blob: 138b1c58ce4e018da17b14e8f3968141da83b436 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Rosen Penev68185952018-12-14 08:47:02 -080042#include <openssl/bn.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020043#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020044#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020045#include <openssl/x509.h>
46#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020047#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010048#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020049#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010050#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020051#include <openssl/ocsp.h>
52#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020053#ifndef OPENSSL_NO_DH
54#include <openssl/dh.h>
55#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020056#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000057#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020058#endif
Emeric Brun46591952012-05-18 15:47:34 +020059
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020060#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000061#include <openssl/async.h>
62#endif
63
Rosen Penev68185952018-12-14 08:47:02 -080064#ifndef OPENSSL_VERSION
65#define OPENSSL_VERSION SSLEAY_VERSION
66#define OpenSSL_version(x) SSLeay_version(x)
67#define OpenSSL_version_num SSLeay
68#endif
69
70#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
71#define X509_getm_notBefore X509_get_notBefore
72#define X509_getm_notAfter X509_get_notAfter
73#endif
74
Christopher Faulet31af49d2015-06-09 17:29:50 +020075#include <import/lru.h>
76#include <import/xxhash.h>
77
Emeric Brun46591952012-05-18 15:47:34 +020078#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020079#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020080#include <common/compat.h>
81#include <common/config.h>
82#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020083#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010084#include <common/initcall.h>
Emeric Brun46591952012-05-18 15:47:34 +020085#include <common/standard.h>
86#include <common/ticks.h>
87#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010088#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010089#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Emeric Brunfc0421f2012-09-07 17:30:07 +020091#include <ebsttree.h>
92
William Lallemand32af2032016-10-29 18:09:35 +020093#include <types/applet.h>
94#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020095#include <types/global.h>
96#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020097#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020098
Willy Tarreau7875d092012-09-10 08:20:03 +020099#include <proto/acl.h>
100#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +0200101#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +0200102#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +0200103#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +0200104#include <proto/fd.h>
105#include <proto/freq_ctr.h>
106#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +0200107#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +0200108#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200109#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +0100110#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +0200111#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +0200112#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +0200113#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +0200114#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200115#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200116#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200117#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200118#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200119#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200120#include <proto/task.h>
121
Willy Tarreau518cedd2014-02-17 15:43:01 +0100122/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200123#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100124#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100125#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200126#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
127
Emeric Brunf282a812012-09-21 15:27:54 +0200128/* bits 0xFFFF0000 are reserved to store verify errors */
129
130/* Verify errors macros */
131#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
132#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
133#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
134
135#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
136#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
137#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200138
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100139/* Supported hash function for TLS tickets */
140#ifdef OPENSSL_NO_SHA256
141#define HASH_FUNCT EVP_sha1
142#else
143#define HASH_FUNCT EVP_sha256
144#endif /* OPENSSL_NO_SHA256 */
145
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200146/* ssl_methods flags for ssl options */
147#define MC_SSL_O_ALL 0x0000
148#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
149#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
150#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
151#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200152#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200153
154/* ssl_methods versions */
155enum {
156 CONF_TLSV_NONE = 0,
157 CONF_TLSV_MIN = 1,
158 CONF_SSLV3 = 1,
159 CONF_TLSV10 = 2,
160 CONF_TLSV11 = 3,
161 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200162 CONF_TLSV13 = 5,
163 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200164};
165
Emeric Brun850efd52014-01-29 12:24:34 +0100166/* server and bind verify method, it uses a global value as default */
167enum {
168 SSL_SOCK_VERIFY_DEFAULT = 0,
169 SSL_SOCK_VERIFY_REQUIRED = 1,
170 SSL_SOCK_VERIFY_OPTIONAL = 2,
171 SSL_SOCK_VERIFY_NONE = 3,
172};
173
William Lallemand3f85c9a2017-10-09 16:30:50 +0200174
Willy Tarreau71b734c2014-01-28 15:19:44 +0100175int sslconns = 0;
176int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100177static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100178int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200179
Willy Tarreauef934602016-12-22 23:12:01 +0100180static struct {
181 char *crt_base; /* base directory path for certificates */
182 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000183 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100184
185 char *listen_default_ciphers;
186 char *connect_default_ciphers;
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200187#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
188 char *listen_default_ciphersuites;
189 char *connect_default_ciphersuites;
190#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100191 int listen_default_ssloptions;
192 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 struct tls_version_filter listen_default_sslmethods;
194 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100195
196 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
197 unsigned int life_time; /* SSL session lifetime in seconds */
198 unsigned int max_record; /* SSL max record size */
199 unsigned int default_dh_param; /* SSL maximum DH parameter size */
200 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100201 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100202} global_ssl = {
203#ifdef LISTEN_DEFAULT_CIPHERS
204 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
205#endif
206#ifdef CONNECT_DEFAULT_CIPHERS
207 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
208#endif
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200209#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
210#ifdef LISTEN_DEFAULT_CIPHERSUITES
211 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
212#endif
213#ifdef CONNECT_DEFAULT_CIPHERSUITES
214 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
215#endif
216#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100217 .listen_default_ssloptions = BC_SSL_O_NONE,
218 .connect_default_ssloptions = SRV_SSL_O_NONE,
219
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200220 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
221 .listen_default_sslmethods.min = CONF_TLSV_NONE,
222 .listen_default_sslmethods.max = CONF_TLSV_NONE,
223 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
224 .connect_default_sslmethods.min = CONF_TLSV_NONE,
225 .connect_default_sslmethods.max = CONF_TLSV_NONE,
226
Willy Tarreauef934602016-12-22 23:12:01 +0100227#ifdef DEFAULT_SSL_MAX_RECORD
228 .max_record = DEFAULT_SSL_MAX_RECORD,
229#endif
230 .default_dh_param = SSL_DEFAULT_DH_PARAM,
231 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100232 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100233};
234
Rosen Penev68185952018-12-14 08:47:02 -0800235#if defined(USE_THREAD) && ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100236
Emeric Brun821bb9b2017-06-15 16:37:39 +0200237static HA_RWLOCK_T *ssl_rwlocks;
238
239
240unsigned long ssl_id_function(void)
241{
242 return (unsigned long)tid;
243}
244
245void ssl_locking_function(int mode, int n, const char * file, int line)
246{
247 if (mode & CRYPTO_LOCK) {
248 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100249 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200250 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100251 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200252 }
253 else {
254 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100255 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200256 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100257 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200258 }
259}
260
261static int ssl_locking_init(void)
262{
263 int i;
264
265 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
266 if (!ssl_rwlocks)
267 return -1;
268
269 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100270 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200271
272 CRYPTO_set_id_callback(ssl_id_function);
273 CRYPTO_set_locking_callback(ssl_locking_function);
274
275 return 0;
276}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100277
Emeric Brun821bb9b2017-06-15 16:37:39 +0200278#endif
279
280
281
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100282/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100283struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100284 unsigned long long int xxh64;
285 unsigned char ciphersuite_len;
286 char ciphersuite[0];
287};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100288struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100289static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200290static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100291
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100292static int ssl_pkey_info_index = -1;
293
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200294#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
295struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
296#endif
297
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200298#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000299static unsigned int openssl_engines_initialized;
300struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
301struct ssl_engine_list {
302 struct list list;
303 ENGINE *e;
304};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200305#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000306
Remi Gacogne8de54152014-07-15 11:36:40 +0200307#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200308static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200309static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200310static DH *local_dh_1024 = NULL;
311static DH *local_dh_2048 = NULL;
312static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100313static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200314#endif /* OPENSSL_NO_DH */
315
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100316#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200317/* X509V3 Extensions that will be added on generated certificates */
318#define X509V3_EXT_SIZE 5
319static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
320 "basicConstraints",
321 "nsComment",
322 "subjectKeyIdentifier",
323 "authorityKeyIdentifier",
324 "keyUsage",
325};
326static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
327 "CA:FALSE",
328 "\"OpenSSL Generated Certificate\"",
329 "hash",
330 "keyid,issuer:always",
331 "nonRepudiation,digitalSignature,keyEncipherment"
332};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200333/* LRU cache to store generated certificate */
334static struct lru64_head *ssl_ctx_lru_tree = NULL;
335static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200336static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100337__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200338
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200339#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
340
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100341static struct ssl_bind_kw ssl_bind_kws[];
342
yanbzhube2774d2015-12-10 15:07:30 -0500343#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
344/* The order here matters for picking a default context,
345 * keep the most common keytype at the bottom of the list
346 */
347const char *SSL_SOCK_KEYTYPE_NAMES[] = {
348 "dsa",
349 "ecdsa",
350 "rsa"
351};
352#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100353#else
354#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500355#endif
356
William Lallemandc3cd35f2017-11-28 11:04:43 +0100357static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100358static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
359
360#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
361
362#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
363 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
364
365#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
366 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200367
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100368/*
369 * This function gives the detail of the SSL error. It is used only
370 * if the debug mode and the verbose mode are activated. It dump all
371 * the SSL error until the stack was empty.
372 */
373static forceinline void ssl_sock_dump_errors(struct connection *conn)
374{
375 unsigned long ret;
376
377 if (unlikely(global.mode & MODE_DEBUG)) {
378 while(1) {
379 ret = ERR_get_error();
380 if (ret == 0)
381 return;
382 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200383 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100384 ERR_func_error_string(ret), ERR_reason_error_string(ret));
385 }
386 }
387}
388
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200389#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500390/*
391 * struct alignment works here such that the key.key is the same as key_data
392 * Do not change the placement of key_data
393 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200394struct certificate_ocsp {
395 struct ebmb_node key;
396 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200397 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200398 long expire;
399};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200400
yanbzhube2774d2015-12-10 15:07:30 -0500401struct ocsp_cbk_arg {
402 int is_single;
403 int single_kt;
404 union {
405 struct certificate_ocsp *s_ocsp;
406 /*
407 * m_ocsp will have multiple entries dependent on key type
408 * Entry 0 - DSA
409 * Entry 1 - ECDSA
410 * Entry 2 - RSA
411 */
412 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
413 };
414};
415
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200416#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000417static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
418{
419 int err_code = ERR_ABORT;
420 ENGINE *engine;
421 struct ssl_engine_list *el;
422
423 /* grab the structural reference to the engine */
424 engine = ENGINE_by_id(engine_id);
425 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100426 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000427 goto fail_get;
428 }
429
430 if (!ENGINE_init(engine)) {
431 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100432 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000433 goto fail_init;
434 }
435
436 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100437 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000438 goto fail_set_method;
439 }
440
441 el = calloc(1, sizeof(*el));
442 el->e = engine;
443 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100444 nb_engines++;
445 if (global_ssl.async)
446 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000447 return 0;
448
449fail_set_method:
450 /* release the functional reference from ENGINE_init() */
451 ENGINE_finish(engine);
452
453fail_init:
454 /* release the structural reference from ENGINE_by_id() */
455 ENGINE_free(engine);
456
457fail_get:
458 return err_code;
459}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200460#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000461
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200462#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200463/*
464 * openssl async fd handler
465 */
466static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000467{
468 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000469
Emeric Brun3854e012017-05-17 20:42:48 +0200470 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000471 * to poll this fd until it is requested
472 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000473 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000474 fd_cant_recv(fd);
475
476 /* crypto engine is available, let's notify the associated
477 * connection that it can pursue its processing.
478 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000479 __conn_sock_want_recv(conn);
480 __conn_sock_want_send(conn);
481 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000482}
483
Emeric Brun3854e012017-05-17 20:42:48 +0200484/*
485 * openssl async delayed SSL_free handler
486 */
487static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000488{
489 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200490 OSSL_ASYNC_FD all_fd[32];
491 size_t num_all_fds = 0;
492 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000493
Emeric Brun3854e012017-05-17 20:42:48 +0200494 /* We suppose that the async job for a same SSL *
495 * are serialized. So if we are awake it is
496 * because the running job has just finished
497 * and we can remove all async fds safely
498 */
499 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
500 if (num_all_fds > 32) {
501 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
502 return;
503 }
504
505 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
506 for (i=0 ; i < num_all_fds ; i++)
507 fd_remove(all_fd[i]);
508
509 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000510 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100511 _HA_ATOMIC_SUB(&sslconns, 1);
512 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000513}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000514/*
Emeric Brun3854e012017-05-17 20:42:48 +0200515 * function used to manage a returned SSL_ERROR_WANT_ASYNC
516 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000517 */
Emeric Brun3854e012017-05-17 20:42:48 +0200518static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100520 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200521 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000522 size_t num_add_fds = 0;
523 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200524 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000525
526 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
527 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200528 if (num_add_fds > 32 || num_del_fds > 32) {
529 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000530 return;
531 }
532
Emeric Brun3854e012017-05-17 20:42:48 +0200533 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000534
Emeric Brun3854e012017-05-17 20:42:48 +0200535 /* We remove unused fds from the fdtab */
536 for (i=0 ; i < num_del_fds ; i++)
537 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000538
Emeric Brun3854e012017-05-17 20:42:48 +0200539 /* We add new fds to the fdtab */
540 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100541 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000542 }
543
Emeric Brun3854e012017-05-17 20:42:48 +0200544 num_add_fds = 0;
545 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
546 if (num_add_fds > 32) {
547 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
548 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000549 }
Emeric Brun3854e012017-05-17 20:42:48 +0200550
551 /* We activate the polling for all known async fds */
552 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000553 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200554 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000555 /* To ensure that the fd cache won't be used
556 * We'll prefer to catch a real RD event
557 * because handling an EAGAIN on this fd will
558 * result in a context switch and also
559 * some engines uses a fd in blocking mode.
560 */
561 fd_cant_recv(add_fd[i]);
562 }
Emeric Brun3854e012017-05-17 20:42:48 +0200563
564 /* We must also prevent the conn_handler
565 * to be called until a read event was
566 * polled on an async fd
567 */
568 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000569}
570#endif
571
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200572/*
573 * This function returns the number of seconds elapsed
574 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
575 * date presented un ASN1_GENERALIZEDTIME.
576 *
577 * In parsing error case, it returns -1.
578 */
579static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
580{
581 long epoch;
582 char *p, *end;
583 const unsigned short month_offset[12] = {
584 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
585 };
586 int year, month;
587
588 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
589
590 p = (char *)d->data;
591 end = p + d->length;
592
593 if (end - p < 4) return -1;
594 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
595 p += 4;
596 if (end - p < 2) return -1;
597 month = 10 * (p[0] - '0') + p[1] - '0';
598 if (month < 1 || month > 12) return -1;
599 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
600 We consider leap years and the current month (<marsh or not) */
601 epoch = ( ((year - 1970) * 365)
602 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
603 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
604 + month_offset[month-1]
605 ) * 24 * 60 * 60;
606 p += 2;
607 if (end - p < 2) return -1;
608 /* Add the number of seconds of completed days of current month */
609 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
610 p += 2;
611 if (end - p < 2) return -1;
612 /* Add the completed hours of the current day */
613 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
614 p += 2;
615 if (end - p < 2) return -1;
616 /* Add the completed minutes of the current hour */
617 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
618 p += 2;
619 if (p == end) return -1;
620 /* Test if there is available seconds */
621 if (p[0] < '0' || p[0] > '9')
622 goto nosec;
623 if (end - p < 2) return -1;
624 /* Add the seconds of the current minute */
625 epoch += 10 * (p[0] - '0') + p[1] - '0';
626 p += 2;
627 if (p == end) return -1;
628 /* Ignore seconds float part if present */
629 if (p[0] == '.') {
630 do {
631 if (++p == end) return -1;
632 } while (p[0] >= '0' && p[0] <= '9');
633 }
634
635nosec:
636 if (p[0] == 'Z') {
637 if (end - p != 1) return -1;
638 return epoch;
639 }
640 else if (p[0] == '+') {
641 if (end - p != 5) return -1;
642 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700643 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200644 }
645 else if (p[0] == '-') {
646 if (end - p != 5) return -1;
647 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700648 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200649 }
650
651 return -1;
652}
653
Emeric Brun1d3865b2014-06-20 15:37:32 +0200654static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200655
656/* This function starts to check if the OCSP response (in DER format) contained
657 * in chunk 'ocsp_response' is valid (else exits on error).
658 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
659 * contained in the OCSP Response and exits on error if no match.
660 * If it's a valid OCSP Response:
661 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
662 * pointed by 'ocsp'.
663 * If 'ocsp' is NULL, the function looks up into the OCSP response's
664 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
665 * from the response) and exits on error if not found. Finally, If an OCSP response is
666 * already present in the container, it will be overwritten.
667 *
668 * Note: OCSP response containing more than one OCSP Single response is not
669 * considered valid.
670 *
671 * Returns 0 on success, 1 in error case.
672 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200673static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
674 struct certificate_ocsp *ocsp,
675 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200676{
677 OCSP_RESPONSE *resp;
678 OCSP_BASICRESP *bs = NULL;
679 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200680 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200681 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200682 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200683 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200684 int reason;
685 int ret = 1;
686
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200687 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
688 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200689 if (!resp) {
690 memprintf(err, "Unable to parse OCSP response");
691 goto out;
692 }
693
694 rc = OCSP_response_status(resp);
695 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
696 memprintf(err, "OCSP response status not successful");
697 goto out;
698 }
699
700 bs = OCSP_response_get1_basic(resp);
701 if (!bs) {
702 memprintf(err, "Failed to get basic response from OCSP Response");
703 goto out;
704 }
705
706 count_sr = OCSP_resp_count(bs);
707 if (count_sr > 1) {
708 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
709 goto out;
710 }
711
712 sr = OCSP_resp_get0(bs, 0);
713 if (!sr) {
714 memprintf(err, "Failed to get OCSP single response");
715 goto out;
716 }
717
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200718 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
719
Emeric Brun4147b2e2014-06-16 18:36:30 +0200720 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200721 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200722 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200723 goto out;
724 }
725
Emeric Brun13a6b482014-06-20 15:44:34 +0200726 if (!nextupd) {
727 memprintf(err, "OCSP single response: missing nextupdate");
728 goto out;
729 }
730
Emeric Brunc8b27b62014-06-19 14:16:17 +0200731 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200732 if (!rc) {
733 memprintf(err, "OCSP single response: no longer valid.");
734 goto out;
735 }
736
737 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200738 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200739 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
740 goto out;
741 }
742 }
743
744 if (!ocsp) {
745 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
746 unsigned char *p;
747
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200748 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200749 if (!rc) {
750 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
751 goto out;
752 }
753
754 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
755 memprintf(err, "OCSP single response: Certificate ID too long");
756 goto out;
757 }
758
759 p = key;
760 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200761 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200762 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
763 if (!ocsp) {
764 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
765 goto out;
766 }
767 }
768
769 /* According to comments on "chunk_dup", the
770 previous chunk buffer will be freed */
771 if (!chunk_dup(&ocsp->response, ocsp_response)) {
772 memprintf(err, "OCSP response: Memory allocation error");
773 goto out;
774 }
775
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200776 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
777
Emeric Brun4147b2e2014-06-16 18:36:30 +0200778 ret = 0;
779out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100780 ERR_clear_error();
781
Emeric Brun4147b2e2014-06-16 18:36:30 +0200782 if (bs)
783 OCSP_BASICRESP_free(bs);
784
785 if (resp)
786 OCSP_RESPONSE_free(resp);
787
788 return ret;
789}
790/*
791 * External function use to update the OCSP response in the OCSP response's
792 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
793 * to update in DER format.
794 *
795 * Returns 0 on success, 1 in error case.
796 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200797int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200798{
799 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
800}
801
802/*
803 * This function load the OCSP Resonse in DER format contained in file at
804 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
805 *
806 * Returns 0 on success, 1 in error case.
807 */
808static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
809{
810 int fd = -1;
811 int r = 0;
812 int ret = 1;
813
814 fd = open(ocsp_path, O_RDONLY);
815 if (fd == -1) {
816 memprintf(err, "Error opening OCSP response file");
817 goto end;
818 }
819
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200820 trash.data = 0;
821 while (trash.data < trash.size) {
822 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200823 if (r < 0) {
824 if (errno == EINTR)
825 continue;
826
827 memprintf(err, "Error reading OCSP response from file");
828 goto end;
829 }
830 else if (r == 0) {
831 break;
832 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200833 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200834 }
835
836 close(fd);
837 fd = -1;
838
839 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
840end:
841 if (fd != -1)
842 close(fd);
843
844 return ret;
845}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100846#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200847
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100848#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
849static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
850{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100851 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100852 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100853 struct connection *conn;
854 int head;
855 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100856 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100857
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200858 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200859 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100860 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
861
862 keys = ref->tlskeys;
863 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100864
865 if (enc) {
866 memcpy(key_name, keys[head].name, 16);
867
868 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100869 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100870
Emeric Brun9e754772019-01-10 17:51:55 +0100871 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100872
Emeric Brun9e754772019-01-10 17:51:55 +0100873 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
874 goto end;
875
876 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, HASH_FUNCT(), NULL);
877 ret = 1;
878 }
879 else if (ref->key_size_bits == 256 ) {
880
881 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
882 goto end;
883
884 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, HASH_FUNCT(), NULL);
885 ret = 1;
886 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100887 } else {
888 for (i = 0; i < TLS_TICKETS_NO; i++) {
889 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
890 goto found;
891 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100892 ret = 0;
893 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100894
Christopher Faulet16f45c82018-02-16 11:23:49 +0100895 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100896 if (ref->key_size_bits == 128) {
897 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, HASH_FUNCT(), NULL);
898 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
899 goto end;
900 /* 2 for key renewal, 1 if current key is still valid */
901 ret = i ? 2 : 1;
902 }
903 else if (ref->key_size_bits == 256) {
904 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, HASH_FUNCT(), NULL);
905 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
906 goto end;
907 /* 2 for key renewal, 1 if current key is still valid */
908 ret = i ? 2 : 1;
909 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100910 }
Emeric Brun9e754772019-01-10 17:51:55 +0100911
Christopher Faulet16f45c82018-02-16 11:23:49 +0100912 end:
913 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
914 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200915}
916
917struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
918{
919 struct tls_keys_ref *ref;
920
921 list_for_each_entry(ref, &tlskeys_reference, list)
922 if (ref->filename && strcmp(filename, ref->filename) == 0)
923 return ref;
924 return NULL;
925}
926
927struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
928{
929 struct tls_keys_ref *ref;
930
931 list_for_each_entry(ref, &tlskeys_reference, list)
932 if (ref->unique_id == unique_id)
933 return ref;
934 return NULL;
935}
936
Emeric Brun9e754772019-01-10 17:51:55 +0100937/* Update the key into ref: if keysize doesnt
938 * match existing ones, this function returns -1
939 * else it returns 0 on success.
940 */
941int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +0200942 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100943{
Emeric Brun9e754772019-01-10 17:51:55 +0100944 if (ref->key_size_bits == 128) {
945 if (tlskey->data != sizeof(struct tls_sess_key_128))
946 return -1;
947 }
948 else if (ref->key_size_bits == 256) {
949 if (tlskey->data != sizeof(struct tls_sess_key_256))
950 return -1;
951 }
952 else
953 return -1;
954
Christopher Faulet16f45c82018-02-16 11:23:49 +0100955 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200956 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
957 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100958 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
959 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +0100960
961 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100962}
963
Willy Tarreau83061a82018-07-13 11:56:34 +0200964int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100965{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200966 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
967
968 if(!ref) {
969 memprintf(err, "Unable to locate the referenced filename: %s", filename);
970 return 1;
971 }
Emeric Brun9e754772019-01-10 17:51:55 +0100972 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
973 memprintf(err, "Invalid key size");
974 return 1;
975 }
976
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200977 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100978}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200979
980/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100981 * automatic ids. It's called just after the basic checks. It returns
982 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200983 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100984static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200985{
986 int i = 0;
987 struct tls_keys_ref *ref, *ref2, *ref3;
988 struct list tkr = LIST_HEAD_INIT(tkr);
989
990 list_for_each_entry(ref, &tlskeys_reference, list) {
991 if (ref->unique_id == -1) {
992 /* Look for the first free id. */
993 while (1) {
994 list_for_each_entry(ref2, &tlskeys_reference, list) {
995 if (ref2->unique_id == i) {
996 i++;
997 break;
998 }
999 }
1000 if (&ref2->list == &tlskeys_reference)
1001 break;
1002 }
1003
1004 /* Uses the unique id and increment it for the next entry. */
1005 ref->unique_id = i;
1006 i++;
1007 }
1008 }
1009
1010 /* This sort the reference list by id. */
1011 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1012 LIST_DEL(&ref->list);
1013 list_for_each_entry(ref3, &tkr, list) {
1014 if (ref->unique_id < ref3->unique_id) {
1015 LIST_ADDQ(&ref3->list, &ref->list);
1016 break;
1017 }
1018 }
1019 if (&ref3->list == &tkr)
1020 LIST_ADDQ(&tkr, &ref->list);
1021 }
1022
1023 /* swap root */
1024 LIST_ADD(&tkr, &tlskeys_reference);
1025 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001026 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001027}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001028#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1029
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001030#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001031int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1032{
1033 switch (evp_keytype) {
1034 case EVP_PKEY_RSA:
1035 return 2;
1036 case EVP_PKEY_DSA:
1037 return 0;
1038 case EVP_PKEY_EC:
1039 return 1;
1040 }
1041
1042 return -1;
1043}
1044
Emeric Brun4147b2e2014-06-16 18:36:30 +02001045/*
1046 * Callback used to set OCSP status extension content in server hello.
1047 */
1048int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1049{
yanbzhube2774d2015-12-10 15:07:30 -05001050 struct certificate_ocsp *ocsp;
1051 struct ocsp_cbk_arg *ocsp_arg;
1052 char *ssl_buf;
1053 EVP_PKEY *ssl_pkey;
1054 int key_type;
1055 int index;
1056
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001057 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001058
1059 ssl_pkey = SSL_get_privatekey(ssl);
1060 if (!ssl_pkey)
1061 return SSL_TLSEXT_ERR_NOACK;
1062
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001063 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001064
1065 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1066 ocsp = ocsp_arg->s_ocsp;
1067 else {
1068 /* For multiple certs per context, we have to find the correct OCSP response based on
1069 * the certificate type
1070 */
1071 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1072
1073 if (index < 0)
1074 return SSL_TLSEXT_ERR_NOACK;
1075
1076 ocsp = ocsp_arg->m_ocsp[index];
1077
1078 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001079
1080 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001081 !ocsp->response.area ||
1082 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001083 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001084 return SSL_TLSEXT_ERR_NOACK;
1085
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001086 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001087 if (!ssl_buf)
1088 return SSL_TLSEXT_ERR_NOACK;
1089
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001090 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1091 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001092
1093 return SSL_TLSEXT_ERR_OK;
1094}
1095
1096/*
1097 * This function enables the handling of OCSP status extension on 'ctx' if a
1098 * file name 'cert_path' suffixed using ".ocsp" is present.
1099 * To enable OCSP status extension, the issuer's certificate is mandatory.
1100 * It should be present in the certificate's extra chain builded from file
1101 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1102 * named 'cert_path' suffixed using '.issuer'.
1103 *
1104 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1105 * response. If file is empty or content is not a valid OCSP response,
1106 * OCSP status extension is enabled but OCSP response is ignored (a warning
1107 * is displayed).
1108 *
1109 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001110 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001111 */
1112static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1113{
1114
1115 BIO *in = NULL;
1116 X509 *x, *xi = NULL, *issuer = NULL;
1117 STACK_OF(X509) *chain = NULL;
1118 OCSP_CERTID *cid = NULL;
1119 SSL *ssl;
1120 char ocsp_path[MAXPATHLEN+1];
1121 int i, ret = -1;
1122 struct stat st;
1123 struct certificate_ocsp *ocsp = NULL, *iocsp;
1124 char *warn = NULL;
1125 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001126 pem_password_cb *passwd_cb;
1127 void *passwd_cb_userdata;
1128 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001129
1130 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1131
1132 if (stat(ocsp_path, &st))
1133 return 1;
1134
1135 ssl = SSL_new(ctx);
1136 if (!ssl)
1137 goto out;
1138
1139 x = SSL_get_certificate(ssl);
1140 if (!x)
1141 goto out;
1142
1143 /* Try to lookup for issuer in certificate extra chain */
1144#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1145 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1146#else
1147 chain = ctx->extra_certs;
1148#endif
1149 for (i = 0; i < sk_X509_num(chain); i++) {
1150 issuer = sk_X509_value(chain, i);
1151 if (X509_check_issued(issuer, x) == X509_V_OK)
1152 break;
1153 else
1154 issuer = NULL;
1155 }
1156
1157 /* If not found try to load issuer from a suffixed file */
1158 if (!issuer) {
1159 char issuer_path[MAXPATHLEN+1];
1160
1161 in = BIO_new(BIO_s_file());
1162 if (!in)
1163 goto out;
1164
1165 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1166 if (BIO_read_filename(in, issuer_path) <= 0)
1167 goto out;
1168
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001169 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1170 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1171
1172 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001173 if (!xi)
1174 goto out;
1175
1176 if (X509_check_issued(xi, x) != X509_V_OK)
1177 goto out;
1178
1179 issuer = xi;
1180 }
1181
1182 cid = OCSP_cert_to_id(0, x, issuer);
1183 if (!cid)
1184 goto out;
1185
1186 i = i2d_OCSP_CERTID(cid, NULL);
1187 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1188 goto out;
1189
Vincent Bernat02779b62016-04-03 13:48:43 +02001190 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001191 if (!ocsp)
1192 goto out;
1193
1194 p = ocsp->key_data;
1195 i2d_OCSP_CERTID(cid, &p);
1196
1197 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1198 if (iocsp == ocsp)
1199 ocsp = NULL;
1200
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001201#ifndef SSL_CTX_get_tlsext_status_cb
1202# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1203 *cb = (void (*) (void))ctx->tlsext_status_cb;
1204#endif
1205 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1206
1207 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001208 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001209 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001210
1211 cb_arg->is_single = 1;
1212 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001213
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001214 pkey = X509_get_pubkey(x);
1215 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1216 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001217
1218 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1219 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1220 } else {
1221 /*
1222 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1223 * Update that cb_arg with the new cert's staple
1224 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001225 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001226 struct certificate_ocsp *tmp_ocsp;
1227 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001228 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001229 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001230
1231#ifdef SSL_CTX_get_tlsext_status_arg
1232 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1233#else
1234 cb_arg = ctx->tlsext_status_arg;
1235#endif
yanbzhube2774d2015-12-10 15:07:30 -05001236
1237 /*
1238 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1239 * the order of operations below matter, take care when changing it
1240 */
1241 tmp_ocsp = cb_arg->s_ocsp;
1242 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1243 cb_arg->s_ocsp = NULL;
1244 cb_arg->m_ocsp[index] = tmp_ocsp;
1245 cb_arg->is_single = 0;
1246 cb_arg->single_kt = 0;
1247
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001248 pkey = X509_get_pubkey(x);
1249 key_type = EVP_PKEY_base_id(pkey);
1250 EVP_PKEY_free(pkey);
1251
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001252 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001253 if (index >= 0 && !cb_arg->m_ocsp[index])
1254 cb_arg->m_ocsp[index] = iocsp;
1255
1256 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001257
1258 ret = 0;
1259
1260 warn = NULL;
1261 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1262 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001263 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001264 }
1265
1266out:
1267 if (ssl)
1268 SSL_free(ssl);
1269
1270 if (in)
1271 BIO_free(in);
1272
1273 if (xi)
1274 X509_free(xi);
1275
1276 if (cid)
1277 OCSP_CERTID_free(cid);
1278
1279 if (ocsp)
1280 free(ocsp);
1281
1282 if (warn)
1283 free(warn);
1284
1285
1286 return ret;
1287}
1288
1289#endif
1290
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001291#ifdef OPENSSL_IS_BORINGSSL
1292static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1293{
1294 char ocsp_path[MAXPATHLEN+1];
1295 struct stat st;
1296 int fd = -1, r = 0;
1297
1298 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1299 if (stat(ocsp_path, &st))
1300 return 0;
1301
1302 fd = open(ocsp_path, O_RDONLY);
1303 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001304 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001305 return -1;
1306 }
1307
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001308 trash.data = 0;
1309 while (trash.data < trash.size) {
1310 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001311 if (r < 0) {
1312 if (errno == EINTR)
1313 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001314 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001315 close(fd);
1316 return -1;
1317 }
1318 else if (r == 0) {
1319 break;
1320 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001321 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001322 }
1323 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001324 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1325 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001326}
1327#endif
1328
Daniel Jakots54ffb912015-11-06 20:02:41 +01001329#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001330
1331#define CT_EXTENSION_TYPE 18
1332
1333static int sctl_ex_index = -1;
1334
1335/*
1336 * Try to parse Signed Certificate Timestamp List structure. This function
1337 * makes only basic test if the data seems like SCTL. No signature validation
1338 * is performed.
1339 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001340static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001341{
1342 int ret = 1;
1343 int len, pos, sct_len;
1344 unsigned char *data;
1345
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001346 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001347 goto out;
1348
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001349 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001350 len = (data[0] << 8) | data[1];
1351
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001352 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001353 goto out;
1354
1355 data = data + 2;
1356 pos = 0;
1357 while (pos < len) {
1358 if (len - pos < 2)
1359 goto out;
1360
1361 sct_len = (data[pos] << 8) | data[pos + 1];
1362 if (pos + sct_len + 2 > len)
1363 goto out;
1364
1365 pos += sct_len + 2;
1366 }
1367
1368 ret = 0;
1369
1370out:
1371 return ret;
1372}
1373
Willy Tarreau83061a82018-07-13 11:56:34 +02001374static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1375 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001376{
1377 int fd = -1;
1378 int r = 0;
1379 int ret = 1;
1380
1381 *sctl = NULL;
1382
1383 fd = open(sctl_path, O_RDONLY);
1384 if (fd == -1)
1385 goto end;
1386
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001387 trash.data = 0;
1388 while (trash.data < trash.size) {
1389 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001390 if (r < 0) {
1391 if (errno == EINTR)
1392 continue;
1393
1394 goto end;
1395 }
1396 else if (r == 0) {
1397 break;
1398 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001399 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001400 }
1401
1402 ret = ssl_sock_parse_sctl(&trash);
1403 if (ret)
1404 goto end;
1405
Vincent Bernat02779b62016-04-03 13:48:43 +02001406 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001407 if (!chunk_dup(*sctl, &trash)) {
1408 free(*sctl);
1409 *sctl = NULL;
1410 goto end;
1411 }
1412
1413end:
1414 if (fd != -1)
1415 close(fd);
1416
1417 return ret;
1418}
1419
1420int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1421{
Willy Tarreau83061a82018-07-13 11:56:34 +02001422 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001423
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001424 *out = (unsigned char *) sctl->area;
1425 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001426
1427 return 1;
1428}
1429
1430int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1431{
1432 return 1;
1433}
1434
1435static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1436{
1437 char sctl_path[MAXPATHLEN+1];
1438 int ret = -1;
1439 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001440 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001441
1442 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1443
1444 if (stat(sctl_path, &st))
1445 return 1;
1446
1447 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1448 goto out;
1449
1450 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1451 free(sctl);
1452 goto out;
1453 }
1454
1455 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1456
1457 ret = 0;
1458
1459out:
1460 return ret;
1461}
1462
1463#endif
1464
Emeric Brune1f38db2012-09-03 20:36:47 +02001465void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1466{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001467 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001468 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001469 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001470
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001471#ifndef SSL_OP_NO_RENEGOTIATION
1472 /* Please note that BoringSSL defines this macro to zero so don't
1473 * change this to #if and do not assign a default value to this macro!
1474 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001475 if (where & SSL_CB_HANDSHAKE_START) {
1476 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001477 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001478 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001479 conn->err_code = CO_ER_SSL_RENEG;
1480 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001481 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001482#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001483
1484 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1485 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1486 /* Long certificate chains optimz
1487 If write and read bios are differents, we
1488 consider that the buffering was activated,
1489 so we rise the output buffer size from 4k
1490 to 16k */
1491 write_bio = SSL_get_wbio(ssl);
1492 if (write_bio != SSL_get_rbio(ssl)) {
1493 BIO_set_write_buffer_size(write_bio, 16384);
1494 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1495 }
1496 }
1497 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001498}
1499
Emeric Brune64aef12012-09-21 13:15:06 +02001500/* Callback is called for each certificate of the chain during a verify
1501 ok is set to 1 if preverify detect no error on current certificate.
1502 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001503int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001504{
1505 SSL *ssl;
1506 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001507 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001508
1509 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001510 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001511
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001512 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001513
Emeric Brun81c00f02012-09-21 14:31:21 +02001514 if (ok) /* no errors */
1515 return ok;
1516
1517 depth = X509_STORE_CTX_get_error_depth(x_store);
1518 err = X509_STORE_CTX_get_error(x_store);
1519
1520 /* check if CA error needs to be ignored */
1521 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001522 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1523 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1524 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001525 }
1526
Willy Tarreau07d94e42018-09-20 10:57:52 +02001527 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001528 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001529 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001530 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001531 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001532
Willy Tarreau20879a02012-12-03 16:32:10 +01001533 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001534 return 0;
1535 }
1536
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001537 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1538 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001539
Emeric Brun81c00f02012-09-21 14:31:21 +02001540 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001541 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001542 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001543 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001544 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001545 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001546
Willy Tarreau20879a02012-12-03 16:32:10 +01001547 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001548 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001549}
1550
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001551static inline
1552void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001553 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001554{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001555 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001556 unsigned char *msg;
1557 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001558 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001559
1560 /* This function is called for "from client" and "to server"
1561 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001562 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001563 */
1564
1565 /* "write_p" is set to 0 is the bytes are received messages,
1566 * otherwise it is set to 1.
1567 */
1568 if (write_p != 0)
1569 return;
1570
1571 /* content_type contains the type of message received or sent
1572 * according with the SSL/TLS protocol spec. This message is
1573 * encoded with one byte. The value 256 (two bytes) is used
1574 * for designing the SSL/TLS record layer. According with the
1575 * rfc6101, the expected message (other than 256) are:
1576 * - change_cipher_spec(20)
1577 * - alert(21)
1578 * - handshake(22)
1579 * - application_data(23)
1580 * - (255)
1581 * We are interessed by the handshake and specially the client
1582 * hello.
1583 */
1584 if (content_type != 22)
1585 return;
1586
1587 /* The message length is at least 4 bytes, containing the
1588 * message type and the message length.
1589 */
1590 if (len < 4)
1591 return;
1592
1593 /* First byte of the handshake message id the type of
1594 * message. The konwn types are:
1595 * - hello_request(0)
1596 * - client_hello(1)
1597 * - server_hello(2)
1598 * - certificate(11)
1599 * - server_key_exchange (12)
1600 * - certificate_request(13)
1601 * - server_hello_done(14)
1602 * We are interested by the client hello.
1603 */
1604 msg = (unsigned char *)buf;
1605 if (msg[0] != 1)
1606 return;
1607
1608 /* Next three bytes are the length of the message. The total length
1609 * must be this decoded length + 4. If the length given as argument
1610 * is not the same, we abort the protocol dissector.
1611 */
1612 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1613 if (len < rec_len + 4)
1614 return;
1615 msg += 4;
1616 end = msg + rec_len;
1617 if (end < msg)
1618 return;
1619
1620 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1621 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001622 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1623 */
1624 msg += 1 + 1 + 4 + 28;
1625 if (msg > end)
1626 return;
1627
1628 /* Next, is session id:
1629 * if present, we have to jump by length + 1 for the size information
1630 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001631 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001632 if (msg[0] > 0)
1633 msg += msg[0];
1634 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001635 if (msg > end)
1636 return;
1637
1638 /* Next two bytes are the ciphersuite length. */
1639 if (msg + 2 > end)
1640 return;
1641 rec_len = (msg[0] << 8) + msg[1];
1642 msg += 2;
1643 if (msg + rec_len > end || msg + rec_len < msg)
1644 return;
1645
Willy Tarreaubafbe012017-11-24 17:34:44 +01001646 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001647 if (!capture)
1648 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001649 /* Compute the xxh64 of the ciphersuite. */
1650 capture->xxh64 = XXH64(msg, rec_len, 0);
1651
1652 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001653 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1654 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001655 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001656
1657 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001658}
1659
Emeric Brun29f037d2014-04-25 19:05:36 +02001660/* Callback is called for ssl protocol analyse */
1661void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1662{
Emeric Brun29f037d2014-04-25 19:05:36 +02001663#ifdef TLS1_RT_HEARTBEAT
1664 /* test heartbeat received (write_p is set to 0
1665 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001666 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001667 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001668 const unsigned char *p = buf;
1669 unsigned int payload;
1670
Emeric Brun29f037d2014-04-25 19:05:36 +02001671 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001672
1673 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1674 if (*p != TLS1_HB_REQUEST)
1675 return;
1676
Willy Tarreauaeed6722014-04-25 23:59:58 +02001677 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001678 goto kill_it;
1679
1680 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001681 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001682 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001683 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001684 /* We have a clear heartbleed attack (CVE-2014-0160), the
1685 * advertised payload is larger than the advertised packet
1686 * length, so we have garbage in the buffer between the
1687 * payload and the end of the buffer (p+len). We can't know
1688 * if the SSL stack is patched, and we don't know if we can
1689 * safely wipe out the area between p+3+len and payload.
1690 * So instead, we prevent the response from being sent by
1691 * setting the max_send_fragment to 0 and we report an SSL
1692 * error, which will kill this connection. It will be reported
1693 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001694 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1695 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001696 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001697 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1698 return;
1699 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001700#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001701 if (global_ssl.capture_cipherlist > 0)
1702 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001703}
1704
Bernard Spil13c53f82018-02-15 13:34:58 +01001705#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001706static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1707 const unsigned char *in, unsigned int inlen,
1708 void *arg)
1709{
1710 struct server *srv = arg;
1711
1712 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1713 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1714 return SSL_TLSEXT_ERR_OK;
1715 return SSL_TLSEXT_ERR_NOACK;
1716}
1717#endif
1718
1719#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001720/* This callback is used so that the server advertises the list of
1721 * negociable protocols for NPN.
1722 */
1723static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1724 unsigned int *len, void *arg)
1725{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001726 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001727
1728 *data = (const unsigned char *)conf->npn_str;
1729 *len = conf->npn_len;
1730 return SSL_TLSEXT_ERR_OK;
1731}
1732#endif
1733
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001734#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001735/* This callback is used so that the server advertises the list of
1736 * negociable protocols for ALPN.
1737 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001738static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1739 unsigned char *outlen,
1740 const unsigned char *server,
1741 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001742{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001743 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001744
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001745 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1746 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1747 return SSL_TLSEXT_ERR_NOACK;
1748 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001749 return SSL_TLSEXT_ERR_OK;
1750}
1751#endif
1752
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001753#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001754#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001755
Christopher Faulet30548802015-06-11 13:39:32 +02001756/* Create a X509 certificate with the specified servername and serial. This
1757 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001758static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001759ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001760{
Christopher Faulet7969a332015-10-09 11:15:03 +02001761 X509 *cacert = bind_conf->ca_sign_cert;
1762 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001763 SSL_CTX *ssl_ctx = NULL;
1764 X509 *newcrt = NULL;
1765 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001766 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001767 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001768 X509_NAME *name;
1769 const EVP_MD *digest;
1770 X509V3_CTX ctx;
1771 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001772 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001773
Christopher Faulet48a83322017-07-28 16:56:09 +02001774 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001775#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1776 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1777#else
1778 tmp_ssl = SSL_new(bind_conf->default_ctx);
1779 if (tmp_ssl)
1780 pkey = SSL_get_privatekey(tmp_ssl);
1781#endif
1782 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001783 goto mkcert_error;
1784
1785 /* Create the certificate */
1786 if (!(newcrt = X509_new()))
1787 goto mkcert_error;
1788
1789 /* Set version number for the certificate (X509v3) and the serial
1790 * number */
1791 if (X509_set_version(newcrt, 2L) != 1)
1792 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001793 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001794
1795 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001796 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1797 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001798 goto mkcert_error;
1799
1800 /* set public key in the certificate */
1801 if (X509_set_pubkey(newcrt, pkey) != 1)
1802 goto mkcert_error;
1803
1804 /* Set issuer name from the CA */
1805 if (!(name = X509_get_subject_name(cacert)))
1806 goto mkcert_error;
1807 if (X509_set_issuer_name(newcrt, name) != 1)
1808 goto mkcert_error;
1809
1810 /* Set the subject name using the same, but the CN */
1811 name = X509_NAME_dup(name);
1812 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1813 (const unsigned char *)servername,
1814 -1, -1, 0) != 1) {
1815 X509_NAME_free(name);
1816 goto mkcert_error;
1817 }
1818 if (X509_set_subject_name(newcrt, name) != 1) {
1819 X509_NAME_free(name);
1820 goto mkcert_error;
1821 }
1822 X509_NAME_free(name);
1823
1824 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001825 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001826 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1827 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1828 X509_EXTENSION *ext;
1829
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001830 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001831 goto mkcert_error;
1832 if (!X509_add_ext(newcrt, ext, -1)) {
1833 X509_EXTENSION_free(ext);
1834 goto mkcert_error;
1835 }
1836 X509_EXTENSION_free(ext);
1837 }
1838
1839 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001840
1841 key_type = EVP_PKEY_base_id(capkey);
1842
1843 if (key_type == EVP_PKEY_DSA)
1844 digest = EVP_sha1();
1845 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001846 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001847 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001848 digest = EVP_sha256();
1849 else {
Emmanuel Hocdet747ca612018-10-01 18:45:19 +02001850#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001851 int nid;
1852
1853 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1854 goto mkcert_error;
1855 if (!(digest = EVP_get_digestbynid(nid)))
1856 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001857#else
1858 goto mkcert_error;
1859#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001860 }
1861
Christopher Faulet31af49d2015-06-09 17:29:50 +02001862 if (!(X509_sign(newcrt, capkey, digest)))
1863 goto mkcert_error;
1864
1865 /* Create and set the new SSL_CTX */
1866 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1867 goto mkcert_error;
1868 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1869 goto mkcert_error;
1870 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1871 goto mkcert_error;
1872 if (!SSL_CTX_check_private_key(ssl_ctx))
1873 goto mkcert_error;
1874
1875 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001876
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001877#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001878 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001879#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001880#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1881 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001882 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001883 EC_KEY *ecc;
1884 int nid;
1885
1886 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1887 goto end;
1888 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1889 goto end;
1890 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1891 EC_KEY_free(ecc);
1892 }
1893#endif
1894 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001895 return ssl_ctx;
1896
1897 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001898 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001899 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001900 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1901 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001902 return NULL;
1903}
1904
Christopher Faulet7969a332015-10-09 11:15:03 +02001905SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001906ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001907{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001908 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001909
1910 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001911}
1912
Christopher Faulet30548802015-06-11 13:39:32 +02001913/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001914 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001915SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001916ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001917{
1918 struct lru64 *lru = NULL;
1919
1920 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001921 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001922 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001923 if (lru && lru->domain) {
1924 if (ssl)
1925 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001926 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001927 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001928 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001929 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001930 }
1931 return NULL;
1932}
1933
Emeric Brun821bb9b2017-06-15 16:37:39 +02001934/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1935 * function is not thread-safe, it should only be used to check if a certificate
1936 * exists in the lru cache (with no warranty it will not be removed by another
1937 * thread). It is kept for backward compatibility. */
1938SSL_CTX *
1939ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1940{
1941 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1942}
1943
Christopher Fauletd2cab922015-07-28 16:03:47 +02001944/* Set a certificate int the LRU cache used to store generated
1945 * certificate. Return 0 on success, otherwise -1 */
1946int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001947ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001948{
1949 struct lru64 *lru = NULL;
1950
1951 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001952 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001953 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001954 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001955 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001956 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001957 }
Christopher Faulet30548802015-06-11 13:39:32 +02001958 if (lru->domain && lru->data)
1959 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001960 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001961 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001962 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001963 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001964 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001965}
1966
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001967/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001968unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001969ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001970{
1971 return XXH32(data, len, ssl_ctx_lru_seed);
1972}
1973
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001974/* Generate a cert and immediately assign it to the SSL session so that the cert's
1975 * refcount is maintained regardless of the cert's presence in the LRU cache.
1976 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001977static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001978ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001979{
1980 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001981 SSL_CTX *ssl_ctx = NULL;
1982 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001983 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001984
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001985 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001986 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001987 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001988 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001989 if (lru && lru->domain)
1990 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001991 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001992 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001993 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001994 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001995 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001996 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001997 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001998 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001999 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002000 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002001 SSL_set_SSL_CTX(ssl, ssl_ctx);
2002 /* No LRU cache, this CTX will be released as soon as the session dies */
2003 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002004 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002005 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002006 return 0;
2007}
2008static int
2009ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2010{
2011 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002012 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002013
2014 conn_get_to_addr(conn);
2015 if (conn->flags & CO_FL_ADDR_TO_SET) {
2016 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002017 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002018 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002019 }
2020 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002021}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002022#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002023
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002024
2025#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
2026#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
2027#endif
2028
2029#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
2030#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
2031#define SSL_renegotiate_pending(arg) 0
2032#endif
2033#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
2034#define SSL_OP_SINGLE_ECDH_USE 0
2035#endif
2036#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
2037#define SSL_OP_NO_TICKET 0
2038#endif
2039#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
2040#define SSL_OP_NO_COMPRESSION 0
2041#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002042#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
2043#undef SSL_OP_NO_SSLv3
2044#define SSL_OP_NO_SSLv3 0
2045#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002046#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
2047#define SSL_OP_NO_TLSv1_1 0
2048#endif
2049#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
2050#define SSL_OP_NO_TLSv1_2 0
2051#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002052#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002053#define SSL_OP_NO_TLSv1_3 0
2054#endif
2055#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
2056#define SSL_OP_SINGLE_DH_USE 0
2057#endif
2058#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
2059#define SSL_OP_SINGLE_ECDH_USE 0
2060#endif
2061#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
2062#define SSL_MODE_RELEASE_BUFFERS 0
2063#endif
2064#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
2065#define SSL_MODE_SMALL_BUFFERS 0
2066#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02002067#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
2068#define SSL_OP_PRIORITIZE_CHACHA 0
2069#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002070
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002071#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002072typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2073
2074static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002075{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002076#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002077 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002078 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2079#endif
2080}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002081static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2082 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002083 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2084}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002085static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002086#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002087 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002088 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2089#endif
2090}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002091static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002092#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002093 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002094 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2095#endif
2096}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002097/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002098static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2099/* Unusable in this context. */
2100static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2101static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2102static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2103static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2104static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002105#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002106typedef enum { SET_MIN, SET_MAX } set_context_func;
2107
2108static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2109 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002110 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2111}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002112static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2113 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2114 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2115}
2116static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2117 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002118 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2119}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002120static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2121 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2122 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2123}
2124static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2125 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002126 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2127}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002128static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2129 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2130 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2131}
2132static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2133 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002134 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2135}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002136static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2137 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2138 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2139}
2140static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002141#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002142 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002143 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2144#endif
2145}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002146static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2147#if SSL_OP_NO_TLSv1_3
2148 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2149 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002150#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002151}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002152#endif
2153static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2154static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002155
2156static struct {
2157 int option;
2158 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002159 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2160 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002161 const char *name;
2162} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002163 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2164 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2165 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2166 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2167 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2168 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002169};
2170
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002171static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2172{
2173 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2174 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2175 SSL_set_SSL_CTX(ssl, ctx);
2176}
2177
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002178#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002179
2180static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2181{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002182 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002183 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002184
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002185 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2186 return SSL_TLSEXT_ERR_OK;
2187 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002188}
2189
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002190#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002191static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2192{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002193 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002194#else
2195static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2196{
2197#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002198 struct connection *conn;
2199 struct bind_conf *s;
2200 const uint8_t *extension_data;
2201 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002202 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002203
2204 char *wildp = NULL;
2205 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002206 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002207 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002208 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209 int i;
2210
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002211 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002212 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002213
Olivier Houchard9679ac92017-10-27 14:58:08 +02002214 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002215 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002216#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002217 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2218 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002219#else
2220 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2221#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002222 /*
2223 * The server_name extension was given too much extensibility when it
2224 * was written, so parsing the normal case is a bit complex.
2225 */
2226 size_t len;
2227 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002228 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002229 /* Extract the length of the supplied list of names. */
2230 len = (*extension_data++) << 8;
2231 len |= *extension_data++;
2232 if (len + 2 != extension_len)
2233 goto abort;
2234 /*
2235 * The list in practice only has a single element, so we only consider
2236 * the first one.
2237 */
2238 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2239 goto abort;
2240 extension_len = len - 1;
2241 /* Now we can finally pull out the byte array with the actual hostname. */
2242 if (extension_len <= 2)
2243 goto abort;
2244 len = (*extension_data++) << 8;
2245 len |= *extension_data++;
2246 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2247 || memchr(extension_data, 0, len) != NULL)
2248 goto abort;
2249 servername = extension_data;
2250 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002251 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002252#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2253 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002254 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002255 }
2256#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002257 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002258 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002259 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002260 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002261 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002262 goto abort;
2263 }
2264
2265 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002266#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002267 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002268#else
2269 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2270#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002271 uint8_t sign;
2272 size_t len;
2273 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002274 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002275 len = (*extension_data++) << 8;
2276 len |= *extension_data++;
2277 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002278 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002279 if (len % 2 != 0)
2280 goto abort;
2281 for (; len > 0; len -= 2) {
2282 extension_data++; /* hash */
2283 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002284 switch (sign) {
2285 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002286 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002287 break;
2288 case TLSEXT_signature_ecdsa:
2289 has_ecdsa_sig = 1;
2290 break;
2291 default:
2292 continue;
2293 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002294 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002295 break;
2296 }
2297 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002298 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002299 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002300 }
2301 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002302 const SSL_CIPHER *cipher;
2303 size_t len;
2304 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002305 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002306#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002307 len = ctx->cipher_suites_len;
2308 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002309#else
2310 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2311#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002312 if (len % 2 != 0)
2313 goto abort;
2314 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002315#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002316 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002317 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002318#else
2319 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2320#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002321 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002322 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002323 break;
2324 }
2325 }
2326 }
2327
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002328 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002329 trash.area[i] = tolower(servername[i]);
2330 if (!wildp && (trash.area[i] == '.'))
2331 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002332 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002333 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002334
2335 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002336 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002337
2338 /* lookup a not neg filter */
2339 for (n = node; n; n = ebmb_next_dup(n)) {
2340 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002341 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002342 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002343 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002344 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002345 break;
2346 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002347 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002349 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002350 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002351 if (!node_anonymous)
2352 node_anonymous = n;
2353 break;
2354 }
2355 }
2356 }
2357 if (wildp) {
2358 /* lookup in wildcards names */
2359 node = ebst_lookup(&s->sni_w_ctx, wildp);
2360 for (n = node; n; n = ebmb_next_dup(n)) {
2361 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002362 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002363 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002364 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002365 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002366 break;
2367 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002368 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002370 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002371 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002372 if (!node_anonymous)
2373 node_anonymous = n;
2374 break;
2375 }
2376 }
2377 }
2378 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002379 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002380 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2381 : ((has_rsa_sig && node_rsa) ? node_rsa
2382 : (node_anonymous ? node_anonymous
2383 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2384 : node_rsa /* no rsa signature case (far far away) */
2385 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002386 if (node) {
2387 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002388 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002389 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002390 if (conf) {
2391 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2392 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2393 if (conf->early_data)
2394 allow_early = 1;
2395 }
2396 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002397 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002398#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002399 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002400 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002401 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002402 }
2403#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002404 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002405 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002406 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002407 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002408allow_early:
2409#ifdef OPENSSL_IS_BORINGSSL
2410 if (allow_early)
2411 SSL_set_early_data_enabled(ssl, 1);
2412#else
2413 if (!allow_early)
2414 SSL_set_max_early_data(ssl, 0);
2415#endif
2416 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002417 abort:
2418 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2419 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002420#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002421 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002422#else
2423 *al = SSL_AD_UNRECOGNIZED_NAME;
2424 return 0;
2425#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002426}
2427
2428#else /* OPENSSL_IS_BORINGSSL */
2429
Emeric Brunfc0421f2012-09-07 17:30:07 +02002430/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2431 * warning when no match is found, which implies the default (first) cert
2432 * will keep being used.
2433 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002434static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002435{
2436 const char *servername;
2437 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002438 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002439 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002440 int i;
2441 (void)al; /* shut gcc stupid warning */
2442
2443 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002444 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002445#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002446 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2447 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002448#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002449 if (s->strict_sni)
2450 return SSL_TLSEXT_ERR_ALERT_FATAL;
2451 ssl_sock_switchctx_set(ssl, s->default_ctx);
2452 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002453 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002454
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002455 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002456 if (!servername[i])
2457 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002458 trash.area[i] = tolower(servername[i]);
2459 if (!wildp && (trash.area[i] == '.'))
2460 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002461 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002462 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002463
2464 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002465 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002466
2467 /* lookup a not neg filter */
2468 for (n = node; n; n = ebmb_next_dup(n)) {
2469 if (!container_of(n, struct sni_ctx, name)->neg) {
2470 node = n;
2471 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002472 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002473 }
2474 if (!node && wildp) {
2475 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002476 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002477 }
2478 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002479#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002480 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2481 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002482 return SSL_TLSEXT_ERR_OK;
2483 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002484#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002485 if (s->strict_sni)
2486 return SSL_TLSEXT_ERR_ALERT_FATAL;
2487 ssl_sock_switchctx_set(ssl, s->default_ctx);
2488 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002489 }
2490
2491 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002492 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002493 return SSL_TLSEXT_ERR_OK;
2494}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002495#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002496#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2497
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002498#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002499
2500static DH * ssl_get_dh_1024(void)
2501{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002502 static unsigned char dh1024_p[]={
2503 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2504 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2505 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2506 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2507 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2508 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2509 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2510 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2511 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2512 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2513 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2514 };
2515 static unsigned char dh1024_g[]={
2516 0x02,
2517 };
2518
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002519 BIGNUM *p;
2520 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002521 DH *dh = DH_new();
2522 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002523 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2524 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002525
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002526 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002527 DH_free(dh);
2528 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002529 } else {
2530 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002531 }
2532 }
2533 return dh;
2534}
2535
2536static DH *ssl_get_dh_2048(void)
2537{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002538 static unsigned char dh2048_p[]={
2539 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2540 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2541 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2542 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2543 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2544 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2545 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2546 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2547 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2548 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2549 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2550 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2551 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2552 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2553 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2554 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2555 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2556 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2557 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2558 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2559 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2560 0xB7,0x1F,0x77,0xF3,
2561 };
2562 static unsigned char dh2048_g[]={
2563 0x02,
2564 };
2565
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002566 BIGNUM *p;
2567 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002568 DH *dh = DH_new();
2569 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002570 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2571 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002572
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002573 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002574 DH_free(dh);
2575 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002576 } else {
2577 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002578 }
2579 }
2580 return dh;
2581}
2582
2583static DH *ssl_get_dh_4096(void)
2584{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002585 static unsigned char dh4096_p[]={
2586 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2587 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2588 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2589 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2590 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2591 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2592 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2593 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2594 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2595 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2596 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2597 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2598 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2599 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2600 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2601 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2602 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2603 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2604 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2605 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2606 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2607 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2608 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2609 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2610 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2611 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2612 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2613 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2614 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2615 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2616 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2617 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2618 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2619 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2620 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2621 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2622 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2623 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2624 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2625 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2626 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2627 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2628 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002629 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002630 static unsigned char dh4096_g[]={
2631 0x02,
2632 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002633
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002634 BIGNUM *p;
2635 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002636 DH *dh = DH_new();
2637 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002638 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2639 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002640
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002641 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002642 DH_free(dh);
2643 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002644 } else {
2645 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002646 }
2647 }
2648 return dh;
2649}
2650
2651/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002652 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002653static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2654{
2655 DH *dh = NULL;
2656 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002657 int type;
2658
2659 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002660
2661 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2662 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2663 */
2664 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2665 keylen = EVP_PKEY_bits(pkey);
2666 }
2667
Willy Tarreauef934602016-12-22 23:12:01 +01002668 if (keylen > global_ssl.default_dh_param) {
2669 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002670 }
2671
Remi Gacogned3a341a2015-05-29 16:26:17 +02002672 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002673 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002674 }
2675 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002676 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677 }
2678 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002679 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002680 }
2681
2682 return dh;
2683}
2684
Remi Gacogne47783ef2015-05-29 15:53:22 +02002685static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002686{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002687 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002688 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002689
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002690 if (in == NULL)
2691 goto end;
2692
Remi Gacogne47783ef2015-05-29 15:53:22 +02002693 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002694 goto end;
2695
Remi Gacogne47783ef2015-05-29 15:53:22 +02002696 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2697
2698end:
2699 if (in)
2700 BIO_free(in);
2701
Emeric Brune1b4ed42018-08-16 15:14:12 +02002702 ERR_clear_error();
2703
Remi Gacogne47783ef2015-05-29 15:53:22 +02002704 return dh;
2705}
2706
2707int ssl_sock_load_global_dh_param_from_file(const char *filename)
2708{
2709 global_dh = ssl_sock_get_dh_from_file(filename);
2710
2711 if (global_dh) {
2712 return 0;
2713 }
2714
2715 return -1;
2716}
2717
2718/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
Joseph Herlant017b3da2018-11-15 09:07:59 -08002719 if an error occurred, and 0 if parameter not found. */
Remi Gacogne47783ef2015-05-29 15:53:22 +02002720int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2721{
2722 int ret = -1;
2723 DH *dh = ssl_sock_get_dh_from_file(file);
2724
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002725 if (dh) {
2726 ret = 1;
2727 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002728
2729 if (ssl_dh_ptr_index >= 0) {
2730 /* store a pointer to the DH params to avoid complaining about
2731 ssl-default-dh-param not being set for this SSL_CTX */
2732 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2733 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002734 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002735 else if (global_dh) {
2736 SSL_CTX_set_tmp_dh(ctx, global_dh);
2737 ret = 0; /* DH params not found */
2738 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002739 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002740 /* Clear openssl global errors stack */
2741 ERR_clear_error();
2742
Willy Tarreauef934602016-12-22 23:12:01 +01002743 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002744 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002745 if (local_dh_1024 == NULL)
2746 local_dh_1024 = ssl_get_dh_1024();
2747
Remi Gacogne8de54152014-07-15 11:36:40 +02002748 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002749 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002750
Remi Gacogne8de54152014-07-15 11:36:40 +02002751 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002752 }
2753 else {
2754 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2755 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002756
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002757 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002758 }
Emeric Brun644cde02012-12-14 11:21:13 +01002759
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002760end:
2761 if (dh)
2762 DH_free(dh);
2763
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002764 return ret;
2765}
2766#endif
2767
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002768static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002769 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002770{
2771 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002772 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002773 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002774
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002775 if (*name == '!') {
2776 neg = 1;
2777 name++;
2778 }
2779 if (*name == '*') {
2780 wild = 1;
2781 name++;
2782 }
2783 /* !* filter is a nop */
2784 if (neg && wild)
2785 return order;
2786 if (*name) {
2787 int j, len;
2788 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002789 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002790 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002791 if (j >= trash.size)
2792 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002793 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002794
2795 /* Check for duplicates. */
2796 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002797 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002798 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002799 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002800 for (; node; node = ebmb_next_dup(node)) {
2801 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002802 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002803 return order;
2804 }
2805
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002806 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002807 if (!sc)
2808 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002809 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002810 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002811 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002812 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002813 sc->order = order++;
2814 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002815 if (kinfo.sig != TLSEXT_signature_anonymous)
2816 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002817 if (wild)
2818 ebst_insert(&s->sni_w_ctx, &sc->name);
2819 else
2820 ebst_insert(&s->sni_ctx, &sc->name);
2821 }
2822 return order;
2823}
2824
yanbzhu488a4d22015-12-01 15:16:07 -05002825
2826/* The following code is used for loading multiple crt files into
2827 * SSL_CTX's based on CN/SAN
2828 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002829#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002830/* This is used to preload the certifcate, private key
2831 * and Cert Chain of a file passed in via the crt
2832 * argument
2833 *
2834 * This way, we do not have to read the file multiple times
2835 */
2836struct cert_key_and_chain {
2837 X509 *cert;
2838 EVP_PKEY *key;
2839 unsigned int num_chain_certs;
2840 /* This is an array of X509 pointers */
2841 X509 **chain_certs;
2842};
2843
yanbzhu08ce6ab2015-12-02 13:01:29 -05002844#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2845
2846struct key_combo_ctx {
2847 SSL_CTX *ctx;
2848 int order;
2849};
2850
2851/* Map used for processing multiple keypairs for a single purpose
2852 *
2853 * This maps CN/SNI name to certificate type
2854 */
2855struct sni_keytype {
2856 int keytypes; /* BITMASK for keytypes */
2857 struct ebmb_node name; /* node holding the servername value */
2858};
2859
2860
yanbzhu488a4d22015-12-01 15:16:07 -05002861/* Frees the contents of a cert_key_and_chain
2862 */
2863static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2864{
2865 int i;
2866
2867 if (!ckch)
2868 return;
2869
2870 /* Free the certificate and set pointer to NULL */
2871 if (ckch->cert)
2872 X509_free(ckch->cert);
2873 ckch->cert = NULL;
2874
2875 /* Free the key and set pointer to NULL */
2876 if (ckch->key)
2877 EVP_PKEY_free(ckch->key);
2878 ckch->key = NULL;
2879
2880 /* Free each certificate in the chain */
2881 for (i = 0; i < ckch->num_chain_certs; i++) {
2882 if (ckch->chain_certs[i])
2883 X509_free(ckch->chain_certs[i]);
2884 }
2885
2886 /* Free the chain obj itself and set to NULL */
2887 if (ckch->num_chain_certs > 0) {
2888 free(ckch->chain_certs);
2889 ckch->num_chain_certs = 0;
2890 ckch->chain_certs = NULL;
2891 }
2892
2893}
2894
2895/* checks if a key and cert exists in the ckch
2896 */
2897static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2898{
2899 return (ckch->cert != NULL && ckch->key != NULL);
2900}
2901
2902
2903/* Loads the contents of a crt file (path) into a cert_key_and_chain
2904 * This allows us to carry the contents of the file without having to
2905 * read the file multiple times.
2906 *
2907 * returns:
2908 * 0 on Success
2909 * 1 on SSL Failure
2910 * 2 on file not found
2911 */
2912static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2913{
2914
2915 BIO *in;
2916 X509 *ca = NULL;
2917 int ret = 1;
2918
2919 ssl_sock_free_cert_key_and_chain_contents(ckch);
2920
2921 in = BIO_new(BIO_s_file());
2922 if (in == NULL)
2923 goto end;
2924
2925 if (BIO_read_filename(in, path) <= 0)
2926 goto end;
2927
yanbzhu488a4d22015-12-01 15:16:07 -05002928 /* Read Private Key */
2929 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2930 if (ckch->key == NULL) {
2931 memprintf(err, "%sunable to load private key from file '%s'.\n",
2932 err && *err ? *err : "", path);
2933 goto end;
2934 }
2935
Willy Tarreaubb137a82016-04-06 19:02:38 +02002936 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002937 if (BIO_reset(in) == -1) {
2938 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2939 err && *err ? *err : "", path);
2940 goto end;
2941 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002942
2943 /* Read Certificate */
2944 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2945 if (ckch->cert == NULL) {
2946 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2947 err && *err ? *err : "", path);
2948 goto end;
2949 }
2950
yanbzhu488a4d22015-12-01 15:16:07 -05002951 /* Read Certificate Chain */
2952 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2953 /* Grow the chain certs */
2954 ckch->num_chain_certs++;
2955 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2956
2957 /* use - 1 here since we just incremented it above */
2958 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2959 }
2960 ret = ERR_get_error();
2961 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2962 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2963 err && *err ? *err : "", path);
2964 ret = 1;
2965 goto end;
2966 }
2967
2968 ret = 0;
2969
2970end:
2971
2972 ERR_clear_error();
2973 if (in)
2974 BIO_free(in);
2975
2976 /* Something went wrong in one of the reads */
2977 if (ret != 0)
2978 ssl_sock_free_cert_key_and_chain_contents(ckch);
2979
2980 return ret;
2981}
2982
2983/* Loads the info in ckch into ctx
2984 * Currently, this does not process any information about ocsp, dhparams or
2985 * sctl
2986 * Returns
2987 * 0 on success
2988 * 1 on failure
2989 */
2990static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2991{
2992 int i = 0;
2993
2994 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2995 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2996 err && *err ? *err : "", path);
2997 return 1;
2998 }
2999
3000 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3001 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3002 err && *err ? *err : "", path);
3003 return 1;
3004 }
3005
yanbzhu488a4d22015-12-01 15:16:07 -05003006 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3007 for (i = 0; i < ckch->num_chain_certs; i++) {
3008 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003009 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3010 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05003011 return 1;
3012 }
3013 }
3014
3015 if (SSL_CTX_check_private_key(ctx) <= 0) {
3016 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3017 err && *err ? *err : "", path);
3018 return 1;
3019 }
3020
3021 return 0;
3022}
3023
yanbzhu08ce6ab2015-12-02 13:01:29 -05003024
3025static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3026{
3027 struct sni_keytype *s_kt = NULL;
3028 struct ebmb_node *node;
3029 int i;
3030
3031 for (i = 0; i < trash.size; i++) {
3032 if (!str[i])
3033 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003034 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003035 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003036 trash.area[i] = 0;
3037 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003038 if (!node) {
3039 /* CN not found in tree */
3040 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3041 /* Using memcpy here instead of strncpy.
3042 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3043 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3044 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003045 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003046 s_kt->keytypes = 0;
3047 ebst_insert(sni_keytypes, &s_kt->name);
3048 } else {
3049 /* CN found in tree */
3050 s_kt = container_of(node, struct sni_keytype, name);
3051 }
3052
3053 /* Mark that this CN has the keytype of key_index via keytypes mask */
3054 s_kt->keytypes |= 1<<key_index;
3055
3056}
3057
3058
3059/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3060 * If any are found, group these files into a set of SSL_CTX*
3061 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3062 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003063 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003064 *
3065 * Returns
3066 * 0 on success
3067 * 1 on failure
3068 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003069static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3070 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003071{
3072 char fp[MAXPATHLEN+1] = {0};
3073 int n = 0;
3074 int i = 0;
3075 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3076 struct eb_root sni_keytypes_map = { {0} };
3077 struct ebmb_node *node;
3078 struct ebmb_node *next;
3079 /* Array of SSL_CTX pointers corresponding to each possible combo
3080 * of keytypes
3081 */
3082 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3083 int rv = 0;
3084 X509_NAME *xname = NULL;
3085 char *str = NULL;
3086#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3087 STACK_OF(GENERAL_NAME) *names = NULL;
3088#endif
3089
3090 /* Load all possible certs and keys */
3091 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3092 struct stat buf;
3093
3094 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3095 if (stat(fp, &buf) == 0) {
3096 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3097 rv = 1;
3098 goto end;
3099 }
3100 }
3101 }
3102
3103 /* Process each ckch and update keytypes for each CN/SAN
3104 * for example, if CN/SAN www.a.com is associated with
3105 * certs with keytype 0 and 2, then at the end of the loop,
3106 * www.a.com will have:
3107 * keyindex = 0 | 1 | 4 = 5
3108 */
3109 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3110
3111 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3112 continue;
3113
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003114 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003115 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003116 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3117 } else {
3118 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3119 * so the line that contains logic is marked via comments
3120 */
3121 xname = X509_get_subject_name(certs_and_keys[n].cert);
3122 i = -1;
3123 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3124 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003125 ASN1_STRING *value;
3126 value = X509_NAME_ENTRY_get_data(entry);
3127 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003128 /* Important line is here */
3129 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003130
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003131 OPENSSL_free(str);
3132 str = NULL;
3133 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003134 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003135
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003136 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003137#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003138 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3139 if (names) {
3140 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3141 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003142
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003143 if (name->type == GEN_DNS) {
3144 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3145 /* Important line is here */
3146 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003147
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003148 OPENSSL_free(str);
3149 str = NULL;
3150 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003151 }
3152 }
3153 }
3154 }
3155#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3156 }
3157
3158 /* If no files found, return error */
3159 if (eb_is_empty(&sni_keytypes_map)) {
3160 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3161 err && *err ? *err : "", path);
3162 rv = 1;
3163 goto end;
3164 }
3165
3166 /* We now have a map of CN/SAN to keytypes that are loaded in
3167 * Iterate through the map to create the SSL_CTX's (if needed)
3168 * and add each CTX to the SNI tree
3169 *
3170 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003171 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003172 * combination is denoted by the key in the map. Each key
3173 * has a value between 1 and 2^n - 1. Conveniently, the array
3174 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3175 * entry in the array to correspond to the unique combo (key)
3176 * associated with i. This unique key combo (i) will be associated
3177 * with combos[i-1]
3178 */
3179
3180 node = ebmb_first(&sni_keytypes_map);
3181 while (node) {
3182 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003183 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003184 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003185
3186 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3187 i = container_of(node, struct sni_keytype, name)->keytypes;
3188 cur_ctx = key_combos[i-1].ctx;
3189
3190 if (cur_ctx == NULL) {
3191 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003192 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003193 if (cur_ctx == NULL) {
3194 memprintf(err, "%sunable to allocate SSL context.\n",
3195 err && *err ? *err : "");
3196 rv = 1;
3197 goto end;
3198 }
3199
yanbzhube2774d2015-12-10 15:07:30 -05003200 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003201 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3202 if (i & (1<<n)) {
3203 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003204 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3205 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003206 SSL_CTX_free(cur_ctx);
3207 rv = 1;
3208 goto end;
3209 }
yanbzhube2774d2015-12-10 15:07:30 -05003210
3211#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3212 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003213 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003214 if (err)
3215 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003216 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003217 SSL_CTX_free(cur_ctx);
3218 rv = 1;
3219 goto end;
3220 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003221#elif (defined OPENSSL_IS_BORINGSSL)
3222 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003223#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003224 }
3225 }
3226
3227 /* Load DH params into the ctx to support DHE keys */
3228#ifndef OPENSSL_NO_DH
3229 if (ssl_dh_ptr_index >= 0)
3230 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3231
3232 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3233 if (rv < 0) {
3234 if (err)
3235 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3236 *err ? *err : "", path);
3237 rv = 1;
3238 goto end;
3239 }
3240#endif
3241
3242 /* Update key_combos */
3243 key_combos[i-1].ctx = cur_ctx;
3244 }
3245
3246 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003247 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003248 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003249 node = ebmb_next(node);
3250 }
3251
3252
3253 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3254 if (!bind_conf->default_ctx) {
3255 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3256 if (key_combos[i].ctx) {
3257 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003258 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003259 break;
3260 }
3261 }
3262 }
3263
3264end:
3265
3266 if (names)
3267 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3268
3269 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3270 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3271
3272 node = ebmb_first(&sni_keytypes_map);
3273 while (node) {
3274 next = ebmb_next(node);
3275 ebmb_delete(node);
3276 node = next;
3277 }
3278
3279 return rv;
3280}
3281#else
3282/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003283static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3284 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003285{
3286 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3287 err && *err ? *err : "", path, strerror(errno));
3288 return 1;
3289}
3290
yanbzhu488a4d22015-12-01 15:16:07 -05003291#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3292
Emeric Brunfc0421f2012-09-07 17:30:07 +02003293/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3294 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3295 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003296static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3297 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003298{
3299 BIO *in;
3300 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003301 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003302 int ret = -1;
3303 int order = 0;
3304 X509_NAME *xname;
3305 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003306 pem_password_cb *passwd_cb;
3307 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003308 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003309 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003310
Emeric Brunfc0421f2012-09-07 17:30:07 +02003311#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3312 STACK_OF(GENERAL_NAME) *names;
3313#endif
3314
3315 in = BIO_new(BIO_s_file());
3316 if (in == NULL)
3317 goto end;
3318
3319 if (BIO_read_filename(in, file) <= 0)
3320 goto end;
3321
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003322
3323 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3324 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3325
3326 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003327 if (x == NULL)
3328 goto end;
3329
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003330 pkey = X509_get_pubkey(x);
3331 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003332 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003333 switch(EVP_PKEY_base_id(pkey)) {
3334 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003335 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003336 break;
3337 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003338 kinfo.sig = TLSEXT_signature_ecdsa;
3339 break;
3340 case EVP_PKEY_DSA:
3341 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003342 break;
3343 }
3344 EVP_PKEY_free(pkey);
3345 }
3346
Emeric Brun50bcecc2013-04-22 13:05:23 +02003347 if (fcount) {
3348 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003349 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003350 }
3351 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003352#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003353 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3354 if (names) {
3355 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3356 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3357 if (name->type == GEN_DNS) {
3358 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003359 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003360 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003361 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003362 }
3363 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003364 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003365 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003366#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003367 xname = X509_get_subject_name(x);
3368 i = -1;
3369 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3370 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003371 ASN1_STRING *value;
3372
3373 value = X509_NAME_ENTRY_get_data(entry);
3374 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003375 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003376 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003377 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003378 }
3379 }
3380
3381 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3382 if (!SSL_CTX_use_certificate(ctx, x))
3383 goto end;
3384
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003385#ifdef SSL_CTX_clear_extra_chain_certs
3386 SSL_CTX_clear_extra_chain_certs(ctx);
3387#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003388 if (ctx->extra_certs != NULL) {
3389 sk_X509_pop_free(ctx->extra_certs, X509_free);
3390 ctx->extra_certs = NULL;
3391 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003392#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003393
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003394 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003395 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3396 X509_free(ca);
3397 goto end;
3398 }
3399 }
3400
3401 err = ERR_get_error();
3402 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3403 /* we successfully reached the last cert in the file */
3404 ret = 1;
3405 }
3406 ERR_clear_error();
3407
3408end:
3409 if (x)
3410 X509_free(x);
3411
3412 if (in)
3413 BIO_free(in);
3414
3415 return ret;
3416}
3417
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003418static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3419 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003420{
3421 int ret;
3422 SSL_CTX *ctx;
3423
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003424 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003425 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003426 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3427 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003428 return 1;
3429 }
3430
3431 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003432 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3433 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003434 SSL_CTX_free(ctx);
3435 return 1;
3436 }
3437
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003438 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003439 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003440 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3441 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003442 if (ret < 0) /* serious error, must do that ourselves */
3443 SSL_CTX_free(ctx);
3444 return 1;
3445 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003446
3447 if (SSL_CTX_check_private_key(ctx) <= 0) {
3448 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3449 err && *err ? *err : "", path);
3450 return 1;
3451 }
3452
Emeric Brunfc0421f2012-09-07 17:30:07 +02003453 /* we must not free the SSL_CTX anymore below, since it's already in
3454 * the tree, so it will be discovered and cleaned in time.
3455 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003456#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003457 /* store a NULL pointer to indicate we have not yet loaded
3458 a custom DH param file */
3459 if (ssl_dh_ptr_index >= 0) {
3460 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3461 }
3462
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003463 ret = ssl_sock_load_dh_params(ctx, path);
3464 if (ret < 0) {
3465 if (err)
3466 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3467 *err ? *err : "", path);
3468 return 1;
3469 }
3470#endif
3471
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003472#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003473 ret = ssl_sock_load_ocsp(ctx, path);
3474 if (ret < 0) {
3475 if (err)
3476 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3477 *err ? *err : "", path);
3478 return 1;
3479 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003480#elif (defined OPENSSL_IS_BORINGSSL)
3481 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003482#endif
3483
Daniel Jakots54ffb912015-11-06 20:02:41 +01003484#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003485 if (sctl_ex_index >= 0) {
3486 ret = ssl_sock_load_sctl(ctx, path);
3487 if (ret < 0) {
3488 if (err)
3489 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3490 *err ? *err : "", path);
3491 return 1;
3492 }
3493 }
3494#endif
3495
Emeric Brunfc0421f2012-09-07 17:30:07 +02003496#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003497 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003498 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3499 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003500 return 1;
3501 }
3502#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003503 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003504 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003505 bind_conf->default_ssl_conf = ssl_conf;
3506 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003507
3508 return 0;
3509}
3510
Willy Tarreau03209342016-12-22 17:08:28 +01003511int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003512{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003513 struct dirent **de_list;
3514 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003515 DIR *dir;
3516 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003517 char *end;
3518 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003519 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003520#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3521 int is_bundle;
3522 int j;
3523#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003524
yanbzhu08ce6ab2015-12-02 13:01:29 -05003525 if (stat(path, &buf) == 0) {
3526 dir = opendir(path);
3527 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003528 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003529
yanbzhu08ce6ab2015-12-02 13:01:29 -05003530 /* strip trailing slashes, including first one */
3531 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3532 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003533
yanbzhu08ce6ab2015-12-02 13:01:29 -05003534 n = scandir(path, &de_list, 0, alphasort);
3535 if (n < 0) {
3536 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3537 err && *err ? *err : "", path, strerror(errno));
3538 cfgerr++;
3539 }
3540 else {
3541 for (i = 0; i < n; i++) {
3542 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003543
yanbzhu08ce6ab2015-12-02 13:01:29 -05003544 end = strrchr(de->d_name, '.');
3545 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3546 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003547
yanbzhu08ce6ab2015-12-02 13:01:29 -05003548 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3549 if (stat(fp, &buf) != 0) {
3550 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3551 err && *err ? *err : "", fp, strerror(errno));
3552 cfgerr++;
3553 goto ignore_entry;
3554 }
3555 if (!S_ISREG(buf.st_mode))
3556 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003557
3558#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3559 is_bundle = 0;
3560 /* Check if current entry in directory is part of a multi-cert bundle */
3561
3562 if (end) {
3563 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3564 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3565 is_bundle = 1;
3566 break;
3567 }
3568 }
3569
3570 if (is_bundle) {
3571 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3572 int dp_len;
3573
3574 dp_len = end - de->d_name;
3575 snprintf(dp, dp_len + 1, "%s", de->d_name);
3576
3577 /* increment i and free de until we get to a non-bundle cert
3578 * Note here that we look at de_list[i + 1] before freeing de
3579 * this is important since ignore_entry will free de
3580 */
3581 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3582 free(de);
3583 i++;
3584 de = de_list[i];
3585 }
3586
3587 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003588 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003589
3590 /* Successfully processed the bundle */
3591 goto ignore_entry;
3592 }
3593 }
3594
3595#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003596 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003597ignore_entry:
3598 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003599 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003600 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003601 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003602 closedir(dir);
3603 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003604 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003605
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003606 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003607
Emeric Brunfc0421f2012-09-07 17:30:07 +02003608 return cfgerr;
3609}
3610
Thierry Fournier383085f2013-01-24 14:15:43 +01003611/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3612 * done once. Zero is returned if the operation fails. No error is returned
3613 * if the random is said as not implemented, because we expect that openssl
3614 * will use another method once needed.
3615 */
3616static int ssl_initialize_random()
3617{
3618 unsigned char random;
3619 static int random_initialized = 0;
3620
3621 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3622 random_initialized = 1;
3623
3624 return random_initialized;
3625}
3626
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003627/* release ssl bind conf */
3628void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003629{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003630 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003631#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003632 free(conf->npn_str);
3633 conf->npn_str = NULL;
3634#endif
3635#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3636 free(conf->alpn_str);
3637 conf->alpn_str = NULL;
3638#endif
3639 free(conf->ca_file);
3640 conf->ca_file = NULL;
3641 free(conf->crl_file);
3642 conf->crl_file = NULL;
3643 free(conf->ciphers);
3644 conf->ciphers = NULL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003645#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
3646 free(conf->ciphersuites);
3647 conf->ciphersuites = NULL;
3648#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003649 free(conf->curves);
3650 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003651 free(conf->ecdhe);
3652 conf->ecdhe = NULL;
3653 }
3654}
3655
3656int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3657{
3658 char thisline[CRT_LINESIZE];
3659 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003660 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003661 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003662 int linenum = 0;
3663 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003664
Willy Tarreauad1731d2013-04-02 17:35:58 +02003665 if ((f = fopen(file, "r")) == NULL) {
3666 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003667 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003668 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003669
3670 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003671 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003672 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003673 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003674 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003675 char *crt_path;
3676 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003677
3678 linenum++;
3679 end = line + strlen(line);
3680 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3681 /* Check if we reached the limit and the last char is not \n.
3682 * Watch out for the last line without the terminating '\n'!
3683 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003684 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3685 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003686 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003687 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003688 }
3689
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003690 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003691 newarg = 1;
3692 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003693 if (*line == '#' || *line == '\n' || *line == '\r') {
3694 /* end of string, end of loop */
3695 *line = 0;
3696 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003697 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003698 newarg = 1;
3699 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003700 } else if (*line == '[') {
3701 if (ssl_b) {
3702 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3703 cfgerr = 1;
3704 break;
3705 }
3706 if (!arg) {
3707 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3708 cfgerr = 1;
3709 break;
3710 }
3711 ssl_b = arg;
3712 newarg = 1;
3713 *line = 0;
3714 } else if (*line == ']') {
3715 if (ssl_e) {
3716 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003717 cfgerr = 1;
3718 break;
3719 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003720 if (!ssl_b) {
3721 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3722 cfgerr = 1;
3723 break;
3724 }
3725 ssl_e = arg;
3726 newarg = 1;
3727 *line = 0;
3728 } else if (newarg) {
3729 if (arg == MAX_CRT_ARGS) {
3730 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3731 cfgerr = 1;
3732 break;
3733 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003734 newarg = 0;
3735 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003736 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003737 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003738 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003739 if (cfgerr)
3740 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003741 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003742
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003743 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003744 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003745 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003746
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003747 crt_path = args[0];
3748 if (*crt_path != '/' && global_ssl.crt_base) {
3749 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3750 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3751 crt_path, linenum, file);
3752 cfgerr = 1;
3753 break;
3754 }
3755 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3756 crt_path = path;
3757 }
3758
3759 ssl_conf = calloc(1, sizeof *ssl_conf);
3760 cur_arg = ssl_b ? ssl_b : 1;
3761 while (cur_arg < ssl_e) {
3762 newarg = 0;
3763 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3764 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3765 newarg = 1;
3766 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3767 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3768 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3769 args[cur_arg], linenum, file);
3770 cfgerr = 1;
3771 }
3772 cur_arg += 1 + ssl_bind_kws[i].skip;
3773 break;
3774 }
3775 }
3776 if (!cfgerr && !newarg) {
3777 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3778 args[cur_arg], linenum, file);
3779 cfgerr = 1;
3780 break;
3781 }
3782 }
3783 if (cfgerr) {
3784 ssl_sock_free_ssl_conf(ssl_conf);
3785 free(ssl_conf);
3786 ssl_conf = NULL;
3787 break;
3788 }
3789
3790 if (stat(crt_path, &buf) == 0) {
3791 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3792 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003793 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003794 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3795 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003796 }
3797
Willy Tarreauad1731d2013-04-02 17:35:58 +02003798 if (cfgerr) {
3799 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003800 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003801 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003802 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003803 fclose(f);
3804 return cfgerr;
3805}
3806
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003807/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003808static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003809ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003810{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003811 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003812 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003813 SSL_OP_ALL | /* all known workarounds for bugs */
3814 SSL_OP_NO_SSLv2 |
3815 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003816 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003817 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003818 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003819 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003820 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003821 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003822 SSL_MODE_ENABLE_PARTIAL_WRITE |
3823 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003824 SSL_MODE_RELEASE_BUFFERS |
3825 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003826 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003827 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003828 int flags = MC_SSL_O_ALL;
3829 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003830
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003831 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003832 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003833
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003834 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003835 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3836 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3837 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003838 else
3839 flags = conf_ssl_methods->flags;
3840
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003841 min = conf_ssl_methods->min;
3842 max = conf_ssl_methods->max;
3843 /* start with TLSv10 to remove SSLv3 per default */
3844 if (!min && (!max || max >= CONF_TLSV10))
3845 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003846 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003847 if (min)
3848 flags |= (methodVersions[min].flag - 1);
3849 if (max)
3850 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003851 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003852 min = max = CONF_TLSV_NONE;
3853 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003854 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003855 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003856 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003857 if (min) {
3858 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003859 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3860 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3861 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3862 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003863 hole = 0;
3864 }
3865 max = i;
3866 }
3867 else {
3868 min = max = i;
3869 }
3870 }
3871 else {
3872 if (min)
3873 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003874 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003875 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003876 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3877 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003878 cfgerr += 1;
3879 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003880 /* save real min/max in bind_conf */
3881 conf_ssl_methods->min = min;
3882 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003883
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003884#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003885 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003886 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003887 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003888 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003889 else
3890 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3891 if (flags & methodVersions[i].flag)
3892 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003893#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003894 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003895 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3896 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003897#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003898
3899 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3900 options |= SSL_OP_NO_TICKET;
3901 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3902 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08003903
3904#ifdef SSL_OP_NO_RENEGOTIATION
3905 options |= SSL_OP_NO_RENEGOTIATION;
3906#endif
3907
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003908 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003909
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003910#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003911 if (global_ssl.async)
3912 mode |= SSL_MODE_ASYNC;
3913#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003914 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003915 if (global_ssl.life_time)
3916 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003917
3918#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3919#ifdef OPENSSL_IS_BORINGSSL
3920 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3921 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003922#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01003923 if (bind_conf->ssl_conf.early_data) {
3924 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
3925 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
3926 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003927 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3928 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003929#else
3930 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003931#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003932 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003933#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003934 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003935}
3936
William Lallemand4f45bb92017-10-30 20:08:51 +01003937
3938static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3939{
3940 if (first == block) {
3941 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3942 if (first->len > 0)
3943 sh_ssl_sess_tree_delete(sh_ssl_sess);
3944 }
3945}
3946
3947/* return first block from sh_ssl_sess */
3948static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3949{
3950 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3951
3952}
3953
3954/* store a session into the cache
3955 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3956 * data: asn1 encoded session
3957 * data_len: asn1 encoded session length
3958 * Returns 1 id session was stored (else 0)
3959 */
3960static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3961{
3962 struct shared_block *first;
3963 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3964
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02003965 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01003966 if (!first) {
3967 /* Could not retrieve enough free blocks to store that session */
3968 return 0;
3969 }
3970
3971 /* STORE the key in the first elem */
3972 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3973 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3974 first->len = sizeof(struct sh_ssl_sess_hdr);
3975
3976 /* it returns the already existing node
3977 or current node if none, never returns null */
3978 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3979 if (oldsh_ssl_sess != sh_ssl_sess) {
3980 /* NOTE: Row couldn't be in use because we lock read & write function */
3981 /* release the reserved row */
3982 shctx_row_dec_hot(ssl_shctx, first);
3983 /* replace the previous session already in the tree */
3984 sh_ssl_sess = oldsh_ssl_sess;
3985 /* ignore the previous session data, only use the header */
3986 first = sh_ssl_sess_first_block(sh_ssl_sess);
3987 shctx_row_inc_hot(ssl_shctx, first);
3988 first->len = sizeof(struct sh_ssl_sess_hdr);
3989 }
3990
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02003991 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01003992 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003993 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01003994 }
3995
3996 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003997
3998 return 1;
3999}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004000
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004001/* SSL callback used when a new session is created while connecting to a server */
4002static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4003{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004004 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004005 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004006
Willy Tarreau07d94e42018-09-20 10:57:52 +02004007 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004008
Olivier Houcharde6060c52017-11-16 17:42:52 +01004009 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4010 int len;
4011 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004012
Olivier Houcharde6060c52017-11-16 17:42:52 +01004013 len = i2d_SSL_SESSION(sess, NULL);
4014 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4015 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4016 } else {
4017 free(s->ssl_ctx.reused_sess[tid].ptr);
4018 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4019 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4020 }
4021 if (s->ssl_ctx.reused_sess[tid].ptr) {
4022 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4023 &ptr);
4024 }
4025 } else {
4026 free(s->ssl_ctx.reused_sess[tid].ptr);
4027 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4028 }
4029
4030 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004031}
4032
Olivier Houcharde6060c52017-11-16 17:42:52 +01004033
William Lallemanded0b5ad2017-10-30 19:36:36 +01004034/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004035int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004036{
4037 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4038 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4039 unsigned char *p;
4040 int data_len;
4041 unsigned int sid_length, sid_ctx_length;
4042 const unsigned char *sid_data;
4043 const unsigned char *sid_ctx_data;
4044
4045 /* Session id is already stored in to key and session id is known
4046 * so we dont store it to keep size.
4047 */
4048
4049 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4050 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4051 SSL_SESSION_set1_id(sess, sid_data, 0);
4052 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4053
4054 /* check if buffer is large enough for the ASN1 encoded session */
4055 data_len = i2d_SSL_SESSION(sess, NULL);
4056 if (data_len > SHSESS_MAX_DATA_LEN)
4057 goto err;
4058
4059 p = encsess;
4060
4061 /* process ASN1 session encoding before the lock */
4062 i2d_SSL_SESSION(sess, &p);
4063
4064 memcpy(encid, sid_data, sid_length);
4065 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4066 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4067
William Lallemanda3c77cf2017-10-30 23:44:40 +01004068 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004069 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004070 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004071 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004072err:
4073 /* reset original length values */
4074 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4075 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4076
4077 return 0; /* do not increment session reference count */
4078}
4079
4080/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004081SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004082{
William Lallemand4f45bb92017-10-30 20:08:51 +01004083 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004084 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4085 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004086 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004087 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004088
4089 global.shctx_lookups++;
4090
4091 /* allow the session to be freed automatically by openssl */
4092 *do_copy = 0;
4093
4094 /* tree key is zeros padded sessionid */
4095 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4096 memcpy(tmpkey, key, key_len);
4097 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4098 key = tmpkey;
4099 }
4100
4101 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004102 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004103
4104 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004105 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4106 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004107 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004108 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004109 global.shctx_misses++;
4110 return NULL;
4111 }
4112
William Lallemand4f45bb92017-10-30 20:08:51 +01004113 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4114 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004115
William Lallemand4f45bb92017-10-30 20:08:51 +01004116 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004117
William Lallemanda3c77cf2017-10-30 23:44:40 +01004118 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004119
4120 /* decode ASN1 session */
4121 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004122 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004123 /* Reset session id and session id contenxt */
4124 if (sess) {
4125 SSL_SESSION_set1_id(sess, key, key_len);
4126 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4127 }
4128
4129 return sess;
4130}
4131
William Lallemand4f45bb92017-10-30 20:08:51 +01004132
William Lallemanded0b5ad2017-10-30 19:36:36 +01004133/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004134void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004135{
William Lallemand4f45bb92017-10-30 20:08:51 +01004136 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004137 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4138 unsigned int sid_length;
4139 const unsigned char *sid_data;
4140 (void)ctx;
4141
4142 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4143 /* tree key is zeros padded sessionid */
4144 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4145 memcpy(tmpkey, sid_data, sid_length);
4146 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4147 sid_data = tmpkey;
4148 }
4149
William Lallemanda3c77cf2017-10-30 23:44:40 +01004150 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004151
4152 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004153 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4154 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004155 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004156 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004157 }
4158
4159 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004160 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004161}
4162
4163/* Set session cache mode to server and disable openssl internal cache.
4164 * Set shared cache callbacks on an ssl context.
4165 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004166void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004167{
4168 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4169
4170 if (!ssl_shctx) {
4171 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4172 return;
4173 }
4174
4175 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4176 SSL_SESS_CACHE_NO_INTERNAL |
4177 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4178
4179 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004180 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4181 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4182 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004183}
4184
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004185int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4186{
4187 struct proxy *curproxy = bind_conf->frontend;
4188 int cfgerr = 0;
4189 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004190 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004191 const char *conf_ciphers;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004192#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4193 const char *conf_ciphersuites;
4194#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004195 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004196
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004197 if (ssl_conf) {
4198 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4199 int i, min, max;
4200 int flags = MC_SSL_O_ALL;
4201
4202 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004203 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4204 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004205 if (min)
4206 flags |= (methodVersions[min].flag - 1);
4207 if (max)
4208 flags |= ~((methodVersions[max].flag << 1) - 1);
4209 min = max = CONF_TLSV_NONE;
4210 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4211 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4212 if (min)
4213 max = i;
4214 else
4215 min = max = i;
4216 }
4217 /* save real min/max */
4218 conf_ssl_methods->min = min;
4219 conf_ssl_methods->max = max;
4220 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004221 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4222 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004223 cfgerr += 1;
4224 }
4225 }
4226
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004227 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004228 case SSL_SOCK_VERIFY_NONE:
4229 verify = SSL_VERIFY_NONE;
4230 break;
4231 case SSL_SOCK_VERIFY_OPTIONAL:
4232 verify = SSL_VERIFY_PEER;
4233 break;
4234 case SSL_SOCK_VERIFY_REQUIRED:
4235 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4236 break;
4237 }
4238 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4239 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004240 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4241 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4242 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004243 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004244 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004245 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4246 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004247 cfgerr++;
4248 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004249 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4250 /* set CA names for client cert request, function returns void */
4251 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4252 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004253 }
Emeric Brun850efd52014-01-29 12:24:34 +01004254 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004255 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4256 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004257 cfgerr++;
4258 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004259#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004260 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004261 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4262
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004263 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004264 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4265 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004266 cfgerr++;
4267 }
Emeric Brun561e5742012-10-02 15:20:55 +02004268 else {
4269 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4270 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004271 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004272#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004273 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004274 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004275#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004276 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004277 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004278 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4279 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004280 cfgerr++;
4281 }
4282 }
4283#endif
4284
William Lallemand4f45bb92017-10-30 20:08:51 +01004285 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004286 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4287 if (conf_ciphers &&
4288 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004289 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4290 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004291 cfgerr++;
4292 }
4293
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004294#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4295 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4296 if (conf_ciphersuites &&
4297 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4298 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4299 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4300 cfgerr++;
4301 }
4302#endif
4303
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004304#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004305 /* If tune.ssl.default-dh-param has not been set,
4306 neither has ssl-default-dh-file and no static DH
4307 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004308 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004309 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004310 (ssl_dh_ptr_index == -1 ||
4311 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004312 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4313 const SSL_CIPHER * cipher = NULL;
4314 char cipher_description[128];
4315 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4316 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4317 which is not ephemeral DH. */
4318 const char dhe_description[] = " Kx=DH ";
4319 const char dhe_export_description[] = " Kx=DH(";
4320 int idx = 0;
4321 int dhe_found = 0;
4322 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004323
Remi Gacogne23d5d372014-10-10 17:04:26 +02004324 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004325
Remi Gacogne23d5d372014-10-10 17:04:26 +02004326 if (ssl) {
4327 ciphers = SSL_get_ciphers(ssl);
4328
4329 if (ciphers) {
4330 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4331 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4332 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4333 if (strstr(cipher_description, dhe_description) != NULL ||
4334 strstr(cipher_description, dhe_export_description) != NULL) {
4335 dhe_found = 1;
4336 break;
4337 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004338 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004339 }
4340 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004341 SSL_free(ssl);
4342 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004343 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004344
Lukas Tribus90132722014-08-18 00:56:33 +02004345 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004346 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004347 }
4348
Willy Tarreauef934602016-12-22 23:12:01 +01004349 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004350 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004351
Willy Tarreauef934602016-12-22 23:12:01 +01004352 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004353 if (local_dh_1024 == NULL) {
4354 local_dh_1024 = ssl_get_dh_1024();
4355 }
Willy Tarreauef934602016-12-22 23:12:01 +01004356 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004357 if (local_dh_2048 == NULL) {
4358 local_dh_2048 = ssl_get_dh_2048();
4359 }
Willy Tarreauef934602016-12-22 23:12:01 +01004360 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004361 if (local_dh_4096 == NULL) {
4362 local_dh_4096 = ssl_get_dh_4096();
4363 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004364 }
4365 }
4366 }
4367#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004368
Emeric Brunfc0421f2012-09-07 17:30:07 +02004369 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004370#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004371 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004372#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004373
Bernard Spil13c53f82018-02-15 13:34:58 +01004374#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004375 ssl_conf_cur = NULL;
4376 if (ssl_conf && ssl_conf->npn_str)
4377 ssl_conf_cur = ssl_conf;
4378 else if (bind_conf->ssl_conf.npn_str)
4379 ssl_conf_cur = &bind_conf->ssl_conf;
4380 if (ssl_conf_cur)
4381 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004382#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004383#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004384 ssl_conf_cur = NULL;
4385 if (ssl_conf && ssl_conf->alpn_str)
4386 ssl_conf_cur = ssl_conf;
4387 else if (bind_conf->ssl_conf.alpn_str)
4388 ssl_conf_cur = &bind_conf->ssl_conf;
4389 if (ssl_conf_cur)
4390 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004391#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004392#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4393 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4394 if (conf_curves) {
4395 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004396 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4397 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004398 cfgerr++;
4399 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004400#if defined(SSL_CTX_set_ecdh_auto)
4401 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4402#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004403 }
4404#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004405#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004406 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004407 int i;
4408 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004409#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004410 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004411 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4412 NULL);
4413
4414 if (ecdhe == NULL) {
4415 SSL_CTX_set_dh_auto(ctx, 1);
4416 return cfgerr;
4417 }
4418#else
4419 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4420 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4421 ECDHE_DEFAULT_CURVE);
4422#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004423
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004424 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004425 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004426 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4427 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004428 cfgerr++;
4429 }
4430 else {
4431 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4432 EC_KEY_free(ecdh);
4433 }
4434 }
4435#endif
4436
Emeric Brunfc0421f2012-09-07 17:30:07 +02004437 return cfgerr;
4438}
4439
Evan Broderbe554312013-06-27 00:05:25 -07004440static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4441{
4442 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4443 size_t prefixlen, suffixlen;
4444
4445 /* Trivial case */
4446 if (strcmp(pattern, hostname) == 0)
4447 return 1;
4448
Evan Broderbe554312013-06-27 00:05:25 -07004449 /* The rest of this logic is based on RFC 6125, section 6.4.3
4450 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4451
Emeric Bruna848dae2013-10-08 11:27:28 +02004452 pattern_wildcard = NULL;
4453 pattern_left_label_end = pattern;
4454 while (*pattern_left_label_end != '.') {
4455 switch (*pattern_left_label_end) {
4456 case 0:
4457 /* End of label not found */
4458 return 0;
4459 case '*':
4460 /* If there is more than one wildcards */
4461 if (pattern_wildcard)
4462 return 0;
4463 pattern_wildcard = pattern_left_label_end;
4464 break;
4465 }
4466 pattern_left_label_end++;
4467 }
4468
4469 /* If it's not trivial and there is no wildcard, it can't
4470 * match */
4471 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004472 return 0;
4473
4474 /* Make sure all labels match except the leftmost */
4475 hostname_left_label_end = strchr(hostname, '.');
4476 if (!hostname_left_label_end
4477 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4478 return 0;
4479
4480 /* Make sure the leftmost label of the hostname is long enough
4481 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004482 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004483 return 0;
4484
4485 /* Finally compare the string on either side of the
4486 * wildcard */
4487 prefixlen = pattern_wildcard - pattern;
4488 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004489 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4490 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004491 return 0;
4492
4493 return 1;
4494}
4495
4496static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4497{
4498 SSL *ssl;
4499 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004500 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004501 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004502
4503 int depth;
4504 X509 *cert;
4505 STACK_OF(GENERAL_NAME) *alt_names;
4506 int i;
4507 X509_NAME *cert_subject;
4508 char *str;
4509
4510 if (ok == 0)
4511 return ok;
4512
4513 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004514 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Evan Broderbe554312013-06-27 00:05:25 -07004515
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004516 /* We're checking if the provided hostnames match the desired one. The
4517 * desired hostname comes from the SNI we presented if any, or if not
4518 * provided then it may have been explicitly stated using a "verifyhost"
4519 * directive. If neither is set, we don't care about the name so the
4520 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004521 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004522 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004523 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004524 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004525 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004526 if (!servername)
4527 return ok;
4528 }
Evan Broderbe554312013-06-27 00:05:25 -07004529
4530 /* We only need to verify the CN on the actual server cert,
4531 * not the indirect CAs */
4532 depth = X509_STORE_CTX_get_error_depth(ctx);
4533 if (depth != 0)
4534 return ok;
4535
4536 /* At this point, the cert is *not* OK unless we can find a
4537 * hostname match */
4538 ok = 0;
4539
4540 cert = X509_STORE_CTX_get_current_cert(ctx);
4541 /* It seems like this might happen if verify peer isn't set */
4542 if (!cert)
4543 return ok;
4544
4545 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4546 if (alt_names) {
4547 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4548 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4549 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004550#if OPENSSL_VERSION_NUMBER < 0x00907000L
4551 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4552#else
Evan Broderbe554312013-06-27 00:05:25 -07004553 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004554#endif
Evan Broderbe554312013-06-27 00:05:25 -07004555 ok = ssl_sock_srv_hostcheck(str, servername);
4556 OPENSSL_free(str);
4557 }
4558 }
4559 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004560 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004561 }
4562
4563 cert_subject = X509_get_subject_name(cert);
4564 i = -1;
4565 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4566 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004567 ASN1_STRING *value;
4568 value = X509_NAME_ENTRY_get_data(entry);
4569 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004570 ok = ssl_sock_srv_hostcheck(str, servername);
4571 OPENSSL_free(str);
4572 }
4573 }
4574
Willy Tarreau71d058c2017-07-26 20:09:56 +02004575 /* report the mismatch and indicate if SNI was used or not */
4576 if (!ok && !conn->err_code)
4577 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004578 return ok;
4579}
4580
Emeric Brun94324a42012-10-11 14:00:19 +02004581/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004582int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004583{
Willy Tarreau03209342016-12-22 17:08:28 +01004584 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004585 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004586 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004587 SSL_OP_ALL | /* all known workarounds for bugs */
4588 SSL_OP_NO_SSLv2 |
4589 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004590 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004591 SSL_MODE_ENABLE_PARTIAL_WRITE |
4592 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004593 SSL_MODE_RELEASE_BUFFERS |
4594 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004595 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004596 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004597 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004598 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004599 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004600
Thierry Fournier383085f2013-01-24 14:15:43 +01004601 /* Make sure openssl opens /dev/urandom before the chroot */
4602 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004603 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004604 cfgerr++;
4605 }
4606
Willy Tarreaufce03112015-01-15 21:32:40 +01004607 /* Automatic memory computations need to know we use SSL there */
4608 global.ssl_used_backend = 1;
4609
4610 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004611 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004612 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004613 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4614 curproxy->id, srv->id,
4615 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004616 cfgerr++;
4617 return cfgerr;
4618 }
4619 }
Emeric Brun94324a42012-10-11 14:00:19 +02004620 if (srv->use_ssl)
4621 srv->xprt = &ssl_sock;
4622 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004623 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004624
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004625 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004626 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004627 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4628 proxy_type_str(curproxy), curproxy->id,
4629 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004630 cfgerr++;
4631 return cfgerr;
4632 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004633
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004634 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004635 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4636 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4637 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004638 else
4639 flags = conf_ssl_methods->flags;
4640
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004641 /* Real min and max should be determinate with configuration and openssl's capabilities */
4642 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004643 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004644 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004645 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004646
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004647 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004648 min = max = CONF_TLSV_NONE;
4649 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004650 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004651 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004652 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004653 if (min) {
4654 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004655 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4656 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4657 proxy_type_str(curproxy), curproxy->id, srv->id,
4658 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004659 hole = 0;
4660 }
4661 max = i;
4662 }
4663 else {
4664 min = max = i;
4665 }
4666 }
4667 else {
4668 if (min)
4669 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004670 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004671 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004672 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4673 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004674 cfgerr += 1;
4675 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004676
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004677#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004678 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004679 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004680 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004681 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004682 else
4683 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4684 if (flags & methodVersions[i].flag)
4685 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004686#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004687 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004688 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4689 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004690#endif
4691
4692 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4693 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004694 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004695
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004696#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004697 if (global_ssl.async)
4698 mode |= SSL_MODE_ASYNC;
4699#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004700 SSL_CTX_set_mode(ctx, mode);
4701 srv->ssl_ctx.ctx = ctx;
4702
Emeric Bruna7aa3092012-10-26 12:58:00 +02004703 if (srv->ssl_ctx.client_crt) {
4704 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004705 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4706 proxy_type_str(curproxy), curproxy->id,
4707 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004708 cfgerr++;
4709 }
4710 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004711 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4712 proxy_type_str(curproxy), curproxy->id,
4713 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004714 cfgerr++;
4715 }
4716 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004717 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4718 proxy_type_str(curproxy), curproxy->id,
4719 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004720 cfgerr++;
4721 }
4722 }
Emeric Brun94324a42012-10-11 14:00:19 +02004723
Emeric Brun850efd52014-01-29 12:24:34 +01004724 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4725 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004726 switch (srv->ssl_ctx.verify) {
4727 case SSL_SOCK_VERIFY_NONE:
4728 verify = SSL_VERIFY_NONE;
4729 break;
4730 case SSL_SOCK_VERIFY_REQUIRED:
4731 verify = SSL_VERIFY_PEER;
4732 break;
4733 }
Evan Broderbe554312013-06-27 00:05:25 -07004734 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004735 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004736 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004737 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004738 if (srv->ssl_ctx.ca_file) {
4739 /* load CAfile to verify */
4740 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004741 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4742 curproxy->id, srv->id,
4743 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004744 cfgerr++;
4745 }
4746 }
Emeric Brun850efd52014-01-29 12:24:34 +01004747 else {
4748 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004749 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4750 curproxy->id, srv->id,
4751 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004752 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004753 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4754 curproxy->id, srv->id,
4755 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004756 cfgerr++;
4757 }
Emeric Brunef42d922012-10-11 16:11:36 +02004758#ifdef X509_V_FLAG_CRL_CHECK
4759 if (srv->ssl_ctx.crl_file) {
4760 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4761
4762 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004763 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4764 curproxy->id, srv->id,
4765 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004766 cfgerr++;
4767 }
4768 else {
4769 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4770 }
4771 }
4772#endif
4773 }
4774
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004775 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4776 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4777 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004778 if (srv->ssl_ctx.ciphers &&
4779 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004780 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4781 curproxy->id, srv->id,
4782 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004783 cfgerr++;
4784 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004785
4786#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4787 if (srv->ssl_ctx.ciphersuites &&
4788 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
4789 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4790 curproxy->id, srv->id,
4791 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4792 cfgerr++;
4793 }
4794#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004795#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4796 if (srv->ssl_ctx.npn_str)
4797 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4798#endif
4799#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4800 if (srv->ssl_ctx.alpn_str)
4801 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4802#endif
4803
Emeric Brun94324a42012-10-11 14:00:19 +02004804
4805 return cfgerr;
4806}
4807
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004808/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004809 * be NULL, in which case nothing is done. Returns the number of errors
4810 * encountered.
4811 */
Willy Tarreau03209342016-12-22 17:08:28 +01004812int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004813{
4814 struct ebmb_node *node;
4815 struct sni_ctx *sni;
4816 int err = 0;
4817
Willy Tarreaufce03112015-01-15 21:32:40 +01004818 /* Automatic memory computations need to know we use SSL there */
4819 global.ssl_used_frontend = 1;
4820
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004821 /* Make sure openssl opens /dev/urandom before the chroot */
4822 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004823 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004824 err++;
4825 }
4826 /* Create initial_ctx used to start the ssl connection before do switchctx */
4827 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004828 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004829 /* It should not be necessary to call this function, but it's
4830 necessary first to check and move all initialisation related
4831 to initial_ctx in ssl_sock_initial_ctx. */
4832 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4833 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004834 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004835 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004836
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004837 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004838 while (node) {
4839 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004840 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4841 /* only initialize the CTX on its first occurrence and
4842 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004843 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004844 node = ebmb_next(node);
4845 }
4846
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004847 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004848 while (node) {
4849 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004850 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4851 /* only initialize the CTX on its first occurrence and
4852 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004853 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004854 node = ebmb_next(node);
4855 }
4856 return err;
4857}
4858
Willy Tarreau55d37912016-12-21 23:38:39 +01004859/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4860 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4861 * alerts are directly emitted since the rest of the stack does it below.
4862 */
4863int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4864{
4865 struct proxy *px = bind_conf->frontend;
4866 int alloc_ctx;
4867 int err;
4868
4869 if (!bind_conf->is_ssl) {
4870 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004871 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4872 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004873 }
4874 return 0;
4875 }
4876 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004877 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004878 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4879 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004880 }
4881 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004882 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4883 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004884 return -1;
4885 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004886 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004887 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004888 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004889 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004890 sizeof(*sh_ssl_sess_tree),
4891 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004892 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004893 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4894 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4895 else
4896 ha_alert("Unable to allocate SSL session cache.\n");
4897 return -1;
4898 }
4899 /* free block callback */
4900 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4901 /* init the root tree within the extra space */
4902 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4903 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004904 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004905 err = 0;
4906 /* initialize all certificate contexts */
4907 err += ssl_sock_prepare_all_ctx(bind_conf);
4908
4909 /* initialize CA variables if the certificates generation is enabled */
4910 err += ssl_sock_load_ca(bind_conf);
4911
4912 return -err;
4913}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004914
4915/* release ssl context allocated for servers. */
4916void ssl_sock_free_srv_ctx(struct server *srv)
4917{
Olivier Houchardc7566002018-11-20 23:33:50 +01004918#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4919 if (srv->ssl_ctx.alpn_str)
4920 free(srv->ssl_ctx.alpn_str);
4921#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01004922#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01004923 if (srv->ssl_ctx.npn_str)
4924 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01004925#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004926 if (srv->ssl_ctx.ctx)
4927 SSL_CTX_free(srv->ssl_ctx.ctx);
4928}
4929
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004930/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004931 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4932 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004933void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004934{
4935 struct ebmb_node *node, *back;
4936 struct sni_ctx *sni;
4937
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004938 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004939 while (node) {
4940 sni = ebmb_entry(node, struct sni_ctx, name);
4941 back = ebmb_next(node);
4942 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004943 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004944 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004945 ssl_sock_free_ssl_conf(sni->conf);
4946 free(sni->conf);
4947 sni->conf = NULL;
4948 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004949 free(sni);
4950 node = back;
4951 }
4952
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004953 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004954 while (node) {
4955 sni = ebmb_entry(node, struct sni_ctx, name);
4956 back = ebmb_next(node);
4957 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004958 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004959 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004960 ssl_sock_free_ssl_conf(sni->conf);
4961 free(sni->conf);
4962 sni->conf = NULL;
4963 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004964 free(sni);
4965 node = back;
4966 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004967 SSL_CTX_free(bind_conf->initial_ctx);
4968 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004969 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004970 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004971}
4972
Willy Tarreau795cdab2016-12-22 17:30:54 +01004973/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4974void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4975{
4976 ssl_sock_free_ca(bind_conf);
4977 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004978 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004979 free(bind_conf->ca_sign_file);
4980 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02004981 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01004982 free(bind_conf->keys_ref->filename);
4983 free(bind_conf->keys_ref->tlskeys);
4984 LIST_DEL(&bind_conf->keys_ref->list);
4985 free(bind_conf->keys_ref);
4986 }
4987 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004988 bind_conf->ca_sign_pass = NULL;
4989 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004990}
4991
Christopher Faulet31af49d2015-06-09 17:29:50 +02004992/* Load CA cert file and private key used to generate certificates */
4993int
Willy Tarreau03209342016-12-22 17:08:28 +01004994ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004995{
Willy Tarreau03209342016-12-22 17:08:28 +01004996 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004997 FILE *fp;
4998 X509 *cacert = NULL;
4999 EVP_PKEY *capkey = NULL;
5000 int err = 0;
5001
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005002 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005003 return err;
5004
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005005#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005006 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005007 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005008 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005009 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005010 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005011#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005012
Christopher Faulet31af49d2015-06-09 17:29:50 +02005013 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005014 ha_alert("Proxy '%s': cannot enable certificate generation, "
5015 "no CA certificate File configured at [%s:%d].\n",
5016 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005017 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005018 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005019
5020 /* read in the CA certificate */
5021 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005022 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5023 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005024 goto load_error;
5025 }
5026 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005027 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5028 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005029 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005030 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005031 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005032 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005033 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5034 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005035 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005036 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005037
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005038 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005039 bind_conf->ca_sign_cert = cacert;
5040 bind_conf->ca_sign_pkey = capkey;
5041 return err;
5042
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005043 read_error:
5044 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005045 if (capkey) EVP_PKEY_free(capkey);
5046 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005047 load_error:
5048 bind_conf->generate_certs = 0;
5049 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005050 return err;
5051}
5052
5053/* Release CA cert and private key used to generate certificated */
5054void
5055ssl_sock_free_ca(struct bind_conf *bind_conf)
5056{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005057 if (bind_conf->ca_sign_pkey)
5058 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5059 if (bind_conf->ca_sign_cert)
5060 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005061 bind_conf->ca_sign_pkey = NULL;
5062 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005063}
5064
Emeric Brun46591952012-05-18 15:47:34 +02005065/*
5066 * This function is called if SSL * context is not yet allocated. The function
5067 * is designed to be called before any other data-layer operation and sets the
5068 * handshake flag on the connection. It is safe to call it multiple times.
5069 * It returns 0 on success and -1 in error case.
5070 */
5071static int ssl_sock_init(struct connection *conn)
5072{
5073 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005074 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005075 return 0;
5076
Willy Tarreau3c728722014-01-23 13:50:42 +01005077 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005078 return 0;
5079
Willy Tarreau20879a02012-12-03 16:32:10 +01005080 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5081 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02005082 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005083 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005084
Emeric Brun46591952012-05-18 15:47:34 +02005085 /* If it is in client mode initiate SSL session
5086 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005087 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005088 int may_retry = 1;
5089
5090 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005091 /* Alloc a new SSL session ctx */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005092 conn->xprt_ctx = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01005093 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005094 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005095 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005096 goto retry_connect;
5097 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005098 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005099 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005100 }
Emeric Brun46591952012-05-18 15:47:34 +02005101
Emeric Brun46591952012-05-18 15:47:34 +02005102 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005103 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005104 SSL_free(conn->xprt_ctx);
5105 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005106 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005107 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005108 goto retry_connect;
5109 }
Emeric Brun55476152014-11-12 17:35:37 +01005110 conn->err_code = CO_ER_SSL_NO_MEM;
5111 return -1;
5112 }
Emeric Brun46591952012-05-18 15:47:34 +02005113
Evan Broderbe554312013-06-27 00:05:25 -07005114 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005115 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005116 SSL_free(conn->xprt_ctx);
5117 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005118 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005119 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005120 goto retry_connect;
5121 }
Emeric Brun55476152014-11-12 17:35:37 +01005122 conn->err_code = CO_ER_SSL_NO_MEM;
5123 return -1;
5124 }
5125
5126 SSL_set_connect_state(conn->xprt_ctx);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005127 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5128 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5129 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
5130 if (sess && !SSL_set_session(conn->xprt_ctx, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005131 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005132 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5133 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005134 } else if (sess) {
5135 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005136 }
5137 }
Evan Broderbe554312013-06-27 00:05:25 -07005138
Emeric Brun46591952012-05-18 15:47:34 +02005139 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005140 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005141
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005142 _HA_ATOMIC_ADD(&sslconns, 1);
5143 _HA_ATOMIC_ADD(&totalsslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005144 return 0;
5145 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005146 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005147 int may_retry = 1;
5148
5149 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005150 /* Alloc a new SSL session ctx */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005151 conn->xprt_ctx = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01005152 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005153 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005154 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005155 goto retry_accept;
5156 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005157 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005158 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005159 }
Emeric Brun46591952012-05-18 15:47:34 +02005160
Emeric Brun46591952012-05-18 15:47:34 +02005161 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005162 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005163 SSL_free(conn->xprt_ctx);
5164 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005165 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005166 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005167 goto retry_accept;
5168 }
Emeric Brun55476152014-11-12 17:35:37 +01005169 conn->err_code = CO_ER_SSL_NO_MEM;
5170 return -1;
5171 }
Emeric Brun46591952012-05-18 15:47:34 +02005172
Emeric Brune1f38db2012-09-03 20:36:47 +02005173 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005174 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005175 SSL_free(conn->xprt_ctx);
5176 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005177 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005178 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005179 goto retry_accept;
5180 }
Emeric Brun55476152014-11-12 17:35:37 +01005181 conn->err_code = CO_ER_SSL_NO_MEM;
5182 return -1;
5183 }
5184
5185 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005186
Emeric Brun46591952012-05-18 15:47:34 +02005187 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005188 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005189#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005190 conn->flags |= CO_FL_EARLY_SSL_HS;
5191#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005192
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005193 _HA_ATOMIC_ADD(&sslconns, 1);
5194 _HA_ATOMIC_ADD(&totalsslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005195 return 0;
5196 }
5197 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005198 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005199 return -1;
5200}
5201
5202
5203/* This is the callback which is used when an SSL handshake is pending. It
5204 * updates the FD status if it wants some polling before being called again.
5205 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5206 * otherwise it returns non-zero and removes itself from the connection's
5207 * flags (the bit is provided in <flag> by the caller).
5208 */
5209int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5210{
5211 int ret;
5212
Willy Tarreau3c728722014-01-23 13:50:42 +01005213 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005214 return 0;
5215
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005216 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005217 goto out_error;
5218
Olivier Houchardc2aae742017-09-22 18:26:28 +02005219#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5220 /*
5221 * Check if we have early data. If we do, we have to read them
5222 * before SSL_do_handshake() is called, And there's no way to
5223 * detect early data, except to try to read them
5224 */
5225 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5226 size_t read_data;
5227
5228 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5229 1, &read_data);
5230 if (ret == SSL_READ_EARLY_DATA_ERROR)
5231 goto check_error;
5232 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5233 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5234 return 1;
5235 } else
5236 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5237 }
5238#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005239 /* If we use SSL_do_handshake to process a reneg initiated by
5240 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5241 * Usually SSL_write and SSL_read are used and process implicitly
5242 * the reneg handshake.
5243 * Here we use SSL_peek as a workaround for reneg.
5244 */
5245 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5246 char c;
5247
5248 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5249 if (ret <= 0) {
5250 /* handshake may have not been completed, let's find why */
5251 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005252
Emeric Brun674b7432012-11-08 19:21:55 +01005253 if (ret == SSL_ERROR_WANT_WRITE) {
5254 /* SSL handshake needs to write, L4 connection may not be ready */
5255 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005256 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005257 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005258 return 0;
5259 }
5260 else if (ret == SSL_ERROR_WANT_READ) {
5261 /* handshake may have been completed but we have
5262 * no more data to read.
5263 */
5264 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5265 ret = 1;
5266 goto reneg_ok;
5267 }
5268 /* SSL handshake needs to read, L4 connection is ready */
5269 if (conn->flags & CO_FL_WAIT_L4_CONN)
5270 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5271 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005272 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005273 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005274 return 0;
5275 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005276#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005277 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005278 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005279 return 0;
5280 }
5281#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005282 else if (ret == SSL_ERROR_SYSCALL) {
5283 /* if errno is null, then connection was successfully established */
5284 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5285 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005286 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005287#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005288 conn->err_code = CO_ER_SSL_HANDSHAKE;
5289#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005290 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005291#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005292 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5293 empty_handshake = state == TLS_ST_BEFORE;
5294#else
5295 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5296#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005297 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005298 if (!errno) {
5299 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5300 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5301 else
5302 conn->err_code = CO_ER_SSL_EMPTY;
5303 }
5304 else {
5305 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5306 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5307 else
5308 conn->err_code = CO_ER_SSL_ABORT;
5309 }
5310 }
5311 else {
5312 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5313 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005314 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005315 conn->err_code = CO_ER_SSL_HANDSHAKE;
5316 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005317#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005318 }
Emeric Brun674b7432012-11-08 19:21:55 +01005319 goto out_error;
5320 }
5321 else {
5322 /* Fail on all other handshake errors */
5323 /* Note: OpenSSL may leave unread bytes in the socket's
5324 * buffer, causing an RST to be emitted upon close() on
5325 * TCP sockets. We first try to drain possibly pending
5326 * data to avoid this as much as possible.
5327 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005328 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005329 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005330 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5331 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005332 goto out_error;
5333 }
5334 }
5335 /* read some data: consider handshake completed */
5336 goto reneg_ok;
5337 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005338 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005339check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005340 if (ret != 1) {
5341 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005342 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005343
5344 if (ret == SSL_ERROR_WANT_WRITE) {
5345 /* SSL handshake needs to write, L4 connection may not be ready */
5346 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005347 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005348 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005349 return 0;
5350 }
5351 else if (ret == SSL_ERROR_WANT_READ) {
5352 /* SSL handshake needs to read, L4 connection is ready */
5353 if (conn->flags & CO_FL_WAIT_L4_CONN)
5354 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5355 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005356 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005357 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005358 return 0;
5359 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005360#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005361 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005362 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005363 return 0;
5364 }
5365#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005366 else if (ret == SSL_ERROR_SYSCALL) {
5367 /* if errno is null, then connection was successfully established */
5368 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5369 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005370 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005371#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005372 conn->err_code = CO_ER_SSL_HANDSHAKE;
5373#else
5374 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005375#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005376 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5377 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005378#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005379 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005380#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005381 if (empty_handshake) {
5382 if (!errno) {
5383 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5384 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5385 else
5386 conn->err_code = CO_ER_SSL_EMPTY;
5387 }
5388 else {
5389 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5390 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5391 else
5392 conn->err_code = CO_ER_SSL_ABORT;
5393 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005394 }
5395 else {
5396 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5397 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5398 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005399 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005400 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005401#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005402 }
Willy Tarreau89230192012-09-28 20:22:13 +02005403 goto out_error;
5404 }
Emeric Brun46591952012-05-18 15:47:34 +02005405 else {
5406 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005407 /* Note: OpenSSL may leave unread bytes in the socket's
5408 * buffer, causing an RST to be emitted upon close() on
5409 * TCP sockets. We first try to drain possibly pending
5410 * data to avoid this as much as possible.
5411 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005412 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005413 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005414 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5415 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005416 goto out_error;
5417 }
5418 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005419#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5420 else {
5421 /*
5422 * If the server refused the early data, we have to send a
5423 * 425 to the client, as we no longer have the data to sent
5424 * them again.
5425 */
5426 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5427 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5428 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5429 goto out_error;
5430 }
5431 }
5432 }
5433#endif
5434
Emeric Brun46591952012-05-18 15:47:34 +02005435
Emeric Brun674b7432012-11-08 19:21:55 +01005436reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005437
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005438#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005439 /* ASYNC engine API doesn't support moving read/write
5440 * buffers. So we disable ASYNC mode right after
5441 * the handshake to avoid buffer oveflows.
5442 */
5443 if (global_ssl.async)
5444 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5445#endif
Emeric Brun46591952012-05-18 15:47:34 +02005446 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005447 if (!SSL_session_reused(conn->xprt_ctx)) {
5448 if (objt_server(conn->target)) {
5449 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5450 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5451 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005452 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005453 else {
5454 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5455 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5456 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5457 }
Emeric Brun46591952012-05-18 15:47:34 +02005458 }
5459
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005460#ifdef OPENSSL_IS_BORINGSSL
5461 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5462 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5463#endif
Emeric Brun46591952012-05-18 15:47:34 +02005464 /* The connection is now established at both layers, it's time to leave */
5465 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5466 return 1;
5467
5468 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005469 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005470 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005471 ERR_clear_error();
5472
Emeric Brun9fa89732012-10-04 17:09:56 +02005473 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005474 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5475 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5476 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005477 }
5478
Emeric Brun46591952012-05-18 15:47:34 +02005479 /* Fail on all other handshake errors */
5480 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005481 if (!conn->err_code)
5482 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005483 return 0;
5484}
5485
5486/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005487 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005488 * buffer wraps, in which case a second call may be performed. The connection's
5489 * flags are updated with whatever special event is detected (error, read0,
5490 * empty). The caller is responsible for taking care of those events and
5491 * avoiding the call if inappropriate. The function does not call the
5492 * connection's polling update function, so the caller is responsible for this.
5493 */
Willy Tarreau7f3225f2018-06-19 06:15:17 +02005494static size_t ssl_sock_to_buf(struct connection *conn, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005495{
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005496 ssize_t ret;
5497 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005498
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005499 conn_refresh_polling_flags(conn);
5500
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005501 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005502 goto out_error;
5503
5504 if (conn->flags & CO_FL_HANDSHAKE)
5505 /* a handshake was requested */
5506 return 0;
5507
Emeric Brun46591952012-05-18 15:47:34 +02005508 /* read the largest possible block. For this, we perform only one call
5509 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5510 * in which case we accept to do it once again. A new attempt is made on
5511 * EINTR too.
5512 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005513 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005514 int need_out = 0;
5515
Willy Tarreau591d4452018-06-15 17:21:00 +02005516 try = b_contig_space(buf);
5517 if (!try)
5518 break;
5519
Willy Tarreauabf08d92014-01-14 11:31:27 +01005520 if (try > count)
5521 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005522
Olivier Houchardc2aae742017-09-22 18:26:28 +02005523 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5524 conn->tmp_early_data != -1) {
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005525 *b_tail(buf) = conn->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005526 done++;
5527 try--;
5528 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005529 b_add(buf, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005530 conn->tmp_early_data = -1;
5531 continue;
5532 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005533
Olivier Houchardc2aae742017-09-22 18:26:28 +02005534#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5535 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5536 size_t read_length;
5537
5538 ret = SSL_read_early_data(conn->xprt_ctx,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005539 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005540 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5541 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005542 conn->flags |= CO_FL_EARLY_DATA;
5543 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5544 ret == SSL_READ_EARLY_DATA_FINISH) {
5545 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5546 /*
5547 * We're done reading the early data,
5548 * let's make the handshake
5549 */
5550 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5551 conn->flags |= CO_FL_SSL_WAIT_HS;
5552 need_out = 1;
5553 if (read_length == 0)
5554 break;
5555 }
5556 ret = read_length;
5557 }
5558 } else
5559#endif
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005560 ret = SSL_read(conn->xprt_ctx, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005561#ifdef OPENSSL_IS_BORINGSSL
5562 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5563 if (SSL_in_early_data(conn->xprt_ctx)) {
5564 if (ret > 0)
5565 conn->flags |= CO_FL_EARLY_DATA;
5566 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005567 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005568 }
5569 }
5570#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005571 if (conn->flags & CO_FL_ERROR) {
5572 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005573 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005574 }
Emeric Brun46591952012-05-18 15:47:34 +02005575 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005576 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005577 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005578 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005579 }
Emeric Brun46591952012-05-18 15:47:34 +02005580 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005581 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005582 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005583 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005584 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005585 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005586#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005587 /* Async mode can be re-enabled, because we're leaving data state.*/
5588 if (global_ssl.async)
5589 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5590#endif
Emeric Brun46591952012-05-18 15:47:34 +02005591 break;
5592 }
5593 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005594 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5595 /* handshake is running, and it may need to re-enable read */
5596 conn->flags |= CO_FL_SSL_WAIT_HS;
5597 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005598#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005599 /* Async mode can be re-enabled, because we're leaving data state.*/
5600 if (global_ssl.async)
5601 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5602#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005603 break;
5604 }
Emeric Brun46591952012-05-18 15:47:34 +02005605 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005606 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005607 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005608 } else if (ret == SSL_ERROR_ZERO_RETURN)
5609 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005610 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5611 * stack before shutting down the connection for
5612 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005613 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5614 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005615 /* otherwise it's a real error */
5616 goto out_error;
5617 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005618 if (need_out)
5619 break;
Emeric Brun46591952012-05-18 15:47:34 +02005620 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005621 leave:
5622 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005623 return done;
5624
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005625 clear_ssl_error:
5626 /* Clear openssl global errors stack */
5627 ssl_sock_dump_errors(conn);
5628 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005629 read0:
5630 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005631 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005632
Emeric Brun46591952012-05-18 15:47:34 +02005633 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005634 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005635 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005636 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005637 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005638 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005639}
5640
5641
Willy Tarreau787db9a2018-06-14 18:31:46 +02005642/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5643 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5644 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005645 * Only one call to send() is performed, unless the buffer wraps, in which case
5646 * a second call may be performed. The connection's flags are updated with
5647 * whatever special event is detected (error, empty). The caller is responsible
5648 * for taking care of those events and avoiding the call if inappropriate. The
5649 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005650 * is responsible for this. The buffer's output is not adjusted, it's up to the
5651 * caller to take care of this. It's up to the caller to update the buffer's
5652 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005653 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005654static size_t ssl_sock_from_buf(struct connection *conn, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005655{
Willy Tarreau787db9a2018-06-14 18:31:46 +02005656 ssize_t ret;
5657 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005658
5659 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005660 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005661
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005662 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005663 goto out_error;
5664
5665 if (conn->flags & CO_FL_HANDSHAKE)
5666 /* a handshake was requested */
5667 return 0;
5668
5669 /* send the largest possible block. For this we perform only one call
5670 * to send() unless the buffer wraps and we exactly fill the first hunk,
5671 * in which case we accept to do it once again.
5672 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005673 while (count) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005674#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5675 size_t written_data;
5676#endif
5677
Willy Tarreau787db9a2018-06-14 18:31:46 +02005678 try = b_contig_data(buf, done);
5679 if (try > count)
5680 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005681
Willy Tarreau7bed9452014-02-02 02:00:24 +01005682 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005683 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005684 global_ssl.max_record && try > global_ssl.max_record) {
5685 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005686 }
5687 else {
5688 /* we need to keep the information about the fact that
5689 * we're not limiting the upcoming send(), because if it
5690 * fails, we'll have to retry with at least as many data.
5691 */
5692 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5693 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005694
Olivier Houchardc2aae742017-09-22 18:26:28 +02005695#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5696 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5697 unsigned int max_early;
5698
Olivier Houchard522eea72017-11-03 16:27:47 +01005699 if (objt_listener(conn->target))
5700 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5701 else {
5702 if (SSL_get0_session(conn->xprt_ctx))
5703 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5704 else
5705 max_early = 0;
5706 }
5707
Olivier Houchard90084a12017-11-23 18:21:29 +01005708 if (try + conn->sent_early_data > max_early) {
5709 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005710 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005711 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5712 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005713 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005714 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005715 }
Willy Tarreau787db9a2018-06-14 18:31:46 +02005716 ret = SSL_write_early_data(conn->xprt_ctx, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005717 if (ret == 1) {
5718 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005719 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005720 if (objt_server(conn->target)) {
5721 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5722 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5723 }
5724
Olivier Houchardc2aae742017-09-22 18:26:28 +02005725 }
5726
5727 } else
5728#endif
Willy Tarreau787db9a2018-06-14 18:31:46 +02005729 ret = SSL_write(conn->xprt_ctx, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005730
Emeric Brune1f38db2012-09-03 20:36:47 +02005731 if (conn->flags & CO_FL_ERROR) {
5732 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005733 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005734 }
Emeric Brun46591952012-05-18 15:47:34 +02005735 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005736 /* A send succeeded, so we can consier ourself connected */
5737 conn->flags |= CO_FL_CONNECTED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005738 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005739 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005740 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005741 }
5742 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005743 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005744
Emeric Brun46591952012-05-18 15:47:34 +02005745 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005746 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5747 /* handshake is running, and it may need to re-enable write */
5748 conn->flags |= CO_FL_SSL_WAIT_HS;
5749 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005750#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005751 /* Async mode can be re-enabled, because we're leaving data state.*/
5752 if (global_ssl.async)
5753 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5754#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005755 break;
5756 }
Emeric Brun46591952012-05-18 15:47:34 +02005757 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005758 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005759 break;
5760 }
5761 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005762 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005763 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005764 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005765#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005766 /* Async mode can be re-enabled, because we're leaving data state.*/
5767 if (global_ssl.async)
5768 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5769#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005770 break;
5771 }
Emeric Brun46591952012-05-18 15:47:34 +02005772 goto out_error;
5773 }
5774 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005775 leave:
5776 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005777 return done;
5778
5779 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005780 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005781 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005782 ERR_clear_error();
5783
Emeric Brun46591952012-05-18 15:47:34 +02005784 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005785 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005786}
5787
Emeric Brun46591952012-05-18 15:47:34 +02005788static void ssl_sock_close(struct connection *conn) {
5789
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005790 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005791#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005792 if (global_ssl.async) {
5793 OSSL_ASYNC_FD all_fd[32], afd;
5794 size_t num_all_fds = 0;
5795 int i;
5796
5797 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5798 if (num_all_fds > 32) {
5799 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5800 return;
5801 }
5802
5803 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5804
5805 /* If an async job is pending, we must try to
5806 to catch the end using polling before calling
5807 SSL_free */
5808 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5809 for (i=0 ; i < num_all_fds ; i++) {
5810 /* switch on an handler designed to
5811 * handle the SSL_free
5812 */
5813 afd = all_fd[i];
5814 fdtab[afd].iocb = ssl_async_fd_free;
5815 fdtab[afd].owner = conn->xprt_ctx;
5816 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005817 /* To ensure that the fd cache won't be used
5818 * and we'll catch a real RD event.
5819 */
5820 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005821 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005822 conn->xprt_ctx = NULL;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005823 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005824 return;
5825 }
Emeric Brun3854e012017-05-17 20:42:48 +02005826 /* Else we can remove the fds from the fdtab
5827 * and call SSL_free.
5828 * note: we do a fd_remove and not a delete
5829 * because the fd is owned by the engine.
5830 * the engine is responsible to close
5831 */
5832 for (i=0 ; i < num_all_fds ; i++)
5833 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005834 }
5835#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005836 SSL_free(conn->xprt_ctx);
5837 conn->xprt_ctx = NULL;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005838 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005839 }
Emeric Brun46591952012-05-18 15:47:34 +02005840}
5841
5842/* This function tries to perform a clean shutdown on an SSL connection, and in
5843 * any case, flags the connection as reusable if no handshake was in progress.
5844 */
5845static void ssl_sock_shutw(struct connection *conn, int clean)
5846{
5847 if (conn->flags & CO_FL_HANDSHAKE)
5848 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005849 if (!clean)
5850 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005851 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005852 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005853 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005854 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005855 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005856 ERR_clear_error();
5857 }
Emeric Brun46591952012-05-18 15:47:34 +02005858}
5859
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005860/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02005861int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005862{
5863 struct pkey_info *pkinfo;
5864 int bits = 0;
5865 int sig = TLSEXT_signature_anonymous;
5866 int len = -1;
5867
5868 if (!ssl_sock_is_ssl(conn))
5869 return 0;
5870
Emmanuel Hocdet3448c492018-06-18 12:44:19 +02005871 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005872 if (pkinfo) {
5873 sig = pkinfo->sig;
5874 bits = pkinfo->bits;
5875 } else {
5876 /* multicert and generated cert have no pkey info */
5877 X509 *crt;
5878 EVP_PKEY *pkey;
5879 crt = SSL_get_certificate(conn->xprt_ctx);
5880 if (!crt)
5881 return 0;
5882 pkey = X509_get_pubkey(crt);
5883 if (pkey) {
5884 bits = EVP_PKEY_bits(pkey);
5885 switch(EVP_PKEY_base_id(pkey)) {
5886 case EVP_PKEY_RSA:
5887 sig = TLSEXT_signature_rsa;
5888 break;
5889 case EVP_PKEY_EC:
5890 sig = TLSEXT_signature_ecdsa;
5891 break;
5892 case EVP_PKEY_DSA:
5893 sig = TLSEXT_signature_dsa;
5894 break;
5895 }
5896 EVP_PKEY_free(pkey);
5897 }
5898 }
5899
5900 switch(sig) {
5901 case TLSEXT_signature_rsa:
5902 len = chunk_printf(out, "RSA%d", bits);
5903 break;
5904 case TLSEXT_signature_ecdsa:
5905 len = chunk_printf(out, "EC%d", bits);
5906 break;
5907 case TLSEXT_signature_dsa:
5908 len = chunk_printf(out, "DSA%d", bits);
5909 break;
5910 default:
5911 return 0;
5912 }
5913 if (len < 0)
5914 return 0;
5915 return 1;
5916}
5917
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005918/* used for ppv2 cert signature (can be used for logging) */
5919const char *ssl_sock_get_cert_sig(struct connection *conn)
5920{
5921 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5922 X509 *crt;
5923
5924 if (!ssl_sock_is_ssl(conn))
5925 return NULL;
5926 crt = SSL_get_certificate(conn->xprt_ctx);
5927 if (!crt)
5928 return NULL;
5929 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5930 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5931}
5932
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005933/* used for ppv2 authority */
5934const char *ssl_sock_get_sni(struct connection *conn)
5935{
5936#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5937 if (!ssl_sock_is_ssl(conn))
5938 return NULL;
5939 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5940#else
5941 return 0;
5942#endif
5943}
5944
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005945/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005946const char *ssl_sock_get_cipher_name(struct connection *conn)
5947{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005948 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005949 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005950
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005951 return SSL_get_cipher_name(conn->xprt_ctx);
5952}
5953
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005954/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005955const char *ssl_sock_get_proto_version(struct connection *conn)
5956{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005957 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005958 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005959
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005960 return SSL_get_version(conn->xprt_ctx);
5961}
5962
Willy Tarreau8d598402012-10-22 17:58:39 +02005963/* Extract a serial from a cert, and copy it to a chunk.
5964 * Returns 1 if serial is found and copied, 0 if no serial found and
5965 * -1 if output is not large enough.
5966 */
5967static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005968ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02005969{
5970 ASN1_INTEGER *serial;
5971
5972 serial = X509_get_serialNumber(crt);
5973 if (!serial)
5974 return 0;
5975
5976 if (out->size < serial->length)
5977 return -1;
5978
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005979 memcpy(out->area, serial->data, serial->length);
5980 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02005981 return 1;
5982}
5983
Emeric Brun43e79582014-10-29 19:03:26 +01005984/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08005985 * Returns 1 if the cert is found and copied, 0 on der conversion failure
5986 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01005987 */
5988static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005989ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01005990{
5991 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005992 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01005993
5994 len =i2d_X509(crt, NULL);
5995 if (len <= 0)
5996 return 1;
5997
5998 if (out->size < len)
5999 return -1;
6000
6001 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006002 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006003 return 1;
6004}
6005
Emeric Brunce5ad802012-10-22 14:11:22 +02006006
Willy Tarreau83061a82018-07-13 11:56:34 +02006007/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006008 * Returns 1 if serial is found and copied, 0 if no valid time found
6009 * and -1 if output is not large enough.
6010 */
6011static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006012ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006013{
6014 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6015 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6016
6017 if (gentm->length < 12)
6018 return 0;
6019 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6020 return 0;
6021 if (out->size < gentm->length-2)
6022 return -1;
6023
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006024 memcpy(out->area, gentm->data+2, gentm->length-2);
6025 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006026 return 1;
6027 }
6028 else if (tm->type == V_ASN1_UTCTIME) {
6029 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6030
6031 if (utctm->length < 10)
6032 return 0;
6033 if (utctm->data[0] >= 0x35)
6034 return 0;
6035 if (out->size < utctm->length)
6036 return -1;
6037
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006038 memcpy(out->area, utctm->data, utctm->length);
6039 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006040 return 1;
6041 }
6042
6043 return 0;
6044}
6045
Emeric Brun87855892012-10-17 17:39:35 +02006046/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6047 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6048 */
6049static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006050ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6051 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006052{
6053 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006054 ASN1_OBJECT *obj;
6055 ASN1_STRING *data;
6056 const unsigned char *data_ptr;
6057 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006058 int i, j, n;
6059 int cur = 0;
6060 const char *s;
6061 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006062 int name_count;
6063
6064 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006065
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006066 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006067 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006068 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006069 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006070 else
6071 j = i;
6072
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006073 ne = X509_NAME_get_entry(a, j);
6074 obj = X509_NAME_ENTRY_get_object(ne);
6075 data = X509_NAME_ENTRY_get_data(ne);
6076 data_ptr = ASN1_STRING_get0_data(data);
6077 data_len = ASN1_STRING_length(data);
6078 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006079 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006080 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006081 s = tmp;
6082 }
6083
6084 if (chunk_strcasecmp(entry, s) != 0)
6085 continue;
6086
6087 if (pos < 0)
6088 cur--;
6089 else
6090 cur++;
6091
6092 if (cur != pos)
6093 continue;
6094
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006095 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006096 return -1;
6097
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006098 memcpy(out->area, data_ptr, data_len);
6099 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006100 return 1;
6101 }
6102
6103 return 0;
6104
6105}
6106
6107/* Extract and format full DN from a X509_NAME and copy result into a chunk
6108 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6109 */
6110static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006111ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006112{
6113 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006114 ASN1_OBJECT *obj;
6115 ASN1_STRING *data;
6116 const unsigned char *data_ptr;
6117 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006118 int i, n, ln;
6119 int l = 0;
6120 const char *s;
6121 char *p;
6122 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006123 int name_count;
6124
6125
6126 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006127
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006128 out->data = 0;
6129 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006130 for (i = 0; i < name_count; i++) {
6131 ne = X509_NAME_get_entry(a, i);
6132 obj = X509_NAME_ENTRY_get_object(ne);
6133 data = X509_NAME_ENTRY_get_data(ne);
6134 data_ptr = ASN1_STRING_get0_data(data);
6135 data_len = ASN1_STRING_length(data);
6136 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006137 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006138 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006139 s = tmp;
6140 }
6141 ln = strlen(s);
6142
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006143 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006144 if (l > out->size)
6145 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006146 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006147
6148 *(p++)='/';
6149 memcpy(p, s, ln);
6150 p += ln;
6151 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006152 memcpy(p, data_ptr, data_len);
6153 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006154 }
6155
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006156 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006157 return 0;
6158
6159 return 1;
6160}
6161
Olivier Houchardab28a322018-12-21 19:45:40 +01006162void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6163{
6164#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6165 SSL_set_alpn_protos(conn->xprt_ctx, alpn, len);
6166#endif
6167}
6168
Willy Tarreau119a4082016-12-22 21:58:38 +01006169/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6170 * to disable SNI.
6171 */
Willy Tarreau63076412015-07-10 11:33:32 +02006172void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6173{
6174#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006175 char *prev_name;
6176
Willy Tarreau63076412015-07-10 11:33:32 +02006177 if (!ssl_sock_is_ssl(conn))
6178 return;
6179
Willy Tarreau119a4082016-12-22 21:58:38 +01006180 /* if the SNI changes, we must destroy the reusable context so that a
6181 * new connection will present a new SNI. As an optimization we could
6182 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6183 * server.
6184 */
6185 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6186 if ((!prev_name && hostname) ||
6187 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6188 SSL_set_session(conn->xprt_ctx, NULL);
6189
Willy Tarreau63076412015-07-10 11:33:32 +02006190 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6191#endif
6192}
6193
Emeric Brun0abf8362014-06-24 18:26:41 +02006194/* Extract peer certificate's common name into the chunk dest
6195 * Returns
6196 * the len of the extracted common name
6197 * or 0 if no CN found in DN
6198 * or -1 on error case (i.e. no peer certificate)
6199 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006200int ssl_sock_get_remote_common_name(struct connection *conn,
6201 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006202{
6203 X509 *crt = NULL;
6204 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006205 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006206 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006207 .area = (char *)&find_cn,
6208 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006209 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006210 int result = -1;
David Safb76832014-05-08 23:42:08 -04006211
6212 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006213 goto out;
David Safb76832014-05-08 23:42:08 -04006214
6215 /* SSL_get_peer_certificate, it increase X509 * ref count */
6216 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6217 if (!crt)
6218 goto out;
6219
6220 name = X509_get_subject_name(crt);
6221 if (!name)
6222 goto out;
David Safb76832014-05-08 23:42:08 -04006223
Emeric Brun0abf8362014-06-24 18:26:41 +02006224 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6225out:
David Safb76832014-05-08 23:42:08 -04006226 if (crt)
6227 X509_free(crt);
6228
6229 return result;
6230}
6231
Dave McCowan328fb582014-07-30 10:39:13 -04006232/* returns 1 if client passed a certificate for this session, 0 if not */
6233int ssl_sock_get_cert_used_sess(struct connection *conn)
6234{
6235 X509 *crt = NULL;
6236
6237 if (!ssl_sock_is_ssl(conn))
6238 return 0;
6239
6240 /* SSL_get_peer_certificate, it increase X509 * ref count */
6241 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6242 if (!crt)
6243 return 0;
6244
6245 X509_free(crt);
6246 return 1;
6247}
6248
6249/* returns 1 if client passed a certificate for this connection, 0 if not */
6250int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006251{
6252 if (!ssl_sock_is_ssl(conn))
6253 return 0;
6254
6255 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6256}
6257
6258/* returns result from SSL verify */
6259unsigned int ssl_sock_get_verify_result(struct connection *conn)
6260{
6261 if (!ssl_sock_is_ssl(conn))
6262 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6263
6264 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6265}
6266
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006267/* Returns the application layer protocol name in <str> and <len> when known.
6268 * Zero is returned if the protocol name was not found, otherwise non-zero is
6269 * returned. The string is allocated in the SSL context and doesn't have to be
6270 * freed by the caller. NPN is also checked if available since older versions
6271 * of openssl (1.0.1) which are more common in field only support this one.
6272 */
6273static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6274{
6275 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6276 return 0;
6277
6278 *str = NULL;
6279
6280#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6281 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6282 if (*str)
6283 return 1;
6284#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006285#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006286 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6287 if (*str)
6288 return 1;
6289#endif
6290 return 0;
6291}
6292
Willy Tarreau7875d092012-09-10 08:20:03 +02006293/***** Below are some sample fetching functions for ACL/patterns *****/
6294
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006295static int
6296smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6297{
6298 struct connection *conn;
6299
6300 conn = objt_conn(smp->sess->origin);
6301 if (!conn || conn->xprt != &ssl_sock)
6302 return 0;
6303
6304 smp->flags = 0;
6305 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006306 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6307 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006308
6309 return 1;
6310}
6311
Emeric Brune64aef12012-09-21 13:15:06 +02006312/* boolean, returns true if client cert was present */
6313static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006314smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006315{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006316 struct connection *conn;
6317
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006318 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006319 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006320 return 0;
6321
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006322 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006323 smp->flags |= SMP_F_MAY_CHANGE;
6324 return 0;
6325 }
6326
6327 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006328 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006329 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006330
6331 return 1;
6332}
6333
Emeric Brun43e79582014-10-29 19:03:26 +01006334/* binary, returns a certificate in a binary chunk (der/raw).
6335 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6336 * should be use.
6337 */
6338static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006339smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006340{
6341 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6342 X509 *crt = NULL;
6343 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006344 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006345 struct connection *conn;
6346
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006347 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006348 if (!conn || conn->xprt != &ssl_sock)
6349 return 0;
6350
6351 if (!(conn->flags & CO_FL_CONNECTED)) {
6352 smp->flags |= SMP_F_MAY_CHANGE;
6353 return 0;
6354 }
6355
6356 if (cert_peer)
6357 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6358 else
6359 crt = SSL_get_certificate(conn->xprt_ctx);
6360
6361 if (!crt)
6362 goto out;
6363
6364 smp_trash = get_trash_chunk();
6365 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6366 goto out;
6367
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006368 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006369 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006370 ret = 1;
6371out:
6372 /* SSL_get_peer_certificate, it increase X509 * ref count */
6373 if (cert_peer && crt)
6374 X509_free(crt);
6375 return ret;
6376}
6377
Emeric Brunba841a12014-04-30 17:05:08 +02006378/* binary, returns serial of certificate in a binary chunk.
6379 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6380 * should be use.
6381 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006382static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006383smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006384{
Emeric Brunba841a12014-04-30 17:05:08 +02006385 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006386 X509 *crt = NULL;
6387 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006388 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006389 struct connection *conn;
6390
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006391 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006392 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006393 return 0;
6394
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006395 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006396 smp->flags |= SMP_F_MAY_CHANGE;
6397 return 0;
6398 }
6399
Emeric Brunba841a12014-04-30 17:05:08 +02006400 if (cert_peer)
6401 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6402 else
6403 crt = SSL_get_certificate(conn->xprt_ctx);
6404
Willy Tarreau8d598402012-10-22 17:58:39 +02006405 if (!crt)
6406 goto out;
6407
Willy Tarreau47ca5452012-12-23 20:22:19 +01006408 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006409 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6410 goto out;
6411
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006412 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006413 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006414 ret = 1;
6415out:
Emeric Brunba841a12014-04-30 17:05:08 +02006416 /* SSL_get_peer_certificate, it increase X509 * ref count */
6417 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006418 X509_free(crt);
6419 return ret;
6420}
Emeric Brune64aef12012-09-21 13:15:06 +02006421
Emeric Brunba841a12014-04-30 17:05:08 +02006422/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6423 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6424 * should be use.
6425 */
James Votha051b4a2013-05-14 20:37:59 +02006426static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006427smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006428{
Emeric Brunba841a12014-04-30 17:05:08 +02006429 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006430 X509 *crt = NULL;
6431 const EVP_MD *digest;
6432 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006433 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006434 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006435
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006436 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006437 if (!conn || conn->xprt != &ssl_sock)
6438 return 0;
6439
6440 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006441 smp->flags |= SMP_F_MAY_CHANGE;
6442 return 0;
6443 }
6444
Emeric Brunba841a12014-04-30 17:05:08 +02006445 if (cert_peer)
6446 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6447 else
6448 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006449 if (!crt)
6450 goto out;
6451
6452 smp_trash = get_trash_chunk();
6453 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006454 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6455 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006456
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006457 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006458 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006459 ret = 1;
6460out:
Emeric Brunba841a12014-04-30 17:05:08 +02006461 /* SSL_get_peer_certificate, it increase X509 * ref count */
6462 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006463 X509_free(crt);
6464 return ret;
6465}
6466
Emeric Brunba841a12014-04-30 17:05:08 +02006467/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6468 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6469 * should be use.
6470 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006471static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006472smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006473{
Emeric Brunba841a12014-04-30 17:05:08 +02006474 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006475 X509 *crt = NULL;
6476 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006477 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006478 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006479
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006480 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006481 if (!conn || conn->xprt != &ssl_sock)
6482 return 0;
6483
6484 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006485 smp->flags |= SMP_F_MAY_CHANGE;
6486 return 0;
6487 }
6488
Emeric Brunba841a12014-04-30 17:05:08 +02006489 if (cert_peer)
6490 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6491 else
6492 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006493 if (!crt)
6494 goto out;
6495
Willy Tarreau47ca5452012-12-23 20:22:19 +01006496 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006497 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006498 goto out;
6499
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006500 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006501 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006502 ret = 1;
6503out:
Emeric Brunba841a12014-04-30 17:05:08 +02006504 /* SSL_get_peer_certificate, it increase X509 * ref count */
6505 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006506 X509_free(crt);
6507 return ret;
6508}
6509
Emeric Brunba841a12014-04-30 17:05:08 +02006510/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6511 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6512 * should be use.
6513 */
Emeric Brun87855892012-10-17 17:39:35 +02006514static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006515smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006516{
Emeric Brunba841a12014-04-30 17:05:08 +02006517 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006518 X509 *crt = NULL;
6519 X509_NAME *name;
6520 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006521 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006522 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006523
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006524 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006525 if (!conn || conn->xprt != &ssl_sock)
6526 return 0;
6527
6528 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006529 smp->flags |= SMP_F_MAY_CHANGE;
6530 return 0;
6531 }
6532
Emeric Brunba841a12014-04-30 17:05:08 +02006533 if (cert_peer)
6534 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6535 else
6536 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006537 if (!crt)
6538 goto out;
6539
6540 name = X509_get_issuer_name(crt);
6541 if (!name)
6542 goto out;
6543
Willy Tarreau47ca5452012-12-23 20:22:19 +01006544 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006545 if (args && args[0].type == ARGT_STR) {
6546 int pos = 1;
6547
6548 if (args[1].type == ARGT_SINT)
6549 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006550
6551 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6552 goto out;
6553 }
6554 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6555 goto out;
6556
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006557 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006558 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006559 ret = 1;
6560out:
Emeric Brunba841a12014-04-30 17:05:08 +02006561 /* SSL_get_peer_certificate, it increase X509 * ref count */
6562 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006563 X509_free(crt);
6564 return ret;
6565}
6566
Emeric Brunba841a12014-04-30 17:05:08 +02006567/* string, returns notbefore date in ASN1_UTCTIME format.
6568 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6569 * should be use.
6570 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006571static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006572smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006573{
Emeric Brunba841a12014-04-30 17:05:08 +02006574 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006575 X509 *crt = NULL;
6576 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006577 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006578 struct connection *conn;
6579
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006580 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006581 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006582 return 0;
6583
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006584 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006585 smp->flags |= SMP_F_MAY_CHANGE;
6586 return 0;
6587 }
6588
Emeric Brunba841a12014-04-30 17:05:08 +02006589 if (cert_peer)
6590 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6591 else
6592 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006593 if (!crt)
6594 goto out;
6595
Willy Tarreau47ca5452012-12-23 20:22:19 +01006596 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006597 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006598 goto out;
6599
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006600 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006601 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006602 ret = 1;
6603out:
Emeric Brunba841a12014-04-30 17:05:08 +02006604 /* SSL_get_peer_certificate, it increase X509 * ref count */
6605 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006606 X509_free(crt);
6607 return ret;
6608}
6609
Emeric Brunba841a12014-04-30 17:05:08 +02006610/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6611 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6612 * should be use.
6613 */
Emeric Brun87855892012-10-17 17:39:35 +02006614static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006615smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006616{
Emeric Brunba841a12014-04-30 17:05:08 +02006617 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006618 X509 *crt = NULL;
6619 X509_NAME *name;
6620 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006621 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006622 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006623
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006624 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006625 if (!conn || conn->xprt != &ssl_sock)
6626 return 0;
6627
6628 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006629 smp->flags |= SMP_F_MAY_CHANGE;
6630 return 0;
6631 }
6632
Emeric Brunba841a12014-04-30 17:05:08 +02006633 if (cert_peer)
6634 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6635 else
6636 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006637 if (!crt)
6638 goto out;
6639
6640 name = X509_get_subject_name(crt);
6641 if (!name)
6642 goto out;
6643
Willy Tarreau47ca5452012-12-23 20:22:19 +01006644 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006645 if (args && args[0].type == ARGT_STR) {
6646 int pos = 1;
6647
6648 if (args[1].type == ARGT_SINT)
6649 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006650
6651 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6652 goto out;
6653 }
6654 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6655 goto out;
6656
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006657 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006658 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006659 ret = 1;
6660out:
Emeric Brunba841a12014-04-30 17:05:08 +02006661 /* SSL_get_peer_certificate, it increase X509 * ref count */
6662 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006663 X509_free(crt);
6664 return ret;
6665}
Emeric Brun9143d372012-12-20 15:44:16 +01006666
6667/* integer, returns true if current session use a client certificate */
6668static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006669smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006670{
6671 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006672 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006673
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006674 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006675 if (!conn || conn->xprt != &ssl_sock)
6676 return 0;
6677
6678 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006679 smp->flags |= SMP_F_MAY_CHANGE;
6680 return 0;
6681 }
6682
6683 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006684 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006685 if (crt) {
6686 X509_free(crt);
6687 }
6688
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006689 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006690 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006691 return 1;
6692}
6693
Emeric Brunba841a12014-04-30 17:05:08 +02006694/* integer, returns the certificate version
6695 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6696 * should be use.
6697 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006698static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006699smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006700{
Emeric Brunba841a12014-04-30 17:05:08 +02006701 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006702 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006703 struct connection *conn;
6704
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006705 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006706 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006707 return 0;
6708
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006709 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006710 smp->flags |= SMP_F_MAY_CHANGE;
6711 return 0;
6712 }
6713
Emeric Brunba841a12014-04-30 17:05:08 +02006714 if (cert_peer)
6715 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6716 else
6717 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006718 if (!crt)
6719 return 0;
6720
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006721 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006722 /* SSL_get_peer_certificate increase X509 * ref count */
6723 if (cert_peer)
6724 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006725 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006726
6727 return 1;
6728}
6729
Emeric Brunba841a12014-04-30 17:05:08 +02006730/* string, returns the certificate's signature algorithm.
6731 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6732 * should be use.
6733 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006734static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006735smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006736{
Emeric Brunba841a12014-04-30 17:05:08 +02006737 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006738 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006739 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006740 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006741 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006742
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006743 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006744 if (!conn || conn->xprt != &ssl_sock)
6745 return 0;
6746
6747 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006748 smp->flags |= SMP_F_MAY_CHANGE;
6749 return 0;
6750 }
6751
Emeric Brunba841a12014-04-30 17:05:08 +02006752 if (cert_peer)
6753 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6754 else
6755 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006756 if (!crt)
6757 return 0;
6758
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006759 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6760 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006761
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006762 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6763 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006764 /* SSL_get_peer_certificate increase X509 * ref count */
6765 if (cert_peer)
6766 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006767 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006768 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006769
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006770 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006771 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006772 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006773 /* SSL_get_peer_certificate increase X509 * ref count */
6774 if (cert_peer)
6775 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006776
6777 return 1;
6778}
6779
Emeric Brunba841a12014-04-30 17:05:08 +02006780/* string, returns the certificate's key algorithm.
6781 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6782 * should be use.
6783 */
Emeric Brun521a0112012-10-22 12:22:55 +02006784static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006785smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006786{
Emeric Brunba841a12014-04-30 17:05:08 +02006787 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006788 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006789 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006790 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006791 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006792
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006793 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006794 if (!conn || conn->xprt != &ssl_sock)
6795 return 0;
6796
6797 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006798 smp->flags |= SMP_F_MAY_CHANGE;
6799 return 0;
6800 }
6801
Emeric Brunba841a12014-04-30 17:05:08 +02006802 if (cert_peer)
6803 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6804 else
6805 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006806 if (!crt)
6807 return 0;
6808
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006809 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6810 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006811
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006812 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6813 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006814 /* SSL_get_peer_certificate increase X509 * ref count */
6815 if (cert_peer)
6816 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006817 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006818 }
Emeric Brun521a0112012-10-22 12:22:55 +02006819
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006820 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006821 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006822 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006823 if (cert_peer)
6824 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006825
6826 return 1;
6827}
6828
Emeric Brun645ae792014-04-30 14:21:06 +02006829/* boolean, returns true if front conn. transport layer is SSL.
6830 * This function is also usable on backend conn if the fetch keyword 5th
6831 * char is 'b'.
6832 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006833static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006834smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006835{
Emeric Bruneb8def92018-02-19 15:59:48 +01006836 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6837 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006838
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006839 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006840 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006841 return 1;
6842}
6843
Emeric Brun2525b6b2012-10-18 15:59:43 +02006844/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006845static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006846smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006847{
6848#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006849 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006850
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006851 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006852 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006853 conn->xprt_ctx &&
6854 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006855 return 1;
6856#else
6857 return 0;
6858#endif
6859}
6860
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006861/* boolean, returns true if client session has been resumed.
6862 * This function is also usable on backend conn if the fetch keyword 5th
6863 * char is 'b'.
6864 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006865static int
6866smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6867{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006868 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6869 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6870
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006871
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006872 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006873 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006874 conn->xprt_ctx &&
6875 SSL_session_reused(conn->xprt_ctx);
6876 return 1;
6877}
6878
Emeric Brun645ae792014-04-30 14:21:06 +02006879/* string, returns the used cipher if front conn. transport layer is SSL.
6880 * This function is also usable on backend conn if the fetch keyword 5th
6881 * char is 'b'.
6882 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006883static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006884smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006885{
Emeric Bruneb8def92018-02-19 15:59:48 +01006886 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6887 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006888
Willy Tarreaube508f12016-03-10 11:47:01 +01006889 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006890 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006891 return 0;
6892
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006893 smp->data.u.str.area = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6894 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02006895 return 0;
6896
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006897 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006898 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006899 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02006900
6901 return 1;
6902}
6903
Emeric Brun645ae792014-04-30 14:21:06 +02006904/* integer, returns the algoritm's keysize if front conn. transport layer
6905 * is SSL.
6906 * This function is also usable on backend conn if the fetch keyword 5th
6907 * char is 'b'.
6908 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006909static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006910smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006911{
Emeric Bruneb8def92018-02-19 15:59:48 +01006912 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6913 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006914 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006915
Emeric Brun589fcad2012-10-16 14:13:26 +02006916 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006917 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006918 return 0;
6919
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006920 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006921 return 0;
6922
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006923 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006924 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006925
6926 return 1;
6927}
6928
Emeric Brun645ae792014-04-30 14:21:06 +02006929/* integer, returns the used keysize if front conn. transport layer is SSL.
6930 * This function is also usable on backend conn if the fetch keyword 5th
6931 * char is 'b'.
6932 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006933static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006934smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006935{
Emeric Bruneb8def92018-02-19 15:59:48 +01006936 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6937 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006938
Emeric Brun589fcad2012-10-16 14:13:26 +02006939 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006940 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6941 return 0;
6942
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006943 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6944 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006945 return 0;
6946
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006947 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006948
6949 return 1;
6950}
6951
Bernard Spil13c53f82018-02-15 13:34:58 +01006952#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02006953static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006954smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006955{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006956 struct connection *conn;
6957
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006958 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006959 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006960
Olivier Houchard6b77f492018-11-22 18:18:29 +01006961 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
6962 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006963 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6964 return 0;
6965
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006966 smp->data.u.str.area = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006967 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006968 (const unsigned char **)&smp->data.u.str.area,
6969 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006970
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006971 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006972 return 0;
6973
6974 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006975}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006976#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006977
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006978#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006979static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006980smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006981{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006982 struct connection *conn;
6983
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006984 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006985 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006986
Olivier Houchard6b77f492018-11-22 18:18:29 +01006987 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
6988 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6989
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006990 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006991 return 0;
6992
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006993 smp->data.u.str.area = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006994 SSL_get0_alpn_selected(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006995 (const unsigned char **)&smp->data.u.str.area,
6996 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02006997
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006998 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02006999 return 0;
7000
7001 return 1;
7002}
7003#endif
7004
Emeric Brun645ae792014-04-30 14:21:06 +02007005/* string, returns the used protocol if front conn. transport layer is SSL.
7006 * This function is also usable on backend conn if the fetch keyword 5th
7007 * char is 'b'.
7008 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007009static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007010smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007011{
Emeric Bruneb8def92018-02-19 15:59:48 +01007012 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7013 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01007014
Emeric Brun589fcad2012-10-16 14:13:26 +02007015 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007016 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7017 return 0;
7018
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007019 smp->data.u.str.area = (char *)SSL_get_version(conn->xprt_ctx);
7020 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007021 return 0;
7022
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007023 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007024 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007025 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007026
7027 return 1;
7028}
7029
Willy Tarreau87b09662015-04-03 00:22:06 +02007030/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007031 * This function is also usable on backend conn if the fetch keyword 5th
7032 * char is 'b'.
7033 */
Patrick Hemmer41966772018-04-28 19:15:48 -04007034#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007035static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007036smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007037{
Emeric Bruneb8def92018-02-19 15:59:48 +01007038 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7039 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007040 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01007041
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007042 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007043 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007044
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007045 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7046 return 0;
7047
Willy Tarreau192252e2015-04-04 01:47:55 +02007048 ssl_sess = SSL_get_session(conn->xprt_ctx);
7049 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007050 return 0;
7051
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007052 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7053 (unsigned int *)&smp->data.u.str.data);
7054 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007055 return 0;
7056
7057 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007058}
Patrick Hemmer41966772018-04-28 19:15:48 -04007059#endif
7060
Emeric Brunfe68f682012-10-16 14:59:28 +02007061
Patrick Hemmere0275472018-04-28 19:15:51 -04007062#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
7063static int
7064smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7065{
7066 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7067 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7068 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007069 struct buffer *data;
Patrick Hemmere0275472018-04-28 19:15:51 -04007070
7071 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7072 return 0;
7073
7074 ssl_sess = SSL_get_session(conn->xprt_ctx);
7075 if (!ssl_sess)
7076 return 0;
7077
7078 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007079 data->data = SSL_SESSION_get_master_key(ssl_sess,
7080 (unsigned char *) data->area,
7081 data->size);
7082 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007083 return 0;
7084
7085 smp->flags = 0;
7086 smp->data.type = SMP_T_BIN;
7087 smp->data.u.str = *data;
7088
7089 return 1;
7090}
7091#endif
7092
Patrick Hemmer41966772018-04-28 19:15:48 -04007093#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007094static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007095smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007096{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007097 struct connection *conn;
7098
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007099 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007100 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007101
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007102 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007103 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7104 return 0;
7105
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007106 smp->data.u.str.area = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
7107 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007108 return 0;
7109
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007110 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007111 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007112}
Patrick Hemmer41966772018-04-28 19:15:48 -04007113#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007114
David Sc1ad52e2014-04-08 18:48:47 -04007115static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007116smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7117{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007118 struct connection *conn;
7119 struct ssl_capture *capture;
7120
7121 conn = objt_conn(smp->sess->origin);
7122 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7123 return 0;
7124
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007125 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007126 if (!capture)
7127 return 0;
7128
7129 smp->flags = SMP_F_CONST;
7130 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007131 smp->data.u.str.area = capture->ciphersuite;
7132 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007133 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007134}
7135
7136static int
7137smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7138{
Willy Tarreau83061a82018-07-13 11:56:34 +02007139 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007140
7141 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7142 return 0;
7143
7144 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007145 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007146 smp->data.type = SMP_T_BIN;
7147 smp->data.u.str = *data;
7148 return 1;
7149}
7150
7151static int
7152smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7153{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007154 struct connection *conn;
7155 struct ssl_capture *capture;
7156
7157 conn = objt_conn(smp->sess->origin);
7158 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7159 return 0;
7160
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007161 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007162 if (!capture)
7163 return 0;
7164
7165 smp->data.type = SMP_T_SINT;
7166 smp->data.u.sint = capture->xxh64;
7167 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007168}
7169
7170static int
7171smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7172{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007173#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Willy Tarreau83061a82018-07-13 11:56:34 +02007174 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007175 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007176
7177 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7178 return 0;
7179
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007180 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007181 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007182 const char *str;
7183 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007184 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007185 uint16_t id = (bin[0] << 8) | bin[1];
7186#if defined(OPENSSL_IS_BORINGSSL)
7187 cipher = SSL_get_cipher_by_value(id);
7188#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007189 struct connection *conn = __objt_conn(smp->sess->origin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007190 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
7191#endif
7192 str = SSL_CIPHER_get_name(cipher);
7193 if (!str || strcmp(str, "(NONE)") == 0)
7194 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007195 else
7196 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7197 }
7198 smp->data.type = SMP_T_STR;
7199 smp->data.u.str = *data;
7200 return 1;
7201#else
7202 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7203#endif
7204}
7205
Patrick Hemmer41966772018-04-28 19:15:48 -04007206#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007207static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007208smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007209{
Emeric Bruneb8def92018-02-19 15:59:48 +01007210 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7211 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007212 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007213 struct buffer *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007214
7215 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007216 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7217 return 0;
7218
7219 if (!(conn->flags & CO_FL_CONNECTED)) {
7220 smp->flags |= SMP_F_MAY_CHANGE;
7221 return 0;
7222 }
7223
7224 finished_trash = get_trash_chunk();
7225 if (!SSL_session_reused(conn->xprt_ctx))
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007226 finished_len = SSL_get_peer_finished(conn->xprt_ctx,
7227 finished_trash->area,
7228 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007229 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007230 finished_len = SSL_get_finished(conn->xprt_ctx,
7231 finished_trash->area,
7232 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007233
7234 if (!finished_len)
7235 return 0;
7236
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007237 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007238 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007239 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007240
7241 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007242}
Patrick Hemmer41966772018-04-28 19:15:48 -04007243#endif
David Sc1ad52e2014-04-08 18:48:47 -04007244
Emeric Brun2525b6b2012-10-18 15:59:43 +02007245/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007246static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007247smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007248{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007249 struct connection *conn;
7250
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007251 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007252 if (!conn || conn->xprt != &ssl_sock)
7253 return 0;
7254
7255 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007256 smp->flags = SMP_F_MAY_CHANGE;
7257 return 0;
7258 }
7259
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007260 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007261 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007262 smp->flags = 0;
7263
7264 return 1;
7265}
7266
Emeric Brun2525b6b2012-10-18 15:59:43 +02007267/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007268static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007269smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007270{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007271 struct connection *conn;
7272
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007273 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007274 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007275 return 0;
7276
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007277 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007278 smp->flags = SMP_F_MAY_CHANGE;
7279 return 0;
7280 }
7281
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007282 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007283 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007284 smp->flags = 0;
7285
7286 return 1;
7287}
7288
Emeric Brun2525b6b2012-10-18 15:59:43 +02007289/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007290static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007291smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007292{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007293 struct connection *conn;
7294
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007295 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007296 if (!conn || conn->xprt != &ssl_sock)
7297 return 0;
7298
7299 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007300 smp->flags = SMP_F_MAY_CHANGE;
7301 return 0;
7302 }
7303
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007304 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007305 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007306 smp->flags = 0;
7307
7308 return 1;
7309}
7310
Emeric Brun2525b6b2012-10-18 15:59:43 +02007311/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007312static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007313smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007314{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007315 struct connection *conn;
7316
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007317 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007318 if (!conn || conn->xprt != &ssl_sock)
7319 return 0;
7320
7321 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007322 smp->flags = SMP_F_MAY_CHANGE;
7323 return 0;
7324 }
7325
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007326 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007327 return 0;
7328
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007329 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007330 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007331 smp->flags = 0;
7332
7333 return 1;
7334}
7335
Emeric Brunfb510ea2012-10-05 12:00:26 +02007336/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007337static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007338{
7339 if (!*args[cur_arg + 1]) {
7340 if (err)
7341 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7342 return ERR_ALERT | ERR_FATAL;
7343 }
7344
Willy Tarreauef934602016-12-22 23:12:01 +01007345 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7346 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007347 else
7348 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007349
Emeric Brund94b3fe2012-09-20 18:23:56 +02007350 return 0;
7351}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007352static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7353{
7354 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7355}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007356
Christopher Faulet31af49d2015-06-09 17:29:50 +02007357/* parse the "ca-sign-file" bind keyword */
7358static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7359{
7360 if (!*args[cur_arg + 1]) {
7361 if (err)
7362 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7363 return ERR_ALERT | ERR_FATAL;
7364 }
7365
Willy Tarreauef934602016-12-22 23:12:01 +01007366 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7367 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007368 else
7369 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7370
7371 return 0;
7372}
7373
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007374/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007375static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7376{
7377 if (!*args[cur_arg + 1]) {
7378 if (err)
7379 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7380 return ERR_ALERT | ERR_FATAL;
7381 }
7382 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7383 return 0;
7384}
7385
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007386/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007387static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007388{
7389 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007390 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007391 return ERR_ALERT | ERR_FATAL;
7392 }
7393
Emeric Brun76d88952012-10-05 15:47:31 +02007394 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007395 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007396 return 0;
7397}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007398static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7399{
7400 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7401}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007402
7403#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
7404/* parse the "ciphersuites" bind keyword */
7405static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7406{
7407 if (!*args[cur_arg + 1]) {
7408 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7409 return ERR_ALERT | ERR_FATAL;
7410 }
7411
7412 free(conf->ciphersuites);
7413 conf->ciphersuites = strdup(args[cur_arg + 1]);
7414 return 0;
7415}
7416static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7417{
7418 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7419}
7420#endif
7421
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007422/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007423static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007424{
Willy Tarreau38011032013-08-13 16:59:39 +02007425 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007426
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007427 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007428 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007429 return ERR_ALERT | ERR_FATAL;
7430 }
7431
Willy Tarreauef934602016-12-22 23:12:01 +01007432 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7433 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007434 memprintf(err, "'%s' : path too long", args[cur_arg]);
7435 return ERR_ALERT | ERR_FATAL;
7436 }
Willy Tarreauef934602016-12-22 23:12:01 +01007437 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007438 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007439 return ERR_ALERT | ERR_FATAL;
7440
7441 return 0;
7442 }
7443
Willy Tarreau03209342016-12-22 17:08:28 +01007444 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007445 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007446
7447 return 0;
7448}
7449
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007450/* parse the "crt-list" bind keyword */
7451static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7452{
7453 if (!*args[cur_arg + 1]) {
7454 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7455 return ERR_ALERT | ERR_FATAL;
7456 }
7457
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007458 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007459 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007460 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007461 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007462
7463 return 0;
7464}
7465
Emeric Brunfb510ea2012-10-05 12:00:26 +02007466/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007467static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007468{
Emeric Brun051cdab2012-10-02 19:25:50 +02007469#ifndef X509_V_FLAG_CRL_CHECK
7470 if (err)
7471 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7472 return ERR_ALERT | ERR_FATAL;
7473#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007474 if (!*args[cur_arg + 1]) {
7475 if (err)
7476 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7477 return ERR_ALERT | ERR_FATAL;
7478 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007479
Willy Tarreauef934602016-12-22 23:12:01 +01007480 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7481 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007482 else
7483 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007484
Emeric Brun2b58d042012-09-20 17:10:03 +02007485 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007486#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007487}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007488static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7489{
7490 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7491}
Emeric Brun2b58d042012-09-20 17:10:03 +02007492
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007493/* parse the "curves" bind keyword keyword */
7494static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7495{
7496#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7497 if (!*args[cur_arg + 1]) {
7498 if (err)
7499 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7500 return ERR_ALERT | ERR_FATAL;
7501 }
7502 conf->curves = strdup(args[cur_arg + 1]);
7503 return 0;
7504#else
7505 if (err)
7506 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7507 return ERR_ALERT | ERR_FATAL;
7508#endif
7509}
7510static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7511{
7512 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7513}
7514
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007515/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007516static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007517{
7518#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7519 if (err)
7520 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7521 return ERR_ALERT | ERR_FATAL;
7522#elif defined(OPENSSL_NO_ECDH)
7523 if (err)
7524 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7525 return ERR_ALERT | ERR_FATAL;
7526#else
7527 if (!*args[cur_arg + 1]) {
7528 if (err)
7529 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7530 return ERR_ALERT | ERR_FATAL;
7531 }
7532
7533 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007534
7535 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007536#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007537}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007538static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7539{
7540 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7541}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007542
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007543/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007544static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7545{
7546 int code;
7547 char *p = args[cur_arg + 1];
7548 unsigned long long *ignerr = &conf->crt_ignerr;
7549
7550 if (!*p) {
7551 if (err)
7552 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7553 return ERR_ALERT | ERR_FATAL;
7554 }
7555
7556 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7557 ignerr = &conf->ca_ignerr;
7558
7559 if (strcmp(p, "all") == 0) {
7560 *ignerr = ~0ULL;
7561 return 0;
7562 }
7563
7564 while (p) {
7565 code = atoi(p);
7566 if ((code <= 0) || (code > 63)) {
7567 if (err)
7568 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7569 args[cur_arg], code, args[cur_arg + 1]);
7570 return ERR_ALERT | ERR_FATAL;
7571 }
7572 *ignerr |= 1ULL << code;
7573 p = strchr(p, ',');
7574 if (p)
7575 p++;
7576 }
7577
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007578 return 0;
7579}
7580
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007581/* parse tls_method_options "no-xxx" and "force-xxx" */
7582static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007583{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007584 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007585 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007586 p = strchr(arg, '-');
7587 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007588 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007589 p++;
7590 if (!strcmp(p, "sslv3"))
7591 v = CONF_SSLV3;
7592 else if (!strcmp(p, "tlsv10"))
7593 v = CONF_TLSV10;
7594 else if (!strcmp(p, "tlsv11"))
7595 v = CONF_TLSV11;
7596 else if (!strcmp(p, "tlsv12"))
7597 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007598 else if (!strcmp(p, "tlsv13"))
7599 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007600 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007601 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007602 if (!strncmp(arg, "no-", 3))
7603 methods->flags |= methodVersions[v].flag;
7604 else if (!strncmp(arg, "force-", 6))
7605 methods->min = methods->max = v;
7606 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007607 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007608 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007609 fail:
7610 if (err)
7611 memprintf(err, "'%s' : option not implemented", arg);
7612 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007613}
7614
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007615static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007616{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007617 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007618}
7619
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007620static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007621{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007622 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7623}
7624
7625/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7626static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7627{
7628 uint16_t i, v = 0;
7629 char *argv = args[cur_arg + 1];
7630 if (!*argv) {
7631 if (err)
7632 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7633 return ERR_ALERT | ERR_FATAL;
7634 }
7635 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7636 if (!strcmp(argv, methodVersions[i].name))
7637 v = i;
7638 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007639 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007640 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007641 return ERR_ALERT | ERR_FATAL;
7642 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007643 if (!strcmp("ssl-min-ver", args[cur_arg]))
7644 methods->min = v;
7645 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7646 methods->max = v;
7647 else {
7648 if (err)
7649 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7650 return ERR_ALERT | ERR_FATAL;
7651 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007652 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007653}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007654
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007655static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7656{
Lukas Tribus1aabc932019-03-05 23:14:32 +01007657#if (OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007658 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007659#endif
7660 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7661}
7662
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007663static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7664{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007665 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007666}
7667
7668static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7669{
7670 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7671}
7672
Emeric Brun2d0c4822012-10-02 13:45:20 +02007673/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007674static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007675{
Emeric Brun89675492012-10-05 13:48:26 +02007676 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007677 return 0;
7678}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007679
Olivier Houchardc2aae742017-09-22 18:26:28 +02007680/* parse the "allow-0rtt" bind keyword */
7681static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7682{
7683 conf->early_data = 1;
7684 return 0;
7685}
7686
7687static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7688{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007689 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007690 return 0;
7691}
7692
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007693/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007694static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007695{
Bernard Spil13c53f82018-02-15 13:34:58 +01007696#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007697 char *p1, *p2;
7698
7699 if (!*args[cur_arg + 1]) {
7700 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7701 return ERR_ALERT | ERR_FATAL;
7702 }
7703
7704 free(conf->npn_str);
7705
Willy Tarreau3724da12016-02-12 17:11:12 +01007706 /* the NPN string is built as a suite of (<len> <name>)*,
7707 * so we reuse each comma to store the next <len> and need
7708 * one more for the end of the string.
7709 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007710 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007711 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007712 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7713
7714 /* replace commas with the name length */
7715 p1 = conf->npn_str;
7716 p2 = p1 + 1;
7717 while (1) {
7718 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7719 if (!p2)
7720 p2 = p1 + 1 + strlen(p1 + 1);
7721
7722 if (p2 - (p1 + 1) > 255) {
7723 *p2 = '\0';
7724 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7725 return ERR_ALERT | ERR_FATAL;
7726 }
7727
7728 *p1 = p2 - (p1 + 1);
7729 p1 = p2;
7730
7731 if (!*p2)
7732 break;
7733
7734 *(p2++) = '\0';
7735 }
7736 return 0;
7737#else
7738 if (err)
7739 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7740 return ERR_ALERT | ERR_FATAL;
7741#endif
7742}
7743
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007744static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7745{
7746 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7747}
7748
Willy Tarreauab861d32013-04-02 02:30:41 +02007749/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007750static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007751{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007752#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007753 char *p1, *p2;
7754
7755 if (!*args[cur_arg + 1]) {
7756 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7757 return ERR_ALERT | ERR_FATAL;
7758 }
7759
7760 free(conf->alpn_str);
7761
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007762 /* the ALPN string is built as a suite of (<len> <name>)*,
7763 * so we reuse each comma to store the next <len> and need
7764 * one more for the end of the string.
7765 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007766 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007767 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007768 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7769
7770 /* replace commas with the name length */
7771 p1 = conf->alpn_str;
7772 p2 = p1 + 1;
7773 while (1) {
7774 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7775 if (!p2)
7776 p2 = p1 + 1 + strlen(p1 + 1);
7777
7778 if (p2 - (p1 + 1) > 255) {
7779 *p2 = '\0';
7780 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7781 return ERR_ALERT | ERR_FATAL;
7782 }
7783
7784 *p1 = p2 - (p1 + 1);
7785 p1 = p2;
7786
7787 if (!*p2)
7788 break;
7789
7790 *(p2++) = '\0';
7791 }
7792 return 0;
7793#else
7794 if (err)
7795 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7796 return ERR_ALERT | ERR_FATAL;
7797#endif
7798}
7799
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007800static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7801{
7802 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7803}
7804
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007805/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007806static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007807{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007808 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007809 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007810
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007811 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7812 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007813#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
7814 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
7815 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
7816#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007817 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007818 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7819 if (!conf->ssl_conf.ssl_methods.min)
7820 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7821 if (!conf->ssl_conf.ssl_methods.max)
7822 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007823
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007824 return 0;
7825}
7826
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007827/* parse the "prefer-client-ciphers" bind keyword */
7828static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7829{
7830 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7831 return 0;
7832}
7833
Christopher Faulet31af49d2015-06-09 17:29:50 +02007834/* parse the "generate-certificates" bind keyword */
7835static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7836{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007837#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007838 conf->generate_certs = 1;
7839#else
7840 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7841 err && *err ? *err : "");
7842#endif
7843 return 0;
7844}
7845
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007846/* parse the "strict-sni" bind keyword */
7847static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7848{
7849 conf->strict_sni = 1;
7850 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007851}
7852
7853/* parse the "tls-ticket-keys" bind keyword */
7854static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7855{
7856#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7857 FILE *f;
7858 int i = 0;
7859 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007860 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007861
7862 if (!*args[cur_arg + 1]) {
7863 if (err)
7864 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7865 return ERR_ALERT | ERR_FATAL;
7866 }
7867
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007868 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007869 if (keys_ref) {
7870 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007871 conf->keys_ref = keys_ref;
7872 return 0;
7873 }
7874
Vincent Bernat02779b62016-04-03 13:48:43 +02007875 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01007876 if (!keys_ref) {
7877 if (err)
7878 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7879 return ERR_ALERT | ERR_FATAL;
7880 }
7881
Emeric Brun9e754772019-01-10 17:51:55 +01007882 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01007883 if (!keys_ref->tlskeys) {
7884 free(keys_ref);
7885 if (err)
7886 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7887 return ERR_ALERT | ERR_FATAL;
7888 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007889
7890 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01007891 free(keys_ref->tlskeys);
7892 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007893 if (err)
7894 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7895 return ERR_ALERT | ERR_FATAL;
7896 }
7897
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007898 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01007899 if (!keys_ref->filename) {
7900 free(keys_ref->tlskeys);
7901 free(keys_ref);
7902 if (err)
7903 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7904 return ERR_ALERT | ERR_FATAL;
7905 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007906
Emeric Brun9e754772019-01-10 17:51:55 +01007907 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007908 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7909 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01007910 int dec_size;
7911
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007912 /* Strip newline characters from the end */
7913 if(thisline[len - 1] == '\n')
7914 thisline[--len] = 0;
7915
7916 if(thisline[len - 1] == '\r')
7917 thisline[--len] = 0;
7918
Emeric Brun9e754772019-01-10 17:51:55 +01007919 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
7920 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01007921 free(keys_ref->filename);
7922 free(keys_ref->tlskeys);
7923 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007924 if (err)
7925 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007926 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007927 return ERR_ALERT | ERR_FATAL;
7928 }
Emeric Brun9e754772019-01-10 17:51:55 +01007929 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
7930 keys_ref->key_size_bits = 128;
7931 }
7932 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
7933 keys_ref->key_size_bits = 256;
7934 }
7935 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
7936 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
7937 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
7938 free(keys_ref->filename);
7939 free(keys_ref->tlskeys);
7940 free(keys_ref);
7941 if (err)
7942 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
7943 fclose(f);
7944 return ERR_ALERT | ERR_FATAL;
7945 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007946 i++;
7947 }
7948
7949 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01007950 free(keys_ref->filename);
7951 free(keys_ref->tlskeys);
7952 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007953 if (err)
7954 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007955 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007956 return ERR_ALERT | ERR_FATAL;
7957 }
7958
7959 fclose(f);
7960
7961 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007962 i -= 2;
7963 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007964 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007965 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007966 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007967 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007968
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007969 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7970
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007971 return 0;
7972#else
7973 if (err)
7974 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7975 return ERR_ALERT | ERR_FATAL;
7976#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007977}
7978
Emeric Brund94b3fe2012-09-20 18:23:56 +02007979/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007980static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007981{
7982 if (!*args[cur_arg + 1]) {
7983 if (err)
7984 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7985 return ERR_ALERT | ERR_FATAL;
7986 }
7987
7988 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007989 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007990 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007991 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007992 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007993 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007994 else {
7995 if (err)
7996 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7997 args[cur_arg], args[cur_arg + 1]);
7998 return ERR_ALERT | ERR_FATAL;
7999 }
8000
8001 return 0;
8002}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008003static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8004{
8005 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8006}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008007
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008008/* parse the "no-ca-names" bind keyword */
8009static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8010{
8011 conf->no_ca_names = 1;
8012 return 0;
8013}
8014static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8015{
8016 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8017}
8018
Willy Tarreau92faadf2012-10-10 23:04:25 +02008019/************** "server" keywords ****************/
8020
Olivier Houchardc7566002018-11-20 23:33:50 +01008021/* parse the "npn" bind keyword */
8022static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8023{
8024#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8025 char *p1, *p2;
8026
8027 if (!*args[*cur_arg + 1]) {
8028 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8029 return ERR_ALERT | ERR_FATAL;
8030 }
8031
8032 free(newsrv->ssl_ctx.npn_str);
8033
8034 /* the NPN string is built as a suite of (<len> <name>)*,
8035 * so we reuse each comma to store the next <len> and need
8036 * one more for the end of the string.
8037 */
8038 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8039 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8040 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8041 newsrv->ssl_ctx.npn_len);
8042
8043 /* replace commas with the name length */
8044 p1 = newsrv->ssl_ctx.npn_str;
8045 p2 = p1 + 1;
8046 while (1) {
8047 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8048 newsrv->ssl_ctx.npn_len - (p1 + 1));
8049 if (!p2)
8050 p2 = p1 + 1 + strlen(p1 + 1);
8051
8052 if (p2 - (p1 + 1) > 255) {
8053 *p2 = '\0';
8054 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8055 return ERR_ALERT | ERR_FATAL;
8056 }
8057
8058 *p1 = p2 - (p1 + 1);
8059 p1 = p2;
8060
8061 if (!*p2)
8062 break;
8063
8064 *(p2++) = '\0';
8065 }
8066 return 0;
8067#else
8068 if (err)
8069 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8070 return ERR_ALERT | ERR_FATAL;
8071#endif
8072}
8073
Olivier Houchard92150142018-12-21 19:47:01 +01008074/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008075static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8076{
8077#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8078 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008079 char **alpn_str;
8080 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008081
Olivier Houchard92150142018-12-21 19:47:01 +01008082 if (*args[*cur_arg] == 'c') {
8083 alpn_str = &newsrv->check.alpn_str;
8084 alpn_len = &newsrv->check.alpn_len;
8085 } else {
8086 alpn_str = &newsrv->ssl_ctx.alpn_str;
8087 alpn_len = &newsrv->ssl_ctx.alpn_len;
8088
8089 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008090 if (!*args[*cur_arg + 1]) {
8091 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8092 return ERR_ALERT | ERR_FATAL;
8093 }
8094
Olivier Houchard92150142018-12-21 19:47:01 +01008095 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008096
8097 /* the ALPN string is built as a suite of (<len> <name>)*,
8098 * so we reuse each comma to store the next <len> and need
8099 * one more for the end of the string.
8100 */
Olivier Houchard92150142018-12-21 19:47:01 +01008101 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8102 *alpn_str = calloc(1, *alpn_len + 1);
8103 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008104
8105 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008106 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008107 p2 = p1 + 1;
8108 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008109 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008110 if (!p2)
8111 p2 = p1 + 1 + strlen(p1 + 1);
8112
8113 if (p2 - (p1 + 1) > 255) {
8114 *p2 = '\0';
8115 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8116 return ERR_ALERT | ERR_FATAL;
8117 }
8118
8119 *p1 = p2 - (p1 + 1);
8120 p1 = p2;
8121
8122 if (!*p2)
8123 break;
8124
8125 *(p2++) = '\0';
8126 }
8127 return 0;
8128#else
8129 if (err)
8130 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8131 return ERR_ALERT | ERR_FATAL;
8132#endif
8133}
8134
Emeric Brunef42d922012-10-11 16:11:36 +02008135/* parse the "ca-file" server keyword */
8136static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8137{
8138 if (!*args[*cur_arg + 1]) {
8139 if (err)
8140 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8141 return ERR_ALERT | ERR_FATAL;
8142 }
8143
Willy Tarreauef934602016-12-22 23:12:01 +01008144 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8145 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008146 else
8147 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8148
8149 return 0;
8150}
8151
Olivier Houchard9130a962017-10-17 17:33:43 +02008152/* parse the "check-sni" server keyword */
8153static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8154{
8155 if (!*args[*cur_arg + 1]) {
8156 if (err)
8157 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8158 return ERR_ALERT | ERR_FATAL;
8159 }
8160
8161 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8162 if (!newsrv->check.sni) {
8163 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8164 return ERR_ALERT | ERR_FATAL;
8165 }
8166 return 0;
8167
8168}
8169
Willy Tarreau92faadf2012-10-10 23:04:25 +02008170/* parse the "check-ssl" server keyword */
8171static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8172{
8173 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008174 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8175 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008176#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8177 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8178 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8179#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008180 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008181 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8182 if (!newsrv->ssl_ctx.methods.min)
8183 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8184 if (!newsrv->ssl_ctx.methods.max)
8185 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8186
Willy Tarreau92faadf2012-10-10 23:04:25 +02008187 return 0;
8188}
8189
8190/* parse the "ciphers" server keyword */
8191static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8192{
8193 if (!*args[*cur_arg + 1]) {
8194 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8195 return ERR_ALERT | ERR_FATAL;
8196 }
8197
8198 free(newsrv->ssl_ctx.ciphers);
8199 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8200 return 0;
8201}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008202
8203#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8204/* parse the "ciphersuites" server keyword */
8205static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8206{
8207 if (!*args[*cur_arg + 1]) {
8208 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8209 return ERR_ALERT | ERR_FATAL;
8210 }
8211
8212 free(newsrv->ssl_ctx.ciphersuites);
8213 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8214 return 0;
8215}
8216#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008217
Emeric Brunef42d922012-10-11 16:11:36 +02008218/* parse the "crl-file" server keyword */
8219static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8220{
8221#ifndef X509_V_FLAG_CRL_CHECK
8222 if (err)
8223 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8224 return ERR_ALERT | ERR_FATAL;
8225#else
8226 if (!*args[*cur_arg + 1]) {
8227 if (err)
8228 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8229 return ERR_ALERT | ERR_FATAL;
8230 }
8231
Willy Tarreauef934602016-12-22 23:12:01 +01008232 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8233 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008234 else
8235 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8236
8237 return 0;
8238#endif
8239}
8240
Emeric Bruna7aa3092012-10-26 12:58:00 +02008241/* parse the "crt" server keyword */
8242static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8243{
8244 if (!*args[*cur_arg + 1]) {
8245 if (err)
8246 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8247 return ERR_ALERT | ERR_FATAL;
8248 }
8249
Willy Tarreauef934602016-12-22 23:12:01 +01008250 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008251 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008252 else
8253 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8254
8255 return 0;
8256}
Emeric Brunef42d922012-10-11 16:11:36 +02008257
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008258/* parse the "no-check-ssl" server keyword */
8259static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8260{
8261 newsrv->check.use_ssl = 0;
8262 free(newsrv->ssl_ctx.ciphers);
8263 newsrv->ssl_ctx.ciphers = NULL;
8264 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8265 return 0;
8266}
8267
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008268/* parse the "no-send-proxy-v2-ssl" server keyword */
8269static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8270{
8271 newsrv->pp_opts &= ~SRV_PP_V2;
8272 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8273 return 0;
8274}
8275
8276/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8277static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8278{
8279 newsrv->pp_opts &= ~SRV_PP_V2;
8280 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8281 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8282 return 0;
8283}
8284
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008285/* parse the "no-ssl" server keyword */
8286static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8287{
8288 newsrv->use_ssl = 0;
8289 free(newsrv->ssl_ctx.ciphers);
8290 newsrv->ssl_ctx.ciphers = NULL;
8291 return 0;
8292}
8293
Olivier Houchard522eea72017-11-03 16:27:47 +01008294/* parse the "allow-0rtt" server keyword */
8295static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8296{
8297 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8298 return 0;
8299}
8300
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008301/* parse the "no-ssl-reuse" server keyword */
8302static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8303{
8304 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8305 return 0;
8306}
8307
Emeric Brunf9c5c472012-10-11 15:28:34 +02008308/* parse the "no-tls-tickets" server keyword */
8309static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8310{
8311 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8312 return 0;
8313}
David Safb76832014-05-08 23:42:08 -04008314/* parse the "send-proxy-v2-ssl" server keyword */
8315static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8316{
8317 newsrv->pp_opts |= SRV_PP_V2;
8318 newsrv->pp_opts |= SRV_PP_V2_SSL;
8319 return 0;
8320}
8321
8322/* parse the "send-proxy-v2-ssl-cn" server keyword */
8323static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8324{
8325 newsrv->pp_opts |= SRV_PP_V2;
8326 newsrv->pp_opts |= SRV_PP_V2_SSL;
8327 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8328 return 0;
8329}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008330
Willy Tarreau732eac42015-07-09 11:40:25 +02008331/* parse the "sni" server keyword */
8332static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8333{
8334#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8335 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8336 return ERR_ALERT | ERR_FATAL;
8337#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008338 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008339
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008340 arg = args[*cur_arg + 1];
8341 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008342 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8343 return ERR_ALERT | ERR_FATAL;
8344 }
8345
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008346 free(newsrv->sni_expr);
8347 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008348
Willy Tarreau732eac42015-07-09 11:40:25 +02008349 return 0;
8350#endif
8351}
8352
Willy Tarreau92faadf2012-10-10 23:04:25 +02008353/* parse the "ssl" server keyword */
8354static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8355{
8356 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008357 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8358 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008359#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8360 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8361 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8362#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008363 return 0;
8364}
8365
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008366/* parse the "ssl-reuse" server keyword */
8367static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8368{
8369 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8370 return 0;
8371}
8372
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008373/* parse the "tls-tickets" server keyword */
8374static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8375{
8376 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8377 return 0;
8378}
8379
Emeric Brunef42d922012-10-11 16:11:36 +02008380/* parse the "verify" server keyword */
8381static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8382{
8383 if (!*args[*cur_arg + 1]) {
8384 if (err)
8385 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8386 return ERR_ALERT | ERR_FATAL;
8387 }
8388
8389 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008390 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008391 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008392 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008393 else {
8394 if (err)
8395 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8396 args[*cur_arg], args[*cur_arg + 1]);
8397 return ERR_ALERT | ERR_FATAL;
8398 }
8399
Evan Broderbe554312013-06-27 00:05:25 -07008400 return 0;
8401}
8402
8403/* parse the "verifyhost" server keyword */
8404static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8405{
8406 if (!*args[*cur_arg + 1]) {
8407 if (err)
8408 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8409 return ERR_ALERT | ERR_FATAL;
8410 }
8411
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008412 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008413 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8414
Emeric Brunef42d922012-10-11 16:11:36 +02008415 return 0;
8416}
8417
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008418/* parse the "ssl-default-bind-options" keyword in global section */
8419static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8420 struct proxy *defpx, const char *file, int line,
8421 char **err) {
8422 int i = 1;
8423
8424 if (*(args[i]) == 0) {
8425 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8426 return -1;
8427 }
8428 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008429 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008430 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008431 else if (!strcmp(args[i], "prefer-client-ciphers"))
8432 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008433 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8434 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8435 i++;
8436 else {
8437 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8438 return -1;
8439 }
8440 }
8441 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008442 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8443 return -1;
8444 }
8445 i++;
8446 }
8447 return 0;
8448}
8449
8450/* parse the "ssl-default-server-options" keyword in global section */
8451static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8452 struct proxy *defpx, const char *file, int line,
8453 char **err) {
8454 int i = 1;
8455
8456 if (*(args[i]) == 0) {
8457 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8458 return -1;
8459 }
8460 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008461 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008462 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008463 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8464 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8465 i++;
8466 else {
8467 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8468 return -1;
8469 }
8470 }
8471 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008472 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8473 return -1;
8474 }
8475 i++;
8476 }
8477 return 0;
8478}
8479
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008480/* parse the "ca-base" / "crt-base" keywords in global section.
8481 * Returns <0 on alert, >0 on warning, 0 on success.
8482 */
8483static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8484 struct proxy *defpx, const char *file, int line,
8485 char **err)
8486{
8487 char **target;
8488
Willy Tarreauef934602016-12-22 23:12:01 +01008489 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008490
8491 if (too_many_args(1, args, err, NULL))
8492 return -1;
8493
8494 if (*target) {
8495 memprintf(err, "'%s' already specified.", args[0]);
8496 return -1;
8497 }
8498
8499 if (*(args[1]) == 0) {
8500 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8501 return -1;
8502 }
8503 *target = strdup(args[1]);
8504 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008505}
8506
8507/* parse the "ssl-mode-async" keyword in global section.
8508 * Returns <0 on alert, >0 on warning, 0 on success.
8509 */
8510static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8511 struct proxy *defpx, const char *file, int line,
8512 char **err)
8513{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008514#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008515 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008516 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008517 return 0;
8518#else
8519 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8520 return -1;
8521#endif
8522}
8523
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008524#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008525static int ssl_check_async_engine_count(void) {
8526 int err_code = 0;
8527
Emeric Brun3854e012017-05-17 20:42:48 +02008528 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008529 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008530 err_code = ERR_ABORT;
8531 }
8532 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008533}
8534
Grant Zhang872f9c22017-01-21 01:10:18 +00008535/* parse the "ssl-engine" keyword in global section.
8536 * Returns <0 on alert, >0 on warning, 0 on success.
8537 */
8538static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8539 struct proxy *defpx, const char *file, int line,
8540 char **err)
8541{
8542 char *algo;
8543 int ret = -1;
8544
8545 if (*(args[1]) == 0) {
8546 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8547 return ret;
8548 }
8549
8550 if (*(args[2]) == 0) {
8551 /* if no list of algorithms is given, it defaults to ALL */
8552 algo = strdup("ALL");
8553 goto add_engine;
8554 }
8555
8556 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8557 if (strcmp(args[2], "algo") != 0) {
8558 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8559 return ret;
8560 }
8561
8562 if (*(args[3]) == 0) {
8563 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8564 return ret;
8565 }
8566 algo = strdup(args[3]);
8567
8568add_engine:
8569 if (ssl_init_single_engine(args[1], algo)==0) {
8570 openssl_engines_initialized++;
8571 ret = 0;
8572 }
8573 free(algo);
8574 return ret;
8575}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008576#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008577
Willy Tarreauf22e9682016-12-21 23:23:19 +01008578/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8579 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8580 */
8581static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8582 struct proxy *defpx, const char *file, int line,
8583 char **err)
8584{
8585 char **target;
8586
Willy Tarreauef934602016-12-22 23:12:01 +01008587 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008588
8589 if (too_many_args(1, args, err, NULL))
8590 return -1;
8591
8592 if (*(args[1]) == 0) {
8593 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8594 return -1;
8595 }
8596
8597 free(*target);
8598 *target = strdup(args[1]);
8599 return 0;
8600}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008601
8602#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8603/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
8604 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8605 */
8606static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
8607 struct proxy *defpx, const char *file, int line,
8608 char **err)
8609{
8610 char **target;
8611
8612 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
8613
8614 if (too_many_args(1, args, err, NULL))
8615 return -1;
8616
8617 if (*(args[1]) == 0) {
8618 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8619 return -1;
8620 }
8621
8622 free(*target);
8623 *target = strdup(args[1]);
8624 return 0;
8625}
8626#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01008627
Willy Tarreau9ceda382016-12-21 23:13:03 +01008628/* parse various global tune.ssl settings consisting in positive integers.
8629 * Returns <0 on alert, >0 on warning, 0 on success.
8630 */
8631static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8632 struct proxy *defpx, const char *file, int line,
8633 char **err)
8634{
8635 int *target;
8636
8637 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8638 target = &global.tune.sslcachesize;
8639 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008640 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008641 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008642 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008643 else if (strcmp(args[0], "maxsslconn") == 0)
8644 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008645 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8646 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008647 else {
8648 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8649 return -1;
8650 }
8651
8652 if (too_many_args(1, args, err, NULL))
8653 return -1;
8654
8655 if (*(args[1]) == 0) {
8656 memprintf(err, "'%s' expects an integer argument.", args[0]);
8657 return -1;
8658 }
8659
8660 *target = atoi(args[1]);
8661 if (*target < 0) {
8662 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8663 return -1;
8664 }
8665 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008666}
8667
8668static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8669 struct proxy *defpx, const char *file, int line,
8670 char **err)
8671{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008672 int ret;
8673
8674 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8675 if (ret != 0)
8676 return ret;
8677
Willy Tarreaubafbe012017-11-24 17:34:44 +01008678 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008679 memprintf(err, "'%s' is already configured.", args[0]);
8680 return -1;
8681 }
8682
Willy Tarreaubafbe012017-11-24 17:34:44 +01008683 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8684 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008685 memprintf(err, "Out of memory error.");
8686 return -1;
8687 }
8688 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008689}
8690
8691/* parse "ssl.force-private-cache".
8692 * Returns <0 on alert, >0 on warning, 0 on success.
8693 */
8694static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8695 struct proxy *defpx, const char *file, int line,
8696 char **err)
8697{
8698 if (too_many_args(0, args, err, NULL))
8699 return -1;
8700
Willy Tarreauef934602016-12-22 23:12:01 +01008701 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008702 return 0;
8703}
8704
8705/* parse "ssl.lifetime".
8706 * Returns <0 on alert, >0 on warning, 0 on success.
8707 */
8708static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8709 struct proxy *defpx, const char *file, int line,
8710 char **err)
8711{
8712 const char *res;
8713
8714 if (too_many_args(1, args, err, NULL))
8715 return -1;
8716
8717 if (*(args[1]) == 0) {
8718 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8719 return -1;
8720 }
8721
Willy Tarreauef934602016-12-22 23:12:01 +01008722 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008723 if (res) {
8724 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8725 return -1;
8726 }
8727 return 0;
8728}
8729
8730#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008731/* parse "ssl-dh-param-file".
8732 * Returns <0 on alert, >0 on warning, 0 on success.
8733 */
8734static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8735 struct proxy *defpx, const char *file, int line,
8736 char **err)
8737{
8738 if (too_many_args(1, args, err, NULL))
8739 return -1;
8740
8741 if (*(args[1]) == 0) {
8742 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8743 return -1;
8744 }
8745
8746 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8747 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8748 return -1;
8749 }
8750 return 0;
8751}
8752
Willy Tarreau9ceda382016-12-21 23:13:03 +01008753/* parse "ssl.default-dh-param".
8754 * Returns <0 on alert, >0 on warning, 0 on success.
8755 */
8756static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8757 struct proxy *defpx, const char *file, int line,
8758 char **err)
8759{
8760 if (too_many_args(1, args, err, NULL))
8761 return -1;
8762
8763 if (*(args[1]) == 0) {
8764 memprintf(err, "'%s' expects an integer argument.", args[0]);
8765 return -1;
8766 }
8767
Willy Tarreauef934602016-12-22 23:12:01 +01008768 global_ssl.default_dh_param = atoi(args[1]);
8769 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008770 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8771 return -1;
8772 }
8773 return 0;
8774}
8775#endif
8776
8777
William Lallemand32af2032016-10-29 18:09:35 +02008778/* This function is used with TLS ticket keys management. It permits to browse
8779 * each reference. The variable <getnext> must contain the current node,
8780 * <end> point to the root node.
8781 */
8782#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8783static inline
8784struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8785{
8786 struct tls_keys_ref *ref = getnext;
8787
8788 while (1) {
8789
8790 /* Get next list entry. */
8791 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8792
8793 /* If the entry is the last of the list, return NULL. */
8794 if (&ref->list == end)
8795 return NULL;
8796
8797 return ref;
8798 }
8799}
8800
8801static inline
8802struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8803{
8804 int id;
8805 char *error;
8806
8807 /* If the reference starts by a '#', this is numeric id. */
8808 if (reference[0] == '#') {
8809 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8810 id = strtol(reference + 1, &error, 10);
8811 if (*error != '\0')
8812 return NULL;
8813
8814 /* Perform the unique id lookup. */
8815 return tlskeys_ref_lookupid(id);
8816 }
8817
8818 /* Perform the string lookup. */
8819 return tlskeys_ref_lookup(reference);
8820}
8821#endif
8822
8823
8824#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8825
8826static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8827
8828static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8829 return cli_io_handler_tlskeys_files(appctx);
8830}
8831
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008832/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8833 * (next index to be dumped), and cli.p0 (next key reference).
8834 */
William Lallemand32af2032016-10-29 18:09:35 +02008835static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8836
8837 struct stream_interface *si = appctx->owner;
8838
8839 switch (appctx->st2) {
8840 case STAT_ST_INIT:
8841 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08008842 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02008843 * later and restart at the state "STAT_ST_INIT".
8844 */
8845 chunk_reset(&trash);
8846
8847 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8848 chunk_appendf(&trash, "# id secret\n");
8849 else
8850 chunk_appendf(&trash, "# id (file)\n");
8851
Willy Tarreau06d80a92017-10-19 14:32:15 +02008852 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01008853 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008854 return 0;
8855 }
8856
William Lallemand32af2032016-10-29 18:09:35 +02008857 /* Now, we start the browsing of the references lists.
8858 * Note that the following call to LIST_ELEM return bad pointer. The only
8859 * available field of this pointer is <list>. It is used with the function
8860 * tlskeys_list_get_next() for retruning the first available entry
8861 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008862 if (appctx->ctx.cli.p0 == NULL) {
8863 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8864 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008865 }
8866
8867 appctx->st2 = STAT_ST_LIST;
8868 /* fall through */
8869
8870 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008871 while (appctx->ctx.cli.p0) {
8872 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008873
8874 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008875 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008876 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008877
8878 if (appctx->ctx.cli.i1 == 0)
8879 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8880
William Lallemand32af2032016-10-29 18:09:35 +02008881 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008882 int head;
8883
8884 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8885 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008886 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02008887 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02008888
8889 chunk_reset(t2);
8890 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01008891 if (ref->key_size_bits == 128) {
8892 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
8893 sizeof(struct tls_sess_key_128),
8894 t2->area, t2->size);
8895 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
8896 t2->area);
8897 }
8898 else if (ref->key_size_bits == 256) {
8899 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
8900 sizeof(struct tls_sess_key_256),
8901 t2->area, t2->size);
8902 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
8903 t2->area);
8904 }
8905 else {
8906 /* This case should never happen */
8907 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
8908 }
William Lallemand32af2032016-10-29 18:09:35 +02008909
Willy Tarreau06d80a92017-10-19 14:32:15 +02008910 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008911 /* let's try again later from this stream. We add ourselves into
8912 * this stream's users so that it can remove us upon termination.
8913 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008914 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01008915 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008916 return 0;
8917 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008918 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008919 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008920 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008921 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008922 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008923 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008924 /* let's try again later from this stream. We add ourselves into
8925 * this stream's users so that it can remove us upon termination.
8926 */
Willy Tarreaudb398432018-11-15 11:08:52 +01008927 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008928 return 0;
8929 }
8930
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008931 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008932 break;
8933
8934 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008935 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008936 }
8937
8938 appctx->st2 = STAT_ST_FIN;
8939 /* fall through */
8940
8941 default:
8942 appctx->st2 = STAT_ST_FIN;
8943 return 1;
8944 }
8945 return 0;
8946}
8947
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008948/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008949static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008950{
William Lallemand32af2032016-10-29 18:09:35 +02008951 /* no parameter, shows only file list */
8952 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008953 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008954 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008955 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008956 }
8957
8958 if (args[2][0] == '*') {
8959 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008960 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008961 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008962 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8963 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008964 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008965 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008966 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008967 return 1;
8968 }
8969 }
William Lallemand32af2032016-10-29 18:09:35 +02008970 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008971 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008972}
8973
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008974static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008975{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008976 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02008977 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008978
William Lallemand32af2032016-10-29 18:09:35 +02008979 /* Expect two parameters: the filename and the new new TLS key in encoding */
8980 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008981 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008982 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008983 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008984 return 1;
8985 }
8986
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008987 ref = tlskeys_ref_lookup_ref(args[3]);
8988 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008989 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008990 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008991 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008992 return 1;
8993 }
8994
Willy Tarreau1c913e42018-08-22 05:26:57 +02008995 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01008996 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008997 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008998 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008999 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009000 return 1;
9001 }
Emeric Brun9e754772019-01-10 17:51:55 +01009002
Willy Tarreau1c913e42018-08-22 05:26:57 +02009003 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009004 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9005 appctx->ctx.cli.severity = LOG_ERR;
9006 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9007 appctx->st0 = CLI_ST_PRINT;
9008 return 1;
9009 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009010 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009011 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009012 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009013 return 1;
9014
9015}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009016#endif
William Lallemand32af2032016-10-29 18:09:35 +02009017
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009018static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009019{
9020#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9021 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009022 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009023
9024 if (!payload)
9025 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009026
9027 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009028 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009029 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009030 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009031 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009032 return 1;
9033 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009034
9035 /* remove \r and \n from the payload */
9036 for (i = 0, j = 0; payload[i]; i++) {
9037 if (payload[i] == '\r' || payload[i] == '\n')
9038 continue;
9039 payload[j++] = payload[i];
9040 }
9041 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009042
Willy Tarreau1c913e42018-08-22 05:26:57 +02009043 ret = base64dec(payload, j, trash.area, trash.size);
9044 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009045 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009046 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009047 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009048 return 1;
9049 }
9050
Willy Tarreau1c913e42018-08-22 05:26:57 +02009051 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009052 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9053 if (err) {
9054 memprintf(&err, "%s.\n", err);
9055 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009056 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009057 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009058 else {
9059 appctx->ctx.cli.severity = LOG_ERR;
9060 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9061 appctx->st0 = CLI_ST_PRINT;
9062 }
William Lallemand32af2032016-10-29 18:09:35 +02009063 return 1;
9064 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009065 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009066 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009067 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009068 return 1;
9069#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009070 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009071 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009072 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009073 return 1;
9074#endif
9075
9076}
9077
9078/* register cli keywords */
9079static struct cli_kw_list cli_kws = {{ },{
9080#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9081 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009082 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009083#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009084 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009085 { { NULL }, NULL, NULL, NULL }
9086}};
9087
Willy Tarreau0108d902018-11-25 19:14:37 +01009088INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009089
Willy Tarreau7875d092012-09-10 08:20:03 +02009090/* Note: must not be declared <const> as its list will be overwritten.
9091 * Please take care of keeping this list alphabetically sorted.
9092 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009093static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009094 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009095 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009096#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009097 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009098#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009099 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009100#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9101 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9102#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009103 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009104 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009105 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009106 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009107#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009108 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009109#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04009110#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
9111 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9112#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009113 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9114 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009115 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009116 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009117 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9118 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9119 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9120 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9121 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9122 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9123 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9124 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009125 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009126 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9127 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009128 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009129 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9130 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9131 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9132 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9133 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9134 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9135 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009136 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009137 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009138 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009139 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009140 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009141 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009142 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009143 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009144 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009145#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009146 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009147#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009148#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009149 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009150#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009151 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009152#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009153 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009154#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009155 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009156#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009157 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009158#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04009159#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
9160 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9161#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009162#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009163 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009164#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009165 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9166 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9167 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9168 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009169 { NULL, NULL, 0, 0, 0 },
9170}};
9171
Willy Tarreau0108d902018-11-25 19:14:37 +01009172INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9173
Willy Tarreau7875d092012-09-10 08:20:03 +02009174/* Note: must not be declared <const> as its list will be overwritten.
9175 * Please take care of keeping this list alphabetically sorted.
9176 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009177static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009178 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9179 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009180 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009181}};
9182
Willy Tarreau0108d902018-11-25 19:14:37 +01009183INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9184
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009185/* Note: must not be declared <const> as its list will be overwritten.
9186 * Please take care of keeping this list alphabetically sorted, doing so helps
9187 * all code contributors.
9188 * Optional keywords are also declared with a NULL ->parse() function so that
9189 * the config parser can report an appropriate error when a known keyword was
9190 * not enabled.
9191 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009192static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009193 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009194 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9195 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9196 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009197#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9198 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9199#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009200 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009201 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009202 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009203 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009204 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009205 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9206 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009207 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9208 { NULL, NULL, 0 },
9209};
9210
Willy Tarreau0108d902018-11-25 19:14:37 +01009211/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9212
Willy Tarreau51fb7652012-09-18 18:24:39 +02009213static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009214 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009215 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9216 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9217 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9218 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9219 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9220 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009221#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9222 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9223#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009224 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9225 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9226 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9227 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9228 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9229 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9230 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9231 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9232 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9233 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009234 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009235 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009236 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009237 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9238 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9239 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9240 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009241 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009242 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9243 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009244 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9245 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009246 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9247 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9248 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9249 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9250 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009251 { NULL, NULL, 0 },
9252}};
Emeric Brun46591952012-05-18 15:47:34 +02009253
Willy Tarreau0108d902018-11-25 19:14:37 +01009254INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9255
Willy Tarreau92faadf2012-10-10 23:04:25 +02009256/* Note: must not be declared <const> as its list will be overwritten.
9257 * Please take care of keeping this list alphabetically sorted, doing so helps
9258 * all code contributors.
9259 * Optional keywords are also declared with a NULL ->parse() function so that
9260 * the config parser can report an appropriate error when a known keyword was
9261 * not enabled.
9262 */
9263static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009264 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009265 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009266 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009267 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009268 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009269 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9270 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009271#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9272 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9273#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009274 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9275 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9276 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9277 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9278 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9279 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9280 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9281 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9282 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9283 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9284 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9285 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9286 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9287 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9288 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9289 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9290 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9291 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009292 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009293 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9294 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9295 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9296 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9297 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9298 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9299 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9300 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9301 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9302 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009303 { NULL, NULL, 0, 0 },
9304}};
9305
Willy Tarreau0108d902018-11-25 19:14:37 +01009306INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9307
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009308static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009309 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9310 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009311 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009312 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9313 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009314#ifndef OPENSSL_NO_DH
9315 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9316#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009317 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009318#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009319 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009320#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009321 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9322#ifndef OPENSSL_NO_DH
9323 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9324#endif
9325 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9326 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9327 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9328 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009329 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009330 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9331 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009332#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9333 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9334 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9335#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009336 { 0, NULL, NULL },
9337}};
9338
Willy Tarreau0108d902018-11-25 19:14:37 +01009339INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9340
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009341/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009342static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009343 .snd_buf = ssl_sock_from_buf,
9344 .rcv_buf = ssl_sock_to_buf,
Olivier Houchard6ff20392018-07-17 18:46:31 +02009345 .subscribe = conn_subscribe,
Olivier Houchard83a0cd82018-09-28 17:57:58 +02009346 .unsubscribe = conn_unsubscribe,
Emeric Brun46591952012-05-18 15:47:34 +02009347 .rcv_pipe = NULL,
9348 .snd_pipe = NULL,
9349 .shutr = NULL,
9350 .shutw = ssl_sock_shutw,
9351 .close = ssl_sock_close,
9352 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009353 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009354 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009355 .prepare_srv = ssl_sock_prepare_srv_ctx,
9356 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009357 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009358 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009359};
9360
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009361enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9362 struct session *sess, struct stream *s, int flags)
9363{
9364 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009365 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009366
9367 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009368 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009369
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009370 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009371 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009372 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009373 s->req.flags |= CF_READ_NULL;
9374 return ACT_RET_YIELD;
9375 }
9376 }
9377 return (ACT_RET_CONT);
9378}
9379
9380static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9381{
9382 rule->action_ptr = ssl_action_wait_for_hs;
9383
9384 return ACT_RET_PRS_OK;
9385}
9386
9387static struct action_kw_list http_req_actions = {ILH, {
9388 { "wait-for-handshake", ssl_parse_wait_for_hs },
9389 { /* END */ }
9390}};
9391
Willy Tarreau0108d902018-11-25 19:14:37 +01009392INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9393
Daniel Jakots54ffb912015-11-06 20:02:41 +01009394#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009395
9396static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9397{
9398 if (ptr) {
9399 chunk_destroy(ptr);
9400 free(ptr);
9401 }
9402}
9403
9404#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009405static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9406{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009407 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009408}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009409
Emeric Brun46591952012-05-18 15:47:34 +02009410__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009411static void __ssl_sock_init(void)
9412{
Emeric Brun46591952012-05-18 15:47:34 +02009413 STACK_OF(SSL_COMP)* cm;
9414
Willy Tarreauef934602016-12-22 23:12:01 +01009415 if (global_ssl.listen_default_ciphers)
9416 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9417 if (global_ssl.connect_default_ciphers)
9418 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009419#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9420 if (global_ssl.listen_default_ciphersuites)
9421 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9422 if (global_ssl.connect_default_ciphersuites)
9423 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9424#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009425
Willy Tarreau13e14102016-12-22 20:25:26 +01009426 xprt_register(XPRT_SSL, &ssl_sock);
Rosen Penev68185952018-12-14 08:47:02 -08009427#if OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009428 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009429#endif
Emeric Brun46591952012-05-18 15:47:34 +02009430 cm = SSL_COMP_get_compression_methods();
9431 sk_SSL_COMP_zero(cm);
Rosen Penev68185952018-12-14 08:47:02 -08009432#if defined(USE_THREAD) && ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
Emeric Brun821bb9b2017-06-15 16:37:39 +02009433 ssl_locking_init();
9434#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01009435#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009436 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
9437#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02009438 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02009439 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01009440 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009441#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009442 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009443 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009444#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01009445#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9446 hap_register_post_check(tlskeys_finalize_config);
9447#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009448
9449 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9450 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
9451
9452#ifndef OPENSSL_NO_DH
9453 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
9454 hap_register_post_deinit(ssl_free_dh);
9455#endif
9456#ifndef OPENSSL_NO_ENGINE
9457 hap_register_post_deinit(ssl_free_engines);
9458#endif
9459 /* Load SSL string for the verbose & debug mode. */
9460 ERR_load_SSL_strings();
9461}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009462
Willy Tarreau80713382018-11-26 10:19:54 +01009463/* Compute and register the version string */
9464static void ssl_register_build_options()
9465{
9466 char *ptr = NULL;
9467 int i;
9468
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009469 memprintf(&ptr, "Built with OpenSSL version : "
9470#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009471 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009472#else /* OPENSSL_IS_BORINGSSL */
9473 OPENSSL_VERSION_TEXT
9474 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -08009475 OpenSSL_version(OPENSSL_VERSION),
9476 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009477#endif
9478 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
9479#if OPENSSL_VERSION_NUMBER < 0x00907000L
9480 "no (library version too old)"
9481#elif defined(OPENSSL_NO_TLSEXT)
9482 "no (disabled via OPENSSL_NO_TLSEXT)"
9483#else
9484 "yes"
9485#endif
9486 "", ptr);
9487
9488 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9489#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9490 "yes"
9491#else
9492#ifdef OPENSSL_NO_TLSEXT
9493 "no (because of OPENSSL_NO_TLSEXT)"
9494#else
9495 "no (version might be too old, 0.9.8f min needed)"
9496#endif
9497#endif
9498 "", ptr);
9499
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009500 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9501 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9502 if (methodVersions[i].option)
9503 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009504
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009505 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +01009506}
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009507
Willy Tarreau80713382018-11-26 10:19:54 +01009508INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009509
Emeric Brun46591952012-05-18 15:47:34 +02009510
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009511#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009512void ssl_free_engines(void) {
9513 struct ssl_engine_list *wl, *wlb;
9514 /* free up engine list */
9515 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9516 ENGINE_finish(wl->e);
9517 ENGINE_free(wl->e);
9518 LIST_DEL(&wl->list);
9519 free(wl);
9520 }
9521}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009522#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009523
Remi Gacogned3a23c32015-05-28 16:39:47 +02009524#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009525void ssl_free_dh(void) {
9526 if (local_dh_1024) {
9527 DH_free(local_dh_1024);
9528 local_dh_1024 = NULL;
9529 }
9530 if (local_dh_2048) {
9531 DH_free(local_dh_2048);
9532 local_dh_2048 = NULL;
9533 }
9534 if (local_dh_4096) {
9535 DH_free(local_dh_4096);
9536 local_dh_4096 = NULL;
9537 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009538 if (global_dh) {
9539 DH_free(global_dh);
9540 global_dh = NULL;
9541 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009542}
9543#endif
9544
9545__attribute__((destructor))
9546static void __ssl_sock_deinit(void)
9547{
9548#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009549 if (ssl_ctx_lru_tree) {
9550 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009551 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009552 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009553#endif
9554
Rosen Penev68185952018-12-14 08:47:02 -08009555#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009556 ERR_remove_state(0);
9557 ERR_free_strings();
9558
9559 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -08009560#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +02009561
Rosen Penev68185952018-12-14 08:47:02 -08009562#if ((OPENSSL_VERSION_NUMBER >= 0x00907000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)) || defined(LIBRESSL_VERSION_NUMBER)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009563 CRYPTO_cleanup_all_ex_data();
9564#endif
9565}
9566
9567
Emeric Brun46591952012-05-18 15:47:34 +02009568/*
9569 * Local variables:
9570 * c-indent-level: 8
9571 * c-basic-offset: 8
9572 * End:
9573 */