blob: 5930c25a8f2fad82950208427ecb3717e67ae7db [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
William Lallemand150bfa82019-09-19 17:12:49 +0200356__decl_hathreads(HA_SPINLOCK_T ckch_lock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200357
William Lallemandbc6ca7c2019-10-29 23:48:19 +0100358/* Uncommitted CKCH transaction */
359
360static struct {
361 struct ckch_store *new_ckchs;
362 struct ckch_store *old_ckchs;
363 char *path;
364} ckchs_transaction;
365
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200366/*
Emmanuel Hocdetb270e812019-11-21 19:09:31 +0100367 * deduplicate cafile (and crlfile)
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200368 */
369struct cafile_entry {
370 X509_STORE *ca_store;
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200371 STACK_OF(X509_NAME) *ca_list;
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200372 struct ebmb_node node;
373 char path[0];
374};
375
376static struct eb_root cafile_tree = EB_ROOT_UNIQUE;
377
378static X509_STORE* ssl_store_get0_locations_file(char *path)
379{
380 struct ebmb_node *eb;
381
382 eb = ebst_lookup(&cafile_tree, path);
383 if (eb) {
384 struct cafile_entry *ca_e;
385 ca_e = ebmb_entry(eb, struct cafile_entry, node);
386 return ca_e->ca_store;
387 }
388 return NULL;
389}
390
391static int ssl_store_load_locations_file(char *path)
392{
393 if (ssl_store_get0_locations_file(path) == NULL) {
394 struct cafile_entry *ca_e;
395 X509_STORE *store = X509_STORE_new();
396 if (X509_STORE_load_locations(store, path, NULL)) {
397 int pathlen;
398 pathlen = strlen(path);
399 ca_e = calloc(1, sizeof(*ca_e) + pathlen + 1);
400 if (ca_e) {
401 memcpy(ca_e->path, path, pathlen + 1);
402 ca_e->ca_store = store;
403 ebst_insert(&cafile_tree, &ca_e->node);
404 return 1;
405 }
406 }
407 X509_STORE_free(store);
408 return 0;
409 }
410 return 1;
411}
412
413/* mimic what X509_STORE_load_locations do with store_ctx */
414static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
415{
416 X509_STORE *store;
417 store = ssl_store_get0_locations_file(path);
418 if (store_ctx && store) {
419 int i;
420 X509_OBJECT *obj;
421 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
422 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
423 obj = sk_X509_OBJECT_value(objs, i);
424 switch (X509_OBJECT_get_type(obj)) {
425 case X509_LU_X509:
426 X509_STORE_add_cert(store_ctx, X509_OBJECT_get0_X509(obj));
427 break;
428 case X509_LU_CRL:
429 X509_STORE_add_crl(store_ctx, X509_OBJECT_get0_X509_CRL(obj));
430 break;
431 default:
432 break;
433 }
434 }
435 return 1;
436 }
437 return 0;
438}
439
440/* SSL_CTX_load_verify_locations substitute, internaly call X509_STORE_load_locations */
441static int ssl_set_verify_locations_file(SSL_CTX *ctx, char *path)
442{
443 X509_STORE *store_ctx = SSL_CTX_get_cert_store(ctx);
444 return ssl_set_cert_crl_file(store_ctx, path);
445}
446
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200447/*
448 Extract CA_list from CA_file already in tree.
449 Duplicate ca_name is tracking with ebtree. It's simplify openssl compatibility.
450 Return a shared ca_list: SSL_dup_CA_list must be used before set it on SSL_CTX.
451*/
452static STACK_OF(X509_NAME)* ssl_get_client_ca_file(char *path)
453{
454 struct ebmb_node *eb;
455 struct cafile_entry *ca_e;
456
457 eb = ebst_lookup(&cafile_tree, path);
458 if (!eb)
459 return NULL;
460 ca_e = ebmb_entry(eb, struct cafile_entry, node);
461
462 if (ca_e->ca_list == NULL) {
463 int i;
464 unsigned long key;
465 struct eb_root ca_name_tree = EB_ROOT;
466 struct eb64_node *node, *back;
467 struct {
468 struct eb64_node node;
469 X509_NAME *xname;
470 } *ca_name;
471 STACK_OF(X509_OBJECT) *objs;
472 STACK_OF(X509_NAME) *skn;
473 X509 *x;
474 X509_NAME *xn;
475
476 skn = sk_X509_NAME_new_null();
477 /* take x509 from cafile_tree */
478 objs = X509_STORE_get0_objects(ca_e->ca_store);
479 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
480 x = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
481 if (!x)
482 continue;
483 xn = X509_get_subject_name(x);
484 if (!xn)
485 continue;
486 /* Check for duplicates. */
487 key = X509_NAME_hash(xn);
488 for (node = eb64_lookup(&ca_name_tree, key), ca_name = NULL;
489 node && ca_name == NULL;
490 node = eb64_next(node)) {
491 ca_name = container_of(node, typeof(*ca_name), node);
492 if (X509_NAME_cmp(xn, ca_name->xname) != 0)
493 ca_name = NULL;
494 }
495 /* find a duplicate */
496 if (ca_name)
497 continue;
498 ca_name = calloc(1, sizeof *ca_name);
499 xn = X509_NAME_dup(xn);
500 if (!ca_name ||
501 !xn ||
502 !sk_X509_NAME_push(skn, xn)) {
503 free(ca_name);
504 X509_NAME_free(xn);
505 sk_X509_NAME_pop_free(skn, X509_NAME_free);
506 sk_X509_NAME_free(skn);
507 skn = NULL;
508 break;
509 }
510 ca_name->node.key = key;
511 ca_name->xname = xn;
512 eb64_insert(&ca_name_tree, &ca_name->node);
513 }
514 ca_e->ca_list = skn;
515 /* remove temporary ca_name tree */
516 node = eb64_first(&ca_name_tree);
517 while (node) {
518 ca_name = container_of(node, typeof(*ca_name), node);
519 back = eb64_next(node);
520 eb64_delete(node);
521 free(ca_name);
522 node = back;
523 }
524 }
525 return ca_e->ca_list;
526}
527
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100528/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100529struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100530 unsigned long long int xxh64;
531 unsigned char ciphersuite_len;
532 char ciphersuite[0];
533};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100534struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100535static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200536static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100537
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200538#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
539struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
540#endif
541
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200542#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000543static unsigned int openssl_engines_initialized;
544struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
545struct ssl_engine_list {
546 struct list list;
547 ENGINE *e;
548};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200549#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000550
Remi Gacogne8de54152014-07-15 11:36:40 +0200551#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200552static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200553static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200554static DH *local_dh_1024 = NULL;
555static DH *local_dh_2048 = NULL;
556static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100557static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200558#endif /* OPENSSL_NO_DH */
559
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100560#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200561/* X509V3 Extensions that will be added on generated certificates */
562#define X509V3_EXT_SIZE 5
563static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
564 "basicConstraints",
565 "nsComment",
566 "subjectKeyIdentifier",
567 "authorityKeyIdentifier",
568 "keyUsage",
569};
570static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
571 "CA:FALSE",
572 "\"OpenSSL Generated Certificate\"",
573 "hash",
574 "keyid,issuer:always",
575 "nonRepudiation,digitalSignature,keyEncipherment"
576};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200577/* LRU cache to store generated certificate */
578static struct lru64_head *ssl_ctx_lru_tree = NULL;
579static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200580static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100581__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200582
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200583#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
584
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100585static struct ssl_bind_kw ssl_bind_kws[];
586
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200587#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500588/* The order here matters for picking a default context,
589 * keep the most common keytype at the bottom of the list
590 */
591const char *SSL_SOCK_KEYTYPE_NAMES[] = {
592 "dsa",
593 "ecdsa",
594 "rsa"
595};
596#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100597#else
598#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500599#endif
600
William Lallemandc3cd35f2017-11-28 11:04:43 +0100601static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100602static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
603
604#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
605
606#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
607 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
608
609#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
610 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200611
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100612/*
613 * This function gives the detail of the SSL error. It is used only
614 * if the debug mode and the verbose mode are activated. It dump all
615 * the SSL error until the stack was empty.
616 */
617static forceinline void ssl_sock_dump_errors(struct connection *conn)
618{
619 unsigned long ret;
620
621 if (unlikely(global.mode & MODE_DEBUG)) {
622 while(1) {
623 ret = ERR_get_error();
624 if (ret == 0)
625 return;
626 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200627 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100628 ERR_func_error_string(ret), ERR_reason_error_string(ret));
629 }
630 }
631}
632
yanbzhube2774d2015-12-10 15:07:30 -0500633
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200634#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000635static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
636{
637 int err_code = ERR_ABORT;
638 ENGINE *engine;
639 struct ssl_engine_list *el;
640
641 /* grab the structural reference to the engine */
642 engine = ENGINE_by_id(engine_id);
643 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100644 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000645 goto fail_get;
646 }
647
648 if (!ENGINE_init(engine)) {
649 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100650 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000651 goto fail_init;
652 }
653
654 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100655 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000656 goto fail_set_method;
657 }
658
659 el = calloc(1, sizeof(*el));
660 el->e = engine;
661 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100662 nb_engines++;
663 if (global_ssl.async)
664 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000665 return 0;
666
667fail_set_method:
668 /* release the functional reference from ENGINE_init() */
669 ENGINE_finish(engine);
670
671fail_init:
672 /* release the structural reference from ENGINE_by_id() */
673 ENGINE_free(engine);
674
675fail_get:
676 return err_code;
677}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200678#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000679
Willy Tarreau5db847a2019-05-09 14:13:35 +0200680#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200681/*
682 * openssl async fd handler
683 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200684void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000685{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200686 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000687
Emeric Brun3854e012017-05-17 20:42:48 +0200688 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000689 * to poll this fd until it is requested
690 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000691 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000692 fd_cant_recv(fd);
693
694 /* crypto engine is available, let's notify the associated
695 * connection that it can pursue its processing.
696 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200697 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000698}
699
Emeric Brun3854e012017-05-17 20:42:48 +0200700/*
701 * openssl async delayed SSL_free handler
702 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200703void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000704{
705 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200706 OSSL_ASYNC_FD all_fd[32];
707 size_t num_all_fds = 0;
708 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000709
Emeric Brun3854e012017-05-17 20:42:48 +0200710 /* We suppose that the async job for a same SSL *
711 * are serialized. So if we are awake it is
712 * because the running job has just finished
713 * and we can remove all async fds safely
714 */
715 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
716 if (num_all_fds > 32) {
717 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
718 return;
719 }
720
721 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
722 for (i=0 ; i < num_all_fds ; i++)
723 fd_remove(all_fd[i]);
724
725 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000726 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100727 _HA_ATOMIC_SUB(&sslconns, 1);
728 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000729}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000730/*
Emeric Brun3854e012017-05-17 20:42:48 +0200731 * function used to manage a returned SSL_ERROR_WANT_ASYNC
732 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000733 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200734static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000735{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100736 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200737 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200738 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000739 size_t num_add_fds = 0;
740 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200741 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000742
743 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
744 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200745 if (num_add_fds > 32 || num_del_fds > 32) {
746 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000747 return;
748 }
749
Emeric Brun3854e012017-05-17 20:42:48 +0200750 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000751
Emeric Brun3854e012017-05-17 20:42:48 +0200752 /* We remove unused fds from the fdtab */
753 for (i=0 ; i < num_del_fds ; i++)
754 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000755
Emeric Brun3854e012017-05-17 20:42:48 +0200756 /* We add new fds to the fdtab */
757 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200758 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000759 }
760
Emeric Brun3854e012017-05-17 20:42:48 +0200761 num_add_fds = 0;
762 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
763 if (num_add_fds > 32) {
764 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
765 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000766 }
Emeric Brun3854e012017-05-17 20:42:48 +0200767
768 /* We activate the polling for all known async fds */
769 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000770 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200771 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000772 /* To ensure that the fd cache won't be used
773 * We'll prefer to catch a real RD event
774 * because handling an EAGAIN on this fd will
775 * result in a context switch and also
776 * some engines uses a fd in blocking mode.
777 */
778 fd_cant_recv(add_fd[i]);
779 }
Emeric Brun3854e012017-05-17 20:42:48 +0200780
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000781}
782#endif
783
William Lallemand104a7a62019-10-14 14:14:59 +0200784#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200785/*
786 * This function returns the number of seconds elapsed
787 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
788 * date presented un ASN1_GENERALIZEDTIME.
789 *
790 * In parsing error case, it returns -1.
791 */
792static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
793{
794 long epoch;
795 char *p, *end;
796 const unsigned short month_offset[12] = {
797 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
798 };
799 int year, month;
800
801 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
802
803 p = (char *)d->data;
804 end = p + d->length;
805
806 if (end - p < 4) return -1;
807 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
808 p += 4;
809 if (end - p < 2) return -1;
810 month = 10 * (p[0] - '0') + p[1] - '0';
811 if (month < 1 || month > 12) return -1;
812 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
813 We consider leap years and the current month (<marsh or not) */
814 epoch = ( ((year - 1970) * 365)
815 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
816 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
817 + month_offset[month-1]
818 ) * 24 * 60 * 60;
819 p += 2;
820 if (end - p < 2) return -1;
821 /* Add the number of seconds of completed days of current month */
822 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
823 p += 2;
824 if (end - p < 2) return -1;
825 /* Add the completed hours of the current day */
826 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
827 p += 2;
828 if (end - p < 2) return -1;
829 /* Add the completed minutes of the current hour */
830 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
831 p += 2;
832 if (p == end) return -1;
833 /* Test if there is available seconds */
834 if (p[0] < '0' || p[0] > '9')
835 goto nosec;
836 if (end - p < 2) return -1;
837 /* Add the seconds of the current minute */
838 epoch += 10 * (p[0] - '0') + p[1] - '0';
839 p += 2;
840 if (p == end) return -1;
841 /* Ignore seconds float part if present */
842 if (p[0] == '.') {
843 do {
844 if (++p == end) return -1;
845 } while (p[0] >= '0' && p[0] <= '9');
846 }
847
848nosec:
849 if (p[0] == 'Z') {
850 if (end - p != 1) return -1;
851 return epoch;
852 }
853 else if (p[0] == '+') {
854 if (end - p != 5) return -1;
855 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700856 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200857 }
858 else if (p[0] == '-') {
859 if (end - p != 5) return -1;
860 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700861 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200862 }
863
864 return -1;
865}
866
William Lallemand104a7a62019-10-14 14:14:59 +0200867/*
868 * struct alignment works here such that the key.key is the same as key_data
869 * Do not change the placement of key_data
870 */
871struct certificate_ocsp {
872 struct ebmb_node key;
873 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
874 struct buffer response;
875 long expire;
876};
877
878struct ocsp_cbk_arg {
879 int is_single;
880 int single_kt;
881 union {
882 struct certificate_ocsp *s_ocsp;
883 /*
884 * m_ocsp will have multiple entries dependent on key type
885 * Entry 0 - DSA
886 * Entry 1 - ECDSA
887 * Entry 2 - RSA
888 */
889 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
890 };
891};
892
Emeric Brun1d3865b2014-06-20 15:37:32 +0200893static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894
895/* This function starts to check if the OCSP response (in DER format) contained
896 * in chunk 'ocsp_response' is valid (else exits on error).
897 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
898 * contained in the OCSP Response and exits on error if no match.
899 * If it's a valid OCSP Response:
900 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
901 * pointed by 'ocsp'.
902 * If 'ocsp' is NULL, the function looks up into the OCSP response's
903 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
904 * from the response) and exits on error if not found. Finally, If an OCSP response is
905 * already present in the container, it will be overwritten.
906 *
907 * Note: OCSP response containing more than one OCSP Single response is not
908 * considered valid.
909 *
910 * Returns 0 on success, 1 in error case.
911 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200912static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
913 struct certificate_ocsp *ocsp,
914 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200915{
916 OCSP_RESPONSE *resp;
917 OCSP_BASICRESP *bs = NULL;
918 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200919 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200920 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200921 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200922 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200923 int reason;
924 int ret = 1;
925
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200926 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
927 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200928 if (!resp) {
929 memprintf(err, "Unable to parse OCSP response");
930 goto out;
931 }
932
933 rc = OCSP_response_status(resp);
934 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
935 memprintf(err, "OCSP response status not successful");
936 goto out;
937 }
938
939 bs = OCSP_response_get1_basic(resp);
940 if (!bs) {
941 memprintf(err, "Failed to get basic response from OCSP Response");
942 goto out;
943 }
944
945 count_sr = OCSP_resp_count(bs);
946 if (count_sr > 1) {
947 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
948 goto out;
949 }
950
951 sr = OCSP_resp_get0(bs, 0);
952 if (!sr) {
953 memprintf(err, "Failed to get OCSP single response");
954 goto out;
955 }
956
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200957 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
958
Emeric Brun4147b2e2014-06-16 18:36:30 +0200959 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200960 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200961 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200962 goto out;
963 }
964
Emeric Brun13a6b482014-06-20 15:44:34 +0200965 if (!nextupd) {
966 memprintf(err, "OCSP single response: missing nextupdate");
967 goto out;
968 }
969
Emeric Brunc8b27b62014-06-19 14:16:17 +0200970 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200971 if (!rc) {
972 memprintf(err, "OCSP single response: no longer valid.");
973 goto out;
974 }
975
976 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200977 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200978 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
979 goto out;
980 }
981 }
982
983 if (!ocsp) {
984 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
985 unsigned char *p;
986
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200987 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200988 if (!rc) {
989 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
990 goto out;
991 }
992
993 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
994 memprintf(err, "OCSP single response: Certificate ID too long");
995 goto out;
996 }
997
998 p = key;
999 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001000 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001001 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
1002 if (!ocsp) {
1003 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
1004 goto out;
1005 }
1006 }
1007
1008 /* According to comments on "chunk_dup", the
1009 previous chunk buffer will be freed */
1010 if (!chunk_dup(&ocsp->response, ocsp_response)) {
1011 memprintf(err, "OCSP response: Memory allocation error");
1012 goto out;
1013 }
1014
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001015 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
1016
Emeric Brun4147b2e2014-06-16 18:36:30 +02001017 ret = 0;
1018out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +01001019 ERR_clear_error();
1020
Emeric Brun4147b2e2014-06-16 18:36:30 +02001021 if (bs)
1022 OCSP_BASICRESP_free(bs);
1023
1024 if (resp)
1025 OCSP_RESPONSE_free(resp);
1026
1027 return ret;
1028}
1029/*
1030 * External function use to update the OCSP response in the OCSP response's
1031 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
1032 * to update in DER format.
1033 *
1034 * Returns 0 on success, 1 in error case.
1035 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001036int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001037{
1038 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
1039}
1040
William Lallemand4a660132019-10-14 14:51:41 +02001041#endif
1042
1043#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001044/*
1045 * This function load the OCSP Resonse in DER format contained in file at
William Lallemand3b5f3602019-10-16 18:05:05 +02001046 * path 'ocsp_path' or base64 in a buffer <buf>
Emeric Brun4147b2e2014-06-16 18:36:30 +02001047 *
1048 * Returns 0 on success, 1 in error case.
1049 */
William Lallemand3b5f3602019-10-16 18:05:05 +02001050static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001051{
1052 int fd = -1;
1053 int r = 0;
1054 int ret = 1;
William Lallemand3b5f3602019-10-16 18:05:05 +02001055 struct buffer *ocsp_response;
1056 struct buffer *src = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001057
William Lallemand3b5f3602019-10-16 18:05:05 +02001058 if (buf) {
1059 int i, j;
1060 /* if it's from a buffer it will be base64 */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001061
William Lallemand3b5f3602019-10-16 18:05:05 +02001062 /* remove \r and \n from the payload */
1063 for (i = 0, j = 0; buf[i]; i++) {
1064 if (buf[i] == '\r' || buf[i] == '\n')
Emeric Brun4147b2e2014-06-16 18:36:30 +02001065 continue;
William Lallemand3b5f3602019-10-16 18:05:05 +02001066 buf[j++] = buf[i];
1067 }
1068 buf[j] = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001069
William Lallemand3b5f3602019-10-16 18:05:05 +02001070 ret = base64dec(buf, j, trash.area, trash.size);
1071 if (ret < 0) {
1072 memprintf(err, "Error reading OCSP response in base64 format");
Emeric Brun4147b2e2014-06-16 18:36:30 +02001073 goto end;
1074 }
William Lallemand3b5f3602019-10-16 18:05:05 +02001075 trash.data = ret;
1076 src = &trash;
1077 } else {
1078 fd = open(ocsp_path, O_RDONLY);
1079 if (fd == -1) {
1080 memprintf(err, "Error opening OCSP response file");
1081 goto end;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001082 }
William Lallemand3b5f3602019-10-16 18:05:05 +02001083
1084 trash.data = 0;
1085 while (trash.data < trash.size) {
1086 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1087 if (r < 0) {
1088 if (errno == EINTR)
1089 continue;
1090
1091 memprintf(err, "Error reading OCSP response from file");
1092 goto end;
1093 }
1094 else if (r == 0) {
1095 break;
1096 }
1097 trash.data += r;
1098 }
1099 close(fd);
1100 fd = -1;
1101 src = &trash;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001102 }
1103
William Lallemand3b5f3602019-10-16 18:05:05 +02001104 ocsp_response = calloc(1, sizeof(*ocsp_response));
1105 if (!chunk_dup(ocsp_response, src)) {
1106 free(ocsp_response);
1107 ocsp_response = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001108 goto end;
1109 }
1110
William Lallemand3b5f3602019-10-16 18:05:05 +02001111 ckch->ocsp_response = ocsp_response;
William Lallemande0f48ae2019-10-15 13:44:57 +02001112 ret = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001113end:
1114 if (fd != -1)
1115 close(fd);
1116
1117 return ret;
1118}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001119#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +02001120
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001121#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
1122static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
1123{
Christopher Faulet16f45c82018-02-16 11:23:49 +01001124 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +01001125 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001126 struct connection *conn;
1127 int head;
1128 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001129 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001130
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001131 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +02001132 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001133 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1134
1135 keys = ref->tlskeys;
1136 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001137
1138 if (enc) {
1139 memcpy(key_name, keys[head].name, 16);
1140
1141 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +01001142 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001143
Emeric Brun9e754772019-01-10 17:51:55 +01001144 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001145
Emeric Brun9e754772019-01-10 17:51:55 +01001146 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
1147 goto end;
1148
Willy Tarreau9356dac2019-05-10 09:22:53 +02001149 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001150 ret = 1;
1151 }
1152 else if (ref->key_size_bits == 256 ) {
1153
1154 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
1155 goto end;
1156
Willy Tarreau9356dac2019-05-10 09:22:53 +02001157 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001158 ret = 1;
1159 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001160 } else {
1161 for (i = 0; i < TLS_TICKETS_NO; i++) {
1162 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
1163 goto found;
1164 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01001165 ret = 0;
1166 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001167
Christopher Faulet16f45c82018-02-16 11:23:49 +01001168 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001169 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001170 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001171 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1172 goto end;
1173 /* 2 for key renewal, 1 if current key is still valid */
1174 ret = i ? 2 : 1;
1175 }
1176 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001177 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001178 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1179 goto end;
1180 /* 2 for key renewal, 1 if current key is still valid */
1181 ret = i ? 2 : 1;
1182 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001183 }
Emeric Brun9e754772019-01-10 17:51:55 +01001184
Christopher Faulet16f45c82018-02-16 11:23:49 +01001185 end:
1186 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1187 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001188}
1189
1190struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1191{
1192 struct tls_keys_ref *ref;
1193
1194 list_for_each_entry(ref, &tlskeys_reference, list)
1195 if (ref->filename && strcmp(filename, ref->filename) == 0)
1196 return ref;
1197 return NULL;
1198}
1199
1200struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1201{
1202 struct tls_keys_ref *ref;
1203
1204 list_for_each_entry(ref, &tlskeys_reference, list)
1205 if (ref->unique_id == unique_id)
1206 return ref;
1207 return NULL;
1208}
1209
Emeric Brun9e754772019-01-10 17:51:55 +01001210/* Update the key into ref: if keysize doesnt
1211 * match existing ones, this function returns -1
1212 * else it returns 0 on success.
1213 */
1214int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001215 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001216{
Emeric Brun9e754772019-01-10 17:51:55 +01001217 if (ref->key_size_bits == 128) {
1218 if (tlskey->data != sizeof(struct tls_sess_key_128))
1219 return -1;
1220 }
1221 else if (ref->key_size_bits == 256) {
1222 if (tlskey->data != sizeof(struct tls_sess_key_256))
1223 return -1;
1224 }
1225 else
1226 return -1;
1227
Christopher Faulet16f45c82018-02-16 11:23:49 +01001228 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001229 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1230 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001231 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1232 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001233
1234 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001235}
1236
Willy Tarreau83061a82018-07-13 11:56:34 +02001237int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001238{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001239 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1240
1241 if(!ref) {
1242 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1243 return 1;
1244 }
Emeric Brun9e754772019-01-10 17:51:55 +01001245 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1246 memprintf(err, "Invalid key size");
1247 return 1;
1248 }
1249
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001250 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001251}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001252
1253/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001254 * automatic ids. It's called just after the basic checks. It returns
1255 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001256 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001257static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001258{
1259 int i = 0;
1260 struct tls_keys_ref *ref, *ref2, *ref3;
1261 struct list tkr = LIST_HEAD_INIT(tkr);
1262
1263 list_for_each_entry(ref, &tlskeys_reference, list) {
1264 if (ref->unique_id == -1) {
1265 /* Look for the first free id. */
1266 while (1) {
1267 list_for_each_entry(ref2, &tlskeys_reference, list) {
1268 if (ref2->unique_id == i) {
1269 i++;
1270 break;
1271 }
1272 }
1273 if (&ref2->list == &tlskeys_reference)
1274 break;
1275 }
1276
1277 /* Uses the unique id and increment it for the next entry. */
1278 ref->unique_id = i;
1279 i++;
1280 }
1281 }
1282
1283 /* This sort the reference list by id. */
1284 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1285 LIST_DEL(&ref->list);
1286 list_for_each_entry(ref3, &tkr, list) {
1287 if (ref->unique_id < ref3->unique_id) {
1288 LIST_ADDQ(&ref3->list, &ref->list);
1289 break;
1290 }
1291 }
1292 if (&ref3->list == &tkr)
1293 LIST_ADDQ(&tkr, &ref->list);
1294 }
1295
1296 /* swap root */
1297 LIST_ADD(&tkr, &tlskeys_reference);
1298 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001299 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001300}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001301#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1302
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001303#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001304int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1305{
1306 switch (evp_keytype) {
1307 case EVP_PKEY_RSA:
1308 return 2;
1309 case EVP_PKEY_DSA:
1310 return 0;
1311 case EVP_PKEY_EC:
1312 return 1;
1313 }
1314
1315 return -1;
1316}
1317
Emeric Brun4147b2e2014-06-16 18:36:30 +02001318/*
1319 * Callback used to set OCSP status extension content in server hello.
1320 */
1321int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1322{
yanbzhube2774d2015-12-10 15:07:30 -05001323 struct certificate_ocsp *ocsp;
1324 struct ocsp_cbk_arg *ocsp_arg;
1325 char *ssl_buf;
1326 EVP_PKEY *ssl_pkey;
1327 int key_type;
1328 int index;
1329
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001330 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001331
1332 ssl_pkey = SSL_get_privatekey(ssl);
1333 if (!ssl_pkey)
1334 return SSL_TLSEXT_ERR_NOACK;
1335
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001336 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001337
1338 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1339 ocsp = ocsp_arg->s_ocsp;
1340 else {
1341 /* For multiple certs per context, we have to find the correct OCSP response based on
1342 * the certificate type
1343 */
1344 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1345
1346 if (index < 0)
1347 return SSL_TLSEXT_ERR_NOACK;
1348
1349 ocsp = ocsp_arg->m_ocsp[index];
1350
1351 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001352
1353 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001354 !ocsp->response.area ||
1355 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001356 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001357 return SSL_TLSEXT_ERR_NOACK;
1358
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001359 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001360 if (!ssl_buf)
1361 return SSL_TLSEXT_ERR_NOACK;
1362
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001363 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1364 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001365
1366 return SSL_TLSEXT_ERR_OK;
1367}
1368
William Lallemand4a660132019-10-14 14:51:41 +02001369#endif
1370
1371#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001372/*
1373 * This function enables the handling of OCSP status extension on 'ctx' if a
William Lallemand246c0242019-10-11 08:59:13 +02001374 * ocsp_response buffer was found in the cert_key_and_chain. To enable OCSP
1375 * status extension, the issuer's certificate is mandatory. It should be
1376 * present in ckch->ocsp_issuer.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001377 *
William Lallemand246c0242019-10-11 08:59:13 +02001378 * In addition, the ckch->ocsp_reponse buffer is loaded as a DER format of an
1379 * OCSP response. If file is empty or content is not a valid OCSP response,
1380 * OCSP status extension is enabled but OCSP response is ignored (a warning is
1381 * displayed).
Emeric Brun4147b2e2014-06-16 18:36:30 +02001382 *
1383 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001384 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001385 */
William Lallemand4a660132019-10-14 14:51:41 +02001386#ifndef OPENSSL_IS_BORINGSSL
William Lallemand246c0242019-10-11 08:59:13 +02001387static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001388{
William Lallemand246c0242019-10-11 08:59:13 +02001389 X509 *x = NULL, *issuer = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001390 OCSP_CERTID *cid = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001391 int i, ret = -1;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001392 struct certificate_ocsp *ocsp = NULL, *iocsp;
1393 char *warn = NULL;
1394 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001395 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001396
Emeric Brun4147b2e2014-06-16 18:36:30 +02001397
William Lallemand246c0242019-10-11 08:59:13 +02001398 x = ckch->cert;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001399 if (!x)
1400 goto out;
1401
William Lallemand246c0242019-10-11 08:59:13 +02001402 issuer = ckch->ocsp_issuer;
1403 if (!issuer)
1404 goto out;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001405
1406 cid = OCSP_cert_to_id(0, x, issuer);
1407 if (!cid)
1408 goto out;
1409
1410 i = i2d_OCSP_CERTID(cid, NULL);
1411 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1412 goto out;
1413
Vincent Bernat02779b62016-04-03 13:48:43 +02001414 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001415 if (!ocsp)
1416 goto out;
1417
1418 p = ocsp->key_data;
1419 i2d_OCSP_CERTID(cid, &p);
1420
1421 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1422 if (iocsp == ocsp)
1423 ocsp = NULL;
1424
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001425#ifndef SSL_CTX_get_tlsext_status_cb
1426# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1427 *cb = (void (*) (void))ctx->tlsext_status_cb;
1428#endif
1429 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1430
1431 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001432 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001433 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001434
1435 cb_arg->is_single = 1;
1436 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001437
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001438 pkey = X509_get_pubkey(x);
1439 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1440 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001441
1442 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1443 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1444 } else {
1445 /*
1446 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1447 * Update that cb_arg with the new cert's staple
1448 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001449 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001450 struct certificate_ocsp *tmp_ocsp;
1451 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001452 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001453 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001454
1455#ifdef SSL_CTX_get_tlsext_status_arg
1456 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1457#else
1458 cb_arg = ctx->tlsext_status_arg;
1459#endif
yanbzhube2774d2015-12-10 15:07:30 -05001460
1461 /*
1462 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1463 * the order of operations below matter, take care when changing it
1464 */
1465 tmp_ocsp = cb_arg->s_ocsp;
1466 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1467 cb_arg->s_ocsp = NULL;
1468 cb_arg->m_ocsp[index] = tmp_ocsp;
1469 cb_arg->is_single = 0;
1470 cb_arg->single_kt = 0;
1471
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001472 pkey = X509_get_pubkey(x);
1473 key_type = EVP_PKEY_base_id(pkey);
1474 EVP_PKEY_free(pkey);
1475
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001476 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001477 if (index >= 0 && !cb_arg->m_ocsp[index])
1478 cb_arg->m_ocsp[index] = iocsp;
1479
1480 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001481
1482 ret = 0;
1483
1484 warn = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001485 if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
William Lallemand3b5f3602019-10-16 18:05:05 +02001486 memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001487 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001488 }
1489
1490out:
Emeric Brun4147b2e2014-06-16 18:36:30 +02001491 if (cid)
1492 OCSP_CERTID_free(cid);
1493
1494 if (ocsp)
1495 free(ocsp);
1496
1497 if (warn)
1498 free(warn);
1499
Emeric Brun4147b2e2014-06-16 18:36:30 +02001500 return ret;
1501}
William Lallemand4a660132019-10-14 14:51:41 +02001502#else /* OPENSSL_IS_BORINGSSL */
1503static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001504{
William Lallemand4a660132019-10-14 14:51:41 +02001505 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)ckch->ocsp_response->area, ckch->ocsp_response->data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001506}
1507#endif
1508
William Lallemand4a660132019-10-14 14:51:41 +02001509#endif
1510
1511
Willy Tarreau5db847a2019-05-09 14:13:35 +02001512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001513
1514#define CT_EXTENSION_TYPE 18
1515
1516static int sctl_ex_index = -1;
1517
1518/*
1519 * Try to parse Signed Certificate Timestamp List structure. This function
1520 * makes only basic test if the data seems like SCTL. No signature validation
1521 * is performed.
1522 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001523static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001524{
1525 int ret = 1;
1526 int len, pos, sct_len;
1527 unsigned char *data;
1528
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001529 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001530 goto out;
1531
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001532 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001533 len = (data[0] << 8) | data[1];
1534
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001535 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001536 goto out;
1537
1538 data = data + 2;
1539 pos = 0;
1540 while (pos < len) {
1541 if (len - pos < 2)
1542 goto out;
1543
1544 sct_len = (data[pos] << 8) | data[pos + 1];
1545 if (pos + sct_len + 2 > len)
1546 goto out;
1547
1548 pos += sct_len + 2;
1549 }
1550
1551 ret = 0;
1552
1553out:
1554 return ret;
1555}
1556
William Lallemand0dfae6c2019-10-16 18:06:58 +02001557/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
1558 * It fills the ckch->sctl buffer
1559 * return 0 on success or != 0 on failure */
1560static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001561{
1562 int fd = -1;
1563 int r = 0;
1564 int ret = 1;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001565 struct buffer tmp;
1566 struct buffer *src;
1567 struct buffer *sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001568
William Lallemand0dfae6c2019-10-16 18:06:58 +02001569 if (buf) {
1570 tmp.area = buf;
1571 tmp.data = strlen(buf);
1572 tmp.size = tmp.data + 1;
1573 src = &tmp;
1574 } else {
1575 fd = open(sctl_path, O_RDONLY);
1576 if (fd == -1)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001577 goto end;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001578
1579 trash.data = 0;
1580 while (trash.data < trash.size) {
1581 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1582 if (r < 0) {
1583 if (errno == EINTR)
1584 continue;
1585 goto end;
1586 }
1587 else if (r == 0) {
1588 break;
1589 }
1590 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001591 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001592 src = &trash;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001593 }
1594
William Lallemand0dfae6c2019-10-16 18:06:58 +02001595 ret = ssl_sock_parse_sctl(src);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001596 if (ret)
1597 goto end;
1598
William Lallemand0dfae6c2019-10-16 18:06:58 +02001599 sctl = calloc(1, sizeof(*sctl));
1600 if (!chunk_dup(sctl, src)) {
1601 free(sctl);
1602 sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001603 goto end;
1604 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001605 ret = 0;
1606 /* TODO: free the previous SCTL in the ckch */
1607 ckch->sctl = sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001608
1609end:
1610 if (fd != -1)
1611 close(fd);
1612
1613 return ret;
1614}
1615
1616int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1617{
Willy Tarreau83061a82018-07-13 11:56:34 +02001618 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001619
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001620 *out = (unsigned char *) sctl->area;
1621 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001622
1623 return 1;
1624}
1625
1626int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1627{
1628 return 1;
1629}
1630
William Lallemanda17f4112019-10-10 15:16:44 +02001631static int ssl_sock_load_sctl(SSL_CTX *ctx, struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001632{
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001633 int ret = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001634
William Lallemanda17f4112019-10-10 15:16:44 +02001635 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL))
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001636 goto out;
1637
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001638 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1639
1640 ret = 0;
1641
1642out:
1643 return ret;
1644}
1645
1646#endif
1647
Emeric Brune1f38db2012-09-03 20:36:47 +02001648void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1649{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001650 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001651 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001652 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001653 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001654
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001655#ifndef SSL_OP_NO_RENEGOTIATION
1656 /* Please note that BoringSSL defines this macro to zero so don't
1657 * change this to #if and do not assign a default value to this macro!
1658 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001659 if (where & SSL_CB_HANDSHAKE_START) {
1660 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001661 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001662 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001663 conn->err_code = CO_ER_SSL_RENEG;
1664 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001665 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001666#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001667
1668 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001669 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001670 /* Long certificate chains optimz
1671 If write and read bios are differents, we
1672 consider that the buffering was activated,
1673 so we rise the output buffer size from 4k
1674 to 16k */
1675 write_bio = SSL_get_wbio(ssl);
1676 if (write_bio != SSL_get_rbio(ssl)) {
1677 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001678 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001679 }
1680 }
1681 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001682}
1683
Emeric Brune64aef12012-09-21 13:15:06 +02001684/* Callback is called for each certificate of the chain during a verify
1685 ok is set to 1 if preverify detect no error on current certificate.
1686 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001687int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001688{
1689 SSL *ssl;
1690 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001691 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001692 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001693
1694 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001695 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001696
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001697 ctx = conn->xprt_ctx;
1698
1699 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001700
Emeric Brun81c00f02012-09-21 14:31:21 +02001701 if (ok) /* no errors */
1702 return ok;
1703
1704 depth = X509_STORE_CTX_get_error_depth(x_store);
1705 err = X509_STORE_CTX_get_error(x_store);
1706
1707 /* check if CA error needs to be ignored */
1708 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001709 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1710 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1711 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001712 }
1713
Willy Tarreau07d94e42018-09-20 10:57:52 +02001714 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001715 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001716 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001717 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001718 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001719
Willy Tarreau20879a02012-12-03 16:32:10 +01001720 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001721 return 0;
1722 }
1723
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001724 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1725 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001726
Emeric Brun81c00f02012-09-21 14:31:21 +02001727 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001728 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001729 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001730 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001731 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001732 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001733
Willy Tarreau20879a02012-12-03 16:32:10 +01001734 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001735 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001736}
1737
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001738static inline
1739void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001740 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001741{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001742 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001743 unsigned char *msg;
1744 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001745 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001746
1747 /* This function is called for "from client" and "to server"
1748 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001749 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001750 */
1751
1752 /* "write_p" is set to 0 is the bytes are received messages,
1753 * otherwise it is set to 1.
1754 */
1755 if (write_p != 0)
1756 return;
1757
1758 /* content_type contains the type of message received or sent
1759 * according with the SSL/TLS protocol spec. This message is
1760 * encoded with one byte. The value 256 (two bytes) is used
1761 * for designing the SSL/TLS record layer. According with the
1762 * rfc6101, the expected message (other than 256) are:
1763 * - change_cipher_spec(20)
1764 * - alert(21)
1765 * - handshake(22)
1766 * - application_data(23)
1767 * - (255)
1768 * We are interessed by the handshake and specially the client
1769 * hello.
1770 */
1771 if (content_type != 22)
1772 return;
1773
1774 /* The message length is at least 4 bytes, containing the
1775 * message type and the message length.
1776 */
1777 if (len < 4)
1778 return;
1779
1780 /* First byte of the handshake message id the type of
1781 * message. The konwn types are:
1782 * - hello_request(0)
1783 * - client_hello(1)
1784 * - server_hello(2)
1785 * - certificate(11)
1786 * - server_key_exchange (12)
1787 * - certificate_request(13)
1788 * - server_hello_done(14)
1789 * We are interested by the client hello.
1790 */
1791 msg = (unsigned char *)buf;
1792 if (msg[0] != 1)
1793 return;
1794
1795 /* Next three bytes are the length of the message. The total length
1796 * must be this decoded length + 4. If the length given as argument
1797 * is not the same, we abort the protocol dissector.
1798 */
1799 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1800 if (len < rec_len + 4)
1801 return;
1802 msg += 4;
1803 end = msg + rec_len;
1804 if (end < msg)
1805 return;
1806
1807 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1808 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001809 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1810 */
1811 msg += 1 + 1 + 4 + 28;
1812 if (msg > end)
1813 return;
1814
1815 /* Next, is session id:
1816 * if present, we have to jump by length + 1 for the size information
1817 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001818 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001819 if (msg[0] > 0)
1820 msg += msg[0];
1821 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001822 if (msg > end)
1823 return;
1824
1825 /* Next two bytes are the ciphersuite length. */
1826 if (msg + 2 > end)
1827 return;
1828 rec_len = (msg[0] << 8) + msg[1];
1829 msg += 2;
1830 if (msg + rec_len > end || msg + rec_len < msg)
1831 return;
1832
Willy Tarreaubafbe012017-11-24 17:34:44 +01001833 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001834 if (!capture)
1835 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001836 /* Compute the xxh64 of the ciphersuite. */
1837 capture->xxh64 = XXH64(msg, rec_len, 0);
1838
1839 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001840 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1841 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001842 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001843
1844 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001845}
1846
Emeric Brun29f037d2014-04-25 19:05:36 +02001847/* Callback is called for ssl protocol analyse */
1848void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1849{
Emeric Brun29f037d2014-04-25 19:05:36 +02001850#ifdef TLS1_RT_HEARTBEAT
1851 /* test heartbeat received (write_p is set to 0
1852 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001853 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001854 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001855 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001856 const unsigned char *p = buf;
1857 unsigned int payload;
1858
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001859 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001860
1861 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1862 if (*p != TLS1_HB_REQUEST)
1863 return;
1864
Willy Tarreauaeed6722014-04-25 23:59:58 +02001865 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001866 goto kill_it;
1867
1868 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001869 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001870 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001871 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001872 /* We have a clear heartbleed attack (CVE-2014-0160), the
1873 * advertised payload is larger than the advertised packet
1874 * length, so we have garbage in the buffer between the
1875 * payload and the end of the buffer (p+len). We can't know
1876 * if the SSL stack is patched, and we don't know if we can
1877 * safely wipe out the area between p+3+len and payload.
1878 * So instead, we prevent the response from being sent by
1879 * setting the max_send_fragment to 0 and we report an SSL
1880 * error, which will kill this connection. It will be reported
1881 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001882 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1883 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001884 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001885 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1886 return;
1887 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001888#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001889 if (global_ssl.capture_cipherlist > 0)
1890 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001891}
1892
Bernard Spil13c53f82018-02-15 13:34:58 +01001893#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001894static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1895 const unsigned char *in, unsigned int inlen,
1896 void *arg)
1897{
1898 struct server *srv = arg;
1899
1900 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1901 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1902 return SSL_TLSEXT_ERR_OK;
1903 return SSL_TLSEXT_ERR_NOACK;
1904}
1905#endif
1906
1907#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001908/* This callback is used so that the server advertises the list of
1909 * negociable protocols for NPN.
1910 */
1911static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1912 unsigned int *len, void *arg)
1913{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001914 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001915
1916 *data = (const unsigned char *)conf->npn_str;
1917 *len = conf->npn_len;
1918 return SSL_TLSEXT_ERR_OK;
1919}
1920#endif
1921
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001922#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001923/* This callback is used so that the server advertises the list of
1924 * negociable protocols for ALPN.
1925 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001926static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1927 unsigned char *outlen,
1928 const unsigned char *server,
1929 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001930{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001931 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001932
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001933 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1934 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1935 return SSL_TLSEXT_ERR_NOACK;
1936 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001937 return SSL_TLSEXT_ERR_OK;
1938}
1939#endif
1940
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001941#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001942#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001943
Christopher Faulet30548802015-06-11 13:39:32 +02001944/* Create a X509 certificate with the specified servername and serial. This
1945 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001946static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001947ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001948{
Christopher Faulet7969a332015-10-09 11:15:03 +02001949 X509 *cacert = bind_conf->ca_sign_cert;
1950 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001951 SSL_CTX *ssl_ctx = NULL;
1952 X509 *newcrt = NULL;
1953 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001954 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001955 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001956 X509_NAME *name;
1957 const EVP_MD *digest;
1958 X509V3_CTX ctx;
1959 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001960 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001961
Christopher Faulet48a83322017-07-28 16:56:09 +02001962 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001963#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001964 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1965#else
1966 tmp_ssl = SSL_new(bind_conf->default_ctx);
1967 if (tmp_ssl)
1968 pkey = SSL_get_privatekey(tmp_ssl);
1969#endif
1970 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 goto mkcert_error;
1972
1973 /* Create the certificate */
1974 if (!(newcrt = X509_new()))
1975 goto mkcert_error;
1976
1977 /* Set version number for the certificate (X509v3) and the serial
1978 * number */
1979 if (X509_set_version(newcrt, 2L) != 1)
1980 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001981 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001982
1983 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001984 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1985 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001986 goto mkcert_error;
1987
1988 /* set public key in the certificate */
1989 if (X509_set_pubkey(newcrt, pkey) != 1)
1990 goto mkcert_error;
1991
1992 /* Set issuer name from the CA */
1993 if (!(name = X509_get_subject_name(cacert)))
1994 goto mkcert_error;
1995 if (X509_set_issuer_name(newcrt, name) != 1)
1996 goto mkcert_error;
1997
1998 /* Set the subject name using the same, but the CN */
1999 name = X509_NAME_dup(name);
2000 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
2001 (const unsigned char *)servername,
2002 -1, -1, 0) != 1) {
2003 X509_NAME_free(name);
2004 goto mkcert_error;
2005 }
2006 if (X509_set_subject_name(newcrt, name) != 1) {
2007 X509_NAME_free(name);
2008 goto mkcert_error;
2009 }
2010 X509_NAME_free(name);
2011
2012 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002013 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002014 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
2015 for (i = 0; i < X509V3_EXT_SIZE; i++) {
2016 X509_EXTENSION *ext;
2017
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002018 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02002019 goto mkcert_error;
2020 if (!X509_add_ext(newcrt, ext, -1)) {
2021 X509_EXTENSION_free(ext);
2022 goto mkcert_error;
2023 }
2024 X509_EXTENSION_free(ext);
2025 }
2026
2027 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002028
2029 key_type = EVP_PKEY_base_id(capkey);
2030
2031 if (key_type == EVP_PKEY_DSA)
2032 digest = EVP_sha1();
2033 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002034 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002035 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02002036 digest = EVP_sha256();
2037 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002038#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02002039 int nid;
2040
2041 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
2042 goto mkcert_error;
2043 if (!(digest = EVP_get_digestbynid(nid)))
2044 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02002045#else
2046 goto mkcert_error;
2047#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02002048 }
2049
Christopher Faulet31af49d2015-06-09 17:29:50 +02002050 if (!(X509_sign(newcrt, capkey, digest)))
2051 goto mkcert_error;
2052
2053 /* Create and set the new SSL_CTX */
2054 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
2055 goto mkcert_error;
2056 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
2057 goto mkcert_error;
2058 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
2059 goto mkcert_error;
2060 if (!SSL_CTX_check_private_key(ssl_ctx))
2061 goto mkcert_error;
2062
2063 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02002064
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002065#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002066 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002067#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002068#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
2069 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002070 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002071 EC_KEY *ecc;
2072 int nid;
2073
2074 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
2075 goto end;
2076 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
2077 goto end;
2078 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
2079 EC_KEY_free(ecc);
2080 }
2081#endif
2082 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02002083 return ssl_ctx;
2084
2085 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002086 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02002087 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002088 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
2089 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002090 return NULL;
2091}
2092
Christopher Faulet7969a332015-10-09 11:15:03 +02002093SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002094ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02002095{
Willy Tarreau07d94e42018-09-20 10:57:52 +02002096 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01002097 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002098
Olivier Houchard66ab4982019-02-26 18:37:15 +01002099 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02002100}
2101
Christopher Faulet30548802015-06-11 13:39:32 +02002102/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02002103 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02002104SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02002105ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02002106{
2107 struct lru64 *lru = NULL;
2108
2109 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002110 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002111 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002112 if (lru && lru->domain) {
2113 if (ssl)
2114 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002115 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002116 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002117 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002118 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002119 }
2120 return NULL;
2121}
2122
Emeric Brun821bb9b2017-06-15 16:37:39 +02002123/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2124 * function is not thread-safe, it should only be used to check if a certificate
2125 * exists in the lru cache (with no warranty it will not be removed by another
2126 * thread). It is kept for backward compatibility. */
2127SSL_CTX *
2128ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2129{
2130 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2131}
2132
Christopher Fauletd2cab922015-07-28 16:03:47 +02002133/* Set a certificate int the LRU cache used to store generated
2134 * certificate. Return 0 on success, otherwise -1 */
2135int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002136ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002137{
2138 struct lru64 *lru = NULL;
2139
2140 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002141 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002142 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002143 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002144 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002145 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002146 }
Christopher Faulet30548802015-06-11 13:39:32 +02002147 if (lru->domain && lru->data)
2148 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002149 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002150 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002151 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002152 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002153 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002154}
2155
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002156/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002157unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002158ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002159{
2160 return XXH32(data, len, ssl_ctx_lru_seed);
2161}
2162
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002163/* Generate a cert and immediately assign it to the SSL session so that the cert's
2164 * refcount is maintained regardless of the cert's presence in the LRU cache.
2165 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002166static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002167ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002168{
2169 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002170 SSL_CTX *ssl_ctx = NULL;
2171 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002172 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002173
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002174 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002175 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002176 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002177 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002178 if (lru && lru->domain)
2179 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002180 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002181 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002182 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002183 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002184 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002185 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002186 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002187 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002188 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002189 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002190 SSL_set_SSL_CTX(ssl, ssl_ctx);
2191 /* No LRU cache, this CTX will be released as soon as the session dies */
2192 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002193 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002194 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002195 return 0;
2196}
2197static int
2198ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2199{
2200 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002201 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002202
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002203 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002204 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002205 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002206 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002207 }
2208 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002209}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002210#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002211
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002212#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002213typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2214
2215static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002216{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002217#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002218 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002219 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2220#endif
2221}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002222static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2223 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002224 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2225}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002226static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002227#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002228 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002229 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2230#endif
2231}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002232static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002233#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002234 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002235 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2236#endif
2237}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002238/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002239static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2240/* Unusable in this context. */
2241static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2242static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2243static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2244static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2245static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002246#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002247typedef enum { SET_MIN, SET_MAX } set_context_func;
2248
2249static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2250 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002251 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2252}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002253static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2254 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2255 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2256}
2257static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2258 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002259 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2260}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002261static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2262 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2263 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2264}
2265static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2266 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002267 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2268}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002269static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2270 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2271 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2272}
2273static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2274 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002275 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2276}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002277static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2278 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2279 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2280}
2281static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002282#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002283 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002284 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2285#endif
2286}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002287static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2288#if SSL_OP_NO_TLSv1_3
2289 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2290 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002291#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002292}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002293#endif
2294static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2295static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002296
2297static struct {
2298 int option;
2299 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002300 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2301 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002302 const char *name;
2303} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002304 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2305 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2306 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2307 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2308 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2309 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002310};
2311
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002312static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2313{
2314 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2315 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2316 SSL_set_SSL_CTX(ssl, ctx);
2317}
2318
Willy Tarreau5db847a2019-05-09 14:13:35 +02002319#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002320
2321static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2322{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002323 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002326 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2327 return SSL_TLSEXT_ERR_OK;
2328 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002329}
2330
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002331#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002332static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2333{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002334 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002335#else
2336static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2337{
2338#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002339 struct connection *conn;
2340 struct bind_conf *s;
2341 const uint8_t *extension_data;
2342 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002343 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002344
2345 char *wildp = NULL;
2346 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002347 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002349 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002350 int i;
2351
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002352 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002353 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002354
Olivier Houchard9679ac92017-10-27 14:58:08 +02002355 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002356 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002357#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2359 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002360#else
2361 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2362#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002363 /*
2364 * The server_name extension was given too much extensibility when it
2365 * was written, so parsing the normal case is a bit complex.
2366 */
2367 size_t len;
2368 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002370 /* Extract the length of the supplied list of names. */
2371 len = (*extension_data++) << 8;
2372 len |= *extension_data++;
2373 if (len + 2 != extension_len)
2374 goto abort;
2375 /*
2376 * The list in practice only has a single element, so we only consider
2377 * the first one.
2378 */
2379 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2380 goto abort;
2381 extension_len = len - 1;
2382 /* Now we can finally pull out the byte array with the actual hostname. */
2383 if (extension_len <= 2)
2384 goto abort;
2385 len = (*extension_data++) << 8;
2386 len |= *extension_data++;
2387 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2388 || memchr(extension_data, 0, len) != NULL)
2389 goto abort;
2390 servername = extension_data;
2391 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002392 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002393#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2394 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002395 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002396 }
2397#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002398 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002399 if (!s->strict_sni) {
William Lallemand21724f02019-11-04 17:56:13 +01002400 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002401 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002402 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002403 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002404 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002405 goto abort;
2406 }
2407
2408 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002409#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002410 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002411#else
2412 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2413#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002414 uint8_t sign;
2415 size_t len;
2416 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002417 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002418 len = (*extension_data++) << 8;
2419 len |= *extension_data++;
2420 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002422 if (len % 2 != 0)
2423 goto abort;
2424 for (; len > 0; len -= 2) {
2425 extension_data++; /* hash */
2426 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002427 switch (sign) {
2428 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002429 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002430 break;
2431 case TLSEXT_signature_ecdsa:
2432 has_ecdsa_sig = 1;
2433 break;
2434 default:
2435 continue;
2436 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002437 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002438 break;
2439 }
2440 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002441 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002442 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002443 }
2444 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002445 const SSL_CIPHER *cipher;
2446 size_t len;
2447 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002448 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002449#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002450 len = ctx->cipher_suites_len;
2451 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002452#else
2453 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2454#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002455 if (len % 2 != 0)
2456 goto abort;
2457 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002458#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002459 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002460 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002461#else
2462 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2463#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002464 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002465 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002466 break;
2467 }
2468 }
2469 }
2470
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002471 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002472 trash.area[i] = tolower(servername[i]);
2473 if (!wildp && (trash.area[i] == '.'))
2474 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002475 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002476 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002477
William Lallemand150bfa82019-09-19 17:12:49 +02002478 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002479
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002480 for (i = 0; i < 2; i++) {
2481 if (i == 0) /* lookup in full qualified names */
2482 node = ebst_lookup(&s->sni_ctx, trash.area);
2483 else if (i == 1 && wildp) /* lookup in wildcards names */
2484 node = ebst_lookup(&s->sni_w_ctx, wildp);
2485 else
2486 break;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002487 for (n = node; n; n = ebmb_next_dup(n)) {
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002488 /* lookup a not neg filter */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002489 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002490 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002491 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002492 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002493 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002494 break;
2495 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002496 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002497 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002498 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002499 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002500 if (!node_anonymous)
2501 node_anonymous = n;
2502 break;
2503 }
2504 }
2505 }
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002506 /* select by key_signature priority order */
2507 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2508 : ((has_rsa_sig && node_rsa) ? node_rsa
2509 : (node_anonymous ? node_anonymous
2510 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2511 : node_rsa /* no rsa signature case (far far away) */
2512 )));
2513 if (node) {
2514 /* switch ctx */
2515 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
2516 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002517 if (conf) {
2518 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2519 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2520 if (conf->early_data)
2521 allow_early = 1;
2522 }
William Lallemand02010472019-10-18 11:02:19 +02002523 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002524 goto allow_early;
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002525 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002526 }
William Lallemand150bfa82019-09-19 17:12:49 +02002527
William Lallemand02010472019-10-18 11:02:19 +02002528 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002529#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002530 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002531 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002532 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002533 }
2534#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002535 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002536 /* no certificate match, is the default_ctx */
William Lallemand21724f02019-11-04 17:56:13 +01002537 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002538 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002539 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002540 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002541allow_early:
2542#ifdef OPENSSL_IS_BORINGSSL
2543 if (allow_early)
2544 SSL_set_early_data_enabled(ssl, 1);
2545#else
2546 if (!allow_early)
2547 SSL_set_max_early_data(ssl, 0);
2548#endif
2549 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002550 abort:
2551 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2552 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002553#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002554 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002555#else
2556 *al = SSL_AD_UNRECOGNIZED_NAME;
2557 return 0;
2558#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002559}
2560
2561#else /* OPENSSL_IS_BORINGSSL */
2562
Emeric Brunfc0421f2012-09-07 17:30:07 +02002563/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2564 * warning when no match is found, which implies the default (first) cert
2565 * will keep being used.
2566 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002567static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002568{
2569 const char *servername;
2570 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002571 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002572 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002573 int i;
2574 (void)al; /* shut gcc stupid warning */
2575
2576 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002577 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002578#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002579 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2580 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002581#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002582 if (s->strict_sni)
2583 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002584 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002585 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002586 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002587 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002588 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002589
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002590 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002591 if (!servername[i])
2592 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002593 trash.area[i] = tolower(servername[i]);
2594 if (!wildp && (trash.area[i] == '.'))
2595 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002596 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002597 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002598
William Lallemand150bfa82019-09-19 17:12:49 +02002599 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002600 node = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002601 /* lookup in full qualified names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002602 for (n = ebst_lookup(&s->sni_ctx, trash.area); n; n = ebmb_next_dup(n)) {
2603 /* lookup a not neg filter */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002604 if (!container_of(n, struct sni_ctx, name)->neg) {
2605 node = n;
2606 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002607 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002608 }
2609 if (!node && wildp) {
2610 /* lookup in wildcards names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002611 for (n = ebst_lookup(&s->sni_w_ctx, wildp); n; n = ebmb_next_dup(n)) {
2612 /* lookup a not neg filter */
2613 if (!container_of(n, struct sni_ctx, name)->neg) {
2614 node = n;
2615 break;
2616 }
2617 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002618 }
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002619 if (!node) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002620#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002621 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2622 /* switch ctx done in ssl_sock_generate_certificate */
William Lallemand150bfa82019-09-19 17:12:49 +02002623 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002624 return SSL_TLSEXT_ERR_OK;
2625 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002626#endif
William Lallemand21724f02019-11-04 17:56:13 +01002627 if (s->strict_sni) {
2628 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002629 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002630 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002631 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002632 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002633 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002634 }
2635
2636 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002637 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
William Lallemand150bfa82019-09-19 17:12:49 +02002638 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002639 return SSL_TLSEXT_ERR_OK;
2640}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002641#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002642#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2643
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002644#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002645
2646static DH * ssl_get_dh_1024(void)
2647{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002648 static unsigned char dh1024_p[]={
2649 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2650 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2651 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2652 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2653 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2654 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2655 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2656 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2657 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2658 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2659 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2660 };
2661 static unsigned char dh1024_g[]={
2662 0x02,
2663 };
2664
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 BIGNUM *p;
2666 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002667 DH *dh = DH_new();
2668 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002669 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2670 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002671
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002672 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002673 DH_free(dh);
2674 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002675 } else {
2676 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677 }
2678 }
2679 return dh;
2680}
2681
2682static DH *ssl_get_dh_2048(void)
2683{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002684 static unsigned char dh2048_p[]={
2685 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2686 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2687 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2688 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2689 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2690 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2691 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2692 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2693 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2694 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2695 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2696 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2697 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2698 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2699 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2700 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2701 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2702 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2703 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2704 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2705 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2706 0xB7,0x1F,0x77,0xF3,
2707 };
2708 static unsigned char dh2048_g[]={
2709 0x02,
2710 };
2711
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002712 BIGNUM *p;
2713 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002714 DH *dh = DH_new();
2715 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002716 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2717 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002718
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002719 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002720 DH_free(dh);
2721 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002722 } else {
2723 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002724 }
2725 }
2726 return dh;
2727}
2728
2729static DH *ssl_get_dh_4096(void)
2730{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002731 static unsigned char dh4096_p[]={
2732 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2733 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2734 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2735 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2736 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2737 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2738 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2739 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2740 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2741 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2742 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2743 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2744 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2745 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2746 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2747 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2748 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2749 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2750 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2751 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2752 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2753 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2754 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2755 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2756 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2757 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2758 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2759 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2760 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2761 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2762 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2763 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2764 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2765 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2766 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2767 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2768 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2769 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2770 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2771 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2772 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2773 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2774 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002775 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002776 static unsigned char dh4096_g[]={
2777 0x02,
2778 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002779
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002780 BIGNUM *p;
2781 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002782 DH *dh = DH_new();
2783 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002784 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2785 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002786
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002787 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002788 DH_free(dh);
2789 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002790 } else {
2791 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002792 }
2793 }
2794 return dh;
2795}
2796
2797/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002798 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002799static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2800{
2801 DH *dh = NULL;
2802 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002803 int type;
2804
2805 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002806
2807 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2808 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2809 */
2810 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2811 keylen = EVP_PKEY_bits(pkey);
2812 }
2813
Willy Tarreauef934602016-12-22 23:12:01 +01002814 if (keylen > global_ssl.default_dh_param) {
2815 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002816 }
2817
Remi Gacogned3a341a2015-05-29 16:26:17 +02002818 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002819 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002820 }
2821 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002822 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002823 }
2824 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002825 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002826 }
2827
2828 return dh;
2829}
2830
Remi Gacogne47783ef2015-05-29 15:53:22 +02002831static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002832{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002833 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002834 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002835
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002836 if (in == NULL)
2837 goto end;
2838
Remi Gacogne47783ef2015-05-29 15:53:22 +02002839 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002840 goto end;
2841
Remi Gacogne47783ef2015-05-29 15:53:22 +02002842 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2843
2844end:
2845 if (in)
2846 BIO_free(in);
2847
Emeric Brune1b4ed42018-08-16 15:14:12 +02002848 ERR_clear_error();
2849
Remi Gacogne47783ef2015-05-29 15:53:22 +02002850 return dh;
2851}
2852
2853int ssl_sock_load_global_dh_param_from_file(const char *filename)
2854{
2855 global_dh = ssl_sock_get_dh_from_file(filename);
2856
2857 if (global_dh) {
2858 return 0;
2859 }
2860
2861 return -1;
2862}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002863#endif
2864
William Lallemand9117de92019-10-04 00:29:42 +02002865/* Alloc and init a ckch_inst */
2866static struct ckch_inst *ckch_inst_new()
2867{
2868 struct ckch_inst *ckch_inst;
2869
2870 ckch_inst = calloc(1, sizeof *ckch_inst);
2871 if (ckch_inst)
2872 LIST_INIT(&ckch_inst->sni_ctx);
2873
2874 return ckch_inst;
2875}
2876
2877
2878/* This function allocates a sni_ctx and adds it to the ckch_inst */
William Lallemand1d29c742019-10-04 00:53:29 +02002879static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
William Lallemand9117de92019-10-04 00:29:42 +02002880 struct bind_conf *s, struct ssl_bind_conf *conf,
2881 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002882{
2883 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002884 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002885
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002886 if (*name == '!') {
2887 neg = 1;
2888 name++;
2889 }
2890 if (*name == '*') {
2891 wild = 1;
2892 name++;
2893 }
2894 /* !* filter is a nop */
2895 if (neg && wild)
2896 return order;
2897 if (*name) {
2898 int j, len;
2899 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002900 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002901 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002902 if (j >= trash.size)
William Lallemandfe49bb32019-10-03 23:46:33 +02002903 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002904 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002905
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002906 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002907 if (!sc)
William Lallemandfe49bb32019-10-03 23:46:33 +02002908 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002909 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002910 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002911 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002912 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002913 sc->order = order++;
2914 sc->neg = neg;
William Lallemand1d29c742019-10-04 00:53:29 +02002915 sc->wild = wild;
2916 sc->name.node.leaf_p = NULL;
William Lallemand1d29c742019-10-04 00:53:29 +02002917 LIST_ADDQ(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002918 }
2919 return order;
2920}
2921
William Lallemand6af03992019-07-23 15:00:54 +02002922/*
William Lallemand1d29c742019-10-04 00:53:29 +02002923 * Insert the sni_ctxs that are listed in the ckch_inst, in the bind_conf's sni_ctx tree
2924 * This function can't return an error.
2925 *
2926 * *CAUTION*: The caller must lock the sni tree if called in multithreading mode
2927 */
2928static void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf)
2929{
2930
2931 struct sni_ctx *sc0, *sc0b, *sc1;
2932 struct ebmb_node *node;
William Lallemand21724f02019-11-04 17:56:13 +01002933 int def = 0;
William Lallemand1d29c742019-10-04 00:53:29 +02002934
2935 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
2936
2937 /* ignore if sc0 was already inserted in a tree */
2938 if (sc0->name.node.leaf_p)
2939 continue;
2940
2941 /* Check for duplicates. */
2942 if (sc0->wild)
2943 node = ebst_lookup(&bind_conf->sni_w_ctx, (char *)sc0->name.key);
2944 else
2945 node = ebst_lookup(&bind_conf->sni_ctx, (char *)sc0->name.key);
2946
2947 for (; node; node = ebmb_next_dup(node)) {
2948 sc1 = ebmb_entry(node, struct sni_ctx, name);
2949 if (sc1->ctx == sc0->ctx && sc1->conf == sc0->conf
2950 && sc1->neg == sc0->neg && sc1->wild == sc0->wild) {
2951 /* it's a duplicate, we should remove and free it */
2952 LIST_DEL(&sc0->by_ckch_inst);
2953 free(sc0);
2954 sc0 = NULL;
William Lallemande15029b2019-10-14 10:46:58 +02002955 break;
William Lallemand1d29c742019-10-04 00:53:29 +02002956 }
2957 }
2958
2959 /* if duplicate, ignore the insertion */
2960 if (!sc0)
2961 continue;
2962
2963 if (sc0->wild)
2964 ebst_insert(&bind_conf->sni_w_ctx, &sc0->name);
2965 else
2966 ebst_insert(&bind_conf->sni_ctx, &sc0->name);
William Lallemand21724f02019-11-04 17:56:13 +01002967
2968 /* replace the default_ctx if required with the first ctx */
2969 if (ckch_inst->is_default && !def) {
2970 /* we don't need to free the default_ctx because the refcount was not incremented */
2971 bind_conf->default_ctx = sc0->ctx;
2972 def = 1;
2973 }
William Lallemand1d29c742019-10-04 00:53:29 +02002974 }
2975}
2976
2977/*
William Lallemande3af8fb2019-10-08 11:36:53 +02002978 * tree used to store the ckchs ordered by filename/bundle name
William Lallemand6af03992019-07-23 15:00:54 +02002979 */
William Lallemande3af8fb2019-10-08 11:36:53 +02002980struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
William Lallemand6af03992019-07-23 15:00:54 +02002981
William Lallemandfa892222019-07-23 16:06:08 +02002982
Emeric Brun7a883362019-10-17 13:27:40 +02002983/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2984 * If there is no DH paramater availaible in the ckchs, the global
2985 * DH parameter is loaded into the SSL_CTX and if there is no
2986 * DH parameter available in ckchs nor in global, the default
2987 * DH parameters are applied on the SSL_CTX.
2988 * Returns a bitfield containing the flags:
2989 * ERR_FATAL in any fatal error case
2990 * ERR_ALERT if a reason of the error is availabine in err
2991 * ERR_WARN if a warning is available into err
2992 * The value 0 means there is no error nor warning and
2993 * the operation succeed.
2994 */
William Lallemandfa892222019-07-23 16:06:08 +02002995#ifndef OPENSSL_NO_DH
Emeric Brun7a883362019-10-17 13:27:40 +02002996static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch,
2997 const char *path, char **err)
William Lallemandfa892222019-07-23 16:06:08 +02002998{
Emeric Brun7a883362019-10-17 13:27:40 +02002999 int ret = 0;
William Lallemandfa892222019-07-23 16:06:08 +02003000 DH *dh = NULL;
3001
William Lallemanda8c73742019-07-31 18:31:34 +02003002 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02003003 dh = ckch->dh;
Emeric Bruna9363eb2019-10-17 14:53:03 +02003004 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
3005 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
3006 err && *err ? *err : "", path);
3007#if defined(SSL_CTX_set_dh_auto)
3008 SSL_CTX_set_dh_auto(ctx, 1);
3009 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3010 err && *err ? *err : "");
3011#else
3012 memprintf(err, "%s, DH ciphers won't be available.\n",
3013 err && *err ? *err : "");
3014#endif
3015 ret |= ERR_WARN;
3016 goto end;
3017 }
William Lallemandfa892222019-07-23 16:06:08 +02003018
3019 if (ssl_dh_ptr_index >= 0) {
3020 /* store a pointer to the DH params to avoid complaining about
3021 ssl-default-dh-param not being set for this SSL_CTX */
3022 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
3023 }
3024 }
3025 else if (global_dh) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02003026 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
3027 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
3028 err && *err ? *err : "", path);
3029#if defined(SSL_CTX_set_dh_auto)
3030 SSL_CTX_set_dh_auto(ctx, 1);
3031 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3032 err && *err ? *err : "");
3033#else
3034 memprintf(err, "%s, DH ciphers won't be available.\n",
3035 err && *err ? *err : "");
3036#endif
3037 ret |= ERR_WARN;
3038 goto end;
3039 }
William Lallemandfa892222019-07-23 16:06:08 +02003040 }
3041 else {
3042 /* Clear openssl global errors stack */
3043 ERR_clear_error();
3044
3045 if (global_ssl.default_dh_param <= 1024) {
3046 /* we are limited to DH parameter of 1024 bits anyway */
3047 if (local_dh_1024 == NULL)
3048 local_dh_1024 = ssl_get_dh_1024();
3049
Emeric Brun7a883362019-10-17 13:27:40 +02003050 if (local_dh_1024 == NULL) {
3051 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3052 err && *err ? *err : "", path);
3053 ret |= ERR_ALERT | ERR_FATAL;
William Lallemandfa892222019-07-23 16:06:08 +02003054 goto end;
Emeric Brun7a883362019-10-17 13:27:40 +02003055 }
William Lallemandfa892222019-07-23 16:06:08 +02003056
Emeric Bruna9363eb2019-10-17 14:53:03 +02003057 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
3058 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3059 err && *err ? *err : "", path);
3060#if defined(SSL_CTX_set_dh_auto)
3061 SSL_CTX_set_dh_auto(ctx, 1);
3062 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3063 err && *err ? *err : "");
3064#else
3065 memprintf(err, "%s, DH ciphers won't be available.\n",
3066 err && *err ? *err : "");
3067#endif
3068 ret |= ERR_WARN;
3069 goto end;
3070 }
William Lallemandfa892222019-07-23 16:06:08 +02003071 }
3072 else {
3073 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
3074 }
William Lallemandfa892222019-07-23 16:06:08 +02003075 }
3076
3077end:
William Lallemandfa892222019-07-23 16:06:08 +02003078 return ret;
3079}
3080#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003081
yanbzhu488a4d22015-12-01 15:16:07 -05003082/* Frees the contents of a cert_key_and_chain
3083 */
3084static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
3085{
yanbzhu488a4d22015-12-01 15:16:07 -05003086 if (!ckch)
3087 return;
3088
3089 /* Free the certificate and set pointer to NULL */
3090 if (ckch->cert)
3091 X509_free(ckch->cert);
3092 ckch->cert = NULL;
3093
3094 /* Free the key and set pointer to NULL */
3095 if (ckch->key)
3096 EVP_PKEY_free(ckch->key);
3097 ckch->key = NULL;
3098
3099 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003100 if (ckch->chain)
3101 sk_X509_pop_free(ckch->chain, X509_free);
3102 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003103
William Lallemand455af502019-10-17 18:04:45 +02003104 if (ckch->dh)
3105 DH_free(ckch->dh);
3106 ckch->dh = NULL;
3107
3108 if (ckch->sctl) {
3109 free(ckch->sctl->area);
3110 ckch->sctl->area = NULL;
3111 free(ckch->sctl);
3112 ckch->sctl = NULL;
3113 }
3114
3115 if (ckch->ocsp_response) {
3116 free(ckch->ocsp_response->area);
3117 ckch->ocsp_response->area = NULL;
3118 free(ckch->ocsp_response);
3119 ckch->ocsp_response = NULL;
3120 }
yanbzhu488a4d22015-12-01 15:16:07 -05003121}
3122
William Lallemand8d0f8932019-10-17 18:03:58 +02003123/*
3124 *
3125 * This function copy a cert_key_and_chain in memory
3126 *
3127 * It's used to try to apply changes on a ckch before committing them, because
3128 * most of the time it's not possible to revert those changes
3129 *
3130 * Return a the dst or NULL
3131 */
3132static struct cert_key_and_chain *ssl_sock_copy_cert_key_and_chain(struct cert_key_and_chain *src,
3133 struct cert_key_and_chain *dst)
3134{
3135 if (src->cert) {
3136 dst->cert = src->cert;
3137 X509_up_ref(src->cert);
3138 }
3139
3140 if (src->key) {
3141 dst->key = src->key;
3142 EVP_PKEY_up_ref(src->key);
3143 }
3144
3145 if (src->chain) {
3146 dst->chain = X509_chain_up_ref(src->chain);
3147 }
3148
3149 if (src->dh) {
3150 DH_up_ref(src->dh);
3151 dst->dh = src->dh;
3152 }
3153
3154 if (src->sctl) {
3155 struct buffer *sctl;
3156
3157 sctl = calloc(1, sizeof(*sctl));
3158 if (!chunk_dup(sctl, src->sctl)) {
3159 free(sctl);
3160 sctl = NULL;
3161 goto error;
3162 }
3163 dst->sctl = sctl;
3164 }
3165
3166 if (src->ocsp_response) {
3167 struct buffer *ocsp_response;
3168
3169 ocsp_response = calloc(1, sizeof(*ocsp_response));
3170 if (!chunk_dup(ocsp_response, src->ocsp_response)) {
3171 free(ocsp_response);
3172 ocsp_response = NULL;
3173 goto error;
3174 }
3175 dst->ocsp_response = ocsp_response;
3176 }
3177
3178 if (src->ocsp_issuer) {
3179 X509_up_ref(src->ocsp_issuer);
3180 dst->ocsp_issuer = src->ocsp_issuer;
3181 }
3182
3183 return dst;
3184
3185error:
3186
3187 /* free everything */
3188 ssl_sock_free_cert_key_and_chain_contents(dst);
3189
3190 return NULL;
3191}
3192
3193
yanbzhu488a4d22015-12-01 15:16:07 -05003194/* checks if a key and cert exists in the ckch
3195 */
William Lallemand1633e392019-09-30 12:58:13 +02003196#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05003197static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
3198{
3199 return (ckch->cert != NULL && ckch->key != NULL);
3200}
William Lallemand1633e392019-09-30 12:58:13 +02003201#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003202
William Lallemandf9568fc2019-10-16 18:27:58 +02003203/*
3204 * return 0 on success or != 0 on failure
3205 */
3206static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch, char **err)
3207{
3208 int ret = 1;
3209 BIO *in = NULL;
3210 X509 *issuer;
3211
3212 if (buf) {
3213 /* reading from a buffer */
3214 in = BIO_new_mem_buf(buf, -1);
3215 if (in == NULL) {
3216 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3217 goto end;
3218 }
3219
3220 } else {
3221 /* reading from a file */
3222 in = BIO_new(BIO_s_file());
3223 if (in == NULL)
3224 goto end;
3225
3226 if (BIO_read_filename(in, path) <= 0)
3227 goto end;
3228 }
3229
3230 issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3231 if (!issuer) {
3232 memprintf(err, "%s'%s' cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003233 err && *err ? *err : "", path);
William Lallemandf9568fc2019-10-16 18:27:58 +02003234 goto end;
3235 }
3236 ret = 0;
3237 ckch->ocsp_issuer = issuer;
3238
3239end:
3240
3241 ERR_clear_error();
3242 if (in)
3243 BIO_free(in);
3244
3245 return ret;
3246}
3247
William Lallemand96a9c972019-10-17 11:56:17 +02003248
3249/*
3250 * Try to load a PEM file from a <path> or a buffer <buf>
3251 * The PEM must contain at least a Private Key and a Certificate,
3252 * It could contain a DH and a certificate chain.
yanbzhu488a4d22015-12-01 15:16:07 -05003253 *
William Lallemand96a9c972019-10-17 11:56:17 +02003254 * If it failed you should not attempt to use the ckch but free it.
3255 *
3256 * Return 0 on success or != 0 on failure
yanbzhu488a4d22015-12-01 15:16:07 -05003257 */
William Lallemand96a9c972019-10-17 11:56:17 +02003258static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch , char **err)
yanbzhu488a4d22015-12-01 15:16:07 -05003259{
William Lallemandf11365b2019-09-19 14:25:58 +02003260 BIO *in = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003261 int ret = 1;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003262 X509 *ca;
William Lallemand96a9c972019-10-17 11:56:17 +02003263 X509 *cert = NULL;
3264 EVP_PKEY *key = NULL;
3265 DH *dh;
3266
3267 if (buf) {
3268 /* reading from a buffer */
3269 in = BIO_new_mem_buf(buf, -1);
3270 if (in == NULL) {
3271 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3272 goto end;
3273 }
yanbzhu488a4d22015-12-01 15:16:07 -05003274
William Lallemand96a9c972019-10-17 11:56:17 +02003275 } else {
3276 /* reading from a file */
William Lallemandf11365b2019-09-19 14:25:58 +02003277 in = BIO_new(BIO_s_file());
3278 if (in == NULL)
3279 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003280
William Lallemandf11365b2019-09-19 14:25:58 +02003281 if (BIO_read_filename(in, path) <= 0)
3282 goto end;
William Lallemandf11365b2019-09-19 14:25:58 +02003283 }
yanbzhu488a4d22015-12-01 15:16:07 -05003284
yanbzhu488a4d22015-12-01 15:16:07 -05003285 /* Read Private Key */
William Lallemand96a9c972019-10-17 11:56:17 +02003286 key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3287 if (key == NULL) {
yanbzhu488a4d22015-12-01 15:16:07 -05003288 memprintf(err, "%sunable to load private key from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003289 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003290 goto end;
3291 }
3292
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003293#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02003294 /* Seek back to beginning of file */
3295 if (BIO_reset(in) == -1) {
3296 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3297 err && *err ? *err : "", path);
3298 goto end;
3299 }
3300
William Lallemand96a9c972019-10-17 11:56:17 +02003301 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
3302 /* no need to return an error there, dh is not mandatory */
3303
3304 if (dh) {
3305 if (ckch->dh)
3306 DH_free(ckch->dh);
3307 ckch->dh = dh;
3308 }
3309
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003310#endif
William Lallemandfa892222019-07-23 16:06:08 +02003311
Willy Tarreaubb137a82016-04-06 19:02:38 +02003312 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003313 if (BIO_reset(in) == -1) {
3314 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3315 err && *err ? *err : "", path);
3316 goto end;
3317 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003318
3319 /* Read Certificate */
William Lallemand96a9c972019-10-17 11:56:17 +02003320 cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3321 if (cert == NULL) {
Willy Tarreaubb137a82016-04-06 19:02:38 +02003322 memprintf(err, "%sunable to load certificate from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003323 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02003324 goto end;
3325 }
3326
William Lallemand96a9c972019-10-17 11:56:17 +02003327 if (!X509_check_private_key(cert, key)) {
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003328 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003329 err && *err ? *err : "", path);
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003330 goto end;
3331 }
3332
William Lallemand96a9c972019-10-17 11:56:17 +02003333 /* Key and Cert are good, we can use them in the ckch */
3334 if (ckch->key) /* free the previous key */
3335 EVP_PKEY_free(ckch->key);
3336 ckch->key = key;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003337 key = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003338
3339 if (ckch->cert) /* free the previous cert */
3340 X509_free(ckch->cert);
3341 ckch->cert = cert;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003342 cert = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003343
3344 /* Look for a Certificate Chain */
3345 ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
3346 if (ca) {
3347 /* there is a chain a in the PEM, clean the previous one in the CKCH */
3348 if (ckch->chain) /* free the previous chain */
3349 sk_X509_pop_free(ckch->chain, X509_free);
3350 ckch->chain = sk_X509_new_null();
3351 if (!sk_X509_push(ckch->chain, ca)) {
3352 X509_free(ca);
3353 goto end;
3354 }
3355 }
3356 /* look for other crt in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003357 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3358 if (!sk_X509_push(ckch->chain, ca)) {
3359 X509_free(ca);
3360 goto end;
3361 }
yanbzhu488a4d22015-12-01 15:16:07 -05003362
Emmanuel Hocdeted17f472019-10-24 18:28:33 +02003363 /* no chain */
3364 if (ckch->chain == NULL) {
3365 ckch->chain = sk_X509_new_null();
3366 }
3367
yanbzhu488a4d22015-12-01 15:16:07 -05003368 ret = ERR_get_error();
3369 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3370 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003371 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003372 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003373 }
3374
3375 ret = 0;
3376
William Lallemand96a9c972019-10-17 11:56:17 +02003377end:
William Lallemand246c0242019-10-11 08:59:13 +02003378
3379 ERR_clear_error();
William Lallemand96a9c972019-10-17 11:56:17 +02003380 if (in)
William Lallemand246c0242019-10-11 08:59:13 +02003381 BIO_free(in);
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003382 if (key)
3383 EVP_PKEY_free(key);
3384 if (cert)
3385 X509_free(cert);
William Lallemanda17f4112019-10-10 15:16:44 +02003386
William Lallemand96a9c972019-10-17 11:56:17 +02003387 return ret;
3388}
3389
3390/*
3391 * Try to load in a ckch every files related to a ckch.
3392 * (PEM, sctl, ocsp, issuer etc.)
3393 *
3394 * This function is only used to load files during the configuration parsing,
3395 * it is not used with the CLI.
3396 *
3397 * This allows us to carry the contents of the file without having to read the
3398 * file multiple times. The caller must call
3399 * ssl_sock_free_cert_key_and_chain_contents.
3400 *
3401 * returns:
3402 * 0 on Success
3403 * 1 on SSL Failure
3404 */
3405static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3406{
3407 int ret = 1;
3408
3409 /* try to load the PEM */
3410 if (ssl_sock_load_pem_into_ckch(path, NULL, ckch , err) != 0) {
3411 goto end;
3412 }
3413
William Lallemanda17f4112019-10-10 15:16:44 +02003414#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3415 /* try to load the sctl file */
3416 {
3417 char fp[MAXPATHLEN+1];
3418 struct stat st;
3419
3420 snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
3421 if (stat(fp, &st) == 0) {
William Lallemand0dfae6c2019-10-16 18:06:58 +02003422 if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
William Lallemanda17f4112019-10-10 15:16:44 +02003423 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003424 err && *err ? *err : "", fp);
William Lallemanda17f4112019-10-10 15:16:44 +02003425 ret = 1;
3426 goto end;
3427 }
3428 }
3429 }
3430#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003431
William Lallemand246c0242019-10-11 08:59:13 +02003432 /* try to load an ocsp response file */
3433 {
3434 char fp[MAXPATHLEN+1];
3435 struct stat st;
3436
3437 snprintf(fp, MAXPATHLEN+1, "%s.ocsp", path);
3438 if (stat(fp, &st) == 0) {
William Lallemand3b5f3602019-10-16 18:05:05 +02003439 if (ssl_sock_load_ocsp_response_from_file(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003440 ret = 1;
3441 goto end;
3442 }
3443 }
3444 }
3445
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003446#ifndef OPENSSL_IS_BORINGSSL /* Useless for BoringSSL */
William Lallemand246c0242019-10-11 08:59:13 +02003447 if (ckch->ocsp_response) {
3448 X509 *issuer;
3449 int i;
3450
3451 /* check if one of the certificate of the chain is the issuer */
3452 for (i = 0; i < sk_X509_num(ckch->chain); i++) {
3453 issuer = sk_X509_value(ckch->chain, i);
3454 if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
3455 ckch->ocsp_issuer = issuer;
3456 break;
3457 } else
3458 issuer = NULL;
3459 }
3460
3461 /* if no issuer was found, try to load an issuer from the .issuer */
3462 if (!issuer) {
3463 struct stat st;
3464 char fp[MAXPATHLEN+1];
3465
3466 snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
3467 if (stat(fp, &st) == 0) {
William Lallemandf9568fc2019-10-16 18:27:58 +02003468 if (ssl_sock_load_issuer_file_into_ckch(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003469 ret = 1;
3470 goto end;
3471 }
3472
3473 if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
William Lallemand786188f2019-10-15 10:05:37 +02003474 memprintf(err, "%s '%s' is not an issuer'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003475 err && *err ? *err : "", fp);
William Lallemand246c0242019-10-11 08:59:13 +02003476 ret = 1;
3477 goto end;
3478 }
3479 } else {
3480 memprintf(err, "%sNo issuer found, cannot use the OCSP response'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003481 err && *err ? *err : "");
William Lallemand246c0242019-10-11 08:59:13 +02003482 ret = 1;
3483 goto end;
3484 }
3485 }
3486 }
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003487#endif
William Lallemand246c0242019-10-11 08:59:13 +02003488
yanbzhu488a4d22015-12-01 15:16:07 -05003489 ret = 0;
3490
3491end:
3492
3493 ERR_clear_error();
yanbzhu488a4d22015-12-01 15:16:07 -05003494
3495 /* Something went wrong in one of the reads */
3496 if (ret != 0)
3497 ssl_sock_free_cert_key_and_chain_contents(ckch);
3498
3499 return ret;
3500}
3501
3502/* Loads the info in ckch into ctx
Emeric Bruna96b5822019-10-17 13:25:14 +02003503 * Returns a bitfield containing the flags:
3504 * ERR_FATAL in any fatal error case
3505 * ERR_ALERT if the reason of the error is available in err
3506 * ERR_WARN if a warning is available into err
3507 * The value 0 means there is no error nor warning and
3508 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003509 */
3510static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3511{
Emeric Bruna96b5822019-10-17 13:25:14 +02003512 int errcode = 0;
3513
yanbzhu488a4d22015-12-01 15:16:07 -05003514 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3515 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3516 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003517 errcode |= ERR_ALERT | ERR_FATAL;
3518 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003519 }
3520
3521 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3522 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3523 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003524 errcode |= ERR_ALERT | ERR_FATAL;
3525 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003526 }
3527
yanbzhu488a4d22015-12-01 15:16:07 -05003528 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003529#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003530 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3531 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3532 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003533 errcode |= ERR_ALERT | ERR_FATAL;
3534 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003535 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003536#else
3537 { /* legacy compat (< openssl 1.0.2) */
3538 X509 *ca;
Emmanuel Hocdet140b64f2019-10-24 18:33:10 +02003539 STACK_OF(X509) *chain;
3540 chain = X509_chain_up_ref(ckch->chain);
3541 while ((ca = sk_X509_shift(chain)))
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003542 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3543 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3544 err && *err ? *err : "", path);
3545 X509_free(ca);
Emmanuel Hocdet140b64f2019-10-24 18:33:10 +02003546 sk_X509_pop_free(chain, X509_free);
Emeric Bruna96b5822019-10-17 13:25:14 +02003547 errcode |= ERR_ALERT | ERR_FATAL;
3548 goto end;
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003549 }
3550 }
3551#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003552
William Lallemandfa892222019-07-23 16:06:08 +02003553#ifndef OPENSSL_NO_DH
3554 /* store a NULL pointer to indicate we have not yet loaded
3555 a custom DH param file */
3556 if (ssl_dh_ptr_index >= 0) {
3557 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3558 }
3559
Emeric Brun7a883362019-10-17 13:27:40 +02003560 errcode |= ssl_sock_load_dh_params(ctx, ckch, path, err);
3561 if (errcode & ERR_CODE) {
William Lallemandfa892222019-07-23 16:06:08 +02003562 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3563 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003564 goto end;
William Lallemandfa892222019-07-23 16:06:08 +02003565 }
3566#endif
3567
William Lallemanda17f4112019-10-10 15:16:44 +02003568#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3569 if (sctl_ex_index >= 0 && ckch->sctl) {
3570 if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
3571 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003572 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003573 errcode |= ERR_ALERT | ERR_FATAL;
3574 goto end;
William Lallemanda17f4112019-10-10 15:16:44 +02003575 }
3576 }
3577#endif
3578
William Lallemand4a660132019-10-14 14:51:41 +02003579#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand246c0242019-10-11 08:59:13 +02003580 /* Load OCSP Info into context */
3581 if (ckch->ocsp_response) {
3582 if (ssl_sock_load_ocsp(ctx, ckch) < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01003583 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3584 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003585 errcode |= ERR_ALERT | ERR_FATAL;
3586 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003587 }
3588 }
William Lallemand246c0242019-10-11 08:59:13 +02003589#endif
3590
Emeric Bruna96b5822019-10-17 13:25:14 +02003591 end:
3592 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003593}
3594
William Lallemandc4ecddf2019-07-31 16:50:08 +02003595#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003596
William Lallemand28a8fce2019-10-04 17:36:55 +02003597static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003598{
3599 struct sni_keytype *s_kt = NULL;
3600 struct ebmb_node *node;
3601 int i;
3602
3603 for (i = 0; i < trash.size; i++) {
3604 if (!str[i])
3605 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003606 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003607 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003608 trash.area[i] = 0;
3609 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003610 if (!node) {
3611 /* CN not found in tree */
3612 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3613 /* Using memcpy here instead of strncpy.
3614 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3615 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3616 */
William Lallemand28a8fce2019-10-04 17:36:55 +02003617 if (!s_kt)
3618 return -1;
3619
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003620 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003621 s_kt->keytypes = 0;
3622 ebst_insert(sni_keytypes, &s_kt->name);
3623 } else {
3624 /* CN found in tree */
3625 s_kt = container_of(node, struct sni_keytype, name);
3626 }
3627
3628 /* Mark that this CN has the keytype of key_index via keytypes mask */
3629 s_kt->keytypes |= 1<<key_index;
3630
William Lallemand28a8fce2019-10-04 17:36:55 +02003631 return 0;
3632
yanbzhu08ce6ab2015-12-02 13:01:29 -05003633}
3634
William Lallemandc4ecddf2019-07-31 16:50:08 +02003635#endif
William Lallemand8c1cdde2019-10-18 10:58:14 +02003636/*
3637 * Free a ckch_store and its ckch(s)
3638 * The linked ckch_inst are not free'd
3639 */
3640void ckchs_free(struct ckch_store *ckchs)
3641{
3642 if (!ckchs)
3643 return;
3644
3645#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3646 if (ckchs->multi) {
3647 int n;
3648
3649 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3650 ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
3651 } else
3652#endif
3653 {
3654 ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
3655 ckchs->ckch = NULL;
3656 }
3657
3658 free(ckchs);
3659}
3660
3661/* allocate and duplicate a ckch_store
3662 * Return a new ckch_store or NULL */
3663static struct ckch_store *ckchs_dup(const struct ckch_store *src)
3664{
3665 struct ckch_store *dst;
3666 int pathlen;
3667
3668 pathlen = strlen(src->path);
3669 dst = calloc(1, sizeof(*dst) + pathlen + 1);
3670 if (!dst)
3671 return NULL;
3672 /* copy previous key */
3673 memcpy(dst->path, src->path, pathlen + 1);
3674 dst->multi = src->multi;
3675 LIST_INIT(&dst->ckch_inst);
3676
3677 dst->ckch = calloc((src->multi ? SSL_SOCK_NUM_KEYTYPES : 1), sizeof(*dst->ckch));
3678 if (!dst->ckch)
3679 goto error;
3680
3681#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3682 if (src->multi) {
3683 int n;
3684
3685 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3686 if (&src->ckch[n]) {
3687 if (!ssl_sock_copy_cert_key_and_chain(&src->ckch[n], &dst->ckch[n]))
3688 goto error;
3689 }
3690 }
3691 } else
3692#endif
3693 {
3694 if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
3695 goto error;
3696 }
3697
3698 return dst;
3699
3700error:
3701 ckchs_free(dst);
3702
3703 return NULL;
3704}
William Lallemandc4ecddf2019-07-31 16:50:08 +02003705
William Lallemand36b84632019-07-18 19:28:17 +02003706/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003707 * lookup a path into the ckchs tree.
William Lallemand6af03992019-07-23 15:00:54 +02003708 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003709static inline struct ckch_store *ckchs_lookup(char *path)
William Lallemand6af03992019-07-23 15:00:54 +02003710{
3711 struct ebmb_node *eb;
3712
William Lallemande3af8fb2019-10-08 11:36:53 +02003713 eb = ebst_lookup(&ckchs_tree, path);
William Lallemand6af03992019-07-23 15:00:54 +02003714 if (!eb)
3715 return NULL;
3716
William Lallemande3af8fb2019-10-08 11:36:53 +02003717 return ebmb_entry(eb, struct ckch_store, node);
William Lallemand6af03992019-07-23 15:00:54 +02003718}
3719
3720/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003721 * This function allocate a ckch_store and populate it with certificates from files.
William Lallemand36b84632019-07-18 19:28:17 +02003722 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003723static struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err)
William Lallemand36b84632019-07-18 19:28:17 +02003724{
William Lallemande3af8fb2019-10-08 11:36:53 +02003725 struct ckch_store *ckchs;
William Lallemand36b84632019-07-18 19:28:17 +02003726
William Lallemande3af8fb2019-10-08 11:36:53 +02003727 ckchs = calloc(1, sizeof(*ckchs) + strlen(path) + 1);
3728 if (!ckchs) {
William Lallemand36b84632019-07-18 19:28:17 +02003729 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3730 goto end;
3731 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003732 ckchs->ckch = calloc(1, sizeof(*ckchs->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
William Lallemand36b84632019-07-18 19:28:17 +02003733
William Lallemande3af8fb2019-10-08 11:36:53 +02003734 if (!ckchs->ckch) {
William Lallemand36b84632019-07-18 19:28:17 +02003735 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3736 goto end;
3737 }
3738
William Lallemand9117de92019-10-04 00:29:42 +02003739 LIST_INIT(&ckchs->ckch_inst);
3740
William Lallemand36b84632019-07-18 19:28:17 +02003741 if (!multi) {
3742
William Lallemand96a9c972019-10-17 11:56:17 +02003743 if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003744 goto end;
3745
William Lallemande3af8fb2019-10-08 11:36:53 +02003746 /* insert into the ckchs tree */
3747 memcpy(ckchs->path, path, strlen(path) + 1);
3748 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003749 } else {
3750 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003751#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3752 char fp[MAXPATHLEN+1] = {0};
3753 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003754
3755 /* Load all possible certs and keys */
3756 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3757 struct stat buf;
3758 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3759 if (stat(fp, &buf) == 0) {
William Lallemand96a9c972019-10-17 11:56:17 +02003760 if (ssl_sock_load_files_into_ckch(fp, &ckchs->ckch[n], err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003761 goto end;
3762 found = 1;
William Lallemande3af8fb2019-10-08 11:36:53 +02003763 ckchs->multi = 1;
William Lallemand36b84632019-07-18 19:28:17 +02003764 }
3765 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003766#endif
William Lallemand36b84632019-07-18 19:28:17 +02003767
3768 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003769 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003770 goto end;
3771 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003772 /* insert into the ckchs tree */
3773 memcpy(ckchs->path, path, strlen(path) + 1);
3774 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003775 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003776 return ckchs;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003777
William Lallemand36b84632019-07-18 19:28:17 +02003778end:
William Lallemande3af8fb2019-10-08 11:36:53 +02003779 if (ckchs) {
3780 free(ckchs->ckch);
3781 ebmb_delete(&ckchs->node);
William Lallemand6af03992019-07-23 15:00:54 +02003782 }
3783
William Lallemande3af8fb2019-10-08 11:36:53 +02003784 free(ckchs);
William Lallemand36b84632019-07-18 19:28:17 +02003785
3786 return NULL;
3787}
3788
William Lallemandc4ecddf2019-07-31 16:50:08 +02003789#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3790
William Lallemand36b84632019-07-18 19:28:17 +02003791/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003792 * Take a ckch_store which contains a multi-certificate bundle.
William Lallemand36b84632019-07-18 19:28:17 +02003793 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003794 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3795 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003796 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003797 *
Emeric Brun054563d2019-10-17 13:16:58 +02003798 * Returns a bitfield containing the flags:
3799 * ERR_FATAL in any fatal error case
3800 * ERR_ALERT if the reason of the error is available in err
3801 * ERR_WARN if a warning is available into err
William Lallemand36b84632019-07-18 19:28:17 +02003802 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003803 */
Emeric Brun054563d2019-10-17 13:16:58 +02003804static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3805 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3806 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003807{
William Lallemand36b84632019-07-18 19:28:17 +02003808 int i = 0, n = 0;
3809 struct cert_key_and_chain *certs_and_keys;
William Lallemand4b989f22019-10-04 18:36:55 +02003810 struct eb_root sni_keytypes_map = EB_ROOT;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003811 struct ebmb_node *node;
3812 struct ebmb_node *next;
3813 /* Array of SSL_CTX pointers corresponding to each possible combo
3814 * of keytypes
3815 */
3816 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Emeric Brun054563d2019-10-17 13:16:58 +02003817 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003818 X509_NAME *xname = NULL;
3819 char *str = NULL;
3820#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3821 STACK_OF(GENERAL_NAME) *names = NULL;
3822#endif
William Lallemand614ca0d2019-10-07 13:52:11 +02003823 struct ckch_inst *ckch_inst;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003824
Emeric Brun054563d2019-10-17 13:16:58 +02003825 *ckchi = NULL;
3826
William Lallemande3af8fb2019-10-08 11:36:53 +02003827 if (!ckchs || !ckchs->ckch || !ckchs->multi) {
William Lallemand36b84632019-07-18 19:28:17 +02003828 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3829 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003830 return ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003831 }
3832
3833 ckch_inst = ckch_inst_new();
3834 if (!ckch_inst) {
3835 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3836 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003837 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003838 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003839 }
3840
William Lallemande3af8fb2019-10-08 11:36:53 +02003841 certs_and_keys = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003842
William Lallemand150bfa82019-09-19 17:12:49 +02003843 /* at least one of the instances is using filters during the config
3844 * parsing, that's ok to inherit this during loading on CLI */
William Lallemand920b0352019-12-04 15:33:01 +01003845 ckchs->filters |= !!fcount;
William Lallemand150bfa82019-09-19 17:12:49 +02003846
yanbzhu08ce6ab2015-12-02 13:01:29 -05003847 /* Process each ckch and update keytypes for each CN/SAN
3848 * for example, if CN/SAN www.a.com is associated with
3849 * certs with keytype 0 and 2, then at the end of the loop,
3850 * www.a.com will have:
3851 * keyindex = 0 | 1 | 4 = 5
3852 */
3853 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003854 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003855
3856 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3857 continue;
3858
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003859 if (fcount) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003860 for (i = 0; i < fcount; i++) {
3861 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3862 if (ret < 0) {
3863 memprintf(err, "%sunable to allocate SSL context.\n",
3864 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003865 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003866 goto end;
3867 }
3868 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003869 } else {
3870 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3871 * so the line that contains logic is marked via comments
3872 */
3873 xname = X509_get_subject_name(certs_and_keys[n].cert);
3874 i = -1;
3875 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3876 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003877 ASN1_STRING *value;
3878 value = X509_NAME_ENTRY_get_data(entry);
3879 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003880 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003881 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003882
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003883 OPENSSL_free(str);
3884 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003885 if (ret < 0) {
3886 memprintf(err, "%sunable to allocate SSL context.\n",
3887 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003888 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003889 goto end;
3890 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003891 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003892 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003893
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003894 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003895#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003896 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3897 if (names) {
3898 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3899 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003900
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003901 if (name->type == GEN_DNS) {
3902 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3903 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003904 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003905
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003906 OPENSSL_free(str);
3907 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003908 if (ret < 0) {
3909 memprintf(err, "%sunable to allocate SSL context.\n",
3910 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003911 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003912 goto end;
3913 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003914 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003915 }
3916 }
3917 }
3918 }
3919#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3920 }
3921
3922 /* If no files found, return error */
3923 if (eb_is_empty(&sni_keytypes_map)) {
3924 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3925 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003926 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003927 goto end;
3928 }
3929
3930 /* We now have a map of CN/SAN to keytypes that are loaded in
3931 * Iterate through the map to create the SSL_CTX's (if needed)
3932 * and add each CTX to the SNI tree
3933 *
3934 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003935 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003936 * combination is denoted by the key in the map. Each key
3937 * has a value between 1 and 2^n - 1. Conveniently, the array
3938 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3939 * entry in the array to correspond to the unique combo (key)
3940 * associated with i. This unique key combo (i) will be associated
3941 * with combos[i-1]
3942 */
3943
3944 node = ebmb_first(&sni_keytypes_map);
3945 while (node) {
3946 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003947 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003948 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003949
3950 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3951 i = container_of(node, struct sni_keytype, name)->keytypes;
3952 cur_ctx = key_combos[i-1].ctx;
3953
3954 if (cur_ctx == NULL) {
3955 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003956 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003957 if (cur_ctx == NULL) {
3958 memprintf(err, "%sunable to allocate SSL context.\n",
3959 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003960 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003961 goto end;
3962 }
3963
yanbzhube2774d2015-12-10 15:07:30 -05003964 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003965 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3966 if (i & (1<<n)) {
3967 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003968 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Bruna96b5822019-10-17 13:25:14 +02003969 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3970 if (errcode & ERR_CODE)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003971 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003972 }
3973 }
3974
yanbzhu08ce6ab2015-12-02 13:01:29 -05003975 /* Update key_combos */
3976 key_combos[i-1].ctx = cur_ctx;
3977 }
3978
3979 /* Update SNI Tree */
William Lallemand9117de92019-10-04 00:29:42 +02003980
William Lallemand1d29c742019-10-04 00:53:29 +02003981 key_combos[i-1].order = ckch_inst_add_cert_sni(cur_ctx, ckch_inst, bind_conf, ssl_conf,
William Lallemandfe49bb32019-10-03 23:46:33 +02003982 kinfo, str, key_combos[i-1].order);
3983 if (key_combos[i-1].order < 0) {
3984 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003985 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandfe49bb32019-10-03 23:46:33 +02003986 goto end;
3987 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003988 node = ebmb_next(node);
3989 }
3990
3991
3992 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3993 if (!bind_conf->default_ctx) {
3994 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3995 if (key_combos[i].ctx) {
3996 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003997 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01003998 ckch_inst->is_default = 1;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003999 break;
4000 }
4001 }
4002 }
4003
William Lallemand614ca0d2019-10-07 13:52:11 +02004004 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004005 ckch_inst->ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004006end:
4007
4008 if (names)
4009 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
4010
yanbzhu08ce6ab2015-12-02 13:01:29 -05004011 node = ebmb_first(&sni_keytypes_map);
4012 while (node) {
4013 next = ebmb_next(node);
4014 ebmb_delete(node);
William Lallemand8ed5b962019-10-04 17:24:39 +02004015 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05004016 node = next;
4017 }
4018
Emeric Brun054563d2019-10-17 13:16:58 +02004019 if (errcode & ERR_CODE && ckch_inst) {
William Lallemand0c6d12f2019-10-04 18:38:51 +02004020 struct sni_ctx *sc0, *sc0b;
4021
4022 /* free the SSL_CTX in case of error */
4023 for (i = 0; i < SSL_SOCK_POSSIBLE_KT_COMBOS; i++) {
4024 if (key_combos[i].ctx)
4025 SSL_CTX_free(key_combos[i].ctx);
4026 }
4027
4028 /* free the sni_ctx in case of error */
4029 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4030
4031 ebmb_delete(&sc0->name);
4032 LIST_DEL(&sc0->by_ckch_inst);
4033 free(sc0);
4034 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004035 free(ckch_inst);
4036 ckch_inst = NULL;
William Lallemand0c6d12f2019-10-04 18:38:51 +02004037 }
4038
Emeric Brun054563d2019-10-17 13:16:58 +02004039 *ckchi = ckch_inst;
4040 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004041}
4042#else
4043/* This is a dummy, that just logs an error and returns error */
Emeric Brun054563d2019-10-17 13:16:58 +02004044static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
4045 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4046 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05004047{
4048 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4049 err && *err ? *err : "", path, strerror(errno));
Emeric Brun054563d2019-10-17 13:16:58 +02004050 return ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004051}
4052
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004053#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05004054
William Lallemand614ca0d2019-10-07 13:52:11 +02004055/*
4056 * This function allocate a ckch_inst and create its snis
Emeric Brun054563d2019-10-17 13:16:58 +02004057 *
4058 * Returns a bitfield containing the flags:
4059 * ERR_FATAL in any fatal error case
4060 * ERR_ALERT if the reason of the error is available in err
4061 * ERR_WARN if a warning is available into err
William Lallemand614ca0d2019-10-07 13:52:11 +02004062 */
Emeric Brun054563d2019-10-17 13:16:58 +02004063static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
4064 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004065{
William Lallemandc9402072019-05-15 15:33:54 +02004066 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02004067 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004068 int order = 0;
4069 X509_NAME *xname;
4070 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004071 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004072 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02004073#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4074 STACK_OF(GENERAL_NAME) *names;
4075#endif
William Lallemand36b84632019-07-18 19:28:17 +02004076 struct cert_key_and_chain *ckch;
William Lallemand614ca0d2019-10-07 13:52:11 +02004077 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004078 int errcode = 0;
4079
4080 *ckchi = NULL;
William Lallemanda59191b2019-05-15 16:08:56 +02004081
William Lallemande3af8fb2019-10-08 11:36:53 +02004082 if (!ckchs || !ckchs->ckch)
Emeric Brun054563d2019-10-17 13:16:58 +02004083 return ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004084
William Lallemande3af8fb2019-10-08 11:36:53 +02004085 ckch = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02004086
William Lallemand150bfa82019-09-19 17:12:49 +02004087 /* at least one of the instances is using filters during the config
4088 * parsing, that's ok to inherit this during loading on CLI */
William Lallemand920b0352019-12-04 15:33:01 +01004089 ckchs->filters |= !!fcount;
William Lallemand150bfa82019-09-19 17:12:49 +02004090
William Lallemandc9402072019-05-15 15:33:54 +02004091 ctx = SSL_CTX_new(SSLv23_server_method());
4092 if (!ctx) {
4093 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
4094 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02004095 errcode |= ERR_ALERT | ERR_FATAL;
4096 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02004097 }
4098
Emeric Bruna96b5822019-10-17 13:25:14 +02004099 errcode |= ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err);
4100 if (errcode & ERR_CODE)
William Lallemand614ca0d2019-10-07 13:52:11 +02004101 goto error;
William Lallemand614ca0d2019-10-07 13:52:11 +02004102
4103 ckch_inst = ckch_inst_new();
4104 if (!ckch_inst) {
4105 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
4106 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02004107 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004108 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02004109 }
4110
William Lallemand36b84632019-07-18 19:28:17 +02004111 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004112 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004113 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004114 switch(EVP_PKEY_base_id(pkey)) {
4115 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004116 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004117 break;
4118 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004119 kinfo.sig = TLSEXT_signature_ecdsa;
4120 break;
4121 case EVP_PKEY_DSA:
4122 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004123 break;
4124 }
4125 EVP_PKEY_free(pkey);
4126 }
4127
Emeric Brun50bcecc2013-04-22 13:05:23 +02004128 if (fcount) {
William Lallemandfe49bb32019-10-03 23:46:33 +02004129 while (fcount--) {
William Lallemand1d29c742019-10-04 00:53:29 +02004130 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemandfe49bb32019-10-03 23:46:33 +02004131 if (order < 0) {
4132 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004133 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004134 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004135 }
4136 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004137 }
4138 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02004139#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02004140 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004141 if (names) {
4142 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
4143 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
4144 if (name->type == GEN_DNS) {
4145 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004146 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004147 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004148 if (order < 0) {
4149 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004150 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004151 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004152 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004153 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004154 }
4155 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004156 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004157 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004158#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02004159 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004160 i = -1;
4161 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
4162 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004163 ASN1_STRING *value;
4164
4165 value = X509_NAME_ENTRY_get_data(entry);
4166 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004167 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004168 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004169 if (order < 0) {
4170 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004171 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004172 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004173 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004174 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004175 }
4176 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004177 /* we must not free the SSL_CTX anymore below, since it's already in
4178 * the tree, so it will be discovered and cleaned in time.
4179 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004180
Emeric Brunfc0421f2012-09-07 17:30:07 +02004181#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004182 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02004183 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
4184 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004185 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004186 goto error;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004187 }
4188#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004189 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004190 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004191 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01004192 ckch_inst->is_default = 1;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004193 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004194
William Lallemand9117de92019-10-04 00:29:42 +02004195 /* everything succeed, the ckch instance can be used */
4196 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004197 ckch_inst->ssl_conf = ssl_conf;
William Lallemand9117de92019-10-04 00:29:42 +02004198
Emeric Brun054563d2019-10-17 13:16:58 +02004199 *ckchi = ckch_inst;
4200 return errcode;
William Lallemandd9199372019-10-04 15:37:05 +02004201
4202error:
4203 /* free the allocated sni_ctxs */
William Lallemand614ca0d2019-10-07 13:52:11 +02004204 if (ckch_inst) {
William Lallemandd9199372019-10-04 15:37:05 +02004205 struct sni_ctx *sc0, *sc0b;
4206
4207 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4208
4209 ebmb_delete(&sc0->name);
4210 LIST_DEL(&sc0->by_ckch_inst);
4211 free(sc0);
4212 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004213 free(ckch_inst);
4214 ckch_inst = NULL;
William Lallemandd9199372019-10-04 15:37:05 +02004215 }
4216 /* We only created 1 SSL_CTX so we can free it there */
4217 SSL_CTX_free(ctx);
4218
Emeric Brun054563d2019-10-17 13:16:58 +02004219 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004220}
4221
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004222/* Returns a set of ERR_* flags possibly with an error in <err>. */
William Lallemand614ca0d2019-10-07 13:52:11 +02004223static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
4224 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4225 char **sni_filter, int fcount, char **err)
4226{
4227 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004228 int errcode = 0;
William Lallemand614ca0d2019-10-07 13:52:11 +02004229
4230 /* we found the ckchs in the tree, we can use it directly */
4231 if (ckchs->multi)
Emeric Brun054563d2019-10-17 13:16:58 +02004232 errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004233 else
Emeric Brun054563d2019-10-17 13:16:58 +02004234 errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004235
Emeric Brun054563d2019-10-17 13:16:58 +02004236 if (errcode & ERR_CODE)
4237 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004238
4239 ssl_sock_load_cert_sni(ckch_inst, bind_conf);
4240
4241 /* succeed, add the instance to the ckch_store's list of instance */
4242 LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
Emeric Brun054563d2019-10-17 13:16:58 +02004243 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004244}
4245
4246
Willy Tarreaubbc91962019-10-16 16:42:19 +02004247/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01004248int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004249{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004250 struct dirent **de_list;
4251 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004252 DIR *dir;
4253 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01004254 char *end;
4255 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02004256 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004257 struct ckch_store *ckchs;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004258#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004259 int is_bundle;
4260 int j;
4261#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004262 if ((ckchs = ckchs_lookup(path))) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004263 /* we found the ckchs in the tree, we can use it directly */
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004264 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand6af03992019-07-23 15:00:54 +02004265 }
4266
yanbzhu08ce6ab2015-12-02 13:01:29 -05004267 if (stat(path, &buf) == 0) {
4268 dir = opendir(path);
William Lallemand36b84632019-07-18 19:28:17 +02004269 if (!dir) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004270 ckchs = ckchs_load_cert_file(path, 0, err);
4271 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004272 return ERR_ALERT | ERR_FATAL;
4273
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004274 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004275 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004276
yanbzhu08ce6ab2015-12-02 13:01:29 -05004277 /* strip trailing slashes, including first one */
4278 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
4279 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004280
yanbzhu08ce6ab2015-12-02 13:01:29 -05004281 n = scandir(path, &de_list, 0, alphasort);
4282 if (n < 0) {
4283 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
4284 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004285 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004286 }
4287 else {
4288 for (i = 0; i < n; i++) {
4289 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02004290
yanbzhu08ce6ab2015-12-02 13:01:29 -05004291 end = strrchr(de->d_name, '.');
4292 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
4293 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004294
yanbzhu08ce6ab2015-12-02 13:01:29 -05004295 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
4296 if (stat(fp, &buf) != 0) {
4297 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4298 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004299 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004300 goto ignore_entry;
4301 }
4302 if (!S_ISREG(buf.st_mode))
4303 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05004304
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004305#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004306 is_bundle = 0;
4307 /* Check if current entry in directory is part of a multi-cert bundle */
4308
4309 if (end) {
4310 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
4311 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
4312 is_bundle = 1;
4313 break;
4314 }
4315 }
4316
4317 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05004318 int dp_len;
4319
4320 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05004321
4322 /* increment i and free de until we get to a non-bundle cert
4323 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau05800522019-10-29 10:48:50 +01004324 * this is important since ignore_entry will free de. This also
4325 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05004326 */
Willy Tarreau05800522019-10-29 10:48:50 +01004327 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05004328 free(de);
4329 i++;
4330 de = de_list[i];
4331 }
4332
Willy Tarreau05800522019-10-29 10:48:50 +01004333 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
William Lallemande3af8fb2019-10-08 11:36:53 +02004334 if ((ckchs = ckchs_lookup(fp)) == NULL)
4335 ckchs = ckchs_load_cert_file(fp, 1, err);
4336 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004337 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004338 else
4339 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05004340 /* Successfully processed the bundle */
4341 goto ignore_entry;
4342 }
4343 }
4344
4345#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004346 if ((ckchs = ckchs_lookup(fp)) == NULL)
4347 ckchs = ckchs_load_cert_file(fp, 0, err);
4348 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004349 cfgerr |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02004350 else
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004351 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004352
yanbzhu08ce6ab2015-12-02 13:01:29 -05004353ignore_entry:
4354 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004355 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004356 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004357 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004358 closedir(dir);
4359 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004360 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004361
William Lallemande3af8fb2019-10-08 11:36:53 +02004362 ckchs = ckchs_load_cert_file(path, 1, err);
4363 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004364 return ERR_ALERT | ERR_FATAL;
4365
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004366 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05004367
Emeric Brunfc0421f2012-09-07 17:30:07 +02004368 return cfgerr;
4369}
4370
Thierry Fournier383085f2013-01-24 14:15:43 +01004371/* Make sure openssl opens /dev/urandom before the chroot. The work is only
4372 * done once. Zero is returned if the operation fails. No error is returned
4373 * if the random is said as not implemented, because we expect that openssl
4374 * will use another method once needed.
4375 */
4376static int ssl_initialize_random()
4377{
4378 unsigned char random;
4379 static int random_initialized = 0;
4380
4381 if (!random_initialized && RAND_bytes(&random, 1) != 0)
4382 random_initialized = 1;
4383
4384 return random_initialized;
4385}
4386
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004387/* release ssl bind conf */
4388void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004389{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004390 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01004391#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004392 free(conf->npn_str);
4393 conf->npn_str = NULL;
4394#endif
4395#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4396 free(conf->alpn_str);
4397 conf->alpn_str = NULL;
4398#endif
4399 free(conf->ca_file);
4400 conf->ca_file = NULL;
4401 free(conf->crl_file);
4402 conf->crl_file = NULL;
4403 free(conf->ciphers);
4404 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004405#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004406 free(conf->ciphersuites);
4407 conf->ciphersuites = NULL;
4408#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004409 free(conf->curves);
4410 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004411 free(conf->ecdhe);
4412 conf->ecdhe = NULL;
4413 }
4414}
4415
Willy Tarreaubbc91962019-10-16 16:42:19 +02004416/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004417int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
4418{
4419 char thisline[CRT_LINESIZE];
4420 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004421 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05004422 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004423 int linenum = 0;
4424 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004425 struct ckch_store *ckchs;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004426
Willy Tarreauad1731d2013-04-02 17:35:58 +02004427 if ((f = fopen(file, "r")) == NULL) {
4428 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004429 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004430 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004431
4432 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004433 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004434 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004435 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004436 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004437 char *crt_path;
4438 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004439
4440 linenum++;
4441 end = line + strlen(line);
4442 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
4443 /* Check if we reached the limit and the last char is not \n.
4444 * Watch out for the last line without the terminating '\n'!
4445 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02004446 memprintf(err, "line %d too long in file '%s', limit is %d characters",
4447 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004448 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004449 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004450 }
4451
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004452 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004453 newarg = 1;
4454 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004455 if (*line == '#' || *line == '\n' || *line == '\r') {
4456 /* end of string, end of loop */
4457 *line = 0;
4458 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004459 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02004460 newarg = 1;
4461 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004462 } else if (*line == '[') {
4463 if (ssl_b) {
4464 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004465 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004466 break;
4467 }
4468 if (!arg) {
4469 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004470 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004471 break;
4472 }
4473 ssl_b = arg;
4474 newarg = 1;
4475 *line = 0;
4476 } else if (*line == ']') {
4477 if (ssl_e) {
4478 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004479 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004480 break;
4481 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004482 if (!ssl_b) {
4483 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004484 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004485 break;
4486 }
4487 ssl_e = arg;
4488 newarg = 1;
4489 *line = 0;
4490 } else if (newarg) {
4491 if (arg == MAX_CRT_ARGS) {
4492 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004493 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004494 break;
4495 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004496 newarg = 0;
4497 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004498 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004499 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004500 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02004501 if (cfgerr)
4502 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004503 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004504
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004505 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004506 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004507 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004508
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004509 crt_path = args[0];
4510 if (*crt_path != '/' && global_ssl.crt_base) {
4511 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
4512 memprintf(err, "'%s' : path too long on line %d in file '%s'",
4513 crt_path, linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004514 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004515 break;
4516 }
4517 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
4518 crt_path = path;
4519 }
4520
4521 ssl_conf = calloc(1, sizeof *ssl_conf);
4522 cur_arg = ssl_b ? ssl_b : 1;
4523 while (cur_arg < ssl_e) {
4524 newarg = 0;
4525 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
4526 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
4527 newarg = 1;
Willy Tarreaubbc91962019-10-16 16:42:19 +02004528 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004529 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
4530 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
4531 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004532 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004533 }
4534 cur_arg += 1 + ssl_bind_kws[i].skip;
4535 break;
4536 }
4537 }
4538 if (!cfgerr && !newarg) {
4539 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
4540 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004541 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004542 break;
4543 }
4544 }
Willy Tarreaubbc91962019-10-16 16:42:19 +02004545
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004546 if (cfgerr) {
4547 ssl_sock_free_ssl_conf(ssl_conf);
4548 free(ssl_conf);
4549 ssl_conf = NULL;
4550 break;
4551 }
4552
William Lallemande3af8fb2019-10-08 11:36:53 +02004553 if ((ckchs = ckchs_lookup(crt_path)) == NULL) {
William Lallemandeed4bf22019-10-10 11:38:13 +02004554 if (stat(crt_path, &buf) == 0)
William Lallemande3af8fb2019-10-08 11:36:53 +02004555 ckchs = ckchs_load_cert_file(crt_path, 0, err);
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02004556 else
William Lallemande3af8fb2019-10-08 11:36:53 +02004557 ckchs = ckchs_load_cert_file(crt_path, 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05004558 }
4559
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004560 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004561 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004562 else
4563 cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
William Lallemandeed4bf22019-10-10 11:38:13 +02004564
Willy Tarreauad1731d2013-04-02 17:35:58 +02004565 if (cfgerr) {
4566 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004567 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004568 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004569 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004570 fclose(f);
4571 return cfgerr;
4572}
4573
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004574/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004575static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004576ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004577{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004578 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004579 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004580 SSL_OP_ALL | /* all known workarounds for bugs */
4581 SSL_OP_NO_SSLv2 |
4582 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004583 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02004584 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004585 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02004586 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004587 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004588 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004589 SSL_MODE_ENABLE_PARTIAL_WRITE |
4590 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004591 SSL_MODE_RELEASE_BUFFERS |
4592 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004593 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004594 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004595 int flags = MC_SSL_O_ALL;
4596 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004597
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004598 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004599 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004600
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004601 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004602 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
4603 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4604 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004605 else
4606 flags = conf_ssl_methods->flags;
4607
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004608 min = conf_ssl_methods->min;
4609 max = conf_ssl_methods->max;
4610 /* start with TLSv10 to remove SSLv3 per default */
4611 if (!min && (!max || max >= CONF_TLSV10))
4612 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004613 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004614 if (min)
4615 flags |= (methodVersions[min].flag - 1);
4616 if (max)
4617 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004618 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004619 min = max = CONF_TLSV_NONE;
4620 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004621 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004622 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004623 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004624 if (min) {
4625 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004626 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
4627 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4628 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
4629 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004630 hole = 0;
4631 }
4632 max = i;
4633 }
4634 else {
4635 min = max = i;
4636 }
4637 }
4638 else {
4639 if (min)
4640 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004641 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004642 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004643 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4644 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004645 cfgerr += 1;
4646 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004647 /* save real min/max in bind_conf */
4648 conf_ssl_methods->min = min;
4649 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004650
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004651#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004652 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004653 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004654 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004655 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004656 else
4657 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4658 if (flags & methodVersions[i].flag)
4659 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004660#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004661 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004662 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4663 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004664#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004665
4666 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4667 options |= SSL_OP_NO_TICKET;
4668 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4669 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004670
4671#ifdef SSL_OP_NO_RENEGOTIATION
4672 options |= SSL_OP_NO_RENEGOTIATION;
4673#endif
4674
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004675 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004676
Willy Tarreau5db847a2019-05-09 14:13:35 +02004677#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004678 if (global_ssl.async)
4679 mode |= SSL_MODE_ASYNC;
4680#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004681 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004682 if (global_ssl.life_time)
4683 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004684
4685#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4686#ifdef OPENSSL_IS_BORINGSSL
4687 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4688 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004689#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004690 if (bind_conf->ssl_conf.early_data) {
4691 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
4692 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4693 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004694 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4695 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004696#else
4697 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004698#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004699 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004700#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004701 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004702}
4703
William Lallemand4f45bb92017-10-30 20:08:51 +01004704
4705static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4706{
4707 if (first == block) {
4708 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4709 if (first->len > 0)
4710 sh_ssl_sess_tree_delete(sh_ssl_sess);
4711 }
4712}
4713
4714/* return first block from sh_ssl_sess */
4715static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4716{
4717 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4718
4719}
4720
4721/* store a session into the cache
4722 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4723 * data: asn1 encoded session
4724 * data_len: asn1 encoded session length
4725 * Returns 1 id session was stored (else 0)
4726 */
4727static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4728{
4729 struct shared_block *first;
4730 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4731
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004732 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004733 if (!first) {
4734 /* Could not retrieve enough free blocks to store that session */
4735 return 0;
4736 }
4737
4738 /* STORE the key in the first elem */
4739 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4740 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4741 first->len = sizeof(struct sh_ssl_sess_hdr);
4742
4743 /* it returns the already existing node
4744 or current node if none, never returns null */
4745 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4746 if (oldsh_ssl_sess != sh_ssl_sess) {
4747 /* NOTE: Row couldn't be in use because we lock read & write function */
4748 /* release the reserved row */
4749 shctx_row_dec_hot(ssl_shctx, first);
4750 /* replace the previous session already in the tree */
4751 sh_ssl_sess = oldsh_ssl_sess;
4752 /* ignore the previous session data, only use the header */
4753 first = sh_ssl_sess_first_block(sh_ssl_sess);
4754 shctx_row_inc_hot(ssl_shctx, first);
4755 first->len = sizeof(struct sh_ssl_sess_hdr);
4756 }
4757
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004758 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004759 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004760 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004761 }
4762
4763 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004764
4765 return 1;
4766}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004767
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004768/* SSL callback used when a new session is created while connecting to a server */
4769static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4770{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004771 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004772 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004773
Willy Tarreau07d94e42018-09-20 10:57:52 +02004774 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004775
Olivier Houcharde6060c52017-11-16 17:42:52 +01004776 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4777 int len;
4778 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004779
Olivier Houcharde6060c52017-11-16 17:42:52 +01004780 len = i2d_SSL_SESSION(sess, NULL);
4781 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4782 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4783 } else {
4784 free(s->ssl_ctx.reused_sess[tid].ptr);
4785 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4786 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4787 }
4788 if (s->ssl_ctx.reused_sess[tid].ptr) {
4789 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4790 &ptr);
4791 }
4792 } else {
4793 free(s->ssl_ctx.reused_sess[tid].ptr);
4794 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4795 }
4796
4797 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004798}
4799
Olivier Houcharde6060c52017-11-16 17:42:52 +01004800
William Lallemanded0b5ad2017-10-30 19:36:36 +01004801/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004802int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004803{
4804 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4805 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4806 unsigned char *p;
4807 int data_len;
Emeric Bruneb469652019-10-08 18:27:37 +02004808 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004809 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004810
4811 /* Session id is already stored in to key and session id is known
4812 * so we dont store it to keep size.
Emeric Bruneb469652019-10-08 18:27:37 +02004813 * note: SSL_SESSION_set1_id is using
4814 * a memcpy so we need to use a different pointer
4815 * than sid_data or sid_ctx_data to avoid valgrind
4816 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004817 */
4818
4819 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Bruneb469652019-10-08 18:27:37 +02004820
4821 /* copy value in an other buffer */
4822 memcpy(encid, sid_data, sid_length);
4823
4824 /* pad with 0 */
4825 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4826 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4827
4828 /* force length to zero to avoid ASN1 encoding */
4829 SSL_SESSION_set1_id(sess, encid, 0);
4830
4831 /* force length to zero to avoid ASN1 encoding */
4832 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004833
4834 /* check if buffer is large enough for the ASN1 encoded session */
4835 data_len = i2d_SSL_SESSION(sess, NULL);
4836 if (data_len > SHSESS_MAX_DATA_LEN)
4837 goto err;
4838
4839 p = encsess;
4840
4841 /* process ASN1 session encoding before the lock */
4842 i2d_SSL_SESSION(sess, &p);
4843
William Lallemanded0b5ad2017-10-30 19:36:36 +01004844
William Lallemanda3c77cf2017-10-30 23:44:40 +01004845 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004846 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004847 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004848 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004849err:
4850 /* reset original length values */
Emeric Bruneb469652019-10-08 18:27:37 +02004851 SSL_SESSION_set1_id(sess, encid, sid_length);
4852 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004853
4854 return 0; /* do not increment session reference count */
4855}
4856
4857/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004858SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004859{
William Lallemand4f45bb92017-10-30 20:08:51 +01004860 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004861 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4862 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004863 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004864 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004865
4866 global.shctx_lookups++;
4867
4868 /* allow the session to be freed automatically by openssl */
4869 *do_copy = 0;
4870
4871 /* tree key is zeros padded sessionid */
4872 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4873 memcpy(tmpkey, key, key_len);
4874 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4875 key = tmpkey;
4876 }
4877
4878 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004879 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004880
4881 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004882 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4883 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004884 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004885 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004886 global.shctx_misses++;
4887 return NULL;
4888 }
4889
William Lallemand4f45bb92017-10-30 20:08:51 +01004890 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4891 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004892
William Lallemand4f45bb92017-10-30 20:08:51 +01004893 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004894
William Lallemanda3c77cf2017-10-30 23:44:40 +01004895 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004896
4897 /* decode ASN1 session */
4898 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004899 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004900 /* Reset session id and session id contenxt */
4901 if (sess) {
4902 SSL_SESSION_set1_id(sess, key, key_len);
4903 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4904 }
4905
4906 return sess;
4907}
4908
William Lallemand4f45bb92017-10-30 20:08:51 +01004909
William Lallemanded0b5ad2017-10-30 19:36:36 +01004910/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004911void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004912{
William Lallemand4f45bb92017-10-30 20:08:51 +01004913 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004914 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4915 unsigned int sid_length;
4916 const unsigned char *sid_data;
4917 (void)ctx;
4918
4919 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4920 /* tree key is zeros padded sessionid */
4921 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4922 memcpy(tmpkey, sid_data, sid_length);
4923 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4924 sid_data = tmpkey;
4925 }
4926
William Lallemanda3c77cf2017-10-30 23:44:40 +01004927 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004928
4929 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004930 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4931 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004932 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004933 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004934 }
4935
4936 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004937 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004938}
4939
4940/* Set session cache mode to server and disable openssl internal cache.
4941 * Set shared cache callbacks on an ssl context.
4942 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004943void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004944{
4945 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4946
4947 if (!ssl_shctx) {
4948 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4949 return;
4950 }
4951
4952 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4953 SSL_SESS_CACHE_NO_INTERNAL |
4954 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4955
4956 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004957 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4958 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4959 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004960}
4961
William Lallemand8b453912019-11-21 15:48:10 +01004962/*
4963 * This function applies the SSL configuration on a SSL_CTX
4964 * It returns an error code and fills the <err> buffer
4965 */
4966int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx, char **err)
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004967{
4968 struct proxy *curproxy = bind_conf->frontend;
4969 int cfgerr = 0;
4970 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004971 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004972 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004973#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004974 const char *conf_ciphersuites;
4975#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004976 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004977
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004978 if (ssl_conf) {
4979 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4980 int i, min, max;
4981 int flags = MC_SSL_O_ALL;
4982
4983 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004984 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4985 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004986 if (min)
4987 flags |= (methodVersions[min].flag - 1);
4988 if (max)
4989 flags |= ~((methodVersions[max].flag << 1) - 1);
4990 min = max = CONF_TLSV_NONE;
4991 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4992 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4993 if (min)
4994 max = i;
4995 else
4996 min = max = i;
4997 }
4998 /* save real min/max */
4999 conf_ssl_methods->min = min;
5000 conf_ssl_methods->max = max;
5001 if (!min) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005002 memprintf(err, "%sProxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
5003 err && *err ? *err : "", bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005004 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02005005 }
5006 }
5007
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005008 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01005009 case SSL_SOCK_VERIFY_NONE:
5010 verify = SSL_VERIFY_NONE;
5011 break;
5012 case SSL_SOCK_VERIFY_OPTIONAL:
5013 verify = SSL_VERIFY_PEER;
5014 break;
5015 case SSL_SOCK_VERIFY_REQUIRED:
5016 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
5017 break;
5018 }
5019 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
5020 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005021 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
5022 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
5023 if (ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005024 /* set CAfile to verify */
5025 if (!ssl_set_verify_locations_file(ctx, ca_file)) {
5026 memprintf(err, "%sProxy '%s': unable to set CA file '%s' for bind '%s' at [%s:%d].\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01005027 err && *err ? *err : "", curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005028 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02005029 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02005030 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
5031 /* set CA names for client cert request, function returns void */
Emmanuel Hocdet129d3282019-10-24 18:08:51 +02005032 SSL_CTX_set_client_CA_list(ctx, SSL_dup_CA_list(ssl_get_client_ca_file(ca_file)));
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02005033 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02005034 }
Emeric Brun850efd52014-01-29 12:24:34 +01005035 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01005036 memprintf(err, "%sProxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
5037 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005038 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun850efd52014-01-29 12:24:34 +01005039 }
Emeric Brun051cdab2012-10-02 19:25:50 +02005040#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005041 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02005042 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
5043
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005044 if (!ssl_set_cert_crl_file(store, crl_file)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005045 memprintf(err, "%sProxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
5046 err && *err ? *err : "", curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005047 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02005048 }
Emeric Brun561e5742012-10-02 15:20:55 +02005049 else {
5050 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5051 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02005052 }
Emeric Brun051cdab2012-10-02 19:25:50 +02005053#endif
Emeric Brun644cde02012-12-14 11:21:13 +01005054 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02005055 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005056#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02005057 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005058 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005059 memprintf(err, "%sProxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
5060 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005061 cfgerr |= ERR_ALERT | ERR_FATAL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005062 }
5063 }
5064#endif
5065
William Lallemand4f45bb92017-10-30 20:08:51 +01005066 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005067 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
5068 if (conf_ciphers &&
5069 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005070 memprintf(err, "%sProxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
5071 err && *err ? *err : "", curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005072 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005073 }
5074
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005075#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005076 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
5077 if (conf_ciphersuites &&
5078 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005079 memprintf(err, "%sProxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
5080 err && *err ? *err : "", curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005081 cfgerr |= ERR_ALERT | ERR_FATAL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005082 }
5083#endif
5084
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01005085#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02005086 /* If tune.ssl.default-dh-param has not been set,
5087 neither has ssl-default-dh-file and no static DH
5088 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01005089 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02005090 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02005091 (ssl_dh_ptr_index == -1 ||
5092 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01005093 STACK_OF(SSL_CIPHER) * ciphers = NULL;
5094 const SSL_CIPHER * cipher = NULL;
5095 char cipher_description[128];
5096 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
5097 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
5098 which is not ephemeral DH. */
5099 const char dhe_description[] = " Kx=DH ";
5100 const char dhe_export_description[] = " Kx=DH(";
5101 int idx = 0;
5102 int dhe_found = 0;
5103 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02005104
Remi Gacogne23d5d372014-10-10 17:04:26 +02005105 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005106
Remi Gacogne23d5d372014-10-10 17:04:26 +02005107 if (ssl) {
5108 ciphers = SSL_get_ciphers(ssl);
5109
5110 if (ciphers) {
5111 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
5112 cipher = sk_SSL_CIPHER_value(ciphers, idx);
5113 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
5114 if (strstr(cipher_description, dhe_description) != NULL ||
5115 strstr(cipher_description, dhe_export_description) != NULL) {
5116 dhe_found = 1;
5117 break;
5118 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02005119 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005120 }
5121 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02005122 SSL_free(ssl);
5123 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02005124 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005125
Lukas Tribus90132722014-08-18 00:56:33 +02005126 if (dhe_found) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005127 memprintf(err, "%sSetting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n",
5128 err && *err ? *err : "");
William Lallemand8b453912019-11-21 15:48:10 +01005129 cfgerr |= ERR_WARN;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005130 }
5131
Willy Tarreauef934602016-12-22 23:12:01 +01005132 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005133 }
Remi Gacogne8de54152014-07-15 11:36:40 +02005134
Willy Tarreauef934602016-12-22 23:12:01 +01005135 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005136 if (local_dh_1024 == NULL) {
5137 local_dh_1024 = ssl_get_dh_1024();
5138 }
Willy Tarreauef934602016-12-22 23:12:01 +01005139 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005140 if (local_dh_2048 == NULL) {
5141 local_dh_2048 = ssl_get_dh_2048();
5142 }
Willy Tarreauef934602016-12-22 23:12:01 +01005143 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005144 if (local_dh_4096 == NULL) {
5145 local_dh_4096 = ssl_get_dh_4096();
5146 }
Remi Gacogne8de54152014-07-15 11:36:40 +02005147 }
5148 }
5149 }
5150#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005151
Emeric Brunfc0421f2012-09-07 17:30:07 +02005152 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005153#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02005154 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02005155#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005156
Bernard Spil13c53f82018-02-15 13:34:58 +01005157#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005158 ssl_conf_cur = NULL;
5159 if (ssl_conf && ssl_conf->npn_str)
5160 ssl_conf_cur = ssl_conf;
5161 else if (bind_conf->ssl_conf.npn_str)
5162 ssl_conf_cur = &bind_conf->ssl_conf;
5163 if (ssl_conf_cur)
5164 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02005165#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01005166#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005167 ssl_conf_cur = NULL;
5168 if (ssl_conf && ssl_conf->alpn_str)
5169 ssl_conf_cur = ssl_conf;
5170 else if (bind_conf->ssl_conf.alpn_str)
5171 ssl_conf_cur = &bind_conf->ssl_conf;
5172 if (ssl_conf_cur)
5173 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02005174#endif
Lukas Tribusd14b49c2019-11-24 18:20:40 +01005175#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005176 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
5177 if (conf_curves) {
5178 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005179 memprintf(err, "%sProxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
5180 err && *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005181 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005182 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01005183#if defined(SSL_CTX_set_ecdh_auto)
5184 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
5185#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005186 }
5187#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005188#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005189 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02005190 int i;
5191 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005192#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005193 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02005194 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5195 NULL);
5196
5197 if (ecdhe == NULL) {
Eric Salama3c8bde82019-11-20 11:33:40 +01005198 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005199 return cfgerr;
5200 }
5201#else
5202 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
5203 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5204 ECDHE_DEFAULT_CURVE);
5205#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005206
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005207 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02005208 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005209 memprintf(err, "%sProxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
5210 err && *err ? *err : "", curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005211 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun2b58d042012-09-20 17:10:03 +02005212 }
5213 else {
5214 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
5215 EC_KEY_free(ecdh);
5216 }
5217 }
5218#endif
5219
Emeric Brunfc0421f2012-09-07 17:30:07 +02005220 return cfgerr;
5221}
5222
Evan Broderbe554312013-06-27 00:05:25 -07005223static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
5224{
5225 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
5226 size_t prefixlen, suffixlen;
5227
5228 /* Trivial case */
5229 if (strcmp(pattern, hostname) == 0)
5230 return 1;
5231
Evan Broderbe554312013-06-27 00:05:25 -07005232 /* The rest of this logic is based on RFC 6125, section 6.4.3
5233 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
5234
Emeric Bruna848dae2013-10-08 11:27:28 +02005235 pattern_wildcard = NULL;
5236 pattern_left_label_end = pattern;
5237 while (*pattern_left_label_end != '.') {
5238 switch (*pattern_left_label_end) {
5239 case 0:
5240 /* End of label not found */
5241 return 0;
5242 case '*':
5243 /* If there is more than one wildcards */
5244 if (pattern_wildcard)
5245 return 0;
5246 pattern_wildcard = pattern_left_label_end;
5247 break;
5248 }
5249 pattern_left_label_end++;
5250 }
5251
5252 /* If it's not trivial and there is no wildcard, it can't
5253 * match */
5254 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07005255 return 0;
5256
5257 /* Make sure all labels match except the leftmost */
5258 hostname_left_label_end = strchr(hostname, '.');
5259 if (!hostname_left_label_end
5260 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
5261 return 0;
5262
5263 /* Make sure the leftmost label of the hostname is long enough
5264 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02005265 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07005266 return 0;
5267
5268 /* Finally compare the string on either side of the
5269 * wildcard */
5270 prefixlen = pattern_wildcard - pattern;
5271 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02005272 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
5273 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07005274 return 0;
5275
5276 return 1;
5277}
5278
5279static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
5280{
5281 SSL *ssl;
5282 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005283 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005284 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02005285 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07005286
5287 int depth;
5288 X509 *cert;
5289 STACK_OF(GENERAL_NAME) *alt_names;
5290 int i;
5291 X509_NAME *cert_subject;
5292 char *str;
5293
5294 if (ok == 0)
5295 return ok;
5296
5297 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005298 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005299 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07005300
Willy Tarreauad92a9a2017-07-28 11:38:41 +02005301 /* We're checking if the provided hostnames match the desired one. The
5302 * desired hostname comes from the SNI we presented if any, or if not
5303 * provided then it may have been explicitly stated using a "verifyhost"
5304 * directive. If neither is set, we don't care about the name so the
5305 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02005306 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005307 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02005308 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005309 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02005310 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005311 if (!servername)
5312 return ok;
5313 }
Evan Broderbe554312013-06-27 00:05:25 -07005314
5315 /* We only need to verify the CN on the actual server cert,
5316 * not the indirect CAs */
5317 depth = X509_STORE_CTX_get_error_depth(ctx);
5318 if (depth != 0)
5319 return ok;
5320
5321 /* At this point, the cert is *not* OK unless we can find a
5322 * hostname match */
5323 ok = 0;
5324
5325 cert = X509_STORE_CTX_get_current_cert(ctx);
5326 /* It seems like this might happen if verify peer isn't set */
5327 if (!cert)
5328 return ok;
5329
5330 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
5331 if (alt_names) {
5332 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
5333 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
5334 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005335#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02005336 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
5337#else
Evan Broderbe554312013-06-27 00:05:25 -07005338 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02005339#endif
Evan Broderbe554312013-06-27 00:05:25 -07005340 ok = ssl_sock_srv_hostcheck(str, servername);
5341 OPENSSL_free(str);
5342 }
5343 }
5344 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02005345 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07005346 }
5347
5348 cert_subject = X509_get_subject_name(cert);
5349 i = -1;
5350 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
5351 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005352 ASN1_STRING *value;
5353 value = X509_NAME_ENTRY_get_data(entry);
5354 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07005355 ok = ssl_sock_srv_hostcheck(str, servername);
5356 OPENSSL_free(str);
5357 }
5358 }
5359
Willy Tarreau71d058c2017-07-26 20:09:56 +02005360 /* report the mismatch and indicate if SNI was used or not */
5361 if (!ok && !conn->err_code)
5362 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07005363 return ok;
5364}
5365
Emeric Brun94324a42012-10-11 14:00:19 +02005366/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01005367int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02005368{
Willy Tarreau03209342016-12-22 17:08:28 +01005369 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02005370 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005371 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02005372 SSL_OP_ALL | /* all known workarounds for bugs */
5373 SSL_OP_NO_SSLv2 |
5374 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005375 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02005376 SSL_MODE_ENABLE_PARTIAL_WRITE |
5377 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01005378 SSL_MODE_RELEASE_BUFFERS |
5379 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01005380 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005381 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005382 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005383 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005384 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02005385
Thierry Fournier383085f2013-01-24 14:15:43 +01005386 /* Make sure openssl opens /dev/urandom before the chroot */
5387 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005388 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01005389 cfgerr++;
5390 }
5391
Willy Tarreaufce03112015-01-15 21:32:40 +01005392 /* Automatic memory computations need to know we use SSL there */
5393 global.ssl_used_backend = 1;
5394
5395 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005396 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005397 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005398 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
5399 curproxy->id, srv->id,
5400 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005401 cfgerr++;
5402 return cfgerr;
5403 }
5404 }
Emeric Brun94324a42012-10-11 14:00:19 +02005405 if (srv->use_ssl)
5406 srv->xprt = &ssl_sock;
5407 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01005408 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02005409
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005410 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005411 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005412 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
5413 proxy_type_str(curproxy), curproxy->id,
5414 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02005415 cfgerr++;
5416 return cfgerr;
5417 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005418
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005419 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01005420 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
5421 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5422 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005423 else
5424 flags = conf_ssl_methods->flags;
5425
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005426 /* Real min and max should be determinate with configuration and openssl's capabilities */
5427 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005428 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005429 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005430 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005431
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005432 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005433 min = max = CONF_TLSV_NONE;
5434 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005435 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005436 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005437 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005438 if (min) {
5439 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005440 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
5441 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5442 proxy_type_str(curproxy), curproxy->id, srv->id,
5443 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005444 hole = 0;
5445 }
5446 max = i;
5447 }
5448 else {
5449 min = max = i;
5450 }
5451 }
5452 else {
5453 if (min)
5454 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005455 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005456 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005457 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
5458 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005459 cfgerr += 1;
5460 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005461
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005462#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005463 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08005464 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005465 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005466 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005467 else
5468 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
5469 if (flags & methodVersions[i].flag)
5470 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005471#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005472 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005473 methodVersions[min].ctx_set_version(ctx, SET_MIN);
5474 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005475#endif
5476
5477 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
5478 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005479 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005480
Willy Tarreau5db847a2019-05-09 14:13:35 +02005481#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005482 if (global_ssl.async)
5483 mode |= SSL_MODE_ASYNC;
5484#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005485 SSL_CTX_set_mode(ctx, mode);
5486 srv->ssl_ctx.ctx = ctx;
5487
Emeric Bruna7aa3092012-10-26 12:58:00 +02005488 if (srv->ssl_ctx.client_crt) {
5489 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005490 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
5491 proxy_type_str(curproxy), curproxy->id,
5492 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005493 cfgerr++;
5494 }
5495 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005496 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
5497 proxy_type_str(curproxy), curproxy->id,
5498 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005499 cfgerr++;
5500 }
5501 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005502 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
5503 proxy_type_str(curproxy), curproxy->id,
5504 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005505 cfgerr++;
5506 }
5507 }
Emeric Brun94324a42012-10-11 14:00:19 +02005508
Emeric Brun850efd52014-01-29 12:24:34 +01005509 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
5510 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01005511 switch (srv->ssl_ctx.verify) {
5512 case SSL_SOCK_VERIFY_NONE:
5513 verify = SSL_VERIFY_NONE;
5514 break;
5515 case SSL_SOCK_VERIFY_REQUIRED:
5516 verify = SSL_VERIFY_PEER;
5517 break;
5518 }
Evan Broderbe554312013-06-27 00:05:25 -07005519 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01005520 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02005521 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01005522 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02005523 if (srv->ssl_ctx.ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005524 /* set CAfile to verify */
5525 if (!ssl_set_verify_locations_file(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file)) {
5526 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to set CA file '%s'.\n",
Christopher Faulet767a84b2017-11-24 16:50:31 +01005527 curproxy->id, srv->id,
5528 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005529 cfgerr++;
5530 }
5531 }
Emeric Brun850efd52014-01-29 12:24:34 +01005532 else {
5533 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01005534 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
5535 curproxy->id, srv->id,
5536 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005537 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01005538 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
5539 curproxy->id, srv->id,
5540 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005541 cfgerr++;
5542 }
Emeric Brunef42d922012-10-11 16:11:36 +02005543#ifdef X509_V_FLAG_CRL_CHECK
5544 if (srv->ssl_ctx.crl_file) {
5545 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
5546
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005547 if (!ssl_set_cert_crl_file(store, srv->ssl_ctx.crl_file)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005548 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
5549 curproxy->id, srv->id,
5550 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005551 cfgerr++;
5552 }
5553 else {
5554 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5555 }
5556 }
5557#endif
5558 }
5559
Olivier Houchardbd84ac82017-11-03 13:43:35 +01005560 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
5561 SSL_SESS_CACHE_NO_INTERNAL_STORE);
5562 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02005563 if (srv->ssl_ctx.ciphers &&
5564 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005565 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
5566 curproxy->id, srv->id,
5567 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02005568 cfgerr++;
5569 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005570
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005571#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005572 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00005573 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005574 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
5575 curproxy->id, srv->id,
5576 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
5577 cfgerr++;
5578 }
5579#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01005580#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
5581 if (srv->ssl_ctx.npn_str)
5582 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
5583#endif
5584#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5585 if (srv->ssl_ctx.alpn_str)
5586 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
5587#endif
5588
Emeric Brun94324a42012-10-11 14:00:19 +02005589
5590 return cfgerr;
5591}
5592
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005593/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005594 * be NULL, in which case nothing is done. Returns the number of errors
5595 * encountered.
5596 */
Willy Tarreau03209342016-12-22 17:08:28 +01005597int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005598{
5599 struct ebmb_node *node;
5600 struct sni_ctx *sni;
5601 int err = 0;
William Lallemand8b453912019-11-21 15:48:10 +01005602 int errcode = 0;
5603 char *errmsg = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005604
Willy Tarreaufce03112015-01-15 21:32:40 +01005605 /* Automatic memory computations need to know we use SSL there */
5606 global.ssl_used_frontend = 1;
5607
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005608 /* Make sure openssl opens /dev/urandom before the chroot */
5609 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005610 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005611 err++;
5612 }
5613 /* Create initial_ctx used to start the ssl connection before do switchctx */
5614 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005615 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005616 /* It should not be necessary to call this function, but it's
5617 necessary first to check and move all initialisation related
5618 to initial_ctx in ssl_sock_initial_ctx. */
William Lallemand8b453912019-11-21 15:48:10 +01005619 errcode |= ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx, &errmsg);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005620 }
Emeric Brun0bed9942014-10-30 19:25:24 +01005621 if (bind_conf->default_ctx)
William Lallemand8b453912019-11-21 15:48:10 +01005622 errcode |= ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx, &errmsg);
Emeric Brun0bed9942014-10-30 19:25:24 +01005623
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005624 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005625 while (node) {
5626 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005627 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5628 /* only initialize the CTX on its first occurrence and
5629 if it is not the default_ctx */
William Lallemand8b453912019-11-21 15:48:10 +01005630 errcode |= ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx, &errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005631 node = ebmb_next(node);
5632 }
5633
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005634 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005635 while (node) {
5636 sni = ebmb_entry(node, struct sni_ctx, name);
William Lallemand8b453912019-11-21 15:48:10 +01005637 if (!sni->order && sni->ctx != bind_conf->default_ctx) {
Emeric Brun0bed9942014-10-30 19:25:24 +01005638 /* only initialize the CTX on its first occurrence and
5639 if it is not the default_ctx */
William Lallemand8b453912019-11-21 15:48:10 +01005640 errcode |= ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx, &errmsg);
5641 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005642 node = ebmb_next(node);
5643 }
William Lallemand8b453912019-11-21 15:48:10 +01005644
5645 if (errcode & ERR_WARN) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005646 ha_warning("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005647 } else if (errcode & ERR_CODE) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005648 ha_alert("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005649 err++;
5650 }
5651
5652 free(errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005653 return err;
5654}
5655
Willy Tarreau55d37912016-12-21 23:38:39 +01005656/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5657 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5658 * alerts are directly emitted since the rest of the stack does it below.
5659 */
5660int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5661{
5662 struct proxy *px = bind_conf->frontend;
5663 int alloc_ctx;
5664 int err;
5665
5666 if (!bind_conf->is_ssl) {
5667 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005668 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5669 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005670 }
5671 return 0;
5672 }
5673 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005674 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005675 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5676 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005677 }
5678 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005679 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5680 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005681 return -1;
5682 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005683 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005684 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005685 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005686 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005687 sizeof(*sh_ssl_sess_tree),
5688 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005689 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005690 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5691 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5692 else
5693 ha_alert("Unable to allocate SSL session cache.\n");
5694 return -1;
5695 }
5696 /* free block callback */
5697 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5698 /* init the root tree within the extra space */
5699 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5700 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005701 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005702 err = 0;
5703 /* initialize all certificate contexts */
5704 err += ssl_sock_prepare_all_ctx(bind_conf);
5705
5706 /* initialize CA variables if the certificates generation is enabled */
5707 err += ssl_sock_load_ca(bind_conf);
5708
5709 return -err;
5710}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005711
5712/* release ssl context allocated for servers. */
5713void ssl_sock_free_srv_ctx(struct server *srv)
5714{
Olivier Houchardc7566002018-11-20 23:33:50 +01005715#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5716 if (srv->ssl_ctx.alpn_str)
5717 free(srv->ssl_ctx.alpn_str);
5718#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005719#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005720 if (srv->ssl_ctx.npn_str)
5721 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005722#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005723 if (srv->ssl_ctx.ctx)
5724 SSL_CTX_free(srv->ssl_ctx.ctx);
5725}
5726
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005727/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005728 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5729 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005730void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005731{
5732 struct ebmb_node *node, *back;
5733 struct sni_ctx *sni;
5734
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005735 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005736 while (node) {
5737 sni = ebmb_entry(node, struct sni_ctx, name);
5738 back = ebmb_next(node);
5739 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005740 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005741 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005742 ssl_sock_free_ssl_conf(sni->conf);
5743 free(sni->conf);
5744 sni->conf = NULL;
5745 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005746 free(sni);
5747 node = back;
5748 }
5749
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005750 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005751 while (node) {
5752 sni = ebmb_entry(node, struct sni_ctx, name);
5753 back = ebmb_next(node);
5754 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005755 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005756 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005757 ssl_sock_free_ssl_conf(sni->conf);
5758 free(sni->conf);
5759 sni->conf = NULL;
5760 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005761 free(sni);
5762 node = back;
5763 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005764 SSL_CTX_free(bind_conf->initial_ctx);
5765 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005766 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005767 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005768}
5769
Willy Tarreau795cdab2016-12-22 17:30:54 +01005770/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5771void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5772{
5773 ssl_sock_free_ca(bind_conf);
5774 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005775 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005776 free(bind_conf->ca_sign_file);
5777 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005778 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005779 free(bind_conf->keys_ref->filename);
5780 free(bind_conf->keys_ref->tlskeys);
5781 LIST_DEL(&bind_conf->keys_ref->list);
5782 free(bind_conf->keys_ref);
5783 }
5784 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005785 bind_conf->ca_sign_pass = NULL;
5786 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005787}
5788
Christopher Faulet31af49d2015-06-09 17:29:50 +02005789/* Load CA cert file and private key used to generate certificates */
5790int
Willy Tarreau03209342016-12-22 17:08:28 +01005791ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005792{
Willy Tarreau03209342016-12-22 17:08:28 +01005793 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005794 FILE *fp;
5795 X509 *cacert = NULL;
5796 EVP_PKEY *capkey = NULL;
5797 int err = 0;
5798
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005799 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005800 return err;
5801
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005802#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005803 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005804 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005805 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005806 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005807 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005808#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005809
Christopher Faulet31af49d2015-06-09 17:29:50 +02005810 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005811 ha_alert("Proxy '%s': cannot enable certificate generation, "
5812 "no CA certificate File configured at [%s:%d].\n",
5813 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005814 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005815 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005816
5817 /* read in the CA certificate */
5818 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005819 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5820 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005821 goto load_error;
5822 }
5823 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005824 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5825 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005826 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005827 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005828 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005829 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005830 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5831 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005832 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005833 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005834
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005835 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005836 bind_conf->ca_sign_cert = cacert;
5837 bind_conf->ca_sign_pkey = capkey;
5838 return err;
5839
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005840 read_error:
5841 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005842 if (capkey) EVP_PKEY_free(capkey);
5843 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005844 load_error:
5845 bind_conf->generate_certs = 0;
5846 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005847 return err;
5848}
5849
5850/* Release CA cert and private key used to generate certificated */
5851void
5852ssl_sock_free_ca(struct bind_conf *bind_conf)
5853{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005854 if (bind_conf->ca_sign_pkey)
5855 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5856 if (bind_conf->ca_sign_cert)
5857 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005858 bind_conf->ca_sign_pkey = NULL;
5859 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005860}
5861
Emeric Brun46591952012-05-18 15:47:34 +02005862/*
5863 * This function is called if SSL * context is not yet allocated. The function
5864 * is designed to be called before any other data-layer operation and sets the
5865 * handshake flag on the connection. It is safe to call it multiple times.
5866 * It returns 0 on success and -1 in error case.
5867 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005868static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005869{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005870 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005871 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005872 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005873 return 0;
5874
Willy Tarreau3c728722014-01-23 13:50:42 +01005875 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005876 return 0;
5877
Olivier Houchard66ab4982019-02-26 18:37:15 +01005878 ctx = pool_alloc(ssl_sock_ctx_pool);
5879 if (!ctx) {
5880 conn->err_code = CO_ER_SSL_NO_MEM;
5881 return -1;
5882 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005883 ctx->wait_event.tasklet = tasklet_new();
5884 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005885 conn->err_code = CO_ER_SSL_NO_MEM;
5886 pool_free(ssl_sock_ctx_pool, ctx);
5887 return -1;
5888 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005889 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5890 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005891 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005892 ctx->sent_early_data = 0;
5893 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005894 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005895 ctx->send_wait = NULL;
5896 ctx->recv_wait = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005897 ctx->xprt_st = 0;
5898 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005899
5900 /* Only work with sockets for now, this should be adapted when we'll
5901 * add QUIC support.
5902 */
5903 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005904 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005905 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5906 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005907 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005908
Willy Tarreau20879a02012-12-03 16:32:10 +01005909 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5910 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005911 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005912 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005913
Emeric Brun46591952012-05-18 15:47:34 +02005914 /* If it is in client mode initiate SSL session
5915 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005916 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005917 int may_retry = 1;
5918
5919 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005920 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005921 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5922 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005923 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005924 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005925 goto retry_connect;
5926 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005927 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005928 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005929 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005930 ctx->bio = BIO_new(ha_meth);
5931 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005932 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005933 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005934 goto retry_connect;
5935 }
Emeric Brun55476152014-11-12 17:35:37 +01005936 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005937 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005938 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005939 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005940 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005941
Evan Broderbe554312013-06-27 00:05:25 -07005942 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005943 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5944 SSL_free(ctx->ssl);
5945 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005946 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005947 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005948 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005949 goto retry_connect;
5950 }
Emeric Brun55476152014-11-12 17:35:37 +01005951 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005952 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005953 }
5954
Olivier Houchard66ab4982019-02-26 18:37:15 +01005955 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005956 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5957 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5958 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005959 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005960 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005961 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5962 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005963 } else if (sess) {
5964 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005965 }
5966 }
Evan Broderbe554312013-06-27 00:05:25 -07005967
Emeric Brun46591952012-05-18 15:47:34 +02005968 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005969 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005970
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005971 _HA_ATOMIC_ADD(&sslconns, 1);
5972 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005973 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005974 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005975 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005976 if (conn->flags & CO_FL_ERROR)
5977 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005978 return 0;
5979 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005980 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005981 int may_retry = 1;
5982
5983 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005984 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005985 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5986 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005987 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005988 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005989 goto retry_accept;
5990 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005991 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005992 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005993 }
Emeric Brun46591952012-05-18 15:47:34 +02005994
Olivier Houcharda8955d52019-04-07 22:00:38 +02005995 ctx->bio = BIO_new(ha_meth);
5996 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005997 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005998 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005999 goto retry_accept;
6000 }
Emeric Brun55476152014-11-12 17:35:37 +01006001 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006002 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01006003 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02006004 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02006005 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02006006
Emeric Brune1f38db2012-09-03 20:36:47 +02006007 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006008 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
6009 SSL_free(ctx->ssl);
6010 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006011 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01006012 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006013 goto retry_accept;
6014 }
Emeric Brun55476152014-11-12 17:35:37 +01006015 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006016 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01006017 }
6018
Olivier Houchard66ab4982019-02-26 18:37:15 +01006019 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02006020
Emeric Brun46591952012-05-18 15:47:34 +02006021 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02006022 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006023#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006024 conn->flags |= CO_FL_EARLY_SSL_HS;
6025#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02006026
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006027 _HA_ATOMIC_ADD(&sslconns, 1);
6028 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006029 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006030 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006031 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006032 if (conn->flags & CO_FL_ERROR)
6033 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02006034 return 0;
6035 }
6036 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01006037 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006038err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006039 if (ctx && ctx->wait_event.tasklet)
6040 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006041 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02006042 return -1;
6043}
6044
6045
6046/* This is the callback which is used when an SSL handshake is pending. It
6047 * updates the FD status if it wants some polling before being called again.
6048 * It returns 0 if it fails in a fatal way or needs to poll to go further,
6049 * otherwise it returns non-zero and removes itself from the connection's
6050 * flags (the bit is provided in <flag> by the caller).
6051 */
Olivier Houchard000694c2019-05-23 14:45:12 +02006052static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02006053{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006054 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02006055 int ret;
6056
Willy Tarreau3c728722014-01-23 13:50:42 +01006057 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02006058 return 0;
6059
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02006060 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006061 goto out_error;
6062
Willy Tarreau5db847a2019-05-09 14:13:35 +02006063#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02006064 /*
6065 * Check if we have early data. If we do, we have to read them
6066 * before SSL_do_handshake() is called, And there's no way to
6067 * detect early data, except to try to read them
6068 */
6069 if (conn->flags & CO_FL_EARLY_SSL_HS) {
6070 size_t read_data;
6071
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006072 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02006073 1, &read_data);
6074 if (ret == SSL_READ_EARLY_DATA_ERROR)
6075 goto check_error;
6076 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
6077 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
6078 return 1;
6079 } else
6080 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6081 }
6082#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006083 /* If we use SSL_do_handshake to process a reneg initiated by
6084 * the remote peer, it sometimes returns SSL_ERROR_SSL.
6085 * Usually SSL_write and SSL_read are used and process implicitly
6086 * the reneg handshake.
6087 * Here we use SSL_peek as a workaround for reneg.
6088 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006089 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01006090 char c;
6091
Olivier Houchard66ab4982019-02-26 18:37:15 +01006092 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01006093 if (ret <= 0) {
6094 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006095 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006096
Emeric Brun674b7432012-11-08 19:21:55 +01006097 if (ret == SSL_ERROR_WANT_WRITE) {
6098 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006099 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006100 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01006101 return 0;
6102 }
6103 else if (ret == SSL_ERROR_WANT_READ) {
6104 /* handshake may have been completed but we have
6105 * no more data to read.
6106 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006107 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01006108 ret = 1;
6109 goto reneg_ok;
6110 }
6111 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006112 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006113 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01006114 return 0;
6115 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006116#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006117 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006118 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006119 return 0;
6120 }
6121#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006122 else if (ret == SSL_ERROR_SYSCALL) {
6123 /* if errno is null, then connection was successfully established */
6124 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6125 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01006126 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006127#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6128 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006129 conn->err_code = CO_ER_SSL_HANDSHAKE;
6130#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006131 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006132#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006133 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006134 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006135 empty_handshake = state == TLS_ST_BEFORE;
6136#else
Lukas Tribus49799162019-07-08 14:29:15 +02006137 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6138 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006139#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006140 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02006141 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006142 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006143 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6144 else
6145 conn->err_code = CO_ER_SSL_EMPTY;
6146 }
6147 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006148 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006149 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6150 else
6151 conn->err_code = CO_ER_SSL_ABORT;
6152 }
6153 }
6154 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006155 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006156 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01006157 else
Emeric Brun29f037d2014-04-25 19:05:36 +02006158 conn->err_code = CO_ER_SSL_HANDSHAKE;
6159 }
Lukas Tribus49799162019-07-08 14:29:15 +02006160#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01006161 }
Emeric Brun674b7432012-11-08 19:21:55 +01006162 goto out_error;
6163 }
6164 else {
6165 /* Fail on all other handshake errors */
6166 /* Note: OpenSSL may leave unread bytes in the socket's
6167 * buffer, causing an RST to be emitted upon close() on
6168 * TCP sockets. We first try to drain possibly pending
6169 * data to avoid this as much as possible.
6170 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006171 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006172 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006173 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006174 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01006175 goto out_error;
6176 }
6177 }
6178 /* read some data: consider handshake completed */
6179 goto reneg_ok;
6180 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006181 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006182check_error:
Emeric Brun46591952012-05-18 15:47:34 +02006183 if (ret != 1) {
6184 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006185 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006186
6187 if (ret == SSL_ERROR_WANT_WRITE) {
6188 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006189 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006190 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006191 return 0;
6192 }
6193 else if (ret == SSL_ERROR_WANT_READ) {
6194 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02006195 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006196 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6197 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006198 return 0;
6199 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006200#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006201 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006202 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006203 return 0;
6204 }
6205#endif
Willy Tarreau89230192012-09-28 20:22:13 +02006206 else if (ret == SSL_ERROR_SYSCALL) {
6207 /* if errno is null, then connection was successfully established */
6208 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6209 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006210 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006211#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6212 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006213 conn->err_code = CO_ER_SSL_HANDSHAKE;
6214#else
6215 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006216#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006217 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006218 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006219 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006220#else
Lukas Tribus49799162019-07-08 14:29:15 +02006221 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6222 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006223#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006224 if (empty_handshake) {
6225 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006226 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006227 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6228 else
6229 conn->err_code = CO_ER_SSL_EMPTY;
6230 }
6231 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006232 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006233 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6234 else
6235 conn->err_code = CO_ER_SSL_ABORT;
6236 }
Emeric Brun29f037d2014-04-25 19:05:36 +02006237 }
6238 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006239 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006240 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6241 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006242 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02006243 }
Lukas Tribus49799162019-07-08 14:29:15 +02006244#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02006245 }
Willy Tarreau89230192012-09-28 20:22:13 +02006246 goto out_error;
6247 }
Emeric Brun46591952012-05-18 15:47:34 +02006248 else {
6249 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02006250 /* Note: OpenSSL may leave unread bytes in the socket's
6251 * buffer, causing an RST to be emitted upon close() on
6252 * TCP sockets. We first try to drain possibly pending
6253 * data to avoid this as much as possible.
6254 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006255 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006256 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006257 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006258 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006259 goto out_error;
6260 }
6261 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006262#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01006263 else {
6264 /*
6265 * If the server refused the early data, we have to send a
6266 * 425 to the client, as we no longer have the data to sent
6267 * them again.
6268 */
6269 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006270 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006271 conn->err_code = CO_ER_SSL_EARLY_FAILED;
6272 goto out_error;
6273 }
6274 }
6275 }
6276#endif
6277
Emeric Brun46591952012-05-18 15:47:34 +02006278
Emeric Brun674b7432012-11-08 19:21:55 +01006279reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00006280
Willy Tarreau5db847a2019-05-09 14:13:35 +02006281#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006282 /* ASYNC engine API doesn't support moving read/write
6283 * buffers. So we disable ASYNC mode right after
6284 * the handshake to avoid buffer oveflows.
6285 */
6286 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006287 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006288#endif
Emeric Brun46591952012-05-18 15:47:34 +02006289 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006290 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006291 if (objt_server(conn->target)) {
6292 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
6293 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
6294 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02006295 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006296 else {
6297 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
6298 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
6299 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
6300 }
Emeric Brun46591952012-05-18 15:47:34 +02006301 }
6302
6303 /* The connection is now established at both layers, it's time to leave */
6304 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
6305 return 1;
6306
6307 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006308 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006309 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006310 ERR_clear_error();
6311
Emeric Brun9fa89732012-10-04 17:09:56 +02006312 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02006313 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
6314 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
6315 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02006316 }
6317
Emeric Brun46591952012-05-18 15:47:34 +02006318 /* Fail on all other handshake errors */
6319 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01006320 if (!conn->err_code)
6321 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006322 return 0;
6323}
6324
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006325static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006326{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006327 struct wait_event *sw;
6328 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006329
Olivier Houchard0ff28652019-06-24 18:57:39 +02006330 if (!ctx)
6331 return -1;
6332
Olivier Houchardea8dd942019-05-20 14:02:16 +02006333 if (event_type & SUB_RETRY_RECV) {
6334 sw = param;
6335 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
6336 sw->events |= SUB_RETRY_RECV;
6337 ctx->recv_wait = sw;
6338 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6339 !(ctx->wait_event.events & SUB_RETRY_RECV))
6340 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
6341 event_type &= ~SUB_RETRY_RECV;
6342 }
6343 if (event_type & SUB_RETRY_SEND) {
6344sw = param;
6345 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
6346 sw->events |= SUB_RETRY_SEND;
6347 ctx->send_wait = sw;
6348 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6349 !(ctx->wait_event.events & SUB_RETRY_SEND))
6350 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
6351 event_type &= ~SUB_RETRY_SEND;
6352
6353 }
6354 if (event_type != 0)
6355 return -1;
6356 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006357}
6358
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006359static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006360{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006361 struct wait_event *sw;
6362 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006363
Olivier Houchardea8dd942019-05-20 14:02:16 +02006364 if (event_type & SUB_RETRY_RECV) {
6365 sw = param;
6366 BUG_ON(ctx->recv_wait != sw);
6367 ctx->recv_wait = NULL;
6368 sw->events &= ~SUB_RETRY_RECV;
6369 /* If we subscribed, and we're not doing the handshake,
6370 * then we subscribed because the upper layer asked for it,
6371 * as the upper layer is no longer interested, we can
6372 * unsubscribe too.
6373 */
6374 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6375 (ctx->wait_event.events & SUB_RETRY_RECV))
6376 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
6377 &ctx->wait_event);
6378 }
6379 if (event_type & SUB_RETRY_SEND) {
6380 sw = param;
6381 BUG_ON(ctx->send_wait != sw);
6382 ctx->send_wait = NULL;
6383 sw->events &= ~SUB_RETRY_SEND;
6384 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6385 (ctx->wait_event.events & SUB_RETRY_SEND))
6386 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
6387 &ctx->wait_event);
6388
6389 }
6390
6391 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006392}
6393
Olivier Houchard2e055482019-05-27 19:50:12 +02006394/* Use the provided XPRT as an underlying XPRT, and provide the old one.
6395 * Returns 0 on success, and non-zero on failure.
6396 */
6397static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
6398{
6399 struct ssl_sock_ctx *ctx = xprt_ctx;
6400
6401 if (oldxprt_ops != NULL)
6402 *oldxprt_ops = ctx->xprt;
6403 if (oldxprt_ctx != NULL)
6404 *oldxprt_ctx = ctx->xprt_ctx;
6405 ctx->xprt = toadd_ops;
6406 ctx->xprt_ctx = toadd_ctx;
6407 return 0;
6408}
6409
Olivier Houchard5149b592019-05-23 17:47:36 +02006410/* Remove the specified xprt. If if it our underlying XPRT, remove it and
6411 * return 0, otherwise just call the remove_xprt method from the underlying
6412 * XPRT.
6413 */
6414static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
6415{
6416 struct ssl_sock_ctx *ctx = xprt_ctx;
6417
6418 if (ctx->xprt_ctx == toremove_ctx) {
6419 ctx->xprt_ctx = newctx;
6420 ctx->xprt = newops;
6421 return 0;
6422 }
6423 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
6424}
6425
Olivier Houchardea8dd942019-05-20 14:02:16 +02006426static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
6427{
6428 struct ssl_sock_ctx *ctx = context;
6429
6430 /* First if we're doing an handshake, try that */
6431 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
6432 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
6433 /* If we had an error, or the handshake is done and I/O is available,
6434 * let the upper layer know.
6435 * If no mux was set up yet, and nobody subscribed, then call
6436 * xprt_done_cb() ourself if it's set, or destroy the connection,
6437 * we can't be sure conn_fd_handler() will be called again.
6438 */
6439 if ((ctx->conn->flags & CO_FL_ERROR) ||
6440 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
6441 int ret = 0;
6442 int woke = 0;
6443
6444 /* On error, wake any waiter */
6445 if (ctx->recv_wait) {
6446 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006447 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006448 ctx->recv_wait = NULL;
6449 woke = 1;
6450 }
6451 if (ctx->send_wait) {
6452 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006453 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006454 ctx->send_wait = NULL;
6455 woke = 1;
6456 }
6457 /* If we're the first xprt for the connection, let the
6458 * upper layers know. If xprt_done_cb() is set, call it,
6459 * otherwise, we should have a mux, so call its wake
6460 * method if we didn't woke a tasklet already.
6461 */
6462 if (ctx->conn->xprt_ctx == ctx) {
6463 if (ctx->conn->xprt_done_cb)
6464 ret = ctx->conn->xprt_done_cb(ctx->conn);
6465 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
6466 ctx->conn->mux->wake(ctx->conn);
6467 return NULL;
6468 }
6469 }
6470 return NULL;
6471}
6472
Emeric Brun46591952012-05-18 15:47:34 +02006473/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01006474 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02006475 * buffer wraps, in which case a second call may be performed. The connection's
6476 * flags are updated with whatever special event is detected (error, read0,
6477 * empty). The caller is responsible for taking care of those events and
6478 * avoiding the call if inappropriate. The function does not call the
6479 * connection's polling update function, so the caller is responsible for this.
6480 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006481static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006482{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006483 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02006484 ssize_t ret;
6485 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02006486
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006487 conn_refresh_polling_flags(conn);
6488
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006489 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006490 goto out_error;
6491
6492 if (conn->flags & CO_FL_HANDSHAKE)
6493 /* a handshake was requested */
6494 return 0;
6495
Emeric Brun46591952012-05-18 15:47:34 +02006496 /* read the largest possible block. For this, we perform only one call
6497 * to recv() unless the buffer wraps and we exactly fill the first hunk,
6498 * in which case we accept to do it once again. A new attempt is made on
6499 * EINTR too.
6500 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01006501 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006502 int need_out = 0;
6503
Willy Tarreau591d4452018-06-15 17:21:00 +02006504 try = b_contig_space(buf);
6505 if (!try)
6506 break;
6507
Willy Tarreauabf08d92014-01-14 11:31:27 +01006508 if (try > count)
6509 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02006510
Olivier Houchardc2aae742017-09-22 18:26:28 +02006511 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006512 ctx->tmp_early_data != -1) {
6513 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006514 done++;
6515 try--;
6516 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02006517 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006518 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006519 continue;
6520 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01006521
Willy Tarreau5db847a2019-05-09 14:13:35 +02006522#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006523 if (conn->flags & CO_FL_EARLY_SSL_HS) {
6524 size_t read_length;
6525
Olivier Houchard66ab4982019-02-26 18:37:15 +01006526 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02006527 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01006528 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
6529 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006530 conn->flags |= CO_FL_EARLY_DATA;
6531 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
6532 ret == SSL_READ_EARLY_DATA_FINISH) {
6533 if (ret == SSL_READ_EARLY_DATA_FINISH) {
6534 /*
6535 * We're done reading the early data,
6536 * let's make the handshake
6537 */
6538 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6539 conn->flags |= CO_FL_SSL_WAIT_HS;
6540 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006541 /* Now initiate the handshake */
6542 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006543 if (read_length == 0)
6544 break;
6545 }
6546 ret = read_length;
6547 }
6548 } else
6549#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006550 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006551
Emeric Brune1f38db2012-09-03 20:36:47 +02006552 if (conn->flags & CO_FL_ERROR) {
6553 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006554 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006555 }
Emeric Brun46591952012-05-18 15:47:34 +02006556 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02006557 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006558 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006559 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006560 }
Emeric Brun46591952012-05-18 15:47:34 +02006561 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006562 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006563 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006564 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02006565 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006566 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006567#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006568 /* Async mode can be re-enabled, because we're leaving data state.*/
6569 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006570 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006571#endif
Emeric Brun46591952012-05-18 15:47:34 +02006572 break;
6573 }
6574 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006575 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006576 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6577 SUB_RETRY_RECV,
6578 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01006579 /* handshake is running, and it may need to re-enable read */
6580 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006581#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006582 /* Async mode can be re-enabled, because we're leaving data state.*/
6583 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006584 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006585#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006586 break;
6587 }
Emeric Brun46591952012-05-18 15:47:34 +02006588 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006589 } else if (ret == SSL_ERROR_ZERO_RETURN)
6590 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006591 /* For SSL_ERROR_SYSCALL, make sure to clear the error
6592 * stack before shutting down the connection for
6593 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006594 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
6595 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02006596 /* otherwise it's a real error */
6597 goto out_error;
6598 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006599 if (need_out)
6600 break;
Emeric Brun46591952012-05-18 15:47:34 +02006601 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006602 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006603 return done;
6604
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006605 clear_ssl_error:
6606 /* Clear openssl global errors stack */
6607 ssl_sock_dump_errors(conn);
6608 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02006609 read0:
6610 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006611 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006612
Emeric Brun46591952012-05-18 15:47:34 +02006613 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006614 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01006615 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006616 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006617 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006618 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006619}
6620
6621
Willy Tarreau787db9a2018-06-14 18:31:46 +02006622/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
6623 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
6624 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02006625 * Only one call to send() is performed, unless the buffer wraps, in which case
6626 * a second call may be performed. The connection's flags are updated with
6627 * whatever special event is detected (error, empty). The caller is responsible
6628 * for taking care of those events and avoiding the call if inappropriate. The
6629 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02006630 * is responsible for this. The buffer's output is not adjusted, it's up to the
6631 * caller to take care of this. It's up to the caller to update the buffer's
6632 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02006633 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006634static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006635{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006636 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006637 ssize_t ret;
6638 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02006639
6640 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006641 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02006642
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006643 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006644 goto out_error;
6645
Olivier Houchard010941f2019-05-03 20:56:19 +02006646 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006647 /* a handshake was requested */
6648 return 0;
6649
6650 /* send the largest possible block. For this we perform only one call
6651 * to send() unless the buffer wraps and we exactly fill the first hunk,
6652 * in which case we accept to do it once again.
6653 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006654 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02006655#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006656 size_t written_data;
6657#endif
6658
Willy Tarreau787db9a2018-06-14 18:31:46 +02006659 try = b_contig_data(buf, done);
6660 if (try > count)
6661 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006662
Willy Tarreau7bed9452014-02-02 02:00:24 +01006663 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006664 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006665 global_ssl.max_record && try > global_ssl.max_record) {
6666 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006667 }
6668 else {
6669 /* we need to keep the information about the fact that
6670 * we're not limiting the upcoming send(), because if it
6671 * fails, we'll have to retry with at least as many data.
6672 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006673 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006674 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006675
Willy Tarreau5db847a2019-05-09 14:13:35 +02006676#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006677 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006678 unsigned int max_early;
6679
Olivier Houchard522eea72017-11-03 16:27:47 +01006680 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006681 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006682 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006683 if (SSL_get0_session(ctx->ssl))
6684 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006685 else
6686 max_early = 0;
6687 }
6688
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006689 if (try + ctx->sent_early_data > max_early) {
6690 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006691 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006692 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006693 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006694 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006695 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006696 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006697 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006698 if (ret == 1) {
6699 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006700 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006701 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006702 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006703 /* Initiate the handshake, now */
6704 tasklet_wakeup(ctx->wait_event.tasklet);
6705 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006706
Olivier Houchardc2aae742017-09-22 18:26:28 +02006707 }
6708
6709 } else
6710#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006711 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006712
Emeric Brune1f38db2012-09-03 20:36:47 +02006713 if (conn->flags & CO_FL_ERROR) {
6714 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006715 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006716 }
Emeric Brun46591952012-05-18 15:47:34 +02006717 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006718 /* A send succeeded, so we can consier ourself connected */
6719 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006720 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006721 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006722 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006723 }
6724 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006725 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006726
Emeric Brun46591952012-05-18 15:47:34 +02006727 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006728 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006729 /* handshake is running, and it may need to re-enable write */
6730 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006731 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006732#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006733 /* Async mode can be re-enabled, because we're leaving data state.*/
6734 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006735 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006736#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006737 break;
6738 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006739
Emeric Brun46591952012-05-18 15:47:34 +02006740 break;
6741 }
6742 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006743 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006744 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006745 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6746 SUB_RETRY_RECV,
6747 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006748#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006749 /* Async mode can be re-enabled, because we're leaving data state.*/
6750 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006751 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006752#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006753 break;
6754 }
Emeric Brun46591952012-05-18 15:47:34 +02006755 goto out_error;
6756 }
6757 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006758 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006759 return done;
6760
6761 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006762 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006763 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006764 ERR_clear_error();
6765
Emeric Brun46591952012-05-18 15:47:34 +02006766 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006767 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006768}
6769
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006770static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006771
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006772 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006773
Olivier Houchardea8dd942019-05-20 14:02:16 +02006774
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006775 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006776 if (ctx->wait_event.events != 0)
6777 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6778 ctx->wait_event.events,
6779 &ctx->wait_event);
6780 if (ctx->send_wait) {
6781 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006782 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006783 }
6784 if (ctx->recv_wait) {
6785 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006786 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006787 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006788 if (ctx->xprt->close)
6789 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006790#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006791 if (global_ssl.async) {
6792 OSSL_ASYNC_FD all_fd[32], afd;
6793 size_t num_all_fds = 0;
6794 int i;
6795
Olivier Houchard66ab4982019-02-26 18:37:15 +01006796 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006797 if (num_all_fds > 32) {
6798 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6799 return;
6800 }
6801
Olivier Houchard66ab4982019-02-26 18:37:15 +01006802 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006803
6804 /* If an async job is pending, we must try to
6805 to catch the end using polling before calling
6806 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006807 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006808 for (i=0 ; i < num_all_fds ; i++) {
6809 /* switch on an handler designed to
6810 * handle the SSL_free
6811 */
6812 afd = all_fd[i];
6813 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006814 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006815 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006816 /* To ensure that the fd cache won't be used
6817 * and we'll catch a real RD event.
6818 */
6819 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006820 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006821 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006822 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006823 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006824 return;
6825 }
Emeric Brun3854e012017-05-17 20:42:48 +02006826 /* Else we can remove the fds from the fdtab
6827 * and call SSL_free.
6828 * note: we do a fd_remove and not a delete
6829 * because the fd is owned by the engine.
6830 * the engine is responsible to close
6831 */
6832 for (i=0 ; i < num_all_fds ; i++)
6833 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006834 }
6835#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006836 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006837 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006838 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006839 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006840 }
Emeric Brun46591952012-05-18 15:47:34 +02006841}
6842
6843/* This function tries to perform a clean shutdown on an SSL connection, and in
6844 * any case, flags the connection as reusable if no handshake was in progress.
6845 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006846static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006847{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006848 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006849
Emeric Brun46591952012-05-18 15:47:34 +02006850 if (conn->flags & CO_FL_HANDSHAKE)
6851 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006852 if (!clean)
6853 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006854 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006855 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006856 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006857 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006858 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006859 ERR_clear_error();
6860 }
Emeric Brun46591952012-05-18 15:47:34 +02006861}
6862
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006863/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006864int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006865{
Christopher Faulet82004142019-09-10 10:12:03 +02006866 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006867 int bits = 0;
6868 int sig = TLSEXT_signature_anonymous;
6869 int len = -1;
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006870 X509 *crt;
6871 EVP_PKEY *pkey;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006872
6873 if (!ssl_sock_is_ssl(conn))
6874 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02006875 ctx = conn->xprt_ctx;
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006876
6877 crt = SSL_get_certificate(ctx->ssl);
6878 if (!crt)
6879 return 0;
6880 pkey = X509_get_pubkey(crt);
6881 if (pkey) {
6882 bits = EVP_PKEY_bits(pkey);
6883 switch(EVP_PKEY_base_id(pkey)) {
6884 case EVP_PKEY_RSA:
6885 sig = TLSEXT_signature_rsa;
6886 break;
6887 case EVP_PKEY_EC:
6888 sig = TLSEXT_signature_ecdsa;
6889 break;
6890 case EVP_PKEY_DSA:
6891 sig = TLSEXT_signature_dsa;
6892 break;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006893 }
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006894 EVP_PKEY_free(pkey);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006895 }
6896
6897 switch(sig) {
6898 case TLSEXT_signature_rsa:
6899 len = chunk_printf(out, "RSA%d", bits);
6900 break;
6901 case TLSEXT_signature_ecdsa:
6902 len = chunk_printf(out, "EC%d", bits);
6903 break;
6904 case TLSEXT_signature_dsa:
6905 len = chunk_printf(out, "DSA%d", bits);
6906 break;
6907 default:
6908 return 0;
6909 }
6910 if (len < 0)
6911 return 0;
6912 return 1;
6913}
6914
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006915/* used for ppv2 cert signature (can be used for logging) */
6916const char *ssl_sock_get_cert_sig(struct connection *conn)
6917{
Christopher Faulet82004142019-09-10 10:12:03 +02006918 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006919
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006920 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6921 X509 *crt;
6922
6923 if (!ssl_sock_is_ssl(conn))
6924 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006925 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006926 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006927 if (!crt)
6928 return NULL;
6929 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6930 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6931}
6932
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006933/* used for ppv2 authority */
6934const char *ssl_sock_get_sni(struct connection *conn)
6935{
6936#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006937 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006938
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006939 if (!ssl_sock_is_ssl(conn))
6940 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006941 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006942 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006943#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006944 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006945#endif
6946}
6947
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006948/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006949const char *ssl_sock_get_cipher_name(struct connection *conn)
6950{
Christopher Faulet82004142019-09-10 10:12:03 +02006951 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006952
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006953 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006954 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006955 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006956 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006957}
6958
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006959/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006960const char *ssl_sock_get_proto_version(struct connection *conn)
6961{
Christopher Faulet82004142019-09-10 10:12:03 +02006962 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006963
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006964 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006965 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006966 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006967 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006968}
6969
Willy Tarreau8d598402012-10-22 17:58:39 +02006970/* Extract a serial from a cert, and copy it to a chunk.
6971 * Returns 1 if serial is found and copied, 0 if no serial found and
6972 * -1 if output is not large enough.
6973 */
6974static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006975ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006976{
6977 ASN1_INTEGER *serial;
6978
6979 serial = X509_get_serialNumber(crt);
6980 if (!serial)
6981 return 0;
6982
6983 if (out->size < serial->length)
6984 return -1;
6985
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006986 memcpy(out->area, serial->data, serial->length);
6987 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006988 return 1;
6989}
6990
Emeric Brun43e79582014-10-29 19:03:26 +01006991/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006992 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6993 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006994 */
6995static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006996ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006997{
6998 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006999 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01007000
7001 len =i2d_X509(crt, NULL);
7002 if (len <= 0)
7003 return 1;
7004
7005 if (out->size < len)
7006 return -1;
7007
7008 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007009 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01007010 return 1;
7011}
7012
Emeric Brunce5ad802012-10-22 14:11:22 +02007013
Willy Tarreau83061a82018-07-13 11:56:34 +02007014/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02007015 * Returns 1 if serial is found and copied, 0 if no valid time found
7016 * and -1 if output is not large enough.
7017 */
7018static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007019ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02007020{
7021 if (tm->type == V_ASN1_GENERALIZEDTIME) {
7022 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
7023
7024 if (gentm->length < 12)
7025 return 0;
7026 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
7027 return 0;
7028 if (out->size < gentm->length-2)
7029 return -1;
7030
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007031 memcpy(out->area, gentm->data+2, gentm->length-2);
7032 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02007033 return 1;
7034 }
7035 else if (tm->type == V_ASN1_UTCTIME) {
7036 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
7037
7038 if (utctm->length < 10)
7039 return 0;
7040 if (utctm->data[0] >= 0x35)
7041 return 0;
7042 if (out->size < utctm->length)
7043 return -1;
7044
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007045 memcpy(out->area, utctm->data, utctm->length);
7046 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02007047 return 1;
7048 }
7049
7050 return 0;
7051}
7052
Emeric Brun87855892012-10-17 17:39:35 +02007053/* Extract an entry from a X509_NAME and copy its value to an output chunk.
7054 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
7055 */
7056static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007057ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
7058 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02007059{
7060 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007061 ASN1_OBJECT *obj;
7062 ASN1_STRING *data;
7063 const unsigned char *data_ptr;
7064 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007065 int i, j, n;
7066 int cur = 0;
7067 const char *s;
7068 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007069 int name_count;
7070
7071 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02007072
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007073 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007074 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02007075 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007076 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02007077 else
7078 j = i;
7079
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007080 ne = X509_NAME_get_entry(a, j);
7081 obj = X509_NAME_ENTRY_get_object(ne);
7082 data = X509_NAME_ENTRY_get_data(ne);
7083 data_ptr = ASN1_STRING_get0_data(data);
7084 data_len = ASN1_STRING_length(data);
7085 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02007086 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007087 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02007088 s = tmp;
7089 }
7090
7091 if (chunk_strcasecmp(entry, s) != 0)
7092 continue;
7093
7094 if (pos < 0)
7095 cur--;
7096 else
7097 cur++;
7098
7099 if (cur != pos)
7100 continue;
7101
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007102 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02007103 return -1;
7104
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007105 memcpy(out->area, data_ptr, data_len);
7106 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007107 return 1;
7108 }
7109
7110 return 0;
7111
7112}
7113
7114/* Extract and format full DN from a X509_NAME and copy result into a chunk
7115 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
7116 */
7117static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007118ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02007119{
7120 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007121 ASN1_OBJECT *obj;
7122 ASN1_STRING *data;
7123 const unsigned char *data_ptr;
7124 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007125 int i, n, ln;
7126 int l = 0;
7127 const char *s;
7128 char *p;
7129 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007130 int name_count;
7131
7132
7133 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02007134
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007135 out->data = 0;
7136 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007137 for (i = 0; i < name_count; i++) {
7138 ne = X509_NAME_get_entry(a, i);
7139 obj = X509_NAME_ENTRY_get_object(ne);
7140 data = X509_NAME_ENTRY_get_data(ne);
7141 data_ptr = ASN1_STRING_get0_data(data);
7142 data_len = ASN1_STRING_length(data);
7143 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02007144 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007145 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02007146 s = tmp;
7147 }
7148 ln = strlen(s);
7149
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007150 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007151 if (l > out->size)
7152 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007153 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02007154
7155 *(p++)='/';
7156 memcpy(p, s, ln);
7157 p += ln;
7158 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007159 memcpy(p, data_ptr, data_len);
7160 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007161 }
7162
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007163 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02007164 return 0;
7165
7166 return 1;
7167}
7168
Olivier Houchardab28a322018-12-21 19:45:40 +01007169void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
7170{
7171#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet82004142019-09-10 10:12:03 +02007172 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007173
Olivier Houcharde488ea82019-06-28 14:10:33 +02007174 if (!ssl_sock_is_ssl(conn))
7175 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007176 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007177 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01007178#endif
7179}
7180
Willy Tarreau119a4082016-12-22 21:58:38 +01007181/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
7182 * to disable SNI.
7183 */
Willy Tarreau63076412015-07-10 11:33:32 +02007184void ssl_sock_set_servername(struct connection *conn, const char *hostname)
7185{
7186#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02007187 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007188
Willy Tarreau119a4082016-12-22 21:58:38 +01007189 char *prev_name;
7190
Willy Tarreau63076412015-07-10 11:33:32 +02007191 if (!ssl_sock_is_ssl(conn))
7192 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007193 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02007194
Willy Tarreau119a4082016-12-22 21:58:38 +01007195 /* if the SNI changes, we must destroy the reusable context so that a
7196 * new connection will present a new SNI. As an optimization we could
7197 * later imagine having a small cache of ssl_ctx to hold a few SNI per
7198 * server.
7199 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007200 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01007201 if ((!prev_name && hostname) ||
7202 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01007203 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01007204
Olivier Houchard66ab4982019-02-26 18:37:15 +01007205 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02007206#endif
7207}
7208
Emeric Brun0abf8362014-06-24 18:26:41 +02007209/* Extract peer certificate's common name into the chunk dest
7210 * Returns
7211 * the len of the extracted common name
7212 * or 0 if no CN found in DN
7213 * or -1 on error case (i.e. no peer certificate)
7214 */
Willy Tarreau83061a82018-07-13 11:56:34 +02007215int ssl_sock_get_remote_common_name(struct connection *conn,
7216 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04007217{
Christopher Faulet82004142019-09-10 10:12:03 +02007218 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04007219 X509 *crt = NULL;
7220 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04007221 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02007222 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007223 .area = (char *)&find_cn,
7224 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04007225 };
Emeric Brun0abf8362014-06-24 18:26:41 +02007226 int result = -1;
David Safb76832014-05-08 23:42:08 -04007227
7228 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02007229 goto out;
Christopher Faulet82004142019-09-10 10:12:03 +02007230 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04007231
7232 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007233 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007234 if (!crt)
7235 goto out;
7236
7237 name = X509_get_subject_name(crt);
7238 if (!name)
7239 goto out;
David Safb76832014-05-08 23:42:08 -04007240
Emeric Brun0abf8362014-06-24 18:26:41 +02007241 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
7242out:
David Safb76832014-05-08 23:42:08 -04007243 if (crt)
7244 X509_free(crt);
7245
7246 return result;
7247}
7248
Dave McCowan328fb582014-07-30 10:39:13 -04007249/* returns 1 if client passed a certificate for this session, 0 if not */
7250int ssl_sock_get_cert_used_sess(struct connection *conn)
7251{
Christopher Faulet82004142019-09-10 10:12:03 +02007252 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007253 X509 *crt = NULL;
7254
7255 if (!ssl_sock_is_ssl(conn))
7256 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007257 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007258
7259 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007260 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04007261 if (!crt)
7262 return 0;
7263
7264 X509_free(crt);
7265 return 1;
7266}
7267
7268/* returns 1 if client passed a certificate for this connection, 0 if not */
7269int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04007270{
Christopher Faulet82004142019-09-10 10:12:03 +02007271 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007272
David Safb76832014-05-08 23:42:08 -04007273 if (!ssl_sock_is_ssl(conn))
7274 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007275 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007276 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04007277}
7278
7279/* returns result from SSL verify */
7280unsigned int ssl_sock_get_verify_result(struct connection *conn)
7281{
Christopher Faulet82004142019-09-10 10:12:03 +02007282 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007283
David Safb76832014-05-08 23:42:08 -04007284 if (!ssl_sock_is_ssl(conn))
7285 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet82004142019-09-10 10:12:03 +02007286 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007287 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007288}
7289
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007290/* Returns the application layer protocol name in <str> and <len> when known.
7291 * Zero is returned if the protocol name was not found, otherwise non-zero is
7292 * returned. The string is allocated in the SSL context and doesn't have to be
7293 * freed by the caller. NPN is also checked if available since older versions
7294 * of openssl (1.0.1) which are more common in field only support this one.
7295 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007296static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007297{
Olivier Houchard66ab4982019-02-26 18:37:15 +01007298#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
7299 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007300 struct ssl_sock_ctx *ctx = xprt_ctx;
7301 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007302 return 0;
7303
7304 *str = NULL;
7305
7306#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01007307 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007308 if (*str)
7309 return 1;
7310#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01007311#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007312 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007313 if (*str)
7314 return 1;
7315#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007316#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007317 return 0;
7318}
7319
Willy Tarreau7875d092012-09-10 08:20:03 +02007320/***** Below are some sample fetching functions for ACL/patterns *****/
7321
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007322static int
7323smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
7324{
7325 struct connection *conn;
7326
7327 conn = objt_conn(smp->sess->origin);
7328 if (!conn || conn->xprt != &ssl_sock)
7329 return 0;
7330
7331 smp->flags = 0;
7332 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007333#ifdef OPENSSL_IS_BORINGSSL
7334 {
7335 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7336 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
7337 SSL_early_data_accepted(ctx->ssl));
7338 }
7339#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01007340 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
7341 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007342#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007343 return 1;
7344}
7345
Emeric Brune64aef12012-09-21 13:15:06 +02007346/* boolean, returns true if client cert was present */
7347static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007348smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02007349{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007350 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007351 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007352
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007353 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007354 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02007355 return 0;
7356
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007357 ctx = conn->xprt_ctx;
7358
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007359 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02007360 smp->flags |= SMP_F_MAY_CHANGE;
7361 return 0;
7362 }
7363
7364 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007365 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007366 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02007367
7368 return 1;
7369}
7370
Emeric Brun43e79582014-10-29 19:03:26 +01007371/* binary, returns a certificate in a binary chunk (der/raw).
7372 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7373 * should be use.
7374 */
7375static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007376smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01007377{
7378 int cert_peer = (kw[4] == 'c') ? 1 : 0;
7379 X509 *crt = NULL;
7380 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007381 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01007382 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007383 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007384
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007385 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01007386 if (!conn || conn->xprt != &ssl_sock)
7387 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007388 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007389
7390 if (!(conn->flags & CO_FL_CONNECTED)) {
7391 smp->flags |= SMP_F_MAY_CHANGE;
7392 return 0;
7393 }
7394
7395 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007396 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007397 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007398 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007399
7400 if (!crt)
7401 goto out;
7402
7403 smp_trash = get_trash_chunk();
7404 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
7405 goto out;
7406
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007407 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007408 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01007409 ret = 1;
7410out:
7411 /* SSL_get_peer_certificate, it increase X509 * ref count */
7412 if (cert_peer && crt)
7413 X509_free(crt);
7414 return ret;
7415}
7416
Emeric Brunba841a12014-04-30 17:05:08 +02007417/* binary, returns serial of certificate in a binary chunk.
7418 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7419 * should be use.
7420 */
Willy Tarreau8d598402012-10-22 17:58:39 +02007421static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007422smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02007423{
Emeric Brunba841a12014-04-30 17:05:08 +02007424 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02007425 X509 *crt = NULL;
7426 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007427 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007428 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007429 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007430
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007431 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007432 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02007433 return 0;
7434
Olivier Houchard66ab4982019-02-26 18:37:15 +01007435 ctx = conn->xprt_ctx;
7436
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007437 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02007438 smp->flags |= SMP_F_MAY_CHANGE;
7439 return 0;
7440 }
7441
Emeric Brunba841a12014-04-30 17:05:08 +02007442 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007443 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007444 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007445 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007446
Willy Tarreau8d598402012-10-22 17:58:39 +02007447 if (!crt)
7448 goto out;
7449
Willy Tarreau47ca5452012-12-23 20:22:19 +01007450 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02007451 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
7452 goto out;
7453
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007454 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007455 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02007456 ret = 1;
7457out:
Emeric Brunba841a12014-04-30 17:05:08 +02007458 /* SSL_get_peer_certificate, it increase X509 * ref count */
7459 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02007460 X509_free(crt);
7461 return ret;
7462}
Emeric Brune64aef12012-09-21 13:15:06 +02007463
Emeric Brunba841a12014-04-30 17:05:08 +02007464/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
7465 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7466 * should be use.
7467 */
James Votha051b4a2013-05-14 20:37:59 +02007468static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007469smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02007470{
Emeric Brunba841a12014-04-30 17:05:08 +02007471 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02007472 X509 *crt = NULL;
7473 const EVP_MD *digest;
7474 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007475 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007476 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007477 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02007478
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007479 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007480 if (!conn || conn->xprt != &ssl_sock)
7481 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007482 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007483
7484 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02007485 smp->flags |= SMP_F_MAY_CHANGE;
7486 return 0;
7487 }
7488
Emeric Brunba841a12014-04-30 17:05:08 +02007489 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007490 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007491 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007492 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02007493 if (!crt)
7494 goto out;
7495
7496 smp_trash = get_trash_chunk();
7497 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007498 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
7499 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02007500
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007501 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007502 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02007503 ret = 1;
7504out:
Emeric Brunba841a12014-04-30 17:05:08 +02007505 /* SSL_get_peer_certificate, it increase X509 * ref count */
7506 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02007507 X509_free(crt);
7508 return ret;
7509}
7510
Emeric Brunba841a12014-04-30 17:05:08 +02007511/* string, returns certificate's notafter date in ASN1_UTCTIME format.
7512 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7513 * should be use.
7514 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007515static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007516smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007517{
Emeric Brunba841a12014-04-30 17:05:08 +02007518 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007519 X509 *crt = NULL;
7520 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007521 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007522 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007523 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007524
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007525 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007526 if (!conn || conn->xprt != &ssl_sock)
7527 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007528 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007529
7530 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007531 smp->flags |= SMP_F_MAY_CHANGE;
7532 return 0;
7533 }
7534
Emeric Brunba841a12014-04-30 17:05:08 +02007535 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007536 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007537 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007538 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007539 if (!crt)
7540 goto out;
7541
Willy Tarreau47ca5452012-12-23 20:22:19 +01007542 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007543 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007544 goto out;
7545
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007546 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007547 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007548 ret = 1;
7549out:
Emeric Brunba841a12014-04-30 17:05:08 +02007550 /* SSL_get_peer_certificate, it increase X509 * ref count */
7551 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007552 X509_free(crt);
7553 return ret;
7554}
7555
Emeric Brunba841a12014-04-30 17:05:08 +02007556/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
7557 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7558 * should be use.
7559 */
Emeric Brun87855892012-10-17 17:39:35 +02007560static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007561smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007562{
Emeric Brunba841a12014-04-30 17:05:08 +02007563 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007564 X509 *crt = NULL;
7565 X509_NAME *name;
7566 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007567 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007568 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007569 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007570
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007571 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007572 if (!conn || conn->xprt != &ssl_sock)
7573 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007574 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007575
7576 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007577 smp->flags |= SMP_F_MAY_CHANGE;
7578 return 0;
7579 }
7580
Emeric Brunba841a12014-04-30 17:05:08 +02007581 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007582 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007583 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007584 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007585 if (!crt)
7586 goto out;
7587
7588 name = X509_get_issuer_name(crt);
7589 if (!name)
7590 goto out;
7591
Willy Tarreau47ca5452012-12-23 20:22:19 +01007592 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007593 if (args && args[0].type == ARGT_STR) {
7594 int pos = 1;
7595
7596 if (args[1].type == ARGT_SINT)
7597 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007598
7599 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7600 goto out;
7601 }
7602 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7603 goto out;
7604
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007605 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007606 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007607 ret = 1;
7608out:
Emeric Brunba841a12014-04-30 17:05:08 +02007609 /* SSL_get_peer_certificate, it increase X509 * ref count */
7610 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007611 X509_free(crt);
7612 return ret;
7613}
7614
Emeric Brunba841a12014-04-30 17:05:08 +02007615/* string, returns notbefore date in ASN1_UTCTIME format.
7616 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7617 * should be use.
7618 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007619static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007620smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007621{
Emeric Brunba841a12014-04-30 17:05:08 +02007622 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007623 X509 *crt = NULL;
7624 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007625 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007626 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007627 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007628
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007629 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007630 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02007631 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007632 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007633
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007634 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007635 smp->flags |= SMP_F_MAY_CHANGE;
7636 return 0;
7637 }
7638
Emeric Brunba841a12014-04-30 17:05:08 +02007639 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007640 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007641 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007642 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007643 if (!crt)
7644 goto out;
7645
Willy Tarreau47ca5452012-12-23 20:22:19 +01007646 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007647 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007648 goto out;
7649
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007650 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007651 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007652 ret = 1;
7653out:
Emeric Brunba841a12014-04-30 17:05:08 +02007654 /* SSL_get_peer_certificate, it increase X509 * ref count */
7655 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007656 X509_free(crt);
7657 return ret;
7658}
7659
Emeric Brunba841a12014-04-30 17:05:08 +02007660/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7661 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7662 * should be use.
7663 */
Emeric Brun87855892012-10-17 17:39:35 +02007664static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007665smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007666{
Emeric Brunba841a12014-04-30 17:05:08 +02007667 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007668 X509 *crt = NULL;
7669 X509_NAME *name;
7670 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007671 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007672 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007673 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007674
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007675 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007676 if (!conn || conn->xprt != &ssl_sock)
7677 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007678 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007679
7680 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007681 smp->flags |= SMP_F_MAY_CHANGE;
7682 return 0;
7683 }
7684
Emeric Brunba841a12014-04-30 17:05:08 +02007685 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007686 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007687 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007688 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007689 if (!crt)
7690 goto out;
7691
7692 name = X509_get_subject_name(crt);
7693 if (!name)
7694 goto out;
7695
Willy Tarreau47ca5452012-12-23 20:22:19 +01007696 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007697 if (args && args[0].type == ARGT_STR) {
7698 int pos = 1;
7699
7700 if (args[1].type == ARGT_SINT)
7701 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007702
7703 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7704 goto out;
7705 }
7706 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7707 goto out;
7708
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007709 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007710 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007711 ret = 1;
7712out:
Emeric Brunba841a12014-04-30 17:05:08 +02007713 /* SSL_get_peer_certificate, it increase X509 * ref count */
7714 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007715 X509_free(crt);
7716 return ret;
7717}
Emeric Brun9143d372012-12-20 15:44:16 +01007718
7719/* integer, returns true if current session use a client certificate */
7720static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007721smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007722{
7723 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007724 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007725 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007726
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007727 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007728 if (!conn || conn->xprt != &ssl_sock)
7729 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007730 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007731
7732 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007733 smp->flags |= SMP_F_MAY_CHANGE;
7734 return 0;
7735 }
7736
7737 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007738 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007739 if (crt) {
7740 X509_free(crt);
7741 }
7742
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007743 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007744 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007745 return 1;
7746}
7747
Emeric Brunba841a12014-04-30 17:05:08 +02007748/* integer, returns the certificate version
7749 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7750 * should be use.
7751 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007752static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007753smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007754{
Emeric Brunba841a12014-04-30 17:05:08 +02007755 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007756 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007757 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007758 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007759
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007760 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007761 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007762 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007763 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007764
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007765 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007766 smp->flags |= SMP_F_MAY_CHANGE;
7767 return 0;
7768 }
7769
Emeric Brunba841a12014-04-30 17:05:08 +02007770 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007771 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007772 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007773 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007774 if (!crt)
7775 return 0;
7776
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007777 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007778 /* SSL_get_peer_certificate increase X509 * ref count */
7779 if (cert_peer)
7780 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007781 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007782
7783 return 1;
7784}
7785
Emeric Brunba841a12014-04-30 17:05:08 +02007786/* string, returns the certificate's signature algorithm.
7787 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7788 * should be use.
7789 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007790static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007791smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007792{
Emeric Brunba841a12014-04-30 17:05:08 +02007793 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007794 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007795 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007796 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007797 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007798 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007799
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007800 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007801 if (!conn || conn->xprt != &ssl_sock)
7802 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007803 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007804
7805 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007806 smp->flags |= SMP_F_MAY_CHANGE;
7807 return 0;
7808 }
7809
Emeric Brunba841a12014-04-30 17:05:08 +02007810 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007811 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007812 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007813 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007814 if (!crt)
7815 return 0;
7816
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007817 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7818 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007819
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007820 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7821 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007822 /* SSL_get_peer_certificate increase X509 * ref count */
7823 if (cert_peer)
7824 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007825 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007826 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007827
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007828 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007829 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007830 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007831 /* SSL_get_peer_certificate increase X509 * ref count */
7832 if (cert_peer)
7833 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007834
7835 return 1;
7836}
7837
Emeric Brunba841a12014-04-30 17:05:08 +02007838/* string, returns the certificate's key algorithm.
7839 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7840 * should be use.
7841 */
Emeric Brun521a0112012-10-22 12:22:55 +02007842static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007843smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007844{
Emeric Brunba841a12014-04-30 17:05:08 +02007845 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007846 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007847 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007848 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007849 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007850 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007851
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007852 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007853 if (!conn || conn->xprt != &ssl_sock)
7854 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007855 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007856
7857 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007858 smp->flags |= SMP_F_MAY_CHANGE;
7859 return 0;
7860 }
7861
Emeric Brunba841a12014-04-30 17:05:08 +02007862 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007863 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007864 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007865 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007866 if (!crt)
7867 return 0;
7868
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007869 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7870 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007871
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007872 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7873 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007874 /* SSL_get_peer_certificate increase X509 * ref count */
7875 if (cert_peer)
7876 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007877 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007878 }
Emeric Brun521a0112012-10-22 12:22:55 +02007879
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007880 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007881 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007882 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007883 if (cert_peer)
7884 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007885
7886 return 1;
7887}
7888
Emeric Brun645ae792014-04-30 14:21:06 +02007889/* boolean, returns true if front conn. transport layer is SSL.
7890 * This function is also usable on backend conn if the fetch keyword 5th
7891 * char is 'b'.
7892 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007893static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007894smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007895{
Emeric Bruneb8def92018-02-19 15:59:48 +01007896 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7897 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007898
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007899 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007900 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007901 return 1;
7902}
7903
Emeric Brun2525b6b2012-10-18 15:59:43 +02007904/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007905static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007906smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007907{
7908#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007909 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007910 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007911
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007912 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007913 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007914 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007915 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007916 return 1;
7917#else
7918 return 0;
7919#endif
7920}
7921
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007922/* boolean, returns true if client session has been resumed.
7923 * This function is also usable on backend conn if the fetch keyword 5th
7924 * char is 'b'.
7925 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007926static int
7927smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7928{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007929 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7930 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007931 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007932
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007933
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007934 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007935 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007936 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007937 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007938 return 1;
7939}
7940
Emeric Brun645ae792014-04-30 14:21:06 +02007941/* string, returns the used cipher if front conn. transport layer is SSL.
7942 * This function is also usable on backend conn if the fetch keyword 5th
7943 * char is 'b'.
7944 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007945static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007946smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007947{
Emeric Bruneb8def92018-02-19 15:59:48 +01007948 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7949 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007950 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007951
Willy Tarreaube508f12016-03-10 11:47:01 +01007952 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007953 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007954 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007955 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007956
Olivier Houchard66ab4982019-02-26 18:37:15 +01007957 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007958 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007959 return 0;
7960
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007961 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007962 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007963 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007964
7965 return 1;
7966}
7967
Emeric Brun645ae792014-04-30 14:21:06 +02007968/* integer, returns the algoritm's keysize if front conn. transport layer
7969 * is SSL.
7970 * This function is also usable on backend conn if the fetch keyword 5th
7971 * char is 'b'.
7972 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007973static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007974smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007975{
Emeric Bruneb8def92018-02-19 15:59:48 +01007976 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7977 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007978 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007979 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007980
Emeric Brun589fcad2012-10-16 14:13:26 +02007981 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007982 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007983 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007984 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007985
Olivier Houchard66ab4982019-02-26 18:37:15 +01007986 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007987 return 0;
7988
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007989 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007990 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007991
7992 return 1;
7993}
7994
Emeric Brun645ae792014-04-30 14:21:06 +02007995/* integer, returns the used keysize if front conn. transport layer is SSL.
7996 * This function is also usable on backend conn if the fetch keyword 5th
7997 * char is 'b'.
7998 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007999static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008000smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008001{
Emeric Bruneb8def92018-02-19 15:59:48 +01008002 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8003 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008004 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008005
Emeric Brun589fcad2012-10-16 14:13:26 +02008006 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008007 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8008 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008009 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008010
Olivier Houchard66ab4982019-02-26 18:37:15 +01008011 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008012 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02008013 return 0;
8014
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008015 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02008016
8017 return 1;
8018}
8019
Bernard Spil13c53f82018-02-15 13:34:58 +01008020#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02008021static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008022smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02008023{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008024 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008025 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008026
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008027 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008028 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02008029
Olivier Houchard6b77f492018-11-22 18:18:29 +01008030 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
8031 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008032 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8033 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008034 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008035
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008036 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008037 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008038 (const unsigned char **)&smp->data.u.str.area,
8039 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02008040
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008041 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02008042 return 0;
8043
8044 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02008045}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008046#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02008047
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008048#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008049static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008050smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02008051{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008052 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008053 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008054
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008055 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008056 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02008057
Olivier Houchard6b77f492018-11-22 18:18:29 +01008058 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
8059 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8060
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008061 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02008062 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008063 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02008064
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008065 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008066 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008067 (const unsigned char **)&smp->data.u.str.area,
8068 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02008069
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008070 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02008071 return 0;
8072
8073 return 1;
8074}
8075#endif
8076
Emeric Brun645ae792014-04-30 14:21:06 +02008077/* string, returns the used protocol if front conn. transport layer is SSL.
8078 * This function is also usable on backend conn if the fetch keyword 5th
8079 * char is 'b'.
8080 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02008081static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008082smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008083{
Emeric Bruneb8def92018-02-19 15:59:48 +01008084 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8085 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008086 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008087
Emeric Brun589fcad2012-10-16 14:13:26 +02008088 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008089 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8090 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008091 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008092
Olivier Houchard66ab4982019-02-26 18:37:15 +01008093 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008094 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02008095 return 0;
8096
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008097 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008098 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008099 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02008100
8101 return 1;
8102}
8103
Willy Tarreau87b09662015-04-03 00:22:06 +02008104/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02008105 * This function is also usable on backend conn if the fetch keyword 5th
8106 * char is 'b'.
8107 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008108#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02008109static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008110smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02008111{
Emeric Bruneb8def92018-02-19 15:59:48 +01008112 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8113 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01008114 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008115 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008116
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008117 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008118 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02008119
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008120 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8121 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008122 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008123
Olivier Houchard66ab4982019-02-26 18:37:15 +01008124 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02008125 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02008126 return 0;
8127
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008128 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
8129 (unsigned int *)&smp->data.u.str.data);
8130 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02008131 return 0;
8132
8133 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02008134}
Patrick Hemmer41966772018-04-28 19:15:48 -04008135#endif
8136
Emeric Brunfe68f682012-10-16 14:59:28 +02008137
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008138#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04008139static int
Patrick Hemmer65674662019-06-04 08:13:03 -04008140smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
8141{
8142 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8143 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8144 struct buffer *data;
8145 struct ssl_sock_ctx *ctx;
8146
8147 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8148 return 0;
8149 ctx = conn->xprt_ctx;
8150
8151 data = get_trash_chunk();
8152 if (kw[7] == 'c')
8153 data->data = SSL_get_client_random(ctx->ssl,
8154 (unsigned char *) data->area,
8155 data->size);
8156 else
8157 data->data = SSL_get_server_random(ctx->ssl,
8158 (unsigned char *) data->area,
8159 data->size);
8160 if (!data->data)
8161 return 0;
8162
8163 smp->flags = 0;
8164 smp->data.type = SMP_T_BIN;
8165 smp->data.u.str = *data;
8166
8167 return 1;
8168}
8169
8170static int
Patrick Hemmere0275472018-04-28 19:15:51 -04008171smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
8172{
8173 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8174 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8175 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02008176 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008177 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008178
8179 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8180 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008181 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008182
Olivier Houchard66ab4982019-02-26 18:37:15 +01008183 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04008184 if (!ssl_sess)
8185 return 0;
8186
8187 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008188 data->data = SSL_SESSION_get_master_key(ssl_sess,
8189 (unsigned char *) data->area,
8190 data->size);
8191 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04008192 return 0;
8193
8194 smp->flags = 0;
8195 smp->data.type = SMP_T_BIN;
8196 smp->data.u.str = *data;
8197
8198 return 1;
8199}
8200#endif
8201
Patrick Hemmer41966772018-04-28 19:15:48 -04008202#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02008203static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008204smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02008205{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008206 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008207 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008208
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008209 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008210 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02008211
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008212 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008213 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8214 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008215 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008216
Olivier Houchard66ab4982019-02-26 18:37:15 +01008217 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008218 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02008219 return 0;
8220
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008221 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02008222 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02008223}
Patrick Hemmer41966772018-04-28 19:15:48 -04008224#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02008225
David Sc1ad52e2014-04-08 18:48:47 -04008226static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008227smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
8228{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008229 struct connection *conn;
8230 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008231 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008232
8233 conn = objt_conn(smp->sess->origin);
8234 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8235 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008236 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008237
Olivier Houchard66ab4982019-02-26 18:37:15 +01008238 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008239 if (!capture)
8240 return 0;
8241
8242 smp->flags = SMP_F_CONST;
8243 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008244 smp->data.u.str.area = capture->ciphersuite;
8245 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008246 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008247}
8248
8249static int
8250smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
8251{
Willy Tarreau83061a82018-07-13 11:56:34 +02008252 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008253
8254 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8255 return 0;
8256
8257 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008258 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008259 smp->data.type = SMP_T_BIN;
8260 smp->data.u.str = *data;
8261 return 1;
8262}
8263
8264static int
8265smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
8266{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008267 struct connection *conn;
8268 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008269 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008270
8271 conn = objt_conn(smp->sess->origin);
8272 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8273 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008274 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008275
Olivier Houchard66ab4982019-02-26 18:37:15 +01008276 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008277 if (!capture)
8278 return 0;
8279
8280 smp->data.type = SMP_T_SINT;
8281 smp->data.u.sint = capture->xxh64;
8282 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008283}
8284
8285static int
8286smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
8287{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008288#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02008289 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008290 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008291
8292 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8293 return 0;
8294
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008295 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008296 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008297 const char *str;
8298 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008299 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008300 uint16_t id = (bin[0] << 8) | bin[1];
8301#if defined(OPENSSL_IS_BORINGSSL)
8302 cipher = SSL_get_cipher_by_value(id);
8303#else
Willy Tarreaub7290772018-10-15 11:01:59 +02008304 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01008305 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
8306 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008307#endif
8308 str = SSL_CIPHER_get_name(cipher);
8309 if (!str || strcmp(str, "(NONE)") == 0)
8310 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008311 else
8312 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
8313 }
8314 smp->data.type = SMP_T_STR;
8315 smp->data.u.str = *data;
8316 return 1;
8317#else
8318 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
8319#endif
8320}
8321
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008322#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008323static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008324smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04008325{
Emeric Bruneb8def92018-02-19 15:59:48 +01008326 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8327 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04008328 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02008329 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008330 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008331
8332 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04008333 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8334 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008335 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008336
8337 if (!(conn->flags & CO_FL_CONNECTED)) {
8338 smp->flags |= SMP_F_MAY_CHANGE;
8339 return 0;
8340 }
8341
8342 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01008343 if (!SSL_session_reused(ctx->ssl))
8344 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008345 finished_trash->area,
8346 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008347 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01008348 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008349 finished_trash->area,
8350 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008351
8352 if (!finished_len)
8353 return 0;
8354
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008355 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008356 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008357 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04008358
8359 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04008360}
Patrick Hemmer41966772018-04-28 19:15:48 -04008361#endif
David Sc1ad52e2014-04-08 18:48:47 -04008362
Emeric Brun2525b6b2012-10-18 15:59:43 +02008363/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008364static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008365smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008366{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008367 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008368 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008369
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008370 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008371 if (!conn || conn->xprt != &ssl_sock)
8372 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008373 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008374
8375 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008376 smp->flags = SMP_F_MAY_CHANGE;
8377 return 0;
8378 }
8379
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008380 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008381 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008382 smp->flags = 0;
8383
8384 return 1;
8385}
8386
Emeric Brun2525b6b2012-10-18 15:59:43 +02008387/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008388static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008389smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008390{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008391 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008392 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008393
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008394 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008395 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02008396 return 0;
8397
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008398 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008399 smp->flags = SMP_F_MAY_CHANGE;
8400 return 0;
8401 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008402 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02008403
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008404 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008405 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008406 smp->flags = 0;
8407
8408 return 1;
8409}
8410
Emeric Brun2525b6b2012-10-18 15:59:43 +02008411/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02008412static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008413smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008414{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008415 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008416 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008417
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008418 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008419 if (!conn || conn->xprt != &ssl_sock)
8420 return 0;
8421
8422 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008423 smp->flags = SMP_F_MAY_CHANGE;
8424 return 0;
8425 }
8426
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008427 ctx = conn->xprt_ctx;
8428
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008429 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008430 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008431 smp->flags = 0;
8432
8433 return 1;
8434}
8435
Emeric Brun2525b6b2012-10-18 15:59:43 +02008436/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008437static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008438smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008439{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008440 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008441 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008442
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008443 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008444 if (!conn || conn->xprt != &ssl_sock)
8445 return 0;
8446
8447 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008448 smp->flags = SMP_F_MAY_CHANGE;
8449 return 0;
8450 }
8451
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008452 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008453 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008454 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008455
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008456 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008457 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008458 smp->flags = 0;
8459
8460 return 1;
8461}
8462
Emeric Brunfb510ea2012-10-05 12:00:26 +02008463/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008464static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008465{
8466 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008467 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008468 return ERR_ALERT | ERR_FATAL;
8469 }
8470
Willy Tarreauef934602016-12-22 23:12:01 +01008471 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8472 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008473 else
8474 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008475
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02008476 if (!ssl_store_load_locations_file(conf->ca_file)) {
8477 memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->ca_file);
8478 return ERR_ALERT | ERR_FATAL;
8479 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02008480 return 0;
8481}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008482static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8483{
8484 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
8485}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008486
Christopher Faulet31af49d2015-06-09 17:29:50 +02008487/* parse the "ca-sign-file" bind keyword */
8488static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8489{
8490 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008491 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008492 return ERR_ALERT | ERR_FATAL;
8493 }
8494
Willy Tarreauef934602016-12-22 23:12:01 +01008495 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8496 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008497 else
8498 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
8499
8500 return 0;
8501}
8502
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008503/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02008504static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8505{
8506 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008507 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008508 return ERR_ALERT | ERR_FATAL;
8509 }
8510 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
8511 return 0;
8512}
8513
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008514/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008515static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008516{
8517 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008518 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008519 return ERR_ALERT | ERR_FATAL;
8520 }
8521
Emeric Brun76d88952012-10-05 15:47:31 +02008522 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02008523 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008524 return 0;
8525}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008526static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8527{
8528 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
8529}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008530
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008531#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008532/* parse the "ciphersuites" bind keyword */
8533static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8534{
8535 if (!*args[cur_arg + 1]) {
8536 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
8537 return ERR_ALERT | ERR_FATAL;
8538 }
8539
8540 free(conf->ciphersuites);
8541 conf->ciphersuites = strdup(args[cur_arg + 1]);
8542 return 0;
8543}
8544static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8545{
8546 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
8547}
8548#endif
8549
Willy Tarreaubbc91962019-10-16 16:42:19 +02008550/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008551static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008552{
Willy Tarreau38011032013-08-13 16:59:39 +02008553 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02008554
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008555 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008556 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008557 return ERR_ALERT | ERR_FATAL;
8558 }
8559
Willy Tarreauef934602016-12-22 23:12:01 +01008560 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
8561 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02008562 memprintf(err, "'%s' : path too long", args[cur_arg]);
8563 return ERR_ALERT | ERR_FATAL;
8564 }
Willy Tarreauef934602016-12-22 23:12:01 +01008565 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaubbc91962019-10-16 16:42:19 +02008566 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008567 }
8568
Willy Tarreaubbc91962019-10-16 16:42:19 +02008569 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008570}
8571
Willy Tarreaubbc91962019-10-16 16:42:19 +02008572/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008573static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8574{
Willy Tarreaubbc91962019-10-16 16:42:19 +02008575 int err_code;
8576
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008577 if (!*args[cur_arg + 1]) {
8578 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
8579 return ERR_ALERT | ERR_FATAL;
8580 }
8581
Willy Tarreaubbc91962019-10-16 16:42:19 +02008582 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
8583 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02008584 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008585
Willy Tarreaubbc91962019-10-16 16:42:19 +02008586 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008587}
8588
Emeric Brunfb510ea2012-10-05 12:00:26 +02008589/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008590static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008591{
Emeric Brun051cdab2012-10-02 19:25:50 +02008592#ifndef X509_V_FLAG_CRL_CHECK
Tim Duesterhus93128532019-11-23 23:45:10 +01008593 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
Emeric Brun051cdab2012-10-02 19:25:50 +02008594 return ERR_ALERT | ERR_FATAL;
8595#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02008596 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008597 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008598 return ERR_ALERT | ERR_FATAL;
8599 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008600
Willy Tarreauef934602016-12-22 23:12:01 +01008601 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8602 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008603 else
8604 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008605
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01008606 if (!ssl_store_load_locations_file(conf->crl_file)) {
8607 memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->crl_file);
8608 return ERR_ALERT | ERR_FATAL;
8609 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008610 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02008611#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02008612}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008613static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8614{
8615 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
8616}
Emeric Brun2b58d042012-09-20 17:10:03 +02008617
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008618/* parse the "curves" bind keyword keyword */
8619static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8620{
Lukas Tribusd14b49c2019-11-24 18:20:40 +01008621#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008622 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008623 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008624 return ERR_ALERT | ERR_FATAL;
8625 }
8626 conf->curves = strdup(args[cur_arg + 1]);
8627 return 0;
8628#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008629 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008630 return ERR_ALERT | ERR_FATAL;
8631#endif
8632}
8633static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8634{
8635 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
8636}
8637
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008638/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008639static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02008640{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008641#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Tim Duesterhus93128532019-11-23 23:45:10 +01008642 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008643 return ERR_ALERT | ERR_FATAL;
8644#elif defined(OPENSSL_NO_ECDH)
Tim Duesterhus93128532019-11-23 23:45:10 +01008645 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008646 return ERR_ALERT | ERR_FATAL;
8647#else
8648 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008649 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008650 return ERR_ALERT | ERR_FATAL;
8651 }
8652
8653 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008654
8655 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008656#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008657}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008658static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8659{
8660 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8661}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008662
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008663/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008664static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8665{
8666 int code;
8667 char *p = args[cur_arg + 1];
8668 unsigned long long *ignerr = &conf->crt_ignerr;
8669
8670 if (!*p) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008671 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
Emeric Brun81c00f02012-09-21 14:31:21 +02008672 return ERR_ALERT | ERR_FATAL;
8673 }
8674
8675 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8676 ignerr = &conf->ca_ignerr;
8677
8678 if (strcmp(p, "all") == 0) {
8679 *ignerr = ~0ULL;
8680 return 0;
8681 }
8682
8683 while (p) {
8684 code = atoi(p);
8685 if ((code <= 0) || (code > 63)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008686 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8687 args[cur_arg], code, args[cur_arg + 1]);
Emeric Brun81c00f02012-09-21 14:31:21 +02008688 return ERR_ALERT | ERR_FATAL;
8689 }
8690 *ignerr |= 1ULL << code;
8691 p = strchr(p, ',');
8692 if (p)
8693 p++;
8694 }
8695
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008696 return 0;
8697}
8698
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008699/* parse tls_method_options "no-xxx" and "force-xxx" */
8700static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008701{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008702 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008703 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008704 p = strchr(arg, '-');
8705 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008706 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008707 p++;
8708 if (!strcmp(p, "sslv3"))
8709 v = CONF_SSLV3;
8710 else if (!strcmp(p, "tlsv10"))
8711 v = CONF_TLSV10;
8712 else if (!strcmp(p, "tlsv11"))
8713 v = CONF_TLSV11;
8714 else if (!strcmp(p, "tlsv12"))
8715 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008716 else if (!strcmp(p, "tlsv13"))
8717 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008718 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008719 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008720 if (!strncmp(arg, "no-", 3))
8721 methods->flags |= methodVersions[v].flag;
8722 else if (!strncmp(arg, "force-", 6))
8723 methods->min = methods->max = v;
8724 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008725 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008726 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008727 fail:
Tim Duesterhus93128532019-11-23 23:45:10 +01008728 memprintf(err, "'%s' : option not implemented", arg);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008729 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008730}
8731
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008732static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008733{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008734 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008735}
8736
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008737static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008738{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008739 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8740}
8741
8742/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8743static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8744{
8745 uint16_t i, v = 0;
8746 char *argv = args[cur_arg + 1];
8747 if (!*argv) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008748 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008749 return ERR_ALERT | ERR_FATAL;
8750 }
8751 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8752 if (!strcmp(argv, methodVersions[i].name))
8753 v = i;
8754 if (!v) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008755 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008756 return ERR_ALERT | ERR_FATAL;
8757 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008758 if (!strcmp("ssl-min-ver", args[cur_arg]))
8759 methods->min = v;
8760 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8761 methods->max = v;
8762 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01008763 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008764 return ERR_ALERT | ERR_FATAL;
8765 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008766 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008767}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008768
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008769static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8770{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008771#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008772 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008773#endif
8774 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8775}
8776
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008777static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8778{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008779 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008780}
8781
8782static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8783{
8784 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8785}
8786
Emeric Brun2d0c4822012-10-02 13:45:20 +02008787/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008788static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008789{
Emeric Brun89675492012-10-05 13:48:26 +02008790 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008791 return 0;
8792}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008793
Olivier Houchardc2aae742017-09-22 18:26:28 +02008794/* parse the "allow-0rtt" bind keyword */
8795static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8796{
8797 conf->early_data = 1;
8798 return 0;
8799}
8800
8801static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8802{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008803 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008804 return 0;
8805}
8806
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008807/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008808static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008809{
Bernard Spil13c53f82018-02-15 13:34:58 +01008810#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008811 char *p1, *p2;
8812
8813 if (!*args[cur_arg + 1]) {
8814 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8815 return ERR_ALERT | ERR_FATAL;
8816 }
8817
8818 free(conf->npn_str);
8819
Willy Tarreau3724da12016-02-12 17:11:12 +01008820 /* the NPN string is built as a suite of (<len> <name>)*,
8821 * so we reuse each comma to store the next <len> and need
8822 * one more for the end of the string.
8823 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008824 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008825 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008826 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8827
8828 /* replace commas with the name length */
8829 p1 = conf->npn_str;
8830 p2 = p1 + 1;
8831 while (1) {
8832 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8833 if (!p2)
8834 p2 = p1 + 1 + strlen(p1 + 1);
8835
8836 if (p2 - (p1 + 1) > 255) {
8837 *p2 = '\0';
8838 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8839 return ERR_ALERT | ERR_FATAL;
8840 }
8841
8842 *p1 = p2 - (p1 + 1);
8843 p1 = p2;
8844
8845 if (!*p2)
8846 break;
8847
8848 *(p2++) = '\0';
8849 }
8850 return 0;
8851#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008852 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008853 return ERR_ALERT | ERR_FATAL;
8854#endif
8855}
8856
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008857static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8858{
8859 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8860}
8861
Willy Tarreauab861d32013-04-02 02:30:41 +02008862/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008863static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008864{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008865#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008866 char *p1, *p2;
8867
8868 if (!*args[cur_arg + 1]) {
8869 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8870 return ERR_ALERT | ERR_FATAL;
8871 }
8872
8873 free(conf->alpn_str);
8874
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008875 /* the ALPN string is built as a suite of (<len> <name>)*,
8876 * so we reuse each comma to store the next <len> and need
8877 * one more for the end of the string.
8878 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008879 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008880 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008881 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8882
8883 /* replace commas with the name length */
8884 p1 = conf->alpn_str;
8885 p2 = p1 + 1;
8886 while (1) {
8887 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8888 if (!p2)
8889 p2 = p1 + 1 + strlen(p1 + 1);
8890
8891 if (p2 - (p1 + 1) > 255) {
8892 *p2 = '\0';
8893 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8894 return ERR_ALERT | ERR_FATAL;
8895 }
8896
8897 *p1 = p2 - (p1 + 1);
8898 p1 = p2;
8899
8900 if (!*p2)
8901 break;
8902
8903 *(p2++) = '\0';
8904 }
8905 return 0;
8906#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008907 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
Willy Tarreauab861d32013-04-02 02:30:41 +02008908 return ERR_ALERT | ERR_FATAL;
8909#endif
8910}
8911
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008912static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8913{
8914 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8915}
8916
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008917/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008918static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008919{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008920 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008921 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008922
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008923 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8924 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008925#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008926 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8927 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8928#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008929 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008930 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8931 if (!conf->ssl_conf.ssl_methods.min)
8932 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8933 if (!conf->ssl_conf.ssl_methods.max)
8934 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008935
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008936 return 0;
8937}
8938
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008939/* parse the "prefer-client-ciphers" bind keyword */
8940static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8941{
8942 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8943 return 0;
8944}
8945
Christopher Faulet31af49d2015-06-09 17:29:50 +02008946/* parse the "generate-certificates" bind keyword */
8947static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8948{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008949#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008950 conf->generate_certs = 1;
8951#else
8952 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8953 err && *err ? *err : "");
8954#endif
8955 return 0;
8956}
8957
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008958/* parse the "strict-sni" bind keyword */
8959static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8960{
8961 conf->strict_sni = 1;
8962 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008963}
8964
8965/* parse the "tls-ticket-keys" bind keyword */
8966static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8967{
8968#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulete566f3d2019-10-21 09:55:49 +02008969 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008970 int i = 0;
8971 char thisline[LINESIZE];
Christopher Faulete566f3d2019-10-21 09:55:49 +02008972 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008973
8974 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008975 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008976 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008977 }
8978
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008979 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008980 if (keys_ref) {
8981 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008982 conf->keys_ref = keys_ref;
8983 return 0;
8984 }
8985
Christopher Faulete566f3d2019-10-21 09:55:49 +02008986 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008987 if (!keys_ref) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008988 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008989 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008990 }
8991
Emeric Brun9e754772019-01-10 17:51:55 +01008992 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008993 if (!keys_ref->tlskeys) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008994 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02008995 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008996 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008997
8998 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008999 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009000 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009001 }
9002
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009003 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01009004 if (!keys_ref->filename) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009005 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009006 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009007 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009008
Emeric Brun9e754772019-01-10 17:51:55 +01009009 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009010 while (fgets(thisline, sizeof(thisline), f) != NULL) {
9011 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01009012 int dec_size;
9013
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009014 /* Strip newline characters from the end */
9015 if(thisline[len - 1] == '\n')
9016 thisline[--len] = 0;
9017
9018 if(thisline[len - 1] == '\r')
9019 thisline[--len] = 0;
9020
Emeric Brun9e754772019-01-10 17:51:55 +01009021 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
9022 if (dec_size < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009023 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009024 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009025 }
Emeric Brun9e754772019-01-10 17:51:55 +01009026 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
9027 keys_ref->key_size_bits = 128;
9028 }
9029 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
9030 keys_ref->key_size_bits = 256;
9031 }
9032 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
9033 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
9034 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009035 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009036 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01009037 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009038 i++;
9039 }
9040
9041 if (i < TLS_TICKETS_NO) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009042 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009043 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009044 }
9045
9046 fclose(f);
9047
9048 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01009049 i -= 2;
9050 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009051 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02009052 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01009053 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009054 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009055
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009056 LIST_ADD(&tlskeys_reference, &keys_ref->list);
9057
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009058 return 0;
Christopher Faulete566f3d2019-10-21 09:55:49 +02009059
9060 fail:
9061 if (f)
9062 fclose(f);
9063 if (keys_ref) {
9064 free(keys_ref->filename);
9065 free(keys_ref->tlskeys);
9066 free(keys_ref);
9067 }
9068 return ERR_ALERT | ERR_FATAL;
9069
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009070#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009071 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009072 return ERR_ALERT | ERR_FATAL;
9073#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01009074}
9075
Emeric Brund94b3fe2012-09-20 18:23:56 +02009076/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009077static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02009078{
9079 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009080 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02009081 return ERR_ALERT | ERR_FATAL;
9082 }
9083
9084 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009085 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009086 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009087 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009088 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009089 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009090 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01009091 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
9092 args[cur_arg], args[cur_arg + 1]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02009093 return ERR_ALERT | ERR_FATAL;
9094 }
9095
9096 return 0;
9097}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009098static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9099{
9100 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
9101}
Emeric Brund94b3fe2012-09-20 18:23:56 +02009102
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009103/* parse the "no-ca-names" bind keyword */
9104static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
9105{
9106 conf->no_ca_names = 1;
9107 return 0;
9108}
9109static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9110{
9111 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
9112}
9113
Willy Tarreau92faadf2012-10-10 23:04:25 +02009114/************** "server" keywords ****************/
9115
Olivier Houchardc7566002018-11-20 23:33:50 +01009116/* parse the "npn" bind keyword */
9117static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9118{
9119#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9120 char *p1, *p2;
9121
9122 if (!*args[*cur_arg + 1]) {
9123 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
9124 return ERR_ALERT | ERR_FATAL;
9125 }
9126
9127 free(newsrv->ssl_ctx.npn_str);
9128
9129 /* the NPN string is built as a suite of (<len> <name>)*,
9130 * so we reuse each comma to store the next <len> and need
9131 * one more for the end of the string.
9132 */
9133 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
9134 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
9135 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
9136 newsrv->ssl_ctx.npn_len);
9137
9138 /* replace commas with the name length */
9139 p1 = newsrv->ssl_ctx.npn_str;
9140 p2 = p1 + 1;
9141 while (1) {
9142 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
9143 newsrv->ssl_ctx.npn_len - (p1 + 1));
9144 if (!p2)
9145 p2 = p1 + 1 + strlen(p1 + 1);
9146
9147 if (p2 - (p1 + 1) > 255) {
9148 *p2 = '\0';
9149 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9150 return ERR_ALERT | ERR_FATAL;
9151 }
9152
9153 *p1 = p2 - (p1 + 1);
9154 p1 = p2;
9155
9156 if (!*p2)
9157 break;
9158
9159 *(p2++) = '\0';
9160 }
9161 return 0;
9162#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009163 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
Olivier Houchardc7566002018-11-20 23:33:50 +01009164 return ERR_ALERT | ERR_FATAL;
9165#endif
9166}
9167
Olivier Houchard92150142018-12-21 19:47:01 +01009168/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01009169static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9170{
9171#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
9172 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01009173 char **alpn_str;
9174 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01009175
Olivier Houchard92150142018-12-21 19:47:01 +01009176 if (*args[*cur_arg] == 'c') {
9177 alpn_str = &newsrv->check.alpn_str;
9178 alpn_len = &newsrv->check.alpn_len;
9179 } else {
9180 alpn_str = &newsrv->ssl_ctx.alpn_str;
9181 alpn_len = &newsrv->ssl_ctx.alpn_len;
9182
9183 }
Olivier Houchardc7566002018-11-20 23:33:50 +01009184 if (!*args[*cur_arg + 1]) {
9185 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
9186 return ERR_ALERT | ERR_FATAL;
9187 }
9188
Olivier Houchard92150142018-12-21 19:47:01 +01009189 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01009190
9191 /* the ALPN string is built as a suite of (<len> <name>)*,
9192 * so we reuse each comma to store the next <len> and need
9193 * one more for the end of the string.
9194 */
Olivier Houchard92150142018-12-21 19:47:01 +01009195 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
9196 *alpn_str = calloc(1, *alpn_len + 1);
9197 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01009198
9199 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01009200 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01009201 p2 = p1 + 1;
9202 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01009203 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01009204 if (!p2)
9205 p2 = p1 + 1 + strlen(p1 + 1);
9206
9207 if (p2 - (p1 + 1) > 255) {
9208 *p2 = '\0';
9209 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9210 return ERR_ALERT | ERR_FATAL;
9211 }
9212
9213 *p1 = p2 - (p1 + 1);
9214 p1 = p2;
9215
9216 if (!*p2)
9217 break;
9218
9219 *(p2++) = '\0';
9220 }
9221 return 0;
9222#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009223 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
Olivier Houchardc7566002018-11-20 23:33:50 +01009224 return ERR_ALERT | ERR_FATAL;
9225#endif
9226}
9227
Emeric Brunef42d922012-10-11 16:11:36 +02009228/* parse the "ca-file" server keyword */
9229static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9230{
9231 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009232 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009233 return ERR_ALERT | ERR_FATAL;
9234 }
9235
Willy Tarreauef934602016-12-22 23:12:01 +01009236 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9237 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009238 else
9239 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
9240
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02009241 if (!ssl_store_load_locations_file(newsrv->ssl_ctx.ca_file)) {
9242 memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.ca_file);
9243 return ERR_ALERT | ERR_FATAL;
9244 }
Emeric Brunef42d922012-10-11 16:11:36 +02009245 return 0;
9246}
9247
Olivier Houchard9130a962017-10-17 17:33:43 +02009248/* parse the "check-sni" server keyword */
9249static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9250{
9251 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009252 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
Olivier Houchard9130a962017-10-17 17:33:43 +02009253 return ERR_ALERT | ERR_FATAL;
9254 }
9255
9256 newsrv->check.sni = strdup(args[*cur_arg + 1]);
9257 if (!newsrv->check.sni) {
9258 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
9259 return ERR_ALERT | ERR_FATAL;
9260 }
9261 return 0;
9262
9263}
9264
Willy Tarreau92faadf2012-10-10 23:04:25 +02009265/* parse the "check-ssl" server keyword */
9266static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9267{
9268 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009269 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9270 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009271#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009272 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9273 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9274#endif
Willy Tarreauef934602016-12-22 23:12:01 +01009275 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009276 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
9277 if (!newsrv->ssl_ctx.methods.min)
9278 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
9279 if (!newsrv->ssl_ctx.methods.max)
9280 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
9281
Willy Tarreau92faadf2012-10-10 23:04:25 +02009282 return 0;
9283}
9284
9285/* parse the "ciphers" server keyword */
9286static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9287{
9288 if (!*args[*cur_arg + 1]) {
9289 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9290 return ERR_ALERT | ERR_FATAL;
9291 }
9292
9293 free(newsrv->ssl_ctx.ciphers);
9294 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
9295 return 0;
9296}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009297
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009298#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009299/* parse the "ciphersuites" server keyword */
9300static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9301{
9302 if (!*args[*cur_arg + 1]) {
9303 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9304 return ERR_ALERT | ERR_FATAL;
9305 }
9306
9307 free(newsrv->ssl_ctx.ciphersuites);
9308 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
9309 return 0;
9310}
9311#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009312
Emeric Brunef42d922012-10-11 16:11:36 +02009313/* parse the "crl-file" server keyword */
9314static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9315{
9316#ifndef X509_V_FLAG_CRL_CHECK
Tim Duesterhus93128532019-11-23 23:45:10 +01009317 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009318 return ERR_ALERT | ERR_FATAL;
9319#else
9320 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009321 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009322 return ERR_ALERT | ERR_FATAL;
9323 }
9324
Willy Tarreauef934602016-12-22 23:12:01 +01009325 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9326 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009327 else
9328 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
9329
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01009330 if (!ssl_store_load_locations_file(newsrv->ssl_ctx.crl_file)) {
9331 memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.crl_file);
9332 return ERR_ALERT | ERR_FATAL;
9333 }
Emeric Brunef42d922012-10-11 16:11:36 +02009334 return 0;
9335#endif
9336}
9337
Emeric Bruna7aa3092012-10-26 12:58:00 +02009338/* parse the "crt" server keyword */
9339static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9340{
9341 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009342 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009343 return ERR_ALERT | ERR_FATAL;
9344 }
9345
Willy Tarreauef934602016-12-22 23:12:01 +01009346 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01009347 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009348 else
9349 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
9350
9351 return 0;
9352}
Emeric Brunef42d922012-10-11 16:11:36 +02009353
Frédéric Lécaille340ae602017-03-13 10:38:04 +01009354/* parse the "no-check-ssl" server keyword */
9355static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9356{
9357 newsrv->check.use_ssl = 0;
9358 free(newsrv->ssl_ctx.ciphers);
9359 newsrv->ssl_ctx.ciphers = NULL;
9360 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
9361 return 0;
9362}
9363
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01009364/* parse the "no-send-proxy-v2-ssl" server keyword */
9365static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9366{
9367 newsrv->pp_opts &= ~SRV_PP_V2;
9368 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9369 return 0;
9370}
9371
9372/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
9373static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9374{
9375 newsrv->pp_opts &= ~SRV_PP_V2;
9376 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9377 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
9378 return 0;
9379}
9380
Frédéric Lécaillee381d762017-03-13 11:54:17 +01009381/* parse the "no-ssl" server keyword */
9382static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9383{
9384 newsrv->use_ssl = 0;
9385 free(newsrv->ssl_ctx.ciphers);
9386 newsrv->ssl_ctx.ciphers = NULL;
9387 return 0;
9388}
9389
Olivier Houchard522eea72017-11-03 16:27:47 +01009390/* parse the "allow-0rtt" server keyword */
9391static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9392{
9393 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
9394 return 0;
9395}
9396
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01009397/* parse the "no-ssl-reuse" server keyword */
9398static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9399{
9400 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
9401 return 0;
9402}
9403
Emeric Brunf9c5c472012-10-11 15:28:34 +02009404/* parse the "no-tls-tickets" server keyword */
9405static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9406{
9407 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
9408 return 0;
9409}
David Safb76832014-05-08 23:42:08 -04009410/* parse the "send-proxy-v2-ssl" server keyword */
9411static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9412{
9413 newsrv->pp_opts |= SRV_PP_V2;
9414 newsrv->pp_opts |= SRV_PP_V2_SSL;
9415 return 0;
9416}
9417
9418/* parse the "send-proxy-v2-ssl-cn" server keyword */
9419static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9420{
9421 newsrv->pp_opts |= SRV_PP_V2;
9422 newsrv->pp_opts |= SRV_PP_V2_SSL;
9423 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
9424 return 0;
9425}
Emeric Brunf9c5c472012-10-11 15:28:34 +02009426
Willy Tarreau732eac42015-07-09 11:40:25 +02009427/* parse the "sni" server keyword */
9428static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9429{
9430#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
9431 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
9432 return ERR_ALERT | ERR_FATAL;
9433#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009434 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02009435
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009436 arg = args[*cur_arg + 1];
9437 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02009438 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
9439 return ERR_ALERT | ERR_FATAL;
9440 }
9441
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009442 free(newsrv->sni_expr);
9443 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02009444
Willy Tarreau732eac42015-07-09 11:40:25 +02009445 return 0;
9446#endif
9447}
9448
Willy Tarreau92faadf2012-10-10 23:04:25 +02009449/* parse the "ssl" server keyword */
9450static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9451{
9452 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009453 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9454 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009455#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009456 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9457 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9458#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009459 return 0;
9460}
9461
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009462/* parse the "ssl-reuse" server keyword */
9463static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9464{
9465 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
9466 return 0;
9467}
9468
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009469/* parse the "tls-tickets" server keyword */
9470static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9471{
9472 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
9473 return 0;
9474}
9475
Emeric Brunef42d922012-10-11 16:11:36 +02009476/* parse the "verify" server keyword */
9477static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9478{
9479 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009480 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009481 return ERR_ALERT | ERR_FATAL;
9482 }
9483
9484 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009485 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02009486 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009487 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02009488 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01009489 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
9490 args[*cur_arg], args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009491 return ERR_ALERT | ERR_FATAL;
9492 }
9493
Evan Broderbe554312013-06-27 00:05:25 -07009494 return 0;
9495}
9496
9497/* parse the "verifyhost" server keyword */
9498static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9499{
9500 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009501 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
Evan Broderbe554312013-06-27 00:05:25 -07009502 return ERR_ALERT | ERR_FATAL;
9503 }
9504
Frédéric Lécaille273f3212017-03-13 15:52:01 +01009505 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07009506 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
9507
Emeric Brunef42d922012-10-11 16:11:36 +02009508 return 0;
9509}
9510
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009511/* parse the "ssl-default-bind-options" keyword in global section */
9512static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
9513 struct proxy *defpx, const char *file, int line,
9514 char **err) {
9515 int i = 1;
9516
9517 if (*(args[i]) == 0) {
9518 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9519 return -1;
9520 }
9521 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009522 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009523 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00009524 else if (!strcmp(args[i], "prefer-client-ciphers"))
9525 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009526 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9527 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
9528 i++;
9529 else {
9530 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9531 return -1;
9532 }
9533 }
9534 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009535 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9536 return -1;
9537 }
9538 i++;
9539 }
9540 return 0;
9541}
9542
9543/* parse the "ssl-default-server-options" keyword in global section */
9544static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
9545 struct proxy *defpx, const char *file, int line,
9546 char **err) {
9547 int i = 1;
9548
9549 if (*(args[i]) == 0) {
9550 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9551 return -1;
9552 }
9553 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009554 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009555 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009556 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9557 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
9558 i++;
9559 else {
9560 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9561 return -1;
9562 }
9563 }
9564 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009565 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9566 return -1;
9567 }
9568 i++;
9569 }
9570 return 0;
9571}
9572
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009573/* parse the "ca-base" / "crt-base" keywords in global section.
9574 * Returns <0 on alert, >0 on warning, 0 on success.
9575 */
9576static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
9577 struct proxy *defpx, const char *file, int line,
9578 char **err)
9579{
9580 char **target;
9581
Willy Tarreauef934602016-12-22 23:12:01 +01009582 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009583
9584 if (too_many_args(1, args, err, NULL))
9585 return -1;
9586
9587 if (*target) {
9588 memprintf(err, "'%s' already specified.", args[0]);
9589 return -1;
9590 }
9591
9592 if (*(args[1]) == 0) {
9593 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
9594 return -1;
9595 }
9596 *target = strdup(args[1]);
9597 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009598}
9599
9600/* parse the "ssl-mode-async" keyword in global section.
9601 * Returns <0 on alert, >0 on warning, 0 on success.
9602 */
9603static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
9604 struct proxy *defpx, const char *file, int line,
9605 char **err)
9606{
Willy Tarreau5db847a2019-05-09 14:13:35 +02009607#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009608 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01009609 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009610 return 0;
9611#else
9612 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
9613 return -1;
9614#endif
9615}
9616
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009617#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009618static int ssl_check_async_engine_count(void) {
9619 int err_code = 0;
9620
Emeric Brun3854e012017-05-17 20:42:48 +02009621 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01009622 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009623 err_code = ERR_ABORT;
9624 }
9625 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009626}
9627
Grant Zhang872f9c22017-01-21 01:10:18 +00009628/* parse the "ssl-engine" keyword in global section.
9629 * Returns <0 on alert, >0 on warning, 0 on success.
9630 */
9631static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9632 struct proxy *defpx, const char *file, int line,
9633 char **err)
9634{
9635 char *algo;
9636 int ret = -1;
9637
9638 if (*(args[1]) == 0) {
9639 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9640 return ret;
9641 }
9642
9643 if (*(args[2]) == 0) {
9644 /* if no list of algorithms is given, it defaults to ALL */
9645 algo = strdup("ALL");
9646 goto add_engine;
9647 }
9648
9649 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9650 if (strcmp(args[2], "algo") != 0) {
9651 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9652 return ret;
9653 }
9654
9655 if (*(args[3]) == 0) {
9656 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9657 return ret;
9658 }
9659 algo = strdup(args[3]);
9660
9661add_engine:
9662 if (ssl_init_single_engine(args[1], algo)==0) {
9663 openssl_engines_initialized++;
9664 ret = 0;
9665 }
9666 free(algo);
9667 return ret;
9668}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009669#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009670
Willy Tarreauf22e9682016-12-21 23:23:19 +01009671/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9672 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9673 */
9674static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9675 struct proxy *defpx, const char *file, int line,
9676 char **err)
9677{
9678 char **target;
9679
Willy Tarreauef934602016-12-22 23:12:01 +01009680 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009681
9682 if (too_many_args(1, args, err, NULL))
9683 return -1;
9684
9685 if (*(args[1]) == 0) {
9686 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9687 return -1;
9688 }
9689
9690 free(*target);
9691 *target = strdup(args[1]);
9692 return 0;
9693}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009694
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009695#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009696/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9697 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9698 */
9699static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9700 struct proxy *defpx, const char *file, int line,
9701 char **err)
9702{
9703 char **target;
9704
9705 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9706
9707 if (too_many_args(1, args, err, NULL))
9708 return -1;
9709
9710 if (*(args[1]) == 0) {
9711 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9712 return -1;
9713 }
9714
9715 free(*target);
9716 *target = strdup(args[1]);
9717 return 0;
9718}
9719#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009720
Willy Tarreau9ceda382016-12-21 23:13:03 +01009721/* parse various global tune.ssl settings consisting in positive integers.
9722 * Returns <0 on alert, >0 on warning, 0 on success.
9723 */
9724static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9725 struct proxy *defpx, const char *file, int line,
9726 char **err)
9727{
9728 int *target;
9729
9730 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9731 target = &global.tune.sslcachesize;
9732 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009733 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009734 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009735 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009736 else if (strcmp(args[0], "maxsslconn") == 0)
9737 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009738 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9739 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009740 else {
9741 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9742 return -1;
9743 }
9744
9745 if (too_many_args(1, args, err, NULL))
9746 return -1;
9747
9748 if (*(args[1]) == 0) {
9749 memprintf(err, "'%s' expects an integer argument.", args[0]);
9750 return -1;
9751 }
9752
9753 *target = atoi(args[1]);
9754 if (*target < 0) {
9755 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9756 return -1;
9757 }
9758 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009759}
9760
9761static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9762 struct proxy *defpx, const char *file, int line,
9763 char **err)
9764{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009765 int ret;
9766
9767 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9768 if (ret != 0)
9769 return ret;
9770
Willy Tarreaubafbe012017-11-24 17:34:44 +01009771 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009772 memprintf(err, "'%s' is already configured.", args[0]);
9773 return -1;
9774 }
9775
Willy Tarreaubafbe012017-11-24 17:34:44 +01009776 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9777 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009778 memprintf(err, "Out of memory error.");
9779 return -1;
9780 }
9781 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009782}
9783
9784/* parse "ssl.force-private-cache".
9785 * Returns <0 on alert, >0 on warning, 0 on success.
9786 */
9787static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9788 struct proxy *defpx, const char *file, int line,
9789 char **err)
9790{
9791 if (too_many_args(0, args, err, NULL))
9792 return -1;
9793
Willy Tarreauef934602016-12-22 23:12:01 +01009794 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009795 return 0;
9796}
9797
9798/* parse "ssl.lifetime".
9799 * Returns <0 on alert, >0 on warning, 0 on success.
9800 */
9801static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9802 struct proxy *defpx, const char *file, int line,
9803 char **err)
9804{
9805 const char *res;
9806
9807 if (too_many_args(1, args, err, NULL))
9808 return -1;
9809
9810 if (*(args[1]) == 0) {
9811 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9812 return -1;
9813 }
9814
Willy Tarreauef934602016-12-22 23:12:01 +01009815 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009816 if (res == PARSE_TIME_OVER) {
9817 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9818 args[1], args[0]);
9819 return -1;
9820 }
9821 else if (res == PARSE_TIME_UNDER) {
9822 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9823 args[1], args[0]);
9824 return -1;
9825 }
9826 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009827 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9828 return -1;
9829 }
9830 return 0;
9831}
9832
9833#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009834/* parse "ssl-dh-param-file".
9835 * Returns <0 on alert, >0 on warning, 0 on success.
9836 */
9837static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9838 struct proxy *defpx, const char *file, int line,
9839 char **err)
9840{
9841 if (too_many_args(1, args, err, NULL))
9842 return -1;
9843
9844 if (*(args[1]) == 0) {
9845 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9846 return -1;
9847 }
9848
9849 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9850 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9851 return -1;
9852 }
9853 return 0;
9854}
9855
Willy Tarreau9ceda382016-12-21 23:13:03 +01009856/* parse "ssl.default-dh-param".
9857 * Returns <0 on alert, >0 on warning, 0 on success.
9858 */
9859static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9860 struct proxy *defpx, const char *file, int line,
9861 char **err)
9862{
9863 if (too_many_args(1, args, err, NULL))
9864 return -1;
9865
9866 if (*(args[1]) == 0) {
9867 memprintf(err, "'%s' expects an integer argument.", args[0]);
9868 return -1;
9869 }
9870
Willy Tarreauef934602016-12-22 23:12:01 +01009871 global_ssl.default_dh_param = atoi(args[1]);
9872 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009873 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9874 return -1;
9875 }
9876 return 0;
9877}
9878#endif
9879
9880
William Lallemand32af2032016-10-29 18:09:35 +02009881/* This function is used with TLS ticket keys management. It permits to browse
9882 * each reference. The variable <getnext> must contain the current node,
9883 * <end> point to the root node.
9884 */
9885#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9886static inline
9887struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9888{
9889 struct tls_keys_ref *ref = getnext;
9890
9891 while (1) {
9892
9893 /* Get next list entry. */
9894 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9895
9896 /* If the entry is the last of the list, return NULL. */
9897 if (&ref->list == end)
9898 return NULL;
9899
9900 return ref;
9901 }
9902}
9903
9904static inline
9905struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9906{
9907 int id;
9908 char *error;
9909
9910 /* If the reference starts by a '#', this is numeric id. */
9911 if (reference[0] == '#') {
9912 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9913 id = strtol(reference + 1, &error, 10);
9914 if (*error != '\0')
9915 return NULL;
9916
9917 /* Perform the unique id lookup. */
9918 return tlskeys_ref_lookupid(id);
9919 }
9920
9921 /* Perform the string lookup. */
9922 return tlskeys_ref_lookup(reference);
9923}
9924#endif
9925
9926
9927#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9928
9929static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9930
9931static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9932 return cli_io_handler_tlskeys_files(appctx);
9933}
9934
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009935/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9936 * (next index to be dumped), and cli.p0 (next key reference).
9937 */
William Lallemand32af2032016-10-29 18:09:35 +02009938static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9939
9940 struct stream_interface *si = appctx->owner;
9941
9942 switch (appctx->st2) {
9943 case STAT_ST_INIT:
9944 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009945 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009946 * later and restart at the state "STAT_ST_INIT".
9947 */
9948 chunk_reset(&trash);
9949
9950 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9951 chunk_appendf(&trash, "# id secret\n");
9952 else
9953 chunk_appendf(&trash, "# id (file)\n");
9954
Willy Tarreau06d80a92017-10-19 14:32:15 +02009955 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009956 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009957 return 0;
9958 }
9959
William Lallemand32af2032016-10-29 18:09:35 +02009960 /* Now, we start the browsing of the references lists.
9961 * Note that the following call to LIST_ELEM return bad pointer. The only
9962 * available field of this pointer is <list>. It is used with the function
9963 * tlskeys_list_get_next() for retruning the first available entry
9964 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009965 if (appctx->ctx.cli.p0 == NULL) {
9966 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9967 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009968 }
9969
9970 appctx->st2 = STAT_ST_LIST;
9971 /* fall through */
9972
9973 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009974 while (appctx->ctx.cli.p0) {
9975 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009976
9977 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009978 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009979 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009980
9981 if (appctx->ctx.cli.i1 == 0)
9982 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9983
William Lallemand32af2032016-10-29 18:09:35 +02009984 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009985 int head;
9986
9987 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9988 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009989 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009990 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009991
9992 chunk_reset(t2);
9993 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009994 if (ref->key_size_bits == 128) {
9995 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9996 sizeof(struct tls_sess_key_128),
9997 t2->area, t2->size);
9998 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9999 t2->area);
10000 }
10001 else if (ref->key_size_bits == 256) {
10002 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
10003 sizeof(struct tls_sess_key_256),
10004 t2->area, t2->size);
10005 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
10006 t2->area);
10007 }
10008 else {
10009 /* This case should never happen */
10010 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
10011 }
William Lallemand32af2032016-10-29 18:09:35 +020010012
Willy Tarreau06d80a92017-10-19 14:32:15 +020010013 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +020010014 /* let's try again later from this stream. We add ourselves into
10015 * this stream's users so that it can remove us upon termination.
10016 */
Christopher Faulet16f45c82018-02-16 11:23:49 +010010017 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +010010018 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +020010019 return 0;
10020 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010021 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +020010022 }
Christopher Faulet16f45c82018-02-16 11:23:49 +010010023 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010024 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010025 }
Willy Tarreau06d80a92017-10-19 14:32:15 +020010026 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +020010027 /* let's try again later from this stream. We add ourselves into
10028 * this stream's users so that it can remove us upon termination.
10029 */
Willy Tarreaudb398432018-11-15 11:08:52 +010010030 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +020010031 return 0;
10032 }
10033
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010034 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +020010035 break;
10036
10037 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010038 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +020010039 }
10040
10041 appctx->st2 = STAT_ST_FIN;
10042 /* fall through */
10043
10044 default:
10045 appctx->st2 = STAT_ST_FIN;
10046 return 1;
10047 }
10048 return 0;
10049}
10050
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010051/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010052static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010053{
William Lallemand32af2032016-10-29 18:09:35 +020010054 /* no parameter, shows only file list */
10055 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010056 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +020010057 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +010010058 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010059 }
10060
10061 if (args[2][0] == '*') {
10062 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010063 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +020010064 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010065 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
Willy Tarreau9d008692019-08-09 11:21:01 +020010066 if (!appctx->ctx.cli.p0)
10067 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +020010068 }
William Lallemand32af2032016-10-29 18:09:35 +020010069 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +010010070 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010071}
10072
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010073static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010074{
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010075 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010076 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010077
William Lallemand32af2032016-10-29 18:09:35 +020010078 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010079 if (!*args[3] || !*args[4])
10080 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010081
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010082 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +020010083 if (!ref)
10084 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +020010085
Willy Tarreau1c913e42018-08-22 05:26:57 +020010086 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010087 if (ret < 0)
10088 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +010010089
Willy Tarreau1c913e42018-08-22 05:26:57 +020010090 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +020010091 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
10092 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010093
Willy Tarreau9d008692019-08-09 11:21:01 +020010094 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010095}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010010096#endif
William Lallemand32af2032016-10-29 18:09:35 +020010097
William Lallemand44b35322019-10-17 16:28:40 +020010098
10099/* Type of SSL payloads that can be updated over the CLI */
10100
10101enum {
10102 CERT_TYPE_PEM = 0,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010103#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010104 CERT_TYPE_OCSP,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010105#endif
William Lallemand44b35322019-10-17 16:28:40 +020010106 CERT_TYPE_ISSUER,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010107#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010108 CERT_TYPE_SCTL,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010109#endif
William Lallemand44b35322019-10-17 16:28:40 +020010110 CERT_TYPE_MAX,
10111};
10112
10113struct {
10114 const char *ext;
10115 int type;
10116 int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err);
10117 /* add a parsing callback */
William Lallemandf29cdef2019-10-23 15:00:52 +020010118} cert_exts[CERT_TYPE_MAX+1] = {
William Lallemand44b35322019-10-17 16:28:40 +020010119 [CERT_TYPE_PEM] = { "", CERT_TYPE_PEM, &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */
William Lallemand541a5342019-10-23 14:11:54 +020010120#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010121 [CERT_TYPE_OCSP] = { "ocsp", CERT_TYPE_OCSP, &ssl_sock_load_ocsp_response_from_file },
William Lallemand541a5342019-10-23 14:11:54 +020010122#endif
10123#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010124 [CERT_TYPE_SCTL] = { "sctl", CERT_TYPE_SCTL, &ssl_sock_load_sctl_from_file },
William Lallemand541a5342019-10-23 14:11:54 +020010125#endif
William Lallemand44b35322019-10-17 16:28:40 +020010126 [CERT_TYPE_ISSUER] = { "issuer", CERT_TYPE_ISSUER, &ssl_sock_load_issuer_file_into_ckch },
William Lallemandf29cdef2019-10-23 15:00:52 +020010127 [CERT_TYPE_MAX] = { NULL, CERT_TYPE_MAX, NULL },
William Lallemand44b35322019-10-17 16:28:40 +020010128};
10129
William Lallemand430413e2019-10-28 14:30:47 +010010130/* states of the CLI IO handler for 'set ssl cert' */
10131enum {
10132 SETCERT_ST_INIT = 0,
10133 SETCERT_ST_GEN,
10134 SETCERT_ST_INSERT,
10135 SETCERT_ST_FIN,
10136};
William Lallemand8f840d72019-10-23 10:53:05 +020010137
William Lallemand430413e2019-10-28 14:30:47 +010010138/* release function of the `set ssl cert' command, free things and unlock the spinlock */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010139static void cli_release_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010140{
10141 struct ckch_store *new_ckchs;
10142 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010143
William Lallemand430413e2019-10-28 14:30:47 +010010144 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand8f840d72019-10-23 10:53:05 +020010145
William Lallemand430413e2019-10-28 14:30:47 +010010146 if (appctx->st2 != SETCERT_ST_FIN) {
William Lallemand8f840d72019-10-23 10:53:05 +020010147 /* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
William Lallemandbeea2a42019-10-30 17:45:33 +010010148 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010149
William Lallemandbeea2a42019-10-30 17:45:33 +010010150 if (!new_ckchs)
10151 return;
William Lallemand8f840d72019-10-23 10:53:05 +020010152
William Lallemandbeea2a42019-10-30 17:45:33 +010010153 /* if the allocation failed, we need to free everything from the temporary list */
10154 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10155 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010156
William Lallemandbeea2a42019-10-30 17:45:33 +010010157 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10158 if (sc0->order == 0) /* we only free if it's the first inserted */
10159 SSL_CTX_free(sc0->ctx);
10160 LIST_DEL(&sc0->by_ckch_inst);
10161 free(sc0);
William Lallemand8f840d72019-10-23 10:53:05 +020010162 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010163 LIST_DEL(&ckchi->by_ckchs);
10164 free(ckchi);
William Lallemand8f840d72019-10-23 10:53:05 +020010165 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010166 ckchs_free(new_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010167 }
10168}
10169
10170
10171/*
10172 * This function tries to create the new ckch_inst and their SNIs
10173 */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010174static int cli_io_handler_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010175{
10176 struct stream_interface *si = appctx->owner;
10177 int y = 0;
10178 char *err = NULL;
10179 int errcode = 0;
10180 struct ckch_store *old_ckchs, *new_ckchs = NULL;
10181 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010182 struct buffer *trash = alloc_trash_chunk();
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010183 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010184
William Lallemand33cc76f2019-10-31 11:43:45 +010010185 if (trash == NULL)
10186 goto error;
10187
William Lallemand8f840d72019-10-23 10:53:05 +020010188 if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
10189 goto error;
10190
William Lallemand430413e2019-10-28 14:30:47 +010010191 while (1) {
10192 switch (appctx->st2) {
10193 case SETCERT_ST_INIT:
10194 /* This state just print the update message */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010195 chunk_printf(trash, "Committing %s", ckchs_transaction.path);
William Lallemand430413e2019-10-28 14:30:47 +010010196 if (ci_putchk(si_ic(si), trash) == -1) {
10197 si_rx_room_blk(si);
William Lallemand8f840d72019-10-23 10:53:05 +020010198 goto yield;
William Lallemand430413e2019-10-28 14:30:47 +010010199 }
10200 appctx->st2 = SETCERT_ST_GEN;
10201 /* fallthrough */
10202 case SETCERT_ST_GEN:
10203 /*
10204 * This state generates the ckch instances with their
10205 * sni_ctxs and SSL_CTX.
10206 *
William Lallemand430413e2019-10-28 14:30:47 +010010207 * Since the SSL_CTX generation can be CPU consumer, we
10208 * yield every 10 instances.
10209 */
William Lallemand8f840d72019-10-23 10:53:05 +020010210
William Lallemandbeea2a42019-10-30 17:45:33 +010010211 old_ckchs = appctx->ctx.ssl.old_ckchs;
10212 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010213
William Lallemandbeea2a42019-10-30 17:45:33 +010010214 if (!new_ckchs)
10215 continue;
William Lallemand8f840d72019-10-23 10:53:05 +020010216
William Lallemandbeea2a42019-10-30 17:45:33 +010010217 /* get the next ckchi to regenerate */
10218 ckchi = appctx->ctx.ssl.next_ckchi;
10219 /* we didn't start yet, set it to the first elem */
10220 if (ckchi == NULL)
10221 ckchi = LIST_ELEM(old_ckchs->ckch_inst.n, typeof(ckchi), by_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010222
William Lallemandbeea2a42019-10-30 17:45:33 +010010223 /* walk through the old ckch_inst and creates new ckch_inst using the updated ckchs */
10224 list_for_each_entry_from(ckchi, &old_ckchs->ckch_inst, by_ckchs) {
10225 struct ckch_inst *new_inst;
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010226 int verify = 0;
William Lallemand8f840d72019-10-23 10:53:05 +020010227
William Lallemandbeea2a42019-10-30 17:45:33 +010010228 /* it takes a lot of CPU to creates SSL_CTXs, so we yield every 10 CKCH instances */
10229 if (y >= 10) {
10230 /* save the next ckchi to compute */
10231 appctx->ctx.ssl.next_ckchi = ckchi;
10232 goto yield;
10233 }
William Lallemand8f840d72019-10-23 10:53:05 +020010234
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010235 /* prevent ssl_sock_prepare_ctx() to do file access which is only for verify (crl/ca file) */
10236 verify = (ckchi->ssl_conf && ckchi->ssl_conf->verify) ? ckchi->ssl_conf->verify : ckchi->bind_conf->ssl_conf.verify;
10237 if (verify & SSL_VERIFY_PEER) {
10238 memprintf(&err, "%sCan't commit a certificate which use the 'verify' bind SSL option [%s:%d]\n", err ? err : "", ckchi->bind_conf->file, ckchi->bind_conf->line);
10239 errcode |= ERR_FATAL | ERR_ABORT;
10240 goto error;
10241 }
10242
10243
William Lallemandbeea2a42019-10-30 17:45:33 +010010244 if (new_ckchs->multi)
10245 errcode |= ckch_inst_new_load_multi_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
10246 else
10247 errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
William Lallemand8f840d72019-10-23 10:53:05 +020010248
William Lallemandbeea2a42019-10-30 17:45:33 +010010249 if (errcode & ERR_CODE)
10250 goto error;
William Lallemand8f840d72019-10-23 10:53:05 +020010251
William Lallemand21724f02019-11-04 17:56:13 +010010252 /* if the previous ckchi was used as the default */
10253 if (ckchi->is_default)
10254 new_inst->is_default = 1;
10255
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010256 /* we need to initialize the SSL_CTX generated */
10257 /* TODO: the prepare_ctx function need to be reworked to be safer there */
10258 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10259 if (!sc0->order) { /* we initiliazed only the first SSL_CTX because it's the same in the other sni_ctx's */
10260 errcode |= ssl_sock_prepare_ctx(ckchi->bind_conf, ckchi->ssl_conf, sc0->ctx, &err);
10261 if (errcode & ERR_CODE)
10262 goto error;
10263 }
10264 }
10265
10266
William Lallemandbeea2a42019-10-30 17:45:33 +010010267 /* display one dot per new instance */
10268 chunk_appendf(trash, ".");
10269 /* link the new ckch_inst to the duplicate */
10270 LIST_ADDQ(&new_ckchs->ckch_inst, &new_inst->by_ckchs);
10271 y++;
10272 }
William Lallemand430413e2019-10-28 14:30:47 +010010273 appctx->st2 = SETCERT_ST_INSERT;
10274 /* fallthrough */
10275 case SETCERT_ST_INSERT:
10276 /* The generation is finished, we can insert everything */
William Lallemand8f840d72019-10-23 10:53:05 +020010277
William Lallemandbeea2a42019-10-30 17:45:33 +010010278 old_ckchs = appctx->ctx.ssl.old_ckchs;
10279 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010280
William Lallemandbeea2a42019-10-30 17:45:33 +010010281 if (!new_ckchs)
10282 continue;
William Lallemand430413e2019-10-28 14:30:47 +010010283
William Lallemand21724f02019-11-04 17:56:13 +010010284 /* First, we insert every new SNIs in the trees, also replace the default_ctx */
William Lallemandbeea2a42019-10-30 17:45:33 +010010285 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10286 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10287 ssl_sock_load_cert_sni(ckchi, ckchi->bind_conf);
10288 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10289 }
William Lallemand8f840d72019-10-23 10:53:05 +020010290
William Lallemandbeea2a42019-10-30 17:45:33 +010010291 /* delete the old sni_ctx, the old ckch_insts and the ckch_store */
10292 list_for_each_entry_safe(ckchi, ckchis, &old_ckchs->ckch_inst, by_ckchs) {
William Lallemand430413e2019-10-28 14:30:47 +010010293
William Lallemandbeea2a42019-10-30 17:45:33 +010010294 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10295 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10296 ebmb_delete(&sc0->name);
10297 LIST_DEL(&sc0->by_ckch_inst);
10298 free(sc0);
William Lallemand430413e2019-10-28 14:30:47 +010010299 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010300 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10301 LIST_DEL(&ckchi->by_ckchs);
10302 free(ckchi);
10303 }
William Lallemand8f840d72019-10-23 10:53:05 +020010304
William Lallemandbeea2a42019-10-30 17:45:33 +010010305 /* Replace the old ckchs by the new one */
10306 ebmb_delete(&old_ckchs->node);
10307 ckchs_free(old_ckchs);
10308 ebst_insert(&ckchs_tree, &new_ckchs->node);
William Lallemand430413e2019-10-28 14:30:47 +010010309 appctx->st2 = SETCERT_ST_FIN;
10310 /* fallthrough */
10311 case SETCERT_ST_FIN:
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010312 /* we achieved the transaction, we can set everything to NULL */
10313 free(ckchs_transaction.path);
10314 ckchs_transaction.path = NULL;
10315 ckchs_transaction.new_ckchs = NULL;
10316 ckchs_transaction.old_ckchs = NULL;
William Lallemand430413e2019-10-28 14:30:47 +010010317 goto end;
10318 }
William Lallemand8f840d72019-10-23 10:53:05 +020010319 }
William Lallemand430413e2019-10-28 14:30:47 +010010320end:
William Lallemand8f840d72019-10-23 10:53:05 +020010321
William Lallemanded442432019-11-21 16:41:07 +010010322 chunk_appendf(trash, "\n");
10323 if (errcode & ERR_WARN)
Tim Duesterhusc0e820c2019-11-23 23:52:30 +010010324 chunk_appendf(trash, "%s", err);
William Lallemanded442432019-11-21 16:41:07 +010010325 chunk_appendf(trash, "Success!\n");
William Lallemand430413e2019-10-28 14:30:47 +010010326 if (ci_putchk(si_ic(si), trash) == -1)
10327 si_rx_room_blk(si);
10328 free_trash_chunk(trash);
10329 /* success: call the release function and don't come back */
10330 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010331yield:
10332 /* store the state */
10333 if (ci_putchk(si_ic(si), trash) == -1)
10334 si_rx_room_blk(si);
10335 free_trash_chunk(trash);
10336 si_rx_endp_more(si); /* let's come back later */
William Lallemand8f840d72019-10-23 10:53:05 +020010337 return 0; /* should come back */
10338
10339error:
10340 /* spin unlock and free are done in the release function */
William Lallemand33cc76f2019-10-31 11:43:45 +010010341 if (trash) {
10342 chunk_appendf(trash, "\n%sFailed!\n", err);
10343 if (ci_putchk(si_ic(si), trash) == -1)
10344 si_rx_room_blk(si);
10345 free_trash_chunk(trash);
10346 }
William Lallemand430413e2019-10-28 14:30:47 +010010347 /* error: call the release function and don't come back */
10348 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010349}
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010350
10351/*
10352 * Parsing function of 'commit ssl cert'
10353 */
10354static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appctx, void *private)
10355{
10356 char *err = NULL;
10357
William Lallemand230662a2019-12-03 13:32:54 +010010358 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10359 return 1;
10360
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010361 if (!*args[3])
10362 return cli_err(appctx, "'commit ssl cert expects a filename\n");
10363
10364 /* The operations on the CKCH architecture are locked so we can
10365 * manipulate ckch_store and ckch_inst */
10366 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10367 return cli_err(appctx, "Can't commit the certificate!\nOperations on certificates are currently locked!\n");
10368
10369 if (!ckchs_transaction.path) {
10370 memprintf(&err, "No ongoing transaction! !\n");
10371 goto error;
10372 }
10373
10374 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10375 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, args[3]);
10376 goto error;
10377 }
10378
10379 /* init the appctx structure */
10380 appctx->st2 = SETCERT_ST_INIT;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010381 appctx->ctx.ssl.next_ckchi = NULL;
10382 appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs;
10383 appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs;
10384
10385 /* we don't unlock there, it will be unlock after the IO handler, in the release handler */
10386 return 0;
10387
10388error:
10389
10390 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10391 err = memprintf(&err, "%sCan't commit %s!\n", err ? err : "", args[3]);
10392
10393 return cli_dynerr(appctx, err);
10394}
10395
10396
William Lallemand8f840d72019-10-23 10:53:05 +020010397/*
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010398 * Parsing function of `set ssl cert`, it updates or creates a temporary ckch.
William Lallemand8f840d72019-10-23 10:53:05 +020010399 */
William Lallemand150bfa82019-09-19 17:12:49 +020010400static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, void *private)
10401{
William Lallemand0c3b7d92019-10-18 11:27:07 +020010402 struct ckch_store *new_ckchs = NULL;
William Lallemand8f840d72019-10-23 10:53:05 +020010403 struct ckch_store *old_ckchs = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010404 char *err = NULL;
William Lallemand963b2e72019-10-14 11:38:36 +020010405 int i;
William Lallemand849eed62019-10-17 16:23:50 +020010406 int bundle = -1; /* TRUE if >= 0 (ckch index) */
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010407 int errcode = 0;
William Lallemand44b35322019-10-17 16:28:40 +020010408 char *end;
10409 int type = CERT_TYPE_PEM;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010410 struct cert_key_and_chain *ckch;
10411 struct buffer *buf;
William Lallemand8f840d72019-10-23 10:53:05 +020010412
William Lallemand230662a2019-12-03 13:32:54 +010010413 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10414 return 1;
10415
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010416 if ((buf = alloc_trash_chunk()) == NULL)
10417 return cli_err(appctx, "Can't allocate memory\n");
William Lallemand150bfa82019-09-19 17:12:49 +020010418
10419 if (!*args[3] || !payload)
10420 return cli_err(appctx, "'set ssl cert expects a filename and a certificat as a payload\n");
10421
10422 /* The operations on the CKCH architecture are locked so we can
10423 * manipulate ckch_store and ckch_inst */
10424 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10425 return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
10426
William Lallemand8f840d72019-10-23 10:53:05 +020010427 if (!chunk_strcpy(buf, args[3])) {
10428 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10429 errcode |= ERR_ALERT | ERR_FATAL;
10430 goto end;
10431 }
10432
William Lallemand44b35322019-10-17 16:28:40 +020010433 /* check which type of file we want to update */
William Lallemandf29cdef2019-10-23 15:00:52 +020010434 for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) {
William Lallemand8f840d72019-10-23 10:53:05 +020010435 end = strrchr(buf->area, '.');
William Lallemand44b35322019-10-17 16:28:40 +020010436 if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) {
10437 *end = '\0';
10438 type = cert_exts[i].type;
10439 break;
10440 }
10441 }
10442
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010443 appctx->ctx.ssl.old_ckchs = NULL;
10444 appctx->ctx.ssl.new_ckchs = NULL;
William Lallemand849eed62019-10-17 16:23:50 +020010445
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010446 /* if there is an ongoing transaction */
10447 if (ckchs_transaction.path) {
10448 /* if the ongoing transaction is a bundle, we need to find which part of the bundle need to be updated */
William Lallemand963b2e72019-10-14 11:38:36 +020010449#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010450 if (ckchs_transaction.new_ckchs->multi) {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010451 char *end;
William Lallemand963b2e72019-10-14 11:38:36 +020010452 int j;
William Lallemand150bfa82019-09-19 17:12:49 +020010453
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010454 /* check if it was used in a bundle by removing the
William Lallemand963b2e72019-10-14 11:38:36 +020010455 * .dsa/.rsa/.ecdsa at the end of the filename */
William Lallemand8f840d72019-10-23 10:53:05 +020010456 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010457 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemand963b2e72019-10-14 11:38:36 +020010458 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10459 bundle = j; /* keep the type of certificate so we insert it at the right place */
10460 *end = '\0'; /* it's a bundle let's end the string*/
10461 break;
10462 }
William Lallemand150bfa82019-09-19 17:12:49 +020010463 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010464 if (bundle < 0) {
10465 memprintf(&err, "The ongoing transaction is the '%s' bundle. You need to specify which part of the bundle you want to update ('%s.{rsa,ecdsa,dsa}')\n", ckchs_transaction.path, buf->area);
10466 errcode |= ERR_ALERT | ERR_FATAL;
10467 goto end;
10468 }
10469 }
10470#endif
10471
10472 /* if there is an ongoing transaction, check if this is the same file */
10473 if (strcmp(ckchs_transaction.path, buf->area) != 0) {
10474 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, buf->area);
10475 errcode |= ERR_ALERT | ERR_FATAL;
10476 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010477 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010478
10479 appctx->ctx.ssl.old_ckchs = ckchs_transaction.new_ckchs;
10480
10481 } else {
10482 struct ckch_store *find_ckchs[2] = { NULL, NULL };
10483
10484 /* lookup for the certificate in the tree:
10485 * check if this is used as a bundle AND as a unique certificate */
10486 for (i = 0; i < 2; i++) {
10487
10488 if ((find_ckchs[i] = ckchs_lookup(buf->area)) != NULL) {
10489 /* only the bundle name is in the tree and you should
10490 * never update a bundle name, only a filename */
10491 if (bundle < 0 && find_ckchs[i]->multi) {
10492 /* we tried to look for a non-bundle and we found a bundle */
10493 memprintf(&err, "%s%s is a multi-cert bundle. Try updating %s.{dsa,rsa,ecdsa}\n",
10494 err ? err : "", args[3], args[3]);
10495 errcode |= ERR_ALERT | ERR_FATAL;
10496 goto end;
10497 }
William Lallemand3246d942019-11-04 14:02:11 +010010498 /* If we want a bundle but this is not a bundle
10499 * example: When you try to update <file>.rsa, but
10500 * <file> is a regular file */
10501 if (bundle >= 0 && find_ckchs[i]->multi == 0) {
10502 find_ckchs[i] = NULL;
10503 break;
10504 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010505 }
10506#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
10507 {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010508 char *end;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010509 int j;
10510
10511 /* check if it was used in a bundle by removing the
10512 * .dsa/.rsa/.ecdsa at the end of the filename */
10513 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010514 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010515 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10516 bundle = j; /* keep the type of certificate so we insert it at the right place */
10517 *end = '\0'; /* it's a bundle let's end the string*/
10518 break;
10519 }
10520 }
William Lallemand37031b82019-11-04 13:38:53 +010010521 if (bundle < 0) /* we didn't find a bundle extension */
10522 break;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010523 }
William Lallemand963b2e72019-10-14 11:38:36 +020010524#else
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010525 /* bundles are not supported here, so we don't need to lookup again */
10526 break;
William Lallemand963b2e72019-10-14 11:38:36 +020010527#endif
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010528 }
10529
10530 if (find_ckchs[0] && find_ckchs[1]) {
10531 memprintf(&err, "%sUpdating a certificate which is used in the HAProxy configuration as a bundle and as a unique certificate is not supported. ('%s' and '%s')\n",
10532 err ? err : "", find_ckchs[0]->path, find_ckchs[1]->path);
10533 errcode |= ERR_ALERT | ERR_FATAL;
10534 goto end;
10535 }
10536
10537 appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
William Lallemand150bfa82019-09-19 17:12:49 +020010538 }
10539
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010540 if (!appctx->ctx.ssl.old_ckchs) {
10541 memprintf(&err, "%sCan't replace a certificate which is not referenced by the configuration!\n",
William Lallemand150bfa82019-09-19 17:12:49 +020010542 err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010543 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand8f840d72019-10-23 10:53:05 +020010544 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010545 }
10546
William Lallemand8a7fdf02019-11-04 10:59:32 +010010547 if (!appctx->ctx.ssl.path) {
10548 /* this is a new transaction, set the path of the transaction */
10549 appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
10550 if (!appctx->ctx.ssl.path) {
10551 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10552 errcode |= ERR_ALERT | ERR_FATAL;
10553 goto end;
10554 }
10555 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010556
10557 old_ckchs = appctx->ctx.ssl.old_ckchs;
10558
10559 /* TODO: handle filters */
10560 if (old_ckchs->filters) {
10561 memprintf(&err, "%sCertificates used in crt-list with filters are not supported!\n",
10562 err ? err : "");
10563 errcode |= ERR_ALERT | ERR_FATAL;
10564 goto end;
10565 }
10566
10567 /* duplicate the ckch store */
10568 new_ckchs = ckchs_dup(old_ckchs);
10569 if (!new_ckchs) {
10570 memprintf(&err, "%sCannot allocate memory!\n",
10571 err ? err : "");
10572 errcode |= ERR_ALERT | ERR_FATAL;
10573 goto end;
10574 }
10575
10576 if (!new_ckchs->multi)
10577 ckch = new_ckchs->ckch;
10578 else
10579 ckch = &new_ckchs->ckch[bundle];
10580
10581 /* appply the change on the duplicate */
10582 if (cert_exts[type].load(buf->area, payload, ckch, &err) != 0) {
10583 memprintf(&err, "%sCan't load the payload\n", err ? err : "");
10584 errcode |= ERR_ALERT | ERR_FATAL;
10585 goto end;
10586 }
10587
10588 appctx->ctx.ssl.new_ckchs = new_ckchs;
10589
10590 /* we succeed, we can save the ckchs in the transaction */
10591
10592 /* if there wasn't a transaction, update the old ckchs */
William Dauchyc8bb1532019-11-24 15:04:20 +010010593 if (!ckchs_transaction.old_ckchs) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010594 ckchs_transaction.old_ckchs = appctx->ctx.ssl.old_ckchs;
10595 ckchs_transaction.path = appctx->ctx.ssl.path;
10596 err = memprintf(&err, "Transaction created for certificate %s!\n", ckchs_transaction.path);
10597 } else {
10598 err = memprintf(&err, "Transaction updated for certificate %s!\n", ckchs_transaction.path);
10599
10600 }
10601
10602 /* free the previous ckchs if there was a transaction */
10603 ckchs_free(ckchs_transaction.new_ckchs);
10604
10605 ckchs_transaction.new_ckchs = appctx->ctx.ssl.new_ckchs;
10606
10607
William Lallemand8f840d72019-10-23 10:53:05 +020010608 /* creates the SNI ctxs later in the IO handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010609
William Lallemand8f840d72019-10-23 10:53:05 +020010610end:
10611 free_trash_chunk(buf);
William Lallemand150bfa82019-09-19 17:12:49 +020010612
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010613 if (errcode & ERR_CODE) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010614
10615 ckchs_free(appctx->ctx.ssl.new_ckchs);
10616 appctx->ctx.ssl.new_ckchs = NULL;
10617
10618 appctx->ctx.ssl.old_ckchs = NULL;
10619
10620 free(appctx->ctx.ssl.path);
10621 appctx->ctx.ssl.path = NULL;
10622
10623 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand44b35322019-10-17 16:28:40 +020010624 return cli_dynerr(appctx, memprintf(&err, "%sCan't update %s!\n", err ? err : "", args[3]));
William Lallemand430413e2019-10-28 14:30:47 +010010625 } else {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010626
10627 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10628 return cli_dynmsg(appctx, LOG_NOTICE, err);
William Lallemand430413e2019-10-28 14:30:47 +010010629 }
William Lallemand8f840d72019-10-23 10:53:05 +020010630 /* TODO: handle the ERR_WARN which are not handled because of the io_handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010631}
10632
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010633/* parsing function of 'abort ssl cert' */
10634static int cli_parse_abort_cert(char **args, char *payload, struct appctx *appctx, void *private)
10635{
10636 char *err = NULL;
10637
William Lallemand230662a2019-12-03 13:32:54 +010010638 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10639 return 1;
10640
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010641 if (!*args[3])
10642 return cli_err(appctx, "'abort ssl cert' expects a filename\n");
10643
10644 /* The operations on the CKCH architecture are locked so we can
10645 * manipulate ckch_store and ckch_inst */
10646 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10647 return cli_err(appctx, "Can't abort!\nOperations on certificates are currently locked!\n");
10648
10649 if (!ckchs_transaction.path) {
10650 memprintf(&err, "No ongoing transaction!\n");
10651 goto error;
10652 }
10653
10654 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10655 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to abort a transaction for '%s'\n", ckchs_transaction.path, args[3]);
10656 goto error;
10657 }
10658
10659 /* Only free the ckchs there, because the SNI and instances were not generated yet */
10660 ckchs_free(ckchs_transaction.new_ckchs);
10661 ckchs_transaction.new_ckchs = NULL;
10662 ckchs_free(ckchs_transaction.old_ckchs);
10663 ckchs_transaction.old_ckchs = NULL;
10664 free(ckchs_transaction.path);
10665 ckchs_transaction.path = NULL;
10666
10667 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10668
10669 err = memprintf(&err, "Transaction aborted for certificate '%s'!\n", args[3]);
10670 return cli_dynmsg(appctx, LOG_NOTICE, err);
10671
10672error:
10673 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10674
10675 return cli_dynerr(appctx, err);
10676}
10677
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010678static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010679{
10680#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
10681 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010682 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010683
10684 if (!payload)
10685 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +020010686
10687 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010688 if (!*payload)
10689 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010690
10691 /* remove \r and \n from the payload */
10692 for (i = 0, j = 0; payload[i]; i++) {
10693 if (payload[i] == '\r' || payload[i] == '\n')
10694 continue;
10695 payload[j++] = payload[i];
10696 }
10697 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010698
Willy Tarreau1c913e42018-08-22 05:26:57 +020010699 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010700 if (ret < 0)
10701 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010702
Willy Tarreau1c913e42018-08-22 05:26:57 +020010703 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +020010704 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +020010705 if (err)
10706 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
10707 else
10708 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010709 }
Willy Tarreau9d008692019-08-09 11:21:01 +020010710
10711 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010712#else
Willy Tarreau9d008692019-08-09 11:21:01 +020010713 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010714#endif
10715
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010716}
10717
Willy Tarreau86a394e2019-05-09 14:15:32 +020010718#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010719static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
10720{
10721 switch (arg->type) {
10722 case ARGT_STR:
10723 smp->data.type = SMP_T_STR;
10724 smp->data.u.str = arg->data.str;
10725 return 1;
10726 case ARGT_VAR:
10727 if (!vars_get_by_desc(&arg->data.var, smp))
10728 return 0;
10729 if (!sample_casts[smp->data.type][SMP_T_STR])
10730 return 0;
10731 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
10732 return 0;
10733 return 1;
10734 default:
10735 return 0;
10736 }
10737}
10738
10739static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
10740 const char *file, int line, char **err)
10741{
10742 switch(args[0].data.sint) {
10743 case 128:
10744 case 192:
10745 case 256:
10746 break;
10747 default:
10748 memprintf(err, "key size must be 128, 192 or 256 (bits).");
10749 return 0;
10750 }
10751 /* Try to decode a variable. */
10752 vars_check_arg(&args[1], NULL);
10753 vars_check_arg(&args[2], NULL);
10754 vars_check_arg(&args[3], NULL);
10755 return 1;
10756}
10757
10758/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
10759static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
10760{
10761 struct sample nonce, key, aead_tag;
10762 struct buffer *smp_trash, *smp_trash_alloc;
10763 EVP_CIPHER_CTX *ctx;
10764 int dec_size, ret;
10765
10766 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
10767 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
10768 return 0;
10769
10770 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
10771 if (!sample_conv_var2smp_str(&arg_p[2], &key))
10772 return 0;
10773
10774 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
10775 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
10776 return 0;
10777
10778 smp_trash = get_trash_chunk();
10779 smp_trash_alloc = alloc_trash_chunk();
10780 if (!smp_trash_alloc)
10781 return 0;
10782
10783 ctx = EVP_CIPHER_CTX_new();
10784
10785 if (!ctx)
10786 goto err;
10787
10788 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
10789 if (dec_size < 0)
10790 goto err;
10791 smp_trash->data = dec_size;
10792
10793 /* Set cipher type and mode */
10794 switch(arg_p[0].data.sint) {
10795 case 128:
10796 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
10797 break;
10798 case 192:
10799 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
10800 break;
10801 case 256:
10802 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
10803 break;
10804 }
10805
10806 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
10807
10808 /* Initialise IV */
10809 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
10810 goto err;
10811
10812 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
10813 if (dec_size < 0)
10814 goto err;
10815 smp_trash->data = dec_size;
10816
10817 /* Initialise key */
10818 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
10819 goto err;
10820
10821 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
10822 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
10823 goto err;
10824
10825 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
10826 if (dec_size < 0)
10827 goto err;
10828 smp_trash_alloc->data = dec_size;
10829 dec_size = smp_trash->data;
10830
10831 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
10832 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
10833
10834 if (ret <= 0)
10835 goto err;
10836
10837 smp->data.u.str.data = dec_size + smp_trash->data;
10838 smp->data.u.str.area = smp_trash->area;
10839 smp->data.type = SMP_T_BIN;
10840 smp->flags &= ~SMP_F_CONST;
10841 free_trash_chunk(smp_trash_alloc);
10842 return 1;
10843
10844err:
10845 free_trash_chunk(smp_trash_alloc);
10846 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010847}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010848# endif
William Lallemand32af2032016-10-29 18:09:35 +020010849
10850/* register cli keywords */
10851static struct cli_kw_list cli_kws = {{ },{
10852#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10853 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +020010854 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +020010855#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010010856 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010857 { { "set", "ssl", "cert", NULL }, "set ssl cert <certfile> <payload> : replace a certificate file", cli_parse_set_cert, NULL, NULL },
10858 { { "commit", "ssl", "cert", NULL }, "commit ssl cert <certfile> : commit a certificate file", cli_parse_commit_cert, cli_io_handler_commit_cert, cli_release_commit_cert },
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010859 { { "abort", "ssl", "cert", NULL }, "abort ssl cert <certfile> : abort a transaction for a certificate file", cli_parse_abort_cert, NULL, NULL },
William Lallemand32af2032016-10-29 18:09:35 +020010860 { { NULL }, NULL, NULL, NULL }
10861}};
10862
Willy Tarreau0108d902018-11-25 19:14:37 +010010863INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +020010864
Willy Tarreau7875d092012-09-10 08:20:03 +020010865/* Note: must not be declared <const> as its list will be overwritten.
10866 * Please take care of keeping this list alphabetically sorted.
10867 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010868static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +020010869 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010870 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010871#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +010010872 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010873#endif
Emeric Brun645ae792014-04-30 14:21:06 +020010874 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010010875#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
10876 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
10877#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +010010878 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +020010879 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +020010880 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010881 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010882#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +020010883 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -040010884#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010885#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040010886 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
10887 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -040010888 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
10889#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010890 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
10891 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010010892 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010893 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020010894 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10895 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10896 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10897 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10898 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10899 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10900 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10901 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010902 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010903 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
10904 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010010905 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020010906 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10907 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10908 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10909 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10910 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10911 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
10912 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +020010913 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010914 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010915 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010916 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010917 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010918 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010919 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010010920 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +020010921 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +010010922#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010923 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +020010924#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +010010925#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010926 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +020010927#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010928 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010929#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +020010930 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010931#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020010932 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010933#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010934 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010935#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010936#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040010937 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10938 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -040010939 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10940#endif
Patrick Hemmer41966772018-04-28 19:15:48 -040010941#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010942 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040010943#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010010944 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10945 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
10946 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
10947 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +020010948 { NULL, NULL, 0, 0, 0 },
10949}};
10950
Willy Tarreau0108d902018-11-25 19:14:37 +010010951INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
10952
Willy Tarreau7875d092012-09-10 08:20:03 +020010953/* Note: must not be declared <const> as its list will be overwritten.
10954 * Please take care of keeping this list alphabetically sorted.
10955 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010956static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010957 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
10958 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +010010959 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +020010960}};
10961
Willy Tarreau0108d902018-11-25 19:14:37 +010010962INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
10963
Willy Tarreau79eeafa2012-09-14 07:53:05 +020010964/* Note: must not be declared <const> as its list will be overwritten.
10965 * Please take care of keeping this list alphabetically sorted, doing so helps
10966 * all code contributors.
10967 * Optional keywords are also declared with a NULL ->parse() function so that
10968 * the config parser can report an appropriate error when a known keyword was
10969 * not enabled.
10970 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010971static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +020010972 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010973 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
10974 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
10975 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010976#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010977 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
10978#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010979 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +010010980 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010981 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020010982 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010983 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +020010984 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
10985 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010010986 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
10987 { NULL, NULL, 0 },
10988};
10989
Willy Tarreau0108d902018-11-25 19:14:37 +010010990/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
10991
Willy Tarreau51fb7652012-09-18 18:24:39 +020010992static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +020010993 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020010994 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
10995 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
10996 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
10997 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
10998 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
10999 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011000#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011001 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
11002#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011003 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
11004 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
11005 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
11006 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
11007 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
11008 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
11009 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
11010 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
11011 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
11012 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020011013 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011014 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020011015 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011016 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
11017 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
11018 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
11019 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020011020 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011021 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
11022 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011023 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
11024 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011025 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
11026 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
11027 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
11028 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
11029 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +020011030 { NULL, NULL, 0 },
11031}};
Emeric Brun46591952012-05-18 15:47:34 +020011032
Willy Tarreau0108d902018-11-25 19:14:37 +010011033INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
11034
Willy Tarreau92faadf2012-10-10 23:04:25 +020011035/* Note: must not be declared <const> as its list will be overwritten.
11036 * Please take care of keeping this list alphabetically sorted, doing so helps
11037 * all code contributors.
11038 * Optional keywords are also declared with a NULL ->parse() function so that
11039 * the config parser can report an appropriate error when a known keyword was
11040 * not enabled.
11041 */
11042static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +010011043 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +010011044 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011045 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +010011046 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +020011047 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011048 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
11049 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011050#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011051 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
11052#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011053 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
11054 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
11055 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
11056 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
11057 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
11058 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
11059 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
11060 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
11061 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
11062 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
11063 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
11064 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
11065 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
11066 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
11067 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
11068 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
11069 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
11070 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +010011071 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011072 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
11073 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
11074 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
11075 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
11076 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
11077 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
11078 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
11079 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
11080 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
11081 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +020011082 { NULL, NULL, 0, 0 },
11083}};
11084
Willy Tarreau0108d902018-11-25 19:14:37 +010011085INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
11086
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011087static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +010011088 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
11089 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +010011090 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011091 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
11092 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +010011093#ifndef OPENSSL_NO_DH
11094 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
11095#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011096 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011097#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011098 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011099#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +010011100 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
11101#ifndef OPENSSL_NO_DH
11102 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
11103#endif
11104 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
11105 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
11106 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
11107 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010011108 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +010011109 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
11110 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011111#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011112 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
11113 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
11114#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011115 { 0, NULL, NULL },
11116}};
11117
Willy Tarreau0108d902018-11-25 19:14:37 +010011118INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
11119
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011120/* Note: must not be declared <const> as its list will be overwritten */
11121static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +020011122#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011123 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
11124#endif
11125 { NULL, NULL, 0, 0, 0 },
11126}};
11127
11128INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
11129
Willy Tarreauf7bc57c2012-10-03 00:19:48 +020011130/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +010011131static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +020011132 .snd_buf = ssl_sock_from_buf,
11133 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +010011134 .subscribe = ssl_subscribe,
11135 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +020011136 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +020011137 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +020011138 .rcv_pipe = NULL,
11139 .snd_pipe = NULL,
11140 .shutr = NULL,
11141 .shutw = ssl_sock_shutw,
11142 .close = ssl_sock_close,
11143 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +010011144 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +010011145 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +010011146 .prepare_srv = ssl_sock_prepare_srv_ctx,
11147 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +010011148 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +010011149 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +020011150};
11151
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011152enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
11153 struct session *sess, struct stream *s, int flags)
11154{
11155 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011156 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011157
11158 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011159 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011160
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011161 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011162 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011163 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011164 s->req.flags |= CF_READ_NULL;
11165 return ACT_RET_YIELD;
11166 }
11167 }
11168 return (ACT_RET_CONT);
11169}
11170
11171static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
11172{
11173 rule->action_ptr = ssl_action_wait_for_hs;
11174
11175 return ACT_RET_PRS_OK;
11176}
11177
11178static struct action_kw_list http_req_actions = {ILH, {
11179 { "wait-for-handshake", ssl_parse_wait_for_hs },
11180 { /* END */ }
11181}};
11182
Willy Tarreau0108d902018-11-25 19:14:37 +010011183INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
11184
Willy Tarreau5db847a2019-05-09 14:13:35 +020011185#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011186
11187static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
11188{
11189 if (ptr) {
11190 chunk_destroy(ptr);
11191 free(ptr);
11192 }
11193}
11194
11195#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010011196static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
11197{
Willy Tarreaubafbe012017-11-24 17:34:44 +010011198 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010011199}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011200
Emeric Brun46591952012-05-18 15:47:34 +020011201__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020011202static void __ssl_sock_init(void)
11203{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011204#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020011205 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011206 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011207#endif
Emeric Brun46591952012-05-18 15:47:34 +020011208
Willy Tarreauef934602016-12-22 23:12:01 +010011209 if (global_ssl.listen_default_ciphers)
11210 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
11211 if (global_ssl.connect_default_ciphers)
11212 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011213#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011214 if (global_ssl.listen_default_ciphersuites)
11215 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
11216 if (global_ssl.connect_default_ciphersuites)
11217 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
11218#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010011219
Willy Tarreau13e14102016-12-22 20:25:26 +010011220 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011221#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020011222 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080011223#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011224#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020011225 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011226 n = sk_SSL_COMP_num(cm);
11227 while (n--) {
11228 (void) sk_SSL_COMP_pop(cm);
11229 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011230#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011231
Willy Tarreau5db847a2019-05-09 14:13:35 +020011232#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011233 ssl_locking_init();
11234#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020011235#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011236 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
11237#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020011238 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020011239 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011240#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011241 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011242 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011243#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010011244#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
11245 hap_register_post_check(tlskeys_finalize_config);
11246#endif
Willy Tarreau80713382018-11-26 10:19:54 +010011247
11248 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
11249 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
11250
11251#ifndef OPENSSL_NO_DH
11252 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
11253 hap_register_post_deinit(ssl_free_dh);
11254#endif
11255#ifndef OPENSSL_NO_ENGINE
11256 hap_register_post_deinit(ssl_free_engines);
11257#endif
11258 /* Load SSL string for the verbose & debug mode. */
11259 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020011260 ha_meth = BIO_meth_new(0x666, "ha methods");
11261 BIO_meth_set_write(ha_meth, ha_ssl_write);
11262 BIO_meth_set_read(ha_meth, ha_ssl_read);
11263 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
11264 BIO_meth_set_create(ha_meth, ha_ssl_new);
11265 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
11266 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
11267 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
William Lallemand150bfa82019-09-19 17:12:49 +020011268
11269 HA_SPIN_INIT(&ckch_lock);
Willy Tarreau80713382018-11-26 10:19:54 +010011270}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010011271
Willy Tarreau80713382018-11-26 10:19:54 +010011272/* Compute and register the version string */
11273static void ssl_register_build_options()
11274{
11275 char *ptr = NULL;
11276 int i;
11277
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011278 memprintf(&ptr, "Built with OpenSSL version : "
11279#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011280 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011281#else /* OPENSSL_IS_BORINGSSL */
11282 OPENSSL_VERSION_TEXT
11283 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080011284 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020011285 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011286#endif
11287 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011288#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011289 "no (library version too old)"
11290#elif defined(OPENSSL_NO_TLSEXT)
11291 "no (disabled via OPENSSL_NO_TLSEXT)"
11292#else
11293 "yes"
11294#endif
11295 "", ptr);
11296
11297 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
11298#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
11299 "yes"
11300#else
11301#ifdef OPENSSL_NO_TLSEXT
11302 "no (because of OPENSSL_NO_TLSEXT)"
11303#else
11304 "no (version might be too old, 0.9.8f min needed)"
11305#endif
11306#endif
11307 "", ptr);
11308
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020011309 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
11310 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
11311 if (methodVersions[i].option)
11312 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011313
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011314 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010011315}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011316
Willy Tarreau80713382018-11-26 10:19:54 +010011317INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020011318
Emeric Brun46591952012-05-18 15:47:34 +020011319
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011320#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011321void ssl_free_engines(void) {
11322 struct ssl_engine_list *wl, *wlb;
11323 /* free up engine list */
11324 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
11325 ENGINE_finish(wl->e);
11326 ENGINE_free(wl->e);
11327 LIST_DEL(&wl->list);
11328 free(wl);
11329 }
11330}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011331#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020011332
Remi Gacogned3a23c32015-05-28 16:39:47 +020011333#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000011334void ssl_free_dh(void) {
11335 if (local_dh_1024) {
11336 DH_free(local_dh_1024);
11337 local_dh_1024 = NULL;
11338 }
11339 if (local_dh_2048) {
11340 DH_free(local_dh_2048);
11341 local_dh_2048 = NULL;
11342 }
11343 if (local_dh_4096) {
11344 DH_free(local_dh_4096);
11345 local_dh_4096 = NULL;
11346 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020011347 if (global_dh) {
11348 DH_free(global_dh);
11349 global_dh = NULL;
11350 }
Grant Zhang872f9c22017-01-21 01:10:18 +000011351}
11352#endif
11353
11354__attribute__((destructor))
11355static void __ssl_sock_deinit(void)
11356{
11357#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011358 if (ssl_ctx_lru_tree) {
11359 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010011360 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020011361 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020011362#endif
11363
Willy Tarreau5db847a2019-05-09 14:13:35 +020011364#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011365 ERR_remove_state(0);
11366 ERR_free_strings();
11367
11368 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080011369#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020011370
Willy Tarreau5db847a2019-05-09 14:13:35 +020011371#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011372 CRYPTO_cleanup_all_ex_data();
11373#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020011374 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020011375}
11376
11377
Emeric Brun46591952012-05-18 15:47:34 +020011378/*
11379 * Local variables:
11380 * c-indent-level: 8
11381 * c-basic-offset: 8
11382 * End:
11383 */