blob: b5547cc9efea0f55a361264222e1aa01d6533b88 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020042#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020043#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020044#include <openssl/x509.h>
45#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020046#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010047#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020048#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010049#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020050#include <openssl/ocsp.h>
51#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020052#ifndef OPENSSL_NO_DH
53#include <openssl/dh.h>
54#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020055#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000056#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020057#endif
Emeric Brun46591952012-05-18 15:47:34 +020058
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020059#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000060#include <openssl/async.h>
61#endif
62
Christopher Faulet31af49d2015-06-09 17:29:50 +020063#include <import/lru.h>
64#include <import/xxhash.h>
65
Emeric Brun46591952012-05-18 15:47:34 +020066#include <common/buffer.h>
67#include <common/compat.h>
68#include <common/config.h>
69#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020070#include <common/errors.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <common/standard.h>
72#include <common/ticks.h>
73#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010074#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010075#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020076
Emeric Brunfc0421f2012-09-07 17:30:07 +020077#include <ebsttree.h>
78
William Lallemand32af2032016-10-29 18:09:35 +020079#include <types/applet.h>
80#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020081#include <types/global.h>
82#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020083#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020084
Willy Tarreau7875d092012-09-10 08:20:03 +020085#include <proto/acl.h>
86#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020087#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020089#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020090#include <proto/fd.h>
91#include <proto/freq_ctr.h>
92#include <proto/frontend.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020093#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020094#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010095#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020096#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020097#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020098#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020099#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200100#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200101#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200102#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200103#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200104#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200105#include <proto/task.h>
106
Willy Tarreau518cedd2014-02-17 15:43:01 +0100107/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200108#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100109#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100110#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200111#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
112
Emeric Brunf282a812012-09-21 15:27:54 +0200113/* bits 0xFFFF0000 are reserved to store verify errors */
114
115/* Verify errors macros */
116#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
117#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
118#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
119
120#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
121#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
122#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200123
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100124/* Supported hash function for TLS tickets */
125#ifdef OPENSSL_NO_SHA256
126#define HASH_FUNCT EVP_sha1
127#else
128#define HASH_FUNCT EVP_sha256
129#endif /* OPENSSL_NO_SHA256 */
130
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200131/* ssl_methods flags for ssl options */
132#define MC_SSL_O_ALL 0x0000
133#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
134#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
135#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
136#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200137#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200138
139/* ssl_methods versions */
140enum {
141 CONF_TLSV_NONE = 0,
142 CONF_TLSV_MIN = 1,
143 CONF_SSLV3 = 1,
144 CONF_TLSV10 = 2,
145 CONF_TLSV11 = 3,
146 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200147 CONF_TLSV13 = 5,
148 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200149};
150
Emeric Brun850efd52014-01-29 12:24:34 +0100151/* server and bind verify method, it uses a global value as default */
152enum {
153 SSL_SOCK_VERIFY_DEFAULT = 0,
154 SSL_SOCK_VERIFY_REQUIRED = 1,
155 SSL_SOCK_VERIFY_OPTIONAL = 2,
156 SSL_SOCK_VERIFY_NONE = 3,
157};
158
William Lallemand3f85c9a2017-10-09 16:30:50 +0200159
Willy Tarreau71b734c2014-01-28 15:19:44 +0100160int sslconns = 0;
161int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100162static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100163int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200164
Willy Tarreauef934602016-12-22 23:12:01 +0100165static struct {
166 char *crt_base; /* base directory path for certificates */
167 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000168 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100169
170 char *listen_default_ciphers;
171 char *connect_default_ciphers;
172 int listen_default_ssloptions;
173 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200174 struct tls_version_filter listen_default_sslmethods;
175 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100176
177 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
178 unsigned int life_time; /* SSL session lifetime in seconds */
179 unsigned int max_record; /* SSL max record size */
180 unsigned int default_dh_param; /* SSL maximum DH parameter size */
181 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100182 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100183} global_ssl = {
184#ifdef LISTEN_DEFAULT_CIPHERS
185 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
186#endif
187#ifdef CONNECT_DEFAULT_CIPHERS
188 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
189#endif
190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Emeric Brun821bb9b2017-06-15 16:37:39 +0200208#ifdef USE_THREAD
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100209
Emeric Brun821bb9b2017-06-15 16:37:39 +0200210static HA_RWLOCK_T *ssl_rwlocks;
211
212
213unsigned long ssl_id_function(void)
214{
215 return (unsigned long)tid;
216}
217
218void ssl_locking_function(int mode, int n, const char * file, int line)
219{
220 if (mode & CRYPTO_LOCK) {
221 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100222 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200223 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100224 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200225 }
226 else {
227 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100228 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200229 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100230 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200231 }
232}
233
234static int ssl_locking_init(void)
235{
236 int i;
237
238 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
239 if (!ssl_rwlocks)
240 return -1;
241
242 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100243 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200244
245 CRYPTO_set_id_callback(ssl_id_function);
246 CRYPTO_set_locking_callback(ssl_locking_function);
247
248 return 0;
249}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100250
Emeric Brun821bb9b2017-06-15 16:37:39 +0200251#endif
252
253
254
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100255/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100256struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100257 unsigned long long int xxh64;
258 unsigned char ciphersuite_len;
259 char ciphersuite[0];
260};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100261struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100262static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200263static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100264
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100265static int ssl_pkey_info_index = -1;
266
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200267#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
268struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
269#endif
270
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200271#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000272static unsigned int openssl_engines_initialized;
273struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
274struct ssl_engine_list {
275 struct list list;
276 ENGINE *e;
277};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200278#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000279
Remi Gacogne8de54152014-07-15 11:36:40 +0200280#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200281static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200282static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200283static DH *local_dh_1024 = NULL;
284static DH *local_dh_2048 = NULL;
285static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100286static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200287#endif /* OPENSSL_NO_DH */
288
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100289#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200290/* X509V3 Extensions that will be added on generated certificates */
291#define X509V3_EXT_SIZE 5
292static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
293 "basicConstraints",
294 "nsComment",
295 "subjectKeyIdentifier",
296 "authorityKeyIdentifier",
297 "keyUsage",
298};
299static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
300 "CA:FALSE",
301 "\"OpenSSL Generated Certificate\"",
302 "hash",
303 "keyid,issuer:always",
304 "nonRepudiation,digitalSignature,keyEncipherment"
305};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200306/* LRU cache to store generated certificate */
307static struct lru64_head *ssl_ctx_lru_tree = NULL;
308static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200309static unsigned int ssl_ctx_serial;
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100310__decl_hathreads(static HA_RWLOCK_T ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200311
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200312#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
313
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100314static struct ssl_bind_kw ssl_bind_kws[];
315
yanbzhube2774d2015-12-10 15:07:30 -0500316#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
317/* The order here matters for picking a default context,
318 * keep the most common keytype at the bottom of the list
319 */
320const char *SSL_SOCK_KEYTYPE_NAMES[] = {
321 "dsa",
322 "ecdsa",
323 "rsa"
324};
325#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100326#else
327#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500328#endif
329
William Lallemandc3cd35f2017-11-28 11:04:43 +0100330static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100331static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
332
333#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
334
335#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
336 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
337
338#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
339 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200340
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100341/*
342 * This function gives the detail of the SSL error. It is used only
343 * if the debug mode and the verbose mode are activated. It dump all
344 * the SSL error until the stack was empty.
345 */
346static forceinline void ssl_sock_dump_errors(struct connection *conn)
347{
348 unsigned long ret;
349
350 if (unlikely(global.mode & MODE_DEBUG)) {
351 while(1) {
352 ret = ERR_get_error();
353 if (ret == 0)
354 return;
355 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200356 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100357 ERR_func_error_string(ret), ERR_reason_error_string(ret));
358 }
359 }
360}
361
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200362#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500363/*
364 * struct alignment works here such that the key.key is the same as key_data
365 * Do not change the placement of key_data
366 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200367struct certificate_ocsp {
368 struct ebmb_node key;
369 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
370 struct chunk response;
371 long expire;
372};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200373
yanbzhube2774d2015-12-10 15:07:30 -0500374struct ocsp_cbk_arg {
375 int is_single;
376 int single_kt;
377 union {
378 struct certificate_ocsp *s_ocsp;
379 /*
380 * m_ocsp will have multiple entries dependent on key type
381 * Entry 0 - DSA
382 * Entry 1 - ECDSA
383 * Entry 2 - RSA
384 */
385 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
386 };
387};
388
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200389#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000390static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
391{
392 int err_code = ERR_ABORT;
393 ENGINE *engine;
394 struct ssl_engine_list *el;
395
396 /* grab the structural reference to the engine */
397 engine = ENGINE_by_id(engine_id);
398 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100399 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000400 goto fail_get;
401 }
402
403 if (!ENGINE_init(engine)) {
404 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100405 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000406 goto fail_init;
407 }
408
409 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100410 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000411 goto fail_set_method;
412 }
413
414 el = calloc(1, sizeof(*el));
415 el->e = engine;
416 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100417 nb_engines++;
418 if (global_ssl.async)
419 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000420 return 0;
421
422fail_set_method:
423 /* release the functional reference from ENGINE_init() */
424 ENGINE_finish(engine);
425
426fail_init:
427 /* release the structural reference from ENGINE_by_id() */
428 ENGINE_free(engine);
429
430fail_get:
431 return err_code;
432}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200433#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000434
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200435#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200436/*
437 * openssl async fd handler
438 */
439static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000440{
441 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000442
Emeric Brun3854e012017-05-17 20:42:48 +0200443 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000444 * to poll this fd until it is requested
445 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000446 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000447 fd_cant_recv(fd);
448
449 /* crypto engine is available, let's notify the associated
450 * connection that it can pursue its processing.
451 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000452 __conn_sock_want_recv(conn);
453 __conn_sock_want_send(conn);
454 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000455}
456
Emeric Brun3854e012017-05-17 20:42:48 +0200457/*
458 * openssl async delayed SSL_free handler
459 */
460static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000461{
462 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200463 OSSL_ASYNC_FD all_fd[32];
464 size_t num_all_fds = 0;
465 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000466
Emeric Brun3854e012017-05-17 20:42:48 +0200467 /* We suppose that the async job for a same SSL *
468 * are serialized. So if we are awake it is
469 * because the running job has just finished
470 * and we can remove all async fds safely
471 */
472 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
473 if (num_all_fds > 32) {
474 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
475 return;
476 }
477
478 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
479 for (i=0 ; i < num_all_fds ; i++)
480 fd_remove(all_fd[i]);
481
482 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000483 SSL_free(ssl);
484 sslconns--;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +0200485 HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000486}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000487/*
Emeric Brun3854e012017-05-17 20:42:48 +0200488 * function used to manage a returned SSL_ERROR_WANT_ASYNC
489 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000490 */
Emeric Brun3854e012017-05-17 20:42:48 +0200491static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000492{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100493 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200494 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000495 size_t num_add_fds = 0;
496 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200497 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000498
499 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
500 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200501 if (num_add_fds > 32 || num_del_fds > 32) {
502 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000503 return;
504 }
505
Emeric Brun3854e012017-05-17 20:42:48 +0200506 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000507
Emeric Brun3854e012017-05-17 20:42:48 +0200508 /* We remove unused fds from the fdtab */
509 for (i=0 ; i < num_del_fds ; i++)
510 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000511
Emeric Brun3854e012017-05-17 20:42:48 +0200512 /* We add new fds to the fdtab */
513 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100514 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000515 }
516
Emeric Brun3854e012017-05-17 20:42:48 +0200517 num_add_fds = 0;
518 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
519 if (num_add_fds > 32) {
520 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
521 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000522 }
Emeric Brun3854e012017-05-17 20:42:48 +0200523
524 /* We activate the polling for all known async fds */
525 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000526 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200527 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000528 /* To ensure that the fd cache won't be used
529 * We'll prefer to catch a real RD event
530 * because handling an EAGAIN on this fd will
531 * result in a context switch and also
532 * some engines uses a fd in blocking mode.
533 */
534 fd_cant_recv(add_fd[i]);
535 }
Emeric Brun3854e012017-05-17 20:42:48 +0200536
537 /* We must also prevent the conn_handler
538 * to be called until a read event was
539 * polled on an async fd
540 */
541 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000542}
543#endif
544
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200545/*
546 * This function returns the number of seconds elapsed
547 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
548 * date presented un ASN1_GENERALIZEDTIME.
549 *
550 * In parsing error case, it returns -1.
551 */
552static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
553{
554 long epoch;
555 char *p, *end;
556 const unsigned short month_offset[12] = {
557 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
558 };
559 int year, month;
560
561 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
562
563 p = (char *)d->data;
564 end = p + d->length;
565
566 if (end - p < 4) return -1;
567 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
568 p += 4;
569 if (end - p < 2) return -1;
570 month = 10 * (p[0] - '0') + p[1] - '0';
571 if (month < 1 || month > 12) return -1;
572 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
573 We consider leap years and the current month (<marsh or not) */
574 epoch = ( ((year - 1970) * 365)
575 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
576 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
577 + month_offset[month-1]
578 ) * 24 * 60 * 60;
579 p += 2;
580 if (end - p < 2) return -1;
581 /* Add the number of seconds of completed days of current month */
582 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
583 p += 2;
584 if (end - p < 2) return -1;
585 /* Add the completed hours of the current day */
586 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
587 p += 2;
588 if (end - p < 2) return -1;
589 /* Add the completed minutes of the current hour */
590 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
591 p += 2;
592 if (p == end) return -1;
593 /* Test if there is available seconds */
594 if (p[0] < '0' || p[0] > '9')
595 goto nosec;
596 if (end - p < 2) return -1;
597 /* Add the seconds of the current minute */
598 epoch += 10 * (p[0] - '0') + p[1] - '0';
599 p += 2;
600 if (p == end) return -1;
601 /* Ignore seconds float part if present */
602 if (p[0] == '.') {
603 do {
604 if (++p == end) return -1;
605 } while (p[0] >= '0' && p[0] <= '9');
606 }
607
608nosec:
609 if (p[0] == 'Z') {
610 if (end - p != 1) return -1;
611 return epoch;
612 }
613 else if (p[0] == '+') {
614 if (end - p != 5) return -1;
615 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700616 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200617 }
618 else if (p[0] == '-') {
619 if (end - p != 5) return -1;
620 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700621 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200622 }
623
624 return -1;
625}
626
Emeric Brun1d3865b2014-06-20 15:37:32 +0200627static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200628
629/* This function starts to check if the OCSP response (in DER format) contained
630 * in chunk 'ocsp_response' is valid (else exits on error).
631 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
632 * contained in the OCSP Response and exits on error if no match.
633 * If it's a valid OCSP Response:
634 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
635 * pointed by 'ocsp'.
636 * If 'ocsp' is NULL, the function looks up into the OCSP response's
637 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
638 * from the response) and exits on error if not found. Finally, If an OCSP response is
639 * already present in the container, it will be overwritten.
640 *
641 * Note: OCSP response containing more than one OCSP Single response is not
642 * considered valid.
643 *
644 * Returns 0 on success, 1 in error case.
645 */
646static int ssl_sock_load_ocsp_response(struct chunk *ocsp_response, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
647{
648 OCSP_RESPONSE *resp;
649 OCSP_BASICRESP *bs = NULL;
650 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200651 OCSP_CERTID *id;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200652 unsigned char *p = (unsigned char *)ocsp_response->str;
653 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200654 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200655 int reason;
656 int ret = 1;
657
658 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p, ocsp_response->len);
659 if (!resp) {
660 memprintf(err, "Unable to parse OCSP response");
661 goto out;
662 }
663
664 rc = OCSP_response_status(resp);
665 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
666 memprintf(err, "OCSP response status not successful");
667 goto out;
668 }
669
670 bs = OCSP_response_get1_basic(resp);
671 if (!bs) {
672 memprintf(err, "Failed to get basic response from OCSP Response");
673 goto out;
674 }
675
676 count_sr = OCSP_resp_count(bs);
677 if (count_sr > 1) {
678 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
679 goto out;
680 }
681
682 sr = OCSP_resp_get0(bs, 0);
683 if (!sr) {
684 memprintf(err, "Failed to get OCSP single response");
685 goto out;
686 }
687
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200688 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
689
Emeric Brun4147b2e2014-06-16 18:36:30 +0200690 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200691 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200692 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200693 goto out;
694 }
695
Emeric Brun13a6b482014-06-20 15:44:34 +0200696 if (!nextupd) {
697 memprintf(err, "OCSP single response: missing nextupdate");
698 goto out;
699 }
700
Emeric Brunc8b27b62014-06-19 14:16:17 +0200701 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200702 if (!rc) {
703 memprintf(err, "OCSP single response: no longer valid.");
704 goto out;
705 }
706
707 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200708 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200709 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
710 goto out;
711 }
712 }
713
714 if (!ocsp) {
715 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
716 unsigned char *p;
717
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200718 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200719 if (!rc) {
720 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
721 goto out;
722 }
723
724 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
725 memprintf(err, "OCSP single response: Certificate ID too long");
726 goto out;
727 }
728
729 p = key;
730 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200731 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200732 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
733 if (!ocsp) {
734 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
735 goto out;
736 }
737 }
738
739 /* According to comments on "chunk_dup", the
740 previous chunk buffer will be freed */
741 if (!chunk_dup(&ocsp->response, ocsp_response)) {
742 memprintf(err, "OCSP response: Memory allocation error");
743 goto out;
744 }
745
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200746 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
747
Emeric Brun4147b2e2014-06-16 18:36:30 +0200748 ret = 0;
749out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100750 ERR_clear_error();
751
Emeric Brun4147b2e2014-06-16 18:36:30 +0200752 if (bs)
753 OCSP_BASICRESP_free(bs);
754
755 if (resp)
756 OCSP_RESPONSE_free(resp);
757
758 return ret;
759}
760/*
761 * External function use to update the OCSP response in the OCSP response's
762 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
763 * to update in DER format.
764 *
765 * Returns 0 on success, 1 in error case.
766 */
767int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err)
768{
769 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
770}
771
772/*
773 * This function load the OCSP Resonse in DER format contained in file at
774 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
775 *
776 * Returns 0 on success, 1 in error case.
777 */
778static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
779{
780 int fd = -1;
781 int r = 0;
782 int ret = 1;
783
784 fd = open(ocsp_path, O_RDONLY);
785 if (fd == -1) {
786 memprintf(err, "Error opening OCSP response file");
787 goto end;
788 }
789
790 trash.len = 0;
791 while (trash.len < trash.size) {
792 r = read(fd, trash.str + trash.len, trash.size - trash.len);
793 if (r < 0) {
794 if (errno == EINTR)
795 continue;
796
797 memprintf(err, "Error reading OCSP response from file");
798 goto end;
799 }
800 else if (r == 0) {
801 break;
802 }
803 trash.len += r;
804 }
805
806 close(fd);
807 fd = -1;
808
809 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
810end:
811 if (fd != -1)
812 close(fd);
813
814 return ret;
815}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100816#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200817
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100818#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
819static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
820{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100821 struct tls_keys_ref *ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100822 struct tls_sess_key *keys;
823 struct connection *conn;
824 int head;
825 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100826 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100827
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200828 conn = SSL_get_ex_data(s, ssl_app_data_index);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100829 ref = objt_listener(conn->target)->bind_conf->keys_ref;
830 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
831
832 keys = ref->tlskeys;
833 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100834
835 if (enc) {
836 memcpy(key_name, keys[head].name, 16);
837
838 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100839 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100840
841 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100842 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100843
844 HMAC_Init_ex(hctx, keys[head].hmac_key, 16, HASH_FUNCT(), NULL);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100845 ret = 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100846 } else {
847 for (i = 0; i < TLS_TICKETS_NO; i++) {
848 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
849 goto found;
850 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100851 ret = 0;
852 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100853
Christopher Faulet16f45c82018-02-16 11:23:49 +0100854 found:
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100855 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].hmac_key, 16, HASH_FUNCT(), NULL);
856 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100857 goto end;
858
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100859 /* 2 for key renewal, 1 if current key is still valid */
Christopher Faulet16f45c82018-02-16 11:23:49 +0100860 ret = i ? 2 : 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100861 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100862 end:
863 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
864 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200865}
866
867struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
868{
869 struct tls_keys_ref *ref;
870
871 list_for_each_entry(ref, &tlskeys_reference, list)
872 if (ref->filename && strcmp(filename, ref->filename) == 0)
873 return ref;
874 return NULL;
875}
876
877struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
878{
879 struct tls_keys_ref *ref;
880
881 list_for_each_entry(ref, &tlskeys_reference, list)
882 if (ref->unique_id == unique_id)
883 return ref;
884 return NULL;
885}
886
Christopher Faulet16f45c82018-02-16 11:23:49 +0100887void ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref, struct chunk *tlskey)
888{
889 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
890 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)), tlskey->str, tlskey->len);
891 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
892 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
893}
894
895int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err)
896{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200897 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
898
899 if(!ref) {
900 memprintf(err, "Unable to locate the referenced filename: %s", filename);
901 return 1;
902 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100903 ssl_sock_update_tlskey_ref(ref, tlskey);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200904 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100905}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200906
907/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100908 * automatic ids. It's called just after the basic checks. It returns
909 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200910 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100911static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200912{
913 int i = 0;
914 struct tls_keys_ref *ref, *ref2, *ref3;
915 struct list tkr = LIST_HEAD_INIT(tkr);
916
917 list_for_each_entry(ref, &tlskeys_reference, list) {
918 if (ref->unique_id == -1) {
919 /* Look for the first free id. */
920 while (1) {
921 list_for_each_entry(ref2, &tlskeys_reference, list) {
922 if (ref2->unique_id == i) {
923 i++;
924 break;
925 }
926 }
927 if (&ref2->list == &tlskeys_reference)
928 break;
929 }
930
931 /* Uses the unique id and increment it for the next entry. */
932 ref->unique_id = i;
933 i++;
934 }
935 }
936
937 /* This sort the reference list by id. */
938 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
939 LIST_DEL(&ref->list);
940 list_for_each_entry(ref3, &tkr, list) {
941 if (ref->unique_id < ref3->unique_id) {
942 LIST_ADDQ(&ref3->list, &ref->list);
943 break;
944 }
945 }
946 if (&ref3->list == &tkr)
947 LIST_ADDQ(&tkr, &ref->list);
948 }
949
950 /* swap root */
951 LIST_ADD(&tkr, &tlskeys_reference);
952 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +0100953 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200954}
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100955#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
956
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100957#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -0500958int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
959{
960 switch (evp_keytype) {
961 case EVP_PKEY_RSA:
962 return 2;
963 case EVP_PKEY_DSA:
964 return 0;
965 case EVP_PKEY_EC:
966 return 1;
967 }
968
969 return -1;
970}
971
Emeric Brun4147b2e2014-06-16 18:36:30 +0200972/*
973 * Callback used to set OCSP status extension content in server hello.
974 */
975int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
976{
yanbzhube2774d2015-12-10 15:07:30 -0500977 struct certificate_ocsp *ocsp;
978 struct ocsp_cbk_arg *ocsp_arg;
979 char *ssl_buf;
980 EVP_PKEY *ssl_pkey;
981 int key_type;
982 int index;
983
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200984 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -0500985
986 ssl_pkey = SSL_get_privatekey(ssl);
987 if (!ssl_pkey)
988 return SSL_TLSEXT_ERR_NOACK;
989
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200990 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -0500991
992 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
993 ocsp = ocsp_arg->s_ocsp;
994 else {
995 /* For multiple certs per context, we have to find the correct OCSP response based on
996 * the certificate type
997 */
998 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
999
1000 if (index < 0)
1001 return SSL_TLSEXT_ERR_NOACK;
1002
1003 ocsp = ocsp_arg->m_ocsp[index];
1004
1005 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001006
1007 if (!ocsp ||
1008 !ocsp->response.str ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001009 !ocsp->response.len ||
1010 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001011 return SSL_TLSEXT_ERR_NOACK;
1012
1013 ssl_buf = OPENSSL_malloc(ocsp->response.len);
1014 if (!ssl_buf)
1015 return SSL_TLSEXT_ERR_NOACK;
1016
1017 memcpy(ssl_buf, ocsp->response.str, ocsp->response.len);
1018 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.len);
1019
1020 return SSL_TLSEXT_ERR_OK;
1021}
1022
1023/*
1024 * This function enables the handling of OCSP status extension on 'ctx' if a
1025 * file name 'cert_path' suffixed using ".ocsp" is present.
1026 * To enable OCSP status extension, the issuer's certificate is mandatory.
1027 * It should be present in the certificate's extra chain builded from file
1028 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1029 * named 'cert_path' suffixed using '.issuer'.
1030 *
1031 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1032 * response. If file is empty or content is not a valid OCSP response,
1033 * OCSP status extension is enabled but OCSP response is ignored (a warning
1034 * is displayed).
1035 *
1036 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
1037 * succesfully enabled, or -1 in other error case.
1038 */
1039static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1040{
1041
1042 BIO *in = NULL;
1043 X509 *x, *xi = NULL, *issuer = NULL;
1044 STACK_OF(X509) *chain = NULL;
1045 OCSP_CERTID *cid = NULL;
1046 SSL *ssl;
1047 char ocsp_path[MAXPATHLEN+1];
1048 int i, ret = -1;
1049 struct stat st;
1050 struct certificate_ocsp *ocsp = NULL, *iocsp;
1051 char *warn = NULL;
1052 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001053 pem_password_cb *passwd_cb;
1054 void *passwd_cb_userdata;
1055 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001056
1057 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1058
1059 if (stat(ocsp_path, &st))
1060 return 1;
1061
1062 ssl = SSL_new(ctx);
1063 if (!ssl)
1064 goto out;
1065
1066 x = SSL_get_certificate(ssl);
1067 if (!x)
1068 goto out;
1069
1070 /* Try to lookup for issuer in certificate extra chain */
1071#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1072 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1073#else
1074 chain = ctx->extra_certs;
1075#endif
1076 for (i = 0; i < sk_X509_num(chain); i++) {
1077 issuer = sk_X509_value(chain, i);
1078 if (X509_check_issued(issuer, x) == X509_V_OK)
1079 break;
1080 else
1081 issuer = NULL;
1082 }
1083
1084 /* If not found try to load issuer from a suffixed file */
1085 if (!issuer) {
1086 char issuer_path[MAXPATHLEN+1];
1087
1088 in = BIO_new(BIO_s_file());
1089 if (!in)
1090 goto out;
1091
1092 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1093 if (BIO_read_filename(in, issuer_path) <= 0)
1094 goto out;
1095
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001096 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1097 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1098
1099 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001100 if (!xi)
1101 goto out;
1102
1103 if (X509_check_issued(xi, x) != X509_V_OK)
1104 goto out;
1105
1106 issuer = xi;
1107 }
1108
1109 cid = OCSP_cert_to_id(0, x, issuer);
1110 if (!cid)
1111 goto out;
1112
1113 i = i2d_OCSP_CERTID(cid, NULL);
1114 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1115 goto out;
1116
Vincent Bernat02779b62016-04-03 13:48:43 +02001117 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001118 if (!ocsp)
1119 goto out;
1120
1121 p = ocsp->key_data;
1122 i2d_OCSP_CERTID(cid, &p);
1123
1124 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1125 if (iocsp == ocsp)
1126 ocsp = NULL;
1127
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001128#ifndef SSL_CTX_get_tlsext_status_cb
1129# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1130 *cb = (void (*) (void))ctx->tlsext_status_cb;
1131#endif
1132 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1133
1134 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001135 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001136 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001137
1138 cb_arg->is_single = 1;
1139 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001140
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001141 pkey = X509_get_pubkey(x);
1142 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1143 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001144
1145 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1146 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1147 } else {
1148 /*
1149 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1150 * Update that cb_arg with the new cert's staple
1151 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001152 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001153 struct certificate_ocsp *tmp_ocsp;
1154 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001155 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001156 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001157
1158#ifdef SSL_CTX_get_tlsext_status_arg
1159 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1160#else
1161 cb_arg = ctx->tlsext_status_arg;
1162#endif
yanbzhube2774d2015-12-10 15:07:30 -05001163
1164 /*
1165 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1166 * the order of operations below matter, take care when changing it
1167 */
1168 tmp_ocsp = cb_arg->s_ocsp;
1169 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1170 cb_arg->s_ocsp = NULL;
1171 cb_arg->m_ocsp[index] = tmp_ocsp;
1172 cb_arg->is_single = 0;
1173 cb_arg->single_kt = 0;
1174
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001175 pkey = X509_get_pubkey(x);
1176 key_type = EVP_PKEY_base_id(pkey);
1177 EVP_PKEY_free(pkey);
1178
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001179 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001180 if (index >= 0 && !cb_arg->m_ocsp[index])
1181 cb_arg->m_ocsp[index] = iocsp;
1182
1183 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001184
1185 ret = 0;
1186
1187 warn = NULL;
1188 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1189 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001190 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001191 }
1192
1193out:
1194 if (ssl)
1195 SSL_free(ssl);
1196
1197 if (in)
1198 BIO_free(in);
1199
1200 if (xi)
1201 X509_free(xi);
1202
1203 if (cid)
1204 OCSP_CERTID_free(cid);
1205
1206 if (ocsp)
1207 free(ocsp);
1208
1209 if (warn)
1210 free(warn);
1211
1212
1213 return ret;
1214}
1215
1216#endif
1217
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001218#ifdef OPENSSL_IS_BORINGSSL
1219static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1220{
1221 char ocsp_path[MAXPATHLEN+1];
1222 struct stat st;
1223 int fd = -1, r = 0;
1224
1225 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1226 if (stat(ocsp_path, &st))
1227 return 0;
1228
1229 fd = open(ocsp_path, O_RDONLY);
1230 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001231 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001232 return -1;
1233 }
1234
1235 trash.len = 0;
1236 while (trash.len < trash.size) {
1237 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1238 if (r < 0) {
1239 if (errno == EINTR)
1240 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001241 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001242 close(fd);
1243 return -1;
1244 }
1245 else if (r == 0) {
1246 break;
1247 }
1248 trash.len += r;
1249 }
1250 close(fd);
1251 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)trash.str, trash.len);
1252}
1253#endif
1254
Daniel Jakots54ffb912015-11-06 20:02:41 +01001255#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001256
1257#define CT_EXTENSION_TYPE 18
1258
1259static int sctl_ex_index = -1;
1260
1261/*
1262 * Try to parse Signed Certificate Timestamp List structure. This function
1263 * makes only basic test if the data seems like SCTL. No signature validation
1264 * is performed.
1265 */
1266static int ssl_sock_parse_sctl(struct chunk *sctl)
1267{
1268 int ret = 1;
1269 int len, pos, sct_len;
1270 unsigned char *data;
1271
1272 if (sctl->len < 2)
1273 goto out;
1274
1275 data = (unsigned char *)sctl->str;
1276 len = (data[0] << 8) | data[1];
1277
1278 if (len + 2 != sctl->len)
1279 goto out;
1280
1281 data = data + 2;
1282 pos = 0;
1283 while (pos < len) {
1284 if (len - pos < 2)
1285 goto out;
1286
1287 sct_len = (data[pos] << 8) | data[pos + 1];
1288 if (pos + sct_len + 2 > len)
1289 goto out;
1290
1291 pos += sct_len + 2;
1292 }
1293
1294 ret = 0;
1295
1296out:
1297 return ret;
1298}
1299
1300static int ssl_sock_load_sctl_from_file(const char *sctl_path, struct chunk **sctl)
1301{
1302 int fd = -1;
1303 int r = 0;
1304 int ret = 1;
1305
1306 *sctl = NULL;
1307
1308 fd = open(sctl_path, O_RDONLY);
1309 if (fd == -1)
1310 goto end;
1311
1312 trash.len = 0;
1313 while (trash.len < trash.size) {
1314 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1315 if (r < 0) {
1316 if (errno == EINTR)
1317 continue;
1318
1319 goto end;
1320 }
1321 else if (r == 0) {
1322 break;
1323 }
1324 trash.len += r;
1325 }
1326
1327 ret = ssl_sock_parse_sctl(&trash);
1328 if (ret)
1329 goto end;
1330
Vincent Bernat02779b62016-04-03 13:48:43 +02001331 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001332 if (!chunk_dup(*sctl, &trash)) {
1333 free(*sctl);
1334 *sctl = NULL;
1335 goto end;
1336 }
1337
1338end:
1339 if (fd != -1)
1340 close(fd);
1341
1342 return ret;
1343}
1344
1345int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1346{
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001347 struct chunk *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001348
1349 *out = (unsigned char *)sctl->str;
1350 *outlen = sctl->len;
1351
1352 return 1;
1353}
1354
1355int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1356{
1357 return 1;
1358}
1359
1360static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1361{
1362 char sctl_path[MAXPATHLEN+1];
1363 int ret = -1;
1364 struct stat st;
1365 struct chunk *sctl = NULL;
1366
1367 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1368
1369 if (stat(sctl_path, &st))
1370 return 1;
1371
1372 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1373 goto out;
1374
1375 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1376 free(sctl);
1377 goto out;
1378 }
1379
1380 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1381
1382 ret = 0;
1383
1384out:
1385 return ret;
1386}
1387
1388#endif
1389
Emeric Brune1f38db2012-09-03 20:36:47 +02001390void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1391{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001392 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001393 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001394 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001395
1396 if (where & SSL_CB_HANDSHAKE_START) {
1397 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001398 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001399 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001400 conn->err_code = CO_ER_SSL_RENEG;
1401 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001402 }
Emeric Brund8b2bb52014-01-28 15:43:53 +01001403
1404 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1405 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1406 /* Long certificate chains optimz
1407 If write and read bios are differents, we
1408 consider that the buffering was activated,
1409 so we rise the output buffer size from 4k
1410 to 16k */
1411 write_bio = SSL_get_wbio(ssl);
1412 if (write_bio != SSL_get_rbio(ssl)) {
1413 BIO_set_write_buffer_size(write_bio, 16384);
1414 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1415 }
1416 }
1417 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001418}
1419
Emeric Brune64aef12012-09-21 13:15:06 +02001420/* Callback is called for each certificate of the chain during a verify
1421 ok is set to 1 if preverify detect no error on current certificate.
1422 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001423int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001424{
1425 SSL *ssl;
1426 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001427 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001428
1429 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001430 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001431
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001432 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001433
Emeric Brun81c00f02012-09-21 14:31:21 +02001434 if (ok) /* no errors */
1435 return ok;
1436
1437 depth = X509_STORE_CTX_get_error_depth(x_store);
1438 err = X509_STORE_CTX_get_error(x_store);
1439
1440 /* check if CA error needs to be ignored */
1441 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001442 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1443 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1444 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001445 }
1446
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001447 if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001448 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001449 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001450 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001451 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001452
Willy Tarreau20879a02012-12-03 16:32:10 +01001453 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001454 return 0;
1455 }
1456
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001457 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1458 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001459
Emeric Brun81c00f02012-09-21 14:31:21 +02001460 /* check if certificate error needs to be ignored */
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001461 if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001462 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001463 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001464 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001465 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001466
Willy Tarreau20879a02012-12-03 16:32:10 +01001467 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001468 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001469}
1470
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001471static inline
1472void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001473 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001474{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001475 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001476 unsigned char *msg;
1477 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001478 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001479
1480 /* This function is called for "from client" and "to server"
1481 * connections. The combination of write_p == 0 and content_type == 22
1482 * is only avalaible during "from client" connection.
1483 */
1484
1485 /* "write_p" is set to 0 is the bytes are received messages,
1486 * otherwise it is set to 1.
1487 */
1488 if (write_p != 0)
1489 return;
1490
1491 /* content_type contains the type of message received or sent
1492 * according with the SSL/TLS protocol spec. This message is
1493 * encoded with one byte. The value 256 (two bytes) is used
1494 * for designing the SSL/TLS record layer. According with the
1495 * rfc6101, the expected message (other than 256) are:
1496 * - change_cipher_spec(20)
1497 * - alert(21)
1498 * - handshake(22)
1499 * - application_data(23)
1500 * - (255)
1501 * We are interessed by the handshake and specially the client
1502 * hello.
1503 */
1504 if (content_type != 22)
1505 return;
1506
1507 /* The message length is at least 4 bytes, containing the
1508 * message type and the message length.
1509 */
1510 if (len < 4)
1511 return;
1512
1513 /* First byte of the handshake message id the type of
1514 * message. The konwn types are:
1515 * - hello_request(0)
1516 * - client_hello(1)
1517 * - server_hello(2)
1518 * - certificate(11)
1519 * - server_key_exchange (12)
1520 * - certificate_request(13)
1521 * - server_hello_done(14)
1522 * We are interested by the client hello.
1523 */
1524 msg = (unsigned char *)buf;
1525 if (msg[0] != 1)
1526 return;
1527
1528 /* Next three bytes are the length of the message. The total length
1529 * must be this decoded length + 4. If the length given as argument
1530 * is not the same, we abort the protocol dissector.
1531 */
1532 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1533 if (len < rec_len + 4)
1534 return;
1535 msg += 4;
1536 end = msg + rec_len;
1537 if (end < msg)
1538 return;
1539
1540 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1541 * for minor, the random, composed by 4 bytes for the unix time and
1542 * 28 bytes for unix payload, and them 1 byte for the session id. So
1543 * we jump 1 + 1 + 4 + 28 + 1 bytes.
1544 */
1545 msg += 1 + 1 + 4 + 28 + 1;
1546 if (msg > end)
1547 return;
1548
1549 /* Next two bytes are the ciphersuite length. */
1550 if (msg + 2 > end)
1551 return;
1552 rec_len = (msg[0] << 8) + msg[1];
1553 msg += 2;
1554 if (msg + rec_len > end || msg + rec_len < msg)
1555 return;
1556
Willy Tarreaubafbe012017-11-24 17:34:44 +01001557 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001558 if (!capture)
1559 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001560 /* Compute the xxh64 of the ciphersuite. */
1561 capture->xxh64 = XXH64(msg, rec_len, 0);
1562
1563 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001564 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1565 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001566 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001567
1568 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001569}
1570
Emeric Brun29f037d2014-04-25 19:05:36 +02001571/* Callback is called for ssl protocol analyse */
1572void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1573{
Emeric Brun29f037d2014-04-25 19:05:36 +02001574#ifdef TLS1_RT_HEARTBEAT
1575 /* test heartbeat received (write_p is set to 0
1576 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001577 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001578 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001579 const unsigned char *p = buf;
1580 unsigned int payload;
1581
Emeric Brun29f037d2014-04-25 19:05:36 +02001582 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001583
1584 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1585 if (*p != TLS1_HB_REQUEST)
1586 return;
1587
Willy Tarreauaeed6722014-04-25 23:59:58 +02001588 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001589 goto kill_it;
1590
1591 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001592 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001593 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001594 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001595 /* We have a clear heartbleed attack (CVE-2014-0160), the
1596 * advertised payload is larger than the advertised packet
1597 * length, so we have garbage in the buffer between the
1598 * payload and the end of the buffer (p+len). We can't know
1599 * if the SSL stack is patched, and we don't know if we can
1600 * safely wipe out the area between p+3+len and payload.
1601 * So instead, we prevent the response from being sent by
1602 * setting the max_send_fragment to 0 and we report an SSL
1603 * error, which will kill this connection. It will be reported
1604 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001605 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1606 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001607 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001608 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1609 return;
1610 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001611#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001612 if (global_ssl.capture_cipherlist > 0)
1613 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001614}
1615
Bernard Spil13c53f82018-02-15 13:34:58 +01001616#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001617/* This callback is used so that the server advertises the list of
1618 * negociable protocols for NPN.
1619 */
1620static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1621 unsigned int *len, void *arg)
1622{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001623 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001624
1625 *data = (const unsigned char *)conf->npn_str;
1626 *len = conf->npn_len;
1627 return SSL_TLSEXT_ERR_OK;
1628}
1629#endif
1630
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001631#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001632/* This callback is used so that the server advertises the list of
1633 * negociable protocols for ALPN.
1634 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001635static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1636 unsigned char *outlen,
1637 const unsigned char *server,
1638 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001639{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001640 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001641
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001642 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1643 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1644 return SSL_TLSEXT_ERR_NOACK;
1645 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001646 return SSL_TLSEXT_ERR_OK;
1647}
1648#endif
1649
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001650#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001651#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001652
Christopher Faulet30548802015-06-11 13:39:32 +02001653/* Create a X509 certificate with the specified servername and serial. This
1654 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001655static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001656ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001657{
Christopher Faulet7969a332015-10-09 11:15:03 +02001658 X509 *cacert = bind_conf->ca_sign_cert;
1659 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001660 SSL_CTX *ssl_ctx = NULL;
1661 X509 *newcrt = NULL;
1662 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001663 SSL *tmp_ssl = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001664 X509_NAME *name;
1665 const EVP_MD *digest;
1666 X509V3_CTX ctx;
1667 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001668 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001669
Christopher Faulet48a83322017-07-28 16:56:09 +02001670 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001671#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1672 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1673#else
1674 tmp_ssl = SSL_new(bind_conf->default_ctx);
1675 if (tmp_ssl)
1676 pkey = SSL_get_privatekey(tmp_ssl);
1677#endif
1678 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001679 goto mkcert_error;
1680
1681 /* Create the certificate */
1682 if (!(newcrt = X509_new()))
1683 goto mkcert_error;
1684
1685 /* Set version number for the certificate (X509v3) and the serial
1686 * number */
1687 if (X509_set_version(newcrt, 2L) != 1)
1688 goto mkcert_error;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001689 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001690
1691 /* Set duration for the certificate */
1692 if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
1693 !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
1694 goto mkcert_error;
1695
1696 /* set public key in the certificate */
1697 if (X509_set_pubkey(newcrt, pkey) != 1)
1698 goto mkcert_error;
1699
1700 /* Set issuer name from the CA */
1701 if (!(name = X509_get_subject_name(cacert)))
1702 goto mkcert_error;
1703 if (X509_set_issuer_name(newcrt, name) != 1)
1704 goto mkcert_error;
1705
1706 /* Set the subject name using the same, but the CN */
1707 name = X509_NAME_dup(name);
1708 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1709 (const unsigned char *)servername,
1710 -1, -1, 0) != 1) {
1711 X509_NAME_free(name);
1712 goto mkcert_error;
1713 }
1714 if (X509_set_subject_name(newcrt, name) != 1) {
1715 X509_NAME_free(name);
1716 goto mkcert_error;
1717 }
1718 X509_NAME_free(name);
1719
1720 /* Add x509v3 extensions as specified */
1721 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1722 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1723 X509_EXTENSION *ext;
1724
1725 if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
1726 goto mkcert_error;
1727 if (!X509_add_ext(newcrt, ext, -1)) {
1728 X509_EXTENSION_free(ext);
1729 goto mkcert_error;
1730 }
1731 X509_EXTENSION_free(ext);
1732 }
1733
1734 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001735
1736 key_type = EVP_PKEY_base_id(capkey);
1737
1738 if (key_type == EVP_PKEY_DSA)
1739 digest = EVP_sha1();
1740 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001741 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001742 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001743 digest = EVP_sha256();
1744 else {
Christopher Faulete7db2162015-10-19 13:59:24 +02001745#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001746 int nid;
1747
1748 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1749 goto mkcert_error;
1750 if (!(digest = EVP_get_digestbynid(nid)))
1751 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001752#else
1753 goto mkcert_error;
1754#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001755 }
1756
Christopher Faulet31af49d2015-06-09 17:29:50 +02001757 if (!(X509_sign(newcrt, capkey, digest)))
1758 goto mkcert_error;
1759
1760 /* Create and set the new SSL_CTX */
1761 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1762 goto mkcert_error;
1763 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1764 goto mkcert_error;
1765 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1766 goto mkcert_error;
1767 if (!SSL_CTX_check_private_key(ssl_ctx))
1768 goto mkcert_error;
1769
1770 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001771
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001772#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001773 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001774#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001775#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1776 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001777 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001778 EC_KEY *ecc;
1779 int nid;
1780
1781 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1782 goto end;
1783 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1784 goto end;
1785 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1786 EC_KEY_free(ecc);
1787 }
1788#endif
1789 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001790 return ssl_ctx;
1791
1792 mkcert_error:
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001793 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001794 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1795 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001796 return NULL;
1797}
1798
Christopher Faulet7969a332015-10-09 11:15:03 +02001799SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001800ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001801{
1802 struct bind_conf *bind_conf = objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001803
1804 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001805}
1806
Christopher Faulet30548802015-06-11 13:39:32 +02001807/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001808 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001809SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001810ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001811{
1812 struct lru64 *lru = NULL;
1813
1814 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001815 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001816 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001817 if (lru && lru->domain) {
1818 if (ssl)
1819 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001820 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001821 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001822 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001823 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001824 }
1825 return NULL;
1826}
1827
Emeric Brun821bb9b2017-06-15 16:37:39 +02001828/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1829 * function is not thread-safe, it should only be used to check if a certificate
1830 * exists in the lru cache (with no warranty it will not be removed by another
1831 * thread). It is kept for backward compatibility. */
1832SSL_CTX *
1833ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1834{
1835 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1836}
1837
Christopher Fauletd2cab922015-07-28 16:03:47 +02001838/* Set a certificate int the LRU cache used to store generated
1839 * certificate. Return 0 on success, otherwise -1 */
1840int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001841ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001842{
1843 struct lru64 *lru = NULL;
1844
1845 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001846 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001847 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001848 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001849 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001850 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001851 }
Christopher Faulet30548802015-06-11 13:39:32 +02001852 if (lru->domain && lru->data)
1853 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001854 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001855 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001856 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001857 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001858 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001859}
1860
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001861/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001862unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001863ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001864{
1865 return XXH32(data, len, ssl_ctx_lru_seed);
1866}
1867
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001868/* Generate a cert and immediately assign it to the SSL session so that the cert's
1869 * refcount is maintained regardless of the cert's presence in the LRU cache.
1870 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001871static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001872ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001873{
1874 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001875 SSL_CTX *ssl_ctx = NULL;
1876 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001877 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001878
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001879 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001880 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001881 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001882 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001883 if (lru && lru->domain)
1884 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001885 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001886 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001887 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001888 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001889 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001890 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001891 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001892 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001893 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001894 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001895 SSL_set_SSL_CTX(ssl, ssl_ctx);
1896 /* No LRU cache, this CTX will be released as soon as the session dies */
1897 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001898 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001899 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001900 return 0;
1901}
1902static int
1903ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
1904{
1905 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001906 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001907
1908 conn_get_to_addr(conn);
1909 if (conn->flags & CO_FL_ADDR_TO_SET) {
1910 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02001911 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001912 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001913 }
1914 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001915}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001916#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02001917
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001918
1919#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
1920#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
1921#endif
1922
1923#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
1924#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
1925#define SSL_renegotiate_pending(arg) 0
1926#endif
1927#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
1928#define SSL_OP_SINGLE_ECDH_USE 0
1929#endif
1930#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
1931#define SSL_OP_NO_TICKET 0
1932#endif
1933#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
1934#define SSL_OP_NO_COMPRESSION 0
1935#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001936#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
1937#undef SSL_OP_NO_SSLv3
1938#define SSL_OP_NO_SSLv3 0
1939#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001940#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
1941#define SSL_OP_NO_TLSv1_1 0
1942#endif
1943#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
1944#define SSL_OP_NO_TLSv1_2 0
1945#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02001946#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001947#define SSL_OP_NO_TLSv1_3 0
1948#endif
1949#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
1950#define SSL_OP_SINGLE_DH_USE 0
1951#endif
1952#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
1953#define SSL_OP_SINGLE_ECDH_USE 0
1954#endif
1955#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
1956#define SSL_MODE_RELEASE_BUFFERS 0
1957#endif
1958#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
1959#define SSL_MODE_SMALL_BUFFERS 0
1960#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02001961#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
1962#define SSL_OP_PRIORITIZE_CHACHA 0
1963#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001964
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02001965#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001966typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
1967
1968static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001969{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001970#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001971 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001972 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
1973#endif
1974}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001975static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
1976 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001977 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
1978}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001979static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001980#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001981 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001982 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
1983#endif
1984}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001985static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001986#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001987 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001988 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
1989#endif
1990}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001991/* TLS 1.2 is the last supported version in this context. */
1992static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
1993/* Unusable in this context. */
1994static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
1995static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
1996static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
1997static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
1998static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001999#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002000typedef enum { SET_MIN, SET_MAX } set_context_func;
2001
2002static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2003 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002004 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2005}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002006static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2007 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2008 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2009}
2010static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2011 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002012 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2013}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002014static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2015 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2016 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2017}
2018static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2019 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002020 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2021}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002022static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2023 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2024 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2025}
2026static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2027 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002028 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2029}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002030static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2031 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2032 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2033}
2034static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002035#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002036 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002037 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2038#endif
2039}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002040static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2041#if SSL_OP_NO_TLSv1_3
2042 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2043 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002044#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002045}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002046#endif
2047static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2048static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002049
2050static struct {
2051 int option;
2052 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002053 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2054 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002055 const char *name;
2056} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002057 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2058 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2059 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2060 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2061 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2062 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002063};
2064
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002065static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2066{
2067 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2068 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2069 SSL_set_SSL_CTX(ssl, ctx);
2070}
2071
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002072#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002073
2074static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2075{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002076 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002077 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002078
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002079 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2080 return SSL_TLSEXT_ERR_OK;
2081 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002082}
2083
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002084#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002085static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2086{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002087 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002088#else
2089static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2090{
2091#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002092 struct connection *conn;
2093 struct bind_conf *s;
2094 const uint8_t *extension_data;
2095 size_t extension_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002096 int has_rsa = 0, has_ecdsa = 0, has_ecdsa_sig = 0;
2097
2098 char *wildp = NULL;
2099 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002100 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002101 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002102 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002103 int i;
2104
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002105 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002106 s = objt_listener(conn->target)->bind_conf;
2107
Olivier Houchard9679ac92017-10-27 14:58:08 +02002108 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002109 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002110#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002111 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2112 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002113#else
2114 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2115#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002116 /*
2117 * The server_name extension was given too much extensibility when it
2118 * was written, so parsing the normal case is a bit complex.
2119 */
2120 size_t len;
2121 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002122 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002123 /* Extract the length of the supplied list of names. */
2124 len = (*extension_data++) << 8;
2125 len |= *extension_data++;
2126 if (len + 2 != extension_len)
2127 goto abort;
2128 /*
2129 * The list in practice only has a single element, so we only consider
2130 * the first one.
2131 */
2132 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2133 goto abort;
2134 extension_len = len - 1;
2135 /* Now we can finally pull out the byte array with the actual hostname. */
2136 if (extension_len <= 2)
2137 goto abort;
2138 len = (*extension_data++) << 8;
2139 len |= *extension_data++;
2140 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2141 || memchr(extension_data, 0, len) != NULL)
2142 goto abort;
2143 servername = extension_data;
2144 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002145 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002146#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2147 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002148 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002149 }
2150#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002151 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002152 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002153 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002154 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002155 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002156 goto abort;
2157 }
2158
2159 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002160#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002161 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002162#else
2163 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2164#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002165 uint8_t sign;
2166 size_t len;
2167 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002168 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002169 len = (*extension_data++) << 8;
2170 len |= *extension_data++;
2171 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002172 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002173 if (len % 2 != 0)
2174 goto abort;
2175 for (; len > 0; len -= 2) {
2176 extension_data++; /* hash */
2177 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002178 switch (sign) {
2179 case TLSEXT_signature_rsa:
2180 has_rsa = 1;
2181 break;
2182 case TLSEXT_signature_ecdsa:
2183 has_ecdsa_sig = 1;
2184 break;
2185 default:
2186 continue;
2187 }
2188 if (has_ecdsa_sig && has_rsa)
2189 break;
2190 }
2191 } else {
2192 /* without TLSEXT_TYPE_signature_algorithms extension (< TLS 1.2) */
2193 has_rsa = 1;
2194 }
2195 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002196 const SSL_CIPHER *cipher;
2197 size_t len;
2198 const uint8_t *cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002199#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002200 len = ctx->cipher_suites_len;
2201 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002202#else
2203 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2204#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002205 if (len % 2 != 0)
2206 goto abort;
2207 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002208#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002209 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002210 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002211#else
2212 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2213#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002214 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002215 has_ecdsa = 1;
2216 break;
2217 }
2218 }
2219 }
2220
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002221 for (i = 0; i < trash.size && i < servername_len; i++) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002222 trash.str[i] = tolower(servername[i]);
2223 if (!wildp && (trash.str[i] == '.'))
2224 wildp = &trash.str[i];
2225 }
2226 trash.str[i] = 0;
2227
2228 /* lookup in full qualified names */
2229 node = ebst_lookup(&s->sni_ctx, trash.str);
2230
2231 /* lookup a not neg filter */
2232 for (n = node; n; n = ebmb_next_dup(n)) {
2233 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002234 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002235 case TLSEXT_signature_ecdsa:
2236 if (has_ecdsa) {
2237 node_ecdsa = n;
2238 goto find_one;
2239 }
2240 break;
2241 case TLSEXT_signature_rsa:
2242 if (has_rsa && !node_rsa) {
2243 node_rsa = n;
2244 if (!has_ecdsa)
2245 goto find_one;
2246 }
2247 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002248 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002249 if (!node_anonymous)
2250 node_anonymous = n;
2251 break;
2252 }
2253 }
2254 }
2255 if (wildp) {
2256 /* lookup in wildcards names */
2257 node = ebst_lookup(&s->sni_w_ctx, wildp);
2258 for (n = node; n; n = ebmb_next_dup(n)) {
2259 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002260 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002261 case TLSEXT_signature_ecdsa:
2262 if (has_ecdsa) {
2263 node_ecdsa = n;
2264 goto find_one;
2265 }
2266 break;
2267 case TLSEXT_signature_rsa:
2268 if (has_rsa && !node_rsa) {
2269 node_rsa = n;
2270 if (!has_ecdsa)
2271 goto find_one;
2272 }
2273 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002274 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002275 if (!node_anonymous)
2276 node_anonymous = n;
2277 break;
2278 }
2279 }
2280 }
2281 }
2282 find_one:
2283 /* select by key_signature priority order */
2284 node = node_ecdsa ? node_ecdsa : (node_rsa ? node_rsa : node_anonymous);
2285
2286 if (node) {
2287 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002288 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002289 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002290 if (conf) {
2291 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2292 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2293 if (conf->early_data)
2294 allow_early = 1;
2295 }
2296 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002297 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002298#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2299 if (s->generate_certs && ssl_sock_generate_certificate(trash.str, s, ssl)) {
2300 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002301 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002302 }
2303#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002304 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002305 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002306 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002307 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002308allow_early:
2309#ifdef OPENSSL_IS_BORINGSSL
2310 if (allow_early)
2311 SSL_set_early_data_enabled(ssl, 1);
2312#else
2313 if (!allow_early)
2314 SSL_set_max_early_data(ssl, 0);
2315#endif
2316 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002317 abort:
2318 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2319 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002320#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002321 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002322#else
2323 *al = SSL_AD_UNRECOGNIZED_NAME;
2324 return 0;
2325#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002326}
2327
2328#else /* OPENSSL_IS_BORINGSSL */
2329
Emeric Brunfc0421f2012-09-07 17:30:07 +02002330/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2331 * warning when no match is found, which implies the default (first) cert
2332 * will keep being used.
2333 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002334static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002335{
2336 const char *servername;
2337 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002338 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002339 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002340 int i;
2341 (void)al; /* shut gcc stupid warning */
2342
2343 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002344 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002345#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002346 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2347 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002348#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002349 if (s->strict_sni)
2350 return SSL_TLSEXT_ERR_ALERT_FATAL;
2351 ssl_sock_switchctx_set(ssl, s->default_ctx);
2352 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002353 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002354
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002355 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002356 if (!servername[i])
2357 break;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002358 trash.str[i] = tolower(servername[i]);
2359 if (!wildp && (trash.str[i] == '.'))
2360 wildp = &trash.str[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002361 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002362 trash.str[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002363
2364 /* lookup in full qualified names */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002365 node = ebst_lookup(&s->sni_ctx, trash.str);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002366
2367 /* lookup a not neg filter */
2368 for (n = node; n; n = ebmb_next_dup(n)) {
2369 if (!container_of(n, struct sni_ctx, name)->neg) {
2370 node = n;
2371 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002372 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002373 }
2374 if (!node && wildp) {
2375 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002376 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002377 }
2378 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002379#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002380 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2381 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002382 return SSL_TLSEXT_ERR_OK;
2383 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002384#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002385 if (s->strict_sni)
2386 return SSL_TLSEXT_ERR_ALERT_FATAL;
2387 ssl_sock_switchctx_set(ssl, s->default_ctx);
2388 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002389 }
2390
2391 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002392 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002393 return SSL_TLSEXT_ERR_OK;
2394}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002395#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002396#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2397
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002398#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002399
2400static DH * ssl_get_dh_1024(void)
2401{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002402 static unsigned char dh1024_p[]={
2403 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2404 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2405 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2406 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2407 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2408 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2409 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2410 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2411 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2412 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2413 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2414 };
2415 static unsigned char dh1024_g[]={
2416 0x02,
2417 };
2418
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002419 BIGNUM *p;
2420 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002421 DH *dh = DH_new();
2422 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002423 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2424 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002425
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002426 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002427 DH_free(dh);
2428 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002429 } else {
2430 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002431 }
2432 }
2433 return dh;
2434}
2435
2436static DH *ssl_get_dh_2048(void)
2437{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002438 static unsigned char dh2048_p[]={
2439 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2440 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2441 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2442 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2443 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2444 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2445 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2446 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2447 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2448 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2449 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2450 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2451 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2452 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2453 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2454 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2455 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2456 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2457 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2458 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2459 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2460 0xB7,0x1F,0x77,0xF3,
2461 };
2462 static unsigned char dh2048_g[]={
2463 0x02,
2464 };
2465
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002466 BIGNUM *p;
2467 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002468 DH *dh = DH_new();
2469 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002470 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2471 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002472
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002473 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002474 DH_free(dh);
2475 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002476 } else {
2477 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002478 }
2479 }
2480 return dh;
2481}
2482
2483static DH *ssl_get_dh_4096(void)
2484{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002485 static unsigned char dh4096_p[]={
2486 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2487 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2488 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2489 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2490 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2491 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2492 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2493 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2494 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2495 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2496 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2497 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2498 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2499 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2500 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2501 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2502 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2503 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2504 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2505 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2506 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2507 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2508 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2509 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2510 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2511 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2512 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2513 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2514 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2515 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2516 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2517 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2518 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2519 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2520 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2521 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2522 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2523 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2524 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2525 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2526 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2527 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2528 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002529 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002530 static unsigned char dh4096_g[]={
2531 0x02,
2532 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002533
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002534 BIGNUM *p;
2535 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002536 DH *dh = DH_new();
2537 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002538 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2539 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002540
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002541 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002542 DH_free(dh);
2543 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002544 } else {
2545 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002546 }
2547 }
2548 return dh;
2549}
2550
2551/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002552 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002553static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2554{
2555 DH *dh = NULL;
2556 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002557 int type;
2558
2559 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002560
2561 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2562 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2563 */
2564 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2565 keylen = EVP_PKEY_bits(pkey);
2566 }
2567
Willy Tarreauef934602016-12-22 23:12:01 +01002568 if (keylen > global_ssl.default_dh_param) {
2569 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002570 }
2571
Remi Gacogned3a341a2015-05-29 16:26:17 +02002572 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002573 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002574 }
2575 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002576 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002577 }
2578 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002579 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002580 }
2581
2582 return dh;
2583}
2584
Remi Gacogne47783ef2015-05-29 15:53:22 +02002585static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002586{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002587 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002588 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002589
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002590 if (in == NULL)
2591 goto end;
2592
Remi Gacogne47783ef2015-05-29 15:53:22 +02002593 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002594 goto end;
2595
Remi Gacogne47783ef2015-05-29 15:53:22 +02002596 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2597
2598end:
2599 if (in)
2600 BIO_free(in);
2601
2602 return dh;
2603}
2604
2605int ssl_sock_load_global_dh_param_from_file(const char *filename)
2606{
2607 global_dh = ssl_sock_get_dh_from_file(filename);
2608
2609 if (global_dh) {
2610 return 0;
2611 }
2612
2613 return -1;
2614}
2615
2616/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
2617 if an error occured, and 0 if parameter not found. */
2618int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2619{
2620 int ret = -1;
2621 DH *dh = ssl_sock_get_dh_from_file(file);
2622
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002623 if (dh) {
2624 ret = 1;
2625 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002626
2627 if (ssl_dh_ptr_index >= 0) {
2628 /* store a pointer to the DH params to avoid complaining about
2629 ssl-default-dh-param not being set for this SSL_CTX */
2630 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2631 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002632 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002633 else if (global_dh) {
2634 SSL_CTX_set_tmp_dh(ctx, global_dh);
2635 ret = 0; /* DH params not found */
2636 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002637 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002638 /* Clear openssl global errors stack */
2639 ERR_clear_error();
2640
Willy Tarreauef934602016-12-22 23:12:01 +01002641 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002642 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002643 if (local_dh_1024 == NULL)
2644 local_dh_1024 = ssl_get_dh_1024();
2645
Remi Gacogne8de54152014-07-15 11:36:40 +02002646 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002647 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002648
Remi Gacogne8de54152014-07-15 11:36:40 +02002649 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002650 }
2651 else {
2652 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2653 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002654
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002655 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002656 }
Emeric Brun644cde02012-12-14 11:21:13 +01002657
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002658end:
2659 if (dh)
2660 DH_free(dh);
2661
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002662 return ret;
2663}
2664#endif
2665
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002666static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002667 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002668{
2669 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002670 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002671 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002672
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002673 if (*name == '!') {
2674 neg = 1;
2675 name++;
2676 }
2677 if (*name == '*') {
2678 wild = 1;
2679 name++;
2680 }
2681 /* !* filter is a nop */
2682 if (neg && wild)
2683 return order;
2684 if (*name) {
2685 int j, len;
2686 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002687 for (j = 0; j < len && j < trash.size; j++)
2688 trash.str[j] = tolower(name[j]);
2689 if (j >= trash.size)
2690 return order;
2691 trash.str[j] = 0;
2692
2693 /* Check for duplicates. */
2694 if (wild)
2695 node = ebst_lookup(&s->sni_w_ctx, trash.str);
2696 else
2697 node = ebst_lookup(&s->sni_ctx, trash.str);
2698 for (; node; node = ebmb_next_dup(node)) {
2699 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002700 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002701 return order;
2702 }
2703
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002704 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002705 if (!sc)
2706 return order;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002707 memcpy(sc->name.key, trash.str, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002708 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002709 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002710 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002711 sc->order = order++;
2712 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002713 if (kinfo.sig != TLSEXT_signature_anonymous)
2714 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002715 if (wild)
2716 ebst_insert(&s->sni_w_ctx, &sc->name);
2717 else
2718 ebst_insert(&s->sni_ctx, &sc->name);
2719 }
2720 return order;
2721}
2722
yanbzhu488a4d22015-12-01 15:16:07 -05002723
2724/* The following code is used for loading multiple crt files into
2725 * SSL_CTX's based on CN/SAN
2726 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002727#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002728/* This is used to preload the certifcate, private key
2729 * and Cert Chain of a file passed in via the crt
2730 * argument
2731 *
2732 * This way, we do not have to read the file multiple times
2733 */
2734struct cert_key_and_chain {
2735 X509 *cert;
2736 EVP_PKEY *key;
2737 unsigned int num_chain_certs;
2738 /* This is an array of X509 pointers */
2739 X509 **chain_certs;
2740};
2741
yanbzhu08ce6ab2015-12-02 13:01:29 -05002742#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2743
2744struct key_combo_ctx {
2745 SSL_CTX *ctx;
2746 int order;
2747};
2748
2749/* Map used for processing multiple keypairs for a single purpose
2750 *
2751 * This maps CN/SNI name to certificate type
2752 */
2753struct sni_keytype {
2754 int keytypes; /* BITMASK for keytypes */
2755 struct ebmb_node name; /* node holding the servername value */
2756};
2757
2758
yanbzhu488a4d22015-12-01 15:16:07 -05002759/* Frees the contents of a cert_key_and_chain
2760 */
2761static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2762{
2763 int i;
2764
2765 if (!ckch)
2766 return;
2767
2768 /* Free the certificate and set pointer to NULL */
2769 if (ckch->cert)
2770 X509_free(ckch->cert);
2771 ckch->cert = NULL;
2772
2773 /* Free the key and set pointer to NULL */
2774 if (ckch->key)
2775 EVP_PKEY_free(ckch->key);
2776 ckch->key = NULL;
2777
2778 /* Free each certificate in the chain */
2779 for (i = 0; i < ckch->num_chain_certs; i++) {
2780 if (ckch->chain_certs[i])
2781 X509_free(ckch->chain_certs[i]);
2782 }
2783
2784 /* Free the chain obj itself and set to NULL */
2785 if (ckch->num_chain_certs > 0) {
2786 free(ckch->chain_certs);
2787 ckch->num_chain_certs = 0;
2788 ckch->chain_certs = NULL;
2789 }
2790
2791}
2792
2793/* checks if a key and cert exists in the ckch
2794 */
2795static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2796{
2797 return (ckch->cert != NULL && ckch->key != NULL);
2798}
2799
2800
2801/* Loads the contents of a crt file (path) into a cert_key_and_chain
2802 * This allows us to carry the contents of the file without having to
2803 * read the file multiple times.
2804 *
2805 * returns:
2806 * 0 on Success
2807 * 1 on SSL Failure
2808 * 2 on file not found
2809 */
2810static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2811{
2812
2813 BIO *in;
2814 X509 *ca = NULL;
2815 int ret = 1;
2816
2817 ssl_sock_free_cert_key_and_chain_contents(ckch);
2818
2819 in = BIO_new(BIO_s_file());
2820 if (in == NULL)
2821 goto end;
2822
2823 if (BIO_read_filename(in, path) <= 0)
2824 goto end;
2825
yanbzhu488a4d22015-12-01 15:16:07 -05002826 /* Read Private Key */
2827 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2828 if (ckch->key == NULL) {
2829 memprintf(err, "%sunable to load private key from file '%s'.\n",
2830 err && *err ? *err : "", path);
2831 goto end;
2832 }
2833
Willy Tarreaubb137a82016-04-06 19:02:38 +02002834 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002835 if (BIO_reset(in) == -1) {
2836 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2837 err && *err ? *err : "", path);
2838 goto end;
2839 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002840
2841 /* Read Certificate */
2842 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2843 if (ckch->cert == NULL) {
2844 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2845 err && *err ? *err : "", path);
2846 goto end;
2847 }
2848
yanbzhu488a4d22015-12-01 15:16:07 -05002849 /* Read Certificate Chain */
2850 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2851 /* Grow the chain certs */
2852 ckch->num_chain_certs++;
2853 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2854
2855 /* use - 1 here since we just incremented it above */
2856 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2857 }
2858 ret = ERR_get_error();
2859 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2860 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2861 err && *err ? *err : "", path);
2862 ret = 1;
2863 goto end;
2864 }
2865
2866 ret = 0;
2867
2868end:
2869
2870 ERR_clear_error();
2871 if (in)
2872 BIO_free(in);
2873
2874 /* Something went wrong in one of the reads */
2875 if (ret != 0)
2876 ssl_sock_free_cert_key_and_chain_contents(ckch);
2877
2878 return ret;
2879}
2880
2881/* Loads the info in ckch into ctx
2882 * Currently, this does not process any information about ocsp, dhparams or
2883 * sctl
2884 * Returns
2885 * 0 on success
2886 * 1 on failure
2887 */
2888static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2889{
2890 int i = 0;
2891
2892 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2893 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2894 err && *err ? *err : "", path);
2895 return 1;
2896 }
2897
2898 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
2899 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
2900 err && *err ? *err : "", path);
2901 return 1;
2902 }
2903
yanbzhu488a4d22015-12-01 15:16:07 -05002904 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
2905 for (i = 0; i < ckch->num_chain_certs; i++) {
2906 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05002907 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
2908 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05002909 return 1;
2910 }
2911 }
2912
2913 if (SSL_CTX_check_private_key(ctx) <= 0) {
2914 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2915 err && *err ? *err : "", path);
2916 return 1;
2917 }
2918
2919 return 0;
2920}
2921
yanbzhu08ce6ab2015-12-02 13:01:29 -05002922
2923static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
2924{
2925 struct sni_keytype *s_kt = NULL;
2926 struct ebmb_node *node;
2927 int i;
2928
2929 for (i = 0; i < trash.size; i++) {
2930 if (!str[i])
2931 break;
2932 trash.str[i] = tolower(str[i]);
2933 }
2934 trash.str[i] = 0;
2935 node = ebst_lookup(sni_keytypes, trash.str);
2936 if (!node) {
2937 /* CN not found in tree */
2938 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
2939 /* Using memcpy here instead of strncpy.
2940 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
2941 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
2942 */
2943 memcpy(s_kt->name.key, trash.str, i+1);
2944 s_kt->keytypes = 0;
2945 ebst_insert(sni_keytypes, &s_kt->name);
2946 } else {
2947 /* CN found in tree */
2948 s_kt = container_of(node, struct sni_keytype, name);
2949 }
2950
2951 /* Mark that this CN has the keytype of key_index via keytypes mask */
2952 s_kt->keytypes |= 1<<key_index;
2953
2954}
2955
2956
2957/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
2958 * If any are found, group these files into a set of SSL_CTX*
2959 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
2960 *
2961 * This will allow the user to explictly group multiple cert/keys for a single purpose
2962 *
2963 * Returns
2964 * 0 on success
2965 * 1 on failure
2966 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002967static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
2968 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05002969{
2970 char fp[MAXPATHLEN+1] = {0};
2971 int n = 0;
2972 int i = 0;
2973 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
2974 struct eb_root sni_keytypes_map = { {0} };
2975 struct ebmb_node *node;
2976 struct ebmb_node *next;
2977 /* Array of SSL_CTX pointers corresponding to each possible combo
2978 * of keytypes
2979 */
2980 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
2981 int rv = 0;
2982 X509_NAME *xname = NULL;
2983 char *str = NULL;
2984#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2985 STACK_OF(GENERAL_NAME) *names = NULL;
2986#endif
2987
2988 /* Load all possible certs and keys */
2989 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
2990 struct stat buf;
2991
2992 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
2993 if (stat(fp, &buf) == 0) {
2994 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
2995 rv = 1;
2996 goto end;
2997 }
2998 }
2999 }
3000
3001 /* Process each ckch and update keytypes for each CN/SAN
3002 * for example, if CN/SAN www.a.com is associated with
3003 * certs with keytype 0 and 2, then at the end of the loop,
3004 * www.a.com will have:
3005 * keyindex = 0 | 1 | 4 = 5
3006 */
3007 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3008
3009 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3010 continue;
3011
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003012 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003013 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003014 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3015 } else {
3016 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3017 * so the line that contains logic is marked via comments
3018 */
3019 xname = X509_get_subject_name(certs_and_keys[n].cert);
3020 i = -1;
3021 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3022 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003023 ASN1_STRING *value;
3024 value = X509_NAME_ENTRY_get_data(entry);
3025 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003026 /* Important line is here */
3027 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003028
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003029 OPENSSL_free(str);
3030 str = NULL;
3031 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003032 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003033
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003034 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003035#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003036 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3037 if (names) {
3038 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3039 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003040
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003041 if (name->type == GEN_DNS) {
3042 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3043 /* Important line is here */
3044 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003045
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003046 OPENSSL_free(str);
3047 str = NULL;
3048 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003049 }
3050 }
3051 }
3052 }
3053#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3054 }
3055
3056 /* If no files found, return error */
3057 if (eb_is_empty(&sni_keytypes_map)) {
3058 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3059 err && *err ? *err : "", path);
3060 rv = 1;
3061 goto end;
3062 }
3063
3064 /* We now have a map of CN/SAN to keytypes that are loaded in
3065 * Iterate through the map to create the SSL_CTX's (if needed)
3066 * and add each CTX to the SNI tree
3067 *
3068 * Some math here:
3069 * There are 2^n - 1 possibile combinations, each unique
3070 * combination is denoted by the key in the map. Each key
3071 * has a value between 1 and 2^n - 1. Conveniently, the array
3072 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3073 * entry in the array to correspond to the unique combo (key)
3074 * associated with i. This unique key combo (i) will be associated
3075 * with combos[i-1]
3076 */
3077
3078 node = ebmb_first(&sni_keytypes_map);
3079 while (node) {
3080 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003081 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003082 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003083
3084 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3085 i = container_of(node, struct sni_keytype, name)->keytypes;
3086 cur_ctx = key_combos[i-1].ctx;
3087
3088 if (cur_ctx == NULL) {
3089 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003090 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003091 if (cur_ctx == NULL) {
3092 memprintf(err, "%sunable to allocate SSL context.\n",
3093 err && *err ? *err : "");
3094 rv = 1;
3095 goto end;
3096 }
3097
yanbzhube2774d2015-12-10 15:07:30 -05003098 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003099 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3100 if (i & (1<<n)) {
3101 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003102 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3103 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003104 SSL_CTX_free(cur_ctx);
3105 rv = 1;
3106 goto end;
3107 }
yanbzhube2774d2015-12-10 15:07:30 -05003108
3109#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3110 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003111 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003112 if (err)
3113 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003114 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003115 SSL_CTX_free(cur_ctx);
3116 rv = 1;
3117 goto end;
3118 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003119#elif (defined OPENSSL_IS_BORINGSSL)
3120 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003121#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003122 }
3123 }
3124
3125 /* Load DH params into the ctx to support DHE keys */
3126#ifndef OPENSSL_NO_DH
3127 if (ssl_dh_ptr_index >= 0)
3128 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3129
3130 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3131 if (rv < 0) {
3132 if (err)
3133 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3134 *err ? *err : "", path);
3135 rv = 1;
3136 goto end;
3137 }
3138#endif
3139
3140 /* Update key_combos */
3141 key_combos[i-1].ctx = cur_ctx;
3142 }
3143
3144 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003145 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003146 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003147 node = ebmb_next(node);
3148 }
3149
3150
3151 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3152 if (!bind_conf->default_ctx) {
3153 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3154 if (key_combos[i].ctx) {
3155 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003156 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003157 break;
3158 }
3159 }
3160 }
3161
3162end:
3163
3164 if (names)
3165 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3166
3167 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3168 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3169
3170 node = ebmb_first(&sni_keytypes_map);
3171 while (node) {
3172 next = ebmb_next(node);
3173 ebmb_delete(node);
3174 node = next;
3175 }
3176
3177 return rv;
3178}
3179#else
3180/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003181static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3182 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003183{
3184 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3185 err && *err ? *err : "", path, strerror(errno));
3186 return 1;
3187}
3188
yanbzhu488a4d22015-12-01 15:16:07 -05003189#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3190
Emeric Brunfc0421f2012-09-07 17:30:07 +02003191/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3192 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3193 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003194static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3195 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003196{
3197 BIO *in;
3198 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003199 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003200 int ret = -1;
3201 int order = 0;
3202 X509_NAME *xname;
3203 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003204 pem_password_cb *passwd_cb;
3205 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003206 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003207 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003208
Emeric Brunfc0421f2012-09-07 17:30:07 +02003209#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3210 STACK_OF(GENERAL_NAME) *names;
3211#endif
3212
3213 in = BIO_new(BIO_s_file());
3214 if (in == NULL)
3215 goto end;
3216
3217 if (BIO_read_filename(in, file) <= 0)
3218 goto end;
3219
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003220
3221 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3222 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3223
3224 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003225 if (x == NULL)
3226 goto end;
3227
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003228 pkey = X509_get_pubkey(x);
3229 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003230 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003231 switch(EVP_PKEY_base_id(pkey)) {
3232 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003233 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003234 break;
3235 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003236 kinfo.sig = TLSEXT_signature_ecdsa;
3237 break;
3238 case EVP_PKEY_DSA:
3239 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003240 break;
3241 }
3242 EVP_PKEY_free(pkey);
3243 }
3244
Emeric Brun50bcecc2013-04-22 13:05:23 +02003245 if (fcount) {
3246 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003247 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003248 }
3249 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003250#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003251 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3252 if (names) {
3253 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3254 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3255 if (name->type == GEN_DNS) {
3256 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003257 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003258 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003259 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003260 }
3261 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003262 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003263 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003264#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003265 xname = X509_get_subject_name(x);
3266 i = -1;
3267 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3268 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003269 ASN1_STRING *value;
3270
3271 value = X509_NAME_ENTRY_get_data(entry);
3272 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003273 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003274 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003275 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003276 }
3277 }
3278
3279 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3280 if (!SSL_CTX_use_certificate(ctx, x))
3281 goto end;
3282
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003283#ifdef SSL_CTX_clear_extra_chain_certs
3284 SSL_CTX_clear_extra_chain_certs(ctx);
3285#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003286 if (ctx->extra_certs != NULL) {
3287 sk_X509_pop_free(ctx->extra_certs, X509_free);
3288 ctx->extra_certs = NULL;
3289 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003290#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003291
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003292 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003293 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3294 X509_free(ca);
3295 goto end;
3296 }
3297 }
3298
3299 err = ERR_get_error();
3300 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3301 /* we successfully reached the last cert in the file */
3302 ret = 1;
3303 }
3304 ERR_clear_error();
3305
3306end:
3307 if (x)
3308 X509_free(x);
3309
3310 if (in)
3311 BIO_free(in);
3312
3313 return ret;
3314}
3315
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003316static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3317 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003318{
3319 int ret;
3320 SSL_CTX *ctx;
3321
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003322 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003323 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003324 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3325 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003326 return 1;
3327 }
3328
3329 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003330 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3331 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003332 SSL_CTX_free(ctx);
3333 return 1;
3334 }
3335
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003336 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003337 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003338 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3339 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003340 if (ret < 0) /* serious error, must do that ourselves */
3341 SSL_CTX_free(ctx);
3342 return 1;
3343 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003344
3345 if (SSL_CTX_check_private_key(ctx) <= 0) {
3346 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3347 err && *err ? *err : "", path);
3348 return 1;
3349 }
3350
Emeric Brunfc0421f2012-09-07 17:30:07 +02003351 /* we must not free the SSL_CTX anymore below, since it's already in
3352 * the tree, so it will be discovered and cleaned in time.
3353 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003354#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003355 /* store a NULL pointer to indicate we have not yet loaded
3356 a custom DH param file */
3357 if (ssl_dh_ptr_index >= 0) {
3358 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3359 }
3360
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003361 ret = ssl_sock_load_dh_params(ctx, path);
3362 if (ret < 0) {
3363 if (err)
3364 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3365 *err ? *err : "", path);
3366 return 1;
3367 }
3368#endif
3369
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003370#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003371 ret = ssl_sock_load_ocsp(ctx, path);
3372 if (ret < 0) {
3373 if (err)
3374 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3375 *err ? *err : "", path);
3376 return 1;
3377 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003378#elif (defined OPENSSL_IS_BORINGSSL)
3379 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003380#endif
3381
Daniel Jakots54ffb912015-11-06 20:02:41 +01003382#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003383 if (sctl_ex_index >= 0) {
3384 ret = ssl_sock_load_sctl(ctx, path);
3385 if (ret < 0) {
3386 if (err)
3387 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3388 *err ? *err : "", path);
3389 return 1;
3390 }
3391 }
3392#endif
3393
Emeric Brunfc0421f2012-09-07 17:30:07 +02003394#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003395 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003396 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3397 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003398 return 1;
3399 }
3400#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003401 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003402 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003403 bind_conf->default_ssl_conf = ssl_conf;
3404 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003405
3406 return 0;
3407}
3408
Willy Tarreau03209342016-12-22 17:08:28 +01003409int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003410{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003411 struct dirent **de_list;
3412 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003413 DIR *dir;
3414 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003415 char *end;
3416 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003417 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003418#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3419 int is_bundle;
3420 int j;
3421#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003422
yanbzhu08ce6ab2015-12-02 13:01:29 -05003423 if (stat(path, &buf) == 0) {
3424 dir = opendir(path);
3425 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003426 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003427
yanbzhu08ce6ab2015-12-02 13:01:29 -05003428 /* strip trailing slashes, including first one */
3429 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3430 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003431
yanbzhu08ce6ab2015-12-02 13:01:29 -05003432 n = scandir(path, &de_list, 0, alphasort);
3433 if (n < 0) {
3434 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3435 err && *err ? *err : "", path, strerror(errno));
3436 cfgerr++;
3437 }
3438 else {
3439 for (i = 0; i < n; i++) {
3440 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003441
yanbzhu08ce6ab2015-12-02 13:01:29 -05003442 end = strrchr(de->d_name, '.');
3443 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3444 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003445
yanbzhu08ce6ab2015-12-02 13:01:29 -05003446 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3447 if (stat(fp, &buf) != 0) {
3448 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3449 err && *err ? *err : "", fp, strerror(errno));
3450 cfgerr++;
3451 goto ignore_entry;
3452 }
3453 if (!S_ISREG(buf.st_mode))
3454 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003455
3456#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3457 is_bundle = 0;
3458 /* Check if current entry in directory is part of a multi-cert bundle */
3459
3460 if (end) {
3461 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3462 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3463 is_bundle = 1;
3464 break;
3465 }
3466 }
3467
3468 if (is_bundle) {
3469 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3470 int dp_len;
3471
3472 dp_len = end - de->d_name;
3473 snprintf(dp, dp_len + 1, "%s", de->d_name);
3474
3475 /* increment i and free de until we get to a non-bundle cert
3476 * Note here that we look at de_list[i + 1] before freeing de
3477 * this is important since ignore_entry will free de
3478 */
3479 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3480 free(de);
3481 i++;
3482 de = de_list[i];
3483 }
3484
3485 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003486 ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003487
3488 /* Successfully processed the bundle */
3489 goto ignore_entry;
3490 }
3491 }
3492
3493#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003494 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003495ignore_entry:
3496 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003497 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003498 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003499 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003500 closedir(dir);
3501 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003502 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003503
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003504 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003505
Emeric Brunfc0421f2012-09-07 17:30:07 +02003506 return cfgerr;
3507}
3508
Thierry Fournier383085f2013-01-24 14:15:43 +01003509/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3510 * done once. Zero is returned if the operation fails. No error is returned
3511 * if the random is said as not implemented, because we expect that openssl
3512 * will use another method once needed.
3513 */
3514static int ssl_initialize_random()
3515{
3516 unsigned char random;
3517 static int random_initialized = 0;
3518
3519 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3520 random_initialized = 1;
3521
3522 return random_initialized;
3523}
3524
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003525/* release ssl bind conf */
3526void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003527{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003528 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003529#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003530 free(conf->npn_str);
3531 conf->npn_str = NULL;
3532#endif
3533#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3534 free(conf->alpn_str);
3535 conf->alpn_str = NULL;
3536#endif
3537 free(conf->ca_file);
3538 conf->ca_file = NULL;
3539 free(conf->crl_file);
3540 conf->crl_file = NULL;
3541 free(conf->ciphers);
3542 conf->ciphers = NULL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003543 free(conf->curves);
3544 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003545 free(conf->ecdhe);
3546 conf->ecdhe = NULL;
3547 }
3548}
3549
3550int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3551{
3552 char thisline[CRT_LINESIZE];
3553 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003554 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003555 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003556 int linenum = 0;
3557 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003558
Willy Tarreauad1731d2013-04-02 17:35:58 +02003559 if ((f = fopen(file, "r")) == NULL) {
3560 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003561 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003562 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003563
3564 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003565 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003566 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003567 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003568 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003569 char *crt_path;
3570 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003571
3572 linenum++;
3573 end = line + strlen(line);
3574 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3575 /* Check if we reached the limit and the last char is not \n.
3576 * Watch out for the last line without the terminating '\n'!
3577 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003578 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3579 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003580 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003581 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003582 }
3583
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003584 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003585 newarg = 1;
3586 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003587 if (*line == '#' || *line == '\n' || *line == '\r') {
3588 /* end of string, end of loop */
3589 *line = 0;
3590 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003591 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003592 newarg = 1;
3593 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003594 } else if (*line == '[') {
3595 if (ssl_b) {
3596 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3597 cfgerr = 1;
3598 break;
3599 }
3600 if (!arg) {
3601 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3602 cfgerr = 1;
3603 break;
3604 }
3605 ssl_b = arg;
3606 newarg = 1;
3607 *line = 0;
3608 } else if (*line == ']') {
3609 if (ssl_e) {
3610 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003611 cfgerr = 1;
3612 break;
3613 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003614 if (!ssl_b) {
3615 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3616 cfgerr = 1;
3617 break;
3618 }
3619 ssl_e = arg;
3620 newarg = 1;
3621 *line = 0;
3622 } else if (newarg) {
3623 if (arg == MAX_CRT_ARGS) {
3624 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3625 cfgerr = 1;
3626 break;
3627 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003628 newarg = 0;
3629 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003630 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003631 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003632 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003633 if (cfgerr)
3634 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003635 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003636
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003637 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003638 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003639 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003640
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003641 crt_path = args[0];
3642 if (*crt_path != '/' && global_ssl.crt_base) {
3643 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3644 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3645 crt_path, linenum, file);
3646 cfgerr = 1;
3647 break;
3648 }
3649 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3650 crt_path = path;
3651 }
3652
3653 ssl_conf = calloc(1, sizeof *ssl_conf);
3654 cur_arg = ssl_b ? ssl_b : 1;
3655 while (cur_arg < ssl_e) {
3656 newarg = 0;
3657 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3658 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3659 newarg = 1;
3660 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3661 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3662 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3663 args[cur_arg], linenum, file);
3664 cfgerr = 1;
3665 }
3666 cur_arg += 1 + ssl_bind_kws[i].skip;
3667 break;
3668 }
3669 }
3670 if (!cfgerr && !newarg) {
3671 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3672 args[cur_arg], linenum, file);
3673 cfgerr = 1;
3674 break;
3675 }
3676 }
3677 if (cfgerr) {
3678 ssl_sock_free_ssl_conf(ssl_conf);
3679 free(ssl_conf);
3680 ssl_conf = NULL;
3681 break;
3682 }
3683
3684 if (stat(crt_path, &buf) == 0) {
3685 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3686 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003687 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003688 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3689 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003690 }
3691
Willy Tarreauad1731d2013-04-02 17:35:58 +02003692 if (cfgerr) {
3693 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003694 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003695 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003696 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003697 fclose(f);
3698 return cfgerr;
3699}
3700
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003701/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003702static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003703ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003704{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003705 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003706 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003707 SSL_OP_ALL | /* all known workarounds for bugs */
3708 SSL_OP_NO_SSLv2 |
3709 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003710 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003711 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003712 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003713 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003714 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003715 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003716 SSL_MODE_ENABLE_PARTIAL_WRITE |
3717 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003718 SSL_MODE_RELEASE_BUFFERS |
3719 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003720 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003721 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003722 int flags = MC_SSL_O_ALL;
3723 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003724
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003725 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003726 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003727
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003728 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003729 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3730 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3731 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003732 else
3733 flags = conf_ssl_methods->flags;
3734
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003735 min = conf_ssl_methods->min;
3736 max = conf_ssl_methods->max;
3737 /* start with TLSv10 to remove SSLv3 per default */
3738 if (!min && (!max || max >= CONF_TLSV10))
3739 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003740 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003741 if (min)
3742 flags |= (methodVersions[min].flag - 1);
3743 if (max)
3744 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003745 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003746 min = max = CONF_TLSV_NONE;
3747 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003748 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003749 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003750 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003751 if (min) {
3752 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003753 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3754 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3755 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3756 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003757 hole = 0;
3758 }
3759 max = i;
3760 }
3761 else {
3762 min = max = i;
3763 }
3764 }
3765 else {
3766 if (min)
3767 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003768 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003769 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003770 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3771 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003772 cfgerr += 1;
3773 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003774 /* save real min/max in bind_conf */
3775 conf_ssl_methods->min = min;
3776 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003777
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003778#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003779 /* Keep force-xxx implementation as it is in older haproxy. It's a
3780 precautionary measure to avoid any suprise with older openssl version. */
3781 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003782 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003783 else
3784 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3785 if (flags & methodVersions[i].flag)
3786 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003787#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003788 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003789 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3790 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003791#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003792
3793 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3794 options |= SSL_OP_NO_TICKET;
3795 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3796 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
3797 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003798
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003799#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003800 if (global_ssl.async)
3801 mode |= SSL_MODE_ASYNC;
3802#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003803 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003804 if (global_ssl.life_time)
3805 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003806
3807#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3808#ifdef OPENSSL_IS_BORINGSSL
3809 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3810 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003811#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
3812 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3813 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003814#else
3815 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003816#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003817 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003818#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003819 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003820}
3821
William Lallemand4f45bb92017-10-30 20:08:51 +01003822
3823static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3824{
3825 if (first == block) {
3826 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3827 if (first->len > 0)
3828 sh_ssl_sess_tree_delete(sh_ssl_sess);
3829 }
3830}
3831
3832/* return first block from sh_ssl_sess */
3833static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3834{
3835 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3836
3837}
3838
3839/* store a session into the cache
3840 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3841 * data: asn1 encoded session
3842 * data_len: asn1 encoded session length
3843 * Returns 1 id session was stored (else 0)
3844 */
3845static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3846{
3847 struct shared_block *first;
3848 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3849
3850 first = shctx_row_reserve_hot(ssl_shctx, data_len + sizeof(struct sh_ssl_sess_hdr));
3851 if (!first) {
3852 /* Could not retrieve enough free blocks to store that session */
3853 return 0;
3854 }
3855
3856 /* STORE the key in the first elem */
3857 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3858 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3859 first->len = sizeof(struct sh_ssl_sess_hdr);
3860
3861 /* it returns the already existing node
3862 or current node if none, never returns null */
3863 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3864 if (oldsh_ssl_sess != sh_ssl_sess) {
3865 /* NOTE: Row couldn't be in use because we lock read & write function */
3866 /* release the reserved row */
3867 shctx_row_dec_hot(ssl_shctx, first);
3868 /* replace the previous session already in the tree */
3869 sh_ssl_sess = oldsh_ssl_sess;
3870 /* ignore the previous session data, only use the header */
3871 first = sh_ssl_sess_first_block(sh_ssl_sess);
3872 shctx_row_inc_hot(ssl_shctx, first);
3873 first->len = sizeof(struct sh_ssl_sess_hdr);
3874 }
3875
William Lallemand99b90af2018-01-03 19:15:51 +01003876 if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) {
3877 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003878 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01003879 }
3880
3881 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003882
3883 return 1;
3884}
William Lallemanded0b5ad2017-10-30 19:36:36 +01003885
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003886/* SSL callback used when a new session is created while connecting to a server */
3887static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
3888{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02003889 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01003890 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003891
Olivier Houcharde6060c52017-11-16 17:42:52 +01003892 s = objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003893
Olivier Houcharde6060c52017-11-16 17:42:52 +01003894 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
3895 int len;
3896 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003897
Olivier Houcharde6060c52017-11-16 17:42:52 +01003898 len = i2d_SSL_SESSION(sess, NULL);
3899 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
3900 ptr = s->ssl_ctx.reused_sess[tid].ptr;
3901 } else {
3902 free(s->ssl_ctx.reused_sess[tid].ptr);
3903 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
3904 s->ssl_ctx.reused_sess[tid].allocated_size = len;
3905 }
3906 if (s->ssl_ctx.reused_sess[tid].ptr) {
3907 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
3908 &ptr);
3909 }
3910 } else {
3911 free(s->ssl_ctx.reused_sess[tid].ptr);
3912 s->ssl_ctx.reused_sess[tid].ptr = NULL;
3913 }
3914
3915 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003916}
3917
Olivier Houcharde6060c52017-11-16 17:42:52 +01003918
William Lallemanded0b5ad2017-10-30 19:36:36 +01003919/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01003920int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003921{
3922 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
3923 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
3924 unsigned char *p;
3925 int data_len;
3926 unsigned int sid_length, sid_ctx_length;
3927 const unsigned char *sid_data;
3928 const unsigned char *sid_ctx_data;
3929
3930 /* Session id is already stored in to key and session id is known
3931 * so we dont store it to keep size.
3932 */
3933
3934 sid_data = SSL_SESSION_get_id(sess, &sid_length);
3935 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
3936 SSL_SESSION_set1_id(sess, sid_data, 0);
3937 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
3938
3939 /* check if buffer is large enough for the ASN1 encoded session */
3940 data_len = i2d_SSL_SESSION(sess, NULL);
3941 if (data_len > SHSESS_MAX_DATA_LEN)
3942 goto err;
3943
3944 p = encsess;
3945
3946 /* process ASN1 session encoding before the lock */
3947 i2d_SSL_SESSION(sess, &p);
3948
3949 memcpy(encid, sid_data, sid_length);
3950 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
3951 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
3952
William Lallemanda3c77cf2017-10-30 23:44:40 +01003953 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003954 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003955 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01003956 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003957err:
3958 /* reset original length values */
3959 SSL_SESSION_set1_id(sess, sid_data, sid_length);
3960 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
3961
3962 return 0; /* do not increment session reference count */
3963}
3964
3965/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003966SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003967{
William Lallemand4f45bb92017-10-30 20:08:51 +01003968 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003969 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
3970 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01003971 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01003972 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003973
3974 global.shctx_lookups++;
3975
3976 /* allow the session to be freed automatically by openssl */
3977 *do_copy = 0;
3978
3979 /* tree key is zeros padded sessionid */
3980 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
3981 memcpy(tmpkey, key, key_len);
3982 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
3983 key = tmpkey;
3984 }
3985
3986 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003987 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003988
3989 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003990 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
3991 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01003992 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003993 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003994 global.shctx_misses++;
3995 return NULL;
3996 }
3997
William Lallemand4f45bb92017-10-30 20:08:51 +01003998 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
3999 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004000
William Lallemand4f45bb92017-10-30 20:08:51 +01004001 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004002
William Lallemanda3c77cf2017-10-30 23:44:40 +01004003 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004004
4005 /* decode ASN1 session */
4006 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004007 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004008 /* Reset session id and session id contenxt */
4009 if (sess) {
4010 SSL_SESSION_set1_id(sess, key, key_len);
4011 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4012 }
4013
4014 return sess;
4015}
4016
William Lallemand4f45bb92017-10-30 20:08:51 +01004017
William Lallemanded0b5ad2017-10-30 19:36:36 +01004018/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004019void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004020{
William Lallemand4f45bb92017-10-30 20:08:51 +01004021 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004022 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4023 unsigned int sid_length;
4024 const unsigned char *sid_data;
4025 (void)ctx;
4026
4027 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4028 /* tree key is zeros padded sessionid */
4029 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4030 memcpy(tmpkey, sid_data, sid_length);
4031 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4032 sid_data = tmpkey;
4033 }
4034
William Lallemanda3c77cf2017-10-30 23:44:40 +01004035 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004036
4037 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004038 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4039 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004040 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004041 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004042 }
4043
4044 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004045 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004046}
4047
4048/* Set session cache mode to server and disable openssl internal cache.
4049 * Set shared cache callbacks on an ssl context.
4050 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004051void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004052{
4053 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4054
4055 if (!ssl_shctx) {
4056 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4057 return;
4058 }
4059
4060 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4061 SSL_SESS_CACHE_NO_INTERNAL |
4062 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4063
4064 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004065 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4066 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4067 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004068}
4069
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004070int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4071{
4072 struct proxy *curproxy = bind_conf->frontend;
4073 int cfgerr = 0;
4074 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004075 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004076 const char *conf_ciphers;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004077 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004078
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004079 if (ssl_conf) {
4080 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4081 int i, min, max;
4082 int flags = MC_SSL_O_ALL;
4083
4084 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004085 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4086 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004087 if (min)
4088 flags |= (methodVersions[min].flag - 1);
4089 if (max)
4090 flags |= ~((methodVersions[max].flag << 1) - 1);
4091 min = max = CONF_TLSV_NONE;
4092 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4093 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4094 if (min)
4095 max = i;
4096 else
4097 min = max = i;
4098 }
4099 /* save real min/max */
4100 conf_ssl_methods->min = min;
4101 conf_ssl_methods->max = max;
4102 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004103 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4104 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004105 cfgerr += 1;
4106 }
4107 }
4108
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004109 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004110 case SSL_SOCK_VERIFY_NONE:
4111 verify = SSL_VERIFY_NONE;
4112 break;
4113 case SSL_SOCK_VERIFY_OPTIONAL:
4114 verify = SSL_VERIFY_PEER;
4115 break;
4116 case SSL_SOCK_VERIFY_REQUIRED:
4117 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4118 break;
4119 }
4120 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4121 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004122 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4123 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4124 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004125 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004126 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004127 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4128 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004129 cfgerr++;
4130 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004131 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4132 /* set CA names for client cert request, function returns void */
4133 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4134 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004135 }
Emeric Brun850efd52014-01-29 12:24:34 +01004136 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004137 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4138 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004139 cfgerr++;
4140 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004141#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004142 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004143 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4144
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004145 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004146 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4147 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004148 cfgerr++;
4149 }
Emeric Brun561e5742012-10-02 15:20:55 +02004150 else {
4151 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4152 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004153 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004154#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004155 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004156 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004157#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004158 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004159 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004160 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4161 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004162 cfgerr++;
4163 }
4164 }
4165#endif
4166
William Lallemand4f45bb92017-10-30 20:08:51 +01004167 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004168 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4169 if (conf_ciphers &&
4170 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004171 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4172 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004173 cfgerr++;
4174 }
4175
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004176#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004177 /* If tune.ssl.default-dh-param has not been set,
4178 neither has ssl-default-dh-file and no static DH
4179 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004180 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004181 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004182 (ssl_dh_ptr_index == -1 ||
4183 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004184 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4185 const SSL_CIPHER * cipher = NULL;
4186 char cipher_description[128];
4187 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4188 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4189 which is not ephemeral DH. */
4190 const char dhe_description[] = " Kx=DH ";
4191 const char dhe_export_description[] = " Kx=DH(";
4192 int idx = 0;
4193 int dhe_found = 0;
4194 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004195
Remi Gacogne23d5d372014-10-10 17:04:26 +02004196 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004197
Remi Gacogne23d5d372014-10-10 17:04:26 +02004198 if (ssl) {
4199 ciphers = SSL_get_ciphers(ssl);
4200
4201 if (ciphers) {
4202 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4203 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4204 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4205 if (strstr(cipher_description, dhe_description) != NULL ||
4206 strstr(cipher_description, dhe_export_description) != NULL) {
4207 dhe_found = 1;
4208 break;
4209 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004210 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004211 }
4212 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004213 SSL_free(ssl);
4214 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004215 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004216
Lukas Tribus90132722014-08-18 00:56:33 +02004217 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004218 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004219 }
4220
Willy Tarreauef934602016-12-22 23:12:01 +01004221 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004222 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004223
Willy Tarreauef934602016-12-22 23:12:01 +01004224 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004225 if (local_dh_1024 == NULL) {
4226 local_dh_1024 = ssl_get_dh_1024();
4227 }
Willy Tarreauef934602016-12-22 23:12:01 +01004228 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004229 if (local_dh_2048 == NULL) {
4230 local_dh_2048 = ssl_get_dh_2048();
4231 }
Willy Tarreauef934602016-12-22 23:12:01 +01004232 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004233 if (local_dh_4096 == NULL) {
4234 local_dh_4096 = ssl_get_dh_4096();
4235 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004236 }
4237 }
4238 }
4239#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004240
Emeric Brunfc0421f2012-09-07 17:30:07 +02004241 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004242#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004243 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004244#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004245
Bernard Spil13c53f82018-02-15 13:34:58 +01004246#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004247 ssl_conf_cur = NULL;
4248 if (ssl_conf && ssl_conf->npn_str)
4249 ssl_conf_cur = ssl_conf;
4250 else if (bind_conf->ssl_conf.npn_str)
4251 ssl_conf_cur = &bind_conf->ssl_conf;
4252 if (ssl_conf_cur)
4253 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004254#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004255#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004256 ssl_conf_cur = NULL;
4257 if (ssl_conf && ssl_conf->alpn_str)
4258 ssl_conf_cur = ssl_conf;
4259 else if (bind_conf->ssl_conf.alpn_str)
4260 ssl_conf_cur = &bind_conf->ssl_conf;
4261 if (ssl_conf_cur)
4262 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004263#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004264#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4265 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4266 if (conf_curves) {
4267 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004268 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4269 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004270 cfgerr++;
4271 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004272#if defined(SSL_CTX_set_ecdh_auto)
4273 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4274#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004275 }
4276#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004277#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004278 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004279 int i;
4280 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004281#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004282 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004283 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4284 NULL);
4285
4286 if (ecdhe == NULL) {
4287 SSL_CTX_set_dh_auto(ctx, 1);
4288 return cfgerr;
4289 }
4290#else
4291 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4292 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4293 ECDHE_DEFAULT_CURVE);
4294#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004295
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004296 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004297 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004298 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4299 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004300 cfgerr++;
4301 }
4302 else {
4303 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4304 EC_KEY_free(ecdh);
4305 }
4306 }
4307#endif
4308
Emeric Brunfc0421f2012-09-07 17:30:07 +02004309 return cfgerr;
4310}
4311
Evan Broderbe554312013-06-27 00:05:25 -07004312static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4313{
4314 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4315 size_t prefixlen, suffixlen;
4316
4317 /* Trivial case */
4318 if (strcmp(pattern, hostname) == 0)
4319 return 1;
4320
Evan Broderbe554312013-06-27 00:05:25 -07004321 /* The rest of this logic is based on RFC 6125, section 6.4.3
4322 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4323
Emeric Bruna848dae2013-10-08 11:27:28 +02004324 pattern_wildcard = NULL;
4325 pattern_left_label_end = pattern;
4326 while (*pattern_left_label_end != '.') {
4327 switch (*pattern_left_label_end) {
4328 case 0:
4329 /* End of label not found */
4330 return 0;
4331 case '*':
4332 /* If there is more than one wildcards */
4333 if (pattern_wildcard)
4334 return 0;
4335 pattern_wildcard = pattern_left_label_end;
4336 break;
4337 }
4338 pattern_left_label_end++;
4339 }
4340
4341 /* If it's not trivial and there is no wildcard, it can't
4342 * match */
4343 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004344 return 0;
4345
4346 /* Make sure all labels match except the leftmost */
4347 hostname_left_label_end = strchr(hostname, '.');
4348 if (!hostname_left_label_end
4349 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4350 return 0;
4351
4352 /* Make sure the leftmost label of the hostname is long enough
4353 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004354 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004355 return 0;
4356
4357 /* Finally compare the string on either side of the
4358 * wildcard */
4359 prefixlen = pattern_wildcard - pattern;
4360 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004361 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4362 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004363 return 0;
4364
4365 return 1;
4366}
4367
4368static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4369{
4370 SSL *ssl;
4371 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004372 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004373 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004374
4375 int depth;
4376 X509 *cert;
4377 STACK_OF(GENERAL_NAME) *alt_names;
4378 int i;
4379 X509_NAME *cert_subject;
4380 char *str;
4381
4382 if (ok == 0)
4383 return ok;
4384
4385 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004386 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Evan Broderbe554312013-06-27 00:05:25 -07004387
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004388 /* We're checking if the provided hostnames match the desired one. The
4389 * desired hostname comes from the SNI we presented if any, or if not
4390 * provided then it may have been explicitly stated using a "verifyhost"
4391 * directive. If neither is set, we don't care about the name so the
4392 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004393 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004394 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004395 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004396 if (!servername) {
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004397 servername = objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004398 if (!servername)
4399 return ok;
4400 }
Evan Broderbe554312013-06-27 00:05:25 -07004401
4402 /* We only need to verify the CN on the actual server cert,
4403 * not the indirect CAs */
4404 depth = X509_STORE_CTX_get_error_depth(ctx);
4405 if (depth != 0)
4406 return ok;
4407
4408 /* At this point, the cert is *not* OK unless we can find a
4409 * hostname match */
4410 ok = 0;
4411
4412 cert = X509_STORE_CTX_get_current_cert(ctx);
4413 /* It seems like this might happen if verify peer isn't set */
4414 if (!cert)
4415 return ok;
4416
4417 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4418 if (alt_names) {
4419 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4420 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4421 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004422#if OPENSSL_VERSION_NUMBER < 0x00907000L
4423 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4424#else
Evan Broderbe554312013-06-27 00:05:25 -07004425 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004426#endif
Evan Broderbe554312013-06-27 00:05:25 -07004427 ok = ssl_sock_srv_hostcheck(str, servername);
4428 OPENSSL_free(str);
4429 }
4430 }
4431 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004432 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004433 }
4434
4435 cert_subject = X509_get_subject_name(cert);
4436 i = -1;
4437 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4438 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004439 ASN1_STRING *value;
4440 value = X509_NAME_ENTRY_get_data(entry);
4441 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004442 ok = ssl_sock_srv_hostcheck(str, servername);
4443 OPENSSL_free(str);
4444 }
4445 }
4446
Willy Tarreau71d058c2017-07-26 20:09:56 +02004447 /* report the mismatch and indicate if SNI was used or not */
4448 if (!ok && !conn->err_code)
4449 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004450 return ok;
4451}
4452
Emeric Brun94324a42012-10-11 14:00:19 +02004453/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004454int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004455{
Willy Tarreau03209342016-12-22 17:08:28 +01004456 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004457 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004458 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004459 SSL_OP_ALL | /* all known workarounds for bugs */
4460 SSL_OP_NO_SSLv2 |
4461 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004462 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004463 SSL_MODE_ENABLE_PARTIAL_WRITE |
4464 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004465 SSL_MODE_RELEASE_BUFFERS |
4466 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004467 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004468 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004469 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004470 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004471 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004472
Thierry Fournier383085f2013-01-24 14:15:43 +01004473 /* Make sure openssl opens /dev/urandom before the chroot */
4474 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004475 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004476 cfgerr++;
4477 }
4478
Willy Tarreaufce03112015-01-15 21:32:40 +01004479 /* Automatic memory computations need to know we use SSL there */
4480 global.ssl_used_backend = 1;
4481
4482 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004483 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004484 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004485 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4486 curproxy->id, srv->id,
4487 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004488 cfgerr++;
4489 return cfgerr;
4490 }
4491 }
Emeric Brun94324a42012-10-11 14:00:19 +02004492 if (srv->use_ssl)
4493 srv->xprt = &ssl_sock;
4494 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004495 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004496
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004497 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004498 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004499 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4500 proxy_type_str(curproxy), curproxy->id,
4501 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004502 cfgerr++;
4503 return cfgerr;
4504 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004505
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004506 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004507 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4508 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4509 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004510 else
4511 flags = conf_ssl_methods->flags;
4512
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004513 /* Real min and max should be determinate with configuration and openssl's capabilities */
4514 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004515 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004516 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004517 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004518
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004519 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004520 min = max = CONF_TLSV_NONE;
4521 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004522 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004523 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004524 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004525 if (min) {
4526 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004527 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4528 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4529 proxy_type_str(curproxy), curproxy->id, srv->id,
4530 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004531 hole = 0;
4532 }
4533 max = i;
4534 }
4535 else {
4536 min = max = i;
4537 }
4538 }
4539 else {
4540 if (min)
4541 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004542 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004543 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004544 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4545 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004546 cfgerr += 1;
4547 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004548
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004549#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004550 /* Keep force-xxx implementation as it is in older haproxy. It's a
4551 precautionary measure to avoid any suprise with older openssl version. */
4552 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004553 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004554 else
4555 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4556 if (flags & methodVersions[i].flag)
4557 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004558#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004559 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004560 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4561 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004562#endif
4563
4564 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4565 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004566 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004567
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004568#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004569 if (global_ssl.async)
4570 mode |= SSL_MODE_ASYNC;
4571#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004572 SSL_CTX_set_mode(ctx, mode);
4573 srv->ssl_ctx.ctx = ctx;
4574
Emeric Bruna7aa3092012-10-26 12:58:00 +02004575 if (srv->ssl_ctx.client_crt) {
4576 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004577 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4578 proxy_type_str(curproxy), curproxy->id,
4579 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004580 cfgerr++;
4581 }
4582 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004583 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4584 proxy_type_str(curproxy), curproxy->id,
4585 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004586 cfgerr++;
4587 }
4588 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004589 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4590 proxy_type_str(curproxy), curproxy->id,
4591 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004592 cfgerr++;
4593 }
4594 }
Emeric Brun94324a42012-10-11 14:00:19 +02004595
Emeric Brun850efd52014-01-29 12:24:34 +01004596 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4597 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004598 switch (srv->ssl_ctx.verify) {
4599 case SSL_SOCK_VERIFY_NONE:
4600 verify = SSL_VERIFY_NONE;
4601 break;
4602 case SSL_SOCK_VERIFY_REQUIRED:
4603 verify = SSL_VERIFY_PEER;
4604 break;
4605 }
Evan Broderbe554312013-06-27 00:05:25 -07004606 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004607 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004608 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004609 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004610 if (srv->ssl_ctx.ca_file) {
4611 /* load CAfile to verify */
4612 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004613 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4614 curproxy->id, srv->id,
4615 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004616 cfgerr++;
4617 }
4618 }
Emeric Brun850efd52014-01-29 12:24:34 +01004619 else {
4620 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004621 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4622 curproxy->id, srv->id,
4623 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004624 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004625 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4626 curproxy->id, srv->id,
4627 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004628 cfgerr++;
4629 }
Emeric Brunef42d922012-10-11 16:11:36 +02004630#ifdef X509_V_FLAG_CRL_CHECK
4631 if (srv->ssl_ctx.crl_file) {
4632 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4633
4634 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004635 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4636 curproxy->id, srv->id,
4637 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004638 cfgerr++;
4639 }
4640 else {
4641 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4642 }
4643 }
4644#endif
4645 }
4646
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004647 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4648 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4649 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004650 if (srv->ssl_ctx.ciphers &&
4651 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004652 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4653 curproxy->id, srv->id,
4654 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004655 cfgerr++;
4656 }
4657
4658 return cfgerr;
4659}
4660
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004661/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004662 * be NULL, in which case nothing is done. Returns the number of errors
4663 * encountered.
4664 */
Willy Tarreau03209342016-12-22 17:08:28 +01004665int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004666{
4667 struct ebmb_node *node;
4668 struct sni_ctx *sni;
4669 int err = 0;
4670
Willy Tarreaufce03112015-01-15 21:32:40 +01004671 /* Automatic memory computations need to know we use SSL there */
4672 global.ssl_used_frontend = 1;
4673
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004674 /* Make sure openssl opens /dev/urandom before the chroot */
4675 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004676 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004677 err++;
4678 }
4679 /* Create initial_ctx used to start the ssl connection before do switchctx */
4680 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004681 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004682 /* It should not be necessary to call this function, but it's
4683 necessary first to check and move all initialisation related
4684 to initial_ctx in ssl_sock_initial_ctx. */
4685 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4686 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004687 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004688 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004689
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004690 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004691 while (node) {
4692 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004693 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4694 /* only initialize the CTX on its first occurrence and
4695 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004696 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004697 node = ebmb_next(node);
4698 }
4699
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004700 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004701 while (node) {
4702 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004703 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4704 /* only initialize the CTX on its first occurrence and
4705 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004706 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004707 node = ebmb_next(node);
4708 }
4709 return err;
4710}
4711
Willy Tarreau55d37912016-12-21 23:38:39 +01004712/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4713 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4714 * alerts are directly emitted since the rest of the stack does it below.
4715 */
4716int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4717{
4718 struct proxy *px = bind_conf->frontend;
4719 int alloc_ctx;
4720 int err;
4721
4722 if (!bind_conf->is_ssl) {
4723 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004724 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4725 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004726 }
4727 return 0;
4728 }
4729 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004730 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004731 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4732 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004733 }
4734 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004735 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4736 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004737 return -1;
4738 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004739 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004740 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004741 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
4742 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
4743 sizeof(*sh_ssl_sess_tree),
4744 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
4745 if (alloc_ctx < 0) {
4746 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4747 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4748 else
4749 ha_alert("Unable to allocate SSL session cache.\n");
4750 return -1;
4751 }
4752 /* free block callback */
4753 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4754 /* init the root tree within the extra space */
4755 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4756 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004757 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004758 err = 0;
4759 /* initialize all certificate contexts */
4760 err += ssl_sock_prepare_all_ctx(bind_conf);
4761
4762 /* initialize CA variables if the certificates generation is enabled */
4763 err += ssl_sock_load_ca(bind_conf);
4764
4765 return -err;
4766}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004767
4768/* release ssl context allocated for servers. */
4769void ssl_sock_free_srv_ctx(struct server *srv)
4770{
4771 if (srv->ssl_ctx.ctx)
4772 SSL_CTX_free(srv->ssl_ctx.ctx);
4773}
4774
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004775/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004776 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4777 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004778void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004779{
4780 struct ebmb_node *node, *back;
4781 struct sni_ctx *sni;
4782
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004783 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004784 while (node) {
4785 sni = ebmb_entry(node, struct sni_ctx, name);
4786 back = ebmb_next(node);
4787 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004788 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004789 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004790 ssl_sock_free_ssl_conf(sni->conf);
4791 free(sni->conf);
4792 sni->conf = NULL;
4793 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004794 free(sni);
4795 node = back;
4796 }
4797
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004798 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004799 while (node) {
4800 sni = ebmb_entry(node, struct sni_ctx, name);
4801 back = ebmb_next(node);
4802 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004803 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004804 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004805 ssl_sock_free_ssl_conf(sni->conf);
4806 free(sni->conf);
4807 sni->conf = NULL;
4808 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004809 free(sni);
4810 node = back;
4811 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004812 SSL_CTX_free(bind_conf->initial_ctx);
4813 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004814 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004815 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004816}
4817
Willy Tarreau795cdab2016-12-22 17:30:54 +01004818/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4819void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4820{
4821 ssl_sock_free_ca(bind_conf);
4822 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004823 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004824 free(bind_conf->ca_sign_file);
4825 free(bind_conf->ca_sign_pass);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004826 if (bind_conf->keys_ref) {
4827 free(bind_conf->keys_ref->filename);
4828 free(bind_conf->keys_ref->tlskeys);
4829 LIST_DEL(&bind_conf->keys_ref->list);
4830 free(bind_conf->keys_ref);
4831 }
4832 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004833 bind_conf->ca_sign_pass = NULL;
4834 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004835}
4836
Christopher Faulet31af49d2015-06-09 17:29:50 +02004837/* Load CA cert file and private key used to generate certificates */
4838int
Willy Tarreau03209342016-12-22 17:08:28 +01004839ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004840{
Willy Tarreau03209342016-12-22 17:08:28 +01004841 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004842 FILE *fp;
4843 X509 *cacert = NULL;
4844 EVP_PKEY *capkey = NULL;
4845 int err = 0;
4846
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02004847 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004848 return err;
4849
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01004850#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02004851 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01004852 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01004853 HA_RWLOCK_INIT(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004854 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02004855 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004856 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02004857#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02004858
Christopher Faulet31af49d2015-06-09 17:29:50 +02004859 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004860 ha_alert("Proxy '%s': cannot enable certificate generation, "
4861 "no CA certificate File configured at [%s:%d].\n",
4862 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004863 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004864 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004865
4866 /* read in the CA certificate */
4867 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004868 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4869 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004870 goto load_error;
4871 }
4872 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004873 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4874 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004875 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004876 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004877 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004878 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004879 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
4880 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004881 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004882 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004883
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004884 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004885 bind_conf->ca_sign_cert = cacert;
4886 bind_conf->ca_sign_pkey = capkey;
4887 return err;
4888
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004889 read_error:
4890 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004891 if (capkey) EVP_PKEY_free(capkey);
4892 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004893 load_error:
4894 bind_conf->generate_certs = 0;
4895 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004896 return err;
4897}
4898
4899/* Release CA cert and private key used to generate certificated */
4900void
4901ssl_sock_free_ca(struct bind_conf *bind_conf)
4902{
Christopher Faulet31af49d2015-06-09 17:29:50 +02004903 if (bind_conf->ca_sign_pkey)
4904 EVP_PKEY_free(bind_conf->ca_sign_pkey);
4905 if (bind_conf->ca_sign_cert)
4906 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01004907 bind_conf->ca_sign_pkey = NULL;
4908 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004909}
4910
Emeric Brun46591952012-05-18 15:47:34 +02004911/*
4912 * This function is called if SSL * context is not yet allocated. The function
4913 * is designed to be called before any other data-layer operation and sets the
4914 * handshake flag on the connection. It is safe to call it multiple times.
4915 * It returns 0 on success and -1 in error case.
4916 */
4917static int ssl_sock_init(struct connection *conn)
4918{
4919 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004920 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02004921 return 0;
4922
Willy Tarreau3c728722014-01-23 13:50:42 +01004923 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02004924 return 0;
4925
Willy Tarreau20879a02012-12-03 16:32:10 +01004926 if (global.maxsslconn && sslconns >= global.maxsslconn) {
4927 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02004928 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004929 }
Willy Tarreau403edff2012-09-06 11:58:37 +02004930
Emeric Brun46591952012-05-18 15:47:34 +02004931 /* If it is in client mode initiate SSL session
4932 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004933 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004934 int may_retry = 1;
4935
4936 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02004937 /* Alloc a new SSL session ctx */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004938 conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004939 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004940 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004941 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004942 goto retry_connect;
4943 }
Willy Tarreau20879a02012-12-03 16:32:10 +01004944 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02004945 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004946 }
Emeric Brun46591952012-05-18 15:47:34 +02004947
Emeric Brun46591952012-05-18 15:47:34 +02004948 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02004949 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01004950 SSL_free(conn->xprt_ctx);
4951 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004952 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004953 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004954 goto retry_connect;
4955 }
Emeric Brun55476152014-11-12 17:35:37 +01004956 conn->err_code = CO_ER_SSL_NO_MEM;
4957 return -1;
4958 }
Emeric Brun46591952012-05-18 15:47:34 +02004959
Evan Broderbe554312013-06-27 00:05:25 -07004960 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004961 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01004962 SSL_free(conn->xprt_ctx);
4963 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004964 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004965 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004966 goto retry_connect;
4967 }
Emeric Brun55476152014-11-12 17:35:37 +01004968 conn->err_code = CO_ER_SSL_NO_MEM;
4969 return -1;
4970 }
4971
4972 SSL_set_connect_state(conn->xprt_ctx);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004973 if (objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
4974 const unsigned char *ptr = objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
4975 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
4976 if(sess && !SSL_set_session(conn->xprt_ctx, sess)) {
4977 SSL_SESSION_free(sess);
4978 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
4979 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
4980 } else if (sess) {
4981 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01004982 }
4983 }
Evan Broderbe554312013-06-27 00:05:25 -07004984
Emeric Brun46591952012-05-18 15:47:34 +02004985 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02004986 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02004987
4988 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01004989 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02004990 return 0;
4991 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004992 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004993 int may_retry = 1;
4994
4995 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02004996 /* Alloc a new SSL session ctx */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004997 conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004998 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004999 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005000 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005001 goto retry_accept;
5002 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005003 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005004 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005005 }
Emeric Brun46591952012-05-18 15:47:34 +02005006
Emeric Brun46591952012-05-18 15:47:34 +02005007 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005008 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005009 SSL_free(conn->xprt_ctx);
5010 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005011 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005012 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005013 goto retry_accept;
5014 }
Emeric Brun55476152014-11-12 17:35:37 +01005015 conn->err_code = CO_ER_SSL_NO_MEM;
5016 return -1;
5017 }
Emeric Brun46591952012-05-18 15:47:34 +02005018
Emeric Brune1f38db2012-09-03 20:36:47 +02005019 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005020 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005021 SSL_free(conn->xprt_ctx);
5022 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005023 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005024 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005025 goto retry_accept;
5026 }
Emeric Brun55476152014-11-12 17:35:37 +01005027 conn->err_code = CO_ER_SSL_NO_MEM;
5028 return -1;
5029 }
5030
5031 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005032
Emeric Brun46591952012-05-18 15:47:34 +02005033 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005034 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005035#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005036 conn->flags |= CO_FL_EARLY_SSL_HS;
5037#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005038
5039 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01005040 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02005041 return 0;
5042 }
5043 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005044 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005045 return -1;
5046}
5047
5048
5049/* This is the callback which is used when an SSL handshake is pending. It
5050 * updates the FD status if it wants some polling before being called again.
5051 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5052 * otherwise it returns non-zero and removes itself from the connection's
5053 * flags (the bit is provided in <flag> by the caller).
5054 */
5055int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5056{
5057 int ret;
5058
Willy Tarreau3c728722014-01-23 13:50:42 +01005059 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005060 return 0;
5061
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005062 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005063 goto out_error;
5064
Olivier Houchardc2aae742017-09-22 18:26:28 +02005065#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5066 /*
5067 * Check if we have early data. If we do, we have to read them
5068 * before SSL_do_handshake() is called, And there's no way to
5069 * detect early data, except to try to read them
5070 */
5071 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5072 size_t read_data;
5073
5074 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5075 1, &read_data);
5076 if (ret == SSL_READ_EARLY_DATA_ERROR)
5077 goto check_error;
5078 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5079 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5080 return 1;
5081 } else
5082 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5083 }
5084#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005085 /* If we use SSL_do_handshake to process a reneg initiated by
5086 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5087 * Usually SSL_write and SSL_read are used and process implicitly
5088 * the reneg handshake.
5089 * Here we use SSL_peek as a workaround for reneg.
5090 */
5091 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5092 char c;
5093
5094 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5095 if (ret <= 0) {
5096 /* handshake may have not been completed, let's find why */
5097 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005098
Emeric Brun674b7432012-11-08 19:21:55 +01005099 if (ret == SSL_ERROR_WANT_WRITE) {
5100 /* SSL handshake needs to write, L4 connection may not be ready */
5101 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005102 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005103 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005104 return 0;
5105 }
5106 else if (ret == SSL_ERROR_WANT_READ) {
5107 /* handshake may have been completed but we have
5108 * no more data to read.
5109 */
5110 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5111 ret = 1;
5112 goto reneg_ok;
5113 }
5114 /* SSL handshake needs to read, L4 connection is ready */
5115 if (conn->flags & CO_FL_WAIT_L4_CONN)
5116 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5117 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005118 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005119 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005120 return 0;
5121 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005122#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005123 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005124 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005125 return 0;
5126 }
5127#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005128 else if (ret == SSL_ERROR_SYSCALL) {
5129 /* if errno is null, then connection was successfully established */
5130 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5131 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005132 if (!conn->err_code) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005133#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5134 conn->err_code = CO_ER_SSL_HANDSHAKE;
5135#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005136 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005137#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005138 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5139 empty_handshake = state == TLS_ST_BEFORE;
5140#else
5141 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5142#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005143 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005144 if (!errno) {
5145 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5146 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5147 else
5148 conn->err_code = CO_ER_SSL_EMPTY;
5149 }
5150 else {
5151 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5152 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5153 else
5154 conn->err_code = CO_ER_SSL_ABORT;
5155 }
5156 }
5157 else {
5158 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5159 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005160 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005161 conn->err_code = CO_ER_SSL_HANDSHAKE;
5162 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005163#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005164 }
Emeric Brun674b7432012-11-08 19:21:55 +01005165 goto out_error;
5166 }
5167 else {
5168 /* Fail on all other handshake errors */
5169 /* Note: OpenSSL may leave unread bytes in the socket's
5170 * buffer, causing an RST to be emitted upon close() on
5171 * TCP sockets. We first try to drain possibly pending
5172 * data to avoid this as much as possible.
5173 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005174 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005175 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005176 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5177 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005178 goto out_error;
5179 }
5180 }
5181 /* read some data: consider handshake completed */
5182 goto reneg_ok;
5183 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005184 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005185check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005186 if (ret != 1) {
5187 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005188 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005189
5190 if (ret == SSL_ERROR_WANT_WRITE) {
5191 /* SSL handshake needs to write, L4 connection may not be ready */
5192 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005193 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005194 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005195 return 0;
5196 }
5197 else if (ret == SSL_ERROR_WANT_READ) {
5198 /* SSL handshake needs to read, L4 connection is ready */
5199 if (conn->flags & CO_FL_WAIT_L4_CONN)
5200 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5201 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005202 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005203 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005204 return 0;
5205 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005206#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005207 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005208 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005209 return 0;
5210 }
5211#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005212 else if (ret == SSL_ERROR_SYSCALL) {
5213 /* if errno is null, then connection was successfully established */
5214 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5215 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005216 if (!conn->err_code) {
5217#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5218 conn->err_code = CO_ER_SSL_HANDSHAKE;
5219#else
5220 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005221#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005222 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5223 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005224#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005225 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005226#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005227 if (empty_handshake) {
5228 if (!errno) {
5229 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5230 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5231 else
5232 conn->err_code = CO_ER_SSL_EMPTY;
5233 }
5234 else {
5235 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5236 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5237 else
5238 conn->err_code = CO_ER_SSL_ABORT;
5239 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005240 }
5241 else {
5242 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5243 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5244 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005245 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005246 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005247#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005248 }
Willy Tarreau89230192012-09-28 20:22:13 +02005249 goto out_error;
5250 }
Emeric Brun46591952012-05-18 15:47:34 +02005251 else {
5252 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005253 /* Note: OpenSSL may leave unread bytes in the socket's
5254 * buffer, causing an RST to be emitted upon close() on
5255 * TCP sockets. We first try to drain possibly pending
5256 * data to avoid this as much as possible.
5257 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005258 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005259 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005260 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5261 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005262 goto out_error;
5263 }
5264 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005265#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5266 else {
5267 /*
5268 * If the server refused the early data, we have to send a
5269 * 425 to the client, as we no longer have the data to sent
5270 * them again.
5271 */
5272 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5273 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5274 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5275 goto out_error;
5276 }
5277 }
5278 }
5279#endif
5280
Emeric Brun46591952012-05-18 15:47:34 +02005281
Emeric Brun674b7432012-11-08 19:21:55 +01005282reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005283
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005284#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005285 /* ASYNC engine API doesn't support moving read/write
5286 * buffers. So we disable ASYNC mode right after
5287 * the handshake to avoid buffer oveflows.
5288 */
5289 if (global_ssl.async)
5290 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5291#endif
Emeric Brun46591952012-05-18 15:47:34 +02005292 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005293 if (!SSL_session_reused(conn->xprt_ctx)) {
5294 if (objt_server(conn->target)) {
5295 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5296 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5297 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005298 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005299 else {
5300 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5301 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5302 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5303 }
Emeric Brun46591952012-05-18 15:47:34 +02005304 }
5305
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005306#ifdef OPENSSL_IS_BORINGSSL
5307 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5308 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5309#endif
Emeric Brun46591952012-05-18 15:47:34 +02005310 /* The connection is now established at both layers, it's time to leave */
5311 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5312 return 1;
5313
5314 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005315 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005316 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005317 ERR_clear_error();
5318
Emeric Brun9fa89732012-10-04 17:09:56 +02005319 /* free resumed session if exists */
Olivier Houcharde6060c52017-11-16 17:42:52 +01005320 if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5321 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5322 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005323 }
5324
Emeric Brun46591952012-05-18 15:47:34 +02005325 /* Fail on all other handshake errors */
5326 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005327 if (!conn->err_code)
5328 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005329 return 0;
5330}
5331
5332/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005333 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005334 * buffer wraps, in which case a second call may be performed. The connection's
5335 * flags are updated with whatever special event is detected (error, read0,
5336 * empty). The caller is responsible for taking care of those events and
5337 * avoiding the call if inappropriate. The function does not call the
5338 * connection's polling update function, so the caller is responsible for this.
5339 */
5340static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int count)
5341{
5342 int ret, done = 0;
Willy Tarreauabf08d92014-01-14 11:31:27 +01005343 int try;
Emeric Brun46591952012-05-18 15:47:34 +02005344
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005345 conn_refresh_polling_flags(conn);
5346
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005347 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005348 goto out_error;
5349
5350 if (conn->flags & CO_FL_HANDSHAKE)
5351 /* a handshake was requested */
5352 return 0;
5353
Willy Tarreauabf08d92014-01-14 11:31:27 +01005354 /* let's realign the buffer to optimize I/O */
Olivier Houchardc2aae742017-09-22 18:26:28 +02005355 if (buffer_empty(buf)) {
Emeric Brun46591952012-05-18 15:47:34 +02005356 buf->p = buf->data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005357 }
Emeric Brun46591952012-05-18 15:47:34 +02005358
5359 /* read the largest possible block. For this, we perform only one call
5360 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5361 * in which case we accept to do it once again. A new attempt is made on
5362 * EINTR too.
5363 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005364 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005365 int need_out = 0;
5366
Willy Tarreauabf08d92014-01-14 11:31:27 +01005367 /* first check if we have some room after p+i */
5368 try = buf->data + buf->size - (buf->p + buf->i);
5369 /* otherwise continue between data and p-o */
5370 if (try <= 0) {
5371 try = buf->p - (buf->data + buf->o);
5372 if (try <= 0)
5373 break;
5374 }
5375 if (try > count)
5376 try = count;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005377 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5378 conn->tmp_early_data != -1) {
5379 *bi_end(buf) = conn->tmp_early_data;
5380 done++;
5381 try--;
5382 count--;
5383 buf->i++;
5384 conn->tmp_early_data = -1;
5385 continue;
5386 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005387
Olivier Houchardc2aae742017-09-22 18:26:28 +02005388#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5389 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5390 size_t read_length;
5391
5392 ret = SSL_read_early_data(conn->xprt_ctx,
5393 bi_end(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005394 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5395 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005396 conn->flags |= CO_FL_EARLY_DATA;
5397 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5398 ret == SSL_READ_EARLY_DATA_FINISH) {
5399 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5400 /*
5401 * We're done reading the early data,
5402 * let's make the handshake
5403 */
5404 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5405 conn->flags |= CO_FL_SSL_WAIT_HS;
5406 need_out = 1;
5407 if (read_length == 0)
5408 break;
5409 }
5410 ret = read_length;
5411 }
5412 } else
5413#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005414 ret = SSL_read(conn->xprt_ctx, bi_end(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005415#ifdef OPENSSL_IS_BORINGSSL
5416 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5417 if (SSL_in_early_data(conn->xprt_ctx)) {
5418 if (ret > 0)
5419 conn->flags |= CO_FL_EARLY_DATA;
5420 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005421 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005422 }
5423 }
5424#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005425 if (conn->flags & CO_FL_ERROR) {
5426 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005427 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005428 }
Emeric Brun46591952012-05-18 15:47:34 +02005429 if (ret > 0) {
5430 buf->i += ret;
5431 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005432 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005433 }
Emeric Brun46591952012-05-18 15:47:34 +02005434 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005435 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005436 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005437 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005438 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005439 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005440#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005441 /* Async mode can be re-enabled, because we're leaving data state.*/
5442 if (global_ssl.async)
5443 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5444#endif
Emeric Brun46591952012-05-18 15:47:34 +02005445 break;
5446 }
5447 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005448 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5449 /* handshake is running, and it may need to re-enable read */
5450 conn->flags |= CO_FL_SSL_WAIT_HS;
5451 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005452#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005453 /* Async mode can be re-enabled, because we're leaving data state.*/
5454 if (global_ssl.async)
5455 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5456#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005457 break;
5458 }
Emeric Brun46591952012-05-18 15:47:34 +02005459 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005460 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005461 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005462 } else if (ret == SSL_ERROR_ZERO_RETURN)
5463 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005464 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5465 * stack before shutting down the connection for
5466 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005467 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5468 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005469 /* otherwise it's a real error */
5470 goto out_error;
5471 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005472 if (need_out)
5473 break;
Emeric Brun46591952012-05-18 15:47:34 +02005474 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005475 leave:
5476 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005477 return done;
5478
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005479 clear_ssl_error:
5480 /* Clear openssl global errors stack */
5481 ssl_sock_dump_errors(conn);
5482 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005483 read0:
5484 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005485 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005486
Emeric Brun46591952012-05-18 15:47:34 +02005487 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005488 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005489 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005490 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005491 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005492 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005493}
5494
5495
5496/* Send all pending bytes from buffer <buf> to connection <conn>'s socket.
Willy Tarreau1049b1f2014-02-02 01:51:17 +01005497 * <flags> may contain some CO_SFL_* flags to hint the system about other
5498 * pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005499 * Only one call to send() is performed, unless the buffer wraps, in which case
5500 * a second call may be performed. The connection's flags are updated with
5501 * whatever special event is detected (error, empty). The caller is responsible
5502 * for taking care of those events and avoiding the call if inappropriate. The
5503 * function does not call the connection's polling update function, so the caller
5504 * is responsible for this.
5505 */
5506static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int flags)
5507{
5508 int ret, try, done;
5509
5510 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005511 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005512
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005513 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005514 goto out_error;
5515
5516 if (conn->flags & CO_FL_HANDSHAKE)
5517 /* a handshake was requested */
5518 return 0;
5519
5520 /* send the largest possible block. For this we perform only one call
5521 * to send() unless the buffer wraps and we exactly fill the first hunk,
5522 * in which case we accept to do it once again.
5523 */
5524 while (buf->o) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005525#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5526 size_t written_data;
5527#endif
5528
Kevin Hestercad82342013-05-30 15:12:41 -07005529 try = bo_contig_data(buf);
Willy Tarreaubfd59462013-02-21 07:46:09 +01005530
Willy Tarreau7bed9452014-02-02 02:00:24 +01005531 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005532 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005533 global_ssl.max_record && try > global_ssl.max_record) {
5534 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005535 }
5536 else {
5537 /* we need to keep the information about the fact that
5538 * we're not limiting the upcoming send(), because if it
5539 * fails, we'll have to retry with at least as many data.
5540 */
5541 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5542 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005543
Olivier Houchardc2aae742017-09-22 18:26:28 +02005544#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5545 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5546 unsigned int max_early;
5547
Olivier Houchard522eea72017-11-03 16:27:47 +01005548 if (objt_listener(conn->target))
5549 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5550 else {
5551 if (SSL_get0_session(conn->xprt_ctx))
5552 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5553 else
5554 max_early = 0;
5555 }
5556
Olivier Houchard90084a12017-11-23 18:21:29 +01005557 if (try + conn->sent_early_data > max_early) {
5558 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005559 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005560 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5561 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005562 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005563 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005564 }
5565 ret = SSL_write_early_data(conn->xprt_ctx, bo_ptr(buf), try, &written_data);
5566 if (ret == 1) {
5567 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005568 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005569 if (objt_server(conn->target)) {
5570 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5571 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5572 }
5573
Olivier Houchardc2aae742017-09-22 18:26:28 +02005574 }
5575
5576 } else
5577#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005578 ret = SSL_write(conn->xprt_ctx, bo_ptr(buf), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005579
Emeric Brune1f38db2012-09-03 20:36:47 +02005580 if (conn->flags & CO_FL_ERROR) {
5581 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005582 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005583 }
Emeric Brun46591952012-05-18 15:47:34 +02005584 if (ret > 0) {
Willy Tarreau518cedd2014-02-17 15:43:01 +01005585 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
5586
Emeric Brun46591952012-05-18 15:47:34 +02005587 buf->o -= ret;
5588 done += ret;
5589
Willy Tarreau5fb38032012-12-16 19:39:09 +01005590 if (likely(buffer_empty(buf)))
Emeric Brun46591952012-05-18 15:47:34 +02005591 /* optimize data alignment in the buffer */
5592 buf->p = buf->data;
Emeric Brun46591952012-05-18 15:47:34 +02005593 }
5594 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005595 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005596
Emeric Brun46591952012-05-18 15:47:34 +02005597 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005598 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5599 /* handshake is running, and it may need to re-enable write */
5600 conn->flags |= CO_FL_SSL_WAIT_HS;
5601 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005602#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005603 /* Async mode can be re-enabled, because we're leaving data state.*/
5604 if (global_ssl.async)
5605 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5606#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005607 break;
5608 }
Emeric Brun46591952012-05-18 15:47:34 +02005609 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005610 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005611 break;
5612 }
5613 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005614 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005615 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005616 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005617#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005618 /* Async mode can be re-enabled, because we're leaving data state.*/
5619 if (global_ssl.async)
5620 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5621#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005622 break;
5623 }
Emeric Brun46591952012-05-18 15:47:34 +02005624 goto out_error;
5625 }
5626 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005627 leave:
5628 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005629 return done;
5630
5631 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005632 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005633 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005634 ERR_clear_error();
5635
Emeric Brun46591952012-05-18 15:47:34 +02005636 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005637 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005638}
5639
Emeric Brun46591952012-05-18 15:47:34 +02005640static void ssl_sock_close(struct connection *conn) {
5641
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005642 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005643#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005644 if (global_ssl.async) {
5645 OSSL_ASYNC_FD all_fd[32], afd;
5646 size_t num_all_fds = 0;
5647 int i;
5648
5649 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5650 if (num_all_fds > 32) {
5651 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5652 return;
5653 }
5654
5655 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5656
5657 /* If an async job is pending, we must try to
5658 to catch the end using polling before calling
5659 SSL_free */
5660 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5661 for (i=0 ; i < num_all_fds ; i++) {
5662 /* switch on an handler designed to
5663 * handle the SSL_free
5664 */
5665 afd = all_fd[i];
5666 fdtab[afd].iocb = ssl_async_fd_free;
5667 fdtab[afd].owner = conn->xprt_ctx;
5668 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005669 /* To ensure that the fd cache won't be used
5670 * and we'll catch a real RD event.
5671 */
5672 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005673 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005674 conn->xprt_ctx = NULL;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +02005675 HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005676 return;
5677 }
Emeric Brun3854e012017-05-17 20:42:48 +02005678 /* Else we can remove the fds from the fdtab
5679 * and call SSL_free.
5680 * note: we do a fd_remove and not a delete
5681 * because the fd is owned by the engine.
5682 * the engine is responsible to close
5683 */
5684 for (i=0 ; i < num_all_fds ; i++)
5685 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005686 }
5687#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005688 SSL_free(conn->xprt_ctx);
5689 conn->xprt_ctx = NULL;
Willy Tarreau403edff2012-09-06 11:58:37 +02005690 sslconns--;
Emeric Brun46591952012-05-18 15:47:34 +02005691 }
Emeric Brun46591952012-05-18 15:47:34 +02005692}
5693
5694/* This function tries to perform a clean shutdown on an SSL connection, and in
5695 * any case, flags the connection as reusable if no handshake was in progress.
5696 */
5697static void ssl_sock_shutw(struct connection *conn, int clean)
5698{
5699 if (conn->flags & CO_FL_HANDSHAKE)
5700 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005701 if (!clean)
5702 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005703 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005704 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005705 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005706 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005707 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005708 ERR_clear_error();
5709 }
Emeric Brun46591952012-05-18 15:47:34 +02005710}
5711
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005712/* used for ppv2 pkey alog (can be used for logging) */
5713int ssl_sock_get_pkey_algo(struct connection *conn, struct chunk *out)
5714{
5715 struct pkey_info *pkinfo;
5716 int bits = 0;
5717 int sig = TLSEXT_signature_anonymous;
5718 int len = -1;
5719
5720 if (!ssl_sock_is_ssl(conn))
5721 return 0;
5722
Emmanuel Hocdet3448c492018-06-18 12:44:19 +02005723 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005724 if (pkinfo) {
5725 sig = pkinfo->sig;
5726 bits = pkinfo->bits;
5727 } else {
5728 /* multicert and generated cert have no pkey info */
5729 X509 *crt;
5730 EVP_PKEY *pkey;
5731 crt = SSL_get_certificate(conn->xprt_ctx);
5732 if (!crt)
5733 return 0;
5734 pkey = X509_get_pubkey(crt);
5735 if (pkey) {
5736 bits = EVP_PKEY_bits(pkey);
5737 switch(EVP_PKEY_base_id(pkey)) {
5738 case EVP_PKEY_RSA:
5739 sig = TLSEXT_signature_rsa;
5740 break;
5741 case EVP_PKEY_EC:
5742 sig = TLSEXT_signature_ecdsa;
5743 break;
5744 case EVP_PKEY_DSA:
5745 sig = TLSEXT_signature_dsa;
5746 break;
5747 }
5748 EVP_PKEY_free(pkey);
5749 }
5750 }
5751
5752 switch(sig) {
5753 case TLSEXT_signature_rsa:
5754 len = chunk_printf(out, "RSA%d", bits);
5755 break;
5756 case TLSEXT_signature_ecdsa:
5757 len = chunk_printf(out, "EC%d", bits);
5758 break;
5759 case TLSEXT_signature_dsa:
5760 len = chunk_printf(out, "DSA%d", bits);
5761 break;
5762 default:
5763 return 0;
5764 }
5765 if (len < 0)
5766 return 0;
5767 return 1;
5768}
5769
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005770/* used for ppv2 cert signature (can be used for logging) */
5771const char *ssl_sock_get_cert_sig(struct connection *conn)
5772{
5773 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5774 X509 *crt;
5775
5776 if (!ssl_sock_is_ssl(conn))
5777 return NULL;
5778 crt = SSL_get_certificate(conn->xprt_ctx);
5779 if (!crt)
5780 return NULL;
5781 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5782 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5783}
5784
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005785/* used for ppv2 authority */
5786const char *ssl_sock_get_sni(struct connection *conn)
5787{
5788#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5789 if (!ssl_sock_is_ssl(conn))
5790 return NULL;
5791 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5792#else
5793 return 0;
5794#endif
5795}
5796
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005797/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005798const char *ssl_sock_get_cipher_name(struct connection *conn)
5799{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005800 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005801 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005802
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005803 return SSL_get_cipher_name(conn->xprt_ctx);
5804}
5805
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005806/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005807const char *ssl_sock_get_proto_version(struct connection *conn)
5808{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005809 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005810 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005811
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005812 return SSL_get_version(conn->xprt_ctx);
5813}
5814
Willy Tarreau8d598402012-10-22 17:58:39 +02005815/* Extract a serial from a cert, and copy it to a chunk.
5816 * Returns 1 if serial is found and copied, 0 if no serial found and
5817 * -1 if output is not large enough.
5818 */
5819static int
5820ssl_sock_get_serial(X509 *crt, struct chunk *out)
5821{
5822 ASN1_INTEGER *serial;
5823
5824 serial = X509_get_serialNumber(crt);
5825 if (!serial)
5826 return 0;
5827
5828 if (out->size < serial->length)
5829 return -1;
5830
5831 memcpy(out->str, serial->data, serial->length);
5832 out->len = serial->length;
5833 return 1;
5834}
5835
Emeric Brun43e79582014-10-29 19:03:26 +01005836/* Extract a cert to der, and copy it to a chunk.
5837 * Returns 1 if cert is found and copied, 0 on der convertion failure and
5838 * -1 if output is not large enough.
5839 */
5840static int
5841ssl_sock_crt2der(X509 *crt, struct chunk *out)
5842{
5843 int len;
5844 unsigned char *p = (unsigned char *)out->str;;
5845
5846 len =i2d_X509(crt, NULL);
5847 if (len <= 0)
5848 return 1;
5849
5850 if (out->size < len)
5851 return -1;
5852
5853 i2d_X509(crt,&p);
5854 out->len = len;
5855 return 1;
5856}
5857
Emeric Brunce5ad802012-10-22 14:11:22 +02005858
5859/* Copy Date in ASN1_UTCTIME format in struct chunk out.
5860 * Returns 1 if serial is found and copied, 0 if no valid time found
5861 * and -1 if output is not large enough.
5862 */
5863static int
5864ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out)
5865{
5866 if (tm->type == V_ASN1_GENERALIZEDTIME) {
5867 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
5868
5869 if (gentm->length < 12)
5870 return 0;
5871 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
5872 return 0;
5873 if (out->size < gentm->length-2)
5874 return -1;
5875
5876 memcpy(out->str, gentm->data+2, gentm->length-2);
5877 out->len = gentm->length-2;
5878 return 1;
5879 }
5880 else if (tm->type == V_ASN1_UTCTIME) {
5881 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
5882
5883 if (utctm->length < 10)
5884 return 0;
5885 if (utctm->data[0] >= 0x35)
5886 return 0;
5887 if (out->size < utctm->length)
5888 return -1;
5889
5890 memcpy(out->str, utctm->data, utctm->length);
5891 out->len = utctm->length;
5892 return 1;
5893 }
5894
5895 return 0;
5896}
5897
Emeric Brun87855892012-10-17 17:39:35 +02005898/* Extract an entry from a X509_NAME and copy its value to an output chunk.
5899 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
5900 */
5901static int
5902ssl_sock_get_dn_entry(X509_NAME *a, const struct chunk *entry, int pos, struct chunk *out)
5903{
5904 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005905 ASN1_OBJECT *obj;
5906 ASN1_STRING *data;
5907 const unsigned char *data_ptr;
5908 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005909 int i, j, n;
5910 int cur = 0;
5911 const char *s;
5912 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005913 int name_count;
5914
5915 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005916
5917 out->len = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005918 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02005919 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005920 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02005921 else
5922 j = i;
5923
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005924 ne = X509_NAME_get_entry(a, j);
5925 obj = X509_NAME_ENTRY_get_object(ne);
5926 data = X509_NAME_ENTRY_get_data(ne);
5927 data_ptr = ASN1_STRING_get0_data(data);
5928 data_len = ASN1_STRING_length(data);
5929 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005930 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005931 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005932 s = tmp;
5933 }
5934
5935 if (chunk_strcasecmp(entry, s) != 0)
5936 continue;
5937
5938 if (pos < 0)
5939 cur--;
5940 else
5941 cur++;
5942
5943 if (cur != pos)
5944 continue;
5945
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005946 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02005947 return -1;
5948
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005949 memcpy(out->str, data_ptr, data_len);
5950 out->len = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005951 return 1;
5952 }
5953
5954 return 0;
5955
5956}
5957
5958/* Extract and format full DN from a X509_NAME and copy result into a chunk
5959 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
5960 */
5961static int
5962ssl_sock_get_dn_oneline(X509_NAME *a, struct chunk *out)
5963{
5964 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005965 ASN1_OBJECT *obj;
5966 ASN1_STRING *data;
5967 const unsigned char *data_ptr;
5968 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005969 int i, n, ln;
5970 int l = 0;
5971 const char *s;
5972 char *p;
5973 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005974 int name_count;
5975
5976
5977 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005978
5979 out->len = 0;
5980 p = out->str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005981 for (i = 0; i < name_count; i++) {
5982 ne = X509_NAME_get_entry(a, i);
5983 obj = X509_NAME_ENTRY_get_object(ne);
5984 data = X509_NAME_ENTRY_get_data(ne);
5985 data_ptr = ASN1_STRING_get0_data(data);
5986 data_len = ASN1_STRING_length(data);
5987 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005988 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005989 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005990 s = tmp;
5991 }
5992 ln = strlen(s);
5993
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005994 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005995 if (l > out->size)
5996 return -1;
5997 out->len = l;
5998
5999 *(p++)='/';
6000 memcpy(p, s, ln);
6001 p += ln;
6002 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006003 memcpy(p, data_ptr, data_len);
6004 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006005 }
6006
6007 if (!out->len)
6008 return 0;
6009
6010 return 1;
6011}
6012
Willy Tarreau119a4082016-12-22 21:58:38 +01006013/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6014 * to disable SNI.
6015 */
Willy Tarreau63076412015-07-10 11:33:32 +02006016void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6017{
6018#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006019 char *prev_name;
6020
Willy Tarreau63076412015-07-10 11:33:32 +02006021 if (!ssl_sock_is_ssl(conn))
6022 return;
6023
Willy Tarreau119a4082016-12-22 21:58:38 +01006024 /* if the SNI changes, we must destroy the reusable context so that a
6025 * new connection will present a new SNI. As an optimization we could
6026 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6027 * server.
6028 */
6029 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6030 if ((!prev_name && hostname) ||
6031 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6032 SSL_set_session(conn->xprt_ctx, NULL);
6033
Willy Tarreau63076412015-07-10 11:33:32 +02006034 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6035#endif
6036}
6037
Emeric Brun0abf8362014-06-24 18:26:41 +02006038/* Extract peer certificate's common name into the chunk dest
6039 * Returns
6040 * the len of the extracted common name
6041 * or 0 if no CN found in DN
6042 * or -1 on error case (i.e. no peer certificate)
6043 */
6044int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest)
David Safb76832014-05-08 23:42:08 -04006045{
6046 X509 *crt = NULL;
6047 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006048 const char find_cn[] = "CN";
6049 const struct chunk find_cn_chunk = {
6050 .str = (char *)&find_cn,
6051 .len = sizeof(find_cn)-1
6052 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006053 int result = -1;
David Safb76832014-05-08 23:42:08 -04006054
6055 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006056 goto out;
David Safb76832014-05-08 23:42:08 -04006057
6058 /* SSL_get_peer_certificate, it increase X509 * ref count */
6059 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6060 if (!crt)
6061 goto out;
6062
6063 name = X509_get_subject_name(crt);
6064 if (!name)
6065 goto out;
David Safb76832014-05-08 23:42:08 -04006066
Emeric Brun0abf8362014-06-24 18:26:41 +02006067 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6068out:
David Safb76832014-05-08 23:42:08 -04006069 if (crt)
6070 X509_free(crt);
6071
6072 return result;
6073}
6074
Dave McCowan328fb582014-07-30 10:39:13 -04006075/* returns 1 if client passed a certificate for this session, 0 if not */
6076int ssl_sock_get_cert_used_sess(struct connection *conn)
6077{
6078 X509 *crt = NULL;
6079
6080 if (!ssl_sock_is_ssl(conn))
6081 return 0;
6082
6083 /* SSL_get_peer_certificate, it increase X509 * ref count */
6084 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6085 if (!crt)
6086 return 0;
6087
6088 X509_free(crt);
6089 return 1;
6090}
6091
6092/* returns 1 if client passed a certificate for this connection, 0 if not */
6093int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006094{
6095 if (!ssl_sock_is_ssl(conn))
6096 return 0;
6097
6098 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6099}
6100
6101/* returns result from SSL verify */
6102unsigned int ssl_sock_get_verify_result(struct connection *conn)
6103{
6104 if (!ssl_sock_is_ssl(conn))
6105 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6106
6107 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6108}
6109
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006110/* Returns the application layer protocol name in <str> and <len> when known.
6111 * Zero is returned if the protocol name was not found, otherwise non-zero is
6112 * returned. The string is allocated in the SSL context and doesn't have to be
6113 * freed by the caller. NPN is also checked if available since older versions
6114 * of openssl (1.0.1) which are more common in field only support this one.
6115 */
6116static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6117{
6118 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6119 return 0;
6120
6121 *str = NULL;
6122
6123#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6124 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6125 if (*str)
6126 return 1;
6127#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006128#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006129 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6130 if (*str)
6131 return 1;
6132#endif
6133 return 0;
6134}
6135
Willy Tarreau7875d092012-09-10 08:20:03 +02006136/***** Below are some sample fetching functions for ACL/patterns *****/
6137
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006138static int
6139smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6140{
6141 struct connection *conn;
6142
6143 conn = objt_conn(smp->sess->origin);
6144 if (!conn || conn->xprt != &ssl_sock)
6145 return 0;
6146
6147 smp->flags = 0;
6148 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006149 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6150 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006151
6152 return 1;
6153}
6154
Emeric Brune64aef12012-09-21 13:15:06 +02006155/* boolean, returns true if client cert was present */
6156static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006157smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006158{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006159 struct connection *conn;
6160
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006161 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006162 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006163 return 0;
6164
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006165 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006166 smp->flags |= SMP_F_MAY_CHANGE;
6167 return 0;
6168 }
6169
6170 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006171 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006172 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006173
6174 return 1;
6175}
6176
Emeric Brun43e79582014-10-29 19:03:26 +01006177/* binary, returns a certificate in a binary chunk (der/raw).
6178 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6179 * should be use.
6180 */
6181static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006182smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006183{
6184 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6185 X509 *crt = NULL;
6186 int ret = 0;
6187 struct chunk *smp_trash;
6188 struct connection *conn;
6189
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006190 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006191 if (!conn || conn->xprt != &ssl_sock)
6192 return 0;
6193
6194 if (!(conn->flags & CO_FL_CONNECTED)) {
6195 smp->flags |= SMP_F_MAY_CHANGE;
6196 return 0;
6197 }
6198
6199 if (cert_peer)
6200 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6201 else
6202 crt = SSL_get_certificate(conn->xprt_ctx);
6203
6204 if (!crt)
6205 goto out;
6206
6207 smp_trash = get_trash_chunk();
6208 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6209 goto out;
6210
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006211 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006212 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006213 ret = 1;
6214out:
6215 /* SSL_get_peer_certificate, it increase X509 * ref count */
6216 if (cert_peer && crt)
6217 X509_free(crt);
6218 return ret;
6219}
6220
Emeric Brunba841a12014-04-30 17:05:08 +02006221/* binary, returns serial of certificate in a binary chunk.
6222 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6223 * should be use.
6224 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006225static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006226smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006227{
Emeric Brunba841a12014-04-30 17:05:08 +02006228 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006229 X509 *crt = NULL;
6230 int ret = 0;
6231 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006232 struct connection *conn;
6233
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006234 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006235 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006236 return 0;
6237
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006238 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006239 smp->flags |= SMP_F_MAY_CHANGE;
6240 return 0;
6241 }
6242
Emeric Brunba841a12014-04-30 17:05:08 +02006243 if (cert_peer)
6244 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6245 else
6246 crt = SSL_get_certificate(conn->xprt_ctx);
6247
Willy Tarreau8d598402012-10-22 17:58:39 +02006248 if (!crt)
6249 goto out;
6250
Willy Tarreau47ca5452012-12-23 20:22:19 +01006251 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006252 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6253 goto out;
6254
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006255 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006256 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006257 ret = 1;
6258out:
Emeric Brunba841a12014-04-30 17:05:08 +02006259 /* SSL_get_peer_certificate, it increase X509 * ref count */
6260 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006261 X509_free(crt);
6262 return ret;
6263}
Emeric Brune64aef12012-09-21 13:15:06 +02006264
Emeric Brunba841a12014-04-30 17:05:08 +02006265/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6266 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6267 * should be use.
6268 */
James Votha051b4a2013-05-14 20:37:59 +02006269static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006270smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006271{
Emeric Brunba841a12014-04-30 17:05:08 +02006272 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006273 X509 *crt = NULL;
6274 const EVP_MD *digest;
6275 int ret = 0;
6276 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006277 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006278
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006279 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006280 if (!conn || conn->xprt != &ssl_sock)
6281 return 0;
6282
6283 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006284 smp->flags |= SMP_F_MAY_CHANGE;
6285 return 0;
6286 }
6287
Emeric Brunba841a12014-04-30 17:05:08 +02006288 if (cert_peer)
6289 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6290 else
6291 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006292 if (!crt)
6293 goto out;
6294
6295 smp_trash = get_trash_chunk();
6296 digest = EVP_sha1();
6297 X509_digest(crt, digest, (unsigned char *)smp_trash->str, (unsigned int *)&smp_trash->len);
6298
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006299 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006300 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006301 ret = 1;
6302out:
Emeric Brunba841a12014-04-30 17:05:08 +02006303 /* SSL_get_peer_certificate, it increase X509 * ref count */
6304 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006305 X509_free(crt);
6306 return ret;
6307}
6308
Emeric Brunba841a12014-04-30 17:05:08 +02006309/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6310 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6311 * should be use.
6312 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006313static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006314smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006315{
Emeric Brunba841a12014-04-30 17:05:08 +02006316 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006317 X509 *crt = NULL;
6318 int ret = 0;
6319 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006320 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006321
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006322 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006323 if (!conn || conn->xprt != &ssl_sock)
6324 return 0;
6325
6326 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006327 smp->flags |= SMP_F_MAY_CHANGE;
6328 return 0;
6329 }
6330
Emeric Brunba841a12014-04-30 17:05:08 +02006331 if (cert_peer)
6332 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6333 else
6334 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006335 if (!crt)
6336 goto out;
6337
Willy Tarreau47ca5452012-12-23 20:22:19 +01006338 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006339 if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
6340 goto out;
6341
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006342 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006343 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006344 ret = 1;
6345out:
Emeric Brunba841a12014-04-30 17:05:08 +02006346 /* SSL_get_peer_certificate, it increase X509 * ref count */
6347 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006348 X509_free(crt);
6349 return ret;
6350}
6351
Emeric Brunba841a12014-04-30 17:05:08 +02006352/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6353 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6354 * should be use.
6355 */
Emeric Brun87855892012-10-17 17:39:35 +02006356static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006357smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006358{
Emeric Brunba841a12014-04-30 17:05:08 +02006359 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006360 X509 *crt = NULL;
6361 X509_NAME *name;
6362 int ret = 0;
6363 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006364 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006365
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006366 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006367 if (!conn || conn->xprt != &ssl_sock)
6368 return 0;
6369
6370 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006371 smp->flags |= SMP_F_MAY_CHANGE;
6372 return 0;
6373 }
6374
Emeric Brunba841a12014-04-30 17:05:08 +02006375 if (cert_peer)
6376 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6377 else
6378 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006379 if (!crt)
6380 goto out;
6381
6382 name = X509_get_issuer_name(crt);
6383 if (!name)
6384 goto out;
6385
Willy Tarreau47ca5452012-12-23 20:22:19 +01006386 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006387 if (args && args[0].type == ARGT_STR) {
6388 int pos = 1;
6389
6390 if (args[1].type == ARGT_SINT)
6391 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006392
6393 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6394 goto out;
6395 }
6396 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6397 goto out;
6398
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006399 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006400 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006401 ret = 1;
6402out:
Emeric Brunba841a12014-04-30 17:05:08 +02006403 /* SSL_get_peer_certificate, it increase X509 * ref count */
6404 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006405 X509_free(crt);
6406 return ret;
6407}
6408
Emeric Brunba841a12014-04-30 17:05:08 +02006409/* string, returns notbefore date in ASN1_UTCTIME format.
6410 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6411 * should be use.
6412 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006413static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006414smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006415{
Emeric Brunba841a12014-04-30 17:05:08 +02006416 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006417 X509 *crt = NULL;
6418 int ret = 0;
6419 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006420 struct connection *conn;
6421
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006422 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006423 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006424 return 0;
6425
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006426 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006427 smp->flags |= SMP_F_MAY_CHANGE;
6428 return 0;
6429 }
6430
Emeric Brunba841a12014-04-30 17:05:08 +02006431 if (cert_peer)
6432 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6433 else
6434 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006435 if (!crt)
6436 goto out;
6437
Willy Tarreau47ca5452012-12-23 20:22:19 +01006438 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006439 if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
6440 goto out;
6441
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006442 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006443 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006444 ret = 1;
6445out:
Emeric Brunba841a12014-04-30 17:05:08 +02006446 /* SSL_get_peer_certificate, it increase X509 * ref count */
6447 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006448 X509_free(crt);
6449 return ret;
6450}
6451
Emeric Brunba841a12014-04-30 17:05:08 +02006452/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6453 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6454 * should be use.
6455 */
Emeric Brun87855892012-10-17 17:39:35 +02006456static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006457smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006458{
Emeric Brunba841a12014-04-30 17:05:08 +02006459 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006460 X509 *crt = NULL;
6461 X509_NAME *name;
6462 int ret = 0;
6463 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006464 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006465
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006466 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006467 if (!conn || conn->xprt != &ssl_sock)
6468 return 0;
6469
6470 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006471 smp->flags |= SMP_F_MAY_CHANGE;
6472 return 0;
6473 }
6474
Emeric Brunba841a12014-04-30 17:05:08 +02006475 if (cert_peer)
6476 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6477 else
6478 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006479 if (!crt)
6480 goto out;
6481
6482 name = X509_get_subject_name(crt);
6483 if (!name)
6484 goto out;
6485
Willy Tarreau47ca5452012-12-23 20:22:19 +01006486 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006487 if (args && args[0].type == ARGT_STR) {
6488 int pos = 1;
6489
6490 if (args[1].type == ARGT_SINT)
6491 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006492
6493 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6494 goto out;
6495 }
6496 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6497 goto out;
6498
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006499 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006500 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006501 ret = 1;
6502out:
Emeric Brunba841a12014-04-30 17:05:08 +02006503 /* SSL_get_peer_certificate, it increase X509 * ref count */
6504 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006505 X509_free(crt);
6506 return ret;
6507}
Emeric Brun9143d372012-12-20 15:44:16 +01006508
6509/* integer, returns true if current session use a client certificate */
6510static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006511smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006512{
6513 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006514 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006515
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006516 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006517 if (!conn || conn->xprt != &ssl_sock)
6518 return 0;
6519
6520 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006521 smp->flags |= SMP_F_MAY_CHANGE;
6522 return 0;
6523 }
6524
6525 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006526 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006527 if (crt) {
6528 X509_free(crt);
6529 }
6530
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006531 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006532 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006533 return 1;
6534}
6535
Emeric Brunba841a12014-04-30 17:05:08 +02006536/* integer, returns the certificate version
6537 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6538 * should be use.
6539 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006540static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006541smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006542{
Emeric Brunba841a12014-04-30 17:05:08 +02006543 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006544 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006545 struct connection *conn;
6546
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006547 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006548 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006549 return 0;
6550
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006551 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006552 smp->flags |= SMP_F_MAY_CHANGE;
6553 return 0;
6554 }
6555
Emeric Brunba841a12014-04-30 17:05:08 +02006556 if (cert_peer)
6557 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6558 else
6559 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006560 if (!crt)
6561 return 0;
6562
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006563 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006564 /* SSL_get_peer_certificate increase X509 * ref count */
6565 if (cert_peer)
6566 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006567 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006568
6569 return 1;
6570}
6571
Emeric Brunba841a12014-04-30 17:05:08 +02006572/* string, returns the certificate's signature algorithm.
6573 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6574 * should be use.
6575 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006576static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006577smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006578{
Emeric Brunba841a12014-04-30 17:05:08 +02006579 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006580 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006581 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006582 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006583 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006584
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006585 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006586 if (!conn || conn->xprt != &ssl_sock)
6587 return 0;
6588
6589 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006590 smp->flags |= SMP_F_MAY_CHANGE;
6591 return 0;
6592 }
6593
Emeric Brunba841a12014-04-30 17:05:08 +02006594 if (cert_peer)
6595 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6596 else
6597 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006598 if (!crt)
6599 return 0;
6600
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006601 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6602 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006603
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006604 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6605 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006606 /* SSL_get_peer_certificate increase X509 * ref count */
6607 if (cert_peer)
6608 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006609 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006610 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006611
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006612 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006613 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006614 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006615 /* SSL_get_peer_certificate increase X509 * ref count */
6616 if (cert_peer)
6617 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006618
6619 return 1;
6620}
6621
Emeric Brunba841a12014-04-30 17:05:08 +02006622/* string, returns the certificate's key algorithm.
6623 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6624 * should be use.
6625 */
Emeric Brun521a0112012-10-22 12:22:55 +02006626static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006627smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006628{
Emeric Brunba841a12014-04-30 17:05:08 +02006629 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006630 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006631 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006632 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006633 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006634
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006635 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006636 if (!conn || conn->xprt != &ssl_sock)
6637 return 0;
6638
6639 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006640 smp->flags |= SMP_F_MAY_CHANGE;
6641 return 0;
6642 }
6643
Emeric Brunba841a12014-04-30 17:05:08 +02006644 if (cert_peer)
6645 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6646 else
6647 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006648 if (!crt)
6649 return 0;
6650
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006651 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6652 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006653
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006654 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6655 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006656 /* SSL_get_peer_certificate increase X509 * ref count */
6657 if (cert_peer)
6658 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006659 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006660 }
Emeric Brun521a0112012-10-22 12:22:55 +02006661
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006662 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006663 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006664 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006665 if (cert_peer)
6666 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006667
6668 return 1;
6669}
6670
Emeric Brun645ae792014-04-30 14:21:06 +02006671/* boolean, returns true if front conn. transport layer is SSL.
6672 * This function is also usable on backend conn if the fetch keyword 5th
6673 * char is 'b'.
6674 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006675static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006676smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006677{
Emeric Bruneb8def92018-02-19 15:59:48 +01006678 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6679 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006680
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006681 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006682 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006683 return 1;
6684}
6685
Emeric Brun2525b6b2012-10-18 15:59:43 +02006686/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006687static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006688smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006689{
6690#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006691 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006692
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006693 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006694 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006695 conn->xprt_ctx &&
6696 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006697 return 1;
6698#else
6699 return 0;
6700#endif
6701}
6702
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006703/* boolean, returns true if client session has been resumed.
6704 * This function is also usable on backend conn if the fetch keyword 5th
6705 * char is 'b'.
6706 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006707static int
6708smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6709{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006710 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6711 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6712
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006713
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006714 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006715 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006716 conn->xprt_ctx &&
6717 SSL_session_reused(conn->xprt_ctx);
6718 return 1;
6719}
6720
Emeric Brun645ae792014-04-30 14:21:06 +02006721/* string, returns the used cipher if front conn. transport layer is SSL.
6722 * This function is also usable on backend conn if the fetch keyword 5th
6723 * char is 'b'.
6724 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006725static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006726smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006727{
Emeric Bruneb8def92018-02-19 15:59:48 +01006728 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6729 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006730
Willy Tarreaube508f12016-03-10 11:47:01 +01006731 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006732 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006733 return 0;
6734
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006735 smp->data.u.str.str = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6736 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006737 return 0;
6738
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006739 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006740 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006741 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006742
6743 return 1;
6744}
6745
Emeric Brun645ae792014-04-30 14:21:06 +02006746/* integer, returns the algoritm's keysize if front conn. transport layer
6747 * is SSL.
6748 * This function is also usable on backend conn if the fetch keyword 5th
6749 * char is 'b'.
6750 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006751static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006752smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006753{
Emeric Bruneb8def92018-02-19 15:59:48 +01006754 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6755 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006756 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006757
Emeric Brun589fcad2012-10-16 14:13:26 +02006758 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006759 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006760 return 0;
6761
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006762 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006763 return 0;
6764
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006765 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006766 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006767
6768 return 1;
6769}
6770
Emeric Brun645ae792014-04-30 14:21:06 +02006771/* integer, returns the used keysize if front conn. transport layer is SSL.
6772 * This function is also usable on backend conn if the fetch keyword 5th
6773 * char is 'b'.
6774 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006775static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006776smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006777{
Emeric Bruneb8def92018-02-19 15:59:48 +01006778 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6779 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006780
Emeric Brun589fcad2012-10-16 14:13:26 +02006781 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006782 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6783 return 0;
6784
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006785 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6786 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006787 return 0;
6788
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006789 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006790
6791 return 1;
6792}
6793
Bernard Spil13c53f82018-02-15 13:34:58 +01006794#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02006795static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006796smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006797{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006798 struct connection *conn;
6799
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006800 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006801 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006802
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006803 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006804 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6805 return 0;
6806
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006807 smp->data.u.str.str = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006808 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006809 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006810
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006811 if (!smp->data.u.str.str)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006812 return 0;
6813
6814 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006815}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006816#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006817
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006818#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006819static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006820smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006821{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006822 struct connection *conn;
6823
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006824 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006825 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006826
Willy Tarreaue26bf052015-05-12 10:30:12 +02006827 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006828 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006829 return 0;
6830
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006831 smp->data.u.str.str = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006832 SSL_get0_alpn_selected(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006833 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreauab861d32013-04-02 02:30:41 +02006834
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006835 if (!smp->data.u.str.str)
Willy Tarreauab861d32013-04-02 02:30:41 +02006836 return 0;
6837
6838 return 1;
6839}
6840#endif
6841
Emeric Brun645ae792014-04-30 14:21:06 +02006842/* string, returns the used protocol if front conn. transport layer is SSL.
6843 * This function is also usable on backend conn if the fetch keyword 5th
6844 * char is 'b'.
6845 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02006846static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006847smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006848{
Emeric Bruneb8def92018-02-19 15:59:48 +01006849 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6850 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006851
Emeric Brun589fcad2012-10-16 14:13:26 +02006852 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006853 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6854 return 0;
6855
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006856 smp->data.u.str.str = (char *)SSL_get_version(conn->xprt_ctx);
6857 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006858 return 0;
6859
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006860 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006861 smp->flags = SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006862 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006863
6864 return 1;
6865}
6866
Willy Tarreau87b09662015-04-03 00:22:06 +02006867/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02006868 * This function is also usable on backend conn if the fetch keyword 5th
6869 * char is 'b'.
6870 */
Patrick Hemmer41966772018-04-28 19:15:48 -04006871#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02006872static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006873smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02006874{
Emeric Bruneb8def92018-02-19 15:59:48 +01006875 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6876 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006877 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01006878
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006879 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006880 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02006881
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006882 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6883 return 0;
6884
Willy Tarreau192252e2015-04-04 01:47:55 +02006885 ssl_sess = SSL_get_session(conn->xprt_ctx);
6886 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02006887 return 0;
6888
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006889 smp->data.u.str.str = (char *)SSL_SESSION_get_id(ssl_sess, (unsigned int *)&smp->data.u.str.len);
6890 if (!smp->data.u.str.str || !smp->data.u.str.len)
Emeric Brunfe68f682012-10-16 14:59:28 +02006891 return 0;
6892
6893 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02006894}
Patrick Hemmer41966772018-04-28 19:15:48 -04006895#endif
6896
Emeric Brunfe68f682012-10-16 14:59:28 +02006897
Patrick Hemmere0275472018-04-28 19:15:51 -04006898#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
6899static int
6900smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
6901{
6902 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6903 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6904 SSL_SESSION *ssl_sess;
6905 struct chunk *data;
6906
6907 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6908 return 0;
6909
6910 ssl_sess = SSL_get_session(conn->xprt_ctx);
6911 if (!ssl_sess)
6912 return 0;
6913
6914 data = get_trash_chunk();
6915 data->len = SSL_SESSION_get_master_key(ssl_sess, (unsigned char *)data->str, data->size);
6916 if (!data->len)
6917 return 0;
6918
6919 smp->flags = 0;
6920 smp->data.type = SMP_T_BIN;
6921 smp->data.u.str = *data;
6922
6923 return 1;
6924}
6925#endif
6926
Patrick Hemmer41966772018-04-28 19:15:48 -04006927#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02006928static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006929smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006930{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006931 struct connection *conn;
6932
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006933 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006934 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02006935
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006936 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006937 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6938 return 0;
6939
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006940 smp->data.u.str.str = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6941 if (!smp->data.u.str.str)
Willy Tarreau3e394c92012-09-14 23:56:58 +02006942 return 0;
6943
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006944 smp->data.u.str.len = strlen(smp->data.u.str.str);
Willy Tarreau7875d092012-09-10 08:20:03 +02006945 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02006946}
Patrick Hemmer41966772018-04-28 19:15:48 -04006947#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02006948
David Sc1ad52e2014-04-08 18:48:47 -04006949static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006950smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
6951{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006952 struct connection *conn;
6953 struct ssl_capture *capture;
6954
6955 conn = objt_conn(smp->sess->origin);
6956 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6957 return 0;
6958
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006959 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006960 if (!capture)
6961 return 0;
6962
6963 smp->flags = SMP_F_CONST;
6964 smp->data.type = SMP_T_BIN;
6965 smp->data.u.str.str = capture->ciphersuite;
6966 smp->data.u.str.len = capture->ciphersuite_len;
6967 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006968}
6969
6970static int
6971smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
6972{
6973 struct chunk *data;
6974
6975 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6976 return 0;
6977
6978 data = get_trash_chunk();
6979 dump_binary(data, smp->data.u.str.str, smp->data.u.str.len);
6980 smp->data.type = SMP_T_BIN;
6981 smp->data.u.str = *data;
6982 return 1;
6983}
6984
6985static int
6986smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
6987{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006988 struct connection *conn;
6989 struct ssl_capture *capture;
6990
6991 conn = objt_conn(smp->sess->origin);
6992 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6993 return 0;
6994
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006995 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006996 if (!capture)
6997 return 0;
6998
6999 smp->data.type = SMP_T_SINT;
7000 smp->data.u.sint = capture->xxh64;
7001 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007002}
7003
7004static int
7005smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7006{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007007#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007008 struct chunk *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007009 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007010
7011 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7012 return 0;
7013
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007014 data = get_trash_chunk();
7015 for (i = 0; i + 1 < smp->data.u.str.len; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007016 const char *str;
7017 const SSL_CIPHER *cipher;
7018 const unsigned char *bin = (const unsigned char *)smp->data.u.str.str + i;
7019 uint16_t id = (bin[0] << 8) | bin[1];
7020#if defined(OPENSSL_IS_BORINGSSL)
7021 cipher = SSL_get_cipher_by_value(id);
7022#else
7023 struct connection *conn = objt_conn(smp->sess->origin);
7024 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
7025#endif
7026 str = SSL_CIPHER_get_name(cipher);
7027 if (!str || strcmp(str, "(NONE)") == 0)
7028 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007029 else
7030 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7031 }
7032 smp->data.type = SMP_T_STR;
7033 smp->data.u.str = *data;
7034 return 1;
7035#else
7036 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7037#endif
7038}
7039
Patrick Hemmer41966772018-04-28 19:15:48 -04007040#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007041static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007042smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007043{
Emeric Bruneb8def92018-02-19 15:59:48 +01007044 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7045 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007046 int finished_len;
David Sc1ad52e2014-04-08 18:48:47 -04007047 struct chunk *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007048
7049 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007050 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7051 return 0;
7052
7053 if (!(conn->flags & CO_FL_CONNECTED)) {
7054 smp->flags |= SMP_F_MAY_CHANGE;
7055 return 0;
7056 }
7057
7058 finished_trash = get_trash_chunk();
7059 if (!SSL_session_reused(conn->xprt_ctx))
7060 finished_len = SSL_get_peer_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
7061 else
7062 finished_len = SSL_get_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
7063
7064 if (!finished_len)
7065 return 0;
7066
Emeric Brunb73a9b02014-04-30 18:49:19 +02007067 finished_trash->len = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007068 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007069 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007070
7071 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007072}
Patrick Hemmer41966772018-04-28 19:15:48 -04007073#endif
David Sc1ad52e2014-04-08 18:48:47 -04007074
Emeric Brun2525b6b2012-10-18 15:59:43 +02007075/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007076static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007077smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007078{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007079 struct connection *conn;
7080
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007081 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007082 if (!conn || conn->xprt != &ssl_sock)
7083 return 0;
7084
7085 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007086 smp->flags = SMP_F_MAY_CHANGE;
7087 return 0;
7088 }
7089
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007090 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007091 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007092 smp->flags = 0;
7093
7094 return 1;
7095}
7096
Emeric Brun2525b6b2012-10-18 15:59:43 +02007097/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007098static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007099smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007100{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007101 struct connection *conn;
7102
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007103 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007104 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007105 return 0;
7106
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007107 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007108 smp->flags = SMP_F_MAY_CHANGE;
7109 return 0;
7110 }
7111
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007112 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007113 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007114 smp->flags = 0;
7115
7116 return 1;
7117}
7118
Emeric Brun2525b6b2012-10-18 15:59:43 +02007119/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007120static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007121smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007122{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007123 struct connection *conn;
7124
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007125 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007126 if (!conn || conn->xprt != &ssl_sock)
7127 return 0;
7128
7129 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007130 smp->flags = SMP_F_MAY_CHANGE;
7131 return 0;
7132 }
7133
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007134 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007135 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007136 smp->flags = 0;
7137
7138 return 1;
7139}
7140
Emeric Brun2525b6b2012-10-18 15:59:43 +02007141/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007142static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007143smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007144{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007145 struct connection *conn;
7146
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007147 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007148 if (!conn || conn->xprt != &ssl_sock)
7149 return 0;
7150
7151 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007152 smp->flags = SMP_F_MAY_CHANGE;
7153 return 0;
7154 }
7155
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007156 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007157 return 0;
7158
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007159 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007160 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007161 smp->flags = 0;
7162
7163 return 1;
7164}
7165
Emeric Brunfb510ea2012-10-05 12:00:26 +02007166/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007167static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007168{
7169 if (!*args[cur_arg + 1]) {
7170 if (err)
7171 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7172 return ERR_ALERT | ERR_FATAL;
7173 }
7174
Willy Tarreauef934602016-12-22 23:12:01 +01007175 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7176 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007177 else
7178 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007179
Emeric Brund94b3fe2012-09-20 18:23:56 +02007180 return 0;
7181}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007182static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7183{
7184 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7185}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007186
Christopher Faulet31af49d2015-06-09 17:29:50 +02007187/* parse the "ca-sign-file" bind keyword */
7188static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7189{
7190 if (!*args[cur_arg + 1]) {
7191 if (err)
7192 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7193 return ERR_ALERT | ERR_FATAL;
7194 }
7195
Willy Tarreauef934602016-12-22 23:12:01 +01007196 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7197 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007198 else
7199 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7200
7201 return 0;
7202}
7203
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007204/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007205static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7206{
7207 if (!*args[cur_arg + 1]) {
7208 if (err)
7209 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7210 return ERR_ALERT | ERR_FATAL;
7211 }
7212 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7213 return 0;
7214}
7215
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007216/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007217static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007218{
7219 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007220 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007221 return ERR_ALERT | ERR_FATAL;
7222 }
7223
Emeric Brun76d88952012-10-05 15:47:31 +02007224 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007225 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007226 return 0;
7227}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007228static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7229{
7230 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7231}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007232/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007233static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007234{
Willy Tarreau38011032013-08-13 16:59:39 +02007235 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007236
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007237 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007238 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007239 return ERR_ALERT | ERR_FATAL;
7240 }
7241
Willy Tarreauef934602016-12-22 23:12:01 +01007242 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7243 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007244 memprintf(err, "'%s' : path too long", args[cur_arg]);
7245 return ERR_ALERT | ERR_FATAL;
7246 }
Willy Tarreauef934602016-12-22 23:12:01 +01007247 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007248 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007249 return ERR_ALERT | ERR_FATAL;
7250
7251 return 0;
7252 }
7253
Willy Tarreau03209342016-12-22 17:08:28 +01007254 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007255 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007256
7257 return 0;
7258}
7259
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007260/* parse the "crt-list" bind keyword */
7261static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7262{
7263 if (!*args[cur_arg + 1]) {
7264 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7265 return ERR_ALERT | ERR_FATAL;
7266 }
7267
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007268 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007269 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007270 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007271 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007272
7273 return 0;
7274}
7275
Emeric Brunfb510ea2012-10-05 12:00:26 +02007276/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007277static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007278{
Emeric Brun051cdab2012-10-02 19:25:50 +02007279#ifndef X509_V_FLAG_CRL_CHECK
7280 if (err)
7281 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7282 return ERR_ALERT | ERR_FATAL;
7283#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007284 if (!*args[cur_arg + 1]) {
7285 if (err)
7286 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7287 return ERR_ALERT | ERR_FATAL;
7288 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007289
Willy Tarreauef934602016-12-22 23:12:01 +01007290 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7291 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007292 else
7293 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007294
Emeric Brun2b58d042012-09-20 17:10:03 +02007295 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007296#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007297}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007298static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7299{
7300 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7301}
Emeric Brun2b58d042012-09-20 17:10:03 +02007302
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007303/* parse the "curves" bind keyword keyword */
7304static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7305{
7306#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7307 if (!*args[cur_arg + 1]) {
7308 if (err)
7309 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7310 return ERR_ALERT | ERR_FATAL;
7311 }
7312 conf->curves = strdup(args[cur_arg + 1]);
7313 return 0;
7314#else
7315 if (err)
7316 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7317 return ERR_ALERT | ERR_FATAL;
7318#endif
7319}
7320static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7321{
7322 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7323}
7324
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007325/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007326static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007327{
7328#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7329 if (err)
7330 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7331 return ERR_ALERT | ERR_FATAL;
7332#elif defined(OPENSSL_NO_ECDH)
7333 if (err)
7334 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7335 return ERR_ALERT | ERR_FATAL;
7336#else
7337 if (!*args[cur_arg + 1]) {
7338 if (err)
7339 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7340 return ERR_ALERT | ERR_FATAL;
7341 }
7342
7343 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007344
7345 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007346#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007347}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007348static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7349{
7350 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7351}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007352
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007353/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007354static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7355{
7356 int code;
7357 char *p = args[cur_arg + 1];
7358 unsigned long long *ignerr = &conf->crt_ignerr;
7359
7360 if (!*p) {
7361 if (err)
7362 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7363 return ERR_ALERT | ERR_FATAL;
7364 }
7365
7366 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7367 ignerr = &conf->ca_ignerr;
7368
7369 if (strcmp(p, "all") == 0) {
7370 *ignerr = ~0ULL;
7371 return 0;
7372 }
7373
7374 while (p) {
7375 code = atoi(p);
7376 if ((code <= 0) || (code > 63)) {
7377 if (err)
7378 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7379 args[cur_arg], code, args[cur_arg + 1]);
7380 return ERR_ALERT | ERR_FATAL;
7381 }
7382 *ignerr |= 1ULL << code;
7383 p = strchr(p, ',');
7384 if (p)
7385 p++;
7386 }
7387
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007388 return 0;
7389}
7390
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007391/* parse tls_method_options "no-xxx" and "force-xxx" */
7392static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007393{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007394 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007395 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007396 p = strchr(arg, '-');
7397 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007398 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007399 p++;
7400 if (!strcmp(p, "sslv3"))
7401 v = CONF_SSLV3;
7402 else if (!strcmp(p, "tlsv10"))
7403 v = CONF_TLSV10;
7404 else if (!strcmp(p, "tlsv11"))
7405 v = CONF_TLSV11;
7406 else if (!strcmp(p, "tlsv12"))
7407 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007408 else if (!strcmp(p, "tlsv13"))
7409 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007410 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007411 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007412 if (!strncmp(arg, "no-", 3))
7413 methods->flags |= methodVersions[v].flag;
7414 else if (!strncmp(arg, "force-", 6))
7415 methods->min = methods->max = v;
7416 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007417 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007418 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007419 fail:
7420 if (err)
7421 memprintf(err, "'%s' : option not implemented", arg);
7422 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007423}
7424
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007425static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007426{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007427 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007428}
7429
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007430static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007431{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007432 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7433}
7434
7435/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7436static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7437{
7438 uint16_t i, v = 0;
7439 char *argv = args[cur_arg + 1];
7440 if (!*argv) {
7441 if (err)
7442 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7443 return ERR_ALERT | ERR_FATAL;
7444 }
7445 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7446 if (!strcmp(argv, methodVersions[i].name))
7447 v = i;
7448 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007449 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007450 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007451 return ERR_ALERT | ERR_FATAL;
7452 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007453 if (!strcmp("ssl-min-ver", args[cur_arg]))
7454 methods->min = v;
7455 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7456 methods->max = v;
7457 else {
7458 if (err)
7459 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7460 return ERR_ALERT | ERR_FATAL;
7461 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007462 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007463}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007464
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007465static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7466{
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02007467#if (OPENSSL_VERSION_NUMBER < 0x10101000L) || !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007468 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007469#endif
7470 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7471}
7472
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007473static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7474{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007475 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007476}
7477
7478static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7479{
7480 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7481}
7482
Emeric Brun2d0c4822012-10-02 13:45:20 +02007483/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007484static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007485{
Emeric Brun89675492012-10-05 13:48:26 +02007486 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007487 return 0;
7488}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007489
Olivier Houchardc2aae742017-09-22 18:26:28 +02007490/* parse the "allow-0rtt" bind keyword */
7491static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7492{
7493 conf->early_data = 1;
7494 return 0;
7495}
7496
7497static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7498{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007499 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007500 return 0;
7501}
7502
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007503/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007504static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007505{
Bernard Spil13c53f82018-02-15 13:34:58 +01007506#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007507 char *p1, *p2;
7508
7509 if (!*args[cur_arg + 1]) {
7510 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7511 return ERR_ALERT | ERR_FATAL;
7512 }
7513
7514 free(conf->npn_str);
7515
Willy Tarreau3724da12016-02-12 17:11:12 +01007516 /* the NPN string is built as a suite of (<len> <name>)*,
7517 * so we reuse each comma to store the next <len> and need
7518 * one more for the end of the string.
7519 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007520 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007521 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007522 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7523
7524 /* replace commas with the name length */
7525 p1 = conf->npn_str;
7526 p2 = p1 + 1;
7527 while (1) {
7528 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7529 if (!p2)
7530 p2 = p1 + 1 + strlen(p1 + 1);
7531
7532 if (p2 - (p1 + 1) > 255) {
7533 *p2 = '\0';
7534 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7535 return ERR_ALERT | ERR_FATAL;
7536 }
7537
7538 *p1 = p2 - (p1 + 1);
7539 p1 = p2;
7540
7541 if (!*p2)
7542 break;
7543
7544 *(p2++) = '\0';
7545 }
7546 return 0;
7547#else
7548 if (err)
7549 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7550 return ERR_ALERT | ERR_FATAL;
7551#endif
7552}
7553
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007554static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7555{
7556 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7557}
7558
Willy Tarreauab861d32013-04-02 02:30:41 +02007559/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007560static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007561{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007562#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007563 char *p1, *p2;
7564
7565 if (!*args[cur_arg + 1]) {
7566 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7567 return ERR_ALERT | ERR_FATAL;
7568 }
7569
7570 free(conf->alpn_str);
7571
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007572 /* the ALPN string is built as a suite of (<len> <name>)*,
7573 * so we reuse each comma to store the next <len> and need
7574 * one more for the end of the string.
7575 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007576 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007577 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007578 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7579
7580 /* replace commas with the name length */
7581 p1 = conf->alpn_str;
7582 p2 = p1 + 1;
7583 while (1) {
7584 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7585 if (!p2)
7586 p2 = p1 + 1 + strlen(p1 + 1);
7587
7588 if (p2 - (p1 + 1) > 255) {
7589 *p2 = '\0';
7590 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7591 return ERR_ALERT | ERR_FATAL;
7592 }
7593
7594 *p1 = p2 - (p1 + 1);
7595 p1 = p2;
7596
7597 if (!*p2)
7598 break;
7599
7600 *(p2++) = '\0';
7601 }
7602 return 0;
7603#else
7604 if (err)
7605 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7606 return ERR_ALERT | ERR_FATAL;
7607#endif
7608}
7609
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007610static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7611{
7612 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7613}
7614
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007615/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007616static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007617{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007618 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007619 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007620
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007621 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7622 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007623 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007624 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7625 if (!conf->ssl_conf.ssl_methods.min)
7626 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7627 if (!conf->ssl_conf.ssl_methods.max)
7628 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007629
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007630 return 0;
7631}
7632
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007633/* parse the "prefer-client-ciphers" bind keyword */
7634static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7635{
7636 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7637 return 0;
7638}
7639
Christopher Faulet31af49d2015-06-09 17:29:50 +02007640/* parse the "generate-certificates" bind keyword */
7641static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7642{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007643#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007644 conf->generate_certs = 1;
7645#else
7646 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7647 err && *err ? *err : "");
7648#endif
7649 return 0;
7650}
7651
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007652/* parse the "strict-sni" bind keyword */
7653static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7654{
7655 conf->strict_sni = 1;
7656 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007657}
7658
7659/* parse the "tls-ticket-keys" bind keyword */
7660static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7661{
7662#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7663 FILE *f;
7664 int i = 0;
7665 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007666 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007667
7668 if (!*args[cur_arg + 1]) {
7669 if (err)
7670 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7671 return ERR_ALERT | ERR_FATAL;
7672 }
7673
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007674 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
7675 if(keys_ref) {
7676 conf->keys_ref = keys_ref;
7677 return 0;
7678 }
7679
Vincent Bernat02779b62016-04-03 13:48:43 +02007680 keys_ref = malloc(sizeof(*keys_ref));
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007681 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007682
7683 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
7684 if (err)
7685 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7686 return ERR_ALERT | ERR_FATAL;
7687 }
7688
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007689 keys_ref->filename = strdup(args[cur_arg + 1]);
7690
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007691 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7692 int len = strlen(thisline);
7693 /* Strip newline characters from the end */
7694 if(thisline[len - 1] == '\n')
7695 thisline[--len] = 0;
7696
7697 if(thisline[len - 1] == '\r')
7698 thisline[--len] = 0;
7699
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007700 if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007701 if (err)
7702 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007703 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007704 return ERR_ALERT | ERR_FATAL;
7705 }
7706 i++;
7707 }
7708
7709 if (i < TLS_TICKETS_NO) {
7710 if (err)
7711 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007712 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007713 return ERR_ALERT | ERR_FATAL;
7714 }
7715
7716 fclose(f);
7717
7718 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007719 i -= 2;
7720 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007721 keys_ref->unique_id = -1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007722 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007723 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007724
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007725 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7726
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007727 return 0;
7728#else
7729 if (err)
7730 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7731 return ERR_ALERT | ERR_FATAL;
7732#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007733}
7734
Emeric Brund94b3fe2012-09-20 18:23:56 +02007735/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007736static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007737{
7738 if (!*args[cur_arg + 1]) {
7739 if (err)
7740 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7741 return ERR_ALERT | ERR_FATAL;
7742 }
7743
7744 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007745 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007746 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007747 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007748 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007749 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007750 else {
7751 if (err)
7752 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7753 args[cur_arg], args[cur_arg + 1]);
7754 return ERR_ALERT | ERR_FATAL;
7755 }
7756
7757 return 0;
7758}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007759static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7760{
7761 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
7762}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007763
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02007764/* parse the "no-ca-names" bind keyword */
7765static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7766{
7767 conf->no_ca_names = 1;
7768 return 0;
7769}
7770static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7771{
7772 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
7773}
7774
Willy Tarreau92faadf2012-10-10 23:04:25 +02007775/************** "server" keywords ****************/
7776
Emeric Brunef42d922012-10-11 16:11:36 +02007777/* parse the "ca-file" server keyword */
7778static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7779{
7780 if (!*args[*cur_arg + 1]) {
7781 if (err)
7782 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
7783 return ERR_ALERT | ERR_FATAL;
7784 }
7785
Willy Tarreauef934602016-12-22 23:12:01 +01007786 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7787 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007788 else
7789 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
7790
7791 return 0;
7792}
7793
Olivier Houchard9130a962017-10-17 17:33:43 +02007794/* parse the "check-sni" server keyword */
7795static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7796{
7797 if (!*args[*cur_arg + 1]) {
7798 if (err)
7799 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
7800 return ERR_ALERT | ERR_FATAL;
7801 }
7802
7803 newsrv->check.sni = strdup(args[*cur_arg + 1]);
7804 if (!newsrv->check.sni) {
7805 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
7806 return ERR_ALERT | ERR_FATAL;
7807 }
7808 return 0;
7809
7810}
7811
Willy Tarreau92faadf2012-10-10 23:04:25 +02007812/* parse the "check-ssl" server keyword */
7813static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7814{
7815 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007816 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7817 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
7818 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007819 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
7820 if (!newsrv->ssl_ctx.methods.min)
7821 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
7822 if (!newsrv->ssl_ctx.methods.max)
7823 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
7824
Willy Tarreau92faadf2012-10-10 23:04:25 +02007825 return 0;
7826}
7827
7828/* parse the "ciphers" server keyword */
7829static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7830{
7831 if (!*args[*cur_arg + 1]) {
7832 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
7833 return ERR_ALERT | ERR_FATAL;
7834 }
7835
7836 free(newsrv->ssl_ctx.ciphers);
7837 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
7838 return 0;
7839}
7840
Emeric Brunef42d922012-10-11 16:11:36 +02007841/* parse the "crl-file" server keyword */
7842static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7843{
7844#ifndef X509_V_FLAG_CRL_CHECK
7845 if (err)
7846 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
7847 return ERR_ALERT | ERR_FATAL;
7848#else
7849 if (!*args[*cur_arg + 1]) {
7850 if (err)
7851 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
7852 return ERR_ALERT | ERR_FATAL;
7853 }
7854
Willy Tarreauef934602016-12-22 23:12:01 +01007855 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7856 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007857 else
7858 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
7859
7860 return 0;
7861#endif
7862}
7863
Emeric Bruna7aa3092012-10-26 12:58:00 +02007864/* parse the "crt" server keyword */
7865static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7866{
7867 if (!*args[*cur_arg + 1]) {
7868 if (err)
7869 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
7870 return ERR_ALERT | ERR_FATAL;
7871 }
7872
Willy Tarreauef934602016-12-22 23:12:01 +01007873 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01007874 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02007875 else
7876 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
7877
7878 return 0;
7879}
Emeric Brunef42d922012-10-11 16:11:36 +02007880
Frédéric Lécaille340ae602017-03-13 10:38:04 +01007881/* parse the "no-check-ssl" server keyword */
7882static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7883{
7884 newsrv->check.use_ssl = 0;
7885 free(newsrv->ssl_ctx.ciphers);
7886 newsrv->ssl_ctx.ciphers = NULL;
7887 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
7888 return 0;
7889}
7890
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01007891/* parse the "no-send-proxy-v2-ssl" server keyword */
7892static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7893{
7894 newsrv->pp_opts &= ~SRV_PP_V2;
7895 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7896 return 0;
7897}
7898
7899/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
7900static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7901{
7902 newsrv->pp_opts &= ~SRV_PP_V2;
7903 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7904 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
7905 return 0;
7906}
7907
Frédéric Lécaillee381d762017-03-13 11:54:17 +01007908/* parse the "no-ssl" server keyword */
7909static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7910{
7911 newsrv->use_ssl = 0;
7912 free(newsrv->ssl_ctx.ciphers);
7913 newsrv->ssl_ctx.ciphers = NULL;
7914 return 0;
7915}
7916
Olivier Houchard522eea72017-11-03 16:27:47 +01007917/* parse the "allow-0rtt" server keyword */
7918static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7919{
7920 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
7921 return 0;
7922}
7923
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01007924/* parse the "no-ssl-reuse" server keyword */
7925static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7926{
7927 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
7928 return 0;
7929}
7930
Emeric Brunf9c5c472012-10-11 15:28:34 +02007931/* parse the "no-tls-tickets" server keyword */
7932static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7933{
7934 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
7935 return 0;
7936}
David Safb76832014-05-08 23:42:08 -04007937/* parse the "send-proxy-v2-ssl" server keyword */
7938static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7939{
7940 newsrv->pp_opts |= SRV_PP_V2;
7941 newsrv->pp_opts |= SRV_PP_V2_SSL;
7942 return 0;
7943}
7944
7945/* parse the "send-proxy-v2-ssl-cn" server keyword */
7946static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7947{
7948 newsrv->pp_opts |= SRV_PP_V2;
7949 newsrv->pp_opts |= SRV_PP_V2_SSL;
7950 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
7951 return 0;
7952}
Emeric Brunf9c5c472012-10-11 15:28:34 +02007953
Willy Tarreau732eac42015-07-09 11:40:25 +02007954/* parse the "sni" server keyword */
7955static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7956{
7957#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
7958 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
7959 return ERR_ALERT | ERR_FATAL;
7960#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007961 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02007962
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007963 arg = args[*cur_arg + 1];
7964 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02007965 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
7966 return ERR_ALERT | ERR_FATAL;
7967 }
7968
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007969 free(newsrv->sni_expr);
7970 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02007971
Willy Tarreau732eac42015-07-09 11:40:25 +02007972 return 0;
7973#endif
7974}
7975
Willy Tarreau92faadf2012-10-10 23:04:25 +02007976/* parse the "ssl" server keyword */
7977static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7978{
7979 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007980 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7981 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau92faadf2012-10-10 23:04:25 +02007982 return 0;
7983}
7984
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007985/* parse the "ssl-reuse" server keyword */
7986static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7987{
7988 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
7989 return 0;
7990}
7991
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007992/* parse the "tls-tickets" server keyword */
7993static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7994{
7995 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
7996 return 0;
7997}
7998
Emeric Brunef42d922012-10-11 16:11:36 +02007999/* parse the "verify" server keyword */
8000static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8001{
8002 if (!*args[*cur_arg + 1]) {
8003 if (err)
8004 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8005 return ERR_ALERT | ERR_FATAL;
8006 }
8007
8008 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008009 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008010 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008011 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008012 else {
8013 if (err)
8014 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8015 args[*cur_arg], args[*cur_arg + 1]);
8016 return ERR_ALERT | ERR_FATAL;
8017 }
8018
Evan Broderbe554312013-06-27 00:05:25 -07008019 return 0;
8020}
8021
8022/* parse the "verifyhost" server keyword */
8023static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8024{
8025 if (!*args[*cur_arg + 1]) {
8026 if (err)
8027 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8028 return ERR_ALERT | ERR_FATAL;
8029 }
8030
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008031 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008032 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8033
Emeric Brunef42d922012-10-11 16:11:36 +02008034 return 0;
8035}
8036
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008037/* parse the "ssl-default-bind-options" keyword in global section */
8038static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8039 struct proxy *defpx, const char *file, int line,
8040 char **err) {
8041 int i = 1;
8042
8043 if (*(args[i]) == 0) {
8044 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8045 return -1;
8046 }
8047 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008048 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008049 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008050 else if (!strcmp(args[i], "prefer-client-ciphers"))
8051 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008052 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8053 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8054 i++;
8055 else {
8056 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8057 return -1;
8058 }
8059 }
8060 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008061 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8062 return -1;
8063 }
8064 i++;
8065 }
8066 return 0;
8067}
8068
8069/* parse the "ssl-default-server-options" keyword in global section */
8070static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8071 struct proxy *defpx, const char *file, int line,
8072 char **err) {
8073 int i = 1;
8074
8075 if (*(args[i]) == 0) {
8076 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8077 return -1;
8078 }
8079 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008080 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008081 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008082 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8083 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8084 i++;
8085 else {
8086 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8087 return -1;
8088 }
8089 }
8090 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008091 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8092 return -1;
8093 }
8094 i++;
8095 }
8096 return 0;
8097}
8098
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008099/* parse the "ca-base" / "crt-base" keywords in global section.
8100 * Returns <0 on alert, >0 on warning, 0 on success.
8101 */
8102static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8103 struct proxy *defpx, const char *file, int line,
8104 char **err)
8105{
8106 char **target;
8107
Willy Tarreauef934602016-12-22 23:12:01 +01008108 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008109
8110 if (too_many_args(1, args, err, NULL))
8111 return -1;
8112
8113 if (*target) {
8114 memprintf(err, "'%s' already specified.", args[0]);
8115 return -1;
8116 }
8117
8118 if (*(args[1]) == 0) {
8119 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8120 return -1;
8121 }
8122 *target = strdup(args[1]);
8123 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008124}
8125
8126/* parse the "ssl-mode-async" keyword in global section.
8127 * Returns <0 on alert, >0 on warning, 0 on success.
8128 */
8129static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8130 struct proxy *defpx, const char *file, int line,
8131 char **err)
8132{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008133#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008134 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008135 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008136 return 0;
8137#else
8138 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8139 return -1;
8140#endif
8141}
8142
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008143#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008144static int ssl_check_async_engine_count(void) {
8145 int err_code = 0;
8146
Emeric Brun3854e012017-05-17 20:42:48 +02008147 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008148 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008149 err_code = ERR_ABORT;
8150 }
8151 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008152}
8153
Grant Zhang872f9c22017-01-21 01:10:18 +00008154/* parse the "ssl-engine" keyword in global section.
8155 * Returns <0 on alert, >0 on warning, 0 on success.
8156 */
8157static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8158 struct proxy *defpx, const char *file, int line,
8159 char **err)
8160{
8161 char *algo;
8162 int ret = -1;
8163
8164 if (*(args[1]) == 0) {
8165 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8166 return ret;
8167 }
8168
8169 if (*(args[2]) == 0) {
8170 /* if no list of algorithms is given, it defaults to ALL */
8171 algo = strdup("ALL");
8172 goto add_engine;
8173 }
8174
8175 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8176 if (strcmp(args[2], "algo") != 0) {
8177 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8178 return ret;
8179 }
8180
8181 if (*(args[3]) == 0) {
8182 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8183 return ret;
8184 }
8185 algo = strdup(args[3]);
8186
8187add_engine:
8188 if (ssl_init_single_engine(args[1], algo)==0) {
8189 openssl_engines_initialized++;
8190 ret = 0;
8191 }
8192 free(algo);
8193 return ret;
8194}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008195#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008196
Willy Tarreauf22e9682016-12-21 23:23:19 +01008197/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8198 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8199 */
8200static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8201 struct proxy *defpx, const char *file, int line,
8202 char **err)
8203{
8204 char **target;
8205
Willy Tarreauef934602016-12-22 23:12:01 +01008206 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008207
8208 if (too_many_args(1, args, err, NULL))
8209 return -1;
8210
8211 if (*(args[1]) == 0) {
8212 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8213 return -1;
8214 }
8215
8216 free(*target);
8217 *target = strdup(args[1]);
8218 return 0;
8219}
8220
Willy Tarreau9ceda382016-12-21 23:13:03 +01008221/* parse various global tune.ssl settings consisting in positive integers.
8222 * Returns <0 on alert, >0 on warning, 0 on success.
8223 */
8224static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8225 struct proxy *defpx, const char *file, int line,
8226 char **err)
8227{
8228 int *target;
8229
8230 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8231 target = &global.tune.sslcachesize;
8232 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008233 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008234 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008235 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008236 else if (strcmp(args[0], "maxsslconn") == 0)
8237 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008238 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8239 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008240 else {
8241 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8242 return -1;
8243 }
8244
8245 if (too_many_args(1, args, err, NULL))
8246 return -1;
8247
8248 if (*(args[1]) == 0) {
8249 memprintf(err, "'%s' expects an integer argument.", args[0]);
8250 return -1;
8251 }
8252
8253 *target = atoi(args[1]);
8254 if (*target < 0) {
8255 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8256 return -1;
8257 }
8258 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008259}
8260
8261static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8262 struct proxy *defpx, const char *file, int line,
8263 char **err)
8264{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008265 int ret;
8266
8267 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8268 if (ret != 0)
8269 return ret;
8270
Willy Tarreaubafbe012017-11-24 17:34:44 +01008271 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008272 memprintf(err, "'%s' is already configured.", args[0]);
8273 return -1;
8274 }
8275
Willy Tarreaubafbe012017-11-24 17:34:44 +01008276 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8277 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008278 memprintf(err, "Out of memory error.");
8279 return -1;
8280 }
8281 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008282}
8283
8284/* parse "ssl.force-private-cache".
8285 * Returns <0 on alert, >0 on warning, 0 on success.
8286 */
8287static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8288 struct proxy *defpx, const char *file, int line,
8289 char **err)
8290{
8291 if (too_many_args(0, args, err, NULL))
8292 return -1;
8293
Willy Tarreauef934602016-12-22 23:12:01 +01008294 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008295 return 0;
8296}
8297
8298/* parse "ssl.lifetime".
8299 * Returns <0 on alert, >0 on warning, 0 on success.
8300 */
8301static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8302 struct proxy *defpx, const char *file, int line,
8303 char **err)
8304{
8305 const char *res;
8306
8307 if (too_many_args(1, args, err, NULL))
8308 return -1;
8309
8310 if (*(args[1]) == 0) {
8311 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8312 return -1;
8313 }
8314
Willy Tarreauef934602016-12-22 23:12:01 +01008315 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008316 if (res) {
8317 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8318 return -1;
8319 }
8320 return 0;
8321}
8322
8323#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008324/* parse "ssl-dh-param-file".
8325 * Returns <0 on alert, >0 on warning, 0 on success.
8326 */
8327static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8328 struct proxy *defpx, const char *file, int line,
8329 char **err)
8330{
8331 if (too_many_args(1, args, err, NULL))
8332 return -1;
8333
8334 if (*(args[1]) == 0) {
8335 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8336 return -1;
8337 }
8338
8339 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8340 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8341 return -1;
8342 }
8343 return 0;
8344}
8345
Willy Tarreau9ceda382016-12-21 23:13:03 +01008346/* parse "ssl.default-dh-param".
8347 * Returns <0 on alert, >0 on warning, 0 on success.
8348 */
8349static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8350 struct proxy *defpx, const char *file, int line,
8351 char **err)
8352{
8353 if (too_many_args(1, args, err, NULL))
8354 return -1;
8355
8356 if (*(args[1]) == 0) {
8357 memprintf(err, "'%s' expects an integer argument.", args[0]);
8358 return -1;
8359 }
8360
Willy Tarreauef934602016-12-22 23:12:01 +01008361 global_ssl.default_dh_param = atoi(args[1]);
8362 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008363 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8364 return -1;
8365 }
8366 return 0;
8367}
8368#endif
8369
8370
William Lallemand32af2032016-10-29 18:09:35 +02008371/* This function is used with TLS ticket keys management. It permits to browse
8372 * each reference. The variable <getnext> must contain the current node,
8373 * <end> point to the root node.
8374 */
8375#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8376static inline
8377struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8378{
8379 struct tls_keys_ref *ref = getnext;
8380
8381 while (1) {
8382
8383 /* Get next list entry. */
8384 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8385
8386 /* If the entry is the last of the list, return NULL. */
8387 if (&ref->list == end)
8388 return NULL;
8389
8390 return ref;
8391 }
8392}
8393
8394static inline
8395struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8396{
8397 int id;
8398 char *error;
8399
8400 /* If the reference starts by a '#', this is numeric id. */
8401 if (reference[0] == '#') {
8402 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8403 id = strtol(reference + 1, &error, 10);
8404 if (*error != '\0')
8405 return NULL;
8406
8407 /* Perform the unique id lookup. */
8408 return tlskeys_ref_lookupid(id);
8409 }
8410
8411 /* Perform the string lookup. */
8412 return tlskeys_ref_lookup(reference);
8413}
8414#endif
8415
8416
8417#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8418
8419static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8420
8421static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8422 return cli_io_handler_tlskeys_files(appctx);
8423}
8424
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008425/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8426 * (next index to be dumped), and cli.p0 (next key reference).
8427 */
William Lallemand32af2032016-10-29 18:09:35 +02008428static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8429
8430 struct stream_interface *si = appctx->owner;
8431
8432 switch (appctx->st2) {
8433 case STAT_ST_INIT:
8434 /* Display the column headers. If the message cannot be sent,
8435 * quit the fucntion with returning 0. The function is called
8436 * later and restart at the state "STAT_ST_INIT".
8437 */
8438 chunk_reset(&trash);
8439
8440 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8441 chunk_appendf(&trash, "# id secret\n");
8442 else
8443 chunk_appendf(&trash, "# id (file)\n");
8444
Willy Tarreau06d80a92017-10-19 14:32:15 +02008445 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008446 si_applet_cant_put(si);
8447 return 0;
8448 }
8449
William Lallemand32af2032016-10-29 18:09:35 +02008450 /* Now, we start the browsing of the references lists.
8451 * Note that the following call to LIST_ELEM return bad pointer. The only
8452 * available field of this pointer is <list>. It is used with the function
8453 * tlskeys_list_get_next() for retruning the first available entry
8454 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008455 if (appctx->ctx.cli.p0 == NULL) {
8456 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8457 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008458 }
8459
8460 appctx->st2 = STAT_ST_LIST;
8461 /* fall through */
8462
8463 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008464 while (appctx->ctx.cli.p0) {
8465 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008466
8467 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008468 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008469 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008470
8471 if (appctx->ctx.cli.i1 == 0)
8472 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8473
William Lallemand32af2032016-10-29 18:09:35 +02008474 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008475 int head;
8476
8477 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8478 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008479 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
William Lallemand32af2032016-10-29 18:09:35 +02008480 struct chunk *t2 = get_trash_chunk();
8481
8482 chunk_reset(t2);
8483 /* should never fail here because we dump only a key in the t2 buffer */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008484 t2->len = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
William Lallemand32af2032016-10-29 18:09:35 +02008485 sizeof(struct tls_sess_key), t2->str, t2->size);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008486 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1, t2->str);
William Lallemand32af2032016-10-29 18:09:35 +02008487
Willy Tarreau06d80a92017-10-19 14:32:15 +02008488 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008489 /* let's try again later from this stream. We add ourselves into
8490 * this stream's users so that it can remove us upon termination.
8491 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008492 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
William Lallemand32af2032016-10-29 18:09:35 +02008493 si_applet_cant_put(si);
8494 return 0;
8495 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008496 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008497 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008498 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008499 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008500 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008501 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008502 /* let's try again later from this stream. We add ourselves into
8503 * this stream's users so that it can remove us upon termination.
8504 */
8505 si_applet_cant_put(si);
8506 return 0;
8507 }
8508
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008509 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008510 break;
8511
8512 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008513 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008514 }
8515
8516 appctx->st2 = STAT_ST_FIN;
8517 /* fall through */
8518
8519 default:
8520 appctx->st2 = STAT_ST_FIN;
8521 return 1;
8522 }
8523 return 0;
8524}
8525
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008526/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008527static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008528{
William Lallemand32af2032016-10-29 18:09:35 +02008529 /* no parameter, shows only file list */
8530 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008531 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008532 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008533 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008534 }
8535
8536 if (args[2][0] == '*') {
8537 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008538 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008539 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008540 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8541 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008542 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008543 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008544 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008545 return 1;
8546 }
8547 }
William Lallemand32af2032016-10-29 18:09:35 +02008548 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008549 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008550}
8551
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008552static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008553{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008554 struct tls_keys_ref *ref;
8555
William Lallemand32af2032016-10-29 18:09:35 +02008556 /* Expect two parameters: the filename and the new new TLS key in encoding */
8557 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008558 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008559 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008560 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008561 return 1;
8562 }
8563
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008564 ref = tlskeys_ref_lookup_ref(args[3]);
8565 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008566 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008567 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008568 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008569 return 1;
8570 }
8571
8572 trash.len = base64dec(args[4], strlen(args[4]), trash.str, trash.size);
8573 if (trash.len != sizeof(struct tls_sess_key)) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008574 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008575 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008576 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008577 return 1;
8578 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008579 ssl_sock_update_tlskey_ref(ref, &trash);
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008580 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008581 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008582 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008583 return 1;
8584
8585}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008586#endif
William Lallemand32af2032016-10-29 18:09:35 +02008587
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008588static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008589{
8590#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
8591 char *err = NULL;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008592 int i, j;
8593
8594 if (!payload)
8595 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02008596
8597 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008598 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008599 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008600 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008601 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008602 return 1;
8603 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008604
8605 /* remove \r and \n from the payload */
8606 for (i = 0, j = 0; payload[i]; i++) {
8607 if (payload[i] == '\r' || payload[i] == '\n')
8608 continue;
8609 payload[j++] = payload[i];
8610 }
8611 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008612
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008613 trash.len = base64dec(payload, j, trash.str, trash.size);
William Lallemand32af2032016-10-29 18:09:35 +02008614 if (trash.len < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008615 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008616 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008617 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008618 return 1;
8619 }
8620
8621 if (ssl_sock_update_ocsp_response(&trash, &err)) {
8622 if (err) {
8623 memprintf(&err, "%s.\n", err);
8624 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008625 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02008626 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02008627 else {
8628 appctx->ctx.cli.severity = LOG_ERR;
8629 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
8630 appctx->st0 = CLI_ST_PRINT;
8631 }
William Lallemand32af2032016-10-29 18:09:35 +02008632 return 1;
8633 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008634 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008635 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008636 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008637 return 1;
8638#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008639 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008640 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008641 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008642 return 1;
8643#endif
8644
8645}
8646
8647/* register cli keywords */
8648static struct cli_kw_list cli_kws = {{ },{
8649#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8650 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02008651 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008652#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008653 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008654 { { NULL }, NULL, NULL, NULL }
8655}};
8656
8657
Willy Tarreau7875d092012-09-10 08:20:03 +02008658/* Note: must not be declared <const> as its list will be overwritten.
8659 * Please take care of keeping this list alphabetically sorted.
8660 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008661static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02008662 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008663 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008664 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brun74f7ffa2018-02-19 16:14:12 +01008665 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008666 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008667 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008668 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008669#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02008670 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008671#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008672#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8673 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
8674#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008675 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8676 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008677 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008678 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008679 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8680 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8681 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8682 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8683 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8684 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8685 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8686 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008687 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008688 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8689 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008690 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008691 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8692 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8693 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8694 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8695 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8696 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8697 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02008698 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008699 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008700 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008701 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008702 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008703 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008704 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008705 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02008706 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01008707#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008708 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008709#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008710#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008711 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02008712#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008713 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008714#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02008715 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008716#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008717 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008718#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008719 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008720#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008721#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8722 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8723#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04008724#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008725 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008726#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008727 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8728 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8729 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8730 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02008731 { NULL, NULL, 0, 0, 0 },
8732}};
8733
8734/* Note: must not be declared <const> as its list will be overwritten.
8735 * Please take care of keeping this list alphabetically sorted.
8736 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008737static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01008738 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
8739 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01008740 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02008741}};
8742
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008743/* Note: must not be declared <const> as its list will be overwritten.
8744 * Please take care of keeping this list alphabetically sorted, doing so helps
8745 * all code contributors.
8746 * Optional keywords are also declared with a NULL ->parse() function so that
8747 * the config parser can report an appropriate error when a known keyword was
8748 * not enabled.
8749 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008750static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008751 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008752 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8753 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8754 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8755 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008756 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008757 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008758 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008759 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008760 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
8761 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008762 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
8763 { NULL, NULL, 0 },
8764};
8765
Willy Tarreau51fb7652012-09-18 18:24:39 +02008766static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008767 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008768 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8769 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8770 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
8771 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
8772 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
8773 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8774 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
8775 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
8776 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
8777 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
8778 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
8779 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
8780 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
8781 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
8782 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
8783 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008784 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008785 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008786 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008787 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
8788 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
8789 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
8790 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008791 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008792 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
8793 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008794 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
8795 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008796 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
8797 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
8798 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
8799 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
8800 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008801 { NULL, NULL, 0 },
8802}};
Emeric Brun46591952012-05-18 15:47:34 +02008803
Willy Tarreau92faadf2012-10-10 23:04:25 +02008804/* Note: must not be declared <const> as its list will be overwritten.
8805 * Please take care of keeping this list alphabetically sorted, doing so helps
8806 * all code contributors.
8807 * Optional keywords are also declared with a NULL ->parse() function so that
8808 * the config parser can report an appropriate error when a known keyword was
8809 * not enabled.
8810 */
8811static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01008812 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008813 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard9130a962017-10-17 17:33:43 +02008814 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008815 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
8816 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
8817 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
8818 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
8819 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
8820 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
8821 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
8822 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
8823 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
8824 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
8825 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
8826 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
8827 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
8828 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
8829 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
8830 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
8831 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
8832 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
8833 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
8834 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
8835 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
8836 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
8837 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
8838 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
8839 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
8840 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
8841 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
8842 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
8843 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
8844 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02008845 { NULL, NULL, 0, 0 },
8846}};
8847
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008848static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008849 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
8850 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008851 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008852 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
8853 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01008854#ifndef OPENSSL_NO_DH
8855 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
8856#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008857 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008858#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008859 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008860#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01008861 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
8862#ifndef OPENSSL_NO_DH
8863 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
8864#endif
8865 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
8866 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
8867 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
8868 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008869 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01008870 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
8871 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008872 { 0, NULL, NULL },
8873}};
8874
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02008875/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01008876static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02008877 .snd_buf = ssl_sock_from_buf,
8878 .rcv_buf = ssl_sock_to_buf,
8879 .rcv_pipe = NULL,
8880 .snd_pipe = NULL,
8881 .shutr = NULL,
8882 .shutw = ssl_sock_shutw,
8883 .close = ssl_sock_close,
8884 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01008885 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01008886 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01008887 .prepare_srv = ssl_sock_prepare_srv_ctx,
8888 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01008889 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01008890 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02008891};
8892
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008893enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
8894 struct session *sess, struct stream *s, int flags)
8895{
8896 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008897 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008898
8899 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008900 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008901
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008902 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008903 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008904 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008905 s->req.flags |= CF_READ_NULL;
8906 return ACT_RET_YIELD;
8907 }
8908 }
8909 return (ACT_RET_CONT);
8910}
8911
8912static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
8913{
8914 rule->action_ptr = ssl_action_wait_for_hs;
8915
8916 return ACT_RET_PRS_OK;
8917}
8918
8919static struct action_kw_list http_req_actions = {ILH, {
8920 { "wait-for-handshake", ssl_parse_wait_for_hs },
8921 { /* END */ }
8922}};
8923
Daniel Jakots54ffb912015-11-06 20:02:41 +01008924#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008925
8926static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8927{
8928 if (ptr) {
8929 chunk_destroy(ptr);
8930 free(ptr);
8931 }
8932}
8933
8934#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008935static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8936{
Willy Tarreaubafbe012017-11-24 17:34:44 +01008937 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008938}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008939
Emeric Brun46591952012-05-18 15:47:34 +02008940__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02008941static void __ssl_sock_init(void)
8942{
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008943 char *ptr;
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008944 int i;
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008945
Emeric Brun46591952012-05-18 15:47:34 +02008946 STACK_OF(SSL_COMP)* cm;
8947
Willy Tarreauef934602016-12-22 23:12:01 +01008948 if (global_ssl.listen_default_ciphers)
8949 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
8950 if (global_ssl.connect_default_ciphers)
8951 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau610f04b2014-02-13 11:36:41 +01008952
Willy Tarreau13e14102016-12-22 20:25:26 +01008953 xprt_register(XPRT_SSL, &ssl_sock);
Emeric Brun46591952012-05-18 15:47:34 +02008954 SSL_library_init();
8955 cm = SSL_COMP_get_compression_methods();
8956 sk_SSL_COMP_zero(cm);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008957#ifdef USE_THREAD
8958 ssl_locking_init();
8959#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01008960#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008961 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
8962#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02008963 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02008964 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01008965 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Willy Tarreau7875d092012-09-10 08:20:03 +02008966 sample_register_fetches(&sample_fetch_keywords);
8967 acl_register_keywords(&acl_kws);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008968 bind_register_keywords(&bind_kws);
Willy Tarreau92faadf2012-10-10 23:04:25 +02008969 srv_register_keywords(&srv_kws);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008970 cfg_register_keywords(&cfg_kws);
William Lallemand32af2032016-10-29 18:09:35 +02008971 cli_register_kw(&cli_kws);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008972#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008973 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008974 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008975#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01008976#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8977 hap_register_post_check(tlskeys_finalize_config);
8978#endif
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008979
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008980 ptr = NULL;
8981 memprintf(&ptr, "Built with OpenSSL version : "
8982#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008983 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008984#else /* OPENSSL_IS_BORINGSSL */
8985 OPENSSL_VERSION_TEXT
8986 "\nRunning on OpenSSL version : %s%s",
8987 SSLeay_version(SSLEAY_VERSION),
8988 ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
8989#endif
8990 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
8991#if OPENSSL_VERSION_NUMBER < 0x00907000L
8992 "no (library version too old)"
8993#elif defined(OPENSSL_NO_TLSEXT)
8994 "no (disabled via OPENSSL_NO_TLSEXT)"
8995#else
8996 "yes"
8997#endif
8998 "", ptr);
8999
9000 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9001#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9002 "yes"
9003#else
9004#ifdef OPENSSL_NO_TLSEXT
9005 "no (because of OPENSSL_NO_TLSEXT)"
9006#else
9007 "no (version might be too old, 0.9.8f min needed)"
9008#endif
9009#endif
9010 "", ptr);
9011
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009012 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9013 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9014 if (methodVersions[i].option)
9015 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009016
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009017 hap_register_build_opts(ptr, 1);
9018
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009019 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9020 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
Remi Gacogne4f902b82015-05-28 16:23:00 +02009021
9022#ifndef OPENSSL_NO_DH
9023 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Grant Zhang872f9c22017-01-21 01:10:18 +00009024 hap_register_post_deinit(ssl_free_dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009025#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009026#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009027 hap_register_post_deinit(ssl_free_engines);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009028#endif
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02009029 /* Load SSL string for the verbose & debug mode. */
9030 ERR_load_SSL_strings();
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009031
9032 http_req_keywords_register(&http_req_actions);
Emeric Brun46591952012-05-18 15:47:34 +02009033}
9034
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009035#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009036void ssl_free_engines(void) {
9037 struct ssl_engine_list *wl, *wlb;
9038 /* free up engine list */
9039 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9040 ENGINE_finish(wl->e);
9041 ENGINE_free(wl->e);
9042 LIST_DEL(&wl->list);
9043 free(wl);
9044 }
9045}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009046#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009047
Remi Gacogned3a23c32015-05-28 16:39:47 +02009048#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009049void ssl_free_dh(void) {
9050 if (local_dh_1024) {
9051 DH_free(local_dh_1024);
9052 local_dh_1024 = NULL;
9053 }
9054 if (local_dh_2048) {
9055 DH_free(local_dh_2048);
9056 local_dh_2048 = NULL;
9057 }
9058 if (local_dh_4096) {
9059 DH_free(local_dh_4096);
9060 local_dh_4096 = NULL;
9061 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009062 if (global_dh) {
9063 DH_free(global_dh);
9064 global_dh = NULL;
9065 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009066}
9067#endif
9068
9069__attribute__((destructor))
9070static void __ssl_sock_deinit(void)
9071{
9072#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009073 if (ssl_ctx_lru_tree) {
9074 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009075 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009076 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009077#endif
9078
9079 ERR_remove_state(0);
9080 ERR_free_strings();
9081
9082 EVP_cleanup();
9083
9084#if OPENSSL_VERSION_NUMBER >= 0x00907000L
9085 CRYPTO_cleanup_all_ex_data();
9086#endif
9087}
9088
9089
Emeric Brun46591952012-05-18 15:47:34 +02009090/*
9091 * Local variables:
9092 * c-indent-level: 8
9093 * c-basic-offset: 8
9094 * End:
9095 */