{
8448 if (!*args[*cur_arg + 1]) {
8449 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8450 return ERR_ALERT | ERR_FATAL;
8451 }
8452
8453 free(newsrv->ssl_ctx.ciphers);
8454 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8455 return 0;
8456}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008457
8458#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8459/* parse the "ciphersuites" server keyword */
8460static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8461{
8462 if (!*args[*cur_arg + 1]) {
8463 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8464 return ERR_ALERT | ERR_FATAL;
8465 }
8466
8467 free(newsrv->ssl_ctx.ciphersuites);
8468 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8469 return 0;
8470}
8471#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008472
Emeric Brunef42d922012-10-11 16:11:36 +02008473/* parse the "crl-file" server keyword */
8474static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8475{
8476#ifndef X509_V_FLAG_CRL_CHECK
8477 if (err)
8478 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8479 return ERR_ALERT | ERR_FATAL;
8480#else
8481 if (!*args[*cur_arg + 1]) {
8482 if (err)
8483 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8484 return ERR_ALERT | ERR_FATAL;
8485 }
8486
Willy Tarreauef934602016-12-22 23:12:01 +01008487 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8488 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008489 else
8490 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8491
8492 return 0;
8493#endif
8494}
8495
Emeric Bruna7aa3092012-10-26 12:58:00 +02008496/* parse the "crt" server keyword */
8497static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8498{
8499 if (!*args[*cur_arg + 1]) {
8500 if (err)
8501 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8502 return ERR_ALERT | ERR_FATAL;
8503 }
8504
Willy Tarreauef934602016-12-22 23:12:01 +01008505 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008506 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008507 else
8508 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8509
8510 return 0;
8511}
Emeric Brunef42d922012-10-11 16:11:36 +02008512
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008513/* parse the "no-check-ssl" server keyword */
8514static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8515{
8516 newsrv->check.use_ssl = 0;
8517 free(newsrv->ssl_ctx.ciphers);
8518 newsrv->ssl_ctx.ciphers = NULL;
8519 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8520 return 0;
8521}
8522
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008523/* parse the "no-send-proxy-v2-ssl" server keyword */
8524static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8525{
8526 newsrv->pp_opts &= ~SRV_PP_V2;
8527 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8528 return 0;
8529}
8530
8531/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8532static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8533{
8534 newsrv->pp_opts &= ~SRV_PP_V2;
8535 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8536 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8537 return 0;
8538}
8539
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008540/* parse the "no-ssl" server keyword */
8541static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8542{
8543 newsrv->use_ssl = 0;
8544 free(newsrv->ssl_ctx.ciphers);
8545 newsrv->ssl_ctx.ciphers = NULL;
8546 return 0;
8547}
8548
Olivier Houchard522eea72017-11-03 16:27:47 +01008549/* parse the "allow-0rtt" server keyword */
8550static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8551{
8552 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8553 return 0;
8554}
8555
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008556/* parse the "no-ssl-reuse" server keyword */
8557static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8558{
8559 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8560 return 0;
8561}
8562
Emeric Brunf9c5c472012-10-11 15:28:34 +02008563/* parse the "no-tls-tickets" server keyword */
8564static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8565{
8566 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8567 return 0;
8568}
David Safb76832014-05-08 23:42:08 -04008569/* parse the "send-proxy-v2-ssl" server keyword */
8570static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8571{
8572 newsrv->pp_opts |= SRV_PP_V2;
8573 newsrv->pp_opts |= SRV_PP_V2_SSL;
8574 return 0;
8575}
8576
8577/* parse the "send-proxy-v2-ssl-cn" server keyword */
8578static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8579{
8580 newsrv->pp_opts |= SRV_PP_V2;
8581 newsrv->pp_opts |= SRV_PP_V2_SSL;
8582 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8583 return 0;
8584}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008585
Willy Tarreau732eac42015-07-09 11:40:25 +02008586/* parse the "sni" server keyword */
8587static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8588{
8589#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8590 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8591 return ERR_ALERT | ERR_FATAL;
8592#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008593 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008594
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008595 arg = args[*cur_arg + 1];
8596 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008597 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8598 return ERR_ALERT | ERR_FATAL;
8599 }
8600
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008601 free(newsrv->sni_expr);
8602 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008603
Willy Tarreau732eac42015-07-09 11:40:25 +02008604 return 0;
8605#endif
8606}
8607
Willy Tarreau92faadf2012-10-10 23:04:25 +02008608/* parse the "ssl" server keyword */
8609static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8610{
8611 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008612 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8613 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008614#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8615 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8616 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8617#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008618 return 0;
8619}
8620
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008621/* parse the "ssl-reuse" server keyword */
8622static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8623{
8624 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8625 return 0;
8626}
8627
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008628/* parse the "tls-tickets" server keyword */
8629static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8630{
8631 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8632 return 0;
8633}
8634
Emeric Brunef42d922012-10-11 16:11:36 +02008635/* parse the "verify" server keyword */
8636static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8637{
8638 if (!*args[*cur_arg + 1]) {
8639 if (err)
8640 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8641 return ERR_ALERT | ERR_FATAL;
8642 }
8643
8644 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008645 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008646 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008647 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008648 else {
8649 if (err)
8650 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8651 args[*cur_arg], args[*cur_arg + 1]);
8652 return ERR_ALERT | ERR_FATAL;
8653 }
8654
Evan Broderbe554312013-06-27 00:05:25 -07008655 return 0;
8656}
8657
8658/* parse the "verifyhost" server keyword */
8659static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8660{
8661 if (!*args[*cur_arg + 1]) {
8662 if (err)
8663 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8664 return ERR_ALERT | ERR_FATAL;
8665 }
8666
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008667 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008668 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8669
Emeric Brunef42d922012-10-11 16:11:36 +02008670 return 0;
8671}
8672
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008673/* parse the "ssl-default-bind-options" keyword in global section */
8674static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8675 struct proxy *defpx, const char *file, int line,
8676 char **err) {
8677 int i = 1;
8678
8679 if (*(args[i]) == 0) {
8680 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8681 return -1;
8682 }
8683 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008684 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008685 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008686 else if (!strcmp(args[i], "prefer-client-ciphers"))
8687 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008688 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8689 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8690 i++;
8691 else {
8692 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8693 return -1;
8694 }
8695 }
8696 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008697 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8698 return -1;
8699 }
8700 i++;
8701 }
8702 return 0;
8703}
8704
8705/* parse the "ssl-default-server-options" keyword in global section */
8706static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8707 struct proxy *defpx, const char *file, int line,
8708 char **err) {
8709 int i = 1;
8710
8711 if (*(args[i]) == 0) {
8712 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8713 return -1;
8714 }
8715 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008716 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008717 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008718 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8719 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8720 i++;
8721 else {
8722 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8723 return -1;
8724 }
8725 }
8726 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008727 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8728 return -1;
8729 }
8730 i++;
8731 }
8732 return 0;
8733}
8734
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008735/* parse the "ca-base" / "crt-base" keywords in global section.
8736 * Returns <0 on alert, >0 on warning, 0 on success.
8737 */
8738static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8739 struct proxy *defpx, const char *file, int line,
8740 char **err)
8741{
8742 char **target;
8743
Willy Tarreauef934602016-12-22 23:12:01 +01008744 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008745
8746 if (too_many_args(1, args, err, NULL))
8747 return -1;
8748
8749 if (*target) {
8750 memprintf(err, "'%s' already specified.", args[0]);
8751 return -1;
8752 }
8753
8754 if (*(args[1]) == 0) {
8755 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8756 return -1;
8757 }
8758 *target = strdup(args[1]);
8759 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008760}
8761
8762/* parse the "ssl-mode-async" keyword in global section.
8763 * Returns <0 on alert, >0 on warning, 0 on success.
8764 */
8765static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8766 struct proxy *defpx, const char *file, int line,
8767 char **err)
8768{
Ilya Shipitsin54832b92019-05-05 23:27:54 +05008769#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008770 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008771 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008772 return 0;
8773#else
8774 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8775 return -1;
8776#endif
8777}
8778
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008779#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008780static int ssl_check_async_engine_count(void) {
8781 int err_code = 0;
8782
Emeric Brun3854e012017-05-17 20:42:48 +02008783 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008784 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008785 err_code = ERR_ABORT;
8786 }
8787 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008788}
8789
Grant Zhang872f9c22017-01-21 01:10:18 +00008790/* parse the "ssl-engine" keyword in global section.
8791 * Returns <0 on alert, >0 on warning, 0 on success.
8792 */
8793static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8794 struct proxy *defpx, const char *file, int line,
8795 char **err)
8796{
8797 char *algo;
8798 int ret = -1;
8799
8800 if (*(args[1]) == 0) {
8801 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8802 return ret;
8803 }
8804
8805 if (*(args[2]) == 0) {
8806 /* if no list of algorithms is given, it defaults to ALL */
8807 algo = strdup("ALL");
8808 goto add_engine;
8809 }
8810
8811 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8812 if (strcmp(args[2], "algo") != 0) {
8813 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8814 return ret;
8815 }
8816
8817 if (*(args[3]) == 0) {
8818 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8819 return ret;
8820 }
8821 algo = strdup(args[3]);
8822
8823add_engine:
8824 if (ssl_init_single_engine(args[1], algo)==0) {
8825 openssl_engines_initialized++;
8826 ret = 0;
8827 }
8828 free(algo);
8829 return ret;
8830}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008831#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008832
Willy Tarreauf22e9682016-12-21 23:23:19 +01008833/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8834 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8835 */
8836static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8837 struct proxy *defpx, const char *file, int line,
8838 char **err)
8839{
8840 char **target;
8841
Willy Tarreauef934602016-12-22 23:12:01 +01008842 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008843
8844 if (too_many_args(1, args, err, NULL))
8845 return -1;
8846
8847 if (*(args[1]) == 0) {
8848 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8849 return -1;
8850 }
8851
8852 free(*target);
8853 *target = strdup(args[1]);
8854 return 0;
8855}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008856
8857#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8858/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
8859 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8860 */
8861static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
8862 struct proxy *defpx, const char *file, int line,
8863 char **err)
8864{
8865 char **target;
8866
8867 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
8868
8869 if (too_many_args(1, args, err, NULL))
8870 return -1;
8871
8872 if (*(args[1]) == 0) {
8873 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8874 return -1;
8875 }
8876
8877 free(*target);
8878 *target = strdup(args[1]);
8879 return 0;
8880}
8881#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01008882
Willy Tarreau9ceda382016-12-21 23:13:03 +01008883/* parse various global tune.ssl settings consisting in positive integers.
8884 * Returns <0 on alert, >0 on warning, 0 on success.
8885 */
8886static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8887 struct proxy *defpx, const char *file, int line,
8888 char **err)
8889{
8890 int *target;
8891
8892 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8893 target = &global.tune.sslcachesize;
8894 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008895 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008896 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008897 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008898 else if (strcmp(args[0], "maxsslconn") == 0)
8899 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008900 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8901 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008902 else {
8903 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8904 return -1;
8905 }
8906
8907 if (too_many_args(1, args, err, NULL))
8908 return -1;
8909
8910 if (*(args[1]) == 0) {
8911 memprintf(err, "'%s' expects an integer argument.", args[0]);
8912 return -1;
8913 }
8914
8915 *target = atoi(args[1]);
8916 if (*target < 0) {
8917 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8918 return -1;
8919 }
8920 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008921}
8922
8923static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8924 struct proxy *defpx, const char *file, int line,
8925 char **err)
8926{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008927 int ret;
8928
8929 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8930 if (ret != 0)
8931 return ret;
8932
Willy Tarreaubafbe012017-11-24 17:34:44 +01008933 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008934 memprintf(err, "'%s' is already configured.", args[0]);
8935 return -1;
8936 }
8937
Willy Tarreaubafbe012017-11-24 17:34:44 +01008938 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8939 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008940 memprintf(err, "Out of memory error.");
8941 return -1;
8942 }
8943 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008944}
8945
8946/* parse "ssl.force-private-cache".
8947 * Returns <0 on alert, >0 on warning, 0 on success.
8948 */
8949static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8950 struct proxy *defpx, const char *file, int line,
8951 char **err)
8952{
8953 if (too_many_args(0, args, err, NULL))
8954 return -1;
8955
Willy Tarreauef934602016-12-22 23:12:01 +01008956 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008957 return 0;
8958}
8959
8960/* parse "ssl.lifetime".
8961 * Returns <0 on alert, >0 on warning, 0 on success.
8962 */
8963static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8964 struct proxy *defpx, const char *file, int line,
8965 char **err)
8966{
8967 const char *res;
8968
8969 if (too_many_args(1, args, err, NULL))
8970 return -1;
8971
8972 if (*(args[1]) == 0) {
8973 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8974 return -1;
8975 }
8976
Willy Tarreauef934602016-12-22 23:12:01 +01008977 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008978 if (res) {
8979 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8980 return -1;
8981 }
8982 return 0;
8983}
8984
8985#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008986/* parse "ssl-dh-param-file".
8987 * Returns <0 on alert, >0 on warning, 0 on success.
8988 */
8989static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8990 struct proxy *defpx, const char *file, int line,
8991 char **err)
8992{
8993 if (too_many_args(1, args, err, NULL))
8994 return -1;
8995
8996 if (*(args[1]) == 0) {
8997 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8998 return -1;
8999 }
9000
9001 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9002 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9003 return -1;
9004 }
9005 return 0;
9006}
9007
Willy Tarreau9ceda382016-12-21 23:13:03 +01009008/* parse "ssl.default-dh-param".
9009 * Returns <0 on alert, >0 on warning, 0 on success.
9010 */
9011static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9012 struct proxy *defpx, const char *file, int line,
9013 char **err)
9014{
9015 if (too_many_args(1, args, err, NULL))
9016 return -1;
9017
9018 if (*(args[1]) == 0) {
9019 memprintf(err, "'%s' expects an integer argument.", args[0]);
9020 return -1;
9021 }
9022
Willy Tarreauef934602016-12-22 23:12:01 +01009023 global_ssl.default_dh_param = atoi(args[1]);
9024 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009025 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9026 return -1;
9027 }
9028 return 0;
9029}
9030#endif
9031
9032
William Lallemand32af2032016-10-29 18:09:35 +02009033/* This function is used with TLS ticket keys management. It permits to browse
9034 * each reference. The variable <getnext> must contain the current node,
9035 * <end> point to the root node.
9036 */
9037#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9038static inline
9039struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9040{
9041 struct tls_keys_ref *ref = getnext;
9042
9043 while (1) {
9044
9045 /* Get next list entry. */
9046 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9047
9048 /* If the entry is the last of the list, return NULL. */
9049 if (&ref->list == end)
9050 return NULL;
9051
9052 return ref;
9053 }
9054}
9055
9056static inline
9057struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9058{
9059 int id;
9060 char *error;
9061
9062 /* If the reference starts by a '#', this is numeric id. */
9063 if (reference[0] == '#') {
9064 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9065 id = strtol(reference + 1, &error, 10);
9066 if (*error != '\0')
9067 return NULL;
9068
9069 /* Perform the unique id lookup. */
9070 return tlskeys_ref_lookupid(id);
9071 }
9072
9073 /* Perform the string lookup. */
9074 return tlskeys_ref_lookup(reference);
9075}
9076#endif
9077
9078
9079#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9080
9081static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9082
9083static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9084 return cli_io_handler_tlskeys_files(appctx);
9085}
9086
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009087/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9088 * (next index to be dumped), and cli.p0 (next key reference).
9089 */
William Lallemand32af2032016-10-29 18:09:35 +02009090static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9091
9092 struct stream_interface *si = appctx->owner;
9093
9094 switch (appctx->st2) {
9095 case STAT_ST_INIT:
9096 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009097 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009098 * later and restart at the state "STAT_ST_INIT".
9099 */
9100 chunk_reset(&trash);
9101
9102 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9103 chunk_appendf(&trash, "# id secret\n");
9104 else
9105 chunk_appendf(&trash, "# id (file)\n");
9106
Willy Tarreau06d80a92017-10-19 14:32:15 +02009107 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009108 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009109 return 0;
9110 }
9111
William Lallemand32af2032016-10-29 18:09:35 +02009112 /* Now, we start the browsing of the references lists.
9113 * Note that the following call to LIST_ELEM return bad pointer. The only
9114 * available field of this pointer is <list>. It is used with the function
9115 * tlskeys_list_get_next() for retruning the first available entry
9116 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009117 if (appctx->ctx.cli.p0 == NULL) {
9118 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9119 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009120 }
9121
9122 appctx->st2 = STAT_ST_LIST;
9123 /* fall through */
9124
9125 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009126 while (appctx->ctx.cli.p0) {
9127 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009128
9129 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009130 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009131 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009132
9133 if (appctx->ctx.cli.i1 == 0)
9134 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9135
William Lallemand32af2032016-10-29 18:09:35 +02009136 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009137 int head;
9138
9139 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9140 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009141 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009142 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009143
9144 chunk_reset(t2);
9145 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009146 if (ref->key_size_bits == 128) {
9147 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9148 sizeof(struct tls_sess_key_128),
9149 t2->area, t2->size);
9150 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9151 t2->area);
9152 }
9153 else if (ref->key_size_bits == 256) {
9154 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9155 sizeof(struct tls_sess_key_256),
9156 t2->area, t2->size);
9157 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9158 t2->area);
9159 }
9160 else {
9161 /* This case should never happen */
9162 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9163 }
William Lallemand32af2032016-10-29 18:09:35 +02009164
Willy Tarreau06d80a92017-10-19 14:32:15 +02009165 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009166 /* let's try again later from this stream. We add ourselves into
9167 * this stream's users so that it can remove us upon termination.
9168 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009169 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009170 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009171 return 0;
9172 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009173 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009174 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009175 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009176 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009177 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009178 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009179 /* let's try again later from this stream. We add ourselves into
9180 * this stream's users so that it can remove us upon termination.
9181 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009182 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009183 return 0;
9184 }
9185
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009186 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009187 break;
9188
9189 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009190 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009191 }
9192
9193 appctx->st2 = STAT_ST_FIN;
9194 /* fall through */
9195
9196 default:
9197 appctx->st2 = STAT_ST_FIN;
9198 return 1;
9199 }
9200 return 0;
9201}
9202
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009203/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009204static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009205{
William Lallemand32af2032016-10-29 18:09:35 +02009206 /* no parameter, shows only file list */
9207 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009208 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009209 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009210 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009211 }
9212
9213 if (args[2][0] == '*') {
9214 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009215 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009216 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009217 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9218 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009219 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009220 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009221 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009222 return 1;
9223 }
9224 }
William Lallemand32af2032016-10-29 18:09:35 +02009225 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009226 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009227}
9228
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009229static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009230{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009231 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009232 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009233
William Lallemand32af2032016-10-29 18:09:35 +02009234 /* Expect two parameters: the filename and the new new TLS key in encoding */
9235 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009236 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009237 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009238 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009239 return 1;
9240 }
9241
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009242 ref = tlskeys_ref_lookup_ref(args[3]);
9243 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009244 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009245 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009246 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009247 return 1;
9248 }
9249
Willy Tarreau1c913e42018-08-22 05:26:57 +02009250 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009251 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009252 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009253 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009254 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009255 return 1;
9256 }
Emeric Brun9e754772019-01-10 17:51:55 +01009257
Willy Tarreau1c913e42018-08-22 05:26:57 +02009258 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009259 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9260 appctx->ctx.cli.severity = LOG_ERR;
9261 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9262 appctx->st0 = CLI_ST_PRINT;
9263 return 1;
9264 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009265 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009266 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009267 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009268 return 1;
9269
9270}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009271#endif
William Lallemand32af2032016-10-29 18:09:35 +02009272
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009273static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009274{
9275#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9276 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009277 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009278
9279 if (!payload)
9280 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009281
9282 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009283 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009284 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009285 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009286 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009287 return 1;
9288 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009289
9290 /* remove \r and \n from the payload */
9291 for (i = 0, j = 0; payload[i]; i++) {
9292 if (payload[i] == '\r' || payload[i] == '\n')
9293 continue;
9294 payload[j++] = payload[i];
9295 }
9296 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009297
Willy Tarreau1c913e42018-08-22 05:26:57 +02009298 ret = base64dec(payload, j, trash.area, trash.size);
9299 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009300 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009301 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009302 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009303 return 1;
9304 }
9305
Willy Tarreau1c913e42018-08-22 05:26:57 +02009306 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009307 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9308 if (err) {
9309 memprintf(&err, "%s.\n", err);
9310 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009311 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009312 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009313 else {
9314 appctx->ctx.cli.severity = LOG_ERR;
9315 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9316 appctx->st0 = CLI_ST_PRINT;
9317 }
William Lallemand32af2032016-10-29 18:09:35 +02009318 return 1;
9319 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009320 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009321 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009322 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009323 return 1;
9324#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009325 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009326 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009327 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009328 return 1;
9329#endif
9330
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009331}
9332
Emmanuel Hocdet2b4edfb2019-04-01 18:24:38 +02009333#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined LIBRESSL_VERSION_NUMBER)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009334static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9335{
9336 switch (arg->type) {
9337 case ARGT_STR:
9338 smp->data.type = SMP_T_STR;
9339 smp->data.u.str = arg->data.str;
9340 return 1;
9341 case ARGT_VAR:
9342 if (!vars_get_by_desc(&arg->data.var, smp))
9343 return 0;
9344 if (!sample_casts[smp->data.type][SMP_T_STR])
9345 return 0;
9346 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9347 return 0;
9348 return 1;
9349 default:
9350 return 0;
9351 }
9352}
9353
9354static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9355 const char *file, int line, char **err)
9356{
9357 switch(args[0].data.sint) {
9358 case 128:
9359 case 192:
9360 case 256:
9361 break;
9362 default:
9363 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9364 return 0;
9365 }
9366 /* Try to decode a variable. */
9367 vars_check_arg(&args[1], NULL);
9368 vars_check_arg(&args[2], NULL);
9369 vars_check_arg(&args[3], NULL);
9370 return 1;
9371}
9372
9373/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9374static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9375{
9376 struct sample nonce, key, aead_tag;
9377 struct buffer *smp_trash, *smp_trash_alloc;
9378 EVP_CIPHER_CTX *ctx;
9379 int dec_size, ret;
9380
9381 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9382 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9383 return 0;
9384
9385 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9386 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9387 return 0;
9388
9389 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9390 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9391 return 0;
9392
9393 smp_trash = get_trash_chunk();
9394 smp_trash_alloc = alloc_trash_chunk();
9395 if (!smp_trash_alloc)
9396 return 0;
9397
9398 ctx = EVP_CIPHER_CTX_new();
9399
9400 if (!ctx)
9401 goto err;
9402
9403 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9404 if (dec_size < 0)
9405 goto err;
9406 smp_trash->data = dec_size;
9407
9408 /* Set cipher type and mode */
9409 switch(arg_p[0].data.sint) {
9410 case 128:
9411 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9412 break;
9413 case 192:
9414 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9415 break;
9416 case 256:
9417 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9418 break;
9419 }
9420
9421 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9422
9423 /* Initialise IV */
9424 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9425 goto err;
9426
9427 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9428 if (dec_size < 0)
9429 goto err;
9430 smp_trash->data = dec_size;
9431
9432 /* Initialise key */
9433 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9434 goto err;
9435
9436 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9437 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9438 goto err;
9439
9440 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9441 if (dec_size < 0)
9442 goto err;
9443 smp_trash_alloc->data = dec_size;
9444 dec_size = smp_trash->data;
9445
9446 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9447 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9448
9449 if (ret <= 0)
9450 goto err;
9451
9452 smp->data.u.str.data = dec_size + smp_trash->data;
9453 smp->data.u.str.area = smp_trash->area;
9454 smp->data.type = SMP_T_BIN;
9455 smp->flags &= ~SMP_F_CONST;
9456 free_trash_chunk(smp_trash_alloc);
9457 return 1;
9458
9459err:
9460 free_trash_chunk(smp_trash_alloc);
9461 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009462}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009463# endif
William Lallemand32af2032016-10-29 18:09:35 +02009464
9465/* register cli keywords */
9466static struct cli_kw_list cli_kws = {{ },{
9467#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9468 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009469 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009470#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009471 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009472 { { NULL }, NULL, NULL, NULL }
9473}};
9474
Willy Tarreau0108d902018-11-25 19:14:37 +01009475INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009476
Willy Tarreau7875d092012-09-10 08:20:03 +02009477/* Note: must not be declared <const> as its list will be overwritten.
9478 * Please take care of keeping this list alphabetically sorted.
9479 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009480static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009481 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009482 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009483#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009484 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009485#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009486 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009487#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9488 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9489#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009490 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009491 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009492 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009493 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009494#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009495 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009496#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04009497#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
9498 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9499#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009500 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9501 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009502 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009503 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009504 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9505 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9506 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9507 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9508 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9509 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9510 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9511 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009512 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009513 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9514 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009515 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009516 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9517 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9518 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9519 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9520 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9521 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9522 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009523 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009524 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009525 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009526 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009527 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009528 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009529 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009530 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009531 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009532#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009533 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009534#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009535#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009536 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009537#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009538 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009539#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009540 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009541#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009542 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009543#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009544 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009545#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04009546#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
9547 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9548#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009549#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009550 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009551#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009552 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9553 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9554 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9555 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009556 { NULL, NULL, 0, 0, 0 },
9557}};
9558
Willy Tarreau0108d902018-11-25 19:14:37 +01009559INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9560
Willy Tarreau7875d092012-09-10 08:20:03 +02009561/* Note: must not be declared <const> as its list will be overwritten.
9562 * Please take care of keeping this list alphabetically sorted.
9563 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009564static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009565 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9566 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009567 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009568}};
9569
Willy Tarreau0108d902018-11-25 19:14:37 +01009570INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9571
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009572/* Note: must not be declared <const> as its list will be overwritten.
9573 * Please take care of keeping this list alphabetically sorted, doing so helps
9574 * all code contributors.
9575 * Optional keywords are also declared with a NULL ->parse() function so that
9576 * the config parser can report an appropriate error when a known keyword was
9577 * not enabled.
9578 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009579static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009580 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009581 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9582 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9583 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009584#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9585 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9586#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009587 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009588 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009589 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009590 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009591 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009592 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9593 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009594 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9595 { NULL, NULL, 0 },
9596};
9597
Willy Tarreau0108d902018-11-25 19:14:37 +01009598/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9599
Willy Tarreau51fb7652012-09-18 18:24:39 +02009600static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009601 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009602 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9603 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9604 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9605 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9606 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9607 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009608#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9609 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9610#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009611 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9612 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9613 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9614 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9615 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9616 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9617 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9618 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9619 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9620 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009621 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009622 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009623 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009624 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9625 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9626 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9627 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009628 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009629 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9630 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009631 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9632 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009633 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9634 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9635 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9636 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9637 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009638 { NULL, NULL, 0 },
9639}};
Emeric Brun46591952012-05-18 15:47:34 +02009640
Willy Tarreau0108d902018-11-25 19:14:37 +01009641INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9642
Willy Tarreau92faadf2012-10-10 23:04:25 +02009643/* Note: must not be declared <const> as its list will be overwritten.
9644 * Please take care of keeping this list alphabetically sorted, doing so helps
9645 * all code contributors.
9646 * Optional keywords are also declared with a NULL ->parse() function so that
9647 * the config parser can report an appropriate error when a known keyword was
9648 * not enabled.
9649 */
9650static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009651 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009652 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009653 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009654 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009655 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009656 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9657 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009658#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9659 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9660#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009661 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9662 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9663 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9664 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9665 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9666 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9667 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9668 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9669 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9670 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9671 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9672 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9673 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9674 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9675 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9676 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9677 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9678 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009679 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009680 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9681 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9682 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9683 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9684 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9685 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9686 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9687 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9688 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9689 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009690 { NULL, NULL, 0, 0 },
9691}};
9692
Willy Tarreau0108d902018-11-25 19:14:37 +01009693INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9694
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009695static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009696 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9697 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009698 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009699 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9700 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009701#ifndef OPENSSL_NO_DH
9702 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9703#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009704 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009705#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009706 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009707#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009708 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9709#ifndef OPENSSL_NO_DH
9710 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9711#endif
9712 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9713 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9714 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9715 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009716 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009717 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9718 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009719#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9720 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9721 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9722#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009723 { 0, NULL, NULL },
9724}};
9725
Willy Tarreau0108d902018-11-25 19:14:37 +01009726INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9727
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009728/* Note: must not be declared <const> as its list will be overwritten */
9729static struct sample_conv_kw_list conv_kws = {ILH, {
Emmanuel Hocdet2b4edfb2019-04-01 18:24:38 +02009730#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined LIBRESSL_VERSION_NUMBER)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009731 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9732#endif
9733 { NULL, NULL, 0, 0, 0 },
9734}};
9735
9736INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9737
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009738/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009739static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009740 .snd_buf = ssl_sock_from_buf,
9741 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009742 .subscribe = ssl_subscribe,
9743 .unsubscribe = ssl_unsubscribe,
Emeric Brun46591952012-05-18 15:47:34 +02009744 .rcv_pipe = NULL,
9745 .snd_pipe = NULL,
9746 .shutr = NULL,
9747 .shutw = ssl_sock_shutw,
9748 .close = ssl_sock_close,
9749 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009750 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009751 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009752 .prepare_srv = ssl_sock_prepare_srv_ctx,
9753 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009754 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009755 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009756};
9757
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009758enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9759 struct session *sess, struct stream *s, int flags)
9760{
9761 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009762 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009763
9764 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009765 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009766
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009767 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009768 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009769 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009770 s->req.flags |= CF_READ_NULL;
9771 return ACT_RET_YIELD;
9772 }
9773 }
9774 return (ACT_RET_CONT);
9775}
9776
9777static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9778{
9779 rule->action_ptr = ssl_action_wait_for_hs;
9780
9781 return ACT_RET_PRS_OK;
9782}
9783
9784static struct action_kw_list http_req_actions = {ILH, {
9785 { "wait-for-handshake", ssl_parse_wait_for_hs },
9786 { /* END */ }
9787}};
9788
Willy Tarreau0108d902018-11-25 19:14:37 +01009789INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9790
Daniel Jakots54ffb912015-11-06 20:02:41 +01009791#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009792
9793static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9794{
9795 if (ptr) {
9796 chunk_destroy(ptr);
9797 free(ptr);
9798 }
9799}
9800
9801#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009802static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9803{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009804 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009805}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009806
Emeric Brun46591952012-05-18 15:47:34 +02009807__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009808static void __ssl_sock_init(void)
9809{
Emeric Brun46591952012-05-18 15:47:34 +02009810 STACK_OF(SSL_COMP)* cm;
9811
Willy Tarreauef934602016-12-22 23:12:01 +01009812 if (global_ssl.listen_default_ciphers)
9813 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9814 if (global_ssl.connect_default_ciphers)
9815 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009816#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9817 if (global_ssl.listen_default_ciphersuites)
9818 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9819 if (global_ssl.connect_default_ciphersuites)
9820 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9821#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009822
Willy Tarreau13e14102016-12-22 20:25:26 +01009823 xprt_register(XPRT_SSL, &ssl_sock);
Rosen Penev68185952018-12-14 08:47:02 -08009824#if OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009825 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009826#endif
Emeric Brun46591952012-05-18 15:47:34 +02009827 cm = SSL_COMP_get_compression_methods();
9828 sk_SSL_COMP_zero(cm);
Rosen Penev68185952018-12-14 08:47:02 -08009829#if defined(USE_THREAD) && ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
Emeric Brun821bb9b2017-06-15 16:37:39 +02009830 ssl_locking_init();
9831#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01009832#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009833 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
9834#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02009835 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02009836 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01009837 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009838#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009839 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009840 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009841#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01009842#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9843 hap_register_post_check(tlskeys_finalize_config);
9844#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009845
9846 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9847 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
9848
9849#ifndef OPENSSL_NO_DH
9850 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
9851 hap_register_post_deinit(ssl_free_dh);
9852#endif
9853#ifndef OPENSSL_NO_ENGINE
9854 hap_register_post_deinit(ssl_free_engines);
9855#endif
9856 /* Load SSL string for the verbose & debug mode. */
9857 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +02009858#if OPENSSL_VERSION_NUMBER < 0x10100000L
9859 ha_meth = malloc(sizeof(*ha_meth));
Olivier Houchard66a7b332019-04-18 15:58:15 +02009860 bzero(ha_meth, sizeof(*ha_meth));
Olivier Houcharda8955d52019-04-07 22:00:38 +02009861 ha_meth->bwrite = ha_ssl_write;
9862 ha_meth->bread = ha_ssl_read;
9863 ha_meth->ctrl = ha_ssl_ctrl;
9864 ha_meth->create = ha_ssl_new;
9865 ha_meth->destroy = ha_ssl_free;
9866 ha_meth->bputs = ha_ssl_puts;
9867 ha_meth->bgets = ha_ssl_gets;
9868#else
9869 ha_meth = BIO_meth_new(0x666, "ha methods");
9870 BIO_meth_set_write(ha_meth, ha_ssl_write);
9871 BIO_meth_set_read(ha_meth, ha_ssl_read);
9872 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
9873 BIO_meth_set_create(ha_meth, ha_ssl_new);
9874 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
9875 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
9876 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
9877#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009878}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009879
Willy Tarreau80713382018-11-26 10:19:54 +01009880/* Compute and register the version string */
9881static void ssl_register_build_options()
9882{
9883 char *ptr = NULL;
9884 int i;
9885
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009886 memprintf(&ptr, "Built with OpenSSL version : "
9887#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009888 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009889#else /* OPENSSL_IS_BORINGSSL */
9890 OPENSSL_VERSION_TEXT
9891 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -08009892 OpenSSL_version(OPENSSL_VERSION),
9893 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009894#endif
9895 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
9896#if OPENSSL_VERSION_NUMBER < 0x00907000L
9897 "no (library version too old)"
9898#elif defined(OPENSSL_NO_TLSEXT)
9899 "no (disabled via OPENSSL_NO_TLSEXT)"
9900#else
9901 "yes"
9902#endif
9903 "", ptr);
9904
9905 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9906#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9907 "yes"
9908#else
9909#ifdef OPENSSL_NO_TLSEXT
9910 "no (because of OPENSSL_NO_TLSEXT)"
9911#else
9912 "no (version might be too old, 0.9.8f min needed)"
9913#endif
9914#endif
9915 "", ptr);
9916
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009917 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9918 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9919 if (methodVersions[i].option)
9920 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009921
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009922 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +01009923}
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009924
Willy Tarreau80713382018-11-26 10:19:54 +01009925INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009926
Emeric Brun46591952012-05-18 15:47:34 +02009927
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009928#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009929void ssl_free_engines(void) {
9930 struct ssl_engine_list *wl, *wlb;
9931 /* free up engine list */
9932 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9933 ENGINE_finish(wl->e);
9934 ENGINE_free(wl->e);
9935 LIST_DEL(&wl->list);
9936 free(wl);
9937 }
9938}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009939#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009940
Remi Gacogned3a23c32015-05-28 16:39:47 +02009941#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009942void ssl_free_dh(void) {
9943 if (local_dh_1024) {
9944 DH_free(local_dh_1024);
9945 local_dh_1024 = NULL;
9946 }
9947 if (local_dh_2048) {
9948 DH_free(local_dh_2048);
9949 local_dh_2048 = NULL;
9950 }
9951 if (local_dh_4096) {
9952 DH_free(local_dh_4096);
9953 local_dh_4096 = NULL;
9954 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009955 if (global_dh) {
9956 DH_free(global_dh);
9957 global_dh = NULL;
9958 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009959}
9960#endif
9961
9962__attribute__((destructor))
9963static void __ssl_sock_deinit(void)
9964{
9965#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009966 if (ssl_ctx_lru_tree) {
9967 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009968 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009969 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009970#endif
9971
Rosen Penev68185952018-12-14 08:47:02 -08009972#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009973 ERR_remove_state(0);
9974 ERR_free_strings();
9975
9976 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -08009977#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +02009978
Rosen Penev68185952018-12-14 08:47:02 -08009979#if ((OPENSSL_VERSION_NUMBER >= 0x00907000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)) || defined(LIBRESSL_VERSION_NUMBER)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009980 CRYPTO_cleanup_all_ex_data();
9981#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +02009982#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
9983 free(ha_meth);
9984#else
9985 BIO_meth_free(ha_meth);
9986#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +02009987}
9988
9989
Emeric Brun46591952012-05-18 15:47:34 +02009990/*
9991 * Local variables:
9992 * c-indent-level: 8
9993 * c-basic-offset: 8
9994 * End:
9995 */