blob: daf428247b31a57782f93d0547bb48d1e3b4ec89 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020042#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020043#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020044#include <openssl/x509.h>
45#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020046#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010047#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020048#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010049#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020050#include <openssl/ocsp.h>
51#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020052#ifndef OPENSSL_NO_DH
53#include <openssl/dh.h>
54#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020055#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000056#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020057#endif
Emeric Brun46591952012-05-18 15:47:34 +020058
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020059#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000060#include <openssl/async.h>
61#endif
62
Christopher Faulet31af49d2015-06-09 17:29:50 +020063#include <import/lru.h>
64#include <import/xxhash.h>
65
Emeric Brun46591952012-05-18 15:47:34 +020066#include <common/buffer.h>
67#include <common/compat.h>
68#include <common/config.h>
69#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020070#include <common/errors.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <common/standard.h>
72#include <common/ticks.h>
73#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010074#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010075#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020076
Emeric Brunfc0421f2012-09-07 17:30:07 +020077#include <ebsttree.h>
78
William Lallemand32af2032016-10-29 18:09:35 +020079#include <types/applet.h>
80#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020081#include <types/global.h>
82#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020083#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020084
Willy Tarreau7875d092012-09-10 08:20:03 +020085#include <proto/acl.h>
86#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020087#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020089#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020090#include <proto/fd.h>
91#include <proto/freq_ctr.h>
92#include <proto/frontend.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020093#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020094#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010095#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020096#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020097#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020098#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020099#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200100#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200101#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200102#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200103#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200104#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200105#include <proto/task.h>
106
Willy Tarreau518cedd2014-02-17 15:43:01 +0100107/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200108#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100109#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100110#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200111#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
112
Emeric Brunf282a812012-09-21 15:27:54 +0200113/* bits 0xFFFF0000 are reserved to store verify errors */
114
115/* Verify errors macros */
116#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
117#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
118#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
119
120#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
121#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
122#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200123
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100124/* Supported hash function for TLS tickets */
125#ifdef OPENSSL_NO_SHA256
126#define HASH_FUNCT EVP_sha1
127#else
128#define HASH_FUNCT EVP_sha256
129#endif /* OPENSSL_NO_SHA256 */
130
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200131/* ssl_methods flags for ssl options */
132#define MC_SSL_O_ALL 0x0000
133#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
134#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
135#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
136#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200137#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200138
139/* ssl_methods versions */
140enum {
141 CONF_TLSV_NONE = 0,
142 CONF_TLSV_MIN = 1,
143 CONF_SSLV3 = 1,
144 CONF_TLSV10 = 2,
145 CONF_TLSV11 = 3,
146 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200147 CONF_TLSV13 = 5,
148 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200149};
150
Emeric Brun850efd52014-01-29 12:24:34 +0100151/* server and bind verify method, it uses a global value as default */
152enum {
153 SSL_SOCK_VERIFY_DEFAULT = 0,
154 SSL_SOCK_VERIFY_REQUIRED = 1,
155 SSL_SOCK_VERIFY_OPTIONAL = 2,
156 SSL_SOCK_VERIFY_NONE = 3,
157};
158
William Lallemand3f85c9a2017-10-09 16:30:50 +0200159
Willy Tarreau71b734c2014-01-28 15:19:44 +0100160int sslconns = 0;
161int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100162static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100163int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200164
Willy Tarreauef934602016-12-22 23:12:01 +0100165static struct {
166 char *crt_base; /* base directory path for certificates */
167 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000168 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100169
170 char *listen_default_ciphers;
171 char *connect_default_ciphers;
172 int listen_default_ssloptions;
173 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200174 struct tls_version_filter listen_default_sslmethods;
175 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100176
177 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
178 unsigned int life_time; /* SSL session lifetime in seconds */
179 unsigned int max_record; /* SSL max record size */
180 unsigned int default_dh_param; /* SSL maximum DH parameter size */
181 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100182 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100183} global_ssl = {
184#ifdef LISTEN_DEFAULT_CIPHERS
185 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
186#endif
187#ifdef CONNECT_DEFAULT_CIPHERS
188 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
189#endif
190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Emeric Brun821bb9b2017-06-15 16:37:39 +0200208#ifdef USE_THREAD
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100209
Emeric Brun821bb9b2017-06-15 16:37:39 +0200210static HA_RWLOCK_T *ssl_rwlocks;
211
212
213unsigned long ssl_id_function(void)
214{
215 return (unsigned long)tid;
216}
217
218void ssl_locking_function(int mode, int n, const char * file, int line)
219{
220 if (mode & CRYPTO_LOCK) {
221 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100222 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200223 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100224 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200225 }
226 else {
227 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100228 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200229 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100230 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200231 }
232}
233
234static int ssl_locking_init(void)
235{
236 int i;
237
238 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
239 if (!ssl_rwlocks)
240 return -1;
241
242 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100243 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200244
245 CRYPTO_set_id_callback(ssl_id_function);
246 CRYPTO_set_locking_callback(ssl_locking_function);
247
248 return 0;
249}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100250
Emeric Brun821bb9b2017-06-15 16:37:39 +0200251#endif
252
253
254
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100255/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100256struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100257 unsigned long long int xxh64;
258 unsigned char ciphersuite_len;
259 char ciphersuite[0];
260};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100261struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100262static int ssl_capture_ptr_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100263
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100264static int ssl_pkey_info_index = -1;
265
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200266#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
267struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
268#endif
269
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200270#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000271static unsigned int openssl_engines_initialized;
272struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
273struct ssl_engine_list {
274 struct list list;
275 ENGINE *e;
276};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200277#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000278
Remi Gacogne8de54152014-07-15 11:36:40 +0200279#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200280static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200281static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200282static DH *local_dh_1024 = NULL;
283static DH *local_dh_2048 = NULL;
284static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100285static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200286#endif /* OPENSSL_NO_DH */
287
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100288#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200289/* X509V3 Extensions that will be added on generated certificates */
290#define X509V3_EXT_SIZE 5
291static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
292 "basicConstraints",
293 "nsComment",
294 "subjectKeyIdentifier",
295 "authorityKeyIdentifier",
296 "keyUsage",
297};
298static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
299 "CA:FALSE",
300 "\"OpenSSL Generated Certificate\"",
301 "hash",
302 "keyid,issuer:always",
303 "nonRepudiation,digitalSignature,keyEncipherment"
304};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200305/* LRU cache to store generated certificate */
306static struct lru64_head *ssl_ctx_lru_tree = NULL;
307static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200308static unsigned int ssl_ctx_serial;
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100309__decl_hathreads(static HA_RWLOCK_T ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200310
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200311#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
312
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100313static struct ssl_bind_kw ssl_bind_kws[];
314
yanbzhube2774d2015-12-10 15:07:30 -0500315#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
316/* The order here matters for picking a default context,
317 * keep the most common keytype at the bottom of the list
318 */
319const char *SSL_SOCK_KEYTYPE_NAMES[] = {
320 "dsa",
321 "ecdsa",
322 "rsa"
323};
324#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100325#else
326#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500327#endif
328
William Lallemandc3cd35f2017-11-28 11:04:43 +0100329static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100330static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
331
332#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
333
334#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
335 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
336
337#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
338 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200339
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100340/*
341 * This function gives the detail of the SSL error. It is used only
342 * if the debug mode and the verbose mode are activated. It dump all
343 * the SSL error until the stack was empty.
344 */
345static forceinline void ssl_sock_dump_errors(struct connection *conn)
346{
347 unsigned long ret;
348
349 if (unlikely(global.mode & MODE_DEBUG)) {
350 while(1) {
351 ret = ERR_get_error();
352 if (ret == 0)
353 return;
354 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200355 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100356 ERR_func_error_string(ret), ERR_reason_error_string(ret));
357 }
358 }
359}
360
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200361#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500362/*
363 * struct alignment works here such that the key.key is the same as key_data
364 * Do not change the placement of key_data
365 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200366struct certificate_ocsp {
367 struct ebmb_node key;
368 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
369 struct chunk response;
370 long expire;
371};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200372
yanbzhube2774d2015-12-10 15:07:30 -0500373struct ocsp_cbk_arg {
374 int is_single;
375 int single_kt;
376 union {
377 struct certificate_ocsp *s_ocsp;
378 /*
379 * m_ocsp will have multiple entries dependent on key type
380 * Entry 0 - DSA
381 * Entry 1 - ECDSA
382 * Entry 2 - RSA
383 */
384 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
385 };
386};
387
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200388#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000389static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
390{
391 int err_code = ERR_ABORT;
392 ENGINE *engine;
393 struct ssl_engine_list *el;
394
395 /* grab the structural reference to the engine */
396 engine = ENGINE_by_id(engine_id);
397 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100398 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000399 goto fail_get;
400 }
401
402 if (!ENGINE_init(engine)) {
403 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100404 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000405 goto fail_init;
406 }
407
408 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100409 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000410 goto fail_set_method;
411 }
412
413 el = calloc(1, sizeof(*el));
414 el->e = engine;
415 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100416 nb_engines++;
417 if (global_ssl.async)
418 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000419 return 0;
420
421fail_set_method:
422 /* release the functional reference from ENGINE_init() */
423 ENGINE_finish(engine);
424
425fail_init:
426 /* release the structural reference from ENGINE_by_id() */
427 ENGINE_free(engine);
428
429fail_get:
430 return err_code;
431}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200432#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000433
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200434#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200435/*
436 * openssl async fd handler
437 */
438static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000439{
440 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000441
Emeric Brun3854e012017-05-17 20:42:48 +0200442 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000443 * to poll this fd until it is requested
444 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000445 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000446 fd_cant_recv(fd);
447
448 /* crypto engine is available, let's notify the associated
449 * connection that it can pursue its processing.
450 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000451 __conn_sock_want_recv(conn);
452 __conn_sock_want_send(conn);
453 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000454}
455
Emeric Brun3854e012017-05-17 20:42:48 +0200456/*
457 * openssl async delayed SSL_free handler
458 */
459static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000460{
461 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200462 OSSL_ASYNC_FD all_fd[32];
463 size_t num_all_fds = 0;
464 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000465
Emeric Brun3854e012017-05-17 20:42:48 +0200466 /* We suppose that the async job for a same SSL *
467 * are serialized. So if we are awake it is
468 * because the running job has just finished
469 * and we can remove all async fds safely
470 */
471 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
472 if (num_all_fds > 32) {
473 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
474 return;
475 }
476
477 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
478 for (i=0 ; i < num_all_fds ; i++)
479 fd_remove(all_fd[i]);
480
481 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000482 SSL_free(ssl);
483 sslconns--;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +0200484 HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000485}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000486/*
Emeric Brun3854e012017-05-17 20:42:48 +0200487 * function used to manage a returned SSL_ERROR_WANT_ASYNC
488 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000489 */
Emeric Brun3854e012017-05-17 20:42:48 +0200490static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000491{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100492 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200493 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000494 size_t num_add_fds = 0;
495 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200496 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000497
498 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
499 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200500 if (num_add_fds > 32 || num_del_fds > 32) {
501 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000502 return;
503 }
504
Emeric Brun3854e012017-05-17 20:42:48 +0200505 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000506
Emeric Brun3854e012017-05-17 20:42:48 +0200507 /* We remove unused fds from the fdtab */
508 for (i=0 ; i < num_del_fds ; i++)
509 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000510
Emeric Brun3854e012017-05-17 20:42:48 +0200511 /* We add new fds to the fdtab */
512 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100513 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000514 }
515
Emeric Brun3854e012017-05-17 20:42:48 +0200516 num_add_fds = 0;
517 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
518 if (num_add_fds > 32) {
519 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
520 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000521 }
Emeric Brun3854e012017-05-17 20:42:48 +0200522
523 /* We activate the polling for all known async fds */
524 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000525 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200526 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000527 /* To ensure that the fd cache won't be used
528 * We'll prefer to catch a real RD event
529 * because handling an EAGAIN on this fd will
530 * result in a context switch and also
531 * some engines uses a fd in blocking mode.
532 */
533 fd_cant_recv(add_fd[i]);
534 }
Emeric Brun3854e012017-05-17 20:42:48 +0200535
536 /* We must also prevent the conn_handler
537 * to be called until a read event was
538 * polled on an async fd
539 */
540 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000541}
542#endif
543
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200544/*
545 * This function returns the number of seconds elapsed
546 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
547 * date presented un ASN1_GENERALIZEDTIME.
548 *
549 * In parsing error case, it returns -1.
550 */
551static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
552{
553 long epoch;
554 char *p, *end;
555 const unsigned short month_offset[12] = {
556 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
557 };
558 int year, month;
559
560 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
561
562 p = (char *)d->data;
563 end = p + d->length;
564
565 if (end - p < 4) return -1;
566 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
567 p += 4;
568 if (end - p < 2) return -1;
569 month = 10 * (p[0] - '0') + p[1] - '0';
570 if (month < 1 || month > 12) return -1;
571 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
572 We consider leap years and the current month (<marsh or not) */
573 epoch = ( ((year - 1970) * 365)
574 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
575 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
576 + month_offset[month-1]
577 ) * 24 * 60 * 60;
578 p += 2;
579 if (end - p < 2) return -1;
580 /* Add the number of seconds of completed days of current month */
581 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
582 p += 2;
583 if (end - p < 2) return -1;
584 /* Add the completed hours of the current day */
585 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
586 p += 2;
587 if (end - p < 2) return -1;
588 /* Add the completed minutes of the current hour */
589 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
590 p += 2;
591 if (p == end) return -1;
592 /* Test if there is available seconds */
593 if (p[0] < '0' || p[0] > '9')
594 goto nosec;
595 if (end - p < 2) return -1;
596 /* Add the seconds of the current minute */
597 epoch += 10 * (p[0] - '0') + p[1] - '0';
598 p += 2;
599 if (p == end) return -1;
600 /* Ignore seconds float part if present */
601 if (p[0] == '.') {
602 do {
603 if (++p == end) return -1;
604 } while (p[0] >= '0' && p[0] <= '9');
605 }
606
607nosec:
608 if (p[0] == 'Z') {
609 if (end - p != 1) return -1;
610 return epoch;
611 }
612 else if (p[0] == '+') {
613 if (end - p != 5) return -1;
614 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700615 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200616 }
617 else if (p[0] == '-') {
618 if (end - p != 5) return -1;
619 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700620 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200621 }
622
623 return -1;
624}
625
Emeric Brun1d3865b2014-06-20 15:37:32 +0200626static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200627
628/* This function starts to check if the OCSP response (in DER format) contained
629 * in chunk 'ocsp_response' is valid (else exits on error).
630 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
631 * contained in the OCSP Response and exits on error if no match.
632 * If it's a valid OCSP Response:
633 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
634 * pointed by 'ocsp'.
635 * If 'ocsp' is NULL, the function looks up into the OCSP response's
636 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
637 * from the response) and exits on error if not found. Finally, If an OCSP response is
638 * already present in the container, it will be overwritten.
639 *
640 * Note: OCSP response containing more than one OCSP Single response is not
641 * considered valid.
642 *
643 * Returns 0 on success, 1 in error case.
644 */
645static int ssl_sock_load_ocsp_response(struct chunk *ocsp_response, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
646{
647 OCSP_RESPONSE *resp;
648 OCSP_BASICRESP *bs = NULL;
649 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200650 OCSP_CERTID *id;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200651 unsigned char *p = (unsigned char *)ocsp_response->str;
652 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200653 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200654 int reason;
655 int ret = 1;
656
657 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p, ocsp_response->len);
658 if (!resp) {
659 memprintf(err, "Unable to parse OCSP response");
660 goto out;
661 }
662
663 rc = OCSP_response_status(resp);
664 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
665 memprintf(err, "OCSP response status not successful");
666 goto out;
667 }
668
669 bs = OCSP_response_get1_basic(resp);
670 if (!bs) {
671 memprintf(err, "Failed to get basic response from OCSP Response");
672 goto out;
673 }
674
675 count_sr = OCSP_resp_count(bs);
676 if (count_sr > 1) {
677 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
678 goto out;
679 }
680
681 sr = OCSP_resp_get0(bs, 0);
682 if (!sr) {
683 memprintf(err, "Failed to get OCSP single response");
684 goto out;
685 }
686
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200687 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
688
Emeric Brun4147b2e2014-06-16 18:36:30 +0200689 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200690 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200691 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200692 goto out;
693 }
694
Emeric Brun13a6b482014-06-20 15:44:34 +0200695 if (!nextupd) {
696 memprintf(err, "OCSP single response: missing nextupdate");
697 goto out;
698 }
699
Emeric Brunc8b27b62014-06-19 14:16:17 +0200700 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200701 if (!rc) {
702 memprintf(err, "OCSP single response: no longer valid.");
703 goto out;
704 }
705
706 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200707 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200708 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
709 goto out;
710 }
711 }
712
713 if (!ocsp) {
714 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
715 unsigned char *p;
716
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200717 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200718 if (!rc) {
719 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
720 goto out;
721 }
722
723 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
724 memprintf(err, "OCSP single response: Certificate ID too long");
725 goto out;
726 }
727
728 p = key;
729 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200730 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200731 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
732 if (!ocsp) {
733 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
734 goto out;
735 }
736 }
737
738 /* According to comments on "chunk_dup", the
739 previous chunk buffer will be freed */
740 if (!chunk_dup(&ocsp->response, ocsp_response)) {
741 memprintf(err, "OCSP response: Memory allocation error");
742 goto out;
743 }
744
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200745 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
746
Emeric Brun4147b2e2014-06-16 18:36:30 +0200747 ret = 0;
748out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100749 ERR_clear_error();
750
Emeric Brun4147b2e2014-06-16 18:36:30 +0200751 if (bs)
752 OCSP_BASICRESP_free(bs);
753
754 if (resp)
755 OCSP_RESPONSE_free(resp);
756
757 return ret;
758}
759/*
760 * External function use to update the OCSP response in the OCSP response's
761 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
762 * to update in DER format.
763 *
764 * Returns 0 on success, 1 in error case.
765 */
766int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err)
767{
768 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
769}
770
771/*
772 * This function load the OCSP Resonse in DER format contained in file at
773 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
774 *
775 * Returns 0 on success, 1 in error case.
776 */
777static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
778{
779 int fd = -1;
780 int r = 0;
781 int ret = 1;
782
783 fd = open(ocsp_path, O_RDONLY);
784 if (fd == -1) {
785 memprintf(err, "Error opening OCSP response file");
786 goto end;
787 }
788
789 trash.len = 0;
790 while (trash.len < trash.size) {
791 r = read(fd, trash.str + trash.len, trash.size - trash.len);
792 if (r < 0) {
793 if (errno == EINTR)
794 continue;
795
796 memprintf(err, "Error reading OCSP response from file");
797 goto end;
798 }
799 else if (r == 0) {
800 break;
801 }
802 trash.len += r;
803 }
804
805 close(fd);
806 fd = -1;
807
808 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
809end:
810 if (fd != -1)
811 close(fd);
812
813 return ret;
814}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100815#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200816
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100817#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
818static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
819{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100820 struct tls_keys_ref *ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100821 struct tls_sess_key *keys;
822 struct connection *conn;
823 int head;
824 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100825 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100826
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200827 conn = SSL_get_app_data(s);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100828 ref = objt_listener(conn->target)->bind_conf->keys_ref;
829 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
830
831 keys = ref->tlskeys;
832 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100833
834 if (enc) {
835 memcpy(key_name, keys[head].name, 16);
836
837 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100838 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100839
840 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100841 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100842
843 HMAC_Init_ex(hctx, keys[head].hmac_key, 16, HASH_FUNCT(), NULL);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100844 ret = 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100845 } else {
846 for (i = 0; i < TLS_TICKETS_NO; i++) {
847 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
848 goto found;
849 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100850 ret = 0;
851 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100852
Christopher Faulet16f45c82018-02-16 11:23:49 +0100853 found:
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100854 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].hmac_key, 16, HASH_FUNCT(), NULL);
855 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100856 goto end;
857
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100858 /* 2 for key renewal, 1 if current key is still valid */
Christopher Faulet16f45c82018-02-16 11:23:49 +0100859 ret = i ? 2 : 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100860 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100861 end:
862 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
863 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200864}
865
866struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
867{
868 struct tls_keys_ref *ref;
869
870 list_for_each_entry(ref, &tlskeys_reference, list)
871 if (ref->filename && strcmp(filename, ref->filename) == 0)
872 return ref;
873 return NULL;
874}
875
876struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
877{
878 struct tls_keys_ref *ref;
879
880 list_for_each_entry(ref, &tlskeys_reference, list)
881 if (ref->unique_id == unique_id)
882 return ref;
883 return NULL;
884}
885
Christopher Faulet16f45c82018-02-16 11:23:49 +0100886void ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref, struct chunk *tlskey)
887{
888 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
889 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)), tlskey->str, tlskey->len);
890 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
891 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
892}
893
894int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err)
895{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200896 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
897
898 if(!ref) {
899 memprintf(err, "Unable to locate the referenced filename: %s", filename);
900 return 1;
901 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100902 ssl_sock_update_tlskey_ref(ref, tlskey);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200903 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100904}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200905
906/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100907 * automatic ids. It's called just after the basic checks. It returns
908 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200909 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100910static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200911{
912 int i = 0;
913 struct tls_keys_ref *ref, *ref2, *ref3;
914 struct list tkr = LIST_HEAD_INIT(tkr);
915
916 list_for_each_entry(ref, &tlskeys_reference, list) {
917 if (ref->unique_id == -1) {
918 /* Look for the first free id. */
919 while (1) {
920 list_for_each_entry(ref2, &tlskeys_reference, list) {
921 if (ref2->unique_id == i) {
922 i++;
923 break;
924 }
925 }
926 if (&ref2->list == &tlskeys_reference)
927 break;
928 }
929
930 /* Uses the unique id and increment it for the next entry. */
931 ref->unique_id = i;
932 i++;
933 }
934 }
935
936 /* This sort the reference list by id. */
937 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
938 LIST_DEL(&ref->list);
939 list_for_each_entry(ref3, &tkr, list) {
940 if (ref->unique_id < ref3->unique_id) {
941 LIST_ADDQ(&ref3->list, &ref->list);
942 break;
943 }
944 }
945 if (&ref3->list == &tkr)
946 LIST_ADDQ(&tkr, &ref->list);
947 }
948
949 /* swap root */
950 LIST_ADD(&tkr, &tlskeys_reference);
951 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +0100952 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200953}
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100954#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
955
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100956#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -0500957int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
958{
959 switch (evp_keytype) {
960 case EVP_PKEY_RSA:
961 return 2;
962 case EVP_PKEY_DSA:
963 return 0;
964 case EVP_PKEY_EC:
965 return 1;
966 }
967
968 return -1;
969}
970
Emeric Brun4147b2e2014-06-16 18:36:30 +0200971/*
972 * Callback used to set OCSP status extension content in server hello.
973 */
974int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
975{
yanbzhube2774d2015-12-10 15:07:30 -0500976 struct certificate_ocsp *ocsp;
977 struct ocsp_cbk_arg *ocsp_arg;
978 char *ssl_buf;
979 EVP_PKEY *ssl_pkey;
980 int key_type;
981 int index;
982
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200983 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -0500984
985 ssl_pkey = SSL_get_privatekey(ssl);
986 if (!ssl_pkey)
987 return SSL_TLSEXT_ERR_NOACK;
988
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200989 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -0500990
991 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
992 ocsp = ocsp_arg->s_ocsp;
993 else {
994 /* For multiple certs per context, we have to find the correct OCSP response based on
995 * the certificate type
996 */
997 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
998
999 if (index < 0)
1000 return SSL_TLSEXT_ERR_NOACK;
1001
1002 ocsp = ocsp_arg->m_ocsp[index];
1003
1004 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001005
1006 if (!ocsp ||
1007 !ocsp->response.str ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001008 !ocsp->response.len ||
1009 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001010 return SSL_TLSEXT_ERR_NOACK;
1011
1012 ssl_buf = OPENSSL_malloc(ocsp->response.len);
1013 if (!ssl_buf)
1014 return SSL_TLSEXT_ERR_NOACK;
1015
1016 memcpy(ssl_buf, ocsp->response.str, ocsp->response.len);
1017 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.len);
1018
1019 return SSL_TLSEXT_ERR_OK;
1020}
1021
1022/*
1023 * This function enables the handling of OCSP status extension on 'ctx' if a
1024 * file name 'cert_path' suffixed using ".ocsp" is present.
1025 * To enable OCSP status extension, the issuer's certificate is mandatory.
1026 * It should be present in the certificate's extra chain builded from file
1027 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1028 * named 'cert_path' suffixed using '.issuer'.
1029 *
1030 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1031 * response. If file is empty or content is not a valid OCSP response,
1032 * OCSP status extension is enabled but OCSP response is ignored (a warning
1033 * is displayed).
1034 *
1035 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
1036 * succesfully enabled, or -1 in other error case.
1037 */
1038static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1039{
1040
1041 BIO *in = NULL;
1042 X509 *x, *xi = NULL, *issuer = NULL;
1043 STACK_OF(X509) *chain = NULL;
1044 OCSP_CERTID *cid = NULL;
1045 SSL *ssl;
1046 char ocsp_path[MAXPATHLEN+1];
1047 int i, ret = -1;
1048 struct stat st;
1049 struct certificate_ocsp *ocsp = NULL, *iocsp;
1050 char *warn = NULL;
1051 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001052 pem_password_cb *passwd_cb;
1053 void *passwd_cb_userdata;
1054 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001055
1056 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1057
1058 if (stat(ocsp_path, &st))
1059 return 1;
1060
1061 ssl = SSL_new(ctx);
1062 if (!ssl)
1063 goto out;
1064
1065 x = SSL_get_certificate(ssl);
1066 if (!x)
1067 goto out;
1068
1069 /* Try to lookup for issuer in certificate extra chain */
1070#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1071 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1072#else
1073 chain = ctx->extra_certs;
1074#endif
1075 for (i = 0; i < sk_X509_num(chain); i++) {
1076 issuer = sk_X509_value(chain, i);
1077 if (X509_check_issued(issuer, x) == X509_V_OK)
1078 break;
1079 else
1080 issuer = NULL;
1081 }
1082
1083 /* If not found try to load issuer from a suffixed file */
1084 if (!issuer) {
1085 char issuer_path[MAXPATHLEN+1];
1086
1087 in = BIO_new(BIO_s_file());
1088 if (!in)
1089 goto out;
1090
1091 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1092 if (BIO_read_filename(in, issuer_path) <= 0)
1093 goto out;
1094
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001095 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1096 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1097
1098 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001099 if (!xi)
1100 goto out;
1101
1102 if (X509_check_issued(xi, x) != X509_V_OK)
1103 goto out;
1104
1105 issuer = xi;
1106 }
1107
1108 cid = OCSP_cert_to_id(0, x, issuer);
1109 if (!cid)
1110 goto out;
1111
1112 i = i2d_OCSP_CERTID(cid, NULL);
1113 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1114 goto out;
1115
Vincent Bernat02779b62016-04-03 13:48:43 +02001116 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001117 if (!ocsp)
1118 goto out;
1119
1120 p = ocsp->key_data;
1121 i2d_OCSP_CERTID(cid, &p);
1122
1123 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1124 if (iocsp == ocsp)
1125 ocsp = NULL;
1126
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001127#ifndef SSL_CTX_get_tlsext_status_cb
1128# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1129 *cb = (void (*) (void))ctx->tlsext_status_cb;
1130#endif
1131 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1132
1133 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001134 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001135 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001136
1137 cb_arg->is_single = 1;
1138 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001139
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001140 pkey = X509_get_pubkey(x);
1141 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1142 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001143
1144 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1145 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1146 } else {
1147 /*
1148 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1149 * Update that cb_arg with the new cert's staple
1150 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001151 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001152 struct certificate_ocsp *tmp_ocsp;
1153 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001154 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001155 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001156
1157#ifdef SSL_CTX_get_tlsext_status_arg
1158 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1159#else
1160 cb_arg = ctx->tlsext_status_arg;
1161#endif
yanbzhube2774d2015-12-10 15:07:30 -05001162
1163 /*
1164 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1165 * the order of operations below matter, take care when changing it
1166 */
1167 tmp_ocsp = cb_arg->s_ocsp;
1168 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1169 cb_arg->s_ocsp = NULL;
1170 cb_arg->m_ocsp[index] = tmp_ocsp;
1171 cb_arg->is_single = 0;
1172 cb_arg->single_kt = 0;
1173
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001174 pkey = X509_get_pubkey(x);
1175 key_type = EVP_PKEY_base_id(pkey);
1176 EVP_PKEY_free(pkey);
1177
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001178 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001179 if (index >= 0 && !cb_arg->m_ocsp[index])
1180 cb_arg->m_ocsp[index] = iocsp;
1181
1182 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001183
1184 ret = 0;
1185
1186 warn = NULL;
1187 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1188 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001189 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001190 }
1191
1192out:
1193 if (ssl)
1194 SSL_free(ssl);
1195
1196 if (in)
1197 BIO_free(in);
1198
1199 if (xi)
1200 X509_free(xi);
1201
1202 if (cid)
1203 OCSP_CERTID_free(cid);
1204
1205 if (ocsp)
1206 free(ocsp);
1207
1208 if (warn)
1209 free(warn);
1210
1211
1212 return ret;
1213}
1214
1215#endif
1216
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001217#ifdef OPENSSL_IS_BORINGSSL
1218static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1219{
1220 char ocsp_path[MAXPATHLEN+1];
1221 struct stat st;
1222 int fd = -1, r = 0;
1223
1224 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1225 if (stat(ocsp_path, &st))
1226 return 0;
1227
1228 fd = open(ocsp_path, O_RDONLY);
1229 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001230 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001231 return -1;
1232 }
1233
1234 trash.len = 0;
1235 while (trash.len < trash.size) {
1236 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1237 if (r < 0) {
1238 if (errno == EINTR)
1239 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001240 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001241 close(fd);
1242 return -1;
1243 }
1244 else if (r == 0) {
1245 break;
1246 }
1247 trash.len += r;
1248 }
1249 close(fd);
1250 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)trash.str, trash.len);
1251}
1252#endif
1253
Daniel Jakots54ffb912015-11-06 20:02:41 +01001254#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001255
1256#define CT_EXTENSION_TYPE 18
1257
1258static int sctl_ex_index = -1;
1259
1260/*
1261 * Try to parse Signed Certificate Timestamp List structure. This function
1262 * makes only basic test if the data seems like SCTL. No signature validation
1263 * is performed.
1264 */
1265static int ssl_sock_parse_sctl(struct chunk *sctl)
1266{
1267 int ret = 1;
1268 int len, pos, sct_len;
1269 unsigned char *data;
1270
1271 if (sctl->len < 2)
1272 goto out;
1273
1274 data = (unsigned char *)sctl->str;
1275 len = (data[0] << 8) | data[1];
1276
1277 if (len + 2 != sctl->len)
1278 goto out;
1279
1280 data = data + 2;
1281 pos = 0;
1282 while (pos < len) {
1283 if (len - pos < 2)
1284 goto out;
1285
1286 sct_len = (data[pos] << 8) | data[pos + 1];
1287 if (pos + sct_len + 2 > len)
1288 goto out;
1289
1290 pos += sct_len + 2;
1291 }
1292
1293 ret = 0;
1294
1295out:
1296 return ret;
1297}
1298
1299static int ssl_sock_load_sctl_from_file(const char *sctl_path, struct chunk **sctl)
1300{
1301 int fd = -1;
1302 int r = 0;
1303 int ret = 1;
1304
1305 *sctl = NULL;
1306
1307 fd = open(sctl_path, O_RDONLY);
1308 if (fd == -1)
1309 goto end;
1310
1311 trash.len = 0;
1312 while (trash.len < trash.size) {
1313 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1314 if (r < 0) {
1315 if (errno == EINTR)
1316 continue;
1317
1318 goto end;
1319 }
1320 else if (r == 0) {
1321 break;
1322 }
1323 trash.len += r;
1324 }
1325
1326 ret = ssl_sock_parse_sctl(&trash);
1327 if (ret)
1328 goto end;
1329
Vincent Bernat02779b62016-04-03 13:48:43 +02001330 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001331 if (!chunk_dup(*sctl, &trash)) {
1332 free(*sctl);
1333 *sctl = NULL;
1334 goto end;
1335 }
1336
1337end:
1338 if (fd != -1)
1339 close(fd);
1340
1341 return ret;
1342}
1343
1344int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1345{
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001346 struct chunk *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001347
1348 *out = (unsigned char *)sctl->str;
1349 *outlen = sctl->len;
1350
1351 return 1;
1352}
1353
1354int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1355{
1356 return 1;
1357}
1358
1359static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1360{
1361 char sctl_path[MAXPATHLEN+1];
1362 int ret = -1;
1363 struct stat st;
1364 struct chunk *sctl = NULL;
1365
1366 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1367
1368 if (stat(sctl_path, &st))
1369 return 1;
1370
1371 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1372 goto out;
1373
1374 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1375 free(sctl);
1376 goto out;
1377 }
1378
1379 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1380
1381 ret = 0;
1382
1383out:
1384 return ret;
1385}
1386
1387#endif
1388
Emeric Brune1f38db2012-09-03 20:36:47 +02001389void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1390{
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001391 struct connection *conn = SSL_get_app_data(ssl);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001392 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001393 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001394
1395 if (where & SSL_CB_HANDSHAKE_START) {
1396 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001397 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001398 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001399 conn->err_code = CO_ER_SSL_RENEG;
1400 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001401 }
Emeric Brund8b2bb52014-01-28 15:43:53 +01001402
1403 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1404 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1405 /* Long certificate chains optimz
1406 If write and read bios are differents, we
1407 consider that the buffering was activated,
1408 so we rise the output buffer size from 4k
1409 to 16k */
1410 write_bio = SSL_get_wbio(ssl);
1411 if (write_bio != SSL_get_rbio(ssl)) {
1412 BIO_set_write_buffer_size(write_bio, 16384);
1413 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1414 }
1415 }
1416 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001417}
1418
Emeric Brune64aef12012-09-21 13:15:06 +02001419/* Callback is called for each certificate of the chain during a verify
1420 ok is set to 1 if preverify detect no error on current certificate.
1421 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001422int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001423{
1424 SSL *ssl;
1425 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001426 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001427
1428 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001429 conn = SSL_get_app_data(ssl);
Emeric Brune64aef12012-09-21 13:15:06 +02001430
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001431 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001432
Emeric Brun81c00f02012-09-21 14:31:21 +02001433 if (ok) /* no errors */
1434 return ok;
1435
1436 depth = X509_STORE_CTX_get_error_depth(x_store);
1437 err = X509_STORE_CTX_get_error(x_store);
1438
1439 /* check if CA error needs to be ignored */
1440 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001441 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1442 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1443 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001444 }
1445
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001446 if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001447 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001448 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001449 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001450 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001451
Willy Tarreau20879a02012-12-03 16:32:10 +01001452 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001453 return 0;
1454 }
1455
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001456 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1457 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001458
Emeric Brun81c00f02012-09-21 14:31:21 +02001459 /* check if certificate error needs to be ignored */
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001460 if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001461 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001462 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001463 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001464 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001465
Willy Tarreau20879a02012-12-03 16:32:10 +01001466 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001467 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001468}
1469
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001470static inline
1471void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001472 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001473{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001474 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001475 unsigned char *msg;
1476 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001477 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001478
1479 /* This function is called for "from client" and "to server"
1480 * connections. The combination of write_p == 0 and content_type == 22
1481 * is only avalaible during "from client" connection.
1482 */
1483
1484 /* "write_p" is set to 0 is the bytes are received messages,
1485 * otherwise it is set to 1.
1486 */
1487 if (write_p != 0)
1488 return;
1489
1490 /* content_type contains the type of message received or sent
1491 * according with the SSL/TLS protocol spec. This message is
1492 * encoded with one byte. The value 256 (two bytes) is used
1493 * for designing the SSL/TLS record layer. According with the
1494 * rfc6101, the expected message (other than 256) are:
1495 * - change_cipher_spec(20)
1496 * - alert(21)
1497 * - handshake(22)
1498 * - application_data(23)
1499 * - (255)
1500 * We are interessed by the handshake and specially the client
1501 * hello.
1502 */
1503 if (content_type != 22)
1504 return;
1505
1506 /* The message length is at least 4 bytes, containing the
1507 * message type and the message length.
1508 */
1509 if (len < 4)
1510 return;
1511
1512 /* First byte of the handshake message id the type of
1513 * message. The konwn types are:
1514 * - hello_request(0)
1515 * - client_hello(1)
1516 * - server_hello(2)
1517 * - certificate(11)
1518 * - server_key_exchange (12)
1519 * - certificate_request(13)
1520 * - server_hello_done(14)
1521 * We are interested by the client hello.
1522 */
1523 msg = (unsigned char *)buf;
1524 if (msg[0] != 1)
1525 return;
1526
1527 /* Next three bytes are the length of the message. The total length
1528 * must be this decoded length + 4. If the length given as argument
1529 * is not the same, we abort the protocol dissector.
1530 */
1531 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1532 if (len < rec_len + 4)
1533 return;
1534 msg += 4;
1535 end = msg + rec_len;
1536 if (end < msg)
1537 return;
1538
1539 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1540 * for minor, the random, composed by 4 bytes for the unix time and
1541 * 28 bytes for unix payload, and them 1 byte for the session id. So
1542 * we jump 1 + 1 + 4 + 28 + 1 bytes.
1543 */
1544 msg += 1 + 1 + 4 + 28 + 1;
1545 if (msg > end)
1546 return;
1547
1548 /* Next two bytes are the ciphersuite length. */
1549 if (msg + 2 > end)
1550 return;
1551 rec_len = (msg[0] << 8) + msg[1];
1552 msg += 2;
1553 if (msg + rec_len > end || msg + rec_len < msg)
1554 return;
1555
Willy Tarreaubafbe012017-11-24 17:34:44 +01001556 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001557 if (!capture)
1558 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001559 /* Compute the xxh64 of the ciphersuite. */
1560 capture->xxh64 = XXH64(msg, rec_len, 0);
1561
1562 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001563 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1564 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001565 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001566
1567 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001568}
1569
Emeric Brun29f037d2014-04-25 19:05:36 +02001570/* Callback is called for ssl protocol analyse */
1571void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1572{
Emeric Brun29f037d2014-04-25 19:05:36 +02001573#ifdef TLS1_RT_HEARTBEAT
1574 /* test heartbeat received (write_p is set to 0
1575 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001576 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001577 struct connection *conn = SSL_get_app_data(ssl);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001578 const unsigned char *p = buf;
1579 unsigned int payload;
1580
Emeric Brun29f037d2014-04-25 19:05:36 +02001581 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001582
1583 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1584 if (*p != TLS1_HB_REQUEST)
1585 return;
1586
Willy Tarreauaeed6722014-04-25 23:59:58 +02001587 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001588 goto kill_it;
1589
1590 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001591 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001592 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001593 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001594 /* We have a clear heartbleed attack (CVE-2014-0160), the
1595 * advertised payload is larger than the advertised packet
1596 * length, so we have garbage in the buffer between the
1597 * payload and the end of the buffer (p+len). We can't know
1598 * if the SSL stack is patched, and we don't know if we can
1599 * safely wipe out the area between p+3+len and payload.
1600 * So instead, we prevent the response from being sent by
1601 * setting the max_send_fragment to 0 and we report an SSL
1602 * error, which will kill this connection. It will be reported
1603 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001604 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1605 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001606 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001607 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1608 return;
1609 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001610#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001611 if (global_ssl.capture_cipherlist > 0)
1612 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001613}
1614
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001615#ifdef OPENSSL_NPN_NEGOTIATED
1616/* This callback is used so that the server advertises the list of
1617 * negociable protocols for NPN.
1618 */
1619static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1620 unsigned int *len, void *arg)
1621{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001622 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001623
1624 *data = (const unsigned char *)conf->npn_str;
1625 *len = conf->npn_len;
1626 return SSL_TLSEXT_ERR_OK;
1627}
1628#endif
1629
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001630#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001631/* This callback is used so that the server advertises the list of
1632 * negociable protocols for ALPN.
1633 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001634static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1635 unsigned char *outlen,
1636 const unsigned char *server,
1637 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001638{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001639 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001640
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001641 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1642 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1643 return SSL_TLSEXT_ERR_NOACK;
1644 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001645 return SSL_TLSEXT_ERR_OK;
1646}
1647#endif
1648
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001649#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001650#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001651
Christopher Faulet30548802015-06-11 13:39:32 +02001652/* Create a X509 certificate with the specified servername and serial. This
1653 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001654static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001655ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001656{
Christopher Faulet7969a332015-10-09 11:15:03 +02001657 X509 *cacert = bind_conf->ca_sign_cert;
1658 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001659 SSL_CTX *ssl_ctx = NULL;
1660 X509 *newcrt = NULL;
1661 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001662 SSL *tmp_ssl = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001663 X509_NAME *name;
1664 const EVP_MD *digest;
1665 X509V3_CTX ctx;
1666 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001667 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001668
Christopher Faulet48a83322017-07-28 16:56:09 +02001669 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001670#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1671 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1672#else
1673 tmp_ssl = SSL_new(bind_conf->default_ctx);
1674 if (tmp_ssl)
1675 pkey = SSL_get_privatekey(tmp_ssl);
1676#endif
1677 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001678 goto mkcert_error;
1679
1680 /* Create the certificate */
1681 if (!(newcrt = X509_new()))
1682 goto mkcert_error;
1683
1684 /* Set version number for the certificate (X509v3) and the serial
1685 * number */
1686 if (X509_set_version(newcrt, 2L) != 1)
1687 goto mkcert_error;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001688 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001689
1690 /* Set duration for the certificate */
1691 if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
1692 !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
1693 goto mkcert_error;
1694
1695 /* set public key in the certificate */
1696 if (X509_set_pubkey(newcrt, pkey) != 1)
1697 goto mkcert_error;
1698
1699 /* Set issuer name from the CA */
1700 if (!(name = X509_get_subject_name(cacert)))
1701 goto mkcert_error;
1702 if (X509_set_issuer_name(newcrt, name) != 1)
1703 goto mkcert_error;
1704
1705 /* Set the subject name using the same, but the CN */
1706 name = X509_NAME_dup(name);
1707 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1708 (const unsigned char *)servername,
1709 -1, -1, 0) != 1) {
1710 X509_NAME_free(name);
1711 goto mkcert_error;
1712 }
1713 if (X509_set_subject_name(newcrt, name) != 1) {
1714 X509_NAME_free(name);
1715 goto mkcert_error;
1716 }
1717 X509_NAME_free(name);
1718
1719 /* Add x509v3 extensions as specified */
1720 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1721 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1722 X509_EXTENSION *ext;
1723
1724 if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
1725 goto mkcert_error;
1726 if (!X509_add_ext(newcrt, ext, -1)) {
1727 X509_EXTENSION_free(ext);
1728 goto mkcert_error;
1729 }
1730 X509_EXTENSION_free(ext);
1731 }
1732
1733 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001734
1735 key_type = EVP_PKEY_base_id(capkey);
1736
1737 if (key_type == EVP_PKEY_DSA)
1738 digest = EVP_sha1();
1739 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001740 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001741 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001742 digest = EVP_sha256();
1743 else {
Christopher Faulete7db2162015-10-19 13:59:24 +02001744#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001745 int nid;
1746
1747 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1748 goto mkcert_error;
1749 if (!(digest = EVP_get_digestbynid(nid)))
1750 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001751#else
1752 goto mkcert_error;
1753#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001754 }
1755
Christopher Faulet31af49d2015-06-09 17:29:50 +02001756 if (!(X509_sign(newcrt, capkey, digest)))
1757 goto mkcert_error;
1758
1759 /* Create and set the new SSL_CTX */
1760 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1761 goto mkcert_error;
1762 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1763 goto mkcert_error;
1764 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1765 goto mkcert_error;
1766 if (!SSL_CTX_check_private_key(ssl_ctx))
1767 goto mkcert_error;
1768
1769 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001770
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001771#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001772 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001773#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001774#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1775 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001776 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001777 EC_KEY *ecc;
1778 int nid;
1779
1780 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1781 goto end;
1782 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1783 goto end;
1784 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1785 EC_KEY_free(ecc);
1786 }
1787#endif
1788 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001789 return ssl_ctx;
1790
1791 mkcert_error:
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001792 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001793 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1794 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001795 return NULL;
1796}
1797
Christopher Faulet7969a332015-10-09 11:15:03 +02001798SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001799ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001800{
1801 struct bind_conf *bind_conf = objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001802
1803 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001804}
1805
Christopher Faulet30548802015-06-11 13:39:32 +02001806/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001807 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001808SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001809ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001810{
1811 struct lru64 *lru = NULL;
1812
1813 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001814 HA_RWLOCK_RDLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001815 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001816 if (lru && lru->domain) {
1817 if (ssl)
1818 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001819 HA_RWLOCK_RDUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001820 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001821 }
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001822 HA_RWLOCK_RDUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001823 }
1824 return NULL;
1825}
1826
Emeric Brun821bb9b2017-06-15 16:37:39 +02001827/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1828 * function is not thread-safe, it should only be used to check if a certificate
1829 * exists in the lru cache (with no warranty it will not be removed by another
1830 * thread). It is kept for backward compatibility. */
1831SSL_CTX *
1832ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1833{
1834 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1835}
1836
Christopher Fauletd2cab922015-07-28 16:03:47 +02001837/* Set a certificate int the LRU cache used to store generated
1838 * certificate. Return 0 on success, otherwise -1 */
1839int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001840ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001841{
1842 struct lru64 *lru = NULL;
1843
1844 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001845 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001846 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001847 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001848 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001849 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001850 }
Christopher Faulet30548802015-06-11 13:39:32 +02001851 if (lru->domain && lru->data)
1852 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001853 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001854 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001855 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001856 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001857 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001858}
1859
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001860/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001861unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001862ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001863{
1864 return XXH32(data, len, ssl_ctx_lru_seed);
1865}
1866
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001867/* Generate a cert and immediately assign it to the SSL session so that the cert's
1868 * refcount is maintained regardless of the cert's presence in the LRU cache.
1869 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001870static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001871ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001872{
1873 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001874 SSL_CTX *ssl_ctx = NULL;
1875 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001876 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001877
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001878 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001879 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001880 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001881 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001882 if (lru && lru->domain)
1883 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001884 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001885 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001886 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001887 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001888 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001889 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001890 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001891 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001892 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001893 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001894 SSL_set_SSL_CTX(ssl, ssl_ctx);
1895 /* No LRU cache, this CTX will be released as soon as the session dies */
1896 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001897 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001898 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001899 return 0;
1900}
1901static int
1902ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
1903{
1904 unsigned int key;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001905 struct connection *conn = SSL_get_app_data(ssl);
1906
1907 conn_get_to_addr(conn);
1908 if (conn->flags & CO_FL_ADDR_TO_SET) {
1909 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02001910 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001911 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001912 }
1913 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001914}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001915#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02001916
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001917
1918#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
1919#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
1920#endif
1921
1922#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
1923#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
1924#define SSL_renegotiate_pending(arg) 0
1925#endif
1926#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
1927#define SSL_OP_SINGLE_ECDH_USE 0
1928#endif
1929#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
1930#define SSL_OP_NO_TICKET 0
1931#endif
1932#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
1933#define SSL_OP_NO_COMPRESSION 0
1934#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001935#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
1936#undef SSL_OP_NO_SSLv3
1937#define SSL_OP_NO_SSLv3 0
1938#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001939#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
1940#define SSL_OP_NO_TLSv1_1 0
1941#endif
1942#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
1943#define SSL_OP_NO_TLSv1_2 0
1944#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02001945#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001946#define SSL_OP_NO_TLSv1_3 0
1947#endif
1948#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
1949#define SSL_OP_SINGLE_DH_USE 0
1950#endif
1951#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
1952#define SSL_OP_SINGLE_ECDH_USE 0
1953#endif
1954#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
1955#define SSL_MODE_RELEASE_BUFFERS 0
1956#endif
1957#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
1958#define SSL_MODE_SMALL_BUFFERS 0
1959#endif
1960
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02001961#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001962typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
1963
1964static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001965{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001966#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001967 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001968 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
1969#endif
1970}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001971static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
1972 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001973 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
1974}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001975static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001976#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001977 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001978 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
1979#endif
1980}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001981static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001982#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001983 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001984 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
1985#endif
1986}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001987/* TLS 1.2 is the last supported version in this context. */
1988static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
1989/* Unusable in this context. */
1990static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
1991static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
1992static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
1993static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
1994static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001995#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001996typedef enum { SET_MIN, SET_MAX } set_context_func;
1997
1998static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
1999 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002000 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2001}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002002static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2003 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2004 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2005}
2006static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2007 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002008 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2009}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002010static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2011 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2012 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2013}
2014static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2015 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002016 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2017}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002018static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2019 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2020 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2021}
2022static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2023 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002024 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2025}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002026static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2027 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2028 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2029}
2030static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002031#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002032 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002033 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2034#endif
2035}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002036static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2037#if SSL_OP_NO_TLSv1_3
2038 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2039 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002040#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002041}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002042#endif
2043static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2044static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002045
2046static struct {
2047 int option;
2048 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002049 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2050 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002051 const char *name;
2052} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002053 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2054 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2055 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2056 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2057 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2058 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002059};
2060
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002061static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2062{
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002063 struct pkey_info *pkinfo;
2064
2065 pkinfo = SSL_CTX_get_ex_data(ctx, ssl_pkey_info_index);
2066 if (pkinfo)
2067 SSL_set_ex_data(ssl, ssl_pkey_info_index, pkinfo);
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002068 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2069 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2070 SSL_set_SSL_CTX(ssl, ctx);
2071}
2072
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002073#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002074
2075static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2076{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002077 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002078 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002079
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002080 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2081 return SSL_TLSEXT_ERR_OK;
2082 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002083}
2084
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002085#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002086static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2087{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002088 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002089#else
2090static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2091{
2092#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002093 struct connection *conn;
2094 struct bind_conf *s;
2095 const uint8_t *extension_data;
2096 size_t extension_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002097 int has_rsa = 0, has_ecdsa = 0, has_ecdsa_sig = 0;
2098
2099 char *wildp = NULL;
2100 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002101 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002102 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002103 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002104 int i;
2105
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002106 conn = SSL_get_app_data(ssl);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002107 s = objt_listener(conn->target)->bind_conf;
2108
Olivier Houchard9679ac92017-10-27 14:58:08 +02002109 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002110 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002111#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002112 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2113 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002114#else
2115 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2116#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002117 /*
2118 * The server_name extension was given too much extensibility when it
2119 * was written, so parsing the normal case is a bit complex.
2120 */
2121 size_t len;
2122 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002123 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002124 /* Extract the length of the supplied list of names. */
2125 len = (*extension_data++) << 8;
2126 len |= *extension_data++;
2127 if (len + 2 != extension_len)
2128 goto abort;
2129 /*
2130 * The list in practice only has a single element, so we only consider
2131 * the first one.
2132 */
2133 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2134 goto abort;
2135 extension_len = len - 1;
2136 /* Now we can finally pull out the byte array with the actual hostname. */
2137 if (extension_len <= 2)
2138 goto abort;
2139 len = (*extension_data++) << 8;
2140 len |= *extension_data++;
2141 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2142 || memchr(extension_data, 0, len) != NULL)
2143 goto abort;
2144 servername = extension_data;
2145 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002146 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002147#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2148 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002149 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002150 }
2151#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002152 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002153 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002154 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002155 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002156 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002157 goto abort;
2158 }
2159
2160 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002161#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002162 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002163#else
2164 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2165#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002166 uint8_t sign;
2167 size_t len;
2168 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002169 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002170 len = (*extension_data++) << 8;
2171 len |= *extension_data++;
2172 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002173 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002174 if (len % 2 != 0)
2175 goto abort;
2176 for (; len > 0; len -= 2) {
2177 extension_data++; /* hash */
2178 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002179 switch (sign) {
2180 case TLSEXT_signature_rsa:
2181 has_rsa = 1;
2182 break;
2183 case TLSEXT_signature_ecdsa:
2184 has_ecdsa_sig = 1;
2185 break;
2186 default:
2187 continue;
2188 }
2189 if (has_ecdsa_sig && has_rsa)
2190 break;
2191 }
2192 } else {
2193 /* without TLSEXT_TYPE_signature_algorithms extension (< TLS 1.2) */
2194 has_rsa = 1;
2195 }
2196 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002197 const SSL_CIPHER *cipher;
2198 size_t len;
2199 const uint8_t *cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002200#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002201 len = ctx->cipher_suites_len;
2202 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002203#else
2204 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2205#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002206 if (len % 2 != 0)
2207 goto abort;
2208 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002209#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002210 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002211 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002212#else
2213 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2214#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002215 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002216 has_ecdsa = 1;
2217 break;
2218 }
2219 }
2220 }
2221
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002222 for (i = 0; i < trash.size && i < servername_len; i++) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002223 trash.str[i] = tolower(servername[i]);
2224 if (!wildp && (trash.str[i] == '.'))
2225 wildp = &trash.str[i];
2226 }
2227 trash.str[i] = 0;
2228
2229 /* lookup in full qualified names */
2230 node = ebst_lookup(&s->sni_ctx, trash.str);
2231
2232 /* lookup a not neg filter */
2233 for (n = node; n; n = ebmb_next_dup(n)) {
2234 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002235 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002236 case TLSEXT_signature_ecdsa:
2237 if (has_ecdsa) {
2238 node_ecdsa = n;
2239 goto find_one;
2240 }
2241 break;
2242 case TLSEXT_signature_rsa:
2243 if (has_rsa && !node_rsa) {
2244 node_rsa = n;
2245 if (!has_ecdsa)
2246 goto find_one;
2247 }
2248 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002249 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002250 if (!node_anonymous)
2251 node_anonymous = n;
2252 break;
2253 }
2254 }
2255 }
2256 if (wildp) {
2257 /* lookup in wildcards names */
2258 node = ebst_lookup(&s->sni_w_ctx, wildp);
2259 for (n = node; n; n = ebmb_next_dup(n)) {
2260 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002261 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002262 case TLSEXT_signature_ecdsa:
2263 if (has_ecdsa) {
2264 node_ecdsa = n;
2265 goto find_one;
2266 }
2267 break;
2268 case TLSEXT_signature_rsa:
2269 if (has_rsa && !node_rsa) {
2270 node_rsa = n;
2271 if (!has_ecdsa)
2272 goto find_one;
2273 }
2274 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002275 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002276 if (!node_anonymous)
2277 node_anonymous = n;
2278 break;
2279 }
2280 }
2281 }
2282 }
2283 find_one:
2284 /* select by key_signature priority order */
2285 node = node_ecdsa ? node_ecdsa : (node_rsa ? node_rsa : node_anonymous);
2286
2287 if (node) {
2288 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002289 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002290 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002291 if (conf) {
2292 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2293 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2294 if (conf->early_data)
2295 allow_early = 1;
2296 }
2297 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002298 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002299#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2300 if (s->generate_certs && ssl_sock_generate_certificate(trash.str, s, ssl)) {
2301 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002302 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002303 }
2304#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002305 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002306 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002307 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002308 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002309allow_early:
2310#ifdef OPENSSL_IS_BORINGSSL
2311 if (allow_early)
2312 SSL_set_early_data_enabled(ssl, 1);
2313#else
2314 if (!allow_early)
2315 SSL_set_max_early_data(ssl, 0);
2316#endif
2317 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002318 abort:
2319 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2320 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002321#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002322 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002323#else
2324 *al = SSL_AD_UNRECOGNIZED_NAME;
2325 return 0;
2326#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002327}
2328
2329#else /* OPENSSL_IS_BORINGSSL */
2330
Emeric Brunfc0421f2012-09-07 17:30:07 +02002331/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2332 * warning when no match is found, which implies the default (first) cert
2333 * will keep being used.
2334 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002335static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002336{
2337 const char *servername;
2338 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002339 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002340 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002341 int i;
2342 (void)al; /* shut gcc stupid warning */
2343
2344 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002345 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002346#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002347 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2348 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002349#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002350 if (s->strict_sni)
2351 return SSL_TLSEXT_ERR_ALERT_FATAL;
2352 ssl_sock_switchctx_set(ssl, s->default_ctx);
2353 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002354 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002355
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002356 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002357 if (!servername[i])
2358 break;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002359 trash.str[i] = tolower(servername[i]);
2360 if (!wildp && (trash.str[i] == '.'))
2361 wildp = &trash.str[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002362 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002363 trash.str[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002364
2365 /* lookup in full qualified names */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002366 node = ebst_lookup(&s->sni_ctx, trash.str);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002367
2368 /* lookup a not neg filter */
2369 for (n = node; n; n = ebmb_next_dup(n)) {
2370 if (!container_of(n, struct sni_ctx, name)->neg) {
2371 node = n;
2372 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002373 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002374 }
2375 if (!node && wildp) {
2376 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002377 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002378 }
2379 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002380#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002381 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2382 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002383 return SSL_TLSEXT_ERR_OK;
2384 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002385#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002386 if (s->strict_sni)
2387 return SSL_TLSEXT_ERR_ALERT_FATAL;
2388 ssl_sock_switchctx_set(ssl, s->default_ctx);
2389 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002390 }
2391
2392 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002393 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002394 return SSL_TLSEXT_ERR_OK;
2395}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002396#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002397#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2398
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002399#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002400
2401static DH * ssl_get_dh_1024(void)
2402{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002403 static unsigned char dh1024_p[]={
2404 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2405 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2406 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2407 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2408 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2409 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2410 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2411 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2412 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2413 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2414 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2415 };
2416 static unsigned char dh1024_g[]={
2417 0x02,
2418 };
2419
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002420 BIGNUM *p;
2421 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002422 DH *dh = DH_new();
2423 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002424 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2425 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002426
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002427 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002428 DH_free(dh);
2429 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002430 } else {
2431 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002432 }
2433 }
2434 return dh;
2435}
2436
2437static DH *ssl_get_dh_2048(void)
2438{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002439 static unsigned char dh2048_p[]={
2440 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2441 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2442 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2443 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2444 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2445 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2446 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2447 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2448 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2449 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2450 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2451 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2452 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2453 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2454 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2455 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2456 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2457 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2458 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2459 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2460 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2461 0xB7,0x1F,0x77,0xF3,
2462 };
2463 static unsigned char dh2048_g[]={
2464 0x02,
2465 };
2466
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002467 BIGNUM *p;
2468 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002469 DH *dh = DH_new();
2470 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002471 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2472 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002473
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002474 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002475 DH_free(dh);
2476 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002477 } else {
2478 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002479 }
2480 }
2481 return dh;
2482}
2483
2484static DH *ssl_get_dh_4096(void)
2485{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002486 static unsigned char dh4096_p[]={
2487 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2488 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2489 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2490 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2491 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2492 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2493 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2494 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2495 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2496 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2497 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2498 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2499 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2500 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2501 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2502 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2503 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2504 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2505 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2506 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2507 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2508 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2509 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2510 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2511 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2512 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2513 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2514 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2515 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2516 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2517 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2518 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2519 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2520 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2521 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2522 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2523 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2524 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2525 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2526 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2527 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2528 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2529 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002530 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002531 static unsigned char dh4096_g[]={
2532 0x02,
2533 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002534
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002535 BIGNUM *p;
2536 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002537 DH *dh = DH_new();
2538 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002539 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2540 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002541
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002542 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002543 DH_free(dh);
2544 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002545 } else {
2546 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002547 }
2548 }
2549 return dh;
2550}
2551
2552/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002553 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002554static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2555{
2556 DH *dh = NULL;
2557 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002558 int type;
2559
2560 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002561
2562 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2563 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2564 */
2565 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2566 keylen = EVP_PKEY_bits(pkey);
2567 }
2568
Willy Tarreauef934602016-12-22 23:12:01 +01002569 if (keylen > global_ssl.default_dh_param) {
2570 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002571 }
2572
Remi Gacogned3a341a2015-05-29 16:26:17 +02002573 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002574 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002575 }
2576 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002577 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002578 }
2579 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002580 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002581 }
2582
2583 return dh;
2584}
2585
Remi Gacogne47783ef2015-05-29 15:53:22 +02002586static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002587{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002588 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002589 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002590
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002591 if (in == NULL)
2592 goto end;
2593
Remi Gacogne47783ef2015-05-29 15:53:22 +02002594 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002595 goto end;
2596
Remi Gacogne47783ef2015-05-29 15:53:22 +02002597 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2598
2599end:
2600 if (in)
2601 BIO_free(in);
2602
2603 return dh;
2604}
2605
2606int ssl_sock_load_global_dh_param_from_file(const char *filename)
2607{
2608 global_dh = ssl_sock_get_dh_from_file(filename);
2609
2610 if (global_dh) {
2611 return 0;
2612 }
2613
2614 return -1;
2615}
2616
2617/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
2618 if an error occured, and 0 if parameter not found. */
2619int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2620{
2621 int ret = -1;
2622 DH *dh = ssl_sock_get_dh_from_file(file);
2623
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002624 if (dh) {
2625 ret = 1;
2626 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002627
2628 if (ssl_dh_ptr_index >= 0) {
2629 /* store a pointer to the DH params to avoid complaining about
2630 ssl-default-dh-param not being set for this SSL_CTX */
2631 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2632 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002633 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002634 else if (global_dh) {
2635 SSL_CTX_set_tmp_dh(ctx, global_dh);
2636 ret = 0; /* DH params not found */
2637 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002638 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002639 /* Clear openssl global errors stack */
2640 ERR_clear_error();
2641
Willy Tarreauef934602016-12-22 23:12:01 +01002642 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002643 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002644 if (local_dh_1024 == NULL)
2645 local_dh_1024 = ssl_get_dh_1024();
2646
Remi Gacogne8de54152014-07-15 11:36:40 +02002647 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002648 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002649
Remi Gacogne8de54152014-07-15 11:36:40 +02002650 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002651 }
2652 else {
2653 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2654 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002655
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002656 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002657 }
Emeric Brun644cde02012-12-14 11:21:13 +01002658
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002659end:
2660 if (dh)
2661 DH_free(dh);
2662
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002663 return ret;
2664}
2665#endif
2666
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002667static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002668 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002669{
2670 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002671 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002672 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002673
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002674 if (*name == '!') {
2675 neg = 1;
2676 name++;
2677 }
2678 if (*name == '*') {
2679 wild = 1;
2680 name++;
2681 }
2682 /* !* filter is a nop */
2683 if (neg && wild)
2684 return order;
2685 if (*name) {
2686 int j, len;
2687 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002688 for (j = 0; j < len && j < trash.size; j++)
2689 trash.str[j] = tolower(name[j]);
2690 if (j >= trash.size)
2691 return order;
2692 trash.str[j] = 0;
2693
2694 /* Check for duplicates. */
2695 if (wild)
2696 node = ebst_lookup(&s->sni_w_ctx, trash.str);
2697 else
2698 node = ebst_lookup(&s->sni_ctx, trash.str);
2699 for (; node; node = ebmb_next_dup(node)) {
2700 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002701 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002702 return order;
2703 }
2704
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002705 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002706 if (!sc)
2707 return order;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002708 memcpy(sc->name.key, trash.str, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002709 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002710 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002711 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002712 sc->order = order++;
2713 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002714 if (kinfo.sig != TLSEXT_signature_anonymous)
2715 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002716 if (wild)
2717 ebst_insert(&s->sni_w_ctx, &sc->name);
2718 else
2719 ebst_insert(&s->sni_ctx, &sc->name);
2720 }
2721 return order;
2722}
2723
yanbzhu488a4d22015-12-01 15:16:07 -05002724
2725/* The following code is used for loading multiple crt files into
2726 * SSL_CTX's based on CN/SAN
2727 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002728#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002729/* This is used to preload the certifcate, private key
2730 * and Cert Chain of a file passed in via the crt
2731 * argument
2732 *
2733 * This way, we do not have to read the file multiple times
2734 */
2735struct cert_key_and_chain {
2736 X509 *cert;
2737 EVP_PKEY *key;
2738 unsigned int num_chain_certs;
2739 /* This is an array of X509 pointers */
2740 X509 **chain_certs;
2741};
2742
yanbzhu08ce6ab2015-12-02 13:01:29 -05002743#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2744
2745struct key_combo_ctx {
2746 SSL_CTX *ctx;
2747 int order;
2748};
2749
2750/* Map used for processing multiple keypairs for a single purpose
2751 *
2752 * This maps CN/SNI name to certificate type
2753 */
2754struct sni_keytype {
2755 int keytypes; /* BITMASK for keytypes */
2756 struct ebmb_node name; /* node holding the servername value */
2757};
2758
2759
yanbzhu488a4d22015-12-01 15:16:07 -05002760/* Frees the contents of a cert_key_and_chain
2761 */
2762static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2763{
2764 int i;
2765
2766 if (!ckch)
2767 return;
2768
2769 /* Free the certificate and set pointer to NULL */
2770 if (ckch->cert)
2771 X509_free(ckch->cert);
2772 ckch->cert = NULL;
2773
2774 /* Free the key and set pointer to NULL */
2775 if (ckch->key)
2776 EVP_PKEY_free(ckch->key);
2777 ckch->key = NULL;
2778
2779 /* Free each certificate in the chain */
2780 for (i = 0; i < ckch->num_chain_certs; i++) {
2781 if (ckch->chain_certs[i])
2782 X509_free(ckch->chain_certs[i]);
2783 }
2784
2785 /* Free the chain obj itself and set to NULL */
2786 if (ckch->num_chain_certs > 0) {
2787 free(ckch->chain_certs);
2788 ckch->num_chain_certs = 0;
2789 ckch->chain_certs = NULL;
2790 }
2791
2792}
2793
2794/* checks if a key and cert exists in the ckch
2795 */
2796static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2797{
2798 return (ckch->cert != NULL && ckch->key != NULL);
2799}
2800
2801
2802/* Loads the contents of a crt file (path) into a cert_key_and_chain
2803 * This allows us to carry the contents of the file without having to
2804 * read the file multiple times.
2805 *
2806 * returns:
2807 * 0 on Success
2808 * 1 on SSL Failure
2809 * 2 on file not found
2810 */
2811static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2812{
2813
2814 BIO *in;
2815 X509 *ca = NULL;
2816 int ret = 1;
2817
2818 ssl_sock_free_cert_key_and_chain_contents(ckch);
2819
2820 in = BIO_new(BIO_s_file());
2821 if (in == NULL)
2822 goto end;
2823
2824 if (BIO_read_filename(in, path) <= 0)
2825 goto end;
2826
yanbzhu488a4d22015-12-01 15:16:07 -05002827 /* Read Private Key */
2828 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2829 if (ckch->key == NULL) {
2830 memprintf(err, "%sunable to load private key from file '%s'.\n",
2831 err && *err ? *err : "", path);
2832 goto end;
2833 }
2834
Willy Tarreaubb137a82016-04-06 19:02:38 +02002835 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002836 if (BIO_reset(in) == -1) {
2837 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2838 err && *err ? *err : "", path);
2839 goto end;
2840 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002841
2842 /* Read Certificate */
2843 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2844 if (ckch->cert == NULL) {
2845 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2846 err && *err ? *err : "", path);
2847 goto end;
2848 }
2849
yanbzhu488a4d22015-12-01 15:16:07 -05002850 /* Read Certificate Chain */
2851 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2852 /* Grow the chain certs */
2853 ckch->num_chain_certs++;
2854 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2855
2856 /* use - 1 here since we just incremented it above */
2857 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2858 }
2859 ret = ERR_get_error();
2860 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2861 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2862 err && *err ? *err : "", path);
2863 ret = 1;
2864 goto end;
2865 }
2866
2867 ret = 0;
2868
2869end:
2870
2871 ERR_clear_error();
2872 if (in)
2873 BIO_free(in);
2874
2875 /* Something went wrong in one of the reads */
2876 if (ret != 0)
2877 ssl_sock_free_cert_key_and_chain_contents(ckch);
2878
2879 return ret;
2880}
2881
2882/* Loads the info in ckch into ctx
2883 * Currently, this does not process any information about ocsp, dhparams or
2884 * sctl
2885 * Returns
2886 * 0 on success
2887 * 1 on failure
2888 */
2889static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2890{
2891 int i = 0;
2892
2893 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2894 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2895 err && *err ? *err : "", path);
2896 return 1;
2897 }
2898
2899 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
2900 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
2901 err && *err ? *err : "", path);
2902 return 1;
2903 }
2904
yanbzhu488a4d22015-12-01 15:16:07 -05002905 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
2906 for (i = 0; i < ckch->num_chain_certs; i++) {
2907 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05002908 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
2909 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05002910 return 1;
2911 }
2912 }
2913
2914 if (SSL_CTX_check_private_key(ctx) <= 0) {
2915 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2916 err && *err ? *err : "", path);
2917 return 1;
2918 }
2919
2920 return 0;
2921}
2922
yanbzhu08ce6ab2015-12-02 13:01:29 -05002923
2924static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
2925{
2926 struct sni_keytype *s_kt = NULL;
2927 struct ebmb_node *node;
2928 int i;
2929
2930 for (i = 0; i < trash.size; i++) {
2931 if (!str[i])
2932 break;
2933 trash.str[i] = tolower(str[i]);
2934 }
2935 trash.str[i] = 0;
2936 node = ebst_lookup(sni_keytypes, trash.str);
2937 if (!node) {
2938 /* CN not found in tree */
2939 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
2940 /* Using memcpy here instead of strncpy.
2941 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
2942 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
2943 */
2944 memcpy(s_kt->name.key, trash.str, i+1);
2945 s_kt->keytypes = 0;
2946 ebst_insert(sni_keytypes, &s_kt->name);
2947 } else {
2948 /* CN found in tree */
2949 s_kt = container_of(node, struct sni_keytype, name);
2950 }
2951
2952 /* Mark that this CN has the keytype of key_index via keytypes mask */
2953 s_kt->keytypes |= 1<<key_index;
2954
2955}
2956
2957
2958/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
2959 * If any are found, group these files into a set of SSL_CTX*
2960 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
2961 *
2962 * This will allow the user to explictly group multiple cert/keys for a single purpose
2963 *
2964 * Returns
2965 * 0 on success
2966 * 1 on failure
2967 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002968static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
2969 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05002970{
2971 char fp[MAXPATHLEN+1] = {0};
2972 int n = 0;
2973 int i = 0;
2974 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
2975 struct eb_root sni_keytypes_map = { {0} };
2976 struct ebmb_node *node;
2977 struct ebmb_node *next;
2978 /* Array of SSL_CTX pointers corresponding to each possible combo
2979 * of keytypes
2980 */
2981 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
2982 int rv = 0;
2983 X509_NAME *xname = NULL;
2984 char *str = NULL;
2985#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2986 STACK_OF(GENERAL_NAME) *names = NULL;
2987#endif
2988
2989 /* Load all possible certs and keys */
2990 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
2991 struct stat buf;
2992
2993 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
2994 if (stat(fp, &buf) == 0) {
2995 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
2996 rv = 1;
2997 goto end;
2998 }
2999 }
3000 }
3001
3002 /* Process each ckch and update keytypes for each CN/SAN
3003 * for example, if CN/SAN www.a.com is associated with
3004 * certs with keytype 0 and 2, then at the end of the loop,
3005 * www.a.com will have:
3006 * keyindex = 0 | 1 | 4 = 5
3007 */
3008 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3009
3010 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3011 continue;
3012
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003013 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003014 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003015 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3016 } else {
3017 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3018 * so the line that contains logic is marked via comments
3019 */
3020 xname = X509_get_subject_name(certs_and_keys[n].cert);
3021 i = -1;
3022 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3023 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003024 ASN1_STRING *value;
3025 value = X509_NAME_ENTRY_get_data(entry);
3026 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003027 /* Important line is here */
3028 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003029
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003030 OPENSSL_free(str);
3031 str = NULL;
3032 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003033 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003034
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003035 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003036#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003037 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3038 if (names) {
3039 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3040 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003041
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003042 if (name->type == GEN_DNS) {
3043 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3044 /* Important line is here */
3045 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003046
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003047 OPENSSL_free(str);
3048 str = NULL;
3049 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003050 }
3051 }
3052 }
3053 }
3054#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3055 }
3056
3057 /* If no files found, return error */
3058 if (eb_is_empty(&sni_keytypes_map)) {
3059 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3060 err && *err ? *err : "", path);
3061 rv = 1;
3062 goto end;
3063 }
3064
3065 /* We now have a map of CN/SAN to keytypes that are loaded in
3066 * Iterate through the map to create the SSL_CTX's (if needed)
3067 * and add each CTX to the SNI tree
3068 *
3069 * Some math here:
3070 * There are 2^n - 1 possibile combinations, each unique
3071 * combination is denoted by the key in the map. Each key
3072 * has a value between 1 and 2^n - 1. Conveniently, the array
3073 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3074 * entry in the array to correspond to the unique combo (key)
3075 * associated with i. This unique key combo (i) will be associated
3076 * with combos[i-1]
3077 */
3078
3079 node = ebmb_first(&sni_keytypes_map);
3080 while (node) {
3081 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003082 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003083 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003084
3085 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3086 i = container_of(node, struct sni_keytype, name)->keytypes;
3087 cur_ctx = key_combos[i-1].ctx;
3088
3089 if (cur_ctx == NULL) {
3090 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003091 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003092 if (cur_ctx == NULL) {
3093 memprintf(err, "%sunable to allocate SSL context.\n",
3094 err && *err ? *err : "");
3095 rv = 1;
3096 goto end;
3097 }
3098
yanbzhube2774d2015-12-10 15:07:30 -05003099 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003100 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3101 if (i & (1<<n)) {
3102 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003103 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3104 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003105 SSL_CTX_free(cur_ctx);
3106 rv = 1;
3107 goto end;
3108 }
yanbzhube2774d2015-12-10 15:07:30 -05003109
3110#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3111 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003112 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003113 if (err)
3114 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003115 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003116 SSL_CTX_free(cur_ctx);
3117 rv = 1;
3118 goto end;
3119 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003120#elif (defined OPENSSL_IS_BORINGSSL)
3121 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003122#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003123 }
3124 }
3125
3126 /* Load DH params into the ctx to support DHE keys */
3127#ifndef OPENSSL_NO_DH
3128 if (ssl_dh_ptr_index >= 0)
3129 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3130
3131 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3132 if (rv < 0) {
3133 if (err)
3134 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3135 *err ? *err : "", path);
3136 rv = 1;
3137 goto end;
3138 }
3139#endif
3140
3141 /* Update key_combos */
3142 key_combos[i-1].ctx = cur_ctx;
3143 }
3144
3145 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003146 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003147 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003148 node = ebmb_next(node);
3149 }
3150
3151
3152 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3153 if (!bind_conf->default_ctx) {
3154 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3155 if (key_combos[i].ctx) {
3156 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003157 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003158 break;
3159 }
3160 }
3161 }
3162
3163end:
3164
3165 if (names)
3166 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3167
3168 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3169 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3170
3171 node = ebmb_first(&sni_keytypes_map);
3172 while (node) {
3173 next = ebmb_next(node);
3174 ebmb_delete(node);
3175 node = next;
3176 }
3177
3178 return rv;
3179}
3180#else
3181/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003182static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3183 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003184{
3185 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3186 err && *err ? *err : "", path, strerror(errno));
3187 return 1;
3188}
3189
yanbzhu488a4d22015-12-01 15:16:07 -05003190#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3191
Emeric Brunfc0421f2012-09-07 17:30:07 +02003192/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3193 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3194 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003195static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3196 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003197{
3198 BIO *in;
3199 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003200 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003201 int ret = -1;
3202 int order = 0;
3203 X509_NAME *xname;
3204 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003205 pem_password_cb *passwd_cb;
3206 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003207 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003208 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003209
Emeric Brunfc0421f2012-09-07 17:30:07 +02003210#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3211 STACK_OF(GENERAL_NAME) *names;
3212#endif
3213
3214 in = BIO_new(BIO_s_file());
3215 if (in == NULL)
3216 goto end;
3217
3218 if (BIO_read_filename(in, file) <= 0)
3219 goto end;
3220
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003221
3222 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3223 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3224
3225 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003226 if (x == NULL)
3227 goto end;
3228
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003229 pkey = X509_get_pubkey(x);
3230 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003231 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003232 switch(EVP_PKEY_base_id(pkey)) {
3233 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003234 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003235 break;
3236 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003237 kinfo.sig = TLSEXT_signature_ecdsa;
3238 break;
3239 case EVP_PKEY_DSA:
3240 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003241 break;
3242 }
3243 EVP_PKEY_free(pkey);
3244 }
3245
Emeric Brun50bcecc2013-04-22 13:05:23 +02003246 if (fcount) {
3247 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003248 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003249 }
3250 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003251#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003252 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3253 if (names) {
3254 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3255 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3256 if (name->type == GEN_DNS) {
3257 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003258 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003259 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003260 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003261 }
3262 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003263 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003264 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003265#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003266 xname = X509_get_subject_name(x);
3267 i = -1;
3268 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3269 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003270 ASN1_STRING *value;
3271
3272 value = X509_NAME_ENTRY_get_data(entry);
3273 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003274 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003275 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003276 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003277 }
3278 }
3279
3280 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3281 if (!SSL_CTX_use_certificate(ctx, x))
3282 goto end;
3283
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003284#ifdef SSL_CTX_clear_extra_chain_certs
3285 SSL_CTX_clear_extra_chain_certs(ctx);
3286#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003287 if (ctx->extra_certs != NULL) {
3288 sk_X509_pop_free(ctx->extra_certs, X509_free);
3289 ctx->extra_certs = NULL;
3290 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003291#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003292
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003293 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003294 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3295 X509_free(ca);
3296 goto end;
3297 }
3298 }
3299
3300 err = ERR_get_error();
3301 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3302 /* we successfully reached the last cert in the file */
3303 ret = 1;
3304 }
3305 ERR_clear_error();
3306
3307end:
3308 if (x)
3309 X509_free(x);
3310
3311 if (in)
3312 BIO_free(in);
3313
3314 return ret;
3315}
3316
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003317static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3318 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003319{
3320 int ret;
3321 SSL_CTX *ctx;
3322
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003323 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003324 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003325 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3326 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003327 return 1;
3328 }
3329
3330 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003331 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3332 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003333 SSL_CTX_free(ctx);
3334 return 1;
3335 }
3336
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003337 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003338 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003339 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3340 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003341 if (ret < 0) /* serious error, must do that ourselves */
3342 SSL_CTX_free(ctx);
3343 return 1;
3344 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003345
3346 if (SSL_CTX_check_private_key(ctx) <= 0) {
3347 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3348 err && *err ? *err : "", path);
3349 return 1;
3350 }
3351
Emeric Brunfc0421f2012-09-07 17:30:07 +02003352 /* we must not free the SSL_CTX anymore below, since it's already in
3353 * the tree, so it will be discovered and cleaned in time.
3354 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003355#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003356 /* store a NULL pointer to indicate we have not yet loaded
3357 a custom DH param file */
3358 if (ssl_dh_ptr_index >= 0) {
3359 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3360 }
3361
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003362 ret = ssl_sock_load_dh_params(ctx, path);
3363 if (ret < 0) {
3364 if (err)
3365 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3366 *err ? *err : "", path);
3367 return 1;
3368 }
3369#endif
3370
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003371#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003372 ret = ssl_sock_load_ocsp(ctx, path);
3373 if (ret < 0) {
3374 if (err)
3375 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3376 *err ? *err : "", path);
3377 return 1;
3378 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003379#elif (defined OPENSSL_IS_BORINGSSL)
3380 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003381#endif
3382
Daniel Jakots54ffb912015-11-06 20:02:41 +01003383#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003384 if (sctl_ex_index >= 0) {
3385 ret = ssl_sock_load_sctl(ctx, path);
3386 if (ret < 0) {
3387 if (err)
3388 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3389 *err ? *err : "", path);
3390 return 1;
3391 }
3392 }
3393#endif
3394
Emeric Brunfc0421f2012-09-07 17:30:07 +02003395#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003396 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003397 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3398 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003399 return 1;
3400 }
3401#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003402 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003403 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003404 bind_conf->default_ssl_conf = ssl_conf;
3405 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003406
3407 return 0;
3408}
3409
Willy Tarreau03209342016-12-22 17:08:28 +01003410int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003411{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003412 struct dirent **de_list;
3413 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003414 DIR *dir;
3415 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003416 char *end;
3417 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003418 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003419#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3420 int is_bundle;
3421 int j;
3422#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003423
yanbzhu08ce6ab2015-12-02 13:01:29 -05003424 if (stat(path, &buf) == 0) {
3425 dir = opendir(path);
3426 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003427 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003428
yanbzhu08ce6ab2015-12-02 13:01:29 -05003429 /* strip trailing slashes, including first one */
3430 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3431 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003432
yanbzhu08ce6ab2015-12-02 13:01:29 -05003433 n = scandir(path, &de_list, 0, alphasort);
3434 if (n < 0) {
3435 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3436 err && *err ? *err : "", path, strerror(errno));
3437 cfgerr++;
3438 }
3439 else {
3440 for (i = 0; i < n; i++) {
3441 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003442
yanbzhu08ce6ab2015-12-02 13:01:29 -05003443 end = strrchr(de->d_name, '.');
3444 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3445 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003446
yanbzhu08ce6ab2015-12-02 13:01:29 -05003447 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3448 if (stat(fp, &buf) != 0) {
3449 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3450 err && *err ? *err : "", fp, strerror(errno));
3451 cfgerr++;
3452 goto ignore_entry;
3453 }
3454 if (!S_ISREG(buf.st_mode))
3455 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003456
3457#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3458 is_bundle = 0;
3459 /* Check if current entry in directory is part of a multi-cert bundle */
3460
3461 if (end) {
3462 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3463 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3464 is_bundle = 1;
3465 break;
3466 }
3467 }
3468
3469 if (is_bundle) {
3470 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3471 int dp_len;
3472
3473 dp_len = end - de->d_name;
3474 snprintf(dp, dp_len + 1, "%s", de->d_name);
3475
3476 /* increment i and free de until we get to a non-bundle cert
3477 * Note here that we look at de_list[i + 1] before freeing de
3478 * this is important since ignore_entry will free de
3479 */
3480 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3481 free(de);
3482 i++;
3483 de = de_list[i];
3484 }
3485
3486 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003487 ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003488
3489 /* Successfully processed the bundle */
3490 goto ignore_entry;
3491 }
3492 }
3493
3494#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003495 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003496ignore_entry:
3497 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003498 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003499 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003500 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003501 closedir(dir);
3502 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003503 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003504
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003505 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003506
Emeric Brunfc0421f2012-09-07 17:30:07 +02003507 return cfgerr;
3508}
3509
Thierry Fournier383085f2013-01-24 14:15:43 +01003510/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3511 * done once. Zero is returned if the operation fails. No error is returned
3512 * if the random is said as not implemented, because we expect that openssl
3513 * will use another method once needed.
3514 */
3515static int ssl_initialize_random()
3516{
3517 unsigned char random;
3518 static int random_initialized = 0;
3519
3520 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3521 random_initialized = 1;
3522
3523 return random_initialized;
3524}
3525
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003526/* release ssl bind conf */
3527void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003528{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003529 if (conf) {
3530#ifdef OPENSSL_NPN_NEGOTIATED
3531 free(conf->npn_str);
3532 conf->npn_str = NULL;
3533#endif
3534#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3535 free(conf->alpn_str);
3536 conf->alpn_str = NULL;
3537#endif
3538 free(conf->ca_file);
3539 conf->ca_file = NULL;
3540 free(conf->crl_file);
3541 conf->crl_file = NULL;
3542 free(conf->ciphers);
3543 conf->ciphers = NULL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003544 free(conf->curves);
3545 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003546 free(conf->ecdhe);
3547 conf->ecdhe = NULL;
3548 }
3549}
3550
3551int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3552{
3553 char thisline[CRT_LINESIZE];
3554 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003555 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003556 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003557 int linenum = 0;
3558 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003559
Willy Tarreauad1731d2013-04-02 17:35:58 +02003560 if ((f = fopen(file, "r")) == NULL) {
3561 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003562 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003563 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003564
3565 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003566 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003567 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003568 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003569 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003570 char *crt_path;
3571 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003572
3573 linenum++;
3574 end = line + strlen(line);
3575 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3576 /* Check if we reached the limit and the last char is not \n.
3577 * Watch out for the last line without the terminating '\n'!
3578 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003579 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3580 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003581 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003582 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003583 }
3584
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003585 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003586 newarg = 1;
3587 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003588 if (*line == '#' || *line == '\n' || *line == '\r') {
3589 /* end of string, end of loop */
3590 *line = 0;
3591 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003592 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003593 newarg = 1;
3594 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003595 } else if (*line == '[') {
3596 if (ssl_b) {
3597 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3598 cfgerr = 1;
3599 break;
3600 }
3601 if (!arg) {
3602 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3603 cfgerr = 1;
3604 break;
3605 }
3606 ssl_b = arg;
3607 newarg = 1;
3608 *line = 0;
3609 } else if (*line == ']') {
3610 if (ssl_e) {
3611 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003612 cfgerr = 1;
3613 break;
3614 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003615 if (!ssl_b) {
3616 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3617 cfgerr = 1;
3618 break;
3619 }
3620 ssl_e = arg;
3621 newarg = 1;
3622 *line = 0;
3623 } else if (newarg) {
3624 if (arg == MAX_CRT_ARGS) {
3625 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3626 cfgerr = 1;
3627 break;
3628 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003629 newarg = 0;
3630 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003631 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003632 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003633 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003634 if (cfgerr)
3635 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003636 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003637
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003638 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003639 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003640 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003641
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003642 crt_path = args[0];
3643 if (*crt_path != '/' && global_ssl.crt_base) {
3644 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3645 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3646 crt_path, linenum, file);
3647 cfgerr = 1;
3648 break;
3649 }
3650 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3651 crt_path = path;
3652 }
3653
3654 ssl_conf = calloc(1, sizeof *ssl_conf);
3655 cur_arg = ssl_b ? ssl_b : 1;
3656 while (cur_arg < ssl_e) {
3657 newarg = 0;
3658 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3659 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3660 newarg = 1;
3661 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3662 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3663 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3664 args[cur_arg], linenum, file);
3665 cfgerr = 1;
3666 }
3667 cur_arg += 1 + ssl_bind_kws[i].skip;
3668 break;
3669 }
3670 }
3671 if (!cfgerr && !newarg) {
3672 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3673 args[cur_arg], linenum, file);
3674 cfgerr = 1;
3675 break;
3676 }
3677 }
3678 if (cfgerr) {
3679 ssl_sock_free_ssl_conf(ssl_conf);
3680 free(ssl_conf);
3681 ssl_conf = NULL;
3682 break;
3683 }
3684
3685 if (stat(crt_path, &buf) == 0) {
3686 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3687 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003688 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003689 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3690 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003691 }
3692
Willy Tarreauad1731d2013-04-02 17:35:58 +02003693 if (cfgerr) {
3694 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003695 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003696 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003697 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003698 fclose(f);
3699 return cfgerr;
3700}
3701
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003702/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003703static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003704ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003705{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003706 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003707 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003708 SSL_OP_ALL | /* all known workarounds for bugs */
3709 SSL_OP_NO_SSLv2 |
3710 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003711 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003712 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003713 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
3714 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003715 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003716 SSL_MODE_ENABLE_PARTIAL_WRITE |
3717 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003718 SSL_MODE_RELEASE_BUFFERS |
3719 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003720 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003721 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003722 int flags = MC_SSL_O_ALL;
3723 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003724
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003725 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003726 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003727
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003728 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003729 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3730 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3731 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003732 else
3733 flags = conf_ssl_methods->flags;
3734
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003735 min = conf_ssl_methods->min;
3736 max = conf_ssl_methods->max;
3737 /* start with TLSv10 to remove SSLv3 per default */
3738 if (!min && (!max || max >= CONF_TLSV10))
3739 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003740 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003741 if (min)
3742 flags |= (methodVersions[min].flag - 1);
3743 if (max)
3744 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003745 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003746 min = max = CONF_TLSV_NONE;
3747 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003748 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003749 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003750 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003751 if (min) {
3752 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003753 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3754 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3755 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3756 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003757 hole = 0;
3758 }
3759 max = i;
3760 }
3761 else {
3762 min = max = i;
3763 }
3764 }
3765 else {
3766 if (min)
3767 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003768 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003769 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003770 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3771 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003772 cfgerr += 1;
3773 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003774 /* save real min/max in bind_conf */
3775 conf_ssl_methods->min = min;
3776 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003777
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003778#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003779 /* Keep force-xxx implementation as it is in older haproxy. It's a
3780 precautionary measure to avoid any suprise with older openssl version. */
3781 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003782 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003783 else
3784 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3785 if (flags & methodVersions[i].flag)
3786 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003787#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003788 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003789 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3790 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003791#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003792
3793 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3794 options |= SSL_OP_NO_TICKET;
3795 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3796 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
3797 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003798
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003799#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003800 if (global_ssl.async)
3801 mode |= SSL_MODE_ASYNC;
3802#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003803 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003804 if (global_ssl.life_time)
3805 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003806
3807#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3808#ifdef OPENSSL_IS_BORINGSSL
3809 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3810 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003811#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
3812 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3813 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003814#else
3815 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003816#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003817 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003818#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003819 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003820}
3821
William Lallemand4f45bb92017-10-30 20:08:51 +01003822
3823static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3824{
3825 if (first == block) {
3826 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3827 if (first->len > 0)
3828 sh_ssl_sess_tree_delete(sh_ssl_sess);
3829 }
3830}
3831
3832/* return first block from sh_ssl_sess */
3833static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3834{
3835 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3836
3837}
3838
3839/* store a session into the cache
3840 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3841 * data: asn1 encoded session
3842 * data_len: asn1 encoded session length
3843 * Returns 1 id session was stored (else 0)
3844 */
3845static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3846{
3847 struct shared_block *first;
3848 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3849
3850 first = shctx_row_reserve_hot(ssl_shctx, data_len + sizeof(struct sh_ssl_sess_hdr));
3851 if (!first) {
3852 /* Could not retrieve enough free blocks to store that session */
3853 return 0;
3854 }
3855
3856 /* STORE the key in the first elem */
3857 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3858 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3859 first->len = sizeof(struct sh_ssl_sess_hdr);
3860
3861 /* it returns the already existing node
3862 or current node if none, never returns null */
3863 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3864 if (oldsh_ssl_sess != sh_ssl_sess) {
3865 /* NOTE: Row couldn't be in use because we lock read & write function */
3866 /* release the reserved row */
3867 shctx_row_dec_hot(ssl_shctx, first);
3868 /* replace the previous session already in the tree */
3869 sh_ssl_sess = oldsh_ssl_sess;
3870 /* ignore the previous session data, only use the header */
3871 first = sh_ssl_sess_first_block(sh_ssl_sess);
3872 shctx_row_inc_hot(ssl_shctx, first);
3873 first->len = sizeof(struct sh_ssl_sess_hdr);
3874 }
3875
William Lallemand99b90af2018-01-03 19:15:51 +01003876 if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) {
3877 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003878 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01003879 }
3880
3881 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003882
3883 return 1;
3884}
William Lallemanded0b5ad2017-10-30 19:36:36 +01003885
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003886/* SSL callback used when a new session is created while connecting to a server */
3887static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
3888{
3889 struct connection *conn = SSL_get_app_data(ssl);
Olivier Houcharde6060c52017-11-16 17:42:52 +01003890 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003891
Olivier Houcharde6060c52017-11-16 17:42:52 +01003892 s = objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003893
Olivier Houcharde6060c52017-11-16 17:42:52 +01003894 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
3895 int len;
3896 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003897
Olivier Houcharde6060c52017-11-16 17:42:52 +01003898 len = i2d_SSL_SESSION(sess, NULL);
3899 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
3900 ptr = s->ssl_ctx.reused_sess[tid].ptr;
3901 } else {
3902 free(s->ssl_ctx.reused_sess[tid].ptr);
3903 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
3904 s->ssl_ctx.reused_sess[tid].allocated_size = len;
3905 }
3906 if (s->ssl_ctx.reused_sess[tid].ptr) {
3907 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
3908 &ptr);
3909 }
3910 } else {
3911 free(s->ssl_ctx.reused_sess[tid].ptr);
3912 s->ssl_ctx.reused_sess[tid].ptr = NULL;
3913 }
3914
3915 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003916}
3917
Olivier Houcharde6060c52017-11-16 17:42:52 +01003918
William Lallemanded0b5ad2017-10-30 19:36:36 +01003919/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01003920int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003921{
3922 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
3923 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
3924 unsigned char *p;
3925 int data_len;
3926 unsigned int sid_length, sid_ctx_length;
3927 const unsigned char *sid_data;
3928 const unsigned char *sid_ctx_data;
3929
3930 /* Session id is already stored in to key and session id is known
3931 * so we dont store it to keep size.
3932 */
3933
3934 sid_data = SSL_SESSION_get_id(sess, &sid_length);
3935 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
3936 SSL_SESSION_set1_id(sess, sid_data, 0);
3937 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
3938
3939 /* check if buffer is large enough for the ASN1 encoded session */
3940 data_len = i2d_SSL_SESSION(sess, NULL);
3941 if (data_len > SHSESS_MAX_DATA_LEN)
3942 goto err;
3943
3944 p = encsess;
3945
3946 /* process ASN1 session encoding before the lock */
3947 i2d_SSL_SESSION(sess, &p);
3948
3949 memcpy(encid, sid_data, sid_length);
3950 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
3951 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
3952
William Lallemanda3c77cf2017-10-30 23:44:40 +01003953 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003954 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003955 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01003956 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003957err:
3958 /* reset original length values */
3959 SSL_SESSION_set1_id(sess, sid_data, sid_length);
3960 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
3961
3962 return 0; /* do not increment session reference count */
3963}
3964
3965/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003966SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003967{
William Lallemand4f45bb92017-10-30 20:08:51 +01003968 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003969 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
3970 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01003971 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01003972 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003973
3974 global.shctx_lookups++;
3975
3976 /* allow the session to be freed automatically by openssl */
3977 *do_copy = 0;
3978
3979 /* tree key is zeros padded sessionid */
3980 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
3981 memcpy(tmpkey, key, key_len);
3982 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
3983 key = tmpkey;
3984 }
3985
3986 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003987 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003988
3989 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003990 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
3991 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01003992 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003993 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003994 global.shctx_misses++;
3995 return NULL;
3996 }
3997
William Lallemand4f45bb92017-10-30 20:08:51 +01003998 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
3999 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004000
William Lallemand4f45bb92017-10-30 20:08:51 +01004001 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004002
William Lallemanda3c77cf2017-10-30 23:44:40 +01004003 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004004
4005 /* decode ASN1 session */
4006 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004007 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004008 /* Reset session id and session id contenxt */
4009 if (sess) {
4010 SSL_SESSION_set1_id(sess, key, key_len);
4011 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4012 }
4013
4014 return sess;
4015}
4016
William Lallemand4f45bb92017-10-30 20:08:51 +01004017
William Lallemanded0b5ad2017-10-30 19:36:36 +01004018/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004019void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004020{
William Lallemand4f45bb92017-10-30 20:08:51 +01004021 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004022 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4023 unsigned int sid_length;
4024 const unsigned char *sid_data;
4025 (void)ctx;
4026
4027 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4028 /* tree key is zeros padded sessionid */
4029 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4030 memcpy(tmpkey, sid_data, sid_length);
4031 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4032 sid_data = tmpkey;
4033 }
4034
William Lallemanda3c77cf2017-10-30 23:44:40 +01004035 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004036
4037 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004038 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4039 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004040 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004041 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004042 }
4043
4044 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004045 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004046}
4047
4048/* Set session cache mode to server and disable openssl internal cache.
4049 * Set shared cache callbacks on an ssl context.
4050 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004051void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004052{
4053 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4054
4055 if (!ssl_shctx) {
4056 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4057 return;
4058 }
4059
4060 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4061 SSL_SESS_CACHE_NO_INTERNAL |
4062 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4063
4064 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004065 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4066 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4067 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004068}
4069
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004070int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4071{
4072 struct proxy *curproxy = bind_conf->frontend;
4073 int cfgerr = 0;
4074 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004075 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004076 const char *conf_ciphers;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004077 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004078
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004079 if (ssl_conf) {
4080 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4081 int i, min, max;
4082 int flags = MC_SSL_O_ALL;
4083
4084 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004085 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4086 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004087 if (min)
4088 flags |= (methodVersions[min].flag - 1);
4089 if (max)
4090 flags |= ~((methodVersions[max].flag << 1) - 1);
4091 min = max = CONF_TLSV_NONE;
4092 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4093 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4094 if (min)
4095 max = i;
4096 else
4097 min = max = i;
4098 }
4099 /* save real min/max */
4100 conf_ssl_methods->min = min;
4101 conf_ssl_methods->max = max;
4102 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004103 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4104 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004105 cfgerr += 1;
4106 }
4107 }
4108
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004109 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004110 case SSL_SOCK_VERIFY_NONE:
4111 verify = SSL_VERIFY_NONE;
4112 break;
4113 case SSL_SOCK_VERIFY_OPTIONAL:
4114 verify = SSL_VERIFY_PEER;
4115 break;
4116 case SSL_SOCK_VERIFY_REQUIRED:
4117 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4118 break;
4119 }
4120 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4121 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004122 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4123 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4124 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004125 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004126 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004127 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4128 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004129 cfgerr++;
4130 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004131 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4132 /* set CA names for client cert request, function returns void */
4133 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4134 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004135 }
Emeric Brun850efd52014-01-29 12:24:34 +01004136 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004137 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4138 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004139 cfgerr++;
4140 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004141#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004142 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004143 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4144
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004145 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004146 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4147 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004148 cfgerr++;
4149 }
Emeric Brun561e5742012-10-02 15:20:55 +02004150 else {
4151 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4152 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004153 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004154#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004155 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004156 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004157#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004158 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004159 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004160 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4161 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004162 cfgerr++;
4163 }
4164 }
4165#endif
4166
William Lallemand4f45bb92017-10-30 20:08:51 +01004167 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004168 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4169 if (conf_ciphers &&
4170 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004171 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4172 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004173 cfgerr++;
4174 }
4175
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004176#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004177 /* If tune.ssl.default-dh-param has not been set,
4178 neither has ssl-default-dh-file and no static DH
4179 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004180 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004181 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004182 (ssl_dh_ptr_index == -1 ||
4183 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004184 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4185 const SSL_CIPHER * cipher = NULL;
4186 char cipher_description[128];
4187 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4188 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4189 which is not ephemeral DH. */
4190 const char dhe_description[] = " Kx=DH ";
4191 const char dhe_export_description[] = " Kx=DH(";
4192 int idx = 0;
4193 int dhe_found = 0;
4194 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004195
Remi Gacogne23d5d372014-10-10 17:04:26 +02004196 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004197
Remi Gacogne23d5d372014-10-10 17:04:26 +02004198 if (ssl) {
4199 ciphers = SSL_get_ciphers(ssl);
4200
4201 if (ciphers) {
4202 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4203 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4204 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4205 if (strstr(cipher_description, dhe_description) != NULL ||
4206 strstr(cipher_description, dhe_export_description) != NULL) {
4207 dhe_found = 1;
4208 break;
4209 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004210 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004211 }
4212 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004213 SSL_free(ssl);
4214 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004215 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004216
Lukas Tribus90132722014-08-18 00:56:33 +02004217 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004218 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004219 }
4220
Willy Tarreauef934602016-12-22 23:12:01 +01004221 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004222 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004223
Willy Tarreauef934602016-12-22 23:12:01 +01004224 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004225 if (local_dh_1024 == NULL) {
4226 local_dh_1024 = ssl_get_dh_1024();
4227 }
Willy Tarreauef934602016-12-22 23:12:01 +01004228 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004229 if (local_dh_2048 == NULL) {
4230 local_dh_2048 = ssl_get_dh_2048();
4231 }
Willy Tarreauef934602016-12-22 23:12:01 +01004232 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004233 if (local_dh_4096 == NULL) {
4234 local_dh_4096 = ssl_get_dh_4096();
4235 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004236 }
4237 }
4238 }
4239#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004240
Emeric Brunfc0421f2012-09-07 17:30:07 +02004241 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004242#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004243 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004244#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004245
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004246#ifdef OPENSSL_NPN_NEGOTIATED
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004247 ssl_conf_cur = NULL;
4248 if (ssl_conf && ssl_conf->npn_str)
4249 ssl_conf_cur = ssl_conf;
4250 else if (bind_conf->ssl_conf.npn_str)
4251 ssl_conf_cur = &bind_conf->ssl_conf;
4252 if (ssl_conf_cur)
4253 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004254#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004255#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004256 ssl_conf_cur = NULL;
4257 if (ssl_conf && ssl_conf->alpn_str)
4258 ssl_conf_cur = ssl_conf;
4259 else if (bind_conf->ssl_conf.alpn_str)
4260 ssl_conf_cur = &bind_conf->ssl_conf;
4261 if (ssl_conf_cur)
4262 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004263#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004264#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4265 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4266 if (conf_curves) {
4267 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004268 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4269 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004270 cfgerr++;
4271 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004272#if defined(SSL_CTX_set_ecdh_auto)
4273 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4274#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004275 }
4276#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004277#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004278 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004279 int i;
4280 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004281#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004282 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004283 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4284 NULL);
4285
4286 if (ecdhe == NULL) {
4287 SSL_CTX_set_dh_auto(ctx, 1);
4288 return cfgerr;
4289 }
4290#else
4291 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4292 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4293 ECDHE_DEFAULT_CURVE);
4294#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004295
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004296 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004297 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004298 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4299 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004300 cfgerr++;
4301 }
4302 else {
4303 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4304 EC_KEY_free(ecdh);
4305 }
4306 }
4307#endif
4308
Emeric Brunfc0421f2012-09-07 17:30:07 +02004309 return cfgerr;
4310}
4311
Evan Broderbe554312013-06-27 00:05:25 -07004312static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4313{
4314 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4315 size_t prefixlen, suffixlen;
4316
4317 /* Trivial case */
4318 if (strcmp(pattern, hostname) == 0)
4319 return 1;
4320
Evan Broderbe554312013-06-27 00:05:25 -07004321 /* The rest of this logic is based on RFC 6125, section 6.4.3
4322 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4323
Emeric Bruna848dae2013-10-08 11:27:28 +02004324 pattern_wildcard = NULL;
4325 pattern_left_label_end = pattern;
4326 while (*pattern_left_label_end != '.') {
4327 switch (*pattern_left_label_end) {
4328 case 0:
4329 /* End of label not found */
4330 return 0;
4331 case '*':
4332 /* If there is more than one wildcards */
4333 if (pattern_wildcard)
4334 return 0;
4335 pattern_wildcard = pattern_left_label_end;
4336 break;
4337 }
4338 pattern_left_label_end++;
4339 }
4340
4341 /* If it's not trivial and there is no wildcard, it can't
4342 * match */
4343 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004344 return 0;
4345
4346 /* Make sure all labels match except the leftmost */
4347 hostname_left_label_end = strchr(hostname, '.');
4348 if (!hostname_left_label_end
4349 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4350 return 0;
4351
4352 /* Make sure the leftmost label of the hostname is long enough
4353 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004354 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004355 return 0;
4356
4357 /* Finally compare the string on either side of the
4358 * wildcard */
4359 prefixlen = pattern_wildcard - pattern;
4360 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004361 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4362 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004363 return 0;
4364
4365 return 1;
4366}
4367
4368static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4369{
4370 SSL *ssl;
4371 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004372 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004373 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004374
4375 int depth;
4376 X509 *cert;
4377 STACK_OF(GENERAL_NAME) *alt_names;
4378 int i;
4379 X509_NAME *cert_subject;
4380 char *str;
4381
4382 if (ok == 0)
4383 return ok;
4384
4385 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02004386 conn = SSL_get_app_data(ssl);
Evan Broderbe554312013-06-27 00:05:25 -07004387
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004388 /* We're checking if the provided hostnames match the desired one. The
4389 * desired hostname comes from the SNI we presented if any, or if not
4390 * provided then it may have been explicitly stated using a "verifyhost"
4391 * directive. If neither is set, we don't care about the name so the
4392 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004393 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004394 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004395 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004396 if (!servername) {
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004397 servername = objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004398 if (!servername)
4399 return ok;
4400 }
Evan Broderbe554312013-06-27 00:05:25 -07004401
4402 /* We only need to verify the CN on the actual server cert,
4403 * not the indirect CAs */
4404 depth = X509_STORE_CTX_get_error_depth(ctx);
4405 if (depth != 0)
4406 return ok;
4407
4408 /* At this point, the cert is *not* OK unless we can find a
4409 * hostname match */
4410 ok = 0;
4411
4412 cert = X509_STORE_CTX_get_current_cert(ctx);
4413 /* It seems like this might happen if verify peer isn't set */
4414 if (!cert)
4415 return ok;
4416
4417 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4418 if (alt_names) {
4419 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4420 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4421 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004422#if OPENSSL_VERSION_NUMBER < 0x00907000L
4423 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4424#else
Evan Broderbe554312013-06-27 00:05:25 -07004425 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004426#endif
Evan Broderbe554312013-06-27 00:05:25 -07004427 ok = ssl_sock_srv_hostcheck(str, servername);
4428 OPENSSL_free(str);
4429 }
4430 }
4431 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004432 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004433 }
4434
4435 cert_subject = X509_get_subject_name(cert);
4436 i = -1;
4437 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4438 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004439 ASN1_STRING *value;
4440 value = X509_NAME_ENTRY_get_data(entry);
4441 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004442 ok = ssl_sock_srv_hostcheck(str, servername);
4443 OPENSSL_free(str);
4444 }
4445 }
4446
Willy Tarreau71d058c2017-07-26 20:09:56 +02004447 /* report the mismatch and indicate if SNI was used or not */
4448 if (!ok && !conn->err_code)
4449 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004450 return ok;
4451}
4452
Emeric Brun94324a42012-10-11 14:00:19 +02004453/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004454int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004455{
Willy Tarreau03209342016-12-22 17:08:28 +01004456 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004457 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004458 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004459 SSL_OP_ALL | /* all known workarounds for bugs */
4460 SSL_OP_NO_SSLv2 |
4461 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004462 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004463 SSL_MODE_ENABLE_PARTIAL_WRITE |
4464 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004465 SSL_MODE_RELEASE_BUFFERS |
4466 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004467 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004468 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004469 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004470 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004471 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004472
Thierry Fournier383085f2013-01-24 14:15:43 +01004473 /* Make sure openssl opens /dev/urandom before the chroot */
4474 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004475 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004476 cfgerr++;
4477 }
4478
Willy Tarreaufce03112015-01-15 21:32:40 +01004479 /* Automatic memory computations need to know we use SSL there */
4480 global.ssl_used_backend = 1;
4481
4482 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004483 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004484 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004485 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4486 curproxy->id, srv->id,
4487 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004488 cfgerr++;
4489 return cfgerr;
4490 }
4491 }
Emeric Brun94324a42012-10-11 14:00:19 +02004492 if (srv->use_ssl)
4493 srv->xprt = &ssl_sock;
4494 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004495 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004496
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004497 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004498 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004499 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4500 proxy_type_str(curproxy), curproxy->id,
4501 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004502 cfgerr++;
4503 return cfgerr;
4504 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004505
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004506 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004507 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4508 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4509 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004510 else
4511 flags = conf_ssl_methods->flags;
4512
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004513 /* Real min and max should be determinate with configuration and openssl's capabilities */
4514 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004515 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004516 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004517 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004518
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004519 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004520 min = max = CONF_TLSV_NONE;
4521 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004522 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004523 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004524 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004525 if (min) {
4526 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004527 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4528 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4529 proxy_type_str(curproxy), curproxy->id, srv->id,
4530 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004531 hole = 0;
4532 }
4533 max = i;
4534 }
4535 else {
4536 min = max = i;
4537 }
4538 }
4539 else {
4540 if (min)
4541 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004542 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004543 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004544 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4545 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004546 cfgerr += 1;
4547 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004548
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004549#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004550 /* Keep force-xxx implementation as it is in older haproxy. It's a
4551 precautionary measure to avoid any suprise with older openssl version. */
4552 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004553 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004554 else
4555 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4556 if (flags & methodVersions[i].flag)
4557 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004558#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004559 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004560 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4561 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004562#endif
4563
4564 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4565 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004566 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004567
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004568#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004569 if (global_ssl.async)
4570 mode |= SSL_MODE_ASYNC;
4571#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004572 SSL_CTX_set_mode(ctx, mode);
4573 srv->ssl_ctx.ctx = ctx;
4574
Emeric Bruna7aa3092012-10-26 12:58:00 +02004575 if (srv->ssl_ctx.client_crt) {
4576 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004577 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4578 proxy_type_str(curproxy), curproxy->id,
4579 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004580 cfgerr++;
4581 }
4582 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004583 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4584 proxy_type_str(curproxy), curproxy->id,
4585 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004586 cfgerr++;
4587 }
4588 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004589 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4590 proxy_type_str(curproxy), curproxy->id,
4591 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004592 cfgerr++;
4593 }
4594 }
Emeric Brun94324a42012-10-11 14:00:19 +02004595
Emeric Brun850efd52014-01-29 12:24:34 +01004596 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4597 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004598 switch (srv->ssl_ctx.verify) {
4599 case SSL_SOCK_VERIFY_NONE:
4600 verify = SSL_VERIFY_NONE;
4601 break;
4602 case SSL_SOCK_VERIFY_REQUIRED:
4603 verify = SSL_VERIFY_PEER;
4604 break;
4605 }
Evan Broderbe554312013-06-27 00:05:25 -07004606 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004607 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004608 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004609 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004610 if (srv->ssl_ctx.ca_file) {
4611 /* load CAfile to verify */
4612 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004613 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4614 curproxy->id, srv->id,
4615 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004616 cfgerr++;
4617 }
4618 }
Emeric Brun850efd52014-01-29 12:24:34 +01004619 else {
4620 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004621 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4622 curproxy->id, srv->id,
4623 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004624 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004625 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4626 curproxy->id, srv->id,
4627 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004628 cfgerr++;
4629 }
Emeric Brunef42d922012-10-11 16:11:36 +02004630#ifdef X509_V_FLAG_CRL_CHECK
4631 if (srv->ssl_ctx.crl_file) {
4632 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4633
4634 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004635 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4636 curproxy->id, srv->id,
4637 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004638 cfgerr++;
4639 }
4640 else {
4641 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4642 }
4643 }
4644#endif
4645 }
4646
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004647 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4648 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4649 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004650 if (srv->ssl_ctx.ciphers &&
4651 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004652 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4653 curproxy->id, srv->id,
4654 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004655 cfgerr++;
4656 }
4657
4658 return cfgerr;
4659}
4660
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004661/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004662 * be NULL, in which case nothing is done. Returns the number of errors
4663 * encountered.
4664 */
Willy Tarreau03209342016-12-22 17:08:28 +01004665int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004666{
4667 struct ebmb_node *node;
4668 struct sni_ctx *sni;
4669 int err = 0;
4670
Willy Tarreaufce03112015-01-15 21:32:40 +01004671 /* Automatic memory computations need to know we use SSL there */
4672 global.ssl_used_frontend = 1;
4673
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004674 /* Make sure openssl opens /dev/urandom before the chroot */
4675 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004676 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004677 err++;
4678 }
4679 /* Create initial_ctx used to start the ssl connection before do switchctx */
4680 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004681 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004682 /* It should not be necessary to call this function, but it's
4683 necessary first to check and move all initialisation related
4684 to initial_ctx in ssl_sock_initial_ctx. */
4685 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4686 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004687 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004688 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004689
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004690 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004691 while (node) {
4692 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004693 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4694 /* only initialize the CTX on its first occurrence and
4695 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004696 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004697 node = ebmb_next(node);
4698 }
4699
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004700 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004701 while (node) {
4702 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004703 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4704 /* only initialize the CTX on its first occurrence and
4705 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004706 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004707 node = ebmb_next(node);
4708 }
4709 return err;
4710}
4711
Willy Tarreau55d37912016-12-21 23:38:39 +01004712/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4713 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4714 * alerts are directly emitted since the rest of the stack does it below.
4715 */
4716int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4717{
4718 struct proxy *px = bind_conf->frontend;
4719 int alloc_ctx;
4720 int err;
4721
4722 if (!bind_conf->is_ssl) {
4723 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004724 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4725 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004726 }
4727 return 0;
4728 }
4729 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004730 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004731 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4732 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004733 }
4734 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004735 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4736 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004737 return -1;
4738 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004739 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004740 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004741 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
4742 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
4743 sizeof(*sh_ssl_sess_tree),
4744 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
4745 if (alloc_ctx < 0) {
4746 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4747 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4748 else
4749 ha_alert("Unable to allocate SSL session cache.\n");
4750 return -1;
4751 }
4752 /* free block callback */
4753 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4754 /* init the root tree within the extra space */
4755 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4756 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004757 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004758 err = 0;
4759 /* initialize all certificate contexts */
4760 err += ssl_sock_prepare_all_ctx(bind_conf);
4761
4762 /* initialize CA variables if the certificates generation is enabled */
4763 err += ssl_sock_load_ca(bind_conf);
4764
4765 return -err;
4766}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004767
4768/* release ssl context allocated for servers. */
4769void ssl_sock_free_srv_ctx(struct server *srv)
4770{
4771 if (srv->ssl_ctx.ctx)
4772 SSL_CTX_free(srv->ssl_ctx.ctx);
4773}
4774
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004775/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004776 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4777 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004778void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004779{
4780 struct ebmb_node *node, *back;
4781 struct sni_ctx *sni;
4782
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004783 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004784 while (node) {
4785 sni = ebmb_entry(node, struct sni_ctx, name);
4786 back = ebmb_next(node);
4787 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004788 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004789 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004790 ssl_sock_free_ssl_conf(sni->conf);
4791 free(sni->conf);
4792 sni->conf = NULL;
4793 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004794 free(sni);
4795 node = back;
4796 }
4797
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004798 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004799 while (node) {
4800 sni = ebmb_entry(node, struct sni_ctx, name);
4801 back = ebmb_next(node);
4802 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004803 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004804 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004805 ssl_sock_free_ssl_conf(sni->conf);
4806 free(sni->conf);
4807 sni->conf = NULL;
4808 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004809 free(sni);
4810 node = back;
4811 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004812 SSL_CTX_free(bind_conf->initial_ctx);
4813 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004814 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004815 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004816}
4817
Willy Tarreau795cdab2016-12-22 17:30:54 +01004818/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4819void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4820{
4821 ssl_sock_free_ca(bind_conf);
4822 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004823 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004824 free(bind_conf->ca_sign_file);
4825 free(bind_conf->ca_sign_pass);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004826 if (bind_conf->keys_ref) {
4827 free(bind_conf->keys_ref->filename);
4828 free(bind_conf->keys_ref->tlskeys);
4829 LIST_DEL(&bind_conf->keys_ref->list);
4830 free(bind_conf->keys_ref);
4831 }
4832 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004833 bind_conf->ca_sign_pass = NULL;
4834 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004835}
4836
Christopher Faulet31af49d2015-06-09 17:29:50 +02004837/* Load CA cert file and private key used to generate certificates */
4838int
Willy Tarreau03209342016-12-22 17:08:28 +01004839ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004840{
Willy Tarreau03209342016-12-22 17:08:28 +01004841 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004842 FILE *fp;
4843 X509 *cacert = NULL;
4844 EVP_PKEY *capkey = NULL;
4845 int err = 0;
4846
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02004847 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004848 return err;
4849
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01004850#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02004851 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01004852 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01004853 HA_RWLOCK_INIT(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004854 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02004855 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004856 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02004857#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02004858
Christopher Faulet31af49d2015-06-09 17:29:50 +02004859 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004860 ha_alert("Proxy '%s': cannot enable certificate generation, "
4861 "no CA certificate File configured at [%s:%d].\n",
4862 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004863 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004864 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004865
4866 /* read in the CA certificate */
4867 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004868 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4869 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004870 goto load_error;
4871 }
4872 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004873 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4874 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004875 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004876 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004877 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004878 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004879 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
4880 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004881 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004882 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004883
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004884 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004885 bind_conf->ca_sign_cert = cacert;
4886 bind_conf->ca_sign_pkey = capkey;
4887 return err;
4888
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004889 read_error:
4890 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004891 if (capkey) EVP_PKEY_free(capkey);
4892 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004893 load_error:
4894 bind_conf->generate_certs = 0;
4895 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004896 return err;
4897}
4898
4899/* Release CA cert and private key used to generate certificated */
4900void
4901ssl_sock_free_ca(struct bind_conf *bind_conf)
4902{
Christopher Faulet31af49d2015-06-09 17:29:50 +02004903 if (bind_conf->ca_sign_pkey)
4904 EVP_PKEY_free(bind_conf->ca_sign_pkey);
4905 if (bind_conf->ca_sign_cert)
4906 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01004907 bind_conf->ca_sign_pkey = NULL;
4908 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004909}
4910
Emeric Brun46591952012-05-18 15:47:34 +02004911/*
4912 * This function is called if SSL * context is not yet allocated. The function
4913 * is designed to be called before any other data-layer operation and sets the
4914 * handshake flag on the connection. It is safe to call it multiple times.
4915 * It returns 0 on success and -1 in error case.
4916 */
4917static int ssl_sock_init(struct connection *conn)
4918{
4919 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004920 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02004921 return 0;
4922
Willy Tarreau3c728722014-01-23 13:50:42 +01004923 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02004924 return 0;
4925
Willy Tarreau20879a02012-12-03 16:32:10 +01004926 if (global.maxsslconn && sslconns >= global.maxsslconn) {
4927 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02004928 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004929 }
Willy Tarreau403edff2012-09-06 11:58:37 +02004930
Emeric Brun46591952012-05-18 15:47:34 +02004931 /* If it is in client mode initiate SSL session
4932 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004933 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004934 int may_retry = 1;
4935
4936 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02004937 /* Alloc a new SSL session ctx */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004938 conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004939 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004940 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004941 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004942 goto retry_connect;
4943 }
Willy Tarreau20879a02012-12-03 16:32:10 +01004944 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02004945 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004946 }
Emeric Brun46591952012-05-18 15:47:34 +02004947
Emeric Brun46591952012-05-18 15:47:34 +02004948 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02004949 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01004950 SSL_free(conn->xprt_ctx);
4951 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004952 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004953 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004954 goto retry_connect;
4955 }
Emeric Brun55476152014-11-12 17:35:37 +01004956 conn->err_code = CO_ER_SSL_NO_MEM;
4957 return -1;
4958 }
Emeric Brun46591952012-05-18 15:47:34 +02004959
Evan Broderbe554312013-06-27 00:05:25 -07004960 /* set connection pointer */
Emeric Brun55476152014-11-12 17:35:37 +01004961 if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
4962 SSL_free(conn->xprt_ctx);
4963 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004964 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004965 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004966 goto retry_connect;
4967 }
Emeric Brun55476152014-11-12 17:35:37 +01004968 conn->err_code = CO_ER_SSL_NO_MEM;
4969 return -1;
4970 }
4971
4972 SSL_set_connect_state(conn->xprt_ctx);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004973 if (objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
4974 const unsigned char *ptr = objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
4975 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
4976 if(sess && !SSL_set_session(conn->xprt_ctx, sess)) {
4977 SSL_SESSION_free(sess);
4978 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
4979 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
4980 } else if (sess) {
4981 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01004982 }
4983 }
Evan Broderbe554312013-06-27 00:05:25 -07004984
Emeric Brun46591952012-05-18 15:47:34 +02004985 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02004986 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02004987
4988 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01004989 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02004990 return 0;
4991 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004992 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004993 int may_retry = 1;
4994
4995 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02004996 /* Alloc a new SSL session ctx */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004997 conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004998 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004999 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005000 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005001 goto retry_accept;
5002 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005003 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005004 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005005 }
Emeric Brun46591952012-05-18 15:47:34 +02005006
Emeric Brun46591952012-05-18 15:47:34 +02005007 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005008 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005009 SSL_free(conn->xprt_ctx);
5010 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005011 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005012 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005013 goto retry_accept;
5014 }
Emeric Brun55476152014-11-12 17:35:37 +01005015 conn->err_code = CO_ER_SSL_NO_MEM;
5016 return -1;
5017 }
Emeric Brun46591952012-05-18 15:47:34 +02005018
Emeric Brune1f38db2012-09-03 20:36:47 +02005019 /* set connection pointer */
Emeric Brun55476152014-11-12 17:35:37 +01005020 if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
5021 SSL_free(conn->xprt_ctx);
5022 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005023 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005024 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005025 goto retry_accept;
5026 }
Emeric Brun55476152014-11-12 17:35:37 +01005027 conn->err_code = CO_ER_SSL_NO_MEM;
5028 return -1;
5029 }
5030
5031 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005032
Emeric Brun46591952012-05-18 15:47:34 +02005033 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005034 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005035#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005036 conn->flags |= CO_FL_EARLY_SSL_HS;
5037#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005038
5039 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01005040 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02005041 return 0;
5042 }
5043 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005044 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005045 return -1;
5046}
5047
5048
5049/* This is the callback which is used when an SSL handshake is pending. It
5050 * updates the FD status if it wants some polling before being called again.
5051 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5052 * otherwise it returns non-zero and removes itself from the connection's
5053 * flags (the bit is provided in <flag> by the caller).
5054 */
5055int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5056{
5057 int ret;
5058
Willy Tarreau3c728722014-01-23 13:50:42 +01005059 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005060 return 0;
5061
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005062 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005063 goto out_error;
5064
Olivier Houchardc2aae742017-09-22 18:26:28 +02005065#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5066 /*
5067 * Check if we have early data. If we do, we have to read them
5068 * before SSL_do_handshake() is called, And there's no way to
5069 * detect early data, except to try to read them
5070 */
5071 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5072 size_t read_data;
5073
5074 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5075 1, &read_data);
5076 if (ret == SSL_READ_EARLY_DATA_ERROR)
5077 goto check_error;
5078 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5079 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5080 return 1;
5081 } else
5082 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5083 }
5084#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005085 /* If we use SSL_do_handshake to process a reneg initiated by
5086 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5087 * Usually SSL_write and SSL_read are used and process implicitly
5088 * the reneg handshake.
5089 * Here we use SSL_peek as a workaround for reneg.
5090 */
5091 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5092 char c;
5093
5094 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5095 if (ret <= 0) {
5096 /* handshake may have not been completed, let's find why */
5097 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005098
Emeric Brun674b7432012-11-08 19:21:55 +01005099 if (ret == SSL_ERROR_WANT_WRITE) {
5100 /* SSL handshake needs to write, L4 connection may not be ready */
5101 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005102 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005103 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005104 return 0;
5105 }
5106 else if (ret == SSL_ERROR_WANT_READ) {
5107 /* handshake may have been completed but we have
5108 * no more data to read.
5109 */
5110 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5111 ret = 1;
5112 goto reneg_ok;
5113 }
5114 /* SSL handshake needs to read, L4 connection is ready */
5115 if (conn->flags & CO_FL_WAIT_L4_CONN)
5116 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5117 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005118 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005119 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005120 return 0;
5121 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005122#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005123 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005124 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005125 return 0;
5126 }
5127#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005128 else if (ret == SSL_ERROR_SYSCALL) {
5129 /* if errno is null, then connection was successfully established */
5130 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5131 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005132 if (!conn->err_code) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005133#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5134 conn->err_code = CO_ER_SSL_HANDSHAKE;
5135#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005136 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005137#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005138 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5139 empty_handshake = state == TLS_ST_BEFORE;
5140#else
5141 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5142#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005143 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005144 if (!errno) {
5145 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5146 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5147 else
5148 conn->err_code = CO_ER_SSL_EMPTY;
5149 }
5150 else {
5151 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5152 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5153 else
5154 conn->err_code = CO_ER_SSL_ABORT;
5155 }
5156 }
5157 else {
5158 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5159 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005160 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005161 conn->err_code = CO_ER_SSL_HANDSHAKE;
5162 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005163#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005164 }
Emeric Brun674b7432012-11-08 19:21:55 +01005165 goto out_error;
5166 }
5167 else {
5168 /* Fail on all other handshake errors */
5169 /* Note: OpenSSL may leave unread bytes in the socket's
5170 * buffer, causing an RST to be emitted upon close() on
5171 * TCP sockets. We first try to drain possibly pending
5172 * data to avoid this as much as possible.
5173 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005174 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005175 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005176 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5177 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005178 goto out_error;
5179 }
5180 }
5181 /* read some data: consider handshake completed */
5182 goto reneg_ok;
5183 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005184 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005185check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005186 if (ret != 1) {
5187 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005188 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005189
5190 if (ret == SSL_ERROR_WANT_WRITE) {
5191 /* SSL handshake needs to write, L4 connection may not be ready */
5192 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005193 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005194 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005195 return 0;
5196 }
5197 else if (ret == SSL_ERROR_WANT_READ) {
5198 /* SSL handshake needs to read, L4 connection is ready */
5199 if (conn->flags & CO_FL_WAIT_L4_CONN)
5200 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5201 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005202 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005203 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005204 return 0;
5205 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005206#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005207 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005208 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005209 return 0;
5210 }
5211#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005212 else if (ret == SSL_ERROR_SYSCALL) {
5213 /* if errno is null, then connection was successfully established */
5214 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5215 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005216 if (!conn->err_code) {
5217#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5218 conn->err_code = CO_ER_SSL_HANDSHAKE;
5219#else
5220 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005221#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005222 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5223 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005224#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005225 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005226#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005227 if (empty_handshake) {
5228 if (!errno) {
5229 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5230 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5231 else
5232 conn->err_code = CO_ER_SSL_EMPTY;
5233 }
5234 else {
5235 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5236 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5237 else
5238 conn->err_code = CO_ER_SSL_ABORT;
5239 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005240 }
5241 else {
5242 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5243 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5244 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005245 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005246 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005247#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005248 }
Willy Tarreau89230192012-09-28 20:22:13 +02005249 goto out_error;
5250 }
Emeric Brun46591952012-05-18 15:47:34 +02005251 else {
5252 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005253 /* Note: OpenSSL may leave unread bytes in the socket's
5254 * buffer, causing an RST to be emitted upon close() on
5255 * TCP sockets. We first try to drain possibly pending
5256 * data to avoid this as much as possible.
5257 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005258 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005259 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005260 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5261 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005262 goto out_error;
5263 }
5264 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005265#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5266 else {
5267 /*
5268 * If the server refused the early data, we have to send a
5269 * 425 to the client, as we no longer have the data to sent
5270 * them again.
5271 */
5272 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5273 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5274 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5275 goto out_error;
5276 }
5277 }
5278 }
5279#endif
5280
Emeric Brun46591952012-05-18 15:47:34 +02005281
Emeric Brun674b7432012-11-08 19:21:55 +01005282reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005283
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005284#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005285 /* ASYNC engine API doesn't support moving read/write
5286 * buffers. So we disable ASYNC mode right after
5287 * the handshake to avoid buffer oveflows.
5288 */
5289 if (global_ssl.async)
5290 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5291#endif
Emeric Brun46591952012-05-18 15:47:34 +02005292 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005293 if (!SSL_session_reused(conn->xprt_ctx)) {
5294 if (objt_server(conn->target)) {
5295 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5296 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5297 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005298 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005299 else {
5300 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5301 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5302 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5303 }
Emeric Brun46591952012-05-18 15:47:34 +02005304 }
5305
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005306#ifdef OPENSSL_IS_BORINGSSL
5307 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5308 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5309#endif
Emeric Brun46591952012-05-18 15:47:34 +02005310 /* The connection is now established at both layers, it's time to leave */
5311 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5312 return 1;
5313
5314 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005315 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005316 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005317 ERR_clear_error();
5318
Emeric Brun9fa89732012-10-04 17:09:56 +02005319 /* free resumed session if exists */
Olivier Houcharde6060c52017-11-16 17:42:52 +01005320 if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5321 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5322 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005323 }
5324
Emeric Brun46591952012-05-18 15:47:34 +02005325 /* Fail on all other handshake errors */
5326 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005327 if (!conn->err_code)
5328 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005329 return 0;
5330}
5331
5332/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005333 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005334 * buffer wraps, in which case a second call may be performed. The connection's
5335 * flags are updated with whatever special event is detected (error, read0,
5336 * empty). The caller is responsible for taking care of those events and
5337 * avoiding the call if inappropriate. The function does not call the
5338 * connection's polling update function, so the caller is responsible for this.
5339 */
5340static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int count)
5341{
5342 int ret, done = 0;
Willy Tarreauabf08d92014-01-14 11:31:27 +01005343 int try;
Emeric Brun46591952012-05-18 15:47:34 +02005344
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005345 conn_refresh_polling_flags(conn);
5346
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005347 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005348 goto out_error;
5349
5350 if (conn->flags & CO_FL_HANDSHAKE)
5351 /* a handshake was requested */
5352 return 0;
5353
Willy Tarreauabf08d92014-01-14 11:31:27 +01005354 /* let's realign the buffer to optimize I/O */
Olivier Houchardc2aae742017-09-22 18:26:28 +02005355 if (buffer_empty(buf)) {
Emeric Brun46591952012-05-18 15:47:34 +02005356 buf->p = buf->data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005357 }
Emeric Brun46591952012-05-18 15:47:34 +02005358
5359 /* read the largest possible block. For this, we perform only one call
5360 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5361 * in which case we accept to do it once again. A new attempt is made on
5362 * EINTR too.
5363 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005364 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005365 int need_out = 0;
5366
Willy Tarreauabf08d92014-01-14 11:31:27 +01005367 /* first check if we have some room after p+i */
5368 try = buf->data + buf->size - (buf->p + buf->i);
5369 /* otherwise continue between data and p-o */
5370 if (try <= 0) {
5371 try = buf->p - (buf->data + buf->o);
5372 if (try <= 0)
5373 break;
5374 }
5375 if (try > count)
5376 try = count;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005377 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5378 conn->tmp_early_data != -1) {
5379 *bi_end(buf) = conn->tmp_early_data;
5380 done++;
5381 try--;
5382 count--;
5383 buf->i++;
5384 conn->tmp_early_data = -1;
5385 continue;
5386 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005387
Olivier Houchardc2aae742017-09-22 18:26:28 +02005388#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5389 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5390 size_t read_length;
5391
5392 ret = SSL_read_early_data(conn->xprt_ctx,
5393 bi_end(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005394 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5395 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005396 conn->flags |= CO_FL_EARLY_DATA;
5397 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5398 ret == SSL_READ_EARLY_DATA_FINISH) {
5399 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5400 /*
5401 * We're done reading the early data,
5402 * let's make the handshake
5403 */
5404 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5405 conn->flags |= CO_FL_SSL_WAIT_HS;
5406 need_out = 1;
5407 if (read_length == 0)
5408 break;
5409 }
5410 ret = read_length;
5411 }
5412 } else
5413#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005414 ret = SSL_read(conn->xprt_ctx, bi_end(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005415#ifdef OPENSSL_IS_BORINGSSL
5416 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5417 if (SSL_in_early_data(conn->xprt_ctx)) {
5418 if (ret > 0)
5419 conn->flags |= CO_FL_EARLY_DATA;
5420 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005421 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005422 }
5423 }
5424#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005425 if (conn->flags & CO_FL_ERROR) {
5426 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005427 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005428 }
Emeric Brun46591952012-05-18 15:47:34 +02005429 if (ret > 0) {
5430 buf->i += ret;
5431 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005432 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005433 }
Emeric Brun46591952012-05-18 15:47:34 +02005434 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005435 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005436 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005437 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005438 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005439 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005440#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005441 /* Async mode can be re-enabled, because we're leaving data state.*/
5442 if (global_ssl.async)
5443 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5444#endif
Emeric Brun46591952012-05-18 15:47:34 +02005445 break;
5446 }
5447 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005448 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5449 /* handshake is running, and it may need to re-enable read */
5450 conn->flags |= CO_FL_SSL_WAIT_HS;
5451 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005452#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005453 /* Async mode can be re-enabled, because we're leaving data state.*/
5454 if (global_ssl.async)
5455 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5456#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005457 break;
5458 }
Emeric Brun46591952012-05-18 15:47:34 +02005459 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005460 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005461 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005462 } else if (ret == SSL_ERROR_ZERO_RETURN)
5463 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005464 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5465 * stack before shutting down the connection for
5466 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005467 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5468 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005469 /* otherwise it's a real error */
5470 goto out_error;
5471 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005472 if (need_out)
5473 break;
Emeric Brun46591952012-05-18 15:47:34 +02005474 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005475 leave:
5476 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005477 return done;
5478
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005479 clear_ssl_error:
5480 /* Clear openssl global errors stack */
5481 ssl_sock_dump_errors(conn);
5482 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005483 read0:
5484 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005485 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005486
Emeric Brun46591952012-05-18 15:47:34 +02005487 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005488 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005489 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005490 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005491 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005492 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005493}
5494
5495
5496/* Send all pending bytes from buffer <buf> to connection <conn>'s socket.
Willy Tarreau1049b1f2014-02-02 01:51:17 +01005497 * <flags> may contain some CO_SFL_* flags to hint the system about other
5498 * pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005499 * Only one call to send() is performed, unless the buffer wraps, in which case
5500 * a second call may be performed. The connection's flags are updated with
5501 * whatever special event is detected (error, empty). The caller is responsible
5502 * for taking care of those events and avoiding the call if inappropriate. The
5503 * function does not call the connection's polling update function, so the caller
5504 * is responsible for this.
5505 */
5506static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int flags)
5507{
5508 int ret, try, done;
5509
5510 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005511 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005512
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005513 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005514 goto out_error;
5515
5516 if (conn->flags & CO_FL_HANDSHAKE)
5517 /* a handshake was requested */
5518 return 0;
5519
5520 /* send the largest possible block. For this we perform only one call
5521 * to send() unless the buffer wraps and we exactly fill the first hunk,
5522 * in which case we accept to do it once again.
5523 */
5524 while (buf->o) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005525#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5526 size_t written_data;
5527#endif
5528
Kevin Hestercad82342013-05-30 15:12:41 -07005529 try = bo_contig_data(buf);
Willy Tarreaubfd59462013-02-21 07:46:09 +01005530
Willy Tarreau7bed9452014-02-02 02:00:24 +01005531 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005532 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005533 global_ssl.max_record && try > global_ssl.max_record) {
5534 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005535 }
5536 else {
5537 /* we need to keep the information about the fact that
5538 * we're not limiting the upcoming send(), because if it
5539 * fails, we'll have to retry with at least as many data.
5540 */
5541 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5542 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005543
Olivier Houchardc2aae742017-09-22 18:26:28 +02005544#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5545 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5546 unsigned int max_early;
5547
Olivier Houchard522eea72017-11-03 16:27:47 +01005548 if (objt_listener(conn->target))
5549 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5550 else {
5551 if (SSL_get0_session(conn->xprt_ctx))
5552 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5553 else
5554 max_early = 0;
5555 }
5556
Olivier Houchard90084a12017-11-23 18:21:29 +01005557 if (try + conn->sent_early_data > max_early) {
5558 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005559 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005560 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5561 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005562 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005563 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005564 }
5565 ret = SSL_write_early_data(conn->xprt_ctx, bo_ptr(buf), try, &written_data);
5566 if (ret == 1) {
5567 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005568 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005569 if (objt_server(conn->target)) {
5570 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5571 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5572 }
5573
Olivier Houchardc2aae742017-09-22 18:26:28 +02005574 }
5575
5576 } else
5577#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005578 ret = SSL_write(conn->xprt_ctx, bo_ptr(buf), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005579
Emeric Brune1f38db2012-09-03 20:36:47 +02005580 if (conn->flags & CO_FL_ERROR) {
5581 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005582 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005583 }
Emeric Brun46591952012-05-18 15:47:34 +02005584 if (ret > 0) {
Willy Tarreau518cedd2014-02-17 15:43:01 +01005585 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
5586
Emeric Brun46591952012-05-18 15:47:34 +02005587 buf->o -= ret;
5588 done += ret;
5589
Willy Tarreau5fb38032012-12-16 19:39:09 +01005590 if (likely(buffer_empty(buf)))
Emeric Brun46591952012-05-18 15:47:34 +02005591 /* optimize data alignment in the buffer */
5592 buf->p = buf->data;
Emeric Brun46591952012-05-18 15:47:34 +02005593 }
5594 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005595 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005596
Emeric Brun46591952012-05-18 15:47:34 +02005597 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005598 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5599 /* handshake is running, and it may need to re-enable write */
5600 conn->flags |= CO_FL_SSL_WAIT_HS;
5601 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005602#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005603 /* Async mode can be re-enabled, because we're leaving data state.*/
5604 if (global_ssl.async)
5605 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5606#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005607 break;
5608 }
Emeric Brun46591952012-05-18 15:47:34 +02005609 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005610 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005611 break;
5612 }
5613 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005614 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005615 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005616 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005617#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005618 /* Async mode can be re-enabled, because we're leaving data state.*/
5619 if (global_ssl.async)
5620 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5621#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005622 break;
5623 }
Emeric Brun46591952012-05-18 15:47:34 +02005624 goto out_error;
5625 }
5626 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005627 leave:
5628 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005629 return done;
5630
5631 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005632 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005633 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005634 ERR_clear_error();
5635
Emeric Brun46591952012-05-18 15:47:34 +02005636 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005637 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005638}
5639
Emeric Brun46591952012-05-18 15:47:34 +02005640static void ssl_sock_close(struct connection *conn) {
5641
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005642 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005643#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005644 if (global_ssl.async) {
5645 OSSL_ASYNC_FD all_fd[32], afd;
5646 size_t num_all_fds = 0;
5647 int i;
5648
5649 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5650 if (num_all_fds > 32) {
5651 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5652 return;
5653 }
5654
5655 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5656
5657 /* If an async job is pending, we must try to
5658 to catch the end using polling before calling
5659 SSL_free */
5660 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5661 for (i=0 ; i < num_all_fds ; i++) {
5662 /* switch on an handler designed to
5663 * handle the SSL_free
5664 */
5665 afd = all_fd[i];
5666 fdtab[afd].iocb = ssl_async_fd_free;
5667 fdtab[afd].owner = conn->xprt_ctx;
5668 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005669 /* To ensure that the fd cache won't be used
5670 * and we'll catch a real RD event.
5671 */
5672 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005673 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005674 conn->xprt_ctx = NULL;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +02005675 HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005676 return;
5677 }
Emeric Brun3854e012017-05-17 20:42:48 +02005678 /* Else we can remove the fds from the fdtab
5679 * and call SSL_free.
5680 * note: we do a fd_remove and not a delete
5681 * because the fd is owned by the engine.
5682 * the engine is responsible to close
5683 */
5684 for (i=0 ; i < num_all_fds ; i++)
5685 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005686 }
5687#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005688 SSL_free(conn->xprt_ctx);
5689 conn->xprt_ctx = NULL;
Willy Tarreau403edff2012-09-06 11:58:37 +02005690 sslconns--;
Emeric Brun46591952012-05-18 15:47:34 +02005691 }
Emeric Brun46591952012-05-18 15:47:34 +02005692}
5693
5694/* This function tries to perform a clean shutdown on an SSL connection, and in
5695 * any case, flags the connection as reusable if no handshake was in progress.
5696 */
5697static void ssl_sock_shutw(struct connection *conn, int clean)
5698{
5699 if (conn->flags & CO_FL_HANDSHAKE)
5700 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005701 if (!clean)
5702 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005703 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005704 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005705 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005706 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005707 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005708 ERR_clear_error();
5709 }
Emeric Brun46591952012-05-18 15:47:34 +02005710}
5711
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005712/* used for ppv2 pkey alog (can be used for logging) */
5713int ssl_sock_get_pkey_algo(struct connection *conn, struct chunk *out)
5714{
5715 struct pkey_info *pkinfo;
5716 int bits = 0;
5717 int sig = TLSEXT_signature_anonymous;
5718 int len = -1;
5719
5720 if (!ssl_sock_is_ssl(conn))
5721 return 0;
5722
5723 pkinfo = SSL_get_ex_data(conn->xprt_ctx, ssl_pkey_info_index);
5724 if (pkinfo) {
5725 sig = pkinfo->sig;
5726 bits = pkinfo->bits;
5727 } else {
5728 /* multicert and generated cert have no pkey info */
5729 X509 *crt;
5730 EVP_PKEY *pkey;
5731 crt = SSL_get_certificate(conn->xprt_ctx);
5732 if (!crt)
5733 return 0;
5734 pkey = X509_get_pubkey(crt);
5735 if (pkey) {
5736 bits = EVP_PKEY_bits(pkey);
5737 switch(EVP_PKEY_base_id(pkey)) {
5738 case EVP_PKEY_RSA:
5739 sig = TLSEXT_signature_rsa;
5740 break;
5741 case EVP_PKEY_EC:
5742 sig = TLSEXT_signature_ecdsa;
5743 break;
5744 case EVP_PKEY_DSA:
5745 sig = TLSEXT_signature_dsa;
5746 break;
5747 }
5748 EVP_PKEY_free(pkey);
5749 }
5750 }
5751
5752 switch(sig) {
5753 case TLSEXT_signature_rsa:
5754 len = chunk_printf(out, "RSA%d", bits);
5755 break;
5756 case TLSEXT_signature_ecdsa:
5757 len = chunk_printf(out, "EC%d", bits);
5758 break;
5759 case TLSEXT_signature_dsa:
5760 len = chunk_printf(out, "DSA%d", bits);
5761 break;
5762 default:
5763 return 0;
5764 }
5765 if (len < 0)
5766 return 0;
5767 return 1;
5768}
5769
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005770/* used for ppv2 cert signature (can be used for logging) */
5771const char *ssl_sock_get_cert_sig(struct connection *conn)
5772{
5773 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5774 X509 *crt;
5775
5776 if (!ssl_sock_is_ssl(conn))
5777 return NULL;
5778 crt = SSL_get_certificate(conn->xprt_ctx);
5779 if (!crt)
5780 return NULL;
5781 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5782 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5783}
5784
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005785/* used for ppv2 authority */
5786const char *ssl_sock_get_sni(struct connection *conn)
5787{
5788#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5789 if (!ssl_sock_is_ssl(conn))
5790 return NULL;
5791 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5792#else
5793 return 0;
5794#endif
5795}
5796
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005797/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005798const char *ssl_sock_get_cipher_name(struct connection *conn)
5799{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005800 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005801 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005802
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005803 return SSL_get_cipher_name(conn->xprt_ctx);
5804}
5805
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005806/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005807const char *ssl_sock_get_proto_version(struct connection *conn)
5808{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005809 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005810 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005811
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005812 return SSL_get_version(conn->xprt_ctx);
5813}
5814
Willy Tarreau8d598402012-10-22 17:58:39 +02005815/* Extract a serial from a cert, and copy it to a chunk.
5816 * Returns 1 if serial is found and copied, 0 if no serial found and
5817 * -1 if output is not large enough.
5818 */
5819static int
5820ssl_sock_get_serial(X509 *crt, struct chunk *out)
5821{
5822 ASN1_INTEGER *serial;
5823
5824 serial = X509_get_serialNumber(crt);
5825 if (!serial)
5826 return 0;
5827
5828 if (out->size < serial->length)
5829 return -1;
5830
5831 memcpy(out->str, serial->data, serial->length);
5832 out->len = serial->length;
5833 return 1;
5834}
5835
Emeric Brun43e79582014-10-29 19:03:26 +01005836/* Extract a cert to der, and copy it to a chunk.
5837 * Returns 1 if cert is found and copied, 0 on der convertion failure and
5838 * -1 if output is not large enough.
5839 */
5840static int
5841ssl_sock_crt2der(X509 *crt, struct chunk *out)
5842{
5843 int len;
5844 unsigned char *p = (unsigned char *)out->str;;
5845
5846 len =i2d_X509(crt, NULL);
5847 if (len <= 0)
5848 return 1;
5849
5850 if (out->size < len)
5851 return -1;
5852
5853 i2d_X509(crt,&p);
5854 out->len = len;
5855 return 1;
5856}
5857
Emeric Brunce5ad802012-10-22 14:11:22 +02005858
5859/* Copy Date in ASN1_UTCTIME format in struct chunk out.
5860 * Returns 1 if serial is found and copied, 0 if no valid time found
5861 * and -1 if output is not large enough.
5862 */
5863static int
5864ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out)
5865{
5866 if (tm->type == V_ASN1_GENERALIZEDTIME) {
5867 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
5868
5869 if (gentm->length < 12)
5870 return 0;
5871 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
5872 return 0;
5873 if (out->size < gentm->length-2)
5874 return -1;
5875
5876 memcpy(out->str, gentm->data+2, gentm->length-2);
5877 out->len = gentm->length-2;
5878 return 1;
5879 }
5880 else if (tm->type == V_ASN1_UTCTIME) {
5881 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
5882
5883 if (utctm->length < 10)
5884 return 0;
5885 if (utctm->data[0] >= 0x35)
5886 return 0;
5887 if (out->size < utctm->length)
5888 return -1;
5889
5890 memcpy(out->str, utctm->data, utctm->length);
5891 out->len = utctm->length;
5892 return 1;
5893 }
5894
5895 return 0;
5896}
5897
Emeric Brun87855892012-10-17 17:39:35 +02005898/* Extract an entry from a X509_NAME and copy its value to an output chunk.
5899 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
5900 */
5901static int
5902ssl_sock_get_dn_entry(X509_NAME *a, const struct chunk *entry, int pos, struct chunk *out)
5903{
5904 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005905 ASN1_OBJECT *obj;
5906 ASN1_STRING *data;
5907 const unsigned char *data_ptr;
5908 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005909 int i, j, n;
5910 int cur = 0;
5911 const char *s;
5912 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005913 int name_count;
5914
5915 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005916
5917 out->len = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005918 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02005919 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005920 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02005921 else
5922 j = i;
5923
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005924 ne = X509_NAME_get_entry(a, j);
5925 obj = X509_NAME_ENTRY_get_object(ne);
5926 data = X509_NAME_ENTRY_get_data(ne);
5927 data_ptr = ASN1_STRING_get0_data(data);
5928 data_len = ASN1_STRING_length(data);
5929 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005930 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005931 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005932 s = tmp;
5933 }
5934
5935 if (chunk_strcasecmp(entry, s) != 0)
5936 continue;
5937
5938 if (pos < 0)
5939 cur--;
5940 else
5941 cur++;
5942
5943 if (cur != pos)
5944 continue;
5945
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005946 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02005947 return -1;
5948
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005949 memcpy(out->str, data_ptr, data_len);
5950 out->len = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005951 return 1;
5952 }
5953
5954 return 0;
5955
5956}
5957
5958/* Extract and format full DN from a X509_NAME and copy result into a chunk
5959 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
5960 */
5961static int
5962ssl_sock_get_dn_oneline(X509_NAME *a, struct chunk *out)
5963{
5964 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005965 ASN1_OBJECT *obj;
5966 ASN1_STRING *data;
5967 const unsigned char *data_ptr;
5968 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005969 int i, n, ln;
5970 int l = 0;
5971 const char *s;
5972 char *p;
5973 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005974 int name_count;
5975
5976
5977 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005978
5979 out->len = 0;
5980 p = out->str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005981 for (i = 0; i < name_count; i++) {
5982 ne = X509_NAME_get_entry(a, i);
5983 obj = X509_NAME_ENTRY_get_object(ne);
5984 data = X509_NAME_ENTRY_get_data(ne);
5985 data_ptr = ASN1_STRING_get0_data(data);
5986 data_len = ASN1_STRING_length(data);
5987 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005988 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005989 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005990 s = tmp;
5991 }
5992 ln = strlen(s);
5993
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005994 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005995 if (l > out->size)
5996 return -1;
5997 out->len = l;
5998
5999 *(p++)='/';
6000 memcpy(p, s, ln);
6001 p += ln;
6002 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006003 memcpy(p, data_ptr, data_len);
6004 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006005 }
6006
6007 if (!out->len)
6008 return 0;
6009
6010 return 1;
6011}
6012
Willy Tarreau119a4082016-12-22 21:58:38 +01006013/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6014 * to disable SNI.
6015 */
Willy Tarreau63076412015-07-10 11:33:32 +02006016void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6017{
6018#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006019 char *prev_name;
6020
Willy Tarreau63076412015-07-10 11:33:32 +02006021 if (!ssl_sock_is_ssl(conn))
6022 return;
6023
Willy Tarreau119a4082016-12-22 21:58:38 +01006024 /* if the SNI changes, we must destroy the reusable context so that a
6025 * new connection will present a new SNI. As an optimization we could
6026 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6027 * server.
6028 */
6029 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6030 if ((!prev_name && hostname) ||
6031 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6032 SSL_set_session(conn->xprt_ctx, NULL);
6033
Willy Tarreau63076412015-07-10 11:33:32 +02006034 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6035#endif
6036}
6037
Emeric Brun0abf8362014-06-24 18:26:41 +02006038/* Extract peer certificate's common name into the chunk dest
6039 * Returns
6040 * the len of the extracted common name
6041 * or 0 if no CN found in DN
6042 * or -1 on error case (i.e. no peer certificate)
6043 */
6044int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest)
David Safb76832014-05-08 23:42:08 -04006045{
6046 X509 *crt = NULL;
6047 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006048 const char find_cn[] = "CN";
6049 const struct chunk find_cn_chunk = {
6050 .str = (char *)&find_cn,
6051 .len = sizeof(find_cn)-1
6052 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006053 int result = -1;
David Safb76832014-05-08 23:42:08 -04006054
6055 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006056 goto out;
David Safb76832014-05-08 23:42:08 -04006057
6058 /* SSL_get_peer_certificate, it increase X509 * ref count */
6059 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6060 if (!crt)
6061 goto out;
6062
6063 name = X509_get_subject_name(crt);
6064 if (!name)
6065 goto out;
David Safb76832014-05-08 23:42:08 -04006066
Emeric Brun0abf8362014-06-24 18:26:41 +02006067 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6068out:
David Safb76832014-05-08 23:42:08 -04006069 if (crt)
6070 X509_free(crt);
6071
6072 return result;
6073}
6074
Dave McCowan328fb582014-07-30 10:39:13 -04006075/* returns 1 if client passed a certificate for this session, 0 if not */
6076int ssl_sock_get_cert_used_sess(struct connection *conn)
6077{
6078 X509 *crt = NULL;
6079
6080 if (!ssl_sock_is_ssl(conn))
6081 return 0;
6082
6083 /* SSL_get_peer_certificate, it increase X509 * ref count */
6084 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6085 if (!crt)
6086 return 0;
6087
6088 X509_free(crt);
6089 return 1;
6090}
6091
6092/* returns 1 if client passed a certificate for this connection, 0 if not */
6093int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006094{
6095 if (!ssl_sock_is_ssl(conn))
6096 return 0;
6097
6098 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6099}
6100
6101/* returns result from SSL verify */
6102unsigned int ssl_sock_get_verify_result(struct connection *conn)
6103{
6104 if (!ssl_sock_is_ssl(conn))
6105 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6106
6107 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6108}
6109
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006110/* Returns the application layer protocol name in <str> and <len> when known.
6111 * Zero is returned if the protocol name was not found, otherwise non-zero is
6112 * returned. The string is allocated in the SSL context and doesn't have to be
6113 * freed by the caller. NPN is also checked if available since older versions
6114 * of openssl (1.0.1) which are more common in field only support this one.
6115 */
6116static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6117{
6118 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6119 return 0;
6120
6121 *str = NULL;
6122
6123#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6124 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6125 if (*str)
6126 return 1;
6127#endif
6128#ifdef OPENSSL_NPN_NEGOTIATED
6129 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6130 if (*str)
6131 return 1;
6132#endif
6133 return 0;
6134}
6135
Willy Tarreau7875d092012-09-10 08:20:03 +02006136/***** Below are some sample fetching functions for ACL/patterns *****/
6137
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006138static int
6139smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6140{
6141 struct connection *conn;
6142
6143 conn = objt_conn(smp->sess->origin);
6144 if (!conn || conn->xprt != &ssl_sock)
6145 return 0;
6146
6147 smp->flags = 0;
6148 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006149 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6150 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006151
6152 return 1;
6153}
6154
Emeric Brune64aef12012-09-21 13:15:06 +02006155/* boolean, returns true if client cert was present */
6156static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006157smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006158{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006159 struct connection *conn;
6160
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006161 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006162 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006163 return 0;
6164
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006165 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006166 smp->flags |= SMP_F_MAY_CHANGE;
6167 return 0;
6168 }
6169
6170 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006171 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006172 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006173
6174 return 1;
6175}
6176
Emeric Brun43e79582014-10-29 19:03:26 +01006177/* binary, returns a certificate in a binary chunk (der/raw).
6178 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6179 * should be use.
6180 */
6181static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006182smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006183{
6184 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6185 X509 *crt = NULL;
6186 int ret = 0;
6187 struct chunk *smp_trash;
6188 struct connection *conn;
6189
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006190 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006191 if (!conn || conn->xprt != &ssl_sock)
6192 return 0;
6193
6194 if (!(conn->flags & CO_FL_CONNECTED)) {
6195 smp->flags |= SMP_F_MAY_CHANGE;
6196 return 0;
6197 }
6198
6199 if (cert_peer)
6200 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6201 else
6202 crt = SSL_get_certificate(conn->xprt_ctx);
6203
6204 if (!crt)
6205 goto out;
6206
6207 smp_trash = get_trash_chunk();
6208 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6209 goto out;
6210
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006211 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006212 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006213 ret = 1;
6214out:
6215 /* SSL_get_peer_certificate, it increase X509 * ref count */
6216 if (cert_peer && crt)
6217 X509_free(crt);
6218 return ret;
6219}
6220
Emeric Brunba841a12014-04-30 17:05:08 +02006221/* binary, returns serial of certificate in a binary chunk.
6222 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6223 * should be use.
6224 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006225static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006226smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006227{
Emeric Brunba841a12014-04-30 17:05:08 +02006228 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006229 X509 *crt = NULL;
6230 int ret = 0;
6231 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006232 struct connection *conn;
6233
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006234 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006235 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006236 return 0;
6237
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006238 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006239 smp->flags |= SMP_F_MAY_CHANGE;
6240 return 0;
6241 }
6242
Emeric Brunba841a12014-04-30 17:05:08 +02006243 if (cert_peer)
6244 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6245 else
6246 crt = SSL_get_certificate(conn->xprt_ctx);
6247
Willy Tarreau8d598402012-10-22 17:58:39 +02006248 if (!crt)
6249 goto out;
6250
Willy Tarreau47ca5452012-12-23 20:22:19 +01006251 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006252 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6253 goto out;
6254
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006255 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006256 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006257 ret = 1;
6258out:
Emeric Brunba841a12014-04-30 17:05:08 +02006259 /* SSL_get_peer_certificate, it increase X509 * ref count */
6260 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006261 X509_free(crt);
6262 return ret;
6263}
Emeric Brune64aef12012-09-21 13:15:06 +02006264
Emeric Brunba841a12014-04-30 17:05:08 +02006265/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6266 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6267 * should be use.
6268 */
James Votha051b4a2013-05-14 20:37:59 +02006269static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006270smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006271{
Emeric Brunba841a12014-04-30 17:05:08 +02006272 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006273 X509 *crt = NULL;
6274 const EVP_MD *digest;
6275 int ret = 0;
6276 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006277 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006278
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006279 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006280 if (!conn || conn->xprt != &ssl_sock)
6281 return 0;
6282
6283 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006284 smp->flags |= SMP_F_MAY_CHANGE;
6285 return 0;
6286 }
6287
Emeric Brunba841a12014-04-30 17:05:08 +02006288 if (cert_peer)
6289 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6290 else
6291 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006292 if (!crt)
6293 goto out;
6294
6295 smp_trash = get_trash_chunk();
6296 digest = EVP_sha1();
6297 X509_digest(crt, digest, (unsigned char *)smp_trash->str, (unsigned int *)&smp_trash->len);
6298
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006299 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006300 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006301 ret = 1;
6302out:
Emeric Brunba841a12014-04-30 17:05:08 +02006303 /* SSL_get_peer_certificate, it increase X509 * ref count */
6304 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006305 X509_free(crt);
6306 return ret;
6307}
6308
Emeric Brunba841a12014-04-30 17:05:08 +02006309/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6310 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6311 * should be use.
6312 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006313static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006314smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006315{
Emeric Brunba841a12014-04-30 17:05:08 +02006316 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006317 X509 *crt = NULL;
6318 int ret = 0;
6319 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006320 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006321
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006322 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006323 if (!conn || conn->xprt != &ssl_sock)
6324 return 0;
6325
6326 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006327 smp->flags |= SMP_F_MAY_CHANGE;
6328 return 0;
6329 }
6330
Emeric Brunba841a12014-04-30 17:05:08 +02006331 if (cert_peer)
6332 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6333 else
6334 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006335 if (!crt)
6336 goto out;
6337
Willy Tarreau47ca5452012-12-23 20:22:19 +01006338 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006339 if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
6340 goto out;
6341
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006342 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006343 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006344 ret = 1;
6345out:
Emeric Brunba841a12014-04-30 17:05:08 +02006346 /* SSL_get_peer_certificate, it increase X509 * ref count */
6347 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006348 X509_free(crt);
6349 return ret;
6350}
6351
Emeric Brunba841a12014-04-30 17:05:08 +02006352/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6353 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6354 * should be use.
6355 */
Emeric Brun87855892012-10-17 17:39:35 +02006356static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006357smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006358{
Emeric Brunba841a12014-04-30 17:05:08 +02006359 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006360 X509 *crt = NULL;
6361 X509_NAME *name;
6362 int ret = 0;
6363 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006364 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006365
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006366 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006367 if (!conn || conn->xprt != &ssl_sock)
6368 return 0;
6369
6370 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006371 smp->flags |= SMP_F_MAY_CHANGE;
6372 return 0;
6373 }
6374
Emeric Brunba841a12014-04-30 17:05:08 +02006375 if (cert_peer)
6376 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6377 else
6378 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006379 if (!crt)
6380 goto out;
6381
6382 name = X509_get_issuer_name(crt);
6383 if (!name)
6384 goto out;
6385
Willy Tarreau47ca5452012-12-23 20:22:19 +01006386 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006387 if (args && args[0].type == ARGT_STR) {
6388 int pos = 1;
6389
6390 if (args[1].type == ARGT_SINT)
6391 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006392
6393 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6394 goto out;
6395 }
6396 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6397 goto out;
6398
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006399 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006400 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006401 ret = 1;
6402out:
Emeric Brunba841a12014-04-30 17:05:08 +02006403 /* SSL_get_peer_certificate, it increase X509 * ref count */
6404 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006405 X509_free(crt);
6406 return ret;
6407}
6408
Emeric Brunba841a12014-04-30 17:05:08 +02006409/* string, returns notbefore date in ASN1_UTCTIME format.
6410 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6411 * should be use.
6412 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006413static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006414smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006415{
Emeric Brunba841a12014-04-30 17:05:08 +02006416 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006417 X509 *crt = NULL;
6418 int ret = 0;
6419 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006420 struct connection *conn;
6421
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006422 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006423 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006424 return 0;
6425
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006426 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006427 smp->flags |= SMP_F_MAY_CHANGE;
6428 return 0;
6429 }
6430
Emeric Brunba841a12014-04-30 17:05:08 +02006431 if (cert_peer)
6432 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6433 else
6434 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006435 if (!crt)
6436 goto out;
6437
Willy Tarreau47ca5452012-12-23 20:22:19 +01006438 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006439 if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
6440 goto out;
6441
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006442 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006443 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006444 ret = 1;
6445out:
Emeric Brunba841a12014-04-30 17:05:08 +02006446 /* SSL_get_peer_certificate, it increase X509 * ref count */
6447 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006448 X509_free(crt);
6449 return ret;
6450}
6451
Emeric Brunba841a12014-04-30 17:05:08 +02006452/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6453 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6454 * should be use.
6455 */
Emeric Brun87855892012-10-17 17:39:35 +02006456static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006457smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006458{
Emeric Brunba841a12014-04-30 17:05:08 +02006459 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006460 X509 *crt = NULL;
6461 X509_NAME *name;
6462 int ret = 0;
6463 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006464 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006465
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006466 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006467 if (!conn || conn->xprt != &ssl_sock)
6468 return 0;
6469
6470 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006471 smp->flags |= SMP_F_MAY_CHANGE;
6472 return 0;
6473 }
6474
Emeric Brunba841a12014-04-30 17:05:08 +02006475 if (cert_peer)
6476 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6477 else
6478 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006479 if (!crt)
6480 goto out;
6481
6482 name = X509_get_subject_name(crt);
6483 if (!name)
6484 goto out;
6485
Willy Tarreau47ca5452012-12-23 20:22:19 +01006486 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006487 if (args && args[0].type == ARGT_STR) {
6488 int pos = 1;
6489
6490 if (args[1].type == ARGT_SINT)
6491 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006492
6493 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6494 goto out;
6495 }
6496 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6497 goto out;
6498
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006499 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006500 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006501 ret = 1;
6502out:
Emeric Brunba841a12014-04-30 17:05:08 +02006503 /* SSL_get_peer_certificate, it increase X509 * ref count */
6504 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006505 X509_free(crt);
6506 return ret;
6507}
Emeric Brun9143d372012-12-20 15:44:16 +01006508
6509/* integer, returns true if current session use a client certificate */
6510static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006511smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006512{
6513 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006514 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006515
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006516 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006517 if (!conn || conn->xprt != &ssl_sock)
6518 return 0;
6519
6520 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006521 smp->flags |= SMP_F_MAY_CHANGE;
6522 return 0;
6523 }
6524
6525 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006526 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006527 if (crt) {
6528 X509_free(crt);
6529 }
6530
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006531 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006532 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006533 return 1;
6534}
6535
Emeric Brunba841a12014-04-30 17:05:08 +02006536/* integer, returns the certificate version
6537 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6538 * should be use.
6539 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006540static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006541smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006542{
Emeric Brunba841a12014-04-30 17:05:08 +02006543 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006544 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006545 struct connection *conn;
6546
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006547 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006548 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006549 return 0;
6550
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006551 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006552 smp->flags |= SMP_F_MAY_CHANGE;
6553 return 0;
6554 }
6555
Emeric Brunba841a12014-04-30 17:05:08 +02006556 if (cert_peer)
6557 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6558 else
6559 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006560 if (!crt)
6561 return 0;
6562
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006563 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006564 /* SSL_get_peer_certificate increase X509 * ref count */
6565 if (cert_peer)
6566 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006567 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006568
6569 return 1;
6570}
6571
Emeric Brunba841a12014-04-30 17:05:08 +02006572/* string, returns the certificate's signature algorithm.
6573 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6574 * should be use.
6575 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006576static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006577smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006578{
Emeric Brunba841a12014-04-30 17:05:08 +02006579 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006580 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006581 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006582 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006583 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006584
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006585 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006586 if (!conn || conn->xprt != &ssl_sock)
6587 return 0;
6588
6589 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006590 smp->flags |= SMP_F_MAY_CHANGE;
6591 return 0;
6592 }
6593
Emeric Brunba841a12014-04-30 17:05:08 +02006594 if (cert_peer)
6595 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6596 else
6597 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006598 if (!crt)
6599 return 0;
6600
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006601 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6602 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006603
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006604 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6605 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006606 /* SSL_get_peer_certificate increase X509 * ref count */
6607 if (cert_peer)
6608 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006609 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006610 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006611
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006612 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006613 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006614 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006615 /* SSL_get_peer_certificate increase X509 * ref count */
6616 if (cert_peer)
6617 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006618
6619 return 1;
6620}
6621
Emeric Brunba841a12014-04-30 17:05:08 +02006622/* string, returns the certificate's key algorithm.
6623 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6624 * should be use.
6625 */
Emeric Brun521a0112012-10-22 12:22:55 +02006626static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006627smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006628{
Emeric Brunba841a12014-04-30 17:05:08 +02006629 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006630 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006631 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006632 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006633 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006634
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006635 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006636 if (!conn || conn->xprt != &ssl_sock)
6637 return 0;
6638
6639 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006640 smp->flags |= SMP_F_MAY_CHANGE;
6641 return 0;
6642 }
6643
Emeric Brunba841a12014-04-30 17:05:08 +02006644 if (cert_peer)
6645 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6646 else
6647 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006648 if (!crt)
6649 return 0;
6650
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006651 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6652 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006653
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006654 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6655 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006656 /* SSL_get_peer_certificate increase X509 * ref count */
6657 if (cert_peer)
6658 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006659 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006660 }
Emeric Brun521a0112012-10-22 12:22:55 +02006661
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006662 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006663 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006664 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006665 if (cert_peer)
6666 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006667
6668 return 1;
6669}
6670
Emeric Brun645ae792014-04-30 14:21:06 +02006671/* boolean, returns true if front conn. transport layer is SSL.
6672 * This function is also usable on backend conn if the fetch keyword 5th
6673 * char is 'b'.
6674 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006675static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006676smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006677{
Emeric Bruneb8def92018-02-19 15:59:48 +01006678 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6679 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006680
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006681 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006682 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006683 return 1;
6684}
6685
Emeric Brun2525b6b2012-10-18 15:59:43 +02006686/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006687static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006688smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006689{
6690#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006691 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006692
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006693 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006694 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006695 conn->xprt_ctx &&
6696 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006697 return 1;
6698#else
6699 return 0;
6700#endif
6701}
6702
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006703/* boolean, returns true if client session has been resumed.
6704 * This function is also usable on backend conn if the fetch keyword 5th
6705 * char is 'b'.
6706 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006707static int
6708smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6709{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006710 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6711 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6712
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006713
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006714 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006715 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006716 conn->xprt_ctx &&
6717 SSL_session_reused(conn->xprt_ctx);
6718 return 1;
6719}
6720
Emeric Brun645ae792014-04-30 14:21:06 +02006721/* string, returns the used cipher if front conn. transport layer is SSL.
6722 * This function is also usable on backend conn if the fetch keyword 5th
6723 * char is 'b'.
6724 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006725static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006726smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006727{
Emeric Bruneb8def92018-02-19 15:59:48 +01006728 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6729 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006730
Willy Tarreaube508f12016-03-10 11:47:01 +01006731 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006732 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006733 return 0;
6734
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006735 smp->data.u.str.str = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6736 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006737 return 0;
6738
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006739 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006740 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006741 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006742
6743 return 1;
6744}
6745
Emeric Brun645ae792014-04-30 14:21:06 +02006746/* integer, returns the algoritm's keysize if front conn. transport layer
6747 * is SSL.
6748 * This function is also usable on backend conn if the fetch keyword 5th
6749 * char is 'b'.
6750 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006751static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006752smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006753{
Emeric Bruneb8def92018-02-19 15:59:48 +01006754 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6755 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006756 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006757
Emeric Brun589fcad2012-10-16 14:13:26 +02006758 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006759 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006760 return 0;
6761
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006762 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006763 return 0;
6764
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006765 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006766 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006767
6768 return 1;
6769}
6770
Emeric Brun645ae792014-04-30 14:21:06 +02006771/* integer, returns the used keysize if front conn. transport layer is SSL.
6772 * This function is also usable on backend conn if the fetch keyword 5th
6773 * char is 'b'.
6774 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006775static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006776smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006777{
Emeric Bruneb8def92018-02-19 15:59:48 +01006778 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6779 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006780
Emeric Brun589fcad2012-10-16 14:13:26 +02006781 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006782 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6783 return 0;
6784
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006785 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6786 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006787 return 0;
6788
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006789 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006790
6791 return 1;
6792}
6793
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006794#ifdef OPENSSL_NPN_NEGOTIATED
Willy Tarreau7875d092012-09-10 08:20:03 +02006795static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006796smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006797{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006798 struct connection *conn;
6799
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006800 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006801 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006802
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006803 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006804 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6805 return 0;
6806
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006807 smp->data.u.str.str = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006808 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006809 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006810
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006811 if (!smp->data.u.str.str)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006812 return 0;
6813
6814 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006815}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006816#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006817
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006818#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006819static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006820smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006821{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006822 struct connection *conn;
6823
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006824 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006825 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006826
Willy Tarreaue26bf052015-05-12 10:30:12 +02006827 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006828 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006829 return 0;
6830
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006831 smp->data.u.str.str = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006832 SSL_get0_alpn_selected(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006833 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreauab861d32013-04-02 02:30:41 +02006834
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006835 if (!smp->data.u.str.str)
Willy Tarreauab861d32013-04-02 02:30:41 +02006836 return 0;
6837
6838 return 1;
6839}
6840#endif
6841
Emeric Brun645ae792014-04-30 14:21:06 +02006842/* string, returns the used protocol if front conn. transport layer is SSL.
6843 * This function is also usable on backend conn if the fetch keyword 5th
6844 * char is 'b'.
6845 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02006846static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006847smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006848{
Emeric Bruneb8def92018-02-19 15:59:48 +01006849 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6850 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006851
Emeric Brun589fcad2012-10-16 14:13:26 +02006852 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006853 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6854 return 0;
6855
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006856 smp->data.u.str.str = (char *)SSL_get_version(conn->xprt_ctx);
6857 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006858 return 0;
6859
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006860 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006861 smp->flags = SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006862 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006863
6864 return 1;
6865}
6866
Willy Tarreau87b09662015-04-03 00:22:06 +02006867/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02006868 * This function is also usable on backend conn if the fetch keyword 5th
6869 * char is 'b'.
6870 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006871static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006872smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02006873{
6874#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Bruneb8def92018-02-19 15:59:48 +01006875 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6876 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006877 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01006878
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006879 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006880 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02006881
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006882 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6883 return 0;
6884
Willy Tarreau192252e2015-04-04 01:47:55 +02006885 ssl_sess = SSL_get_session(conn->xprt_ctx);
6886 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02006887 return 0;
6888
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006889 smp->data.u.str.str = (char *)SSL_SESSION_get_id(ssl_sess, (unsigned int *)&smp->data.u.str.len);
6890 if (!smp->data.u.str.str || !smp->data.u.str.len)
Emeric Brunfe68f682012-10-16 14:59:28 +02006891 return 0;
6892
6893 return 1;
6894#else
6895 return 0;
6896#endif
6897}
6898
6899static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006900smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006901{
6902#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006903 struct connection *conn;
6904
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006905 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006906 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02006907
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006908 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006909 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6910 return 0;
6911
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006912 smp->data.u.str.str = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6913 if (!smp->data.u.str.str)
Willy Tarreau3e394c92012-09-14 23:56:58 +02006914 return 0;
6915
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006916 smp->data.u.str.len = strlen(smp->data.u.str.str);
Willy Tarreau7875d092012-09-10 08:20:03 +02006917 return 1;
6918#else
6919 return 0;
6920#endif
6921}
6922
David Sc1ad52e2014-04-08 18:48:47 -04006923static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006924smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
6925{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006926 struct connection *conn;
6927 struct ssl_capture *capture;
6928
6929 conn = objt_conn(smp->sess->origin);
6930 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6931 return 0;
6932
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006933 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006934 if (!capture)
6935 return 0;
6936
6937 smp->flags = SMP_F_CONST;
6938 smp->data.type = SMP_T_BIN;
6939 smp->data.u.str.str = capture->ciphersuite;
6940 smp->data.u.str.len = capture->ciphersuite_len;
6941 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006942}
6943
6944static int
6945smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
6946{
6947 struct chunk *data;
6948
6949 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6950 return 0;
6951
6952 data = get_trash_chunk();
6953 dump_binary(data, smp->data.u.str.str, smp->data.u.str.len);
6954 smp->data.type = SMP_T_BIN;
6955 smp->data.u.str = *data;
6956 return 1;
6957}
6958
6959static int
6960smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
6961{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006962 struct connection *conn;
6963 struct ssl_capture *capture;
6964
6965 conn = objt_conn(smp->sess->origin);
6966 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6967 return 0;
6968
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006969 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006970 if (!capture)
6971 return 0;
6972
6973 smp->data.type = SMP_T_SINT;
6974 smp->data.u.sint = capture->xxh64;
6975 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006976}
6977
6978static int
6979smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
6980{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02006981#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006982 struct chunk *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006983 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006984
6985 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6986 return 0;
6987
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006988 data = get_trash_chunk();
6989 for (i = 0; i + 1 < smp->data.u.str.len; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02006990 const char *str;
6991 const SSL_CIPHER *cipher;
6992 const unsigned char *bin = (const unsigned char *)smp->data.u.str.str + i;
6993 uint16_t id = (bin[0] << 8) | bin[1];
6994#if defined(OPENSSL_IS_BORINGSSL)
6995 cipher = SSL_get_cipher_by_value(id);
6996#else
6997 struct connection *conn = objt_conn(smp->sess->origin);
6998 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
6999#endif
7000 str = SSL_CIPHER_get_name(cipher);
7001 if (!str || strcmp(str, "(NONE)") == 0)
7002 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007003 else
7004 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7005 }
7006 smp->data.type = SMP_T_STR;
7007 smp->data.u.str = *data;
7008 return 1;
7009#else
7010 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7011#endif
7012}
7013
7014static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007015smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007016{
7017#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Bruneb8def92018-02-19 15:59:48 +01007018 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7019 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007020 int finished_len;
David Sc1ad52e2014-04-08 18:48:47 -04007021 struct chunk *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007022
7023 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007024 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7025 return 0;
7026
7027 if (!(conn->flags & CO_FL_CONNECTED)) {
7028 smp->flags |= SMP_F_MAY_CHANGE;
7029 return 0;
7030 }
7031
7032 finished_trash = get_trash_chunk();
7033 if (!SSL_session_reused(conn->xprt_ctx))
7034 finished_len = SSL_get_peer_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
7035 else
7036 finished_len = SSL_get_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
7037
7038 if (!finished_len)
7039 return 0;
7040
Emeric Brunb73a9b02014-04-30 18:49:19 +02007041 finished_trash->len = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007042 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007043 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007044
7045 return 1;
7046#else
7047 return 0;
7048#endif
7049}
7050
Emeric Brun2525b6b2012-10-18 15:59:43 +02007051/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007052static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007053smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007054{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007055 struct connection *conn;
7056
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007057 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007058 if (!conn || conn->xprt != &ssl_sock)
7059 return 0;
7060
7061 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007062 smp->flags = SMP_F_MAY_CHANGE;
7063 return 0;
7064 }
7065
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007066 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007067 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007068 smp->flags = 0;
7069
7070 return 1;
7071}
7072
Emeric Brun2525b6b2012-10-18 15:59:43 +02007073/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007074static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007075smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007076{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007077 struct connection *conn;
7078
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007079 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007080 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007081 return 0;
7082
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007083 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007084 smp->flags = SMP_F_MAY_CHANGE;
7085 return 0;
7086 }
7087
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007088 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007089 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007090 smp->flags = 0;
7091
7092 return 1;
7093}
7094
Emeric Brun2525b6b2012-10-18 15:59:43 +02007095/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007096static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007097smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007098{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007099 struct connection *conn;
7100
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007101 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007102 if (!conn || conn->xprt != &ssl_sock)
7103 return 0;
7104
7105 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007106 smp->flags = SMP_F_MAY_CHANGE;
7107 return 0;
7108 }
7109
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007110 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007111 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007112 smp->flags = 0;
7113
7114 return 1;
7115}
7116
Emeric Brun2525b6b2012-10-18 15:59:43 +02007117/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007118static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007119smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007120{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007121 struct connection *conn;
7122
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007123 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007124 if (!conn || conn->xprt != &ssl_sock)
7125 return 0;
7126
7127 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007128 smp->flags = SMP_F_MAY_CHANGE;
7129 return 0;
7130 }
7131
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007132 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007133 return 0;
7134
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007135 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007136 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007137 smp->flags = 0;
7138
7139 return 1;
7140}
7141
Emeric Brunfb510ea2012-10-05 12:00:26 +02007142/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007143static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007144{
7145 if (!*args[cur_arg + 1]) {
7146 if (err)
7147 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7148 return ERR_ALERT | ERR_FATAL;
7149 }
7150
Willy Tarreauef934602016-12-22 23:12:01 +01007151 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7152 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007153 else
7154 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007155
Emeric Brund94b3fe2012-09-20 18:23:56 +02007156 return 0;
7157}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007158static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7159{
7160 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7161}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007162
Christopher Faulet31af49d2015-06-09 17:29:50 +02007163/* parse the "ca-sign-file" bind keyword */
7164static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7165{
7166 if (!*args[cur_arg + 1]) {
7167 if (err)
7168 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7169 return ERR_ALERT | ERR_FATAL;
7170 }
7171
Willy Tarreauef934602016-12-22 23:12:01 +01007172 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7173 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007174 else
7175 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7176
7177 return 0;
7178}
7179
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007180/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007181static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7182{
7183 if (!*args[cur_arg + 1]) {
7184 if (err)
7185 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7186 return ERR_ALERT | ERR_FATAL;
7187 }
7188 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7189 return 0;
7190}
7191
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007192/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007193static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007194{
7195 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007196 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007197 return ERR_ALERT | ERR_FATAL;
7198 }
7199
Emeric Brun76d88952012-10-05 15:47:31 +02007200 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007201 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007202 return 0;
7203}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007204static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7205{
7206 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7207}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007208/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007209static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007210{
Willy Tarreau38011032013-08-13 16:59:39 +02007211 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007212
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007213 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007214 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007215 return ERR_ALERT | ERR_FATAL;
7216 }
7217
Willy Tarreauef934602016-12-22 23:12:01 +01007218 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7219 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007220 memprintf(err, "'%s' : path too long", args[cur_arg]);
7221 return ERR_ALERT | ERR_FATAL;
7222 }
Willy Tarreauef934602016-12-22 23:12:01 +01007223 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007224 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007225 return ERR_ALERT | ERR_FATAL;
7226
7227 return 0;
7228 }
7229
Willy Tarreau03209342016-12-22 17:08:28 +01007230 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007231 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007232
7233 return 0;
7234}
7235
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007236/* parse the "crt-list" bind keyword */
7237static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7238{
7239 if (!*args[cur_arg + 1]) {
7240 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7241 return ERR_ALERT | ERR_FATAL;
7242 }
7243
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007244 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007245 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007246 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007247 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007248
7249 return 0;
7250}
7251
Emeric Brunfb510ea2012-10-05 12:00:26 +02007252/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007253static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007254{
Emeric Brun051cdab2012-10-02 19:25:50 +02007255#ifndef X509_V_FLAG_CRL_CHECK
7256 if (err)
7257 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7258 return ERR_ALERT | ERR_FATAL;
7259#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007260 if (!*args[cur_arg + 1]) {
7261 if (err)
7262 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7263 return ERR_ALERT | ERR_FATAL;
7264 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007265
Willy Tarreauef934602016-12-22 23:12:01 +01007266 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7267 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007268 else
7269 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007270
Emeric Brun2b58d042012-09-20 17:10:03 +02007271 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007272#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007273}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007274static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7275{
7276 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7277}
Emeric Brun2b58d042012-09-20 17:10:03 +02007278
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007279/* parse the "curves" bind keyword keyword */
7280static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7281{
7282#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7283 if (!*args[cur_arg + 1]) {
7284 if (err)
7285 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7286 return ERR_ALERT | ERR_FATAL;
7287 }
7288 conf->curves = strdup(args[cur_arg + 1]);
7289 return 0;
7290#else
7291 if (err)
7292 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7293 return ERR_ALERT | ERR_FATAL;
7294#endif
7295}
7296static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7297{
7298 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7299}
7300
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007301/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007302static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007303{
7304#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7305 if (err)
7306 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7307 return ERR_ALERT | ERR_FATAL;
7308#elif defined(OPENSSL_NO_ECDH)
7309 if (err)
7310 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7311 return ERR_ALERT | ERR_FATAL;
7312#else
7313 if (!*args[cur_arg + 1]) {
7314 if (err)
7315 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7316 return ERR_ALERT | ERR_FATAL;
7317 }
7318
7319 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007320
7321 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007322#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007323}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007324static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7325{
7326 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7327}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007328
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007329/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007330static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7331{
7332 int code;
7333 char *p = args[cur_arg + 1];
7334 unsigned long long *ignerr = &conf->crt_ignerr;
7335
7336 if (!*p) {
7337 if (err)
7338 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7339 return ERR_ALERT | ERR_FATAL;
7340 }
7341
7342 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7343 ignerr = &conf->ca_ignerr;
7344
7345 if (strcmp(p, "all") == 0) {
7346 *ignerr = ~0ULL;
7347 return 0;
7348 }
7349
7350 while (p) {
7351 code = atoi(p);
7352 if ((code <= 0) || (code > 63)) {
7353 if (err)
7354 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7355 args[cur_arg], code, args[cur_arg + 1]);
7356 return ERR_ALERT | ERR_FATAL;
7357 }
7358 *ignerr |= 1ULL << code;
7359 p = strchr(p, ',');
7360 if (p)
7361 p++;
7362 }
7363
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007364 return 0;
7365}
7366
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007367/* parse tls_method_options "no-xxx" and "force-xxx" */
7368static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007369{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007370 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007371 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007372 p = strchr(arg, '-');
7373 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007374 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007375 p++;
7376 if (!strcmp(p, "sslv3"))
7377 v = CONF_SSLV3;
7378 else if (!strcmp(p, "tlsv10"))
7379 v = CONF_TLSV10;
7380 else if (!strcmp(p, "tlsv11"))
7381 v = CONF_TLSV11;
7382 else if (!strcmp(p, "tlsv12"))
7383 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007384 else if (!strcmp(p, "tlsv13"))
7385 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007386 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007387 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007388 if (!strncmp(arg, "no-", 3))
7389 methods->flags |= methodVersions[v].flag;
7390 else if (!strncmp(arg, "force-", 6))
7391 methods->min = methods->max = v;
7392 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007393 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007394 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007395 fail:
7396 if (err)
7397 memprintf(err, "'%s' : option not implemented", arg);
7398 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007399}
7400
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007401static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007402{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007403 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007404}
7405
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007406static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007407{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007408 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7409}
7410
7411/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7412static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7413{
7414 uint16_t i, v = 0;
7415 char *argv = args[cur_arg + 1];
7416 if (!*argv) {
7417 if (err)
7418 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7419 return ERR_ALERT | ERR_FATAL;
7420 }
7421 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7422 if (!strcmp(argv, methodVersions[i].name))
7423 v = i;
7424 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007425 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007426 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007427 return ERR_ALERT | ERR_FATAL;
7428 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007429 if (!strcmp("ssl-min-ver", args[cur_arg]))
7430 methods->min = v;
7431 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7432 methods->max = v;
7433 else {
7434 if (err)
7435 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7436 return ERR_ALERT | ERR_FATAL;
7437 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007438 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007439}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007440
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007441static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7442{
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02007443#if (OPENSSL_VERSION_NUMBER < 0x10101000L) || !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007444 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007445#endif
7446 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7447}
7448
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007449static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7450{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007451 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007452}
7453
7454static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7455{
7456 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7457}
7458
Emeric Brun2d0c4822012-10-02 13:45:20 +02007459/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007460static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007461{
Emeric Brun89675492012-10-05 13:48:26 +02007462 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007463 return 0;
7464}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007465
Olivier Houchardc2aae742017-09-22 18:26:28 +02007466/* parse the "allow-0rtt" bind keyword */
7467static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7468{
7469 conf->early_data = 1;
7470 return 0;
7471}
7472
7473static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7474{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007475 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007476 return 0;
7477}
7478
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007479/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007480static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007481{
7482#ifdef OPENSSL_NPN_NEGOTIATED
7483 char *p1, *p2;
7484
7485 if (!*args[cur_arg + 1]) {
7486 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7487 return ERR_ALERT | ERR_FATAL;
7488 }
7489
7490 free(conf->npn_str);
7491
Willy Tarreau3724da12016-02-12 17:11:12 +01007492 /* the NPN string is built as a suite of (<len> <name>)*,
7493 * so we reuse each comma to store the next <len> and need
7494 * one more for the end of the string.
7495 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007496 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007497 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007498 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7499
7500 /* replace commas with the name length */
7501 p1 = conf->npn_str;
7502 p2 = p1 + 1;
7503 while (1) {
7504 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7505 if (!p2)
7506 p2 = p1 + 1 + strlen(p1 + 1);
7507
7508 if (p2 - (p1 + 1) > 255) {
7509 *p2 = '\0';
7510 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7511 return ERR_ALERT | ERR_FATAL;
7512 }
7513
7514 *p1 = p2 - (p1 + 1);
7515 p1 = p2;
7516
7517 if (!*p2)
7518 break;
7519
7520 *(p2++) = '\0';
7521 }
7522 return 0;
7523#else
7524 if (err)
7525 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7526 return ERR_ALERT | ERR_FATAL;
7527#endif
7528}
7529
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007530static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7531{
7532 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7533}
7534
Willy Tarreauab861d32013-04-02 02:30:41 +02007535/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007536static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007537{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007538#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007539 char *p1, *p2;
7540
7541 if (!*args[cur_arg + 1]) {
7542 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7543 return ERR_ALERT | ERR_FATAL;
7544 }
7545
7546 free(conf->alpn_str);
7547
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007548 /* the ALPN string is built as a suite of (<len> <name>)*,
7549 * so we reuse each comma to store the next <len> and need
7550 * one more for the end of the string.
7551 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007552 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007553 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007554 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7555
7556 /* replace commas with the name length */
7557 p1 = conf->alpn_str;
7558 p2 = p1 + 1;
7559 while (1) {
7560 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7561 if (!p2)
7562 p2 = p1 + 1 + strlen(p1 + 1);
7563
7564 if (p2 - (p1 + 1) > 255) {
7565 *p2 = '\0';
7566 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7567 return ERR_ALERT | ERR_FATAL;
7568 }
7569
7570 *p1 = p2 - (p1 + 1);
7571 p1 = p2;
7572
7573 if (!*p2)
7574 break;
7575
7576 *(p2++) = '\0';
7577 }
7578 return 0;
7579#else
7580 if (err)
7581 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7582 return ERR_ALERT | ERR_FATAL;
7583#endif
7584}
7585
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007586static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7587{
7588 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7589}
7590
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007591/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007592static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007593{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007594 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007595 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007596
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007597 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7598 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007599 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007600 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7601 if (!conf->ssl_conf.ssl_methods.min)
7602 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7603 if (!conf->ssl_conf.ssl_methods.max)
7604 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007605
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007606 return 0;
7607}
7608
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007609/* parse the "prefer-client-ciphers" bind keyword */
7610static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7611{
7612 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7613 return 0;
7614}
7615
Christopher Faulet31af49d2015-06-09 17:29:50 +02007616/* parse the "generate-certificates" bind keyword */
7617static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7618{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007619#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007620 conf->generate_certs = 1;
7621#else
7622 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7623 err && *err ? *err : "");
7624#endif
7625 return 0;
7626}
7627
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007628/* parse the "strict-sni" bind keyword */
7629static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7630{
7631 conf->strict_sni = 1;
7632 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007633}
7634
7635/* parse the "tls-ticket-keys" bind keyword */
7636static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7637{
7638#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7639 FILE *f;
7640 int i = 0;
7641 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007642 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007643
7644 if (!*args[cur_arg + 1]) {
7645 if (err)
7646 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7647 return ERR_ALERT | ERR_FATAL;
7648 }
7649
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007650 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
7651 if(keys_ref) {
7652 conf->keys_ref = keys_ref;
7653 return 0;
7654 }
7655
Vincent Bernat02779b62016-04-03 13:48:43 +02007656 keys_ref = malloc(sizeof(*keys_ref));
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007657 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007658
7659 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
7660 if (err)
7661 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7662 return ERR_ALERT | ERR_FATAL;
7663 }
7664
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007665 keys_ref->filename = strdup(args[cur_arg + 1]);
7666
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007667 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7668 int len = strlen(thisline);
7669 /* Strip newline characters from the end */
7670 if(thisline[len - 1] == '\n')
7671 thisline[--len] = 0;
7672
7673 if(thisline[len - 1] == '\r')
7674 thisline[--len] = 0;
7675
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007676 if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007677 if (err)
7678 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007679 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007680 return ERR_ALERT | ERR_FATAL;
7681 }
7682 i++;
7683 }
7684
7685 if (i < TLS_TICKETS_NO) {
7686 if (err)
7687 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007688 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007689 return ERR_ALERT | ERR_FATAL;
7690 }
7691
7692 fclose(f);
7693
7694 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007695 i -= 2;
7696 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007697 keys_ref->unique_id = -1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007698 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007699 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007700
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007701 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7702
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007703 return 0;
7704#else
7705 if (err)
7706 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7707 return ERR_ALERT | ERR_FATAL;
7708#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007709}
7710
Emeric Brund94b3fe2012-09-20 18:23:56 +02007711/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007712static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007713{
7714 if (!*args[cur_arg + 1]) {
7715 if (err)
7716 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7717 return ERR_ALERT | ERR_FATAL;
7718 }
7719
7720 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007721 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007722 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007723 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007724 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007725 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007726 else {
7727 if (err)
7728 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7729 args[cur_arg], args[cur_arg + 1]);
7730 return ERR_ALERT | ERR_FATAL;
7731 }
7732
7733 return 0;
7734}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007735static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7736{
7737 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
7738}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007739
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02007740/* parse the "no-ca-names" bind keyword */
7741static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7742{
7743 conf->no_ca_names = 1;
7744 return 0;
7745}
7746static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7747{
7748 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
7749}
7750
Willy Tarreau92faadf2012-10-10 23:04:25 +02007751/************** "server" keywords ****************/
7752
Emeric Brunef42d922012-10-11 16:11:36 +02007753/* parse the "ca-file" server keyword */
7754static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7755{
7756 if (!*args[*cur_arg + 1]) {
7757 if (err)
7758 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
7759 return ERR_ALERT | ERR_FATAL;
7760 }
7761
Willy Tarreauef934602016-12-22 23:12:01 +01007762 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7763 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007764 else
7765 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
7766
7767 return 0;
7768}
7769
Olivier Houchard9130a962017-10-17 17:33:43 +02007770/* parse the "check-sni" server keyword */
7771static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7772{
7773 if (!*args[*cur_arg + 1]) {
7774 if (err)
7775 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
7776 return ERR_ALERT | ERR_FATAL;
7777 }
7778
7779 newsrv->check.sni = strdup(args[*cur_arg + 1]);
7780 if (!newsrv->check.sni) {
7781 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
7782 return ERR_ALERT | ERR_FATAL;
7783 }
7784 return 0;
7785
7786}
7787
Willy Tarreau92faadf2012-10-10 23:04:25 +02007788/* parse the "check-ssl" server keyword */
7789static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7790{
7791 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007792 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7793 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
7794 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007795 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
7796 if (!newsrv->ssl_ctx.methods.min)
7797 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
7798 if (!newsrv->ssl_ctx.methods.max)
7799 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
7800
Willy Tarreau92faadf2012-10-10 23:04:25 +02007801 return 0;
7802}
7803
7804/* parse the "ciphers" server keyword */
7805static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7806{
7807 if (!*args[*cur_arg + 1]) {
7808 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
7809 return ERR_ALERT | ERR_FATAL;
7810 }
7811
7812 free(newsrv->ssl_ctx.ciphers);
7813 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
7814 return 0;
7815}
7816
Emeric Brunef42d922012-10-11 16:11:36 +02007817/* parse the "crl-file" server keyword */
7818static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7819{
7820#ifndef X509_V_FLAG_CRL_CHECK
7821 if (err)
7822 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
7823 return ERR_ALERT | ERR_FATAL;
7824#else
7825 if (!*args[*cur_arg + 1]) {
7826 if (err)
7827 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
7828 return ERR_ALERT | ERR_FATAL;
7829 }
7830
Willy Tarreauef934602016-12-22 23:12:01 +01007831 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7832 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007833 else
7834 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
7835
7836 return 0;
7837#endif
7838}
7839
Emeric Bruna7aa3092012-10-26 12:58:00 +02007840/* parse the "crt" server keyword */
7841static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7842{
7843 if (!*args[*cur_arg + 1]) {
7844 if (err)
7845 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
7846 return ERR_ALERT | ERR_FATAL;
7847 }
7848
Willy Tarreauef934602016-12-22 23:12:01 +01007849 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01007850 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02007851 else
7852 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
7853
7854 return 0;
7855}
Emeric Brunef42d922012-10-11 16:11:36 +02007856
Frédéric Lécaille340ae602017-03-13 10:38:04 +01007857/* parse the "no-check-ssl" server keyword */
7858static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7859{
7860 newsrv->check.use_ssl = 0;
7861 free(newsrv->ssl_ctx.ciphers);
7862 newsrv->ssl_ctx.ciphers = NULL;
7863 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
7864 return 0;
7865}
7866
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01007867/* parse the "no-send-proxy-v2-ssl" server keyword */
7868static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7869{
7870 newsrv->pp_opts &= ~SRV_PP_V2;
7871 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7872 return 0;
7873}
7874
7875/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
7876static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7877{
7878 newsrv->pp_opts &= ~SRV_PP_V2;
7879 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7880 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
7881 return 0;
7882}
7883
Frédéric Lécaillee381d762017-03-13 11:54:17 +01007884/* parse the "no-ssl" server keyword */
7885static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7886{
7887 newsrv->use_ssl = 0;
7888 free(newsrv->ssl_ctx.ciphers);
7889 newsrv->ssl_ctx.ciphers = NULL;
7890 return 0;
7891}
7892
Olivier Houchard522eea72017-11-03 16:27:47 +01007893/* parse the "allow-0rtt" server keyword */
7894static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7895{
7896 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
7897 return 0;
7898}
7899
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01007900/* parse the "no-ssl-reuse" server keyword */
7901static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7902{
7903 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
7904 return 0;
7905}
7906
Emeric Brunf9c5c472012-10-11 15:28:34 +02007907/* parse the "no-tls-tickets" server keyword */
7908static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7909{
7910 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
7911 return 0;
7912}
David Safb76832014-05-08 23:42:08 -04007913/* parse the "send-proxy-v2-ssl" server keyword */
7914static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7915{
7916 newsrv->pp_opts |= SRV_PP_V2;
7917 newsrv->pp_opts |= SRV_PP_V2_SSL;
7918 return 0;
7919}
7920
7921/* parse the "send-proxy-v2-ssl-cn" server keyword */
7922static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7923{
7924 newsrv->pp_opts |= SRV_PP_V2;
7925 newsrv->pp_opts |= SRV_PP_V2_SSL;
7926 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
7927 return 0;
7928}
Emeric Brunf9c5c472012-10-11 15:28:34 +02007929
Willy Tarreau732eac42015-07-09 11:40:25 +02007930/* parse the "sni" server keyword */
7931static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7932{
7933#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
7934 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
7935 return ERR_ALERT | ERR_FATAL;
7936#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007937 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02007938
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007939 arg = args[*cur_arg + 1];
7940 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02007941 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
7942 return ERR_ALERT | ERR_FATAL;
7943 }
7944
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007945 free(newsrv->sni_expr);
7946 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02007947
Willy Tarreau732eac42015-07-09 11:40:25 +02007948 return 0;
7949#endif
7950}
7951
Willy Tarreau92faadf2012-10-10 23:04:25 +02007952/* parse the "ssl" server keyword */
7953static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7954{
7955 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007956 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7957 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau92faadf2012-10-10 23:04:25 +02007958 return 0;
7959}
7960
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007961/* parse the "ssl-reuse" server keyword */
7962static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7963{
7964 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
7965 return 0;
7966}
7967
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007968/* parse the "tls-tickets" server keyword */
7969static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7970{
7971 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
7972 return 0;
7973}
7974
Emeric Brunef42d922012-10-11 16:11:36 +02007975/* parse the "verify" server keyword */
7976static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7977{
7978 if (!*args[*cur_arg + 1]) {
7979 if (err)
7980 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
7981 return ERR_ALERT | ERR_FATAL;
7982 }
7983
7984 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007985 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02007986 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007987 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02007988 else {
7989 if (err)
7990 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
7991 args[*cur_arg], args[*cur_arg + 1]);
7992 return ERR_ALERT | ERR_FATAL;
7993 }
7994
Evan Broderbe554312013-06-27 00:05:25 -07007995 return 0;
7996}
7997
7998/* parse the "verifyhost" server keyword */
7999static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8000{
8001 if (!*args[*cur_arg + 1]) {
8002 if (err)
8003 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8004 return ERR_ALERT | ERR_FATAL;
8005 }
8006
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008007 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008008 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8009
Emeric Brunef42d922012-10-11 16:11:36 +02008010 return 0;
8011}
8012
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008013/* parse the "ssl-default-bind-options" keyword in global section */
8014static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8015 struct proxy *defpx, const char *file, int line,
8016 char **err) {
8017 int i = 1;
8018
8019 if (*(args[i]) == 0) {
8020 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8021 return -1;
8022 }
8023 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008024 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008025 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008026 else if (!strcmp(args[i], "prefer-client-ciphers"))
8027 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008028 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8029 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8030 i++;
8031 else {
8032 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8033 return -1;
8034 }
8035 }
8036 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008037 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8038 return -1;
8039 }
8040 i++;
8041 }
8042 return 0;
8043}
8044
8045/* parse the "ssl-default-server-options" keyword in global section */
8046static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8047 struct proxy *defpx, const char *file, int line,
8048 char **err) {
8049 int i = 1;
8050
8051 if (*(args[i]) == 0) {
8052 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8053 return -1;
8054 }
8055 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008056 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008057 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008058 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8059 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8060 i++;
8061 else {
8062 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8063 return -1;
8064 }
8065 }
8066 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008067 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8068 return -1;
8069 }
8070 i++;
8071 }
8072 return 0;
8073}
8074
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008075/* parse the "ca-base" / "crt-base" keywords in global section.
8076 * Returns <0 on alert, >0 on warning, 0 on success.
8077 */
8078static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8079 struct proxy *defpx, const char *file, int line,
8080 char **err)
8081{
8082 char **target;
8083
Willy Tarreauef934602016-12-22 23:12:01 +01008084 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008085
8086 if (too_many_args(1, args, err, NULL))
8087 return -1;
8088
8089 if (*target) {
8090 memprintf(err, "'%s' already specified.", args[0]);
8091 return -1;
8092 }
8093
8094 if (*(args[1]) == 0) {
8095 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8096 return -1;
8097 }
8098 *target = strdup(args[1]);
8099 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008100}
8101
8102/* parse the "ssl-mode-async" keyword in global section.
8103 * Returns <0 on alert, >0 on warning, 0 on success.
8104 */
8105static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8106 struct proxy *defpx, const char *file, int line,
8107 char **err)
8108{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008109#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008110 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008111 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008112 return 0;
8113#else
8114 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8115 return -1;
8116#endif
8117}
8118
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008119#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008120static int ssl_check_async_engine_count(void) {
8121 int err_code = 0;
8122
Emeric Brun3854e012017-05-17 20:42:48 +02008123 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008124 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008125 err_code = ERR_ABORT;
8126 }
8127 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008128}
8129
Grant Zhang872f9c22017-01-21 01:10:18 +00008130/* parse the "ssl-engine" keyword in global section.
8131 * Returns <0 on alert, >0 on warning, 0 on success.
8132 */
8133static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8134 struct proxy *defpx, const char *file, int line,
8135 char **err)
8136{
8137 char *algo;
8138 int ret = -1;
8139
8140 if (*(args[1]) == 0) {
8141 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8142 return ret;
8143 }
8144
8145 if (*(args[2]) == 0) {
8146 /* if no list of algorithms is given, it defaults to ALL */
8147 algo = strdup("ALL");
8148 goto add_engine;
8149 }
8150
8151 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8152 if (strcmp(args[2], "algo") != 0) {
8153 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8154 return ret;
8155 }
8156
8157 if (*(args[3]) == 0) {
8158 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8159 return ret;
8160 }
8161 algo = strdup(args[3]);
8162
8163add_engine:
8164 if (ssl_init_single_engine(args[1], algo)==0) {
8165 openssl_engines_initialized++;
8166 ret = 0;
8167 }
8168 free(algo);
8169 return ret;
8170}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008171#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008172
Willy Tarreauf22e9682016-12-21 23:23:19 +01008173/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8174 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8175 */
8176static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8177 struct proxy *defpx, const char *file, int line,
8178 char **err)
8179{
8180 char **target;
8181
Willy Tarreauef934602016-12-22 23:12:01 +01008182 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008183
8184 if (too_many_args(1, args, err, NULL))
8185 return -1;
8186
8187 if (*(args[1]) == 0) {
8188 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8189 return -1;
8190 }
8191
8192 free(*target);
8193 *target = strdup(args[1]);
8194 return 0;
8195}
8196
Willy Tarreau9ceda382016-12-21 23:13:03 +01008197/* parse various global tune.ssl settings consisting in positive integers.
8198 * Returns <0 on alert, >0 on warning, 0 on success.
8199 */
8200static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8201 struct proxy *defpx, const char *file, int line,
8202 char **err)
8203{
8204 int *target;
8205
8206 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8207 target = &global.tune.sslcachesize;
8208 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008209 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008210 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008211 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008212 else if (strcmp(args[0], "maxsslconn") == 0)
8213 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008214 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8215 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008216 else {
8217 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8218 return -1;
8219 }
8220
8221 if (too_many_args(1, args, err, NULL))
8222 return -1;
8223
8224 if (*(args[1]) == 0) {
8225 memprintf(err, "'%s' expects an integer argument.", args[0]);
8226 return -1;
8227 }
8228
8229 *target = atoi(args[1]);
8230 if (*target < 0) {
8231 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8232 return -1;
8233 }
8234 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008235}
8236
8237static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8238 struct proxy *defpx, const char *file, int line,
8239 char **err)
8240{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008241 int ret;
8242
8243 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8244 if (ret != 0)
8245 return ret;
8246
Willy Tarreaubafbe012017-11-24 17:34:44 +01008247 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008248 memprintf(err, "'%s' is already configured.", args[0]);
8249 return -1;
8250 }
8251
Willy Tarreaubafbe012017-11-24 17:34:44 +01008252 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8253 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008254 memprintf(err, "Out of memory error.");
8255 return -1;
8256 }
8257 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008258}
8259
8260/* parse "ssl.force-private-cache".
8261 * Returns <0 on alert, >0 on warning, 0 on success.
8262 */
8263static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8264 struct proxy *defpx, const char *file, int line,
8265 char **err)
8266{
8267 if (too_many_args(0, args, err, NULL))
8268 return -1;
8269
Willy Tarreauef934602016-12-22 23:12:01 +01008270 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008271 return 0;
8272}
8273
8274/* parse "ssl.lifetime".
8275 * Returns <0 on alert, >0 on warning, 0 on success.
8276 */
8277static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8278 struct proxy *defpx, const char *file, int line,
8279 char **err)
8280{
8281 const char *res;
8282
8283 if (too_many_args(1, args, err, NULL))
8284 return -1;
8285
8286 if (*(args[1]) == 0) {
8287 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8288 return -1;
8289 }
8290
Willy Tarreauef934602016-12-22 23:12:01 +01008291 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008292 if (res) {
8293 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8294 return -1;
8295 }
8296 return 0;
8297}
8298
8299#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008300/* parse "ssl-dh-param-file".
8301 * Returns <0 on alert, >0 on warning, 0 on success.
8302 */
8303static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8304 struct proxy *defpx, const char *file, int line,
8305 char **err)
8306{
8307 if (too_many_args(1, args, err, NULL))
8308 return -1;
8309
8310 if (*(args[1]) == 0) {
8311 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8312 return -1;
8313 }
8314
8315 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8316 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8317 return -1;
8318 }
8319 return 0;
8320}
8321
Willy Tarreau9ceda382016-12-21 23:13:03 +01008322/* parse "ssl.default-dh-param".
8323 * Returns <0 on alert, >0 on warning, 0 on success.
8324 */
8325static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8326 struct proxy *defpx, const char *file, int line,
8327 char **err)
8328{
8329 if (too_many_args(1, args, err, NULL))
8330 return -1;
8331
8332 if (*(args[1]) == 0) {
8333 memprintf(err, "'%s' expects an integer argument.", args[0]);
8334 return -1;
8335 }
8336
Willy Tarreauef934602016-12-22 23:12:01 +01008337 global_ssl.default_dh_param = atoi(args[1]);
8338 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008339 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8340 return -1;
8341 }
8342 return 0;
8343}
8344#endif
8345
8346
William Lallemand32af2032016-10-29 18:09:35 +02008347/* This function is used with TLS ticket keys management. It permits to browse
8348 * each reference. The variable <getnext> must contain the current node,
8349 * <end> point to the root node.
8350 */
8351#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8352static inline
8353struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8354{
8355 struct tls_keys_ref *ref = getnext;
8356
8357 while (1) {
8358
8359 /* Get next list entry. */
8360 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8361
8362 /* If the entry is the last of the list, return NULL. */
8363 if (&ref->list == end)
8364 return NULL;
8365
8366 return ref;
8367 }
8368}
8369
8370static inline
8371struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8372{
8373 int id;
8374 char *error;
8375
8376 /* If the reference starts by a '#', this is numeric id. */
8377 if (reference[0] == '#') {
8378 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8379 id = strtol(reference + 1, &error, 10);
8380 if (*error != '\0')
8381 return NULL;
8382
8383 /* Perform the unique id lookup. */
8384 return tlskeys_ref_lookupid(id);
8385 }
8386
8387 /* Perform the string lookup. */
8388 return tlskeys_ref_lookup(reference);
8389}
8390#endif
8391
8392
8393#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8394
8395static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8396
8397static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8398 return cli_io_handler_tlskeys_files(appctx);
8399}
8400
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008401/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8402 * (next index to be dumped), and cli.p0 (next key reference).
8403 */
William Lallemand32af2032016-10-29 18:09:35 +02008404static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8405
8406 struct stream_interface *si = appctx->owner;
8407
8408 switch (appctx->st2) {
8409 case STAT_ST_INIT:
8410 /* Display the column headers. If the message cannot be sent,
8411 * quit the fucntion with returning 0. The function is called
8412 * later and restart at the state "STAT_ST_INIT".
8413 */
8414 chunk_reset(&trash);
8415
8416 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8417 chunk_appendf(&trash, "# id secret\n");
8418 else
8419 chunk_appendf(&trash, "# id (file)\n");
8420
Willy Tarreau06d80a92017-10-19 14:32:15 +02008421 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008422 si_applet_cant_put(si);
8423 return 0;
8424 }
8425
William Lallemand32af2032016-10-29 18:09:35 +02008426 /* Now, we start the browsing of the references lists.
8427 * Note that the following call to LIST_ELEM return bad pointer. The only
8428 * available field of this pointer is <list>. It is used with the function
8429 * tlskeys_list_get_next() for retruning the first available entry
8430 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008431 if (appctx->ctx.cli.p0 == NULL) {
8432 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8433 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008434 }
8435
8436 appctx->st2 = STAT_ST_LIST;
8437 /* fall through */
8438
8439 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008440 while (appctx->ctx.cli.p0) {
8441 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008442
8443 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008444 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008445 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008446
8447 if (appctx->ctx.cli.i1 == 0)
8448 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8449
William Lallemand32af2032016-10-29 18:09:35 +02008450 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008451 int head;
8452
8453 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8454 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008455 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
William Lallemand32af2032016-10-29 18:09:35 +02008456 struct chunk *t2 = get_trash_chunk();
8457
8458 chunk_reset(t2);
8459 /* should never fail here because we dump only a key in the t2 buffer */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008460 t2->len = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
William Lallemand32af2032016-10-29 18:09:35 +02008461 sizeof(struct tls_sess_key), t2->str, t2->size);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008462 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1, t2->str);
William Lallemand32af2032016-10-29 18:09:35 +02008463
Willy Tarreau06d80a92017-10-19 14:32:15 +02008464 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008465 /* let's try again later from this stream. We add ourselves into
8466 * this stream's users so that it can remove us upon termination.
8467 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008468 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
William Lallemand32af2032016-10-29 18:09:35 +02008469 si_applet_cant_put(si);
8470 return 0;
8471 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008472 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008473 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008474 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008475 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008476 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008477 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008478 /* let's try again later from this stream. We add ourselves into
8479 * this stream's users so that it can remove us upon termination.
8480 */
8481 si_applet_cant_put(si);
8482 return 0;
8483 }
8484
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008485 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008486 break;
8487
8488 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008489 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008490 }
8491
8492 appctx->st2 = STAT_ST_FIN;
8493 /* fall through */
8494
8495 default:
8496 appctx->st2 = STAT_ST_FIN;
8497 return 1;
8498 }
8499 return 0;
8500}
8501
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008502/* sets cli.i0 to non-zero if only file lists should be dumped */
William Lallemand32af2032016-10-29 18:09:35 +02008503static int cli_parse_show_tlskeys(char **args, struct appctx *appctx, void *private)
8504{
William Lallemand32af2032016-10-29 18:09:35 +02008505 /* no parameter, shows only file list */
8506 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008507 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008508 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008509 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008510 }
8511
8512 if (args[2][0] == '*') {
8513 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008514 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008515 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008516 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8517 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008518 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008519 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008520 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008521 return 1;
8522 }
8523 }
William Lallemand32af2032016-10-29 18:09:35 +02008524 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008525 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008526}
8527
William Lallemand32af2032016-10-29 18:09:35 +02008528static int cli_parse_set_tlskeys(char **args, struct appctx *appctx, void *private)
8529{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008530 struct tls_keys_ref *ref;
8531
William Lallemand32af2032016-10-29 18:09:35 +02008532 /* Expect two parameters: the filename and the new new TLS key in encoding */
8533 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008534 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008535 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008536 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008537 return 1;
8538 }
8539
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008540 ref = tlskeys_ref_lookup_ref(args[3]);
8541 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008542 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008543 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008544 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008545 return 1;
8546 }
8547
8548 trash.len = base64dec(args[4], strlen(args[4]), trash.str, trash.size);
8549 if (trash.len != sizeof(struct tls_sess_key)) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008550 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008551 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008552 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008553 return 1;
8554 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008555 ssl_sock_update_tlskey_ref(ref, &trash);
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008556 appctx->ctx.cli.severity = LOG_INFO;
William Lallemand32af2032016-10-29 18:09:35 +02008557 appctx->ctx.cli.msg = "TLS ticket key updated!";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008558 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008559 return 1;
8560
8561}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008562#endif
William Lallemand32af2032016-10-29 18:09:35 +02008563
8564static int cli_parse_set_ocspresponse(char **args, struct appctx *appctx, void *private)
8565{
8566#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
8567 char *err = NULL;
8568
8569 /* Expect one parameter: the new response in base64 encoding */
8570 if (!*args[3]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008571 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008572 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008573 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008574 return 1;
8575 }
8576
8577 trash.len = base64dec(args[3], strlen(args[3]), trash.str, trash.size);
8578 if (trash.len < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008579 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008580 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008581 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008582 return 1;
8583 }
8584
8585 if (ssl_sock_update_ocsp_response(&trash, &err)) {
8586 if (err) {
8587 memprintf(&err, "%s.\n", err);
8588 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008589 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02008590 }
8591 return 1;
8592 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008593 appctx->ctx.cli.severity = LOG_INFO;
William Lallemand32af2032016-10-29 18:09:35 +02008594 appctx->ctx.cli.msg = "OCSP Response updated!";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008595 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008596 return 1;
8597#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008598 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008599 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008600 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008601 return 1;
8602#endif
8603
8604}
8605
8606/* register cli keywords */
8607static struct cli_kw_list cli_kws = {{ },{
8608#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8609 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02008610 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008611#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008612 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008613 { { NULL }, NULL, NULL, NULL }
8614}};
8615
8616
Willy Tarreau7875d092012-09-10 08:20:03 +02008617/* Note: must not be declared <const> as its list will be overwritten.
8618 * Please take care of keeping this list alphabetically sorted.
8619 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008620static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02008621 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008622 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008623 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brun74f7ffa2018-02-19 16:14:12 +01008624 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008625 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008626 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008627 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008628 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008629 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8630 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008631 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008632 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008633 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8634 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8635 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8636 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8637 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8638 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8639 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8640 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008641 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008642 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8643 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008644 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008645 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8646 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8647 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8648 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8649 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8650 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8651 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02008652 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008653 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008654 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008655 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008656 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008657 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008658 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008659 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02008660 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008661#ifdef OPENSSL_NPN_NEGOTIATED
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008662 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008663#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008664#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008665 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02008666#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008667 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008668 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008669 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008670 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8671 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008672 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8673 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8674 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8675 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02008676 { NULL, NULL, 0, 0, 0 },
8677}};
8678
8679/* Note: must not be declared <const> as its list will be overwritten.
8680 * Please take care of keeping this list alphabetically sorted.
8681 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008682static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01008683 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
8684 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01008685 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02008686}};
8687
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008688/* Note: must not be declared <const> as its list will be overwritten.
8689 * Please take care of keeping this list alphabetically sorted, doing so helps
8690 * all code contributors.
8691 * Optional keywords are also declared with a NULL ->parse() function so that
8692 * the config parser can report an appropriate error when a known keyword was
8693 * not enabled.
8694 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008695static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008696 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008697 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8698 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8699 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8700 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008701 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008702 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008703 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008704 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008705 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
8706 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008707 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
8708 { NULL, NULL, 0 },
8709};
8710
Willy Tarreau51fb7652012-09-18 18:24:39 +02008711static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008712 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008713 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8714 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8715 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
8716 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
8717 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
8718 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8719 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
8720 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
8721 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
8722 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
8723 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
8724 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
8725 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
8726 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
8727 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
8728 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008729 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008730 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008731 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008732 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
8733 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
8734 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
8735 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008736 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008737 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
8738 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008739 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
8740 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008741 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
8742 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
8743 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
8744 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
8745 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008746 { NULL, NULL, 0 },
8747}};
Emeric Brun46591952012-05-18 15:47:34 +02008748
Willy Tarreau92faadf2012-10-10 23:04:25 +02008749/* Note: must not be declared <const> as its list will be overwritten.
8750 * Please take care of keeping this list alphabetically sorted, doing so helps
8751 * all code contributors.
8752 * Optional keywords are also declared with a NULL ->parse() function so that
8753 * the config parser can report an appropriate error when a known keyword was
8754 * not enabled.
8755 */
8756static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01008757 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008758 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard9130a962017-10-17 17:33:43 +02008759 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008760 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
8761 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
8762 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
8763 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
8764 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
8765 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
8766 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
8767 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
8768 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
8769 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
8770 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
8771 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
8772 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
8773 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
8774 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
8775 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
8776 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
8777 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
8778 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
8779 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
8780 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
8781 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
8782 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
8783 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
8784 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
8785 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
8786 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
8787 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
8788 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
8789 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02008790 { NULL, NULL, 0, 0 },
8791}};
8792
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008793static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008794 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
8795 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008796 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008797 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
8798 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01008799#ifndef OPENSSL_NO_DH
8800 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
8801#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008802 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008803#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008804 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008805#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01008806 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
8807#ifndef OPENSSL_NO_DH
8808 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
8809#endif
8810 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
8811 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
8812 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
8813 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008814 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01008815 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
8816 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008817 { 0, NULL, NULL },
8818}};
8819
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02008820/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01008821static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02008822 .snd_buf = ssl_sock_from_buf,
8823 .rcv_buf = ssl_sock_to_buf,
8824 .rcv_pipe = NULL,
8825 .snd_pipe = NULL,
8826 .shutr = NULL,
8827 .shutw = ssl_sock_shutw,
8828 .close = ssl_sock_close,
8829 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01008830 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01008831 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01008832 .prepare_srv = ssl_sock_prepare_srv_ctx,
8833 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01008834 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01008835 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02008836};
8837
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008838enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
8839 struct session *sess, struct stream *s, int flags)
8840{
8841 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008842 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008843
8844 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008845 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008846
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008847 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008848 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008849 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008850 s->req.flags |= CF_READ_NULL;
8851 return ACT_RET_YIELD;
8852 }
8853 }
8854 return (ACT_RET_CONT);
8855}
8856
8857static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
8858{
8859 rule->action_ptr = ssl_action_wait_for_hs;
8860
8861 return ACT_RET_PRS_OK;
8862}
8863
8864static struct action_kw_list http_req_actions = {ILH, {
8865 { "wait-for-handshake", ssl_parse_wait_for_hs },
8866 { /* END */ }
8867}};
8868
Daniel Jakots54ffb912015-11-06 20:02:41 +01008869#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008870
8871static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8872{
8873 if (ptr) {
8874 chunk_destroy(ptr);
8875 free(ptr);
8876 }
8877}
8878
8879#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008880static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8881{
Willy Tarreaubafbe012017-11-24 17:34:44 +01008882 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008883}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008884
Emeric Brun46591952012-05-18 15:47:34 +02008885__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02008886static void __ssl_sock_init(void)
8887{
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008888 char *ptr;
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008889 int i;
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008890
Emeric Brun46591952012-05-18 15:47:34 +02008891 STACK_OF(SSL_COMP)* cm;
8892
Willy Tarreauef934602016-12-22 23:12:01 +01008893 if (global_ssl.listen_default_ciphers)
8894 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
8895 if (global_ssl.connect_default_ciphers)
8896 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau610f04b2014-02-13 11:36:41 +01008897
Willy Tarreau13e14102016-12-22 20:25:26 +01008898 xprt_register(XPRT_SSL, &ssl_sock);
Emeric Brun46591952012-05-18 15:47:34 +02008899 SSL_library_init();
8900 cm = SSL_COMP_get_compression_methods();
8901 sk_SSL_COMP_zero(cm);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008902#ifdef USE_THREAD
8903 ssl_locking_init();
8904#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01008905#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008906 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
8907#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008908 ssl_capture_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01008909 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Willy Tarreau7875d092012-09-10 08:20:03 +02008910 sample_register_fetches(&sample_fetch_keywords);
8911 acl_register_keywords(&acl_kws);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008912 bind_register_keywords(&bind_kws);
Willy Tarreau92faadf2012-10-10 23:04:25 +02008913 srv_register_keywords(&srv_kws);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008914 cfg_register_keywords(&cfg_kws);
William Lallemand32af2032016-10-29 18:09:35 +02008915 cli_register_kw(&cli_kws);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008916#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008917 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008918 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008919#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01008920#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8921 hap_register_post_check(tlskeys_finalize_config);
8922#endif
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008923
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008924 ptr = NULL;
8925 memprintf(&ptr, "Built with OpenSSL version : "
8926#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008927 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008928#else /* OPENSSL_IS_BORINGSSL */
8929 OPENSSL_VERSION_TEXT
8930 "\nRunning on OpenSSL version : %s%s",
8931 SSLeay_version(SSLEAY_VERSION),
8932 ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
8933#endif
8934 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
8935#if OPENSSL_VERSION_NUMBER < 0x00907000L
8936 "no (library version too old)"
8937#elif defined(OPENSSL_NO_TLSEXT)
8938 "no (disabled via OPENSSL_NO_TLSEXT)"
8939#else
8940 "yes"
8941#endif
8942 "", ptr);
8943
8944 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
8945#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
8946 "yes"
8947#else
8948#ifdef OPENSSL_NO_TLSEXT
8949 "no (because of OPENSSL_NO_TLSEXT)"
8950#else
8951 "no (version might be too old, 0.9.8f min needed)"
8952#endif
8953#endif
8954 "", ptr);
8955
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008956 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
8957 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8958 if (methodVersions[i].option)
8959 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008960
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008961 hap_register_build_opts(ptr, 1);
8962
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008963 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
8964 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
Remi Gacogne4f902b82015-05-28 16:23:00 +02008965
8966#ifndef OPENSSL_NO_DH
8967 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Grant Zhang872f9c22017-01-21 01:10:18 +00008968 hap_register_post_deinit(ssl_free_dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02008969#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008970#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008971 hap_register_post_deinit(ssl_free_engines);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008972#endif
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02008973 /* Load SSL string for the verbose & debug mode. */
8974 ERR_load_SSL_strings();
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008975
8976 http_req_keywords_register(&http_req_actions);
Emeric Brun46591952012-05-18 15:47:34 +02008977}
8978
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008979#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008980void ssl_free_engines(void) {
8981 struct ssl_engine_list *wl, *wlb;
8982 /* free up engine list */
8983 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
8984 ENGINE_finish(wl->e);
8985 ENGINE_free(wl->e);
8986 LIST_DEL(&wl->list);
8987 free(wl);
8988 }
8989}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008990#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02008991
Remi Gacogned3a23c32015-05-28 16:39:47 +02008992#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00008993void ssl_free_dh(void) {
8994 if (local_dh_1024) {
8995 DH_free(local_dh_1024);
8996 local_dh_1024 = NULL;
8997 }
8998 if (local_dh_2048) {
8999 DH_free(local_dh_2048);
9000 local_dh_2048 = NULL;
9001 }
9002 if (local_dh_4096) {
9003 DH_free(local_dh_4096);
9004 local_dh_4096 = NULL;
9005 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009006 if (global_dh) {
9007 DH_free(global_dh);
9008 global_dh = NULL;
9009 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009010}
9011#endif
9012
9013__attribute__((destructor))
9014static void __ssl_sock_deinit(void)
9015{
9016#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009017 if (ssl_ctx_lru_tree) {
9018 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009019 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009020 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009021#endif
9022
9023 ERR_remove_state(0);
9024 ERR_free_strings();
9025
9026 EVP_cleanup();
9027
9028#if OPENSSL_VERSION_NUMBER >= 0x00907000L
9029 CRYPTO_cleanup_all_ex_data();
9030#endif
9031}
9032
9033
Emeric Brun46591952012-05-18 15:47:34 +02009034/*
9035 * Local variables:
9036 * c-indent-level: 8
9037 * c-basic-offset: 8
9038 * End:
9039 */