blob: 772310b78ec92c81492a0c39db4022cb3ec05037 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
William Lallemand150bfa82019-09-19 17:12:49 +0200356__decl_hathreads(HA_SPINLOCK_T ckch_lock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200357
William Lallemandbc6ca7c2019-10-29 23:48:19 +0100358/* Uncommitted CKCH transaction */
359
360static struct {
361 struct ckch_store *new_ckchs;
362 struct ckch_store *old_ckchs;
363 char *path;
364} ckchs_transaction;
365
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100366/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100367struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100368 unsigned long long int xxh64;
369 unsigned char ciphersuite_len;
370 char ciphersuite[0];
371};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100372struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100373static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200374static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100375
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100376static int ssl_pkey_info_index = -1;
377
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200378#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
379struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
380#endif
381
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200382#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000383static unsigned int openssl_engines_initialized;
384struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
385struct ssl_engine_list {
386 struct list list;
387 ENGINE *e;
388};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200389#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000390
Remi Gacogne8de54152014-07-15 11:36:40 +0200391#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200392static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200393static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200394static DH *local_dh_1024 = NULL;
395static DH *local_dh_2048 = NULL;
396static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100397static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200398#endif /* OPENSSL_NO_DH */
399
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100400#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200401/* X509V3 Extensions that will be added on generated certificates */
402#define X509V3_EXT_SIZE 5
403static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
404 "basicConstraints",
405 "nsComment",
406 "subjectKeyIdentifier",
407 "authorityKeyIdentifier",
408 "keyUsage",
409};
410static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
411 "CA:FALSE",
412 "\"OpenSSL Generated Certificate\"",
413 "hash",
414 "keyid,issuer:always",
415 "nonRepudiation,digitalSignature,keyEncipherment"
416};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200417/* LRU cache to store generated certificate */
418static struct lru64_head *ssl_ctx_lru_tree = NULL;
419static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200420static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100421__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200422
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200423#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
424
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100425static struct ssl_bind_kw ssl_bind_kws[];
426
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200427#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500428/* The order here matters for picking a default context,
429 * keep the most common keytype at the bottom of the list
430 */
431const char *SSL_SOCK_KEYTYPE_NAMES[] = {
432 "dsa",
433 "ecdsa",
434 "rsa"
435};
436#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100437#else
438#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500439#endif
440
William Lallemandc3cd35f2017-11-28 11:04:43 +0100441static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100442static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
443
444#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
445
446#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
447 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
448
449#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
450 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200451
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100452/*
453 * This function gives the detail of the SSL error. It is used only
454 * if the debug mode and the verbose mode are activated. It dump all
455 * the SSL error until the stack was empty.
456 */
457static forceinline void ssl_sock_dump_errors(struct connection *conn)
458{
459 unsigned long ret;
460
461 if (unlikely(global.mode & MODE_DEBUG)) {
462 while(1) {
463 ret = ERR_get_error();
464 if (ret == 0)
465 return;
466 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200467 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100468 ERR_func_error_string(ret), ERR_reason_error_string(ret));
469 }
470 }
471}
472
yanbzhube2774d2015-12-10 15:07:30 -0500473
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200474#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000475static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
476{
477 int err_code = ERR_ABORT;
478 ENGINE *engine;
479 struct ssl_engine_list *el;
480
481 /* grab the structural reference to the engine */
482 engine = ENGINE_by_id(engine_id);
483 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100484 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000485 goto fail_get;
486 }
487
488 if (!ENGINE_init(engine)) {
489 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100490 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000491 goto fail_init;
492 }
493
494 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100495 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000496 goto fail_set_method;
497 }
498
499 el = calloc(1, sizeof(*el));
500 el->e = engine;
501 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100502 nb_engines++;
503 if (global_ssl.async)
504 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000505 return 0;
506
507fail_set_method:
508 /* release the functional reference from ENGINE_init() */
509 ENGINE_finish(engine);
510
511fail_init:
512 /* release the structural reference from ENGINE_by_id() */
513 ENGINE_free(engine);
514
515fail_get:
516 return err_code;
517}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200518#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000519
Willy Tarreau5db847a2019-05-09 14:13:35 +0200520#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200521/*
522 * openssl async fd handler
523 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200524void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000525{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200526 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000527
Emeric Brun3854e012017-05-17 20:42:48 +0200528 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000529 * to poll this fd until it is requested
530 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000531 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000532 fd_cant_recv(fd);
533
534 /* crypto engine is available, let's notify the associated
535 * connection that it can pursue its processing.
536 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200537 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000538}
539
Emeric Brun3854e012017-05-17 20:42:48 +0200540/*
541 * openssl async delayed SSL_free handler
542 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200543void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000544{
545 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200546 OSSL_ASYNC_FD all_fd[32];
547 size_t num_all_fds = 0;
548 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000549
Emeric Brun3854e012017-05-17 20:42:48 +0200550 /* We suppose that the async job for a same SSL *
551 * are serialized. So if we are awake it is
552 * because the running job has just finished
553 * and we can remove all async fds safely
554 */
555 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
556 if (num_all_fds > 32) {
557 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
558 return;
559 }
560
561 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
562 for (i=0 ; i < num_all_fds ; i++)
563 fd_remove(all_fd[i]);
564
565 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000566 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100567 _HA_ATOMIC_SUB(&sslconns, 1);
568 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000569}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000570/*
Emeric Brun3854e012017-05-17 20:42:48 +0200571 * function used to manage a returned SSL_ERROR_WANT_ASYNC
572 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000573 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200574static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000575{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100576 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200577 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200578 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000579 size_t num_add_fds = 0;
580 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200581 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000582
583 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
584 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200585 if (num_add_fds > 32 || num_del_fds > 32) {
586 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587 return;
588 }
589
Emeric Brun3854e012017-05-17 20:42:48 +0200590 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591
Emeric Brun3854e012017-05-17 20:42:48 +0200592 /* We remove unused fds from the fdtab */
593 for (i=0 ; i < num_del_fds ; i++)
594 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000595
Emeric Brun3854e012017-05-17 20:42:48 +0200596 /* We add new fds to the fdtab */
597 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200598 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000599 }
600
Emeric Brun3854e012017-05-17 20:42:48 +0200601 num_add_fds = 0;
602 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
603 if (num_add_fds > 32) {
604 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
605 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000606 }
Emeric Brun3854e012017-05-17 20:42:48 +0200607
608 /* We activate the polling for all known async fds */
609 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000610 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200611 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000612 /* To ensure that the fd cache won't be used
613 * We'll prefer to catch a real RD event
614 * because handling an EAGAIN on this fd will
615 * result in a context switch and also
616 * some engines uses a fd in blocking mode.
617 */
618 fd_cant_recv(add_fd[i]);
619 }
Emeric Brun3854e012017-05-17 20:42:48 +0200620
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000621}
622#endif
623
William Lallemand104a7a62019-10-14 14:14:59 +0200624#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200625/*
626 * This function returns the number of seconds elapsed
627 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
628 * date presented un ASN1_GENERALIZEDTIME.
629 *
630 * In parsing error case, it returns -1.
631 */
632static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
633{
634 long epoch;
635 char *p, *end;
636 const unsigned short month_offset[12] = {
637 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
638 };
639 int year, month;
640
641 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
642
643 p = (char *)d->data;
644 end = p + d->length;
645
646 if (end - p < 4) return -1;
647 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
648 p += 4;
649 if (end - p < 2) return -1;
650 month = 10 * (p[0] - '0') + p[1] - '0';
651 if (month < 1 || month > 12) return -1;
652 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
653 We consider leap years and the current month (<marsh or not) */
654 epoch = ( ((year - 1970) * 365)
655 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
656 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
657 + month_offset[month-1]
658 ) * 24 * 60 * 60;
659 p += 2;
660 if (end - p < 2) return -1;
661 /* Add the number of seconds of completed days of current month */
662 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
663 p += 2;
664 if (end - p < 2) return -1;
665 /* Add the completed hours of the current day */
666 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
667 p += 2;
668 if (end - p < 2) return -1;
669 /* Add the completed minutes of the current hour */
670 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
671 p += 2;
672 if (p == end) return -1;
673 /* Test if there is available seconds */
674 if (p[0] < '0' || p[0] > '9')
675 goto nosec;
676 if (end - p < 2) return -1;
677 /* Add the seconds of the current minute */
678 epoch += 10 * (p[0] - '0') + p[1] - '0';
679 p += 2;
680 if (p == end) return -1;
681 /* Ignore seconds float part if present */
682 if (p[0] == '.') {
683 do {
684 if (++p == end) return -1;
685 } while (p[0] >= '0' && p[0] <= '9');
686 }
687
688nosec:
689 if (p[0] == 'Z') {
690 if (end - p != 1) return -1;
691 return epoch;
692 }
693 else if (p[0] == '+') {
694 if (end - p != 5) return -1;
695 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700696 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200697 }
698 else if (p[0] == '-') {
699 if (end - p != 5) return -1;
700 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700701 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200702 }
703
704 return -1;
705}
706
William Lallemand104a7a62019-10-14 14:14:59 +0200707/*
708 * struct alignment works here such that the key.key is the same as key_data
709 * Do not change the placement of key_data
710 */
711struct certificate_ocsp {
712 struct ebmb_node key;
713 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
714 struct buffer response;
715 long expire;
716};
717
718struct ocsp_cbk_arg {
719 int is_single;
720 int single_kt;
721 union {
722 struct certificate_ocsp *s_ocsp;
723 /*
724 * m_ocsp will have multiple entries dependent on key type
725 * Entry 0 - DSA
726 * Entry 1 - ECDSA
727 * Entry 2 - RSA
728 */
729 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
730 };
731};
732
Emeric Brun1d3865b2014-06-20 15:37:32 +0200733static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200734
735/* This function starts to check if the OCSP response (in DER format) contained
736 * in chunk 'ocsp_response' is valid (else exits on error).
737 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
738 * contained in the OCSP Response and exits on error if no match.
739 * If it's a valid OCSP Response:
740 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
741 * pointed by 'ocsp'.
742 * If 'ocsp' is NULL, the function looks up into the OCSP response's
743 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
744 * from the response) and exits on error if not found. Finally, If an OCSP response is
745 * already present in the container, it will be overwritten.
746 *
747 * Note: OCSP response containing more than one OCSP Single response is not
748 * considered valid.
749 *
750 * Returns 0 on success, 1 in error case.
751 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200752static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
753 struct certificate_ocsp *ocsp,
754 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200755{
756 OCSP_RESPONSE *resp;
757 OCSP_BASICRESP *bs = NULL;
758 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200759 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200760 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200761 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200762 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200763 int reason;
764 int ret = 1;
765
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200766 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
767 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200768 if (!resp) {
769 memprintf(err, "Unable to parse OCSP response");
770 goto out;
771 }
772
773 rc = OCSP_response_status(resp);
774 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
775 memprintf(err, "OCSP response status not successful");
776 goto out;
777 }
778
779 bs = OCSP_response_get1_basic(resp);
780 if (!bs) {
781 memprintf(err, "Failed to get basic response from OCSP Response");
782 goto out;
783 }
784
785 count_sr = OCSP_resp_count(bs);
786 if (count_sr > 1) {
787 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
788 goto out;
789 }
790
791 sr = OCSP_resp_get0(bs, 0);
792 if (!sr) {
793 memprintf(err, "Failed to get OCSP single response");
794 goto out;
795 }
796
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200797 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
798
Emeric Brun4147b2e2014-06-16 18:36:30 +0200799 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200800 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200801 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200802 goto out;
803 }
804
Emeric Brun13a6b482014-06-20 15:44:34 +0200805 if (!nextupd) {
806 memprintf(err, "OCSP single response: missing nextupdate");
807 goto out;
808 }
809
Emeric Brunc8b27b62014-06-19 14:16:17 +0200810 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200811 if (!rc) {
812 memprintf(err, "OCSP single response: no longer valid.");
813 goto out;
814 }
815
816 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200817 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200818 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
819 goto out;
820 }
821 }
822
823 if (!ocsp) {
824 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
825 unsigned char *p;
826
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200827 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200828 if (!rc) {
829 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
830 goto out;
831 }
832
833 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
834 memprintf(err, "OCSP single response: Certificate ID too long");
835 goto out;
836 }
837
838 p = key;
839 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200840 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200841 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
842 if (!ocsp) {
843 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
844 goto out;
845 }
846 }
847
848 /* According to comments on "chunk_dup", the
849 previous chunk buffer will be freed */
850 if (!chunk_dup(&ocsp->response, ocsp_response)) {
851 memprintf(err, "OCSP response: Memory allocation error");
852 goto out;
853 }
854
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200855 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
856
Emeric Brun4147b2e2014-06-16 18:36:30 +0200857 ret = 0;
858out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100859 ERR_clear_error();
860
Emeric Brun4147b2e2014-06-16 18:36:30 +0200861 if (bs)
862 OCSP_BASICRESP_free(bs);
863
864 if (resp)
865 OCSP_RESPONSE_free(resp);
866
867 return ret;
868}
869/*
870 * External function use to update the OCSP response in the OCSP response's
871 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
872 * to update in DER format.
873 *
874 * Returns 0 on success, 1 in error case.
875 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200876int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200877{
878 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
879}
880
William Lallemand4a660132019-10-14 14:51:41 +0200881#endif
882
883#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200884/*
885 * This function load the OCSP Resonse in DER format contained in file at
William Lallemand3b5f3602019-10-16 18:05:05 +0200886 * path 'ocsp_path' or base64 in a buffer <buf>
Emeric Brun4147b2e2014-06-16 18:36:30 +0200887 *
888 * Returns 0 on success, 1 in error case.
889 */
William Lallemand3b5f3602019-10-16 18:05:05 +0200890static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200891{
892 int fd = -1;
893 int r = 0;
894 int ret = 1;
William Lallemand3b5f3602019-10-16 18:05:05 +0200895 struct buffer *ocsp_response;
896 struct buffer *src = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200897
William Lallemand3b5f3602019-10-16 18:05:05 +0200898 if (buf) {
899 int i, j;
900 /* if it's from a buffer it will be base64 */
Emeric Brun4147b2e2014-06-16 18:36:30 +0200901
William Lallemand3b5f3602019-10-16 18:05:05 +0200902 /* remove \r and \n from the payload */
903 for (i = 0, j = 0; buf[i]; i++) {
904 if (buf[i] == '\r' || buf[i] == '\n')
Emeric Brun4147b2e2014-06-16 18:36:30 +0200905 continue;
William Lallemand3b5f3602019-10-16 18:05:05 +0200906 buf[j++] = buf[i];
907 }
908 buf[j] = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200909
William Lallemand3b5f3602019-10-16 18:05:05 +0200910 ret = base64dec(buf, j, trash.area, trash.size);
911 if (ret < 0) {
912 memprintf(err, "Error reading OCSP response in base64 format");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200913 goto end;
914 }
William Lallemand3b5f3602019-10-16 18:05:05 +0200915 trash.data = ret;
916 src = &trash;
917 } else {
918 fd = open(ocsp_path, O_RDONLY);
919 if (fd == -1) {
920 memprintf(err, "Error opening OCSP response file");
921 goto end;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200922 }
William Lallemand3b5f3602019-10-16 18:05:05 +0200923
924 trash.data = 0;
925 while (trash.data < trash.size) {
926 r = read(fd, trash.area + trash.data, trash.size - trash.data);
927 if (r < 0) {
928 if (errno == EINTR)
929 continue;
930
931 memprintf(err, "Error reading OCSP response from file");
932 goto end;
933 }
934 else if (r == 0) {
935 break;
936 }
937 trash.data += r;
938 }
939 close(fd);
940 fd = -1;
941 src = &trash;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200942 }
943
William Lallemand3b5f3602019-10-16 18:05:05 +0200944 ocsp_response = calloc(1, sizeof(*ocsp_response));
945 if (!chunk_dup(ocsp_response, src)) {
946 free(ocsp_response);
947 ocsp_response = NULL;
William Lallemand246c0242019-10-11 08:59:13 +0200948 goto end;
949 }
950
William Lallemand3b5f3602019-10-16 18:05:05 +0200951 ckch->ocsp_response = ocsp_response;
William Lallemande0f48ae2019-10-15 13:44:57 +0200952 ret = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200953end:
954 if (fd != -1)
955 close(fd);
956
957 return ret;
958}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100959#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200960
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100961#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
962static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
963{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100964 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100965 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100966 struct connection *conn;
967 int head;
968 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100969 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100970
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200971 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200972 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100973 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
974
975 keys = ref->tlskeys;
976 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100977
978 if (enc) {
979 memcpy(key_name, keys[head].name, 16);
980
981 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100982 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100983
Emeric Brun9e754772019-01-10 17:51:55 +0100984 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100985
Emeric Brun9e754772019-01-10 17:51:55 +0100986 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
987 goto end;
988
Willy Tarreau9356dac2019-05-10 09:22:53 +0200989 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100990 ret = 1;
991 }
992 else if (ref->key_size_bits == 256 ) {
993
994 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
995 goto end;
996
Willy Tarreau9356dac2019-05-10 09:22:53 +0200997 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100998 ret = 1;
999 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001000 } else {
1001 for (i = 0; i < TLS_TICKETS_NO; i++) {
1002 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
1003 goto found;
1004 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01001005 ret = 0;
1006 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001007
Christopher Faulet16f45c82018-02-16 11:23:49 +01001008 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001009 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001010 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001011 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1012 goto end;
1013 /* 2 for key renewal, 1 if current key is still valid */
1014 ret = i ? 2 : 1;
1015 }
1016 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001017 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001018 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1019 goto end;
1020 /* 2 for key renewal, 1 if current key is still valid */
1021 ret = i ? 2 : 1;
1022 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001023 }
Emeric Brun9e754772019-01-10 17:51:55 +01001024
Christopher Faulet16f45c82018-02-16 11:23:49 +01001025 end:
1026 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1027 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001028}
1029
1030struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1031{
1032 struct tls_keys_ref *ref;
1033
1034 list_for_each_entry(ref, &tlskeys_reference, list)
1035 if (ref->filename && strcmp(filename, ref->filename) == 0)
1036 return ref;
1037 return NULL;
1038}
1039
1040struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1041{
1042 struct tls_keys_ref *ref;
1043
1044 list_for_each_entry(ref, &tlskeys_reference, list)
1045 if (ref->unique_id == unique_id)
1046 return ref;
1047 return NULL;
1048}
1049
Emeric Brun9e754772019-01-10 17:51:55 +01001050/* Update the key into ref: if keysize doesnt
1051 * match existing ones, this function returns -1
1052 * else it returns 0 on success.
1053 */
1054int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001055 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001056{
Emeric Brun9e754772019-01-10 17:51:55 +01001057 if (ref->key_size_bits == 128) {
1058 if (tlskey->data != sizeof(struct tls_sess_key_128))
1059 return -1;
1060 }
1061 else if (ref->key_size_bits == 256) {
1062 if (tlskey->data != sizeof(struct tls_sess_key_256))
1063 return -1;
1064 }
1065 else
1066 return -1;
1067
Christopher Faulet16f45c82018-02-16 11:23:49 +01001068 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001069 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1070 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001071 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1072 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001073
1074 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001075}
1076
Willy Tarreau83061a82018-07-13 11:56:34 +02001077int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001078{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001079 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1080
1081 if(!ref) {
1082 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1083 return 1;
1084 }
Emeric Brun9e754772019-01-10 17:51:55 +01001085 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1086 memprintf(err, "Invalid key size");
1087 return 1;
1088 }
1089
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001090 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001091}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001092
1093/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001094 * automatic ids. It's called just after the basic checks. It returns
1095 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001096 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001097static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001098{
1099 int i = 0;
1100 struct tls_keys_ref *ref, *ref2, *ref3;
1101 struct list tkr = LIST_HEAD_INIT(tkr);
1102
1103 list_for_each_entry(ref, &tlskeys_reference, list) {
1104 if (ref->unique_id == -1) {
1105 /* Look for the first free id. */
1106 while (1) {
1107 list_for_each_entry(ref2, &tlskeys_reference, list) {
1108 if (ref2->unique_id == i) {
1109 i++;
1110 break;
1111 }
1112 }
1113 if (&ref2->list == &tlskeys_reference)
1114 break;
1115 }
1116
1117 /* Uses the unique id and increment it for the next entry. */
1118 ref->unique_id = i;
1119 i++;
1120 }
1121 }
1122
1123 /* This sort the reference list by id. */
1124 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1125 LIST_DEL(&ref->list);
1126 list_for_each_entry(ref3, &tkr, list) {
1127 if (ref->unique_id < ref3->unique_id) {
1128 LIST_ADDQ(&ref3->list, &ref->list);
1129 break;
1130 }
1131 }
1132 if (&ref3->list == &tkr)
1133 LIST_ADDQ(&tkr, &ref->list);
1134 }
1135
1136 /* swap root */
1137 LIST_ADD(&tkr, &tlskeys_reference);
1138 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001139 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001140}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001141#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1142
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001143#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001144int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1145{
1146 switch (evp_keytype) {
1147 case EVP_PKEY_RSA:
1148 return 2;
1149 case EVP_PKEY_DSA:
1150 return 0;
1151 case EVP_PKEY_EC:
1152 return 1;
1153 }
1154
1155 return -1;
1156}
1157
Emeric Brun4147b2e2014-06-16 18:36:30 +02001158/*
1159 * Callback used to set OCSP status extension content in server hello.
1160 */
1161int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1162{
yanbzhube2774d2015-12-10 15:07:30 -05001163 struct certificate_ocsp *ocsp;
1164 struct ocsp_cbk_arg *ocsp_arg;
1165 char *ssl_buf;
1166 EVP_PKEY *ssl_pkey;
1167 int key_type;
1168 int index;
1169
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001170 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001171
1172 ssl_pkey = SSL_get_privatekey(ssl);
1173 if (!ssl_pkey)
1174 return SSL_TLSEXT_ERR_NOACK;
1175
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001176 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001177
1178 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1179 ocsp = ocsp_arg->s_ocsp;
1180 else {
1181 /* For multiple certs per context, we have to find the correct OCSP response based on
1182 * the certificate type
1183 */
1184 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1185
1186 if (index < 0)
1187 return SSL_TLSEXT_ERR_NOACK;
1188
1189 ocsp = ocsp_arg->m_ocsp[index];
1190
1191 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001192
1193 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001194 !ocsp->response.area ||
1195 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001196 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001197 return SSL_TLSEXT_ERR_NOACK;
1198
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001199 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001200 if (!ssl_buf)
1201 return SSL_TLSEXT_ERR_NOACK;
1202
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001203 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1204 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001205
1206 return SSL_TLSEXT_ERR_OK;
1207}
1208
William Lallemand4a660132019-10-14 14:51:41 +02001209#endif
1210
1211#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001212/*
1213 * This function enables the handling of OCSP status extension on 'ctx' if a
William Lallemand246c0242019-10-11 08:59:13 +02001214 * ocsp_response buffer was found in the cert_key_and_chain. To enable OCSP
1215 * status extension, the issuer's certificate is mandatory. It should be
1216 * present in ckch->ocsp_issuer.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001217 *
William Lallemand246c0242019-10-11 08:59:13 +02001218 * In addition, the ckch->ocsp_reponse buffer is loaded as a DER format of an
1219 * OCSP response. If file is empty or content is not a valid OCSP response,
1220 * OCSP status extension is enabled but OCSP response is ignored (a warning is
1221 * displayed).
Emeric Brun4147b2e2014-06-16 18:36:30 +02001222 *
1223 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001224 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001225 */
William Lallemand4a660132019-10-14 14:51:41 +02001226#ifndef OPENSSL_IS_BORINGSSL
William Lallemand246c0242019-10-11 08:59:13 +02001227static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001228{
William Lallemand246c0242019-10-11 08:59:13 +02001229 X509 *x = NULL, *issuer = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001230 OCSP_CERTID *cid = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001231 int i, ret = -1;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001232 struct certificate_ocsp *ocsp = NULL, *iocsp;
1233 char *warn = NULL;
1234 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001235 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001236
Emeric Brun4147b2e2014-06-16 18:36:30 +02001237
William Lallemand246c0242019-10-11 08:59:13 +02001238 x = ckch->cert;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001239 if (!x)
1240 goto out;
1241
William Lallemand246c0242019-10-11 08:59:13 +02001242 issuer = ckch->ocsp_issuer;
1243 if (!issuer)
1244 goto out;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001245
1246 cid = OCSP_cert_to_id(0, x, issuer);
1247 if (!cid)
1248 goto out;
1249
1250 i = i2d_OCSP_CERTID(cid, NULL);
1251 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1252 goto out;
1253
Vincent Bernat02779b62016-04-03 13:48:43 +02001254 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001255 if (!ocsp)
1256 goto out;
1257
1258 p = ocsp->key_data;
1259 i2d_OCSP_CERTID(cid, &p);
1260
1261 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1262 if (iocsp == ocsp)
1263 ocsp = NULL;
1264
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001265#ifndef SSL_CTX_get_tlsext_status_cb
1266# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1267 *cb = (void (*) (void))ctx->tlsext_status_cb;
1268#endif
1269 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1270
1271 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001272 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001273 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001274
1275 cb_arg->is_single = 1;
1276 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001277
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001278 pkey = X509_get_pubkey(x);
1279 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1280 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001281
1282 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1283 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1284 } else {
1285 /*
1286 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1287 * Update that cb_arg with the new cert's staple
1288 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001289 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001290 struct certificate_ocsp *tmp_ocsp;
1291 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001292 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001293 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001294
1295#ifdef SSL_CTX_get_tlsext_status_arg
1296 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1297#else
1298 cb_arg = ctx->tlsext_status_arg;
1299#endif
yanbzhube2774d2015-12-10 15:07:30 -05001300
1301 /*
1302 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1303 * the order of operations below matter, take care when changing it
1304 */
1305 tmp_ocsp = cb_arg->s_ocsp;
1306 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1307 cb_arg->s_ocsp = NULL;
1308 cb_arg->m_ocsp[index] = tmp_ocsp;
1309 cb_arg->is_single = 0;
1310 cb_arg->single_kt = 0;
1311
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001312 pkey = X509_get_pubkey(x);
1313 key_type = EVP_PKEY_base_id(pkey);
1314 EVP_PKEY_free(pkey);
1315
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001316 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001317 if (index >= 0 && !cb_arg->m_ocsp[index])
1318 cb_arg->m_ocsp[index] = iocsp;
1319
1320 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001321
1322 ret = 0;
1323
1324 warn = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001325 if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
William Lallemand3b5f3602019-10-16 18:05:05 +02001326 memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001327 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001328 }
1329
1330out:
Emeric Brun4147b2e2014-06-16 18:36:30 +02001331 if (cid)
1332 OCSP_CERTID_free(cid);
1333
1334 if (ocsp)
1335 free(ocsp);
1336
1337 if (warn)
1338 free(warn);
1339
Emeric Brun4147b2e2014-06-16 18:36:30 +02001340 return ret;
1341}
William Lallemand4a660132019-10-14 14:51:41 +02001342#else /* OPENSSL_IS_BORINGSSL */
1343static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001344{
William Lallemand4a660132019-10-14 14:51:41 +02001345 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)ckch->ocsp_response->area, ckch->ocsp_response->data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001346}
1347#endif
1348
William Lallemand4a660132019-10-14 14:51:41 +02001349#endif
1350
1351
Willy Tarreau5db847a2019-05-09 14:13:35 +02001352#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001353
1354#define CT_EXTENSION_TYPE 18
1355
1356static int sctl_ex_index = -1;
1357
1358/*
1359 * Try to parse Signed Certificate Timestamp List structure. This function
1360 * makes only basic test if the data seems like SCTL. No signature validation
1361 * is performed.
1362 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001363static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001364{
1365 int ret = 1;
1366 int len, pos, sct_len;
1367 unsigned char *data;
1368
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001369 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001370 goto out;
1371
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001372 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001373 len = (data[0] << 8) | data[1];
1374
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001375 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001376 goto out;
1377
1378 data = data + 2;
1379 pos = 0;
1380 while (pos < len) {
1381 if (len - pos < 2)
1382 goto out;
1383
1384 sct_len = (data[pos] << 8) | data[pos + 1];
1385 if (pos + sct_len + 2 > len)
1386 goto out;
1387
1388 pos += sct_len + 2;
1389 }
1390
1391 ret = 0;
1392
1393out:
1394 return ret;
1395}
1396
William Lallemand0dfae6c2019-10-16 18:06:58 +02001397/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
1398 * It fills the ckch->sctl buffer
1399 * return 0 on success or != 0 on failure */
1400static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001401{
1402 int fd = -1;
1403 int r = 0;
1404 int ret = 1;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001405 struct buffer tmp;
1406 struct buffer *src;
1407 struct buffer *sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001408
William Lallemand0dfae6c2019-10-16 18:06:58 +02001409 if (buf) {
1410 tmp.area = buf;
1411 tmp.data = strlen(buf);
1412 tmp.size = tmp.data + 1;
1413 src = &tmp;
1414 } else {
1415 fd = open(sctl_path, O_RDONLY);
1416 if (fd == -1)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001417 goto end;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001418
1419 trash.data = 0;
1420 while (trash.data < trash.size) {
1421 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1422 if (r < 0) {
1423 if (errno == EINTR)
1424 continue;
1425 goto end;
1426 }
1427 else if (r == 0) {
1428 break;
1429 }
1430 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001431 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001432 src = &trash;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001433 }
1434
William Lallemand0dfae6c2019-10-16 18:06:58 +02001435 ret = ssl_sock_parse_sctl(src);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001436 if (ret)
1437 goto end;
1438
William Lallemand0dfae6c2019-10-16 18:06:58 +02001439 sctl = calloc(1, sizeof(*sctl));
1440 if (!chunk_dup(sctl, src)) {
1441 free(sctl);
1442 sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001443 goto end;
1444 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001445 ret = 0;
1446 /* TODO: free the previous SCTL in the ckch */
1447 ckch->sctl = sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001448
1449end:
1450 if (fd != -1)
1451 close(fd);
1452
1453 return ret;
1454}
1455
1456int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1457{
Willy Tarreau83061a82018-07-13 11:56:34 +02001458 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001459
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001460 *out = (unsigned char *) sctl->area;
1461 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001462
1463 return 1;
1464}
1465
1466int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1467{
1468 return 1;
1469}
1470
William Lallemanda17f4112019-10-10 15:16:44 +02001471static int ssl_sock_load_sctl(SSL_CTX *ctx, struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001472{
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001473 int ret = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001474
William Lallemanda17f4112019-10-10 15:16:44 +02001475 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL))
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001476 goto out;
1477
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001478 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1479
1480 ret = 0;
1481
1482out:
1483 return ret;
1484}
1485
1486#endif
1487
Emeric Brune1f38db2012-09-03 20:36:47 +02001488void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1489{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001490 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001491 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001492 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001493 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001494
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001495#ifndef SSL_OP_NO_RENEGOTIATION
1496 /* Please note that BoringSSL defines this macro to zero so don't
1497 * change this to #if and do not assign a default value to this macro!
1498 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001499 if (where & SSL_CB_HANDSHAKE_START) {
1500 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001501 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001502 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001503 conn->err_code = CO_ER_SSL_RENEG;
1504 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001505 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001506#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001507
1508 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001509 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001510 /* Long certificate chains optimz
1511 If write and read bios are differents, we
1512 consider that the buffering was activated,
1513 so we rise the output buffer size from 4k
1514 to 16k */
1515 write_bio = SSL_get_wbio(ssl);
1516 if (write_bio != SSL_get_rbio(ssl)) {
1517 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001518 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001519 }
1520 }
1521 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001522}
1523
Emeric Brune64aef12012-09-21 13:15:06 +02001524/* Callback is called for each certificate of the chain during a verify
1525 ok is set to 1 if preverify detect no error on current certificate.
1526 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001527int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001528{
1529 SSL *ssl;
1530 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001531 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001532 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001533
1534 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001535 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001536
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001537 ctx = conn->xprt_ctx;
1538
1539 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001540
Emeric Brun81c00f02012-09-21 14:31:21 +02001541 if (ok) /* no errors */
1542 return ok;
1543
1544 depth = X509_STORE_CTX_get_error_depth(x_store);
1545 err = X509_STORE_CTX_get_error(x_store);
1546
1547 /* check if CA error needs to be ignored */
1548 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001549 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1550 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1551 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001552 }
1553
Willy Tarreau07d94e42018-09-20 10:57:52 +02001554 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001555 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001556 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001557 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001558 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001559
Willy Tarreau20879a02012-12-03 16:32:10 +01001560 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001561 return 0;
1562 }
1563
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001564 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1565 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001566
Emeric Brun81c00f02012-09-21 14:31:21 +02001567 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001568 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001569 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001570 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001571 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001572 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001573
Willy Tarreau20879a02012-12-03 16:32:10 +01001574 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001575 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001576}
1577
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001578static inline
1579void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001580 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001581{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001582 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001583 unsigned char *msg;
1584 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001585 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001586
1587 /* This function is called for "from client" and "to server"
1588 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001589 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001590 */
1591
1592 /* "write_p" is set to 0 is the bytes are received messages,
1593 * otherwise it is set to 1.
1594 */
1595 if (write_p != 0)
1596 return;
1597
1598 /* content_type contains the type of message received or sent
1599 * according with the SSL/TLS protocol spec. This message is
1600 * encoded with one byte. The value 256 (two bytes) is used
1601 * for designing the SSL/TLS record layer. According with the
1602 * rfc6101, the expected message (other than 256) are:
1603 * - change_cipher_spec(20)
1604 * - alert(21)
1605 * - handshake(22)
1606 * - application_data(23)
1607 * - (255)
1608 * We are interessed by the handshake and specially the client
1609 * hello.
1610 */
1611 if (content_type != 22)
1612 return;
1613
1614 /* The message length is at least 4 bytes, containing the
1615 * message type and the message length.
1616 */
1617 if (len < 4)
1618 return;
1619
1620 /* First byte of the handshake message id the type of
1621 * message. The konwn types are:
1622 * - hello_request(0)
1623 * - client_hello(1)
1624 * - server_hello(2)
1625 * - certificate(11)
1626 * - server_key_exchange (12)
1627 * - certificate_request(13)
1628 * - server_hello_done(14)
1629 * We are interested by the client hello.
1630 */
1631 msg = (unsigned char *)buf;
1632 if (msg[0] != 1)
1633 return;
1634
1635 /* Next three bytes are the length of the message. The total length
1636 * must be this decoded length + 4. If the length given as argument
1637 * is not the same, we abort the protocol dissector.
1638 */
1639 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1640 if (len < rec_len + 4)
1641 return;
1642 msg += 4;
1643 end = msg + rec_len;
1644 if (end < msg)
1645 return;
1646
1647 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1648 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001649 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1650 */
1651 msg += 1 + 1 + 4 + 28;
1652 if (msg > end)
1653 return;
1654
1655 /* Next, is session id:
1656 * if present, we have to jump by length + 1 for the size information
1657 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001658 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001659 if (msg[0] > 0)
1660 msg += msg[0];
1661 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001662 if (msg > end)
1663 return;
1664
1665 /* Next two bytes are the ciphersuite length. */
1666 if (msg + 2 > end)
1667 return;
1668 rec_len = (msg[0] << 8) + msg[1];
1669 msg += 2;
1670 if (msg + rec_len > end || msg + rec_len < msg)
1671 return;
1672
Willy Tarreaubafbe012017-11-24 17:34:44 +01001673 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001674 if (!capture)
1675 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001676 /* Compute the xxh64 of the ciphersuite. */
1677 capture->xxh64 = XXH64(msg, rec_len, 0);
1678
1679 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001680 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1681 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001682 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001683
1684 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001685}
1686
Emeric Brun29f037d2014-04-25 19:05:36 +02001687/* Callback is called for ssl protocol analyse */
1688void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1689{
Emeric Brun29f037d2014-04-25 19:05:36 +02001690#ifdef TLS1_RT_HEARTBEAT
1691 /* test heartbeat received (write_p is set to 0
1692 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001693 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001694 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001695 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001696 const unsigned char *p = buf;
1697 unsigned int payload;
1698
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001699 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001700
1701 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1702 if (*p != TLS1_HB_REQUEST)
1703 return;
1704
Willy Tarreauaeed6722014-04-25 23:59:58 +02001705 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001706 goto kill_it;
1707
1708 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001709 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001710 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001711 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001712 /* We have a clear heartbleed attack (CVE-2014-0160), the
1713 * advertised payload is larger than the advertised packet
1714 * length, so we have garbage in the buffer between the
1715 * payload and the end of the buffer (p+len). We can't know
1716 * if the SSL stack is patched, and we don't know if we can
1717 * safely wipe out the area between p+3+len and payload.
1718 * So instead, we prevent the response from being sent by
1719 * setting the max_send_fragment to 0 and we report an SSL
1720 * error, which will kill this connection. It will be reported
1721 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001722 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1723 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001724 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001725 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1726 return;
1727 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001728#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001729 if (global_ssl.capture_cipherlist > 0)
1730 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001731}
1732
Bernard Spil13c53f82018-02-15 13:34:58 +01001733#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001734static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1735 const unsigned char *in, unsigned int inlen,
1736 void *arg)
1737{
1738 struct server *srv = arg;
1739
1740 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1741 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1742 return SSL_TLSEXT_ERR_OK;
1743 return SSL_TLSEXT_ERR_NOACK;
1744}
1745#endif
1746
1747#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001748/* This callback is used so that the server advertises the list of
1749 * negociable protocols for NPN.
1750 */
1751static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1752 unsigned int *len, void *arg)
1753{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001754 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001755
1756 *data = (const unsigned char *)conf->npn_str;
1757 *len = conf->npn_len;
1758 return SSL_TLSEXT_ERR_OK;
1759}
1760#endif
1761
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001762#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001763/* This callback is used so that the server advertises the list of
1764 * negociable protocols for ALPN.
1765 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001766static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1767 unsigned char *outlen,
1768 const unsigned char *server,
1769 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001770{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001771 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001772
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001773 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1774 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1775 return SSL_TLSEXT_ERR_NOACK;
1776 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001777 return SSL_TLSEXT_ERR_OK;
1778}
1779#endif
1780
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001781#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001782#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001783
Christopher Faulet30548802015-06-11 13:39:32 +02001784/* Create a X509 certificate with the specified servername and serial. This
1785 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001786static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001787ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001788{
Christopher Faulet7969a332015-10-09 11:15:03 +02001789 X509 *cacert = bind_conf->ca_sign_cert;
1790 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001791 SSL_CTX *ssl_ctx = NULL;
1792 X509 *newcrt = NULL;
1793 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001794 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001795 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001796 X509_NAME *name;
1797 const EVP_MD *digest;
1798 X509V3_CTX ctx;
1799 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001800 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001801
Christopher Faulet48a83322017-07-28 16:56:09 +02001802 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001803#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001804 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1805#else
1806 tmp_ssl = SSL_new(bind_conf->default_ctx);
1807 if (tmp_ssl)
1808 pkey = SSL_get_privatekey(tmp_ssl);
1809#endif
1810 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001811 goto mkcert_error;
1812
1813 /* Create the certificate */
1814 if (!(newcrt = X509_new()))
1815 goto mkcert_error;
1816
1817 /* Set version number for the certificate (X509v3) and the serial
1818 * number */
1819 if (X509_set_version(newcrt, 2L) != 1)
1820 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001821 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001822
1823 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001824 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1825 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001826 goto mkcert_error;
1827
1828 /* set public key in the certificate */
1829 if (X509_set_pubkey(newcrt, pkey) != 1)
1830 goto mkcert_error;
1831
1832 /* Set issuer name from the CA */
1833 if (!(name = X509_get_subject_name(cacert)))
1834 goto mkcert_error;
1835 if (X509_set_issuer_name(newcrt, name) != 1)
1836 goto mkcert_error;
1837
1838 /* Set the subject name using the same, but the CN */
1839 name = X509_NAME_dup(name);
1840 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1841 (const unsigned char *)servername,
1842 -1, -1, 0) != 1) {
1843 X509_NAME_free(name);
1844 goto mkcert_error;
1845 }
1846 if (X509_set_subject_name(newcrt, name) != 1) {
1847 X509_NAME_free(name);
1848 goto mkcert_error;
1849 }
1850 X509_NAME_free(name);
1851
1852 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001853 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001854 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1855 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1856 X509_EXTENSION *ext;
1857
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001858 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001859 goto mkcert_error;
1860 if (!X509_add_ext(newcrt, ext, -1)) {
1861 X509_EXTENSION_free(ext);
1862 goto mkcert_error;
1863 }
1864 X509_EXTENSION_free(ext);
1865 }
1866
1867 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001868
1869 key_type = EVP_PKEY_base_id(capkey);
1870
1871 if (key_type == EVP_PKEY_DSA)
1872 digest = EVP_sha1();
1873 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001874 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001875 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001876 digest = EVP_sha256();
1877 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001878#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001879 int nid;
1880
1881 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1882 goto mkcert_error;
1883 if (!(digest = EVP_get_digestbynid(nid)))
1884 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001885#else
1886 goto mkcert_error;
1887#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001888 }
1889
Christopher Faulet31af49d2015-06-09 17:29:50 +02001890 if (!(X509_sign(newcrt, capkey, digest)))
1891 goto mkcert_error;
1892
1893 /* Create and set the new SSL_CTX */
1894 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1895 goto mkcert_error;
1896 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1897 goto mkcert_error;
1898 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1899 goto mkcert_error;
1900 if (!SSL_CTX_check_private_key(ssl_ctx))
1901 goto mkcert_error;
1902
1903 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001904
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001905#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001906 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001907#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001908#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1909 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001910 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001911 EC_KEY *ecc;
1912 int nid;
1913
1914 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1915 goto end;
1916 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1917 goto end;
1918 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1919 EC_KEY_free(ecc);
1920 }
1921#endif
1922 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001923 return ssl_ctx;
1924
1925 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001926 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001927 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001928 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1929 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001930 return NULL;
1931}
1932
Christopher Faulet7969a332015-10-09 11:15:03 +02001933SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001934ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001935{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001936 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001937 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001938
Olivier Houchard66ab4982019-02-26 18:37:15 +01001939 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001940}
1941
Christopher Faulet30548802015-06-11 13:39:32 +02001942/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001943 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001944SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001945ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001946{
1947 struct lru64 *lru = NULL;
1948
1949 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001950 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001951 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001952 if (lru && lru->domain) {
1953 if (ssl)
1954 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001955 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001956 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001957 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001958 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001959 }
1960 return NULL;
1961}
1962
Emeric Brun821bb9b2017-06-15 16:37:39 +02001963/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1964 * function is not thread-safe, it should only be used to check if a certificate
1965 * exists in the lru cache (with no warranty it will not be removed by another
1966 * thread). It is kept for backward compatibility. */
1967SSL_CTX *
1968ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1969{
1970 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1971}
1972
Christopher Fauletd2cab922015-07-28 16:03:47 +02001973/* Set a certificate int the LRU cache used to store generated
1974 * certificate. Return 0 on success, otherwise -1 */
1975int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001976ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001977{
1978 struct lru64 *lru = NULL;
1979
1980 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001981 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001982 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001983 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001984 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001985 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001986 }
Christopher Faulet30548802015-06-11 13:39:32 +02001987 if (lru->domain && lru->data)
1988 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001989 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001990 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001991 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001992 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001993 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001994}
1995
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001996/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001997unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001998ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001999{
2000 return XXH32(data, len, ssl_ctx_lru_seed);
2001}
2002
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002003/* Generate a cert and immediately assign it to the SSL session so that the cert's
2004 * refcount is maintained regardless of the cert's presence in the LRU cache.
2005 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002006static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002007ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002008{
2009 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002010 SSL_CTX *ssl_ctx = NULL;
2011 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002012 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002013
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002014 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002015 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002016 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002017 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002018 if (lru && lru->domain)
2019 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002020 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002021 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002022 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002023 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002024 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002025 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002026 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002027 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002028 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002029 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002030 SSL_set_SSL_CTX(ssl, ssl_ctx);
2031 /* No LRU cache, this CTX will be released as soon as the session dies */
2032 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002033 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002034 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002035 return 0;
2036}
2037static int
2038ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2039{
2040 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002041 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002042
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002043 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002044 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002045 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002046 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002047 }
2048 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002049}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002050#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002051
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002052#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002053typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2054
2055static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002056{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002057#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002058 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002059 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2060#endif
2061}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002062static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2063 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002064 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2065}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002066static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002067#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002068 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002069 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2070#endif
2071}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002072static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002073#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002074 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002075 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2076#endif
2077}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002078/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002079static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2080/* Unusable in this context. */
2081static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2082static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2083static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2084static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2085static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002086#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002087typedef enum { SET_MIN, SET_MAX } set_context_func;
2088
2089static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2090 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002091 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2092}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002093static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2094 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2095 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2096}
2097static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2098 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002099 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2100}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002101static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2102 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2103 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2104}
2105static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2106 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002107 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2108}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002109static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2110 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2111 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2112}
2113static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2114 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002115 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2116}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2118 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2119 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2120}
2121static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002122#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002123 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002124 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2125#endif
2126}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002127static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2128#if SSL_OP_NO_TLSv1_3
2129 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2130 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002131#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002132}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002133#endif
2134static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2135static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002136
2137static struct {
2138 int option;
2139 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002140 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2141 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002142 const char *name;
2143} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002144 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2145 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2146 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2147 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2148 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2149 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002150};
2151
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002152static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2153{
2154 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2155 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2156 SSL_set_SSL_CTX(ssl, ctx);
2157}
2158
Willy Tarreau5db847a2019-05-09 14:13:35 +02002159#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002160
2161static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2162{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002163 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002164 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002165
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002166 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2167 return SSL_TLSEXT_ERR_OK;
2168 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002169}
2170
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002171#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002172static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2173{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002174 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002175#else
2176static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2177{
2178#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002179 struct connection *conn;
2180 struct bind_conf *s;
2181 const uint8_t *extension_data;
2182 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002183 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002184
2185 char *wildp = NULL;
2186 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002187 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002188 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002189 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002190 int i;
2191
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002192 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002193 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002194
Olivier Houchard9679ac92017-10-27 14:58:08 +02002195 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002196 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002197#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002198 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2199 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002200#else
2201 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2202#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002203 /*
2204 * The server_name extension was given too much extensibility when it
2205 * was written, so parsing the normal case is a bit complex.
2206 */
2207 size_t len;
2208 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002210 /* Extract the length of the supplied list of names. */
2211 len = (*extension_data++) << 8;
2212 len |= *extension_data++;
2213 if (len + 2 != extension_len)
2214 goto abort;
2215 /*
2216 * The list in practice only has a single element, so we only consider
2217 * the first one.
2218 */
2219 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2220 goto abort;
2221 extension_len = len - 1;
2222 /* Now we can finally pull out the byte array with the actual hostname. */
2223 if (extension_len <= 2)
2224 goto abort;
2225 len = (*extension_data++) << 8;
2226 len |= *extension_data++;
2227 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2228 || memchr(extension_data, 0, len) != NULL)
2229 goto abort;
2230 servername = extension_data;
2231 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002232 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002233#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2234 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002235 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002236 }
2237#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002238 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002239 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002240 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002241 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002242 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002243 goto abort;
2244 }
2245
2246 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002247#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002248 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002249#else
2250 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2251#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002252 uint8_t sign;
2253 size_t len;
2254 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002255 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002256 len = (*extension_data++) << 8;
2257 len |= *extension_data++;
2258 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002259 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002260 if (len % 2 != 0)
2261 goto abort;
2262 for (; len > 0; len -= 2) {
2263 extension_data++; /* hash */
2264 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002265 switch (sign) {
2266 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002267 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002268 break;
2269 case TLSEXT_signature_ecdsa:
2270 has_ecdsa_sig = 1;
2271 break;
2272 default:
2273 continue;
2274 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002275 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002276 break;
2277 }
2278 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002279 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002280 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002281 }
2282 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002283 const SSL_CIPHER *cipher;
2284 size_t len;
2285 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002286 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002287#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002288 len = ctx->cipher_suites_len;
2289 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002290#else
2291 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2292#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002293 if (len % 2 != 0)
2294 goto abort;
2295 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002296#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002297 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002298 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002299#else
2300 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2301#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002302 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002303 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002304 break;
2305 }
2306 }
2307 }
2308
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002309 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002310 trash.area[i] = tolower(servername[i]);
2311 if (!wildp && (trash.area[i] == '.'))
2312 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002313 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002314 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002315
William Lallemand150bfa82019-09-19 17:12:49 +02002316 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002317 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002318 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002319
2320 /* lookup a not neg filter */
2321 for (n = node; n; n = ebmb_next_dup(n)) {
2322 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002323 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002325 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002326 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002327 break;
2328 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002329 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002330 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002331 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002332 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002333 if (!node_anonymous)
2334 node_anonymous = n;
2335 break;
2336 }
2337 }
2338 }
2339 if (wildp) {
2340 /* lookup in wildcards names */
2341 node = ebst_lookup(&s->sni_w_ctx, wildp);
2342 for (n = node; n; n = ebmb_next_dup(n)) {
2343 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002344 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002345 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002346 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002347 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 break;
2349 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002350 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002351 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002352 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002353 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002354 if (!node_anonymous)
2355 node_anonymous = n;
2356 break;
2357 }
2358 }
2359 }
2360 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002361 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002362 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2363 : ((has_rsa_sig && node_rsa) ? node_rsa
2364 : (node_anonymous ? node_anonymous
2365 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2366 : node_rsa /* no rsa signature case (far far away) */
2367 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002368 if (node) {
2369 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002370 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002371 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002372 if (conf) {
2373 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2374 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2375 if (conf->early_data)
2376 allow_early = 1;
2377 }
William Lallemand02010472019-10-18 11:02:19 +02002378 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002379 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002380 }
William Lallemand150bfa82019-09-19 17:12:49 +02002381
William Lallemand02010472019-10-18 11:02:19 +02002382 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002383#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002384 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002385 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002386 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002387 }
2388#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002389 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002390 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002391 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002392 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002393allow_early:
2394#ifdef OPENSSL_IS_BORINGSSL
2395 if (allow_early)
2396 SSL_set_early_data_enabled(ssl, 1);
2397#else
2398 if (!allow_early)
2399 SSL_set_max_early_data(ssl, 0);
2400#endif
2401 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002402 abort:
2403 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2404 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002405#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002406 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002407#else
2408 *al = SSL_AD_UNRECOGNIZED_NAME;
2409 return 0;
2410#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002411}
2412
2413#else /* OPENSSL_IS_BORINGSSL */
2414
Emeric Brunfc0421f2012-09-07 17:30:07 +02002415/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2416 * warning when no match is found, which implies the default (first) cert
2417 * will keep being used.
2418 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002419static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002420{
2421 const char *servername;
2422 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002423 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002424 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002425 int i;
2426 (void)al; /* shut gcc stupid warning */
2427
2428 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002429 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002430#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002431 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2432 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002433#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002434 if (s->strict_sni)
2435 return SSL_TLSEXT_ERR_ALERT_FATAL;
2436 ssl_sock_switchctx_set(ssl, s->default_ctx);
2437 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002438 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002439
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002440 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002441 if (!servername[i])
2442 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002443 trash.area[i] = tolower(servername[i]);
2444 if (!wildp && (trash.area[i] == '.'))
2445 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002446 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002447 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002448
William Lallemand150bfa82019-09-19 17:12:49 +02002449 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002450 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002451 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002452
2453 /* lookup a not neg filter */
2454 for (n = node; n; n = ebmb_next_dup(n)) {
2455 if (!container_of(n, struct sni_ctx, name)->neg) {
2456 node = n;
2457 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002458 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002459 }
2460 if (!node && wildp) {
2461 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002462 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002463 }
2464 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002465#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002466 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2467 /* switch ctx done in ssl_sock_generate_certificate */
William Lallemand150bfa82019-09-19 17:12:49 +02002468 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002469 return SSL_TLSEXT_ERR_OK;
2470 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002471#endif
William Lallemand150bfa82019-09-19 17:12:49 +02002472 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002473 if (s->strict_sni)
2474 return SSL_TLSEXT_ERR_ALERT_FATAL;
2475 ssl_sock_switchctx_set(ssl, s->default_ctx);
2476 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002477 }
2478
2479 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002480 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
William Lallemand150bfa82019-09-19 17:12:49 +02002481 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002482 return SSL_TLSEXT_ERR_OK;
2483}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002484#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002485#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2486
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002487#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002488
2489static DH * ssl_get_dh_1024(void)
2490{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002491 static unsigned char dh1024_p[]={
2492 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2493 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2494 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2495 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2496 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2497 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2498 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2499 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2500 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2501 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2502 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2503 };
2504 static unsigned char dh1024_g[]={
2505 0x02,
2506 };
2507
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002508 BIGNUM *p;
2509 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002510 DH *dh = DH_new();
2511 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002512 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2513 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002514
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002515 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002516 DH_free(dh);
2517 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002518 } else {
2519 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002520 }
2521 }
2522 return dh;
2523}
2524
2525static DH *ssl_get_dh_2048(void)
2526{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002527 static unsigned char dh2048_p[]={
2528 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2529 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2530 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2531 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2532 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2533 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2534 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2535 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2536 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2537 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2538 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2539 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2540 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2541 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2542 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2543 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2544 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2545 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2546 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2547 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2548 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2549 0xB7,0x1F,0x77,0xF3,
2550 };
2551 static unsigned char dh2048_g[]={
2552 0x02,
2553 };
2554
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002555 BIGNUM *p;
2556 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002557 DH *dh = DH_new();
2558 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002559 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2560 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002561
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002562 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002563 DH_free(dh);
2564 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002565 } else {
2566 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002567 }
2568 }
2569 return dh;
2570}
2571
2572static DH *ssl_get_dh_4096(void)
2573{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002574 static unsigned char dh4096_p[]={
2575 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2576 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2577 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2578 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2579 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2580 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2581 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2582 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2583 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2584 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2585 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2586 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2587 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2588 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2589 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2590 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2591 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2592 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2593 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2594 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2595 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2596 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2597 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2598 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2599 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2600 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2601 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2602 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2603 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2604 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2605 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2606 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2607 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2608 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2609 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2610 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2611 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2612 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2613 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2614 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2615 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2616 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2617 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002618 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002619 static unsigned char dh4096_g[]={
2620 0x02,
2621 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002622
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002623 BIGNUM *p;
2624 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002625 DH *dh = DH_new();
2626 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002627 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2628 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002629
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002630 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002631 DH_free(dh);
2632 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002633 } else {
2634 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002635 }
2636 }
2637 return dh;
2638}
2639
2640/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002641 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002642static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2643{
2644 DH *dh = NULL;
2645 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002646 int type;
2647
2648 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002649
2650 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2651 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2652 */
2653 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2654 keylen = EVP_PKEY_bits(pkey);
2655 }
2656
Willy Tarreauef934602016-12-22 23:12:01 +01002657 if (keylen > global_ssl.default_dh_param) {
2658 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002659 }
2660
Remi Gacogned3a341a2015-05-29 16:26:17 +02002661 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002662 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002663 }
2664 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002665 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002666 }
2667 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002668 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002669 }
2670
2671 return dh;
2672}
2673
Remi Gacogne47783ef2015-05-29 15:53:22 +02002674static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002675{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002676 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002677 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002678
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002679 if (in == NULL)
2680 goto end;
2681
Remi Gacogne47783ef2015-05-29 15:53:22 +02002682 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002683 goto end;
2684
Remi Gacogne47783ef2015-05-29 15:53:22 +02002685 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2686
2687end:
2688 if (in)
2689 BIO_free(in);
2690
Emeric Brune1b4ed42018-08-16 15:14:12 +02002691 ERR_clear_error();
2692
Remi Gacogne47783ef2015-05-29 15:53:22 +02002693 return dh;
2694}
2695
2696int ssl_sock_load_global_dh_param_from_file(const char *filename)
2697{
2698 global_dh = ssl_sock_get_dh_from_file(filename);
2699
2700 if (global_dh) {
2701 return 0;
2702 }
2703
2704 return -1;
2705}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002706#endif
2707
William Lallemand9117de92019-10-04 00:29:42 +02002708/* Alloc and init a ckch_inst */
2709static struct ckch_inst *ckch_inst_new()
2710{
2711 struct ckch_inst *ckch_inst;
2712
2713 ckch_inst = calloc(1, sizeof *ckch_inst);
2714 if (ckch_inst)
2715 LIST_INIT(&ckch_inst->sni_ctx);
2716
2717 return ckch_inst;
2718}
2719
2720
2721/* This function allocates a sni_ctx and adds it to the ckch_inst */
William Lallemand1d29c742019-10-04 00:53:29 +02002722static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
William Lallemand9117de92019-10-04 00:29:42 +02002723 struct bind_conf *s, struct ssl_bind_conf *conf,
2724 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002725{
2726 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002727 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002728
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002729 if (*name == '!') {
2730 neg = 1;
2731 name++;
2732 }
2733 if (*name == '*') {
2734 wild = 1;
2735 name++;
2736 }
2737 /* !* filter is a nop */
2738 if (neg && wild)
2739 return order;
2740 if (*name) {
2741 int j, len;
2742 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002743 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002744 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002745 if (j >= trash.size)
William Lallemandfe49bb32019-10-03 23:46:33 +02002746 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002747 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002748
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002749 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002750 if (!sc)
William Lallemandfe49bb32019-10-03 23:46:33 +02002751 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002752 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002753 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002754 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002755 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002756 sc->order = order++;
2757 sc->neg = neg;
William Lallemand1d29c742019-10-04 00:53:29 +02002758 sc->wild = wild;
2759 sc->name.node.leaf_p = NULL;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002760 if (kinfo.sig != TLSEXT_signature_anonymous)
2761 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
William Lallemand9117de92019-10-04 00:29:42 +02002762
William Lallemand1d29c742019-10-04 00:53:29 +02002763 LIST_ADDQ(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002764 }
2765 return order;
2766}
2767
William Lallemand6af03992019-07-23 15:00:54 +02002768/*
William Lallemand1d29c742019-10-04 00:53:29 +02002769 * Insert the sni_ctxs that are listed in the ckch_inst, in the bind_conf's sni_ctx tree
2770 * This function can't return an error.
2771 *
2772 * *CAUTION*: The caller must lock the sni tree if called in multithreading mode
2773 */
2774static void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf)
2775{
2776
2777 struct sni_ctx *sc0, *sc0b, *sc1;
2778 struct ebmb_node *node;
2779
2780 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
2781
2782 /* ignore if sc0 was already inserted in a tree */
2783 if (sc0->name.node.leaf_p)
2784 continue;
2785
2786 /* Check for duplicates. */
2787 if (sc0->wild)
2788 node = ebst_lookup(&bind_conf->sni_w_ctx, (char *)sc0->name.key);
2789 else
2790 node = ebst_lookup(&bind_conf->sni_ctx, (char *)sc0->name.key);
2791
2792 for (; node; node = ebmb_next_dup(node)) {
2793 sc1 = ebmb_entry(node, struct sni_ctx, name);
2794 if (sc1->ctx == sc0->ctx && sc1->conf == sc0->conf
2795 && sc1->neg == sc0->neg && sc1->wild == sc0->wild) {
2796 /* it's a duplicate, we should remove and free it */
2797 LIST_DEL(&sc0->by_ckch_inst);
2798 free(sc0);
2799 sc0 = NULL;
William Lallemande15029b2019-10-14 10:46:58 +02002800 break;
William Lallemand1d29c742019-10-04 00:53:29 +02002801 }
2802 }
2803
2804 /* if duplicate, ignore the insertion */
2805 if (!sc0)
2806 continue;
2807
2808 if (sc0->wild)
2809 ebst_insert(&bind_conf->sni_w_ctx, &sc0->name);
2810 else
2811 ebst_insert(&bind_conf->sni_ctx, &sc0->name);
2812 }
2813}
2814
2815/*
William Lallemande3af8fb2019-10-08 11:36:53 +02002816 * tree used to store the ckchs ordered by filename/bundle name
William Lallemand6af03992019-07-23 15:00:54 +02002817 */
William Lallemande3af8fb2019-10-08 11:36:53 +02002818struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
William Lallemand6af03992019-07-23 15:00:54 +02002819
William Lallemandfa892222019-07-23 16:06:08 +02002820
Emeric Brun7a883362019-10-17 13:27:40 +02002821/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2822 * If there is no DH paramater availaible in the ckchs, the global
2823 * DH parameter is loaded into the SSL_CTX and if there is no
2824 * DH parameter available in ckchs nor in global, the default
2825 * DH parameters are applied on the SSL_CTX.
2826 * Returns a bitfield containing the flags:
2827 * ERR_FATAL in any fatal error case
2828 * ERR_ALERT if a reason of the error is availabine in err
2829 * ERR_WARN if a warning is available into err
2830 * The value 0 means there is no error nor warning and
2831 * the operation succeed.
2832 */
William Lallemandfa892222019-07-23 16:06:08 +02002833#ifndef OPENSSL_NO_DH
Emeric Brun7a883362019-10-17 13:27:40 +02002834static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch,
2835 const char *path, char **err)
William Lallemandfa892222019-07-23 16:06:08 +02002836{
Emeric Brun7a883362019-10-17 13:27:40 +02002837 int ret = 0;
William Lallemandfa892222019-07-23 16:06:08 +02002838 DH *dh = NULL;
2839
William Lallemanda8c73742019-07-31 18:31:34 +02002840 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02002841 dh = ckch->dh;
Emeric Bruna9363eb2019-10-17 14:53:03 +02002842 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
2843 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
2844 err && *err ? *err : "", path);
2845#if defined(SSL_CTX_set_dh_auto)
2846 SSL_CTX_set_dh_auto(ctx, 1);
2847 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2848 err && *err ? *err : "");
2849#else
2850 memprintf(err, "%s, DH ciphers won't be available.\n",
2851 err && *err ? *err : "");
2852#endif
2853 ret |= ERR_WARN;
2854 goto end;
2855 }
William Lallemandfa892222019-07-23 16:06:08 +02002856
2857 if (ssl_dh_ptr_index >= 0) {
2858 /* store a pointer to the DH params to avoid complaining about
2859 ssl-default-dh-param not being set for this SSL_CTX */
2860 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2861 }
2862 }
2863 else if (global_dh) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02002864 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
2865 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
2866 err && *err ? *err : "", path);
2867#if defined(SSL_CTX_set_dh_auto)
2868 SSL_CTX_set_dh_auto(ctx, 1);
2869 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2870 err && *err ? *err : "");
2871#else
2872 memprintf(err, "%s, DH ciphers won't be available.\n",
2873 err && *err ? *err : "");
2874#endif
2875 ret |= ERR_WARN;
2876 goto end;
2877 }
William Lallemandfa892222019-07-23 16:06:08 +02002878 }
2879 else {
2880 /* Clear openssl global errors stack */
2881 ERR_clear_error();
2882
2883 if (global_ssl.default_dh_param <= 1024) {
2884 /* we are limited to DH parameter of 1024 bits anyway */
2885 if (local_dh_1024 == NULL)
2886 local_dh_1024 = ssl_get_dh_1024();
2887
Emeric Brun7a883362019-10-17 13:27:40 +02002888 if (local_dh_1024 == NULL) {
2889 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2890 err && *err ? *err : "", path);
2891 ret |= ERR_ALERT | ERR_FATAL;
William Lallemandfa892222019-07-23 16:06:08 +02002892 goto end;
Emeric Brun7a883362019-10-17 13:27:40 +02002893 }
William Lallemandfa892222019-07-23 16:06:08 +02002894
Emeric Bruna9363eb2019-10-17 14:53:03 +02002895 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
2896 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2897 err && *err ? *err : "", path);
2898#if defined(SSL_CTX_set_dh_auto)
2899 SSL_CTX_set_dh_auto(ctx, 1);
2900 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2901 err && *err ? *err : "");
2902#else
2903 memprintf(err, "%s, DH ciphers won't be available.\n",
2904 err && *err ? *err : "");
2905#endif
2906 ret |= ERR_WARN;
2907 goto end;
2908 }
William Lallemandfa892222019-07-23 16:06:08 +02002909 }
2910 else {
2911 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2912 }
William Lallemandfa892222019-07-23 16:06:08 +02002913 }
2914
2915end:
William Lallemandfa892222019-07-23 16:06:08 +02002916 return ret;
2917}
2918#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05002919
yanbzhu488a4d22015-12-01 15:16:07 -05002920/* Frees the contents of a cert_key_and_chain
2921 */
2922static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2923{
yanbzhu488a4d22015-12-01 15:16:07 -05002924 if (!ckch)
2925 return;
2926
2927 /* Free the certificate and set pointer to NULL */
2928 if (ckch->cert)
2929 X509_free(ckch->cert);
2930 ckch->cert = NULL;
2931
2932 /* Free the key and set pointer to NULL */
2933 if (ckch->key)
2934 EVP_PKEY_free(ckch->key);
2935 ckch->key = NULL;
2936
2937 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002938 if (ckch->chain)
2939 sk_X509_pop_free(ckch->chain, X509_free);
2940 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05002941
William Lallemand455af502019-10-17 18:04:45 +02002942 if (ckch->dh)
2943 DH_free(ckch->dh);
2944 ckch->dh = NULL;
2945
2946 if (ckch->sctl) {
2947 free(ckch->sctl->area);
2948 ckch->sctl->area = NULL;
2949 free(ckch->sctl);
2950 ckch->sctl = NULL;
2951 }
2952
2953 if (ckch->ocsp_response) {
2954 free(ckch->ocsp_response->area);
2955 ckch->ocsp_response->area = NULL;
2956 free(ckch->ocsp_response);
2957 ckch->ocsp_response = NULL;
2958 }
yanbzhu488a4d22015-12-01 15:16:07 -05002959}
2960
William Lallemand8d0f8932019-10-17 18:03:58 +02002961/*
2962 *
2963 * This function copy a cert_key_and_chain in memory
2964 *
2965 * It's used to try to apply changes on a ckch before committing them, because
2966 * most of the time it's not possible to revert those changes
2967 *
2968 * Return a the dst or NULL
2969 */
2970static struct cert_key_and_chain *ssl_sock_copy_cert_key_and_chain(struct cert_key_and_chain *src,
2971 struct cert_key_and_chain *dst)
2972{
2973 if (src->cert) {
2974 dst->cert = src->cert;
2975 X509_up_ref(src->cert);
2976 }
2977
2978 if (src->key) {
2979 dst->key = src->key;
2980 EVP_PKEY_up_ref(src->key);
2981 }
2982
2983 if (src->chain) {
2984 dst->chain = X509_chain_up_ref(src->chain);
2985 }
2986
2987 if (src->dh) {
2988 DH_up_ref(src->dh);
2989 dst->dh = src->dh;
2990 }
2991
2992 if (src->sctl) {
2993 struct buffer *sctl;
2994
2995 sctl = calloc(1, sizeof(*sctl));
2996 if (!chunk_dup(sctl, src->sctl)) {
2997 free(sctl);
2998 sctl = NULL;
2999 goto error;
3000 }
3001 dst->sctl = sctl;
3002 }
3003
3004 if (src->ocsp_response) {
3005 struct buffer *ocsp_response;
3006
3007 ocsp_response = calloc(1, sizeof(*ocsp_response));
3008 if (!chunk_dup(ocsp_response, src->ocsp_response)) {
3009 free(ocsp_response);
3010 ocsp_response = NULL;
3011 goto error;
3012 }
3013 dst->ocsp_response = ocsp_response;
3014 }
3015
3016 if (src->ocsp_issuer) {
3017 X509_up_ref(src->ocsp_issuer);
3018 dst->ocsp_issuer = src->ocsp_issuer;
3019 }
3020
3021 return dst;
3022
3023error:
3024
3025 /* free everything */
3026 ssl_sock_free_cert_key_and_chain_contents(dst);
3027
3028 return NULL;
3029}
3030
3031
yanbzhu488a4d22015-12-01 15:16:07 -05003032/* checks if a key and cert exists in the ckch
3033 */
William Lallemand1633e392019-09-30 12:58:13 +02003034#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05003035static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
3036{
3037 return (ckch->cert != NULL && ckch->key != NULL);
3038}
William Lallemand1633e392019-09-30 12:58:13 +02003039#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003040
William Lallemandf9568fc2019-10-16 18:27:58 +02003041/*
3042 * return 0 on success or != 0 on failure
3043 */
3044static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch, char **err)
3045{
3046 int ret = 1;
3047 BIO *in = NULL;
3048 X509 *issuer;
3049
3050 if (buf) {
3051 /* reading from a buffer */
3052 in = BIO_new_mem_buf(buf, -1);
3053 if (in == NULL) {
3054 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3055 goto end;
3056 }
3057
3058 } else {
3059 /* reading from a file */
3060 in = BIO_new(BIO_s_file());
3061 if (in == NULL)
3062 goto end;
3063
3064 if (BIO_read_filename(in, path) <= 0)
3065 goto end;
3066 }
3067
3068 issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3069 if (!issuer) {
3070 memprintf(err, "%s'%s' cannot be read or parsed'.\n",
3071 *err ? *err : "", path);
3072 goto end;
3073 }
3074 ret = 0;
3075 ckch->ocsp_issuer = issuer;
3076
3077end:
3078
3079 ERR_clear_error();
3080 if (in)
3081 BIO_free(in);
3082
3083 return ret;
3084}
3085
William Lallemand96a9c972019-10-17 11:56:17 +02003086
3087/*
3088 * Try to load a PEM file from a <path> or a buffer <buf>
3089 * The PEM must contain at least a Private Key and a Certificate,
3090 * It could contain a DH and a certificate chain.
yanbzhu488a4d22015-12-01 15:16:07 -05003091 *
William Lallemand96a9c972019-10-17 11:56:17 +02003092 * If it failed you should not attempt to use the ckch but free it.
3093 *
3094 * Return 0 on success or != 0 on failure
yanbzhu488a4d22015-12-01 15:16:07 -05003095 */
William Lallemand96a9c972019-10-17 11:56:17 +02003096static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch , char **err)
yanbzhu488a4d22015-12-01 15:16:07 -05003097{
William Lallemandf11365b2019-09-19 14:25:58 +02003098 BIO *in = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003099 int ret = 1;
William Lallemand96a9c972019-10-17 11:56:17 +02003100 X509 *ca = NULL;
3101 X509 *cert = NULL;
3102 EVP_PKEY *key = NULL;
3103 DH *dh;
3104
3105 if (buf) {
3106 /* reading from a buffer */
3107 in = BIO_new_mem_buf(buf, -1);
3108 if (in == NULL) {
3109 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3110 goto end;
3111 }
yanbzhu488a4d22015-12-01 15:16:07 -05003112
William Lallemand96a9c972019-10-17 11:56:17 +02003113 } else {
3114 /* reading from a file */
William Lallemandf11365b2019-09-19 14:25:58 +02003115 in = BIO_new(BIO_s_file());
3116 if (in == NULL)
3117 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003118
William Lallemandf11365b2019-09-19 14:25:58 +02003119 if (BIO_read_filename(in, path) <= 0)
3120 goto end;
William Lallemandf11365b2019-09-19 14:25:58 +02003121 }
yanbzhu488a4d22015-12-01 15:16:07 -05003122
yanbzhu488a4d22015-12-01 15:16:07 -05003123 /* Read Private Key */
William Lallemand96a9c972019-10-17 11:56:17 +02003124 key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3125 if (key == NULL) {
yanbzhu488a4d22015-12-01 15:16:07 -05003126 memprintf(err, "%sunable to load private key from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003127 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003128 goto end;
3129 }
3130
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003131#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02003132 /* Seek back to beginning of file */
3133 if (BIO_reset(in) == -1) {
3134 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3135 err && *err ? *err : "", path);
3136 goto end;
3137 }
3138
William Lallemand96a9c972019-10-17 11:56:17 +02003139 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
3140 /* no need to return an error there, dh is not mandatory */
3141
3142 if (dh) {
3143 if (ckch->dh)
3144 DH_free(ckch->dh);
3145 ckch->dh = dh;
3146 }
3147
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003148#endif
William Lallemandfa892222019-07-23 16:06:08 +02003149
Willy Tarreaubb137a82016-04-06 19:02:38 +02003150 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003151 if (BIO_reset(in) == -1) {
3152 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3153 err && *err ? *err : "", path);
3154 goto end;
3155 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003156
3157 /* Read Certificate */
William Lallemand96a9c972019-10-17 11:56:17 +02003158 cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3159 if (cert == NULL) {
Willy Tarreaubb137a82016-04-06 19:02:38 +02003160 memprintf(err, "%sunable to load certificate from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003161 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02003162 goto end;
3163 }
3164
William Lallemand96a9c972019-10-17 11:56:17 +02003165 if (!X509_check_private_key(cert, key)) {
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003166 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003167 err && *err ? *err : "", path);
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003168 goto end;
3169 }
3170
William Lallemand96a9c972019-10-17 11:56:17 +02003171 /* Key and Cert are good, we can use them in the ckch */
3172 if (ckch->key) /* free the previous key */
3173 EVP_PKEY_free(ckch->key);
3174 ckch->key = key;
3175
3176 if (ckch->cert) /* free the previous cert */
3177 X509_free(ckch->cert);
3178 ckch->cert = cert;
3179
3180 /* Look for a Certificate Chain */
3181 ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
3182 if (ca) {
3183 /* there is a chain a in the PEM, clean the previous one in the CKCH */
3184 if (ckch->chain) /* free the previous chain */
3185 sk_X509_pop_free(ckch->chain, X509_free);
3186 ckch->chain = sk_X509_new_null();
3187 if (!sk_X509_push(ckch->chain, ca)) {
3188 X509_free(ca);
3189 goto end;
3190 }
3191 }
3192 /* look for other crt in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003193 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3194 if (!sk_X509_push(ckch->chain, ca)) {
3195 X509_free(ca);
3196 goto end;
3197 }
yanbzhu488a4d22015-12-01 15:16:07 -05003198
yanbzhu488a4d22015-12-01 15:16:07 -05003199 ret = ERR_get_error();
3200 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3201 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003202 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003203 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003204 }
3205
3206 ret = 0;
3207
William Lallemand96a9c972019-10-17 11:56:17 +02003208end:
William Lallemand246c0242019-10-11 08:59:13 +02003209
3210 ERR_clear_error();
William Lallemand96a9c972019-10-17 11:56:17 +02003211 if (in)
William Lallemand246c0242019-10-11 08:59:13 +02003212 BIO_free(in);
William Lallemand96a9c972019-10-17 11:56:17 +02003213 if (ret != 0) {
3214 if (key)
3215 EVP_PKEY_free(key);
3216 if (cert)
3217 X509_free(cert);
yanbzhu488a4d22015-12-01 15:16:07 -05003218 }
William Lallemanda17f4112019-10-10 15:16:44 +02003219
William Lallemand96a9c972019-10-17 11:56:17 +02003220 return ret;
3221}
3222
3223/*
3224 * Try to load in a ckch every files related to a ckch.
3225 * (PEM, sctl, ocsp, issuer etc.)
3226 *
3227 * This function is only used to load files during the configuration parsing,
3228 * it is not used with the CLI.
3229 *
3230 * This allows us to carry the contents of the file without having to read the
3231 * file multiple times. The caller must call
3232 * ssl_sock_free_cert_key_and_chain_contents.
3233 *
3234 * returns:
3235 * 0 on Success
3236 * 1 on SSL Failure
3237 */
3238static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3239{
3240 int ret = 1;
3241
3242 /* try to load the PEM */
3243 if (ssl_sock_load_pem_into_ckch(path, NULL, ckch , err) != 0) {
3244 goto end;
3245 }
3246
William Lallemanda17f4112019-10-10 15:16:44 +02003247#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3248 /* try to load the sctl file */
3249 {
3250 char fp[MAXPATHLEN+1];
3251 struct stat st;
3252
3253 snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
3254 if (stat(fp, &st) == 0) {
William Lallemand0dfae6c2019-10-16 18:06:58 +02003255 if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
William Lallemanda17f4112019-10-10 15:16:44 +02003256 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3257 *err ? *err : "", fp);
3258 ret = 1;
3259 goto end;
3260 }
3261 }
3262 }
3263#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003264
William Lallemand246c0242019-10-11 08:59:13 +02003265 /* try to load an ocsp response file */
3266 {
3267 char fp[MAXPATHLEN+1];
3268 struct stat st;
3269
3270 snprintf(fp, MAXPATHLEN+1, "%s.ocsp", path);
3271 if (stat(fp, &st) == 0) {
William Lallemand3b5f3602019-10-16 18:05:05 +02003272 if (ssl_sock_load_ocsp_response_from_file(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003273 ret = 1;
3274 goto end;
3275 }
3276 }
3277 }
3278
3279 if (ckch->ocsp_response) {
3280 X509 *issuer;
3281 int i;
3282
3283 /* check if one of the certificate of the chain is the issuer */
3284 for (i = 0; i < sk_X509_num(ckch->chain); i++) {
3285 issuer = sk_X509_value(ckch->chain, i);
3286 if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
3287 ckch->ocsp_issuer = issuer;
3288 break;
3289 } else
3290 issuer = NULL;
3291 }
3292
3293 /* if no issuer was found, try to load an issuer from the .issuer */
3294 if (!issuer) {
3295 struct stat st;
3296 char fp[MAXPATHLEN+1];
3297
3298 snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
3299 if (stat(fp, &st) == 0) {
William Lallemandf9568fc2019-10-16 18:27:58 +02003300 if (ssl_sock_load_issuer_file_into_ckch(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003301 ret = 1;
3302 goto end;
3303 }
3304
3305 if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
William Lallemand786188f2019-10-15 10:05:37 +02003306 memprintf(err, "%s '%s' is not an issuer'.\n",
William Lallemand246c0242019-10-11 08:59:13 +02003307 *err ? *err : "", fp);
3308 ret = 1;
3309 goto end;
3310 }
3311 } else {
3312 memprintf(err, "%sNo issuer found, cannot use the OCSP response'.\n",
3313 *err ? *err : "");
3314 ret = 1;
3315 goto end;
3316 }
3317 }
3318 }
3319
yanbzhu488a4d22015-12-01 15:16:07 -05003320 ret = 0;
3321
3322end:
3323
3324 ERR_clear_error();
yanbzhu488a4d22015-12-01 15:16:07 -05003325
3326 /* Something went wrong in one of the reads */
3327 if (ret != 0)
3328 ssl_sock_free_cert_key_and_chain_contents(ckch);
3329
3330 return ret;
3331}
3332
3333/* Loads the info in ckch into ctx
Emeric Bruna96b5822019-10-17 13:25:14 +02003334 * Returns a bitfield containing the flags:
3335 * ERR_FATAL in any fatal error case
3336 * ERR_ALERT if the reason of the error is available in err
3337 * ERR_WARN if a warning is available into err
3338 * The value 0 means there is no error nor warning and
3339 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003340 */
3341static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3342{
Emeric Bruna96b5822019-10-17 13:25:14 +02003343 int errcode = 0;
3344
yanbzhu488a4d22015-12-01 15:16:07 -05003345 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3346 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3347 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003348 errcode |= ERR_ALERT | ERR_FATAL;
3349 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003350 }
3351
3352 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3353 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3354 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003355 errcode |= ERR_ALERT | ERR_FATAL;
3356 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003357 }
3358
yanbzhu488a4d22015-12-01 15:16:07 -05003359 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003360#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003361 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3362 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3363 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003364 errcode |= ERR_ALERT | ERR_FATAL;
3365 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003366 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003367#else
3368 { /* legacy compat (< openssl 1.0.2) */
3369 X509 *ca;
3370 while ((ca = sk_X509_shift(ckch->chain)))
3371 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3372 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3373 err && *err ? *err : "", path);
3374 X509_free(ca);
Emeric Bruna96b5822019-10-17 13:25:14 +02003375 errcode |= ERR_ALERT | ERR_FATAL;
3376 goto end;
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003377 }
3378 }
3379#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003380
William Lallemandfa892222019-07-23 16:06:08 +02003381#ifndef OPENSSL_NO_DH
3382 /* store a NULL pointer to indicate we have not yet loaded
3383 a custom DH param file */
3384 if (ssl_dh_ptr_index >= 0) {
3385 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3386 }
3387
Emeric Brun7a883362019-10-17 13:27:40 +02003388 errcode |= ssl_sock_load_dh_params(ctx, ckch, path, err);
3389 if (errcode & ERR_CODE) {
William Lallemandfa892222019-07-23 16:06:08 +02003390 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3391 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003392 goto end;
William Lallemandfa892222019-07-23 16:06:08 +02003393 }
3394#endif
3395
William Lallemanda17f4112019-10-10 15:16:44 +02003396#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3397 if (sctl_ex_index >= 0 && ckch->sctl) {
3398 if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
3399 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3400 *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003401 errcode |= ERR_ALERT | ERR_FATAL;
3402 goto end;
William Lallemanda17f4112019-10-10 15:16:44 +02003403 }
3404 }
3405#endif
3406
William Lallemand4a660132019-10-14 14:51:41 +02003407#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand246c0242019-10-11 08:59:13 +02003408 /* Load OCSP Info into context */
3409 if (ckch->ocsp_response) {
3410 if (ssl_sock_load_ocsp(ctx, ckch) < 0) {
3411 if (err)
3412 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3413 *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003414 errcode |= ERR_ALERT | ERR_FATAL;
3415 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003416 }
3417 }
William Lallemand246c0242019-10-11 08:59:13 +02003418#endif
3419
Emeric Bruna96b5822019-10-17 13:25:14 +02003420 end:
3421 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003422}
3423
William Lallemandc4ecddf2019-07-31 16:50:08 +02003424#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003425
William Lallemand28a8fce2019-10-04 17:36:55 +02003426static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003427{
3428 struct sni_keytype *s_kt = NULL;
3429 struct ebmb_node *node;
3430 int i;
3431
3432 for (i = 0; i < trash.size; i++) {
3433 if (!str[i])
3434 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003435 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003436 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003437 trash.area[i] = 0;
3438 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003439 if (!node) {
3440 /* CN not found in tree */
3441 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3442 /* Using memcpy here instead of strncpy.
3443 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3444 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3445 */
William Lallemand28a8fce2019-10-04 17:36:55 +02003446 if (!s_kt)
3447 return -1;
3448
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003449 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003450 s_kt->keytypes = 0;
3451 ebst_insert(sni_keytypes, &s_kt->name);
3452 } else {
3453 /* CN found in tree */
3454 s_kt = container_of(node, struct sni_keytype, name);
3455 }
3456
3457 /* Mark that this CN has the keytype of key_index via keytypes mask */
3458 s_kt->keytypes |= 1<<key_index;
3459
William Lallemand28a8fce2019-10-04 17:36:55 +02003460 return 0;
3461
yanbzhu08ce6ab2015-12-02 13:01:29 -05003462}
3463
William Lallemandc4ecddf2019-07-31 16:50:08 +02003464#endif
William Lallemand8c1cdde2019-10-18 10:58:14 +02003465/*
3466 * Free a ckch_store and its ckch(s)
3467 * The linked ckch_inst are not free'd
3468 */
3469void ckchs_free(struct ckch_store *ckchs)
3470{
3471 if (!ckchs)
3472 return;
3473
3474#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3475 if (ckchs->multi) {
3476 int n;
3477
3478 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3479 ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
3480 } else
3481#endif
3482 {
3483 ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
3484 ckchs->ckch = NULL;
3485 }
3486
3487 free(ckchs);
3488}
3489
3490/* allocate and duplicate a ckch_store
3491 * Return a new ckch_store or NULL */
3492static struct ckch_store *ckchs_dup(const struct ckch_store *src)
3493{
3494 struct ckch_store *dst;
3495 int pathlen;
3496
3497 pathlen = strlen(src->path);
3498 dst = calloc(1, sizeof(*dst) + pathlen + 1);
3499 if (!dst)
3500 return NULL;
3501 /* copy previous key */
3502 memcpy(dst->path, src->path, pathlen + 1);
3503 dst->multi = src->multi;
3504 LIST_INIT(&dst->ckch_inst);
3505
3506 dst->ckch = calloc((src->multi ? SSL_SOCK_NUM_KEYTYPES : 1), sizeof(*dst->ckch));
3507 if (!dst->ckch)
3508 goto error;
3509
3510#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3511 if (src->multi) {
3512 int n;
3513
3514 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3515 if (&src->ckch[n]) {
3516 if (!ssl_sock_copy_cert_key_and_chain(&src->ckch[n], &dst->ckch[n]))
3517 goto error;
3518 }
3519 }
3520 } else
3521#endif
3522 {
3523 if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
3524 goto error;
3525 }
3526
3527 return dst;
3528
3529error:
3530 ckchs_free(dst);
3531
3532 return NULL;
3533}
William Lallemandc4ecddf2019-07-31 16:50:08 +02003534
William Lallemand36b84632019-07-18 19:28:17 +02003535/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003536 * lookup a path into the ckchs tree.
William Lallemand6af03992019-07-23 15:00:54 +02003537 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003538static inline struct ckch_store *ckchs_lookup(char *path)
William Lallemand6af03992019-07-23 15:00:54 +02003539{
3540 struct ebmb_node *eb;
3541
William Lallemande3af8fb2019-10-08 11:36:53 +02003542 eb = ebst_lookup(&ckchs_tree, path);
William Lallemand6af03992019-07-23 15:00:54 +02003543 if (!eb)
3544 return NULL;
3545
William Lallemande3af8fb2019-10-08 11:36:53 +02003546 return ebmb_entry(eb, struct ckch_store, node);
William Lallemand6af03992019-07-23 15:00:54 +02003547}
3548
3549/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003550 * This function allocate a ckch_store and populate it with certificates from files.
William Lallemand36b84632019-07-18 19:28:17 +02003551 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003552static struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err)
William Lallemand36b84632019-07-18 19:28:17 +02003553{
William Lallemande3af8fb2019-10-08 11:36:53 +02003554 struct ckch_store *ckchs;
William Lallemand36b84632019-07-18 19:28:17 +02003555
William Lallemande3af8fb2019-10-08 11:36:53 +02003556 ckchs = calloc(1, sizeof(*ckchs) + strlen(path) + 1);
3557 if (!ckchs) {
William Lallemand36b84632019-07-18 19:28:17 +02003558 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3559 goto end;
3560 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003561 ckchs->ckch = calloc(1, sizeof(*ckchs->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
William Lallemand36b84632019-07-18 19:28:17 +02003562
William Lallemande3af8fb2019-10-08 11:36:53 +02003563 if (!ckchs->ckch) {
William Lallemand36b84632019-07-18 19:28:17 +02003564 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3565 goto end;
3566 }
3567
William Lallemand9117de92019-10-04 00:29:42 +02003568 LIST_INIT(&ckchs->ckch_inst);
3569
William Lallemand36b84632019-07-18 19:28:17 +02003570 if (!multi) {
3571
William Lallemand96a9c972019-10-17 11:56:17 +02003572 if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003573 goto end;
3574
William Lallemande3af8fb2019-10-08 11:36:53 +02003575 /* insert into the ckchs tree */
3576 memcpy(ckchs->path, path, strlen(path) + 1);
3577 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003578 } else {
3579 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003580#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3581 char fp[MAXPATHLEN+1] = {0};
3582 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003583
3584 /* Load all possible certs and keys */
3585 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3586 struct stat buf;
3587 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3588 if (stat(fp, &buf) == 0) {
William Lallemand96a9c972019-10-17 11:56:17 +02003589 if (ssl_sock_load_files_into_ckch(fp, &ckchs->ckch[n], err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003590 goto end;
3591 found = 1;
William Lallemande3af8fb2019-10-08 11:36:53 +02003592 ckchs->multi = 1;
William Lallemand36b84632019-07-18 19:28:17 +02003593 }
3594 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003595#endif
William Lallemand36b84632019-07-18 19:28:17 +02003596
3597 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003598 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003599 goto end;
3600 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003601 /* insert into the ckchs tree */
3602 memcpy(ckchs->path, path, strlen(path) + 1);
3603 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003604 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003605 return ckchs;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003606
William Lallemand36b84632019-07-18 19:28:17 +02003607end:
William Lallemande3af8fb2019-10-08 11:36:53 +02003608 if (ckchs) {
3609 free(ckchs->ckch);
3610 ebmb_delete(&ckchs->node);
William Lallemand6af03992019-07-23 15:00:54 +02003611 }
3612
William Lallemande3af8fb2019-10-08 11:36:53 +02003613 free(ckchs);
William Lallemand36b84632019-07-18 19:28:17 +02003614
3615 return NULL;
3616}
3617
William Lallemandc4ecddf2019-07-31 16:50:08 +02003618#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3619
William Lallemand36b84632019-07-18 19:28:17 +02003620/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003621 * Take a ckch_store which contains a multi-certificate bundle.
William Lallemand36b84632019-07-18 19:28:17 +02003622 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003623 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3624 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003625 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003626 *
Emeric Brun054563d2019-10-17 13:16:58 +02003627 * Returns a bitfield containing the flags:
3628 * ERR_FATAL in any fatal error case
3629 * ERR_ALERT if the reason of the error is available in err
3630 * ERR_WARN if a warning is available into err
William Lallemand36b84632019-07-18 19:28:17 +02003631 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003632 */
Emeric Brun054563d2019-10-17 13:16:58 +02003633static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3634 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3635 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003636{
William Lallemand36b84632019-07-18 19:28:17 +02003637 int i = 0, n = 0;
3638 struct cert_key_and_chain *certs_and_keys;
William Lallemand4b989f22019-10-04 18:36:55 +02003639 struct eb_root sni_keytypes_map = EB_ROOT;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003640 struct ebmb_node *node;
3641 struct ebmb_node *next;
3642 /* Array of SSL_CTX pointers corresponding to each possible combo
3643 * of keytypes
3644 */
3645 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Emeric Brun054563d2019-10-17 13:16:58 +02003646 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003647 X509_NAME *xname = NULL;
3648 char *str = NULL;
3649#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3650 STACK_OF(GENERAL_NAME) *names = NULL;
3651#endif
William Lallemand614ca0d2019-10-07 13:52:11 +02003652 struct ckch_inst *ckch_inst;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003653
Emeric Brun054563d2019-10-17 13:16:58 +02003654 *ckchi = NULL;
3655
William Lallemande3af8fb2019-10-08 11:36:53 +02003656 if (!ckchs || !ckchs->ckch || !ckchs->multi) {
William Lallemand36b84632019-07-18 19:28:17 +02003657 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3658 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003659 return ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003660 }
3661
3662 ckch_inst = ckch_inst_new();
3663 if (!ckch_inst) {
3664 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3665 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003666 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003667 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003668 }
3669
William Lallemande3af8fb2019-10-08 11:36:53 +02003670 certs_and_keys = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003671
William Lallemand150bfa82019-09-19 17:12:49 +02003672 /* at least one of the instances is using filters during the config
3673 * parsing, that's ok to inherit this during loading on CLI */
3674 ckchs->filters = !!fcount;
3675
yanbzhu08ce6ab2015-12-02 13:01:29 -05003676 /* Process each ckch and update keytypes for each CN/SAN
3677 * for example, if CN/SAN www.a.com is associated with
3678 * certs with keytype 0 and 2, then at the end of the loop,
3679 * www.a.com will have:
3680 * keyindex = 0 | 1 | 4 = 5
3681 */
3682 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003683 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003684
3685 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3686 continue;
3687
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003688 if (fcount) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003689 for (i = 0; i < fcount; i++) {
3690 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3691 if (ret < 0) {
3692 memprintf(err, "%sunable to allocate SSL context.\n",
3693 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003694 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003695 goto end;
3696 }
3697 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003698 } else {
3699 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3700 * so the line that contains logic is marked via comments
3701 */
3702 xname = X509_get_subject_name(certs_and_keys[n].cert);
3703 i = -1;
3704 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3705 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003706 ASN1_STRING *value;
3707 value = X509_NAME_ENTRY_get_data(entry);
3708 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003709 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003710 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003711
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003712 OPENSSL_free(str);
3713 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003714 if (ret < 0) {
3715 memprintf(err, "%sunable to allocate SSL context.\n",
3716 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003717 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003718 goto end;
3719 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003720 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003721 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003722
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003723 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003724#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003725 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3726 if (names) {
3727 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3728 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003729
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003730 if (name->type == GEN_DNS) {
3731 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3732 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003733 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003734
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003735 OPENSSL_free(str);
3736 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003737 if (ret < 0) {
3738 memprintf(err, "%sunable to allocate SSL context.\n",
3739 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003740 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003741 goto end;
3742 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003743 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003744 }
3745 }
3746 }
3747 }
3748#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3749 }
3750
3751 /* If no files found, return error */
3752 if (eb_is_empty(&sni_keytypes_map)) {
3753 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3754 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003755 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003756 goto end;
3757 }
3758
3759 /* We now have a map of CN/SAN to keytypes that are loaded in
3760 * Iterate through the map to create the SSL_CTX's (if needed)
3761 * and add each CTX to the SNI tree
3762 *
3763 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003764 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003765 * combination is denoted by the key in the map. Each key
3766 * has a value between 1 and 2^n - 1. Conveniently, the array
3767 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3768 * entry in the array to correspond to the unique combo (key)
3769 * associated with i. This unique key combo (i) will be associated
3770 * with combos[i-1]
3771 */
3772
3773 node = ebmb_first(&sni_keytypes_map);
3774 while (node) {
3775 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003776 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003777 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003778
3779 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3780 i = container_of(node, struct sni_keytype, name)->keytypes;
3781 cur_ctx = key_combos[i-1].ctx;
3782
3783 if (cur_ctx == NULL) {
3784 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003785 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003786 if (cur_ctx == NULL) {
3787 memprintf(err, "%sunable to allocate SSL context.\n",
3788 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003789 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003790 goto end;
3791 }
3792
yanbzhube2774d2015-12-10 15:07:30 -05003793 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003794 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3795 if (i & (1<<n)) {
3796 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003797 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Bruna96b5822019-10-17 13:25:14 +02003798 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3799 if (errcode & ERR_CODE)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003800 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003801 }
3802 }
3803
yanbzhu08ce6ab2015-12-02 13:01:29 -05003804 /* Update key_combos */
3805 key_combos[i-1].ctx = cur_ctx;
3806 }
3807
3808 /* Update SNI Tree */
William Lallemand9117de92019-10-04 00:29:42 +02003809
William Lallemand1d29c742019-10-04 00:53:29 +02003810 key_combos[i-1].order = ckch_inst_add_cert_sni(cur_ctx, ckch_inst, bind_conf, ssl_conf,
William Lallemandfe49bb32019-10-03 23:46:33 +02003811 kinfo, str, key_combos[i-1].order);
3812 if (key_combos[i-1].order < 0) {
3813 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003814 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandfe49bb32019-10-03 23:46:33 +02003815 goto end;
3816 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003817 node = ebmb_next(node);
3818 }
3819
3820
3821 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3822 if (!bind_conf->default_ctx) {
3823 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3824 if (key_combos[i].ctx) {
3825 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003826 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003827 break;
3828 }
3829 }
3830 }
3831
William Lallemand614ca0d2019-10-07 13:52:11 +02003832 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02003833 ckch_inst->ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003834end:
3835
3836 if (names)
3837 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3838
yanbzhu08ce6ab2015-12-02 13:01:29 -05003839 node = ebmb_first(&sni_keytypes_map);
3840 while (node) {
3841 next = ebmb_next(node);
3842 ebmb_delete(node);
William Lallemand8ed5b962019-10-04 17:24:39 +02003843 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05003844 node = next;
3845 }
3846
Emeric Brun054563d2019-10-17 13:16:58 +02003847 if (errcode & ERR_CODE && ckch_inst) {
William Lallemand0c6d12f2019-10-04 18:38:51 +02003848 struct sni_ctx *sc0, *sc0b;
3849
3850 /* free the SSL_CTX in case of error */
3851 for (i = 0; i < SSL_SOCK_POSSIBLE_KT_COMBOS; i++) {
3852 if (key_combos[i].ctx)
3853 SSL_CTX_free(key_combos[i].ctx);
3854 }
3855
3856 /* free the sni_ctx in case of error */
3857 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
3858
3859 ebmb_delete(&sc0->name);
3860 LIST_DEL(&sc0->by_ckch_inst);
3861 free(sc0);
3862 }
William Lallemand614ca0d2019-10-07 13:52:11 +02003863 free(ckch_inst);
3864 ckch_inst = NULL;
William Lallemand0c6d12f2019-10-04 18:38:51 +02003865 }
3866
Emeric Brun054563d2019-10-17 13:16:58 +02003867 *ckchi = ckch_inst;
3868 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003869}
3870#else
3871/* This is a dummy, that just logs an error and returns error */
Emeric Brun054563d2019-10-17 13:16:58 +02003872static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3873 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3874 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003875{
3876 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3877 err && *err ? *err : "", path, strerror(errno));
Emeric Brun054563d2019-10-17 13:16:58 +02003878 return ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003879}
3880
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003881#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003882
William Lallemand614ca0d2019-10-07 13:52:11 +02003883/*
3884 * This function allocate a ckch_inst and create its snis
Emeric Brun054563d2019-10-17 13:16:58 +02003885 *
3886 * Returns a bitfield containing the flags:
3887 * ERR_FATAL in any fatal error case
3888 * ERR_ALERT if the reason of the error is available in err
3889 * ERR_WARN if a warning is available into err
William Lallemand614ca0d2019-10-07 13:52:11 +02003890 */
Emeric Brun054563d2019-10-17 13:16:58 +02003891static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
3892 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003893{
William Lallemandc9402072019-05-15 15:33:54 +02003894 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02003895 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003896 int order = 0;
3897 X509_NAME *xname;
3898 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003899 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003900 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02003901#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3902 STACK_OF(GENERAL_NAME) *names;
3903#endif
William Lallemand36b84632019-07-18 19:28:17 +02003904 struct cert_key_and_chain *ckch;
William Lallemand614ca0d2019-10-07 13:52:11 +02003905 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02003906 int errcode = 0;
3907
3908 *ckchi = NULL;
William Lallemanda59191b2019-05-15 16:08:56 +02003909
William Lallemande3af8fb2019-10-08 11:36:53 +02003910 if (!ckchs || !ckchs->ckch)
Emeric Brun054563d2019-10-17 13:16:58 +02003911 return ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003912
William Lallemande3af8fb2019-10-08 11:36:53 +02003913 ckch = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003914
William Lallemand150bfa82019-09-19 17:12:49 +02003915 /* at least one of the instances is using filters during the config
3916 * parsing, that's ok to inherit this during loading on CLI */
3917 ckchs->filters = !!fcount;
3918
William Lallemandc9402072019-05-15 15:33:54 +02003919 ctx = SSL_CTX_new(SSLv23_server_method());
3920 if (!ctx) {
3921 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3922 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003923 errcode |= ERR_ALERT | ERR_FATAL;
3924 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02003925 }
3926
Emeric Bruna96b5822019-10-17 13:25:14 +02003927 errcode |= ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err);
3928 if (errcode & ERR_CODE)
William Lallemand614ca0d2019-10-07 13:52:11 +02003929 goto error;
William Lallemand614ca0d2019-10-07 13:52:11 +02003930
3931 ckch_inst = ckch_inst_new();
3932 if (!ckch_inst) {
3933 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3934 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003935 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003936 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02003937 }
3938
William Lallemand36b84632019-07-18 19:28:17 +02003939 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003940 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003941 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003942 switch(EVP_PKEY_base_id(pkey)) {
3943 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003944 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003945 break;
3946 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003947 kinfo.sig = TLSEXT_signature_ecdsa;
3948 break;
3949 case EVP_PKEY_DSA:
3950 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003951 break;
3952 }
3953 EVP_PKEY_free(pkey);
3954 }
3955
Emeric Brun50bcecc2013-04-22 13:05:23 +02003956 if (fcount) {
William Lallemandfe49bb32019-10-03 23:46:33 +02003957 while (fcount--) {
William Lallemand1d29c742019-10-04 00:53:29 +02003958 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemandfe49bb32019-10-03 23:46:33 +02003959 if (order < 0) {
3960 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003961 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003962 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003963 }
3964 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003965 }
3966 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003967#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02003968 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003969 if (names) {
3970 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3971 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3972 if (name->type == GEN_DNS) {
3973 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02003974 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003975 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02003976 if (order < 0) {
3977 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003978 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003979 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003980 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003981 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003982 }
3983 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003984 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003985 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003986#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02003987 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003988 i = -1;
3989 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3990 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003991 ASN1_STRING *value;
3992
3993 value = X509_NAME_ENTRY_get_data(entry);
3994 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02003995 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003996 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02003997 if (order < 0) {
3998 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003999 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004000 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004001 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004002 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004003 }
4004 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004005 /* we must not free the SSL_CTX anymore below, since it's already in
4006 * the tree, so it will be discovered and cleaned in time.
4007 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004008
Emeric Brunfc0421f2012-09-07 17:30:07 +02004009#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004010 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02004011 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
4012 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004013 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004014 goto error;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004015 }
4016#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004017 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004018 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004019 bind_conf->default_ssl_conf = ssl_conf;
4020 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004021
William Lallemand9117de92019-10-04 00:29:42 +02004022 /* everything succeed, the ckch instance can be used */
4023 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004024 ckch_inst->ssl_conf = ssl_conf;
William Lallemand9117de92019-10-04 00:29:42 +02004025
Emeric Brun054563d2019-10-17 13:16:58 +02004026 *ckchi = ckch_inst;
4027 return errcode;
William Lallemandd9199372019-10-04 15:37:05 +02004028
4029error:
4030 /* free the allocated sni_ctxs */
William Lallemand614ca0d2019-10-07 13:52:11 +02004031 if (ckch_inst) {
William Lallemandd9199372019-10-04 15:37:05 +02004032 struct sni_ctx *sc0, *sc0b;
4033
4034 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4035
4036 ebmb_delete(&sc0->name);
4037 LIST_DEL(&sc0->by_ckch_inst);
4038 free(sc0);
4039 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004040 free(ckch_inst);
4041 ckch_inst = NULL;
William Lallemandd9199372019-10-04 15:37:05 +02004042 }
4043 /* We only created 1 SSL_CTX so we can free it there */
4044 SSL_CTX_free(ctx);
4045
Emeric Brun054563d2019-10-17 13:16:58 +02004046 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004047}
4048
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004049/* Returns a set of ERR_* flags possibly with an error in <err>. */
William Lallemand614ca0d2019-10-07 13:52:11 +02004050static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
4051 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4052 char **sni_filter, int fcount, char **err)
4053{
4054 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004055 int errcode = 0;
William Lallemand614ca0d2019-10-07 13:52:11 +02004056
4057 /* we found the ckchs in the tree, we can use it directly */
4058 if (ckchs->multi)
Emeric Brun054563d2019-10-17 13:16:58 +02004059 errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004060 else
Emeric Brun054563d2019-10-17 13:16:58 +02004061 errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004062
Emeric Brun054563d2019-10-17 13:16:58 +02004063 if (errcode & ERR_CODE)
4064 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004065
4066 ssl_sock_load_cert_sni(ckch_inst, bind_conf);
4067
4068 /* succeed, add the instance to the ckch_store's list of instance */
4069 LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
Emeric Brun054563d2019-10-17 13:16:58 +02004070 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004071}
4072
4073
Willy Tarreaubbc91962019-10-16 16:42:19 +02004074/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01004075int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004076{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004077 struct dirent **de_list;
4078 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004079 DIR *dir;
4080 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01004081 char *end;
4082 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02004083 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004084 struct ckch_store *ckchs;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004085#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004086 int is_bundle;
4087 int j;
4088#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004089 if ((ckchs = ckchs_lookup(path))) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004090 /* we found the ckchs in the tree, we can use it directly */
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004091 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand6af03992019-07-23 15:00:54 +02004092 }
4093
yanbzhu08ce6ab2015-12-02 13:01:29 -05004094 if (stat(path, &buf) == 0) {
4095 dir = opendir(path);
William Lallemand36b84632019-07-18 19:28:17 +02004096 if (!dir) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004097 ckchs = ckchs_load_cert_file(path, 0, err);
4098 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004099 return ERR_ALERT | ERR_FATAL;
4100
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004101 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004102 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004103
yanbzhu08ce6ab2015-12-02 13:01:29 -05004104 /* strip trailing slashes, including first one */
4105 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
4106 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004107
yanbzhu08ce6ab2015-12-02 13:01:29 -05004108 n = scandir(path, &de_list, 0, alphasort);
4109 if (n < 0) {
4110 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
4111 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004112 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004113 }
4114 else {
4115 for (i = 0; i < n; i++) {
4116 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02004117
yanbzhu08ce6ab2015-12-02 13:01:29 -05004118 end = strrchr(de->d_name, '.');
4119 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
4120 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004121
yanbzhu08ce6ab2015-12-02 13:01:29 -05004122 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
4123 if (stat(fp, &buf) != 0) {
4124 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4125 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004126 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004127 goto ignore_entry;
4128 }
4129 if (!S_ISREG(buf.st_mode))
4130 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05004131
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004132#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004133 is_bundle = 0;
4134 /* Check if current entry in directory is part of a multi-cert bundle */
4135
4136 if (end) {
4137 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
4138 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
4139 is_bundle = 1;
4140 break;
4141 }
4142 }
4143
4144 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05004145 int dp_len;
4146
4147 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05004148
4149 /* increment i and free de until we get to a non-bundle cert
4150 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau05800522019-10-29 10:48:50 +01004151 * this is important since ignore_entry will free de. This also
4152 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05004153 */
Willy Tarreau05800522019-10-29 10:48:50 +01004154 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05004155 free(de);
4156 i++;
4157 de = de_list[i];
4158 }
4159
Willy Tarreau05800522019-10-29 10:48:50 +01004160 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
William Lallemande3af8fb2019-10-08 11:36:53 +02004161 if ((ckchs = ckchs_lookup(fp)) == NULL)
4162 ckchs = ckchs_load_cert_file(fp, 1, err);
4163 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004164 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004165 else
4166 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05004167 /* Successfully processed the bundle */
4168 goto ignore_entry;
4169 }
4170 }
4171
4172#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004173 if ((ckchs = ckchs_lookup(fp)) == NULL)
4174 ckchs = ckchs_load_cert_file(fp, 0, err);
4175 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004176 cfgerr |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02004177 else
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004178 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004179
yanbzhu08ce6ab2015-12-02 13:01:29 -05004180ignore_entry:
4181 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004182 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004183 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004184 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004185 closedir(dir);
4186 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004187 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004188
William Lallemande3af8fb2019-10-08 11:36:53 +02004189 ckchs = ckchs_load_cert_file(path, 1, err);
4190 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004191 return ERR_ALERT | ERR_FATAL;
4192
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004193 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05004194
Emeric Brunfc0421f2012-09-07 17:30:07 +02004195 return cfgerr;
4196}
4197
Thierry Fournier383085f2013-01-24 14:15:43 +01004198/* Make sure openssl opens /dev/urandom before the chroot. The work is only
4199 * done once. Zero is returned if the operation fails. No error is returned
4200 * if the random is said as not implemented, because we expect that openssl
4201 * will use another method once needed.
4202 */
4203static int ssl_initialize_random()
4204{
4205 unsigned char random;
4206 static int random_initialized = 0;
4207
4208 if (!random_initialized && RAND_bytes(&random, 1) != 0)
4209 random_initialized = 1;
4210
4211 return random_initialized;
4212}
4213
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004214/* release ssl bind conf */
4215void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004216{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004217 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01004218#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004219 free(conf->npn_str);
4220 conf->npn_str = NULL;
4221#endif
4222#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4223 free(conf->alpn_str);
4224 conf->alpn_str = NULL;
4225#endif
4226 free(conf->ca_file);
4227 conf->ca_file = NULL;
4228 free(conf->crl_file);
4229 conf->crl_file = NULL;
4230 free(conf->ciphers);
4231 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004232#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004233 free(conf->ciphersuites);
4234 conf->ciphersuites = NULL;
4235#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004236 free(conf->curves);
4237 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004238 free(conf->ecdhe);
4239 conf->ecdhe = NULL;
4240 }
4241}
4242
Willy Tarreaubbc91962019-10-16 16:42:19 +02004243/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004244int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
4245{
4246 char thisline[CRT_LINESIZE];
4247 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004248 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05004249 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004250 int linenum = 0;
4251 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004252 struct ckch_store *ckchs;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004253
Willy Tarreauad1731d2013-04-02 17:35:58 +02004254 if ((f = fopen(file, "r")) == NULL) {
4255 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004256 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004257 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004258
4259 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004260 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004261 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004262 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004263 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004264 char *crt_path;
4265 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004266
4267 linenum++;
4268 end = line + strlen(line);
4269 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
4270 /* Check if we reached the limit and the last char is not \n.
4271 * Watch out for the last line without the terminating '\n'!
4272 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02004273 memprintf(err, "line %d too long in file '%s', limit is %d characters",
4274 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004275 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004276 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004277 }
4278
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004279 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004280 newarg = 1;
4281 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004282 if (*line == '#' || *line == '\n' || *line == '\r') {
4283 /* end of string, end of loop */
4284 *line = 0;
4285 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004286 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02004287 newarg = 1;
4288 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004289 } else if (*line == '[') {
4290 if (ssl_b) {
4291 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004292 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004293 break;
4294 }
4295 if (!arg) {
4296 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004297 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004298 break;
4299 }
4300 ssl_b = arg;
4301 newarg = 1;
4302 *line = 0;
4303 } else if (*line == ']') {
4304 if (ssl_e) {
4305 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004306 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004307 break;
4308 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004309 if (!ssl_b) {
4310 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004311 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004312 break;
4313 }
4314 ssl_e = arg;
4315 newarg = 1;
4316 *line = 0;
4317 } else if (newarg) {
4318 if (arg == MAX_CRT_ARGS) {
4319 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004320 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004321 break;
4322 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004323 newarg = 0;
4324 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004325 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004326 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004327 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02004328 if (cfgerr)
4329 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004330 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004331
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004332 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004333 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004334 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004335
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004336 crt_path = args[0];
4337 if (*crt_path != '/' && global_ssl.crt_base) {
4338 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
4339 memprintf(err, "'%s' : path too long on line %d in file '%s'",
4340 crt_path, linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004341 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004342 break;
4343 }
4344 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
4345 crt_path = path;
4346 }
4347
4348 ssl_conf = calloc(1, sizeof *ssl_conf);
4349 cur_arg = ssl_b ? ssl_b : 1;
4350 while (cur_arg < ssl_e) {
4351 newarg = 0;
4352 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
4353 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
4354 newarg = 1;
Willy Tarreaubbc91962019-10-16 16:42:19 +02004355 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004356 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
4357 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
4358 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004359 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004360 }
4361 cur_arg += 1 + ssl_bind_kws[i].skip;
4362 break;
4363 }
4364 }
4365 if (!cfgerr && !newarg) {
4366 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
4367 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004368 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004369 break;
4370 }
4371 }
Willy Tarreaubbc91962019-10-16 16:42:19 +02004372
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004373 if (cfgerr) {
4374 ssl_sock_free_ssl_conf(ssl_conf);
4375 free(ssl_conf);
4376 ssl_conf = NULL;
4377 break;
4378 }
4379
William Lallemande3af8fb2019-10-08 11:36:53 +02004380 if ((ckchs = ckchs_lookup(crt_path)) == NULL) {
William Lallemandeed4bf22019-10-10 11:38:13 +02004381 if (stat(crt_path, &buf) == 0)
William Lallemande3af8fb2019-10-08 11:36:53 +02004382 ckchs = ckchs_load_cert_file(crt_path, 0, err);
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02004383 else
William Lallemande3af8fb2019-10-08 11:36:53 +02004384 ckchs = ckchs_load_cert_file(crt_path, 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05004385 }
4386
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004387 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004388 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004389 else
4390 cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
William Lallemandeed4bf22019-10-10 11:38:13 +02004391
Willy Tarreauad1731d2013-04-02 17:35:58 +02004392 if (cfgerr) {
4393 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004394 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004395 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004396 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004397 fclose(f);
4398 return cfgerr;
4399}
4400
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004401/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004402static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004403ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004404{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004405 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004406 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004407 SSL_OP_ALL | /* all known workarounds for bugs */
4408 SSL_OP_NO_SSLv2 |
4409 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004410 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02004411 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004412 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02004413 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004414 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004415 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004416 SSL_MODE_ENABLE_PARTIAL_WRITE |
4417 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004418 SSL_MODE_RELEASE_BUFFERS |
4419 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004420 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004421 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004422 int flags = MC_SSL_O_ALL;
4423 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004424
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004425 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004426 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004427
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004428 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004429 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
4430 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4431 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004432 else
4433 flags = conf_ssl_methods->flags;
4434
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004435 min = conf_ssl_methods->min;
4436 max = conf_ssl_methods->max;
4437 /* start with TLSv10 to remove SSLv3 per default */
4438 if (!min && (!max || max >= CONF_TLSV10))
4439 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004440 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004441 if (min)
4442 flags |= (methodVersions[min].flag - 1);
4443 if (max)
4444 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004445 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004446 min = max = CONF_TLSV_NONE;
4447 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004448 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004449 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004450 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004451 if (min) {
4452 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004453 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
4454 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4455 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
4456 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004457 hole = 0;
4458 }
4459 max = i;
4460 }
4461 else {
4462 min = max = i;
4463 }
4464 }
4465 else {
4466 if (min)
4467 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004468 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004469 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004470 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4471 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004472 cfgerr += 1;
4473 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004474 /* save real min/max in bind_conf */
4475 conf_ssl_methods->min = min;
4476 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004477
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004478#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004479 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004480 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004481 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004482 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004483 else
4484 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4485 if (flags & methodVersions[i].flag)
4486 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004487#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004488 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004489 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4490 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004491#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004492
4493 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4494 options |= SSL_OP_NO_TICKET;
4495 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4496 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004497
4498#ifdef SSL_OP_NO_RENEGOTIATION
4499 options |= SSL_OP_NO_RENEGOTIATION;
4500#endif
4501
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004502 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004503
Willy Tarreau5db847a2019-05-09 14:13:35 +02004504#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004505 if (global_ssl.async)
4506 mode |= SSL_MODE_ASYNC;
4507#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004508 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004509 if (global_ssl.life_time)
4510 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004511
4512#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4513#ifdef OPENSSL_IS_BORINGSSL
4514 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4515 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004516#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004517 if (bind_conf->ssl_conf.early_data) {
4518 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
4519 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4520 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004521 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4522 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004523#else
4524 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004525#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004526 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004527#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004528 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004529}
4530
William Lallemand4f45bb92017-10-30 20:08:51 +01004531
4532static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4533{
4534 if (first == block) {
4535 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4536 if (first->len > 0)
4537 sh_ssl_sess_tree_delete(sh_ssl_sess);
4538 }
4539}
4540
4541/* return first block from sh_ssl_sess */
4542static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4543{
4544 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4545
4546}
4547
4548/* store a session into the cache
4549 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4550 * data: asn1 encoded session
4551 * data_len: asn1 encoded session length
4552 * Returns 1 id session was stored (else 0)
4553 */
4554static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4555{
4556 struct shared_block *first;
4557 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4558
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004559 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004560 if (!first) {
4561 /* Could not retrieve enough free blocks to store that session */
4562 return 0;
4563 }
4564
4565 /* STORE the key in the first elem */
4566 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4567 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4568 first->len = sizeof(struct sh_ssl_sess_hdr);
4569
4570 /* it returns the already existing node
4571 or current node if none, never returns null */
4572 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4573 if (oldsh_ssl_sess != sh_ssl_sess) {
4574 /* NOTE: Row couldn't be in use because we lock read & write function */
4575 /* release the reserved row */
4576 shctx_row_dec_hot(ssl_shctx, first);
4577 /* replace the previous session already in the tree */
4578 sh_ssl_sess = oldsh_ssl_sess;
4579 /* ignore the previous session data, only use the header */
4580 first = sh_ssl_sess_first_block(sh_ssl_sess);
4581 shctx_row_inc_hot(ssl_shctx, first);
4582 first->len = sizeof(struct sh_ssl_sess_hdr);
4583 }
4584
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004585 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004586 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004587 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004588 }
4589
4590 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004591
4592 return 1;
4593}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004594
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004595/* SSL callback used when a new session is created while connecting to a server */
4596static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4597{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004598 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004599 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004600
Willy Tarreau07d94e42018-09-20 10:57:52 +02004601 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004602
Olivier Houcharde6060c52017-11-16 17:42:52 +01004603 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4604 int len;
4605 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004606
Olivier Houcharde6060c52017-11-16 17:42:52 +01004607 len = i2d_SSL_SESSION(sess, NULL);
4608 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4609 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4610 } else {
4611 free(s->ssl_ctx.reused_sess[tid].ptr);
4612 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4613 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4614 }
4615 if (s->ssl_ctx.reused_sess[tid].ptr) {
4616 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4617 &ptr);
4618 }
4619 } else {
4620 free(s->ssl_ctx.reused_sess[tid].ptr);
4621 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4622 }
4623
4624 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004625}
4626
Olivier Houcharde6060c52017-11-16 17:42:52 +01004627
William Lallemanded0b5ad2017-10-30 19:36:36 +01004628/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004629int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004630{
4631 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4632 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4633 unsigned char *p;
4634 int data_len;
Emeric Bruneb469652019-10-08 18:27:37 +02004635 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004636 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004637
4638 /* Session id is already stored in to key and session id is known
4639 * so we dont store it to keep size.
Emeric Bruneb469652019-10-08 18:27:37 +02004640 * note: SSL_SESSION_set1_id is using
4641 * a memcpy so we need to use a different pointer
4642 * than sid_data or sid_ctx_data to avoid valgrind
4643 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004644 */
4645
4646 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Bruneb469652019-10-08 18:27:37 +02004647
4648 /* copy value in an other buffer */
4649 memcpy(encid, sid_data, sid_length);
4650
4651 /* pad with 0 */
4652 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4653 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4654
4655 /* force length to zero to avoid ASN1 encoding */
4656 SSL_SESSION_set1_id(sess, encid, 0);
4657
4658 /* force length to zero to avoid ASN1 encoding */
4659 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004660
4661 /* check if buffer is large enough for the ASN1 encoded session */
4662 data_len = i2d_SSL_SESSION(sess, NULL);
4663 if (data_len > SHSESS_MAX_DATA_LEN)
4664 goto err;
4665
4666 p = encsess;
4667
4668 /* process ASN1 session encoding before the lock */
4669 i2d_SSL_SESSION(sess, &p);
4670
William Lallemanded0b5ad2017-10-30 19:36:36 +01004671
William Lallemanda3c77cf2017-10-30 23:44:40 +01004672 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004673 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004674 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004675 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004676err:
4677 /* reset original length values */
Emeric Bruneb469652019-10-08 18:27:37 +02004678 SSL_SESSION_set1_id(sess, encid, sid_length);
4679 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004680
4681 return 0; /* do not increment session reference count */
4682}
4683
4684/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004685SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004686{
William Lallemand4f45bb92017-10-30 20:08:51 +01004687 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004688 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4689 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004690 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004691 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004692
4693 global.shctx_lookups++;
4694
4695 /* allow the session to be freed automatically by openssl */
4696 *do_copy = 0;
4697
4698 /* tree key is zeros padded sessionid */
4699 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4700 memcpy(tmpkey, key, key_len);
4701 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4702 key = tmpkey;
4703 }
4704
4705 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004706 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004707
4708 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004709 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4710 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004711 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004712 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004713 global.shctx_misses++;
4714 return NULL;
4715 }
4716
William Lallemand4f45bb92017-10-30 20:08:51 +01004717 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4718 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004719
William Lallemand4f45bb92017-10-30 20:08:51 +01004720 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004721
William Lallemanda3c77cf2017-10-30 23:44:40 +01004722 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004723
4724 /* decode ASN1 session */
4725 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004726 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004727 /* Reset session id and session id contenxt */
4728 if (sess) {
4729 SSL_SESSION_set1_id(sess, key, key_len);
4730 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4731 }
4732
4733 return sess;
4734}
4735
William Lallemand4f45bb92017-10-30 20:08:51 +01004736
William Lallemanded0b5ad2017-10-30 19:36:36 +01004737/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004738void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004739{
William Lallemand4f45bb92017-10-30 20:08:51 +01004740 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004741 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4742 unsigned int sid_length;
4743 const unsigned char *sid_data;
4744 (void)ctx;
4745
4746 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4747 /* tree key is zeros padded sessionid */
4748 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4749 memcpy(tmpkey, sid_data, sid_length);
4750 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4751 sid_data = tmpkey;
4752 }
4753
William Lallemanda3c77cf2017-10-30 23:44:40 +01004754 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004755
4756 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004757 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4758 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004759 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004760 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004761 }
4762
4763 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004764 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004765}
4766
4767/* Set session cache mode to server and disable openssl internal cache.
4768 * Set shared cache callbacks on an ssl context.
4769 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004770void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004771{
4772 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4773
4774 if (!ssl_shctx) {
4775 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4776 return;
4777 }
4778
4779 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4780 SSL_SESS_CACHE_NO_INTERNAL |
4781 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4782
4783 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004784 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4785 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4786 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004787}
4788
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004789int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4790{
4791 struct proxy *curproxy = bind_conf->frontend;
4792 int cfgerr = 0;
4793 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004794 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004795 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004796#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004797 const char *conf_ciphersuites;
4798#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004799 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004800
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004801 if (ssl_conf) {
4802 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4803 int i, min, max;
4804 int flags = MC_SSL_O_ALL;
4805
4806 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004807 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4808 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004809 if (min)
4810 flags |= (methodVersions[min].flag - 1);
4811 if (max)
4812 flags |= ~((methodVersions[max].flag << 1) - 1);
4813 min = max = CONF_TLSV_NONE;
4814 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4815 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4816 if (min)
4817 max = i;
4818 else
4819 min = max = i;
4820 }
4821 /* save real min/max */
4822 conf_ssl_methods->min = min;
4823 conf_ssl_methods->max = max;
4824 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004825 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4826 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004827 cfgerr += 1;
4828 }
4829 }
4830
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004831 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004832 case SSL_SOCK_VERIFY_NONE:
4833 verify = SSL_VERIFY_NONE;
4834 break;
4835 case SSL_SOCK_VERIFY_OPTIONAL:
4836 verify = SSL_VERIFY_PEER;
4837 break;
4838 case SSL_SOCK_VERIFY_REQUIRED:
4839 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4840 break;
4841 }
4842 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4843 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004844 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4845 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4846 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004847 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004848 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004849 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4850 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004851 cfgerr++;
4852 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004853 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4854 /* set CA names for client cert request, function returns void */
4855 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4856 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004857 }
Emeric Brun850efd52014-01-29 12:24:34 +01004858 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004859 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4860 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004861 cfgerr++;
4862 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004863#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004864 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004865 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4866
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004867 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004868 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4869 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004870 cfgerr++;
4871 }
Emeric Brun561e5742012-10-02 15:20:55 +02004872 else {
4873 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4874 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004875 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004876#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004877 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004878 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004879#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004880 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004881 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004882 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4883 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004884 cfgerr++;
4885 }
4886 }
4887#endif
4888
William Lallemand4f45bb92017-10-30 20:08:51 +01004889 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004890 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4891 if (conf_ciphers &&
4892 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004893 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4894 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004895 cfgerr++;
4896 }
4897
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004898#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004899 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4900 if (conf_ciphersuites &&
4901 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4902 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4903 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4904 cfgerr++;
4905 }
4906#endif
4907
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004908#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004909 /* If tune.ssl.default-dh-param has not been set,
4910 neither has ssl-default-dh-file and no static DH
4911 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004912 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004913 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004914 (ssl_dh_ptr_index == -1 ||
4915 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004916 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4917 const SSL_CIPHER * cipher = NULL;
4918 char cipher_description[128];
4919 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4920 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4921 which is not ephemeral DH. */
4922 const char dhe_description[] = " Kx=DH ";
4923 const char dhe_export_description[] = " Kx=DH(";
4924 int idx = 0;
4925 int dhe_found = 0;
4926 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004927
Remi Gacogne23d5d372014-10-10 17:04:26 +02004928 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004929
Remi Gacogne23d5d372014-10-10 17:04:26 +02004930 if (ssl) {
4931 ciphers = SSL_get_ciphers(ssl);
4932
4933 if (ciphers) {
4934 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4935 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4936 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4937 if (strstr(cipher_description, dhe_description) != NULL ||
4938 strstr(cipher_description, dhe_export_description) != NULL) {
4939 dhe_found = 1;
4940 break;
4941 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004942 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004943 }
4944 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004945 SSL_free(ssl);
4946 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004947 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004948
Lukas Tribus90132722014-08-18 00:56:33 +02004949 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004950 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004951 }
4952
Willy Tarreauef934602016-12-22 23:12:01 +01004953 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004954 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004955
Willy Tarreauef934602016-12-22 23:12:01 +01004956 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004957 if (local_dh_1024 == NULL) {
4958 local_dh_1024 = ssl_get_dh_1024();
4959 }
Willy Tarreauef934602016-12-22 23:12:01 +01004960 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004961 if (local_dh_2048 == NULL) {
4962 local_dh_2048 = ssl_get_dh_2048();
4963 }
Willy Tarreauef934602016-12-22 23:12:01 +01004964 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004965 if (local_dh_4096 == NULL) {
4966 local_dh_4096 = ssl_get_dh_4096();
4967 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004968 }
4969 }
4970 }
4971#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004972
Emeric Brunfc0421f2012-09-07 17:30:07 +02004973 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004974#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004975 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004976#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004977
Bernard Spil13c53f82018-02-15 13:34:58 +01004978#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004979 ssl_conf_cur = NULL;
4980 if (ssl_conf && ssl_conf->npn_str)
4981 ssl_conf_cur = ssl_conf;
4982 else if (bind_conf->ssl_conf.npn_str)
4983 ssl_conf_cur = &bind_conf->ssl_conf;
4984 if (ssl_conf_cur)
4985 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004986#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004987#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004988 ssl_conf_cur = NULL;
4989 if (ssl_conf && ssl_conf->alpn_str)
4990 ssl_conf_cur = ssl_conf;
4991 else if (bind_conf->ssl_conf.alpn_str)
4992 ssl_conf_cur = &bind_conf->ssl_conf;
4993 if (ssl_conf_cur)
4994 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004995#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004996#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004997 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4998 if (conf_curves) {
4999 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005000 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
5001 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005002 cfgerr++;
5003 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01005004#if defined(SSL_CTX_set_ecdh_auto)
5005 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
5006#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005007 }
5008#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005009#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005010 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02005011 int i;
5012 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005013#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005014 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02005015 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5016 NULL);
5017
5018 if (ecdhe == NULL) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02005019 SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005020 return cfgerr;
5021 }
5022#else
5023 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
5024 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5025 ECDHE_DEFAULT_CURVE);
5026#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005027
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005028 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02005029 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005030 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
5031 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02005032 cfgerr++;
5033 }
5034 else {
5035 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
5036 EC_KEY_free(ecdh);
5037 }
5038 }
5039#endif
5040
Emeric Brunfc0421f2012-09-07 17:30:07 +02005041 return cfgerr;
5042}
5043
Evan Broderbe554312013-06-27 00:05:25 -07005044static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
5045{
5046 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
5047 size_t prefixlen, suffixlen;
5048
5049 /* Trivial case */
5050 if (strcmp(pattern, hostname) == 0)
5051 return 1;
5052
Evan Broderbe554312013-06-27 00:05:25 -07005053 /* The rest of this logic is based on RFC 6125, section 6.4.3
5054 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
5055
Emeric Bruna848dae2013-10-08 11:27:28 +02005056 pattern_wildcard = NULL;
5057 pattern_left_label_end = pattern;
5058 while (*pattern_left_label_end != '.') {
5059 switch (*pattern_left_label_end) {
5060 case 0:
5061 /* End of label not found */
5062 return 0;
5063 case '*':
5064 /* If there is more than one wildcards */
5065 if (pattern_wildcard)
5066 return 0;
5067 pattern_wildcard = pattern_left_label_end;
5068 break;
5069 }
5070 pattern_left_label_end++;
5071 }
5072
5073 /* If it's not trivial and there is no wildcard, it can't
5074 * match */
5075 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07005076 return 0;
5077
5078 /* Make sure all labels match except the leftmost */
5079 hostname_left_label_end = strchr(hostname, '.');
5080 if (!hostname_left_label_end
5081 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
5082 return 0;
5083
5084 /* Make sure the leftmost label of the hostname is long enough
5085 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02005086 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07005087 return 0;
5088
5089 /* Finally compare the string on either side of the
5090 * wildcard */
5091 prefixlen = pattern_wildcard - pattern;
5092 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02005093 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
5094 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07005095 return 0;
5096
5097 return 1;
5098}
5099
5100static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
5101{
5102 SSL *ssl;
5103 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005104 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005105 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02005106 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07005107
5108 int depth;
5109 X509 *cert;
5110 STACK_OF(GENERAL_NAME) *alt_names;
5111 int i;
5112 X509_NAME *cert_subject;
5113 char *str;
5114
5115 if (ok == 0)
5116 return ok;
5117
5118 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005119 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005120 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07005121
Willy Tarreauad92a9a2017-07-28 11:38:41 +02005122 /* We're checking if the provided hostnames match the desired one. The
5123 * desired hostname comes from the SNI we presented if any, or if not
5124 * provided then it may have been explicitly stated using a "verifyhost"
5125 * directive. If neither is set, we don't care about the name so the
5126 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02005127 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005128 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02005129 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005130 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02005131 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005132 if (!servername)
5133 return ok;
5134 }
Evan Broderbe554312013-06-27 00:05:25 -07005135
5136 /* We only need to verify the CN on the actual server cert,
5137 * not the indirect CAs */
5138 depth = X509_STORE_CTX_get_error_depth(ctx);
5139 if (depth != 0)
5140 return ok;
5141
5142 /* At this point, the cert is *not* OK unless we can find a
5143 * hostname match */
5144 ok = 0;
5145
5146 cert = X509_STORE_CTX_get_current_cert(ctx);
5147 /* It seems like this might happen if verify peer isn't set */
5148 if (!cert)
5149 return ok;
5150
5151 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
5152 if (alt_names) {
5153 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
5154 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
5155 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005156#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02005157 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
5158#else
Evan Broderbe554312013-06-27 00:05:25 -07005159 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02005160#endif
Evan Broderbe554312013-06-27 00:05:25 -07005161 ok = ssl_sock_srv_hostcheck(str, servername);
5162 OPENSSL_free(str);
5163 }
5164 }
5165 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02005166 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07005167 }
5168
5169 cert_subject = X509_get_subject_name(cert);
5170 i = -1;
5171 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
5172 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005173 ASN1_STRING *value;
5174 value = X509_NAME_ENTRY_get_data(entry);
5175 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07005176 ok = ssl_sock_srv_hostcheck(str, servername);
5177 OPENSSL_free(str);
5178 }
5179 }
5180
Willy Tarreau71d058c2017-07-26 20:09:56 +02005181 /* report the mismatch and indicate if SNI was used or not */
5182 if (!ok && !conn->err_code)
5183 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07005184 return ok;
5185}
5186
Emeric Brun94324a42012-10-11 14:00:19 +02005187/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01005188int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02005189{
Willy Tarreau03209342016-12-22 17:08:28 +01005190 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02005191 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005192 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02005193 SSL_OP_ALL | /* all known workarounds for bugs */
5194 SSL_OP_NO_SSLv2 |
5195 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005196 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02005197 SSL_MODE_ENABLE_PARTIAL_WRITE |
5198 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01005199 SSL_MODE_RELEASE_BUFFERS |
5200 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01005201 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005202 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005203 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005204 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005205 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02005206
Thierry Fournier383085f2013-01-24 14:15:43 +01005207 /* Make sure openssl opens /dev/urandom before the chroot */
5208 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005209 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01005210 cfgerr++;
5211 }
5212
Willy Tarreaufce03112015-01-15 21:32:40 +01005213 /* Automatic memory computations need to know we use SSL there */
5214 global.ssl_used_backend = 1;
5215
5216 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005217 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005218 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005219 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
5220 curproxy->id, srv->id,
5221 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005222 cfgerr++;
5223 return cfgerr;
5224 }
5225 }
Emeric Brun94324a42012-10-11 14:00:19 +02005226 if (srv->use_ssl)
5227 srv->xprt = &ssl_sock;
5228 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01005229 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02005230
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005231 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005232 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005233 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
5234 proxy_type_str(curproxy), curproxy->id,
5235 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02005236 cfgerr++;
5237 return cfgerr;
5238 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005239
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005240 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01005241 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
5242 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5243 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005244 else
5245 flags = conf_ssl_methods->flags;
5246
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005247 /* Real min and max should be determinate with configuration and openssl's capabilities */
5248 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005249 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005250 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005251 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005252
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005253 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005254 min = max = CONF_TLSV_NONE;
5255 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005256 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005257 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005258 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005259 if (min) {
5260 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005261 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
5262 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5263 proxy_type_str(curproxy), curproxy->id, srv->id,
5264 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005265 hole = 0;
5266 }
5267 max = i;
5268 }
5269 else {
5270 min = max = i;
5271 }
5272 }
5273 else {
5274 if (min)
5275 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005276 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005277 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005278 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
5279 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005280 cfgerr += 1;
5281 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005282
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005283#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005284 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08005285 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005286 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005287 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005288 else
5289 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
5290 if (flags & methodVersions[i].flag)
5291 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005292#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005293 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005294 methodVersions[min].ctx_set_version(ctx, SET_MIN);
5295 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005296#endif
5297
5298 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
5299 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005300 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005301
Willy Tarreau5db847a2019-05-09 14:13:35 +02005302#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005303 if (global_ssl.async)
5304 mode |= SSL_MODE_ASYNC;
5305#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005306 SSL_CTX_set_mode(ctx, mode);
5307 srv->ssl_ctx.ctx = ctx;
5308
Emeric Bruna7aa3092012-10-26 12:58:00 +02005309 if (srv->ssl_ctx.client_crt) {
5310 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005311 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
5312 proxy_type_str(curproxy), curproxy->id,
5313 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005314 cfgerr++;
5315 }
5316 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005317 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
5318 proxy_type_str(curproxy), curproxy->id,
5319 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005320 cfgerr++;
5321 }
5322 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005323 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
5324 proxy_type_str(curproxy), curproxy->id,
5325 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005326 cfgerr++;
5327 }
5328 }
Emeric Brun94324a42012-10-11 14:00:19 +02005329
Emeric Brun850efd52014-01-29 12:24:34 +01005330 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
5331 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01005332 switch (srv->ssl_ctx.verify) {
5333 case SSL_SOCK_VERIFY_NONE:
5334 verify = SSL_VERIFY_NONE;
5335 break;
5336 case SSL_SOCK_VERIFY_REQUIRED:
5337 verify = SSL_VERIFY_PEER;
5338 break;
5339 }
Evan Broderbe554312013-06-27 00:05:25 -07005340 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01005341 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02005342 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01005343 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02005344 if (srv->ssl_ctx.ca_file) {
5345 /* load CAfile to verify */
5346 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005347 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
5348 curproxy->id, srv->id,
5349 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005350 cfgerr++;
5351 }
5352 }
Emeric Brun850efd52014-01-29 12:24:34 +01005353 else {
5354 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01005355 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
5356 curproxy->id, srv->id,
5357 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005358 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01005359 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
5360 curproxy->id, srv->id,
5361 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005362 cfgerr++;
5363 }
Emeric Brunef42d922012-10-11 16:11:36 +02005364#ifdef X509_V_FLAG_CRL_CHECK
5365 if (srv->ssl_ctx.crl_file) {
5366 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
5367
5368 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005369 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
5370 curproxy->id, srv->id,
5371 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005372 cfgerr++;
5373 }
5374 else {
5375 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5376 }
5377 }
5378#endif
5379 }
5380
Olivier Houchardbd84ac82017-11-03 13:43:35 +01005381 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
5382 SSL_SESS_CACHE_NO_INTERNAL_STORE);
5383 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02005384 if (srv->ssl_ctx.ciphers &&
5385 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005386 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
5387 curproxy->id, srv->id,
5388 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02005389 cfgerr++;
5390 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005391
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005392#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005393 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00005394 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005395 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
5396 curproxy->id, srv->id,
5397 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
5398 cfgerr++;
5399 }
5400#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01005401#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
5402 if (srv->ssl_ctx.npn_str)
5403 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
5404#endif
5405#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5406 if (srv->ssl_ctx.alpn_str)
5407 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
5408#endif
5409
Emeric Brun94324a42012-10-11 14:00:19 +02005410
5411 return cfgerr;
5412}
5413
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005414/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005415 * be NULL, in which case nothing is done. Returns the number of errors
5416 * encountered.
5417 */
Willy Tarreau03209342016-12-22 17:08:28 +01005418int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005419{
5420 struct ebmb_node *node;
5421 struct sni_ctx *sni;
5422 int err = 0;
5423
Willy Tarreaufce03112015-01-15 21:32:40 +01005424 /* Automatic memory computations need to know we use SSL there */
5425 global.ssl_used_frontend = 1;
5426
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005427 /* Make sure openssl opens /dev/urandom before the chroot */
5428 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005429 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005430 err++;
5431 }
5432 /* Create initial_ctx used to start the ssl connection before do switchctx */
5433 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005434 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005435 /* It should not be necessary to call this function, but it's
5436 necessary first to check and move all initialisation related
5437 to initial_ctx in ssl_sock_initial_ctx. */
5438 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
5439 }
Emeric Brun0bed9942014-10-30 19:25:24 +01005440 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005441 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01005442
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005443 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005444 while (node) {
5445 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005446 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5447 /* only initialize the CTX on its first occurrence and
5448 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005449 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005450 node = ebmb_next(node);
5451 }
5452
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005453 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005454 while (node) {
5455 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005456 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5457 /* only initialize the CTX on its first occurrence and
5458 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005459 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005460 node = ebmb_next(node);
5461 }
5462 return err;
5463}
5464
Willy Tarreau55d37912016-12-21 23:38:39 +01005465/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5466 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5467 * alerts are directly emitted since the rest of the stack does it below.
5468 */
5469int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5470{
5471 struct proxy *px = bind_conf->frontend;
5472 int alloc_ctx;
5473 int err;
5474
5475 if (!bind_conf->is_ssl) {
5476 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005477 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5478 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005479 }
5480 return 0;
5481 }
5482 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005483 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005484 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5485 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005486 }
5487 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005488 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5489 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005490 return -1;
5491 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005492 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005493 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005494 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005495 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005496 sizeof(*sh_ssl_sess_tree),
5497 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005498 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005499 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5500 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5501 else
5502 ha_alert("Unable to allocate SSL session cache.\n");
5503 return -1;
5504 }
5505 /* free block callback */
5506 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5507 /* init the root tree within the extra space */
5508 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5509 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005510 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005511 err = 0;
5512 /* initialize all certificate contexts */
5513 err += ssl_sock_prepare_all_ctx(bind_conf);
5514
5515 /* initialize CA variables if the certificates generation is enabled */
5516 err += ssl_sock_load_ca(bind_conf);
5517
5518 return -err;
5519}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005520
5521/* release ssl context allocated for servers. */
5522void ssl_sock_free_srv_ctx(struct server *srv)
5523{
Olivier Houchardc7566002018-11-20 23:33:50 +01005524#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5525 if (srv->ssl_ctx.alpn_str)
5526 free(srv->ssl_ctx.alpn_str);
5527#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005528#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005529 if (srv->ssl_ctx.npn_str)
5530 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005531#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005532 if (srv->ssl_ctx.ctx)
5533 SSL_CTX_free(srv->ssl_ctx.ctx);
5534}
5535
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005536/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005537 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5538 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005539void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005540{
5541 struct ebmb_node *node, *back;
5542 struct sni_ctx *sni;
5543
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005544 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005545 while (node) {
5546 sni = ebmb_entry(node, struct sni_ctx, name);
5547 back = ebmb_next(node);
5548 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005549 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005550 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005551 ssl_sock_free_ssl_conf(sni->conf);
5552 free(sni->conf);
5553 sni->conf = NULL;
5554 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005555 free(sni);
5556 node = back;
5557 }
5558
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005559 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005560 while (node) {
5561 sni = ebmb_entry(node, struct sni_ctx, name);
5562 back = ebmb_next(node);
5563 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005564 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005565 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005566 ssl_sock_free_ssl_conf(sni->conf);
5567 free(sni->conf);
5568 sni->conf = NULL;
5569 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005570 free(sni);
5571 node = back;
5572 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005573 SSL_CTX_free(bind_conf->initial_ctx);
5574 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005575 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005576 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005577}
5578
Willy Tarreau795cdab2016-12-22 17:30:54 +01005579/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5580void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5581{
5582 ssl_sock_free_ca(bind_conf);
5583 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005584 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005585 free(bind_conf->ca_sign_file);
5586 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005587 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005588 free(bind_conf->keys_ref->filename);
5589 free(bind_conf->keys_ref->tlskeys);
5590 LIST_DEL(&bind_conf->keys_ref->list);
5591 free(bind_conf->keys_ref);
5592 }
5593 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005594 bind_conf->ca_sign_pass = NULL;
5595 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005596}
5597
Christopher Faulet31af49d2015-06-09 17:29:50 +02005598/* Load CA cert file and private key used to generate certificates */
5599int
Willy Tarreau03209342016-12-22 17:08:28 +01005600ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005601{
Willy Tarreau03209342016-12-22 17:08:28 +01005602 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005603 FILE *fp;
5604 X509 *cacert = NULL;
5605 EVP_PKEY *capkey = NULL;
5606 int err = 0;
5607
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005608 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005609 return err;
5610
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005611#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005612 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005613 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005614 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005615 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005616 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005617#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005618
Christopher Faulet31af49d2015-06-09 17:29:50 +02005619 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005620 ha_alert("Proxy '%s': cannot enable certificate generation, "
5621 "no CA certificate File configured at [%s:%d].\n",
5622 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005623 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005624 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005625
5626 /* read in the CA certificate */
5627 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005628 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5629 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005630 goto load_error;
5631 }
5632 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005633 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5634 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005635 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005636 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005637 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005638 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005639 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5640 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005641 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005642 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005643
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005644 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005645 bind_conf->ca_sign_cert = cacert;
5646 bind_conf->ca_sign_pkey = capkey;
5647 return err;
5648
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005649 read_error:
5650 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005651 if (capkey) EVP_PKEY_free(capkey);
5652 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005653 load_error:
5654 bind_conf->generate_certs = 0;
5655 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005656 return err;
5657}
5658
5659/* Release CA cert and private key used to generate certificated */
5660void
5661ssl_sock_free_ca(struct bind_conf *bind_conf)
5662{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005663 if (bind_conf->ca_sign_pkey)
5664 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5665 if (bind_conf->ca_sign_cert)
5666 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005667 bind_conf->ca_sign_pkey = NULL;
5668 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005669}
5670
Emeric Brun46591952012-05-18 15:47:34 +02005671/*
5672 * This function is called if SSL * context is not yet allocated. The function
5673 * is designed to be called before any other data-layer operation and sets the
5674 * handshake flag on the connection. It is safe to call it multiple times.
5675 * It returns 0 on success and -1 in error case.
5676 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005677static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005678{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005679 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005680 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005681 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005682 return 0;
5683
Willy Tarreau3c728722014-01-23 13:50:42 +01005684 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005685 return 0;
5686
Olivier Houchard66ab4982019-02-26 18:37:15 +01005687 ctx = pool_alloc(ssl_sock_ctx_pool);
5688 if (!ctx) {
5689 conn->err_code = CO_ER_SSL_NO_MEM;
5690 return -1;
5691 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005692 ctx->wait_event.tasklet = tasklet_new();
5693 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005694 conn->err_code = CO_ER_SSL_NO_MEM;
5695 pool_free(ssl_sock_ctx_pool, ctx);
5696 return -1;
5697 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005698 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5699 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005700 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005701 ctx->sent_early_data = 0;
5702 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005703 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005704 ctx->send_wait = NULL;
5705 ctx->recv_wait = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005706 ctx->xprt_st = 0;
5707 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005708
5709 /* Only work with sockets for now, this should be adapted when we'll
5710 * add QUIC support.
5711 */
5712 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005713 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005714 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5715 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005716 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005717
Willy Tarreau20879a02012-12-03 16:32:10 +01005718 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5719 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005720 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005721 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005722
Emeric Brun46591952012-05-18 15:47:34 +02005723 /* If it is in client mode initiate SSL session
5724 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005725 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005726 int may_retry = 1;
5727
5728 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005729 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005730 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5731 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005732 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005733 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005734 goto retry_connect;
5735 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005736 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005737 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005738 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005739 ctx->bio = BIO_new(ha_meth);
5740 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005741 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005742 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005743 goto retry_connect;
5744 }
Emeric Brun55476152014-11-12 17:35:37 +01005745 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005746 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005747 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005748 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005749 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005750
Evan Broderbe554312013-06-27 00:05:25 -07005751 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005752 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5753 SSL_free(ctx->ssl);
5754 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005755 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005756 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005757 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005758 goto retry_connect;
5759 }
Emeric Brun55476152014-11-12 17:35:37 +01005760 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005761 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005762 }
5763
Olivier Houchard66ab4982019-02-26 18:37:15 +01005764 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005765 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5766 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5767 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005768 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005769 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005770 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5771 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005772 } else if (sess) {
5773 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005774 }
5775 }
Evan Broderbe554312013-06-27 00:05:25 -07005776
Emeric Brun46591952012-05-18 15:47:34 +02005777 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005778 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005779
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005780 _HA_ATOMIC_ADD(&sslconns, 1);
5781 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005782 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005783 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005784 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005785 if (conn->flags & CO_FL_ERROR)
5786 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005787 return 0;
5788 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005789 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005790 int may_retry = 1;
5791
5792 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005793 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005794 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5795 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005796 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005797 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005798 goto retry_accept;
5799 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005800 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005801 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005802 }
Emeric Brun46591952012-05-18 15:47:34 +02005803
Olivier Houcharda8955d52019-04-07 22:00:38 +02005804 ctx->bio = BIO_new(ha_meth);
5805 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005806 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005807 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005808 goto retry_accept;
5809 }
Emeric Brun55476152014-11-12 17:35:37 +01005810 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005811 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005812 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005813 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005814 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005815
Emeric Brune1f38db2012-09-03 20:36:47 +02005816 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005817 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5818 SSL_free(ctx->ssl);
5819 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005820 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005821 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005822 goto retry_accept;
5823 }
Emeric Brun55476152014-11-12 17:35:37 +01005824 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005825 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005826 }
5827
Olivier Houchard66ab4982019-02-26 18:37:15 +01005828 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005829
Emeric Brun46591952012-05-18 15:47:34 +02005830 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005831 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02005832#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005833 conn->flags |= CO_FL_EARLY_SSL_HS;
5834#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005835
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005836 _HA_ATOMIC_ADD(&sslconns, 1);
5837 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005838 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005839 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005840 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005841 if (conn->flags & CO_FL_ERROR)
5842 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005843 return 0;
5844 }
5845 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005846 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005847err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005848 if (ctx && ctx->wait_event.tasklet)
5849 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005850 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005851 return -1;
5852}
5853
5854
5855/* This is the callback which is used when an SSL handshake is pending. It
5856 * updates the FD status if it wants some polling before being called again.
5857 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5858 * otherwise it returns non-zero and removes itself from the connection's
5859 * flags (the bit is provided in <flag> by the caller).
5860 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005861static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005862{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005863 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005864 int ret;
5865
Willy Tarreau3c728722014-01-23 13:50:42 +01005866 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005867 return 0;
5868
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005869 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005870 goto out_error;
5871
Willy Tarreau5db847a2019-05-09 14:13:35 +02005872#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005873 /*
5874 * Check if we have early data. If we do, we have to read them
5875 * before SSL_do_handshake() is called, And there's no way to
5876 * detect early data, except to try to read them
5877 */
5878 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5879 size_t read_data;
5880
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005881 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005882 1, &read_data);
5883 if (ret == SSL_READ_EARLY_DATA_ERROR)
5884 goto check_error;
5885 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5886 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5887 return 1;
5888 } else
5889 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5890 }
5891#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005892 /* If we use SSL_do_handshake to process a reneg initiated by
5893 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5894 * Usually SSL_write and SSL_read are used and process implicitly
5895 * the reneg handshake.
5896 * Here we use SSL_peek as a workaround for reneg.
5897 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005898 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005899 char c;
5900
Olivier Houchard66ab4982019-02-26 18:37:15 +01005901 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005902 if (ret <= 0) {
5903 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005904 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005905
Emeric Brun674b7432012-11-08 19:21:55 +01005906 if (ret == SSL_ERROR_WANT_WRITE) {
5907 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005908 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005909 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005910 return 0;
5911 }
5912 else if (ret == SSL_ERROR_WANT_READ) {
5913 /* handshake may have been completed but we have
5914 * no more data to read.
5915 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005916 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005917 ret = 1;
5918 goto reneg_ok;
5919 }
5920 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005921 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005922 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005923 return 0;
5924 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005925#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005926 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005927 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005928 return 0;
5929 }
5930#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005931 else if (ret == SSL_ERROR_SYSCALL) {
5932 /* if errno is null, then connection was successfully established */
5933 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5934 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005935 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005936#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5937 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005938 conn->err_code = CO_ER_SSL_HANDSHAKE;
5939#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005940 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005941#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005942 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005943 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005944 empty_handshake = state == TLS_ST_BEFORE;
5945#else
Lukas Tribus49799162019-07-08 14:29:15 +02005946 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5947 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005948#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005949 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005950 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005951 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005952 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5953 else
5954 conn->err_code = CO_ER_SSL_EMPTY;
5955 }
5956 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005957 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005958 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5959 else
5960 conn->err_code = CO_ER_SSL_ABORT;
5961 }
5962 }
5963 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005964 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005965 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005966 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005967 conn->err_code = CO_ER_SSL_HANDSHAKE;
5968 }
Lukas Tribus49799162019-07-08 14:29:15 +02005969#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005970 }
Emeric Brun674b7432012-11-08 19:21:55 +01005971 goto out_error;
5972 }
5973 else {
5974 /* Fail on all other handshake errors */
5975 /* Note: OpenSSL may leave unread bytes in the socket's
5976 * buffer, causing an RST to be emitted upon close() on
5977 * TCP sockets. We first try to drain possibly pending
5978 * data to avoid this as much as possible.
5979 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005980 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005981 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005982 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005983 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005984 goto out_error;
5985 }
5986 }
5987 /* read some data: consider handshake completed */
5988 goto reneg_ok;
5989 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005990 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005991check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005992 if (ret != 1) {
5993 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005994 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005995
5996 if (ret == SSL_ERROR_WANT_WRITE) {
5997 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005998 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005999 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006000 return 0;
6001 }
6002 else if (ret == SSL_ERROR_WANT_READ) {
6003 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02006004 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006005 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6006 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006007 return 0;
6008 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006009#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006010 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006011 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006012 return 0;
6013 }
6014#endif
Willy Tarreau89230192012-09-28 20:22:13 +02006015 else if (ret == SSL_ERROR_SYSCALL) {
6016 /* if errno is null, then connection was successfully established */
6017 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6018 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006019 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006020#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6021 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006022 conn->err_code = CO_ER_SSL_HANDSHAKE;
6023#else
6024 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006025#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006026 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006027 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006028 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006029#else
Lukas Tribus49799162019-07-08 14:29:15 +02006030 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6031 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006032#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006033 if (empty_handshake) {
6034 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006035 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006036 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6037 else
6038 conn->err_code = CO_ER_SSL_EMPTY;
6039 }
6040 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006041 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006042 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6043 else
6044 conn->err_code = CO_ER_SSL_ABORT;
6045 }
Emeric Brun29f037d2014-04-25 19:05:36 +02006046 }
6047 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006048 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006049 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6050 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006051 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02006052 }
Lukas Tribus49799162019-07-08 14:29:15 +02006053#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02006054 }
Willy Tarreau89230192012-09-28 20:22:13 +02006055 goto out_error;
6056 }
Emeric Brun46591952012-05-18 15:47:34 +02006057 else {
6058 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02006059 /* Note: OpenSSL may leave unread bytes in the socket's
6060 * buffer, causing an RST to be emitted upon close() on
6061 * TCP sockets. We first try to drain possibly pending
6062 * data to avoid this as much as possible.
6063 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006064 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006065 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006066 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006067 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006068 goto out_error;
6069 }
6070 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006071#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01006072 else {
6073 /*
6074 * If the server refused the early data, we have to send a
6075 * 425 to the client, as we no longer have the data to sent
6076 * them again.
6077 */
6078 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006079 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006080 conn->err_code = CO_ER_SSL_EARLY_FAILED;
6081 goto out_error;
6082 }
6083 }
6084 }
6085#endif
6086
Emeric Brun46591952012-05-18 15:47:34 +02006087
Emeric Brun674b7432012-11-08 19:21:55 +01006088reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00006089
Willy Tarreau5db847a2019-05-09 14:13:35 +02006090#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006091 /* ASYNC engine API doesn't support moving read/write
6092 * buffers. So we disable ASYNC mode right after
6093 * the handshake to avoid buffer oveflows.
6094 */
6095 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006096 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006097#endif
Emeric Brun46591952012-05-18 15:47:34 +02006098 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006099 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006100 if (objt_server(conn->target)) {
6101 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
6102 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
6103 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02006104 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006105 else {
6106 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
6107 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
6108 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
6109 }
Emeric Brun46591952012-05-18 15:47:34 +02006110 }
6111
6112 /* The connection is now established at both layers, it's time to leave */
6113 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
6114 return 1;
6115
6116 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006117 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006118 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006119 ERR_clear_error();
6120
Emeric Brun9fa89732012-10-04 17:09:56 +02006121 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02006122 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
6123 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
6124 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02006125 }
6126
Emeric Brun46591952012-05-18 15:47:34 +02006127 /* Fail on all other handshake errors */
6128 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01006129 if (!conn->err_code)
6130 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006131 return 0;
6132}
6133
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006134static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006135{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006136 struct wait_event *sw;
6137 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006138
Olivier Houchard0ff28652019-06-24 18:57:39 +02006139 if (!ctx)
6140 return -1;
6141
Olivier Houchardea8dd942019-05-20 14:02:16 +02006142 if (event_type & SUB_RETRY_RECV) {
6143 sw = param;
6144 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
6145 sw->events |= SUB_RETRY_RECV;
6146 ctx->recv_wait = sw;
6147 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6148 !(ctx->wait_event.events & SUB_RETRY_RECV))
6149 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
6150 event_type &= ~SUB_RETRY_RECV;
6151 }
6152 if (event_type & SUB_RETRY_SEND) {
6153sw = param;
6154 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
6155 sw->events |= SUB_RETRY_SEND;
6156 ctx->send_wait = sw;
6157 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6158 !(ctx->wait_event.events & SUB_RETRY_SEND))
6159 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
6160 event_type &= ~SUB_RETRY_SEND;
6161
6162 }
6163 if (event_type != 0)
6164 return -1;
6165 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006166}
6167
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006168static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006169{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006170 struct wait_event *sw;
6171 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006172
Olivier Houchardea8dd942019-05-20 14:02:16 +02006173 if (event_type & SUB_RETRY_RECV) {
6174 sw = param;
6175 BUG_ON(ctx->recv_wait != sw);
6176 ctx->recv_wait = NULL;
6177 sw->events &= ~SUB_RETRY_RECV;
6178 /* If we subscribed, and we're not doing the handshake,
6179 * then we subscribed because the upper layer asked for it,
6180 * as the upper layer is no longer interested, we can
6181 * unsubscribe too.
6182 */
6183 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6184 (ctx->wait_event.events & SUB_RETRY_RECV))
6185 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
6186 &ctx->wait_event);
6187 }
6188 if (event_type & SUB_RETRY_SEND) {
6189 sw = param;
6190 BUG_ON(ctx->send_wait != sw);
6191 ctx->send_wait = NULL;
6192 sw->events &= ~SUB_RETRY_SEND;
6193 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6194 (ctx->wait_event.events & SUB_RETRY_SEND))
6195 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
6196 &ctx->wait_event);
6197
6198 }
6199
6200 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006201}
6202
Olivier Houchard2e055482019-05-27 19:50:12 +02006203/* Use the provided XPRT as an underlying XPRT, and provide the old one.
6204 * Returns 0 on success, and non-zero on failure.
6205 */
6206static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
6207{
6208 struct ssl_sock_ctx *ctx = xprt_ctx;
6209
6210 if (oldxprt_ops != NULL)
6211 *oldxprt_ops = ctx->xprt;
6212 if (oldxprt_ctx != NULL)
6213 *oldxprt_ctx = ctx->xprt_ctx;
6214 ctx->xprt = toadd_ops;
6215 ctx->xprt_ctx = toadd_ctx;
6216 return 0;
6217}
6218
Olivier Houchard5149b592019-05-23 17:47:36 +02006219/* Remove the specified xprt. If if it our underlying XPRT, remove it and
6220 * return 0, otherwise just call the remove_xprt method from the underlying
6221 * XPRT.
6222 */
6223static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
6224{
6225 struct ssl_sock_ctx *ctx = xprt_ctx;
6226
6227 if (ctx->xprt_ctx == toremove_ctx) {
6228 ctx->xprt_ctx = newctx;
6229 ctx->xprt = newops;
6230 return 0;
6231 }
6232 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
6233}
6234
Olivier Houchardea8dd942019-05-20 14:02:16 +02006235static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
6236{
6237 struct ssl_sock_ctx *ctx = context;
6238
6239 /* First if we're doing an handshake, try that */
6240 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
6241 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
6242 /* If we had an error, or the handshake is done and I/O is available,
6243 * let the upper layer know.
6244 * If no mux was set up yet, and nobody subscribed, then call
6245 * xprt_done_cb() ourself if it's set, or destroy the connection,
6246 * we can't be sure conn_fd_handler() will be called again.
6247 */
6248 if ((ctx->conn->flags & CO_FL_ERROR) ||
6249 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
6250 int ret = 0;
6251 int woke = 0;
6252
6253 /* On error, wake any waiter */
6254 if (ctx->recv_wait) {
6255 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006256 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006257 ctx->recv_wait = NULL;
6258 woke = 1;
6259 }
6260 if (ctx->send_wait) {
6261 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006262 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006263 ctx->send_wait = NULL;
6264 woke = 1;
6265 }
6266 /* If we're the first xprt for the connection, let the
6267 * upper layers know. If xprt_done_cb() is set, call it,
6268 * otherwise, we should have a mux, so call its wake
6269 * method if we didn't woke a tasklet already.
6270 */
6271 if (ctx->conn->xprt_ctx == ctx) {
6272 if (ctx->conn->xprt_done_cb)
6273 ret = ctx->conn->xprt_done_cb(ctx->conn);
6274 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
6275 ctx->conn->mux->wake(ctx->conn);
6276 return NULL;
6277 }
6278 }
6279 return NULL;
6280}
6281
Emeric Brun46591952012-05-18 15:47:34 +02006282/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01006283 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02006284 * buffer wraps, in which case a second call may be performed. The connection's
6285 * flags are updated with whatever special event is detected (error, read0,
6286 * empty). The caller is responsible for taking care of those events and
6287 * avoiding the call if inappropriate. The function does not call the
6288 * connection's polling update function, so the caller is responsible for this.
6289 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006290static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006291{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006292 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02006293 ssize_t ret;
6294 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02006295
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006296 conn_refresh_polling_flags(conn);
6297
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006298 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006299 goto out_error;
6300
6301 if (conn->flags & CO_FL_HANDSHAKE)
6302 /* a handshake was requested */
6303 return 0;
6304
Emeric Brun46591952012-05-18 15:47:34 +02006305 /* read the largest possible block. For this, we perform only one call
6306 * to recv() unless the buffer wraps and we exactly fill the first hunk,
6307 * in which case we accept to do it once again. A new attempt is made on
6308 * EINTR too.
6309 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01006310 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006311 int need_out = 0;
6312
Willy Tarreau591d4452018-06-15 17:21:00 +02006313 try = b_contig_space(buf);
6314 if (!try)
6315 break;
6316
Willy Tarreauabf08d92014-01-14 11:31:27 +01006317 if (try > count)
6318 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02006319
Olivier Houchardc2aae742017-09-22 18:26:28 +02006320 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006321 ctx->tmp_early_data != -1) {
6322 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006323 done++;
6324 try--;
6325 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02006326 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006327 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006328 continue;
6329 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01006330
Willy Tarreau5db847a2019-05-09 14:13:35 +02006331#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006332 if (conn->flags & CO_FL_EARLY_SSL_HS) {
6333 size_t read_length;
6334
Olivier Houchard66ab4982019-02-26 18:37:15 +01006335 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02006336 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01006337 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
6338 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006339 conn->flags |= CO_FL_EARLY_DATA;
6340 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
6341 ret == SSL_READ_EARLY_DATA_FINISH) {
6342 if (ret == SSL_READ_EARLY_DATA_FINISH) {
6343 /*
6344 * We're done reading the early data,
6345 * let's make the handshake
6346 */
6347 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6348 conn->flags |= CO_FL_SSL_WAIT_HS;
6349 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006350 /* Now initiate the handshake */
6351 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006352 if (read_length == 0)
6353 break;
6354 }
6355 ret = read_length;
6356 }
6357 } else
6358#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006359 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006360
Emeric Brune1f38db2012-09-03 20:36:47 +02006361 if (conn->flags & CO_FL_ERROR) {
6362 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006363 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006364 }
Emeric Brun46591952012-05-18 15:47:34 +02006365 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02006366 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006367 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006368 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006369 }
Emeric Brun46591952012-05-18 15:47:34 +02006370 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006371 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006372 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006373 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02006374 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006375 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006376#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006377 /* Async mode can be re-enabled, because we're leaving data state.*/
6378 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006379 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006380#endif
Emeric Brun46591952012-05-18 15:47:34 +02006381 break;
6382 }
6383 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006384 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006385 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6386 SUB_RETRY_RECV,
6387 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01006388 /* handshake is running, and it may need to re-enable read */
6389 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006390#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006391 /* Async mode can be re-enabled, because we're leaving data state.*/
6392 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006393 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006394#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006395 break;
6396 }
Emeric Brun46591952012-05-18 15:47:34 +02006397 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006398 } else if (ret == SSL_ERROR_ZERO_RETURN)
6399 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006400 /* For SSL_ERROR_SYSCALL, make sure to clear the error
6401 * stack before shutting down the connection for
6402 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006403 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
6404 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02006405 /* otherwise it's a real error */
6406 goto out_error;
6407 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006408 if (need_out)
6409 break;
Emeric Brun46591952012-05-18 15:47:34 +02006410 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006411 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006412 return done;
6413
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006414 clear_ssl_error:
6415 /* Clear openssl global errors stack */
6416 ssl_sock_dump_errors(conn);
6417 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02006418 read0:
6419 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006420 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006421
Emeric Brun46591952012-05-18 15:47:34 +02006422 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006423 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01006424 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006425 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006426 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006427 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006428}
6429
6430
Willy Tarreau787db9a2018-06-14 18:31:46 +02006431/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
6432 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
6433 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02006434 * Only one call to send() is performed, unless the buffer wraps, in which case
6435 * a second call may be performed. The connection's flags are updated with
6436 * whatever special event is detected (error, empty). The caller is responsible
6437 * for taking care of those events and avoiding the call if inappropriate. The
6438 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02006439 * is responsible for this. The buffer's output is not adjusted, it's up to the
6440 * caller to take care of this. It's up to the caller to update the buffer's
6441 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02006442 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006443static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006444{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006445 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006446 ssize_t ret;
6447 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02006448
6449 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006450 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02006451
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006452 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006453 goto out_error;
6454
Olivier Houchard010941f2019-05-03 20:56:19 +02006455 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006456 /* a handshake was requested */
6457 return 0;
6458
6459 /* send the largest possible block. For this we perform only one call
6460 * to send() unless the buffer wraps and we exactly fill the first hunk,
6461 * in which case we accept to do it once again.
6462 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006463 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02006464#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006465 size_t written_data;
6466#endif
6467
Willy Tarreau787db9a2018-06-14 18:31:46 +02006468 try = b_contig_data(buf, done);
6469 if (try > count)
6470 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006471
Willy Tarreau7bed9452014-02-02 02:00:24 +01006472 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006473 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006474 global_ssl.max_record && try > global_ssl.max_record) {
6475 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006476 }
6477 else {
6478 /* we need to keep the information about the fact that
6479 * we're not limiting the upcoming send(), because if it
6480 * fails, we'll have to retry with at least as many data.
6481 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006482 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006483 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006484
Willy Tarreau5db847a2019-05-09 14:13:35 +02006485#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006486 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006487 unsigned int max_early;
6488
Olivier Houchard522eea72017-11-03 16:27:47 +01006489 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006490 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006491 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006492 if (SSL_get0_session(ctx->ssl))
6493 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006494 else
6495 max_early = 0;
6496 }
6497
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006498 if (try + ctx->sent_early_data > max_early) {
6499 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006500 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006501 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006502 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006503 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006504 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006505 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006506 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006507 if (ret == 1) {
6508 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006509 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006510 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006511 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006512 /* Initiate the handshake, now */
6513 tasklet_wakeup(ctx->wait_event.tasklet);
6514 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006515
Olivier Houchardc2aae742017-09-22 18:26:28 +02006516 }
6517
6518 } else
6519#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006520 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006521
Emeric Brune1f38db2012-09-03 20:36:47 +02006522 if (conn->flags & CO_FL_ERROR) {
6523 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006524 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006525 }
Emeric Brun46591952012-05-18 15:47:34 +02006526 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006527 /* A send succeeded, so we can consier ourself connected */
6528 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006529 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006530 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006531 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006532 }
6533 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006534 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006535
Emeric Brun46591952012-05-18 15:47:34 +02006536 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006537 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006538 /* handshake is running, and it may need to re-enable write */
6539 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006540 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006541#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006542 /* Async mode can be re-enabled, because we're leaving data state.*/
6543 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006544 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006545#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006546 break;
6547 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006548
Emeric Brun46591952012-05-18 15:47:34 +02006549 break;
6550 }
6551 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006552 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006553 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006554 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6555 SUB_RETRY_RECV,
6556 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006557#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006558 /* Async mode can be re-enabled, because we're leaving data state.*/
6559 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006560 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006561#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006562 break;
6563 }
Emeric Brun46591952012-05-18 15:47:34 +02006564 goto out_error;
6565 }
6566 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006567 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006568 return done;
6569
6570 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006571 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006572 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006573 ERR_clear_error();
6574
Emeric Brun46591952012-05-18 15:47:34 +02006575 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006576 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006577}
6578
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006579static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006580
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006581 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006582
Olivier Houchardea8dd942019-05-20 14:02:16 +02006583
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006584 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006585 if (ctx->wait_event.events != 0)
6586 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6587 ctx->wait_event.events,
6588 &ctx->wait_event);
6589 if (ctx->send_wait) {
6590 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006591 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006592 }
6593 if (ctx->recv_wait) {
6594 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006595 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006596 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006597 if (ctx->xprt->close)
6598 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006599#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006600 if (global_ssl.async) {
6601 OSSL_ASYNC_FD all_fd[32], afd;
6602 size_t num_all_fds = 0;
6603 int i;
6604
Olivier Houchard66ab4982019-02-26 18:37:15 +01006605 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006606 if (num_all_fds > 32) {
6607 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6608 return;
6609 }
6610
Olivier Houchard66ab4982019-02-26 18:37:15 +01006611 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006612
6613 /* If an async job is pending, we must try to
6614 to catch the end using polling before calling
6615 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006616 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006617 for (i=0 ; i < num_all_fds ; i++) {
6618 /* switch on an handler designed to
6619 * handle the SSL_free
6620 */
6621 afd = all_fd[i];
6622 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006623 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006624 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006625 /* To ensure that the fd cache won't be used
6626 * and we'll catch a real RD event.
6627 */
6628 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006629 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006630 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006631 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006632 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006633 return;
6634 }
Emeric Brun3854e012017-05-17 20:42:48 +02006635 /* Else we can remove the fds from the fdtab
6636 * and call SSL_free.
6637 * note: we do a fd_remove and not a delete
6638 * because the fd is owned by the engine.
6639 * the engine is responsible to close
6640 */
6641 for (i=0 ; i < num_all_fds ; i++)
6642 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006643 }
6644#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006645 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006646 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006647 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006648 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006649 }
Emeric Brun46591952012-05-18 15:47:34 +02006650}
6651
6652/* This function tries to perform a clean shutdown on an SSL connection, and in
6653 * any case, flags the connection as reusable if no handshake was in progress.
6654 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006655static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006656{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006657 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006658
Emeric Brun46591952012-05-18 15:47:34 +02006659 if (conn->flags & CO_FL_HANDSHAKE)
6660 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006661 if (!clean)
6662 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006663 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006664 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006665 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006666 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006667 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006668 ERR_clear_error();
6669 }
Emeric Brun46591952012-05-18 15:47:34 +02006670}
6671
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006672/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006673int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006674{
Christopher Faulet82004142019-09-10 10:12:03 +02006675 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006676 struct pkey_info *pkinfo;
6677 int bits = 0;
6678 int sig = TLSEXT_signature_anonymous;
6679 int len = -1;
6680
6681 if (!ssl_sock_is_ssl(conn))
6682 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02006683 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006684 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006685 if (pkinfo) {
6686 sig = pkinfo->sig;
6687 bits = pkinfo->bits;
6688 } else {
6689 /* multicert and generated cert have no pkey info */
6690 X509 *crt;
6691 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006692 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006693 if (!crt)
6694 return 0;
6695 pkey = X509_get_pubkey(crt);
6696 if (pkey) {
6697 bits = EVP_PKEY_bits(pkey);
6698 switch(EVP_PKEY_base_id(pkey)) {
6699 case EVP_PKEY_RSA:
6700 sig = TLSEXT_signature_rsa;
6701 break;
6702 case EVP_PKEY_EC:
6703 sig = TLSEXT_signature_ecdsa;
6704 break;
6705 case EVP_PKEY_DSA:
6706 sig = TLSEXT_signature_dsa;
6707 break;
6708 }
6709 EVP_PKEY_free(pkey);
6710 }
6711 }
6712
6713 switch(sig) {
6714 case TLSEXT_signature_rsa:
6715 len = chunk_printf(out, "RSA%d", bits);
6716 break;
6717 case TLSEXT_signature_ecdsa:
6718 len = chunk_printf(out, "EC%d", bits);
6719 break;
6720 case TLSEXT_signature_dsa:
6721 len = chunk_printf(out, "DSA%d", bits);
6722 break;
6723 default:
6724 return 0;
6725 }
6726 if (len < 0)
6727 return 0;
6728 return 1;
6729}
6730
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006731/* used for ppv2 cert signature (can be used for logging) */
6732const char *ssl_sock_get_cert_sig(struct connection *conn)
6733{
Christopher Faulet82004142019-09-10 10:12:03 +02006734 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006735
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006736 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6737 X509 *crt;
6738
6739 if (!ssl_sock_is_ssl(conn))
6740 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006741 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006742 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006743 if (!crt)
6744 return NULL;
6745 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6746 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6747}
6748
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006749/* used for ppv2 authority */
6750const char *ssl_sock_get_sni(struct connection *conn)
6751{
6752#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006753 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006754
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006755 if (!ssl_sock_is_ssl(conn))
6756 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006757 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006758 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006759#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006760 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006761#endif
6762}
6763
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006764/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006765const char *ssl_sock_get_cipher_name(struct connection *conn)
6766{
Christopher Faulet82004142019-09-10 10:12:03 +02006767 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006768
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006769 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006770 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006771 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006772 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006773}
6774
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006775/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006776const char *ssl_sock_get_proto_version(struct connection *conn)
6777{
Christopher Faulet82004142019-09-10 10:12:03 +02006778 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006779
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006780 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006781 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006782 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006783 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006784}
6785
Willy Tarreau8d598402012-10-22 17:58:39 +02006786/* Extract a serial from a cert, and copy it to a chunk.
6787 * Returns 1 if serial is found and copied, 0 if no serial found and
6788 * -1 if output is not large enough.
6789 */
6790static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006791ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006792{
6793 ASN1_INTEGER *serial;
6794
6795 serial = X509_get_serialNumber(crt);
6796 if (!serial)
6797 return 0;
6798
6799 if (out->size < serial->length)
6800 return -1;
6801
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006802 memcpy(out->area, serial->data, serial->length);
6803 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006804 return 1;
6805}
6806
Emeric Brun43e79582014-10-29 19:03:26 +01006807/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006808 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6809 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006810 */
6811static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006812ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006813{
6814 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006815 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006816
6817 len =i2d_X509(crt, NULL);
6818 if (len <= 0)
6819 return 1;
6820
6821 if (out->size < len)
6822 return -1;
6823
6824 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006825 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006826 return 1;
6827}
6828
Emeric Brunce5ad802012-10-22 14:11:22 +02006829
Willy Tarreau83061a82018-07-13 11:56:34 +02006830/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006831 * Returns 1 if serial is found and copied, 0 if no valid time found
6832 * and -1 if output is not large enough.
6833 */
6834static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006835ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006836{
6837 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6838 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6839
6840 if (gentm->length < 12)
6841 return 0;
6842 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6843 return 0;
6844 if (out->size < gentm->length-2)
6845 return -1;
6846
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006847 memcpy(out->area, gentm->data+2, gentm->length-2);
6848 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006849 return 1;
6850 }
6851 else if (tm->type == V_ASN1_UTCTIME) {
6852 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6853
6854 if (utctm->length < 10)
6855 return 0;
6856 if (utctm->data[0] >= 0x35)
6857 return 0;
6858 if (out->size < utctm->length)
6859 return -1;
6860
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006861 memcpy(out->area, utctm->data, utctm->length);
6862 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006863 return 1;
6864 }
6865
6866 return 0;
6867}
6868
Emeric Brun87855892012-10-17 17:39:35 +02006869/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6870 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6871 */
6872static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006873ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6874 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006875{
6876 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006877 ASN1_OBJECT *obj;
6878 ASN1_STRING *data;
6879 const unsigned char *data_ptr;
6880 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006881 int i, j, n;
6882 int cur = 0;
6883 const char *s;
6884 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006885 int name_count;
6886
6887 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006888
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006889 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006890 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006891 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006892 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006893 else
6894 j = i;
6895
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006896 ne = X509_NAME_get_entry(a, j);
6897 obj = X509_NAME_ENTRY_get_object(ne);
6898 data = X509_NAME_ENTRY_get_data(ne);
6899 data_ptr = ASN1_STRING_get0_data(data);
6900 data_len = ASN1_STRING_length(data);
6901 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006902 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006903 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006904 s = tmp;
6905 }
6906
6907 if (chunk_strcasecmp(entry, s) != 0)
6908 continue;
6909
6910 if (pos < 0)
6911 cur--;
6912 else
6913 cur++;
6914
6915 if (cur != pos)
6916 continue;
6917
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006918 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006919 return -1;
6920
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006921 memcpy(out->area, data_ptr, data_len);
6922 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006923 return 1;
6924 }
6925
6926 return 0;
6927
6928}
6929
6930/* Extract and format full DN from a X509_NAME and copy result into a chunk
6931 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6932 */
6933static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006934ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006935{
6936 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006937 ASN1_OBJECT *obj;
6938 ASN1_STRING *data;
6939 const unsigned char *data_ptr;
6940 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006941 int i, n, ln;
6942 int l = 0;
6943 const char *s;
6944 char *p;
6945 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006946 int name_count;
6947
6948
6949 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006950
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006951 out->data = 0;
6952 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006953 for (i = 0; i < name_count; i++) {
6954 ne = X509_NAME_get_entry(a, i);
6955 obj = X509_NAME_ENTRY_get_object(ne);
6956 data = X509_NAME_ENTRY_get_data(ne);
6957 data_ptr = ASN1_STRING_get0_data(data);
6958 data_len = ASN1_STRING_length(data);
6959 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006960 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006961 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006962 s = tmp;
6963 }
6964 ln = strlen(s);
6965
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006966 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006967 if (l > out->size)
6968 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006969 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006970
6971 *(p++)='/';
6972 memcpy(p, s, ln);
6973 p += ln;
6974 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006975 memcpy(p, data_ptr, data_len);
6976 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006977 }
6978
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006979 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006980 return 0;
6981
6982 return 1;
6983}
6984
Olivier Houchardab28a322018-12-21 19:45:40 +01006985void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6986{
6987#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet82004142019-09-10 10:12:03 +02006988 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006989
Olivier Houcharde488ea82019-06-28 14:10:33 +02006990 if (!ssl_sock_is_ssl(conn))
6991 return;
Christopher Faulet82004142019-09-10 10:12:03 +02006992 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006993 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006994#endif
6995}
6996
Willy Tarreau119a4082016-12-22 21:58:38 +01006997/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6998 * to disable SNI.
6999 */
Willy Tarreau63076412015-07-10 11:33:32 +02007000void ssl_sock_set_servername(struct connection *conn, const char *hostname)
7001{
7002#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02007003 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007004
Willy Tarreau119a4082016-12-22 21:58:38 +01007005 char *prev_name;
7006
Willy Tarreau63076412015-07-10 11:33:32 +02007007 if (!ssl_sock_is_ssl(conn))
7008 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007009 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02007010
Willy Tarreau119a4082016-12-22 21:58:38 +01007011 /* if the SNI changes, we must destroy the reusable context so that a
7012 * new connection will present a new SNI. As an optimization we could
7013 * later imagine having a small cache of ssl_ctx to hold a few SNI per
7014 * server.
7015 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007016 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01007017 if ((!prev_name && hostname) ||
7018 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01007019 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01007020
Olivier Houchard66ab4982019-02-26 18:37:15 +01007021 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02007022#endif
7023}
7024
Emeric Brun0abf8362014-06-24 18:26:41 +02007025/* Extract peer certificate's common name into the chunk dest
7026 * Returns
7027 * the len of the extracted common name
7028 * or 0 if no CN found in DN
7029 * or -1 on error case (i.e. no peer certificate)
7030 */
Willy Tarreau83061a82018-07-13 11:56:34 +02007031int ssl_sock_get_remote_common_name(struct connection *conn,
7032 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04007033{
Christopher Faulet82004142019-09-10 10:12:03 +02007034 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04007035 X509 *crt = NULL;
7036 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04007037 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02007038 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007039 .area = (char *)&find_cn,
7040 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04007041 };
Emeric Brun0abf8362014-06-24 18:26:41 +02007042 int result = -1;
David Safb76832014-05-08 23:42:08 -04007043
7044 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02007045 goto out;
Christopher Faulet82004142019-09-10 10:12:03 +02007046 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04007047
7048 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007049 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007050 if (!crt)
7051 goto out;
7052
7053 name = X509_get_subject_name(crt);
7054 if (!name)
7055 goto out;
David Safb76832014-05-08 23:42:08 -04007056
Emeric Brun0abf8362014-06-24 18:26:41 +02007057 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
7058out:
David Safb76832014-05-08 23:42:08 -04007059 if (crt)
7060 X509_free(crt);
7061
7062 return result;
7063}
7064
Dave McCowan328fb582014-07-30 10:39:13 -04007065/* returns 1 if client passed a certificate for this session, 0 if not */
7066int ssl_sock_get_cert_used_sess(struct connection *conn)
7067{
Christopher Faulet82004142019-09-10 10:12:03 +02007068 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007069 X509 *crt = NULL;
7070
7071 if (!ssl_sock_is_ssl(conn))
7072 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007073 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007074
7075 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007076 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04007077 if (!crt)
7078 return 0;
7079
7080 X509_free(crt);
7081 return 1;
7082}
7083
7084/* returns 1 if client passed a certificate for this connection, 0 if not */
7085int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04007086{
Christopher Faulet82004142019-09-10 10:12:03 +02007087 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007088
David Safb76832014-05-08 23:42:08 -04007089 if (!ssl_sock_is_ssl(conn))
7090 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007091 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007092 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04007093}
7094
7095/* returns result from SSL verify */
7096unsigned int ssl_sock_get_verify_result(struct connection *conn)
7097{
Christopher Faulet82004142019-09-10 10:12:03 +02007098 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007099
David Safb76832014-05-08 23:42:08 -04007100 if (!ssl_sock_is_ssl(conn))
7101 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet82004142019-09-10 10:12:03 +02007102 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007103 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007104}
7105
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007106/* Returns the application layer protocol name in <str> and <len> when known.
7107 * Zero is returned if the protocol name was not found, otherwise non-zero is
7108 * returned. The string is allocated in the SSL context and doesn't have to be
7109 * freed by the caller. NPN is also checked if available since older versions
7110 * of openssl (1.0.1) which are more common in field only support this one.
7111 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007112static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007113{
Olivier Houchard66ab4982019-02-26 18:37:15 +01007114#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
7115 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007116 struct ssl_sock_ctx *ctx = xprt_ctx;
7117 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007118 return 0;
7119
7120 *str = NULL;
7121
7122#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01007123 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007124 if (*str)
7125 return 1;
7126#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01007127#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007128 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007129 if (*str)
7130 return 1;
7131#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007132#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007133 return 0;
7134}
7135
Willy Tarreau7875d092012-09-10 08:20:03 +02007136/***** Below are some sample fetching functions for ACL/patterns *****/
7137
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007138static int
7139smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
7140{
7141 struct connection *conn;
7142
7143 conn = objt_conn(smp->sess->origin);
7144 if (!conn || conn->xprt != &ssl_sock)
7145 return 0;
7146
7147 smp->flags = 0;
7148 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007149#ifdef OPENSSL_IS_BORINGSSL
7150 {
7151 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7152 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
7153 SSL_early_data_accepted(ctx->ssl));
7154 }
7155#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01007156 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
7157 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007158#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007159 return 1;
7160}
7161
Emeric Brune64aef12012-09-21 13:15:06 +02007162/* boolean, returns true if client cert was present */
7163static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007164smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02007165{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007166 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007167 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007168
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007169 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007170 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02007171 return 0;
7172
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007173 ctx = conn->xprt_ctx;
7174
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007175 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02007176 smp->flags |= SMP_F_MAY_CHANGE;
7177 return 0;
7178 }
7179
7180 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007181 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007182 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02007183
7184 return 1;
7185}
7186
Emeric Brun43e79582014-10-29 19:03:26 +01007187/* binary, returns a certificate in a binary chunk (der/raw).
7188 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7189 * should be use.
7190 */
7191static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007192smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01007193{
7194 int cert_peer = (kw[4] == 'c') ? 1 : 0;
7195 X509 *crt = NULL;
7196 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007197 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01007198 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007199 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007200
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007201 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01007202 if (!conn || conn->xprt != &ssl_sock)
7203 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007204 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007205
7206 if (!(conn->flags & CO_FL_CONNECTED)) {
7207 smp->flags |= SMP_F_MAY_CHANGE;
7208 return 0;
7209 }
7210
7211 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007212 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007213 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007214 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007215
7216 if (!crt)
7217 goto out;
7218
7219 smp_trash = get_trash_chunk();
7220 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
7221 goto out;
7222
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007223 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007224 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01007225 ret = 1;
7226out:
7227 /* SSL_get_peer_certificate, it increase X509 * ref count */
7228 if (cert_peer && crt)
7229 X509_free(crt);
7230 return ret;
7231}
7232
Emeric Brunba841a12014-04-30 17:05:08 +02007233/* binary, returns serial of certificate in a binary chunk.
7234 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7235 * should be use.
7236 */
Willy Tarreau8d598402012-10-22 17:58:39 +02007237static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007238smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02007239{
Emeric Brunba841a12014-04-30 17:05:08 +02007240 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02007241 X509 *crt = NULL;
7242 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007243 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007244 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007245 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007246
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007247 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007248 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02007249 return 0;
7250
Olivier Houchard66ab4982019-02-26 18:37:15 +01007251 ctx = conn->xprt_ctx;
7252
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007253 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02007254 smp->flags |= SMP_F_MAY_CHANGE;
7255 return 0;
7256 }
7257
Emeric Brunba841a12014-04-30 17:05:08 +02007258 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007259 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007260 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007261 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007262
Willy Tarreau8d598402012-10-22 17:58:39 +02007263 if (!crt)
7264 goto out;
7265
Willy Tarreau47ca5452012-12-23 20:22:19 +01007266 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02007267 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
7268 goto out;
7269
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007270 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007271 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02007272 ret = 1;
7273out:
Emeric Brunba841a12014-04-30 17:05:08 +02007274 /* SSL_get_peer_certificate, it increase X509 * ref count */
7275 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02007276 X509_free(crt);
7277 return ret;
7278}
Emeric Brune64aef12012-09-21 13:15:06 +02007279
Emeric Brunba841a12014-04-30 17:05:08 +02007280/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
7281 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7282 * should be use.
7283 */
James Votha051b4a2013-05-14 20:37:59 +02007284static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007285smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02007286{
Emeric Brunba841a12014-04-30 17:05:08 +02007287 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02007288 X509 *crt = NULL;
7289 const EVP_MD *digest;
7290 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007291 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007292 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007293 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02007294
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007295 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007296 if (!conn || conn->xprt != &ssl_sock)
7297 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007298 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007299
7300 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02007301 smp->flags |= SMP_F_MAY_CHANGE;
7302 return 0;
7303 }
7304
Emeric Brunba841a12014-04-30 17:05:08 +02007305 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007306 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007307 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007308 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02007309 if (!crt)
7310 goto out;
7311
7312 smp_trash = get_trash_chunk();
7313 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007314 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
7315 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02007316
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007317 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007318 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02007319 ret = 1;
7320out:
Emeric Brunba841a12014-04-30 17:05:08 +02007321 /* SSL_get_peer_certificate, it increase X509 * ref count */
7322 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02007323 X509_free(crt);
7324 return ret;
7325}
7326
Emeric Brunba841a12014-04-30 17:05:08 +02007327/* string, returns certificate's notafter date in ASN1_UTCTIME format.
7328 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7329 * should be use.
7330 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007331static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007332smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007333{
Emeric Brunba841a12014-04-30 17:05:08 +02007334 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007335 X509 *crt = NULL;
7336 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007337 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007338 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007339 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007340
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007341 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007342 if (!conn || conn->xprt != &ssl_sock)
7343 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007344 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007345
7346 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007347 smp->flags |= SMP_F_MAY_CHANGE;
7348 return 0;
7349 }
7350
Emeric Brunba841a12014-04-30 17:05:08 +02007351 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007352 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007353 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007354 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007355 if (!crt)
7356 goto out;
7357
Willy Tarreau47ca5452012-12-23 20:22:19 +01007358 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007359 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007360 goto out;
7361
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007362 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007363 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007364 ret = 1;
7365out:
Emeric Brunba841a12014-04-30 17:05:08 +02007366 /* SSL_get_peer_certificate, it increase X509 * ref count */
7367 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007368 X509_free(crt);
7369 return ret;
7370}
7371
Emeric Brunba841a12014-04-30 17:05:08 +02007372/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
7373 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7374 * should be use.
7375 */
Emeric Brun87855892012-10-17 17:39:35 +02007376static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007377smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007378{
Emeric Brunba841a12014-04-30 17:05:08 +02007379 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007380 X509 *crt = NULL;
7381 X509_NAME *name;
7382 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007383 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007384 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007385 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007386
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007387 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007388 if (!conn || conn->xprt != &ssl_sock)
7389 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007390 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007391
7392 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007393 smp->flags |= SMP_F_MAY_CHANGE;
7394 return 0;
7395 }
7396
Emeric Brunba841a12014-04-30 17:05:08 +02007397 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007398 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007399 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007400 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007401 if (!crt)
7402 goto out;
7403
7404 name = X509_get_issuer_name(crt);
7405 if (!name)
7406 goto out;
7407
Willy Tarreau47ca5452012-12-23 20:22:19 +01007408 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007409 if (args && args[0].type == ARGT_STR) {
7410 int pos = 1;
7411
7412 if (args[1].type == ARGT_SINT)
7413 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007414
7415 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7416 goto out;
7417 }
7418 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7419 goto out;
7420
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007421 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007422 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007423 ret = 1;
7424out:
Emeric Brunba841a12014-04-30 17:05:08 +02007425 /* SSL_get_peer_certificate, it increase X509 * ref count */
7426 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007427 X509_free(crt);
7428 return ret;
7429}
7430
Emeric Brunba841a12014-04-30 17:05:08 +02007431/* string, returns notbefore date in ASN1_UTCTIME format.
7432 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7433 * should be use.
7434 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007435static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007436smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007437{
Emeric Brunba841a12014-04-30 17:05:08 +02007438 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007439 X509 *crt = NULL;
7440 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007441 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007442 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007443 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007444
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007445 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007446 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02007447 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007448 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007449
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007450 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007451 smp->flags |= SMP_F_MAY_CHANGE;
7452 return 0;
7453 }
7454
Emeric Brunba841a12014-04-30 17:05:08 +02007455 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007456 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007457 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007458 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007459 if (!crt)
7460 goto out;
7461
Willy Tarreau47ca5452012-12-23 20:22:19 +01007462 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007463 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007464 goto out;
7465
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007466 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007467 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007468 ret = 1;
7469out:
Emeric Brunba841a12014-04-30 17:05:08 +02007470 /* SSL_get_peer_certificate, it increase X509 * ref count */
7471 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007472 X509_free(crt);
7473 return ret;
7474}
7475
Emeric Brunba841a12014-04-30 17:05:08 +02007476/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7477 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7478 * should be use.
7479 */
Emeric Brun87855892012-10-17 17:39:35 +02007480static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007481smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007482{
Emeric Brunba841a12014-04-30 17:05:08 +02007483 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007484 X509 *crt = NULL;
7485 X509_NAME *name;
7486 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007487 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007488 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007489 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007490
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007491 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007492 if (!conn || conn->xprt != &ssl_sock)
7493 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007494 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007495
7496 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007497 smp->flags |= SMP_F_MAY_CHANGE;
7498 return 0;
7499 }
7500
Emeric Brunba841a12014-04-30 17:05:08 +02007501 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007502 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007503 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007504 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007505 if (!crt)
7506 goto out;
7507
7508 name = X509_get_subject_name(crt);
7509 if (!name)
7510 goto out;
7511
Willy Tarreau47ca5452012-12-23 20:22:19 +01007512 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007513 if (args && args[0].type == ARGT_STR) {
7514 int pos = 1;
7515
7516 if (args[1].type == ARGT_SINT)
7517 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007518
7519 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7520 goto out;
7521 }
7522 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7523 goto out;
7524
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007525 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007526 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007527 ret = 1;
7528out:
Emeric Brunba841a12014-04-30 17:05:08 +02007529 /* SSL_get_peer_certificate, it increase X509 * ref count */
7530 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007531 X509_free(crt);
7532 return ret;
7533}
Emeric Brun9143d372012-12-20 15:44:16 +01007534
7535/* integer, returns true if current session use a client certificate */
7536static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007537smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007538{
7539 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007540 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007541 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007542
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007543 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007544 if (!conn || conn->xprt != &ssl_sock)
7545 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007546 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007547
7548 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007549 smp->flags |= SMP_F_MAY_CHANGE;
7550 return 0;
7551 }
7552
7553 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007554 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007555 if (crt) {
7556 X509_free(crt);
7557 }
7558
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007559 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007560 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007561 return 1;
7562}
7563
Emeric Brunba841a12014-04-30 17:05:08 +02007564/* integer, returns the certificate version
7565 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7566 * should be use.
7567 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007568static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007569smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007570{
Emeric Brunba841a12014-04-30 17:05:08 +02007571 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007572 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007573 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007574 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007575
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007576 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007577 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007578 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007579 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007580
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007581 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007582 smp->flags |= SMP_F_MAY_CHANGE;
7583 return 0;
7584 }
7585
Emeric Brunba841a12014-04-30 17:05:08 +02007586 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007587 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007588 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007589 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007590 if (!crt)
7591 return 0;
7592
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007593 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007594 /* SSL_get_peer_certificate increase X509 * ref count */
7595 if (cert_peer)
7596 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007597 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007598
7599 return 1;
7600}
7601
Emeric Brunba841a12014-04-30 17:05:08 +02007602/* string, returns the certificate's signature algorithm.
7603 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7604 * should be use.
7605 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007606static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007607smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007608{
Emeric Brunba841a12014-04-30 17:05:08 +02007609 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007610 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007611 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007612 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007613 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007614 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007615
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007616 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007617 if (!conn || conn->xprt != &ssl_sock)
7618 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007619 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007620
7621 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007622 smp->flags |= SMP_F_MAY_CHANGE;
7623 return 0;
7624 }
7625
Emeric Brunba841a12014-04-30 17:05:08 +02007626 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007627 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007628 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007629 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007630 if (!crt)
7631 return 0;
7632
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007633 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7634 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007635
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007636 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7637 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007638 /* SSL_get_peer_certificate increase X509 * ref count */
7639 if (cert_peer)
7640 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007641 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007642 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007643
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007644 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007645 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007646 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007647 /* SSL_get_peer_certificate increase X509 * ref count */
7648 if (cert_peer)
7649 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007650
7651 return 1;
7652}
7653
Emeric Brunba841a12014-04-30 17:05:08 +02007654/* string, returns the certificate's key algorithm.
7655 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7656 * should be use.
7657 */
Emeric Brun521a0112012-10-22 12:22:55 +02007658static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007659smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007660{
Emeric Brunba841a12014-04-30 17:05:08 +02007661 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007662 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007663 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007664 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007665 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007666 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007667
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007668 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007669 if (!conn || conn->xprt != &ssl_sock)
7670 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007671 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007672
7673 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007674 smp->flags |= SMP_F_MAY_CHANGE;
7675 return 0;
7676 }
7677
Emeric Brunba841a12014-04-30 17:05:08 +02007678 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007679 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007680 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007681 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007682 if (!crt)
7683 return 0;
7684
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007685 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7686 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007687
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007688 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7689 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007690 /* SSL_get_peer_certificate increase X509 * ref count */
7691 if (cert_peer)
7692 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007693 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007694 }
Emeric Brun521a0112012-10-22 12:22:55 +02007695
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007696 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007697 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007698 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007699 if (cert_peer)
7700 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007701
7702 return 1;
7703}
7704
Emeric Brun645ae792014-04-30 14:21:06 +02007705/* boolean, returns true if front conn. transport layer is SSL.
7706 * This function is also usable on backend conn if the fetch keyword 5th
7707 * char is 'b'.
7708 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007709static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007710smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007711{
Emeric Bruneb8def92018-02-19 15:59:48 +01007712 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7713 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007714
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007715 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007716 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007717 return 1;
7718}
7719
Emeric Brun2525b6b2012-10-18 15:59:43 +02007720/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007721static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007722smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007723{
7724#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007725 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007726 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007727
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007728 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007729 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007730 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007731 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007732 return 1;
7733#else
7734 return 0;
7735#endif
7736}
7737
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007738/* boolean, returns true if client session has been resumed.
7739 * This function is also usable on backend conn if the fetch keyword 5th
7740 * char is 'b'.
7741 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007742static int
7743smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7744{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007745 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7746 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007747 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007748
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007749
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007750 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007751 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007752 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007753 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007754 return 1;
7755}
7756
Emeric Brun645ae792014-04-30 14:21:06 +02007757/* string, returns the used cipher if front conn. transport layer is SSL.
7758 * This function is also usable on backend conn if the fetch keyword 5th
7759 * char is 'b'.
7760 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007761static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007762smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007763{
Emeric Bruneb8def92018-02-19 15:59:48 +01007764 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7765 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007766 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007767
Willy Tarreaube508f12016-03-10 11:47:01 +01007768 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007769 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007770 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007771 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007772
Olivier Houchard66ab4982019-02-26 18:37:15 +01007773 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007774 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007775 return 0;
7776
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007777 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007778 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007779 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007780
7781 return 1;
7782}
7783
Emeric Brun645ae792014-04-30 14:21:06 +02007784/* integer, returns the algoritm's keysize if front conn. transport layer
7785 * is SSL.
7786 * This function is also usable on backend conn if the fetch keyword 5th
7787 * char is 'b'.
7788 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007789static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007790smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007791{
Emeric Bruneb8def92018-02-19 15:59:48 +01007792 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7793 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007794 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007795 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007796
Emeric Brun589fcad2012-10-16 14:13:26 +02007797 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007798 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007799 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007800 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007801
Olivier Houchard66ab4982019-02-26 18:37:15 +01007802 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007803 return 0;
7804
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007805 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007806 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007807
7808 return 1;
7809}
7810
Emeric Brun645ae792014-04-30 14:21:06 +02007811/* integer, returns the used keysize if front conn. transport layer is SSL.
7812 * This function is also usable on backend conn if the fetch keyword 5th
7813 * char is 'b'.
7814 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007815static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007816smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007817{
Emeric Bruneb8def92018-02-19 15:59:48 +01007818 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7819 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007820 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007821
Emeric Brun589fcad2012-10-16 14:13:26 +02007822 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007823 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7824 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007825 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007826
Olivier Houchard66ab4982019-02-26 18:37:15 +01007827 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007828 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007829 return 0;
7830
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007831 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007832
7833 return 1;
7834}
7835
Bernard Spil13c53f82018-02-15 13:34:58 +01007836#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007837static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007838smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007839{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007840 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007841 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007842
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007843 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007844 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007845
Olivier Houchard6b77f492018-11-22 18:18:29 +01007846 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7847 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007848 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7849 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007850 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007851
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007852 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007853 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007854 (const unsigned char **)&smp->data.u.str.area,
7855 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007856
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007857 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007858 return 0;
7859
7860 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007861}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007862#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007863
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007864#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007865static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007866smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007867{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007868 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007869 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007870
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007871 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007872 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007873
Olivier Houchard6b77f492018-11-22 18:18:29 +01007874 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7875 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7876
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007877 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007878 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007879 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007880
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007881 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007882 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007883 (const unsigned char **)&smp->data.u.str.area,
7884 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007885
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007886 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007887 return 0;
7888
7889 return 1;
7890}
7891#endif
7892
Emeric Brun645ae792014-04-30 14:21:06 +02007893/* string, returns the used protocol if front conn. transport layer is SSL.
7894 * This function is also usable on backend conn if the fetch keyword 5th
7895 * char is 'b'.
7896 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007897static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007898smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007899{
Emeric Bruneb8def92018-02-19 15:59:48 +01007900 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7901 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007902 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007903
Emeric Brun589fcad2012-10-16 14:13:26 +02007904 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007905 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7906 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007907 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007908
Olivier Houchard66ab4982019-02-26 18:37:15 +01007909 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007910 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007911 return 0;
7912
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007913 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007914 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007915 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007916
7917 return 1;
7918}
7919
Willy Tarreau87b09662015-04-03 00:22:06 +02007920/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007921 * This function is also usable on backend conn if the fetch keyword 5th
7922 * char is 'b'.
7923 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007924#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007925static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007926smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007927{
Emeric Bruneb8def92018-02-19 15:59:48 +01007928 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7929 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007930 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007931 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007932
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007933 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007934 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007935
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007936 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7937 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007938 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007939
Olivier Houchard66ab4982019-02-26 18:37:15 +01007940 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007941 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007942 return 0;
7943
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007944 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7945 (unsigned int *)&smp->data.u.str.data);
7946 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007947 return 0;
7948
7949 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007950}
Patrick Hemmer41966772018-04-28 19:15:48 -04007951#endif
7952
Emeric Brunfe68f682012-10-16 14:59:28 +02007953
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007954#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007955static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007956smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7957{
7958 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7959 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7960 struct buffer *data;
7961 struct ssl_sock_ctx *ctx;
7962
7963 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7964 return 0;
7965 ctx = conn->xprt_ctx;
7966
7967 data = get_trash_chunk();
7968 if (kw[7] == 'c')
7969 data->data = SSL_get_client_random(ctx->ssl,
7970 (unsigned char *) data->area,
7971 data->size);
7972 else
7973 data->data = SSL_get_server_random(ctx->ssl,
7974 (unsigned char *) data->area,
7975 data->size);
7976 if (!data->data)
7977 return 0;
7978
7979 smp->flags = 0;
7980 smp->data.type = SMP_T_BIN;
7981 smp->data.u.str = *data;
7982
7983 return 1;
7984}
7985
7986static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007987smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7988{
7989 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7990 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7991 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007992 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007993 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007994
7995 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7996 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007997 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007998
Olivier Houchard66ab4982019-02-26 18:37:15 +01007999 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04008000 if (!ssl_sess)
8001 return 0;
8002
8003 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008004 data->data = SSL_SESSION_get_master_key(ssl_sess,
8005 (unsigned char *) data->area,
8006 data->size);
8007 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04008008 return 0;
8009
8010 smp->flags = 0;
8011 smp->data.type = SMP_T_BIN;
8012 smp->data.u.str = *data;
8013
8014 return 1;
8015}
8016#endif
8017
Patrick Hemmer41966772018-04-28 19:15:48 -04008018#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02008019static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008020smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02008021{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008022 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008023 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008024
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008025 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008026 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02008027
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008028 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008029 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8030 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008031 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008032
Olivier Houchard66ab4982019-02-26 18:37:15 +01008033 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008034 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02008035 return 0;
8036
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008037 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02008038 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02008039}
Patrick Hemmer41966772018-04-28 19:15:48 -04008040#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02008041
David Sc1ad52e2014-04-08 18:48:47 -04008042static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008043smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
8044{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008045 struct connection *conn;
8046 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008047 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008048
8049 conn = objt_conn(smp->sess->origin);
8050 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8051 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008052 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008053
Olivier Houchard66ab4982019-02-26 18:37:15 +01008054 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008055 if (!capture)
8056 return 0;
8057
8058 smp->flags = SMP_F_CONST;
8059 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008060 smp->data.u.str.area = capture->ciphersuite;
8061 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008062 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008063}
8064
8065static int
8066smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
8067{
Willy Tarreau83061a82018-07-13 11:56:34 +02008068 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008069
8070 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8071 return 0;
8072
8073 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008074 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008075 smp->data.type = SMP_T_BIN;
8076 smp->data.u.str = *data;
8077 return 1;
8078}
8079
8080static int
8081smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
8082{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008083 struct connection *conn;
8084 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008085 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008086
8087 conn = objt_conn(smp->sess->origin);
8088 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8089 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008090 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008091
Olivier Houchard66ab4982019-02-26 18:37:15 +01008092 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008093 if (!capture)
8094 return 0;
8095
8096 smp->data.type = SMP_T_SINT;
8097 smp->data.u.sint = capture->xxh64;
8098 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008099}
8100
8101static int
8102smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
8103{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008104#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02008105 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008106 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008107
8108 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8109 return 0;
8110
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008111 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008112 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008113 const char *str;
8114 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008115 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008116 uint16_t id = (bin[0] << 8) | bin[1];
8117#if defined(OPENSSL_IS_BORINGSSL)
8118 cipher = SSL_get_cipher_by_value(id);
8119#else
Willy Tarreaub7290772018-10-15 11:01:59 +02008120 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01008121 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
8122 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008123#endif
8124 str = SSL_CIPHER_get_name(cipher);
8125 if (!str || strcmp(str, "(NONE)") == 0)
8126 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008127 else
8128 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
8129 }
8130 smp->data.type = SMP_T_STR;
8131 smp->data.u.str = *data;
8132 return 1;
8133#else
8134 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
8135#endif
8136}
8137
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008138#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008139static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008140smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04008141{
Emeric Bruneb8def92018-02-19 15:59:48 +01008142 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8143 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04008144 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02008145 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008146 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008147
8148 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04008149 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8150 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008151 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008152
8153 if (!(conn->flags & CO_FL_CONNECTED)) {
8154 smp->flags |= SMP_F_MAY_CHANGE;
8155 return 0;
8156 }
8157
8158 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01008159 if (!SSL_session_reused(ctx->ssl))
8160 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008161 finished_trash->area,
8162 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008163 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01008164 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008165 finished_trash->area,
8166 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008167
8168 if (!finished_len)
8169 return 0;
8170
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008171 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008172 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008173 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04008174
8175 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04008176}
Patrick Hemmer41966772018-04-28 19:15:48 -04008177#endif
David Sc1ad52e2014-04-08 18:48:47 -04008178
Emeric Brun2525b6b2012-10-18 15:59:43 +02008179/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008180static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008181smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008182{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008183 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008184 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008185
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008186 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008187 if (!conn || conn->xprt != &ssl_sock)
8188 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008189 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008190
8191 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008192 smp->flags = SMP_F_MAY_CHANGE;
8193 return 0;
8194 }
8195
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008196 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008197 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008198 smp->flags = 0;
8199
8200 return 1;
8201}
8202
Emeric Brun2525b6b2012-10-18 15:59:43 +02008203/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008204static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008205smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008206{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008207 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008208 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008209
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008210 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008211 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02008212 return 0;
8213
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008214 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008215 smp->flags = SMP_F_MAY_CHANGE;
8216 return 0;
8217 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008218 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02008219
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008220 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008221 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008222 smp->flags = 0;
8223
8224 return 1;
8225}
8226
Emeric Brun2525b6b2012-10-18 15:59:43 +02008227/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02008228static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008229smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008230{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008231 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008232 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008233
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008234 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008235 if (!conn || conn->xprt != &ssl_sock)
8236 return 0;
8237
8238 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008239 smp->flags = SMP_F_MAY_CHANGE;
8240 return 0;
8241 }
8242
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008243 ctx = conn->xprt_ctx;
8244
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008245 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008246 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008247 smp->flags = 0;
8248
8249 return 1;
8250}
8251
Emeric Brun2525b6b2012-10-18 15:59:43 +02008252/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008253static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008254smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008255{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008256 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008257 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008258
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008259 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008260 if (!conn || conn->xprt != &ssl_sock)
8261 return 0;
8262
8263 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008264 smp->flags = SMP_F_MAY_CHANGE;
8265 return 0;
8266 }
8267
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008268 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008269 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008270 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008271
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008272 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008273 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008274 smp->flags = 0;
8275
8276 return 1;
8277}
8278
Emeric Brunfb510ea2012-10-05 12:00:26 +02008279/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008280static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008281{
8282 if (!*args[cur_arg + 1]) {
8283 if (err)
8284 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
8285 return ERR_ALERT | ERR_FATAL;
8286 }
8287
Willy Tarreauef934602016-12-22 23:12:01 +01008288 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8289 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008290 else
8291 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008292
Emeric Brund94b3fe2012-09-20 18:23:56 +02008293 return 0;
8294}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008295static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8296{
8297 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
8298}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008299
Christopher Faulet31af49d2015-06-09 17:29:50 +02008300/* parse the "ca-sign-file" bind keyword */
8301static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8302{
8303 if (!*args[cur_arg + 1]) {
8304 if (err)
8305 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
8306 return ERR_ALERT | ERR_FATAL;
8307 }
8308
Willy Tarreauef934602016-12-22 23:12:01 +01008309 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8310 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008311 else
8312 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
8313
8314 return 0;
8315}
8316
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008317/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02008318static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8319{
8320 if (!*args[cur_arg + 1]) {
8321 if (err)
8322 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
8323 return ERR_ALERT | ERR_FATAL;
8324 }
8325 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
8326 return 0;
8327}
8328
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008329/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008330static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008331{
8332 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008333 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008334 return ERR_ALERT | ERR_FATAL;
8335 }
8336
Emeric Brun76d88952012-10-05 15:47:31 +02008337 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02008338 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008339 return 0;
8340}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008341static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8342{
8343 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
8344}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008345
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008346#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008347/* parse the "ciphersuites" bind keyword */
8348static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8349{
8350 if (!*args[cur_arg + 1]) {
8351 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
8352 return ERR_ALERT | ERR_FATAL;
8353 }
8354
8355 free(conf->ciphersuites);
8356 conf->ciphersuites = strdup(args[cur_arg + 1]);
8357 return 0;
8358}
8359static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8360{
8361 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
8362}
8363#endif
8364
Willy Tarreaubbc91962019-10-16 16:42:19 +02008365/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008366static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008367{
Willy Tarreau38011032013-08-13 16:59:39 +02008368 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02008369
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008370 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008371 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008372 return ERR_ALERT | ERR_FATAL;
8373 }
8374
Willy Tarreauef934602016-12-22 23:12:01 +01008375 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
8376 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02008377 memprintf(err, "'%s' : path too long", args[cur_arg]);
8378 return ERR_ALERT | ERR_FATAL;
8379 }
Willy Tarreauef934602016-12-22 23:12:01 +01008380 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaubbc91962019-10-16 16:42:19 +02008381 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008382 }
8383
Willy Tarreaubbc91962019-10-16 16:42:19 +02008384 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008385}
8386
Willy Tarreaubbc91962019-10-16 16:42:19 +02008387/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008388static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8389{
Willy Tarreaubbc91962019-10-16 16:42:19 +02008390 int err_code;
8391
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008392 if (!*args[cur_arg + 1]) {
8393 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
8394 return ERR_ALERT | ERR_FATAL;
8395 }
8396
Willy Tarreaubbc91962019-10-16 16:42:19 +02008397 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
8398 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02008399 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008400
Willy Tarreaubbc91962019-10-16 16:42:19 +02008401 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008402}
8403
Emeric Brunfb510ea2012-10-05 12:00:26 +02008404/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008405static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008406{
Emeric Brun051cdab2012-10-02 19:25:50 +02008407#ifndef X509_V_FLAG_CRL_CHECK
8408 if (err)
8409 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
8410 return ERR_ALERT | ERR_FATAL;
8411#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02008412 if (!*args[cur_arg + 1]) {
8413 if (err)
8414 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
8415 return ERR_ALERT | ERR_FATAL;
8416 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008417
Willy Tarreauef934602016-12-22 23:12:01 +01008418 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8419 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008420 else
8421 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008422
Emeric Brun2b58d042012-09-20 17:10:03 +02008423 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02008424#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02008425}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008426static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8427{
8428 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
8429}
Emeric Brun2b58d042012-09-20 17:10:03 +02008430
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008431/* parse the "curves" bind keyword keyword */
8432static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8433{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008434#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008435 if (!*args[cur_arg + 1]) {
8436 if (err)
8437 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
8438 return ERR_ALERT | ERR_FATAL;
8439 }
8440 conf->curves = strdup(args[cur_arg + 1]);
8441 return 0;
8442#else
8443 if (err)
8444 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
8445 return ERR_ALERT | ERR_FATAL;
8446#endif
8447}
8448static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8449{
8450 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
8451}
8452
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008453/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008454static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02008455{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008456#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02008457 if (err)
8458 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
8459 return ERR_ALERT | ERR_FATAL;
8460#elif defined(OPENSSL_NO_ECDH)
8461 if (err)
8462 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
8463 return ERR_ALERT | ERR_FATAL;
8464#else
8465 if (!*args[cur_arg + 1]) {
8466 if (err)
8467 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
8468 return ERR_ALERT | ERR_FATAL;
8469 }
8470
8471 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008472
8473 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008474#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008475}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008476static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8477{
8478 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8479}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008480
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008481/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008482static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8483{
8484 int code;
8485 char *p = args[cur_arg + 1];
8486 unsigned long long *ignerr = &conf->crt_ignerr;
8487
8488 if (!*p) {
8489 if (err)
8490 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
8491 return ERR_ALERT | ERR_FATAL;
8492 }
8493
8494 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8495 ignerr = &conf->ca_ignerr;
8496
8497 if (strcmp(p, "all") == 0) {
8498 *ignerr = ~0ULL;
8499 return 0;
8500 }
8501
8502 while (p) {
8503 code = atoi(p);
8504 if ((code <= 0) || (code > 63)) {
8505 if (err)
8506 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8507 args[cur_arg], code, args[cur_arg + 1]);
8508 return ERR_ALERT | ERR_FATAL;
8509 }
8510 *ignerr |= 1ULL << code;
8511 p = strchr(p, ',');
8512 if (p)
8513 p++;
8514 }
8515
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008516 return 0;
8517}
8518
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008519/* parse tls_method_options "no-xxx" and "force-xxx" */
8520static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008521{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008522 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008523 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008524 p = strchr(arg, '-');
8525 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008526 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008527 p++;
8528 if (!strcmp(p, "sslv3"))
8529 v = CONF_SSLV3;
8530 else if (!strcmp(p, "tlsv10"))
8531 v = CONF_TLSV10;
8532 else if (!strcmp(p, "tlsv11"))
8533 v = CONF_TLSV11;
8534 else if (!strcmp(p, "tlsv12"))
8535 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008536 else if (!strcmp(p, "tlsv13"))
8537 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008538 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008539 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008540 if (!strncmp(arg, "no-", 3))
8541 methods->flags |= methodVersions[v].flag;
8542 else if (!strncmp(arg, "force-", 6))
8543 methods->min = methods->max = v;
8544 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008545 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008546 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008547 fail:
8548 if (err)
8549 memprintf(err, "'%s' : option not implemented", arg);
8550 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008551}
8552
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008553static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008554{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008555 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008556}
8557
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008558static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008559{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008560 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8561}
8562
8563/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8564static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8565{
8566 uint16_t i, v = 0;
8567 char *argv = args[cur_arg + 1];
8568 if (!*argv) {
8569 if (err)
8570 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8571 return ERR_ALERT | ERR_FATAL;
8572 }
8573 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8574 if (!strcmp(argv, methodVersions[i].name))
8575 v = i;
8576 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008577 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008578 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008579 return ERR_ALERT | ERR_FATAL;
8580 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008581 if (!strcmp("ssl-min-ver", args[cur_arg]))
8582 methods->min = v;
8583 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8584 methods->max = v;
8585 else {
8586 if (err)
8587 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8588 return ERR_ALERT | ERR_FATAL;
8589 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008590 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008591}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008592
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008593static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8594{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008595#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008596 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008597#endif
8598 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8599}
8600
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008601static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8602{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008603 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008604}
8605
8606static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8607{
8608 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8609}
8610
Emeric Brun2d0c4822012-10-02 13:45:20 +02008611/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008612static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008613{
Emeric Brun89675492012-10-05 13:48:26 +02008614 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008615 return 0;
8616}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008617
Olivier Houchardc2aae742017-09-22 18:26:28 +02008618/* parse the "allow-0rtt" bind keyword */
8619static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8620{
8621 conf->early_data = 1;
8622 return 0;
8623}
8624
8625static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8626{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008627 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008628 return 0;
8629}
8630
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008631/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008632static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008633{
Bernard Spil13c53f82018-02-15 13:34:58 +01008634#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008635 char *p1, *p2;
8636
8637 if (!*args[cur_arg + 1]) {
8638 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8639 return ERR_ALERT | ERR_FATAL;
8640 }
8641
8642 free(conf->npn_str);
8643
Willy Tarreau3724da12016-02-12 17:11:12 +01008644 /* the NPN string is built as a suite of (<len> <name>)*,
8645 * so we reuse each comma to store the next <len> and need
8646 * one more for the end of the string.
8647 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008648 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008649 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008650 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8651
8652 /* replace commas with the name length */
8653 p1 = conf->npn_str;
8654 p2 = p1 + 1;
8655 while (1) {
8656 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8657 if (!p2)
8658 p2 = p1 + 1 + strlen(p1 + 1);
8659
8660 if (p2 - (p1 + 1) > 255) {
8661 *p2 = '\0';
8662 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8663 return ERR_ALERT | ERR_FATAL;
8664 }
8665
8666 *p1 = p2 - (p1 + 1);
8667 p1 = p2;
8668
8669 if (!*p2)
8670 break;
8671
8672 *(p2++) = '\0';
8673 }
8674 return 0;
8675#else
8676 if (err)
8677 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8678 return ERR_ALERT | ERR_FATAL;
8679#endif
8680}
8681
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008682static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8683{
8684 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8685}
8686
Willy Tarreauab861d32013-04-02 02:30:41 +02008687/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008688static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008689{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008690#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008691 char *p1, *p2;
8692
8693 if (!*args[cur_arg + 1]) {
8694 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8695 return ERR_ALERT | ERR_FATAL;
8696 }
8697
8698 free(conf->alpn_str);
8699
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008700 /* the ALPN string is built as a suite of (<len> <name>)*,
8701 * so we reuse each comma to store the next <len> and need
8702 * one more for the end of the string.
8703 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008704 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008705 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008706 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8707
8708 /* replace commas with the name length */
8709 p1 = conf->alpn_str;
8710 p2 = p1 + 1;
8711 while (1) {
8712 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8713 if (!p2)
8714 p2 = p1 + 1 + strlen(p1 + 1);
8715
8716 if (p2 - (p1 + 1) > 255) {
8717 *p2 = '\0';
8718 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8719 return ERR_ALERT | ERR_FATAL;
8720 }
8721
8722 *p1 = p2 - (p1 + 1);
8723 p1 = p2;
8724
8725 if (!*p2)
8726 break;
8727
8728 *(p2++) = '\0';
8729 }
8730 return 0;
8731#else
8732 if (err)
8733 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8734 return ERR_ALERT | ERR_FATAL;
8735#endif
8736}
8737
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008738static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8739{
8740 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8741}
8742
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008743/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008744static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008745{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008746 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008747 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008748
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008749 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8750 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008751#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008752 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8753 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8754#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008755 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008756 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8757 if (!conf->ssl_conf.ssl_methods.min)
8758 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8759 if (!conf->ssl_conf.ssl_methods.max)
8760 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008761
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008762 return 0;
8763}
8764
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008765/* parse the "prefer-client-ciphers" bind keyword */
8766static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8767{
8768 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8769 return 0;
8770}
8771
Christopher Faulet31af49d2015-06-09 17:29:50 +02008772/* parse the "generate-certificates" bind keyword */
8773static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8774{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008775#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008776 conf->generate_certs = 1;
8777#else
8778 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8779 err && *err ? *err : "");
8780#endif
8781 return 0;
8782}
8783
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008784/* parse the "strict-sni" bind keyword */
8785static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8786{
8787 conf->strict_sni = 1;
8788 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008789}
8790
8791/* parse the "tls-ticket-keys" bind keyword */
8792static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8793{
8794#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulete566f3d2019-10-21 09:55:49 +02008795 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008796 int i = 0;
8797 char thisline[LINESIZE];
Christopher Faulete566f3d2019-10-21 09:55:49 +02008798 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008799
8800 if (!*args[cur_arg + 1]) {
8801 if (err)
8802 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008803 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008804 }
8805
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008806 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008807 if (keys_ref) {
8808 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008809 conf->keys_ref = keys_ref;
8810 return 0;
8811 }
8812
Christopher Faulete566f3d2019-10-21 09:55:49 +02008813 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008814 if (!keys_ref) {
8815 if (err)
8816 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008817 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008818 }
8819
Emeric Brun9e754772019-01-10 17:51:55 +01008820 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008821 if (!keys_ref->tlskeys) {
Emeric Brun09852f72019-01-10 10:51:13 +01008822 if (err)
8823 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008824 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008825 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008826
8827 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
8828 if (err)
8829 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008830 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008831 }
8832
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008833 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008834 if (!keys_ref->filename) {
Emeric Brun09852f72019-01-10 10:51:13 +01008835 if (err)
8836 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008837 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008838 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008839
Emeric Brun9e754772019-01-10 17:51:55 +01008840 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008841 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8842 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008843 int dec_size;
8844
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008845 /* Strip newline characters from the end */
8846 if(thisline[len - 1] == '\n')
8847 thisline[--len] = 0;
8848
8849 if(thisline[len - 1] == '\r')
8850 thisline[--len] = 0;
8851
Emeric Brun9e754772019-01-10 17:51:55 +01008852 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8853 if (dec_size < 0) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008854 if (err)
8855 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008856 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008857 }
Emeric Brun9e754772019-01-10 17:51:55 +01008858 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8859 keys_ref->key_size_bits = 128;
8860 }
8861 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8862 keys_ref->key_size_bits = 256;
8863 }
8864 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8865 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8866 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Emeric Brun9e754772019-01-10 17:51:55 +01008867 if (err)
8868 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008869 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01008870 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008871 i++;
8872 }
8873
8874 if (i < TLS_TICKETS_NO) {
8875 if (err)
8876 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008877 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008878 }
8879
8880 fclose(f);
8881
8882 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008883 i -= 2;
8884 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008885 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008886 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008887 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008888 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008889
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008890 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8891
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008892 return 0;
Christopher Faulete566f3d2019-10-21 09:55:49 +02008893
8894 fail:
8895 if (f)
8896 fclose(f);
8897 if (keys_ref) {
8898 free(keys_ref->filename);
8899 free(keys_ref->tlskeys);
8900 free(keys_ref);
8901 }
8902 return ERR_ALERT | ERR_FATAL;
8903
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008904#else
8905 if (err)
8906 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8907 return ERR_ALERT | ERR_FATAL;
8908#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008909}
8910
Emeric Brund94b3fe2012-09-20 18:23:56 +02008911/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008912static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008913{
8914 if (!*args[cur_arg + 1]) {
8915 if (err)
8916 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8917 return ERR_ALERT | ERR_FATAL;
8918 }
8919
8920 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008921 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008922 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008923 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008924 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008925 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008926 else {
8927 if (err)
8928 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8929 args[cur_arg], args[cur_arg + 1]);
8930 return ERR_ALERT | ERR_FATAL;
8931 }
8932
8933 return 0;
8934}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008935static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8936{
8937 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8938}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008939
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008940/* parse the "no-ca-names" bind keyword */
8941static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8942{
8943 conf->no_ca_names = 1;
8944 return 0;
8945}
8946static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8947{
8948 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8949}
8950
Willy Tarreau92faadf2012-10-10 23:04:25 +02008951/************** "server" keywords ****************/
8952
Olivier Houchardc7566002018-11-20 23:33:50 +01008953/* parse the "npn" bind keyword */
8954static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8955{
8956#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8957 char *p1, *p2;
8958
8959 if (!*args[*cur_arg + 1]) {
8960 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8961 return ERR_ALERT | ERR_FATAL;
8962 }
8963
8964 free(newsrv->ssl_ctx.npn_str);
8965
8966 /* the NPN string is built as a suite of (<len> <name>)*,
8967 * so we reuse each comma to store the next <len> and need
8968 * one more for the end of the string.
8969 */
8970 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8971 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8972 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8973 newsrv->ssl_ctx.npn_len);
8974
8975 /* replace commas with the name length */
8976 p1 = newsrv->ssl_ctx.npn_str;
8977 p2 = p1 + 1;
8978 while (1) {
8979 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8980 newsrv->ssl_ctx.npn_len - (p1 + 1));
8981 if (!p2)
8982 p2 = p1 + 1 + strlen(p1 + 1);
8983
8984 if (p2 - (p1 + 1) > 255) {
8985 *p2 = '\0';
8986 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8987 return ERR_ALERT | ERR_FATAL;
8988 }
8989
8990 *p1 = p2 - (p1 + 1);
8991 p1 = p2;
8992
8993 if (!*p2)
8994 break;
8995
8996 *(p2++) = '\0';
8997 }
8998 return 0;
8999#else
9000 if (err)
9001 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
9002 return ERR_ALERT | ERR_FATAL;
9003#endif
9004}
9005
Olivier Houchard92150142018-12-21 19:47:01 +01009006/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01009007static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9008{
9009#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
9010 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01009011 char **alpn_str;
9012 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01009013
Olivier Houchard92150142018-12-21 19:47:01 +01009014 if (*args[*cur_arg] == 'c') {
9015 alpn_str = &newsrv->check.alpn_str;
9016 alpn_len = &newsrv->check.alpn_len;
9017 } else {
9018 alpn_str = &newsrv->ssl_ctx.alpn_str;
9019 alpn_len = &newsrv->ssl_ctx.alpn_len;
9020
9021 }
Olivier Houchardc7566002018-11-20 23:33:50 +01009022 if (!*args[*cur_arg + 1]) {
9023 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
9024 return ERR_ALERT | ERR_FATAL;
9025 }
9026
Olivier Houchard92150142018-12-21 19:47:01 +01009027 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01009028
9029 /* the ALPN string is built as a suite of (<len> <name>)*,
9030 * so we reuse each comma to store the next <len> and need
9031 * one more for the end of the string.
9032 */
Olivier Houchard92150142018-12-21 19:47:01 +01009033 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
9034 *alpn_str = calloc(1, *alpn_len + 1);
9035 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01009036
9037 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01009038 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01009039 p2 = p1 + 1;
9040 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01009041 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01009042 if (!p2)
9043 p2 = p1 + 1 + strlen(p1 + 1);
9044
9045 if (p2 - (p1 + 1) > 255) {
9046 *p2 = '\0';
9047 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9048 return ERR_ALERT | ERR_FATAL;
9049 }
9050
9051 *p1 = p2 - (p1 + 1);
9052 p1 = p2;
9053
9054 if (!*p2)
9055 break;
9056
9057 *(p2++) = '\0';
9058 }
9059 return 0;
9060#else
9061 if (err)
9062 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
9063 return ERR_ALERT | ERR_FATAL;
9064#endif
9065}
9066
Emeric Brunef42d922012-10-11 16:11:36 +02009067/* parse the "ca-file" server keyword */
9068static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9069{
9070 if (!*args[*cur_arg + 1]) {
9071 if (err)
9072 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
9073 return ERR_ALERT | ERR_FATAL;
9074 }
9075
Willy Tarreauef934602016-12-22 23:12:01 +01009076 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9077 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009078 else
9079 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
9080
9081 return 0;
9082}
9083
Olivier Houchard9130a962017-10-17 17:33:43 +02009084/* parse the "check-sni" server keyword */
9085static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9086{
9087 if (!*args[*cur_arg + 1]) {
9088 if (err)
9089 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
9090 return ERR_ALERT | ERR_FATAL;
9091 }
9092
9093 newsrv->check.sni = strdup(args[*cur_arg + 1]);
9094 if (!newsrv->check.sni) {
9095 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
9096 return ERR_ALERT | ERR_FATAL;
9097 }
9098 return 0;
9099
9100}
9101
Willy Tarreau92faadf2012-10-10 23:04:25 +02009102/* parse the "check-ssl" server keyword */
9103static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9104{
9105 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009106 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9107 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009108#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009109 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9110 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9111#endif
Willy Tarreauef934602016-12-22 23:12:01 +01009112 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009113 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
9114 if (!newsrv->ssl_ctx.methods.min)
9115 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
9116 if (!newsrv->ssl_ctx.methods.max)
9117 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
9118
Willy Tarreau92faadf2012-10-10 23:04:25 +02009119 return 0;
9120}
9121
9122/* parse the "ciphers" server keyword */
9123static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9124{
9125 if (!*args[*cur_arg + 1]) {
9126 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9127 return ERR_ALERT | ERR_FATAL;
9128 }
9129
9130 free(newsrv->ssl_ctx.ciphers);
9131 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
9132 return 0;
9133}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009134
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009135#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009136/* parse the "ciphersuites" server keyword */
9137static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9138{
9139 if (!*args[*cur_arg + 1]) {
9140 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9141 return ERR_ALERT | ERR_FATAL;
9142 }
9143
9144 free(newsrv->ssl_ctx.ciphersuites);
9145 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
9146 return 0;
9147}
9148#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009149
Emeric Brunef42d922012-10-11 16:11:36 +02009150/* parse the "crl-file" server keyword */
9151static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9152{
9153#ifndef X509_V_FLAG_CRL_CHECK
9154 if (err)
9155 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
9156 return ERR_ALERT | ERR_FATAL;
9157#else
9158 if (!*args[*cur_arg + 1]) {
9159 if (err)
9160 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
9161 return ERR_ALERT | ERR_FATAL;
9162 }
9163
Willy Tarreauef934602016-12-22 23:12:01 +01009164 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9165 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009166 else
9167 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
9168
9169 return 0;
9170#endif
9171}
9172
Emeric Bruna7aa3092012-10-26 12:58:00 +02009173/* parse the "crt" server keyword */
9174static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9175{
9176 if (!*args[*cur_arg + 1]) {
9177 if (err)
9178 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
9179 return ERR_ALERT | ERR_FATAL;
9180 }
9181
Willy Tarreauef934602016-12-22 23:12:01 +01009182 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01009183 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009184 else
9185 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
9186
9187 return 0;
9188}
Emeric Brunef42d922012-10-11 16:11:36 +02009189
Frédéric Lécaille340ae602017-03-13 10:38:04 +01009190/* parse the "no-check-ssl" server keyword */
9191static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9192{
9193 newsrv->check.use_ssl = 0;
9194 free(newsrv->ssl_ctx.ciphers);
9195 newsrv->ssl_ctx.ciphers = NULL;
9196 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
9197 return 0;
9198}
9199
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01009200/* parse the "no-send-proxy-v2-ssl" server keyword */
9201static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9202{
9203 newsrv->pp_opts &= ~SRV_PP_V2;
9204 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9205 return 0;
9206}
9207
9208/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
9209static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9210{
9211 newsrv->pp_opts &= ~SRV_PP_V2;
9212 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9213 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
9214 return 0;
9215}
9216
Frédéric Lécaillee381d762017-03-13 11:54:17 +01009217/* parse the "no-ssl" server keyword */
9218static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9219{
9220 newsrv->use_ssl = 0;
9221 free(newsrv->ssl_ctx.ciphers);
9222 newsrv->ssl_ctx.ciphers = NULL;
9223 return 0;
9224}
9225
Olivier Houchard522eea72017-11-03 16:27:47 +01009226/* parse the "allow-0rtt" server keyword */
9227static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9228{
9229 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
9230 return 0;
9231}
9232
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01009233/* parse the "no-ssl-reuse" server keyword */
9234static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9235{
9236 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
9237 return 0;
9238}
9239
Emeric Brunf9c5c472012-10-11 15:28:34 +02009240/* parse the "no-tls-tickets" server keyword */
9241static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9242{
9243 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
9244 return 0;
9245}
David Safb76832014-05-08 23:42:08 -04009246/* parse the "send-proxy-v2-ssl" server keyword */
9247static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9248{
9249 newsrv->pp_opts |= SRV_PP_V2;
9250 newsrv->pp_opts |= SRV_PP_V2_SSL;
9251 return 0;
9252}
9253
9254/* parse the "send-proxy-v2-ssl-cn" server keyword */
9255static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9256{
9257 newsrv->pp_opts |= SRV_PP_V2;
9258 newsrv->pp_opts |= SRV_PP_V2_SSL;
9259 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
9260 return 0;
9261}
Emeric Brunf9c5c472012-10-11 15:28:34 +02009262
Willy Tarreau732eac42015-07-09 11:40:25 +02009263/* parse the "sni" server keyword */
9264static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9265{
9266#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
9267 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
9268 return ERR_ALERT | ERR_FATAL;
9269#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009270 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02009271
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009272 arg = args[*cur_arg + 1];
9273 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02009274 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
9275 return ERR_ALERT | ERR_FATAL;
9276 }
9277
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009278 free(newsrv->sni_expr);
9279 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02009280
Willy Tarreau732eac42015-07-09 11:40:25 +02009281 return 0;
9282#endif
9283}
9284
Willy Tarreau92faadf2012-10-10 23:04:25 +02009285/* parse the "ssl" server keyword */
9286static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9287{
9288 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009289 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9290 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009291#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009292 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9293 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9294#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009295 return 0;
9296}
9297
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009298/* parse the "ssl-reuse" server keyword */
9299static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9300{
9301 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
9302 return 0;
9303}
9304
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009305/* parse the "tls-tickets" server keyword */
9306static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9307{
9308 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
9309 return 0;
9310}
9311
Emeric Brunef42d922012-10-11 16:11:36 +02009312/* parse the "verify" server keyword */
9313static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9314{
9315 if (!*args[*cur_arg + 1]) {
9316 if (err)
9317 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
9318 return ERR_ALERT | ERR_FATAL;
9319 }
9320
9321 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009322 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02009323 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009324 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02009325 else {
9326 if (err)
9327 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
9328 args[*cur_arg], args[*cur_arg + 1]);
9329 return ERR_ALERT | ERR_FATAL;
9330 }
9331
Evan Broderbe554312013-06-27 00:05:25 -07009332 return 0;
9333}
9334
9335/* parse the "verifyhost" server keyword */
9336static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9337{
9338 if (!*args[*cur_arg + 1]) {
9339 if (err)
9340 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
9341 return ERR_ALERT | ERR_FATAL;
9342 }
9343
Frédéric Lécaille273f3212017-03-13 15:52:01 +01009344 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07009345 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
9346
Emeric Brunef42d922012-10-11 16:11:36 +02009347 return 0;
9348}
9349
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009350/* parse the "ssl-default-bind-options" keyword in global section */
9351static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
9352 struct proxy *defpx, const char *file, int line,
9353 char **err) {
9354 int i = 1;
9355
9356 if (*(args[i]) == 0) {
9357 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9358 return -1;
9359 }
9360 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009361 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009362 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00009363 else if (!strcmp(args[i], "prefer-client-ciphers"))
9364 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009365 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9366 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
9367 i++;
9368 else {
9369 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9370 return -1;
9371 }
9372 }
9373 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009374 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9375 return -1;
9376 }
9377 i++;
9378 }
9379 return 0;
9380}
9381
9382/* parse the "ssl-default-server-options" keyword in global section */
9383static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
9384 struct proxy *defpx, const char *file, int line,
9385 char **err) {
9386 int i = 1;
9387
9388 if (*(args[i]) == 0) {
9389 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9390 return -1;
9391 }
9392 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009393 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009394 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009395 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9396 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
9397 i++;
9398 else {
9399 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9400 return -1;
9401 }
9402 }
9403 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009404 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9405 return -1;
9406 }
9407 i++;
9408 }
9409 return 0;
9410}
9411
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009412/* parse the "ca-base" / "crt-base" keywords in global section.
9413 * Returns <0 on alert, >0 on warning, 0 on success.
9414 */
9415static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
9416 struct proxy *defpx, const char *file, int line,
9417 char **err)
9418{
9419 char **target;
9420
Willy Tarreauef934602016-12-22 23:12:01 +01009421 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009422
9423 if (too_many_args(1, args, err, NULL))
9424 return -1;
9425
9426 if (*target) {
9427 memprintf(err, "'%s' already specified.", args[0]);
9428 return -1;
9429 }
9430
9431 if (*(args[1]) == 0) {
9432 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
9433 return -1;
9434 }
9435 *target = strdup(args[1]);
9436 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009437}
9438
9439/* parse the "ssl-mode-async" keyword in global section.
9440 * Returns <0 on alert, >0 on warning, 0 on success.
9441 */
9442static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
9443 struct proxy *defpx, const char *file, int line,
9444 char **err)
9445{
Willy Tarreau5db847a2019-05-09 14:13:35 +02009446#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009447 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01009448 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009449 return 0;
9450#else
9451 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
9452 return -1;
9453#endif
9454}
9455
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009456#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009457static int ssl_check_async_engine_count(void) {
9458 int err_code = 0;
9459
Emeric Brun3854e012017-05-17 20:42:48 +02009460 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01009461 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009462 err_code = ERR_ABORT;
9463 }
9464 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009465}
9466
Grant Zhang872f9c22017-01-21 01:10:18 +00009467/* parse the "ssl-engine" keyword in global section.
9468 * Returns <0 on alert, >0 on warning, 0 on success.
9469 */
9470static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9471 struct proxy *defpx, const char *file, int line,
9472 char **err)
9473{
9474 char *algo;
9475 int ret = -1;
9476
9477 if (*(args[1]) == 0) {
9478 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9479 return ret;
9480 }
9481
9482 if (*(args[2]) == 0) {
9483 /* if no list of algorithms is given, it defaults to ALL */
9484 algo = strdup("ALL");
9485 goto add_engine;
9486 }
9487
9488 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9489 if (strcmp(args[2], "algo") != 0) {
9490 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9491 return ret;
9492 }
9493
9494 if (*(args[3]) == 0) {
9495 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9496 return ret;
9497 }
9498 algo = strdup(args[3]);
9499
9500add_engine:
9501 if (ssl_init_single_engine(args[1], algo)==0) {
9502 openssl_engines_initialized++;
9503 ret = 0;
9504 }
9505 free(algo);
9506 return ret;
9507}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009508#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009509
Willy Tarreauf22e9682016-12-21 23:23:19 +01009510/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9511 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9512 */
9513static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9514 struct proxy *defpx, const char *file, int line,
9515 char **err)
9516{
9517 char **target;
9518
Willy Tarreauef934602016-12-22 23:12:01 +01009519 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009520
9521 if (too_many_args(1, args, err, NULL))
9522 return -1;
9523
9524 if (*(args[1]) == 0) {
9525 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9526 return -1;
9527 }
9528
9529 free(*target);
9530 *target = strdup(args[1]);
9531 return 0;
9532}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009533
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009534#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009535/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9536 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9537 */
9538static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9539 struct proxy *defpx, const char *file, int line,
9540 char **err)
9541{
9542 char **target;
9543
9544 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9545
9546 if (too_many_args(1, args, err, NULL))
9547 return -1;
9548
9549 if (*(args[1]) == 0) {
9550 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9551 return -1;
9552 }
9553
9554 free(*target);
9555 *target = strdup(args[1]);
9556 return 0;
9557}
9558#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009559
Willy Tarreau9ceda382016-12-21 23:13:03 +01009560/* parse various global tune.ssl settings consisting in positive integers.
9561 * Returns <0 on alert, >0 on warning, 0 on success.
9562 */
9563static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9564 struct proxy *defpx, const char *file, int line,
9565 char **err)
9566{
9567 int *target;
9568
9569 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9570 target = &global.tune.sslcachesize;
9571 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009572 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009573 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009574 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009575 else if (strcmp(args[0], "maxsslconn") == 0)
9576 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009577 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9578 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009579 else {
9580 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9581 return -1;
9582 }
9583
9584 if (too_many_args(1, args, err, NULL))
9585 return -1;
9586
9587 if (*(args[1]) == 0) {
9588 memprintf(err, "'%s' expects an integer argument.", args[0]);
9589 return -1;
9590 }
9591
9592 *target = atoi(args[1]);
9593 if (*target < 0) {
9594 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9595 return -1;
9596 }
9597 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009598}
9599
9600static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9601 struct proxy *defpx, const char *file, int line,
9602 char **err)
9603{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009604 int ret;
9605
9606 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9607 if (ret != 0)
9608 return ret;
9609
Willy Tarreaubafbe012017-11-24 17:34:44 +01009610 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009611 memprintf(err, "'%s' is already configured.", args[0]);
9612 return -1;
9613 }
9614
Willy Tarreaubafbe012017-11-24 17:34:44 +01009615 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9616 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009617 memprintf(err, "Out of memory error.");
9618 return -1;
9619 }
9620 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009621}
9622
9623/* parse "ssl.force-private-cache".
9624 * Returns <0 on alert, >0 on warning, 0 on success.
9625 */
9626static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9627 struct proxy *defpx, const char *file, int line,
9628 char **err)
9629{
9630 if (too_many_args(0, args, err, NULL))
9631 return -1;
9632
Willy Tarreauef934602016-12-22 23:12:01 +01009633 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009634 return 0;
9635}
9636
9637/* parse "ssl.lifetime".
9638 * Returns <0 on alert, >0 on warning, 0 on success.
9639 */
9640static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9641 struct proxy *defpx, const char *file, int line,
9642 char **err)
9643{
9644 const char *res;
9645
9646 if (too_many_args(1, args, err, NULL))
9647 return -1;
9648
9649 if (*(args[1]) == 0) {
9650 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9651 return -1;
9652 }
9653
Willy Tarreauef934602016-12-22 23:12:01 +01009654 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009655 if (res == PARSE_TIME_OVER) {
9656 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9657 args[1], args[0]);
9658 return -1;
9659 }
9660 else if (res == PARSE_TIME_UNDER) {
9661 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9662 args[1], args[0]);
9663 return -1;
9664 }
9665 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009666 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9667 return -1;
9668 }
9669 return 0;
9670}
9671
9672#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009673/* parse "ssl-dh-param-file".
9674 * Returns <0 on alert, >0 on warning, 0 on success.
9675 */
9676static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9677 struct proxy *defpx, const char *file, int line,
9678 char **err)
9679{
9680 if (too_many_args(1, args, err, NULL))
9681 return -1;
9682
9683 if (*(args[1]) == 0) {
9684 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9685 return -1;
9686 }
9687
9688 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9689 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9690 return -1;
9691 }
9692 return 0;
9693}
9694
Willy Tarreau9ceda382016-12-21 23:13:03 +01009695/* parse "ssl.default-dh-param".
9696 * Returns <0 on alert, >0 on warning, 0 on success.
9697 */
9698static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9699 struct proxy *defpx, const char *file, int line,
9700 char **err)
9701{
9702 if (too_many_args(1, args, err, NULL))
9703 return -1;
9704
9705 if (*(args[1]) == 0) {
9706 memprintf(err, "'%s' expects an integer argument.", args[0]);
9707 return -1;
9708 }
9709
Willy Tarreauef934602016-12-22 23:12:01 +01009710 global_ssl.default_dh_param = atoi(args[1]);
9711 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009712 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9713 return -1;
9714 }
9715 return 0;
9716}
9717#endif
9718
9719
William Lallemand32af2032016-10-29 18:09:35 +02009720/* This function is used with TLS ticket keys management. It permits to browse
9721 * each reference. The variable <getnext> must contain the current node,
9722 * <end> point to the root node.
9723 */
9724#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9725static inline
9726struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9727{
9728 struct tls_keys_ref *ref = getnext;
9729
9730 while (1) {
9731
9732 /* Get next list entry. */
9733 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9734
9735 /* If the entry is the last of the list, return NULL. */
9736 if (&ref->list == end)
9737 return NULL;
9738
9739 return ref;
9740 }
9741}
9742
9743static inline
9744struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9745{
9746 int id;
9747 char *error;
9748
9749 /* If the reference starts by a '#', this is numeric id. */
9750 if (reference[0] == '#') {
9751 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9752 id = strtol(reference + 1, &error, 10);
9753 if (*error != '\0')
9754 return NULL;
9755
9756 /* Perform the unique id lookup. */
9757 return tlskeys_ref_lookupid(id);
9758 }
9759
9760 /* Perform the string lookup. */
9761 return tlskeys_ref_lookup(reference);
9762}
9763#endif
9764
9765
9766#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9767
9768static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9769
9770static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9771 return cli_io_handler_tlskeys_files(appctx);
9772}
9773
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009774/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9775 * (next index to be dumped), and cli.p0 (next key reference).
9776 */
William Lallemand32af2032016-10-29 18:09:35 +02009777static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9778
9779 struct stream_interface *si = appctx->owner;
9780
9781 switch (appctx->st2) {
9782 case STAT_ST_INIT:
9783 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009784 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009785 * later and restart at the state "STAT_ST_INIT".
9786 */
9787 chunk_reset(&trash);
9788
9789 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9790 chunk_appendf(&trash, "# id secret\n");
9791 else
9792 chunk_appendf(&trash, "# id (file)\n");
9793
Willy Tarreau06d80a92017-10-19 14:32:15 +02009794 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009795 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009796 return 0;
9797 }
9798
William Lallemand32af2032016-10-29 18:09:35 +02009799 /* Now, we start the browsing of the references lists.
9800 * Note that the following call to LIST_ELEM return bad pointer. The only
9801 * available field of this pointer is <list>. It is used with the function
9802 * tlskeys_list_get_next() for retruning the first available entry
9803 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009804 if (appctx->ctx.cli.p0 == NULL) {
9805 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9806 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009807 }
9808
9809 appctx->st2 = STAT_ST_LIST;
9810 /* fall through */
9811
9812 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009813 while (appctx->ctx.cli.p0) {
9814 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009815
9816 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009817 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009818 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009819
9820 if (appctx->ctx.cli.i1 == 0)
9821 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9822
William Lallemand32af2032016-10-29 18:09:35 +02009823 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009824 int head;
9825
9826 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9827 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009828 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009829 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009830
9831 chunk_reset(t2);
9832 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009833 if (ref->key_size_bits == 128) {
9834 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9835 sizeof(struct tls_sess_key_128),
9836 t2->area, t2->size);
9837 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9838 t2->area);
9839 }
9840 else if (ref->key_size_bits == 256) {
9841 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9842 sizeof(struct tls_sess_key_256),
9843 t2->area, t2->size);
9844 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9845 t2->area);
9846 }
9847 else {
9848 /* This case should never happen */
9849 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9850 }
William Lallemand32af2032016-10-29 18:09:35 +02009851
Willy Tarreau06d80a92017-10-19 14:32:15 +02009852 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009853 /* let's try again later from this stream. We add ourselves into
9854 * this stream's users so that it can remove us upon termination.
9855 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009856 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009857 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009858 return 0;
9859 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009860 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009861 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009862 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009863 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009864 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009865 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009866 /* let's try again later from this stream. We add ourselves into
9867 * this stream's users so that it can remove us upon termination.
9868 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009869 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009870 return 0;
9871 }
9872
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009873 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009874 break;
9875
9876 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009877 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009878 }
9879
9880 appctx->st2 = STAT_ST_FIN;
9881 /* fall through */
9882
9883 default:
9884 appctx->st2 = STAT_ST_FIN;
9885 return 1;
9886 }
9887 return 0;
9888}
9889
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009890/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009891static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009892{
William Lallemand32af2032016-10-29 18:09:35 +02009893 /* no parameter, shows only file list */
9894 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009895 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009896 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009897 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009898 }
9899
9900 if (args[2][0] == '*') {
9901 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009902 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009903 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009904 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
Willy Tarreau9d008692019-08-09 11:21:01 +02009905 if (!appctx->ctx.cli.p0)
9906 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02009907 }
William Lallemand32af2032016-10-29 18:09:35 +02009908 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009909 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009910}
9911
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009912static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009913{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009914 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009915 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009916
William Lallemand32af2032016-10-29 18:09:35 +02009917 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +02009918 if (!*args[3] || !*args[4])
9919 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009920
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009921 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +02009922 if (!ref)
9923 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02009924
Willy Tarreau1c913e42018-08-22 05:26:57 +02009925 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +02009926 if (ret < 0)
9927 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +01009928
Willy Tarreau1c913e42018-08-22 05:26:57 +02009929 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +02009930 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
9931 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009932
Willy Tarreau9d008692019-08-09 11:21:01 +02009933 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +02009934}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009935#endif
William Lallemand32af2032016-10-29 18:09:35 +02009936
William Lallemand44b35322019-10-17 16:28:40 +02009937
9938/* Type of SSL payloads that can be updated over the CLI */
9939
9940enum {
9941 CERT_TYPE_PEM = 0,
9942 CERT_TYPE_OCSP,
9943 CERT_TYPE_ISSUER,
9944 CERT_TYPE_SCTL,
9945 CERT_TYPE_MAX,
9946};
9947
9948struct {
9949 const char *ext;
9950 int type;
9951 int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err);
9952 /* add a parsing callback */
William Lallemandf29cdef2019-10-23 15:00:52 +02009953} cert_exts[CERT_TYPE_MAX+1] = {
William Lallemand44b35322019-10-17 16:28:40 +02009954 [CERT_TYPE_PEM] = { "", CERT_TYPE_PEM, &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */
William Lallemand541a5342019-10-23 14:11:54 +02009955#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +02009956 [CERT_TYPE_OCSP] = { "ocsp", CERT_TYPE_OCSP, &ssl_sock_load_ocsp_response_from_file },
William Lallemand541a5342019-10-23 14:11:54 +02009957#endif
9958#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +02009959 [CERT_TYPE_SCTL] = { "sctl", CERT_TYPE_SCTL, &ssl_sock_load_sctl_from_file },
William Lallemand541a5342019-10-23 14:11:54 +02009960#endif
William Lallemand44b35322019-10-17 16:28:40 +02009961 [CERT_TYPE_ISSUER] = { "issuer", CERT_TYPE_ISSUER, &ssl_sock_load_issuer_file_into_ckch },
William Lallemandf29cdef2019-10-23 15:00:52 +02009962 [CERT_TYPE_MAX] = { NULL, CERT_TYPE_MAX, NULL },
William Lallemand44b35322019-10-17 16:28:40 +02009963};
9964
William Lallemand430413e2019-10-28 14:30:47 +01009965/* states of the CLI IO handler for 'set ssl cert' */
9966enum {
9967 SETCERT_ST_INIT = 0,
9968 SETCERT_ST_GEN,
9969 SETCERT_ST_INSERT,
9970 SETCERT_ST_FIN,
9971};
William Lallemand8f840d72019-10-23 10:53:05 +02009972
William Lallemand430413e2019-10-28 14:30:47 +01009973/* release function of the `set ssl cert' command, free things and unlock the spinlock */
William Lallemandbc6ca7c2019-10-29 23:48:19 +01009974static void cli_release_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +02009975{
9976 struct ckch_store *new_ckchs;
9977 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +02009978
William Lallemand430413e2019-10-28 14:30:47 +01009979 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand8f840d72019-10-23 10:53:05 +02009980
William Lallemand430413e2019-10-28 14:30:47 +01009981 if (appctx->st2 != SETCERT_ST_FIN) {
William Lallemand8f840d72019-10-23 10:53:05 +02009982 /* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
William Lallemandbeea2a42019-10-30 17:45:33 +01009983 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +02009984
William Lallemandbeea2a42019-10-30 17:45:33 +01009985 if (!new_ckchs)
9986 return;
William Lallemand8f840d72019-10-23 10:53:05 +02009987
William Lallemandbeea2a42019-10-30 17:45:33 +01009988 /* if the allocation failed, we need to free everything from the temporary list */
9989 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
9990 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +02009991
William Lallemandbeea2a42019-10-30 17:45:33 +01009992 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
9993 if (sc0->order == 0) /* we only free if it's the first inserted */
9994 SSL_CTX_free(sc0->ctx);
9995 LIST_DEL(&sc0->by_ckch_inst);
9996 free(sc0);
William Lallemand8f840d72019-10-23 10:53:05 +02009997 }
William Lallemandbeea2a42019-10-30 17:45:33 +01009998 LIST_DEL(&ckchi->by_ckchs);
9999 free(ckchi);
William Lallemand8f840d72019-10-23 10:53:05 +020010000 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010001 ckchs_free(new_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010002 }
10003}
10004
10005
10006/*
10007 * This function tries to create the new ckch_inst and their SNIs
10008 */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010009static int cli_io_handler_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010010{
10011 struct stream_interface *si = appctx->owner;
10012 int y = 0;
10013 char *err = NULL;
10014 int errcode = 0;
10015 struct ckch_store *old_ckchs, *new_ckchs = NULL;
10016 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010017 struct buffer *trash = alloc_trash_chunk();
10018
William Lallemand33cc76f2019-10-31 11:43:45 +010010019 if (trash == NULL)
10020 goto error;
10021
William Lallemand8f840d72019-10-23 10:53:05 +020010022 if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
10023 goto error;
10024
William Lallemand430413e2019-10-28 14:30:47 +010010025 while (1) {
10026 switch (appctx->st2) {
10027 case SETCERT_ST_INIT:
10028 /* This state just print the update message */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010029 chunk_printf(trash, "Committing %s", ckchs_transaction.path);
William Lallemand430413e2019-10-28 14:30:47 +010010030 if (ci_putchk(si_ic(si), trash) == -1) {
10031 si_rx_room_blk(si);
William Lallemand8f840d72019-10-23 10:53:05 +020010032 goto yield;
William Lallemand430413e2019-10-28 14:30:47 +010010033 }
10034 appctx->st2 = SETCERT_ST_GEN;
10035 /* fallthrough */
10036 case SETCERT_ST_GEN:
10037 /*
10038 * This state generates the ckch instances with their
10039 * sni_ctxs and SSL_CTX.
10040 *
William Lallemand430413e2019-10-28 14:30:47 +010010041 * Since the SSL_CTX generation can be CPU consumer, we
10042 * yield every 10 instances.
10043 */
William Lallemand8f840d72019-10-23 10:53:05 +020010044
William Lallemandbeea2a42019-10-30 17:45:33 +010010045 old_ckchs = appctx->ctx.ssl.old_ckchs;
10046 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010047
William Lallemandbeea2a42019-10-30 17:45:33 +010010048 if (!new_ckchs)
10049 continue;
William Lallemand8f840d72019-10-23 10:53:05 +020010050
William Lallemandbeea2a42019-10-30 17:45:33 +010010051 /* get the next ckchi to regenerate */
10052 ckchi = appctx->ctx.ssl.next_ckchi;
10053 /* we didn't start yet, set it to the first elem */
10054 if (ckchi == NULL)
10055 ckchi = LIST_ELEM(old_ckchs->ckch_inst.n, typeof(ckchi), by_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010056
William Lallemandbeea2a42019-10-30 17:45:33 +010010057 /* walk through the old ckch_inst and creates new ckch_inst using the updated ckchs */
10058 list_for_each_entry_from(ckchi, &old_ckchs->ckch_inst, by_ckchs) {
10059 struct ckch_inst *new_inst;
William Lallemand8f840d72019-10-23 10:53:05 +020010060
William Lallemandbeea2a42019-10-30 17:45:33 +010010061 /* it takes a lot of CPU to creates SSL_CTXs, so we yield every 10 CKCH instances */
10062 if (y >= 10) {
10063 /* save the next ckchi to compute */
10064 appctx->ctx.ssl.next_ckchi = ckchi;
10065 goto yield;
10066 }
William Lallemand8f840d72019-10-23 10:53:05 +020010067
William Lallemandbeea2a42019-10-30 17:45:33 +010010068 if (new_ckchs->multi)
10069 errcode |= ckch_inst_new_load_multi_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
10070 else
10071 errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
William Lallemand8f840d72019-10-23 10:53:05 +020010072
William Lallemandbeea2a42019-10-30 17:45:33 +010010073 if (errcode & ERR_CODE)
10074 goto error;
William Lallemand8f840d72019-10-23 10:53:05 +020010075
William Lallemandbeea2a42019-10-30 17:45:33 +010010076 /* display one dot per new instance */
10077 chunk_appendf(trash, ".");
10078 /* link the new ckch_inst to the duplicate */
10079 LIST_ADDQ(&new_ckchs->ckch_inst, &new_inst->by_ckchs);
10080 y++;
10081 }
William Lallemand430413e2019-10-28 14:30:47 +010010082 appctx->st2 = SETCERT_ST_INSERT;
10083 /* fallthrough */
10084 case SETCERT_ST_INSERT:
10085 /* The generation is finished, we can insert everything */
William Lallemand8f840d72019-10-23 10:53:05 +020010086
William Lallemandbeea2a42019-10-30 17:45:33 +010010087 old_ckchs = appctx->ctx.ssl.old_ckchs;
10088 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010089
William Lallemandbeea2a42019-10-30 17:45:33 +010010090 if (!new_ckchs)
10091 continue;
William Lallemand430413e2019-10-28 14:30:47 +010010092
William Lallemandbeea2a42019-10-30 17:45:33 +010010093 /* First, we insert every new SNIs in the trees */
10094 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10095 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10096 ssl_sock_load_cert_sni(ckchi, ckchi->bind_conf);
10097 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10098 }
William Lallemand8f840d72019-10-23 10:53:05 +020010099
William Lallemandbeea2a42019-10-30 17:45:33 +010010100 /* delete the old sni_ctx, the old ckch_insts and the ckch_store */
10101 list_for_each_entry_safe(ckchi, ckchis, &old_ckchs->ckch_inst, by_ckchs) {
10102 struct sni_ctx *sc0, *sc0s;
William Lallemand430413e2019-10-28 14:30:47 +010010103
William Lallemandbeea2a42019-10-30 17:45:33 +010010104 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10105 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10106 ebmb_delete(&sc0->name);
10107 LIST_DEL(&sc0->by_ckch_inst);
10108 free(sc0);
William Lallemand430413e2019-10-28 14:30:47 +010010109 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010110 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10111 LIST_DEL(&ckchi->by_ckchs);
10112 free(ckchi);
10113 }
William Lallemand8f840d72019-10-23 10:53:05 +020010114
William Lallemandbeea2a42019-10-30 17:45:33 +010010115 /* Replace the old ckchs by the new one */
10116 ebmb_delete(&old_ckchs->node);
10117 ckchs_free(old_ckchs);
10118 ebst_insert(&ckchs_tree, &new_ckchs->node);
William Lallemand430413e2019-10-28 14:30:47 +010010119 appctx->st2 = SETCERT_ST_FIN;
10120 /* fallthrough */
10121 case SETCERT_ST_FIN:
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010122 /* we achieved the transaction, we can set everything to NULL */
10123 free(ckchs_transaction.path);
10124 ckchs_transaction.path = NULL;
10125 ckchs_transaction.new_ckchs = NULL;
10126 ckchs_transaction.old_ckchs = NULL;
William Lallemand430413e2019-10-28 14:30:47 +010010127 goto end;
10128 }
William Lallemand8f840d72019-10-23 10:53:05 +020010129 }
William Lallemand430413e2019-10-28 14:30:47 +010010130end:
William Lallemand8f840d72019-10-23 10:53:05 +020010131
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010132 chunk_appendf(trash, "\nSuccess!\n");
William Lallemand430413e2019-10-28 14:30:47 +010010133 if (ci_putchk(si_ic(si), trash) == -1)
10134 si_rx_room_blk(si);
10135 free_trash_chunk(trash);
10136 /* success: call the release function and don't come back */
10137 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010138yield:
10139 /* store the state */
10140 if (ci_putchk(si_ic(si), trash) == -1)
10141 si_rx_room_blk(si);
10142 free_trash_chunk(trash);
10143 si_rx_endp_more(si); /* let's come back later */
William Lallemand8f840d72019-10-23 10:53:05 +020010144 return 0; /* should come back */
10145
10146error:
10147 /* spin unlock and free are done in the release function */
William Lallemand33cc76f2019-10-31 11:43:45 +010010148 if (trash) {
10149 chunk_appendf(trash, "\n%sFailed!\n", err);
10150 if (ci_putchk(si_ic(si), trash) == -1)
10151 si_rx_room_blk(si);
10152 free_trash_chunk(trash);
10153 }
William Lallemand430413e2019-10-28 14:30:47 +010010154 /* error: call the release function and don't come back */
10155 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010156}
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010157
10158/*
10159 * Parsing function of 'commit ssl cert'
10160 */
10161static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appctx, void *private)
10162{
10163 char *err = NULL;
10164
10165 if (!*args[3])
10166 return cli_err(appctx, "'commit ssl cert expects a filename\n");
10167
10168 /* The operations on the CKCH architecture are locked so we can
10169 * manipulate ckch_store and ckch_inst */
10170 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10171 return cli_err(appctx, "Can't commit the certificate!\nOperations on certificates are currently locked!\n");
10172
10173 if (!ckchs_transaction.path) {
10174 memprintf(&err, "No ongoing transaction! !\n");
10175 goto error;
10176 }
10177
10178 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10179 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, args[3]);
10180 goto error;
10181 }
10182
10183 /* init the appctx structure */
10184 appctx->st2 = SETCERT_ST_INIT;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010185 appctx->ctx.ssl.next_ckchi = NULL;
10186 appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs;
10187 appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs;
10188
10189 /* we don't unlock there, it will be unlock after the IO handler, in the release handler */
10190 return 0;
10191
10192error:
10193
10194 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10195 err = memprintf(&err, "%sCan't commit %s!\n", err ? err : "", args[3]);
10196
10197 return cli_dynerr(appctx, err);
10198}
10199
10200
William Lallemand8f840d72019-10-23 10:53:05 +020010201/*
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010202 * Parsing function of `set ssl cert`, it updates or creates a temporary ckch.
William Lallemand8f840d72019-10-23 10:53:05 +020010203 */
William Lallemand150bfa82019-09-19 17:12:49 +020010204static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, void *private)
10205{
William Lallemand0c3b7d92019-10-18 11:27:07 +020010206 struct ckch_store *new_ckchs = NULL;
William Lallemand8f840d72019-10-23 10:53:05 +020010207 struct ckch_store *old_ckchs = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010208 char *err = NULL;
William Lallemand963b2e72019-10-14 11:38:36 +020010209 int i;
William Lallemand849eed62019-10-17 16:23:50 +020010210 int bundle = -1; /* TRUE if >= 0 (ckch index) */
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010211 int errcode = 0;
William Lallemand44b35322019-10-17 16:28:40 +020010212 char *end;
10213 int type = CERT_TYPE_PEM;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010214 struct cert_key_and_chain *ckch;
10215 struct buffer *buf;
William Lallemand8f840d72019-10-23 10:53:05 +020010216
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010217 if ((buf = alloc_trash_chunk()) == NULL)
10218 return cli_err(appctx, "Can't allocate memory\n");
William Lallemand150bfa82019-09-19 17:12:49 +020010219
10220 if (!*args[3] || !payload)
10221 return cli_err(appctx, "'set ssl cert expects a filename and a certificat as a payload\n");
10222
10223 /* The operations on the CKCH architecture are locked so we can
10224 * manipulate ckch_store and ckch_inst */
10225 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10226 return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
10227
William Lallemand8f840d72019-10-23 10:53:05 +020010228 if (!chunk_strcpy(buf, args[3])) {
10229 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10230 errcode |= ERR_ALERT | ERR_FATAL;
10231 goto end;
10232 }
10233
William Lallemand44b35322019-10-17 16:28:40 +020010234 /* check which type of file we want to update */
William Lallemandf29cdef2019-10-23 15:00:52 +020010235 for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) {
William Lallemand8f840d72019-10-23 10:53:05 +020010236 end = strrchr(buf->area, '.');
William Lallemand44b35322019-10-17 16:28:40 +020010237 if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) {
10238 *end = '\0';
10239 type = cert_exts[i].type;
10240 break;
10241 }
10242 }
10243
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010244 appctx->ctx.ssl.old_ckchs = NULL;
10245 appctx->ctx.ssl.new_ckchs = NULL;
William Lallemand849eed62019-10-17 16:23:50 +020010246
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010247 /* if there is an ongoing transaction */
10248 if (ckchs_transaction.path) {
10249 /* if the ongoing transaction is a bundle, we need to find which part of the bundle need to be updated */
William Lallemand963b2e72019-10-14 11:38:36 +020010250#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010251 if (ckchs_transaction.new_ckchs->multi) {
William Lallemand963b2e72019-10-14 11:38:36 +020010252 char *end = NULL;
10253 int j;
William Lallemand150bfa82019-09-19 17:12:49 +020010254
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010255 /* check if it was used in a bundle by removing the
William Lallemand963b2e72019-10-14 11:38:36 +020010256 * .dsa/.rsa/.ecdsa at the end of the filename */
William Lallemand8f840d72019-10-23 10:53:05 +020010257 end = strrchr(buf->area, '.');
William Lallemand963b2e72019-10-14 11:38:36 +020010258 for (j = 0; *end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
10259 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10260 bundle = j; /* keep the type of certificate so we insert it at the right place */
10261 *end = '\0'; /* it's a bundle let's end the string*/
10262 break;
10263 }
William Lallemand150bfa82019-09-19 17:12:49 +020010264 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010265 if (bundle < 0) {
10266 memprintf(&err, "The ongoing transaction is the '%s' bundle. You need to specify which part of the bundle you want to update ('%s.{rsa,ecdsa,dsa}')\n", ckchs_transaction.path, buf->area);
10267 errcode |= ERR_ALERT | ERR_FATAL;
10268 goto end;
10269 }
10270 }
10271#endif
10272
10273 /* if there is an ongoing transaction, check if this is the same file */
10274 if (strcmp(ckchs_transaction.path, buf->area) != 0) {
10275 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, buf->area);
10276 errcode |= ERR_ALERT | ERR_FATAL;
10277 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010278 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010279
10280 appctx->ctx.ssl.old_ckchs = ckchs_transaction.new_ckchs;
10281
10282 } else {
10283 struct ckch_store *find_ckchs[2] = { NULL, NULL };
10284
10285 /* lookup for the certificate in the tree:
10286 * check if this is used as a bundle AND as a unique certificate */
10287 for (i = 0; i < 2; i++) {
10288
10289 if ((find_ckchs[i] = ckchs_lookup(buf->area)) != NULL) {
10290 /* only the bundle name is in the tree and you should
10291 * never update a bundle name, only a filename */
10292 if (bundle < 0 && find_ckchs[i]->multi) {
10293 /* we tried to look for a non-bundle and we found a bundle */
10294 memprintf(&err, "%s%s is a multi-cert bundle. Try updating %s.{dsa,rsa,ecdsa}\n",
10295 err ? err : "", args[3], args[3]);
10296 errcode |= ERR_ALERT | ERR_FATAL;
10297 goto end;
10298 }
10299 /* If we want a bundle but this is not a bundle */
10300 /* note that it should never happen */
10301 if (bundle >= 0 && find_ckchs[i]->multi == 0)
10302 goto end;
10303 }
10304#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
10305 {
10306 char *end = NULL;
10307 int j;
10308
10309 /* check if it was used in a bundle by removing the
10310 * .dsa/.rsa/.ecdsa at the end of the filename */
10311 end = strrchr(buf->area, '.');
10312 for (j = 0; *end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
10313 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10314 bundle = j; /* keep the type of certificate so we insert it at the right place */
10315 *end = '\0'; /* it's a bundle let's end the string*/
10316 break;
10317 }
10318 }
10319 }
William Lallemand963b2e72019-10-14 11:38:36 +020010320#else
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010321 /* bundles are not supported here, so we don't need to lookup again */
10322 break;
William Lallemand963b2e72019-10-14 11:38:36 +020010323#endif
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010324 }
10325
10326 if (find_ckchs[0] && find_ckchs[1]) {
10327 memprintf(&err, "%sUpdating a certificate which is used in the HAProxy configuration as a bundle and as a unique certificate is not supported. ('%s' and '%s')\n",
10328 err ? err : "", find_ckchs[0]->path, find_ckchs[1]->path);
10329 errcode |= ERR_ALERT | ERR_FATAL;
10330 goto end;
10331 }
10332
10333 appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
10334
10335 /* this is a new transaction, set the path of the transaction */
10336 appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
10337 if (!appctx->ctx.ssl.path) {
10338 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10339 errcode |= ERR_ALERT | ERR_FATAL;
10340 goto end;
10341 }
10342
William Lallemand150bfa82019-09-19 17:12:49 +020010343 }
10344
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010345 if (!appctx->ctx.ssl.old_ckchs) {
10346 memprintf(&err, "%sCan't replace a certificate which is not referenced by the configuration!\n",
William Lallemand150bfa82019-09-19 17:12:49 +020010347 err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010348 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand8f840d72019-10-23 10:53:05 +020010349 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010350 }
10351
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010352
10353 old_ckchs = appctx->ctx.ssl.old_ckchs;
10354
10355 /* TODO: handle filters */
10356 if (old_ckchs->filters) {
10357 memprintf(&err, "%sCertificates used in crt-list with filters are not supported!\n",
10358 err ? err : "");
10359 errcode |= ERR_ALERT | ERR_FATAL;
10360 goto end;
10361 }
10362
10363 /* duplicate the ckch store */
10364 new_ckchs = ckchs_dup(old_ckchs);
10365 if (!new_ckchs) {
10366 memprintf(&err, "%sCannot allocate memory!\n",
10367 err ? err : "");
10368 errcode |= ERR_ALERT | ERR_FATAL;
10369 goto end;
10370 }
10371
10372 if (!new_ckchs->multi)
10373 ckch = new_ckchs->ckch;
10374 else
10375 ckch = &new_ckchs->ckch[bundle];
10376
10377 /* appply the change on the duplicate */
10378 if (cert_exts[type].load(buf->area, payload, ckch, &err) != 0) {
10379 memprintf(&err, "%sCan't load the payload\n", err ? err : "");
10380 errcode |= ERR_ALERT | ERR_FATAL;
10381 goto end;
10382 }
10383
10384 appctx->ctx.ssl.new_ckchs = new_ckchs;
10385
10386 /* we succeed, we can save the ckchs in the transaction */
10387
10388 /* if there wasn't a transaction, update the old ckchs */
10389 if (!ckchs_transaction.old_ckchs && !ckchs_transaction.old_ckchs) {
10390 ckchs_transaction.old_ckchs = appctx->ctx.ssl.old_ckchs;
10391 ckchs_transaction.path = appctx->ctx.ssl.path;
10392 err = memprintf(&err, "Transaction created for certificate %s!\n", ckchs_transaction.path);
10393 } else {
10394 err = memprintf(&err, "Transaction updated for certificate %s!\n", ckchs_transaction.path);
10395
10396 }
10397
10398 /* free the previous ckchs if there was a transaction */
10399 ckchs_free(ckchs_transaction.new_ckchs);
10400
10401 ckchs_transaction.new_ckchs = appctx->ctx.ssl.new_ckchs;
10402
10403
William Lallemand8f840d72019-10-23 10:53:05 +020010404 /* creates the SNI ctxs later in the IO handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010405
William Lallemand8f840d72019-10-23 10:53:05 +020010406end:
10407 free_trash_chunk(buf);
William Lallemand150bfa82019-09-19 17:12:49 +020010408
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010409 if (errcode & ERR_CODE) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010410
10411 ckchs_free(appctx->ctx.ssl.new_ckchs);
10412 appctx->ctx.ssl.new_ckchs = NULL;
10413
10414 appctx->ctx.ssl.old_ckchs = NULL;
10415
10416 free(appctx->ctx.ssl.path);
10417 appctx->ctx.ssl.path = NULL;
10418
10419 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand44b35322019-10-17 16:28:40 +020010420 return cli_dynerr(appctx, memprintf(&err, "%sCan't update %s!\n", err ? err : "", args[3]));
William Lallemand430413e2019-10-28 14:30:47 +010010421 } else {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010422
10423 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10424 return cli_dynmsg(appctx, LOG_NOTICE, err);
William Lallemand430413e2019-10-28 14:30:47 +010010425 }
William Lallemand8f840d72019-10-23 10:53:05 +020010426 /* TODO: handle the ERR_WARN which are not handled because of the io_handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010427}
10428
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010429static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010430{
10431#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
10432 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010433 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010434
10435 if (!payload)
10436 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +020010437
10438 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010439 if (!*payload)
10440 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010441
10442 /* remove \r and \n from the payload */
10443 for (i = 0, j = 0; payload[i]; i++) {
10444 if (payload[i] == '\r' || payload[i] == '\n')
10445 continue;
10446 payload[j++] = payload[i];
10447 }
10448 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010449
Willy Tarreau1c913e42018-08-22 05:26:57 +020010450 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010451 if (ret < 0)
10452 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010453
Willy Tarreau1c913e42018-08-22 05:26:57 +020010454 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +020010455 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +020010456 if (err)
10457 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
10458 else
10459 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010460 }
Willy Tarreau9d008692019-08-09 11:21:01 +020010461
10462 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010463#else
Willy Tarreau9d008692019-08-09 11:21:01 +020010464 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010465#endif
10466
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010467}
10468
Willy Tarreau86a394e2019-05-09 14:15:32 +020010469#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010470static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
10471{
10472 switch (arg->type) {
10473 case ARGT_STR:
10474 smp->data.type = SMP_T_STR;
10475 smp->data.u.str = arg->data.str;
10476 return 1;
10477 case ARGT_VAR:
10478 if (!vars_get_by_desc(&arg->data.var, smp))
10479 return 0;
10480 if (!sample_casts[smp->data.type][SMP_T_STR])
10481 return 0;
10482 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
10483 return 0;
10484 return 1;
10485 default:
10486 return 0;
10487 }
10488}
10489
10490static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
10491 const char *file, int line, char **err)
10492{
10493 switch(args[0].data.sint) {
10494 case 128:
10495 case 192:
10496 case 256:
10497 break;
10498 default:
10499 memprintf(err, "key size must be 128, 192 or 256 (bits).");
10500 return 0;
10501 }
10502 /* Try to decode a variable. */
10503 vars_check_arg(&args[1], NULL);
10504 vars_check_arg(&args[2], NULL);
10505 vars_check_arg(&args[3], NULL);
10506 return 1;
10507}
10508
10509/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
10510static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
10511{
10512 struct sample nonce, key, aead_tag;
10513 struct buffer *smp_trash, *smp_trash_alloc;
10514 EVP_CIPHER_CTX *ctx;
10515 int dec_size, ret;
10516
10517 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
10518 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
10519 return 0;
10520
10521 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
10522 if (!sample_conv_var2smp_str(&arg_p[2], &key))
10523 return 0;
10524
10525 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
10526 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
10527 return 0;
10528
10529 smp_trash = get_trash_chunk();
10530 smp_trash_alloc = alloc_trash_chunk();
10531 if (!smp_trash_alloc)
10532 return 0;
10533
10534 ctx = EVP_CIPHER_CTX_new();
10535
10536 if (!ctx)
10537 goto err;
10538
10539 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
10540 if (dec_size < 0)
10541 goto err;
10542 smp_trash->data = dec_size;
10543
10544 /* Set cipher type and mode */
10545 switch(arg_p[0].data.sint) {
10546 case 128:
10547 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
10548 break;
10549 case 192:
10550 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
10551 break;
10552 case 256:
10553 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
10554 break;
10555 }
10556
10557 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
10558
10559 /* Initialise IV */
10560 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
10561 goto err;
10562
10563 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
10564 if (dec_size < 0)
10565 goto err;
10566 smp_trash->data = dec_size;
10567
10568 /* Initialise key */
10569 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
10570 goto err;
10571
10572 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
10573 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
10574 goto err;
10575
10576 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
10577 if (dec_size < 0)
10578 goto err;
10579 smp_trash_alloc->data = dec_size;
10580 dec_size = smp_trash->data;
10581
10582 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
10583 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
10584
10585 if (ret <= 0)
10586 goto err;
10587
10588 smp->data.u.str.data = dec_size + smp_trash->data;
10589 smp->data.u.str.area = smp_trash->area;
10590 smp->data.type = SMP_T_BIN;
10591 smp->flags &= ~SMP_F_CONST;
10592 free_trash_chunk(smp_trash_alloc);
10593 return 1;
10594
10595err:
10596 free_trash_chunk(smp_trash_alloc);
10597 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010598}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010599# endif
William Lallemand32af2032016-10-29 18:09:35 +020010600
10601/* register cli keywords */
10602static struct cli_kw_list cli_kws = {{ },{
10603#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10604 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +020010605 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +020010606#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010010607 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010608 { { "set", "ssl", "cert", NULL }, "set ssl cert <certfile> <payload> : replace a certificate file", cli_parse_set_cert, NULL, NULL },
10609 { { "commit", "ssl", "cert", NULL }, "commit ssl cert <certfile> : commit a certificate file", cli_parse_commit_cert, cli_io_handler_commit_cert, cli_release_commit_cert },
William Lallemand32af2032016-10-29 18:09:35 +020010610 { { NULL }, NULL, NULL, NULL }
10611}};
10612
Willy Tarreau0108d902018-11-25 19:14:37 +010010613INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +020010614
Willy Tarreau7875d092012-09-10 08:20:03 +020010615/* Note: must not be declared <const> as its list will be overwritten.
10616 * Please take care of keeping this list alphabetically sorted.
10617 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010618static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +020010619 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010620 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010621#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +010010622 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010623#endif
Emeric Brun645ae792014-04-30 14:21:06 +020010624 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010625#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
10626 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
10627#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +010010628 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +020010629 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +020010630 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010631 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010632#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +020010633 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -040010634#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010635#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040010636 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
10637 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -040010638 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
10639#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010640 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
10641 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010010642 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010643 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020010644 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10645 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10646 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10647 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10648 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10649 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10650 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10651 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010652 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010653 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
10654 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010010655 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020010656 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10657 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10658 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10659 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10660 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10661 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10662 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +020010663 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010664 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010665 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010666 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010667 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010668 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010669 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010670 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +020010671 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +010010672#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010673 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +020010674#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +010010675#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010676 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +020010677#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010678 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010679#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +020010680 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010681#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010682 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010683#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010684 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010685#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010686#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040010687 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10688 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -040010689 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10690#endif
Patrick Hemmer41966772018-04-28 19:15:48 -040010691#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010692 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010693#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010010694 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10695 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10696 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10697 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +020010698 { NULL, NULL, 0, 0, 0 },
10699}};
10700
Willy Tarreau0108d902018-11-25 19:14:37 +010010701INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
10702
Willy Tarreau7875d092012-09-10 08:20:03 +020010703/* Note: must not be declared <const> as its list will be overwritten.
10704 * Please take care of keeping this list alphabetically sorted.
10705 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010706static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010707 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
10708 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +010010709 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +020010710}};
10711
Willy Tarreau0108d902018-11-25 19:14:37 +010010712INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
10713
Willy Tarreau79eeafa2012-09-14 07:53:05 +020010714/* Note: must not be declared <const> as its list will be overwritten.
10715 * Please take care of keeping this list alphabetically sorted, doing so helps
10716 * all code contributors.
10717 * Optional keywords are also declared with a NULL ->parse() function so that
10718 * the config parser can report an appropriate error when a known keyword was
10719 * not enabled.
10720 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010721static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +020010722 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010723 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
10724 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
10725 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010726#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010727 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
10728#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010729 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +010010730 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010731 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020010732 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010733 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +020010734 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
10735 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010736 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
10737 { NULL, NULL, 0 },
10738};
10739
Willy Tarreau0108d902018-11-25 19:14:37 +010010740/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
10741
Willy Tarreau51fb7652012-09-18 18:24:39 +020010742static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +020010743 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010744 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
10745 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
10746 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
10747 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
10748 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
10749 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010750#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010751 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
10752#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010753 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
10754 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
10755 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
10756 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
10757 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
10758 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
10759 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
10760 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
10761 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
10762 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020010763 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010764 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020010765 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010766 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
10767 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
10768 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
10769 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020010770 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010771 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
10772 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010773 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
10774 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010775 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
10776 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
10777 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
10778 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
10779 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +020010780 { NULL, NULL, 0 },
10781}};
Emeric Brun46591952012-05-18 15:47:34 +020010782
Willy Tarreau0108d902018-11-25 19:14:37 +010010783INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
10784
Willy Tarreau92faadf2012-10-10 23:04:25 +020010785/* Note: must not be declared <const> as its list will be overwritten.
10786 * Please take care of keeping this list alphabetically sorted, doing so helps
10787 * all code contributors.
10788 * Optional keywords are also declared with a NULL ->parse() function so that
10789 * the config parser can report an appropriate error when a known keyword was
10790 * not enabled.
10791 */
10792static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +010010793 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +010010794 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010795 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +010010796 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +020010797 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010798 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
10799 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010800#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010801 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
10802#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010803 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
10804 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
10805 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
10806 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
10807 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
10808 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
10809 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
10810 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
10811 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
10812 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
10813 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
10814 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
10815 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
10816 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
10817 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
10818 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
10819 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
10820 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +010010821 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010822 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
10823 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
10824 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
10825 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
10826 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
10827 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
10828 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
10829 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
10830 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
10831 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +020010832 { NULL, NULL, 0, 0 },
10833}};
10834
Willy Tarreau0108d902018-11-25 19:14:37 +010010835INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
10836
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010837static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +010010838 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
10839 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +010010840 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010841 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
10842 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +010010843#ifndef OPENSSL_NO_DH
10844 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
10845#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010846 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010847#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010848 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010849#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +010010850 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
10851#ifndef OPENSSL_NO_DH
10852 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
10853#endif
10854 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
10855 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
10856 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
10857 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010010858 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +010010859 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
10860 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010861#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010862 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
10863 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
10864#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010865 { 0, NULL, NULL },
10866}};
10867
Willy Tarreau0108d902018-11-25 19:14:37 +010010868INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
10869
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010870/* Note: must not be declared <const> as its list will be overwritten */
10871static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +020010872#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010873 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
10874#endif
10875 { NULL, NULL, 0, 0, 0 },
10876}};
10877
10878INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
10879
Willy Tarreauf7bc57c2012-10-03 00:19:48 +020010880/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +010010881static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +020010882 .snd_buf = ssl_sock_from_buf,
10883 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +010010884 .subscribe = ssl_subscribe,
10885 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +020010886 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +020010887 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +020010888 .rcv_pipe = NULL,
10889 .snd_pipe = NULL,
10890 .shutr = NULL,
10891 .shutw = ssl_sock_shutw,
10892 .close = ssl_sock_close,
10893 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +010010894 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +010010895 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +010010896 .prepare_srv = ssl_sock_prepare_srv_ctx,
10897 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +010010898 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +010010899 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +020010900};
10901
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010902enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
10903 struct session *sess, struct stream *s, int flags)
10904{
10905 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010906 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010907
10908 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010909 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010910
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010911 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010912 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010913 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010914 s->req.flags |= CF_READ_NULL;
10915 return ACT_RET_YIELD;
10916 }
10917 }
10918 return (ACT_RET_CONT);
10919}
10920
10921static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
10922{
10923 rule->action_ptr = ssl_action_wait_for_hs;
10924
10925 return ACT_RET_PRS_OK;
10926}
10927
10928static struct action_kw_list http_req_actions = {ILH, {
10929 { "wait-for-handshake", ssl_parse_wait_for_hs },
10930 { /* END */ }
10931}};
10932
Willy Tarreau0108d902018-11-25 19:14:37 +010010933INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
10934
Willy Tarreau5db847a2019-05-09 14:13:35 +020010935#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010936
10937static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10938{
10939 if (ptr) {
10940 chunk_destroy(ptr);
10941 free(ptr);
10942 }
10943}
10944
10945#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010946static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10947{
Willy Tarreaubafbe012017-11-24 17:34:44 +010010948 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010949}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010950
Emeric Brun46591952012-05-18 15:47:34 +020010951__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020010952static void __ssl_sock_init(void)
10953{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010954#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010955 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010956 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010957#endif
Emeric Brun46591952012-05-18 15:47:34 +020010958
Willy Tarreauef934602016-12-22 23:12:01 +010010959 if (global_ssl.listen_default_ciphers)
10960 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
10961 if (global_ssl.connect_default_ciphers)
10962 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010963#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010964 if (global_ssl.listen_default_ciphersuites)
10965 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
10966 if (global_ssl.connect_default_ciphersuites)
10967 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
10968#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010010969
Willy Tarreau13e14102016-12-22 20:25:26 +010010970 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010971#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020010972 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080010973#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010974#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010975 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010976 n = sk_SSL_COMP_num(cm);
10977 while (n--) {
10978 (void) sk_SSL_COMP_pop(cm);
10979 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010980#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010981
Willy Tarreau5db847a2019-05-09 14:13:35 +020010982#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010983 ssl_locking_init();
10984#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020010985#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010986 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
10987#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020010988 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020010989 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +010010990 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010991#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010992 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010993 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010994#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010010995#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10996 hap_register_post_check(tlskeys_finalize_config);
10997#endif
Willy Tarreau80713382018-11-26 10:19:54 +010010998
10999 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
11000 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
11001
11002#ifndef OPENSSL_NO_DH
11003 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
11004 hap_register_post_deinit(ssl_free_dh);
11005#endif
11006#ifndef OPENSSL_NO_ENGINE
11007 hap_register_post_deinit(ssl_free_engines);
11008#endif
11009 /* Load SSL string for the verbose & debug mode. */
11010 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020011011 ha_meth = BIO_meth_new(0x666, "ha methods");
11012 BIO_meth_set_write(ha_meth, ha_ssl_write);
11013 BIO_meth_set_read(ha_meth, ha_ssl_read);
11014 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
11015 BIO_meth_set_create(ha_meth, ha_ssl_new);
11016 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
11017 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
11018 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
William Lallemand150bfa82019-09-19 17:12:49 +020011019
11020 HA_SPIN_INIT(&ckch_lock);
Willy Tarreau80713382018-11-26 10:19:54 +010011021}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010011022
Willy Tarreau80713382018-11-26 10:19:54 +010011023/* Compute and register the version string */
11024static void ssl_register_build_options()
11025{
11026 char *ptr = NULL;
11027 int i;
11028
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011029 memprintf(&ptr, "Built with OpenSSL version : "
11030#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011031 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011032#else /* OPENSSL_IS_BORINGSSL */
11033 OPENSSL_VERSION_TEXT
11034 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080011035 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020011036 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011037#endif
11038 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011039#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011040 "no (library version too old)"
11041#elif defined(OPENSSL_NO_TLSEXT)
11042 "no (disabled via OPENSSL_NO_TLSEXT)"
11043#else
11044 "yes"
11045#endif
11046 "", ptr);
11047
11048 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
11049#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
11050 "yes"
11051#else
11052#ifdef OPENSSL_NO_TLSEXT
11053 "no (because of OPENSSL_NO_TLSEXT)"
11054#else
11055 "no (version might be too old, 0.9.8f min needed)"
11056#endif
11057#endif
11058 "", ptr);
11059
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020011060 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
11061 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
11062 if (methodVersions[i].option)
11063 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011064
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011065 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010011066}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011067
Willy Tarreau80713382018-11-26 10:19:54 +010011068INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020011069
Emeric Brun46591952012-05-18 15:47:34 +020011070
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011071#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011072void ssl_free_engines(void) {
11073 struct ssl_engine_list *wl, *wlb;
11074 /* free up engine list */
11075 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
11076 ENGINE_finish(wl->e);
11077 ENGINE_free(wl->e);
11078 LIST_DEL(&wl->list);
11079 free(wl);
11080 }
11081}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011082#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020011083
Remi Gacogned3a23c32015-05-28 16:39:47 +020011084#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000011085void ssl_free_dh(void) {
11086 if (local_dh_1024) {
11087 DH_free(local_dh_1024);
11088 local_dh_1024 = NULL;
11089 }
11090 if (local_dh_2048) {
11091 DH_free(local_dh_2048);
11092 local_dh_2048 = NULL;
11093 }
11094 if (local_dh_4096) {
11095 DH_free(local_dh_4096);
11096 local_dh_4096 = NULL;
11097 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020011098 if (global_dh) {
11099 DH_free(global_dh);
11100 global_dh = NULL;
11101 }
Grant Zhang872f9c22017-01-21 01:10:18 +000011102}
11103#endif
11104
11105__attribute__((destructor))
11106static void __ssl_sock_deinit(void)
11107{
11108#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011109 if (ssl_ctx_lru_tree) {
11110 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010011111 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020011112 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020011113#endif
11114
Willy Tarreau5db847a2019-05-09 14:13:35 +020011115#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011116 ERR_remove_state(0);
11117 ERR_free_strings();
11118
11119 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080011120#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020011121
Willy Tarreau5db847a2019-05-09 14:13:35 +020011122#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011123 CRYPTO_cleanup_all_ex_data();
11124#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020011125 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020011126}
11127
11128
Emeric Brun46591952012-05-18 15:47:34 +020011129/*
11130 * Local variables:
11131 * c-indent-level: 8
11132 * c-basic-offset: 8
11133 * End:
11134 */