blob: 98b3ad8b71f344d70d6e7a9592afff1665de0f83 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
William Lallemand150bfa82019-09-19 17:12:49 +0200356__decl_hathreads(HA_SPINLOCK_T ckch_lock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200357
William Lallemandbc6ca7c2019-10-29 23:48:19 +0100358/* Uncommitted CKCH transaction */
359
360static struct {
361 struct ckch_store *new_ckchs;
362 struct ckch_store *old_ckchs;
363 char *path;
364} ckchs_transaction;
365
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100366/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100367struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100368 unsigned long long int xxh64;
369 unsigned char ciphersuite_len;
370 char ciphersuite[0];
371};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100372struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100373static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200374static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100375
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100376static int ssl_pkey_info_index = -1;
377
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200378#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
379struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
380#endif
381
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200382#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000383static unsigned int openssl_engines_initialized;
384struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
385struct ssl_engine_list {
386 struct list list;
387 ENGINE *e;
388};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200389#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000390
Remi Gacogne8de54152014-07-15 11:36:40 +0200391#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200392static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200393static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200394static DH *local_dh_1024 = NULL;
395static DH *local_dh_2048 = NULL;
396static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100397static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200398#endif /* OPENSSL_NO_DH */
399
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100400#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200401/* X509V3 Extensions that will be added on generated certificates */
402#define X509V3_EXT_SIZE 5
403static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
404 "basicConstraints",
405 "nsComment",
406 "subjectKeyIdentifier",
407 "authorityKeyIdentifier",
408 "keyUsage",
409};
410static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
411 "CA:FALSE",
412 "\"OpenSSL Generated Certificate\"",
413 "hash",
414 "keyid,issuer:always",
415 "nonRepudiation,digitalSignature,keyEncipherment"
416};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200417/* LRU cache to store generated certificate */
418static struct lru64_head *ssl_ctx_lru_tree = NULL;
419static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200420static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100421__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200422
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200423#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
424
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100425static struct ssl_bind_kw ssl_bind_kws[];
426
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200427#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500428/* The order here matters for picking a default context,
429 * keep the most common keytype at the bottom of the list
430 */
431const char *SSL_SOCK_KEYTYPE_NAMES[] = {
432 "dsa",
433 "ecdsa",
434 "rsa"
435};
436#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100437#else
438#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500439#endif
440
William Lallemandc3cd35f2017-11-28 11:04:43 +0100441static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100442static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
443
444#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
445
446#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
447 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
448
449#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
450 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200451
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100452/*
453 * This function gives the detail of the SSL error. It is used only
454 * if the debug mode and the verbose mode are activated. It dump all
455 * the SSL error until the stack was empty.
456 */
457static forceinline void ssl_sock_dump_errors(struct connection *conn)
458{
459 unsigned long ret;
460
461 if (unlikely(global.mode & MODE_DEBUG)) {
462 while(1) {
463 ret = ERR_get_error();
464 if (ret == 0)
465 return;
466 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200467 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100468 ERR_func_error_string(ret), ERR_reason_error_string(ret));
469 }
470 }
471}
472
yanbzhube2774d2015-12-10 15:07:30 -0500473
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200474#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000475static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
476{
477 int err_code = ERR_ABORT;
478 ENGINE *engine;
479 struct ssl_engine_list *el;
480
481 /* grab the structural reference to the engine */
482 engine = ENGINE_by_id(engine_id);
483 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100484 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000485 goto fail_get;
486 }
487
488 if (!ENGINE_init(engine)) {
489 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100490 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000491 goto fail_init;
492 }
493
494 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100495 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000496 goto fail_set_method;
497 }
498
499 el = calloc(1, sizeof(*el));
500 el->e = engine;
501 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100502 nb_engines++;
503 if (global_ssl.async)
504 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000505 return 0;
506
507fail_set_method:
508 /* release the functional reference from ENGINE_init() */
509 ENGINE_finish(engine);
510
511fail_init:
512 /* release the structural reference from ENGINE_by_id() */
513 ENGINE_free(engine);
514
515fail_get:
516 return err_code;
517}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200518#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000519
Willy Tarreau5db847a2019-05-09 14:13:35 +0200520#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200521/*
522 * openssl async fd handler
523 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200524void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000525{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200526 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000527
Emeric Brun3854e012017-05-17 20:42:48 +0200528 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000529 * to poll this fd until it is requested
530 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000531 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000532 fd_cant_recv(fd);
533
534 /* crypto engine is available, let's notify the associated
535 * connection that it can pursue its processing.
536 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200537 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000538}
539
Emeric Brun3854e012017-05-17 20:42:48 +0200540/*
541 * openssl async delayed SSL_free handler
542 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200543void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000544{
545 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200546 OSSL_ASYNC_FD all_fd[32];
547 size_t num_all_fds = 0;
548 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000549
Emeric Brun3854e012017-05-17 20:42:48 +0200550 /* We suppose that the async job for a same SSL *
551 * are serialized. So if we are awake it is
552 * because the running job has just finished
553 * and we can remove all async fds safely
554 */
555 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
556 if (num_all_fds > 32) {
557 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
558 return;
559 }
560
561 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
562 for (i=0 ; i < num_all_fds ; i++)
563 fd_remove(all_fd[i]);
564
565 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000566 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100567 _HA_ATOMIC_SUB(&sslconns, 1);
568 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000569}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000570/*
Emeric Brun3854e012017-05-17 20:42:48 +0200571 * function used to manage a returned SSL_ERROR_WANT_ASYNC
572 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000573 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200574static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000575{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100576 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200577 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200578 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000579 size_t num_add_fds = 0;
580 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200581 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000582
583 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
584 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200585 if (num_add_fds > 32 || num_del_fds > 32) {
586 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587 return;
588 }
589
Emeric Brun3854e012017-05-17 20:42:48 +0200590 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591
Emeric Brun3854e012017-05-17 20:42:48 +0200592 /* We remove unused fds from the fdtab */
593 for (i=0 ; i < num_del_fds ; i++)
594 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000595
Emeric Brun3854e012017-05-17 20:42:48 +0200596 /* We add new fds to the fdtab */
597 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200598 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000599 }
600
Emeric Brun3854e012017-05-17 20:42:48 +0200601 num_add_fds = 0;
602 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
603 if (num_add_fds > 32) {
604 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
605 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000606 }
Emeric Brun3854e012017-05-17 20:42:48 +0200607
608 /* We activate the polling for all known async fds */
609 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000610 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200611 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000612 /* To ensure that the fd cache won't be used
613 * We'll prefer to catch a real RD event
614 * because handling an EAGAIN on this fd will
615 * result in a context switch and also
616 * some engines uses a fd in blocking mode.
617 */
618 fd_cant_recv(add_fd[i]);
619 }
Emeric Brun3854e012017-05-17 20:42:48 +0200620
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000621}
622#endif
623
William Lallemand104a7a62019-10-14 14:14:59 +0200624#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200625/*
626 * This function returns the number of seconds elapsed
627 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
628 * date presented un ASN1_GENERALIZEDTIME.
629 *
630 * In parsing error case, it returns -1.
631 */
632static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
633{
634 long epoch;
635 char *p, *end;
636 const unsigned short month_offset[12] = {
637 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
638 };
639 int year, month;
640
641 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
642
643 p = (char *)d->data;
644 end = p + d->length;
645
646 if (end - p < 4) return -1;
647 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
648 p += 4;
649 if (end - p < 2) return -1;
650 month = 10 * (p[0] - '0') + p[1] - '0';
651 if (month < 1 || month > 12) return -1;
652 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
653 We consider leap years and the current month (<marsh or not) */
654 epoch = ( ((year - 1970) * 365)
655 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
656 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
657 + month_offset[month-1]
658 ) * 24 * 60 * 60;
659 p += 2;
660 if (end - p < 2) return -1;
661 /* Add the number of seconds of completed days of current month */
662 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
663 p += 2;
664 if (end - p < 2) return -1;
665 /* Add the completed hours of the current day */
666 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
667 p += 2;
668 if (end - p < 2) return -1;
669 /* Add the completed minutes of the current hour */
670 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
671 p += 2;
672 if (p == end) return -1;
673 /* Test if there is available seconds */
674 if (p[0] < '0' || p[0] > '9')
675 goto nosec;
676 if (end - p < 2) return -1;
677 /* Add the seconds of the current minute */
678 epoch += 10 * (p[0] - '0') + p[1] - '0';
679 p += 2;
680 if (p == end) return -1;
681 /* Ignore seconds float part if present */
682 if (p[0] == '.') {
683 do {
684 if (++p == end) return -1;
685 } while (p[0] >= '0' && p[0] <= '9');
686 }
687
688nosec:
689 if (p[0] == 'Z') {
690 if (end - p != 1) return -1;
691 return epoch;
692 }
693 else if (p[0] == '+') {
694 if (end - p != 5) return -1;
695 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700696 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200697 }
698 else if (p[0] == '-') {
699 if (end - p != 5) return -1;
700 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700701 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200702 }
703
704 return -1;
705}
706
William Lallemand104a7a62019-10-14 14:14:59 +0200707/*
708 * struct alignment works here such that the key.key is the same as key_data
709 * Do not change the placement of key_data
710 */
711struct certificate_ocsp {
712 struct ebmb_node key;
713 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
714 struct buffer response;
715 long expire;
716};
717
718struct ocsp_cbk_arg {
719 int is_single;
720 int single_kt;
721 union {
722 struct certificate_ocsp *s_ocsp;
723 /*
724 * m_ocsp will have multiple entries dependent on key type
725 * Entry 0 - DSA
726 * Entry 1 - ECDSA
727 * Entry 2 - RSA
728 */
729 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
730 };
731};
732
Emeric Brun1d3865b2014-06-20 15:37:32 +0200733static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200734
735/* This function starts to check if the OCSP response (in DER format) contained
736 * in chunk 'ocsp_response' is valid (else exits on error).
737 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
738 * contained in the OCSP Response and exits on error if no match.
739 * If it's a valid OCSP Response:
740 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
741 * pointed by 'ocsp'.
742 * If 'ocsp' is NULL, the function looks up into the OCSP response's
743 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
744 * from the response) and exits on error if not found. Finally, If an OCSP response is
745 * already present in the container, it will be overwritten.
746 *
747 * Note: OCSP response containing more than one OCSP Single response is not
748 * considered valid.
749 *
750 * Returns 0 on success, 1 in error case.
751 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200752static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
753 struct certificate_ocsp *ocsp,
754 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200755{
756 OCSP_RESPONSE *resp;
757 OCSP_BASICRESP *bs = NULL;
758 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200759 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200760 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200761 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200762 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200763 int reason;
764 int ret = 1;
765
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200766 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
767 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200768 if (!resp) {
769 memprintf(err, "Unable to parse OCSP response");
770 goto out;
771 }
772
773 rc = OCSP_response_status(resp);
774 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
775 memprintf(err, "OCSP response status not successful");
776 goto out;
777 }
778
779 bs = OCSP_response_get1_basic(resp);
780 if (!bs) {
781 memprintf(err, "Failed to get basic response from OCSP Response");
782 goto out;
783 }
784
785 count_sr = OCSP_resp_count(bs);
786 if (count_sr > 1) {
787 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
788 goto out;
789 }
790
791 sr = OCSP_resp_get0(bs, 0);
792 if (!sr) {
793 memprintf(err, "Failed to get OCSP single response");
794 goto out;
795 }
796
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200797 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
798
Emeric Brun4147b2e2014-06-16 18:36:30 +0200799 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200800 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200801 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200802 goto out;
803 }
804
Emeric Brun13a6b482014-06-20 15:44:34 +0200805 if (!nextupd) {
806 memprintf(err, "OCSP single response: missing nextupdate");
807 goto out;
808 }
809
Emeric Brunc8b27b62014-06-19 14:16:17 +0200810 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200811 if (!rc) {
812 memprintf(err, "OCSP single response: no longer valid.");
813 goto out;
814 }
815
816 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200817 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200818 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
819 goto out;
820 }
821 }
822
823 if (!ocsp) {
824 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
825 unsigned char *p;
826
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200827 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200828 if (!rc) {
829 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
830 goto out;
831 }
832
833 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
834 memprintf(err, "OCSP single response: Certificate ID too long");
835 goto out;
836 }
837
838 p = key;
839 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200840 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200841 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
842 if (!ocsp) {
843 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
844 goto out;
845 }
846 }
847
848 /* According to comments on "chunk_dup", the
849 previous chunk buffer will be freed */
850 if (!chunk_dup(&ocsp->response, ocsp_response)) {
851 memprintf(err, "OCSP response: Memory allocation error");
852 goto out;
853 }
854
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200855 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
856
Emeric Brun4147b2e2014-06-16 18:36:30 +0200857 ret = 0;
858out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100859 ERR_clear_error();
860
Emeric Brun4147b2e2014-06-16 18:36:30 +0200861 if (bs)
862 OCSP_BASICRESP_free(bs);
863
864 if (resp)
865 OCSP_RESPONSE_free(resp);
866
867 return ret;
868}
869/*
870 * External function use to update the OCSP response in the OCSP response's
871 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
872 * to update in DER format.
873 *
874 * Returns 0 on success, 1 in error case.
875 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200876int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200877{
878 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
879}
880
William Lallemand4a660132019-10-14 14:51:41 +0200881#endif
882
883#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200884/*
885 * This function load the OCSP Resonse in DER format contained in file at
William Lallemand3b5f3602019-10-16 18:05:05 +0200886 * path 'ocsp_path' or base64 in a buffer <buf>
Emeric Brun4147b2e2014-06-16 18:36:30 +0200887 *
888 * Returns 0 on success, 1 in error case.
889 */
William Lallemand3b5f3602019-10-16 18:05:05 +0200890static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200891{
892 int fd = -1;
893 int r = 0;
894 int ret = 1;
William Lallemand3b5f3602019-10-16 18:05:05 +0200895 struct buffer *ocsp_response;
896 struct buffer *src = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200897
William Lallemand3b5f3602019-10-16 18:05:05 +0200898 if (buf) {
899 int i, j;
900 /* if it's from a buffer it will be base64 */
Emeric Brun4147b2e2014-06-16 18:36:30 +0200901
William Lallemand3b5f3602019-10-16 18:05:05 +0200902 /* remove \r and \n from the payload */
903 for (i = 0, j = 0; buf[i]; i++) {
904 if (buf[i] == '\r' || buf[i] == '\n')
Emeric Brun4147b2e2014-06-16 18:36:30 +0200905 continue;
William Lallemand3b5f3602019-10-16 18:05:05 +0200906 buf[j++] = buf[i];
907 }
908 buf[j] = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200909
William Lallemand3b5f3602019-10-16 18:05:05 +0200910 ret = base64dec(buf, j, trash.area, trash.size);
911 if (ret < 0) {
912 memprintf(err, "Error reading OCSP response in base64 format");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200913 goto end;
914 }
William Lallemand3b5f3602019-10-16 18:05:05 +0200915 trash.data = ret;
916 src = &trash;
917 } else {
918 fd = open(ocsp_path, O_RDONLY);
919 if (fd == -1) {
920 memprintf(err, "Error opening OCSP response file");
921 goto end;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200922 }
William Lallemand3b5f3602019-10-16 18:05:05 +0200923
924 trash.data = 0;
925 while (trash.data < trash.size) {
926 r = read(fd, trash.area + trash.data, trash.size - trash.data);
927 if (r < 0) {
928 if (errno == EINTR)
929 continue;
930
931 memprintf(err, "Error reading OCSP response from file");
932 goto end;
933 }
934 else if (r == 0) {
935 break;
936 }
937 trash.data += r;
938 }
939 close(fd);
940 fd = -1;
941 src = &trash;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200942 }
943
William Lallemand3b5f3602019-10-16 18:05:05 +0200944 ocsp_response = calloc(1, sizeof(*ocsp_response));
945 if (!chunk_dup(ocsp_response, src)) {
946 free(ocsp_response);
947 ocsp_response = NULL;
William Lallemand246c0242019-10-11 08:59:13 +0200948 goto end;
949 }
950
William Lallemand3b5f3602019-10-16 18:05:05 +0200951 ckch->ocsp_response = ocsp_response;
William Lallemande0f48ae2019-10-15 13:44:57 +0200952 ret = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200953end:
954 if (fd != -1)
955 close(fd);
956
957 return ret;
958}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100959#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200960
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100961#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
962static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
963{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100964 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100965 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100966 struct connection *conn;
967 int head;
968 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100969 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100970
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200971 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200972 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100973 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
974
975 keys = ref->tlskeys;
976 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100977
978 if (enc) {
979 memcpy(key_name, keys[head].name, 16);
980
981 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100982 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100983
Emeric Brun9e754772019-01-10 17:51:55 +0100984 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100985
Emeric Brun9e754772019-01-10 17:51:55 +0100986 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
987 goto end;
988
Willy Tarreau9356dac2019-05-10 09:22:53 +0200989 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100990 ret = 1;
991 }
992 else if (ref->key_size_bits == 256 ) {
993
994 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
995 goto end;
996
Willy Tarreau9356dac2019-05-10 09:22:53 +0200997 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100998 ret = 1;
999 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001000 } else {
1001 for (i = 0; i < TLS_TICKETS_NO; i++) {
1002 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
1003 goto found;
1004 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01001005 ret = 0;
1006 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001007
Christopher Faulet16f45c82018-02-16 11:23:49 +01001008 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001009 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001010 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001011 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1012 goto end;
1013 /* 2 for key renewal, 1 if current key is still valid */
1014 ret = i ? 2 : 1;
1015 }
1016 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001017 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001018 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1019 goto end;
1020 /* 2 for key renewal, 1 if current key is still valid */
1021 ret = i ? 2 : 1;
1022 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001023 }
Emeric Brun9e754772019-01-10 17:51:55 +01001024
Christopher Faulet16f45c82018-02-16 11:23:49 +01001025 end:
1026 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1027 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001028}
1029
1030struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1031{
1032 struct tls_keys_ref *ref;
1033
1034 list_for_each_entry(ref, &tlskeys_reference, list)
1035 if (ref->filename && strcmp(filename, ref->filename) == 0)
1036 return ref;
1037 return NULL;
1038}
1039
1040struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1041{
1042 struct tls_keys_ref *ref;
1043
1044 list_for_each_entry(ref, &tlskeys_reference, list)
1045 if (ref->unique_id == unique_id)
1046 return ref;
1047 return NULL;
1048}
1049
Emeric Brun9e754772019-01-10 17:51:55 +01001050/* Update the key into ref: if keysize doesnt
1051 * match existing ones, this function returns -1
1052 * else it returns 0 on success.
1053 */
1054int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001055 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001056{
Emeric Brun9e754772019-01-10 17:51:55 +01001057 if (ref->key_size_bits == 128) {
1058 if (tlskey->data != sizeof(struct tls_sess_key_128))
1059 return -1;
1060 }
1061 else if (ref->key_size_bits == 256) {
1062 if (tlskey->data != sizeof(struct tls_sess_key_256))
1063 return -1;
1064 }
1065 else
1066 return -1;
1067
Christopher Faulet16f45c82018-02-16 11:23:49 +01001068 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001069 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1070 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001071 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1072 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001073
1074 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001075}
1076
Willy Tarreau83061a82018-07-13 11:56:34 +02001077int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001078{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001079 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1080
1081 if(!ref) {
1082 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1083 return 1;
1084 }
Emeric Brun9e754772019-01-10 17:51:55 +01001085 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1086 memprintf(err, "Invalid key size");
1087 return 1;
1088 }
1089
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001090 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001091}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001092
1093/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001094 * automatic ids. It's called just after the basic checks. It returns
1095 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001096 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001097static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001098{
1099 int i = 0;
1100 struct tls_keys_ref *ref, *ref2, *ref3;
1101 struct list tkr = LIST_HEAD_INIT(tkr);
1102
1103 list_for_each_entry(ref, &tlskeys_reference, list) {
1104 if (ref->unique_id == -1) {
1105 /* Look for the first free id. */
1106 while (1) {
1107 list_for_each_entry(ref2, &tlskeys_reference, list) {
1108 if (ref2->unique_id == i) {
1109 i++;
1110 break;
1111 }
1112 }
1113 if (&ref2->list == &tlskeys_reference)
1114 break;
1115 }
1116
1117 /* Uses the unique id and increment it for the next entry. */
1118 ref->unique_id = i;
1119 i++;
1120 }
1121 }
1122
1123 /* This sort the reference list by id. */
1124 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1125 LIST_DEL(&ref->list);
1126 list_for_each_entry(ref3, &tkr, list) {
1127 if (ref->unique_id < ref3->unique_id) {
1128 LIST_ADDQ(&ref3->list, &ref->list);
1129 break;
1130 }
1131 }
1132 if (&ref3->list == &tkr)
1133 LIST_ADDQ(&tkr, &ref->list);
1134 }
1135
1136 /* swap root */
1137 LIST_ADD(&tkr, &tlskeys_reference);
1138 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001139 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001140}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001141#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1142
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001143#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001144int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1145{
1146 switch (evp_keytype) {
1147 case EVP_PKEY_RSA:
1148 return 2;
1149 case EVP_PKEY_DSA:
1150 return 0;
1151 case EVP_PKEY_EC:
1152 return 1;
1153 }
1154
1155 return -1;
1156}
1157
Emeric Brun4147b2e2014-06-16 18:36:30 +02001158/*
1159 * Callback used to set OCSP status extension content in server hello.
1160 */
1161int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1162{
yanbzhube2774d2015-12-10 15:07:30 -05001163 struct certificate_ocsp *ocsp;
1164 struct ocsp_cbk_arg *ocsp_arg;
1165 char *ssl_buf;
1166 EVP_PKEY *ssl_pkey;
1167 int key_type;
1168 int index;
1169
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001170 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001171
1172 ssl_pkey = SSL_get_privatekey(ssl);
1173 if (!ssl_pkey)
1174 return SSL_TLSEXT_ERR_NOACK;
1175
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001176 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001177
1178 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1179 ocsp = ocsp_arg->s_ocsp;
1180 else {
1181 /* For multiple certs per context, we have to find the correct OCSP response based on
1182 * the certificate type
1183 */
1184 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1185
1186 if (index < 0)
1187 return SSL_TLSEXT_ERR_NOACK;
1188
1189 ocsp = ocsp_arg->m_ocsp[index];
1190
1191 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001192
1193 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001194 !ocsp->response.area ||
1195 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001196 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001197 return SSL_TLSEXT_ERR_NOACK;
1198
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001199 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001200 if (!ssl_buf)
1201 return SSL_TLSEXT_ERR_NOACK;
1202
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001203 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1204 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001205
1206 return SSL_TLSEXT_ERR_OK;
1207}
1208
William Lallemand4a660132019-10-14 14:51:41 +02001209#endif
1210
1211#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001212/*
1213 * This function enables the handling of OCSP status extension on 'ctx' if a
William Lallemand246c0242019-10-11 08:59:13 +02001214 * ocsp_response buffer was found in the cert_key_and_chain. To enable OCSP
1215 * status extension, the issuer's certificate is mandatory. It should be
1216 * present in ckch->ocsp_issuer.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001217 *
William Lallemand246c0242019-10-11 08:59:13 +02001218 * In addition, the ckch->ocsp_reponse buffer is loaded as a DER format of an
1219 * OCSP response. If file is empty or content is not a valid OCSP response,
1220 * OCSP status extension is enabled but OCSP response is ignored (a warning is
1221 * displayed).
Emeric Brun4147b2e2014-06-16 18:36:30 +02001222 *
1223 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001224 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001225 */
William Lallemand4a660132019-10-14 14:51:41 +02001226#ifndef OPENSSL_IS_BORINGSSL
William Lallemand246c0242019-10-11 08:59:13 +02001227static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001228{
William Lallemand246c0242019-10-11 08:59:13 +02001229 X509 *x = NULL, *issuer = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001230 OCSP_CERTID *cid = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001231 int i, ret = -1;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001232 struct certificate_ocsp *ocsp = NULL, *iocsp;
1233 char *warn = NULL;
1234 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001235 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001236
Emeric Brun4147b2e2014-06-16 18:36:30 +02001237
William Lallemand246c0242019-10-11 08:59:13 +02001238 x = ckch->cert;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001239 if (!x)
1240 goto out;
1241
William Lallemand246c0242019-10-11 08:59:13 +02001242 issuer = ckch->ocsp_issuer;
1243 if (!issuer)
1244 goto out;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001245
1246 cid = OCSP_cert_to_id(0, x, issuer);
1247 if (!cid)
1248 goto out;
1249
1250 i = i2d_OCSP_CERTID(cid, NULL);
1251 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1252 goto out;
1253
Vincent Bernat02779b62016-04-03 13:48:43 +02001254 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001255 if (!ocsp)
1256 goto out;
1257
1258 p = ocsp->key_data;
1259 i2d_OCSP_CERTID(cid, &p);
1260
1261 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1262 if (iocsp == ocsp)
1263 ocsp = NULL;
1264
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001265#ifndef SSL_CTX_get_tlsext_status_cb
1266# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1267 *cb = (void (*) (void))ctx->tlsext_status_cb;
1268#endif
1269 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1270
1271 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001272 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001273 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001274
1275 cb_arg->is_single = 1;
1276 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001277
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001278 pkey = X509_get_pubkey(x);
1279 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1280 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001281
1282 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1283 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1284 } else {
1285 /*
1286 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1287 * Update that cb_arg with the new cert's staple
1288 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001289 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001290 struct certificate_ocsp *tmp_ocsp;
1291 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001292 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001293 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001294
1295#ifdef SSL_CTX_get_tlsext_status_arg
1296 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1297#else
1298 cb_arg = ctx->tlsext_status_arg;
1299#endif
yanbzhube2774d2015-12-10 15:07:30 -05001300
1301 /*
1302 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1303 * the order of operations below matter, take care when changing it
1304 */
1305 tmp_ocsp = cb_arg->s_ocsp;
1306 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1307 cb_arg->s_ocsp = NULL;
1308 cb_arg->m_ocsp[index] = tmp_ocsp;
1309 cb_arg->is_single = 0;
1310 cb_arg->single_kt = 0;
1311
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001312 pkey = X509_get_pubkey(x);
1313 key_type = EVP_PKEY_base_id(pkey);
1314 EVP_PKEY_free(pkey);
1315
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001316 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001317 if (index >= 0 && !cb_arg->m_ocsp[index])
1318 cb_arg->m_ocsp[index] = iocsp;
1319
1320 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001321
1322 ret = 0;
1323
1324 warn = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001325 if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
William Lallemand3b5f3602019-10-16 18:05:05 +02001326 memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001327 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001328 }
1329
1330out:
Emeric Brun4147b2e2014-06-16 18:36:30 +02001331 if (cid)
1332 OCSP_CERTID_free(cid);
1333
1334 if (ocsp)
1335 free(ocsp);
1336
1337 if (warn)
1338 free(warn);
1339
Emeric Brun4147b2e2014-06-16 18:36:30 +02001340 return ret;
1341}
William Lallemand4a660132019-10-14 14:51:41 +02001342#else /* OPENSSL_IS_BORINGSSL */
1343static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001344{
William Lallemand4a660132019-10-14 14:51:41 +02001345 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)ckch->ocsp_response->area, ckch->ocsp_response->data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001346}
1347#endif
1348
William Lallemand4a660132019-10-14 14:51:41 +02001349#endif
1350
1351
Willy Tarreau5db847a2019-05-09 14:13:35 +02001352#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001353
1354#define CT_EXTENSION_TYPE 18
1355
1356static int sctl_ex_index = -1;
1357
1358/*
1359 * Try to parse Signed Certificate Timestamp List structure. This function
1360 * makes only basic test if the data seems like SCTL. No signature validation
1361 * is performed.
1362 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001363static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001364{
1365 int ret = 1;
1366 int len, pos, sct_len;
1367 unsigned char *data;
1368
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001369 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001370 goto out;
1371
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001372 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001373 len = (data[0] << 8) | data[1];
1374
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001375 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001376 goto out;
1377
1378 data = data + 2;
1379 pos = 0;
1380 while (pos < len) {
1381 if (len - pos < 2)
1382 goto out;
1383
1384 sct_len = (data[pos] << 8) | data[pos + 1];
1385 if (pos + sct_len + 2 > len)
1386 goto out;
1387
1388 pos += sct_len + 2;
1389 }
1390
1391 ret = 0;
1392
1393out:
1394 return ret;
1395}
1396
William Lallemand0dfae6c2019-10-16 18:06:58 +02001397/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
1398 * It fills the ckch->sctl buffer
1399 * return 0 on success or != 0 on failure */
1400static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001401{
1402 int fd = -1;
1403 int r = 0;
1404 int ret = 1;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001405 struct buffer tmp;
1406 struct buffer *src;
1407 struct buffer *sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001408
William Lallemand0dfae6c2019-10-16 18:06:58 +02001409 if (buf) {
1410 tmp.area = buf;
1411 tmp.data = strlen(buf);
1412 tmp.size = tmp.data + 1;
1413 src = &tmp;
1414 } else {
1415 fd = open(sctl_path, O_RDONLY);
1416 if (fd == -1)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001417 goto end;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001418
1419 trash.data = 0;
1420 while (trash.data < trash.size) {
1421 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1422 if (r < 0) {
1423 if (errno == EINTR)
1424 continue;
1425 goto end;
1426 }
1427 else if (r == 0) {
1428 break;
1429 }
1430 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001431 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001432 src = &trash;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001433 }
1434
William Lallemand0dfae6c2019-10-16 18:06:58 +02001435 ret = ssl_sock_parse_sctl(src);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001436 if (ret)
1437 goto end;
1438
William Lallemand0dfae6c2019-10-16 18:06:58 +02001439 sctl = calloc(1, sizeof(*sctl));
1440 if (!chunk_dup(sctl, src)) {
1441 free(sctl);
1442 sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001443 goto end;
1444 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001445 ret = 0;
1446 /* TODO: free the previous SCTL in the ckch */
1447 ckch->sctl = sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001448
1449end:
1450 if (fd != -1)
1451 close(fd);
1452
1453 return ret;
1454}
1455
1456int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1457{
Willy Tarreau83061a82018-07-13 11:56:34 +02001458 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001459
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001460 *out = (unsigned char *) sctl->area;
1461 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001462
1463 return 1;
1464}
1465
1466int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1467{
1468 return 1;
1469}
1470
William Lallemanda17f4112019-10-10 15:16:44 +02001471static int ssl_sock_load_sctl(SSL_CTX *ctx, struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001472{
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001473 int ret = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001474
William Lallemanda17f4112019-10-10 15:16:44 +02001475 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL))
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001476 goto out;
1477
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001478 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1479
1480 ret = 0;
1481
1482out:
1483 return ret;
1484}
1485
1486#endif
1487
Emeric Brune1f38db2012-09-03 20:36:47 +02001488void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1489{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001490 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001491 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001492 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001493 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001494
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001495#ifndef SSL_OP_NO_RENEGOTIATION
1496 /* Please note that BoringSSL defines this macro to zero so don't
1497 * change this to #if and do not assign a default value to this macro!
1498 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001499 if (where & SSL_CB_HANDSHAKE_START) {
1500 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001501 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001502 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001503 conn->err_code = CO_ER_SSL_RENEG;
1504 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001505 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001506#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001507
1508 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001509 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001510 /* Long certificate chains optimz
1511 If write and read bios are differents, we
1512 consider that the buffering was activated,
1513 so we rise the output buffer size from 4k
1514 to 16k */
1515 write_bio = SSL_get_wbio(ssl);
1516 if (write_bio != SSL_get_rbio(ssl)) {
1517 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001518 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001519 }
1520 }
1521 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001522}
1523
Emeric Brune64aef12012-09-21 13:15:06 +02001524/* Callback is called for each certificate of the chain during a verify
1525 ok is set to 1 if preverify detect no error on current certificate.
1526 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001527int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001528{
1529 SSL *ssl;
1530 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001531 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001532 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001533
1534 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001535 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001536
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001537 ctx = conn->xprt_ctx;
1538
1539 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001540
Emeric Brun81c00f02012-09-21 14:31:21 +02001541 if (ok) /* no errors */
1542 return ok;
1543
1544 depth = X509_STORE_CTX_get_error_depth(x_store);
1545 err = X509_STORE_CTX_get_error(x_store);
1546
1547 /* check if CA error needs to be ignored */
1548 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001549 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1550 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1551 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001552 }
1553
Willy Tarreau07d94e42018-09-20 10:57:52 +02001554 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001555 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001556 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001557 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001558 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001559
Willy Tarreau20879a02012-12-03 16:32:10 +01001560 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001561 return 0;
1562 }
1563
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001564 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1565 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001566
Emeric Brun81c00f02012-09-21 14:31:21 +02001567 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001568 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001569 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001570 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001571 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001572 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001573
Willy Tarreau20879a02012-12-03 16:32:10 +01001574 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001575 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001576}
1577
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001578static inline
1579void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001580 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001581{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001582 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001583 unsigned char *msg;
1584 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001585 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001586
1587 /* This function is called for "from client" and "to server"
1588 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001589 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001590 */
1591
1592 /* "write_p" is set to 0 is the bytes are received messages,
1593 * otherwise it is set to 1.
1594 */
1595 if (write_p != 0)
1596 return;
1597
1598 /* content_type contains the type of message received or sent
1599 * according with the SSL/TLS protocol spec. This message is
1600 * encoded with one byte. The value 256 (two bytes) is used
1601 * for designing the SSL/TLS record layer. According with the
1602 * rfc6101, the expected message (other than 256) are:
1603 * - change_cipher_spec(20)
1604 * - alert(21)
1605 * - handshake(22)
1606 * - application_data(23)
1607 * - (255)
1608 * We are interessed by the handshake and specially the client
1609 * hello.
1610 */
1611 if (content_type != 22)
1612 return;
1613
1614 /* The message length is at least 4 bytes, containing the
1615 * message type and the message length.
1616 */
1617 if (len < 4)
1618 return;
1619
1620 /* First byte of the handshake message id the type of
1621 * message. The konwn types are:
1622 * - hello_request(0)
1623 * - client_hello(1)
1624 * - server_hello(2)
1625 * - certificate(11)
1626 * - server_key_exchange (12)
1627 * - certificate_request(13)
1628 * - server_hello_done(14)
1629 * We are interested by the client hello.
1630 */
1631 msg = (unsigned char *)buf;
1632 if (msg[0] != 1)
1633 return;
1634
1635 /* Next three bytes are the length of the message. The total length
1636 * must be this decoded length + 4. If the length given as argument
1637 * is not the same, we abort the protocol dissector.
1638 */
1639 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1640 if (len < rec_len + 4)
1641 return;
1642 msg += 4;
1643 end = msg + rec_len;
1644 if (end < msg)
1645 return;
1646
1647 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1648 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001649 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1650 */
1651 msg += 1 + 1 + 4 + 28;
1652 if (msg > end)
1653 return;
1654
1655 /* Next, is session id:
1656 * if present, we have to jump by length + 1 for the size information
1657 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001658 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001659 if (msg[0] > 0)
1660 msg += msg[0];
1661 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001662 if (msg > end)
1663 return;
1664
1665 /* Next two bytes are the ciphersuite length. */
1666 if (msg + 2 > end)
1667 return;
1668 rec_len = (msg[0] << 8) + msg[1];
1669 msg += 2;
1670 if (msg + rec_len > end || msg + rec_len < msg)
1671 return;
1672
Willy Tarreaubafbe012017-11-24 17:34:44 +01001673 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001674 if (!capture)
1675 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001676 /* Compute the xxh64 of the ciphersuite. */
1677 capture->xxh64 = XXH64(msg, rec_len, 0);
1678
1679 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001680 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1681 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001682 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001683
1684 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001685}
1686
Emeric Brun29f037d2014-04-25 19:05:36 +02001687/* Callback is called for ssl protocol analyse */
1688void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1689{
Emeric Brun29f037d2014-04-25 19:05:36 +02001690#ifdef TLS1_RT_HEARTBEAT
1691 /* test heartbeat received (write_p is set to 0
1692 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001693 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001694 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001695 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001696 const unsigned char *p = buf;
1697 unsigned int payload;
1698
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001699 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001700
1701 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1702 if (*p != TLS1_HB_REQUEST)
1703 return;
1704
Willy Tarreauaeed6722014-04-25 23:59:58 +02001705 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001706 goto kill_it;
1707
1708 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001709 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001710 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001711 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001712 /* We have a clear heartbleed attack (CVE-2014-0160), the
1713 * advertised payload is larger than the advertised packet
1714 * length, so we have garbage in the buffer between the
1715 * payload and the end of the buffer (p+len). We can't know
1716 * if the SSL stack is patched, and we don't know if we can
1717 * safely wipe out the area between p+3+len and payload.
1718 * So instead, we prevent the response from being sent by
1719 * setting the max_send_fragment to 0 and we report an SSL
1720 * error, which will kill this connection. It will be reported
1721 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001722 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1723 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001724 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001725 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1726 return;
1727 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001728#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001729 if (global_ssl.capture_cipherlist > 0)
1730 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001731}
1732
Bernard Spil13c53f82018-02-15 13:34:58 +01001733#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001734static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1735 const unsigned char *in, unsigned int inlen,
1736 void *arg)
1737{
1738 struct server *srv = arg;
1739
1740 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1741 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1742 return SSL_TLSEXT_ERR_OK;
1743 return SSL_TLSEXT_ERR_NOACK;
1744}
1745#endif
1746
1747#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001748/* This callback is used so that the server advertises the list of
1749 * negociable protocols for NPN.
1750 */
1751static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1752 unsigned int *len, void *arg)
1753{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001754 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001755
1756 *data = (const unsigned char *)conf->npn_str;
1757 *len = conf->npn_len;
1758 return SSL_TLSEXT_ERR_OK;
1759}
1760#endif
1761
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001762#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001763/* This callback is used so that the server advertises the list of
1764 * negociable protocols for ALPN.
1765 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001766static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1767 unsigned char *outlen,
1768 const unsigned char *server,
1769 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001770{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001771 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001772
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001773 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1774 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1775 return SSL_TLSEXT_ERR_NOACK;
1776 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001777 return SSL_TLSEXT_ERR_OK;
1778}
1779#endif
1780
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001781#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001782#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001783
Christopher Faulet30548802015-06-11 13:39:32 +02001784/* Create a X509 certificate with the specified servername and serial. This
1785 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001786static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001787ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001788{
Christopher Faulet7969a332015-10-09 11:15:03 +02001789 X509 *cacert = bind_conf->ca_sign_cert;
1790 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001791 SSL_CTX *ssl_ctx = NULL;
1792 X509 *newcrt = NULL;
1793 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001794 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001795 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001796 X509_NAME *name;
1797 const EVP_MD *digest;
1798 X509V3_CTX ctx;
1799 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001800 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001801
Christopher Faulet48a83322017-07-28 16:56:09 +02001802 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001803#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001804 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1805#else
1806 tmp_ssl = SSL_new(bind_conf->default_ctx);
1807 if (tmp_ssl)
1808 pkey = SSL_get_privatekey(tmp_ssl);
1809#endif
1810 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001811 goto mkcert_error;
1812
1813 /* Create the certificate */
1814 if (!(newcrt = X509_new()))
1815 goto mkcert_error;
1816
1817 /* Set version number for the certificate (X509v3) and the serial
1818 * number */
1819 if (X509_set_version(newcrt, 2L) != 1)
1820 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001821 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001822
1823 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001824 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1825 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001826 goto mkcert_error;
1827
1828 /* set public key in the certificate */
1829 if (X509_set_pubkey(newcrt, pkey) != 1)
1830 goto mkcert_error;
1831
1832 /* Set issuer name from the CA */
1833 if (!(name = X509_get_subject_name(cacert)))
1834 goto mkcert_error;
1835 if (X509_set_issuer_name(newcrt, name) != 1)
1836 goto mkcert_error;
1837
1838 /* Set the subject name using the same, but the CN */
1839 name = X509_NAME_dup(name);
1840 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1841 (const unsigned char *)servername,
1842 -1, -1, 0) != 1) {
1843 X509_NAME_free(name);
1844 goto mkcert_error;
1845 }
1846 if (X509_set_subject_name(newcrt, name) != 1) {
1847 X509_NAME_free(name);
1848 goto mkcert_error;
1849 }
1850 X509_NAME_free(name);
1851
1852 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001853 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001854 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1855 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1856 X509_EXTENSION *ext;
1857
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001858 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001859 goto mkcert_error;
1860 if (!X509_add_ext(newcrt, ext, -1)) {
1861 X509_EXTENSION_free(ext);
1862 goto mkcert_error;
1863 }
1864 X509_EXTENSION_free(ext);
1865 }
1866
1867 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001868
1869 key_type = EVP_PKEY_base_id(capkey);
1870
1871 if (key_type == EVP_PKEY_DSA)
1872 digest = EVP_sha1();
1873 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001874 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001875 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001876 digest = EVP_sha256();
1877 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001878#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001879 int nid;
1880
1881 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1882 goto mkcert_error;
1883 if (!(digest = EVP_get_digestbynid(nid)))
1884 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001885#else
1886 goto mkcert_error;
1887#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001888 }
1889
Christopher Faulet31af49d2015-06-09 17:29:50 +02001890 if (!(X509_sign(newcrt, capkey, digest)))
1891 goto mkcert_error;
1892
1893 /* Create and set the new SSL_CTX */
1894 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1895 goto mkcert_error;
1896 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1897 goto mkcert_error;
1898 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1899 goto mkcert_error;
1900 if (!SSL_CTX_check_private_key(ssl_ctx))
1901 goto mkcert_error;
1902
1903 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001904
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001905#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001906 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001907#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001908#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1909 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001910 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001911 EC_KEY *ecc;
1912 int nid;
1913
1914 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1915 goto end;
1916 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1917 goto end;
1918 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1919 EC_KEY_free(ecc);
1920 }
1921#endif
1922 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001923 return ssl_ctx;
1924
1925 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001926 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001927 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001928 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1929 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001930 return NULL;
1931}
1932
Christopher Faulet7969a332015-10-09 11:15:03 +02001933SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001934ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001935{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001936 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001937 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001938
Olivier Houchard66ab4982019-02-26 18:37:15 +01001939 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001940}
1941
Christopher Faulet30548802015-06-11 13:39:32 +02001942/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001943 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001944SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001945ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001946{
1947 struct lru64 *lru = NULL;
1948
1949 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001950 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001951 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001952 if (lru && lru->domain) {
1953 if (ssl)
1954 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001955 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001956 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001957 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001958 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001959 }
1960 return NULL;
1961}
1962
Emeric Brun821bb9b2017-06-15 16:37:39 +02001963/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1964 * function is not thread-safe, it should only be used to check if a certificate
1965 * exists in the lru cache (with no warranty it will not be removed by another
1966 * thread). It is kept for backward compatibility. */
1967SSL_CTX *
1968ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1969{
1970 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1971}
1972
Christopher Fauletd2cab922015-07-28 16:03:47 +02001973/* Set a certificate int the LRU cache used to store generated
1974 * certificate. Return 0 on success, otherwise -1 */
1975int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001976ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001977{
1978 struct lru64 *lru = NULL;
1979
1980 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001981 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001982 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001983 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001984 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001985 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001986 }
Christopher Faulet30548802015-06-11 13:39:32 +02001987 if (lru->domain && lru->data)
1988 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001989 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001990 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001991 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001992 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001993 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001994}
1995
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001996/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001997unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001998ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001999{
2000 return XXH32(data, len, ssl_ctx_lru_seed);
2001}
2002
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002003/* Generate a cert and immediately assign it to the SSL session so that the cert's
2004 * refcount is maintained regardless of the cert's presence in the LRU cache.
2005 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002006static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002007ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002008{
2009 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002010 SSL_CTX *ssl_ctx = NULL;
2011 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002012 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002013
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002014 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002015 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002016 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002017 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002018 if (lru && lru->domain)
2019 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002020 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002021 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002022 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002023 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002024 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002025 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002026 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002027 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002028 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002029 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002030 SSL_set_SSL_CTX(ssl, ssl_ctx);
2031 /* No LRU cache, this CTX will be released as soon as the session dies */
2032 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002033 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002034 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002035 return 0;
2036}
2037static int
2038ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2039{
2040 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002041 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002042
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002043 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002044 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002045 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002046 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002047 }
2048 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002049}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002050#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002051
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002052#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002053typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2054
2055static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002056{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002057#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002058 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002059 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2060#endif
2061}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002062static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2063 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002064 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2065}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002066static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002067#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002068 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002069 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2070#endif
2071}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002072static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002073#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002074 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002075 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2076#endif
2077}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002078/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002079static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2080/* Unusable in this context. */
2081static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2082static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2083static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2084static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2085static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002086#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002087typedef enum { SET_MIN, SET_MAX } set_context_func;
2088
2089static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2090 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002091 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2092}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002093static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2094 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2095 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2096}
2097static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2098 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002099 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2100}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002101static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2102 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2103 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2104}
2105static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2106 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002107 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2108}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002109static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2110 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2111 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2112}
2113static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2114 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002115 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2116}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2118 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2119 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2120}
2121static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002122#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002123 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002124 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2125#endif
2126}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002127static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2128#if SSL_OP_NO_TLSv1_3
2129 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2130 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002131#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002132}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002133#endif
2134static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2135static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002136
2137static struct {
2138 int option;
2139 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002140 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2141 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002142 const char *name;
2143} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002144 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2145 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2146 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2147 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2148 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2149 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002150};
2151
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002152static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2153{
2154 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2155 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2156 SSL_set_SSL_CTX(ssl, ctx);
2157}
2158
Willy Tarreau5db847a2019-05-09 14:13:35 +02002159#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002160
2161static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2162{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002163 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002164 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002165
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002166 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2167 return SSL_TLSEXT_ERR_OK;
2168 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002169}
2170
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002171#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002172static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2173{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002174 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002175#else
2176static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2177{
2178#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002179 struct connection *conn;
2180 struct bind_conf *s;
2181 const uint8_t *extension_data;
2182 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002183 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002184
2185 char *wildp = NULL;
2186 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002187 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002188 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002189 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002190 int i;
2191
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002192 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002193 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002194
Olivier Houchard9679ac92017-10-27 14:58:08 +02002195 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002196 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002197#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002198 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2199 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002200#else
2201 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2202#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002203 /*
2204 * The server_name extension was given too much extensibility when it
2205 * was written, so parsing the normal case is a bit complex.
2206 */
2207 size_t len;
2208 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002210 /* Extract the length of the supplied list of names. */
2211 len = (*extension_data++) << 8;
2212 len |= *extension_data++;
2213 if (len + 2 != extension_len)
2214 goto abort;
2215 /*
2216 * The list in practice only has a single element, so we only consider
2217 * the first one.
2218 */
2219 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2220 goto abort;
2221 extension_len = len - 1;
2222 /* Now we can finally pull out the byte array with the actual hostname. */
2223 if (extension_len <= 2)
2224 goto abort;
2225 len = (*extension_data++) << 8;
2226 len |= *extension_data++;
2227 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2228 || memchr(extension_data, 0, len) != NULL)
2229 goto abort;
2230 servername = extension_data;
2231 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002232 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002233#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2234 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002235 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002236 }
2237#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002238 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002239 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002240 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002241 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002242 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002243 goto abort;
2244 }
2245
2246 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002247#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002248 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002249#else
2250 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2251#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002252 uint8_t sign;
2253 size_t len;
2254 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002255 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002256 len = (*extension_data++) << 8;
2257 len |= *extension_data++;
2258 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002259 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002260 if (len % 2 != 0)
2261 goto abort;
2262 for (; len > 0; len -= 2) {
2263 extension_data++; /* hash */
2264 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002265 switch (sign) {
2266 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002267 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002268 break;
2269 case TLSEXT_signature_ecdsa:
2270 has_ecdsa_sig = 1;
2271 break;
2272 default:
2273 continue;
2274 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002275 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002276 break;
2277 }
2278 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002279 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002280 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002281 }
2282 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002283 const SSL_CIPHER *cipher;
2284 size_t len;
2285 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002286 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002287#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002288 len = ctx->cipher_suites_len;
2289 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002290#else
2291 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2292#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002293 if (len % 2 != 0)
2294 goto abort;
2295 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002296#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002297 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002298 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002299#else
2300 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2301#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002302 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002303 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002304 break;
2305 }
2306 }
2307 }
2308
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002309 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002310 trash.area[i] = tolower(servername[i]);
2311 if (!wildp && (trash.area[i] == '.'))
2312 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002313 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002314 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002315
William Lallemand150bfa82019-09-19 17:12:49 +02002316 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002317 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002318 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002319
2320 /* lookup a not neg filter */
2321 for (n = node; n; n = ebmb_next_dup(n)) {
2322 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002323 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002325 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002326 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002327 break;
2328 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002329 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002330 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002331 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002332 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002333 if (!node_anonymous)
2334 node_anonymous = n;
2335 break;
2336 }
2337 }
2338 }
2339 if (wildp) {
2340 /* lookup in wildcards names */
2341 node = ebst_lookup(&s->sni_w_ctx, wildp);
2342 for (n = node; n; n = ebmb_next_dup(n)) {
2343 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002344 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002345 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002346 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002347 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 break;
2349 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002350 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002351 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002352 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002353 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002354 if (!node_anonymous)
2355 node_anonymous = n;
2356 break;
2357 }
2358 }
2359 }
2360 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002361 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002362 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2363 : ((has_rsa_sig && node_rsa) ? node_rsa
2364 : (node_anonymous ? node_anonymous
2365 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2366 : node_rsa /* no rsa signature case (far far away) */
2367 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002368 if (node) {
2369 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002370 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002371 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002372 if (conf) {
2373 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2374 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2375 if (conf->early_data)
2376 allow_early = 1;
2377 }
William Lallemand02010472019-10-18 11:02:19 +02002378 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002379 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002380 }
William Lallemand150bfa82019-09-19 17:12:49 +02002381
William Lallemand02010472019-10-18 11:02:19 +02002382 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002383#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002384 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002385 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002386 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002387 }
2388#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002389 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002390 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002391 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002392 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002393allow_early:
2394#ifdef OPENSSL_IS_BORINGSSL
2395 if (allow_early)
2396 SSL_set_early_data_enabled(ssl, 1);
2397#else
2398 if (!allow_early)
2399 SSL_set_max_early_data(ssl, 0);
2400#endif
2401 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002402 abort:
2403 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2404 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002405#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002406 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002407#else
2408 *al = SSL_AD_UNRECOGNIZED_NAME;
2409 return 0;
2410#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002411}
2412
2413#else /* OPENSSL_IS_BORINGSSL */
2414
Emeric Brunfc0421f2012-09-07 17:30:07 +02002415/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2416 * warning when no match is found, which implies the default (first) cert
2417 * will keep being used.
2418 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002419static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002420{
2421 const char *servername;
2422 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002423 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002424 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002425 int i;
2426 (void)al; /* shut gcc stupid warning */
2427
2428 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002429 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002430#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002431 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2432 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002433#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002434 if (s->strict_sni)
2435 return SSL_TLSEXT_ERR_ALERT_FATAL;
2436 ssl_sock_switchctx_set(ssl, s->default_ctx);
2437 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002438 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002439
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002440 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002441 if (!servername[i])
2442 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002443 trash.area[i] = tolower(servername[i]);
2444 if (!wildp && (trash.area[i] == '.'))
2445 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002446 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002447 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002448
William Lallemand150bfa82019-09-19 17:12:49 +02002449 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002450 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002451 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002452
2453 /* lookup a not neg filter */
2454 for (n = node; n; n = ebmb_next_dup(n)) {
2455 if (!container_of(n, struct sni_ctx, name)->neg) {
2456 node = n;
2457 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002458 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002459 }
2460 if (!node && wildp) {
2461 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002462 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002463 }
2464 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002465#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002466 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2467 /* switch ctx done in ssl_sock_generate_certificate */
William Lallemand150bfa82019-09-19 17:12:49 +02002468 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002469 return SSL_TLSEXT_ERR_OK;
2470 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002471#endif
William Lallemand150bfa82019-09-19 17:12:49 +02002472 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002473 if (s->strict_sni)
2474 return SSL_TLSEXT_ERR_ALERT_FATAL;
2475 ssl_sock_switchctx_set(ssl, s->default_ctx);
2476 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002477 }
2478
2479 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002480 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
William Lallemand150bfa82019-09-19 17:12:49 +02002481 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002482 return SSL_TLSEXT_ERR_OK;
2483}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002484#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002485#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2486
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002487#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002488
2489static DH * ssl_get_dh_1024(void)
2490{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002491 static unsigned char dh1024_p[]={
2492 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2493 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2494 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2495 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2496 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2497 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2498 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2499 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2500 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2501 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2502 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2503 };
2504 static unsigned char dh1024_g[]={
2505 0x02,
2506 };
2507
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002508 BIGNUM *p;
2509 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002510 DH *dh = DH_new();
2511 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002512 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2513 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002514
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002515 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002516 DH_free(dh);
2517 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002518 } else {
2519 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002520 }
2521 }
2522 return dh;
2523}
2524
2525static DH *ssl_get_dh_2048(void)
2526{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002527 static unsigned char dh2048_p[]={
2528 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2529 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2530 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2531 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2532 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2533 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2534 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2535 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2536 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2537 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2538 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2539 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2540 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2541 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2542 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2543 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2544 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2545 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2546 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2547 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2548 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2549 0xB7,0x1F,0x77,0xF3,
2550 };
2551 static unsigned char dh2048_g[]={
2552 0x02,
2553 };
2554
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002555 BIGNUM *p;
2556 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002557 DH *dh = DH_new();
2558 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002559 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2560 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002561
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002562 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002563 DH_free(dh);
2564 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002565 } else {
2566 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002567 }
2568 }
2569 return dh;
2570}
2571
2572static DH *ssl_get_dh_4096(void)
2573{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002574 static unsigned char dh4096_p[]={
2575 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2576 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2577 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2578 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2579 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2580 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2581 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2582 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2583 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2584 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2585 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2586 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2587 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2588 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2589 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2590 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2591 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2592 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2593 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2594 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2595 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2596 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2597 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2598 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2599 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2600 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2601 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2602 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2603 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2604 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2605 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2606 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2607 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2608 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2609 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2610 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2611 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2612 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2613 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2614 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2615 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2616 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2617 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002618 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002619 static unsigned char dh4096_g[]={
2620 0x02,
2621 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002622
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002623 BIGNUM *p;
2624 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002625 DH *dh = DH_new();
2626 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002627 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2628 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002629
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002630 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002631 DH_free(dh);
2632 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002633 } else {
2634 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002635 }
2636 }
2637 return dh;
2638}
2639
2640/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002641 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002642static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2643{
2644 DH *dh = NULL;
2645 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002646 int type;
2647
2648 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002649
2650 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2651 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2652 */
2653 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2654 keylen = EVP_PKEY_bits(pkey);
2655 }
2656
Willy Tarreauef934602016-12-22 23:12:01 +01002657 if (keylen > global_ssl.default_dh_param) {
2658 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002659 }
2660
Remi Gacogned3a341a2015-05-29 16:26:17 +02002661 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002662 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002663 }
2664 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002665 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002666 }
2667 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002668 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002669 }
2670
2671 return dh;
2672}
2673
Remi Gacogne47783ef2015-05-29 15:53:22 +02002674static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002675{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002676 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002677 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002678
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002679 if (in == NULL)
2680 goto end;
2681
Remi Gacogne47783ef2015-05-29 15:53:22 +02002682 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002683 goto end;
2684
Remi Gacogne47783ef2015-05-29 15:53:22 +02002685 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2686
2687end:
2688 if (in)
2689 BIO_free(in);
2690
Emeric Brune1b4ed42018-08-16 15:14:12 +02002691 ERR_clear_error();
2692
Remi Gacogne47783ef2015-05-29 15:53:22 +02002693 return dh;
2694}
2695
2696int ssl_sock_load_global_dh_param_from_file(const char *filename)
2697{
2698 global_dh = ssl_sock_get_dh_from_file(filename);
2699
2700 if (global_dh) {
2701 return 0;
2702 }
2703
2704 return -1;
2705}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002706#endif
2707
William Lallemand9117de92019-10-04 00:29:42 +02002708/* Alloc and init a ckch_inst */
2709static struct ckch_inst *ckch_inst_new()
2710{
2711 struct ckch_inst *ckch_inst;
2712
2713 ckch_inst = calloc(1, sizeof *ckch_inst);
2714 if (ckch_inst)
2715 LIST_INIT(&ckch_inst->sni_ctx);
2716
2717 return ckch_inst;
2718}
2719
2720
2721/* This function allocates a sni_ctx and adds it to the ckch_inst */
William Lallemand1d29c742019-10-04 00:53:29 +02002722static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
William Lallemand9117de92019-10-04 00:29:42 +02002723 struct bind_conf *s, struct ssl_bind_conf *conf,
2724 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002725{
2726 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002727 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002728
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002729 if (*name == '!') {
2730 neg = 1;
2731 name++;
2732 }
2733 if (*name == '*') {
2734 wild = 1;
2735 name++;
2736 }
2737 /* !* filter is a nop */
2738 if (neg && wild)
2739 return order;
2740 if (*name) {
2741 int j, len;
2742 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002743 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002744 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002745 if (j >= trash.size)
William Lallemandfe49bb32019-10-03 23:46:33 +02002746 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002747 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002748
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002749 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002750 if (!sc)
William Lallemandfe49bb32019-10-03 23:46:33 +02002751 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002752 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002753 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002754 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002755 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002756 sc->order = order++;
2757 sc->neg = neg;
William Lallemand1d29c742019-10-04 00:53:29 +02002758 sc->wild = wild;
2759 sc->name.node.leaf_p = NULL;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002760 if (kinfo.sig != TLSEXT_signature_anonymous)
2761 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
William Lallemand9117de92019-10-04 00:29:42 +02002762
William Lallemand1d29c742019-10-04 00:53:29 +02002763 LIST_ADDQ(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002764 }
2765 return order;
2766}
2767
William Lallemand6af03992019-07-23 15:00:54 +02002768/*
William Lallemand1d29c742019-10-04 00:53:29 +02002769 * Insert the sni_ctxs that are listed in the ckch_inst, in the bind_conf's sni_ctx tree
2770 * This function can't return an error.
2771 *
2772 * *CAUTION*: The caller must lock the sni tree if called in multithreading mode
2773 */
2774static void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf)
2775{
2776
2777 struct sni_ctx *sc0, *sc0b, *sc1;
2778 struct ebmb_node *node;
2779
2780 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
2781
2782 /* ignore if sc0 was already inserted in a tree */
2783 if (sc0->name.node.leaf_p)
2784 continue;
2785
2786 /* Check for duplicates. */
2787 if (sc0->wild)
2788 node = ebst_lookup(&bind_conf->sni_w_ctx, (char *)sc0->name.key);
2789 else
2790 node = ebst_lookup(&bind_conf->sni_ctx, (char *)sc0->name.key);
2791
2792 for (; node; node = ebmb_next_dup(node)) {
2793 sc1 = ebmb_entry(node, struct sni_ctx, name);
2794 if (sc1->ctx == sc0->ctx && sc1->conf == sc0->conf
2795 && sc1->neg == sc0->neg && sc1->wild == sc0->wild) {
2796 /* it's a duplicate, we should remove and free it */
2797 LIST_DEL(&sc0->by_ckch_inst);
2798 free(sc0);
2799 sc0 = NULL;
William Lallemande15029b2019-10-14 10:46:58 +02002800 break;
William Lallemand1d29c742019-10-04 00:53:29 +02002801 }
2802 }
2803
2804 /* if duplicate, ignore the insertion */
2805 if (!sc0)
2806 continue;
2807
2808 if (sc0->wild)
2809 ebst_insert(&bind_conf->sni_w_ctx, &sc0->name);
2810 else
2811 ebst_insert(&bind_conf->sni_ctx, &sc0->name);
2812 }
2813}
2814
2815/*
William Lallemande3af8fb2019-10-08 11:36:53 +02002816 * tree used to store the ckchs ordered by filename/bundle name
William Lallemand6af03992019-07-23 15:00:54 +02002817 */
William Lallemande3af8fb2019-10-08 11:36:53 +02002818struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
William Lallemand6af03992019-07-23 15:00:54 +02002819
William Lallemandfa892222019-07-23 16:06:08 +02002820
Emeric Brun7a883362019-10-17 13:27:40 +02002821/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2822 * If there is no DH paramater availaible in the ckchs, the global
2823 * DH parameter is loaded into the SSL_CTX and if there is no
2824 * DH parameter available in ckchs nor in global, the default
2825 * DH parameters are applied on the SSL_CTX.
2826 * Returns a bitfield containing the flags:
2827 * ERR_FATAL in any fatal error case
2828 * ERR_ALERT if a reason of the error is availabine in err
2829 * ERR_WARN if a warning is available into err
2830 * The value 0 means there is no error nor warning and
2831 * the operation succeed.
2832 */
William Lallemandfa892222019-07-23 16:06:08 +02002833#ifndef OPENSSL_NO_DH
Emeric Brun7a883362019-10-17 13:27:40 +02002834static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch,
2835 const char *path, char **err)
William Lallemandfa892222019-07-23 16:06:08 +02002836{
Emeric Brun7a883362019-10-17 13:27:40 +02002837 int ret = 0;
William Lallemandfa892222019-07-23 16:06:08 +02002838 DH *dh = NULL;
2839
William Lallemanda8c73742019-07-31 18:31:34 +02002840 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02002841 dh = ckch->dh;
Emeric Bruna9363eb2019-10-17 14:53:03 +02002842 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
2843 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
2844 err && *err ? *err : "", path);
2845#if defined(SSL_CTX_set_dh_auto)
2846 SSL_CTX_set_dh_auto(ctx, 1);
2847 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2848 err && *err ? *err : "");
2849#else
2850 memprintf(err, "%s, DH ciphers won't be available.\n",
2851 err && *err ? *err : "");
2852#endif
2853 ret |= ERR_WARN;
2854 goto end;
2855 }
William Lallemandfa892222019-07-23 16:06:08 +02002856
2857 if (ssl_dh_ptr_index >= 0) {
2858 /* store a pointer to the DH params to avoid complaining about
2859 ssl-default-dh-param not being set for this SSL_CTX */
2860 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2861 }
2862 }
2863 else if (global_dh) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02002864 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
2865 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
2866 err && *err ? *err : "", path);
2867#if defined(SSL_CTX_set_dh_auto)
2868 SSL_CTX_set_dh_auto(ctx, 1);
2869 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2870 err && *err ? *err : "");
2871#else
2872 memprintf(err, "%s, DH ciphers won't be available.\n",
2873 err && *err ? *err : "");
2874#endif
2875 ret |= ERR_WARN;
2876 goto end;
2877 }
William Lallemandfa892222019-07-23 16:06:08 +02002878 }
2879 else {
2880 /* Clear openssl global errors stack */
2881 ERR_clear_error();
2882
2883 if (global_ssl.default_dh_param <= 1024) {
2884 /* we are limited to DH parameter of 1024 bits anyway */
2885 if (local_dh_1024 == NULL)
2886 local_dh_1024 = ssl_get_dh_1024();
2887
Emeric Brun7a883362019-10-17 13:27:40 +02002888 if (local_dh_1024 == NULL) {
2889 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2890 err && *err ? *err : "", path);
2891 ret |= ERR_ALERT | ERR_FATAL;
William Lallemandfa892222019-07-23 16:06:08 +02002892 goto end;
Emeric Brun7a883362019-10-17 13:27:40 +02002893 }
William Lallemandfa892222019-07-23 16:06:08 +02002894
Emeric Bruna9363eb2019-10-17 14:53:03 +02002895 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
2896 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2897 err && *err ? *err : "", path);
2898#if defined(SSL_CTX_set_dh_auto)
2899 SSL_CTX_set_dh_auto(ctx, 1);
2900 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2901 err && *err ? *err : "");
2902#else
2903 memprintf(err, "%s, DH ciphers won't be available.\n",
2904 err && *err ? *err : "");
2905#endif
2906 ret |= ERR_WARN;
2907 goto end;
2908 }
William Lallemandfa892222019-07-23 16:06:08 +02002909 }
2910 else {
2911 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2912 }
William Lallemandfa892222019-07-23 16:06:08 +02002913 }
2914
2915end:
William Lallemandfa892222019-07-23 16:06:08 +02002916 return ret;
2917}
2918#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05002919
yanbzhu488a4d22015-12-01 15:16:07 -05002920/* Frees the contents of a cert_key_and_chain
2921 */
2922static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2923{
yanbzhu488a4d22015-12-01 15:16:07 -05002924 if (!ckch)
2925 return;
2926
2927 /* Free the certificate and set pointer to NULL */
2928 if (ckch->cert)
2929 X509_free(ckch->cert);
2930 ckch->cert = NULL;
2931
2932 /* Free the key and set pointer to NULL */
2933 if (ckch->key)
2934 EVP_PKEY_free(ckch->key);
2935 ckch->key = NULL;
2936
2937 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002938 if (ckch->chain)
2939 sk_X509_pop_free(ckch->chain, X509_free);
2940 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05002941
William Lallemand455af502019-10-17 18:04:45 +02002942 if (ckch->dh)
2943 DH_free(ckch->dh);
2944 ckch->dh = NULL;
2945
2946 if (ckch->sctl) {
2947 free(ckch->sctl->area);
2948 ckch->sctl->area = NULL;
2949 free(ckch->sctl);
2950 ckch->sctl = NULL;
2951 }
2952
2953 if (ckch->ocsp_response) {
2954 free(ckch->ocsp_response->area);
2955 ckch->ocsp_response->area = NULL;
2956 free(ckch->ocsp_response);
2957 ckch->ocsp_response = NULL;
2958 }
yanbzhu488a4d22015-12-01 15:16:07 -05002959}
2960
William Lallemand8d0f8932019-10-17 18:03:58 +02002961/*
2962 *
2963 * This function copy a cert_key_and_chain in memory
2964 *
2965 * It's used to try to apply changes on a ckch before committing them, because
2966 * most of the time it's not possible to revert those changes
2967 *
2968 * Return a the dst or NULL
2969 */
2970static struct cert_key_and_chain *ssl_sock_copy_cert_key_and_chain(struct cert_key_and_chain *src,
2971 struct cert_key_and_chain *dst)
2972{
2973 if (src->cert) {
2974 dst->cert = src->cert;
2975 X509_up_ref(src->cert);
2976 }
2977
2978 if (src->key) {
2979 dst->key = src->key;
2980 EVP_PKEY_up_ref(src->key);
2981 }
2982
2983 if (src->chain) {
2984 dst->chain = X509_chain_up_ref(src->chain);
2985 }
2986
2987 if (src->dh) {
2988 DH_up_ref(src->dh);
2989 dst->dh = src->dh;
2990 }
2991
2992 if (src->sctl) {
2993 struct buffer *sctl;
2994
2995 sctl = calloc(1, sizeof(*sctl));
2996 if (!chunk_dup(sctl, src->sctl)) {
2997 free(sctl);
2998 sctl = NULL;
2999 goto error;
3000 }
3001 dst->sctl = sctl;
3002 }
3003
3004 if (src->ocsp_response) {
3005 struct buffer *ocsp_response;
3006
3007 ocsp_response = calloc(1, sizeof(*ocsp_response));
3008 if (!chunk_dup(ocsp_response, src->ocsp_response)) {
3009 free(ocsp_response);
3010 ocsp_response = NULL;
3011 goto error;
3012 }
3013 dst->ocsp_response = ocsp_response;
3014 }
3015
3016 if (src->ocsp_issuer) {
3017 X509_up_ref(src->ocsp_issuer);
3018 dst->ocsp_issuer = src->ocsp_issuer;
3019 }
3020
3021 return dst;
3022
3023error:
3024
3025 /* free everything */
3026 ssl_sock_free_cert_key_and_chain_contents(dst);
3027
3028 return NULL;
3029}
3030
3031
yanbzhu488a4d22015-12-01 15:16:07 -05003032/* checks if a key and cert exists in the ckch
3033 */
William Lallemand1633e392019-09-30 12:58:13 +02003034#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05003035static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
3036{
3037 return (ckch->cert != NULL && ckch->key != NULL);
3038}
William Lallemand1633e392019-09-30 12:58:13 +02003039#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003040
William Lallemandf9568fc2019-10-16 18:27:58 +02003041/*
3042 * return 0 on success or != 0 on failure
3043 */
3044static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch, char **err)
3045{
3046 int ret = 1;
3047 BIO *in = NULL;
3048 X509 *issuer;
3049
3050 if (buf) {
3051 /* reading from a buffer */
3052 in = BIO_new_mem_buf(buf, -1);
3053 if (in == NULL) {
3054 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3055 goto end;
3056 }
3057
3058 } else {
3059 /* reading from a file */
3060 in = BIO_new(BIO_s_file());
3061 if (in == NULL)
3062 goto end;
3063
3064 if (BIO_read_filename(in, path) <= 0)
3065 goto end;
3066 }
3067
3068 issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3069 if (!issuer) {
3070 memprintf(err, "%s'%s' cannot be read or parsed'.\n",
3071 *err ? *err : "", path);
3072 goto end;
3073 }
3074 ret = 0;
3075 ckch->ocsp_issuer = issuer;
3076
3077end:
3078
3079 ERR_clear_error();
3080 if (in)
3081 BIO_free(in);
3082
3083 return ret;
3084}
3085
William Lallemand96a9c972019-10-17 11:56:17 +02003086
3087/*
3088 * Try to load a PEM file from a <path> or a buffer <buf>
3089 * The PEM must contain at least a Private Key and a Certificate,
3090 * It could contain a DH and a certificate chain.
yanbzhu488a4d22015-12-01 15:16:07 -05003091 *
William Lallemand96a9c972019-10-17 11:56:17 +02003092 * If it failed you should not attempt to use the ckch but free it.
3093 *
3094 * Return 0 on success or != 0 on failure
yanbzhu488a4d22015-12-01 15:16:07 -05003095 */
William Lallemand96a9c972019-10-17 11:56:17 +02003096static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch , char **err)
yanbzhu488a4d22015-12-01 15:16:07 -05003097{
William Lallemandf11365b2019-09-19 14:25:58 +02003098 BIO *in = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003099 int ret = 1;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003100 X509 *ca;
William Lallemand96a9c972019-10-17 11:56:17 +02003101 X509 *cert = NULL;
3102 EVP_PKEY *key = NULL;
3103 DH *dh;
3104
3105 if (buf) {
3106 /* reading from a buffer */
3107 in = BIO_new_mem_buf(buf, -1);
3108 if (in == NULL) {
3109 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3110 goto end;
3111 }
yanbzhu488a4d22015-12-01 15:16:07 -05003112
William Lallemand96a9c972019-10-17 11:56:17 +02003113 } else {
3114 /* reading from a file */
William Lallemandf11365b2019-09-19 14:25:58 +02003115 in = BIO_new(BIO_s_file());
3116 if (in == NULL)
3117 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003118
William Lallemandf11365b2019-09-19 14:25:58 +02003119 if (BIO_read_filename(in, path) <= 0)
3120 goto end;
William Lallemandf11365b2019-09-19 14:25:58 +02003121 }
yanbzhu488a4d22015-12-01 15:16:07 -05003122
yanbzhu488a4d22015-12-01 15:16:07 -05003123 /* Read Private Key */
William Lallemand96a9c972019-10-17 11:56:17 +02003124 key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3125 if (key == NULL) {
yanbzhu488a4d22015-12-01 15:16:07 -05003126 memprintf(err, "%sunable to load private key from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003127 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003128 goto end;
3129 }
3130
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003131#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02003132 /* Seek back to beginning of file */
3133 if (BIO_reset(in) == -1) {
3134 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3135 err && *err ? *err : "", path);
3136 goto end;
3137 }
3138
William Lallemand96a9c972019-10-17 11:56:17 +02003139 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
3140 /* no need to return an error there, dh is not mandatory */
3141
3142 if (dh) {
3143 if (ckch->dh)
3144 DH_free(ckch->dh);
3145 ckch->dh = dh;
3146 }
3147
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003148#endif
William Lallemandfa892222019-07-23 16:06:08 +02003149
Willy Tarreaubb137a82016-04-06 19:02:38 +02003150 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003151 if (BIO_reset(in) == -1) {
3152 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3153 err && *err ? *err : "", path);
3154 goto end;
3155 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003156
3157 /* Read Certificate */
William Lallemand96a9c972019-10-17 11:56:17 +02003158 cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3159 if (cert == NULL) {
Willy Tarreaubb137a82016-04-06 19:02:38 +02003160 memprintf(err, "%sunable to load certificate from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003161 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02003162 goto end;
3163 }
3164
William Lallemand96a9c972019-10-17 11:56:17 +02003165 if (!X509_check_private_key(cert, key)) {
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003166 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003167 err && *err ? *err : "", path);
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003168 goto end;
3169 }
3170
William Lallemand96a9c972019-10-17 11:56:17 +02003171 /* Key and Cert are good, we can use them in the ckch */
3172 if (ckch->key) /* free the previous key */
3173 EVP_PKEY_free(ckch->key);
3174 ckch->key = key;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003175 key = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003176
3177 if (ckch->cert) /* free the previous cert */
3178 X509_free(ckch->cert);
3179 ckch->cert = cert;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003180 cert = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003181
3182 /* Look for a Certificate Chain */
3183 ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
3184 if (ca) {
3185 /* there is a chain a in the PEM, clean the previous one in the CKCH */
3186 if (ckch->chain) /* free the previous chain */
3187 sk_X509_pop_free(ckch->chain, X509_free);
3188 ckch->chain = sk_X509_new_null();
3189 if (!sk_X509_push(ckch->chain, ca)) {
3190 X509_free(ca);
3191 goto end;
3192 }
3193 }
3194 /* look for other crt in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003195 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3196 if (!sk_X509_push(ckch->chain, ca)) {
3197 X509_free(ca);
3198 goto end;
3199 }
yanbzhu488a4d22015-12-01 15:16:07 -05003200
Emmanuel Hocdeted17f472019-10-24 18:28:33 +02003201 /* no chain */
3202 if (ckch->chain == NULL) {
3203 ckch->chain = sk_X509_new_null();
3204 }
3205
yanbzhu488a4d22015-12-01 15:16:07 -05003206 ret = ERR_get_error();
3207 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3208 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003209 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003210 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003211 }
3212
3213 ret = 0;
3214
William Lallemand96a9c972019-10-17 11:56:17 +02003215end:
William Lallemand246c0242019-10-11 08:59:13 +02003216
3217 ERR_clear_error();
William Lallemand96a9c972019-10-17 11:56:17 +02003218 if (in)
William Lallemand246c0242019-10-11 08:59:13 +02003219 BIO_free(in);
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003220 if (key)
3221 EVP_PKEY_free(key);
3222 if (cert)
3223 X509_free(cert);
William Lallemanda17f4112019-10-10 15:16:44 +02003224
William Lallemand96a9c972019-10-17 11:56:17 +02003225 return ret;
3226}
3227
3228/*
3229 * Try to load in a ckch every files related to a ckch.
3230 * (PEM, sctl, ocsp, issuer etc.)
3231 *
3232 * This function is only used to load files during the configuration parsing,
3233 * it is not used with the CLI.
3234 *
3235 * This allows us to carry the contents of the file without having to read the
3236 * file multiple times. The caller must call
3237 * ssl_sock_free_cert_key_and_chain_contents.
3238 *
3239 * returns:
3240 * 0 on Success
3241 * 1 on SSL Failure
3242 */
3243static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3244{
3245 int ret = 1;
3246
3247 /* try to load the PEM */
3248 if (ssl_sock_load_pem_into_ckch(path, NULL, ckch , err) != 0) {
3249 goto end;
3250 }
3251
William Lallemanda17f4112019-10-10 15:16:44 +02003252#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3253 /* try to load the sctl file */
3254 {
3255 char fp[MAXPATHLEN+1];
3256 struct stat st;
3257
3258 snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
3259 if (stat(fp, &st) == 0) {
William Lallemand0dfae6c2019-10-16 18:06:58 +02003260 if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
William Lallemanda17f4112019-10-10 15:16:44 +02003261 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3262 *err ? *err : "", fp);
3263 ret = 1;
3264 goto end;
3265 }
3266 }
3267 }
3268#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003269
William Lallemand246c0242019-10-11 08:59:13 +02003270 /* try to load an ocsp response file */
3271 {
3272 char fp[MAXPATHLEN+1];
3273 struct stat st;
3274
3275 snprintf(fp, MAXPATHLEN+1, "%s.ocsp", path);
3276 if (stat(fp, &st) == 0) {
William Lallemand3b5f3602019-10-16 18:05:05 +02003277 if (ssl_sock_load_ocsp_response_from_file(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003278 ret = 1;
3279 goto end;
3280 }
3281 }
3282 }
3283
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003284#ifndef OPENSSL_IS_BORINGSSL /* Useless for BoringSSL */
William Lallemand246c0242019-10-11 08:59:13 +02003285 if (ckch->ocsp_response) {
3286 X509 *issuer;
3287 int i;
3288
3289 /* check if one of the certificate of the chain is the issuer */
3290 for (i = 0; i < sk_X509_num(ckch->chain); i++) {
3291 issuer = sk_X509_value(ckch->chain, i);
3292 if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
3293 ckch->ocsp_issuer = issuer;
3294 break;
3295 } else
3296 issuer = NULL;
3297 }
3298
3299 /* if no issuer was found, try to load an issuer from the .issuer */
3300 if (!issuer) {
3301 struct stat st;
3302 char fp[MAXPATHLEN+1];
3303
3304 snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
3305 if (stat(fp, &st) == 0) {
William Lallemandf9568fc2019-10-16 18:27:58 +02003306 if (ssl_sock_load_issuer_file_into_ckch(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003307 ret = 1;
3308 goto end;
3309 }
3310
3311 if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
William Lallemand786188f2019-10-15 10:05:37 +02003312 memprintf(err, "%s '%s' is not an issuer'.\n",
William Lallemand246c0242019-10-11 08:59:13 +02003313 *err ? *err : "", fp);
3314 ret = 1;
3315 goto end;
3316 }
3317 } else {
3318 memprintf(err, "%sNo issuer found, cannot use the OCSP response'.\n",
3319 *err ? *err : "");
3320 ret = 1;
3321 goto end;
3322 }
3323 }
3324 }
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003325#endif
William Lallemand246c0242019-10-11 08:59:13 +02003326
yanbzhu488a4d22015-12-01 15:16:07 -05003327 ret = 0;
3328
3329end:
3330
3331 ERR_clear_error();
yanbzhu488a4d22015-12-01 15:16:07 -05003332
3333 /* Something went wrong in one of the reads */
3334 if (ret != 0)
3335 ssl_sock_free_cert_key_and_chain_contents(ckch);
3336
3337 return ret;
3338}
3339
3340/* Loads the info in ckch into ctx
Emeric Bruna96b5822019-10-17 13:25:14 +02003341 * Returns a bitfield containing the flags:
3342 * ERR_FATAL in any fatal error case
3343 * ERR_ALERT if the reason of the error is available in err
3344 * ERR_WARN if a warning is available into err
3345 * The value 0 means there is no error nor warning and
3346 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003347 */
3348static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3349{
Emeric Bruna96b5822019-10-17 13:25:14 +02003350 int errcode = 0;
3351
yanbzhu488a4d22015-12-01 15:16:07 -05003352 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3353 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3354 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003355 errcode |= ERR_ALERT | ERR_FATAL;
3356 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003357 }
3358
3359 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3360 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3361 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003362 errcode |= ERR_ALERT | ERR_FATAL;
3363 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003364 }
3365
yanbzhu488a4d22015-12-01 15:16:07 -05003366 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003367#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003368 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3369 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3370 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003371 errcode |= ERR_ALERT | ERR_FATAL;
3372 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003373 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003374#else
3375 { /* legacy compat (< openssl 1.0.2) */
3376 X509 *ca;
3377 while ((ca = sk_X509_shift(ckch->chain)))
3378 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3379 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3380 err && *err ? *err : "", path);
3381 X509_free(ca);
Emeric Bruna96b5822019-10-17 13:25:14 +02003382 errcode |= ERR_ALERT | ERR_FATAL;
3383 goto end;
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003384 }
3385 }
3386#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003387
William Lallemandfa892222019-07-23 16:06:08 +02003388#ifndef OPENSSL_NO_DH
3389 /* store a NULL pointer to indicate we have not yet loaded
3390 a custom DH param file */
3391 if (ssl_dh_ptr_index >= 0) {
3392 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3393 }
3394
Emeric Brun7a883362019-10-17 13:27:40 +02003395 errcode |= ssl_sock_load_dh_params(ctx, ckch, path, err);
3396 if (errcode & ERR_CODE) {
William Lallemandfa892222019-07-23 16:06:08 +02003397 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3398 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003399 goto end;
William Lallemandfa892222019-07-23 16:06:08 +02003400 }
3401#endif
3402
William Lallemanda17f4112019-10-10 15:16:44 +02003403#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3404 if (sctl_ex_index >= 0 && ckch->sctl) {
3405 if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
3406 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3407 *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003408 errcode |= ERR_ALERT | ERR_FATAL;
3409 goto end;
William Lallemanda17f4112019-10-10 15:16:44 +02003410 }
3411 }
3412#endif
3413
William Lallemand4a660132019-10-14 14:51:41 +02003414#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand246c0242019-10-11 08:59:13 +02003415 /* Load OCSP Info into context */
3416 if (ckch->ocsp_response) {
3417 if (ssl_sock_load_ocsp(ctx, ckch) < 0) {
3418 if (err)
3419 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3420 *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003421 errcode |= ERR_ALERT | ERR_FATAL;
3422 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003423 }
3424 }
William Lallemand246c0242019-10-11 08:59:13 +02003425#endif
3426
Emeric Bruna96b5822019-10-17 13:25:14 +02003427 end:
3428 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003429}
3430
William Lallemandc4ecddf2019-07-31 16:50:08 +02003431#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003432
William Lallemand28a8fce2019-10-04 17:36:55 +02003433static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003434{
3435 struct sni_keytype *s_kt = NULL;
3436 struct ebmb_node *node;
3437 int i;
3438
3439 for (i = 0; i < trash.size; i++) {
3440 if (!str[i])
3441 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003442 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003443 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003444 trash.area[i] = 0;
3445 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003446 if (!node) {
3447 /* CN not found in tree */
3448 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3449 /* Using memcpy here instead of strncpy.
3450 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3451 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3452 */
William Lallemand28a8fce2019-10-04 17:36:55 +02003453 if (!s_kt)
3454 return -1;
3455
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003456 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003457 s_kt->keytypes = 0;
3458 ebst_insert(sni_keytypes, &s_kt->name);
3459 } else {
3460 /* CN found in tree */
3461 s_kt = container_of(node, struct sni_keytype, name);
3462 }
3463
3464 /* Mark that this CN has the keytype of key_index via keytypes mask */
3465 s_kt->keytypes |= 1<<key_index;
3466
William Lallemand28a8fce2019-10-04 17:36:55 +02003467 return 0;
3468
yanbzhu08ce6ab2015-12-02 13:01:29 -05003469}
3470
William Lallemandc4ecddf2019-07-31 16:50:08 +02003471#endif
William Lallemand8c1cdde2019-10-18 10:58:14 +02003472/*
3473 * Free a ckch_store and its ckch(s)
3474 * The linked ckch_inst are not free'd
3475 */
3476void ckchs_free(struct ckch_store *ckchs)
3477{
3478 if (!ckchs)
3479 return;
3480
3481#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3482 if (ckchs->multi) {
3483 int n;
3484
3485 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3486 ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
3487 } else
3488#endif
3489 {
3490 ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
3491 ckchs->ckch = NULL;
3492 }
3493
3494 free(ckchs);
3495}
3496
3497/* allocate and duplicate a ckch_store
3498 * Return a new ckch_store or NULL */
3499static struct ckch_store *ckchs_dup(const struct ckch_store *src)
3500{
3501 struct ckch_store *dst;
3502 int pathlen;
3503
3504 pathlen = strlen(src->path);
3505 dst = calloc(1, sizeof(*dst) + pathlen + 1);
3506 if (!dst)
3507 return NULL;
3508 /* copy previous key */
3509 memcpy(dst->path, src->path, pathlen + 1);
3510 dst->multi = src->multi;
3511 LIST_INIT(&dst->ckch_inst);
3512
3513 dst->ckch = calloc((src->multi ? SSL_SOCK_NUM_KEYTYPES : 1), sizeof(*dst->ckch));
3514 if (!dst->ckch)
3515 goto error;
3516
3517#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3518 if (src->multi) {
3519 int n;
3520
3521 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3522 if (&src->ckch[n]) {
3523 if (!ssl_sock_copy_cert_key_and_chain(&src->ckch[n], &dst->ckch[n]))
3524 goto error;
3525 }
3526 }
3527 } else
3528#endif
3529 {
3530 if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
3531 goto error;
3532 }
3533
3534 return dst;
3535
3536error:
3537 ckchs_free(dst);
3538
3539 return NULL;
3540}
William Lallemandc4ecddf2019-07-31 16:50:08 +02003541
William Lallemand36b84632019-07-18 19:28:17 +02003542/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003543 * lookup a path into the ckchs tree.
William Lallemand6af03992019-07-23 15:00:54 +02003544 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003545static inline struct ckch_store *ckchs_lookup(char *path)
William Lallemand6af03992019-07-23 15:00:54 +02003546{
3547 struct ebmb_node *eb;
3548
William Lallemande3af8fb2019-10-08 11:36:53 +02003549 eb = ebst_lookup(&ckchs_tree, path);
William Lallemand6af03992019-07-23 15:00:54 +02003550 if (!eb)
3551 return NULL;
3552
William Lallemande3af8fb2019-10-08 11:36:53 +02003553 return ebmb_entry(eb, struct ckch_store, node);
William Lallemand6af03992019-07-23 15:00:54 +02003554}
3555
3556/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003557 * This function allocate a ckch_store and populate it with certificates from files.
William Lallemand36b84632019-07-18 19:28:17 +02003558 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003559static struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err)
William Lallemand36b84632019-07-18 19:28:17 +02003560{
William Lallemande3af8fb2019-10-08 11:36:53 +02003561 struct ckch_store *ckchs;
William Lallemand36b84632019-07-18 19:28:17 +02003562
William Lallemande3af8fb2019-10-08 11:36:53 +02003563 ckchs = calloc(1, sizeof(*ckchs) + strlen(path) + 1);
3564 if (!ckchs) {
William Lallemand36b84632019-07-18 19:28:17 +02003565 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3566 goto end;
3567 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003568 ckchs->ckch = calloc(1, sizeof(*ckchs->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
William Lallemand36b84632019-07-18 19:28:17 +02003569
William Lallemande3af8fb2019-10-08 11:36:53 +02003570 if (!ckchs->ckch) {
William Lallemand36b84632019-07-18 19:28:17 +02003571 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3572 goto end;
3573 }
3574
William Lallemand9117de92019-10-04 00:29:42 +02003575 LIST_INIT(&ckchs->ckch_inst);
3576
William Lallemand36b84632019-07-18 19:28:17 +02003577 if (!multi) {
3578
William Lallemand96a9c972019-10-17 11:56:17 +02003579 if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003580 goto end;
3581
William Lallemande3af8fb2019-10-08 11:36:53 +02003582 /* insert into the ckchs tree */
3583 memcpy(ckchs->path, path, strlen(path) + 1);
3584 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003585 } else {
3586 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003587#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3588 char fp[MAXPATHLEN+1] = {0};
3589 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003590
3591 /* Load all possible certs and keys */
3592 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3593 struct stat buf;
3594 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3595 if (stat(fp, &buf) == 0) {
William Lallemand96a9c972019-10-17 11:56:17 +02003596 if (ssl_sock_load_files_into_ckch(fp, &ckchs->ckch[n], err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003597 goto end;
3598 found = 1;
William Lallemande3af8fb2019-10-08 11:36:53 +02003599 ckchs->multi = 1;
William Lallemand36b84632019-07-18 19:28:17 +02003600 }
3601 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003602#endif
William Lallemand36b84632019-07-18 19:28:17 +02003603
3604 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003605 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003606 goto end;
3607 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003608 /* insert into the ckchs tree */
3609 memcpy(ckchs->path, path, strlen(path) + 1);
3610 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003611 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003612 return ckchs;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003613
William Lallemand36b84632019-07-18 19:28:17 +02003614end:
William Lallemande3af8fb2019-10-08 11:36:53 +02003615 if (ckchs) {
3616 free(ckchs->ckch);
3617 ebmb_delete(&ckchs->node);
William Lallemand6af03992019-07-23 15:00:54 +02003618 }
3619
William Lallemande3af8fb2019-10-08 11:36:53 +02003620 free(ckchs);
William Lallemand36b84632019-07-18 19:28:17 +02003621
3622 return NULL;
3623}
3624
William Lallemandc4ecddf2019-07-31 16:50:08 +02003625#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3626
William Lallemand36b84632019-07-18 19:28:17 +02003627/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003628 * Take a ckch_store which contains a multi-certificate bundle.
William Lallemand36b84632019-07-18 19:28:17 +02003629 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003630 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3631 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003632 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003633 *
Emeric Brun054563d2019-10-17 13:16:58 +02003634 * Returns a bitfield containing the flags:
3635 * ERR_FATAL in any fatal error case
3636 * ERR_ALERT if the reason of the error is available in err
3637 * ERR_WARN if a warning is available into err
William Lallemand36b84632019-07-18 19:28:17 +02003638 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003639 */
Emeric Brun054563d2019-10-17 13:16:58 +02003640static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3641 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3642 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003643{
William Lallemand36b84632019-07-18 19:28:17 +02003644 int i = 0, n = 0;
3645 struct cert_key_and_chain *certs_and_keys;
William Lallemand4b989f22019-10-04 18:36:55 +02003646 struct eb_root sni_keytypes_map = EB_ROOT;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003647 struct ebmb_node *node;
3648 struct ebmb_node *next;
3649 /* Array of SSL_CTX pointers corresponding to each possible combo
3650 * of keytypes
3651 */
3652 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Emeric Brun054563d2019-10-17 13:16:58 +02003653 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003654 X509_NAME *xname = NULL;
3655 char *str = NULL;
3656#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3657 STACK_OF(GENERAL_NAME) *names = NULL;
3658#endif
William Lallemand614ca0d2019-10-07 13:52:11 +02003659 struct ckch_inst *ckch_inst;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003660
Emeric Brun054563d2019-10-17 13:16:58 +02003661 *ckchi = NULL;
3662
William Lallemande3af8fb2019-10-08 11:36:53 +02003663 if (!ckchs || !ckchs->ckch || !ckchs->multi) {
William Lallemand36b84632019-07-18 19:28:17 +02003664 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3665 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003666 return ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003667 }
3668
3669 ckch_inst = ckch_inst_new();
3670 if (!ckch_inst) {
3671 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3672 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003673 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003674 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003675 }
3676
William Lallemande3af8fb2019-10-08 11:36:53 +02003677 certs_and_keys = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003678
William Lallemand150bfa82019-09-19 17:12:49 +02003679 /* at least one of the instances is using filters during the config
3680 * parsing, that's ok to inherit this during loading on CLI */
3681 ckchs->filters = !!fcount;
3682
yanbzhu08ce6ab2015-12-02 13:01:29 -05003683 /* Process each ckch and update keytypes for each CN/SAN
3684 * for example, if CN/SAN www.a.com is associated with
3685 * certs with keytype 0 and 2, then at the end of the loop,
3686 * www.a.com will have:
3687 * keyindex = 0 | 1 | 4 = 5
3688 */
3689 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003690 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003691
3692 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3693 continue;
3694
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003695 if (fcount) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003696 for (i = 0; i < fcount; i++) {
3697 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3698 if (ret < 0) {
3699 memprintf(err, "%sunable to allocate SSL context.\n",
3700 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003701 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003702 goto end;
3703 }
3704 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003705 } else {
3706 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3707 * so the line that contains logic is marked via comments
3708 */
3709 xname = X509_get_subject_name(certs_and_keys[n].cert);
3710 i = -1;
3711 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3712 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003713 ASN1_STRING *value;
3714 value = X509_NAME_ENTRY_get_data(entry);
3715 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003716 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003717 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003718
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003719 OPENSSL_free(str);
3720 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003721 if (ret < 0) {
3722 memprintf(err, "%sunable to allocate SSL context.\n",
3723 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003724 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003725 goto end;
3726 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003727 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003728 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003729
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003730 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003731#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003732 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3733 if (names) {
3734 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3735 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003736
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003737 if (name->type == GEN_DNS) {
3738 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3739 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003740 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003741
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003742 OPENSSL_free(str);
3743 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003744 if (ret < 0) {
3745 memprintf(err, "%sunable to allocate SSL context.\n",
3746 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003747 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003748 goto end;
3749 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003750 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003751 }
3752 }
3753 }
3754 }
3755#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3756 }
3757
3758 /* If no files found, return error */
3759 if (eb_is_empty(&sni_keytypes_map)) {
3760 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3761 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003762 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003763 goto end;
3764 }
3765
3766 /* We now have a map of CN/SAN to keytypes that are loaded in
3767 * Iterate through the map to create the SSL_CTX's (if needed)
3768 * and add each CTX to the SNI tree
3769 *
3770 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003771 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003772 * combination is denoted by the key in the map. Each key
3773 * has a value between 1 and 2^n - 1. Conveniently, the array
3774 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3775 * entry in the array to correspond to the unique combo (key)
3776 * associated with i. This unique key combo (i) will be associated
3777 * with combos[i-1]
3778 */
3779
3780 node = ebmb_first(&sni_keytypes_map);
3781 while (node) {
3782 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003783 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003784 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003785
3786 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3787 i = container_of(node, struct sni_keytype, name)->keytypes;
3788 cur_ctx = key_combos[i-1].ctx;
3789
3790 if (cur_ctx == NULL) {
3791 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003792 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003793 if (cur_ctx == NULL) {
3794 memprintf(err, "%sunable to allocate SSL context.\n",
3795 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003796 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003797 goto end;
3798 }
3799
yanbzhube2774d2015-12-10 15:07:30 -05003800 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003801 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3802 if (i & (1<<n)) {
3803 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003804 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Bruna96b5822019-10-17 13:25:14 +02003805 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3806 if (errcode & ERR_CODE)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003807 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003808 }
3809 }
3810
yanbzhu08ce6ab2015-12-02 13:01:29 -05003811 /* Update key_combos */
3812 key_combos[i-1].ctx = cur_ctx;
3813 }
3814
3815 /* Update SNI Tree */
William Lallemand9117de92019-10-04 00:29:42 +02003816
William Lallemand1d29c742019-10-04 00:53:29 +02003817 key_combos[i-1].order = ckch_inst_add_cert_sni(cur_ctx, ckch_inst, bind_conf, ssl_conf,
William Lallemandfe49bb32019-10-03 23:46:33 +02003818 kinfo, str, key_combos[i-1].order);
3819 if (key_combos[i-1].order < 0) {
3820 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003821 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandfe49bb32019-10-03 23:46:33 +02003822 goto end;
3823 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003824 node = ebmb_next(node);
3825 }
3826
3827
3828 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3829 if (!bind_conf->default_ctx) {
3830 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3831 if (key_combos[i].ctx) {
3832 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003833 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003834 break;
3835 }
3836 }
3837 }
3838
William Lallemand614ca0d2019-10-07 13:52:11 +02003839 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02003840 ckch_inst->ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003841end:
3842
3843 if (names)
3844 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3845
yanbzhu08ce6ab2015-12-02 13:01:29 -05003846 node = ebmb_first(&sni_keytypes_map);
3847 while (node) {
3848 next = ebmb_next(node);
3849 ebmb_delete(node);
William Lallemand8ed5b962019-10-04 17:24:39 +02003850 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05003851 node = next;
3852 }
3853
Emeric Brun054563d2019-10-17 13:16:58 +02003854 if (errcode & ERR_CODE && ckch_inst) {
William Lallemand0c6d12f2019-10-04 18:38:51 +02003855 struct sni_ctx *sc0, *sc0b;
3856
3857 /* free the SSL_CTX in case of error */
3858 for (i = 0; i < SSL_SOCK_POSSIBLE_KT_COMBOS; i++) {
3859 if (key_combos[i].ctx)
3860 SSL_CTX_free(key_combos[i].ctx);
3861 }
3862
3863 /* free the sni_ctx in case of error */
3864 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
3865
3866 ebmb_delete(&sc0->name);
3867 LIST_DEL(&sc0->by_ckch_inst);
3868 free(sc0);
3869 }
William Lallemand614ca0d2019-10-07 13:52:11 +02003870 free(ckch_inst);
3871 ckch_inst = NULL;
William Lallemand0c6d12f2019-10-04 18:38:51 +02003872 }
3873
Emeric Brun054563d2019-10-17 13:16:58 +02003874 *ckchi = ckch_inst;
3875 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003876}
3877#else
3878/* This is a dummy, that just logs an error and returns error */
Emeric Brun054563d2019-10-17 13:16:58 +02003879static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3880 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3881 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003882{
3883 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3884 err && *err ? *err : "", path, strerror(errno));
Emeric Brun054563d2019-10-17 13:16:58 +02003885 return ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003886}
3887
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003888#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003889
William Lallemand614ca0d2019-10-07 13:52:11 +02003890/*
3891 * This function allocate a ckch_inst and create its snis
Emeric Brun054563d2019-10-17 13:16:58 +02003892 *
3893 * Returns a bitfield containing the flags:
3894 * ERR_FATAL in any fatal error case
3895 * ERR_ALERT if the reason of the error is available in err
3896 * ERR_WARN if a warning is available into err
William Lallemand614ca0d2019-10-07 13:52:11 +02003897 */
Emeric Brun054563d2019-10-17 13:16:58 +02003898static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
3899 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003900{
William Lallemandc9402072019-05-15 15:33:54 +02003901 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02003902 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003903 int order = 0;
3904 X509_NAME *xname;
3905 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003906 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003907 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02003908#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3909 STACK_OF(GENERAL_NAME) *names;
3910#endif
William Lallemand36b84632019-07-18 19:28:17 +02003911 struct cert_key_and_chain *ckch;
William Lallemand614ca0d2019-10-07 13:52:11 +02003912 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02003913 int errcode = 0;
3914
3915 *ckchi = NULL;
William Lallemanda59191b2019-05-15 16:08:56 +02003916
William Lallemande3af8fb2019-10-08 11:36:53 +02003917 if (!ckchs || !ckchs->ckch)
Emeric Brun054563d2019-10-17 13:16:58 +02003918 return ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003919
William Lallemande3af8fb2019-10-08 11:36:53 +02003920 ckch = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003921
William Lallemand150bfa82019-09-19 17:12:49 +02003922 /* at least one of the instances is using filters during the config
3923 * parsing, that's ok to inherit this during loading on CLI */
3924 ckchs->filters = !!fcount;
3925
William Lallemandc9402072019-05-15 15:33:54 +02003926 ctx = SSL_CTX_new(SSLv23_server_method());
3927 if (!ctx) {
3928 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3929 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003930 errcode |= ERR_ALERT | ERR_FATAL;
3931 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02003932 }
3933
Emeric Bruna96b5822019-10-17 13:25:14 +02003934 errcode |= ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err);
3935 if (errcode & ERR_CODE)
William Lallemand614ca0d2019-10-07 13:52:11 +02003936 goto error;
William Lallemand614ca0d2019-10-07 13:52:11 +02003937
3938 ckch_inst = ckch_inst_new();
3939 if (!ckch_inst) {
3940 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3941 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003942 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003943 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02003944 }
3945
William Lallemand36b84632019-07-18 19:28:17 +02003946 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003947 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003948 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003949 switch(EVP_PKEY_base_id(pkey)) {
3950 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003951 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003952 break;
3953 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003954 kinfo.sig = TLSEXT_signature_ecdsa;
3955 break;
3956 case EVP_PKEY_DSA:
3957 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003958 break;
3959 }
3960 EVP_PKEY_free(pkey);
3961 }
3962
Emeric Brun50bcecc2013-04-22 13:05:23 +02003963 if (fcount) {
William Lallemandfe49bb32019-10-03 23:46:33 +02003964 while (fcount--) {
William Lallemand1d29c742019-10-04 00:53:29 +02003965 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemandfe49bb32019-10-03 23:46:33 +02003966 if (order < 0) {
3967 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003968 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003969 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003970 }
3971 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003972 }
3973 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003974#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02003975 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003976 if (names) {
3977 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3978 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3979 if (name->type == GEN_DNS) {
3980 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02003981 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003982 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02003983 if (order < 0) {
3984 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003985 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003986 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003987 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003988 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003989 }
3990 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003991 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003992 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003993#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02003994 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003995 i = -1;
3996 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3997 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003998 ASN1_STRING *value;
3999
4000 value = X509_NAME_ENTRY_get_data(entry);
4001 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004002 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004003 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004004 if (order < 0) {
4005 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004006 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004007 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004008 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004009 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004010 }
4011 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004012 /* we must not free the SSL_CTX anymore below, since it's already in
4013 * the tree, so it will be discovered and cleaned in time.
4014 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004015
Emeric Brunfc0421f2012-09-07 17:30:07 +02004016#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004017 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02004018 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
4019 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004020 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004021 goto error;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004022 }
4023#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004024 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004025 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004026 bind_conf->default_ssl_conf = ssl_conf;
4027 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004028
William Lallemand9117de92019-10-04 00:29:42 +02004029 /* everything succeed, the ckch instance can be used */
4030 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004031 ckch_inst->ssl_conf = ssl_conf;
William Lallemand9117de92019-10-04 00:29:42 +02004032
Emeric Brun054563d2019-10-17 13:16:58 +02004033 *ckchi = ckch_inst;
4034 return errcode;
William Lallemandd9199372019-10-04 15:37:05 +02004035
4036error:
4037 /* free the allocated sni_ctxs */
William Lallemand614ca0d2019-10-07 13:52:11 +02004038 if (ckch_inst) {
William Lallemandd9199372019-10-04 15:37:05 +02004039 struct sni_ctx *sc0, *sc0b;
4040
4041 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4042
4043 ebmb_delete(&sc0->name);
4044 LIST_DEL(&sc0->by_ckch_inst);
4045 free(sc0);
4046 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004047 free(ckch_inst);
4048 ckch_inst = NULL;
William Lallemandd9199372019-10-04 15:37:05 +02004049 }
4050 /* We only created 1 SSL_CTX so we can free it there */
4051 SSL_CTX_free(ctx);
4052
Emeric Brun054563d2019-10-17 13:16:58 +02004053 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004054}
4055
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004056/* Returns a set of ERR_* flags possibly with an error in <err>. */
William Lallemand614ca0d2019-10-07 13:52:11 +02004057static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
4058 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4059 char **sni_filter, int fcount, char **err)
4060{
4061 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004062 int errcode = 0;
William Lallemand614ca0d2019-10-07 13:52:11 +02004063
4064 /* we found the ckchs in the tree, we can use it directly */
4065 if (ckchs->multi)
Emeric Brun054563d2019-10-17 13:16:58 +02004066 errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004067 else
Emeric Brun054563d2019-10-17 13:16:58 +02004068 errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004069
Emeric Brun054563d2019-10-17 13:16:58 +02004070 if (errcode & ERR_CODE)
4071 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004072
4073 ssl_sock_load_cert_sni(ckch_inst, bind_conf);
4074
4075 /* succeed, add the instance to the ckch_store's list of instance */
4076 LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
Emeric Brun054563d2019-10-17 13:16:58 +02004077 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004078}
4079
4080
Willy Tarreaubbc91962019-10-16 16:42:19 +02004081/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01004082int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004083{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004084 struct dirent **de_list;
4085 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004086 DIR *dir;
4087 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01004088 char *end;
4089 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02004090 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004091 struct ckch_store *ckchs;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004092#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004093 int is_bundle;
4094 int j;
4095#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004096 if ((ckchs = ckchs_lookup(path))) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004097 /* we found the ckchs in the tree, we can use it directly */
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004098 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand6af03992019-07-23 15:00:54 +02004099 }
4100
yanbzhu08ce6ab2015-12-02 13:01:29 -05004101 if (stat(path, &buf) == 0) {
4102 dir = opendir(path);
William Lallemand36b84632019-07-18 19:28:17 +02004103 if (!dir) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004104 ckchs = ckchs_load_cert_file(path, 0, err);
4105 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004106 return ERR_ALERT | ERR_FATAL;
4107
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004108 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004109 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004110
yanbzhu08ce6ab2015-12-02 13:01:29 -05004111 /* strip trailing slashes, including first one */
4112 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
4113 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004114
yanbzhu08ce6ab2015-12-02 13:01:29 -05004115 n = scandir(path, &de_list, 0, alphasort);
4116 if (n < 0) {
4117 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
4118 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004119 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004120 }
4121 else {
4122 for (i = 0; i < n; i++) {
4123 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02004124
yanbzhu08ce6ab2015-12-02 13:01:29 -05004125 end = strrchr(de->d_name, '.');
4126 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
4127 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004128
yanbzhu08ce6ab2015-12-02 13:01:29 -05004129 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
4130 if (stat(fp, &buf) != 0) {
4131 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4132 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004133 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004134 goto ignore_entry;
4135 }
4136 if (!S_ISREG(buf.st_mode))
4137 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05004138
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004139#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004140 is_bundle = 0;
4141 /* Check if current entry in directory is part of a multi-cert bundle */
4142
4143 if (end) {
4144 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
4145 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
4146 is_bundle = 1;
4147 break;
4148 }
4149 }
4150
4151 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05004152 int dp_len;
4153
4154 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05004155
4156 /* increment i and free de until we get to a non-bundle cert
4157 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau05800522019-10-29 10:48:50 +01004158 * this is important since ignore_entry will free de. This also
4159 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05004160 */
Willy Tarreau05800522019-10-29 10:48:50 +01004161 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05004162 free(de);
4163 i++;
4164 de = de_list[i];
4165 }
4166
Willy Tarreau05800522019-10-29 10:48:50 +01004167 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
William Lallemande3af8fb2019-10-08 11:36:53 +02004168 if ((ckchs = ckchs_lookup(fp)) == NULL)
4169 ckchs = ckchs_load_cert_file(fp, 1, err);
4170 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004171 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004172 else
4173 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05004174 /* Successfully processed the bundle */
4175 goto ignore_entry;
4176 }
4177 }
4178
4179#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004180 if ((ckchs = ckchs_lookup(fp)) == NULL)
4181 ckchs = ckchs_load_cert_file(fp, 0, err);
4182 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004183 cfgerr |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02004184 else
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004185 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004186
yanbzhu08ce6ab2015-12-02 13:01:29 -05004187ignore_entry:
4188 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004189 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004190 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004191 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004192 closedir(dir);
4193 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004194 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004195
William Lallemande3af8fb2019-10-08 11:36:53 +02004196 ckchs = ckchs_load_cert_file(path, 1, err);
4197 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004198 return ERR_ALERT | ERR_FATAL;
4199
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004200 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05004201
Emeric Brunfc0421f2012-09-07 17:30:07 +02004202 return cfgerr;
4203}
4204
Thierry Fournier383085f2013-01-24 14:15:43 +01004205/* Make sure openssl opens /dev/urandom before the chroot. The work is only
4206 * done once. Zero is returned if the operation fails. No error is returned
4207 * if the random is said as not implemented, because we expect that openssl
4208 * will use another method once needed.
4209 */
4210static int ssl_initialize_random()
4211{
4212 unsigned char random;
4213 static int random_initialized = 0;
4214
4215 if (!random_initialized && RAND_bytes(&random, 1) != 0)
4216 random_initialized = 1;
4217
4218 return random_initialized;
4219}
4220
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004221/* release ssl bind conf */
4222void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004223{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004224 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01004225#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004226 free(conf->npn_str);
4227 conf->npn_str = NULL;
4228#endif
4229#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4230 free(conf->alpn_str);
4231 conf->alpn_str = NULL;
4232#endif
4233 free(conf->ca_file);
4234 conf->ca_file = NULL;
4235 free(conf->crl_file);
4236 conf->crl_file = NULL;
4237 free(conf->ciphers);
4238 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004239#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004240 free(conf->ciphersuites);
4241 conf->ciphersuites = NULL;
4242#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004243 free(conf->curves);
4244 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004245 free(conf->ecdhe);
4246 conf->ecdhe = NULL;
4247 }
4248}
4249
Willy Tarreaubbc91962019-10-16 16:42:19 +02004250/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004251int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
4252{
4253 char thisline[CRT_LINESIZE];
4254 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004255 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05004256 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004257 int linenum = 0;
4258 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004259 struct ckch_store *ckchs;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004260
Willy Tarreauad1731d2013-04-02 17:35:58 +02004261 if ((f = fopen(file, "r")) == NULL) {
4262 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004263 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004264 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004265
4266 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004267 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004268 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004269 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004270 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004271 char *crt_path;
4272 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004273
4274 linenum++;
4275 end = line + strlen(line);
4276 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
4277 /* Check if we reached the limit and the last char is not \n.
4278 * Watch out for the last line without the terminating '\n'!
4279 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02004280 memprintf(err, "line %d too long in file '%s', limit is %d characters",
4281 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004282 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004283 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004284 }
4285
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004286 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004287 newarg = 1;
4288 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004289 if (*line == '#' || *line == '\n' || *line == '\r') {
4290 /* end of string, end of loop */
4291 *line = 0;
4292 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004293 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02004294 newarg = 1;
4295 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004296 } else if (*line == '[') {
4297 if (ssl_b) {
4298 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004299 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004300 break;
4301 }
4302 if (!arg) {
4303 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004304 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004305 break;
4306 }
4307 ssl_b = arg;
4308 newarg = 1;
4309 *line = 0;
4310 } else if (*line == ']') {
4311 if (ssl_e) {
4312 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004313 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004314 break;
4315 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004316 if (!ssl_b) {
4317 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004318 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004319 break;
4320 }
4321 ssl_e = arg;
4322 newarg = 1;
4323 *line = 0;
4324 } else if (newarg) {
4325 if (arg == MAX_CRT_ARGS) {
4326 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004327 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004328 break;
4329 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004330 newarg = 0;
4331 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004332 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004333 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004334 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02004335 if (cfgerr)
4336 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004337 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004338
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004339 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004340 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004341 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004342
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004343 crt_path = args[0];
4344 if (*crt_path != '/' && global_ssl.crt_base) {
4345 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
4346 memprintf(err, "'%s' : path too long on line %d in file '%s'",
4347 crt_path, linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004348 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004349 break;
4350 }
4351 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
4352 crt_path = path;
4353 }
4354
4355 ssl_conf = calloc(1, sizeof *ssl_conf);
4356 cur_arg = ssl_b ? ssl_b : 1;
4357 while (cur_arg < ssl_e) {
4358 newarg = 0;
4359 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
4360 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
4361 newarg = 1;
Willy Tarreaubbc91962019-10-16 16:42:19 +02004362 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004363 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
4364 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
4365 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004366 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004367 }
4368 cur_arg += 1 + ssl_bind_kws[i].skip;
4369 break;
4370 }
4371 }
4372 if (!cfgerr && !newarg) {
4373 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
4374 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004375 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004376 break;
4377 }
4378 }
Willy Tarreaubbc91962019-10-16 16:42:19 +02004379
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004380 if (cfgerr) {
4381 ssl_sock_free_ssl_conf(ssl_conf);
4382 free(ssl_conf);
4383 ssl_conf = NULL;
4384 break;
4385 }
4386
William Lallemande3af8fb2019-10-08 11:36:53 +02004387 if ((ckchs = ckchs_lookup(crt_path)) == NULL) {
William Lallemandeed4bf22019-10-10 11:38:13 +02004388 if (stat(crt_path, &buf) == 0)
William Lallemande3af8fb2019-10-08 11:36:53 +02004389 ckchs = ckchs_load_cert_file(crt_path, 0, err);
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02004390 else
William Lallemande3af8fb2019-10-08 11:36:53 +02004391 ckchs = ckchs_load_cert_file(crt_path, 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05004392 }
4393
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004394 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004395 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004396 else
4397 cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
William Lallemandeed4bf22019-10-10 11:38:13 +02004398
Willy Tarreauad1731d2013-04-02 17:35:58 +02004399 if (cfgerr) {
4400 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004401 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004402 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004403 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004404 fclose(f);
4405 return cfgerr;
4406}
4407
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004408/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004409static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004410ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004411{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004412 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004413 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004414 SSL_OP_ALL | /* all known workarounds for bugs */
4415 SSL_OP_NO_SSLv2 |
4416 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004417 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02004418 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004419 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02004420 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004421 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004422 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004423 SSL_MODE_ENABLE_PARTIAL_WRITE |
4424 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004425 SSL_MODE_RELEASE_BUFFERS |
4426 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004427 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004428 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004429 int flags = MC_SSL_O_ALL;
4430 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004431
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004432 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004433 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004434
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004435 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004436 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
4437 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4438 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004439 else
4440 flags = conf_ssl_methods->flags;
4441
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004442 min = conf_ssl_methods->min;
4443 max = conf_ssl_methods->max;
4444 /* start with TLSv10 to remove SSLv3 per default */
4445 if (!min && (!max || max >= CONF_TLSV10))
4446 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004447 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004448 if (min)
4449 flags |= (methodVersions[min].flag - 1);
4450 if (max)
4451 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004452 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004453 min = max = CONF_TLSV_NONE;
4454 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004455 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004456 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004457 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004458 if (min) {
4459 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004460 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
4461 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4462 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
4463 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004464 hole = 0;
4465 }
4466 max = i;
4467 }
4468 else {
4469 min = max = i;
4470 }
4471 }
4472 else {
4473 if (min)
4474 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004475 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004476 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004477 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4478 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004479 cfgerr += 1;
4480 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004481 /* save real min/max in bind_conf */
4482 conf_ssl_methods->min = min;
4483 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004484
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004485#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004486 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004487 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004488 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004489 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004490 else
4491 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4492 if (flags & methodVersions[i].flag)
4493 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004494#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004495 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004496 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4497 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004498#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004499
4500 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4501 options |= SSL_OP_NO_TICKET;
4502 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4503 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004504
4505#ifdef SSL_OP_NO_RENEGOTIATION
4506 options |= SSL_OP_NO_RENEGOTIATION;
4507#endif
4508
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004509 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004510
Willy Tarreau5db847a2019-05-09 14:13:35 +02004511#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004512 if (global_ssl.async)
4513 mode |= SSL_MODE_ASYNC;
4514#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004515 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004516 if (global_ssl.life_time)
4517 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004518
4519#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4520#ifdef OPENSSL_IS_BORINGSSL
4521 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4522 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004523#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004524 if (bind_conf->ssl_conf.early_data) {
4525 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
4526 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4527 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004528 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4529 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004530#else
4531 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004532#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004533 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004534#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004535 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004536}
4537
William Lallemand4f45bb92017-10-30 20:08:51 +01004538
4539static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4540{
4541 if (first == block) {
4542 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4543 if (first->len > 0)
4544 sh_ssl_sess_tree_delete(sh_ssl_sess);
4545 }
4546}
4547
4548/* return first block from sh_ssl_sess */
4549static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4550{
4551 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4552
4553}
4554
4555/* store a session into the cache
4556 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4557 * data: asn1 encoded session
4558 * data_len: asn1 encoded session length
4559 * Returns 1 id session was stored (else 0)
4560 */
4561static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4562{
4563 struct shared_block *first;
4564 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4565
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004566 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004567 if (!first) {
4568 /* Could not retrieve enough free blocks to store that session */
4569 return 0;
4570 }
4571
4572 /* STORE the key in the first elem */
4573 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4574 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4575 first->len = sizeof(struct sh_ssl_sess_hdr);
4576
4577 /* it returns the already existing node
4578 or current node if none, never returns null */
4579 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4580 if (oldsh_ssl_sess != sh_ssl_sess) {
4581 /* NOTE: Row couldn't be in use because we lock read & write function */
4582 /* release the reserved row */
4583 shctx_row_dec_hot(ssl_shctx, first);
4584 /* replace the previous session already in the tree */
4585 sh_ssl_sess = oldsh_ssl_sess;
4586 /* ignore the previous session data, only use the header */
4587 first = sh_ssl_sess_first_block(sh_ssl_sess);
4588 shctx_row_inc_hot(ssl_shctx, first);
4589 first->len = sizeof(struct sh_ssl_sess_hdr);
4590 }
4591
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004592 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004593 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004594 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004595 }
4596
4597 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004598
4599 return 1;
4600}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004601
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004602/* SSL callback used when a new session is created while connecting to a server */
4603static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4604{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004605 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004606 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004607
Willy Tarreau07d94e42018-09-20 10:57:52 +02004608 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004609
Olivier Houcharde6060c52017-11-16 17:42:52 +01004610 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4611 int len;
4612 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004613
Olivier Houcharde6060c52017-11-16 17:42:52 +01004614 len = i2d_SSL_SESSION(sess, NULL);
4615 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4616 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4617 } else {
4618 free(s->ssl_ctx.reused_sess[tid].ptr);
4619 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4620 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4621 }
4622 if (s->ssl_ctx.reused_sess[tid].ptr) {
4623 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4624 &ptr);
4625 }
4626 } else {
4627 free(s->ssl_ctx.reused_sess[tid].ptr);
4628 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4629 }
4630
4631 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004632}
4633
Olivier Houcharde6060c52017-11-16 17:42:52 +01004634
William Lallemanded0b5ad2017-10-30 19:36:36 +01004635/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004636int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004637{
4638 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4639 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4640 unsigned char *p;
4641 int data_len;
Emeric Bruneb469652019-10-08 18:27:37 +02004642 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004643 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004644
4645 /* Session id is already stored in to key and session id is known
4646 * so we dont store it to keep size.
Emeric Bruneb469652019-10-08 18:27:37 +02004647 * note: SSL_SESSION_set1_id is using
4648 * a memcpy so we need to use a different pointer
4649 * than sid_data or sid_ctx_data to avoid valgrind
4650 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004651 */
4652
4653 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Bruneb469652019-10-08 18:27:37 +02004654
4655 /* copy value in an other buffer */
4656 memcpy(encid, sid_data, sid_length);
4657
4658 /* pad with 0 */
4659 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4660 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4661
4662 /* force length to zero to avoid ASN1 encoding */
4663 SSL_SESSION_set1_id(sess, encid, 0);
4664
4665 /* force length to zero to avoid ASN1 encoding */
4666 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004667
4668 /* check if buffer is large enough for the ASN1 encoded session */
4669 data_len = i2d_SSL_SESSION(sess, NULL);
4670 if (data_len > SHSESS_MAX_DATA_LEN)
4671 goto err;
4672
4673 p = encsess;
4674
4675 /* process ASN1 session encoding before the lock */
4676 i2d_SSL_SESSION(sess, &p);
4677
William Lallemanded0b5ad2017-10-30 19:36:36 +01004678
William Lallemanda3c77cf2017-10-30 23:44:40 +01004679 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004680 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004681 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004682 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004683err:
4684 /* reset original length values */
Emeric Bruneb469652019-10-08 18:27:37 +02004685 SSL_SESSION_set1_id(sess, encid, sid_length);
4686 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004687
4688 return 0; /* do not increment session reference count */
4689}
4690
4691/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004692SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004693{
William Lallemand4f45bb92017-10-30 20:08:51 +01004694 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004695 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4696 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004697 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004698 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004699
4700 global.shctx_lookups++;
4701
4702 /* allow the session to be freed automatically by openssl */
4703 *do_copy = 0;
4704
4705 /* tree key is zeros padded sessionid */
4706 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4707 memcpy(tmpkey, key, key_len);
4708 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4709 key = tmpkey;
4710 }
4711
4712 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004713 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004714
4715 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004716 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4717 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004718 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004719 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004720 global.shctx_misses++;
4721 return NULL;
4722 }
4723
William Lallemand4f45bb92017-10-30 20:08:51 +01004724 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4725 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004726
William Lallemand4f45bb92017-10-30 20:08:51 +01004727 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004728
William Lallemanda3c77cf2017-10-30 23:44:40 +01004729 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004730
4731 /* decode ASN1 session */
4732 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004733 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004734 /* Reset session id and session id contenxt */
4735 if (sess) {
4736 SSL_SESSION_set1_id(sess, key, key_len);
4737 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4738 }
4739
4740 return sess;
4741}
4742
William Lallemand4f45bb92017-10-30 20:08:51 +01004743
William Lallemanded0b5ad2017-10-30 19:36:36 +01004744/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004745void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004746{
William Lallemand4f45bb92017-10-30 20:08:51 +01004747 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004748 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4749 unsigned int sid_length;
4750 const unsigned char *sid_data;
4751 (void)ctx;
4752
4753 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4754 /* tree key is zeros padded sessionid */
4755 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4756 memcpy(tmpkey, sid_data, sid_length);
4757 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4758 sid_data = tmpkey;
4759 }
4760
William Lallemanda3c77cf2017-10-30 23:44:40 +01004761 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004762
4763 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004764 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4765 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004766 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004767 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004768 }
4769
4770 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004771 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004772}
4773
4774/* Set session cache mode to server and disable openssl internal cache.
4775 * Set shared cache callbacks on an ssl context.
4776 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004777void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004778{
4779 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4780
4781 if (!ssl_shctx) {
4782 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4783 return;
4784 }
4785
4786 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4787 SSL_SESS_CACHE_NO_INTERNAL |
4788 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4789
4790 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004791 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4792 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4793 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004794}
4795
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004796int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4797{
4798 struct proxy *curproxy = bind_conf->frontend;
4799 int cfgerr = 0;
4800 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004801 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004802 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004803#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004804 const char *conf_ciphersuites;
4805#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004806 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004807
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004808 if (ssl_conf) {
4809 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4810 int i, min, max;
4811 int flags = MC_SSL_O_ALL;
4812
4813 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004814 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4815 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004816 if (min)
4817 flags |= (methodVersions[min].flag - 1);
4818 if (max)
4819 flags |= ~((methodVersions[max].flag << 1) - 1);
4820 min = max = CONF_TLSV_NONE;
4821 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4822 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4823 if (min)
4824 max = i;
4825 else
4826 min = max = i;
4827 }
4828 /* save real min/max */
4829 conf_ssl_methods->min = min;
4830 conf_ssl_methods->max = max;
4831 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004832 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4833 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004834 cfgerr += 1;
4835 }
4836 }
4837
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004838 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004839 case SSL_SOCK_VERIFY_NONE:
4840 verify = SSL_VERIFY_NONE;
4841 break;
4842 case SSL_SOCK_VERIFY_OPTIONAL:
4843 verify = SSL_VERIFY_PEER;
4844 break;
4845 case SSL_SOCK_VERIFY_REQUIRED:
4846 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4847 break;
4848 }
4849 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4850 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004851 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4852 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4853 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004854 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004855 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004856 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4857 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004858 cfgerr++;
4859 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004860 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4861 /* set CA names for client cert request, function returns void */
4862 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4863 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004864 }
Emeric Brun850efd52014-01-29 12:24:34 +01004865 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004866 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4867 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004868 cfgerr++;
4869 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004870#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004871 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004872 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4873
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004874 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004875 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4876 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004877 cfgerr++;
4878 }
Emeric Brun561e5742012-10-02 15:20:55 +02004879 else {
4880 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4881 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004882 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004883#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004884 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004885 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004886#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004887 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004888 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004889 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4890 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004891 cfgerr++;
4892 }
4893 }
4894#endif
4895
William Lallemand4f45bb92017-10-30 20:08:51 +01004896 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004897 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4898 if (conf_ciphers &&
4899 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004900 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4901 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004902 cfgerr++;
4903 }
4904
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004905#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004906 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4907 if (conf_ciphersuites &&
4908 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4909 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4910 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4911 cfgerr++;
4912 }
4913#endif
4914
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004915#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004916 /* If tune.ssl.default-dh-param has not been set,
4917 neither has ssl-default-dh-file and no static DH
4918 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004919 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004920 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004921 (ssl_dh_ptr_index == -1 ||
4922 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004923 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4924 const SSL_CIPHER * cipher = NULL;
4925 char cipher_description[128];
4926 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4927 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4928 which is not ephemeral DH. */
4929 const char dhe_description[] = " Kx=DH ";
4930 const char dhe_export_description[] = " Kx=DH(";
4931 int idx = 0;
4932 int dhe_found = 0;
4933 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004934
Remi Gacogne23d5d372014-10-10 17:04:26 +02004935 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004936
Remi Gacogne23d5d372014-10-10 17:04:26 +02004937 if (ssl) {
4938 ciphers = SSL_get_ciphers(ssl);
4939
4940 if (ciphers) {
4941 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4942 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4943 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4944 if (strstr(cipher_description, dhe_description) != NULL ||
4945 strstr(cipher_description, dhe_export_description) != NULL) {
4946 dhe_found = 1;
4947 break;
4948 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004949 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004950 }
4951 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004952 SSL_free(ssl);
4953 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004954 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004955
Lukas Tribus90132722014-08-18 00:56:33 +02004956 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004957 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004958 }
4959
Willy Tarreauef934602016-12-22 23:12:01 +01004960 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004961 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004962
Willy Tarreauef934602016-12-22 23:12:01 +01004963 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004964 if (local_dh_1024 == NULL) {
4965 local_dh_1024 = ssl_get_dh_1024();
4966 }
Willy Tarreauef934602016-12-22 23:12:01 +01004967 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004968 if (local_dh_2048 == NULL) {
4969 local_dh_2048 = ssl_get_dh_2048();
4970 }
Willy Tarreauef934602016-12-22 23:12:01 +01004971 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004972 if (local_dh_4096 == NULL) {
4973 local_dh_4096 = ssl_get_dh_4096();
4974 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004975 }
4976 }
4977 }
4978#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004979
Emeric Brunfc0421f2012-09-07 17:30:07 +02004980 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004981#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004982 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004983#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004984
Bernard Spil13c53f82018-02-15 13:34:58 +01004985#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004986 ssl_conf_cur = NULL;
4987 if (ssl_conf && ssl_conf->npn_str)
4988 ssl_conf_cur = ssl_conf;
4989 else if (bind_conf->ssl_conf.npn_str)
4990 ssl_conf_cur = &bind_conf->ssl_conf;
4991 if (ssl_conf_cur)
4992 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004993#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004994#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004995 ssl_conf_cur = NULL;
4996 if (ssl_conf && ssl_conf->alpn_str)
4997 ssl_conf_cur = ssl_conf;
4998 else if (bind_conf->ssl_conf.alpn_str)
4999 ssl_conf_cur = &bind_conf->ssl_conf;
5000 if (ssl_conf_cur)
5001 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02005002#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005003#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005004 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
5005 if (conf_curves) {
5006 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005007 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
5008 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005009 cfgerr++;
5010 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01005011#if defined(SSL_CTX_set_ecdh_auto)
5012 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
5013#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005014 }
5015#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005016#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005017 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02005018 int i;
5019 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005020#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005021 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02005022 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5023 NULL);
5024
5025 if (ecdhe == NULL) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02005026 SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005027 return cfgerr;
5028 }
5029#else
5030 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
5031 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5032 ECDHE_DEFAULT_CURVE);
5033#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005034
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005035 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02005036 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005037 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
5038 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02005039 cfgerr++;
5040 }
5041 else {
5042 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
5043 EC_KEY_free(ecdh);
5044 }
5045 }
5046#endif
5047
Emeric Brunfc0421f2012-09-07 17:30:07 +02005048 return cfgerr;
5049}
5050
Evan Broderbe554312013-06-27 00:05:25 -07005051static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
5052{
5053 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
5054 size_t prefixlen, suffixlen;
5055
5056 /* Trivial case */
5057 if (strcmp(pattern, hostname) == 0)
5058 return 1;
5059
Evan Broderbe554312013-06-27 00:05:25 -07005060 /* The rest of this logic is based on RFC 6125, section 6.4.3
5061 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
5062
Emeric Bruna848dae2013-10-08 11:27:28 +02005063 pattern_wildcard = NULL;
5064 pattern_left_label_end = pattern;
5065 while (*pattern_left_label_end != '.') {
5066 switch (*pattern_left_label_end) {
5067 case 0:
5068 /* End of label not found */
5069 return 0;
5070 case '*':
5071 /* If there is more than one wildcards */
5072 if (pattern_wildcard)
5073 return 0;
5074 pattern_wildcard = pattern_left_label_end;
5075 break;
5076 }
5077 pattern_left_label_end++;
5078 }
5079
5080 /* If it's not trivial and there is no wildcard, it can't
5081 * match */
5082 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07005083 return 0;
5084
5085 /* Make sure all labels match except the leftmost */
5086 hostname_left_label_end = strchr(hostname, '.');
5087 if (!hostname_left_label_end
5088 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
5089 return 0;
5090
5091 /* Make sure the leftmost label of the hostname is long enough
5092 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02005093 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07005094 return 0;
5095
5096 /* Finally compare the string on either side of the
5097 * wildcard */
5098 prefixlen = pattern_wildcard - pattern;
5099 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02005100 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
5101 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07005102 return 0;
5103
5104 return 1;
5105}
5106
5107static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
5108{
5109 SSL *ssl;
5110 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005111 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005112 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02005113 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07005114
5115 int depth;
5116 X509 *cert;
5117 STACK_OF(GENERAL_NAME) *alt_names;
5118 int i;
5119 X509_NAME *cert_subject;
5120 char *str;
5121
5122 if (ok == 0)
5123 return ok;
5124
5125 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005126 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005127 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07005128
Willy Tarreauad92a9a2017-07-28 11:38:41 +02005129 /* We're checking if the provided hostnames match the desired one. The
5130 * desired hostname comes from the SNI we presented if any, or if not
5131 * provided then it may have been explicitly stated using a "verifyhost"
5132 * directive. If neither is set, we don't care about the name so the
5133 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02005134 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005135 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02005136 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005137 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02005138 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005139 if (!servername)
5140 return ok;
5141 }
Evan Broderbe554312013-06-27 00:05:25 -07005142
5143 /* We only need to verify the CN on the actual server cert,
5144 * not the indirect CAs */
5145 depth = X509_STORE_CTX_get_error_depth(ctx);
5146 if (depth != 0)
5147 return ok;
5148
5149 /* At this point, the cert is *not* OK unless we can find a
5150 * hostname match */
5151 ok = 0;
5152
5153 cert = X509_STORE_CTX_get_current_cert(ctx);
5154 /* It seems like this might happen if verify peer isn't set */
5155 if (!cert)
5156 return ok;
5157
5158 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
5159 if (alt_names) {
5160 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
5161 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
5162 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005163#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02005164 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
5165#else
Evan Broderbe554312013-06-27 00:05:25 -07005166 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02005167#endif
Evan Broderbe554312013-06-27 00:05:25 -07005168 ok = ssl_sock_srv_hostcheck(str, servername);
5169 OPENSSL_free(str);
5170 }
5171 }
5172 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02005173 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07005174 }
5175
5176 cert_subject = X509_get_subject_name(cert);
5177 i = -1;
5178 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
5179 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005180 ASN1_STRING *value;
5181 value = X509_NAME_ENTRY_get_data(entry);
5182 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07005183 ok = ssl_sock_srv_hostcheck(str, servername);
5184 OPENSSL_free(str);
5185 }
5186 }
5187
Willy Tarreau71d058c2017-07-26 20:09:56 +02005188 /* report the mismatch and indicate if SNI was used or not */
5189 if (!ok && !conn->err_code)
5190 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07005191 return ok;
5192}
5193
Emeric Brun94324a42012-10-11 14:00:19 +02005194/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01005195int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02005196{
Willy Tarreau03209342016-12-22 17:08:28 +01005197 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02005198 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005199 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02005200 SSL_OP_ALL | /* all known workarounds for bugs */
5201 SSL_OP_NO_SSLv2 |
5202 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005203 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02005204 SSL_MODE_ENABLE_PARTIAL_WRITE |
5205 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01005206 SSL_MODE_RELEASE_BUFFERS |
5207 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01005208 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005209 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005210 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005211 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005212 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02005213
Thierry Fournier383085f2013-01-24 14:15:43 +01005214 /* Make sure openssl opens /dev/urandom before the chroot */
5215 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005216 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01005217 cfgerr++;
5218 }
5219
Willy Tarreaufce03112015-01-15 21:32:40 +01005220 /* Automatic memory computations need to know we use SSL there */
5221 global.ssl_used_backend = 1;
5222
5223 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005224 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005225 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005226 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
5227 curproxy->id, srv->id,
5228 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005229 cfgerr++;
5230 return cfgerr;
5231 }
5232 }
Emeric Brun94324a42012-10-11 14:00:19 +02005233 if (srv->use_ssl)
5234 srv->xprt = &ssl_sock;
5235 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01005236 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02005237
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005238 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005239 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005240 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
5241 proxy_type_str(curproxy), curproxy->id,
5242 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02005243 cfgerr++;
5244 return cfgerr;
5245 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005246
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005247 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01005248 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
5249 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5250 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005251 else
5252 flags = conf_ssl_methods->flags;
5253
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005254 /* Real min and max should be determinate with configuration and openssl's capabilities */
5255 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005256 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005257 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005258 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005259
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005260 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005261 min = max = CONF_TLSV_NONE;
5262 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005263 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005264 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005265 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005266 if (min) {
5267 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005268 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
5269 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5270 proxy_type_str(curproxy), curproxy->id, srv->id,
5271 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005272 hole = 0;
5273 }
5274 max = i;
5275 }
5276 else {
5277 min = max = i;
5278 }
5279 }
5280 else {
5281 if (min)
5282 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005283 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005284 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005285 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
5286 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005287 cfgerr += 1;
5288 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005289
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005290#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005291 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08005292 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005293 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005294 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005295 else
5296 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
5297 if (flags & methodVersions[i].flag)
5298 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005299#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005300 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005301 methodVersions[min].ctx_set_version(ctx, SET_MIN);
5302 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005303#endif
5304
5305 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
5306 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005307 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005308
Willy Tarreau5db847a2019-05-09 14:13:35 +02005309#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005310 if (global_ssl.async)
5311 mode |= SSL_MODE_ASYNC;
5312#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005313 SSL_CTX_set_mode(ctx, mode);
5314 srv->ssl_ctx.ctx = ctx;
5315
Emeric Bruna7aa3092012-10-26 12:58:00 +02005316 if (srv->ssl_ctx.client_crt) {
5317 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005318 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
5319 proxy_type_str(curproxy), curproxy->id,
5320 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005321 cfgerr++;
5322 }
5323 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005324 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
5325 proxy_type_str(curproxy), curproxy->id,
5326 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005327 cfgerr++;
5328 }
5329 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005330 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
5331 proxy_type_str(curproxy), curproxy->id,
5332 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005333 cfgerr++;
5334 }
5335 }
Emeric Brun94324a42012-10-11 14:00:19 +02005336
Emeric Brun850efd52014-01-29 12:24:34 +01005337 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
5338 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01005339 switch (srv->ssl_ctx.verify) {
5340 case SSL_SOCK_VERIFY_NONE:
5341 verify = SSL_VERIFY_NONE;
5342 break;
5343 case SSL_SOCK_VERIFY_REQUIRED:
5344 verify = SSL_VERIFY_PEER;
5345 break;
5346 }
Evan Broderbe554312013-06-27 00:05:25 -07005347 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01005348 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02005349 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01005350 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02005351 if (srv->ssl_ctx.ca_file) {
5352 /* load CAfile to verify */
5353 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005354 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
5355 curproxy->id, srv->id,
5356 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005357 cfgerr++;
5358 }
5359 }
Emeric Brun850efd52014-01-29 12:24:34 +01005360 else {
5361 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01005362 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
5363 curproxy->id, srv->id,
5364 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005365 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01005366 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
5367 curproxy->id, srv->id,
5368 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005369 cfgerr++;
5370 }
Emeric Brunef42d922012-10-11 16:11:36 +02005371#ifdef X509_V_FLAG_CRL_CHECK
5372 if (srv->ssl_ctx.crl_file) {
5373 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
5374
5375 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005376 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
5377 curproxy->id, srv->id,
5378 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005379 cfgerr++;
5380 }
5381 else {
5382 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5383 }
5384 }
5385#endif
5386 }
5387
Olivier Houchardbd84ac82017-11-03 13:43:35 +01005388 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
5389 SSL_SESS_CACHE_NO_INTERNAL_STORE);
5390 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02005391 if (srv->ssl_ctx.ciphers &&
5392 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005393 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
5394 curproxy->id, srv->id,
5395 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02005396 cfgerr++;
5397 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005398
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005399#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005400 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00005401 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005402 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
5403 curproxy->id, srv->id,
5404 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
5405 cfgerr++;
5406 }
5407#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01005408#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
5409 if (srv->ssl_ctx.npn_str)
5410 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
5411#endif
5412#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5413 if (srv->ssl_ctx.alpn_str)
5414 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
5415#endif
5416
Emeric Brun94324a42012-10-11 14:00:19 +02005417
5418 return cfgerr;
5419}
5420
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005421/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005422 * be NULL, in which case nothing is done. Returns the number of errors
5423 * encountered.
5424 */
Willy Tarreau03209342016-12-22 17:08:28 +01005425int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005426{
5427 struct ebmb_node *node;
5428 struct sni_ctx *sni;
5429 int err = 0;
5430
Willy Tarreaufce03112015-01-15 21:32:40 +01005431 /* Automatic memory computations need to know we use SSL there */
5432 global.ssl_used_frontend = 1;
5433
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005434 /* Make sure openssl opens /dev/urandom before the chroot */
5435 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005436 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005437 err++;
5438 }
5439 /* Create initial_ctx used to start the ssl connection before do switchctx */
5440 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005441 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005442 /* It should not be necessary to call this function, but it's
5443 necessary first to check and move all initialisation related
5444 to initial_ctx in ssl_sock_initial_ctx. */
5445 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
5446 }
Emeric Brun0bed9942014-10-30 19:25:24 +01005447 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005448 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01005449
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005450 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005451 while (node) {
5452 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005453 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5454 /* only initialize the CTX on its first occurrence and
5455 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005456 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005457 node = ebmb_next(node);
5458 }
5459
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005460 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005461 while (node) {
5462 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005463 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5464 /* only initialize the CTX on its first occurrence and
5465 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005466 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005467 node = ebmb_next(node);
5468 }
5469 return err;
5470}
5471
Willy Tarreau55d37912016-12-21 23:38:39 +01005472/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5473 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5474 * alerts are directly emitted since the rest of the stack does it below.
5475 */
5476int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5477{
5478 struct proxy *px = bind_conf->frontend;
5479 int alloc_ctx;
5480 int err;
5481
5482 if (!bind_conf->is_ssl) {
5483 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005484 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5485 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005486 }
5487 return 0;
5488 }
5489 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005490 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005491 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5492 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005493 }
5494 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005495 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5496 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005497 return -1;
5498 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005499 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005500 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005501 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005502 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005503 sizeof(*sh_ssl_sess_tree),
5504 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005505 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005506 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5507 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5508 else
5509 ha_alert("Unable to allocate SSL session cache.\n");
5510 return -1;
5511 }
5512 /* free block callback */
5513 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5514 /* init the root tree within the extra space */
5515 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5516 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005517 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005518 err = 0;
5519 /* initialize all certificate contexts */
5520 err += ssl_sock_prepare_all_ctx(bind_conf);
5521
5522 /* initialize CA variables if the certificates generation is enabled */
5523 err += ssl_sock_load_ca(bind_conf);
5524
5525 return -err;
5526}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005527
5528/* release ssl context allocated for servers. */
5529void ssl_sock_free_srv_ctx(struct server *srv)
5530{
Olivier Houchardc7566002018-11-20 23:33:50 +01005531#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5532 if (srv->ssl_ctx.alpn_str)
5533 free(srv->ssl_ctx.alpn_str);
5534#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005535#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005536 if (srv->ssl_ctx.npn_str)
5537 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005538#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005539 if (srv->ssl_ctx.ctx)
5540 SSL_CTX_free(srv->ssl_ctx.ctx);
5541}
5542
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005543/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005544 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5545 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005546void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005547{
5548 struct ebmb_node *node, *back;
5549 struct sni_ctx *sni;
5550
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005551 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005552 while (node) {
5553 sni = ebmb_entry(node, struct sni_ctx, name);
5554 back = ebmb_next(node);
5555 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005556 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005557 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005558 ssl_sock_free_ssl_conf(sni->conf);
5559 free(sni->conf);
5560 sni->conf = NULL;
5561 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005562 free(sni);
5563 node = back;
5564 }
5565
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005566 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005567 while (node) {
5568 sni = ebmb_entry(node, struct sni_ctx, name);
5569 back = ebmb_next(node);
5570 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005571 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005572 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005573 ssl_sock_free_ssl_conf(sni->conf);
5574 free(sni->conf);
5575 sni->conf = NULL;
5576 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005577 free(sni);
5578 node = back;
5579 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005580 SSL_CTX_free(bind_conf->initial_ctx);
5581 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005582 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005583 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005584}
5585
Willy Tarreau795cdab2016-12-22 17:30:54 +01005586/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5587void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5588{
5589 ssl_sock_free_ca(bind_conf);
5590 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005591 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005592 free(bind_conf->ca_sign_file);
5593 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005594 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005595 free(bind_conf->keys_ref->filename);
5596 free(bind_conf->keys_ref->tlskeys);
5597 LIST_DEL(&bind_conf->keys_ref->list);
5598 free(bind_conf->keys_ref);
5599 }
5600 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005601 bind_conf->ca_sign_pass = NULL;
5602 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005603}
5604
Christopher Faulet31af49d2015-06-09 17:29:50 +02005605/* Load CA cert file and private key used to generate certificates */
5606int
Willy Tarreau03209342016-12-22 17:08:28 +01005607ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005608{
Willy Tarreau03209342016-12-22 17:08:28 +01005609 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005610 FILE *fp;
5611 X509 *cacert = NULL;
5612 EVP_PKEY *capkey = NULL;
5613 int err = 0;
5614
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005615 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005616 return err;
5617
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005618#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005619 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005620 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005621 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005622 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005623 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005624#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005625
Christopher Faulet31af49d2015-06-09 17:29:50 +02005626 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005627 ha_alert("Proxy '%s': cannot enable certificate generation, "
5628 "no CA certificate File configured at [%s:%d].\n",
5629 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005630 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005631 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005632
5633 /* read in the CA certificate */
5634 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005635 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5636 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005637 goto load_error;
5638 }
5639 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005640 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5641 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005642 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005643 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005644 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005645 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005646 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5647 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005648 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005649 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005650
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005651 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005652 bind_conf->ca_sign_cert = cacert;
5653 bind_conf->ca_sign_pkey = capkey;
5654 return err;
5655
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005656 read_error:
5657 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005658 if (capkey) EVP_PKEY_free(capkey);
5659 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005660 load_error:
5661 bind_conf->generate_certs = 0;
5662 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005663 return err;
5664}
5665
5666/* Release CA cert and private key used to generate certificated */
5667void
5668ssl_sock_free_ca(struct bind_conf *bind_conf)
5669{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005670 if (bind_conf->ca_sign_pkey)
5671 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5672 if (bind_conf->ca_sign_cert)
5673 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005674 bind_conf->ca_sign_pkey = NULL;
5675 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005676}
5677
Emeric Brun46591952012-05-18 15:47:34 +02005678/*
5679 * This function is called if SSL * context is not yet allocated. The function
5680 * is designed to be called before any other data-layer operation and sets the
5681 * handshake flag on the connection. It is safe to call it multiple times.
5682 * It returns 0 on success and -1 in error case.
5683 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005684static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005685{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005686 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005687 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005688 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005689 return 0;
5690
Willy Tarreau3c728722014-01-23 13:50:42 +01005691 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005692 return 0;
5693
Olivier Houchard66ab4982019-02-26 18:37:15 +01005694 ctx = pool_alloc(ssl_sock_ctx_pool);
5695 if (!ctx) {
5696 conn->err_code = CO_ER_SSL_NO_MEM;
5697 return -1;
5698 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005699 ctx->wait_event.tasklet = tasklet_new();
5700 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005701 conn->err_code = CO_ER_SSL_NO_MEM;
5702 pool_free(ssl_sock_ctx_pool, ctx);
5703 return -1;
5704 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005705 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5706 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005707 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005708 ctx->sent_early_data = 0;
5709 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005710 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005711 ctx->send_wait = NULL;
5712 ctx->recv_wait = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005713 ctx->xprt_st = 0;
5714 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005715
5716 /* Only work with sockets for now, this should be adapted when we'll
5717 * add QUIC support.
5718 */
5719 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005720 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005721 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5722 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005723 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005724
Willy Tarreau20879a02012-12-03 16:32:10 +01005725 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5726 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005727 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005728 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005729
Emeric Brun46591952012-05-18 15:47:34 +02005730 /* If it is in client mode initiate SSL session
5731 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005732 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005733 int may_retry = 1;
5734
5735 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005736 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005737 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5738 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005739 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005740 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005741 goto retry_connect;
5742 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005743 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005744 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005745 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005746 ctx->bio = BIO_new(ha_meth);
5747 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005748 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005749 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005750 goto retry_connect;
5751 }
Emeric Brun55476152014-11-12 17:35:37 +01005752 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005753 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005754 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005755 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005756 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005757
Evan Broderbe554312013-06-27 00:05:25 -07005758 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005759 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5760 SSL_free(ctx->ssl);
5761 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005762 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005763 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005764 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005765 goto retry_connect;
5766 }
Emeric Brun55476152014-11-12 17:35:37 +01005767 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005768 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005769 }
5770
Olivier Houchard66ab4982019-02-26 18:37:15 +01005771 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005772 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5773 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5774 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005775 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005776 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005777 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5778 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005779 } else if (sess) {
5780 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005781 }
5782 }
Evan Broderbe554312013-06-27 00:05:25 -07005783
Emeric Brun46591952012-05-18 15:47:34 +02005784 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005785 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005786
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005787 _HA_ATOMIC_ADD(&sslconns, 1);
5788 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005789 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005790 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005791 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005792 if (conn->flags & CO_FL_ERROR)
5793 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005794 return 0;
5795 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005796 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005797 int may_retry = 1;
5798
5799 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005800 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005801 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5802 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005803 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005804 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005805 goto retry_accept;
5806 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005807 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005808 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005809 }
Emeric Brun46591952012-05-18 15:47:34 +02005810
Olivier Houcharda8955d52019-04-07 22:00:38 +02005811 ctx->bio = BIO_new(ha_meth);
5812 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005813 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005814 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005815 goto retry_accept;
5816 }
Emeric Brun55476152014-11-12 17:35:37 +01005817 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005818 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005819 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005820 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005821 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005822
Emeric Brune1f38db2012-09-03 20:36:47 +02005823 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005824 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5825 SSL_free(ctx->ssl);
5826 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005827 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005828 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005829 goto retry_accept;
5830 }
Emeric Brun55476152014-11-12 17:35:37 +01005831 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005832 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005833 }
5834
Olivier Houchard66ab4982019-02-26 18:37:15 +01005835 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005836
Emeric Brun46591952012-05-18 15:47:34 +02005837 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005838 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02005839#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005840 conn->flags |= CO_FL_EARLY_SSL_HS;
5841#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005842
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005843 _HA_ATOMIC_ADD(&sslconns, 1);
5844 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005845 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005846 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005847 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005848 if (conn->flags & CO_FL_ERROR)
5849 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005850 return 0;
5851 }
5852 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005853 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005854err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005855 if (ctx && ctx->wait_event.tasklet)
5856 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005857 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005858 return -1;
5859}
5860
5861
5862/* This is the callback which is used when an SSL handshake is pending. It
5863 * updates the FD status if it wants some polling before being called again.
5864 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5865 * otherwise it returns non-zero and removes itself from the connection's
5866 * flags (the bit is provided in <flag> by the caller).
5867 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005868static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005869{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005870 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005871 int ret;
5872
Willy Tarreau3c728722014-01-23 13:50:42 +01005873 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005874 return 0;
5875
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005876 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005877 goto out_error;
5878
Willy Tarreau5db847a2019-05-09 14:13:35 +02005879#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005880 /*
5881 * Check if we have early data. If we do, we have to read them
5882 * before SSL_do_handshake() is called, And there's no way to
5883 * detect early data, except to try to read them
5884 */
5885 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5886 size_t read_data;
5887
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005888 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005889 1, &read_data);
5890 if (ret == SSL_READ_EARLY_DATA_ERROR)
5891 goto check_error;
5892 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5893 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5894 return 1;
5895 } else
5896 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5897 }
5898#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005899 /* If we use SSL_do_handshake to process a reneg initiated by
5900 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5901 * Usually SSL_write and SSL_read are used and process implicitly
5902 * the reneg handshake.
5903 * Here we use SSL_peek as a workaround for reneg.
5904 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005905 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005906 char c;
5907
Olivier Houchard66ab4982019-02-26 18:37:15 +01005908 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005909 if (ret <= 0) {
5910 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005911 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005912
Emeric Brun674b7432012-11-08 19:21:55 +01005913 if (ret == SSL_ERROR_WANT_WRITE) {
5914 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005915 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005916 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005917 return 0;
5918 }
5919 else if (ret == SSL_ERROR_WANT_READ) {
5920 /* handshake may have been completed but we have
5921 * no more data to read.
5922 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005923 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005924 ret = 1;
5925 goto reneg_ok;
5926 }
5927 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005928 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005929 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005930 return 0;
5931 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005932#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005933 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005934 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005935 return 0;
5936 }
5937#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005938 else if (ret == SSL_ERROR_SYSCALL) {
5939 /* if errno is null, then connection was successfully established */
5940 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5941 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005942 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005943#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5944 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005945 conn->err_code = CO_ER_SSL_HANDSHAKE;
5946#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005947 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005948#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005949 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005950 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005951 empty_handshake = state == TLS_ST_BEFORE;
5952#else
Lukas Tribus49799162019-07-08 14:29:15 +02005953 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5954 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005955#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005956 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005957 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005958 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005959 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5960 else
5961 conn->err_code = CO_ER_SSL_EMPTY;
5962 }
5963 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005964 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005965 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5966 else
5967 conn->err_code = CO_ER_SSL_ABORT;
5968 }
5969 }
5970 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005971 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005972 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005973 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005974 conn->err_code = CO_ER_SSL_HANDSHAKE;
5975 }
Lukas Tribus49799162019-07-08 14:29:15 +02005976#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005977 }
Emeric Brun674b7432012-11-08 19:21:55 +01005978 goto out_error;
5979 }
5980 else {
5981 /* Fail on all other handshake errors */
5982 /* Note: OpenSSL may leave unread bytes in the socket's
5983 * buffer, causing an RST to be emitted upon close() on
5984 * TCP sockets. We first try to drain possibly pending
5985 * data to avoid this as much as possible.
5986 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005987 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005988 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005989 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005990 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005991 goto out_error;
5992 }
5993 }
5994 /* read some data: consider handshake completed */
5995 goto reneg_ok;
5996 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005997 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005998check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005999 if (ret != 1) {
6000 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006001 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006002
6003 if (ret == SSL_ERROR_WANT_WRITE) {
6004 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006005 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006006 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006007 return 0;
6008 }
6009 else if (ret == SSL_ERROR_WANT_READ) {
6010 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02006011 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006012 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6013 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006014 return 0;
6015 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006016#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006017 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006018 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006019 return 0;
6020 }
6021#endif
Willy Tarreau89230192012-09-28 20:22:13 +02006022 else if (ret == SSL_ERROR_SYSCALL) {
6023 /* if errno is null, then connection was successfully established */
6024 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6025 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006026 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006027#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6028 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006029 conn->err_code = CO_ER_SSL_HANDSHAKE;
6030#else
6031 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006032#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006033 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006034 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006035 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006036#else
Lukas Tribus49799162019-07-08 14:29:15 +02006037 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6038 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006039#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006040 if (empty_handshake) {
6041 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006042 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006043 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6044 else
6045 conn->err_code = CO_ER_SSL_EMPTY;
6046 }
6047 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006048 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006049 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6050 else
6051 conn->err_code = CO_ER_SSL_ABORT;
6052 }
Emeric Brun29f037d2014-04-25 19:05:36 +02006053 }
6054 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006055 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006056 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6057 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006058 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02006059 }
Lukas Tribus49799162019-07-08 14:29:15 +02006060#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02006061 }
Willy Tarreau89230192012-09-28 20:22:13 +02006062 goto out_error;
6063 }
Emeric Brun46591952012-05-18 15:47:34 +02006064 else {
6065 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02006066 /* Note: OpenSSL may leave unread bytes in the socket's
6067 * buffer, causing an RST to be emitted upon close() on
6068 * TCP sockets. We first try to drain possibly pending
6069 * data to avoid this as much as possible.
6070 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006071 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006072 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006073 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006074 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006075 goto out_error;
6076 }
6077 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006078#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01006079 else {
6080 /*
6081 * If the server refused the early data, we have to send a
6082 * 425 to the client, as we no longer have the data to sent
6083 * them again.
6084 */
6085 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006086 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006087 conn->err_code = CO_ER_SSL_EARLY_FAILED;
6088 goto out_error;
6089 }
6090 }
6091 }
6092#endif
6093
Emeric Brun46591952012-05-18 15:47:34 +02006094
Emeric Brun674b7432012-11-08 19:21:55 +01006095reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00006096
Willy Tarreau5db847a2019-05-09 14:13:35 +02006097#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006098 /* ASYNC engine API doesn't support moving read/write
6099 * buffers. So we disable ASYNC mode right after
6100 * the handshake to avoid buffer oveflows.
6101 */
6102 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006103 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006104#endif
Emeric Brun46591952012-05-18 15:47:34 +02006105 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006106 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006107 if (objt_server(conn->target)) {
6108 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
6109 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
6110 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02006111 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006112 else {
6113 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
6114 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
6115 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
6116 }
Emeric Brun46591952012-05-18 15:47:34 +02006117 }
6118
6119 /* The connection is now established at both layers, it's time to leave */
6120 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
6121 return 1;
6122
6123 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006124 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006125 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006126 ERR_clear_error();
6127
Emeric Brun9fa89732012-10-04 17:09:56 +02006128 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02006129 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
6130 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
6131 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02006132 }
6133
Emeric Brun46591952012-05-18 15:47:34 +02006134 /* Fail on all other handshake errors */
6135 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01006136 if (!conn->err_code)
6137 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006138 return 0;
6139}
6140
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006141static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006142{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006143 struct wait_event *sw;
6144 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006145
Olivier Houchard0ff28652019-06-24 18:57:39 +02006146 if (!ctx)
6147 return -1;
6148
Olivier Houchardea8dd942019-05-20 14:02:16 +02006149 if (event_type & SUB_RETRY_RECV) {
6150 sw = param;
6151 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
6152 sw->events |= SUB_RETRY_RECV;
6153 ctx->recv_wait = sw;
6154 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6155 !(ctx->wait_event.events & SUB_RETRY_RECV))
6156 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
6157 event_type &= ~SUB_RETRY_RECV;
6158 }
6159 if (event_type & SUB_RETRY_SEND) {
6160sw = param;
6161 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
6162 sw->events |= SUB_RETRY_SEND;
6163 ctx->send_wait = sw;
6164 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6165 !(ctx->wait_event.events & SUB_RETRY_SEND))
6166 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
6167 event_type &= ~SUB_RETRY_SEND;
6168
6169 }
6170 if (event_type != 0)
6171 return -1;
6172 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006173}
6174
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006175static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006176{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006177 struct wait_event *sw;
6178 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006179
Olivier Houchardea8dd942019-05-20 14:02:16 +02006180 if (event_type & SUB_RETRY_RECV) {
6181 sw = param;
6182 BUG_ON(ctx->recv_wait != sw);
6183 ctx->recv_wait = NULL;
6184 sw->events &= ~SUB_RETRY_RECV;
6185 /* If we subscribed, and we're not doing the handshake,
6186 * then we subscribed because the upper layer asked for it,
6187 * as the upper layer is no longer interested, we can
6188 * unsubscribe too.
6189 */
6190 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6191 (ctx->wait_event.events & SUB_RETRY_RECV))
6192 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
6193 &ctx->wait_event);
6194 }
6195 if (event_type & SUB_RETRY_SEND) {
6196 sw = param;
6197 BUG_ON(ctx->send_wait != sw);
6198 ctx->send_wait = NULL;
6199 sw->events &= ~SUB_RETRY_SEND;
6200 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6201 (ctx->wait_event.events & SUB_RETRY_SEND))
6202 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
6203 &ctx->wait_event);
6204
6205 }
6206
6207 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006208}
6209
Olivier Houchard2e055482019-05-27 19:50:12 +02006210/* Use the provided XPRT as an underlying XPRT, and provide the old one.
6211 * Returns 0 on success, and non-zero on failure.
6212 */
6213static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
6214{
6215 struct ssl_sock_ctx *ctx = xprt_ctx;
6216
6217 if (oldxprt_ops != NULL)
6218 *oldxprt_ops = ctx->xprt;
6219 if (oldxprt_ctx != NULL)
6220 *oldxprt_ctx = ctx->xprt_ctx;
6221 ctx->xprt = toadd_ops;
6222 ctx->xprt_ctx = toadd_ctx;
6223 return 0;
6224}
6225
Olivier Houchard5149b592019-05-23 17:47:36 +02006226/* Remove the specified xprt. If if it our underlying XPRT, remove it and
6227 * return 0, otherwise just call the remove_xprt method from the underlying
6228 * XPRT.
6229 */
6230static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
6231{
6232 struct ssl_sock_ctx *ctx = xprt_ctx;
6233
6234 if (ctx->xprt_ctx == toremove_ctx) {
6235 ctx->xprt_ctx = newctx;
6236 ctx->xprt = newops;
6237 return 0;
6238 }
6239 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
6240}
6241
Olivier Houchardea8dd942019-05-20 14:02:16 +02006242static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
6243{
6244 struct ssl_sock_ctx *ctx = context;
6245
6246 /* First if we're doing an handshake, try that */
6247 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
6248 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
6249 /* If we had an error, or the handshake is done and I/O is available,
6250 * let the upper layer know.
6251 * If no mux was set up yet, and nobody subscribed, then call
6252 * xprt_done_cb() ourself if it's set, or destroy the connection,
6253 * we can't be sure conn_fd_handler() will be called again.
6254 */
6255 if ((ctx->conn->flags & CO_FL_ERROR) ||
6256 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
6257 int ret = 0;
6258 int woke = 0;
6259
6260 /* On error, wake any waiter */
6261 if (ctx->recv_wait) {
6262 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006263 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006264 ctx->recv_wait = NULL;
6265 woke = 1;
6266 }
6267 if (ctx->send_wait) {
6268 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006269 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006270 ctx->send_wait = NULL;
6271 woke = 1;
6272 }
6273 /* If we're the first xprt for the connection, let the
6274 * upper layers know. If xprt_done_cb() is set, call it,
6275 * otherwise, we should have a mux, so call its wake
6276 * method if we didn't woke a tasklet already.
6277 */
6278 if (ctx->conn->xprt_ctx == ctx) {
6279 if (ctx->conn->xprt_done_cb)
6280 ret = ctx->conn->xprt_done_cb(ctx->conn);
6281 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
6282 ctx->conn->mux->wake(ctx->conn);
6283 return NULL;
6284 }
6285 }
6286 return NULL;
6287}
6288
Emeric Brun46591952012-05-18 15:47:34 +02006289/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01006290 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02006291 * buffer wraps, in which case a second call may be performed. The connection's
6292 * flags are updated with whatever special event is detected (error, read0,
6293 * empty). The caller is responsible for taking care of those events and
6294 * avoiding the call if inappropriate. The function does not call the
6295 * connection's polling update function, so the caller is responsible for this.
6296 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006297static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006298{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006299 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02006300 ssize_t ret;
6301 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02006302
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006303 conn_refresh_polling_flags(conn);
6304
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006305 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006306 goto out_error;
6307
6308 if (conn->flags & CO_FL_HANDSHAKE)
6309 /* a handshake was requested */
6310 return 0;
6311
Emeric Brun46591952012-05-18 15:47:34 +02006312 /* read the largest possible block. For this, we perform only one call
6313 * to recv() unless the buffer wraps and we exactly fill the first hunk,
6314 * in which case we accept to do it once again. A new attempt is made on
6315 * EINTR too.
6316 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01006317 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006318 int need_out = 0;
6319
Willy Tarreau591d4452018-06-15 17:21:00 +02006320 try = b_contig_space(buf);
6321 if (!try)
6322 break;
6323
Willy Tarreauabf08d92014-01-14 11:31:27 +01006324 if (try > count)
6325 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02006326
Olivier Houchardc2aae742017-09-22 18:26:28 +02006327 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006328 ctx->tmp_early_data != -1) {
6329 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006330 done++;
6331 try--;
6332 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02006333 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006334 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006335 continue;
6336 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01006337
Willy Tarreau5db847a2019-05-09 14:13:35 +02006338#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006339 if (conn->flags & CO_FL_EARLY_SSL_HS) {
6340 size_t read_length;
6341
Olivier Houchard66ab4982019-02-26 18:37:15 +01006342 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02006343 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01006344 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
6345 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006346 conn->flags |= CO_FL_EARLY_DATA;
6347 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
6348 ret == SSL_READ_EARLY_DATA_FINISH) {
6349 if (ret == SSL_READ_EARLY_DATA_FINISH) {
6350 /*
6351 * We're done reading the early data,
6352 * let's make the handshake
6353 */
6354 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6355 conn->flags |= CO_FL_SSL_WAIT_HS;
6356 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006357 /* Now initiate the handshake */
6358 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006359 if (read_length == 0)
6360 break;
6361 }
6362 ret = read_length;
6363 }
6364 } else
6365#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006366 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006367
Emeric Brune1f38db2012-09-03 20:36:47 +02006368 if (conn->flags & CO_FL_ERROR) {
6369 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006370 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006371 }
Emeric Brun46591952012-05-18 15:47:34 +02006372 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02006373 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006374 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006375 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006376 }
Emeric Brun46591952012-05-18 15:47:34 +02006377 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006378 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006379 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006380 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02006381 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006382 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006383#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006384 /* Async mode can be re-enabled, because we're leaving data state.*/
6385 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006386 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006387#endif
Emeric Brun46591952012-05-18 15:47:34 +02006388 break;
6389 }
6390 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006391 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006392 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6393 SUB_RETRY_RECV,
6394 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01006395 /* handshake is running, and it may need to re-enable read */
6396 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006397#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006398 /* Async mode can be re-enabled, because we're leaving data state.*/
6399 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006400 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006401#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006402 break;
6403 }
Emeric Brun46591952012-05-18 15:47:34 +02006404 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006405 } else if (ret == SSL_ERROR_ZERO_RETURN)
6406 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006407 /* For SSL_ERROR_SYSCALL, make sure to clear the error
6408 * stack before shutting down the connection for
6409 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006410 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
6411 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02006412 /* otherwise it's a real error */
6413 goto out_error;
6414 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006415 if (need_out)
6416 break;
Emeric Brun46591952012-05-18 15:47:34 +02006417 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006418 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006419 return done;
6420
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006421 clear_ssl_error:
6422 /* Clear openssl global errors stack */
6423 ssl_sock_dump_errors(conn);
6424 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02006425 read0:
6426 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006427 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006428
Emeric Brun46591952012-05-18 15:47:34 +02006429 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006430 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01006431 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006432 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006433 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006434 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006435}
6436
6437
Willy Tarreau787db9a2018-06-14 18:31:46 +02006438/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
6439 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
6440 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02006441 * Only one call to send() is performed, unless the buffer wraps, in which case
6442 * a second call may be performed. The connection's flags are updated with
6443 * whatever special event is detected (error, empty). The caller is responsible
6444 * for taking care of those events and avoiding the call if inappropriate. The
6445 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02006446 * is responsible for this. The buffer's output is not adjusted, it's up to the
6447 * caller to take care of this. It's up to the caller to update the buffer's
6448 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02006449 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006450static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006451{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006452 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006453 ssize_t ret;
6454 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02006455
6456 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006457 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02006458
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006459 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006460 goto out_error;
6461
Olivier Houchard010941f2019-05-03 20:56:19 +02006462 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006463 /* a handshake was requested */
6464 return 0;
6465
6466 /* send the largest possible block. For this we perform only one call
6467 * to send() unless the buffer wraps and we exactly fill the first hunk,
6468 * in which case we accept to do it once again.
6469 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006470 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02006471#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006472 size_t written_data;
6473#endif
6474
Willy Tarreau787db9a2018-06-14 18:31:46 +02006475 try = b_contig_data(buf, done);
6476 if (try > count)
6477 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006478
Willy Tarreau7bed9452014-02-02 02:00:24 +01006479 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006480 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006481 global_ssl.max_record && try > global_ssl.max_record) {
6482 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006483 }
6484 else {
6485 /* we need to keep the information about the fact that
6486 * we're not limiting the upcoming send(), because if it
6487 * fails, we'll have to retry with at least as many data.
6488 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006489 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006490 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006491
Willy Tarreau5db847a2019-05-09 14:13:35 +02006492#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006493 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006494 unsigned int max_early;
6495
Olivier Houchard522eea72017-11-03 16:27:47 +01006496 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006497 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006498 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006499 if (SSL_get0_session(ctx->ssl))
6500 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006501 else
6502 max_early = 0;
6503 }
6504
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006505 if (try + ctx->sent_early_data > max_early) {
6506 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006507 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006508 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006509 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006510 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006511 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006512 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006513 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006514 if (ret == 1) {
6515 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006516 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006517 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006518 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006519 /* Initiate the handshake, now */
6520 tasklet_wakeup(ctx->wait_event.tasklet);
6521 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006522
Olivier Houchardc2aae742017-09-22 18:26:28 +02006523 }
6524
6525 } else
6526#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006527 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006528
Emeric Brune1f38db2012-09-03 20:36:47 +02006529 if (conn->flags & CO_FL_ERROR) {
6530 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006531 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006532 }
Emeric Brun46591952012-05-18 15:47:34 +02006533 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006534 /* A send succeeded, so we can consier ourself connected */
6535 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006536 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006537 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006538 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006539 }
6540 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006541 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006542
Emeric Brun46591952012-05-18 15:47:34 +02006543 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006544 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006545 /* handshake is running, and it may need to re-enable write */
6546 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006547 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006548#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006549 /* Async mode can be re-enabled, because we're leaving data state.*/
6550 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006551 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006552#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006553 break;
6554 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006555
Emeric Brun46591952012-05-18 15:47:34 +02006556 break;
6557 }
6558 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006559 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006560 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006561 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6562 SUB_RETRY_RECV,
6563 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006564#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006565 /* Async mode can be re-enabled, because we're leaving data state.*/
6566 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006567 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006568#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006569 break;
6570 }
Emeric Brun46591952012-05-18 15:47:34 +02006571 goto out_error;
6572 }
6573 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006574 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006575 return done;
6576
6577 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006578 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006579 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006580 ERR_clear_error();
6581
Emeric Brun46591952012-05-18 15:47:34 +02006582 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006583 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006584}
6585
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006586static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006587
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006588 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006589
Olivier Houchardea8dd942019-05-20 14:02:16 +02006590
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006591 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006592 if (ctx->wait_event.events != 0)
6593 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6594 ctx->wait_event.events,
6595 &ctx->wait_event);
6596 if (ctx->send_wait) {
6597 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006598 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006599 }
6600 if (ctx->recv_wait) {
6601 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006602 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006603 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006604 if (ctx->xprt->close)
6605 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006606#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006607 if (global_ssl.async) {
6608 OSSL_ASYNC_FD all_fd[32], afd;
6609 size_t num_all_fds = 0;
6610 int i;
6611
Olivier Houchard66ab4982019-02-26 18:37:15 +01006612 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006613 if (num_all_fds > 32) {
6614 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6615 return;
6616 }
6617
Olivier Houchard66ab4982019-02-26 18:37:15 +01006618 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006619
6620 /* If an async job is pending, we must try to
6621 to catch the end using polling before calling
6622 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006623 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006624 for (i=0 ; i < num_all_fds ; i++) {
6625 /* switch on an handler designed to
6626 * handle the SSL_free
6627 */
6628 afd = all_fd[i];
6629 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006630 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006631 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006632 /* To ensure that the fd cache won't be used
6633 * and we'll catch a real RD event.
6634 */
6635 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006636 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006637 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006638 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006639 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006640 return;
6641 }
Emeric Brun3854e012017-05-17 20:42:48 +02006642 /* Else we can remove the fds from the fdtab
6643 * and call SSL_free.
6644 * note: we do a fd_remove and not a delete
6645 * because the fd is owned by the engine.
6646 * the engine is responsible to close
6647 */
6648 for (i=0 ; i < num_all_fds ; i++)
6649 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006650 }
6651#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006652 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006653 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006654 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006655 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006656 }
Emeric Brun46591952012-05-18 15:47:34 +02006657}
6658
6659/* This function tries to perform a clean shutdown on an SSL connection, and in
6660 * any case, flags the connection as reusable if no handshake was in progress.
6661 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006662static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006663{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006664 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006665
Emeric Brun46591952012-05-18 15:47:34 +02006666 if (conn->flags & CO_FL_HANDSHAKE)
6667 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006668 if (!clean)
6669 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006670 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006671 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006672 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006673 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006674 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006675 ERR_clear_error();
6676 }
Emeric Brun46591952012-05-18 15:47:34 +02006677}
6678
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006679/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006680int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006681{
Christopher Faulet82004142019-09-10 10:12:03 +02006682 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006683 struct pkey_info *pkinfo;
6684 int bits = 0;
6685 int sig = TLSEXT_signature_anonymous;
6686 int len = -1;
6687
6688 if (!ssl_sock_is_ssl(conn))
6689 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02006690 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006691 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006692 if (pkinfo) {
6693 sig = pkinfo->sig;
6694 bits = pkinfo->bits;
6695 } else {
6696 /* multicert and generated cert have no pkey info */
6697 X509 *crt;
6698 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006699 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006700 if (!crt)
6701 return 0;
6702 pkey = X509_get_pubkey(crt);
6703 if (pkey) {
6704 bits = EVP_PKEY_bits(pkey);
6705 switch(EVP_PKEY_base_id(pkey)) {
6706 case EVP_PKEY_RSA:
6707 sig = TLSEXT_signature_rsa;
6708 break;
6709 case EVP_PKEY_EC:
6710 sig = TLSEXT_signature_ecdsa;
6711 break;
6712 case EVP_PKEY_DSA:
6713 sig = TLSEXT_signature_dsa;
6714 break;
6715 }
6716 EVP_PKEY_free(pkey);
6717 }
6718 }
6719
6720 switch(sig) {
6721 case TLSEXT_signature_rsa:
6722 len = chunk_printf(out, "RSA%d", bits);
6723 break;
6724 case TLSEXT_signature_ecdsa:
6725 len = chunk_printf(out, "EC%d", bits);
6726 break;
6727 case TLSEXT_signature_dsa:
6728 len = chunk_printf(out, "DSA%d", bits);
6729 break;
6730 default:
6731 return 0;
6732 }
6733 if (len < 0)
6734 return 0;
6735 return 1;
6736}
6737
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006738/* used for ppv2 cert signature (can be used for logging) */
6739const char *ssl_sock_get_cert_sig(struct connection *conn)
6740{
Christopher Faulet82004142019-09-10 10:12:03 +02006741 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006742
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006743 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6744 X509 *crt;
6745
6746 if (!ssl_sock_is_ssl(conn))
6747 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006748 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006749 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006750 if (!crt)
6751 return NULL;
6752 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6753 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6754}
6755
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006756/* used for ppv2 authority */
6757const char *ssl_sock_get_sni(struct connection *conn)
6758{
6759#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006760 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006761
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006762 if (!ssl_sock_is_ssl(conn))
6763 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006764 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006765 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006766#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006767 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006768#endif
6769}
6770
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006771/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006772const char *ssl_sock_get_cipher_name(struct connection *conn)
6773{
Christopher Faulet82004142019-09-10 10:12:03 +02006774 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006775
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006776 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006777 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006778 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006779 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006780}
6781
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006782/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006783const char *ssl_sock_get_proto_version(struct connection *conn)
6784{
Christopher Faulet82004142019-09-10 10:12:03 +02006785 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006786
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006787 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006788 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006789 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006790 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006791}
6792
Willy Tarreau8d598402012-10-22 17:58:39 +02006793/* Extract a serial from a cert, and copy it to a chunk.
6794 * Returns 1 if serial is found and copied, 0 if no serial found and
6795 * -1 if output is not large enough.
6796 */
6797static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006798ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006799{
6800 ASN1_INTEGER *serial;
6801
6802 serial = X509_get_serialNumber(crt);
6803 if (!serial)
6804 return 0;
6805
6806 if (out->size < serial->length)
6807 return -1;
6808
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006809 memcpy(out->area, serial->data, serial->length);
6810 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006811 return 1;
6812}
6813
Emeric Brun43e79582014-10-29 19:03:26 +01006814/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006815 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6816 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006817 */
6818static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006819ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006820{
6821 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006822 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006823
6824 len =i2d_X509(crt, NULL);
6825 if (len <= 0)
6826 return 1;
6827
6828 if (out->size < len)
6829 return -1;
6830
6831 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006832 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006833 return 1;
6834}
6835
Emeric Brunce5ad802012-10-22 14:11:22 +02006836
Willy Tarreau83061a82018-07-13 11:56:34 +02006837/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006838 * Returns 1 if serial is found and copied, 0 if no valid time found
6839 * and -1 if output is not large enough.
6840 */
6841static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006842ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006843{
6844 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6845 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6846
6847 if (gentm->length < 12)
6848 return 0;
6849 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6850 return 0;
6851 if (out->size < gentm->length-2)
6852 return -1;
6853
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006854 memcpy(out->area, gentm->data+2, gentm->length-2);
6855 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006856 return 1;
6857 }
6858 else if (tm->type == V_ASN1_UTCTIME) {
6859 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6860
6861 if (utctm->length < 10)
6862 return 0;
6863 if (utctm->data[0] >= 0x35)
6864 return 0;
6865 if (out->size < utctm->length)
6866 return -1;
6867
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006868 memcpy(out->area, utctm->data, utctm->length);
6869 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006870 return 1;
6871 }
6872
6873 return 0;
6874}
6875
Emeric Brun87855892012-10-17 17:39:35 +02006876/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6877 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6878 */
6879static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006880ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6881 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006882{
6883 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006884 ASN1_OBJECT *obj;
6885 ASN1_STRING *data;
6886 const unsigned char *data_ptr;
6887 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006888 int i, j, n;
6889 int cur = 0;
6890 const char *s;
6891 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006892 int name_count;
6893
6894 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006895
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006896 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006897 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006898 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006899 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006900 else
6901 j = i;
6902
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006903 ne = X509_NAME_get_entry(a, j);
6904 obj = X509_NAME_ENTRY_get_object(ne);
6905 data = X509_NAME_ENTRY_get_data(ne);
6906 data_ptr = ASN1_STRING_get0_data(data);
6907 data_len = ASN1_STRING_length(data);
6908 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006909 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006910 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006911 s = tmp;
6912 }
6913
6914 if (chunk_strcasecmp(entry, s) != 0)
6915 continue;
6916
6917 if (pos < 0)
6918 cur--;
6919 else
6920 cur++;
6921
6922 if (cur != pos)
6923 continue;
6924
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006925 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006926 return -1;
6927
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006928 memcpy(out->area, data_ptr, data_len);
6929 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006930 return 1;
6931 }
6932
6933 return 0;
6934
6935}
6936
6937/* Extract and format full DN from a X509_NAME and copy result into a chunk
6938 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6939 */
6940static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006941ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006942{
6943 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006944 ASN1_OBJECT *obj;
6945 ASN1_STRING *data;
6946 const unsigned char *data_ptr;
6947 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006948 int i, n, ln;
6949 int l = 0;
6950 const char *s;
6951 char *p;
6952 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006953 int name_count;
6954
6955
6956 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006957
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006958 out->data = 0;
6959 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006960 for (i = 0; i < name_count; i++) {
6961 ne = X509_NAME_get_entry(a, i);
6962 obj = X509_NAME_ENTRY_get_object(ne);
6963 data = X509_NAME_ENTRY_get_data(ne);
6964 data_ptr = ASN1_STRING_get0_data(data);
6965 data_len = ASN1_STRING_length(data);
6966 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006967 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006968 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006969 s = tmp;
6970 }
6971 ln = strlen(s);
6972
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006973 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006974 if (l > out->size)
6975 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006976 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006977
6978 *(p++)='/';
6979 memcpy(p, s, ln);
6980 p += ln;
6981 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006982 memcpy(p, data_ptr, data_len);
6983 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006984 }
6985
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006986 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006987 return 0;
6988
6989 return 1;
6990}
6991
Olivier Houchardab28a322018-12-21 19:45:40 +01006992void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6993{
6994#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet82004142019-09-10 10:12:03 +02006995 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006996
Olivier Houcharde488ea82019-06-28 14:10:33 +02006997 if (!ssl_sock_is_ssl(conn))
6998 return;
Christopher Faulet82004142019-09-10 10:12:03 +02006999 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007000 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01007001#endif
7002}
7003
Willy Tarreau119a4082016-12-22 21:58:38 +01007004/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
7005 * to disable SNI.
7006 */
Willy Tarreau63076412015-07-10 11:33:32 +02007007void ssl_sock_set_servername(struct connection *conn, const char *hostname)
7008{
7009#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02007010 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007011
Willy Tarreau119a4082016-12-22 21:58:38 +01007012 char *prev_name;
7013
Willy Tarreau63076412015-07-10 11:33:32 +02007014 if (!ssl_sock_is_ssl(conn))
7015 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007016 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02007017
Willy Tarreau119a4082016-12-22 21:58:38 +01007018 /* if the SNI changes, we must destroy the reusable context so that a
7019 * new connection will present a new SNI. As an optimization we could
7020 * later imagine having a small cache of ssl_ctx to hold a few SNI per
7021 * server.
7022 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007023 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01007024 if ((!prev_name && hostname) ||
7025 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01007026 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01007027
Olivier Houchard66ab4982019-02-26 18:37:15 +01007028 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02007029#endif
7030}
7031
Emeric Brun0abf8362014-06-24 18:26:41 +02007032/* Extract peer certificate's common name into the chunk dest
7033 * Returns
7034 * the len of the extracted common name
7035 * or 0 if no CN found in DN
7036 * or -1 on error case (i.e. no peer certificate)
7037 */
Willy Tarreau83061a82018-07-13 11:56:34 +02007038int ssl_sock_get_remote_common_name(struct connection *conn,
7039 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04007040{
Christopher Faulet82004142019-09-10 10:12:03 +02007041 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04007042 X509 *crt = NULL;
7043 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04007044 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02007045 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007046 .area = (char *)&find_cn,
7047 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04007048 };
Emeric Brun0abf8362014-06-24 18:26:41 +02007049 int result = -1;
David Safb76832014-05-08 23:42:08 -04007050
7051 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02007052 goto out;
Christopher Faulet82004142019-09-10 10:12:03 +02007053 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04007054
7055 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007056 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007057 if (!crt)
7058 goto out;
7059
7060 name = X509_get_subject_name(crt);
7061 if (!name)
7062 goto out;
David Safb76832014-05-08 23:42:08 -04007063
Emeric Brun0abf8362014-06-24 18:26:41 +02007064 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
7065out:
David Safb76832014-05-08 23:42:08 -04007066 if (crt)
7067 X509_free(crt);
7068
7069 return result;
7070}
7071
Dave McCowan328fb582014-07-30 10:39:13 -04007072/* returns 1 if client passed a certificate for this session, 0 if not */
7073int ssl_sock_get_cert_used_sess(struct connection *conn)
7074{
Christopher Faulet82004142019-09-10 10:12:03 +02007075 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007076 X509 *crt = NULL;
7077
7078 if (!ssl_sock_is_ssl(conn))
7079 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007080 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007081
7082 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007083 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04007084 if (!crt)
7085 return 0;
7086
7087 X509_free(crt);
7088 return 1;
7089}
7090
7091/* returns 1 if client passed a certificate for this connection, 0 if not */
7092int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04007093{
Christopher Faulet82004142019-09-10 10:12:03 +02007094 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007095
David Safb76832014-05-08 23:42:08 -04007096 if (!ssl_sock_is_ssl(conn))
7097 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007098 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007099 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04007100}
7101
7102/* returns result from SSL verify */
7103unsigned int ssl_sock_get_verify_result(struct connection *conn)
7104{
Christopher Faulet82004142019-09-10 10:12:03 +02007105 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007106
David Safb76832014-05-08 23:42:08 -04007107 if (!ssl_sock_is_ssl(conn))
7108 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet82004142019-09-10 10:12:03 +02007109 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007110 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007111}
7112
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007113/* Returns the application layer protocol name in <str> and <len> when known.
7114 * Zero is returned if the protocol name was not found, otherwise non-zero is
7115 * returned. The string is allocated in the SSL context and doesn't have to be
7116 * freed by the caller. NPN is also checked if available since older versions
7117 * of openssl (1.0.1) which are more common in field only support this one.
7118 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007119static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007120{
Olivier Houchard66ab4982019-02-26 18:37:15 +01007121#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
7122 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007123 struct ssl_sock_ctx *ctx = xprt_ctx;
7124 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007125 return 0;
7126
7127 *str = NULL;
7128
7129#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01007130 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007131 if (*str)
7132 return 1;
7133#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01007134#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007135 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007136 if (*str)
7137 return 1;
7138#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007139#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007140 return 0;
7141}
7142
Willy Tarreau7875d092012-09-10 08:20:03 +02007143/***** Below are some sample fetching functions for ACL/patterns *****/
7144
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007145static int
7146smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
7147{
7148 struct connection *conn;
7149
7150 conn = objt_conn(smp->sess->origin);
7151 if (!conn || conn->xprt != &ssl_sock)
7152 return 0;
7153
7154 smp->flags = 0;
7155 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007156#ifdef OPENSSL_IS_BORINGSSL
7157 {
7158 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7159 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
7160 SSL_early_data_accepted(ctx->ssl));
7161 }
7162#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01007163 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
7164 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007165#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007166 return 1;
7167}
7168
Emeric Brune64aef12012-09-21 13:15:06 +02007169/* boolean, returns true if client cert was present */
7170static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007171smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02007172{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007173 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007174 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007175
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007176 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007177 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02007178 return 0;
7179
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007180 ctx = conn->xprt_ctx;
7181
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007182 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02007183 smp->flags |= SMP_F_MAY_CHANGE;
7184 return 0;
7185 }
7186
7187 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007188 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007189 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02007190
7191 return 1;
7192}
7193
Emeric Brun43e79582014-10-29 19:03:26 +01007194/* binary, returns a certificate in a binary chunk (der/raw).
7195 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7196 * should be use.
7197 */
7198static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007199smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01007200{
7201 int cert_peer = (kw[4] == 'c') ? 1 : 0;
7202 X509 *crt = NULL;
7203 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007204 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01007205 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007206 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007207
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007208 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01007209 if (!conn || conn->xprt != &ssl_sock)
7210 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007211 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007212
7213 if (!(conn->flags & CO_FL_CONNECTED)) {
7214 smp->flags |= SMP_F_MAY_CHANGE;
7215 return 0;
7216 }
7217
7218 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007219 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007220 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007221 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007222
7223 if (!crt)
7224 goto out;
7225
7226 smp_trash = get_trash_chunk();
7227 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
7228 goto out;
7229
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007230 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007231 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01007232 ret = 1;
7233out:
7234 /* SSL_get_peer_certificate, it increase X509 * ref count */
7235 if (cert_peer && crt)
7236 X509_free(crt);
7237 return ret;
7238}
7239
Emeric Brunba841a12014-04-30 17:05:08 +02007240/* binary, returns serial of certificate in a binary chunk.
7241 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7242 * should be use.
7243 */
Willy Tarreau8d598402012-10-22 17:58:39 +02007244static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007245smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02007246{
Emeric Brunba841a12014-04-30 17:05:08 +02007247 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02007248 X509 *crt = NULL;
7249 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007250 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007251 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007252 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007253
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007254 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007255 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02007256 return 0;
7257
Olivier Houchard66ab4982019-02-26 18:37:15 +01007258 ctx = conn->xprt_ctx;
7259
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007260 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02007261 smp->flags |= SMP_F_MAY_CHANGE;
7262 return 0;
7263 }
7264
Emeric Brunba841a12014-04-30 17:05:08 +02007265 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007266 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007267 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007268 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007269
Willy Tarreau8d598402012-10-22 17:58:39 +02007270 if (!crt)
7271 goto out;
7272
Willy Tarreau47ca5452012-12-23 20:22:19 +01007273 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02007274 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
7275 goto out;
7276
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007277 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007278 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02007279 ret = 1;
7280out:
Emeric Brunba841a12014-04-30 17:05:08 +02007281 /* SSL_get_peer_certificate, it increase X509 * ref count */
7282 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02007283 X509_free(crt);
7284 return ret;
7285}
Emeric Brune64aef12012-09-21 13:15:06 +02007286
Emeric Brunba841a12014-04-30 17:05:08 +02007287/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
7288 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7289 * should be use.
7290 */
James Votha051b4a2013-05-14 20:37:59 +02007291static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007292smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02007293{
Emeric Brunba841a12014-04-30 17:05:08 +02007294 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02007295 X509 *crt = NULL;
7296 const EVP_MD *digest;
7297 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007298 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007299 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007300 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02007301
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007302 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007303 if (!conn || conn->xprt != &ssl_sock)
7304 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007305 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007306
7307 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02007308 smp->flags |= SMP_F_MAY_CHANGE;
7309 return 0;
7310 }
7311
Emeric Brunba841a12014-04-30 17:05:08 +02007312 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007313 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007314 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007315 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02007316 if (!crt)
7317 goto out;
7318
7319 smp_trash = get_trash_chunk();
7320 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007321 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
7322 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02007323
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007324 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007325 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02007326 ret = 1;
7327out:
Emeric Brunba841a12014-04-30 17:05:08 +02007328 /* SSL_get_peer_certificate, it increase X509 * ref count */
7329 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02007330 X509_free(crt);
7331 return ret;
7332}
7333
Emeric Brunba841a12014-04-30 17:05:08 +02007334/* string, returns certificate's notafter date in ASN1_UTCTIME format.
7335 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7336 * should be use.
7337 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007338static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007339smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007340{
Emeric Brunba841a12014-04-30 17:05:08 +02007341 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007342 X509 *crt = NULL;
7343 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007344 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007345 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007346 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007347
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007348 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007349 if (!conn || conn->xprt != &ssl_sock)
7350 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007351 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007352
7353 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007354 smp->flags |= SMP_F_MAY_CHANGE;
7355 return 0;
7356 }
7357
Emeric Brunba841a12014-04-30 17:05:08 +02007358 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007359 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007360 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007361 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007362 if (!crt)
7363 goto out;
7364
Willy Tarreau47ca5452012-12-23 20:22:19 +01007365 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007366 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007367 goto out;
7368
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007369 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007370 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007371 ret = 1;
7372out:
Emeric Brunba841a12014-04-30 17:05:08 +02007373 /* SSL_get_peer_certificate, it increase X509 * ref count */
7374 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007375 X509_free(crt);
7376 return ret;
7377}
7378
Emeric Brunba841a12014-04-30 17:05:08 +02007379/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
7380 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7381 * should be use.
7382 */
Emeric Brun87855892012-10-17 17:39:35 +02007383static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007384smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007385{
Emeric Brunba841a12014-04-30 17:05:08 +02007386 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007387 X509 *crt = NULL;
7388 X509_NAME *name;
7389 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007390 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007391 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007392 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007393
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007394 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007395 if (!conn || conn->xprt != &ssl_sock)
7396 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007397 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007398
7399 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007400 smp->flags |= SMP_F_MAY_CHANGE;
7401 return 0;
7402 }
7403
Emeric Brunba841a12014-04-30 17:05:08 +02007404 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007405 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007406 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007407 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007408 if (!crt)
7409 goto out;
7410
7411 name = X509_get_issuer_name(crt);
7412 if (!name)
7413 goto out;
7414
Willy Tarreau47ca5452012-12-23 20:22:19 +01007415 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007416 if (args && args[0].type == ARGT_STR) {
7417 int pos = 1;
7418
7419 if (args[1].type == ARGT_SINT)
7420 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007421
7422 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7423 goto out;
7424 }
7425 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7426 goto out;
7427
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007428 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007429 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007430 ret = 1;
7431out:
Emeric Brunba841a12014-04-30 17:05:08 +02007432 /* SSL_get_peer_certificate, it increase X509 * ref count */
7433 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007434 X509_free(crt);
7435 return ret;
7436}
7437
Emeric Brunba841a12014-04-30 17:05:08 +02007438/* string, returns notbefore date in ASN1_UTCTIME format.
7439 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7440 * should be use.
7441 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007442static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007443smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007444{
Emeric Brunba841a12014-04-30 17:05:08 +02007445 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007446 X509 *crt = NULL;
7447 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007448 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007449 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007450 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007451
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007452 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007453 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02007454 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007455 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007456
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007457 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007458 smp->flags |= SMP_F_MAY_CHANGE;
7459 return 0;
7460 }
7461
Emeric Brunba841a12014-04-30 17:05:08 +02007462 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007463 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007464 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007465 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007466 if (!crt)
7467 goto out;
7468
Willy Tarreau47ca5452012-12-23 20:22:19 +01007469 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007470 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007471 goto out;
7472
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007473 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007474 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007475 ret = 1;
7476out:
Emeric Brunba841a12014-04-30 17:05:08 +02007477 /* SSL_get_peer_certificate, it increase X509 * ref count */
7478 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007479 X509_free(crt);
7480 return ret;
7481}
7482
Emeric Brunba841a12014-04-30 17:05:08 +02007483/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7484 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7485 * should be use.
7486 */
Emeric Brun87855892012-10-17 17:39:35 +02007487static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007488smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007489{
Emeric Brunba841a12014-04-30 17:05:08 +02007490 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007491 X509 *crt = NULL;
7492 X509_NAME *name;
7493 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007494 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007495 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007496 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007497
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007498 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007499 if (!conn || conn->xprt != &ssl_sock)
7500 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007501 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007502
7503 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007504 smp->flags |= SMP_F_MAY_CHANGE;
7505 return 0;
7506 }
7507
Emeric Brunba841a12014-04-30 17:05:08 +02007508 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007509 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007510 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007511 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007512 if (!crt)
7513 goto out;
7514
7515 name = X509_get_subject_name(crt);
7516 if (!name)
7517 goto out;
7518
Willy Tarreau47ca5452012-12-23 20:22:19 +01007519 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007520 if (args && args[0].type == ARGT_STR) {
7521 int pos = 1;
7522
7523 if (args[1].type == ARGT_SINT)
7524 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007525
7526 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7527 goto out;
7528 }
7529 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7530 goto out;
7531
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007532 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007533 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007534 ret = 1;
7535out:
Emeric Brunba841a12014-04-30 17:05:08 +02007536 /* SSL_get_peer_certificate, it increase X509 * ref count */
7537 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007538 X509_free(crt);
7539 return ret;
7540}
Emeric Brun9143d372012-12-20 15:44:16 +01007541
7542/* integer, returns true if current session use a client certificate */
7543static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007544smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007545{
7546 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007547 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007548 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007549
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007550 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007551 if (!conn || conn->xprt != &ssl_sock)
7552 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007553 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007554
7555 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007556 smp->flags |= SMP_F_MAY_CHANGE;
7557 return 0;
7558 }
7559
7560 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007561 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007562 if (crt) {
7563 X509_free(crt);
7564 }
7565
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007566 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007567 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007568 return 1;
7569}
7570
Emeric Brunba841a12014-04-30 17:05:08 +02007571/* integer, returns the certificate version
7572 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7573 * should be use.
7574 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007575static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007576smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007577{
Emeric Brunba841a12014-04-30 17:05:08 +02007578 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007579 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007580 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007581 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007582
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007583 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007584 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007585 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007586 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007587
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007588 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007589 smp->flags |= SMP_F_MAY_CHANGE;
7590 return 0;
7591 }
7592
Emeric Brunba841a12014-04-30 17:05:08 +02007593 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007594 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007595 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007596 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007597 if (!crt)
7598 return 0;
7599
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007600 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007601 /* SSL_get_peer_certificate increase X509 * ref count */
7602 if (cert_peer)
7603 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007604 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007605
7606 return 1;
7607}
7608
Emeric Brunba841a12014-04-30 17:05:08 +02007609/* string, returns the certificate's signature algorithm.
7610 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7611 * should be use.
7612 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007613static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007614smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007615{
Emeric Brunba841a12014-04-30 17:05:08 +02007616 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007617 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007618 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007619 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007620 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007621 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007622
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007623 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007624 if (!conn || conn->xprt != &ssl_sock)
7625 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007626 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007627
7628 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007629 smp->flags |= SMP_F_MAY_CHANGE;
7630 return 0;
7631 }
7632
Emeric Brunba841a12014-04-30 17:05:08 +02007633 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007634 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007635 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007636 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007637 if (!crt)
7638 return 0;
7639
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007640 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7641 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007642
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007643 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7644 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007645 /* SSL_get_peer_certificate increase X509 * ref count */
7646 if (cert_peer)
7647 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007648 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007649 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007650
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007651 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007652 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007653 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007654 /* SSL_get_peer_certificate increase X509 * ref count */
7655 if (cert_peer)
7656 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007657
7658 return 1;
7659}
7660
Emeric Brunba841a12014-04-30 17:05:08 +02007661/* string, returns the certificate's key algorithm.
7662 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7663 * should be use.
7664 */
Emeric Brun521a0112012-10-22 12:22:55 +02007665static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007666smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007667{
Emeric Brunba841a12014-04-30 17:05:08 +02007668 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007669 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007670 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007671 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007672 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007673 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007674
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007675 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007676 if (!conn || conn->xprt != &ssl_sock)
7677 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007678 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007679
7680 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007681 smp->flags |= SMP_F_MAY_CHANGE;
7682 return 0;
7683 }
7684
Emeric Brunba841a12014-04-30 17:05:08 +02007685 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007686 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007687 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007688 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007689 if (!crt)
7690 return 0;
7691
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007692 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7693 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007694
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007695 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7696 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007697 /* SSL_get_peer_certificate increase X509 * ref count */
7698 if (cert_peer)
7699 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007700 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007701 }
Emeric Brun521a0112012-10-22 12:22:55 +02007702
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007703 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007704 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007705 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007706 if (cert_peer)
7707 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007708
7709 return 1;
7710}
7711
Emeric Brun645ae792014-04-30 14:21:06 +02007712/* boolean, returns true if front conn. transport layer is SSL.
7713 * This function is also usable on backend conn if the fetch keyword 5th
7714 * char is 'b'.
7715 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007716static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007717smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007718{
Emeric Bruneb8def92018-02-19 15:59:48 +01007719 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7720 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007721
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007722 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007723 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007724 return 1;
7725}
7726
Emeric Brun2525b6b2012-10-18 15:59:43 +02007727/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007728static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007729smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007730{
7731#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007732 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007733 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007734
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007735 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007736 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007737 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007738 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007739 return 1;
7740#else
7741 return 0;
7742#endif
7743}
7744
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007745/* boolean, returns true if client session has been resumed.
7746 * This function is also usable on backend conn if the fetch keyword 5th
7747 * char is 'b'.
7748 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007749static int
7750smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7751{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007752 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7753 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007754 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007755
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007756
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007757 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007758 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007759 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007760 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007761 return 1;
7762}
7763
Emeric Brun645ae792014-04-30 14:21:06 +02007764/* string, returns the used cipher if front conn. transport layer is SSL.
7765 * This function is also usable on backend conn if the fetch keyword 5th
7766 * char is 'b'.
7767 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007768static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007769smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007770{
Emeric Bruneb8def92018-02-19 15:59:48 +01007771 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7772 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007773 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007774
Willy Tarreaube508f12016-03-10 11:47:01 +01007775 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007776 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007777 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007778 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007779
Olivier Houchard66ab4982019-02-26 18:37:15 +01007780 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007781 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007782 return 0;
7783
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007784 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007785 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007786 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007787
7788 return 1;
7789}
7790
Emeric Brun645ae792014-04-30 14:21:06 +02007791/* integer, returns the algoritm's keysize if front conn. transport layer
7792 * is SSL.
7793 * This function is also usable on backend conn if the fetch keyword 5th
7794 * char is 'b'.
7795 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007796static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007797smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007798{
Emeric Bruneb8def92018-02-19 15:59:48 +01007799 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7800 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007801 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007802 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007803
Emeric Brun589fcad2012-10-16 14:13:26 +02007804 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007805 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007806 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007807 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007808
Olivier Houchard66ab4982019-02-26 18:37:15 +01007809 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007810 return 0;
7811
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007812 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007813 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007814
7815 return 1;
7816}
7817
Emeric Brun645ae792014-04-30 14:21:06 +02007818/* integer, returns the used keysize if front conn. transport layer is SSL.
7819 * This function is also usable on backend conn if the fetch keyword 5th
7820 * char is 'b'.
7821 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007822static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007823smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007824{
Emeric Bruneb8def92018-02-19 15:59:48 +01007825 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7826 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007827 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007828
Emeric Brun589fcad2012-10-16 14:13:26 +02007829 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007830 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7831 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007832 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007833
Olivier Houchard66ab4982019-02-26 18:37:15 +01007834 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007835 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007836 return 0;
7837
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007838 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007839
7840 return 1;
7841}
7842
Bernard Spil13c53f82018-02-15 13:34:58 +01007843#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007844static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007845smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007846{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007847 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007848 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007849
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007850 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007851 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007852
Olivier Houchard6b77f492018-11-22 18:18:29 +01007853 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7854 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007855 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7856 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007857 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007858
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007859 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007860 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007861 (const unsigned char **)&smp->data.u.str.area,
7862 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007863
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007864 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007865 return 0;
7866
7867 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007868}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007869#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007870
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007871#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007872static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007873smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007874{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007875 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007876 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007877
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007878 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007879 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007880
Olivier Houchard6b77f492018-11-22 18:18:29 +01007881 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7882 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7883
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007884 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007885 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007886 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007887
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007888 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007889 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007890 (const unsigned char **)&smp->data.u.str.area,
7891 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007892
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007893 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007894 return 0;
7895
7896 return 1;
7897}
7898#endif
7899
Emeric Brun645ae792014-04-30 14:21:06 +02007900/* string, returns the used protocol if front conn. transport layer is SSL.
7901 * This function is also usable on backend conn if the fetch keyword 5th
7902 * char is 'b'.
7903 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007904static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007905smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007906{
Emeric Bruneb8def92018-02-19 15:59:48 +01007907 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7908 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007909 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007910
Emeric Brun589fcad2012-10-16 14:13:26 +02007911 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007912 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7913 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007914 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007915
Olivier Houchard66ab4982019-02-26 18:37:15 +01007916 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007917 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007918 return 0;
7919
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007920 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007921 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007922 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007923
7924 return 1;
7925}
7926
Willy Tarreau87b09662015-04-03 00:22:06 +02007927/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007928 * This function is also usable on backend conn if the fetch keyword 5th
7929 * char is 'b'.
7930 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007931#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007932static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007933smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007934{
Emeric Bruneb8def92018-02-19 15:59:48 +01007935 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7936 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007937 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007938 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007939
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007940 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007941 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007942
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007943 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7944 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007945 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007946
Olivier Houchard66ab4982019-02-26 18:37:15 +01007947 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007948 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007949 return 0;
7950
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007951 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7952 (unsigned int *)&smp->data.u.str.data);
7953 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007954 return 0;
7955
7956 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007957}
Patrick Hemmer41966772018-04-28 19:15:48 -04007958#endif
7959
Emeric Brunfe68f682012-10-16 14:59:28 +02007960
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007961#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007962static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007963smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7964{
7965 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7966 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7967 struct buffer *data;
7968 struct ssl_sock_ctx *ctx;
7969
7970 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7971 return 0;
7972 ctx = conn->xprt_ctx;
7973
7974 data = get_trash_chunk();
7975 if (kw[7] == 'c')
7976 data->data = SSL_get_client_random(ctx->ssl,
7977 (unsigned char *) data->area,
7978 data->size);
7979 else
7980 data->data = SSL_get_server_random(ctx->ssl,
7981 (unsigned char *) data->area,
7982 data->size);
7983 if (!data->data)
7984 return 0;
7985
7986 smp->flags = 0;
7987 smp->data.type = SMP_T_BIN;
7988 smp->data.u.str = *data;
7989
7990 return 1;
7991}
7992
7993static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007994smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7995{
7996 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7997 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7998 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007999 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008000 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008001
8002 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8003 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008004 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008005
Olivier Houchard66ab4982019-02-26 18:37:15 +01008006 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04008007 if (!ssl_sess)
8008 return 0;
8009
8010 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008011 data->data = SSL_SESSION_get_master_key(ssl_sess,
8012 (unsigned char *) data->area,
8013 data->size);
8014 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04008015 return 0;
8016
8017 smp->flags = 0;
8018 smp->data.type = SMP_T_BIN;
8019 smp->data.u.str = *data;
8020
8021 return 1;
8022}
8023#endif
8024
Patrick Hemmer41966772018-04-28 19:15:48 -04008025#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02008026static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008027smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02008028{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008029 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008030 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008031
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008032 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008033 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02008034
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008035 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008036 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8037 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008038 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008039
Olivier Houchard66ab4982019-02-26 18:37:15 +01008040 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008041 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02008042 return 0;
8043
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008044 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02008045 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02008046}
Patrick Hemmer41966772018-04-28 19:15:48 -04008047#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02008048
David Sc1ad52e2014-04-08 18:48:47 -04008049static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008050smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
8051{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008052 struct connection *conn;
8053 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008054 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008055
8056 conn = objt_conn(smp->sess->origin);
8057 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8058 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008059 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008060
Olivier Houchard66ab4982019-02-26 18:37:15 +01008061 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008062 if (!capture)
8063 return 0;
8064
8065 smp->flags = SMP_F_CONST;
8066 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008067 smp->data.u.str.area = capture->ciphersuite;
8068 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008069 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008070}
8071
8072static int
8073smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
8074{
Willy Tarreau83061a82018-07-13 11:56:34 +02008075 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008076
8077 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8078 return 0;
8079
8080 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008081 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008082 smp->data.type = SMP_T_BIN;
8083 smp->data.u.str = *data;
8084 return 1;
8085}
8086
8087static int
8088smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
8089{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008090 struct connection *conn;
8091 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008092 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008093
8094 conn = objt_conn(smp->sess->origin);
8095 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8096 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008097 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008098
Olivier Houchard66ab4982019-02-26 18:37:15 +01008099 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008100 if (!capture)
8101 return 0;
8102
8103 smp->data.type = SMP_T_SINT;
8104 smp->data.u.sint = capture->xxh64;
8105 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008106}
8107
8108static int
8109smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
8110{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008111#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02008112 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008113 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008114
8115 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8116 return 0;
8117
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008118 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008119 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008120 const char *str;
8121 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008122 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008123 uint16_t id = (bin[0] << 8) | bin[1];
8124#if defined(OPENSSL_IS_BORINGSSL)
8125 cipher = SSL_get_cipher_by_value(id);
8126#else
Willy Tarreaub7290772018-10-15 11:01:59 +02008127 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01008128 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
8129 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008130#endif
8131 str = SSL_CIPHER_get_name(cipher);
8132 if (!str || strcmp(str, "(NONE)") == 0)
8133 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008134 else
8135 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
8136 }
8137 smp->data.type = SMP_T_STR;
8138 smp->data.u.str = *data;
8139 return 1;
8140#else
8141 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
8142#endif
8143}
8144
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008145#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008146static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008147smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04008148{
Emeric Bruneb8def92018-02-19 15:59:48 +01008149 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8150 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04008151 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02008152 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008153 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008154
8155 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04008156 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8157 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008158 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008159
8160 if (!(conn->flags & CO_FL_CONNECTED)) {
8161 smp->flags |= SMP_F_MAY_CHANGE;
8162 return 0;
8163 }
8164
8165 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01008166 if (!SSL_session_reused(ctx->ssl))
8167 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008168 finished_trash->area,
8169 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008170 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01008171 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008172 finished_trash->area,
8173 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008174
8175 if (!finished_len)
8176 return 0;
8177
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008178 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008179 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008180 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04008181
8182 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04008183}
Patrick Hemmer41966772018-04-28 19:15:48 -04008184#endif
David Sc1ad52e2014-04-08 18:48:47 -04008185
Emeric Brun2525b6b2012-10-18 15:59:43 +02008186/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008187static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008188smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008189{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008190 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008191 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008192
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008193 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008194 if (!conn || conn->xprt != &ssl_sock)
8195 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008196 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008197
8198 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008199 smp->flags = SMP_F_MAY_CHANGE;
8200 return 0;
8201 }
8202
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008203 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008204 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008205 smp->flags = 0;
8206
8207 return 1;
8208}
8209
Emeric Brun2525b6b2012-10-18 15:59:43 +02008210/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008211static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008212smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008213{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008214 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008215 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008216
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008217 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008218 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02008219 return 0;
8220
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008221 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008222 smp->flags = SMP_F_MAY_CHANGE;
8223 return 0;
8224 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008225 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02008226
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008227 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008228 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008229 smp->flags = 0;
8230
8231 return 1;
8232}
8233
Emeric Brun2525b6b2012-10-18 15:59:43 +02008234/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02008235static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008236smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008237{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008238 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008239 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008240
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008241 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008242 if (!conn || conn->xprt != &ssl_sock)
8243 return 0;
8244
8245 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008246 smp->flags = SMP_F_MAY_CHANGE;
8247 return 0;
8248 }
8249
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008250 ctx = conn->xprt_ctx;
8251
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008252 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008253 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008254 smp->flags = 0;
8255
8256 return 1;
8257}
8258
Emeric Brun2525b6b2012-10-18 15:59:43 +02008259/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008260static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008261smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008262{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008263 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008264 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008265
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008266 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008267 if (!conn || conn->xprt != &ssl_sock)
8268 return 0;
8269
8270 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008271 smp->flags = SMP_F_MAY_CHANGE;
8272 return 0;
8273 }
8274
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008275 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008276 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008277 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008278
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008279 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008280 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008281 smp->flags = 0;
8282
8283 return 1;
8284}
8285
Emeric Brunfb510ea2012-10-05 12:00:26 +02008286/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008287static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008288{
8289 if (!*args[cur_arg + 1]) {
8290 if (err)
8291 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
8292 return ERR_ALERT | ERR_FATAL;
8293 }
8294
Willy Tarreauef934602016-12-22 23:12:01 +01008295 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8296 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008297 else
8298 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008299
Emeric Brund94b3fe2012-09-20 18:23:56 +02008300 return 0;
8301}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008302static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8303{
8304 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
8305}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008306
Christopher Faulet31af49d2015-06-09 17:29:50 +02008307/* parse the "ca-sign-file" bind keyword */
8308static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8309{
8310 if (!*args[cur_arg + 1]) {
8311 if (err)
8312 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
8313 return ERR_ALERT | ERR_FATAL;
8314 }
8315
Willy Tarreauef934602016-12-22 23:12:01 +01008316 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8317 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008318 else
8319 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
8320
8321 return 0;
8322}
8323
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008324/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02008325static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8326{
8327 if (!*args[cur_arg + 1]) {
8328 if (err)
8329 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
8330 return ERR_ALERT | ERR_FATAL;
8331 }
8332 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
8333 return 0;
8334}
8335
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008336/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008337static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008338{
8339 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008340 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008341 return ERR_ALERT | ERR_FATAL;
8342 }
8343
Emeric Brun76d88952012-10-05 15:47:31 +02008344 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02008345 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008346 return 0;
8347}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008348static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8349{
8350 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
8351}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008352
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008353#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008354/* parse the "ciphersuites" bind keyword */
8355static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8356{
8357 if (!*args[cur_arg + 1]) {
8358 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
8359 return ERR_ALERT | ERR_FATAL;
8360 }
8361
8362 free(conf->ciphersuites);
8363 conf->ciphersuites = strdup(args[cur_arg + 1]);
8364 return 0;
8365}
8366static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8367{
8368 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
8369}
8370#endif
8371
Willy Tarreaubbc91962019-10-16 16:42:19 +02008372/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008373static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008374{
Willy Tarreau38011032013-08-13 16:59:39 +02008375 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02008376
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008377 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008378 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008379 return ERR_ALERT | ERR_FATAL;
8380 }
8381
Willy Tarreauef934602016-12-22 23:12:01 +01008382 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
8383 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02008384 memprintf(err, "'%s' : path too long", args[cur_arg]);
8385 return ERR_ALERT | ERR_FATAL;
8386 }
Willy Tarreauef934602016-12-22 23:12:01 +01008387 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaubbc91962019-10-16 16:42:19 +02008388 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008389 }
8390
Willy Tarreaubbc91962019-10-16 16:42:19 +02008391 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008392}
8393
Willy Tarreaubbc91962019-10-16 16:42:19 +02008394/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008395static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8396{
Willy Tarreaubbc91962019-10-16 16:42:19 +02008397 int err_code;
8398
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008399 if (!*args[cur_arg + 1]) {
8400 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
8401 return ERR_ALERT | ERR_FATAL;
8402 }
8403
Willy Tarreaubbc91962019-10-16 16:42:19 +02008404 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
8405 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02008406 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008407
Willy Tarreaubbc91962019-10-16 16:42:19 +02008408 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008409}
8410
Emeric Brunfb510ea2012-10-05 12:00:26 +02008411/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008412static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008413{
Emeric Brun051cdab2012-10-02 19:25:50 +02008414#ifndef X509_V_FLAG_CRL_CHECK
8415 if (err)
8416 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
8417 return ERR_ALERT | ERR_FATAL;
8418#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02008419 if (!*args[cur_arg + 1]) {
8420 if (err)
8421 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
8422 return ERR_ALERT | ERR_FATAL;
8423 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008424
Willy Tarreauef934602016-12-22 23:12:01 +01008425 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8426 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008427 else
8428 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008429
Emeric Brun2b58d042012-09-20 17:10:03 +02008430 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02008431#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02008432}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008433static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8434{
8435 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
8436}
Emeric Brun2b58d042012-09-20 17:10:03 +02008437
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008438/* parse the "curves" bind keyword keyword */
8439static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8440{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008441#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008442 if (!*args[cur_arg + 1]) {
8443 if (err)
8444 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
8445 return ERR_ALERT | ERR_FATAL;
8446 }
8447 conf->curves = strdup(args[cur_arg + 1]);
8448 return 0;
8449#else
8450 if (err)
8451 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
8452 return ERR_ALERT | ERR_FATAL;
8453#endif
8454}
8455static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8456{
8457 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
8458}
8459
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008460/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008461static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02008462{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008463#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02008464 if (err)
8465 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
8466 return ERR_ALERT | ERR_FATAL;
8467#elif defined(OPENSSL_NO_ECDH)
8468 if (err)
8469 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
8470 return ERR_ALERT | ERR_FATAL;
8471#else
8472 if (!*args[cur_arg + 1]) {
8473 if (err)
8474 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
8475 return ERR_ALERT | ERR_FATAL;
8476 }
8477
8478 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008479
8480 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008481#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008482}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008483static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8484{
8485 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8486}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008487
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008488/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008489static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8490{
8491 int code;
8492 char *p = args[cur_arg + 1];
8493 unsigned long long *ignerr = &conf->crt_ignerr;
8494
8495 if (!*p) {
8496 if (err)
8497 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
8498 return ERR_ALERT | ERR_FATAL;
8499 }
8500
8501 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8502 ignerr = &conf->ca_ignerr;
8503
8504 if (strcmp(p, "all") == 0) {
8505 *ignerr = ~0ULL;
8506 return 0;
8507 }
8508
8509 while (p) {
8510 code = atoi(p);
8511 if ((code <= 0) || (code > 63)) {
8512 if (err)
8513 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8514 args[cur_arg], code, args[cur_arg + 1]);
8515 return ERR_ALERT | ERR_FATAL;
8516 }
8517 *ignerr |= 1ULL << code;
8518 p = strchr(p, ',');
8519 if (p)
8520 p++;
8521 }
8522
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008523 return 0;
8524}
8525
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008526/* parse tls_method_options "no-xxx" and "force-xxx" */
8527static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008528{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008529 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008530 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008531 p = strchr(arg, '-');
8532 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008533 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008534 p++;
8535 if (!strcmp(p, "sslv3"))
8536 v = CONF_SSLV3;
8537 else if (!strcmp(p, "tlsv10"))
8538 v = CONF_TLSV10;
8539 else if (!strcmp(p, "tlsv11"))
8540 v = CONF_TLSV11;
8541 else if (!strcmp(p, "tlsv12"))
8542 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008543 else if (!strcmp(p, "tlsv13"))
8544 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008545 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008546 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008547 if (!strncmp(arg, "no-", 3))
8548 methods->flags |= methodVersions[v].flag;
8549 else if (!strncmp(arg, "force-", 6))
8550 methods->min = methods->max = v;
8551 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008552 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008553 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008554 fail:
8555 if (err)
8556 memprintf(err, "'%s' : option not implemented", arg);
8557 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008558}
8559
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008560static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008561{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008562 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008563}
8564
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008565static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008566{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008567 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8568}
8569
8570/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8571static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8572{
8573 uint16_t i, v = 0;
8574 char *argv = args[cur_arg + 1];
8575 if (!*argv) {
8576 if (err)
8577 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8578 return ERR_ALERT | ERR_FATAL;
8579 }
8580 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8581 if (!strcmp(argv, methodVersions[i].name))
8582 v = i;
8583 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008584 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008585 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008586 return ERR_ALERT | ERR_FATAL;
8587 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008588 if (!strcmp("ssl-min-ver", args[cur_arg]))
8589 methods->min = v;
8590 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8591 methods->max = v;
8592 else {
8593 if (err)
8594 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8595 return ERR_ALERT | ERR_FATAL;
8596 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008597 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008598}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008599
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008600static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8601{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008602#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008603 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008604#endif
8605 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8606}
8607
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008608static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8609{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008610 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008611}
8612
8613static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8614{
8615 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8616}
8617
Emeric Brun2d0c4822012-10-02 13:45:20 +02008618/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008619static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008620{
Emeric Brun89675492012-10-05 13:48:26 +02008621 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008622 return 0;
8623}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008624
Olivier Houchardc2aae742017-09-22 18:26:28 +02008625/* parse the "allow-0rtt" bind keyword */
8626static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8627{
8628 conf->early_data = 1;
8629 return 0;
8630}
8631
8632static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8633{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008634 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008635 return 0;
8636}
8637
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008638/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008639static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008640{
Bernard Spil13c53f82018-02-15 13:34:58 +01008641#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008642 char *p1, *p2;
8643
8644 if (!*args[cur_arg + 1]) {
8645 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8646 return ERR_ALERT | ERR_FATAL;
8647 }
8648
8649 free(conf->npn_str);
8650
Willy Tarreau3724da12016-02-12 17:11:12 +01008651 /* the NPN string is built as a suite of (<len> <name>)*,
8652 * so we reuse each comma to store the next <len> and need
8653 * one more for the end of the string.
8654 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008655 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008656 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008657 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8658
8659 /* replace commas with the name length */
8660 p1 = conf->npn_str;
8661 p2 = p1 + 1;
8662 while (1) {
8663 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8664 if (!p2)
8665 p2 = p1 + 1 + strlen(p1 + 1);
8666
8667 if (p2 - (p1 + 1) > 255) {
8668 *p2 = '\0';
8669 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8670 return ERR_ALERT | ERR_FATAL;
8671 }
8672
8673 *p1 = p2 - (p1 + 1);
8674 p1 = p2;
8675
8676 if (!*p2)
8677 break;
8678
8679 *(p2++) = '\0';
8680 }
8681 return 0;
8682#else
8683 if (err)
8684 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8685 return ERR_ALERT | ERR_FATAL;
8686#endif
8687}
8688
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008689static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8690{
8691 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8692}
8693
Willy Tarreauab861d32013-04-02 02:30:41 +02008694/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008695static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008696{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008697#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008698 char *p1, *p2;
8699
8700 if (!*args[cur_arg + 1]) {
8701 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8702 return ERR_ALERT | ERR_FATAL;
8703 }
8704
8705 free(conf->alpn_str);
8706
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008707 /* the ALPN string is built as a suite of (<len> <name>)*,
8708 * so we reuse each comma to store the next <len> and need
8709 * one more for the end of the string.
8710 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008711 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008712 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008713 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8714
8715 /* replace commas with the name length */
8716 p1 = conf->alpn_str;
8717 p2 = p1 + 1;
8718 while (1) {
8719 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8720 if (!p2)
8721 p2 = p1 + 1 + strlen(p1 + 1);
8722
8723 if (p2 - (p1 + 1) > 255) {
8724 *p2 = '\0';
8725 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8726 return ERR_ALERT | ERR_FATAL;
8727 }
8728
8729 *p1 = p2 - (p1 + 1);
8730 p1 = p2;
8731
8732 if (!*p2)
8733 break;
8734
8735 *(p2++) = '\0';
8736 }
8737 return 0;
8738#else
8739 if (err)
8740 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8741 return ERR_ALERT | ERR_FATAL;
8742#endif
8743}
8744
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008745static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8746{
8747 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8748}
8749
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008750/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008751static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008752{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008753 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008754 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008755
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008756 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8757 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008758#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008759 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8760 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8761#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008762 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008763 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8764 if (!conf->ssl_conf.ssl_methods.min)
8765 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8766 if (!conf->ssl_conf.ssl_methods.max)
8767 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008768
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008769 return 0;
8770}
8771
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008772/* parse the "prefer-client-ciphers" bind keyword */
8773static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8774{
8775 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8776 return 0;
8777}
8778
Christopher Faulet31af49d2015-06-09 17:29:50 +02008779/* parse the "generate-certificates" bind keyword */
8780static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8781{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008782#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008783 conf->generate_certs = 1;
8784#else
8785 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8786 err && *err ? *err : "");
8787#endif
8788 return 0;
8789}
8790
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008791/* parse the "strict-sni" bind keyword */
8792static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8793{
8794 conf->strict_sni = 1;
8795 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008796}
8797
8798/* parse the "tls-ticket-keys" bind keyword */
8799static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8800{
8801#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulete566f3d2019-10-21 09:55:49 +02008802 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008803 int i = 0;
8804 char thisline[LINESIZE];
Christopher Faulete566f3d2019-10-21 09:55:49 +02008805 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008806
8807 if (!*args[cur_arg + 1]) {
8808 if (err)
8809 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008810 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008811 }
8812
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008813 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008814 if (keys_ref) {
8815 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008816 conf->keys_ref = keys_ref;
8817 return 0;
8818 }
8819
Christopher Faulete566f3d2019-10-21 09:55:49 +02008820 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008821 if (!keys_ref) {
8822 if (err)
8823 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008824 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008825 }
8826
Emeric Brun9e754772019-01-10 17:51:55 +01008827 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008828 if (!keys_ref->tlskeys) {
Emeric Brun09852f72019-01-10 10:51:13 +01008829 if (err)
8830 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008831 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008832 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008833
8834 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
8835 if (err)
8836 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008837 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008838 }
8839
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008840 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008841 if (!keys_ref->filename) {
Emeric Brun09852f72019-01-10 10:51:13 +01008842 if (err)
8843 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008844 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008845 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008846
Emeric Brun9e754772019-01-10 17:51:55 +01008847 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008848 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8849 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008850 int dec_size;
8851
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008852 /* Strip newline characters from the end */
8853 if(thisline[len - 1] == '\n')
8854 thisline[--len] = 0;
8855
8856 if(thisline[len - 1] == '\r')
8857 thisline[--len] = 0;
8858
Emeric Brun9e754772019-01-10 17:51:55 +01008859 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8860 if (dec_size < 0) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008861 if (err)
8862 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008863 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008864 }
Emeric Brun9e754772019-01-10 17:51:55 +01008865 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8866 keys_ref->key_size_bits = 128;
8867 }
8868 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8869 keys_ref->key_size_bits = 256;
8870 }
8871 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8872 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8873 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Emeric Brun9e754772019-01-10 17:51:55 +01008874 if (err)
8875 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008876 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01008877 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008878 i++;
8879 }
8880
8881 if (i < TLS_TICKETS_NO) {
8882 if (err)
8883 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008884 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008885 }
8886
8887 fclose(f);
8888
8889 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008890 i -= 2;
8891 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008892 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008893 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008894 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008895 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008896
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008897 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8898
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008899 return 0;
Christopher Faulete566f3d2019-10-21 09:55:49 +02008900
8901 fail:
8902 if (f)
8903 fclose(f);
8904 if (keys_ref) {
8905 free(keys_ref->filename);
8906 free(keys_ref->tlskeys);
8907 free(keys_ref);
8908 }
8909 return ERR_ALERT | ERR_FATAL;
8910
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008911#else
8912 if (err)
8913 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8914 return ERR_ALERT | ERR_FATAL;
8915#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008916}
8917
Emeric Brund94b3fe2012-09-20 18:23:56 +02008918/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008919static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008920{
8921 if (!*args[cur_arg + 1]) {
8922 if (err)
8923 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8924 return ERR_ALERT | ERR_FATAL;
8925 }
8926
8927 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008928 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008929 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008930 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008931 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008932 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008933 else {
8934 if (err)
8935 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8936 args[cur_arg], args[cur_arg + 1]);
8937 return ERR_ALERT | ERR_FATAL;
8938 }
8939
8940 return 0;
8941}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008942static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8943{
8944 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8945}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008946
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008947/* parse the "no-ca-names" bind keyword */
8948static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8949{
8950 conf->no_ca_names = 1;
8951 return 0;
8952}
8953static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8954{
8955 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8956}
8957
Willy Tarreau92faadf2012-10-10 23:04:25 +02008958/************** "server" keywords ****************/
8959
Olivier Houchardc7566002018-11-20 23:33:50 +01008960/* parse the "npn" bind keyword */
8961static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8962{
8963#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8964 char *p1, *p2;
8965
8966 if (!*args[*cur_arg + 1]) {
8967 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8968 return ERR_ALERT | ERR_FATAL;
8969 }
8970
8971 free(newsrv->ssl_ctx.npn_str);
8972
8973 /* the NPN string is built as a suite of (<len> <name>)*,
8974 * so we reuse each comma to store the next <len> and need
8975 * one more for the end of the string.
8976 */
8977 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8978 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8979 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8980 newsrv->ssl_ctx.npn_len);
8981
8982 /* replace commas with the name length */
8983 p1 = newsrv->ssl_ctx.npn_str;
8984 p2 = p1 + 1;
8985 while (1) {
8986 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8987 newsrv->ssl_ctx.npn_len - (p1 + 1));
8988 if (!p2)
8989 p2 = p1 + 1 + strlen(p1 + 1);
8990
8991 if (p2 - (p1 + 1) > 255) {
8992 *p2 = '\0';
8993 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8994 return ERR_ALERT | ERR_FATAL;
8995 }
8996
8997 *p1 = p2 - (p1 + 1);
8998 p1 = p2;
8999
9000 if (!*p2)
9001 break;
9002
9003 *(p2++) = '\0';
9004 }
9005 return 0;
9006#else
9007 if (err)
9008 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
9009 return ERR_ALERT | ERR_FATAL;
9010#endif
9011}
9012
Olivier Houchard92150142018-12-21 19:47:01 +01009013/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01009014static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9015{
9016#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
9017 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01009018 char **alpn_str;
9019 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01009020
Olivier Houchard92150142018-12-21 19:47:01 +01009021 if (*args[*cur_arg] == 'c') {
9022 alpn_str = &newsrv->check.alpn_str;
9023 alpn_len = &newsrv->check.alpn_len;
9024 } else {
9025 alpn_str = &newsrv->ssl_ctx.alpn_str;
9026 alpn_len = &newsrv->ssl_ctx.alpn_len;
9027
9028 }
Olivier Houchardc7566002018-11-20 23:33:50 +01009029 if (!*args[*cur_arg + 1]) {
9030 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
9031 return ERR_ALERT | ERR_FATAL;
9032 }
9033
Olivier Houchard92150142018-12-21 19:47:01 +01009034 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01009035
9036 /* the ALPN string is built as a suite of (<len> <name>)*,
9037 * so we reuse each comma to store the next <len> and need
9038 * one more for the end of the string.
9039 */
Olivier Houchard92150142018-12-21 19:47:01 +01009040 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
9041 *alpn_str = calloc(1, *alpn_len + 1);
9042 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01009043
9044 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01009045 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01009046 p2 = p1 + 1;
9047 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01009048 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01009049 if (!p2)
9050 p2 = p1 + 1 + strlen(p1 + 1);
9051
9052 if (p2 - (p1 + 1) > 255) {
9053 *p2 = '\0';
9054 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9055 return ERR_ALERT | ERR_FATAL;
9056 }
9057
9058 *p1 = p2 - (p1 + 1);
9059 p1 = p2;
9060
9061 if (!*p2)
9062 break;
9063
9064 *(p2++) = '\0';
9065 }
9066 return 0;
9067#else
9068 if (err)
9069 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
9070 return ERR_ALERT | ERR_FATAL;
9071#endif
9072}
9073
Emeric Brunef42d922012-10-11 16:11:36 +02009074/* parse the "ca-file" server keyword */
9075static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9076{
9077 if (!*args[*cur_arg + 1]) {
9078 if (err)
9079 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
9080 return ERR_ALERT | ERR_FATAL;
9081 }
9082
Willy Tarreauef934602016-12-22 23:12:01 +01009083 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9084 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009085 else
9086 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
9087
9088 return 0;
9089}
9090
Olivier Houchard9130a962017-10-17 17:33:43 +02009091/* parse the "check-sni" server keyword */
9092static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9093{
9094 if (!*args[*cur_arg + 1]) {
9095 if (err)
9096 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
9097 return ERR_ALERT | ERR_FATAL;
9098 }
9099
9100 newsrv->check.sni = strdup(args[*cur_arg + 1]);
9101 if (!newsrv->check.sni) {
9102 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
9103 return ERR_ALERT | ERR_FATAL;
9104 }
9105 return 0;
9106
9107}
9108
Willy Tarreau92faadf2012-10-10 23:04:25 +02009109/* parse the "check-ssl" server keyword */
9110static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9111{
9112 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009113 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9114 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009115#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009116 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9117 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9118#endif
Willy Tarreauef934602016-12-22 23:12:01 +01009119 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009120 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
9121 if (!newsrv->ssl_ctx.methods.min)
9122 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
9123 if (!newsrv->ssl_ctx.methods.max)
9124 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
9125
Willy Tarreau92faadf2012-10-10 23:04:25 +02009126 return 0;
9127}
9128
9129/* parse the "ciphers" server keyword */
9130static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9131{
9132 if (!*args[*cur_arg + 1]) {
9133 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9134 return ERR_ALERT | ERR_FATAL;
9135 }
9136
9137 free(newsrv->ssl_ctx.ciphers);
9138 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
9139 return 0;
9140}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009141
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009142#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009143/* parse the "ciphersuites" server keyword */
9144static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9145{
9146 if (!*args[*cur_arg + 1]) {
9147 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9148 return ERR_ALERT | ERR_FATAL;
9149 }
9150
9151 free(newsrv->ssl_ctx.ciphersuites);
9152 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
9153 return 0;
9154}
9155#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009156
Emeric Brunef42d922012-10-11 16:11:36 +02009157/* parse the "crl-file" server keyword */
9158static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9159{
9160#ifndef X509_V_FLAG_CRL_CHECK
9161 if (err)
9162 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
9163 return ERR_ALERT | ERR_FATAL;
9164#else
9165 if (!*args[*cur_arg + 1]) {
9166 if (err)
9167 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
9168 return ERR_ALERT | ERR_FATAL;
9169 }
9170
Willy Tarreauef934602016-12-22 23:12:01 +01009171 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9172 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009173 else
9174 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
9175
9176 return 0;
9177#endif
9178}
9179
Emeric Bruna7aa3092012-10-26 12:58:00 +02009180/* parse the "crt" server keyword */
9181static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9182{
9183 if (!*args[*cur_arg + 1]) {
9184 if (err)
9185 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
9186 return ERR_ALERT | ERR_FATAL;
9187 }
9188
Willy Tarreauef934602016-12-22 23:12:01 +01009189 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01009190 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009191 else
9192 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
9193
9194 return 0;
9195}
Emeric Brunef42d922012-10-11 16:11:36 +02009196
Frédéric Lécaille340ae602017-03-13 10:38:04 +01009197/* parse the "no-check-ssl" server keyword */
9198static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9199{
9200 newsrv->check.use_ssl = 0;
9201 free(newsrv->ssl_ctx.ciphers);
9202 newsrv->ssl_ctx.ciphers = NULL;
9203 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
9204 return 0;
9205}
9206
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01009207/* parse the "no-send-proxy-v2-ssl" server keyword */
9208static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9209{
9210 newsrv->pp_opts &= ~SRV_PP_V2;
9211 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9212 return 0;
9213}
9214
9215/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
9216static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9217{
9218 newsrv->pp_opts &= ~SRV_PP_V2;
9219 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9220 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
9221 return 0;
9222}
9223
Frédéric Lécaillee381d762017-03-13 11:54:17 +01009224/* parse the "no-ssl" server keyword */
9225static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9226{
9227 newsrv->use_ssl = 0;
9228 free(newsrv->ssl_ctx.ciphers);
9229 newsrv->ssl_ctx.ciphers = NULL;
9230 return 0;
9231}
9232
Olivier Houchard522eea72017-11-03 16:27:47 +01009233/* parse the "allow-0rtt" server keyword */
9234static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9235{
9236 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
9237 return 0;
9238}
9239
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01009240/* parse the "no-ssl-reuse" server keyword */
9241static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9242{
9243 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
9244 return 0;
9245}
9246
Emeric Brunf9c5c472012-10-11 15:28:34 +02009247/* parse the "no-tls-tickets" server keyword */
9248static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9249{
9250 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
9251 return 0;
9252}
David Safb76832014-05-08 23:42:08 -04009253/* parse the "send-proxy-v2-ssl" server keyword */
9254static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9255{
9256 newsrv->pp_opts |= SRV_PP_V2;
9257 newsrv->pp_opts |= SRV_PP_V2_SSL;
9258 return 0;
9259}
9260
9261/* parse the "send-proxy-v2-ssl-cn" server keyword */
9262static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9263{
9264 newsrv->pp_opts |= SRV_PP_V2;
9265 newsrv->pp_opts |= SRV_PP_V2_SSL;
9266 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
9267 return 0;
9268}
Emeric Brunf9c5c472012-10-11 15:28:34 +02009269
Willy Tarreau732eac42015-07-09 11:40:25 +02009270/* parse the "sni" server keyword */
9271static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9272{
9273#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
9274 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
9275 return ERR_ALERT | ERR_FATAL;
9276#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009277 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02009278
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009279 arg = args[*cur_arg + 1];
9280 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02009281 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
9282 return ERR_ALERT | ERR_FATAL;
9283 }
9284
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009285 free(newsrv->sni_expr);
9286 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02009287
Willy Tarreau732eac42015-07-09 11:40:25 +02009288 return 0;
9289#endif
9290}
9291
Willy Tarreau92faadf2012-10-10 23:04:25 +02009292/* parse the "ssl" server keyword */
9293static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9294{
9295 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009296 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9297 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009298#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009299 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9300 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9301#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009302 return 0;
9303}
9304
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009305/* parse the "ssl-reuse" server keyword */
9306static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9307{
9308 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
9309 return 0;
9310}
9311
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009312/* parse the "tls-tickets" server keyword */
9313static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9314{
9315 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
9316 return 0;
9317}
9318
Emeric Brunef42d922012-10-11 16:11:36 +02009319/* parse the "verify" server keyword */
9320static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9321{
9322 if (!*args[*cur_arg + 1]) {
9323 if (err)
9324 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
9325 return ERR_ALERT | ERR_FATAL;
9326 }
9327
9328 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009329 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02009330 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009331 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02009332 else {
9333 if (err)
9334 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
9335 args[*cur_arg], args[*cur_arg + 1]);
9336 return ERR_ALERT | ERR_FATAL;
9337 }
9338
Evan Broderbe554312013-06-27 00:05:25 -07009339 return 0;
9340}
9341
9342/* parse the "verifyhost" server keyword */
9343static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9344{
9345 if (!*args[*cur_arg + 1]) {
9346 if (err)
9347 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
9348 return ERR_ALERT | ERR_FATAL;
9349 }
9350
Frédéric Lécaille273f3212017-03-13 15:52:01 +01009351 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07009352 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
9353
Emeric Brunef42d922012-10-11 16:11:36 +02009354 return 0;
9355}
9356
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009357/* parse the "ssl-default-bind-options" keyword in global section */
9358static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
9359 struct proxy *defpx, const char *file, int line,
9360 char **err) {
9361 int i = 1;
9362
9363 if (*(args[i]) == 0) {
9364 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9365 return -1;
9366 }
9367 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009368 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009369 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00009370 else if (!strcmp(args[i], "prefer-client-ciphers"))
9371 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009372 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9373 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
9374 i++;
9375 else {
9376 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9377 return -1;
9378 }
9379 }
9380 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009381 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9382 return -1;
9383 }
9384 i++;
9385 }
9386 return 0;
9387}
9388
9389/* parse the "ssl-default-server-options" keyword in global section */
9390static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
9391 struct proxy *defpx, const char *file, int line,
9392 char **err) {
9393 int i = 1;
9394
9395 if (*(args[i]) == 0) {
9396 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9397 return -1;
9398 }
9399 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009400 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009401 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009402 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9403 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
9404 i++;
9405 else {
9406 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9407 return -1;
9408 }
9409 }
9410 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009411 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9412 return -1;
9413 }
9414 i++;
9415 }
9416 return 0;
9417}
9418
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009419/* parse the "ca-base" / "crt-base" keywords in global section.
9420 * Returns <0 on alert, >0 on warning, 0 on success.
9421 */
9422static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
9423 struct proxy *defpx, const char *file, int line,
9424 char **err)
9425{
9426 char **target;
9427
Willy Tarreauef934602016-12-22 23:12:01 +01009428 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009429
9430 if (too_many_args(1, args, err, NULL))
9431 return -1;
9432
9433 if (*target) {
9434 memprintf(err, "'%s' already specified.", args[0]);
9435 return -1;
9436 }
9437
9438 if (*(args[1]) == 0) {
9439 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
9440 return -1;
9441 }
9442 *target = strdup(args[1]);
9443 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009444}
9445
9446/* parse the "ssl-mode-async" keyword in global section.
9447 * Returns <0 on alert, >0 on warning, 0 on success.
9448 */
9449static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
9450 struct proxy *defpx, const char *file, int line,
9451 char **err)
9452{
Willy Tarreau5db847a2019-05-09 14:13:35 +02009453#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009454 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01009455 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009456 return 0;
9457#else
9458 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
9459 return -1;
9460#endif
9461}
9462
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009463#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009464static int ssl_check_async_engine_count(void) {
9465 int err_code = 0;
9466
Emeric Brun3854e012017-05-17 20:42:48 +02009467 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01009468 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009469 err_code = ERR_ABORT;
9470 }
9471 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009472}
9473
Grant Zhang872f9c22017-01-21 01:10:18 +00009474/* parse the "ssl-engine" keyword in global section.
9475 * Returns <0 on alert, >0 on warning, 0 on success.
9476 */
9477static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9478 struct proxy *defpx, const char *file, int line,
9479 char **err)
9480{
9481 char *algo;
9482 int ret = -1;
9483
9484 if (*(args[1]) == 0) {
9485 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9486 return ret;
9487 }
9488
9489 if (*(args[2]) == 0) {
9490 /* if no list of algorithms is given, it defaults to ALL */
9491 algo = strdup("ALL");
9492 goto add_engine;
9493 }
9494
9495 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9496 if (strcmp(args[2], "algo") != 0) {
9497 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9498 return ret;
9499 }
9500
9501 if (*(args[3]) == 0) {
9502 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9503 return ret;
9504 }
9505 algo = strdup(args[3]);
9506
9507add_engine:
9508 if (ssl_init_single_engine(args[1], algo)==0) {
9509 openssl_engines_initialized++;
9510 ret = 0;
9511 }
9512 free(algo);
9513 return ret;
9514}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009515#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009516
Willy Tarreauf22e9682016-12-21 23:23:19 +01009517/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9518 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9519 */
9520static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9521 struct proxy *defpx, const char *file, int line,
9522 char **err)
9523{
9524 char **target;
9525
Willy Tarreauef934602016-12-22 23:12:01 +01009526 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009527
9528 if (too_many_args(1, args, err, NULL))
9529 return -1;
9530
9531 if (*(args[1]) == 0) {
9532 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9533 return -1;
9534 }
9535
9536 free(*target);
9537 *target = strdup(args[1]);
9538 return 0;
9539}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009540
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009541#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009542/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9543 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9544 */
9545static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9546 struct proxy *defpx, const char *file, int line,
9547 char **err)
9548{
9549 char **target;
9550
9551 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9552
9553 if (too_many_args(1, args, err, NULL))
9554 return -1;
9555
9556 if (*(args[1]) == 0) {
9557 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9558 return -1;
9559 }
9560
9561 free(*target);
9562 *target = strdup(args[1]);
9563 return 0;
9564}
9565#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009566
Willy Tarreau9ceda382016-12-21 23:13:03 +01009567/* parse various global tune.ssl settings consisting in positive integers.
9568 * Returns <0 on alert, >0 on warning, 0 on success.
9569 */
9570static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9571 struct proxy *defpx, const char *file, int line,
9572 char **err)
9573{
9574 int *target;
9575
9576 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9577 target = &global.tune.sslcachesize;
9578 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009579 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009580 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009581 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009582 else if (strcmp(args[0], "maxsslconn") == 0)
9583 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009584 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9585 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009586 else {
9587 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9588 return -1;
9589 }
9590
9591 if (too_many_args(1, args, err, NULL))
9592 return -1;
9593
9594 if (*(args[1]) == 0) {
9595 memprintf(err, "'%s' expects an integer argument.", args[0]);
9596 return -1;
9597 }
9598
9599 *target = atoi(args[1]);
9600 if (*target < 0) {
9601 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9602 return -1;
9603 }
9604 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009605}
9606
9607static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9608 struct proxy *defpx, const char *file, int line,
9609 char **err)
9610{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009611 int ret;
9612
9613 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9614 if (ret != 0)
9615 return ret;
9616
Willy Tarreaubafbe012017-11-24 17:34:44 +01009617 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009618 memprintf(err, "'%s' is already configured.", args[0]);
9619 return -1;
9620 }
9621
Willy Tarreaubafbe012017-11-24 17:34:44 +01009622 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9623 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009624 memprintf(err, "Out of memory error.");
9625 return -1;
9626 }
9627 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009628}
9629
9630/* parse "ssl.force-private-cache".
9631 * Returns <0 on alert, >0 on warning, 0 on success.
9632 */
9633static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9634 struct proxy *defpx, const char *file, int line,
9635 char **err)
9636{
9637 if (too_many_args(0, args, err, NULL))
9638 return -1;
9639
Willy Tarreauef934602016-12-22 23:12:01 +01009640 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009641 return 0;
9642}
9643
9644/* parse "ssl.lifetime".
9645 * Returns <0 on alert, >0 on warning, 0 on success.
9646 */
9647static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9648 struct proxy *defpx, const char *file, int line,
9649 char **err)
9650{
9651 const char *res;
9652
9653 if (too_many_args(1, args, err, NULL))
9654 return -1;
9655
9656 if (*(args[1]) == 0) {
9657 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9658 return -1;
9659 }
9660
Willy Tarreauef934602016-12-22 23:12:01 +01009661 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009662 if (res == PARSE_TIME_OVER) {
9663 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9664 args[1], args[0]);
9665 return -1;
9666 }
9667 else if (res == PARSE_TIME_UNDER) {
9668 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9669 args[1], args[0]);
9670 return -1;
9671 }
9672 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009673 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9674 return -1;
9675 }
9676 return 0;
9677}
9678
9679#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009680/* parse "ssl-dh-param-file".
9681 * Returns <0 on alert, >0 on warning, 0 on success.
9682 */
9683static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9684 struct proxy *defpx, const char *file, int line,
9685 char **err)
9686{
9687 if (too_many_args(1, args, err, NULL))
9688 return -1;
9689
9690 if (*(args[1]) == 0) {
9691 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9692 return -1;
9693 }
9694
9695 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9696 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9697 return -1;
9698 }
9699 return 0;
9700}
9701
Willy Tarreau9ceda382016-12-21 23:13:03 +01009702/* parse "ssl.default-dh-param".
9703 * Returns <0 on alert, >0 on warning, 0 on success.
9704 */
9705static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9706 struct proxy *defpx, const char *file, int line,
9707 char **err)
9708{
9709 if (too_many_args(1, args, err, NULL))
9710 return -1;
9711
9712 if (*(args[1]) == 0) {
9713 memprintf(err, "'%s' expects an integer argument.", args[0]);
9714 return -1;
9715 }
9716
Willy Tarreauef934602016-12-22 23:12:01 +01009717 global_ssl.default_dh_param = atoi(args[1]);
9718 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009719 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9720 return -1;
9721 }
9722 return 0;
9723}
9724#endif
9725
9726
William Lallemand32af2032016-10-29 18:09:35 +02009727/* This function is used with TLS ticket keys management. It permits to browse
9728 * each reference. The variable <getnext> must contain the current node,
9729 * <end> point to the root node.
9730 */
9731#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9732static inline
9733struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9734{
9735 struct tls_keys_ref *ref = getnext;
9736
9737 while (1) {
9738
9739 /* Get next list entry. */
9740 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9741
9742 /* If the entry is the last of the list, return NULL. */
9743 if (&ref->list == end)
9744 return NULL;
9745
9746 return ref;
9747 }
9748}
9749
9750static inline
9751struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9752{
9753 int id;
9754 char *error;
9755
9756 /* If the reference starts by a '#', this is numeric id. */
9757 if (reference[0] == '#') {
9758 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9759 id = strtol(reference + 1, &error, 10);
9760 if (*error != '\0')
9761 return NULL;
9762
9763 /* Perform the unique id lookup. */
9764 return tlskeys_ref_lookupid(id);
9765 }
9766
9767 /* Perform the string lookup. */
9768 return tlskeys_ref_lookup(reference);
9769}
9770#endif
9771
9772
9773#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9774
9775static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9776
9777static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9778 return cli_io_handler_tlskeys_files(appctx);
9779}
9780
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009781/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9782 * (next index to be dumped), and cli.p0 (next key reference).
9783 */
William Lallemand32af2032016-10-29 18:09:35 +02009784static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9785
9786 struct stream_interface *si = appctx->owner;
9787
9788 switch (appctx->st2) {
9789 case STAT_ST_INIT:
9790 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009791 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009792 * later and restart at the state "STAT_ST_INIT".
9793 */
9794 chunk_reset(&trash);
9795
9796 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9797 chunk_appendf(&trash, "# id secret\n");
9798 else
9799 chunk_appendf(&trash, "# id (file)\n");
9800
Willy Tarreau06d80a92017-10-19 14:32:15 +02009801 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009802 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009803 return 0;
9804 }
9805
William Lallemand32af2032016-10-29 18:09:35 +02009806 /* Now, we start the browsing of the references lists.
9807 * Note that the following call to LIST_ELEM return bad pointer. The only
9808 * available field of this pointer is <list>. It is used with the function
9809 * tlskeys_list_get_next() for retruning the first available entry
9810 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009811 if (appctx->ctx.cli.p0 == NULL) {
9812 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9813 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009814 }
9815
9816 appctx->st2 = STAT_ST_LIST;
9817 /* fall through */
9818
9819 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009820 while (appctx->ctx.cli.p0) {
9821 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009822
9823 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009824 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009825 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009826
9827 if (appctx->ctx.cli.i1 == 0)
9828 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9829
William Lallemand32af2032016-10-29 18:09:35 +02009830 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009831 int head;
9832
9833 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9834 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009835 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009836 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009837
9838 chunk_reset(t2);
9839 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009840 if (ref->key_size_bits == 128) {
9841 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9842 sizeof(struct tls_sess_key_128),
9843 t2->area, t2->size);
9844 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9845 t2->area);
9846 }
9847 else if (ref->key_size_bits == 256) {
9848 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9849 sizeof(struct tls_sess_key_256),
9850 t2->area, t2->size);
9851 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9852 t2->area);
9853 }
9854 else {
9855 /* This case should never happen */
9856 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9857 }
William Lallemand32af2032016-10-29 18:09:35 +02009858
Willy Tarreau06d80a92017-10-19 14:32:15 +02009859 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009860 /* let's try again later from this stream. We add ourselves into
9861 * this stream's users so that it can remove us upon termination.
9862 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009863 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009864 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009865 return 0;
9866 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009867 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009868 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009869 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009870 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009871 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009872 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009873 /* let's try again later from this stream. We add ourselves into
9874 * this stream's users so that it can remove us upon termination.
9875 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009876 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009877 return 0;
9878 }
9879
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009880 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009881 break;
9882
9883 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009884 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009885 }
9886
9887 appctx->st2 = STAT_ST_FIN;
9888 /* fall through */
9889
9890 default:
9891 appctx->st2 = STAT_ST_FIN;
9892 return 1;
9893 }
9894 return 0;
9895}
9896
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009897/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009898static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009899{
William Lallemand32af2032016-10-29 18:09:35 +02009900 /* no parameter, shows only file list */
9901 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009902 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009903 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009904 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009905 }
9906
9907 if (args[2][0] == '*') {
9908 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009909 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009910 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009911 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
Willy Tarreau9d008692019-08-09 11:21:01 +02009912 if (!appctx->ctx.cli.p0)
9913 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02009914 }
William Lallemand32af2032016-10-29 18:09:35 +02009915 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009916 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009917}
9918
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009919static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009920{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009921 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009922 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009923
William Lallemand32af2032016-10-29 18:09:35 +02009924 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +02009925 if (!*args[3] || !*args[4])
9926 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009927
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009928 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +02009929 if (!ref)
9930 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02009931
Willy Tarreau1c913e42018-08-22 05:26:57 +02009932 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +02009933 if (ret < 0)
9934 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +01009935
Willy Tarreau1c913e42018-08-22 05:26:57 +02009936 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +02009937 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
9938 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009939
Willy Tarreau9d008692019-08-09 11:21:01 +02009940 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +02009941}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009942#endif
William Lallemand32af2032016-10-29 18:09:35 +02009943
William Lallemand44b35322019-10-17 16:28:40 +02009944
9945/* Type of SSL payloads that can be updated over the CLI */
9946
9947enum {
9948 CERT_TYPE_PEM = 0,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +01009949#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +02009950 CERT_TYPE_OCSP,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +01009951#endif
William Lallemand44b35322019-10-17 16:28:40 +02009952 CERT_TYPE_ISSUER,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +01009953#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +02009954 CERT_TYPE_SCTL,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +01009955#endif
William Lallemand44b35322019-10-17 16:28:40 +02009956 CERT_TYPE_MAX,
9957};
9958
9959struct {
9960 const char *ext;
9961 int type;
9962 int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err);
9963 /* add a parsing callback */
William Lallemandf29cdef2019-10-23 15:00:52 +02009964} cert_exts[CERT_TYPE_MAX+1] = {
William Lallemand44b35322019-10-17 16:28:40 +02009965 [CERT_TYPE_PEM] = { "", CERT_TYPE_PEM, &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */
William Lallemand541a5342019-10-23 14:11:54 +02009966#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +02009967 [CERT_TYPE_OCSP] = { "ocsp", CERT_TYPE_OCSP, &ssl_sock_load_ocsp_response_from_file },
William Lallemand541a5342019-10-23 14:11:54 +02009968#endif
9969#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +02009970 [CERT_TYPE_SCTL] = { "sctl", CERT_TYPE_SCTL, &ssl_sock_load_sctl_from_file },
William Lallemand541a5342019-10-23 14:11:54 +02009971#endif
William Lallemand44b35322019-10-17 16:28:40 +02009972 [CERT_TYPE_ISSUER] = { "issuer", CERT_TYPE_ISSUER, &ssl_sock_load_issuer_file_into_ckch },
William Lallemandf29cdef2019-10-23 15:00:52 +02009973 [CERT_TYPE_MAX] = { NULL, CERT_TYPE_MAX, NULL },
William Lallemand44b35322019-10-17 16:28:40 +02009974};
9975
William Lallemand430413e2019-10-28 14:30:47 +01009976/* states of the CLI IO handler for 'set ssl cert' */
9977enum {
9978 SETCERT_ST_INIT = 0,
9979 SETCERT_ST_GEN,
9980 SETCERT_ST_INSERT,
9981 SETCERT_ST_FIN,
9982};
William Lallemand8f840d72019-10-23 10:53:05 +02009983
William Lallemand430413e2019-10-28 14:30:47 +01009984/* release function of the `set ssl cert' command, free things and unlock the spinlock */
William Lallemandbc6ca7c2019-10-29 23:48:19 +01009985static void cli_release_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +02009986{
9987 struct ckch_store *new_ckchs;
9988 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +02009989
William Lallemand430413e2019-10-28 14:30:47 +01009990 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand8f840d72019-10-23 10:53:05 +02009991
William Lallemand430413e2019-10-28 14:30:47 +01009992 if (appctx->st2 != SETCERT_ST_FIN) {
William Lallemand8f840d72019-10-23 10:53:05 +02009993 /* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
William Lallemandbeea2a42019-10-30 17:45:33 +01009994 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +02009995
William Lallemandbeea2a42019-10-30 17:45:33 +01009996 if (!new_ckchs)
9997 return;
William Lallemand8f840d72019-10-23 10:53:05 +02009998
William Lallemandbeea2a42019-10-30 17:45:33 +01009999 /* if the allocation failed, we need to free everything from the temporary list */
10000 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10001 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010002
William Lallemandbeea2a42019-10-30 17:45:33 +010010003 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10004 if (sc0->order == 0) /* we only free if it's the first inserted */
10005 SSL_CTX_free(sc0->ctx);
10006 LIST_DEL(&sc0->by_ckch_inst);
10007 free(sc0);
William Lallemand8f840d72019-10-23 10:53:05 +020010008 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010009 LIST_DEL(&ckchi->by_ckchs);
10010 free(ckchi);
William Lallemand8f840d72019-10-23 10:53:05 +020010011 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010012 ckchs_free(new_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010013 }
10014}
10015
10016
10017/*
10018 * This function tries to create the new ckch_inst and their SNIs
10019 */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010020static int cli_io_handler_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010021{
10022 struct stream_interface *si = appctx->owner;
10023 int y = 0;
10024 char *err = NULL;
10025 int errcode = 0;
10026 struct ckch_store *old_ckchs, *new_ckchs = NULL;
10027 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010028 struct buffer *trash = alloc_trash_chunk();
10029
William Lallemand33cc76f2019-10-31 11:43:45 +010010030 if (trash == NULL)
10031 goto error;
10032
William Lallemand8f840d72019-10-23 10:53:05 +020010033 if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
10034 goto error;
10035
William Lallemand430413e2019-10-28 14:30:47 +010010036 while (1) {
10037 switch (appctx->st2) {
10038 case SETCERT_ST_INIT:
10039 /* This state just print the update message */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010040 chunk_printf(trash, "Committing %s", ckchs_transaction.path);
William Lallemand430413e2019-10-28 14:30:47 +010010041 if (ci_putchk(si_ic(si), trash) == -1) {
10042 si_rx_room_blk(si);
William Lallemand8f840d72019-10-23 10:53:05 +020010043 goto yield;
William Lallemand430413e2019-10-28 14:30:47 +010010044 }
10045 appctx->st2 = SETCERT_ST_GEN;
10046 /* fallthrough */
10047 case SETCERT_ST_GEN:
10048 /*
10049 * This state generates the ckch instances with their
10050 * sni_ctxs and SSL_CTX.
10051 *
William Lallemand430413e2019-10-28 14:30:47 +010010052 * Since the SSL_CTX generation can be CPU consumer, we
10053 * yield every 10 instances.
10054 */
William Lallemand8f840d72019-10-23 10:53:05 +020010055
William Lallemandbeea2a42019-10-30 17:45:33 +010010056 old_ckchs = appctx->ctx.ssl.old_ckchs;
10057 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010058
William Lallemandbeea2a42019-10-30 17:45:33 +010010059 if (!new_ckchs)
10060 continue;
William Lallemand8f840d72019-10-23 10:53:05 +020010061
William Lallemandbeea2a42019-10-30 17:45:33 +010010062 /* get the next ckchi to regenerate */
10063 ckchi = appctx->ctx.ssl.next_ckchi;
10064 /* we didn't start yet, set it to the first elem */
10065 if (ckchi == NULL)
10066 ckchi = LIST_ELEM(old_ckchs->ckch_inst.n, typeof(ckchi), by_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010067
William Lallemandbeea2a42019-10-30 17:45:33 +010010068 /* walk through the old ckch_inst and creates new ckch_inst using the updated ckchs */
10069 list_for_each_entry_from(ckchi, &old_ckchs->ckch_inst, by_ckchs) {
10070 struct ckch_inst *new_inst;
William Lallemand8f840d72019-10-23 10:53:05 +020010071
William Lallemandbeea2a42019-10-30 17:45:33 +010010072 /* it takes a lot of CPU to creates SSL_CTXs, so we yield every 10 CKCH instances */
10073 if (y >= 10) {
10074 /* save the next ckchi to compute */
10075 appctx->ctx.ssl.next_ckchi = ckchi;
10076 goto yield;
10077 }
William Lallemand8f840d72019-10-23 10:53:05 +020010078
William Lallemandbeea2a42019-10-30 17:45:33 +010010079 if (new_ckchs->multi)
10080 errcode |= ckch_inst_new_load_multi_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
10081 else
10082 errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
William Lallemand8f840d72019-10-23 10:53:05 +020010083
William Lallemandbeea2a42019-10-30 17:45:33 +010010084 if (errcode & ERR_CODE)
10085 goto error;
William Lallemand8f840d72019-10-23 10:53:05 +020010086
William Lallemandbeea2a42019-10-30 17:45:33 +010010087 /* display one dot per new instance */
10088 chunk_appendf(trash, ".");
10089 /* link the new ckch_inst to the duplicate */
10090 LIST_ADDQ(&new_ckchs->ckch_inst, &new_inst->by_ckchs);
10091 y++;
10092 }
William Lallemand430413e2019-10-28 14:30:47 +010010093 appctx->st2 = SETCERT_ST_INSERT;
10094 /* fallthrough */
10095 case SETCERT_ST_INSERT:
10096 /* The generation is finished, we can insert everything */
William Lallemand8f840d72019-10-23 10:53:05 +020010097
William Lallemandbeea2a42019-10-30 17:45:33 +010010098 old_ckchs = appctx->ctx.ssl.old_ckchs;
10099 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010100
William Lallemandbeea2a42019-10-30 17:45:33 +010010101 if (!new_ckchs)
10102 continue;
William Lallemand430413e2019-10-28 14:30:47 +010010103
William Lallemandbeea2a42019-10-30 17:45:33 +010010104 /* First, we insert every new SNIs in the trees */
10105 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10106 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10107 ssl_sock_load_cert_sni(ckchi, ckchi->bind_conf);
10108 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10109 }
William Lallemand8f840d72019-10-23 10:53:05 +020010110
William Lallemandbeea2a42019-10-30 17:45:33 +010010111 /* delete the old sni_ctx, the old ckch_insts and the ckch_store */
10112 list_for_each_entry_safe(ckchi, ckchis, &old_ckchs->ckch_inst, by_ckchs) {
10113 struct sni_ctx *sc0, *sc0s;
William Lallemand430413e2019-10-28 14:30:47 +010010114
William Lallemandbeea2a42019-10-30 17:45:33 +010010115 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10116 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10117 ebmb_delete(&sc0->name);
10118 LIST_DEL(&sc0->by_ckch_inst);
10119 free(sc0);
William Lallemand430413e2019-10-28 14:30:47 +010010120 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010121 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10122 LIST_DEL(&ckchi->by_ckchs);
10123 free(ckchi);
10124 }
William Lallemand8f840d72019-10-23 10:53:05 +020010125
William Lallemandbeea2a42019-10-30 17:45:33 +010010126 /* Replace the old ckchs by the new one */
10127 ebmb_delete(&old_ckchs->node);
10128 ckchs_free(old_ckchs);
10129 ebst_insert(&ckchs_tree, &new_ckchs->node);
William Lallemand430413e2019-10-28 14:30:47 +010010130 appctx->st2 = SETCERT_ST_FIN;
10131 /* fallthrough */
10132 case SETCERT_ST_FIN:
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010133 /* we achieved the transaction, we can set everything to NULL */
10134 free(ckchs_transaction.path);
10135 ckchs_transaction.path = NULL;
10136 ckchs_transaction.new_ckchs = NULL;
10137 ckchs_transaction.old_ckchs = NULL;
William Lallemand430413e2019-10-28 14:30:47 +010010138 goto end;
10139 }
William Lallemand8f840d72019-10-23 10:53:05 +020010140 }
William Lallemand430413e2019-10-28 14:30:47 +010010141end:
William Lallemand8f840d72019-10-23 10:53:05 +020010142
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010143 chunk_appendf(trash, "\nSuccess!\n");
William Lallemand430413e2019-10-28 14:30:47 +010010144 if (ci_putchk(si_ic(si), trash) == -1)
10145 si_rx_room_blk(si);
10146 free_trash_chunk(trash);
10147 /* success: call the release function and don't come back */
10148 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010149yield:
10150 /* store the state */
10151 if (ci_putchk(si_ic(si), trash) == -1)
10152 si_rx_room_blk(si);
10153 free_trash_chunk(trash);
10154 si_rx_endp_more(si); /* let's come back later */
William Lallemand8f840d72019-10-23 10:53:05 +020010155 return 0; /* should come back */
10156
10157error:
10158 /* spin unlock and free are done in the release function */
William Lallemand33cc76f2019-10-31 11:43:45 +010010159 if (trash) {
10160 chunk_appendf(trash, "\n%sFailed!\n", err);
10161 if (ci_putchk(si_ic(si), trash) == -1)
10162 si_rx_room_blk(si);
10163 free_trash_chunk(trash);
10164 }
William Lallemand430413e2019-10-28 14:30:47 +010010165 /* error: call the release function and don't come back */
10166 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010167}
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010168
10169/*
10170 * Parsing function of 'commit ssl cert'
10171 */
10172static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appctx, void *private)
10173{
10174 char *err = NULL;
10175
10176 if (!*args[3])
10177 return cli_err(appctx, "'commit ssl cert expects a filename\n");
10178
10179 /* The operations on the CKCH architecture are locked so we can
10180 * manipulate ckch_store and ckch_inst */
10181 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10182 return cli_err(appctx, "Can't commit the certificate!\nOperations on certificates are currently locked!\n");
10183
10184 if (!ckchs_transaction.path) {
10185 memprintf(&err, "No ongoing transaction! !\n");
10186 goto error;
10187 }
10188
10189 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10190 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, args[3]);
10191 goto error;
10192 }
10193
10194 /* init the appctx structure */
10195 appctx->st2 = SETCERT_ST_INIT;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010196 appctx->ctx.ssl.next_ckchi = NULL;
10197 appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs;
10198 appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs;
10199
10200 /* we don't unlock there, it will be unlock after the IO handler, in the release handler */
10201 return 0;
10202
10203error:
10204
10205 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10206 err = memprintf(&err, "%sCan't commit %s!\n", err ? err : "", args[3]);
10207
10208 return cli_dynerr(appctx, err);
10209}
10210
10211
William Lallemand8f840d72019-10-23 10:53:05 +020010212/*
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010213 * Parsing function of `set ssl cert`, it updates or creates a temporary ckch.
William Lallemand8f840d72019-10-23 10:53:05 +020010214 */
William Lallemand150bfa82019-09-19 17:12:49 +020010215static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, void *private)
10216{
William Lallemand0c3b7d92019-10-18 11:27:07 +020010217 struct ckch_store *new_ckchs = NULL;
William Lallemand8f840d72019-10-23 10:53:05 +020010218 struct ckch_store *old_ckchs = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010219 char *err = NULL;
William Lallemand963b2e72019-10-14 11:38:36 +020010220 int i;
William Lallemand849eed62019-10-17 16:23:50 +020010221 int bundle = -1; /* TRUE if >= 0 (ckch index) */
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010222 int errcode = 0;
William Lallemand44b35322019-10-17 16:28:40 +020010223 char *end;
10224 int type = CERT_TYPE_PEM;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010225 struct cert_key_and_chain *ckch;
10226 struct buffer *buf;
William Lallemand8f840d72019-10-23 10:53:05 +020010227
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010228 if ((buf = alloc_trash_chunk()) == NULL)
10229 return cli_err(appctx, "Can't allocate memory\n");
William Lallemand150bfa82019-09-19 17:12:49 +020010230
10231 if (!*args[3] || !payload)
10232 return cli_err(appctx, "'set ssl cert expects a filename and a certificat as a payload\n");
10233
10234 /* The operations on the CKCH architecture are locked so we can
10235 * manipulate ckch_store and ckch_inst */
10236 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10237 return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
10238
William Lallemand8f840d72019-10-23 10:53:05 +020010239 if (!chunk_strcpy(buf, args[3])) {
10240 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10241 errcode |= ERR_ALERT | ERR_FATAL;
10242 goto end;
10243 }
10244
William Lallemand44b35322019-10-17 16:28:40 +020010245 /* check which type of file we want to update */
William Lallemandf29cdef2019-10-23 15:00:52 +020010246 for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) {
William Lallemand8f840d72019-10-23 10:53:05 +020010247 end = strrchr(buf->area, '.');
William Lallemand44b35322019-10-17 16:28:40 +020010248 if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) {
10249 *end = '\0';
10250 type = cert_exts[i].type;
10251 break;
10252 }
10253 }
10254
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010255 appctx->ctx.ssl.old_ckchs = NULL;
10256 appctx->ctx.ssl.new_ckchs = NULL;
William Lallemand849eed62019-10-17 16:23:50 +020010257
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010258 /* if there is an ongoing transaction */
10259 if (ckchs_transaction.path) {
10260 /* if the ongoing transaction is a bundle, we need to find which part of the bundle need to be updated */
William Lallemand963b2e72019-10-14 11:38:36 +020010261#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010262 if (ckchs_transaction.new_ckchs->multi) {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010263 char *end;
William Lallemand963b2e72019-10-14 11:38:36 +020010264 int j;
William Lallemand150bfa82019-09-19 17:12:49 +020010265
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010266 /* check if it was used in a bundle by removing the
William Lallemand963b2e72019-10-14 11:38:36 +020010267 * .dsa/.rsa/.ecdsa at the end of the filename */
William Lallemand8f840d72019-10-23 10:53:05 +020010268 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010269 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemand963b2e72019-10-14 11:38:36 +020010270 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10271 bundle = j; /* keep the type of certificate so we insert it at the right place */
10272 *end = '\0'; /* it's a bundle let's end the string*/
10273 break;
10274 }
William Lallemand150bfa82019-09-19 17:12:49 +020010275 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010276 if (bundle < 0) {
10277 memprintf(&err, "The ongoing transaction is the '%s' bundle. You need to specify which part of the bundle you want to update ('%s.{rsa,ecdsa,dsa}')\n", ckchs_transaction.path, buf->area);
10278 errcode |= ERR_ALERT | ERR_FATAL;
10279 goto end;
10280 }
10281 }
10282#endif
10283
10284 /* if there is an ongoing transaction, check if this is the same file */
10285 if (strcmp(ckchs_transaction.path, buf->area) != 0) {
10286 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, buf->area);
10287 errcode |= ERR_ALERT | ERR_FATAL;
10288 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010289 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010290
10291 appctx->ctx.ssl.old_ckchs = ckchs_transaction.new_ckchs;
10292
10293 } else {
10294 struct ckch_store *find_ckchs[2] = { NULL, NULL };
10295
10296 /* lookup for the certificate in the tree:
10297 * check if this is used as a bundle AND as a unique certificate */
10298 for (i = 0; i < 2; i++) {
10299
10300 if ((find_ckchs[i] = ckchs_lookup(buf->area)) != NULL) {
10301 /* only the bundle name is in the tree and you should
10302 * never update a bundle name, only a filename */
10303 if (bundle < 0 && find_ckchs[i]->multi) {
10304 /* we tried to look for a non-bundle and we found a bundle */
10305 memprintf(&err, "%s%s is a multi-cert bundle. Try updating %s.{dsa,rsa,ecdsa}\n",
10306 err ? err : "", args[3], args[3]);
10307 errcode |= ERR_ALERT | ERR_FATAL;
10308 goto end;
10309 }
10310 /* If we want a bundle but this is not a bundle */
10311 /* note that it should never happen */
10312 if (bundle >= 0 && find_ckchs[i]->multi == 0)
10313 goto end;
10314 }
10315#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
10316 {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010317 char *end;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010318 int j;
10319
10320 /* check if it was used in a bundle by removing the
10321 * .dsa/.rsa/.ecdsa at the end of the filename */
10322 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010323 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010324 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10325 bundle = j; /* keep the type of certificate so we insert it at the right place */
10326 *end = '\0'; /* it's a bundle let's end the string*/
10327 break;
10328 }
10329 }
10330 }
William Lallemand963b2e72019-10-14 11:38:36 +020010331#else
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010332 /* bundles are not supported here, so we don't need to lookup again */
10333 break;
William Lallemand963b2e72019-10-14 11:38:36 +020010334#endif
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010335 }
10336
10337 if (find_ckchs[0] && find_ckchs[1]) {
10338 memprintf(&err, "%sUpdating a certificate which is used in the HAProxy configuration as a bundle and as a unique certificate is not supported. ('%s' and '%s')\n",
10339 err ? err : "", find_ckchs[0]->path, find_ckchs[1]->path);
10340 errcode |= ERR_ALERT | ERR_FATAL;
10341 goto end;
10342 }
10343
10344 appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
William Lallemand150bfa82019-09-19 17:12:49 +020010345 }
10346
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010347 if (!appctx->ctx.ssl.old_ckchs) {
10348 memprintf(&err, "%sCan't replace a certificate which is not referenced by the configuration!\n",
William Lallemand150bfa82019-09-19 17:12:49 +020010349 err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010350 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand8f840d72019-10-23 10:53:05 +020010351 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010352 }
10353
William Lallemand8a7fdf02019-11-04 10:59:32 +010010354 if (!appctx->ctx.ssl.path) {
10355 /* this is a new transaction, set the path of the transaction */
10356 appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
10357 if (!appctx->ctx.ssl.path) {
10358 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10359 errcode |= ERR_ALERT | ERR_FATAL;
10360 goto end;
10361 }
10362 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010363
10364 old_ckchs = appctx->ctx.ssl.old_ckchs;
10365
10366 /* TODO: handle filters */
10367 if (old_ckchs->filters) {
10368 memprintf(&err, "%sCertificates used in crt-list with filters are not supported!\n",
10369 err ? err : "");
10370 errcode |= ERR_ALERT | ERR_FATAL;
10371 goto end;
10372 }
10373
10374 /* duplicate the ckch store */
10375 new_ckchs = ckchs_dup(old_ckchs);
10376 if (!new_ckchs) {
10377 memprintf(&err, "%sCannot allocate memory!\n",
10378 err ? err : "");
10379 errcode |= ERR_ALERT | ERR_FATAL;
10380 goto end;
10381 }
10382
10383 if (!new_ckchs->multi)
10384 ckch = new_ckchs->ckch;
10385 else
10386 ckch = &new_ckchs->ckch[bundle];
10387
10388 /* appply the change on the duplicate */
10389 if (cert_exts[type].load(buf->area, payload, ckch, &err) != 0) {
10390 memprintf(&err, "%sCan't load the payload\n", err ? err : "");
10391 errcode |= ERR_ALERT | ERR_FATAL;
10392 goto end;
10393 }
10394
10395 appctx->ctx.ssl.new_ckchs = new_ckchs;
10396
10397 /* we succeed, we can save the ckchs in the transaction */
10398
10399 /* if there wasn't a transaction, update the old ckchs */
10400 if (!ckchs_transaction.old_ckchs && !ckchs_transaction.old_ckchs) {
10401 ckchs_transaction.old_ckchs = appctx->ctx.ssl.old_ckchs;
10402 ckchs_transaction.path = appctx->ctx.ssl.path;
10403 err = memprintf(&err, "Transaction created for certificate %s!\n", ckchs_transaction.path);
10404 } else {
10405 err = memprintf(&err, "Transaction updated for certificate %s!\n", ckchs_transaction.path);
10406
10407 }
10408
10409 /* free the previous ckchs if there was a transaction */
10410 ckchs_free(ckchs_transaction.new_ckchs);
10411
10412 ckchs_transaction.new_ckchs = appctx->ctx.ssl.new_ckchs;
10413
10414
William Lallemand8f840d72019-10-23 10:53:05 +020010415 /* creates the SNI ctxs later in the IO handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010416
William Lallemand8f840d72019-10-23 10:53:05 +020010417end:
10418 free_trash_chunk(buf);
William Lallemand150bfa82019-09-19 17:12:49 +020010419
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010420 if (errcode & ERR_CODE) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010421
10422 ckchs_free(appctx->ctx.ssl.new_ckchs);
10423 appctx->ctx.ssl.new_ckchs = NULL;
10424
10425 appctx->ctx.ssl.old_ckchs = NULL;
10426
10427 free(appctx->ctx.ssl.path);
10428 appctx->ctx.ssl.path = NULL;
10429
10430 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand44b35322019-10-17 16:28:40 +020010431 return cli_dynerr(appctx, memprintf(&err, "%sCan't update %s!\n", err ? err : "", args[3]));
William Lallemand430413e2019-10-28 14:30:47 +010010432 } else {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010433
10434 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10435 return cli_dynmsg(appctx, LOG_NOTICE, err);
William Lallemand430413e2019-10-28 14:30:47 +010010436 }
William Lallemand8f840d72019-10-23 10:53:05 +020010437 /* TODO: handle the ERR_WARN which are not handled because of the io_handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010438}
10439
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010440static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010441{
10442#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
10443 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010444 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010445
10446 if (!payload)
10447 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +020010448
10449 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010450 if (!*payload)
10451 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010452
10453 /* remove \r and \n from the payload */
10454 for (i = 0, j = 0; payload[i]; i++) {
10455 if (payload[i] == '\r' || payload[i] == '\n')
10456 continue;
10457 payload[j++] = payload[i];
10458 }
10459 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010460
Willy Tarreau1c913e42018-08-22 05:26:57 +020010461 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010462 if (ret < 0)
10463 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010464
Willy Tarreau1c913e42018-08-22 05:26:57 +020010465 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +020010466 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +020010467 if (err)
10468 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
10469 else
10470 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010471 }
Willy Tarreau9d008692019-08-09 11:21:01 +020010472
10473 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010474#else
Willy Tarreau9d008692019-08-09 11:21:01 +020010475 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010476#endif
10477
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010478}
10479
Willy Tarreau86a394e2019-05-09 14:15:32 +020010480#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010481static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
10482{
10483 switch (arg->type) {
10484 case ARGT_STR:
10485 smp->data.type = SMP_T_STR;
10486 smp->data.u.str = arg->data.str;
10487 return 1;
10488 case ARGT_VAR:
10489 if (!vars_get_by_desc(&arg->data.var, smp))
10490 return 0;
10491 if (!sample_casts[smp->data.type][SMP_T_STR])
10492 return 0;
10493 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
10494 return 0;
10495 return 1;
10496 default:
10497 return 0;
10498 }
10499}
10500
10501static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
10502 const char *file, int line, char **err)
10503{
10504 switch(args[0].data.sint) {
10505 case 128:
10506 case 192:
10507 case 256:
10508 break;
10509 default:
10510 memprintf(err, "key size must be 128, 192 or 256 (bits).");
10511 return 0;
10512 }
10513 /* Try to decode a variable. */
10514 vars_check_arg(&args[1], NULL);
10515 vars_check_arg(&args[2], NULL);
10516 vars_check_arg(&args[3], NULL);
10517 return 1;
10518}
10519
10520/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
10521static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
10522{
10523 struct sample nonce, key, aead_tag;
10524 struct buffer *smp_trash, *smp_trash_alloc;
10525 EVP_CIPHER_CTX *ctx;
10526 int dec_size, ret;
10527
10528 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
10529 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
10530 return 0;
10531
10532 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
10533 if (!sample_conv_var2smp_str(&arg_p[2], &key))
10534 return 0;
10535
10536 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
10537 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
10538 return 0;
10539
10540 smp_trash = get_trash_chunk();
10541 smp_trash_alloc = alloc_trash_chunk();
10542 if (!smp_trash_alloc)
10543 return 0;
10544
10545 ctx = EVP_CIPHER_CTX_new();
10546
10547 if (!ctx)
10548 goto err;
10549
10550 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
10551 if (dec_size < 0)
10552 goto err;
10553 smp_trash->data = dec_size;
10554
10555 /* Set cipher type and mode */
10556 switch(arg_p[0].data.sint) {
10557 case 128:
10558 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
10559 break;
10560 case 192:
10561 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
10562 break;
10563 case 256:
10564 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
10565 break;
10566 }
10567
10568 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
10569
10570 /* Initialise IV */
10571 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
10572 goto err;
10573
10574 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
10575 if (dec_size < 0)
10576 goto err;
10577 smp_trash->data = dec_size;
10578
10579 /* Initialise key */
10580 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
10581 goto err;
10582
10583 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
10584 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
10585 goto err;
10586
10587 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
10588 if (dec_size < 0)
10589 goto err;
10590 smp_trash_alloc->data = dec_size;
10591 dec_size = smp_trash->data;
10592
10593 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
10594 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
10595
10596 if (ret <= 0)
10597 goto err;
10598
10599 smp->data.u.str.data = dec_size + smp_trash->data;
10600 smp->data.u.str.area = smp_trash->area;
10601 smp->data.type = SMP_T_BIN;
10602 smp->flags &= ~SMP_F_CONST;
10603 free_trash_chunk(smp_trash_alloc);
10604 return 1;
10605
10606err:
10607 free_trash_chunk(smp_trash_alloc);
10608 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010609}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010610# endif
William Lallemand32af2032016-10-29 18:09:35 +020010611
10612/* register cli keywords */
10613static struct cli_kw_list cli_kws = {{ },{
10614#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10615 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +020010616 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +020010617#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010010618 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010619 { { "set", "ssl", "cert", NULL }, "set ssl cert <certfile> <payload> : replace a certificate file", cli_parse_set_cert, NULL, NULL },
10620 { { "commit", "ssl", "cert", NULL }, "commit ssl cert <certfile> : commit a certificate file", cli_parse_commit_cert, cli_io_handler_commit_cert, cli_release_commit_cert },
William Lallemand32af2032016-10-29 18:09:35 +020010621 { { NULL }, NULL, NULL, NULL }
10622}};
10623
Willy Tarreau0108d902018-11-25 19:14:37 +010010624INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +020010625
Willy Tarreau7875d092012-09-10 08:20:03 +020010626/* Note: must not be declared <const> as its list will be overwritten.
10627 * Please take care of keeping this list alphabetically sorted.
10628 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010629static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +020010630 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010631 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010632#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +010010633 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010634#endif
Emeric Brun645ae792014-04-30 14:21:06 +020010635 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010636#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
10637 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
10638#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +010010639 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +020010640 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +020010641 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010642 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010643#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +020010644 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -040010645#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010646#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040010647 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
10648 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -040010649 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
10650#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010651 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
10652 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010010653 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010654 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020010655 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10656 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10657 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10658 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10659 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10660 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10661 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10662 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010663 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010664 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
10665 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010010666 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020010667 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10668 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10669 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10670 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10671 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10672 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10673 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +020010674 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010675 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010676 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010677 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010678 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010679 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010680 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010681 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +020010682 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +010010683#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010684 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +020010685#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +010010686#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010687 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +020010688#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010689 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010690#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +020010691 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010692#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010693 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010694#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010695 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010696#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010697#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040010698 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10699 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -040010700 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10701#endif
Patrick Hemmer41966772018-04-28 19:15:48 -040010702#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010703 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010704#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010010705 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10706 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10707 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10708 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +020010709 { NULL, NULL, 0, 0, 0 },
10710}};
10711
Willy Tarreau0108d902018-11-25 19:14:37 +010010712INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
10713
Willy Tarreau7875d092012-09-10 08:20:03 +020010714/* Note: must not be declared <const> as its list will be overwritten.
10715 * Please take care of keeping this list alphabetically sorted.
10716 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010717static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010718 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
10719 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +010010720 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +020010721}};
10722
Willy Tarreau0108d902018-11-25 19:14:37 +010010723INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
10724
Willy Tarreau79eeafa2012-09-14 07:53:05 +020010725/* Note: must not be declared <const> as its list will be overwritten.
10726 * Please take care of keeping this list alphabetically sorted, doing so helps
10727 * all code contributors.
10728 * Optional keywords are also declared with a NULL ->parse() function so that
10729 * the config parser can report an appropriate error when a known keyword was
10730 * not enabled.
10731 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010732static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +020010733 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010734 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
10735 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
10736 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010737#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010738 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
10739#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010740 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +010010741 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010742 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020010743 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010744 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +020010745 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
10746 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010747 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
10748 { NULL, NULL, 0 },
10749};
10750
Willy Tarreau0108d902018-11-25 19:14:37 +010010751/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
10752
Willy Tarreau51fb7652012-09-18 18:24:39 +020010753static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +020010754 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010755 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
10756 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
10757 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
10758 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
10759 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
10760 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010761#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010762 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
10763#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010764 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
10765 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
10766 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
10767 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
10768 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
10769 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
10770 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
10771 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
10772 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
10773 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020010774 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010775 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020010776 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010777 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
10778 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
10779 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
10780 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020010781 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010782 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
10783 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010784 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
10785 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010786 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
10787 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
10788 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
10789 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
10790 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +020010791 { NULL, NULL, 0 },
10792}};
Emeric Brun46591952012-05-18 15:47:34 +020010793
Willy Tarreau0108d902018-11-25 19:14:37 +010010794INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
10795
Willy Tarreau92faadf2012-10-10 23:04:25 +020010796/* Note: must not be declared <const> as its list will be overwritten.
10797 * Please take care of keeping this list alphabetically sorted, doing so helps
10798 * all code contributors.
10799 * Optional keywords are also declared with a NULL ->parse() function so that
10800 * the config parser can report an appropriate error when a known keyword was
10801 * not enabled.
10802 */
10803static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +010010804 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +010010805 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010806 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +010010807 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +020010808 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010809 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
10810 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010811#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010812 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
10813#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010814 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
10815 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
10816 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
10817 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
10818 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
10819 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
10820 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
10821 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
10822 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
10823 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
10824 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
10825 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
10826 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
10827 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
10828 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
10829 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
10830 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
10831 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +010010832 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010833 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
10834 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
10835 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
10836 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
10837 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
10838 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
10839 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
10840 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
10841 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
10842 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +020010843 { NULL, NULL, 0, 0 },
10844}};
10845
Willy Tarreau0108d902018-11-25 19:14:37 +010010846INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
10847
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010848static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +010010849 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
10850 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +010010851 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010852 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
10853 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +010010854#ifndef OPENSSL_NO_DH
10855 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
10856#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010857 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010858#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010859 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010860#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +010010861 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
10862#ifndef OPENSSL_NO_DH
10863 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
10864#endif
10865 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
10866 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
10867 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
10868 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010010869 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +010010870 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
10871 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010872#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010873 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
10874 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
10875#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010876 { 0, NULL, NULL },
10877}};
10878
Willy Tarreau0108d902018-11-25 19:14:37 +010010879INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
10880
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010881/* Note: must not be declared <const> as its list will be overwritten */
10882static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +020010883#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010884 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
10885#endif
10886 { NULL, NULL, 0, 0, 0 },
10887}};
10888
10889INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
10890
Willy Tarreauf7bc57c2012-10-03 00:19:48 +020010891/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +010010892static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +020010893 .snd_buf = ssl_sock_from_buf,
10894 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +010010895 .subscribe = ssl_subscribe,
10896 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +020010897 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +020010898 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +020010899 .rcv_pipe = NULL,
10900 .snd_pipe = NULL,
10901 .shutr = NULL,
10902 .shutw = ssl_sock_shutw,
10903 .close = ssl_sock_close,
10904 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +010010905 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +010010906 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +010010907 .prepare_srv = ssl_sock_prepare_srv_ctx,
10908 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +010010909 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +010010910 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +020010911};
10912
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010913enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
10914 struct session *sess, struct stream *s, int flags)
10915{
10916 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010917 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010918
10919 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010920 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010921
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010922 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010923 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010924 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010925 s->req.flags |= CF_READ_NULL;
10926 return ACT_RET_YIELD;
10927 }
10928 }
10929 return (ACT_RET_CONT);
10930}
10931
10932static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
10933{
10934 rule->action_ptr = ssl_action_wait_for_hs;
10935
10936 return ACT_RET_PRS_OK;
10937}
10938
10939static struct action_kw_list http_req_actions = {ILH, {
10940 { "wait-for-handshake", ssl_parse_wait_for_hs },
10941 { /* END */ }
10942}};
10943
Willy Tarreau0108d902018-11-25 19:14:37 +010010944INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
10945
Willy Tarreau5db847a2019-05-09 14:13:35 +020010946#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010947
10948static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10949{
10950 if (ptr) {
10951 chunk_destroy(ptr);
10952 free(ptr);
10953 }
10954}
10955
10956#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010957static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10958{
Willy Tarreaubafbe012017-11-24 17:34:44 +010010959 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010960}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010961
Emeric Brun46591952012-05-18 15:47:34 +020010962__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020010963static void __ssl_sock_init(void)
10964{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010965#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010966 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010967 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010968#endif
Emeric Brun46591952012-05-18 15:47:34 +020010969
Willy Tarreauef934602016-12-22 23:12:01 +010010970 if (global_ssl.listen_default_ciphers)
10971 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
10972 if (global_ssl.connect_default_ciphers)
10973 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010974#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010975 if (global_ssl.listen_default_ciphersuites)
10976 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
10977 if (global_ssl.connect_default_ciphersuites)
10978 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
10979#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010010980
Willy Tarreau13e14102016-12-22 20:25:26 +010010981 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010982#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020010983 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080010984#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010985#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010986 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010987 n = sk_SSL_COMP_num(cm);
10988 while (n--) {
10989 (void) sk_SSL_COMP_pop(cm);
10990 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010991#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010992
Willy Tarreau5db847a2019-05-09 14:13:35 +020010993#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010994 ssl_locking_init();
10995#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020010996#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010997 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
10998#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020010999 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020011000 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +010011001 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011002#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011003 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011004 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011005#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010011006#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
11007 hap_register_post_check(tlskeys_finalize_config);
11008#endif
Willy Tarreau80713382018-11-26 10:19:54 +010011009
11010 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
11011 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
11012
11013#ifndef OPENSSL_NO_DH
11014 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
11015 hap_register_post_deinit(ssl_free_dh);
11016#endif
11017#ifndef OPENSSL_NO_ENGINE
11018 hap_register_post_deinit(ssl_free_engines);
11019#endif
11020 /* Load SSL string for the verbose & debug mode. */
11021 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020011022 ha_meth = BIO_meth_new(0x666, "ha methods");
11023 BIO_meth_set_write(ha_meth, ha_ssl_write);
11024 BIO_meth_set_read(ha_meth, ha_ssl_read);
11025 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
11026 BIO_meth_set_create(ha_meth, ha_ssl_new);
11027 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
11028 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
11029 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
William Lallemand150bfa82019-09-19 17:12:49 +020011030
11031 HA_SPIN_INIT(&ckch_lock);
Willy Tarreau80713382018-11-26 10:19:54 +010011032}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010011033
Willy Tarreau80713382018-11-26 10:19:54 +010011034/* Compute and register the version string */
11035static void ssl_register_build_options()
11036{
11037 char *ptr = NULL;
11038 int i;
11039
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011040 memprintf(&ptr, "Built with OpenSSL version : "
11041#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011042 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011043#else /* OPENSSL_IS_BORINGSSL */
11044 OPENSSL_VERSION_TEXT
11045 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080011046 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020011047 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011048#endif
11049 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011050#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011051 "no (library version too old)"
11052#elif defined(OPENSSL_NO_TLSEXT)
11053 "no (disabled via OPENSSL_NO_TLSEXT)"
11054#else
11055 "yes"
11056#endif
11057 "", ptr);
11058
11059 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
11060#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
11061 "yes"
11062#else
11063#ifdef OPENSSL_NO_TLSEXT
11064 "no (because of OPENSSL_NO_TLSEXT)"
11065#else
11066 "no (version might be too old, 0.9.8f min needed)"
11067#endif
11068#endif
11069 "", ptr);
11070
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020011071 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
11072 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
11073 if (methodVersions[i].option)
11074 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011075
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011076 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010011077}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011078
Willy Tarreau80713382018-11-26 10:19:54 +010011079INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020011080
Emeric Brun46591952012-05-18 15:47:34 +020011081
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011082#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011083void ssl_free_engines(void) {
11084 struct ssl_engine_list *wl, *wlb;
11085 /* free up engine list */
11086 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
11087 ENGINE_finish(wl->e);
11088 ENGINE_free(wl->e);
11089 LIST_DEL(&wl->list);
11090 free(wl);
11091 }
11092}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011093#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020011094
Remi Gacogned3a23c32015-05-28 16:39:47 +020011095#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000011096void ssl_free_dh(void) {
11097 if (local_dh_1024) {
11098 DH_free(local_dh_1024);
11099 local_dh_1024 = NULL;
11100 }
11101 if (local_dh_2048) {
11102 DH_free(local_dh_2048);
11103 local_dh_2048 = NULL;
11104 }
11105 if (local_dh_4096) {
11106 DH_free(local_dh_4096);
11107 local_dh_4096 = NULL;
11108 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020011109 if (global_dh) {
11110 DH_free(global_dh);
11111 global_dh = NULL;
11112 }
Grant Zhang872f9c22017-01-21 01:10:18 +000011113}
11114#endif
11115
11116__attribute__((destructor))
11117static void __ssl_sock_deinit(void)
11118{
11119#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011120 if (ssl_ctx_lru_tree) {
11121 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010011122 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020011123 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020011124#endif
11125
Willy Tarreau5db847a2019-05-09 14:13:35 +020011126#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011127 ERR_remove_state(0);
11128 ERR_free_strings();
11129
11130 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080011131#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020011132
Willy Tarreau5db847a2019-05-09 14:13:35 +020011133#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011134 CRYPTO_cleanup_all_ex_data();
11135#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020011136 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020011137}
11138
11139
Emeric Brun46591952012-05-18 15:47:34 +020011140/*
11141 * Local variables:
11142 * c-indent-level: 8
11143 * c-basic-offset: 8
11144 * End:
11145 */