blob: 1c614d2c4cab6c1239acd35012a73e800746b9d0 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
Emeric Brun46591952012-05-18 15:47:34 +020031#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Willy Tarreaub2551052020-06-09 09:07:15 +020042#include <import/ebpttree.h>
43#include <import/ebsttree.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020044#include <import/lru.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020045
Willy Tarreaub2551052020-06-09 09:07:15 +020046#include <haproxy/api.h>
Willy Tarreaua9380522022-05-05 08:50:17 +020047#include <haproxy/applet.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020048#include <haproxy/arg.h>
49#include <haproxy/base64.h>
Willy Tarreauf1d32c42020-06-04 21:07:02 +020050#include <haproxy/channel.h>
Willy Tarreauc13ed532020-06-02 10:22:45 +020051#include <haproxy/chunk.h>
Willy Tarreau83487a82020-06-04 20:19:54 +020052#include <haproxy/cli.h>
Willy Tarreau7ea393d2020-06-04 18:02:10 +020053#include <haproxy/connection.h>
Christopher Faulet908628c2022-03-25 16:43:49 +010054#include <haproxy/conn_stream.h>
55#include <haproxy/cs_utils.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020056#include <haproxy/dynbuf.h>
Willy Tarreau8d366972020-05-27 16:10:29 +020057#include <haproxy/errors.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020058#include <haproxy/fd.h>
59#include <haproxy/freq_ctr.h>
Willy Tarreau762d7a52020-06-04 11:23:07 +020060#include <haproxy/frontend.h>
Willy Tarreauf268ee82020-06-04 17:05:57 +020061#include <haproxy/global.h>
Willy Tarreauc761f842020-06-04 11:40:28 +020062#include <haproxy/http_rules.h>
Willy Tarreauaeed4a82020-06-04 22:01:04 +020063#include <haproxy/log.h>
Willy Tarreau6019fab2020-05-27 16:26:00 +020064#include <haproxy/openssl-compat.h>
Willy Tarreau225a90a2020-06-04 15:06:28 +020065#include <haproxy/pattern-t.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020066#include <haproxy/proto_tcp.h>
Willy Tarreaua264d962020-06-04 22:29:18 +020067#include <haproxy/proxy.h>
Willy Tarreau1e56f922020-06-04 23:20:13 +020068#include <haproxy/server.h>
Willy Tarreau334099c2020-06-03 18:38:48 +020069#include <haproxy/shctx.h>
Willy Tarreau47d7f902020-06-04 14:25:47 +020070#include <haproxy/ssl_ckch.h>
Willy Tarreau52d88722020-06-04 14:29:23 +020071#include <haproxy/ssl_crtlist.h>
Willy Tarreau209108d2020-06-04 20:30:20 +020072#include <haproxy/ssl_sock.h>
Willy Tarreaub2bd8652020-06-04 14:21:22 +020073#include <haproxy/ssl_utils.h>
William Lallemand43c2ce42022-03-16 17:48:19 +010074#include <haproxy/sample.h>
Amaury Denoyelle9963fa72020-11-03 17:10:00 +010075#include <haproxy/stats.h>
Willy Tarreaudfd3de82020-06-04 23:46:14 +020076#include <haproxy/stream-t.h>
Willy Tarreaucea0e1b2020-06-04 17:25:40 +020077#include <haproxy/task.h>
Willy Tarreauc2f7c582020-06-02 18:15:32 +020078#include <haproxy/ticks.h>
Willy Tarreau92b4f132020-06-01 11:05:15 +020079#include <haproxy/time.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020080#include <haproxy/tools.h>
Willy Tarreaua1718922020-06-04 16:25:31 +020081#include <haproxy/vars.h>
Frédéric Lécailleec216522020-11-23 14:33:30 +010082#include <haproxy/xprt_quic.h>
Tim Duesterhusd5fc8fc2021-09-11 17:51:13 +020083#include <haproxy/xxhash.h>
Remi Tricot-Le Breton2e7d1eb2022-01-11 10:11:10 +010084#include <haproxy/istbuf.h>
Emeric Brun46591952012-05-18 15:47:34 +020085
Emeric Brun46591952012-05-18 15:47:34 +020086
Willy Tarreau9356dac2019-05-10 09:22:53 +020087/* ***** READ THIS before adding code here! *****
88 *
89 * Due to API incompatibilities between multiple OpenSSL versions and their
90 * derivatives, it's often tempting to add macros to (re-)define certain
91 * symbols. Please do not do this here, and do it in common/openssl-compat.h
92 * exclusively so that the whole code consistently uses the same macros.
93 *
94 * Whenever possible if a macro is missing in certain versions, it's better
95 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
96 */
97
Emeric Brunece0c332017-12-06 13:51:49 +010098int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +020099
William Lallemande0f3fd52020-02-25 14:53:06 +0100100static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
101
William Lallemand7fd8b452020-05-07 15:20:43 +0200102struct global_ssl global_ssl = {
Willy Tarreauef934602016-12-22 23:12:01 +0100103#ifdef LISTEN_DEFAULT_CIPHERS
104 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
105#endif
106#ifdef CONNECT_DEFAULT_CIPHERS
107 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
108#endif
Ilya Shipitsinf34ed0b2020-11-21 14:37:34 +0500109#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200110 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200111 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
112#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100113 .listen_default_ssloptions = BC_SSL_O_NONE,
114 .connect_default_ssloptions = SRV_SSL_O_NONE,
115
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200116 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
117 .listen_default_sslmethods.min = CONF_TLSV_NONE,
118 .listen_default_sslmethods.max = CONF_TLSV_NONE,
119 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
120 .connect_default_sslmethods.min = CONF_TLSV_NONE,
121 .connect_default_sslmethods.max = CONF_TLSV_NONE,
122
Willy Tarreauef934602016-12-22 23:12:01 +0100123#ifdef DEFAULT_SSL_MAX_RECORD
124 .max_record = DEFAULT_SSL_MAX_RECORD,
125#endif
Thomas Prückl10243932022-04-27 13:04:54 +0200126 .hard_max_record = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100127 .default_dh_param = SSL_DEFAULT_DH_PARAM,
128 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Marcin Deranek310a2602021-07-13 19:04:24 +0200129 .capture_buffer_size = 0,
William Lallemand3af48e72020-02-03 17:15:52 +0100130 .extra_files = SSL_GF_ALL,
William Lallemand8e8581e2020-10-20 17:36:46 +0200131 .extra_files_noext = 0,
William Lallemand722180a2021-06-09 16:46:12 +0200132#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +0200133 .keylog = 0
134#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100135};
136
Olivier Houcharda8955d52019-04-07 22:00:38 +0200137static BIO_METHOD *ha_meth;
138
Olivier Houchard66ab4982019-02-26 18:37:15 +0100139DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
140
Remi Tricot-Le Bretona9967632022-01-07 17:12:01 +0100141DECLARE_STATIC_POOL(ssl_sock_client_sni_pool, "ssl_sock_client_sni_pool", TLSEXT_MAXLEN_host_name + 1);
142
Amaury Denoyelle9963fa72020-11-03 17:10:00 +0100143/* ssl stats module */
144enum {
Amaury Denoyelled0447a72020-11-03 17:10:02 +0100145 SSL_ST_SESS,
146 SSL_ST_REUSED_SESS,
Amaury Denoyelle034c1622020-11-13 16:05:00 +0100147 SSL_ST_FAILED_HANDSHAKE,
Amaury Denoyellefbc33772020-11-03 17:10:01 +0100148
Amaury Denoyelle9963fa72020-11-03 17:10:00 +0100149 SSL_ST_STATS_COUNT /* must be the last member of the enum */
150};
151
152static struct name_desc ssl_stats[] = {
Amaury Denoyelle034c1622020-11-13 16:05:00 +0100153 [SSL_ST_SESS] = { .name = "ssl_sess",
154 .desc = "Total number of ssl sessions established" },
155 [SSL_ST_REUSED_SESS] = { .name = "ssl_reused_sess",
156 .desc = "Total number of ssl sessions reused" },
157 [SSL_ST_FAILED_HANDSHAKE] = { .name = "ssl_failed_handshake",
158 .desc = "Total number of failed handshake" },
Amaury Denoyelle9963fa72020-11-03 17:10:00 +0100159};
160
161static struct ssl_counters {
Amaury Denoyelled0447a72020-11-03 17:10:02 +0100162 long long sess;
163 long long reused_sess;
Amaury Denoyelle034c1622020-11-13 16:05:00 +0100164 long long failed_handshake;
Amaury Denoyelle9963fa72020-11-03 17:10:00 +0100165} ssl_counters;
166
167static void ssl_fill_stats(void *data, struct field *stats)
168{
Amaury Denoyellefbc33772020-11-03 17:10:01 +0100169 struct ssl_counters *counters = data;
170
Amaury Denoyelle034c1622020-11-13 16:05:00 +0100171 stats[SSL_ST_SESS] = mkf_u64(FN_COUNTER, counters->sess);
172 stats[SSL_ST_REUSED_SESS] = mkf_u64(FN_COUNTER, counters->reused_sess);
173 stats[SSL_ST_FAILED_HANDSHAKE] = mkf_u64(FN_COUNTER, counters->failed_handshake);
Amaury Denoyelle9963fa72020-11-03 17:10:00 +0100174}
175
176static struct stats_module ssl_stats_module = {
177 .name = "ssl",
178 .fill_stats = ssl_fill_stats,
179 .stats = ssl_stats,
180 .stats_count = SSL_ST_STATS_COUNT,
181 .counters = &ssl_counters,
182 .counters_size = sizeof(ssl_counters),
183 .domain_flags = MK_STATS_PROXY_DOMAIN(STATS_PX_CAP_FE|STATS_PX_CAP_LI|STATS_PX_CAP_BE|STATS_PX_CAP_SRV),
184 .clearable = 1,
185};
186
187INITCALL1(STG_REGISTER, stats_register_module, &ssl_stats_module);
188
Willy Tarreaua9380522022-05-05 08:50:17 +0200189/* CLI context for "show tls-keys" */
190struct show_keys_ctx {
191 struct tls_keys_ref *next_ref; /* next reference to be dumped */
192 int names_only; /* non-zero = only show file names */
193 int next_index; /* next index to be dumped */
Willy Tarreaubd338642022-05-05 08:59:17 +0200194 int dump_entries; /* dump entries also */
Willy Tarreau9c5a38c2022-05-05 09:03:44 +0200195 enum {
196 SHOW_KEYS_INIT = 0,
197 SHOW_KEYS_LIST,
198 SHOW_KEYS_DONE,
199 } state; /* phase of the current dump */
Willy Tarreaua9380522022-05-05 08:50:17 +0200200};
201
Willy Tarreau691d5032021-01-20 14:55:01 +0100202/* ssl_sock_io_cb is exported to see it resolved in "show fd" */
Willy Tarreau144f84a2021-03-02 16:09:26 +0100203struct task *ssl_sock_io_cb(struct task *, void *, unsigned int);
Olivier Houchard000694c2019-05-23 14:45:12 +0200204static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200205
Olivier Houcharda8955d52019-04-07 22:00:38 +0200206/* Methods to implement OpenSSL BIO */
207static int ha_ssl_write(BIO *h, const char *buf, int num)
208{
209 struct buffer tmpbuf;
210 struct ssl_sock_ctx *ctx;
211 int ret;
212
213 ctx = BIO_get_data(h);
214 tmpbuf.size = num;
215 tmpbuf.area = (void *)(uintptr_t)buf;
216 tmpbuf.data = num;
217 tmpbuf.head = 0;
218 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200219 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200220 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200221 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200222 } else if (ret == 0)
223 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200224 return ret;
225}
226
227static int ha_ssl_gets(BIO *h, char *buf, int size)
228{
229
230 return 0;
231}
232
233static int ha_ssl_puts(BIO *h, const char *str)
234{
235
236 return ha_ssl_write(h, str, strlen(str));
237}
238
239static int ha_ssl_read(BIO *h, char *buf, int size)
240{
241 struct buffer tmpbuf;
242 struct ssl_sock_ctx *ctx;
243 int ret;
244
245 ctx = BIO_get_data(h);
246 tmpbuf.size = size;
247 tmpbuf.area = buf;
248 tmpbuf.data = 0;
249 tmpbuf.head = 0;
250 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200251 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200252 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200253 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200254 } else if (ret == 0)
255 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200256
257 return ret;
258}
259
260static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
261{
262 int ret = 0;
263 switch (cmd) {
264 case BIO_CTRL_DUP:
265 case BIO_CTRL_FLUSH:
266 ret = 1;
267 break;
268 }
269 return ret;
270}
271
272static int ha_ssl_new(BIO *h)
273{
274 BIO_set_init(h, 1);
275 BIO_set_data(h, NULL);
276 BIO_clear_flags(h, ~0);
277 return 1;
278}
279
280static int ha_ssl_free(BIO *data)
281{
282
283 return 1;
284}
285
286
Willy Tarreau5db847a2019-05-09 14:13:35 +0200287#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100288
Emeric Brun821bb9b2017-06-15 16:37:39 +0200289static HA_RWLOCK_T *ssl_rwlocks;
290
291
292unsigned long ssl_id_function(void)
293{
294 return (unsigned long)tid;
295}
296
297void ssl_locking_function(int mode, int n, const char * file, int line)
298{
299 if (mode & CRYPTO_LOCK) {
300 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100301 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200302 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100303 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200304 }
305 else {
306 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100307 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200308 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100309 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200310 }
311}
312
313static int ssl_locking_init(void)
314{
315 int i;
316
317 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
318 if (!ssl_rwlocks)
319 return -1;
320
321 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100322 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200323
324 CRYPTO_set_id_callback(ssl_id_function);
325 CRYPTO_set_locking_callback(ssl_locking_function);
326
327 return 0;
328}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100329
Emeric Brun821bb9b2017-06-15 16:37:39 +0200330#endif
331
Willy Tarreauaf613e82020-06-05 08:40:51 +0200332__decl_thread(HA_SPINLOCK_T ckch_lock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200333
William Lallemandbc6ca7c2019-10-29 23:48:19 +0100334
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200335
336/* mimic what X509_STORE_load_locations do with store_ctx */
337static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
338{
Remi Tricot-Le Bretond75b99e2021-05-17 11:45:55 +0200339 X509_STORE *store = NULL;
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +0100340 struct cafile_entry *ca_e = ssl_store_get_cafile_entry(path, 0);
341 if (ca_e)
342 store = ca_e->ca_store;
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200343 if (store_ctx && store) {
344 int i;
345 X509_OBJECT *obj;
346 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
347 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
348 obj = sk_X509_OBJECT_value(objs, i);
349 switch (X509_OBJECT_get_type(obj)) {
350 case X509_LU_X509:
351 X509_STORE_add_cert(store_ctx, X509_OBJECT_get0_X509(obj));
352 break;
353 case X509_LU_CRL:
354 X509_STORE_add_crl(store_ctx, X509_OBJECT_get0_X509_CRL(obj));
355 break;
356 default:
357 break;
358 }
359 }
360 return 1;
361 }
362 return 0;
363}
364
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +0500365/* SSL_CTX_load_verify_locations substitute, internally call X509_STORE_load_locations */
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200366static int ssl_set_verify_locations_file(SSL_CTX *ctx, char *path)
367{
368 X509_STORE *store_ctx = SSL_CTX_get_cert_store(ctx);
369 return ssl_set_cert_crl_file(store_ctx, path);
370}
371
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200372/*
373 Extract CA_list from CA_file already in tree.
374 Duplicate ca_name is tracking with ebtree. It's simplify openssl compatibility.
375 Return a shared ca_list: SSL_dup_CA_list must be used before set it on SSL_CTX.
376*/
377static STACK_OF(X509_NAME)* ssl_get_client_ca_file(char *path)
378{
379 struct ebmb_node *eb;
380 struct cafile_entry *ca_e;
381
382 eb = ebst_lookup(&cafile_tree, path);
383 if (!eb)
384 return NULL;
385 ca_e = ebmb_entry(eb, struct cafile_entry, node);
386
387 if (ca_e->ca_list == NULL) {
388 int i;
389 unsigned long key;
390 struct eb_root ca_name_tree = EB_ROOT;
391 struct eb64_node *node, *back;
392 struct {
393 struct eb64_node node;
394 X509_NAME *xname;
395 } *ca_name;
396 STACK_OF(X509_OBJECT) *objs;
397 STACK_OF(X509_NAME) *skn;
398 X509 *x;
399 X509_NAME *xn;
400
401 skn = sk_X509_NAME_new_null();
402 /* take x509 from cafile_tree */
403 objs = X509_STORE_get0_objects(ca_e->ca_store);
404 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
405 x = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
406 if (!x)
407 continue;
408 xn = X509_get_subject_name(x);
409 if (!xn)
410 continue;
411 /* Check for duplicates. */
412 key = X509_NAME_hash(xn);
413 for (node = eb64_lookup(&ca_name_tree, key), ca_name = NULL;
414 node && ca_name == NULL;
415 node = eb64_next(node)) {
416 ca_name = container_of(node, typeof(*ca_name), node);
417 if (X509_NAME_cmp(xn, ca_name->xname) != 0)
418 ca_name = NULL;
419 }
420 /* find a duplicate */
421 if (ca_name)
422 continue;
423 ca_name = calloc(1, sizeof *ca_name);
424 xn = X509_NAME_dup(xn);
425 if (!ca_name ||
426 !xn ||
427 !sk_X509_NAME_push(skn, xn)) {
428 free(ca_name);
429 X509_NAME_free(xn);
430 sk_X509_NAME_pop_free(skn, X509_NAME_free);
431 sk_X509_NAME_free(skn);
432 skn = NULL;
433 break;
434 }
435 ca_name->node.key = key;
436 ca_name->xname = xn;
437 eb64_insert(&ca_name_tree, &ca_name->node);
438 }
439 ca_e->ca_list = skn;
440 /* remove temporary ca_name tree */
441 node = eb64_first(&ca_name_tree);
442 while (node) {
443 ca_name = container_of(node, typeof(*ca_name), node);
444 back = eb64_next(node);
445 eb64_delete(node);
446 free(ca_name);
447 node = back;
448 }
449 }
450 return ca_e->ca_list;
451}
452
Willy Tarreauff882702021-04-10 17:23:00 +0200453struct pool_head *pool_head_ssl_capture __read_mostly = NULL;
William Lallemand15e16942020-05-15 00:25:08 +0200454int ssl_capture_ptr_index = -1;
Frédéric Lécaille901ee2f2020-11-23 11:19:04 +0100455int ssl_app_data_index = -1;
Amaury Denoyelle9320dd52022-01-19 10:03:30 +0100456#ifdef USE_QUIC
457int ssl_qc_app_data_index = -1;
458#endif /* USE_QUIC */
Willy Tarreauef934602016-12-22 23:12:01 +0100459
William Lallemand722180a2021-06-09 16:46:12 +0200460#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +0200461int ssl_keylog_index = -1;
Willy Tarreauff882702021-04-10 17:23:00 +0200462struct pool_head *pool_head_ssl_keylog __read_mostly = NULL;
463struct pool_head *pool_head_ssl_keylog_str __read_mostly = NULL;
William Lallemand7d42ef52020-07-06 11:41:30 +0200464#endif
465
Remi Tricot-Le Breton74f6ab62021-08-19 18:06:30 +0200466int ssl_client_crt_ref_index = -1;
467
Remi Tricot-Le Bretona9967632022-01-07 17:12:01 +0100468/* Used to store the client's SNI in case of ClientHello callback error */
469int ssl_client_sni_index = -1;
470
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200471#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
472struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
473#endif
474
William Lallemandd7bfbe22022-04-11 18:41:24 +0200475#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE)
William Lallemanddad31052020-05-14 17:47:32 +0200476unsigned int openssl_engines_initialized;
Grant Zhang872f9c22017-01-21 01:10:18 +0000477struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
478struct ssl_engine_list {
479 struct list list;
480 ENGINE *e;
481};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200482#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000483
Remi Tricot-Le Breton1746a382022-05-16 16:24:33 +0200484#ifdef HAVE_SSL_PROVIDERS
485struct list openssl_providers = LIST_HEAD_INIT(openssl_providers);
486struct ssl_provider_list {
487 struct list list;
488 OSSL_PROVIDER *provider;
489};
490#endif
491
Remi Gacogne8de54152014-07-15 11:36:40 +0200492#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200493static int ssl_dh_ptr_index = -1;
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +0100494static HASSL_DH *global_dh = NULL;
495static HASSL_DH *local_dh_1024 = NULL;
496static HASSL_DH *local_dh_2048 = NULL;
497static HASSL_DH *local_dh_4096 = NULL;
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +0100498#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
Remi Tricot-Le Breton292a88c2022-02-11 12:04:49 +0100499static DH *ssl_get_tmp_dh_cbk(SSL *ssl, int export, int keylen);
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +0100500#else
501static void ssl_sock_set_tmp_dh_from_pkey(SSL_CTX *ctx, EVP_PKEY *pkey);
502#endif
Remi Gacogne8de54152014-07-15 11:36:40 +0200503#endif /* OPENSSL_NO_DH */
504
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100505#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200506/* X509V3 Extensions that will be added on generated certificates */
507#define X509V3_EXT_SIZE 5
508static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
509 "basicConstraints",
510 "nsComment",
511 "subjectKeyIdentifier",
512 "authorityKeyIdentifier",
513 "keyUsage",
514};
515static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
516 "CA:FALSE",
517 "\"OpenSSL Generated Certificate\"",
518 "hash",
519 "keyid,issuer:always",
520 "nonRepudiation,digitalSignature,keyEncipherment"
521};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200522/* LRU cache to store generated certificate */
523static struct lru64_head *ssl_ctx_lru_tree = NULL;
524static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200525static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100526__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200527
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200528#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
529
yanbzhube2774d2015-12-10 15:07:30 -0500530/* The order here matters for picking a default context,
531 * keep the most common keytype at the bottom of the list
532 */
533const char *SSL_SOCK_KEYTYPE_NAMES[] = {
534 "dsa",
535 "ecdsa",
536 "rsa"
537};
yanbzhube2774d2015-12-10 15:07:30 -0500538
William Lallemandc3cd35f2017-11-28 11:04:43 +0100539static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100540static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
541
Dragan Dosen9ac98092020-05-11 15:51:45 +0200542/* Dedicated callback functions for heartbeat and clienthello.
543 */
544#ifdef TLS1_RT_HEARTBEAT
545static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int version,
546 int content_type, const void *buf, size_t len,
547 SSL *ssl);
548#endif
549static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int version,
550 int content_type, const void *buf, size_t len,
551 SSL *ssl);
552
William Lallemand722180a2021-06-09 16:46:12 +0200553#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +0200554static void ssl_init_keylog(struct connection *conn, int write_p, int version,
555 int content_type, const void *buf, size_t len,
556 SSL *ssl);
557#endif
558
Dragan Dosen1e7ed042020-05-08 18:30:00 +0200559/* List head of all registered SSL/TLS protocol message callbacks. */
560struct list ssl_sock_msg_callbacks = LIST_HEAD_INIT(ssl_sock_msg_callbacks);
561
562/* Registers the function <func> in order to be called on SSL/TLS protocol
563 * message processing. It will return 0 if the function <func> is not set
564 * or if it fails to allocate memory.
565 */
566int ssl_sock_register_msg_callback(ssl_sock_msg_callback_func func)
567{
568 struct ssl_sock_msg_callback *cbk;
569
570 if (!func)
571 return 0;
572
573 cbk = calloc(1, sizeof(*cbk));
574 if (!cbk) {
575 ha_alert("out of memory in ssl_sock_register_msg_callback().\n");
576 return 0;
577 }
578
579 cbk->func = func;
580
Willy Tarreau2b718102021-04-21 07:32:39 +0200581 LIST_APPEND(&ssl_sock_msg_callbacks, &cbk->list);
Dragan Dosen1e7ed042020-05-08 18:30:00 +0200582
583 return 1;
584}
585
Dragan Dosen9ac98092020-05-11 15:51:45 +0200586/* Used to register dedicated SSL/TLS protocol message callbacks.
587 */
588static int ssl_sock_register_msg_callbacks(void)
589{
590#ifdef TLS1_RT_HEARTBEAT
591 if (!ssl_sock_register_msg_callback(ssl_sock_parse_heartbeat))
592 return ERR_ABORT;
593#endif
Marcin Deranek310a2602021-07-13 19:04:24 +0200594 if (global_ssl.capture_buffer_size > 0) {
Dragan Dosen9ac98092020-05-11 15:51:45 +0200595 if (!ssl_sock_register_msg_callback(ssl_sock_parse_clienthello))
596 return ERR_ABORT;
597 }
William Lallemand722180a2021-06-09 16:46:12 +0200598#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +0200599 if (global_ssl.keylog > 0) {
600 if (!ssl_sock_register_msg_callback(ssl_init_keylog))
601 return ERR_ABORT;
602 }
603#endif
604
Christopher Fauletfc633b62020-11-06 15:24:23 +0100605 return ERR_NONE;
Dragan Dosen9ac98092020-05-11 15:51:45 +0200606}
607
Dragan Dosen1e7ed042020-05-08 18:30:00 +0200608/* Used to free all SSL/TLS protocol message callbacks that were
609 * registered by using ssl_sock_register_msg_callback().
610 */
611static void ssl_sock_unregister_msg_callbacks(void)
612{
613 struct ssl_sock_msg_callback *cbk, *cbkback;
614
615 list_for_each_entry_safe(cbk, cbkback, &ssl_sock_msg_callbacks, list) {
Willy Tarreau2b718102021-04-21 07:32:39 +0200616 LIST_DELETE(&cbk->list);
Dragan Dosen1e7ed042020-05-08 18:30:00 +0200617 free(cbk);
618 }
619}
620
Willy Tarreaude827952022-04-11 10:43:28 +0200621static struct ssl_sock_ctx *ssl_sock_get_ctx(struct connection *conn)
622{
623 if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
624 return NULL;
625
626 return (struct ssl_sock_ctx *)conn->xprt_ctx;
627}
628
Dragan Doseneb607fe2020-05-11 17:17:06 +0200629SSL *ssl_sock_get_ssl_object(struct connection *conn)
630{
Willy Tarreau939b0bf2022-04-11 11:29:11 +0200631 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Dragan Doseneb607fe2020-05-11 17:17:06 +0200632
Willy Tarreau939b0bf2022-04-11 11:29:11 +0200633 return ctx ? ctx->ssl : NULL;
Dragan Doseneb607fe2020-05-11 17:17:06 +0200634}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100635/*
636 * This function gives the detail of the SSL error. It is used only
637 * if the debug mode and the verbose mode are activated. It dump all
638 * the SSL error until the stack was empty.
639 */
640static forceinline void ssl_sock_dump_errors(struct connection *conn)
641{
642 unsigned long ret;
643
644 if (unlikely(global.mode & MODE_DEBUG)) {
645 while(1) {
Remi Tricot-Le Breton1effd9a2022-02-11 12:04:44 +0100646 const char *func = NULL;
647 ERR_peek_error_func(&func);
648
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100649 ret = ERR_get_error();
650 if (ret == 0)
651 return;
Willy Tarreau566cebc2021-03-02 19:32:39 +0100652 fprintf(stderr, "fd[%#x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau0e9c2642022-04-11 18:01:28 +0200653 conn_fd(conn), ret,
Remi Tricot-Le Breton1effd9a2022-02-11 12:04:44 +0100654 func, ERR_reason_error_string(ret));
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100655 }
656 }
657}
658
yanbzhube2774d2015-12-10 15:07:30 -0500659
William Lallemandd7bfbe22022-04-11 18:41:24 +0200660#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE)
William Lallemanddad31052020-05-14 17:47:32 +0200661int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
Grant Zhang872f9c22017-01-21 01:10:18 +0000662{
663 int err_code = ERR_ABORT;
664 ENGINE *engine;
665 struct ssl_engine_list *el;
666
667 /* grab the structural reference to the engine */
668 engine = ENGINE_by_id(engine_id);
669 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100670 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000671 goto fail_get;
672 }
673
674 if (!ENGINE_init(engine)) {
675 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100676 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000677 goto fail_init;
678 }
679
680 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100681 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000682 goto fail_set_method;
683 }
684
685 el = calloc(1, sizeof(*el));
Remi Tricot-Le Breton612b2c32021-05-12 17:45:21 +0200686 if (!el)
687 goto fail_alloc;
Grant Zhang872f9c22017-01-21 01:10:18 +0000688 el->e = engine;
Willy Tarreau2b718102021-04-21 07:32:39 +0200689 LIST_INSERT(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100690 nb_engines++;
691 if (global_ssl.async)
692 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000693 return 0;
694
Remi Tricot-Le Breton612b2c32021-05-12 17:45:21 +0200695fail_alloc:
Grant Zhang872f9c22017-01-21 01:10:18 +0000696fail_set_method:
697 /* release the functional reference from ENGINE_init() */
698 ENGINE_finish(engine);
699
700fail_init:
701 /* release the structural reference from ENGINE_by_id() */
702 ENGINE_free(engine);
703
704fail_get:
705 return err_code;
706}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200707#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000708
Remi Tricot-Le Breton1746a382022-05-16 16:24:33 +0200709#ifdef HAVE_SSL_PROVIDERS
710int ssl_init_provider(const char *provider_name)
711{
712 int err_code = ERR_ABORT;
713 struct ssl_provider_list *prov = NULL;
714
715 prov = calloc(1, sizeof(*prov));
716 if (!prov) {
717 ha_alert("ssl-provider %s: memory allocation failure\n", provider_name);
718 goto error;
719 }
720
721 if ((prov->provider = OSSL_PROVIDER_load(NULL, provider_name)) == NULL) {
722 ha_alert("ssl-provider %s: unknown provider\n", provider_name);
723 goto error;
724 }
725
726 LIST_INSERT(&openssl_providers, &prov->list);
727
728 return 0;
729
730error:
731 ha_free(&prov);
732 return err_code;
733}
734#endif /* HAVE_SSL_PROVIDERS */
735
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +0500736#ifdef SSL_MODE_ASYNC
Emeric Brun3854e012017-05-17 20:42:48 +0200737/*
738 * openssl async fd handler
739 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200740void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000741{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200742 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000743
Emeric Brun3854e012017-05-17 20:42:48 +0200744 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000745 * to poll this fd until it is requested
746 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000747 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000748 fd_cant_recv(fd);
749
750 /* crypto engine is available, let's notify the associated
751 * connection that it can pursue its processing.
752 */
Olivier Houcharda4598262020-09-15 22:16:02 +0200753 tasklet_wakeup(ctx->wait_event.tasklet);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000754}
755
Emeric Brun3854e012017-05-17 20:42:48 +0200756/*
757 * openssl async delayed SSL_free handler
758 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200759void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000760{
761 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200762 OSSL_ASYNC_FD all_fd[32];
763 size_t num_all_fds = 0;
764 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000765
Emeric Brun3854e012017-05-17 20:42:48 +0200766 /* We suppose that the async job for a same SSL *
767 * are serialized. So if we are awake it is
768 * because the running job has just finished
769 * and we can remove all async fds safely
770 */
771 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
772 if (num_all_fds > 32) {
773 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
774 return;
775 }
776
777 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
778 for (i=0 ; i < num_all_fds ; i++)
Willy Tarreau67672452020-08-26 11:44:17 +0200779 fd_stop_both(all_fd[i]);
Emeric Brun3854e012017-05-17 20:42:48 +0200780
781 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000782 SSL_free(ssl);
Willy Tarreau82531f62021-10-06 12:15:18 +0200783 _HA_ATOMIC_DEC(&global.sslconns);
Willy Tarreau4781b152021-04-06 13:53:36 +0200784 _HA_ATOMIC_DEC(&jobs);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000785}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000786/*
Emeric Brun3854e012017-05-17 20:42:48 +0200787 * function used to manage a returned SSL_ERROR_WANT_ASYNC
788 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000789 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200790static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000791{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100792 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200793 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200794 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000795 size_t num_add_fds = 0;
796 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200797 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000798
799 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
800 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200801 if (num_add_fds > 32 || num_del_fds > 32) {
802 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000803 return;
804 }
805
Emeric Brun3854e012017-05-17 20:42:48 +0200806 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000807
Emeric Brun3854e012017-05-17 20:42:48 +0200808 /* We remove unused fds from the fdtab */
809 for (i=0 ; i < num_del_fds ; i++)
Willy Tarreau67672452020-08-26 11:44:17 +0200810 fd_stop_both(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000811
Emeric Brun3854e012017-05-17 20:42:48 +0200812 /* We add new fds to the fdtab */
813 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200814 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000815 }
816
Emeric Brun3854e012017-05-17 20:42:48 +0200817 num_add_fds = 0;
818 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
819 if (num_add_fds > 32) {
820 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
821 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000822 }
Emeric Brun3854e012017-05-17 20:42:48 +0200823
824 /* We activate the polling for all known async fds */
825 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000826 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200827 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000828 /* To ensure that the fd cache won't be used
829 * We'll prefer to catch a real RD event
830 * because handling an EAGAIN on this fd will
831 * result in a context switch and also
832 * some engines uses a fd in blocking mode.
833 */
834 fd_cant_recv(add_fd[i]);
835 }
Emeric Brun3854e012017-05-17 20:42:48 +0200836
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000837}
838#endif
839
Remi Tricot-Le Breton69164932021-06-11 10:28:09 +0200840#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP && !defined HAVE_ASN1_TIME_TO_TM)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200841/*
842 * This function returns the number of seconds elapsed
843 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
844 * date presented un ASN1_GENERALIZEDTIME.
845 *
846 * In parsing error case, it returns -1.
847 */
848static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
849{
850 long epoch;
851 char *p, *end;
852 const unsigned short month_offset[12] = {
853 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
854 };
Remi Tricot-Le Bretona3a0cce2021-06-09 17:16:18 +0200855 unsigned long year, month;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200856
857 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
858
859 p = (char *)d->data;
860 end = p + d->length;
861
862 if (end - p < 4) return -1;
863 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
864 p += 4;
865 if (end - p < 2) return -1;
866 month = 10 * (p[0] - '0') + p[1] - '0';
867 if (month < 1 || month > 12) return -1;
868 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
869 We consider leap years and the current month (<marsh or not) */
870 epoch = ( ((year - 1970) * 365)
871 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
872 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
873 + month_offset[month-1]
874 ) * 24 * 60 * 60;
875 p += 2;
876 if (end - p < 2) return -1;
877 /* Add the number of seconds of completed days of current month */
878 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
879 p += 2;
880 if (end - p < 2) return -1;
881 /* Add the completed hours of the current day */
882 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
883 p += 2;
884 if (end - p < 2) return -1;
885 /* Add the completed minutes of the current hour */
886 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
887 p += 2;
888 if (p == end) return -1;
889 /* Test if there is available seconds */
890 if (p[0] < '0' || p[0] > '9')
891 goto nosec;
892 if (end - p < 2) return -1;
893 /* Add the seconds of the current minute */
894 epoch += 10 * (p[0] - '0') + p[1] - '0';
895 p += 2;
896 if (p == end) return -1;
897 /* Ignore seconds float part if present */
898 if (p[0] == '.') {
899 do {
900 if (++p == end) return -1;
901 } while (p[0] >= '0' && p[0] <= '9');
902 }
903
904nosec:
905 if (p[0] == 'Z') {
906 if (end - p != 1) return -1;
907 return epoch;
908 }
909 else if (p[0] == '+') {
910 if (end - p != 5) return -1;
911 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700912 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200913 }
914 else if (p[0] == '-') {
915 if (end - p != 5) return -1;
916 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700917 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200918 }
919
920 return -1;
921}
Remi Tricot-Le Breton69164932021-06-11 10:28:09 +0200922#endif
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200923
Remi Tricot-Le Breton69164932021-06-11 10:28:09 +0200924#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
William Lallemand104a7a62019-10-14 14:14:59 +0200925/*
926 * struct alignment works here such that the key.key is the same as key_data
927 * Do not change the placement of key_data
928 */
929struct certificate_ocsp {
930 struct ebmb_node key;
931 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Remi Tricot-Le Breton5aa1dce2021-06-10 13:51:12 +0200932 unsigned int key_length;
William Lallemand104a7a62019-10-14 14:14:59 +0200933 struct buffer response;
William Lallemand76b4a122020-08-04 17:41:39 +0200934 int refcount;
William Lallemand104a7a62019-10-14 14:14:59 +0200935 long expire;
936};
937
938struct ocsp_cbk_arg {
939 int is_single;
940 int single_kt;
941 union {
942 struct certificate_ocsp *s_ocsp;
943 /*
944 * m_ocsp will have multiple entries dependent on key type
945 * Entry 0 - DSA
946 * Entry 1 - ECDSA
947 * Entry 2 - RSA
948 */
949 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
950 };
951};
952
Emeric Brun1d3865b2014-06-20 15:37:32 +0200953static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200954
955/* This function starts to check if the OCSP response (in DER format) contained
956 * in chunk 'ocsp_response' is valid (else exits on error).
957 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
958 * contained in the OCSP Response and exits on error if no match.
959 * If it's a valid OCSP Response:
960 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
961 * pointed by 'ocsp'.
962 * If 'ocsp' is NULL, the function looks up into the OCSP response's
963 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
964 * from the response) and exits on error if not found. Finally, If an OCSP response is
965 * already present in the container, it will be overwritten.
966 *
967 * Note: OCSP response containing more than one OCSP Single response is not
968 * considered valid.
969 *
970 * Returns 0 on success, 1 in error case.
971 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200972static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
973 struct certificate_ocsp *ocsp,
974 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200975{
976 OCSP_RESPONSE *resp;
977 OCSP_BASICRESP *bs = NULL;
978 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200979 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200980 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200981 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200982 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200983 int reason;
984 int ret = 1;
Remi Tricot-Le Breton69164932021-06-11 10:28:09 +0200985#ifdef HAVE_ASN1_TIME_TO_TM
986 struct tm nextupd_tm = {0};
987#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200988
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200989 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
990 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200991 if (!resp) {
992 memprintf(err, "Unable to parse OCSP response");
993 goto out;
994 }
995
996 rc = OCSP_response_status(resp);
997 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
998 memprintf(err, "OCSP response status not successful");
999 goto out;
1000 }
1001
1002 bs = OCSP_response_get1_basic(resp);
1003 if (!bs) {
1004 memprintf(err, "Failed to get basic response from OCSP Response");
1005 goto out;
1006 }
1007
1008 count_sr = OCSP_resp_count(bs);
1009 if (count_sr > 1) {
1010 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
1011 goto out;
1012 }
1013
1014 sr = OCSP_resp_get0(bs, 0);
1015 if (!sr) {
1016 memprintf(err, "Failed to get OCSP single response");
1017 goto out;
1018 }
1019
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001020 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
1021
Emeric Brun4147b2e2014-06-16 18:36:30 +02001022 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +02001023 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +02001024 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +02001025 goto out;
1026 }
1027
Emeric Brun13a6b482014-06-20 15:44:34 +02001028 if (!nextupd) {
1029 memprintf(err, "OCSP single response: missing nextupdate");
1030 goto out;
1031 }
1032
Emeric Brunc8b27b62014-06-19 14:16:17 +02001033 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001034 if (!rc) {
1035 memprintf(err, "OCSP single response: no longer valid.");
1036 goto out;
1037 }
1038
1039 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001040 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +02001041 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
1042 goto out;
1043 }
1044 }
1045
1046 if (!ocsp) {
1047 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
1048 unsigned char *p;
1049
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001050 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001051 if (!rc) {
1052 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
1053 goto out;
1054 }
1055
1056 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
1057 memprintf(err, "OCSP single response: Certificate ID too long");
1058 goto out;
1059 }
1060
1061 p = key;
1062 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001063 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001064 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
1065 if (!ocsp) {
1066 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
1067 goto out;
1068 }
1069 }
1070
1071 /* According to comments on "chunk_dup", the
1072 previous chunk buffer will be freed */
1073 if (!chunk_dup(&ocsp->response, ocsp_response)) {
1074 memprintf(err, "OCSP response: Memory allocation error");
1075 goto out;
1076 }
1077
Remi Tricot-Le Breton69164932021-06-11 10:28:09 +02001078#ifdef HAVE_ASN1_TIME_TO_TM
1079 if (ASN1_TIME_to_tm(nextupd, &nextupd_tm) == 0) {
1080 memprintf(err, "OCSP single response: Invalid \"Next Update\" time");
1081 goto out;
1082 }
1083 ocsp->expire = my_timegm(&nextupd_tm) - OCSP_MAX_RESPONSE_TIME_SKEW;
1084#else
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001085 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
Remi Tricot-Le Bretona3a0cce2021-06-09 17:16:18 +02001086 if (ocsp->expire < 0) {
1087 memprintf(err, "OCSP single response: Invalid \"Next Update\" time");
1088 goto out;
1089 }
Remi Tricot-Le Breton69164932021-06-11 10:28:09 +02001090#endif
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001091
Emeric Brun4147b2e2014-06-16 18:36:30 +02001092 ret = 0;
1093out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +01001094 ERR_clear_error();
1095
Emeric Brun4147b2e2014-06-16 18:36:30 +02001096 if (bs)
1097 OCSP_BASICRESP_free(bs);
1098
1099 if (resp)
1100 OCSP_RESPONSE_free(resp);
1101
1102 return ret;
1103}
1104/*
1105 * External function use to update the OCSP response in the OCSP response's
1106 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
1107 * to update in DER format.
1108 *
1109 * Returns 0 on success, 1 in error case.
1110 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001111int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001112{
1113 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
1114}
1115
William Lallemand4a660132019-10-14 14:51:41 +02001116#endif
1117
Remi Tricot-Le Bretonc9414e22022-02-08 17:45:59 +01001118
1119/*
1120 * Initialize an HMAC context <hctx> using the <key> and <md> parameters.
1121 * Returns -1 in case of error, 1 otherwise.
1122 */
1123static int ssl_hmac_init(MAC_CTX *hctx, unsigned char *key, int key_len, const EVP_MD *md)
1124{
1125#ifdef HAVE_OSSL_PARAM
1126 OSSL_PARAM params[3];
1127
1128 params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, key, key_len);
1129 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, (char*)EVP_MD_name(md), 0);
1130 params[2] = OSSL_PARAM_construct_end();
1131 if (EVP_MAC_CTX_set_params(hctx, params) == 0)
1132 return -1; /* error in mac initialisation */
1133
1134#else
1135 HMAC_Init_ex(hctx, key, key_len, md, NULL);
1136#endif
1137 return 1;
1138}
1139
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001140#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Remi Tricot-Le Breton8ea1f5f2022-02-08 17:45:58 +01001141
1142static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, MAC_CTX *hctx, int enc)
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001143{
Christopher Faulet16f45c82018-02-16 11:23:49 +01001144 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +01001145 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001146 struct connection *conn;
1147 int head;
1148 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001149 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001150
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001151 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +02001152 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001153 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1154
1155 keys = ref->tlskeys;
1156 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001157
1158 if (enc) {
1159 memcpy(key_name, keys[head].name, 16);
1160
1161 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +01001162 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001163
Emeric Brun9e754772019-01-10 17:51:55 +01001164 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001165
Emeric Brun9e754772019-01-10 17:51:55 +01001166 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
1167 goto end;
1168
Remi Tricot-Le Bretonc9414e22022-02-08 17:45:59 +01001169 if (ssl_hmac_init(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT()) < 0)
1170 goto end;
Emeric Brun9e754772019-01-10 17:51:55 +01001171 ret = 1;
1172 }
1173 else if (ref->key_size_bits == 256 ) {
1174
1175 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
1176 goto end;
1177
Remi Tricot-Le Bretonc9414e22022-02-08 17:45:59 +01001178 if (ssl_hmac_init(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT()) < 0)
1179 goto end;
Emeric Brun9e754772019-01-10 17:51:55 +01001180 ret = 1;
1181 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001182 } else {
1183 for (i = 0; i < TLS_TICKETS_NO; i++) {
1184 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
1185 goto found;
1186 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01001187 ret = 0;
1188 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001189
Christopher Faulet16f45c82018-02-16 11:23:49 +01001190 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001191 if (ref->key_size_bits == 128) {
Remi Tricot-Le Bretonc9414e22022-02-08 17:45:59 +01001192 if (ssl_hmac_init(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT()) < 0)
1193 goto end;
Emeric Brun9e754772019-01-10 17:51:55 +01001194 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1195 goto end;
1196 /* 2 for key renewal, 1 if current key is still valid */
1197 ret = i ? 2 : 1;
1198 }
1199 else if (ref->key_size_bits == 256) {
Remi Tricot-Le Bretonc9414e22022-02-08 17:45:59 +01001200 if (ssl_hmac_init(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT()) < 0)
1201 goto end;
Emeric Brun9e754772019-01-10 17:51:55 +01001202 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1203 goto end;
1204 /* 2 for key renewal, 1 if current key is still valid */
1205 ret = i ? 2 : 1;
1206 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001207 }
Emeric Brun9e754772019-01-10 17:51:55 +01001208
Christopher Faulet16f45c82018-02-16 11:23:49 +01001209 end:
1210 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1211 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001212}
1213
1214struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1215{
1216 struct tls_keys_ref *ref;
1217
1218 list_for_each_entry(ref, &tlskeys_reference, list)
1219 if (ref->filename && strcmp(filename, ref->filename) == 0)
1220 return ref;
1221 return NULL;
1222}
1223
1224struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1225{
1226 struct tls_keys_ref *ref;
1227
1228 list_for_each_entry(ref, &tlskeys_reference, list)
1229 if (ref->unique_id == unique_id)
1230 return ref;
1231 return NULL;
1232}
1233
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05001234/* Update the key into ref: if keysize doesn't
Emeric Brun9e754772019-01-10 17:51:55 +01001235 * match existing ones, this function returns -1
1236 * else it returns 0 on success.
1237 */
1238int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001239 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001240{
Emeric Brun9e754772019-01-10 17:51:55 +01001241 if (ref->key_size_bits == 128) {
1242 if (tlskey->data != sizeof(struct tls_sess_key_128))
1243 return -1;
1244 }
1245 else if (ref->key_size_bits == 256) {
1246 if (tlskey->data != sizeof(struct tls_sess_key_256))
1247 return -1;
1248 }
1249 else
1250 return -1;
1251
Christopher Faulet16f45c82018-02-16 11:23:49 +01001252 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001253 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1254 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001255 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1256 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001257
1258 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001259}
1260
Willy Tarreau83061a82018-07-13 11:56:34 +02001261int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001262{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001263 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1264
1265 if(!ref) {
1266 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1267 return 1;
1268 }
Emeric Brun9e754772019-01-10 17:51:55 +01001269 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1270 memprintf(err, "Invalid key size");
1271 return 1;
1272 }
1273
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001274 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001275}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001276
1277/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001278 * automatic ids. It's called just after the basic checks. It returns
1279 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001280 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001281static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001282{
1283 int i = 0;
1284 struct tls_keys_ref *ref, *ref2, *ref3;
1285 struct list tkr = LIST_HEAD_INIT(tkr);
1286
1287 list_for_each_entry(ref, &tlskeys_reference, list) {
1288 if (ref->unique_id == -1) {
1289 /* Look for the first free id. */
1290 while (1) {
1291 list_for_each_entry(ref2, &tlskeys_reference, list) {
1292 if (ref2->unique_id == i) {
1293 i++;
1294 break;
1295 }
1296 }
1297 if (&ref2->list == &tlskeys_reference)
1298 break;
1299 }
1300
1301 /* Uses the unique id and increment it for the next entry. */
1302 ref->unique_id = i;
1303 i++;
1304 }
1305 }
1306
1307 /* This sort the reference list by id. */
1308 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
Willy Tarreau2b718102021-04-21 07:32:39 +02001309 LIST_DELETE(&ref->list);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001310 list_for_each_entry(ref3, &tkr, list) {
1311 if (ref->unique_id < ref3->unique_id) {
Willy Tarreau2b718102021-04-21 07:32:39 +02001312 LIST_APPEND(&ref3->list, &ref->list);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001313 break;
1314 }
1315 }
1316 if (&ref3->list == &tkr)
Willy Tarreau2b718102021-04-21 07:32:39 +02001317 LIST_APPEND(&tkr, &ref->list);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001318 }
1319
1320 /* swap root */
Willy Tarreau2b718102021-04-21 07:32:39 +02001321 LIST_INSERT(&tkr, &tlskeys_reference);
1322 LIST_DELETE(&tkr);
Christopher Fauletfc633b62020-11-06 15:24:23 +01001323 return ERR_NONE;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001324}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001325#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1326
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001327#ifndef OPENSSL_NO_OCSP
William Lallemand76b4a122020-08-04 17:41:39 +02001328int ocsp_ex_index = -1;
1329
yanbzhube2774d2015-12-10 15:07:30 -05001330int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1331{
1332 switch (evp_keytype) {
1333 case EVP_PKEY_RSA:
1334 return 2;
1335 case EVP_PKEY_DSA:
1336 return 0;
1337 case EVP_PKEY_EC:
1338 return 1;
1339 }
1340
1341 return -1;
1342}
1343
Emeric Brun4147b2e2014-06-16 18:36:30 +02001344/*
1345 * Callback used to set OCSP status extension content in server hello.
1346 */
1347int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1348{
yanbzhube2774d2015-12-10 15:07:30 -05001349 struct certificate_ocsp *ocsp;
1350 struct ocsp_cbk_arg *ocsp_arg;
1351 char *ssl_buf;
William Lallemand76b4a122020-08-04 17:41:39 +02001352 SSL_CTX *ctx;
yanbzhube2774d2015-12-10 15:07:30 -05001353 EVP_PKEY *ssl_pkey;
1354 int key_type;
1355 int index;
1356
William Lallemand76b4a122020-08-04 17:41:39 +02001357 ctx = SSL_get_SSL_CTX(ssl);
1358 if (!ctx)
1359 return SSL_TLSEXT_ERR_NOACK;
1360
1361 ocsp_arg = SSL_CTX_get_ex_data(ctx, ocsp_ex_index);
1362 if (!ocsp_arg)
1363 return SSL_TLSEXT_ERR_NOACK;
yanbzhube2774d2015-12-10 15:07:30 -05001364
1365 ssl_pkey = SSL_get_privatekey(ssl);
1366 if (!ssl_pkey)
1367 return SSL_TLSEXT_ERR_NOACK;
1368
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001369 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001370
1371 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1372 ocsp = ocsp_arg->s_ocsp;
1373 else {
1374 /* For multiple certs per context, we have to find the correct OCSP response based on
1375 * the certificate type
1376 */
1377 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1378
1379 if (index < 0)
1380 return SSL_TLSEXT_ERR_NOACK;
1381
1382 ocsp = ocsp_arg->m_ocsp[index];
1383
1384 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001385
1386 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001387 !ocsp->response.area ||
1388 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001389 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001390 return SSL_TLSEXT_ERR_NOACK;
1391
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001392 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001393 if (!ssl_buf)
1394 return SSL_TLSEXT_ERR_NOACK;
1395
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001396 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1397 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001398
1399 return SSL_TLSEXT_ERR_OK;
1400}
1401
William Lallemand4a660132019-10-14 14:51:41 +02001402#endif
1403
Ilya Shipitsinb3201a32020-10-18 09:11:50 +05001404#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
William Lallemand76b4a122020-08-04 17:41:39 +02001405
1406
1407/*
1408 * Decrease the refcount of the struct ocsp_response and frees it if it's not
1409 * used anymore. Also removes it from the tree if free'd.
1410 */
1411static void ssl_sock_free_ocsp(struct certificate_ocsp *ocsp)
1412{
1413 if (!ocsp)
1414 return;
1415
1416 ocsp->refcount--;
1417 if (ocsp->refcount <= 0) {
1418 ebmb_delete(&ocsp->key);
1419 chunk_destroy(&ocsp->response);
1420 free(ocsp);
1421 }
1422}
1423
1424
Emeric Brun4147b2e2014-06-16 18:36:30 +02001425/*
1426 * This function enables the handling of OCSP status extension on 'ctx' if a
William Lallemand246c0242019-10-11 08:59:13 +02001427 * ocsp_response buffer was found in the cert_key_and_chain. To enable OCSP
1428 * status extension, the issuer's certificate is mandatory. It should be
1429 * present in ckch->ocsp_issuer.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001430 *
William Lallemand246c0242019-10-11 08:59:13 +02001431 * In addition, the ckch->ocsp_reponse buffer is loaded as a DER format of an
1432 * OCSP response. If file is empty or content is not a valid OCSP response,
1433 * OCSP status extension is enabled but OCSP response is ignored (a warning is
1434 * displayed).
Emeric Brun4147b2e2014-06-16 18:36:30 +02001435 *
1436 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001437 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001438 */
Emmanuel Hocdet6f507c72020-02-18 15:56:39 +01001439static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch, STACK_OF(X509) *chain)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001440{
Emmanuel Hocdet6f507c72020-02-18 15:56:39 +01001441 X509 *x, *issuer;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001442 OCSP_CERTID *cid = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001443 int i, ret = -1;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001444 struct certificate_ocsp *ocsp = NULL, *iocsp;
1445 char *warn = NULL;
1446 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001447 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001448
Emeric Brun4147b2e2014-06-16 18:36:30 +02001449
William Lallemand246c0242019-10-11 08:59:13 +02001450 x = ckch->cert;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001451 if (!x)
1452 goto out;
1453
William Lallemand246c0242019-10-11 08:59:13 +02001454 issuer = ckch->ocsp_issuer;
Emmanuel Hocdet6f507c72020-02-18 15:56:39 +01001455 /* take issuer from chain over ocsp_issuer, is what is done historicaly */
1456 if (chain) {
1457 /* check if one of the certificate of the chain is the issuer */
1458 for (i = 0; i < sk_X509_num(chain); i++) {
1459 X509 *ti = sk_X509_value(chain, i);
1460 if (X509_check_issued(ti, x) == X509_V_OK) {
1461 issuer = ti;
1462 break;
1463 }
1464 }
1465 }
William Lallemand246c0242019-10-11 08:59:13 +02001466 if (!issuer)
1467 goto out;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001468
1469 cid = OCSP_cert_to_id(0, x, issuer);
1470 if (!cid)
1471 goto out;
1472
1473 i = i2d_OCSP_CERTID(cid, NULL);
1474 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1475 goto out;
1476
Vincent Bernat02779b62016-04-03 13:48:43 +02001477 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001478 if (!ocsp)
1479 goto out;
1480
1481 p = ocsp->key_data;
Remi Tricot-Le Breton5aa1dce2021-06-10 13:51:12 +02001482 ocsp->key_length = i2d_OCSP_CERTID(cid, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001483
1484 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1485 if (iocsp == ocsp)
1486 ocsp = NULL;
1487
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001488#ifndef SSL_CTX_get_tlsext_status_cb
1489# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1490 *cb = (void (*) (void))ctx->tlsext_status_cb;
1491#endif
1492 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1493
1494 if (!callback) {
William Lallemanda560c062020-07-31 11:43:20 +02001495 struct ocsp_cbk_arg *cb_arg;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001496 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001497
William Lallemanda560c062020-07-31 11:43:20 +02001498 cb_arg = calloc(1, sizeof(*cb_arg));
1499 if (!cb_arg)
1500 goto out;
1501
yanbzhube2774d2015-12-10 15:07:30 -05001502 cb_arg->is_single = 1;
1503 cb_arg->s_ocsp = iocsp;
William Lallemand76b4a122020-08-04 17:41:39 +02001504 iocsp->refcount++;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001505
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001506 pkey = X509_get_pubkey(x);
1507 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1508 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001509
1510 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
William Lallemand76b4a122020-08-04 17:41:39 +02001511 SSL_CTX_set_ex_data(ctx, ocsp_ex_index, cb_arg); /* we use the ex_data instead of the cb_arg function here, so we can use the cleanup callback to free */
1512
yanbzhube2774d2015-12-10 15:07:30 -05001513 } else {
1514 /*
1515 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1516 * Update that cb_arg with the new cert's staple
1517 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001518 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001519 struct certificate_ocsp *tmp_ocsp;
1520 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001521 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001522 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001523
William Lallemand76b4a122020-08-04 17:41:39 +02001524 cb_arg = SSL_CTX_get_ex_data(ctx, ocsp_ex_index);
yanbzhube2774d2015-12-10 15:07:30 -05001525
1526 /*
1527 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1528 * the order of operations below matter, take care when changing it
1529 */
1530 tmp_ocsp = cb_arg->s_ocsp;
1531 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1532 cb_arg->s_ocsp = NULL;
1533 cb_arg->m_ocsp[index] = tmp_ocsp;
1534 cb_arg->is_single = 0;
1535 cb_arg->single_kt = 0;
1536
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001537 pkey = X509_get_pubkey(x);
1538 key_type = EVP_PKEY_base_id(pkey);
1539 EVP_PKEY_free(pkey);
1540
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001541 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
William Lallemand76b4a122020-08-04 17:41:39 +02001542 if (index >= 0 && !cb_arg->m_ocsp[index]) {
yanbzhube2774d2015-12-10 15:07:30 -05001543 cb_arg->m_ocsp[index] = iocsp;
William Lallemand76b4a122020-08-04 17:41:39 +02001544 iocsp->refcount++;
1545 }
yanbzhube2774d2015-12-10 15:07:30 -05001546 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001547
1548 ret = 0;
1549
1550 warn = NULL;
William Lallemand86e4d632020-08-07 00:44:32 +02001551 if (ssl_sock_load_ocsp_response(ckch->ocsp_response, iocsp, cid, &warn)) {
William Lallemand3b5f3602019-10-16 18:05:05 +02001552 memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001553 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001554 }
1555
1556out:
Emeric Brun4147b2e2014-06-16 18:36:30 +02001557 if (cid)
1558 OCSP_CERTID_free(cid);
1559
1560 if (ocsp)
1561 free(ocsp);
1562
1563 if (warn)
1564 free(warn);
1565
Emeric Brun4147b2e2014-06-16 18:36:30 +02001566 return ret;
1567}
Emmanuel Hocdeta73a2222020-10-26 13:55:30 +01001568#endif
1569
1570#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet6f507c72020-02-18 15:56:39 +01001571static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch, STACK_OF(X509) *chain)
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001572{
William Lallemand4a660132019-10-14 14:51:41 +02001573 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)ckch->ocsp_response->area, ckch->ocsp_response->data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001574}
1575#endif
1576
William Lallemand4a660132019-10-14 14:51:41 +02001577
Ilya Shipitsin7bbf5862021-02-06 18:55:27 +05001578#ifdef HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001579
1580#define CT_EXTENSION_TYPE 18
1581
William Lallemand03c331c2020-05-13 10:10:01 +02001582int sctl_ex_index = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001583
1584int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1585{
Willy Tarreau83061a82018-07-13 11:56:34 +02001586 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001587
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001588 *out = (unsigned char *) sctl->area;
1589 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001590
1591 return 1;
1592}
1593
1594int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1595{
1596 return 1;
1597}
1598
William Lallemanda17f4112019-10-10 15:16:44 +02001599static int ssl_sock_load_sctl(SSL_CTX *ctx, struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001600{
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001601 int ret = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001602
William Lallemanda17f4112019-10-10 15:16:44 +02001603 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL))
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001604 goto out;
1605
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001606 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1607
1608 ret = 0;
1609
1610out:
1611 return ret;
1612}
1613
1614#endif
1615
Emeric Brune1f38db2012-09-03 20:36:47 +02001616void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1617{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001618 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01001619#ifdef USE_QUIC
1620 struct quic_conn *qc = SSL_get_ex_data(ssl, ssl_qc_app_data_index);
1621#endif /* USE_QUIC */
1622 struct ssl_sock_ctx *ctx = NULL;
1623
Emeric Brund8b2bb52014-01-28 15:43:53 +01001624 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001625 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001626
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01001627 if (conn)
Willy Tarreau939b0bf2022-04-11 11:29:11 +02001628 ctx = conn_get_ssl_sock_ctx(conn);
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01001629#ifdef USE_QUIC
1630 else if (qc)
1631 ctx = qc->xprt_ctx;
1632#endif /* USE_QUIC */
Amaury Denoyelle7c564bf2022-01-24 11:04:05 +01001633
1634 if (!ctx) {
1635 /* must never happen */
1636 ABORT_NOW();
1637 return;
1638 }
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01001639
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001640#ifndef SSL_OP_NO_RENEGOTIATION
1641 /* Please note that BoringSSL defines this macro to zero so don't
1642 * change this to #if and do not assign a default value to this macro!
1643 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001644 if (where & SSL_CB_HANDSHAKE_START) {
1645 /* Disable renegotiation (CVE-2009-3555) */
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01001646 if (conn && (conn->flags & (CO_FL_WAIT_L6_CONN | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == 0) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001647 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001648 conn->err_code = CO_ER_SSL_RENEG;
1649 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001650 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001651#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001652
1653 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001654 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001655 /* Long certificate chains optimz
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05001656 If write and read bios are different, we
Emeric Brund8b2bb52014-01-28 15:43:53 +01001657 consider that the buffering was activated,
1658 so we rise the output buffer size from 4k
1659 to 16k */
1660 write_bio = SSL_get_wbio(ssl);
1661 if (write_bio != SSL_get_rbio(ssl)) {
1662 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001663 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001664 }
1665 }
1666 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001667}
1668
Emeric Brune64aef12012-09-21 13:15:06 +02001669/* Callback is called for each certificate of the chain during a verify
1670 ok is set to 1 if preverify detect no error on current certificate.
1671 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001672int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001673{
1674 SSL *ssl;
1675 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001676 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001677 int err, depth;
Remi Tricot-Le Breton74f6ab62021-08-19 18:06:30 +02001678 X509 *client_crt;
1679 STACK_OF(X509) *certs;
Emeric Brune64aef12012-09-21 13:15:06 +02001680
1681 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001682 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Remi Tricot-Le Breton74f6ab62021-08-19 18:06:30 +02001683 client_crt = SSL_get_ex_data(ssl, ssl_client_crt_ref_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001684
Willy Tarreau3a0a0d62022-04-12 07:31:06 +02001685 ctx = __conn_get_ssl_sock_ctx(conn);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001686 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001687
Remi Tricot-Le Breton74f6ab62021-08-19 18:06:30 +02001688 depth = X509_STORE_CTX_get_error_depth(x_store);
1689 err = X509_STORE_CTX_get_error(x_store);
1690
Emeric Brun81c00f02012-09-21 14:31:21 +02001691 if (ok) /* no errors */
1692 return ok;
1693
Remi Tricot-Le Breton74f6ab62021-08-19 18:06:30 +02001694 /* Keep a reference to the client's certificate in order to be able to
1695 * dump some fetches values in a log even when the verification process
1696 * fails. */
1697 if (depth == 0) {
1698 X509_free(client_crt);
1699 client_crt = X509_STORE_CTX_get0_cert(x_store);
1700 if (client_crt) {
1701 X509_up_ref(client_crt);
1702 SSL_set_ex_data(ssl, ssl_client_crt_ref_index, client_crt);
1703 }
1704 }
1705 else {
1706 /* An error occurred on a CA certificate of the certificate
1707 * chain, we might never call this verify callback on the client
1708 * certificate's depth (which is 0) so we try to store the
1709 * reference right now. */
Remi Tricot-Le Bretonf95c2952021-08-20 09:51:23 +02001710 certs = X509_STORE_CTX_get1_chain(x_store);
1711 if (certs) {
1712 client_crt = sk_X509_value(certs, 0);
1713 if (client_crt) {
1714 X509_up_ref(client_crt);
1715 SSL_set_ex_data(ssl, ssl_client_crt_ref_index, client_crt);
Remi Tricot-Le Breton74f6ab62021-08-19 18:06:30 +02001716 }
1717 sk_X509_pop_free(certs, X509_free);
1718 }
1719 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001720
1721 /* check if CA error needs to be ignored */
1722 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001723 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1724 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1725 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001726 }
1727
Willy Tarreau731248f2020-02-04 14:02:02 +01001728 if (err < 64 && __objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001729 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001730 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001731 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001732 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001733
Willy Tarreau20879a02012-12-03 16:32:10 +01001734 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001735 return 0;
1736 }
1737
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001738 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1739 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001740
Emeric Brun81c00f02012-09-21 14:31:21 +02001741 /* check if certificate error needs to be ignored */
Willy Tarreau731248f2020-02-04 14:02:02 +01001742 if (err < 64 && __objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001743 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001744 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001745 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001746 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001747
Willy Tarreau20879a02012-12-03 16:32:10 +01001748 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001749 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001750}
1751
Dragan Dosen9ac98092020-05-11 15:51:45 +02001752#ifdef TLS1_RT_HEARTBEAT
1753static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int version,
1754 int content_type, const void *buf, size_t len,
1755 SSL *ssl)
1756{
1757 /* test heartbeat received (write_p is set to 0
1758 for a received record) */
1759 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Willy Tarreau3a0a0d62022-04-12 07:31:06 +02001760 struct ssl_sock_ctx *ctx = __conn_get_ssl_sock_ctx(conn);
Dragan Dosen9ac98092020-05-11 15:51:45 +02001761 const unsigned char *p = buf;
1762 unsigned int payload;
1763
1764 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
1765
1766 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1767 if (*p != TLS1_HB_REQUEST)
1768 return;
1769
1770 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
1771 goto kill_it;
1772
1773 payload = (p[1] * 256) + p[2];
1774 if (3 + payload + 16 <= len)
1775 return; /* OK no problem */
1776 kill_it:
1777 /* We have a clear heartbleed attack (CVE-2014-0160), the
1778 * advertised payload is larger than the advertised packet
1779 * length, so we have garbage in the buffer between the
1780 * payload and the end of the buffer (p+len). We can't know
1781 * if the SSL stack is patched, and we don't know if we can
1782 * safely wipe out the area between p+3+len and payload.
1783 * So instead, we prevent the response from being sent by
1784 * setting the max_send_fragment to 0 and we report an SSL
1785 * error, which will kill this connection. It will be reported
1786 * above as SSL_ERROR_SSL while an other handshake failure with
1787 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1788 */
1789 ssl->max_send_fragment = 0;
1790 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1791 }
1792}
1793#endif
1794
1795static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int version,
1796 int content_type, const void *buf, size_t len,
1797 SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001798{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001799 struct ssl_capture *capture;
Marcin Deranek769fd2e2021-07-12 14:16:55 +02001800 uchar *msg;
1801 uchar *end;
1802 uchar *extensions_end;
1803 uchar *ec_start = NULL;
1804 uchar *ec_formats_start = NULL;
1805 uchar *list_end;
1806 ushort protocol_version;
1807 ushort extension_id;
1808 ushort ec_len = 0;
1809 uchar ec_formats_len = 0;
1810 int offset = 0;
1811 int rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001812
1813 /* This function is called for "from client" and "to server"
1814 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001815 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001816 */
1817
1818 /* "write_p" is set to 0 is the bytes are received messages,
1819 * otherwise it is set to 1.
1820 */
1821 if (write_p != 0)
1822 return;
1823
1824 /* content_type contains the type of message received or sent
1825 * according with the SSL/TLS protocol spec. This message is
1826 * encoded with one byte. The value 256 (two bytes) is used
1827 * for designing the SSL/TLS record layer. According with the
1828 * rfc6101, the expected message (other than 256) are:
1829 * - change_cipher_spec(20)
1830 * - alert(21)
1831 * - handshake(22)
1832 * - application_data(23)
1833 * - (255)
1834 * We are interessed by the handshake and specially the client
1835 * hello.
1836 */
1837 if (content_type != 22)
1838 return;
1839
1840 /* The message length is at least 4 bytes, containing the
1841 * message type and the message length.
1842 */
1843 if (len < 4)
1844 return;
1845
1846 /* First byte of the handshake message id the type of
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05001847 * message. The known types are:
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001848 * - hello_request(0)
1849 * - client_hello(1)
1850 * - server_hello(2)
1851 * - certificate(11)
1852 * - server_key_exchange (12)
1853 * - certificate_request(13)
1854 * - server_hello_done(14)
1855 * We are interested by the client hello.
1856 */
1857 msg = (unsigned char *)buf;
1858 if (msg[0] != 1)
1859 return;
1860
1861 /* Next three bytes are the length of the message. The total length
1862 * must be this decoded length + 4. If the length given as argument
1863 * is not the same, we abort the protocol dissector.
1864 */
1865 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1866 if (len < rec_len + 4)
1867 return;
1868 msg += 4;
1869 end = msg + rec_len;
1870 if (end < msg)
1871 return;
1872
Marcin Deranek769fd2e2021-07-12 14:16:55 +02001873 /* Expect 2 bytes for protocol version
1874 * (1 byte for major and 1 byte for minor)
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001875 */
Marcin Deranek769fd2e2021-07-12 14:16:55 +02001876 if (msg + 2 > end)
1877 return;
1878 protocol_version = (msg[0] << 8) + msg[1];
1879 msg += 2;
1880
1881 /* Expect the random, composed by 4 bytes for the unix time and
1882 * 28 bytes for unix payload. So we jump 4 + 28.
1883 */
1884 msg += 4 + 28;
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001885 if (msg > end)
1886 return;
1887
1888 /* Next, is session id:
1889 * if present, we have to jump by length + 1 for the size information
1890 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001891 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001892 if (msg[0] > 0)
1893 msg += msg[0];
1894 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001895 if (msg > end)
1896 return;
1897
1898 /* Next two bytes are the ciphersuite length. */
1899 if (msg + 2 > end)
1900 return;
1901 rec_len = (msg[0] << 8) + msg[1];
1902 msg += 2;
1903 if (msg + rec_len > end || msg + rec_len < msg)
1904 return;
1905
Marcin Deranek769fd2e2021-07-12 14:16:55 +02001906 capture = pool_zalloc(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001907 if (!capture)
1908 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001909 /* Compute the xxh64 of the ciphersuite. */
1910 capture->xxh64 = XXH64(msg, rec_len, 0);
1911
1912 /* Capture the ciphersuite. */
Marcin Deranek310a2602021-07-13 19:04:24 +02001913 capture->ciphersuite_len = MIN(global_ssl.capture_buffer_size, rec_len);
Marcin Deranek769fd2e2021-07-12 14:16:55 +02001914 capture->ciphersuite_offset = 0;
1915 memcpy(capture->data, msg, capture->ciphersuite_len);
1916 msg += rec_len;
1917 offset += capture->ciphersuite_len;
1918
1919 /* Initialize other data */
1920 capture->protocol_version = protocol_version;
1921
1922 /* Next, compression methods:
1923 * if present, we have to jump by length + 1 for the size information
1924 * if not present, we have to jump by 1 only
1925 */
1926 if (msg[0] > 0)
1927 msg += msg[0];
1928 msg += 1;
1929 if (msg > end)
1930 goto store_capture;
1931
1932 /* We reached extensions */
1933 if (msg + 2 > end)
1934 goto store_capture;
1935 rec_len = (msg[0] << 8) + msg[1];
1936 msg += 2;
1937 if (msg + rec_len > end || msg + rec_len < msg)
1938 goto store_capture;
1939 extensions_end = msg + rec_len;
1940 capture->extensions_offset = offset;
1941
1942 /* Parse each extension */
1943 while (msg + 4 < extensions_end) {
1944 /* Add 2 bytes of extension_id */
Marcin Deranek310a2602021-07-13 19:04:24 +02001945 if (global_ssl.capture_buffer_size >= offset + 2) {
Marcin Deranek769fd2e2021-07-12 14:16:55 +02001946 capture->data[offset++] = msg[0];
1947 capture->data[offset++] = msg[1];
1948 capture->extensions_len += 2;
1949 }
1950 else
1951 break;
1952 extension_id = (msg[0] << 8) + msg[1];
1953 /* Length of the extension */
1954 rec_len = (msg[2] << 8) + msg[3];
1955
1956 /* Expect 2 bytes extension id + 2 bytes extension size */
1957 msg += 2 + 2;
1958 if (msg + rec_len > extensions_end || msg + rec_len < msg)
1959 goto store_capture;
1960 /* TLS Extensions
1961 * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
1962 if (extension_id == 0x000a) {
1963 /* Elliptic Curves:
1964 * https://www.rfc-editor.org/rfc/rfc8422.html
1965 * https://www.rfc-editor.org/rfc/rfc7919.html */
1966 list_end = msg + rec_len;
1967 if (msg + 2 > list_end)
1968 goto store_capture;
1969 rec_len = (msg[0] << 8) + msg[1];
1970 msg += 2;
1971
1972 if (msg + rec_len > list_end || msg + rec_len < msg)
1973 goto store_capture;
1974 /* Store location/size of the list */
1975 ec_start = msg;
1976 ec_len = rec_len;
1977 }
1978 else if (extension_id == 0x000b) {
1979 /* Elliptic Curves Point Formats:
1980 * https://www.rfc-editor.org/rfc/rfc8422.html */
1981 list_end = msg + rec_len;
1982 if (msg + 1 > list_end)
1983 goto store_capture;
1984 rec_len = msg[0];
1985 msg += 1;
1986
1987 if (msg + rec_len > list_end || msg + rec_len < msg)
1988 goto store_capture;
1989 /* Store location/size of the list */
1990 ec_formats_start = msg;
1991 ec_formats_len = rec_len;
1992 }
1993 msg += rec_len;
1994 }
1995
1996 if (ec_start) {
1997 rec_len = ec_len;
Marcin Deranek310a2602021-07-13 19:04:24 +02001998 if (offset + rec_len > global_ssl.capture_buffer_size)
1999 rec_len = global_ssl.capture_buffer_size - offset;
Marcin Deranek769fd2e2021-07-12 14:16:55 +02002000 memcpy(capture->data + offset, ec_start, rec_len);
2001 capture->ec_offset = offset;
2002 capture->ec_len = rec_len;
2003 offset += rec_len;
2004 }
2005 if (ec_formats_start) {
2006 rec_len = ec_formats_len;
Marcin Deranek310a2602021-07-13 19:04:24 +02002007 if (offset + rec_len > global_ssl.capture_buffer_size)
2008 rec_len = global_ssl.capture_buffer_size - offset;
Marcin Deranek769fd2e2021-07-12 14:16:55 +02002009 memcpy(capture->data + offset, ec_formats_start, rec_len);
2010 capture->ec_formats_offset = offset;
2011 capture->ec_formats_len = rec_len;
2012 offset += rec_len;
2013 }
Emmanuel Hocdete3804742017-03-08 11:07:10 +01002014
Marcin Deranek769fd2e2021-07-12 14:16:55 +02002015 store_capture:
Emmanuel Hocdete3804742017-03-08 11:07:10 +01002016 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01002017}
William Lallemand7d42ef52020-07-06 11:41:30 +02002018
2019
William Lallemand722180a2021-06-09 16:46:12 +02002020#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +02002021static void ssl_init_keylog(struct connection *conn, int write_p, int version,
2022 int content_type, const void *buf, size_t len,
2023 SSL *ssl)
2024{
2025 struct ssl_keylog *keylog;
2026
2027 if (SSL_get_ex_data(ssl, ssl_keylog_index))
2028 return;
2029
Willy Tarreauf208ac02021-03-22 21:10:12 +01002030 keylog = pool_zalloc(pool_head_ssl_keylog);
William Lallemand7d42ef52020-07-06 11:41:30 +02002031 if (!keylog)
2032 return;
2033
William Lallemand7d42ef52020-07-06 11:41:30 +02002034 if (!SSL_set_ex_data(ssl, ssl_keylog_index, keylog)) {
2035 pool_free(pool_head_ssl_keylog, keylog);
2036 return;
2037 }
2038}
2039#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01002040
Emeric Brun29f037d2014-04-25 19:05:36 +02002041/* Callback is called for ssl protocol analyse */
2042void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
2043{
Dragan Dosen1e7ed042020-05-08 18:30:00 +02002044 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
2045 struct ssl_sock_msg_callback *cbk;
2046
Dragan Dosen1e7ed042020-05-08 18:30:00 +02002047 /* Try to call all callback functions that were registered by using
2048 * ssl_sock_register_msg_callback().
2049 */
2050 list_for_each_entry(cbk, &ssl_sock_msg_callbacks, list) {
2051 cbk->func(conn, write_p, version, content_type, buf, len, ssl);
2052 }
Emeric Brun29f037d2014-04-25 19:05:36 +02002053}
2054
Bernard Spil13c53f82018-02-15 13:34:58 +01002055#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01002056static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
2057 const unsigned char *in, unsigned int inlen,
2058 void *arg)
2059{
2060 struct server *srv = arg;
2061
2062 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
2063 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
2064 return SSL_TLSEXT_ERR_OK;
2065 return SSL_TLSEXT_ERR_NOACK;
2066}
2067#endif
2068
2069#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02002070/* This callback is used so that the server advertises the list of
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05002071 * negotiable protocols for NPN.
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02002072 */
2073static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
2074 unsigned int *len, void *arg)
2075{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002076 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02002077
2078 *data = (const unsigned char *)conf->npn_str;
2079 *len = conf->npn_len;
2080 return SSL_TLSEXT_ERR_OK;
2081}
2082#endif
2083
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01002084#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02002085/* This callback is used so that the server advertises the list of
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05002086 * negotiable protocols for ALPN.
Willy Tarreauab861d32013-04-02 02:30:41 +02002087 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01002088static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
2089 unsigned char *outlen,
2090 const unsigned char *server,
2091 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02002092{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002093 struct ssl_bind_conf *conf = arg;
Frédéric Lécaille1761fdf2021-12-14 19:40:04 +01002094#ifdef USE_QUIC
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002095 struct quic_conn *qc = SSL_get_ex_data(s, ssl_qc_app_data_index);
Frédéric Lécaille1761fdf2021-12-14 19:40:04 +01002096#endif
Willy Tarreauab861d32013-04-02 02:30:41 +02002097
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01002098 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
2099 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
Frédéric Lécaille067a82b2021-11-19 17:02:20 +01002100#ifdef USE_QUIC
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002101 if (qc)
2102 quic_set_tls_alert(qc, SSL_AD_NO_APPLICATION_PROTOCOL);
Frédéric Lécaille067a82b2021-11-19 17:02:20 +01002103#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01002104 return SSL_TLSEXT_ERR_NOACK;
2105 }
Frédéric Lécaille1761fdf2021-12-14 19:40:04 +01002106
2107#ifdef USE_QUIC
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002108 if (qc && !quic_set_app_ops(qc, *out, *outlen)) {
2109 quic_set_tls_alert(qc, SSL_AD_NO_APPLICATION_PROTOCOL);
Frédéric Lécaille1761fdf2021-12-14 19:40:04 +01002110 return SSL_TLSEXT_ERR_NOACK;
2111 }
2112#endif
2113
Willy Tarreauab861d32013-04-02 02:30:41 +02002114 return SSL_TLSEXT_ERR_OK;
2115}
2116#endif
2117
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02002118#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002119#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002120
Shimi Gersneradabbfe2020-08-23 13:58:13 +03002121/* Configure a DNS SAN extenion on a certificate. */
2122int ssl_sock_add_san_ext(X509V3_CTX* ctx, X509* cert, const char *servername) {
2123 int failure = 0;
2124 X509_EXTENSION *san_ext = NULL;
2125 CONF *conf = NULL;
2126 struct buffer *san_name = get_trash_chunk();
2127
2128 conf = NCONF_new(NULL);
2129 if (!conf) {
2130 failure = 1;
2131 goto cleanup;
2132 }
2133
2134 /* Build an extension based on the DNS entry above */
2135 chunk_appendf(san_name, "DNS:%s", servername);
2136 san_ext = X509V3_EXT_nconf_nid(conf, ctx, NID_subject_alt_name, san_name->area);
2137 if (!san_ext) {
2138 failure = 1;
2139 goto cleanup;
2140 }
2141
2142 /* Add the extension */
2143 if (!X509_add_ext(cert, san_ext, -1 /* Add to end */)) {
2144 failure = 1;
2145 goto cleanup;
2146 }
2147
2148 /* Success */
2149 failure = 0;
2150
2151cleanup:
2152 if (NULL != san_ext) X509_EXTENSION_free(san_ext);
2153 if (NULL != conf) NCONF_free(conf);
2154
2155 return failure;
2156}
2157
Christopher Faulet30548802015-06-11 13:39:32 +02002158/* Create a X509 certificate with the specified servername and serial. This
2159 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02002160static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002161ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002162{
Shimi Gersner5846c492020-08-23 13:58:12 +03002163 X509 *cacert = bind_conf->ca_sign_ckch->cert;
2164 EVP_PKEY *capkey = bind_conf->ca_sign_ckch->key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002165 SSL_CTX *ssl_ctx = NULL;
2166 X509 *newcrt = NULL;
2167 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02002168 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002169 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002170 X509_NAME *name;
2171 const EVP_MD *digest;
2172 X509V3_CTX ctx;
2173 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002174 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002175
Christopher Faulet48a83322017-07-28 16:56:09 +02002176 /* Get the private key of the default certificate and use it */
Ilya Shipitsinaf204882020-12-19 03:12:12 +05002177#ifdef HAVE_SSL_CTX_get0_privatekey
Emmanuel Hocdet15969292017-08-11 10:56:00 +02002178 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
2179#else
2180 tmp_ssl = SSL_new(bind_conf->default_ctx);
2181 if (tmp_ssl)
2182 pkey = SSL_get_privatekey(tmp_ssl);
2183#endif
2184 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002185 goto mkcert_error;
2186
2187 /* Create the certificate */
2188 if (!(newcrt = X509_new()))
2189 goto mkcert_error;
2190
2191 /* Set version number for the certificate (X509v3) and the serial
2192 * number */
2193 if (X509_set_version(newcrt, 2L) != 1)
2194 goto mkcert_error;
Willy Tarreau1db42732021-04-06 11:44:07 +02002195 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD_FETCH(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002196
2197 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08002198 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
2199 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02002200 goto mkcert_error;
2201
2202 /* set public key in the certificate */
2203 if (X509_set_pubkey(newcrt, pkey) != 1)
2204 goto mkcert_error;
2205
2206 /* Set issuer name from the CA */
2207 if (!(name = X509_get_subject_name(cacert)))
2208 goto mkcert_error;
2209 if (X509_set_issuer_name(newcrt, name) != 1)
2210 goto mkcert_error;
2211
2212 /* Set the subject name using the same, but the CN */
2213 name = X509_NAME_dup(name);
2214 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
2215 (const unsigned char *)servername,
2216 -1, -1, 0) != 1) {
2217 X509_NAME_free(name);
2218 goto mkcert_error;
2219 }
2220 if (X509_set_subject_name(newcrt, name) != 1) {
2221 X509_NAME_free(name);
2222 goto mkcert_error;
2223 }
2224 X509_NAME_free(name);
2225
2226 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002227 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002228 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
2229 for (i = 0; i < X509V3_EXT_SIZE; i++) {
2230 X509_EXTENSION *ext;
2231
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002232 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02002233 goto mkcert_error;
2234 if (!X509_add_ext(newcrt, ext, -1)) {
2235 X509_EXTENSION_free(ext);
2236 goto mkcert_error;
2237 }
2238 X509_EXTENSION_free(ext);
2239 }
2240
Shimi Gersneradabbfe2020-08-23 13:58:13 +03002241 /* Add SAN extension */
2242 if (ssl_sock_add_san_ext(&ctx, newcrt, servername)) {
2243 goto mkcert_error;
2244 }
2245
Christopher Faulet31af49d2015-06-09 17:29:50 +02002246 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002247
2248 key_type = EVP_PKEY_base_id(capkey);
2249
2250 if (key_type == EVP_PKEY_DSA)
2251 digest = EVP_sha1();
2252 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002253 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002254 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02002255 digest = EVP_sha256();
2256 else {
Ilya Shipitsinec36c912021-01-07 11:57:42 +05002257#ifdef ASN1_PKEY_CTRL_DEFAULT_MD_NID
Christopher Faulet7969a332015-10-09 11:15:03 +02002258 int nid;
2259
2260 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
2261 goto mkcert_error;
2262 if (!(digest = EVP_get_digestbynid(nid)))
2263 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02002264#else
2265 goto mkcert_error;
2266#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02002267 }
2268
Christopher Faulet31af49d2015-06-09 17:29:50 +02002269 if (!(X509_sign(newcrt, capkey, digest)))
2270 goto mkcert_error;
2271
2272 /* Create and set the new SSL_CTX */
2273 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
2274 goto mkcert_error;
2275 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
2276 goto mkcert_error;
2277 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
2278 goto mkcert_error;
2279 if (!SSL_CTX_check_private_key(ssl_ctx))
2280 goto mkcert_error;
2281
Shimi Gersner5846c492020-08-23 13:58:12 +03002282 /* Build chaining the CA cert and the rest of the chain, keep these order */
2283#if defined(SSL_CTX_add1_chain_cert)
2284 if (!SSL_CTX_add1_chain_cert(ssl_ctx, bind_conf->ca_sign_ckch->cert)) {
2285 goto mkcert_error;
2286 }
2287
2288 if (bind_conf->ca_sign_ckch->chain) {
2289 for (i = 0; i < sk_X509_num(bind_conf->ca_sign_ckch->chain); i++) {
2290 X509 *chain_cert = sk_X509_value(bind_conf->ca_sign_ckch->chain, i);
2291 if (!SSL_CTX_add1_chain_cert(ssl_ctx, chain_cert)) {
2292 goto mkcert_error;
2293 }
2294 }
2295 }
2296#endif
2297
Christopher Faulet31af49d2015-06-09 17:29:50 +02002298 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02002299
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002300#ifndef OPENSSL_NO_DH
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +01002301#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
Remi Tricot-Le Breton292a88c2022-02-11 12:04:49 +01002302 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh_cbk);
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +01002303#else
2304 ssl_sock_set_tmp_dh_from_pkey(ssl_ctx, pkey);
2305#endif
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002306#endif
Remi Tricot-Le Bretonc11e7e12022-02-08 17:45:56 +01002307
2308#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
2309#if defined(SSL_CTX_set1_curves_list)
2310 {
2311 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
2312 if (!SSL_CTX_set1_curves_list(ssl_ctx, ecdhe))
2313 goto end;
2314 }
2315#endif
2316#else
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002317#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
2318 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002319 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002320 EC_KEY *ecc;
2321 int nid;
2322
2323 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
2324 goto end;
2325 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
2326 goto end;
2327 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
2328 EC_KEY_free(ecc);
2329 }
Remi Tricot-Le Bretonc11e7e12022-02-08 17:45:56 +01002330#endif /* defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH) */
2331#endif /* HA_OPENSSL_VERSION_NUMBER >= 0x10101000L */
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002332 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02002333 return ssl_ctx;
2334
2335 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002336 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02002337 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002338 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
2339 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002340 return NULL;
2341}
2342
Christopher Faulet7969a332015-10-09 11:15:03 +02002343
Christopher Faulet30548802015-06-11 13:39:32 +02002344/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02002345 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02002346SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02002347ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02002348{
2349 struct lru64 *lru = NULL;
2350
2351 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002352 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Shimi Gersner5846c492020-08-23 13:58:12 +03002353 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_ckch->cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002354 if (lru && lru->domain) {
2355 if (ssl)
2356 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002357 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002358 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002359 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002360 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002361 }
2362 return NULL;
2363}
2364
Emeric Brun821bb9b2017-06-15 16:37:39 +02002365/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2366 * function is not thread-safe, it should only be used to check if a certificate
2367 * exists in the lru cache (with no warranty it will not be removed by another
2368 * thread). It is kept for backward compatibility. */
2369SSL_CTX *
2370ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2371{
2372 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2373}
2374
Christopher Fauletd2cab922015-07-28 16:03:47 +02002375/* Set a certificate int the LRU cache used to store generated
2376 * certificate. Return 0 on success, otherwise -1 */
2377int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002378ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002379{
2380 struct lru64 *lru = NULL;
2381
2382 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002383 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Shimi Gersner5846c492020-08-23 13:58:12 +03002384 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_ckch->cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002385 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002386 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002387 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002388 }
Christopher Faulet30548802015-06-11 13:39:32 +02002389 if (lru->domain && lru->data)
2390 lru->free((SSL_CTX *)lru->data);
Shimi Gersner5846c492020-08-23 13:58:12 +03002391 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_ckch->cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002392 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002393 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002394 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002395 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002396}
2397
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002398/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002399unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002400ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002401{
2402 return XXH32(data, len, ssl_ctx_lru_seed);
2403}
2404
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002405/* Generate a cert and immediately assign it to the SSL session so that the cert's
2406 * refcount is maintained regardless of the cert's presence in the LRU cache.
2407 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002408static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002409ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002410{
Shimi Gersner5846c492020-08-23 13:58:12 +03002411 X509 *cacert = bind_conf->ca_sign_ckch->cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002412 SSL_CTX *ssl_ctx = NULL;
2413 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002414 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002415
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002416 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002417 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002418 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002419 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002420 if (lru && lru->domain)
2421 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002422 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002423 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002424 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002425 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002426 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002427 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002428 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002429 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002430 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002431 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002432 SSL_set_SSL_CTX(ssl, ssl_ctx);
2433 /* No LRU cache, this CTX will be released as soon as the session dies */
2434 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002435 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002436 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002437 return 0;
2438}
2439static int
2440ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2441{
2442 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002443 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002444
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002445 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002446 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002447 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002448 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002449 }
2450 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002451}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002452#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002453
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002454#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002455
2456static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002457{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002458#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002459 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002460 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2461#endif
2462}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002463static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2464 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002465 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2466}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002467static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002468#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002469 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002470 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2471#endif
2472}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002473static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002474#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002475 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002476 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2477#endif
2478}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002479/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002480static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2481/* Unusable in this context. */
2482static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2483static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2484static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2485static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2486static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002487#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002488
2489static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2490 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002491 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2492}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002493static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2494 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2495 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2496}
2497static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2498 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002499 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2500}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002501static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2502 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2503 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2504}
2505static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2506 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002507 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2508}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002509static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2510 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2511 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2512}
2513static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2514 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002515 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2516}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002517static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2518 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2519 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2520}
2521static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
William Lallemandf22b0322021-06-02 16:09:11 +02002522#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002523 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002524 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2525#endif
2526}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002527static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
William Lallemandf22b0322021-06-02 16:09:11 +02002528#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002529 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2530 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002531#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002532}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002533#endif
2534static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2535static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002536
William Lallemand7fd8b452020-05-07 15:20:43 +02002537struct methodVersions methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002538 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2539 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2540 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2541 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2542 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2543 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002544};
2545
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002546static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2547{
2548 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2549 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2550 SSL_set_SSL_CTX(ssl, ctx);
2551}
2552
Ilya Shipitsin1fc44d42021-01-23 00:09:14 +05002553#ifdef HAVE_SSL_CLIENT_HELLO_CB
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002554
Frédéric Lécaille901ee2f2020-11-23 11:19:04 +01002555int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002556{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002557 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002558 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002559
Willy Tarreau1ea6e6a2022-05-20 16:03:18 +02002560 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || (s->options & BC_O_GENERATE_CERTS))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002561 return SSL_TLSEXT_ERR_OK;
2562 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002563}
2564
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002565#ifdef OPENSSL_IS_BORINGSSL
Frédéric Lécaille901ee2f2020-11-23 11:19:04 +01002566int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002567{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002568 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002569#else
Frédéric Lécaille901ee2f2020-11-23 11:19:04 +01002570int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002571{
2572#endif
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002573 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
2574#ifdef USE_QUIC
2575 struct quic_conn *qc = SSL_get_ex_data(ssl, ssl_qc_app_data_index);
2576#endif /* USE_QUIC */
2577 struct bind_conf *s = NULL;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002578 const uint8_t *extension_data;
2579 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002580 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002581
2582 char *wildp = NULL;
2583 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002584 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002585 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002586 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002587 int i;
2588
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002589 if (conn)
2590 s = __objt_listener(conn->target)->bind_conf;
2591#ifdef USE_QUIC
2592 else if (qc)
2593 s = qc->li->bind_conf;
2594#endif /* USE_QUIC */
Amaury Denoyelle7c564bf2022-01-24 11:04:05 +01002595
2596 if (!s) {
2597 /* must never happen */
2598 ABORT_NOW();
2599 return 0;
2600 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002601
Frédéric Lécaillee9473c72020-11-23 15:37:11 +01002602#ifdef USE_QUIC
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002603 if (qc) {
Frédéric Lécaillee9473c72020-11-23 15:37:11 +01002604 /* Look for the QUIC transport parameters. */
2605#ifdef OPENSSL_IS_BORINGSSL
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002606 if (!SSL_early_callback_ctx_extension_get(ctx, qc->tps_tls_ext,
Frédéric Lécaillee9473c72020-11-23 15:37:11 +01002607 &extension_data, &extension_len))
2608#else
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002609 if (!SSL_client_hello_get0_ext(ssl, qc->tps_tls_ext,
Frédéric Lécaillee9473c72020-11-23 15:37:11 +01002610 &extension_data, &extension_len))
2611#endif
Frédéric Lécailleb5b52472021-11-22 15:55:16 +01002612 {
2613 /* This is not redundant. It we only return 0 without setting
2614 * <*al>, this has as side effect to generate another TLS alert
2615 * which would be set after calling quic_set_tls_alert().
2616 */
2617 *al = SSL_AD_MISSING_EXTENSION;
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002618 quic_set_tls_alert(qc, SSL_AD_MISSING_EXTENSION);
Frédéric Lécailleb5b52472021-11-22 15:55:16 +01002619 return 0;
2620 }
Frédéric Lécaillee9473c72020-11-23 15:37:11 +01002621
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002622 if (!quic_transport_params_store(qc, 0, extension_data,
Frédéric Lécaillee9473c72020-11-23 15:37:11 +01002623 extension_data + extension_len))
2624 goto abort;
2625 }
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002626#endif /* USE_QUIC */
Frédéric Lécaillee9473c72020-11-23 15:37:11 +01002627
Olivier Houchard9679ac92017-10-27 14:58:08 +02002628 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002629 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002630#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002631 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2632 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002633#else
2634 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2635#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002636 /*
2637 * The server_name extension was given too much extensibility when it
2638 * was written, so parsing the normal case is a bit complex.
2639 */
2640 size_t len;
2641 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002642 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002643 /* Extract the length of the supplied list of names. */
2644 len = (*extension_data++) << 8;
2645 len |= *extension_data++;
2646 if (len + 2 != extension_len)
2647 goto abort;
2648 /*
2649 * The list in practice only has a single element, so we only consider
2650 * the first one.
2651 */
2652 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2653 goto abort;
2654 extension_len = len - 1;
2655 /* Now we can finally pull out the byte array with the actual hostname. */
2656 if (extension_len <= 2)
2657 goto abort;
2658 len = (*extension_data++) << 8;
2659 len |= *extension_data++;
2660 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2661 || memchr(extension_data, 0, len) != NULL)
2662 goto abort;
2663 servername = extension_data;
2664 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002665 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002666#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau1ea6e6a2022-05-20 16:03:18 +02002667 if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002668 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002669 }
2670#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002671 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002672 if (!s->strict_sni) {
William Lallemand21724f02019-11-04 17:56:13 +01002673 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002674 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002675 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002676 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002677 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002678 goto abort;
2679 }
2680
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05002681 /* extract/check clientHello information */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002682#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002683 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002684#else
2685 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2686#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002687 uint8_t sign;
2688 size_t len;
2689 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002690 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002691 len = (*extension_data++) << 8;
2692 len |= *extension_data++;
2693 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002694 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002695 if (len % 2 != 0)
2696 goto abort;
2697 for (; len > 0; len -= 2) {
2698 extension_data++; /* hash */
2699 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002700 switch (sign) {
2701 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002702 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002703 break;
2704 case TLSEXT_signature_ecdsa:
2705 has_ecdsa_sig = 1;
2706 break;
2707 default:
2708 continue;
2709 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002710 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002711 break;
2712 }
2713 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002714 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002715 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002716 }
2717 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002718 const SSL_CIPHER *cipher;
2719 size_t len;
2720 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002721 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002722#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002723 len = ctx->cipher_suites_len;
2724 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002725#else
2726 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2727#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002728 if (len % 2 != 0)
2729 goto abort;
2730 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002731#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002732 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002733 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002734#else
2735 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2736#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002737 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002738 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002739 break;
2740 }
2741 }
2742 }
2743
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002744 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002745 trash.area[i] = tolower(servername[i]);
2746 if (!wildp && (trash.area[i] == '.'))
2747 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002748 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002749 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002750
William Lallemand150bfa82019-09-19 17:12:49 +02002751 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002752
William Lallemand94bd3192020-08-14 14:43:35 +02002753 /* Look for an ECDSA, RSA and DSA certificate, first in the single
2754 * name and if not found in the wildcard */
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002755 for (i = 0; i < 2; i++) {
2756 if (i == 0) /* lookup in full qualified names */
2757 node = ebst_lookup(&s->sni_ctx, trash.area);
William Lallemand30f9e092020-08-17 14:31:19 +02002758 else if (i == 1 && wildp) /* lookup in wildcards names */
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002759 node = ebst_lookup(&s->sni_w_ctx, wildp);
2760 else
2761 break;
William Lallemand30f9e092020-08-17 14:31:19 +02002762
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002763 for (n = node; n; n = ebmb_next_dup(n)) {
William Lallemand30f9e092020-08-17 14:31:19 +02002764
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002765 /* lookup a not neg filter */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002766 if (!container_of(n, struct sni_ctx, name)->neg) {
William Lallemand30f9e092020-08-17 14:31:19 +02002767 struct sni_ctx *sni, *sni_tmp;
2768 int skip = 0;
2769
2770 if (i == 1 && wildp) { /* wildcard */
2771 /* If this is a wildcard, look for an exclusion on the same crt-list line */
2772 sni = container_of(n, struct sni_ctx, name);
2773 list_for_each_entry(sni_tmp, &sni->ckch_inst->sni_ctx, by_ckch_inst) {
Tim Duesterhuse5ff1412021-01-02 22:31:53 +01002774 if (sni_tmp->neg && (strcmp((const char *)sni_tmp->name.key, trash.area) == 0)) {
William Lallemand30f9e092020-08-17 14:31:19 +02002775 skip = 1;
2776 break;
2777 }
2778 }
2779 if (skip)
2780 continue;
2781 }
2782
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002783 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002784 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002785 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002786 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002787 break;
2788 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002789 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002790 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002791 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002792 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002793 if (!node_anonymous)
2794 node_anonymous = n;
2795 break;
2796 }
2797 }
2798 }
William Lallemand94bd3192020-08-14 14:43:35 +02002799 }
2800 /* Once the certificates are found, select them depending on what is
2801 * supported in the client and by key_signature priority order: EDSA >
2802 * RSA > DSA */
William Lallemand5b1d1f62020-08-14 15:30:13 +02002803 if (has_ecdsa_sig && node_ecdsa)
2804 node = node_ecdsa;
2805 else if (has_rsa_sig && node_rsa)
2806 node = node_rsa;
2807 else if (node_anonymous)
2808 node = node_anonymous;
2809 else if (node_ecdsa)
2810 node = node_ecdsa; /* no ecdsa signature case (< TLSv1.2) */
2811 else
2812 node = node_rsa; /* no rsa signature case (far far away) */
2813
William Lallemand94bd3192020-08-14 14:43:35 +02002814 if (node) {
2815 /* switch ctx */
2816 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
2817 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
2818 if (conf) {
2819 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2820 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2821 if (conf->early_data)
2822 allow_early = 1;
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002823 }
William Lallemand94bd3192020-08-14 14:43:35 +02002824 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
2825 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002826 }
William Lallemand150bfa82019-09-19 17:12:49 +02002827
William Lallemand02010472019-10-18 11:02:19 +02002828 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002829#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau1ea6e6a2022-05-20 16:03:18 +02002830 if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002831 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002832 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002833 }
2834#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002835 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002836 /* no certificate match, is the default_ctx */
William Lallemand21724f02019-11-04 17:56:13 +01002837 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002838 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002839 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
William Lallemand7980dff2021-11-18 17:46:26 +01002840 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002841 }
William Lallemand7980dff2021-11-18 17:46:26 +01002842
Remi Tricot-Le Bretona9967632022-01-07 17:12:01 +01002843 /* We are about to raise an handshake error so the servername extension
2844 * callback will never be called and the SNI will never be stored in the
2845 * SSL context. In order for the ssl_fc_sni sample fetch to still work
2846 * in such a case, we store the SNI ourselves as an ex_data information
2847 * in the SSL context.
2848 */
2849 {
2850 char *client_sni = pool_alloc(ssl_sock_client_sni_pool);
2851 if (client_sni) {
2852 strncpy(client_sni, trash.area, TLSEXT_MAXLEN_host_name);
2853 client_sni[TLSEXT_MAXLEN_host_name] = '\0';
2854 SSL_set_ex_data(ssl, ssl_client_sni_index, client_sni);
2855 }
2856 }
2857
William Lallemand7980dff2021-11-18 17:46:26 +01002858 /* other cases fallback on abort, if strict-sni is set but no node was found */
2859
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002860 abort:
2861 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01002862 if (conn)
2863 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002864#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002865 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002866#else
2867 *al = SSL_AD_UNRECOGNIZED_NAME;
2868 return 0;
2869#endif
William Lallemand7980dff2021-11-18 17:46:26 +01002870
2871allow_early:
2872#ifdef OPENSSL_IS_BORINGSSL
2873 if (allow_early)
2874 SSL_set_early_data_enabled(ssl, 1);
2875#else
2876 if (!allow_early)
2877 SSL_set_max_early_data(ssl, 0);
2878#endif
2879 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002880}
2881
William Lallemand002e2062021-11-18 15:25:16 +01002882#else /* ! HAVE_SSL_CLIENT_HELLO_CB */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002883
Emeric Brunfc0421f2012-09-07 17:30:07 +02002884/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2885 * warning when no match is found, which implies the default (first) cert
2886 * will keep being used.
2887 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002888static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002889{
2890 const char *servername;
2891 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002892 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002893 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002894 int i;
2895 (void)al; /* shut gcc stupid warning */
2896
2897 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002898 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002899#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau1ea6e6a2022-05-20 16:03:18 +02002900 if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate_from_conn(s, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002901 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002902#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002903 if (s->strict_sni)
2904 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002905 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002906 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002907 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002908 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002909 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002910
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002911 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002912 if (!servername[i])
2913 break;
Willy Tarreauf278eec2020-07-05 21:46:32 +02002914 trash.area[i] = tolower((unsigned char)servername[i]);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002915 if (!wildp && (trash.area[i] == '.'))
2916 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002917 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002918 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002919
William Lallemand150bfa82019-09-19 17:12:49 +02002920 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002921 node = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002922 /* lookup in full qualified names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002923 for (n = ebst_lookup(&s->sni_ctx, trash.area); n; n = ebmb_next_dup(n)) {
2924 /* lookup a not neg filter */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002925 if (!container_of(n, struct sni_ctx, name)->neg) {
2926 node = n;
2927 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002928 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002929 }
2930 if (!node && wildp) {
2931 /* lookup in wildcards names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002932 for (n = ebst_lookup(&s->sni_w_ctx, wildp); n; n = ebmb_next_dup(n)) {
2933 /* lookup a not neg filter */
2934 if (!container_of(n, struct sni_ctx, name)->neg) {
2935 node = n;
2936 break;
2937 }
2938 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002939 }
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002940 if (!node) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002941#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau1ea6e6a2022-05-20 16:03:18 +02002942 if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate(servername, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002943 /* switch ctx done in ssl_sock_generate_certificate */
William Lallemand150bfa82019-09-19 17:12:49 +02002944 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002945 return SSL_TLSEXT_ERR_OK;
2946 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002947#endif
William Lallemand21724f02019-11-04 17:56:13 +01002948 if (s->strict_sni) {
2949 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002950 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002951 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002952 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002953 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002954 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002955 }
2956
2957 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002958 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
William Lallemand150bfa82019-09-19 17:12:49 +02002959 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002960 return SSL_TLSEXT_ERR_OK;
2961}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002962#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002963#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2964
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002965#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002966
Remi Tricot-Le Breton7f6425a2022-02-11 12:04:52 +01002967static inline HASSL_DH *ssl_new_dh_fromdata(BIGNUM *p, BIGNUM *g)
2968{
2969#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
2970 OSSL_PARAM_BLD *tmpl = NULL;
2971 OSSL_PARAM *params = NULL;
2972 EVP_PKEY_CTX *ctx = NULL;
2973 EVP_PKEY *pkey = NULL;
2974
2975 if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
2976 || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
2977 || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g)
2978 || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
2979 goto end;
2980 }
2981 ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
2982 if (ctx == NULL
2983 || !EVP_PKEY_fromdata_init(ctx)
2984 || !EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params)) {
2985 goto end;
2986 }
2987
2988end:
2989 EVP_PKEY_CTX_free(ctx);
2990 OSSL_PARAM_free(params);
2991 OSSL_PARAM_BLD_free(tmpl);
2992 return pkey;
2993#else
2994
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01002995 HASSL_DH *dh = DH_new();
Remi Tricot-Le Breton7f6425a2022-02-11 12:04:52 +01002996
2997 if (!dh)
2998 return NULL;
2999
3000 DH_set0_pqg(dh, p, NULL, g);
3001
3002 return dh;
3003#endif
3004}
3005
Remi Tricot-Le Bretonc69be7c2022-04-20 18:30:17 +02003006#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Remi Tricot-Le Breton528b3fd2022-04-12 11:31:54 +02003007static inline HASSL_DH *ssl_get_dh_by_nid(int nid)
3008{
3009#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
3010 OSSL_PARAM params[2];
3011 EVP_PKEY *pkey = NULL;
3012 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
3013 const char *named_group = NULL;
3014
3015 if (!pctx)
3016 goto end;
3017
3018 named_group = OBJ_nid2ln(nid);
3019
3020 if (!named_group)
3021 goto end;
3022
3023 params[0] = OSSL_PARAM_construct_utf8_string("group", (char*)named_group, 0);
3024 params[1] = OSSL_PARAM_construct_end();
3025
3026 if (EVP_PKEY_keygen_init(pctx) && EVP_PKEY_CTX_set_params(pctx, params))
3027 EVP_PKEY_generate(pctx, &pkey);
3028
3029end:
3030 EVP_PKEY_CTX_free(pctx);
3031 return pkey;
3032#else
3033
3034 HASSL_DH *dh = NULL;
Remi Tricot-Le Breton528b3fd2022-04-12 11:31:54 +02003035 dh = DH_new_by_nid(nid);
Remi Tricot-Le Breton528b3fd2022-04-12 11:31:54 +02003036 return dh;
3037#endif
3038}
Remi Tricot-Le Bretonc69be7c2022-04-20 18:30:17 +02003039#endif
Remi Tricot-Le Breton528b3fd2022-04-12 11:31:54 +02003040
Remi Tricot-Le Breton7f6425a2022-02-11 12:04:52 +01003041
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003042static HASSL_DH * ssl_get_dh_1024(void)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003043{
Remi Gacogned3a341a2015-05-29 16:26:17 +02003044 static unsigned char dh1024_p[]={
3045 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
3046 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
3047 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
3048 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
3049 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
3050 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
3051 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
3052 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
3053 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
3054 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
3055 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
3056 };
3057 static unsigned char dh1024_g[]={
3058 0x02,
3059 };
3060
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003061 BIGNUM *p;
3062 BIGNUM *g;
Remi Gacogned3a341a2015-05-29 16:26:17 +02003063
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003064 HASSL_DH *dh = NULL;
3065
3066 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
3067 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
3068
3069 if (p && g)
3070 dh = ssl_new_dh_fromdata(p, g);
3071
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003072 return dh;
3073}
3074
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003075static HASSL_DH *ssl_get_dh_2048(void)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003076{
Remi Tricot-Le Breton528b3fd2022-04-12 11:31:54 +02003077#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L)
Remi Gacogned3a341a2015-05-29 16:26:17 +02003078 static unsigned char dh2048_p[]={
3079 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
3080 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
3081 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
3082 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
3083 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
3084 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
3085 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
3086 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
3087 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
3088 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
3089 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
3090 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
3091 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
3092 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
3093 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
3094 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
3095 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
3096 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
3097 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
3098 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
3099 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
3100 0xB7,0x1F,0x77,0xF3,
3101 };
3102 static unsigned char dh2048_g[]={
3103 0x02,
3104 };
3105
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003106 BIGNUM *p;
3107 BIGNUM *g;
Remi Gacogned3a341a2015-05-29 16:26:17 +02003108
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003109 HASSL_DH *dh = NULL;
3110
3111 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
3112 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
3113
3114 if (p && g)
3115 dh = ssl_new_dh_fromdata(p, g);
3116
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003117 return dh;
Remi Tricot-Le Breton528b3fd2022-04-12 11:31:54 +02003118#else
3119 return ssl_get_dh_by_nid(NID_ffdhe2048);
3120#endif
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003121}
3122
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003123static HASSL_DH *ssl_get_dh_4096(void)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003124{
Remi Tricot-Le Breton528b3fd2022-04-12 11:31:54 +02003125#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L)
Remi Gacogned3a341a2015-05-29 16:26:17 +02003126 static unsigned char dh4096_p[]={
3127 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
3128 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
3129 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
3130 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
3131 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
3132 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
3133 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
3134 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
3135 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
3136 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
3137 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
3138 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
3139 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
3140 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
3141 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
3142 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
3143 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
3144 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
3145 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
3146 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
3147 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
3148 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
3149 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
3150 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
3151 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
3152 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
3153 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
3154 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
3155 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
3156 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
3157 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
3158 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
3159 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
3160 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
3161 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
3162 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
3163 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
3164 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
3165 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
3166 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
3167 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
3168 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
3169 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003170 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02003171 static unsigned char dh4096_g[]={
3172 0x02,
3173 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003174
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003175 BIGNUM *p;
3176 BIGNUM *g;
Remi Gacogned3a341a2015-05-29 16:26:17 +02003177
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003178 HASSL_DH *dh = NULL;
3179
3180 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
3181 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
3182
3183 if (p && g)
3184 dh = ssl_new_dh_fromdata(p, g);
3185
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003186 return dh;
Remi Tricot-Le Breton528b3fd2022-04-12 11:31:54 +02003187#else
3188 return ssl_get_dh_by_nid(NID_ffdhe4096);
3189#endif
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003190}
3191
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003192static HASSL_DH *ssl_get_tmp_dh(EVP_PKEY *pkey)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003193{
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003194 HASSL_DH *dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003195 int type;
Remi Tricot-Le Breton292a88c2022-02-11 12:04:49 +01003196 int keylen = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003197
3198 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003199
3200 /* The keylen supplied by OpenSSL can only be 512 or 1024.
3201 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
3202 */
3203 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
3204 keylen = EVP_PKEY_bits(pkey);
3205 }
3206
Willy Tarreauef934602016-12-22 23:12:01 +01003207 if (keylen > global_ssl.default_dh_param) {
3208 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003209 }
3210
Remi Gacogned3a341a2015-05-29 16:26:17 +02003211 if (keylen >= 4096) {
Remi Tricot-Le Bretonbed72632022-02-11 12:04:53 +01003212 if (!local_dh_4096)
3213 local_dh_4096 = ssl_get_dh_4096();
Remi Gacogne8de54152014-07-15 11:36:40 +02003214 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003215 }
3216 else if (keylen >= 2048) {
Remi Tricot-Le Bretonbed72632022-02-11 12:04:53 +01003217 if (!local_dh_2048)
3218 local_dh_2048 = ssl_get_dh_2048();
Remi Gacogne8de54152014-07-15 11:36:40 +02003219 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003220 }
3221 else {
Remi Tricot-Le Bretonbed72632022-02-11 12:04:53 +01003222 if (!local_dh_1024)
3223 local_dh_1024 = ssl_get_dh_1024();
Remi Gacogne8de54152014-07-15 11:36:40 +02003224 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02003225 }
3226
3227 return dh;
3228}
3229
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +01003230#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
Remi Tricot-Le Breton292a88c2022-02-11 12:04:49 +01003231/* Returns Diffie-Hellman parameters matching the private key length
3232 but not exceeding global_ssl.default_dh_param */
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003233static HASSL_DH *ssl_get_tmp_dh_cbk(SSL *ssl, int export, int keylen)
Remi Tricot-Le Breton292a88c2022-02-11 12:04:49 +01003234{
3235 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
3236
3237 return ssl_get_tmp_dh(pkey);
3238}
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +01003239#endif
Remi Tricot-Le Breton292a88c2022-02-11 12:04:49 +01003240
Remi Tricot-Le Breton846eda92022-02-11 12:04:50 +01003241static int ssl_sock_set_tmp_dh(SSL_CTX *ctx, HASSL_DH *dh)
3242{
3243#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
3244 return SSL_CTX_set_tmp_dh(ctx, dh);
3245#else
3246 int retval = 0;
3247 HASSL_DH_up_ref(dh);
3248
3249 retval = SSL_CTX_set0_tmp_dh_pkey(ctx, dh);
3250
3251 if (!retval)
3252 HASSL_DH_free(dh);
3253
3254 return retval;
3255#endif
3256}
3257
Remi Tricot-Le Breton5f179302022-02-11 12:04:51 +01003258#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
3259static void ssl_sock_set_tmp_dh_from_pkey(SSL_CTX *ctx, EVP_PKEY *pkey)
3260{
3261 HASSL_DH *dh = NULL;
3262 if (pkey && (dh = ssl_get_tmp_dh(pkey))) {
3263 HASSL_DH_up_ref(dh);
3264 if (!SSL_CTX_set0_tmp_dh_pkey(ctx, dh))
3265 HASSL_DH_free(dh);
3266 }
Remi Tricot-Le Breton5f179302022-02-11 12:04:51 +01003267}
3268#endif
3269
Remi Tricot-Le Breton09ebb332022-02-11 12:04:48 +01003270HASSL_DH *ssl_sock_get_dh_from_bio(BIO *bio)
3271{
3272#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
3273 HASSL_DH *dh = NULL;
3274 OSSL_DECODER_CTX *dctx = NULL;
3275 const char *format = "PEM";
3276 const char *keytype = "DH";
3277
3278 dctx = OSSL_DECODER_CTX_new_for_pkey(&dh, format, NULL, keytype,
3279 OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
3280 NULL, NULL);
3281
3282 if (dctx == NULL || OSSL_DECODER_CTX_get_num_decoders(dctx) == 0)
3283 goto end;
3284
3285 /* The DH parameters might not be the first section found in the PEM
3286 * file so we need to iterate over all of them until we find the right
3287 * one.
3288 */
3289 while (!BIO_eof(bio) && !dh)
3290 OSSL_DECODER_from_bio(dctx, bio);
3291
3292end:
3293 OSSL_DECODER_CTX_free(dctx);
3294 return dh;
3295#else
3296 HASSL_DH *dh = NULL;
3297
3298 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
3299
3300 return dh;
3301#endif
3302}
3303
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003304static HASSL_DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003305{
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003306 HASSL_DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02003307 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003308
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003309 if (in == NULL)
3310 goto end;
3311
Remi Gacogne47783ef2015-05-29 15:53:22 +02003312 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003313 goto end;
3314
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003315 dh = ssl_sock_get_dh_from_bio(in);
Remi Gacogne47783ef2015-05-29 15:53:22 +02003316
3317end:
3318 if (in)
3319 BIO_free(in);
3320
Emeric Brune1b4ed42018-08-16 15:14:12 +02003321 ERR_clear_error();
3322
Remi Gacogne47783ef2015-05-29 15:53:22 +02003323 return dh;
3324}
3325
3326int ssl_sock_load_global_dh_param_from_file(const char *filename)
3327{
3328 global_dh = ssl_sock_get_dh_from_file(filename);
3329
3330 if (global_dh) {
3331 return 0;
3332 }
3333
3334 return -1;
3335}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003336#endif
3337
William Lallemand9117de92019-10-04 00:29:42 +02003338/* This function allocates a sni_ctx and adds it to the ckch_inst */
William Lallemand1d29c742019-10-04 00:53:29 +02003339static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
William Lallemand9117de92019-10-04 00:29:42 +02003340 struct bind_conf *s, struct ssl_bind_conf *conf,
3341 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003342{
3343 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003344 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003345
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003346 if (*name == '!') {
3347 neg = 1;
3348 name++;
3349 }
3350 if (*name == '*') {
3351 wild = 1;
3352 name++;
3353 }
3354 /* !* filter is a nop */
3355 if (neg && wild)
3356 return order;
3357 if (*name) {
3358 int j, len;
3359 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02003360 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreauf278eec2020-07-05 21:46:32 +02003361 trash.area[j] = tolower((unsigned char)name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02003362 if (j >= trash.size)
William Lallemandfe49bb32019-10-03 23:46:33 +02003363 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003364 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02003365
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003366 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02003367 if (!sc)
William Lallemandfe49bb32019-10-03 23:46:33 +02003368 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003369 memcpy(sc->name.key, trash.area, len + 1);
William Lallemand02e19a52020-04-08 16:11:26 +02003370 SSL_CTX_up_ref(ctx);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003371 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003372 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003373 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003374 sc->order = order++;
3375 sc->neg = neg;
William Lallemand1d29c742019-10-04 00:53:29 +02003376 sc->wild = wild;
3377 sc->name.node.leaf_p = NULL;
William Lallemandcfca1422020-03-05 10:17:47 +01003378 sc->ckch_inst = ckch_inst;
Willy Tarreau2b718102021-04-21 07:32:39 +02003379 LIST_APPEND(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003380 }
3381 return order;
3382}
3383
William Lallemand6af03992019-07-23 15:00:54 +02003384/*
William Lallemand1d29c742019-10-04 00:53:29 +02003385 * Insert the sni_ctxs that are listed in the ckch_inst, in the bind_conf's sni_ctx tree
3386 * This function can't return an error.
3387 *
3388 * *CAUTION*: The caller must lock the sni tree if called in multithreading mode
3389 */
William Lallemandc756bbd2020-05-13 17:23:59 +02003390void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf)
William Lallemand1d29c742019-10-04 00:53:29 +02003391{
3392
3393 struct sni_ctx *sc0, *sc0b, *sc1;
3394 struct ebmb_node *node;
3395
3396 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
3397
3398 /* ignore if sc0 was already inserted in a tree */
3399 if (sc0->name.node.leaf_p)
3400 continue;
3401
3402 /* Check for duplicates. */
3403 if (sc0->wild)
3404 node = ebst_lookup(&bind_conf->sni_w_ctx, (char *)sc0->name.key);
3405 else
3406 node = ebst_lookup(&bind_conf->sni_ctx, (char *)sc0->name.key);
3407
3408 for (; node; node = ebmb_next_dup(node)) {
3409 sc1 = ebmb_entry(node, struct sni_ctx, name);
3410 if (sc1->ctx == sc0->ctx && sc1->conf == sc0->conf
3411 && sc1->neg == sc0->neg && sc1->wild == sc0->wild) {
3412 /* it's a duplicate, we should remove and free it */
Willy Tarreau2b718102021-04-21 07:32:39 +02003413 LIST_DELETE(&sc0->by_ckch_inst);
William Lallemand02e19a52020-04-08 16:11:26 +02003414 SSL_CTX_free(sc0->ctx);
Willy Tarreau61cfdf42021-02-20 10:46:51 +01003415 ha_free(&sc0);
William Lallemande15029b2019-10-14 10:46:58 +02003416 break;
William Lallemand1d29c742019-10-04 00:53:29 +02003417 }
3418 }
3419
3420 /* if duplicate, ignore the insertion */
3421 if (!sc0)
3422 continue;
3423
3424 if (sc0->wild)
3425 ebst_insert(&bind_conf->sni_w_ctx, &sc0->name);
3426 else
3427 ebst_insert(&bind_conf->sni_ctx, &sc0->name);
Remi Tricot-Le Breton8218aed2021-03-17 14:56:54 +01003428 }
William Lallemand21724f02019-11-04 17:56:13 +01003429
Remi Tricot-Le Breton8218aed2021-03-17 14:56:54 +01003430 /* replace the default_ctx if required with the instance's ctx. */
3431 if (ckch_inst->is_default) {
3432 SSL_CTX_free(bind_conf->default_ctx);
3433 SSL_CTX_up_ref(ckch_inst->ctx);
3434 bind_conf->default_ctx = ckch_inst->ctx;
Remi Tricot-Le Breton40ddea82021-04-13 16:07:29 +02003435 bind_conf->default_inst = ckch_inst;
William Lallemand1d29c742019-10-04 00:53:29 +02003436 }
3437}
3438
3439/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003440 * tree used to store the ckchs ordered by filename/bundle name
William Lallemand6af03992019-07-23 15:00:54 +02003441 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003442struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
William Lallemand6af03992019-07-23 15:00:54 +02003443
William Lallemand2954c472020-03-06 21:54:13 +01003444/* tree of crtlist (crt-list/directory) */
William Lallemandc756bbd2020-05-13 17:23:59 +02003445struct eb_root crtlists_tree = EB_ROOT_UNIQUE;
William Lallemandfa892222019-07-23 16:06:08 +02003446
Emeric Brun7a883362019-10-17 13:27:40 +02003447/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05003448 * If there is no DH parameter available in the ckchs, the global
Emeric Brun7a883362019-10-17 13:27:40 +02003449 * DH parameter is loaded into the SSL_CTX and if there is no
3450 * DH parameter available in ckchs nor in global, the default
3451 * DH parameters are applied on the SSL_CTX.
3452 * Returns a bitfield containing the flags:
3453 * ERR_FATAL in any fatal error case
3454 * ERR_ALERT if a reason of the error is availabine in err
3455 * ERR_WARN if a warning is available into err
3456 * The value 0 means there is no error nor warning and
3457 * the operation succeed.
3458 */
William Lallemandfa892222019-07-23 16:06:08 +02003459#ifndef OPENSSL_NO_DH
Emeric Brun7a883362019-10-17 13:27:40 +02003460static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch,
3461 const char *path, char **err)
William Lallemandfa892222019-07-23 16:06:08 +02003462{
Emeric Brun7a883362019-10-17 13:27:40 +02003463 int ret = 0;
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003464 HASSL_DH *dh = NULL;
William Lallemandfa892222019-07-23 16:06:08 +02003465
William Lallemanda8c73742019-07-31 18:31:34 +02003466 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02003467 dh = ckch->dh;
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003468 if (!ssl_sock_set_tmp_dh(ctx, dh)) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02003469 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
3470 err && *err ? *err : "", path);
Emeric Bruna9363eb2019-10-17 14:53:03 +02003471 memprintf(err, "%s, DH ciphers won't be available.\n",
3472 err && *err ? *err : "");
Emeric Bruna9363eb2019-10-17 14:53:03 +02003473 ret |= ERR_WARN;
3474 goto end;
3475 }
William Lallemandfa892222019-07-23 16:06:08 +02003476
3477 if (ssl_dh_ptr_index >= 0) {
3478 /* store a pointer to the DH params to avoid complaining about
3479 ssl-default-dh-param not being set for this SSL_CTX */
3480 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
3481 }
3482 }
3483 else if (global_dh) {
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01003484 if (!ssl_sock_set_tmp_dh(ctx, global_dh)) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02003485 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
3486 err && *err ? *err : "", path);
Emeric Bruna9363eb2019-10-17 14:53:03 +02003487 memprintf(err, "%s, DH ciphers won't be available.\n",
3488 err && *err ? *err : "");
Emeric Bruna9363eb2019-10-17 14:53:03 +02003489 ret |= ERR_WARN;
3490 goto end;
3491 }
William Lallemandfa892222019-07-23 16:06:08 +02003492 }
3493 else {
3494 /* Clear openssl global errors stack */
3495 ERR_clear_error();
3496
Remi Tricot-Le Breton1d6338e2022-04-12 11:31:55 +02003497 /* We do not want DHE ciphers to be added to the cipher list
3498 * unless there is an explicit global dh option in the conf.
3499 */
3500 if (global_ssl.default_dh_param) {
3501 if (global_ssl.default_dh_param <= 1024) {
3502 /* we are limited to DH parameter of 1024 bits anyway */
3503 if (local_dh_1024 == NULL)
3504 local_dh_1024 = ssl_get_dh_1024();
William Lallemandfa892222019-07-23 16:06:08 +02003505
Remi Tricot-Le Breton1d6338e2022-04-12 11:31:55 +02003506 if (local_dh_1024 == NULL) {
3507 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3508 err && *err ? *err : "", path);
3509 ret |= ERR_ALERT | ERR_FATAL;
3510 goto end;
3511 }
William Lallemandfa892222019-07-23 16:06:08 +02003512
Remi Tricot-Le Breton1d6338e2022-04-12 11:31:55 +02003513 if (!ssl_sock_set_tmp_dh(ctx, local_dh_1024)) {
3514 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3515 err && *err ? *err : "", path);
3516 memprintf(err, "%s, DH ciphers won't be available.\n",
3517 err && *err ? *err : "");
3518 ret |= ERR_WARN;
3519 goto end;
3520 }
Emeric Bruna9363eb2019-10-17 14:53:03 +02003521 }
Remi Tricot-Le Breton1d6338e2022-04-12 11:31:55 +02003522 else {
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +01003523#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
Remi Tricot-Le Breton1d6338e2022-04-12 11:31:55 +02003524 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh_cbk);
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +01003525#else
Remi Tricot-Le Breton1d6338e2022-04-12 11:31:55 +02003526 ssl_sock_set_tmp_dh_from_pkey(ctx, ckch ? ckch->key : NULL);
Remi Tricot-Le Breton88c56952022-02-11 12:04:56 +01003527#endif
Remi Tricot-Le Breton1d6338e2022-04-12 11:31:55 +02003528 }
William Lallemandfa892222019-07-23 16:06:08 +02003529 }
William Lallemand8d0f8932019-10-17 18:03:58 +02003530 }
3531
William Lallemandf9568fc2019-10-16 18:27:58 +02003532end:
William Lallemandf9568fc2019-10-16 18:27:58 +02003533 ERR_clear_error();
William Lallemandf9568fc2019-10-16 18:27:58 +02003534 return ret;
3535}
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003536#endif
William Lallemandfa892222019-07-23 16:06:08 +02003537
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003538
3539/* Load a certificate chain into an SSL context.
Emeric Bruna96b5822019-10-17 13:25:14 +02003540 * Returns a bitfield containing the flags:
3541 * ERR_FATAL in any fatal error case
3542 * ERR_ALERT if the reason of the error is available in err
3543 * ERR_WARN if a warning is available into err
3544 * The value 0 means there is no error nor warning and
3545 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003546 */
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003547static int ssl_sock_load_cert_chain(const char *path, const struct cert_key_and_chain *ckch,
3548 SSL_CTX *ctx, STACK_OF(X509) **find_chain, char **err)
yanbzhu488a4d22015-12-01 15:16:07 -05003549{
Emeric Bruna96b5822019-10-17 13:25:14 +02003550 int errcode = 0;
3551
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003552 if (find_chain == NULL) {
3553 errcode |= ERR_FATAL;
3554 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003555 }
3556
3557 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3558 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3559 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003560 errcode |= ERR_ALERT | ERR_FATAL;
3561 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003562 }
3563
Emmanuel Hocdetb90d2cb2020-02-18 15:27:32 +01003564 if (ckch->chain) {
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003565 *find_chain = ckch->chain;
Emmanuel Hocdetb90d2cb2020-02-18 15:27:32 +01003566 } else {
3567 /* Find Certificate Chain in global */
3568 struct issuer_chain *issuer;
Emmanuel Hocdetef87e0a2020-03-23 11:29:11 +01003569 issuer = ssl_get0_issuer_chain(ckch->cert);
Emmanuel Hocdetb90d2cb2020-02-18 15:27:32 +01003570 if (issuer)
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003571 *find_chain = issuer->chain;
Emmanuel Hocdetb90d2cb2020-02-18 15:27:32 +01003572 }
William Lallemand85888572020-02-27 14:48:35 +01003573
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003574 if (!*find_chain) {
William Lallemand935d8292020-08-12 20:02:10 +02003575 /* always put a null chain stack in the SSL_CTX so it does not
3576 * try to build the chain from the verify store */
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003577 *find_chain = sk_X509_new_null();
William Lallemand935d8292020-08-12 20:02:10 +02003578 }
3579
William Lallemandf187ce62020-06-02 18:27:20 +02003580 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
William Lallemandf187ce62020-06-02 18:27:20 +02003581#ifdef SSL_CTX_set1_chain
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003582 if (!SSL_CTX_set1_chain(ctx, *find_chain)) {
William Lallemand935d8292020-08-12 20:02:10 +02003583 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3584 err && *err ? *err : "", path);
3585 errcode |= ERR_ALERT | ERR_FATAL;
3586 goto end;
3587 }
William Lallemandf187ce62020-06-02 18:27:20 +02003588#else
3589 { /* legacy compat (< openssl 1.0.2) */
Emmanuel Hocdet4fed93e2020-02-28 16:00:34 +01003590 X509 *ca;
William Lallemandf187ce62020-06-02 18:27:20 +02003591 STACK_OF(X509) *chain;
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003592 chain = X509_chain_up_ref(*find_chain);
William Lallemandf187ce62020-06-02 18:27:20 +02003593 while ((ca = sk_X509_shift(chain)))
Emmanuel Hocdet4fed93e2020-02-28 16:00:34 +01003594 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
Emmanuel Hocdet4fed93e2020-02-28 16:00:34 +01003595 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3596 err && *err ? *err : "", path);
William Lallemandf187ce62020-06-02 18:27:20 +02003597 X509_free(ca);
3598 sk_X509_pop_free(chain, X509_free);
Emmanuel Hocdet4fed93e2020-02-28 16:00:34 +01003599 errcode |= ERR_ALERT | ERR_FATAL;
3600 goto end;
3601 }
Emmanuel Hocdet4fed93e2020-02-28 16:00:34 +01003602 }
William Lallemandf187ce62020-06-02 18:27:20 +02003603#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003604
William Lallemand9a1d8392020-08-10 17:28:23 +02003605#ifdef SSL_CTX_build_cert_chain
William Lallemandbf298af2020-08-10 16:18:45 +02003606 /* remove the Root CA from the SSL_CTX if the option is activated */
3607 if (global_ssl.skip_self_issued_ca) {
3608 if (!SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT|SSL_BUILD_CHAIN_FLAG_UNTRUSTED|SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR)) {
3609 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3610 err && *err ? *err : "", path);
3611 errcode |= ERR_ALERT | ERR_FATAL;
3612 goto end;
3613 }
3614 }
William Lallemand9a1d8392020-08-10 17:28:23 +02003615#endif
William Lallemandbf298af2020-08-10 16:18:45 +02003616
Remi Tricot-Le Bretonec805a32021-01-25 17:19:42 +01003617end:
3618 return errcode;
3619}
3620
3621
3622/* Loads the info in ckch into ctx
3623 * Returns a bitfield containing the flags:
3624 * ERR_FATAL in any fatal error case
3625 * ERR_ALERT if the reason of the error is available in err
3626 * ERR_WARN if a warning is available into err
3627 * The value 0 means there is no error nor warning and
3628 * the operation succeed.
3629 */
3630static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3631{
3632 int errcode = 0;
3633 STACK_OF(X509) *find_chain = NULL;
3634
3635 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3636 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3637 err && *err ? *err : "", path);
3638 errcode |= ERR_ALERT | ERR_FATAL;
3639 return errcode;
3640 }
3641
3642 /* Load certificate chain */
3643 errcode |= ssl_sock_load_cert_chain(path, ckch, ctx, &find_chain, err);
3644 if (errcode & ERR_CODE)
3645 goto end;
3646
William Lallemandfa892222019-07-23 16:06:08 +02003647#ifndef OPENSSL_NO_DH
3648 /* store a NULL pointer to indicate we have not yet loaded
3649 a custom DH param file */
3650 if (ssl_dh_ptr_index >= 0) {
3651 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3652 }
3653
Emeric Brun7a883362019-10-17 13:27:40 +02003654 errcode |= ssl_sock_load_dh_params(ctx, ckch, path, err);
3655 if (errcode & ERR_CODE) {
William Lallemandfa892222019-07-23 16:06:08 +02003656 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3657 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003658 goto end;
William Lallemandfa892222019-07-23 16:06:08 +02003659 }
3660#endif
3661
Ilya Shipitsin7bbf5862021-02-06 18:55:27 +05003662#ifdef HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT
William Lallemanda17f4112019-10-10 15:16:44 +02003663 if (sctl_ex_index >= 0 && ckch->sctl) {
3664 if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
3665 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003666 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003667 errcode |= ERR_ALERT | ERR_FATAL;
3668 goto end;
William Lallemanda17f4112019-10-10 15:16:44 +02003669 }
3670 }
3671#endif
3672
Emmanuel Hocdeta73a2222020-10-26 13:55:30 +01003673#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand246c0242019-10-11 08:59:13 +02003674 /* Load OCSP Info into context */
3675 if (ckch->ocsp_response) {
Emmanuel Hocdet6f507c72020-02-18 15:56:39 +01003676 if (ssl_sock_load_ocsp(ctx, ckch, find_chain) < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01003677 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3678 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003679 errcode |= ERR_ALERT | ERR_FATAL;
3680 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003681 }
3682 }
William Lallemand246c0242019-10-11 08:59:13 +02003683#endif
3684
Emeric Bruna96b5822019-10-17 13:25:14 +02003685 end:
3686 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003687}
3688
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003689
3690/* Loads the info of a ckch built out of a backend certificate into an SSL ctx
3691 * Returns a bitfield containing the flags:
3692 * ERR_FATAL in any fatal error case
3693 * ERR_ALERT if the reason of the error is available in err
3694 * ERR_WARN if a warning is available into err
3695 * The value 0 means there is no error nor warning and
3696 * the operation succeed.
3697 */
3698static int ssl_sock_put_srv_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch,
3699 SSL_CTX *ctx, char **err)
3700{
3701 int errcode = 0;
3702 STACK_OF(X509) *find_chain = NULL;
3703
3704 /* Load the private key */
3705 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3706 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3707 err && *err ? *err : "", path);
3708 errcode |= ERR_ALERT | ERR_FATAL;
3709 }
3710
3711 /* Load certificate chain */
3712 errcode |= ssl_sock_load_cert_chain(path, ckch, ctx, &find_chain, err);
3713 if (errcode & ERR_CODE)
3714 goto end;
3715
3716 if (SSL_CTX_check_private_key(ctx) <= 0) {
3717 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3718 err && *err ? *err : "", path);
3719 errcode |= ERR_ALERT | ERR_FATAL;
3720 }
3721
3722end:
3723 return errcode;
3724}
3725
3726
William Lallemand614ca0d2019-10-07 13:52:11 +02003727/*
3728 * This function allocate a ckch_inst and create its snis
Emeric Brun054563d2019-10-17 13:16:58 +02003729 *
3730 * Returns a bitfield containing the flags:
3731 * ERR_FATAL in any fatal error case
3732 * ERR_ALERT if the reason of the error is available in err
3733 * ERR_WARN if a warning is available into err
William Lallemand614ca0d2019-10-07 13:52:11 +02003734 */
William Lallemandc756bbd2020-05-13 17:23:59 +02003735int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
Emeric Brun054563d2019-10-17 13:16:58 +02003736 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003737{
William Lallemandc9402072019-05-15 15:33:54 +02003738 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02003739 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003740 int order = 0;
3741 X509_NAME *xname;
3742 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003743 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003744 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02003745#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3746 STACK_OF(GENERAL_NAME) *names;
3747#endif
William Lallemand36b84632019-07-18 19:28:17 +02003748 struct cert_key_and_chain *ckch;
William Lallemand614ca0d2019-10-07 13:52:11 +02003749 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02003750 int errcode = 0;
3751
3752 *ckchi = NULL;
William Lallemanda59191b2019-05-15 16:08:56 +02003753
William Lallemande3af8fb2019-10-08 11:36:53 +02003754 if (!ckchs || !ckchs->ckch)
Emeric Brun054563d2019-10-17 13:16:58 +02003755 return ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003756
William Lallemande3af8fb2019-10-08 11:36:53 +02003757 ckch = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003758
William Lallemandc9402072019-05-15 15:33:54 +02003759 ctx = SSL_CTX_new(SSLv23_server_method());
3760 if (!ctx) {
3761 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3762 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003763 errcode |= ERR_ALERT | ERR_FATAL;
3764 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02003765 }
3766
Emeric Bruna96b5822019-10-17 13:25:14 +02003767 errcode |= ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err);
3768 if (errcode & ERR_CODE)
William Lallemand614ca0d2019-10-07 13:52:11 +02003769 goto error;
William Lallemand614ca0d2019-10-07 13:52:11 +02003770
3771 ckch_inst = ckch_inst_new();
3772 if (!ckch_inst) {
3773 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3774 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003775 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003776 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02003777 }
3778
William Lallemand36b84632019-07-18 19:28:17 +02003779 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003780 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003781 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003782 switch(EVP_PKEY_base_id(pkey)) {
3783 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003784 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003785 break;
3786 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003787 kinfo.sig = TLSEXT_signature_ecdsa;
3788 break;
3789 case EVP_PKEY_DSA:
3790 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003791 break;
3792 }
3793 EVP_PKEY_free(pkey);
3794 }
3795
Emeric Brun50bcecc2013-04-22 13:05:23 +02003796 if (fcount) {
William Lallemandfe49bb32019-10-03 23:46:33 +02003797 while (fcount--) {
William Lallemand1d29c742019-10-04 00:53:29 +02003798 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemandfe49bb32019-10-03 23:46:33 +02003799 if (order < 0) {
3800 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003801 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003802 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003803 }
3804 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003805 }
3806 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003807#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02003808 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003809 if (names) {
3810 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3811 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3812 if (name->type == GEN_DNS) {
3813 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02003814 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003815 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02003816 if (order < 0) {
3817 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003818 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003819 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003820 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003821 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003822 }
3823 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003824 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003825 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003826#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02003827 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003828 i = -1;
3829 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3830 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003831 ASN1_STRING *value;
3832
3833 value = X509_NAME_ENTRY_get_data(entry);
3834 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02003835 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003836 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02003837 if (order < 0) {
3838 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003839 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003840 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02003841 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003842 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003843 }
3844 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003845 /* we must not free the SSL_CTX anymore below, since it's already in
3846 * the tree, so it will be discovered and cleaned in time.
3847 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003848
Emeric Brunfc0421f2012-09-07 17:30:07 +02003849#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003850 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003851 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3852 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003853 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02003854 goto error;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003855 }
3856#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003857 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003858 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003859 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01003860 ckch_inst->is_default = 1;
William Lallemand02e19a52020-04-08 16:11:26 +02003861 SSL_CTX_up_ref(ctx);
Remi Tricot-Le Breton40ddea82021-04-13 16:07:29 +02003862 bind_conf->default_inst = ckch_inst;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003863 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003864
Remi Tricot-Le Breton8218aed2021-03-17 14:56:54 +01003865 /* Always keep a reference to the newly constructed SSL_CTX in the
3866 * instance. This way if the instance has no SNIs, the SSL_CTX will
3867 * still be linked. */
3868 SSL_CTX_up_ref(ctx);
3869 ckch_inst->ctx = ctx;
3870
William Lallemand9117de92019-10-04 00:29:42 +02003871 /* everything succeed, the ckch instance can be used */
3872 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02003873 ckch_inst->ssl_conf = ssl_conf;
William Lallemandcfca1422020-03-05 10:17:47 +01003874 ckch_inst->ckch_store = ckchs;
William Lallemand9117de92019-10-04 00:29:42 +02003875
William Lallemand02e19a52020-04-08 16:11:26 +02003876 SSL_CTX_free(ctx); /* we need to free the ctx since we incremented the refcount where it's used */
3877
Emeric Brun054563d2019-10-17 13:16:58 +02003878 *ckchi = ckch_inst;
3879 return errcode;
William Lallemandd9199372019-10-04 15:37:05 +02003880
3881error:
3882 /* free the allocated sni_ctxs */
William Lallemand614ca0d2019-10-07 13:52:11 +02003883 if (ckch_inst) {
William Lallemand02e19a52020-04-08 16:11:26 +02003884 if (ckch_inst->is_default)
3885 SSL_CTX_free(ctx);
3886
William Lallemandd9d5d1b2020-04-09 16:31:05 +02003887 ckch_inst_free(ckch_inst);
William Lallemand614ca0d2019-10-07 13:52:11 +02003888 ckch_inst = NULL;
William Lallemandd9199372019-10-04 15:37:05 +02003889 }
William Lallemandd9199372019-10-04 15:37:05 +02003890 SSL_CTX_free(ctx);
3891
Emeric Brun054563d2019-10-17 13:16:58 +02003892 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003893}
3894
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003895
3896/*
3897 * This function allocate a ckch_inst that will be used on the backend side
3898 * (server line)
3899 *
3900 * Returns a bitfield containing the flags:
3901 * ERR_FATAL in any fatal error case
3902 * ERR_ALERT if the reason of the error is available in err
3903 * ERR_WARN if a warning is available into err
3904 */
3905int ckch_inst_new_load_srv_store(const char *path, struct ckch_store *ckchs,
William Lallemand795bd9b2021-01-26 11:27:42 +01003906 struct ckch_inst **ckchi, char **err)
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003907{
3908 SSL_CTX *ctx;
3909 struct cert_key_and_chain *ckch;
3910 struct ckch_inst *ckch_inst = NULL;
3911 int errcode = 0;
3912
3913 *ckchi = NULL;
3914
3915 if (!ckchs || !ckchs->ckch)
3916 return ERR_FATAL;
3917
3918 ckch = ckchs->ckch;
3919
3920 ctx = SSL_CTX_new(SSLv23_client_method());
3921 if (!ctx) {
3922 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3923 err && *err ? *err : "", path);
3924 errcode |= ERR_ALERT | ERR_FATAL;
3925 goto error;
3926 }
3927
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003928 errcode |= ssl_sock_put_srv_ckch_into_ctx(path, ckch, ctx, err);
3929 if (errcode & ERR_CODE)
3930 goto error;
3931
3932 ckch_inst = ckch_inst_new();
3933 if (!ckch_inst) {
3934 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3935 err && *err ? *err : "", path);
3936 errcode |= ERR_ALERT | ERR_FATAL;
3937 goto error;
3938 }
3939
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003940 /* everything succeed, the ckch instance can be used */
3941 ckch_inst->bind_conf = NULL;
3942 ckch_inst->ssl_conf = NULL;
3943 ckch_inst->ckch_store = ckchs;
William Lallemand795bd9b2021-01-26 11:27:42 +01003944 ckch_inst->ctx = ctx;
William Lallemanddb26e2b2021-01-26 12:01:46 +01003945 ckch_inst->is_server_instance = 1;
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003946
3947 *ckchi = ckch_inst;
3948 return errcode;
3949
3950error:
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003951 SSL_CTX_free(ctx);
3952
3953 return errcode;
3954}
3955
Willy Tarreau8c5414a2019-10-16 17:06:25 +02003956/* Returns a set of ERR_* flags possibly with an error in <err>. */
William Lallemand614ca0d2019-10-07 13:52:11 +02003957static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
3958 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
William Lallemand24bde432020-03-09 16:48:43 +01003959 char **sni_filter, int fcount, struct ckch_inst **ckch_inst, char **err)
William Lallemand614ca0d2019-10-07 13:52:11 +02003960{
Emeric Brun054563d2019-10-17 13:16:58 +02003961 int errcode = 0;
William Lallemand614ca0d2019-10-07 13:52:11 +02003962
3963 /* we found the ckchs in the tree, we can use it directly */
William Lallemande7eb1fe2020-09-16 16:17:51 +02003964 errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02003965
Emeric Brun054563d2019-10-17 13:16:58 +02003966 if (errcode & ERR_CODE)
3967 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02003968
William Lallemand24bde432020-03-09 16:48:43 +01003969 ssl_sock_load_cert_sni(*ckch_inst, bind_conf);
William Lallemand614ca0d2019-10-07 13:52:11 +02003970
3971 /* succeed, add the instance to the ckch_store's list of instance */
Willy Tarreau2b718102021-04-21 07:32:39 +02003972 LIST_APPEND(&ckchs->ckch_inst, &((*ckch_inst)->by_ckchs));
Emeric Brun054563d2019-10-17 13:16:58 +02003973 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02003974}
3975
William Lallemanddb26e2b2021-01-26 12:01:46 +01003976/* This function generates a <struct ckch_inst *> for a <struct server *>, and
3977 * fill the SSL_CTX of the server.
3978 *
3979 * Returns a set of ERR_* flags possibly with an error in <err>. */
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003980static int ssl_sock_load_srv_ckchs(const char *path, struct ckch_store *ckchs,
William Lallemanddb26e2b2021-01-26 12:01:46 +01003981 struct server *server, struct ckch_inst **ckch_inst, char **err)
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003982{
3983 int errcode = 0;
3984
3985 /* we found the ckchs in the tree, we can use it directly */
William Lallemand795bd9b2021-01-26 11:27:42 +01003986 errcode |= ckch_inst_new_load_srv_store(path, ckchs, ckch_inst, err);
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003987
3988 if (errcode & ERR_CODE)
3989 return errcode;
3990
William Lallemanddb26e2b2021-01-26 12:01:46 +01003991 (*ckch_inst)->server = server;
3992 /* Keep the reference to the SSL_CTX in the server. */
3993 SSL_CTX_up_ref((*ckch_inst)->ctx);
3994 server->ssl_ctx.ctx = (*ckch_inst)->ctx;
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003995 /* succeed, add the instance to the ckch_store's list of instance */
Willy Tarreau2b718102021-04-21 07:32:39 +02003996 LIST_APPEND(&ckchs->ckch_inst, &((*ckch_inst)->by_ckchs));
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01003997 return errcode;
3998}
3999
William Lallemand6be66ec2020-03-06 22:26:32 +01004000
William Lallemand4c68bba2020-03-30 18:45:10 +02004001
4002
4003/* Make sure openssl opens /dev/urandom before the chroot. The work is only
4004 * done once. Zero is returned if the operation fails. No error is returned
4005 * if the random is said as not implemented, because we expect that openssl
4006 * will use another method once needed.
4007 */
Amaury Denoyellec593bcd2021-05-19 15:35:29 +02004008int ssl_initialize_random(void)
William Lallemand4c68bba2020-03-30 18:45:10 +02004009{
4010 unsigned char random;
4011 static int random_initialized = 0;
4012
4013 if (!random_initialized && RAND_bytes(&random, 1) != 0)
4014 random_initialized = 1;
4015
4016 return random_initialized;
4017}
4018
William Lallemand2954c472020-03-06 21:54:13 +01004019/* Load a crt-list file, this is done in 2 parts:
4020 * - store the content of the file in a crtlist structure with crtlist_entry structures
4021 * - generate the instances by iterating on entries in the crtlist struct
4022 *
4023 * Nothing is locked there, this function is used in the configuration parser.
4024 *
4025 * Returns a set of ERR_* flags possibly with an error in <err>.
4026 */
William Lallemand6be66ec2020-03-06 22:26:32 +01004027int ssl_sock_load_cert_list_file(char *file, int dir, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
William Lallemand2954c472020-03-06 21:54:13 +01004028{
4029 struct crtlist *crtlist = NULL;
4030 struct ebmb_node *eb;
William Lallemand49398312020-03-30 17:01:33 +02004031 struct crtlist_entry *entry = NULL;
William Lallemand79d31ec2020-03-25 15:10:49 +01004032 struct bind_conf_list *bind_conf_node = NULL;
William Lallemand2954c472020-03-06 21:54:13 +01004033 int cfgerr = 0;
William Lallemand41ca9302020-04-08 13:15:18 +02004034 char *end;
William Lallemand2954c472020-03-06 21:54:13 +01004035
William Lallemand79d31ec2020-03-25 15:10:49 +01004036 bind_conf_node = malloc(sizeof(*bind_conf_node));
4037 if (!bind_conf_node) {
4038 memprintf(err, "%sCan't alloc memory!\n", err && *err ? *err : "");
4039 cfgerr |= ERR_FATAL | ERR_ALERT;
4040 goto error;
4041 }
4042 bind_conf_node->next = NULL;
4043 bind_conf_node->bind_conf = bind_conf;
4044
William Lallemand41ca9302020-04-08 13:15:18 +02004045 /* strip trailing slashes, including first one */
4046 for (end = file + strlen(file) - 1; end >= file && *end == '/'; end--)
4047 *end = 0;
4048
William Lallemand2954c472020-03-06 21:54:13 +01004049 /* look for an existing crtlist or create one */
4050 eb = ebst_lookup(&crtlists_tree, file);
4051 if (eb) {
4052 crtlist = ebmb_entry(eb, struct crtlist, node);
4053 } else {
William Lallemand6be66ec2020-03-06 22:26:32 +01004054 /* load a crt-list OR a directory */
4055 if (dir)
4056 cfgerr |= crtlist_load_cert_dir(file, bind_conf, &crtlist, err);
4057 else
4058 cfgerr |= crtlist_parse_file(file, bind_conf, curproxy, &crtlist, err);
4059
William Lallemand2954c472020-03-06 21:54:13 +01004060 if (!(cfgerr & ERR_CODE))
4061 ebst_insert(&crtlists_tree, &crtlist->node);
4062 }
4063
4064 if (cfgerr & ERR_CODE) {
4065 cfgerr |= ERR_FATAL | ERR_ALERT;
4066 goto error;
4067 }
4068
4069 /* generates ckch instance from the crtlist_entry */
4070 list_for_each_entry(entry, &crtlist->ord_entries, by_crtlist) {
4071 struct ckch_store *store;
4072 struct ckch_inst *ckch_inst = NULL;
4073
4074 store = entry->node.key;
4075 cfgerr |= ssl_sock_load_ckchs(store->path, store, bind_conf, entry->ssl_conf, entry->filters, entry->fcount, &ckch_inst, err);
4076 if (cfgerr & ERR_CODE) {
4077 memprintf(err, "error processing line %d in file '%s' : %s", entry->linenum, file, *err);
4078 goto error;
4079 }
Willy Tarreau2b718102021-04-21 07:32:39 +02004080 LIST_APPEND(&entry->ckch_inst, &ckch_inst->by_crtlist_entry);
William Lallemandcaa16192020-04-08 16:29:15 +02004081 ckch_inst->crtlist_entry = entry;
William Lallemand2954c472020-03-06 21:54:13 +01004082 }
William Lallemand2954c472020-03-06 21:54:13 +01004083
William Lallemand79d31ec2020-03-25 15:10:49 +01004084 /* add the bind_conf to the list */
4085 bind_conf_node->next = crtlist->bind_conf;
4086 crtlist->bind_conf = bind_conf_node;
4087
William Lallemand2954c472020-03-06 21:54:13 +01004088 return cfgerr;
4089error:
4090 {
William Lallemand49398312020-03-30 17:01:33 +02004091 struct crtlist_entry *lastentry;
William Lallemand2954c472020-03-06 21:54:13 +01004092 struct ckch_inst *inst, *s_inst;
4093
William Lallemand49398312020-03-30 17:01:33 +02004094 lastentry = entry; /* which entry we tried to generate last */
4095 if (lastentry) {
4096 list_for_each_entry(entry, &crtlist->ord_entries, by_crtlist) {
4097 if (entry == lastentry) /* last entry we tried to generate, no need to go further */
4098 break;
4099
4100 list_for_each_entry_safe(inst, s_inst, &entry->ckch_inst, by_crtlist_entry) {
William Lallemand2954c472020-03-06 21:54:13 +01004101
William Lallemand49398312020-03-30 17:01:33 +02004102 /* this was not generated for this bind_conf, skip */
4103 if (inst->bind_conf != bind_conf)
4104 continue;
4105
William Lallemandd9d5d1b2020-04-09 16:31:05 +02004106 /* free the sni_ctx and instance */
4107 ckch_inst_free(inst);
William Lallemand49398312020-03-30 17:01:33 +02004108 }
William Lallemand2954c472020-03-06 21:54:13 +01004109 }
William Lallemand2954c472020-03-06 21:54:13 +01004110 }
William Lallemand79d31ec2020-03-25 15:10:49 +01004111 free(bind_conf_node);
William Lallemand2954c472020-03-06 21:54:13 +01004112 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004113 return cfgerr;
4114}
4115
William Lallemand06b22a82020-03-16 14:45:55 +01004116/* Returns a set of ERR_* flags possibly with an error in <err>. */
4117int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
4118{
4119 struct stat buf;
William Lallemand06b22a82020-03-16 14:45:55 +01004120 int cfgerr = 0;
4121 struct ckch_store *ckchs;
William Lallemand24bde432020-03-09 16:48:43 +01004122 struct ckch_inst *ckch_inst = NULL;
William Lallemand06ce84a2020-11-20 15:36:13 +01004123 int found = 0; /* did we found a file to load ? */
William Lallemand06b22a82020-03-16 14:45:55 +01004124
4125 if ((ckchs = ckchs_lookup(path))) {
4126 /* we found the ckchs in the tree, we can use it directly */
William Lallemand06ce84a2020-11-20 15:36:13 +01004127 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
4128 found++;
4129 } else if (stat(path, &buf) == 0) {
4130 found++;
William Lallemand06b22a82020-03-16 14:45:55 +01004131 if (S_ISDIR(buf.st_mode) == 0) {
William Lallemandbd8e6ed2020-09-16 16:08:08 +02004132 ckchs = ckchs_load_cert_file(path, err);
William Lallemand06b22a82020-03-16 14:45:55 +01004133 if (!ckchs)
William Lallemand06ce84a2020-11-20 15:36:13 +01004134 cfgerr |= ERR_ALERT | ERR_FATAL;
4135 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
William Lallemand06b22a82020-03-16 14:45:55 +01004136 } else {
William Lallemand06ce84a2020-11-20 15:36:13 +01004137 cfgerr |= ssl_sock_load_cert_list_file(path, 1, bind_conf, bind_conf->frontend, err);
William Lallemand06b22a82020-03-16 14:45:55 +01004138 }
4139 } else {
4140 /* stat failed, could be a bundle */
4141 if (global_ssl.extra_files & SSL_GF_BUNDLE) {
William Lallemanddfa93be2020-09-16 14:48:52 +02004142 char fp[MAXPATHLEN+1] = {0};
4143 int n = 0;
4144
4145 /* Load all possible certs and keys in separate ckch_store */
4146 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
4147 struct stat buf;
4148 int ret;
4149
4150 ret = snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
4151 if (ret > sizeof(fp))
4152 continue;
4153
4154 if ((ckchs = ckchs_lookup(fp))) {
4155 cfgerr |= ssl_sock_load_ckchs(fp, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
William Lallemand06ce84a2020-11-20 15:36:13 +01004156 found++;
William Lallemanddfa93be2020-09-16 14:48:52 +02004157 } else {
4158 if (stat(fp, &buf) == 0) {
William Lallemand06ce84a2020-11-20 15:36:13 +01004159 found++;
William Lallemandbd8e6ed2020-09-16 16:08:08 +02004160 ckchs = ckchs_load_cert_file(fp, err);
William Lallemanddfa93be2020-09-16 14:48:52 +02004161 if (!ckchs)
William Lallemand06ce84a2020-11-20 15:36:13 +01004162 cfgerr |= ERR_ALERT | ERR_FATAL;
William Lallemanddfa93be2020-09-16 14:48:52 +02004163 cfgerr |= ssl_sock_load_ckchs(fp, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
4164 }
4165 }
4166 }
William Lallemandb7fdfdf2020-12-04 15:45:02 +01004167#if HA_OPENSSL_VERSION_NUMBER < 0x10101000L
4168 if (found) {
4169 memprintf(err, "%sCan't load '%s'. Loading a multi certificates bundle requires OpenSSL >= 1.1.1\n",
4170 err && *err ? *err : "", path);
4171 cfgerr |= ERR_ALERT | ERR_FATAL;
4172 }
4173#endif
William Lallemand06b22a82020-03-16 14:45:55 +01004174 }
4175 }
William Lallemand06ce84a2020-11-20 15:36:13 +01004176 if (!found) {
4177 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4178 err && *err ? *err : "", path, strerror(errno));
4179 cfgerr |= ERR_ALERT | ERR_FATAL;
4180 }
William Lallemand06b22a82020-03-16 14:45:55 +01004181
4182 return cfgerr;
4183}
4184
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01004185
4186/* Create a full ssl context and ckch instance that will be used for a specific
4187 * backend server (server configuration line).
4188 * Returns a set of ERR_* flags possibly with an error in <err>.
4189 */
Amaury Denoyelle36aa4512021-05-21 16:22:11 +02004190int ssl_sock_load_srv_cert(char *path, struct server *server, int create_if_none, char **err)
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01004191{
4192 struct stat buf;
4193 int cfgerr = 0;
4194 struct ckch_store *ckchs;
4195 int found = 0; /* did we found a file to load ? */
4196
4197 if ((ckchs = ckchs_lookup(path))) {
4198 /* we found the ckchs in the tree, we can use it directly */
William Lallemanddb26e2b2021-01-26 12:01:46 +01004199 cfgerr |= ssl_sock_load_srv_ckchs(path, ckchs, server, &server->ssl_ctx.inst, err);
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01004200 found++;
Amaury Denoyelle36aa4512021-05-21 16:22:11 +02004201 } else {
4202 if (!create_if_none) {
4203 memprintf(err, "%sunable to stat SSL certificate '%s'.\n",
4204 err && *err ? *err : "", path);
4205 cfgerr |= ERR_ALERT | ERR_FATAL;
4206 goto out;
4207 }
4208
4209 if (stat(path, &buf) == 0) {
4210 /* We do not manage directories on backend side. */
4211 if (S_ISDIR(buf.st_mode) == 0) {
4212 ++found;
4213 ckchs = ckchs_load_cert_file(path, err);
4214 if (!ckchs)
4215 cfgerr |= ERR_ALERT | ERR_FATAL;
4216 cfgerr |= ssl_sock_load_srv_ckchs(path, ckchs, server, &server->ssl_ctx.inst, err);
4217 }
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01004218 }
4219 }
4220 if (!found) {
4221 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4222 err && *err ? *err : "", path, strerror(errno));
4223 cfgerr |= ERR_ALERT | ERR_FATAL;
4224 }
4225
Amaury Denoyelle36aa4512021-05-21 16:22:11 +02004226out:
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01004227 return cfgerr;
4228}
4229
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004230/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004231static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004232ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004233{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004234 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004235 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004236 SSL_OP_ALL | /* all known workarounds for bugs */
4237 SSL_OP_NO_SSLv2 |
4238 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004239 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02004240 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004241 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02004242 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004243 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004244 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004245 SSL_MODE_ENABLE_PARTIAL_WRITE |
4246 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004247 SSL_MODE_RELEASE_BUFFERS |
4248 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004249 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004250 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004251 int flags = MC_SSL_O_ALL;
4252 int cfgerr = 0;
William Lallemand50df1cb2020-06-02 10:52:24 +02004253 const int default_min_ver = CONF_TLSV12;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004254
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004255 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004256 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004257
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004258 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004259 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
4260 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4261 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004262 else
4263 flags = conf_ssl_methods->flags;
4264
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004265 min = conf_ssl_methods->min;
4266 max = conf_ssl_methods->max;
William Lallemand50df1cb2020-06-02 10:52:24 +02004267
4268 /* default minimum is TLSV12, */
4269 if (!min) {
4270 if (!max || (max >= default_min_ver)) {
4271 min = default_min_ver;
4272 } else {
4273 ha_warning("Proxy '%s': Ambiguous configuration for bind '%s' at [%s:%d]: the ssl-min-ver value is not configured and the ssl-max-ver value is lower than the default ssl-min-ver value (%s). "
4274 "Setting the ssl-min-ver to %s. Use 'ssl-min-ver' to fix this.\n",
4275 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line, methodVersions[default_min_ver].name, methodVersions[max].name);
4276 min = max;
4277 }
4278 }
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004279 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004280 if (min)
4281 flags |= (methodVersions[min].flag - 1);
4282 if (max)
4283 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004284 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004285 min = max = CONF_TLSV_NONE;
4286 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004287 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004288 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004289 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004290 if (min) {
4291 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004292 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
4293 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4294 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
4295 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004296 hole = 0;
4297 }
4298 max = i;
4299 }
4300 else {
4301 min = max = i;
4302 }
4303 }
4304 else {
4305 if (min)
4306 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004307 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004308 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004309 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4310 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004311 cfgerr += 1;
4312 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004313 /* save real min/max in bind_conf */
4314 conf_ssl_methods->min = min;
4315 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004316
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004317#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004318 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004319 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004320 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004321 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004322 else
William Lallemandd0712f32020-06-11 17:34:00 +02004323 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++) {
4324 /* clear every version flags in case SSL_CTX_new()
4325 * returns an SSL_CTX with disabled versions */
4326 SSL_CTX_clear_options(ctx, methodVersions[i].option);
4327
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004328 if (flags & methodVersions[i].flag)
4329 options |= methodVersions[i].option;
William Lallemandd0712f32020-06-11 17:34:00 +02004330
4331 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004332#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004333 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004334 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4335 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004336#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004337
4338 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4339 options |= SSL_OP_NO_TICKET;
4340 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4341 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004342
4343#ifdef SSL_OP_NO_RENEGOTIATION
4344 options |= SSL_OP_NO_RENEGOTIATION;
4345#endif
4346
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004347 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004348
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05004349#ifdef SSL_MODE_ASYNC
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004350 if (global_ssl.async)
4351 mode |= SSL_MODE_ASYNC;
4352#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004353 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004354 if (global_ssl.life_time)
4355 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004356
4357#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4358#ifdef OPENSSL_IS_BORINGSSL
4359 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4360 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Ilya Shipitsine9ff8992020-01-19 12:20:14 +05004361#elif defined(SSL_OP_NO_ANTI_REPLAY)
Olivier Houchard545989f2019-12-17 15:39:54 +01004362 if (bind_conf->ssl_conf.early_data)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004363 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004364 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4365 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004366#else
4367 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004368#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004369 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004370#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004371 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004372}
4373
William Lallemand4f45bb92017-10-30 20:08:51 +01004374
4375static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4376{
4377 if (first == block) {
4378 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4379 if (first->len > 0)
4380 sh_ssl_sess_tree_delete(sh_ssl_sess);
4381 }
4382}
4383
4384/* return first block from sh_ssl_sess */
4385static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4386{
4387 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4388
4389}
4390
4391/* store a session into the cache
4392 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4393 * data: asn1 encoded session
4394 * data_len: asn1 encoded session length
4395 * Returns 1 id session was stored (else 0)
4396 */
4397static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4398{
4399 struct shared_block *first;
4400 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4401
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004402 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004403 if (!first) {
4404 /* Could not retrieve enough free blocks to store that session */
4405 return 0;
4406 }
4407
4408 /* STORE the key in the first elem */
4409 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4410 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4411 first->len = sizeof(struct sh_ssl_sess_hdr);
4412
4413 /* it returns the already existing node
4414 or current node if none, never returns null */
4415 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4416 if (oldsh_ssl_sess != sh_ssl_sess) {
4417 /* NOTE: Row couldn't be in use because we lock read & write function */
4418 /* release the reserved row */
4419 shctx_row_dec_hot(ssl_shctx, first);
4420 /* replace the previous session already in the tree */
4421 sh_ssl_sess = oldsh_ssl_sess;
4422 /* ignore the previous session data, only use the header */
4423 first = sh_ssl_sess_first_block(sh_ssl_sess);
4424 shctx_row_inc_hot(ssl_shctx, first);
4425 first->len = sizeof(struct sh_ssl_sess_hdr);
4426 }
4427
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004428 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004429 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004430 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004431 }
4432
4433 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004434
4435 return 1;
4436}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004437
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004438/* SSL callback used when a new session is created while connecting to a server */
4439static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4440{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004441 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004442 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004443
Willy Tarreau07d94e42018-09-20 10:57:52 +02004444 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004445
William Lallemand3ce6eed2021-02-08 10:43:44 +01004446 /* RWLOCK: only read lock the SSL cache even when writing in it because there is
4447 * one cache per thread, it only prevents to flush it from the CLI in
4448 * another thread */
4449
Olivier Houcharde6060c52017-11-16 17:42:52 +01004450 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4451 int len;
4452 unsigned char *ptr;
William Lallemande18d4e82021-11-17 02:59:21 +01004453 const char *sni;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004454
Olivier Houcharde6060c52017-11-16 17:42:52 +01004455 len = i2d_SSL_SESSION(sess, NULL);
William Lallemande18d4e82021-11-17 02:59:21 +01004456 sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
William Lallemand3ce6eed2021-02-08 10:43:44 +01004457 HA_RWLOCK_RDLOCK(SSL_SERVER_LOCK, &s->ssl_ctx.lock);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004458 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4459 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4460 } else {
Willy Tarreau3bda3f42021-02-26 21:05:08 +01004461 ptr = realloc(s->ssl_ctx.reused_sess[tid].ptr, len);
4462 s->ssl_ctx.reused_sess[tid].ptr = ptr;
Olivier Houcharde6060c52017-11-16 17:42:52 +01004463 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4464 }
4465 if (s->ssl_ctx.reused_sess[tid].ptr) {
4466 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4467 &ptr);
4468 }
William Lallemande18d4e82021-11-17 02:59:21 +01004469
4470 if (s->ssl_ctx.reused_sess[tid].sni) {
4471 /* if the new sni is empty or isn' t the same as the old one */
4472 if ((!sni) || strcmp(s->ssl_ctx.reused_sess[tid].sni, sni) != 0) {
4473 ha_free(&s->ssl_ctx.reused_sess[tid].sni);
4474 if (sni)
4475 s->ssl_ctx.reused_sess[tid].sni = strdup(sni);
4476 }
4477 } else if (sni) {
4478 /* if there wasn't an old sni but there is a new one */
4479 s->ssl_ctx.reused_sess[tid].sni = strdup(sni);
4480 }
William Lallemand3ce6eed2021-02-08 10:43:44 +01004481 HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &s->ssl_ctx.lock);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004482 } else {
William Lallemand3ce6eed2021-02-08 10:43:44 +01004483 HA_RWLOCK_RDLOCK(SSL_SERVER_LOCK, &s->ssl_ctx.lock);
Willy Tarreau61cfdf42021-02-20 10:46:51 +01004484 ha_free(&s->ssl_ctx.reused_sess[tid].ptr);
William Lallemand3ce6eed2021-02-08 10:43:44 +01004485 HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &s->ssl_ctx.lock);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004486 }
4487
4488 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004489}
4490
Olivier Houcharde6060c52017-11-16 17:42:52 +01004491
William Lallemanded0b5ad2017-10-30 19:36:36 +01004492/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004493int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004494{
4495 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4496 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4497 unsigned char *p;
4498 int data_len;
Emeric Bruneb469652019-10-08 18:27:37 +02004499 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004500 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004501
4502 /* Session id is already stored in to key and session id is known
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05004503 * so we don't store it to keep size.
Emeric Bruneb469652019-10-08 18:27:37 +02004504 * note: SSL_SESSION_set1_id is using
4505 * a memcpy so we need to use a different pointer
4506 * than sid_data or sid_ctx_data to avoid valgrind
4507 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004508 */
4509
4510 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Bruneb469652019-10-08 18:27:37 +02004511
4512 /* copy value in an other buffer */
4513 memcpy(encid, sid_data, sid_length);
4514
4515 /* pad with 0 */
4516 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4517 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4518
4519 /* force length to zero to avoid ASN1 encoding */
4520 SSL_SESSION_set1_id(sess, encid, 0);
4521
4522 /* force length to zero to avoid ASN1 encoding */
4523 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004524
4525 /* check if buffer is large enough for the ASN1 encoded session */
4526 data_len = i2d_SSL_SESSION(sess, NULL);
4527 if (data_len > SHSESS_MAX_DATA_LEN)
4528 goto err;
4529
4530 p = encsess;
4531
4532 /* process ASN1 session encoding before the lock */
4533 i2d_SSL_SESSION(sess, &p);
4534
William Lallemanded0b5ad2017-10-30 19:36:36 +01004535
William Lallemanda3c77cf2017-10-30 23:44:40 +01004536 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004537 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004538 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004539 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004540err:
4541 /* reset original length values */
Emeric Bruneb469652019-10-08 18:27:37 +02004542 SSL_SESSION_set1_id(sess, encid, sid_length);
4543 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004544
4545 return 0; /* do not increment session reference count */
4546}
4547
4548/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004549SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004550{
William Lallemand4f45bb92017-10-30 20:08:51 +01004551 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004552 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4553 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004554 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004555 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004556
Willy Tarreau4c19e992021-06-15 16:39:22 +02004557 _HA_ATOMIC_INC(&global.shctx_lookups);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004558
4559 /* allow the session to be freed automatically by openssl */
4560 *do_copy = 0;
4561
4562 /* tree key is zeros padded sessionid */
4563 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4564 memcpy(tmpkey, key, key_len);
4565 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4566 key = tmpkey;
4567 }
4568
4569 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004570 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004571
4572 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004573 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4574 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004575 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004576 shctx_unlock(ssl_shctx);
Willy Tarreau4c19e992021-06-15 16:39:22 +02004577 _HA_ATOMIC_INC(&global.shctx_misses);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004578 return NULL;
4579 }
4580
William Lallemand4f45bb92017-10-30 20:08:51 +01004581 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4582 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004583
William Lallemand4f45bb92017-10-30 20:08:51 +01004584 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004585
William Lallemanda3c77cf2017-10-30 23:44:40 +01004586 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004587
4588 /* decode ASN1 session */
4589 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004590 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004591 /* Reset session id and session id contenxt */
4592 if (sess) {
4593 SSL_SESSION_set1_id(sess, key, key_len);
4594 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4595 }
4596
4597 return sess;
4598}
4599
William Lallemand4f45bb92017-10-30 20:08:51 +01004600
William Lallemanded0b5ad2017-10-30 19:36:36 +01004601/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004602void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004603{
William Lallemand4f45bb92017-10-30 20:08:51 +01004604 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004605 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4606 unsigned int sid_length;
4607 const unsigned char *sid_data;
4608 (void)ctx;
4609
4610 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4611 /* tree key is zeros padded sessionid */
4612 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4613 memcpy(tmpkey, sid_data, sid_length);
4614 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4615 sid_data = tmpkey;
4616 }
4617
William Lallemanda3c77cf2017-10-30 23:44:40 +01004618 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004619
4620 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004621 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4622 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004623 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004624 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004625 }
4626
4627 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004628 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004629}
4630
4631/* Set session cache mode to server and disable openssl internal cache.
4632 * Set shared cache callbacks on an ssl context.
4633 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004634void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004635{
4636 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4637
4638 if (!ssl_shctx) {
4639 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4640 return;
4641 }
4642
4643 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4644 SSL_SESS_CACHE_NO_INTERNAL |
4645 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4646
4647 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004648 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4649 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4650 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004651}
William Lallemand7d42ef52020-07-06 11:41:30 +02004652
4653/*
4654 * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
4655 *
4656 * The format is:
4657 * * <Label> <space> <ClientRandom> <space> <Secret>
4658 * We only need to copy the secret as there is a sample fetch for the ClientRandom
4659 */
4660
William Lallemand722180a2021-06-09 16:46:12 +02004661#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +02004662void SSL_CTX_keylog(const SSL *ssl, const char *line)
4663{
4664 struct ssl_keylog *keylog;
4665 char *lastarg = NULL;
4666 char *dst = NULL;
4667
4668 keylog = SSL_get_ex_data(ssl, ssl_keylog_index);
4669 if (!keylog)
4670 return;
4671
4672 lastarg = strrchr(line, ' ');
4673 if (lastarg == NULL || ++lastarg == NULL)
4674 return;
4675
4676 dst = pool_alloc(pool_head_ssl_keylog_str);
4677 if (!dst)
4678 return;
4679
4680 strncpy(dst, lastarg, SSL_KEYLOG_MAX_SECRET_SIZE-1);
4681 dst[SSL_KEYLOG_MAX_SECRET_SIZE-1] = '\0';
4682
4683 if (strncmp(line, "CLIENT_RANDOM ", strlen("CLIENT RANDOM ")) == 0) {
4684 if (keylog->client_random)
4685 goto error;
4686 keylog->client_random = dst;
4687
4688 } else if (strncmp(line, "CLIENT_EARLY_TRAFFIC_SECRET ", strlen("CLIENT_EARLY_TRAFFIC_SECRET ")) == 0) {
4689 if (keylog->client_early_traffic_secret)
4690 goto error;
4691 keylog->client_early_traffic_secret = dst;
4692
4693 } else if (strncmp(line, "CLIENT_HANDSHAKE_TRAFFIC_SECRET ", strlen("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")) == 0) {
4694 if(keylog->client_handshake_traffic_secret)
4695 goto error;
4696 keylog->client_handshake_traffic_secret = dst;
4697
4698 } else if (strncmp(line, "SERVER_HANDSHAKE_TRAFFIC_SECRET ", strlen("SERVER_HANDSHAKE_TRAFFIC_SECRET ")) == 0) {
4699 if (keylog->server_handshake_traffic_secret)
4700 goto error;
4701 keylog->server_handshake_traffic_secret = dst;
4702
4703 } else if (strncmp(line, "CLIENT_TRAFFIC_SECRET_0 ", strlen("CLIENT_TRAFFIC_SECRET_0 ")) == 0) {
4704 if (keylog->client_traffic_secret_0)
4705 goto error;
4706 keylog->client_traffic_secret_0 = dst;
4707
4708 } else if (strncmp(line, "SERVER_TRAFFIC_SECRET_0 ", strlen("SERVER_TRAFFIC_SECRET_0 ")) == 0) {
4709 if (keylog->server_traffic_secret_0)
4710 goto error;
4711 keylog->server_traffic_secret_0 = dst;
4712
4713 } else if (strncmp(line, "EARLY_EXPORTER_SECRET ", strlen("EARLY_EXPORTER_SECRET ")) == 0) {
4714 if (keylog->early_exporter_secret)
4715 goto error;
4716 keylog->early_exporter_secret = dst;
4717
4718 } else if (strncmp(line, "EXPORTER_SECRET ", strlen("EXPORTER_SECRET ")) == 0) {
4719 if (keylog->exporter_secret)
4720 goto error;
4721 keylog->exporter_secret = dst;
4722 } else {
4723 goto error;
4724 }
4725
4726 return;
4727
4728error:
4729 pool_free(pool_head_ssl_keylog_str, dst);
4730
4731 return;
4732}
4733#endif
William Lallemanded0b5ad2017-10-30 19:36:36 +01004734
William Lallemand8b453912019-11-21 15:48:10 +01004735/*
4736 * This function applies the SSL configuration on a SSL_CTX
4737 * It returns an error code and fills the <err> buffer
4738 */
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01004739static int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx, char **err)
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004740{
4741 struct proxy *curproxy = bind_conf->frontend;
4742 int cfgerr = 0;
4743 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004744 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004745 const char *conf_ciphers;
Ilya Shipitsinf34ed0b2020-11-21 14:37:34 +05004746#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004747 const char *conf_ciphersuites;
4748#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004749 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004750
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004751 if (ssl_conf) {
4752 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4753 int i, min, max;
4754 int flags = MC_SSL_O_ALL;
4755
4756 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004757 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4758 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004759 if (min)
4760 flags |= (methodVersions[min].flag - 1);
4761 if (max)
4762 flags |= ~((methodVersions[max].flag << 1) - 1);
4763 min = max = CONF_TLSV_NONE;
4764 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4765 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4766 if (min)
4767 max = i;
4768 else
4769 min = max = i;
4770 }
4771 /* save real min/max */
4772 conf_ssl_methods->min = min;
4773 conf_ssl_methods->max = max;
4774 if (!min) {
Tim Duesterhus93128532019-11-23 23:45:10 +01004775 memprintf(err, "%sProxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4776 err && *err ? *err : "", bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004777 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004778 }
4779 }
4780
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004781 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004782 case SSL_SOCK_VERIFY_NONE:
4783 verify = SSL_VERIFY_NONE;
4784 break;
4785 case SSL_SOCK_VERIFY_OPTIONAL:
4786 verify = SSL_VERIFY_PEER;
4787 break;
4788 case SSL_SOCK_VERIFY_REQUIRED:
4789 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4790 break;
4791 }
4792 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4793 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004794 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
Emmanuel Hocdet842e94e2019-12-16 16:39:17 +01004795 char *ca_verify_file = (ssl_conf && ssl_conf->ca_verify_file) ? ssl_conf->ca_verify_file : bind_conf->ssl_conf.ca_verify_file;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004796 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
Emmanuel Hocdet842e94e2019-12-16 16:39:17 +01004797 if (ca_file || ca_verify_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02004798 /* set CAfile to verify */
Emmanuel Hocdet842e94e2019-12-16 16:39:17 +01004799 if (ca_file && !ssl_set_verify_locations_file(ctx, ca_file)) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02004800 memprintf(err, "%sProxy '%s': unable to set CA file '%s' for bind '%s' at [%s:%d].\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01004801 err && *err ? *err : "", curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004802 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02004803 }
Emmanuel Hocdet842e94e2019-12-16 16:39:17 +01004804 if (ca_verify_file && !ssl_set_verify_locations_file(ctx, ca_verify_file)) {
4805 memprintf(err, "%sProxy '%s': unable to set CA-no-names file '%s' for bind '%s' at [%s:%d].\n",
4806 err && *err ? *err : "", curproxy->id, ca_verify_file, bind_conf->arg, bind_conf->file, bind_conf->line);
4807 cfgerr |= ERR_ALERT | ERR_FATAL;
4808 }
4809 if (ca_file && !((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004810 /* set CA names for client cert request, function returns void */
Emmanuel Hocdet129d3282019-10-24 18:08:51 +02004811 SSL_CTX_set_client_CA_list(ctx, SSL_dup_CA_list(ssl_get_client_ca_file(ca_file)));
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004812 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004813 }
Emeric Brun850efd52014-01-29 12:24:34 +01004814 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01004815 memprintf(err, "%sProxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4816 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004817 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun850efd52014-01-29 12:24:34 +01004818 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004819#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004820 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004821 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4822
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01004823 if (!ssl_set_cert_crl_file(store, crl_file)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01004824 memprintf(err, "%sProxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4825 err && *err ? *err : "", curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004826 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02004827 }
Emeric Brun561e5742012-10-02 15:20:55 +02004828 else {
4829 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4830 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004831 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004832#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004833 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004834 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004835#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004836 if(bind_conf->keys_ref) {
Remi Tricot-Le Breton8ea1f5f2022-02-08 17:45:58 +01004837 if (!SSL_CTX_set_tlsext_ticket_key_evp_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01004838 memprintf(err, "%sProxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4839 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004840 cfgerr |= ERR_ALERT | ERR_FATAL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004841 }
4842 }
4843#endif
4844
William Lallemand4f45bb92017-10-30 20:08:51 +01004845 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004846 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4847 if (conf_ciphers &&
4848 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01004849 memprintf(err, "%sProxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4850 err && *err ? *err : "", curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004851 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004852 }
4853
Ilya Shipitsinf34ed0b2020-11-21 14:37:34 +05004854#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004855 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4856 if (conf_ciphersuites &&
4857 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01004858 memprintf(err, "%sProxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4859 err && *err ? *err : "", curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004860 cfgerr |= ERR_ALERT | ERR_FATAL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004861 }
4862#endif
4863
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004864#ifndef OPENSSL_NO_DH
Remi Tricot-Le Breton1d6338e2022-04-12 11:31:55 +02004865 if (!local_dh_1024)
4866 local_dh_1024 = ssl_get_dh_1024();
4867 if (!local_dh_2048)
4868 local_dh_2048 = ssl_get_dh_2048();
4869 if (!local_dh_4096)
4870 local_dh_4096 = ssl_get_dh_4096();
Remi Gacogne8de54152014-07-15 11:36:40 +02004871#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004872
Emeric Brunfc0421f2012-09-07 17:30:07 +02004873 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Ilya Shipitsin7ff77472021-02-08 16:55:06 +05004874#ifdef SSL_CTRL_SET_MSG_CALLBACK
Emeric Brun29f037d2014-04-25 19:05:36 +02004875 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004876#endif
William Lallemand722180a2021-06-09 16:46:12 +02004877#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +02004878 SSL_CTX_set_keylog_callback(ctx, SSL_CTX_keylog);
4879#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004880
Bernard Spil13c53f82018-02-15 13:34:58 +01004881#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004882 ssl_conf_cur = NULL;
4883 if (ssl_conf && ssl_conf->npn_str)
4884 ssl_conf_cur = ssl_conf;
4885 else if (bind_conf->ssl_conf.npn_str)
4886 ssl_conf_cur = &bind_conf->ssl_conf;
4887 if (ssl_conf_cur)
4888 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004889#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004890#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004891 ssl_conf_cur = NULL;
4892 if (ssl_conf && ssl_conf->alpn_str)
4893 ssl_conf_cur = ssl_conf;
4894 else if (bind_conf->ssl_conf.alpn_str)
4895 ssl_conf_cur = &bind_conf->ssl_conf;
4896 if (ssl_conf_cur)
4897 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004898#endif
Ilya Shipitsin0aa8c292020-11-04 00:39:07 +05004899#if defined(SSL_CTX_set1_curves_list)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004900 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4901 if (conf_curves) {
4902 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01004903 memprintf(err, "%sProxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4904 err && *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004905 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004906 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004907 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004908 }
Remi Tricot-Le Bretonff4c3c42022-02-08 17:45:54 +01004909#endif /* defined(SSL_CTX_set1_curves_list) */
4910
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004911 if (!conf_curves) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004912#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Remi Tricot-Le Bretonff4c3c42022-02-08 17:45:54 +01004913#if defined(SSL_CTX_set1_curves_list)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004914 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004915 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4916 NULL);
4917
Remi Tricot-Le Bretonff4c3c42022-02-08 17:45:54 +01004918 if (ecdhe && SSL_CTX_set1_curves_list(ctx, ecdhe) == 0) {
4919 memprintf(err, "%sProxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4920 err && *err ? *err : "", curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
4921 cfgerr |= ERR_ALERT | ERR_FATAL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004922 }
Remi Tricot-Le Bretonff4c3c42022-02-08 17:45:54 +01004923#endif /* defined(SSL_CTX_set1_curves_list) */
Olivier Houchardc2aae742017-09-22 18:26:28 +02004924#else
Remi Tricot-Le Bretonff4c3c42022-02-08 17:45:54 +01004925#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
4926 int i;
4927 EC_KEY *ecdh;
4928
Olivier Houchardc2aae742017-09-22 18:26:28 +02004929 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4930 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4931 ECDHE_DEFAULT_CURVE);
Emeric Brun2b58d042012-09-20 17:10:03 +02004932
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004933 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004934 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01004935 memprintf(err, "%sProxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
Remi Tricot-Le Bretonff4c3c42022-02-08 17:45:54 +01004936 err && *err ? *err : "", curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004937 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun2b58d042012-09-20 17:10:03 +02004938 }
4939 else {
4940 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4941 EC_KEY_free(ecdh);
4942 }
Remi Tricot-Le Bretonff4c3c42022-02-08 17:45:54 +01004943#endif /* defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH) */
4944#endif /* HA_OPENSSL_VERSION_NUMBER >= 0x10101000L */
Emeric Brun2b58d042012-09-20 17:10:03 +02004945 }
Emeric Brun2b58d042012-09-20 17:10:03 +02004946
Emeric Brunfc0421f2012-09-07 17:30:07 +02004947 return cfgerr;
4948}
4949
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01004950
4951/*
4952 * Prepare the SSL_CTX based on the bind line configuration.
4953 * Since the CA file loading is made depending on the verify option of the bind
4954 * line, the link between the SSL_CTX and the CA file tree entry is made here.
4955 * If we want to create a link between the CA file entry and the corresponding
4956 * ckch instance (for CA file hot update), it needs to be done after
4957 * ssl_sock_prepare_ctx.
4958 * Returns 0 in case of success.
4959 */
4960int ssl_sock_prep_ctx_and_inst(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4961 SSL_CTX *ctx, struct ckch_inst *ckch_inst, char **err)
4962{
4963 int errcode = 0;
4964
4965 errcode |= ssl_sock_prepare_ctx(bind_conf, ssl_conf, ctx, err);
4966 if (!errcode && ckch_inst)
4967 ckch_inst_add_cafile_link(ckch_inst, bind_conf, ssl_conf, NULL);
4968
4969 return errcode;
4970}
4971
Evan Broderbe554312013-06-27 00:05:25 -07004972static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4973{
4974 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4975 size_t prefixlen, suffixlen;
4976
4977 /* Trivial case */
William Lallemand2d6fd0a2020-09-14 15:20:10 +02004978 if (strcasecmp(pattern, hostname) == 0)
Evan Broderbe554312013-06-27 00:05:25 -07004979 return 1;
4980
Evan Broderbe554312013-06-27 00:05:25 -07004981 /* The rest of this logic is based on RFC 6125, section 6.4.3
4982 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4983
Emeric Bruna848dae2013-10-08 11:27:28 +02004984 pattern_wildcard = NULL;
4985 pattern_left_label_end = pattern;
4986 while (*pattern_left_label_end != '.') {
4987 switch (*pattern_left_label_end) {
4988 case 0:
4989 /* End of label not found */
4990 return 0;
4991 case '*':
4992 /* If there is more than one wildcards */
4993 if (pattern_wildcard)
4994 return 0;
4995 pattern_wildcard = pattern_left_label_end;
4996 break;
4997 }
4998 pattern_left_label_end++;
4999 }
5000
5001 /* If it's not trivial and there is no wildcard, it can't
5002 * match */
5003 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07005004 return 0;
5005
5006 /* Make sure all labels match except the leftmost */
5007 hostname_left_label_end = strchr(hostname, '.');
5008 if (!hostname_left_label_end
William Lallemand2d6fd0a2020-09-14 15:20:10 +02005009 || strcasecmp(pattern_left_label_end, hostname_left_label_end) != 0)
Evan Broderbe554312013-06-27 00:05:25 -07005010 return 0;
5011
5012 /* Make sure the leftmost label of the hostname is long enough
5013 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02005014 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07005015 return 0;
5016
5017 /* Finally compare the string on either side of the
5018 * wildcard */
5019 prefixlen = pattern_wildcard - pattern;
5020 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
William Lallemand2d6fd0a2020-09-14 15:20:10 +02005021 if ((prefixlen && (strncasecmp(pattern, hostname, prefixlen) != 0))
5022 || (suffixlen && (strncasecmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07005023 return 0;
5024
5025 return 1;
5026}
5027
5028static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
5029{
5030 SSL *ssl;
5031 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005032 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005033 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02005034 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07005035
5036 int depth;
5037 X509 *cert;
5038 STACK_OF(GENERAL_NAME) *alt_names;
5039 int i;
5040 X509_NAME *cert_subject;
5041 char *str;
5042
5043 if (ok == 0)
5044 return ok;
5045
5046 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005047 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreau3a0a0d62022-04-12 07:31:06 +02005048 ssl_ctx = __conn_get_ssl_sock_ctx(conn);
Evan Broderbe554312013-06-27 00:05:25 -07005049
Willy Tarreauad92a9a2017-07-28 11:38:41 +02005050 /* We're checking if the provided hostnames match the desired one. The
5051 * desired hostname comes from the SNI we presented if any, or if not
5052 * provided then it may have been explicitly stated using a "verifyhost"
5053 * directive. If neither is set, we don't care about the name so the
5054 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02005055 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005056 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02005057 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005058 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02005059 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005060 if (!servername)
5061 return ok;
5062 }
Evan Broderbe554312013-06-27 00:05:25 -07005063
5064 /* We only need to verify the CN on the actual server cert,
5065 * not the indirect CAs */
5066 depth = X509_STORE_CTX_get_error_depth(ctx);
5067 if (depth != 0)
5068 return ok;
5069
5070 /* At this point, the cert is *not* OK unless we can find a
5071 * hostname match */
5072 ok = 0;
5073
5074 cert = X509_STORE_CTX_get_current_cert(ctx);
5075 /* It seems like this might happen if verify peer isn't set */
5076 if (!cert)
5077 return ok;
5078
5079 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
5080 if (alt_names) {
5081 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
5082 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
5083 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005084#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02005085 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
5086#else
Evan Broderbe554312013-06-27 00:05:25 -07005087 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02005088#endif
Evan Broderbe554312013-06-27 00:05:25 -07005089 ok = ssl_sock_srv_hostcheck(str, servername);
5090 OPENSSL_free(str);
5091 }
5092 }
5093 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02005094 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07005095 }
5096
5097 cert_subject = X509_get_subject_name(cert);
5098 i = -1;
5099 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
5100 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005101 ASN1_STRING *value;
5102 value = X509_NAME_ENTRY_get_data(entry);
5103 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07005104 ok = ssl_sock_srv_hostcheck(str, servername);
5105 OPENSSL_free(str);
5106 }
5107 }
5108
Willy Tarreau71d058c2017-07-26 20:09:56 +02005109 /* report the mismatch and indicate if SNI was used or not */
5110 if (!ok && !conn->err_code)
5111 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07005112 return ok;
5113}
5114
Emeric Brun94324a42012-10-11 14:00:19 +02005115/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01005116int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02005117{
5118 int cfgerr = 0;
William Lallemand2c776f12021-12-28 18:47:17 +01005119 SSL_CTX *ctx;
Willy Tarreaufce03112015-01-15 21:32:40 +01005120 /* Automatic memory computations need to know we use SSL there */
5121 global.ssl_used_backend = 1;
5122
5123 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005124 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005125 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005126 ha_alert("out of memory.\n");
Emeric Brun821bb9b2017-06-15 16:37:39 +02005127 cfgerr++;
5128 return cfgerr;
5129 }
5130 }
Christopher Fauletf61f33a2020-03-27 18:55:49 +01005131 if (srv->use_ssl == 1)
Emeric Brun94324a42012-10-11 14:00:19 +02005132 srv->xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02005133
William Lallemand2c776f12021-12-28 18:47:17 +01005134 if (srv->ssl_ctx.client_crt) {
5135 const int create_if_none = srv->flags & SRV_F_DYNAMIC ? 0 : 1;
5136 char *err = NULL;
5137 int err_code = 0;
5138
5139 /* If there is a crt keyword there, the SSL_CTX will be created here. */
5140 err_code = ssl_sock_load_srv_cert(srv->ssl_ctx.client_crt, srv, create_if_none, &err);
5141 if (err_code != ERR_NONE) {
5142 if ((err_code & ERR_WARN) && !(err_code & ERR_ALERT))
5143 ha_warning("%s", err);
5144 else
5145 ha_alert("%s", err);
5146
5147 if (err_code & (ERR_FATAL|ERR_ABORT))
5148 cfgerr++;
5149 }
5150 ha_free(&err);
5151 }
5152
5153 ctx = srv->ssl_ctx.ctx;
5154
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01005155 /* The context will be uninitialized if there wasn't any "cert" option
5156 * in the server line. */
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005157 if (!ctx) {
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01005158 ctx = SSL_CTX_new(SSLv23_client_method());
5159 if (!ctx) {
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005160 ha_alert("unable to allocate ssl context.\n");
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01005161 cfgerr++;
5162 return cfgerr;
5163 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005164
Remi Tricot-Le Bretond817dc72021-01-25 17:19:43 +01005165 srv->ssl_ctx.ctx = ctx;
5166 }
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005167
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01005168 cfgerr += ssl_sock_prep_srv_ctx_and_inst(srv, srv->ssl_ctx.ctx, srv->ssl_ctx.inst);
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005169
5170 return cfgerr;
5171}
5172
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005173/* Initialize an SSL context that will be used on the backend side.
5174 * Returns an error count.
5175 */
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01005176static int ssl_sock_prepare_srv_ssl_ctx(const struct server *srv, SSL_CTX *ctx)
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005177{
5178 struct proxy *curproxy = srv->proxy;
5179 int cfgerr = 0;
5180 long options =
5181 SSL_OP_ALL | /* all known workarounds for bugs */
5182 SSL_OP_NO_SSLv2 |
5183 SSL_OP_NO_COMPRESSION;
5184 long mode =
5185 SSL_MODE_ENABLE_PARTIAL_WRITE |
5186 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
5187 SSL_MODE_RELEASE_BUFFERS |
5188 SSL_MODE_SMALL_BUFFERS;
5189 int verify = SSL_VERIFY_NONE;
5190 const struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
5191 int i, min, max, hole;
5192 int flags = MC_SSL_O_ALL;
5193
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005194 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005195 ha_warning("no-sslv3/no-tlsv1x are ignored for this server. "
5196 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n");
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005197 else
5198 flags = conf_ssl_methods->flags;
5199
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005200 /* Real min and max should be determinate with configuration and openssl's capabilities */
5201 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005202 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005203 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005204 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005205
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005206 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005207 min = max = CONF_TLSV_NONE;
5208 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005209 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005210 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005211 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005212 if (min) {
5213 if (hole) {
Amaury Denoyelle11124302021-06-04 18:22:08 +02005214 ha_warning("%s '%s': SSL/TLS versions range not contiguous for server '%s'. "
Christopher Faulet767a84b2017-11-24 16:50:31 +01005215 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5216 proxy_type_str(curproxy), curproxy->id, srv->id,
5217 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005218 hole = 0;
5219 }
5220 max = i;
5221 }
5222 else {
5223 min = max = i;
5224 }
5225 }
5226 else {
5227 if (min)
5228 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005229 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005230 if (!min) {
Amaury Denoyelle11124302021-06-04 18:22:08 +02005231 ha_alert("%s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
Christopher Faulet767a84b2017-11-24 16:50:31 +01005232 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005233 cfgerr += 1;
5234 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005235
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005236#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005237 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08005238 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005239 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005240 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005241 else
5242 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
5243 if (flags & methodVersions[i].flag)
5244 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005245#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005246 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005247 methodVersions[min].ctx_set_version(ctx, SET_MIN);
5248 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005249#endif
5250
5251 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
5252 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005253 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005254
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05005255#ifdef SSL_MODE_ASYNC
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005256 if (global_ssl.async)
5257 mode |= SSL_MODE_ASYNC;
5258#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005259 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005260
Emeric Brun850efd52014-01-29 12:24:34 +01005261 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
5262 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01005263 switch (srv->ssl_ctx.verify) {
5264 case SSL_SOCK_VERIFY_NONE:
5265 verify = SSL_VERIFY_NONE;
5266 break;
5267 case SSL_SOCK_VERIFY_REQUIRED:
5268 verify = SSL_VERIFY_PEER;
5269 break;
5270 }
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005271 SSL_CTX_set_verify(ctx, verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02005272 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01005273 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02005274 if (srv->ssl_ctx.ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005275 /* set CAfile to verify */
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005276 if (!ssl_set_verify_locations_file(ctx, srv->ssl_ctx.ca_file)) {
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005277 ha_alert("unable to set CA file '%s'.\n",
5278 srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005279 cfgerr++;
5280 }
5281 }
Emeric Brun850efd52014-01-29 12:24:34 +01005282 else {
5283 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005284 ha_alert("verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n");
Emeric Brun850efd52014-01-29 12:24:34 +01005285 else
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005286 ha_alert("verify is enabled but no CA file specified.\n");
Emeric Brun850efd52014-01-29 12:24:34 +01005287 cfgerr++;
5288 }
Emeric Brunef42d922012-10-11 16:11:36 +02005289#ifdef X509_V_FLAG_CRL_CHECK
5290 if (srv->ssl_ctx.crl_file) {
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005291 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
Emeric Brunef42d922012-10-11 16:11:36 +02005292
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005293 if (!ssl_set_cert_crl_file(store, srv->ssl_ctx.crl_file)) {
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005294 ha_alert("unable to configure CRL file '%s'.\n",
5295 srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005296 cfgerr++;
5297 }
5298 else {
5299 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5300 }
5301 }
5302#endif
5303 }
5304
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005305 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE);
5306 SSL_CTX_sess_set_new_cb(ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02005307 if (srv->ssl_ctx.ciphers &&
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005308 !SSL_CTX_set_cipher_list(ctx, srv->ssl_ctx.ciphers)) {
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005309 ha_alert("unable to set SSL cipher list to '%s'.\n",
5310 srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02005311 cfgerr++;
5312 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005313
Ilya Shipitsinf34ed0b2020-11-21 14:37:34 +05005314#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005315 if (srv->ssl_ctx.ciphersuites &&
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005316 !SSL_CTX_set_ciphersuites(ctx, srv->ssl_ctx.ciphersuites)) {
Amaury Denoyellee74cbc32021-05-28 10:34:01 +02005317 ha_alert("unable to set TLS 1.3 cipher suites to '%s'.\n",
5318 srv->ssl_ctx.ciphersuites);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005319 cfgerr++;
5320 }
5321#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01005322#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
5323 if (srv->ssl_ctx.npn_str)
Remi Tricot-Le Breton442b7f22021-01-25 17:19:41 +01005324 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, (struct server*)srv);
Olivier Houchardc7566002018-11-20 23:33:50 +01005325#endif
5326#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5327 if (srv->ssl_ctx.alpn_str)
5328 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
5329#endif
5330
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01005331
5332 return cfgerr;
5333}
5334
5335/*
5336 * Prepare the frontend's SSL_CTX based on the server line configuration.
5337 * Since the CA file loading is made depending on the verify option of the
5338 * server line, the link between the SSL_CTX and the CA file tree entry is
5339 * made here.
5340 * If we want to create a link between the CA file entry and the corresponding
5341 * ckch instance (for CA file hot update), it needs to be done after
5342 * ssl_sock_prepare_srv_ssl_ctx.
5343 * Returns an error count.
5344 */
5345int ssl_sock_prep_srv_ctx_and_inst(const struct server *srv, SSL_CTX *ctx,
5346 struct ckch_inst *ckch_inst)
5347{
5348 int cfgerr = 0;
5349
5350 cfgerr += ssl_sock_prepare_srv_ssl_ctx(srv, ctx);
5351 if (!cfgerr && ckch_inst)
5352 ckch_inst_add_cafile_link(ckch_inst, NULL, NULL, srv);
Emeric Brun94324a42012-10-11 14:00:19 +02005353
5354 return cfgerr;
5355}
5356
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01005357
Frédéric Lécailleec216522020-11-23 14:33:30 +01005358/*
5359 * Create an initial CTX used to start the SSL connections.
5360 * May be used by QUIC xprt which makes usage of SSL sessions initialized from SSL_CTXs.
5361 * Returns 0 if succeeded, or something >0 if not.
5362 */
5363#ifdef USE_QUIC
5364static int ssl_initial_ctx(struct bind_conf *bind_conf)
5365{
5366 if (bind_conf->xprt == xprt_get(XPRT_QUIC))
5367 return ssl_quic_initial_ctx(bind_conf);
5368 else
5369 return ssl_sock_initial_ctx(bind_conf);
5370}
5371#else
5372static int ssl_initial_ctx(struct bind_conf *bind_conf)
5373{
5374 return ssl_sock_initial_ctx(bind_conf);
5375}
5376#endif
5377
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005378/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005379 * be NULL, in which case nothing is done. Returns the number of errors
5380 * encountered.
5381 */
Willy Tarreau03209342016-12-22 17:08:28 +01005382int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005383{
5384 struct ebmb_node *node;
5385 struct sni_ctx *sni;
5386 int err = 0;
William Lallemand8b453912019-11-21 15:48:10 +01005387 int errcode = 0;
5388 char *errmsg = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005389
Willy Tarreaufce03112015-01-15 21:32:40 +01005390 /* Automatic memory computations need to know we use SSL there */
5391 global.ssl_used_frontend = 1;
5392
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005393 /* Create initial_ctx used to start the ssl connection before do switchctx */
5394 if (!bind_conf->initial_ctx) {
Frédéric Lécailleec216522020-11-23 14:33:30 +01005395 err += ssl_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005396 /* It should not be necessary to call this function, but it's
5397 necessary first to check and move all initialisation related
Frédéric Lécailleec216522020-11-23 14:33:30 +01005398 to initial_ctx in ssl_initial_ctx. */
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01005399 errcode |= ssl_sock_prep_ctx_and_inst(bind_conf, NULL, bind_conf->initial_ctx, NULL, &errmsg);
5400 }
5401 if (bind_conf->default_ctx) {
Remi Tricot-Le Breton40ddea82021-04-13 16:07:29 +02005402 errcode |= ssl_sock_prep_ctx_and_inst(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx, bind_conf->default_inst, &errmsg);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005403 }
Emeric Brun0bed9942014-10-30 19:25:24 +01005404
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005405 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005406 while (node) {
5407 sni = ebmb_entry(node, struct sni_ctx, name);
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01005408 if (!sni->order && sni->ctx != bind_conf->default_ctx) {
Emeric Brun0bed9942014-10-30 19:25:24 +01005409 /* only initialize the CTX on its first occurrence and
5410 if it is not the default_ctx */
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01005411 errcode |= ssl_sock_prep_ctx_and_inst(bind_conf, sni->conf, sni->ctx, sni->ckch_inst, &errmsg);
5412 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005413 node = ebmb_next(node);
5414 }
5415
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005416 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005417 while (node) {
5418 sni = ebmb_entry(node, struct sni_ctx, name);
William Lallemand8b453912019-11-21 15:48:10 +01005419 if (!sni->order && sni->ctx != bind_conf->default_ctx) {
Emeric Brun0bed9942014-10-30 19:25:24 +01005420 /* only initialize the CTX on its first occurrence and
5421 if it is not the default_ctx */
Remi Tricot-Le Breton4458b972021-02-19 17:41:55 +01005422 errcode |= ssl_sock_prep_ctx_and_inst(bind_conf, sni->conf, sni->ctx, sni->ckch_inst, &errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005423 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005424 node = ebmb_next(node);
5425 }
William Lallemand8b453912019-11-21 15:48:10 +01005426
5427 if (errcode & ERR_WARN) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005428 ha_warning("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005429 } else if (errcode & ERR_CODE) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005430 ha_alert("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005431 err++;
5432 }
5433
5434 free(errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005435 return err;
5436}
5437
Willy Tarreau55d37912016-12-21 23:38:39 +01005438/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5439 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5440 * alerts are directly emitted since the rest of the stack does it below.
5441 */
5442int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5443{
5444 struct proxy *px = bind_conf->frontend;
5445 int alloc_ctx;
5446 int err;
5447
Willy Tarreau11ba4042022-05-20 15:56:32 +02005448 if (!(bind_conf->options & BC_O_USE_SSL)) {
Willy Tarreau55d37912016-12-21 23:38:39 +01005449 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005450 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5451 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005452 }
5453 return 0;
5454 }
5455 if (!bind_conf->default_ctx) {
Willy Tarreau1ea6e6a2022-05-20 16:03:18 +02005456 if (bind_conf->strict_sni && !(bind_conf->options & BC_O_GENERATE_CERTS)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005457 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5458 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005459 }
5460 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005461 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5462 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005463 return -1;
5464 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005465 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005466 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005467 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005468 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
Willy Tarreau91358592021-06-15 08:08:04 +02005469 sizeof(*sh_ssl_sess_tree), (global.nbthread > 1));
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005470 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005471 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5472 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5473 else
5474 ha_alert("Unable to allocate SSL session cache.\n");
5475 return -1;
5476 }
5477 /* free block callback */
5478 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5479 /* init the root tree within the extra space */
5480 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5481 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005482 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005483 err = 0;
5484 /* initialize all certificate contexts */
5485 err += ssl_sock_prepare_all_ctx(bind_conf);
5486
5487 /* initialize CA variables if the certificates generation is enabled */
5488 err += ssl_sock_load_ca(bind_conf);
5489
5490 return -err;
5491}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005492
William Lallemand231610a2021-12-30 11:25:43 +01005493/* release ssl context allocated for servers. Most of the field free here
5494 * must also be allocated in srv_ssl_settings_cpy() */
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005495void ssl_sock_free_srv_ctx(struct server *srv)
5496{
Olivier Houchardc7566002018-11-20 23:33:50 +01005497#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
William Lallemand231610a2021-12-30 11:25:43 +01005498 ha_free(&srv->ssl_ctx.alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01005499#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005500#ifdef OPENSSL_NPN_NEGOTIATED
William Lallemand231610a2021-12-30 11:25:43 +01005501 ha_free(&srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005502#endif
Christopher Faulet58feb492020-10-07 13:20:23 +02005503 if (srv->ssl_ctx.reused_sess) {
5504 int i;
5505
William Lallemande18d4e82021-11-17 02:59:21 +01005506 for (i = 0; i < global.nbthread; i++) {
Willy Tarreaue709e822021-02-26 21:06:32 +01005507 ha_free(&srv->ssl_ctx.reused_sess[i].ptr);
William Lallemande18d4e82021-11-17 02:59:21 +01005508 ha_free(&srv->ssl_ctx.reused_sess[i].sni);
5509 }
Willy Tarreaue709e822021-02-26 21:06:32 +01005510 ha_free(&srv->ssl_ctx.reused_sess);
Christopher Faulet58feb492020-10-07 13:20:23 +02005511 }
5512
Willy Tarreaue709e822021-02-26 21:06:32 +01005513 if (srv->ssl_ctx.ctx) {
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005514 SSL_CTX_free(srv->ssl_ctx.ctx);
Willy Tarreaue709e822021-02-26 21:06:32 +01005515 srv->ssl_ctx.ctx = NULL;
5516 }
William Lallemand231610a2021-12-30 11:25:43 +01005517
5518 ha_free(&srv->ssl_ctx.ca_file);
5519 ha_free(&srv->ssl_ctx.crl_file);
5520 ha_free(&srv->ssl_ctx.client_crt);
5521 ha_free(&srv->ssl_ctx.verify_host);
5522#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5523 ha_free(&srv->sni_expr);
William Lallemand43c2ce42022-03-16 17:48:19 +01005524 release_sample_expr(srv->ssl_ctx.sni);
5525 srv->ssl_ctx.sni = NULL;
William Lallemand231610a2021-12-30 11:25:43 +01005526#endif
5527 ha_free(&srv->ssl_ctx.ciphers);
5528#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
5529 ha_free(&srv->ssl_ctx.ciphersuites);
5530#endif
William Lallemande69563f2021-12-30 14:45:19 +01005531 /* If there is a certificate we must unlink the ckch instance */
5532 ckch_inst_free(srv->ssl_ctx.inst);
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005533}
5534
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005535/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005536 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5537 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005538void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005539{
5540 struct ebmb_node *node, *back;
5541 struct sni_ctx *sni;
5542
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005543 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005544 while (node) {
5545 sni = ebmb_entry(node, struct sni_ctx, name);
5546 back = ebmb_next(node);
5547 ebmb_delete(node);
William Lallemand02e19a52020-04-08 16:11:26 +02005548 SSL_CTX_free(sni->ctx);
Willy Tarreau2b718102021-04-21 07:32:39 +02005549 LIST_DELETE(&sni->by_ckch_inst);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005550 free(sni);
5551 node = back;
5552 }
5553
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005554 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005555 while (node) {
5556 sni = ebmb_entry(node, struct sni_ctx, name);
5557 back = ebmb_next(node);
5558 ebmb_delete(node);
William Lallemand02e19a52020-04-08 16:11:26 +02005559 SSL_CTX_free(sni->ctx);
Willy Tarreau2b718102021-04-21 07:32:39 +02005560 LIST_DELETE(&sni->by_ckch_inst);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005561 free(sni);
5562 node = back;
5563 }
William Lallemandb2408692020-06-24 09:54:29 +02005564
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005565 SSL_CTX_free(bind_conf->initial_ctx);
5566 bind_conf->initial_ctx = NULL;
William Lallemand02e19a52020-04-08 16:11:26 +02005567 SSL_CTX_free(bind_conf->default_ctx);
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005568 bind_conf->default_ctx = NULL;
Remi Tricot-Le Breton40ddea82021-04-13 16:07:29 +02005569 bind_conf->default_inst = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005570 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005571}
William Lallemandb2408692020-06-24 09:54:29 +02005572
5573
5574void ssl_sock_deinit()
5575{
5576 crtlist_deinit(); /* must be free'd before the ckchs */
5577 ckch_deinit();
5578}
5579REGISTER_POST_DEINIT(ssl_sock_deinit);
Emeric Brune1f38db2012-09-03 20:36:47 +02005580
Willy Tarreau795cdab2016-12-22 17:30:54 +01005581/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5582void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5583{
5584 ssl_sock_free_ca(bind_conf);
5585 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005586 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005587 free(bind_conf->ca_sign_file);
5588 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005589 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005590 free(bind_conf->keys_ref->filename);
5591 free(bind_conf->keys_ref->tlskeys);
Willy Tarreau2b718102021-04-21 07:32:39 +02005592 LIST_DELETE(&bind_conf->keys_ref->list);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005593 free(bind_conf->keys_ref);
5594 }
5595 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005596 bind_conf->ca_sign_pass = NULL;
5597 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005598}
5599
Christopher Faulet31af49d2015-06-09 17:29:50 +02005600/* Load CA cert file and private key used to generate certificates */
5601int
Willy Tarreau03209342016-12-22 17:08:28 +01005602ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005603{
Willy Tarreau03209342016-12-22 17:08:28 +01005604 struct proxy *px = bind_conf->frontend;
Shimi Gersner5846c492020-08-23 13:58:12 +03005605 struct cert_key_and_chain *ckch = NULL;
5606 int ret = 0;
5607 char *err = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005608
Willy Tarreau1ea6e6a2022-05-20 16:03:18 +02005609 if (!(bind_conf->options & BC_O_GENERATE_CERTS))
Shimi Gersner5846c492020-08-23 13:58:12 +03005610 return ret;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005611
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005612#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005613 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005614 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005615 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005616 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005617 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005618#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005619
Christopher Faulet31af49d2015-06-09 17:29:50 +02005620 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005621 ha_alert("Proxy '%s': cannot enable certificate generation, "
5622 "no CA certificate File configured at [%s:%d].\n",
5623 px->id, bind_conf->file, bind_conf->line);
Shimi Gersner5846c492020-08-23 13:58:12 +03005624 goto failed;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005625 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005626
Shimi Gersner5846c492020-08-23 13:58:12 +03005627 /* Allocate cert structure */
Tim Duesterhuse52b6e52020-09-12 20:26:43 +02005628 ckch = calloc(1, sizeof(*ckch));
Shimi Gersner5846c492020-08-23 13:58:12 +03005629 if (!ckch) {
5630 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d]. Chain allocation failure\n",
5631 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
5632 goto failed;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005633 }
Shimi Gersner5846c492020-08-23 13:58:12 +03005634
5635 /* Try to parse file */
5636 if (ssl_sock_load_files_into_ckch(bind_conf->ca_sign_file, ckch, &err)) {
5637 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d]. Chain loading failed: %s\n",
5638 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line, err);
Willy Tarreau01acf562021-02-26 21:12:15 +01005639 free(err);
Shimi Gersner5846c492020-08-23 13:58:12 +03005640 goto failed;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005641 }
Shimi Gersner5846c492020-08-23 13:58:12 +03005642
5643 /* Fail if missing cert or pkey */
5644 if ((!ckch->cert) || (!ckch->key)) {
5645 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d]. Chain missing certificate or private key\n",
5646 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
5647 goto failed;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005648 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005649
Shimi Gersner5846c492020-08-23 13:58:12 +03005650 /* Final assignment to bind */
5651 bind_conf->ca_sign_ckch = ckch;
5652 return ret;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005653
Shimi Gersner5846c492020-08-23 13:58:12 +03005654 failed:
5655 if (ckch) {
5656 ssl_sock_free_cert_key_and_chain_contents(ckch);
5657 free(ckch);
5658 }
5659
Willy Tarreau1ea6e6a2022-05-20 16:03:18 +02005660 bind_conf->options &= ~BC_O_GENERATE_CERTS;
Shimi Gersner5846c492020-08-23 13:58:12 +03005661 ret++;
5662 return ret;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005663}
5664
5665/* Release CA cert and private key used to generate certificated */
5666void
5667ssl_sock_free_ca(struct bind_conf *bind_conf)
5668{
Shimi Gersner5846c492020-08-23 13:58:12 +03005669 if (bind_conf->ca_sign_ckch) {
5670 ssl_sock_free_cert_key_and_chain_contents(bind_conf->ca_sign_ckch);
Willy Tarreau61cfdf42021-02-20 10:46:51 +01005671 ha_free(&bind_conf->ca_sign_ckch);
Shimi Gersner5846c492020-08-23 13:58:12 +03005672 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005673}
5674
Emeric Brun46591952012-05-18 15:47:34 +02005675/*
Frédéric Lécaille5aa92412020-11-09 15:59:23 +01005676 * Try to allocate the BIO and SSL session objects of <conn> connection with <bio> and
5677 * <ssl> as addresses, <bio_meth> as BIO method and <ssl_ctx> as SSL context inherited settings.
5678 * Connect the allocated BIO to the allocated SSL session. Also set <ctx> as address of custom
5679 * data for the BIO and store <conn> as user data of the SSL session object.
Ilya Shipitsin1e9a6662021-01-05 22:10:46 +05005680 * This is the responsibility of the caller to check the validity of all the pointers passed
Frédéric Lécaille5aa92412020-11-09 15:59:23 +01005681 * as parameters to this function.
5682 * Return 0 if succeeded, -1 if not. If failed, sets the ->err_code member of <conn> to
5683 * CO_ER_SSL_NO_MEM.
5684 */
5685int ssl_bio_and_sess_init(struct connection *conn, SSL_CTX *ssl_ctx,
5686 SSL **ssl, BIO **bio, BIO_METHOD *bio_meth, void *ctx)
5687{
5688 int retry = 1;
5689
5690 retry:
5691 /* Alloc a new SSL session. */
5692 *ssl = SSL_new(ssl_ctx);
5693 if (!*ssl) {
5694 if (!retry--)
5695 goto err;
5696
5697 pool_gc(NULL);
5698 goto retry;
5699 }
5700
5701 *bio = BIO_new(bio_meth);
5702 if (!*bio) {
5703 SSL_free(*ssl);
5704 *ssl = NULL;
5705 if (!retry--)
5706 goto err;
5707
5708 pool_gc(NULL);
5709 goto retry;
5710 }
5711
5712 BIO_set_data(*bio, ctx);
5713 SSL_set_bio(*ssl, *bio, *bio);
5714
5715 /* set connection pointer. */
5716 if (!SSL_set_ex_data(*ssl, ssl_app_data_index, conn)) {
5717 SSL_free(*ssl);
5718 *ssl = NULL;
5719 if (!retry--)
5720 goto err;
5721
5722 pool_gc(NULL);
5723 goto retry;
5724 }
5725
5726 return 0;
5727
5728 err:
5729 conn->err_code = CO_ER_SSL_NO_MEM;
5730 return -1;
5731}
5732
Olivier Houchardbc5ce922021-03-05 23:47:00 +01005733/* This function is called when all the XPRT have been initialized. We can
5734 * now attempt to start the SSL handshake.
5735 */
5736static int ssl_sock_start(struct connection *conn, void *xprt_ctx)
5737{
5738 struct ssl_sock_ctx *ctx = xprt_ctx;
5739
5740 if (ctx->xprt->start) {
5741 int ret;
5742
5743 ret = ctx->xprt->start(conn, ctx->xprt_ctx);
5744 if (ret < 0)
5745 return ret;
5746 }
5747 tasklet_wakeup(ctx->wait_event.tasklet);
5748
5749 return 0;
5750}
5751
Frédéric Lécaille5aa92412020-11-09 15:59:23 +01005752/*
Emeric Brun46591952012-05-18 15:47:34 +02005753 * This function is called if SSL * context is not yet allocated. The function
5754 * is designed to be called before any other data-layer operation and sets the
5755 * handshake flag on the connection. It is safe to call it multiple times.
5756 * It returns 0 on success and -1 in error case.
5757 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005758static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005759{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005760 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005761 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005762 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005763 return 0;
5764
Olivier Houchard66ab4982019-02-26 18:37:15 +01005765 ctx = pool_alloc(ssl_sock_ctx_pool);
5766 if (!ctx) {
5767 conn->err_code = CO_ER_SSL_NO_MEM;
5768 return -1;
5769 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005770 ctx->wait_event.tasklet = tasklet_new();
5771 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005772 conn->err_code = CO_ER_SSL_NO_MEM;
5773 pool_free(ssl_sock_ctx_pool, ctx);
5774 return -1;
5775 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005776 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5777 ctx->wait_event.tasklet->context = ctx;
Willy Tarreau9205ab32021-02-25 15:31:00 +01005778 ctx->wait_event.tasklet->state |= TASK_HEAVY; // assign it to the bulk queue during handshake
Olivier Houchardea8dd942019-05-20 14:02:16 +02005779 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005780 ctx->sent_early_data = 0;
Olivier Houchard54907bb2019-12-19 15:02:39 +01005781 ctx->early_buf = BUF_NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005782 ctx->conn = conn;
Willy Tarreau113d52b2020-01-10 09:20:26 +01005783 ctx->subs = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005784 ctx->xprt_st = 0;
5785 ctx->xprt_ctx = NULL;
Remi Tricot-Le Breton1fe0fad2021-09-29 18:56:52 +02005786 ctx->error_code = 0;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005787
5788 /* Only work with sockets for now, this should be adapted when we'll
5789 * add QUIC support.
5790 */
5791 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005792 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005793 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5794 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005795 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005796
Willy Tarreau82531f62021-10-06 12:15:18 +02005797 if (global.maxsslconn && global.sslconns >= global.maxsslconn) {
Willy Tarreau20879a02012-12-03 16:32:10 +01005798 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005799 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005800 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005801
Emeric Brun46591952012-05-18 15:47:34 +02005802 /* If it is in client mode initiate SSL session
5803 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005804 if (objt_server(conn->target)) {
Frédéric Lécaille5aa92412020-11-09 15:59:23 +01005805 if (ssl_bio_and_sess_init(conn, __objt_server(conn->target)->ssl_ctx.ctx,
5806 &ctx->ssl, &ctx->bio, ha_meth, ctx) == -1)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005807 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005808
Olivier Houchard66ab4982019-02-26 18:37:15 +01005809 SSL_set_connect_state(ctx->ssl);
William Lallemand3ce6eed2021-02-08 10:43:44 +01005810 HA_RWLOCK_RDLOCK(SSL_SERVER_LOCK, &(__objt_server(conn->target)->ssl_ctx.lock));
Willy Tarreau07d94e42018-09-20 10:57:52 +02005811 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5812 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5813 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005814 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005815 SSL_SESSION_free(sess);
Willy Tarreau61cfdf42021-02-20 10:46:51 +01005816 ha_free(&__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
Olivier Houcharde6060c52017-11-16 17:42:52 +01005817 } else if (sess) {
5818 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005819 }
5820 }
William Lallemand3ce6eed2021-02-08 10:43:44 +01005821 HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &(__objt_server(conn->target)->ssl_ctx.lock));
Evan Broderbe554312013-06-27 00:05:25 -07005822
Emeric Brun46591952012-05-18 15:47:34 +02005823 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005824 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005825
Willy Tarreau82531f62021-10-06 12:15:18 +02005826 _HA_ATOMIC_INC(&global.sslconns);
5827 _HA_ATOMIC_INC(&global.totalsslconns);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005828 *xprt_ctx = ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005829 return 0;
5830 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005831 else if (objt_listener(conn->target)) {
Frédéric Lécaille5aa92412020-11-09 15:59:23 +01005832 struct bind_conf *bc = __objt_listener(conn->target)->bind_conf;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005833
Frédéric Lécaille5aa92412020-11-09 15:59:23 +01005834 if (ssl_bio_and_sess_init(conn, bc->initial_ctx,
5835 &ctx->ssl, &ctx->bio, ha_meth, ctx) == -1)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005836 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005837
Ilya Shipitsinb9b84a42020-10-24 23:42:30 +05005838#ifdef SSL_READ_EARLY_DATA_SUCCESS
Frédéric Lécaille5aa92412020-11-09 15:59:23 +01005839 if (bc->ssl_conf.early_data) {
Frédéric Lécaille3139c1b2020-01-24 14:56:18 +01005840 b_alloc(&ctx->early_buf);
5841 SSL_set_max_early_data(ctx->ssl,
5842 /* Only allow early data if we managed to allocate
5843 * a buffer.
5844 */
5845 (!b_is_null(&ctx->early_buf)) ?
5846 global.tune.bufsize - global.tune.maxrewrite : 0);
5847 }
5848#endif
5849
Olivier Houchard66ab4982019-02-26 18:37:15 +01005850 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005851
Emeric Brun46591952012-05-18 15:47:34 +02005852 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005853 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Ilya Shipitsinb9b84a42020-10-24 23:42:30 +05005854#ifdef SSL_READ_EARLY_DATA_SUCCESS
Willy Tarreaua84986a2021-02-03 11:21:38 +01005855 if (bc->ssl_conf.early_data)
5856 conn->flags |= CO_FL_EARLY_SSL_HS;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005857#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005858
Willy Tarreau82531f62021-10-06 12:15:18 +02005859 _HA_ATOMIC_INC(&global.sslconns);
5860 _HA_ATOMIC_INC(&global.totalsslconns);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005861 *xprt_ctx = ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005862 return 0;
5863 }
5864 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005865 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005866err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005867 if (ctx && ctx->wait_event.tasklet)
5868 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005869 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005870 return -1;
5871}
5872
5873
5874/* This is the callback which is used when an SSL handshake is pending. It
5875 * updates the FD status if it wants some polling before being called again.
5876 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5877 * otherwise it returns non-zero and removes itself from the connection's
5878 * flags (the bit is provided in <flag> by the caller).
5879 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005880static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005881{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02005882 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005883 int ret;
Willy Tarreau42995282020-11-06 13:19:18 +01005884 struct ssl_counters *counters = NULL;
5885 struct ssl_counters *counters_px = NULL;
Amaury Denoyelled0447a72020-11-03 17:10:02 +01005886 struct listener *li;
5887 struct server *srv;
Willy Tarreau06300382021-02-02 15:42:25 +01005888 socklen_t lskerr;
5889 int skerr;
5890
Emeric Brun46591952012-05-18 15:47:34 +02005891
Willy Tarreau3c728722014-01-23 13:50:42 +01005892 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005893 return 0;
5894
Amaury Denoyelle034c1622020-11-13 16:05:00 +01005895 /* get counters */
5896 switch (obj_type(conn->target)) {
5897 case OBJ_TYPE_LISTENER:
Amaury Denoyelle2bf5d412021-07-26 09:59:06 +02005898 li = __objt_listener(conn->target);
Amaury Denoyelle034c1622020-11-13 16:05:00 +01005899 counters = EXTRA_COUNTERS_GET(li->extra_counters, &ssl_stats_module);
5900 counters_px = EXTRA_COUNTERS_GET(li->bind_conf->frontend->extra_counters_fe,
5901 &ssl_stats_module);
5902 break;
5903
5904 case OBJ_TYPE_SERVER:
Amaury Denoyelle2bf5d412021-07-26 09:59:06 +02005905 srv = __objt_server(conn->target);
Amaury Denoyelle034c1622020-11-13 16:05:00 +01005906 counters = EXTRA_COUNTERS_GET(srv->extra_counters, &ssl_stats_module);
5907 counters_px = EXTRA_COUNTERS_GET(srv->proxy->extra_counters_be,
5908 &ssl_stats_module);
5909 break;
5910
5911 default:
5912 break;
5913 }
5914
Willy Tarreau939b0bf2022-04-11 11:29:11 +02005915 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005916 goto out_error;
5917
Willy Tarreau06300382021-02-02 15:42:25 +01005918 /* don't start calculating a handshake on a dead connection */
5919 if (conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH))
5920 goto out_error;
5921
5922 /* FIXME/WT: for now we don't have a clear way to inspect the connection
5923 * status from the lower layers, so let's check the FD directly. Ideally
5924 * the xprt layers should provide some status indicating their knowledge
5925 * of shutdowns or error.
5926 */
Willy Tarreau07ecfc52022-04-11 18:07:03 +02005927 BUG_ON(conn->flags & CO_FL_FDLESS);
5928
Willy Tarreau06300382021-02-02 15:42:25 +01005929 skerr = 0;
5930 lskerr = sizeof(skerr);
5931 if ((getsockopt(conn->handle.fd, SOL_SOCKET, SO_ERROR, &skerr, &lskerr) < 0) ||
5932 skerr != 0)
5933 goto out_error;
5934
Ilya Shipitsinb9b84a42020-10-24 23:42:30 +05005935#ifdef SSL_READ_EARLY_DATA_SUCCESS
Olivier Houchardc2aae742017-09-22 18:26:28 +02005936 /*
5937 * Check if we have early data. If we do, we have to read them
5938 * before SSL_do_handshake() is called, And there's no way to
5939 * detect early data, except to try to read them
5940 */
5941 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchard54907bb2019-12-19 15:02:39 +01005942 size_t read_data = 0;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005943
Olivier Houchard54907bb2019-12-19 15:02:39 +01005944 while (1) {
5945 ret = SSL_read_early_data(ctx->ssl,
5946 b_tail(&ctx->early_buf), b_room(&ctx->early_buf),
5947 &read_data);
5948 if (ret == SSL_READ_EARLY_DATA_ERROR)
5949 goto check_error;
5950 if (read_data > 0) {
5951 conn->flags |= CO_FL_EARLY_DATA;
5952 b_add(&ctx->early_buf, read_data);
5953 }
5954 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5955 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5956 if (!b_data(&ctx->early_buf))
5957 b_free(&ctx->early_buf);
5958 break;
5959 }
5960 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005961 }
5962#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005963 /* If we use SSL_do_handshake to process a reneg initiated by
5964 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5965 * Usually SSL_write and SSL_read are used and process implicitly
5966 * the reneg handshake.
5967 * Here we use SSL_peek as a workaround for reneg.
5968 */
Willy Tarreauc192b0a2020-01-23 09:11:58 +01005969 if (!(conn->flags & CO_FL_WAIT_L6_CONN) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005970 char c;
5971
Olivier Houchard66ab4982019-02-26 18:37:15 +01005972 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005973 if (ret <= 0) {
5974 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005975 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005976
Emeric Brun674b7432012-11-08 19:21:55 +01005977 if (ret == SSL_ERROR_WANT_WRITE) {
5978 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005979 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005980 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005981 return 0;
5982 }
5983 else if (ret == SSL_ERROR_WANT_READ) {
5984 /* handshake may have been completed but we have
5985 * no more data to read.
5986 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005987 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005988 ret = 1;
5989 goto reneg_ok;
5990 }
5991 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005992 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005993 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005994 return 0;
5995 }
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05005996#ifdef SSL_MODE_ASYNC
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005997 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005998 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005999 return 0;
6000 }
6001#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006002 else if (ret == SSL_ERROR_SYSCALL) {
6003 /* if errno is null, then connection was successfully established */
6004 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6005 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01006006 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006007#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6008 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006009 conn->err_code = CO_ER_SSL_HANDSHAKE;
6010#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006011 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006012#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006013 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006014 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006015 empty_handshake = state == TLS_ST_BEFORE;
6016#else
Lukas Tribus49799162019-07-08 14:29:15 +02006017 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6018 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006019#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006020 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02006021 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006022 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006023 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6024 else
6025 conn->err_code = CO_ER_SSL_EMPTY;
6026 }
6027 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006028 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006029 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6030 else
6031 conn->err_code = CO_ER_SSL_ABORT;
6032 }
6033 }
6034 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006035 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006036 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01006037 else
Emeric Brun29f037d2014-04-25 19:05:36 +02006038 conn->err_code = CO_ER_SSL_HANDSHAKE;
6039 }
Lukas Tribus49799162019-07-08 14:29:15 +02006040#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01006041 }
Emeric Brun674b7432012-11-08 19:21:55 +01006042 goto out_error;
6043 }
6044 else {
6045 /* Fail on all other handshake errors */
6046 /* Note: OpenSSL may leave unread bytes in the socket's
6047 * buffer, causing an RST to be emitted upon close() on
6048 * TCP sockets. We first try to drain possibly pending
6049 * data to avoid this as much as possible.
6050 */
Willy Tarreau2ded48d2020-12-11 16:20:34 +01006051 conn_ctrl_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006052 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006053 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006054 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01006055 goto out_error;
6056 }
6057 }
6058 /* read some data: consider handshake completed */
6059 goto reneg_ok;
6060 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006061 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006062check_error:
Emeric Brun46591952012-05-18 15:47:34 +02006063 if (ret != 1) {
6064 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006065 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006066
Remi Tricot-Le Breton1fe0fad2021-09-29 18:56:52 +02006067 if (!ctx->error_code)
6068 ctx->error_code = ERR_peek_error();
Remi Tricot-Le Breton7c6898e2021-07-29 09:45:51 +02006069
Emeric Brun46591952012-05-18 15:47:34 +02006070 if (ret == SSL_ERROR_WANT_WRITE) {
6071 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006072 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006073 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006074 return 0;
6075 }
6076 else if (ret == SSL_ERROR_WANT_READ) {
6077 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02006078 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006079 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6080 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006081 return 0;
6082 }
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05006083#ifdef SSL_MODE_ASYNC
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006084 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006085 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006086 return 0;
6087 }
6088#endif
Willy Tarreau89230192012-09-28 20:22:13 +02006089 else if (ret == SSL_ERROR_SYSCALL) {
6090 /* if errno is null, then connection was successfully established */
6091 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6092 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006093 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006094#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6095 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006096 conn->err_code = CO_ER_SSL_HANDSHAKE;
6097#else
6098 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006099#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006100 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006101 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006102 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006103#else
Lukas Tribus49799162019-07-08 14:29:15 +02006104 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6105 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006106#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006107 if (empty_handshake) {
6108 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006109 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006110 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6111 else
6112 conn->err_code = CO_ER_SSL_EMPTY;
6113 }
6114 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006115 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006116 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6117 else
6118 conn->err_code = CO_ER_SSL_ABORT;
6119 }
Emeric Brun29f037d2014-04-25 19:05:36 +02006120 }
6121 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006122 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006123 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6124 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006125 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02006126 }
Lukas Tribus49799162019-07-08 14:29:15 +02006127#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02006128 }
Willy Tarreau89230192012-09-28 20:22:13 +02006129 goto out_error;
6130 }
Emeric Brun46591952012-05-18 15:47:34 +02006131 else {
6132 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02006133 /* Note: OpenSSL may leave unread bytes in the socket's
6134 * buffer, causing an RST to be emitted upon close() on
6135 * TCP sockets. We first try to drain possibly pending
6136 * data to avoid this as much as possible.
6137 */
Willy Tarreau2ded48d2020-12-11 16:20:34 +01006138 conn_ctrl_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006139 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006140 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006141 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006142 goto out_error;
6143 }
6144 }
Ilya Shipitsinb9b84a42020-10-24 23:42:30 +05006145#ifdef SSL_READ_EARLY_DATA_SUCCESS
Olivier Houchard522eea72017-11-03 16:27:47 +01006146 else {
6147 /*
6148 * If the server refused the early data, we have to send a
6149 * 425 to the client, as we no longer have the data to sent
6150 * them again.
6151 */
6152 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006153 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006154 conn->err_code = CO_ER_SSL_EARLY_FAILED;
6155 goto out_error;
6156 }
6157 }
6158 }
6159#endif
6160
Emeric Brun46591952012-05-18 15:47:34 +02006161
Emeric Brun674b7432012-11-08 19:21:55 +01006162reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00006163
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05006164#ifdef SSL_MODE_ASYNC
Emeric Brunb5e42a82017-06-06 12:35:14 +00006165 /* ASYNC engine API doesn't support moving read/write
6166 * buffers. So we disable ASYNC mode right after
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05006167 * the handshake to avoid buffer overflow.
Emeric Brunb5e42a82017-06-06 12:35:14 +00006168 */
6169 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006170 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006171#endif
Emeric Brun46591952012-05-18 15:47:34 +02006172 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006173 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006174 if (objt_server(conn->target)) {
6175 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
6176 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
6177 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02006178 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006179 else {
6180 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
6181 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
6182 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
6183 }
Amaury Denoyelled0447a72020-11-03 17:10:02 +01006184
Willy Tarreau42995282020-11-06 13:19:18 +01006185 if (counters) {
Willy Tarreauc5e7cf92021-11-22 17:46:13 +01006186 HA_ATOMIC_INC(&counters->sess);
6187 HA_ATOMIC_INC(&counters_px->sess);
Willy Tarreau42995282020-11-06 13:19:18 +01006188 }
Amaury Denoyelled0447a72020-11-03 17:10:02 +01006189 }
Willy Tarreau42995282020-11-06 13:19:18 +01006190 else if (counters) {
Willy Tarreauc5e7cf92021-11-22 17:46:13 +01006191 HA_ATOMIC_INC(&counters->reused_sess);
6192 HA_ATOMIC_INC(&counters_px->reused_sess);
Emeric Brun46591952012-05-18 15:47:34 +02006193 }
6194
6195 /* The connection is now established at both layers, it's time to leave */
6196 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
6197 return 1;
6198
6199 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006200 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006201 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006202 ERR_clear_error();
6203
Emeric Brun9fa89732012-10-04 17:09:56 +02006204 /* free resumed session if exists */
William Lallemand3ce6eed2021-02-08 10:43:44 +01006205 if (objt_server(conn->target)) {
6206 struct server *s = __objt_server(conn->target);
6207 /* RWLOCK: only rdlock the SSL cache even when writing in it because there is
6208 * one cache per thread, it only prevents to flush it from the CLI in
6209 * another thread */
6210
6211 HA_RWLOCK_RDLOCK(SSL_SERVER_LOCK, &s->ssl_ctx.lock);
Willy Tarreau61cfdf42021-02-20 10:46:51 +01006212 if (s->ssl_ctx.reused_sess[tid].ptr)
6213 ha_free(&s->ssl_ctx.reused_sess[tid].ptr);
William Lallemand3ce6eed2021-02-08 10:43:44 +01006214 HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &s->ssl_ctx.lock);
Emeric Brun9fa89732012-10-04 17:09:56 +02006215 }
6216
Amaury Denoyelle034c1622020-11-13 16:05:00 +01006217 if (counters) {
Willy Tarreauc5e7cf92021-11-22 17:46:13 +01006218 HA_ATOMIC_INC(&counters->failed_handshake);
6219 HA_ATOMIC_INC(&counters_px->failed_handshake);
Amaury Denoyelle034c1622020-11-13 16:05:00 +01006220 }
6221
Emeric Brun46591952012-05-18 15:47:34 +02006222 /* Fail on all other handshake errors */
6223 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01006224 if (!conn->err_code)
6225 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006226 return 0;
6227}
6228
Willy Tarreauee1a6fc2020-01-17 07:52:13 +01006229/* Called from the upper layer, to subscribe <es> to events <event_type>. The
6230 * event subscriber <es> is not allowed to change from a previous call as long
6231 * as at least one event is still subscribed. The <event_type> must only be a
6232 * combination of SUB_RETRY_RECV and SUB_RETRY_SEND. It always returns 0,
6233 * unless the transport layer was already released.
6234 */
6235static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, struct wait_event *es)
Olivier Houcharddf357842019-03-21 16:30:07 +01006236{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006237 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006238
Olivier Houchard0ff28652019-06-24 18:57:39 +02006239 if (!ctx)
6240 return -1;
6241
Willy Tarreau113d52b2020-01-10 09:20:26 +01006242 BUG_ON(event_type & ~(SUB_RETRY_SEND|SUB_RETRY_RECV));
Willy Tarreauee1a6fc2020-01-17 07:52:13 +01006243 BUG_ON(ctx->subs && ctx->subs != es);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006244
Willy Tarreauee1a6fc2020-01-17 07:52:13 +01006245 ctx->subs = es;
6246 es->events |= event_type;
Willy Tarreau113d52b2020-01-10 09:20:26 +01006247
6248 /* we may have to subscribe to lower layers for new events */
6249 event_type &= ~ctx->wait_event.events;
6250 if (event_type && !(conn->flags & CO_FL_SSL_WAIT_HS))
6251 ctx->xprt->subscribe(conn, ctx->xprt_ctx, event_type, &ctx->wait_event);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006252 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006253}
6254
Willy Tarreauee1a6fc2020-01-17 07:52:13 +01006255/* Called from the upper layer, to unsubscribe <es> from events <event_type>.
6256 * The <es> pointer is not allowed to differ from the one passed to the
6257 * subscribe() call. It always returns zero.
6258 */
6259static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, struct wait_event *es)
Olivier Houcharddf357842019-03-21 16:30:07 +01006260{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006261 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006262
Willy Tarreau113d52b2020-01-10 09:20:26 +01006263 BUG_ON(event_type & ~(SUB_RETRY_SEND|SUB_RETRY_RECV));
Willy Tarreauee1a6fc2020-01-17 07:52:13 +01006264 BUG_ON(ctx->subs && ctx->subs != es);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006265
Willy Tarreauee1a6fc2020-01-17 07:52:13 +01006266 es->events &= ~event_type;
6267 if (!es->events)
Willy Tarreau113d52b2020-01-10 09:20:26 +01006268 ctx->subs = NULL;
6269
6270 /* If we subscribed, and we're not doing the handshake,
6271 * then we subscribed because the upper layer asked for it,
6272 * as the upper layer is no longer interested, we can
6273 * unsubscribe too.
6274 */
6275 event_type &= ctx->wait_event.events;
6276 if (event_type && !(ctx->conn->flags & CO_FL_SSL_WAIT_HS))
6277 conn_unsubscribe(conn, ctx->xprt_ctx, event_type, &ctx->wait_event);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006278
6279 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006280}
6281
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006282/* The connection has been taken over, so destroy the old tasklet and create
6283 * a new one. The original thread ID must be passed into orig_tid
6284 * It should be called with the takeover lock for the old thread held.
6285 * Returns 0 on success, and -1 on failure
6286 */
6287static int ssl_takeover(struct connection *conn, void *xprt_ctx, int orig_tid)
6288{
6289 struct ssl_sock_ctx *ctx = xprt_ctx;
6290 struct tasklet *tl = tasklet_new();
6291
6292 if (!tl)
6293 return -1;
6294
6295 ctx->wait_event.tasklet->context = NULL;
6296 tasklet_wakeup_on(ctx->wait_event.tasklet, orig_tid);
6297 ctx->wait_event.tasklet = tl;
6298 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
6299 ctx->wait_event.tasklet->context = ctx;
6300 return 0;
6301}
6302
Willy Tarreau41491682021-03-02 17:29:56 +01006303/* notify the next xprt that the connection is about to become idle and that it
6304 * may be stolen at any time after the function returns and that any tasklet in
6305 * the chain must be careful before dereferencing its context.
6306 */
6307static void ssl_set_idle(struct connection *conn, void *xprt_ctx)
6308{
6309 struct ssl_sock_ctx *ctx = xprt_ctx;
6310
6311 if (!ctx || !ctx->wait_event.tasklet)
6312 return;
6313
6314 HA_ATOMIC_OR(&ctx->wait_event.tasklet->state, TASK_F_USR1);
6315 if (ctx->xprt)
6316 xprt_set_idle(conn, ctx->xprt, ctx->xprt_ctx);
6317}
6318
6319/* notify the next xprt that the connection is not idle anymore and that it may
6320 * not be stolen before the next xprt_set_idle().
6321 */
6322static void ssl_set_used(struct connection *conn, void *xprt_ctx)
6323{
6324 struct ssl_sock_ctx *ctx = xprt_ctx;
6325
6326 if (!ctx || !ctx->wait_event.tasklet)
6327 return;
6328
6329 HA_ATOMIC_OR(&ctx->wait_event.tasklet->state, TASK_F_USR1);
6330 if (ctx->xprt)
6331 xprt_set_used(conn, ctx->xprt, ctx->xprt_ctx);
6332}
6333
Olivier Houchard2e055482019-05-27 19:50:12 +02006334/* Use the provided XPRT as an underlying XPRT, and provide the old one.
6335 * Returns 0 on success, and non-zero on failure.
6336 */
6337static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
6338{
6339 struct ssl_sock_ctx *ctx = xprt_ctx;
6340
6341 if (oldxprt_ops != NULL)
6342 *oldxprt_ops = ctx->xprt;
6343 if (oldxprt_ctx != NULL)
6344 *oldxprt_ctx = ctx->xprt_ctx;
6345 ctx->xprt = toadd_ops;
6346 ctx->xprt_ctx = toadd_ctx;
6347 return 0;
6348}
6349
Olivier Houchard5149b592019-05-23 17:47:36 +02006350/* Remove the specified xprt. If if it our underlying XPRT, remove it and
6351 * return 0, otherwise just call the remove_xprt method from the underlying
6352 * XPRT.
6353 */
6354static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
6355{
6356 struct ssl_sock_ctx *ctx = xprt_ctx;
6357
6358 if (ctx->xprt_ctx == toremove_ctx) {
6359 ctx->xprt_ctx = newctx;
6360 ctx->xprt = newops;
6361 return 0;
6362 }
6363 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
6364}
6365
Willy Tarreau144f84a2021-03-02 16:09:26 +01006366struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned int state)
Olivier Houchardea8dd942019-05-20 14:02:16 +02006367{
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006368 struct tasklet *tl = (struct tasklet *)t;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006369 struct ssl_sock_ctx *ctx = context;
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006370 struct connection *conn;
6371 int conn_in_list;
6372 int ret = 0;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006373
Willy Tarreau41491682021-03-02 17:29:56 +01006374 if (state & TASK_F_USR1) {
6375 /* the tasklet was idling on an idle connection, it might have
6376 * been stolen, let's be careful!
6377 */
6378 HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
6379 if (tl->context == NULL) {
6380 HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
6381 tasklet_free(tl);
6382 return NULL;
6383 }
6384 conn = ctx->conn;
6385 conn_in_list = conn->flags & CO_FL_LIST_MASK;
6386 if (conn_in_list)
6387 conn_delete_from_tree(&conn->hash_node->node);
Amaury Denoyelle5c7086f2021-01-11 09:21:52 +01006388 HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
Willy Tarreau41491682021-03-02 17:29:56 +01006389 } else {
6390 conn = ctx->conn;
6391 conn_in_list = 0;
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006392 }
Willy Tarreau41491682021-03-02 17:29:56 +01006393
Olivier Houchardea8dd942019-05-20 14:02:16 +02006394 /* First if we're doing an handshake, try that */
Willy Tarreau9205ab32021-02-25 15:31:00 +01006395 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006396 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
Willy Tarreau9205ab32021-02-25 15:31:00 +01006397 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
6398 /* handshake completed, leave the bulk queue */
Willy Tarreau4c48edb2021-03-09 17:58:02 +01006399 _HA_ATOMIC_AND(&tl->state, ~TASK_HEAVY);
Willy Tarreau9205ab32021-02-25 15:31:00 +01006400 }
6401 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006402 /* If we had an error, or the handshake is done and I/O is available,
6403 * let the upper layer know.
Olivier Houchard477902b2020-01-22 18:08:48 +01006404 * If no mux was set up yet, then call conn_create_mux()
Olivier Houchardea8dd942019-05-20 14:02:16 +02006405 * we can't be sure conn_fd_handler() will be called again.
6406 */
6407 if ((ctx->conn->flags & CO_FL_ERROR) ||
6408 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006409 int woke = 0;
6410
6411 /* On error, wake any waiter */
Willy Tarreau113d52b2020-01-10 09:20:26 +01006412 if (ctx->subs) {
6413 tasklet_wakeup(ctx->subs->tasklet);
6414 ctx->subs->events = 0;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006415 woke = 1;
Willy Tarreau113d52b2020-01-10 09:20:26 +01006416 ctx->subs = NULL;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006417 }
Willy Tarreau113d52b2020-01-10 09:20:26 +01006418
Olivier Houchardea8dd942019-05-20 14:02:16 +02006419 /* If we're the first xprt for the connection, let the
Olivier Houchard477902b2020-01-22 18:08:48 +01006420 * upper layers know. If we have no mux, create it,
6421 * and once we have a mux, call its wake method if we didn't
6422 * woke a tasklet already.
Olivier Houchardea8dd942019-05-20 14:02:16 +02006423 */
6424 if (ctx->conn->xprt_ctx == ctx) {
Olivier Houchard477902b2020-01-22 18:08:48 +01006425 if (!ctx->conn->mux)
6426 ret = conn_create_mux(ctx->conn);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006427 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006428 ret = ctx->conn->mux->wake(ctx->conn);
6429 goto leave;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006430 }
6431 }
Ilya Shipitsin761d64c2021-01-07 11:59:58 +05006432#ifdef SSL_READ_EARLY_DATA_SUCCESS
Olivier Houchard54907bb2019-12-19 15:02:39 +01006433 /* If we have early data and somebody wants to receive, let them */
Willy Tarreau113d52b2020-01-10 09:20:26 +01006434 else if (b_data(&ctx->early_buf) && ctx->subs &&
6435 ctx->subs->events & SUB_RETRY_RECV) {
6436 tasklet_wakeup(ctx->subs->tasklet);
6437 ctx->subs->events &= ~SUB_RETRY_RECV;
6438 if (!ctx->subs->events)
6439 ctx->subs = NULL;
Olivier Houchard54907bb2019-12-19 15:02:39 +01006440 }
6441#endif
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006442leave:
6443 if (!ret && conn_in_list) {
6444 struct server *srv = objt_server(conn->target);
6445
Amaury Denoyelle5c7086f2021-01-11 09:21:52 +01006446 HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006447 if (conn_in_list == CO_FL_SAFE_LIST)
Willy Tarreau430bf4a2021-03-04 09:45:32 +01006448 ebmb_insert(&srv->per_thr[tid].safe_conns, &conn->hash_node->node, sizeof(conn->hash_node->hash));
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006449 else
Willy Tarreau430bf4a2021-03-04 09:45:32 +01006450 ebmb_insert(&srv->per_thr[tid].idle_conns, &conn->hash_node->node, sizeof(conn->hash_node->hash));
Amaury Denoyelle5c7086f2021-01-11 09:21:52 +01006451 HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02006452 }
Willy Tarreau74163142021-03-13 11:30:19 +01006453 return t;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006454}
6455
Emeric Brun46591952012-05-18 15:47:34 +02006456/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01006457 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02006458 * buffer wraps, in which case a second call may be performed. The connection's
6459 * flags are updated with whatever special event is detected (error, read0,
6460 * empty). The caller is responsible for taking care of those events and
6461 * avoiding the call if inappropriate. The function does not call the
6462 * connection's polling update function, so the caller is responsible for this.
6463 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006464static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006465{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006466 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02006467 ssize_t ret;
6468 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02006469
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006470 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006471 goto out_error;
6472
Ilya Shipitsin761d64c2021-01-07 11:59:58 +05006473#ifdef SSL_READ_EARLY_DATA_SUCCESS
Olivier Houchard54907bb2019-12-19 15:02:39 +01006474 if (b_data(&ctx->early_buf)) {
6475 try = b_contig_space(buf);
6476 if (try > b_data(&ctx->early_buf))
6477 try = b_data(&ctx->early_buf);
6478 memcpy(b_tail(buf), b_head(&ctx->early_buf), try);
6479 b_add(buf, try);
6480 b_del(&ctx->early_buf, try);
6481 if (b_data(&ctx->early_buf) == 0)
6482 b_free(&ctx->early_buf);
6483 return try;
6484 }
6485#endif
6486
Willy Tarreau911db9b2020-01-23 16:27:54 +01006487 if (conn->flags & (CO_FL_WAIT_XPRT | CO_FL_SSL_WAIT_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006488 /* a handshake was requested */
6489 return 0;
6490
Emeric Brun46591952012-05-18 15:47:34 +02006491 /* read the largest possible block. For this, we perform only one call
6492 * to recv() unless the buffer wraps and we exactly fill the first hunk,
6493 * in which case we accept to do it once again. A new attempt is made on
6494 * EINTR too.
6495 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01006496 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006497
Willy Tarreau591d4452018-06-15 17:21:00 +02006498 try = b_contig_space(buf);
6499 if (!try)
6500 break;
6501
Willy Tarreauabf08d92014-01-14 11:31:27 +01006502 if (try > count)
6503 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02006504
Olivier Houchard66ab4982019-02-26 18:37:15 +01006505 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006506
Emeric Brune1f38db2012-09-03 20:36:47 +02006507 if (conn->flags & CO_FL_ERROR) {
6508 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006509 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006510 }
Emeric Brun46591952012-05-18 15:47:34 +02006511 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02006512 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006513 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006514 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006515 }
Emeric Brun46591952012-05-18 15:47:34 +02006516 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006517 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006518 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006519 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02006520 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006521 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05006522#ifdef SSL_MODE_ASYNC
Emeric Brunb5e42a82017-06-06 12:35:14 +00006523 /* Async mode can be re-enabled, because we're leaving data state.*/
6524 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006525 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006526#endif
Emeric Brun46591952012-05-18 15:47:34 +02006527 break;
6528 }
6529 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006530 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006531 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6532 SUB_RETRY_RECV,
6533 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01006534 /* handshake is running, and it may need to re-enable read */
6535 conn->flags |= CO_FL_SSL_WAIT_HS;
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05006536#ifdef SSL_MODE_ASYNC
Emeric Brunb5e42a82017-06-06 12:35:14 +00006537 /* Async mode can be re-enabled, because we're leaving data state.*/
6538 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006539 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006540#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006541 break;
6542 }
Emeric Brun46591952012-05-18 15:47:34 +02006543 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006544 } else if (ret == SSL_ERROR_ZERO_RETURN)
6545 goto read0;
Remi Tricot-Le Breton61944f72021-09-29 18:56:51 +02006546 else if (ret == SSL_ERROR_SSL) {
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006547 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
6548 if (ctx && !ctx->error_code)
Remi Tricot-Le Breton9543d5a2021-09-29 18:56:53 +02006549 ctx->error_code = ERR_peek_error();
Remi Tricot-Le Breton61944f72021-09-29 18:56:51 +02006550 conn->err_code = CO_ERR_SSL_FATAL;
6551 }
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006552 /* For SSL_ERROR_SYSCALL, make sure to clear the error
6553 * stack before shutting down the connection for
6554 * reading. */
Willy Tarreauacef5e22022-04-25 20:32:15 +02006555 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN || errno == EWOULDBLOCK))
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006556 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02006557 /* otherwise it's a real error */
6558 goto out_error;
6559 }
6560 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006561 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006562 return done;
6563
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006564 clear_ssl_error:
6565 /* Clear openssl global errors stack */
6566 ssl_sock_dump_errors(conn);
6567 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02006568 read0:
6569 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006570 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006571
Emeric Brun46591952012-05-18 15:47:34 +02006572 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006573 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01006574 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006575 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006576 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006577 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006578}
6579
6580
Willy Tarreau787db9a2018-06-14 18:31:46 +02006581/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
6582 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
6583 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02006584 * Only one call to send() is performed, unless the buffer wraps, in which case
6585 * a second call may be performed. The connection's flags are updated with
6586 * whatever special event is detected (error, empty). The caller is responsible
6587 * for taking care of those events and avoiding the call if inappropriate. The
6588 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02006589 * is responsible for this. The buffer's output is not adjusted, it's up to the
6590 * caller to take care of this. It's up to the caller to update the buffer's
6591 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02006592 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006593static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006594{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006595 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006596 ssize_t ret;
6597 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02006598
6599 done = 0;
6600
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006601 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006602 goto out_error;
6603
Willy Tarreau911db9b2020-01-23 16:27:54 +01006604 if (conn->flags & (CO_FL_WAIT_XPRT | CO_FL_SSL_WAIT_HS | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006605 /* a handshake was requested */
6606 return 0;
6607
6608 /* send the largest possible block. For this we perform only one call
6609 * to send() unless the buffer wraps and we exactly fill the first hunk,
6610 * in which case we accept to do it once again.
6611 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006612 while (count) {
Ilya Shipitsinb9b84a42020-10-24 23:42:30 +05006613#ifdef SSL_READ_EARLY_DATA_SUCCESS
Olivier Houchardc2aae742017-09-22 18:26:28 +02006614 size_t written_data;
6615#endif
6616
Willy Tarreau787db9a2018-06-14 18:31:46 +02006617 try = b_contig_data(buf, done);
6618 if (try > count)
6619 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006620
Thomas Prückl10243932022-04-27 13:04:54 +02006621 if (global_ssl.hard_max_record && try > global_ssl.hard_max_record)
6622 try = global_ssl.hard_max_record;
6623
Willy Tarreau7bed9452014-02-02 02:00:24 +01006624 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006625 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006626 global_ssl.max_record && try > global_ssl.max_record) {
6627 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006628 }
6629 else {
6630 /* we need to keep the information about the fact that
6631 * we're not limiting the upcoming send(), because if it
6632 * fails, we'll have to retry with at least as many data.
6633 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006634 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006635 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006636
Ilya Shipitsinb9b84a42020-10-24 23:42:30 +05006637#ifdef SSL_READ_EARLY_DATA_SUCCESS
Olivier Houchard010941f2019-05-03 20:56:19 +02006638 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006639 unsigned int max_early;
6640
Olivier Houchard522eea72017-11-03 16:27:47 +01006641 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006642 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006643 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006644 if (SSL_get0_session(ctx->ssl))
6645 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006646 else
6647 max_early = 0;
6648 }
6649
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006650 if (try + ctx->sent_early_data > max_early) {
6651 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006652 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006653 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006654 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006655 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006656 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006657 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006658 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006659 if (ret == 1) {
6660 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006661 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006662 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006663 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006664 /* Initiate the handshake, now */
6665 tasklet_wakeup(ctx->wait_event.tasklet);
6666 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006667
Olivier Houchardc2aae742017-09-22 18:26:28 +02006668 }
6669
6670 } else
6671#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006672 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006673
Emeric Brune1f38db2012-09-03 20:36:47 +02006674 if (conn->flags & CO_FL_ERROR) {
6675 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006676 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006677 }
Emeric Brun46591952012-05-18 15:47:34 +02006678 if (ret > 0) {
Willy Tarreauc192b0a2020-01-23 09:11:58 +01006679 /* A send succeeded, so we can consider ourself connected */
6680 conn->flags &= ~CO_FL_WAIT_L4L6;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006681 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006682 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006683 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006684 }
6685 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006686 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006687
Emeric Brun46591952012-05-18 15:47:34 +02006688 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006689 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006690 /* handshake is running, and it may need to re-enable write */
6691 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006692 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05006693#ifdef SSL_MODE_ASYNC
Emeric Brunb5e42a82017-06-06 12:35:14 +00006694 /* Async mode can be re-enabled, because we're leaving data state.*/
6695 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006696 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006697#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006698 break;
6699 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006700
Emeric Brun46591952012-05-18 15:47:34 +02006701 break;
6702 }
6703 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006704 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006705 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006706 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6707 SUB_RETRY_RECV,
6708 &ctx->wait_event);
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05006709#ifdef SSL_MODE_ASYNC
Emeric Brunb5e42a82017-06-06 12:35:14 +00006710 /* Async mode can be re-enabled, because we're leaving data state.*/
6711 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006712 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006713#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006714 break;
6715 }
Remi Tricot-Le Breton61944f72021-09-29 18:56:51 +02006716 else if (ret == SSL_ERROR_SSL || ret == SSL_ERROR_SYSCALL) {
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006717 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
6718
Willy Tarreau3a0a0d62022-04-12 07:31:06 +02006719 if (ctx && !ctx->error_code)
Remi Tricot-Le Breton9543d5a2021-09-29 18:56:53 +02006720 ctx->error_code = ERR_peek_error();
Remi Tricot-Le Breton61944f72021-09-29 18:56:51 +02006721 conn->err_code = CO_ERR_SSL_FATAL;
6722 }
Emeric Brun46591952012-05-18 15:47:34 +02006723 goto out_error;
6724 }
6725 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006726 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006727 return done;
6728
6729 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006730 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006731 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006732 ERR_clear_error();
6733
Emeric Brun46591952012-05-18 15:47:34 +02006734 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006735 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006736}
6737
Willy Tarreau832e2422021-05-13 10:11:03 +02006738void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006739
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006740 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006741
Olivier Houchardea8dd942019-05-20 14:02:16 +02006742
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006743 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006744 if (ctx->wait_event.events != 0)
6745 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6746 ctx->wait_event.events,
6747 &ctx->wait_event);
Willy Tarreau113d52b2020-01-10 09:20:26 +01006748 if (ctx->subs) {
6749 ctx->subs->events = 0;
6750 tasklet_wakeup(ctx->subs->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006751 }
Willy Tarreau113d52b2020-01-10 09:20:26 +01006752
Olivier Houchard692c1d02019-05-23 18:41:47 +02006753 if (ctx->xprt->close)
6754 ctx->xprt->close(conn, ctx->xprt_ctx);
Ilya Shipitsinbdec3ba2020-11-14 01:56:34 +05006755#ifdef SSL_MODE_ASYNC
Emeric Brun3854e012017-05-17 20:42:48 +02006756 if (global_ssl.async) {
6757 OSSL_ASYNC_FD all_fd[32], afd;
6758 size_t num_all_fds = 0;
6759 int i;
6760
Olivier Houchard66ab4982019-02-26 18:37:15 +01006761 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006762 if (num_all_fds > 32) {
6763 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6764 return;
6765 }
6766
Olivier Houchard66ab4982019-02-26 18:37:15 +01006767 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006768
6769 /* If an async job is pending, we must try to
6770 to catch the end using polling before calling
6771 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006772 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006773 for (i=0 ; i < num_all_fds ; i++) {
6774 /* switch on an handler designed to
6775 * handle the SSL_free
6776 */
6777 afd = all_fd[i];
6778 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006779 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006780 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006781 /* To ensure that the fd cache won't be used
6782 * and we'll catch a real RD event.
6783 */
6784 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006785 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006786 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006787 pool_free(ssl_sock_ctx_pool, ctx);
Willy Tarreau4781b152021-04-06 13:53:36 +02006788 _HA_ATOMIC_INC(&jobs);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006789 return;
6790 }
Emeric Brun3854e012017-05-17 20:42:48 +02006791 /* Else we can remove the fds from the fdtab
6792 * and call SSL_free.
Willy Tarreau67672452020-08-26 11:44:17 +02006793 * note: we do a fd_stop_both and not a delete
Emeric Brun3854e012017-05-17 20:42:48 +02006794 * because the fd is owned by the engine.
6795 * the engine is responsible to close
6796 */
6797 for (i=0 ; i < num_all_fds ; i++)
Willy Tarreau67672452020-08-26 11:44:17 +02006798 fd_stop_both(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006799 }
6800#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006801 SSL_free(ctx->ssl);
Olivier Houchard54907bb2019-12-19 15:02:39 +01006802 b_free(&ctx->early_buf);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006803 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006804 pool_free(ssl_sock_ctx_pool, ctx);
Willy Tarreau82531f62021-10-06 12:15:18 +02006805 _HA_ATOMIC_DEC(&global.sslconns);
Emeric Brun46591952012-05-18 15:47:34 +02006806 }
Emeric Brun46591952012-05-18 15:47:34 +02006807}
6808
6809/* This function tries to perform a clean shutdown on an SSL connection, and in
6810 * any case, flags the connection as reusable if no handshake was in progress.
6811 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006812static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006813{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006814 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006815
Willy Tarreau911db9b2020-01-23 16:27:54 +01006816 if (conn->flags & (CO_FL_WAIT_XPRT | CO_FL_SSL_WAIT_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006817 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006818 if (!clean)
6819 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006820 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006821 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006822 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006823 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006824 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006825 ERR_clear_error();
6826 }
Emeric Brun46591952012-05-18 15:47:34 +02006827}
6828
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006829
Ilya Shipitsin77e3b4a2020-03-10 12:06:11 +05006830/* used for ppv2 pkey algo (can be used for logging) */
William Lallemandd4f946c2019-12-05 10:26:40 +01006831int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
6832{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006833 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
William Lallemandd4f946c2019-12-05 10:26:40 +01006834 X509 *crt;
6835
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006836 if (!ctx)
William Lallemandd4f946c2019-12-05 10:26:40 +01006837 return 0;
William Lallemandd4f946c2019-12-05 10:26:40 +01006838 crt = SSL_get_certificate(ctx->ssl);
6839 if (!crt)
6840 return 0;
6841
6842 return cert_get_pkey_algo(crt, out);
6843}
6844
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006845/* used for ppv2 cert signature (can be used for logging) */
6846const char *ssl_sock_get_cert_sig(struct connection *conn)
6847{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006848 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006849
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006850 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6851 X509 *crt;
6852
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006853 if (!ctx)
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006854 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006855 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006856 if (!crt)
6857 return NULL;
6858 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6859 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6860}
6861
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006862/* used for ppv2 authority */
6863const char *ssl_sock_get_sni(struct connection *conn)
6864{
6865#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006866 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006867
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006868 if (!ctx)
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006869 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006870 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006871#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006872 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006873#endif
6874}
6875
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006876/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006877const char *ssl_sock_get_cipher_name(struct connection *conn)
6878{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006879 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006880
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006881 if (!ctx)
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006882 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006883 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006884}
6885
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006886/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006887const char *ssl_sock_get_proto_version(struct connection *conn)
6888{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006889 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006890
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006891 if (!ctx)
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006892 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006893 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006894}
6895
Olivier Houchardab28a322018-12-21 19:45:40 +01006896void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6897{
6898#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006899 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006900
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006901 if (!ctx)
Olivier Houcharde488ea82019-06-28 14:10:33 +02006902 return;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006903 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006904#endif
6905}
6906
Willy Tarreau119a4082016-12-22 21:58:38 +01006907/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6908 * to disable SNI.
6909 */
Willy Tarreau63076412015-07-10 11:33:32 +02006910void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6911{
6912#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006913 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
William Lallemande18d4e82021-11-17 02:59:21 +01006914 struct server *s;
Willy Tarreau119a4082016-12-22 21:58:38 +01006915 char *prev_name;
6916
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006917 if (!ctx)
Willy Tarreau63076412015-07-10 11:33:32 +02006918 return;
Willy Tarreau77bfa662021-12-23 11:12:13 +01006919
6920 BUG_ON(!(conn->flags & CO_FL_WAIT_L6_CONN));
6921 BUG_ON(!(conn->flags & CO_FL_SSL_WAIT_HS));
6922
William Lallemande18d4e82021-11-17 02:59:21 +01006923 s = __objt_server(conn->target);
Willy Tarreau63076412015-07-10 11:33:32 +02006924
Willy Tarreau119a4082016-12-22 21:58:38 +01006925 /* if the SNI changes, we must destroy the reusable context so that a
William Lallemande18d4e82021-11-17 02:59:21 +01006926 * new connection will present a new SNI. compare with the SNI
6927 * previously stored in the reused_sess */
6928 /* the RWLOCK is used to ensure that we are not trying to flush the
6929 * cache from the CLI */
6930
6931 HA_RWLOCK_RDLOCK(SSL_SERVER_LOCK, &s->ssl_ctx.lock);
6932 prev_name = s->ssl_ctx.reused_sess[tid].sni;
Willy Tarreau119a4082016-12-22 21:58:38 +01006933 if ((!prev_name && hostname) ||
6934 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006935 SSL_set_session(ctx->ssl, NULL);
William Lallemande18d4e82021-11-17 02:59:21 +01006936 HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &s->ssl_ctx.lock);
Willy Tarreau119a4082016-12-22 21:58:38 +01006937
Olivier Houchard66ab4982019-02-26 18:37:15 +01006938 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006939#endif
6940}
6941
Emeric Brun0abf8362014-06-24 18:26:41 +02006942/* Extract peer certificate's common name into the chunk dest
6943 * Returns
6944 * the len of the extracted common name
6945 * or 0 if no CN found in DN
6946 * or -1 on error case (i.e. no peer certificate)
6947 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006948int ssl_sock_get_remote_common_name(struct connection *conn,
6949 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006950{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006951 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
David Safb76832014-05-08 23:42:08 -04006952 X509 *crt = NULL;
6953 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006954 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006955 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006956 .area = (char *)&find_cn,
6957 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006958 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006959 int result = -1;
David Safb76832014-05-08 23:42:08 -04006960
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006961 if (!ctx)
Emeric Brun0abf8362014-06-24 18:26:41 +02006962 goto out;
David Safb76832014-05-08 23:42:08 -04006963
6964 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006965 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006966 if (!crt)
6967 goto out;
6968
6969 name = X509_get_subject_name(crt);
6970 if (!name)
6971 goto out;
David Safb76832014-05-08 23:42:08 -04006972
Emeric Brun0abf8362014-06-24 18:26:41 +02006973 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6974out:
David Safb76832014-05-08 23:42:08 -04006975 if (crt)
6976 X509_free(crt);
6977
6978 return result;
6979}
6980
Dave McCowan328fb582014-07-30 10:39:13 -04006981/* returns 1 if client passed a certificate for this session, 0 if not */
6982int ssl_sock_get_cert_used_sess(struct connection *conn)
6983{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006984 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Dave McCowan328fb582014-07-30 10:39:13 -04006985 X509 *crt = NULL;
6986
Willy Tarreau939b0bf2022-04-11 11:29:11 +02006987 if (!ctx)
Dave McCowan328fb582014-07-30 10:39:13 -04006988 return 0;
6989
6990 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006991 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006992 if (!crt)
6993 return 0;
6994
6995 X509_free(crt);
6996 return 1;
6997}
6998
6999/* returns 1 if client passed a certificate for this connection, 0 if not */
7000int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04007001{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02007002 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007003
Willy Tarreau939b0bf2022-04-11 11:29:11 +02007004 if (!ctx)
David Safb76832014-05-08 23:42:08 -04007005 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007006 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04007007}
7008
7009/* returns result from SSL verify */
7010unsigned int ssl_sock_get_verify_result(struct connection *conn)
7011{
Willy Tarreau939b0bf2022-04-11 11:29:11 +02007012 struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007013
Willy Tarreau939b0bf2022-04-11 11:29:11 +02007014 if (!ctx)
David Safb76832014-05-08 23:42:08 -04007015 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007016 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007017}
7018
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007019/* Returns the application layer protocol name in <str> and <len> when known.
7020 * Zero is returned if the protocol name was not found, otherwise non-zero is
7021 * returned. The string is allocated in the SSL context and doesn't have to be
7022 * freed by the caller. NPN is also checked if available since older versions
7023 * of openssl (1.0.1) which are more common in field only support this one.
7024 */
Amaury Denoyelle71e588c2021-11-12 11:23:29 +01007025int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007026{
Olivier Houchard66ab4982019-02-26 18:37:15 +01007027#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
7028 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007029 struct ssl_sock_ctx *ctx = xprt_ctx;
7030 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007031 return 0;
7032
7033 *str = NULL;
7034
7035#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01007036 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007037 if (*str)
7038 return 1;
7039#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01007040#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007041 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007042 if (*str)
7043 return 1;
7044#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007045#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007046 return 0;
7047}
7048
Emmanuel Hocdet70df7bf2019-01-04 11:08:20 +01007049/* "issuers-chain-path" load chain certificate in global */
William Lallemanddad31052020-05-14 17:47:32 +02007050int ssl_load_global_issuer_from_BIO(BIO *in, char *fp, char **err)
Emmanuel Hocdet70df7bf2019-01-04 11:08:20 +01007051{
7052 X509 *ca;
7053 X509_NAME *name = NULL;
7054 ASN1_OCTET_STRING *skid = NULL;
7055 STACK_OF(X509) *chain = NULL;
7056 struct issuer_chain *issuer;
7057 struct eb64_node *node;
7058 char *path;
7059 u64 key;
7060 int ret = 0;
7061
7062 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
7063 if (chain == NULL) {
7064 chain = sk_X509_new_null();
7065 skid = X509_get_ext_d2i(ca, NID_subject_key_identifier, NULL, NULL);
7066 name = X509_get_subject_name(ca);
7067 }
7068 if (!sk_X509_push(chain, ca)) {
7069 X509_free(ca);
7070 goto end;
7071 }
7072 }
7073 if (!chain) {
7074 memprintf(err, "unable to load issuers-chain %s : pem certificate not found.\n", fp);
7075 goto end;
7076 }
7077 if (!skid) {
7078 memprintf(err, "unable to load issuers-chain %s : SubjectKeyIdentifier not found.\n", fp);
7079 goto end;
7080 }
7081 if (!name) {
7082 memprintf(err, "unable to load issuers-chain %s : SubjectName not found.\n", fp);
7083 goto end;
7084 }
Dragan Dosen967e7e72020-12-22 13:22:34 +01007085 key = XXH3(ASN1_STRING_get0_data(skid), ASN1_STRING_length(skid), 0);
William Lallemande0f3fd52020-02-25 14:53:06 +01007086 for (node = eb64_lookup(&cert_issuer_tree, key); node; node = eb64_next(node)) {
Emmanuel Hocdet70df7bf2019-01-04 11:08:20 +01007087 issuer = container_of(node, typeof(*issuer), node);
7088 if (!X509_NAME_cmp(name, X509_get_subject_name(sk_X509_value(issuer->chain, 0)))) {
7089 memprintf(err, "duplicate issuers-chain %s: %s already in store\n", fp, issuer->path);
7090 goto end;
7091 }
7092 }
7093 issuer = calloc(1, sizeof *issuer);
7094 path = strdup(fp);
7095 if (!issuer || !path) {
7096 free(issuer);
7097 free(path);
7098 goto end;
7099 }
7100 issuer->node.key = key;
7101 issuer->path = path;
7102 issuer->chain = chain;
7103 chain = NULL;
William Lallemande0f3fd52020-02-25 14:53:06 +01007104 eb64_insert(&cert_issuer_tree, &issuer->node);
Emmanuel Hocdet70df7bf2019-01-04 11:08:20 +01007105 ret = 1;
7106 end:
7107 if (skid)
7108 ASN1_OCTET_STRING_free(skid);
7109 if (chain)
7110 sk_X509_pop_free(chain, X509_free);
7111 return ret;
7112}
7113
William Lallemandda8584c2020-05-14 10:14:37 +02007114 struct issuer_chain* ssl_get0_issuer_chain(X509 *cert)
Emmanuel Hocdet75a7aa12020-02-18 15:19:24 +01007115{
7116 AUTHORITY_KEYID *akid;
7117 struct issuer_chain *issuer = NULL;
7118
7119 akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
William Lallemandf69cd682020-11-19 16:24:13 +01007120 if (akid && akid->keyid) {
Emmanuel Hocdet75a7aa12020-02-18 15:19:24 +01007121 struct eb64_node *node;
7122 u64 hk;
Dragan Dosen967e7e72020-12-22 13:22:34 +01007123 hk = XXH3(ASN1_STRING_get0_data(akid->keyid), ASN1_STRING_length(akid->keyid), 0);
Emmanuel Hocdet75a7aa12020-02-18 15:19:24 +01007124 for (node = eb64_lookup(&cert_issuer_tree, hk); node; node = eb64_next(node)) {
7125 struct issuer_chain *ti = container_of(node, typeof(*issuer), node);
7126 if (X509_check_issued(sk_X509_value(ti->chain, 0), cert) == X509_V_OK) {
7127 issuer = ti;
7128 break;
7129 }
7130 }
7131 AUTHORITY_KEYID_free(akid);
7132 }
7133 return issuer;
7134}
7135
William Lallemanddad31052020-05-14 17:47:32 +02007136void ssl_free_global_issuers(void)
Emmanuel Hocdet70df7bf2019-01-04 11:08:20 +01007137{
7138 struct eb64_node *node, *back;
7139 struct issuer_chain *issuer;
7140
William Lallemande0f3fd52020-02-25 14:53:06 +01007141 node = eb64_first(&cert_issuer_tree);
Emmanuel Hocdet70df7bf2019-01-04 11:08:20 +01007142 while (node) {
7143 issuer = container_of(node, typeof(*issuer), node);
7144 back = eb64_next(node);
7145 eb64_delete(node);
7146 free(issuer->path);
7147 sk_X509_pop_free(issuer->chain, X509_free);
7148 free(issuer);
7149 node = back;
7150 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00007151}
7152
William Lallemandd7bfbe22022-04-11 18:41:24 +02007153#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00007154static int ssl_check_async_engine_count(void) {
Christopher Fauletfc633b62020-11-06 15:24:23 +01007155 int err_code = ERR_NONE;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00007156
Emeric Brun3854e012017-05-17 20:42:48 +02007157 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01007158 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00007159 err_code = ERR_ABORT;
7160 }
7161 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01007162}
Willy Tarreau9ceda382016-12-21 23:13:03 +01007163#endif
7164
Willy Tarreaude5675a2021-01-20 14:41:29 +01007165/* "show fd" helper to dump ssl internals. Warning: the output buffer is often
Willy Tarreau4bd5d632021-01-21 08:53:50 +01007166 * the common trash! It returns non-zero if the connection entry looks suspicious.
Willy Tarreaude5675a2021-01-20 14:41:29 +01007167 */
Willy Tarreau8050efe2021-01-21 08:26:06 +01007168static int ssl_sock_show_fd(struct buffer *buf, const struct connection *conn, const void *ctx)
Willy Tarreaude5675a2021-01-20 14:41:29 +01007169{
7170 const struct ssl_sock_ctx *sctx = ctx;
Willy Tarreau4bd5d632021-01-21 08:53:50 +01007171 int ret = 0;
Willy Tarreaude5675a2021-01-20 14:41:29 +01007172
7173 if (!sctx)
Willy Tarreau4bd5d632021-01-21 08:53:50 +01007174 return ret;
Willy Tarreaude5675a2021-01-20 14:41:29 +01007175
Willy Tarreau4bd5d632021-01-21 08:53:50 +01007176 if (sctx->conn != conn) {
7177 chunk_appendf(&trash, " xctx.conn=%p(BOGUS)", sctx->conn);
7178 ret = 1;
7179 }
Willy Tarreaude5675a2021-01-20 14:41:29 +01007180 chunk_appendf(&trash, " xctx.st=%d", sctx->xprt_st);
7181
7182 if (sctx->xprt) {
7183 chunk_appendf(&trash, " .xprt=%s", sctx->xprt->name);
7184 if (sctx->xprt_ctx)
7185 chunk_appendf(&trash, " .xctx=%p", sctx->xprt_ctx);
7186 }
7187
7188 chunk_appendf(&trash, " .wait.ev=%d", sctx->wait_event.events);
Willy Tarreau4bd5d632021-01-21 08:53:50 +01007189
7190 /* as soon as a shutdown is reported the lower layer unregisters its
7191 * subscriber, so the situations below are transient and rare enough to
7192 * be reported as suspicious. In any case they shouldn't last.
7193 */
7194 if ((sctx->wait_event.events & 1) && (conn->flags & (CO_FL_SOCK_RD_SH|CO_FL_ERROR)))
7195 ret = 1;
7196 if ((sctx->wait_event.events & 2) && (conn->flags & (CO_FL_SOCK_WR_SH|CO_FL_ERROR)))
7197 ret = 1;
7198
Willy Tarreaude5675a2021-01-20 14:41:29 +01007199 chunk_appendf(&trash, " .subs=%p", sctx->subs);
7200 if (sctx->subs) {
7201 chunk_appendf(&trash, "(ev=%d tl=%p", sctx->subs->events, sctx->subs->tasklet);
Willy Tarreau4bd5d632021-01-21 08:53:50 +01007202 if (sctx->subs->tasklet->calls >= 1000000)
7203 ret = 1;
Willy Tarreaude5675a2021-01-20 14:41:29 +01007204 chunk_appendf(&trash, " tl.calls=%d tl.ctx=%p tl.fct=",
7205 sctx->subs->tasklet->calls,
7206 sctx->subs->tasklet->context);
7207 resolve_sym_name(&trash, NULL, sctx->subs->tasklet->process);
7208 chunk_appendf(&trash, ")");
7209 }
7210 chunk_appendf(&trash, " .sent_early=%d", sctx->sent_early_data);
7211 chunk_appendf(&trash, " .early_in=%d", (int)sctx->early_buf.data);
Willy Tarreau4bd5d632021-01-21 08:53:50 +01007212 return ret;
Willy Tarreaude5675a2021-01-20 14:41:29 +01007213}
7214
Willy Tarreaub6fc5242021-01-05 10:44:30 +01007215#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
William Lallemand32af2032016-10-29 18:09:35 +02007216/* This function is used with TLS ticket keys management. It permits to browse
Willy Tarreaub6fc5242021-01-05 10:44:30 +01007217 * each reference. The variable <ref> must point to the current node's list
7218 * element (which starts by the root), and <end> must point to the root node.
William Lallemand32af2032016-10-29 18:09:35 +02007219 */
William Lallemand32af2032016-10-29 18:09:35 +02007220static inline
Willy Tarreaub6fc5242021-01-05 10:44:30 +01007221struct tls_keys_ref *tlskeys_list_get_next(struct list *ref, struct list *end)
William Lallemand32af2032016-10-29 18:09:35 +02007222{
Tim Duesterhus2c7bb332021-01-03 01:29:55 +01007223 /* Get next list entry. */
Willy Tarreaub6fc5242021-01-05 10:44:30 +01007224 ref = ref->n;
William Lallemand32af2032016-10-29 18:09:35 +02007225
Tim Duesterhus2c7bb332021-01-03 01:29:55 +01007226 /* If the entry is the last of the list, return NULL. */
Willy Tarreaub6fc5242021-01-05 10:44:30 +01007227 if (ref == end)
Tim Duesterhus2c7bb332021-01-03 01:29:55 +01007228 return NULL;
William Lallemand32af2032016-10-29 18:09:35 +02007229
Willy Tarreaub6fc5242021-01-05 10:44:30 +01007230 return LIST_ELEM(ref, struct tls_keys_ref *, list);
William Lallemand32af2032016-10-29 18:09:35 +02007231}
7232
7233static inline
7234struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
7235{
7236 int id;
7237 char *error;
7238
7239 /* If the reference starts by a '#', this is numeric id. */
7240 if (reference[0] == '#') {
7241 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
7242 id = strtol(reference + 1, &error, 10);
7243 if (*error != '\0')
7244 return NULL;
7245
7246 /* Perform the unique id lookup. */
7247 return tlskeys_ref_lookupid(id);
7248 }
7249
7250 /* Perform the string lookup. */
7251 return tlskeys_ref_lookup(reference);
7252}
7253#endif
7254
7255
7256#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7257
Willy Tarreaua9380522022-05-05 08:50:17 +02007258/* dumps all tls keys. Relies on the show_keys_ctx context from the appctx. */
Willy Tarreaubd338642022-05-05 08:59:17 +02007259static int cli_io_handler_tlskeys_files(struct appctx *appctx)
7260{
Willy Tarreaua9380522022-05-05 08:50:17 +02007261 struct show_keys_ctx *ctx = appctx->svcctx;
Willy Tarreau4596fe22022-05-17 19:07:51 +02007262 struct stconn *cs = appctx_cs(appctx);
William Lallemand32af2032016-10-29 18:09:35 +02007263
Willy Tarreau9c5a38c2022-05-05 09:03:44 +02007264 switch (ctx->state) {
7265 case SHOW_KEYS_INIT:
William Lallemand32af2032016-10-29 18:09:35 +02007266 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08007267 * quit the function with returning 0. The function is called
Willy Tarreau9c5a38c2022-05-05 09:03:44 +02007268 * later and restart at the state "SHOW_KEYS_INIT".
William Lallemand32af2032016-10-29 18:09:35 +02007269 */
7270 chunk_reset(&trash);
7271
Willy Tarreaubd338642022-05-05 08:59:17 +02007272 if (ctx->dump_entries)
William Lallemand32af2032016-10-29 18:09:35 +02007273 chunk_appendf(&trash, "# id secret\n");
7274 else
7275 chunk_appendf(&trash, "# id (file)\n");
7276
Christopher Faulet908628c2022-03-25 16:43:49 +01007277 if (ci_putchk(cs_ic(cs), &trash) == -1) {
Christopher Fauleta0bdec32022-04-04 07:51:21 +02007278 cs_rx_room_blk(cs);
William Lallemand32af2032016-10-29 18:09:35 +02007279 return 0;
7280 }
7281
William Lallemand32af2032016-10-29 18:09:35 +02007282 /* Now, we start the browsing of the references lists.
7283 * Note that the following call to LIST_ELEM return bad pointer. The only
7284 * available field of this pointer is <list>. It is used with the function
7285 * tlskeys_list_get_next() for retruning the first available entry
7286 */
Willy Tarreaua9380522022-05-05 08:50:17 +02007287 if (ctx->next_ref == NULL)
7288 ctx->next_ref = tlskeys_list_get_next(&tlskeys_reference, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02007289
Willy Tarreau9c5a38c2022-05-05 09:03:44 +02007290 ctx->state = SHOW_KEYS_LIST;
William Lallemand32af2032016-10-29 18:09:35 +02007291 /* fall through */
7292
Willy Tarreau9c5a38c2022-05-05 09:03:44 +02007293 case SHOW_KEYS_LIST:
Willy Tarreaua9380522022-05-05 08:50:17 +02007294 while (ctx->next_ref) {
7295 struct tls_keys_ref *ref = ctx->next_ref;
William Lallemand32af2032016-10-29 18:09:35 +02007296
7297 chunk_reset(&trash);
Willy Tarreaubd338642022-05-05 08:59:17 +02007298 if (ctx->dump_entries && ctx->next_index == 0)
William Lallemand32af2032016-10-29 18:09:35 +02007299 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01007300
Willy Tarreaua9380522022-05-05 08:50:17 +02007301 if (ctx->next_index == 0)
Willy Tarreauf5f26e82016-12-16 18:47:27 +01007302 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
7303
Willy Tarreaubd338642022-05-05 08:59:17 +02007304 if (ctx->dump_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01007305 int head;
7306
7307 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
7308 head = ref->tls_ticket_enc_index;
Willy Tarreaua9380522022-05-05 08:50:17 +02007309 while (ctx->next_index < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02007310 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02007311
7312 chunk_reset(t2);
7313 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01007314 if (ref->key_size_bits == 128) {
Willy Tarreaua9380522022-05-05 08:50:17 +02007315 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + ctx->next_index) % TLS_TICKETS_NO),
Emeric Brun9e754772019-01-10 17:51:55 +01007316 sizeof(struct tls_sess_key_128),
7317 t2->area, t2->size);
Willy Tarreaua9380522022-05-05 08:50:17 +02007318 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, ctx->next_index,
Emeric Brun9e754772019-01-10 17:51:55 +01007319 t2->area);
7320 }
7321 else if (ref->key_size_bits == 256) {
Willy Tarreaua9380522022-05-05 08:50:17 +02007322 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + ctx->next_index) % TLS_TICKETS_NO),
Emeric Brun9e754772019-01-10 17:51:55 +01007323 sizeof(struct tls_sess_key_256),
7324 t2->area, t2->size);
Willy Tarreaua9380522022-05-05 08:50:17 +02007325 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, ctx->next_index,
Emeric Brun9e754772019-01-10 17:51:55 +01007326 t2->area);
7327 }
7328 else {
7329 /* This case should never happen */
Willy Tarreaua9380522022-05-05 08:50:17 +02007330 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, ctx->next_index);
Emeric Brun9e754772019-01-10 17:51:55 +01007331 }
William Lallemand32af2032016-10-29 18:09:35 +02007332
Christopher Faulet908628c2022-03-25 16:43:49 +01007333 if (ci_putchk(cs_ic(cs), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02007334 /* let's try again later from this stream. We add ourselves into
7335 * this stream's users so that it can remove us upon termination.
7336 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01007337 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Christopher Fauleta0bdec32022-04-04 07:51:21 +02007338 cs_rx_room_blk(cs);
William Lallemand32af2032016-10-29 18:09:35 +02007339 return 0;
7340 }
Willy Tarreaua9380522022-05-05 08:50:17 +02007341 ctx->next_index++;
William Lallemand32af2032016-10-29 18:09:35 +02007342 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01007343 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaua9380522022-05-05 08:50:17 +02007344 ctx->next_index = 0;
William Lallemand32af2032016-10-29 18:09:35 +02007345 }
Christopher Faulet908628c2022-03-25 16:43:49 +01007346 if (ci_putchk(cs_ic(cs), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02007347 /* let's try again later from this stream. We add ourselves into
7348 * this stream's users so that it can remove us upon termination.
7349 */
Christopher Fauleta0bdec32022-04-04 07:51:21 +02007350 cs_rx_room_blk(cs);
William Lallemand32af2032016-10-29 18:09:35 +02007351 return 0;
7352 }
7353
Willy Tarreaua9380522022-05-05 08:50:17 +02007354 if (ctx->names_only == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02007355 break;
7356
7357 /* get next list entry and check the end of the list */
Willy Tarreaua9380522022-05-05 08:50:17 +02007358 ctx->next_ref = tlskeys_list_get_next(&ref->list, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02007359 }
Willy Tarreau9c5a38c2022-05-05 09:03:44 +02007360 ctx->state = SHOW_KEYS_DONE;
William Lallemand32af2032016-10-29 18:09:35 +02007361 /* fall through */
7362
7363 default:
William Lallemand32af2032016-10-29 18:09:35 +02007364 return 1;
7365 }
7366 return 0;
7367}
7368
Willy Tarreaua9380522022-05-05 08:50:17 +02007369/* Prepares a "show_keys_ctx" and sets the appropriate io_handler if needed */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02007370static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02007371{
Willy Tarreaua9380522022-05-05 08:50:17 +02007372 struct show_keys_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
7373
William Lallemand32af2032016-10-29 18:09:35 +02007374 /* no parameter, shows only file list */
7375 if (!*args[2]) {
Willy Tarreaua9380522022-05-05 08:50:17 +02007376 ctx->names_only = 1;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01007377 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02007378 }
7379
7380 if (args[2][0] == '*') {
7381 /* list every TLS ticket keys */
Willy Tarreaua9380522022-05-05 08:50:17 +02007382 ctx->names_only = 1;
William Lallemand32af2032016-10-29 18:09:35 +02007383 } else {
Willy Tarreaua9380522022-05-05 08:50:17 +02007384 ctx->next_ref = tlskeys_ref_lookup_ref(args[2]);
7385 if (!ctx->next_ref)
Willy Tarreau9d008692019-08-09 11:21:01 +02007386 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02007387 }
Willy Tarreaubd338642022-05-05 08:59:17 +02007388
7389 ctx->dump_entries = 1;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01007390 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02007391}
7392
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02007393static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02007394{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01007395 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02007396 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01007397
William Lallemand32af2032016-10-29 18:09:35 +02007398 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +02007399 if (!*args[3] || !*args[4])
7400 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +02007401
Willy Tarreauf5f26e82016-12-16 18:47:27 +01007402 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +02007403 if (!ref)
7404 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02007405
Willy Tarreau1c913e42018-08-22 05:26:57 +02007406 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +02007407 if (ret < 0)
7408 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +01007409
Willy Tarreau1c913e42018-08-22 05:26:57 +02007410 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +02007411 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
7412 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +02007413
Willy Tarreau9d008692019-08-09 11:21:01 +02007414 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +02007415}
William Lallemandd4f946c2019-12-05 10:26:40 +01007416#endif
William Lallemand419e6342020-04-08 12:05:39 +02007417
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02007418static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02007419{
7420#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
7421 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02007422 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02007423
7424 if (!payload)
7425 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02007426
7427 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +02007428 if (!*payload)
7429 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02007430
7431 /* remove \r and \n from the payload */
7432 for (i = 0, j = 0; payload[i]; i++) {
7433 if (payload[i] == '\r' || payload[i] == '\n')
7434 continue;
7435 payload[j++] = payload[i];
7436 }
7437 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02007438
Willy Tarreau1c913e42018-08-22 05:26:57 +02007439 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +02007440 if (ret < 0)
7441 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +02007442
Willy Tarreau1c913e42018-08-22 05:26:57 +02007443 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02007444 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +02007445 if (err)
7446 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
7447 else
7448 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +02007449 }
Willy Tarreau9d008692019-08-09 11:21:01 +02007450
7451 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +02007452#else
Willy Tarreau9d008692019-08-09 11:21:01 +02007453 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +02007454#endif
7455
Elliot Otchet71f82972020-01-15 08:12:14 -05007456}
7457
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007458
Remi Tricot-Le Breton3faf0cb2021-06-10 18:10:32 +02007459#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007460static int cli_io_handler_show_ocspresponse_detail(struct appctx *appctx);
7461#endif
7462
Willy Tarreau170b35b2022-05-05 09:09:15 +02007463/* parsing function for 'show ssl ocsp-response [id]'. If an entry is forced,
7464 * it's set into appctx->svcctx.
7465 */
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007466static int cli_parse_show_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
7467{
Remi Tricot-Le Breton3faf0cb2021-06-10 18:10:32 +02007468#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007469 if (*args[3]) {
7470 struct certificate_ocsp *ocsp = NULL;
7471 char *key = NULL;
7472 int key_length = 0;
7473
7474 if (strlen(args[3]) > OCSP_MAX_CERTID_ASN1_LENGTH*2) {
7475 return cli_err(appctx, "'show ssl ocsp-response' received a too big key.\n");
7476 }
7477
7478 if (parse_binary(args[3], &key, &key_length, NULL)) {
7479
7480 char full_key[OCSP_MAX_CERTID_ASN1_LENGTH] = {};
7481 memcpy(full_key, key, key_length);
7482
7483 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, full_key, OCSP_MAX_CERTID_ASN1_LENGTH);
7484 }
7485 if (key)
7486 ha_free(&key);
7487
7488 if (!ocsp) {
7489 return cli_err(appctx, "Certificate ID does not match any certificate.\n");
7490 }
7491
Willy Tarreau170b35b2022-05-05 09:09:15 +02007492 appctx->svcctx = ocsp;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007493 appctx->io_handler = cli_io_handler_show_ocspresponse_detail;
7494 }
7495
7496 return 0;
7497
7498#else
7499 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
7500#endif
7501}
7502
7503
Remi Tricot-Le Breton3faf0cb2021-06-10 18:10:32 +02007504#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007505/*
7506 * This function dumps the details of an OCSP_CERTID. It is based on
7507 * ocsp_certid_print in OpenSSL.
7508 */
7509static inline int ocsp_certid_print(BIO *bp, OCSP_CERTID *certid, int indent)
7510{
7511 ASN1_OCTET_STRING *piNameHash = NULL;
7512 ASN1_OCTET_STRING *piKeyHash = NULL;
7513 ASN1_INTEGER *pSerial = NULL;
7514
7515 if (OCSP_id_get0_info(&piNameHash, NULL, &piKeyHash, &pSerial, certid)) {
7516
7517 BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
7518 indent += 2;
Remi Tricot-Le Bretoncc750ef2021-12-17 18:53:23 +01007519 BIO_printf(bp, "%*sIssuer Name Hash: ", indent, "");
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007520 i2a_ASN1_STRING(bp, piNameHash, 0);
7521 BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
7522 i2a_ASN1_STRING(bp, piKeyHash, 0);
7523 BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
7524 i2a_ASN1_INTEGER(bp, pSerial);
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007525 }
7526 return 1;
7527}
7528#endif
7529
7530/*
7531 * IO handler of "show ssl ocsp-response". The command taking a specific ID
7532 * is managed in cli_io_handler_show_ocspresponse_detail.
Willy Tarreau170b35b2022-05-05 09:09:15 +02007533 * The current entry is taken from appctx->svcctx.
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007534 */
7535static int cli_io_handler_show_ocspresponse(struct appctx *appctx)
7536{
Remi Tricot-Le Breton3faf0cb2021-06-10 18:10:32 +02007537#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007538 struct buffer *trash = alloc_trash_chunk();
7539 struct buffer *tmp = NULL;
7540 struct ebmb_node *node;
Willy Tarreau4596fe22022-05-17 19:07:51 +02007541 struct stconn *cs = appctx_cs(appctx);
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007542 struct certificate_ocsp *ocsp = NULL;
7543 BIO *bio = NULL;
7544 int write = -1;
7545
7546 if (trash == NULL)
7547 return 1;
7548
7549 tmp = alloc_trash_chunk();
7550 if (!tmp)
7551 goto end;
7552
7553 if ((bio = BIO_new(BIO_s_mem())) == NULL)
7554 goto end;
7555
Willy Tarreau170b35b2022-05-05 09:09:15 +02007556 if (!appctx->svcctx) {
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007557 chunk_appendf(trash, "# Certificate IDs\n");
7558 node = ebmb_first(&cert_ocsp_tree);
7559 } else {
Willy Tarreau170b35b2022-05-05 09:09:15 +02007560 node = &((struct certificate_ocsp *)appctx->svcctx)->key;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007561 }
7562
7563 while (node) {
7564 OCSP_CERTID *certid = NULL;
7565 const unsigned char *p = NULL;
7566 int i;
7567
7568 ocsp = ebmb_entry(node, struct certificate_ocsp, key);
7569
7570 /* Dump the key in hexadecimal */
7571 chunk_appendf(trash, "Certificate ID key : ");
7572 for (i = 0; i < ocsp->key_length; ++i) {
7573 chunk_appendf(trash, "%02x", ocsp->key_data[i]);
7574 }
7575 chunk_appendf(trash, "\n");
7576
7577 p = ocsp->key_data;
7578
7579 /* Decode the certificate ID (serialized into the key). */
7580 d2i_OCSP_CERTID(&certid, &p, ocsp->key_length);
Remi Tricot-Le Breton8081b672022-02-16 15:03:51 +01007581 if (!certid)
7582 goto end;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007583
7584 /* Dump the CERTID info */
7585 ocsp_certid_print(bio, certid, 1);
Remi Tricot-Le Breton8081b672022-02-16 15:03:51 +01007586 OCSP_CERTID_free(certid);
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007587 write = BIO_read(bio, tmp->area, tmp->size-1);
Remi Tricot-Le Bretoncc750ef2021-12-17 18:53:23 +01007588 /* strip trailing LFs */
7589 while (write > 0 && tmp->area[write-1] == '\n')
7590 write--;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007591 tmp->area[write] = '\0';
7592
7593 chunk_appendf(trash, "%s\n", tmp->area);
7594
7595 node = ebmb_next(node);
Christopher Faulet908628c2022-03-25 16:43:49 +01007596 if (ci_putchk(cs_ic(cs), trash) == -1) {
Christopher Fauleta0bdec32022-04-04 07:51:21 +02007597 cs_rx_room_blk(cs);
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007598 goto yield;
7599 }
7600 }
7601
7602end:
Willy Tarreau170b35b2022-05-05 09:09:15 +02007603 appctx->svcctx = NULL;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007604 if (trash)
7605 free_trash_chunk(trash);
7606 if (tmp)
7607 free_trash_chunk(tmp);
7608 if (bio)
7609 BIO_free(bio);
7610 return 1;
7611
7612yield:
7613
7614 if (trash)
7615 free_trash_chunk(trash);
7616 if (tmp)
7617 free_trash_chunk(tmp);
7618 if (bio)
7619 BIO_free(bio);
Willy Tarreau170b35b2022-05-05 09:09:15 +02007620 appctx->svcctx = ocsp;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007621 return 0;
7622#else
7623 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
7624#endif
7625}
7626
Remi Tricot-Le Bretonf87c67e2022-04-21 12:06:41 +02007627#ifdef HAVE_SSL_PROVIDERS
7628struct provider_name {
7629 const char *name;
7630 struct list list;
7631};
7632
7633
7634static int ssl_provider_get_name_cb(OSSL_PROVIDER *provider, void *cbdata)
7635{
7636 struct list *provider_names = cbdata;
7637 struct provider_name *item = NULL;
7638 const char *name = OSSL_PROVIDER_get0_name(provider);
7639
7640 if (!provider_names)
7641 return 0;
7642
7643 item = calloc(1, sizeof(*item));
7644
7645 if (!item)
7646 return 0;
7647
7648 item->name = name;
7649 LIST_APPEND(provider_names, &item->list);
7650
7651 return 1;
7652}
7653
7654static void ssl_provider_get_name_list(struct list *provider_names)
7655{
7656 if (!provider_names)
7657 return;
7658
7659 OSSL_PROVIDER_do_all(NULL, ssl_provider_get_name_cb, provider_names);
7660}
7661
7662static void ssl_provider_clear_name_list(struct list *provider_names)
7663{
7664 struct provider_name *item = NULL, *item_s = NULL;
7665
7666 if (provider_names) {
7667 list_for_each_entry_safe(item, item_s, provider_names, list) {
7668 LIST_DELETE(&item->list);
7669 free(item);
7670 }
7671 }
7672}
7673
7674static int cli_io_handler_show_providers(struct appctx *appctx)
7675{
7676 struct buffer *trash = get_trash_chunk();
Willy Tarreau4596fe22022-05-17 19:07:51 +02007677 struct stconn *cs = appctx_cs(appctx);
Remi Tricot-Le Bretonf87c67e2022-04-21 12:06:41 +02007678 struct list provider_names;
7679 struct provider_name *name;
7680
7681 LIST_INIT(&provider_names);
7682
7683 chunk_appendf(trash, "Loaded providers : \n");
7684
7685 ssl_provider_get_name_list(&provider_names);
7686
7687 list_for_each_entry(name, &provider_names, list) {
7688 chunk_appendf(trash, "\t- %s\n", name->name);
7689 }
7690
7691 ssl_provider_clear_name_list(&provider_names);
7692
7693 if (ci_putchk(cs_ic(cs), trash) == -1) {
7694 cs_rx_room_blk(cs);
7695 goto yield;
7696 }
7697
7698 return 1;
7699
7700yield:
7701 return 0;
7702}
7703#endif
7704
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007705
Remi Tricot-Le Breton3faf0cb2021-06-10 18:10:32 +02007706#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007707/*
7708 * Dump the details about an OCSP response in DER format stored in
7709 * <ocsp_response> into buffer <out>.
7710 * Returns 0 in case of success.
7711 */
7712int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
7713{
7714 BIO *bio = NULL;
7715 int write = -1;
7716 OCSP_RESPONSE *resp;
7717 const unsigned char *p;
Remi Tricot-Le Bretona9a591a2022-02-16 14:42:22 +01007718 int retval = -1;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007719
7720 if (!ocsp_response)
7721 return -1;
7722
7723 if ((bio = BIO_new(BIO_s_mem())) == NULL)
7724 return -1;
7725
7726 p = (const unsigned char*)ocsp_response->area;
7727
7728 resp = d2i_OCSP_RESPONSE(NULL, &p, ocsp_response->data);
7729 if (!resp) {
7730 chunk_appendf(out, "Unable to parse OCSP response");
Remi Tricot-Le Breton8081b672022-02-16 15:03:51 +01007731 goto end;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007732 }
7733
7734 if (OCSP_RESPONSE_print(bio, resp, 0) != 0) {
Remi Tricot-Le Breton2e7d1eb2022-01-11 10:11:10 +01007735 struct buffer *trash = get_trash_chunk();
7736 struct ist ist_block = IST_NULL;
7737 struct ist ist_double_lf = IST_NULL;
7738 static struct ist double_lf = IST("\n\n");
7739
7740 write = BIO_read(bio, trash->area, trash->size - 1);
Remi Tricot-Le Breton1b01b7f2022-02-16 15:17:09 +01007741 if (write <= 0)
7742 goto end;
Remi Tricot-Le Breton2e7d1eb2022-01-11 10:11:10 +01007743 trash->data = write;
7744
7745 /* Look for empty lines in the 'trash' buffer and add a space to
7746 * the beginning to avoid having empty lines in the output
7747 * (without changing the appearance of the information
7748 * displayed).
7749 */
7750 ist_block = ist2(b_orig(trash), b_data(trash));
7751
7752 ist_double_lf = istist(ist_block, double_lf);
7753
7754 while (istlen(ist_double_lf)) {
7755 /* istptr(ist_double_lf) points to the first \n of a
7756 * \n\n pattern.
7757 */
7758 uint empty_line_offset = istptr(ist_double_lf) + 1 - istptr(ist_block);
7759
7760 /* Write up to the first '\n' of the "\n\n" pattern into
7761 * the output buffer.
7762 */
7763 b_putblk(out, istptr(ist_block), empty_line_offset);
7764 /* Add an extra space. */
7765 b_putchr(out, ' ');
7766
7767 /* Keep looking for empty lines in the rest of the data. */
7768 ist_block = istadv(ist_block, empty_line_offset);
7769
7770 ist_double_lf = istist(ist_block, double_lf);
7771 }
7772
Remi Tricot-Le Bretona9a591a2022-02-16 14:42:22 +01007773 retval = (b_istput(out, ist_block) <= 0);
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007774 }
7775
Remi Tricot-Le Breton8081b672022-02-16 15:03:51 +01007776end:
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007777 if (bio)
7778 BIO_free(bio);
7779
Remi Tricot-Le Breton8081b672022-02-16 15:03:51 +01007780 OCSP_RESPONSE_free(resp);
7781
Remi Tricot-Le Bretona9a591a2022-02-16 14:42:22 +01007782 return retval;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007783}
7784
7785/*
7786 * Dump the details of the OCSP response of ID <ocsp_certid> into buffer <out>.
7787 * Returns 0 in case of success.
7788 */
7789int ssl_get_ocspresponse_detail(unsigned char *ocsp_certid, struct buffer *out)
7790{
7791 struct certificate_ocsp *ocsp;
7792
7793 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, ocsp_certid, OCSP_MAX_CERTID_ASN1_LENGTH);
7794 if (!ocsp)
7795 return -1;
7796
7797 return ssl_ocsp_response_print(&ocsp->response, out);
7798}
7799
7800
Willy Tarreau170b35b2022-05-05 09:09:15 +02007801/* IO handler of details "show ssl ocsp-response <id>".
7802 * The current entry is taken from appctx->svcctx.
7803 */
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007804static int cli_io_handler_show_ocspresponse_detail(struct appctx *appctx)
7805{
7806 struct buffer *trash = alloc_trash_chunk();
Willy Tarreau170b35b2022-05-05 09:09:15 +02007807 struct certificate_ocsp *ocsp = appctx->svcctx;
Willy Tarreau4596fe22022-05-17 19:07:51 +02007808 struct stconn *cs = appctx_cs(appctx);
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007809
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007810 if (trash == NULL)
7811 return 1;
7812
Remi Tricot-Le Bretona9a591a2022-02-16 14:42:22 +01007813 if (ssl_ocsp_response_print(&ocsp->response, trash)) {
7814 free_trash_chunk(trash);
7815 return 1;
7816 }
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007817
Christopher Faulet908628c2022-03-25 16:43:49 +01007818 if (ci_putchk(cs_ic(cs), trash) == -1) {
Christopher Fauleta0bdec32022-04-04 07:51:21 +02007819 cs_rx_room_blk(cs);
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007820 goto yield;
7821 }
Willy Tarreau170b35b2022-05-05 09:09:15 +02007822
7823 appctx->svcctx = NULL;
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007824 if (trash)
7825 free_trash_chunk(trash);
7826 return 1;
7827
7828yield:
7829 if (trash)
7830 free_trash_chunk(trash);
7831
7832 return 0;
7833}
7834#endif
7835
William Lallemand32af2032016-10-29 18:09:35 +02007836/* register cli keywords */
7837static struct cli_kw_list cli_kws = {{ },{
7838#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Willy Tarreaubd338642022-05-05 08:59:17 +02007839 { { "show", "tls-keys", NULL }, "show tls-keys [id|*] : show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, cli_io_handler_tlskeys_files },
Willy Tarreaub205bfd2021-05-07 11:38:37 +02007840 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|file] <key> : set the next TLS key for the <id> or <file> listener to <key>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02007841#endif
Willy Tarreaub205bfd2021-05-07 11:38:37 +02007842 { { "set", "ssl", "ocsp-response", NULL }, "set ssl ocsp-response <resp|payload> : update a certificate's OCSP Response from a base64-encode DER", cli_parse_set_ocspresponse, NULL },
Remi Tricot-Le Bretond92fd112021-06-10 13:51:13 +02007843
7844 { { "show", "ssl", "ocsp-response", NULL },"show ssl ocsp-response [id] : display the IDs of the OCSP responses used in memory, or the details of a single OCSP response", cli_parse_show_ocspresponse, cli_io_handler_show_ocspresponse, NULL },
Remi Tricot-Le Bretonf87c67e2022-04-21 12:06:41 +02007845#ifdef HAVE_SSL_PROVIDERS
7846 { { "show", "ssl", "providers", NULL }, "show ssl providers : show loaded SSL providers", NULL, cli_io_handler_show_providers },
7847#endif
William Lallemand32af2032016-10-29 18:09:35 +02007848 { { NULL }, NULL, NULL, NULL }
7849}};
7850
Willy Tarreau0108d902018-11-25 19:14:37 +01007851INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02007852
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02007853/* transport-layer operations for SSL sockets */
William Lallemanddad31052020-05-14 17:47:32 +02007854struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02007855 .snd_buf = ssl_sock_from_buf,
7856 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01007857 .subscribe = ssl_subscribe,
7858 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +02007859 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +02007860 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +02007861 .rcv_pipe = NULL,
7862 .snd_pipe = NULL,
7863 .shutr = NULL,
7864 .shutw = ssl_sock_shutw,
7865 .close = ssl_sock_close,
7866 .init = ssl_sock_init,
Olivier Houchardbc5ce922021-03-05 23:47:00 +01007867 .start = ssl_sock_start,
Willy Tarreau55d37912016-12-21 23:38:39 +01007868 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01007869 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01007870 .prepare_srv = ssl_sock_prepare_srv_ctx,
7871 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007872 .get_alpn = ssl_sock_get_alpn,
Olivier Houcharda74bb7e2020-07-03 14:01:21 +02007873 .takeover = ssl_takeover,
Willy Tarreau41491682021-03-02 17:29:56 +01007874 .set_idle = ssl_set_idle,
7875 .set_used = ssl_set_used,
Willy Tarreaude827952022-04-11 10:43:28 +02007876 .get_ssl_sock_ctx = ssl_sock_get_ctx,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01007877 .name = "SSL",
Willy Tarreaude5675a2021-01-20 14:41:29 +01007878 .show_fd = ssl_sock_show_fd,
Emeric Brun46591952012-05-18 15:47:34 +02007879};
7880
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007881enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
7882 struct session *sess, struct stream *s, int flags)
7883{
7884 struct connection *conn;
Willy Tarreau4596fe22022-05-17 19:07:51 +02007885 struct stconn *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007886
7887 conn = objt_conn(sess->origin);
Christopher Faulet95a61e82021-12-22 14:22:03 +01007888 cs = s->csf;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007889
Olivier Houchard6fa63d92017-11-27 18:41:32 +01007890 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007891 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Willy Tarreaub605c422022-05-17 17:04:55 +02007892 sc_ep_set(cs, SE_FL_WAIT_FOR_HS);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007893 s->req.flags |= CF_READ_NULL;
7894 return ACT_RET_YIELD;
7895 }
7896 }
7897 return (ACT_RET_CONT);
7898}
7899
7900static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
7901{
7902 rule->action_ptr = ssl_action_wait_for_hs;
7903
7904 return ACT_RET_PRS_OK;
7905}
7906
7907static struct action_kw_list http_req_actions = {ILH, {
7908 { "wait-for-handshake", ssl_parse_wait_for_hs },
7909 { /* END */ }
7910}};
7911
Willy Tarreau0108d902018-11-25 19:14:37 +01007912INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
7913
Ilya Shipitsinf00cdb12021-02-06 18:59:22 +05007914#ifdef HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01007915
7916static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
7917{
7918 if (ptr) {
7919 chunk_destroy(ptr);
7920 free(ptr);
7921 }
7922}
7923
7924#endif
William Lallemand76b4a122020-08-04 17:41:39 +02007925
7926#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
7927static void ssl_sock_ocsp_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
7928{
7929 struct ocsp_cbk_arg *ocsp_arg;
7930
7931 if (ptr) {
7932 ocsp_arg = ptr;
7933
7934 if (ocsp_arg->is_single) {
7935 ssl_sock_free_ocsp(ocsp_arg->s_ocsp);
7936 ocsp_arg->s_ocsp = NULL;
7937 } else {
7938 int i;
7939
7940 for (i = 0; i < SSL_SOCK_NUM_KEYTYPES; i++) {
7941 ssl_sock_free_ocsp(ocsp_arg->m_ocsp[i]);
7942 ocsp_arg->m_ocsp[i] = NULL;
7943 }
7944 }
7945 free(ocsp_arg);
7946 }
7947}
7948#endif
7949
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007950static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
7951{
Willy Tarreaubafbe012017-11-24 17:34:44 +01007952 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007953}
William Lallemand7d42ef52020-07-06 11:41:30 +02007954
William Lallemand722180a2021-06-09 16:46:12 +02007955#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +02007956static void ssl_sock_keylog_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
7957{
7958 struct ssl_keylog *keylog;
7959
7960 if (!ptr)
7961 return;
7962
7963 keylog = ptr;
7964
7965 pool_free(pool_head_ssl_keylog_str, keylog->client_random);
7966 pool_free(pool_head_ssl_keylog_str, keylog->client_early_traffic_secret);
7967 pool_free(pool_head_ssl_keylog_str, keylog->client_handshake_traffic_secret);
7968 pool_free(pool_head_ssl_keylog_str, keylog->server_handshake_traffic_secret);
7969 pool_free(pool_head_ssl_keylog_str, keylog->client_traffic_secret_0);
7970 pool_free(pool_head_ssl_keylog_str, keylog->server_traffic_secret_0);
7971 pool_free(pool_head_ssl_keylog_str, keylog->exporter_secret);
7972 pool_free(pool_head_ssl_keylog_str, keylog->early_exporter_secret);
7973
7974 pool_free(pool_head_ssl_keylog, ptr);
7975}
7976#endif
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01007977
Remi Tricot-Le Breton74f6ab62021-08-19 18:06:30 +02007978static void ssl_sock_clt_crt_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
7979{
7980 if (!ptr)
7981 return;
7982
7983 X509_free((X509*)ptr);
7984}
7985
Remi Tricot-Le Bretona9967632022-01-07 17:12:01 +01007986static void ssl_sock_clt_sni_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
7987{
7988 pool_free(ssl_sock_client_sni_pool, ptr);
7989}
7990
Willy Tarreau92faadf2012-10-10 23:04:25 +02007991static void __ssl_sock_init(void)
7992{
Ilya Shipitsin0590f442019-05-25 19:30:50 +05007993#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02007994 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05007995 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +05007996#endif
Emeric Brun46591952012-05-18 15:47:34 +02007997
Willy Tarreauef934602016-12-22 23:12:01 +01007998 if (global_ssl.listen_default_ciphers)
7999 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
8000 if (global_ssl.connect_default_ciphers)
8001 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Ilya Shipitsinf34ed0b2020-11-21 14:37:34 +05008002#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008003 if (global_ssl.listen_default_ciphersuites)
8004 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8005 if (global_ssl.connect_default_ciphersuites)
8006 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8007#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01008008
Willy Tarreau13e14102016-12-22 20:25:26 +01008009 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008010#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02008011 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08008012#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +05008013#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02008014 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05008015 n = sk_SSL_COMP_num(cm);
8016 while (n--) {
8017 (void) sk_SSL_COMP_pop(cm);
8018 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +05008019#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05008020
Willy Tarreau5db847a2019-05-09 14:13:35 +02008021#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +02008022 ssl_locking_init();
8023#endif
Ilya Shipitsinf00cdb12021-02-06 18:59:22 +05008024#ifdef HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008025 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
8026#endif
William Lallemand76b4a122020-08-04 17:41:39 +02008027
8028#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
8029 ocsp_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_ocsp_free_func);
8030#endif
8031
Thierry FOURNIER28962c92018-06-17 21:37:05 +02008032 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02008033 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Amaury Denoyelle9320dd52022-01-19 10:03:30 +01008034#ifdef USE_QUIC
8035 ssl_qc_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
8036#endif /* USE_QUIC */
William Lallemand722180a2021-06-09 16:46:12 +02008037#ifdef HAVE_SSL_KEYLOG
William Lallemand7d42ef52020-07-06 11:41:30 +02008038 ssl_keylog_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_keylog_free_func);
8039#endif
Remi Tricot-Le Breton74f6ab62021-08-19 18:06:30 +02008040 ssl_client_crt_ref_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_clt_crt_free_func);
Remi Tricot-Le Bretona9967632022-01-07 17:12:01 +01008041 ssl_client_sni_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_clt_sni_free_func);
William Lallemandd7bfbe22022-04-11 18:41:24 +02008042#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE)
Grant Zhang872f9c22017-01-21 01:10:18 +00008043 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008044 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008045#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01008046#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8047 hap_register_post_check(tlskeys_finalize_config);
8048#endif
Willy Tarreau80713382018-11-26 10:19:54 +01008049
8050 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
8051 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
8052
Emmanuel Hocdet70df7bf2019-01-04 11:08:20 +01008053 hap_register_post_deinit(ssl_free_global_issuers);
8054
Willy Tarreau80713382018-11-26 10:19:54 +01008055#ifndef OPENSSL_NO_DH
8056 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
8057 hap_register_post_deinit(ssl_free_dh);
8058#endif
William Lallemandd7bfbe22022-04-11 18:41:24 +02008059#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE)
Willy Tarreau80713382018-11-26 10:19:54 +01008060 hap_register_post_deinit(ssl_free_engines);
8061#endif
Remi Tricot-Le Breton1746a382022-05-16 16:24:33 +02008062#ifdef HAVE_SSL_PROVIDERS
8063 hap_register_post_deinit(ssl_unload_providers);
8064#endif
Remi Tricot-Le Breton78a36e32022-02-11 12:04:45 +01008065#if HA_OPENSSL_VERSION_NUMBER < 0x3000000fL
Willy Tarreau80713382018-11-26 10:19:54 +01008066 /* Load SSL string for the verbose & debug mode. */
8067 ERR_load_SSL_strings();
Remi Tricot-Le Breton78a36e32022-02-11 12:04:45 +01008068#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +02008069 ha_meth = BIO_meth_new(0x666, "ha methods");
8070 BIO_meth_set_write(ha_meth, ha_ssl_write);
8071 BIO_meth_set_read(ha_meth, ha_ssl_read);
8072 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
8073 BIO_meth_set_create(ha_meth, ha_ssl_new);
8074 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
8075 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
8076 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
William Lallemand150bfa82019-09-19 17:12:49 +02008077
8078 HA_SPIN_INIT(&ckch_lock);
Dragan Dosen1e7ed042020-05-08 18:30:00 +02008079
Dragan Dosen9ac98092020-05-11 15:51:45 +02008080 /* Try to register dedicated SSL/TLS protocol message callbacks for
8081 * heartbleed attack (CVE-2014-0160) and clienthello.
8082 */
8083 hap_register_post_check(ssl_sock_register_msg_callbacks);
8084
Dragan Dosen1e7ed042020-05-08 18:30:00 +02008085 /* Try to free all callbacks that were registered by using
8086 * ssl_sock_register_msg_callback().
8087 */
8088 hap_register_post_deinit(ssl_sock_unregister_msg_callbacks);
Willy Tarreau80713382018-11-26 10:19:54 +01008089}
Willy Tarreau79367f92022-04-25 19:18:24 +02008090INITCALL0(STG_REGISTER, __ssl_sock_init);
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008091
Willy Tarreau80713382018-11-26 10:19:54 +01008092/* Compute and register the version string */
8093static void ssl_register_build_options()
8094{
8095 char *ptr = NULL;
8096 int i;
8097
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008098 memprintf(&ptr, "Built with OpenSSL version : "
8099#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008100 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008101#else /* OPENSSL_IS_BORINGSSL */
8102 OPENSSL_VERSION_TEXT
8103 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -08008104 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +02008105 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008106#endif
8107 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008108#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008109 "no (library version too old)"
8110#elif defined(OPENSSL_NO_TLSEXT)
8111 "no (disabled via OPENSSL_NO_TLSEXT)"
8112#else
8113 "yes"
8114#endif
8115 "", ptr);
8116
8117 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
8118#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
8119 "yes"
8120#else
8121#ifdef OPENSSL_NO_TLSEXT
8122 "no (because of OPENSSL_NO_TLSEXT)"
8123#else
8124 "no (version might be too old, 0.9.8f min needed)"
8125#endif
8126#endif
8127 "", ptr);
8128
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008129 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
8130 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8131 if (methodVersions[i].option)
8132 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008133
Remi Tricot-Le Bretonf87c67e2022-04-21 12:06:41 +02008134#ifdef HAVE_SSL_PROVIDERS
8135 {
8136 struct list provider_names;
8137 struct provider_name *name;
8138 LIST_INIT(&provider_names);
8139 ssl_provider_get_name_list(&provider_names);
8140
8141 memprintf(&ptr, "%s\nOpenSSL providers loaded :", ptr);
8142
8143 list_for_each_entry(name, &provider_names, list) {
8144 memprintf(&ptr, "%s %s", ptr, name->name);
8145 }
8146
8147 ssl_provider_clear_name_list(&provider_names);
8148 }
8149#endif
8150
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008151 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +01008152}
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008153
Willy Tarreau80713382018-11-26 10:19:54 +01008154INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +02008155
William Lallemandd7bfbe22022-04-11 18:41:24 +02008156#if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE)
Grant Zhang872f9c22017-01-21 01:10:18 +00008157void ssl_free_engines(void) {
8158 struct ssl_engine_list *wl, *wlb;
8159 /* free up engine list */
8160 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
8161 ENGINE_finish(wl->e);
8162 ENGINE_free(wl->e);
Willy Tarreau2b718102021-04-21 07:32:39 +02008163 LIST_DELETE(&wl->list);
Grant Zhang872f9c22017-01-21 01:10:18 +00008164 free(wl);
8165 }
8166}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008167#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02008168
Remi Tricot-Le Breton1746a382022-05-16 16:24:33 +02008169#ifdef HAVE_SSL_PROVIDERS
8170void ssl_unload_providers(void) {
8171 struct ssl_provider_list *prov, *provb;
8172 list_for_each_entry_safe(prov, provb, &openssl_providers, list) {
8173 OSSL_PROVIDER_unload(prov->provider);
8174 LIST_DELETE(&prov->list);
8175 free(prov);
8176 }
8177}
8178#endif
8179
Remi Gacogned3a23c32015-05-28 16:39:47 +02008180#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00008181void ssl_free_dh(void) {
8182 if (local_dh_1024) {
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01008183 HASSL_DH_free(local_dh_1024);
Grant Zhang872f9c22017-01-21 01:10:18 +00008184 local_dh_1024 = NULL;
8185 }
8186 if (local_dh_2048) {
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01008187 HASSL_DH_free(local_dh_2048);
Grant Zhang872f9c22017-01-21 01:10:18 +00008188 local_dh_2048 = NULL;
8189 }
8190 if (local_dh_4096) {
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01008191 HASSL_DH_free(local_dh_4096);
Grant Zhang872f9c22017-01-21 01:10:18 +00008192 local_dh_4096 = NULL;
8193 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02008194 if (global_dh) {
Remi Tricot-Le Bretonc76c3c42022-02-11 12:04:55 +01008195 HASSL_DH_free(global_dh);
Remi Gacogne47783ef2015-05-29 15:53:22 +02008196 global_dh = NULL;
8197 }
Grant Zhang872f9c22017-01-21 01:10:18 +00008198}
8199#endif
8200
Grant Zhang872f9c22017-01-21 01:10:18 +00008201static void __ssl_sock_deinit(void)
8202{
8203#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02008204 if (ssl_ctx_lru_tree) {
8205 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01008206 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008207 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02008208#endif
8209
Willy Tarreau5db847a2019-05-09 14:13:35 +02008210#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +02008211 ERR_remove_state(0);
8212 ERR_free_strings();
8213
8214 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -08008215#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +02008216
Willy Tarreau5db847a2019-05-09 14:13:35 +02008217#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +02008218 CRYPTO_cleanup_all_ex_data();
8219#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +02008220 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +02008221}
Willy Tarreau79367f92022-04-25 19:18:24 +02008222REGISTER_POST_DEINIT(__ssl_sock_deinit);
Remi Gacogned3a23c32015-05-28 16:39:47 +02008223
William Dauchyf6370442020-11-14 19:25:33 +01008224
Emeric Brun46591952012-05-18 15:47:34 +02008225/*
8226 * Local variables:
8227 * c-indent-level: 8
8228 * c-basic-offset: 8
8229 * End:
8230 */