blob: 726ffb279de3cfe50c90680ecbcdd3c3ee7efed8 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
356
357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200465#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500466/*
467 * struct alignment works here such that the key.key is the same as key_data
468 * Do not change the placement of key_data
469 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200470struct certificate_ocsp {
471 struct ebmb_node key;
472 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200473 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200474 long expire;
475};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200476
yanbzhube2774d2015-12-10 15:07:30 -0500477struct ocsp_cbk_arg {
478 int is_single;
479 int single_kt;
480 union {
481 struct certificate_ocsp *s_ocsp;
482 /*
483 * m_ocsp will have multiple entries dependent on key type
484 * Entry 0 - DSA
485 * Entry 1 - ECDSA
486 * Entry 2 - RSA
487 */
488 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
489 };
490};
491
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200492#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000493static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
494{
495 int err_code = ERR_ABORT;
496 ENGINE *engine;
497 struct ssl_engine_list *el;
498
499 /* grab the structural reference to the engine */
500 engine = ENGINE_by_id(engine_id);
501 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100502 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000503 goto fail_get;
504 }
505
506 if (!ENGINE_init(engine)) {
507 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100508 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000509 goto fail_init;
510 }
511
512 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100513 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000514 goto fail_set_method;
515 }
516
517 el = calloc(1, sizeof(*el));
518 el->e = engine;
519 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100520 nb_engines++;
521 if (global_ssl.async)
522 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000523 return 0;
524
525fail_set_method:
526 /* release the functional reference from ENGINE_init() */
527 ENGINE_finish(engine);
528
529fail_init:
530 /* release the structural reference from ENGINE_by_id() */
531 ENGINE_free(engine);
532
533fail_get:
534 return err_code;
535}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200536#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000537
Willy Tarreau5db847a2019-05-09 14:13:35 +0200538#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200539/*
540 * openssl async fd handler
541 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200542void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000543{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200544 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000545
Emeric Brun3854e012017-05-17 20:42:48 +0200546 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000547 * to poll this fd until it is requested
548 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000549 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000550 fd_cant_recv(fd);
551
552 /* crypto engine is available, let's notify the associated
553 * connection that it can pursue its processing.
554 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200555 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000556}
557
Emeric Brun3854e012017-05-17 20:42:48 +0200558/*
559 * openssl async delayed SSL_free handler
560 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200561void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562{
563 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200564 OSSL_ASYNC_FD all_fd[32];
565 size_t num_all_fds = 0;
566 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567
Emeric Brun3854e012017-05-17 20:42:48 +0200568 /* We suppose that the async job for a same SSL *
569 * are serialized. So if we are awake it is
570 * because the running job has just finished
571 * and we can remove all async fds safely
572 */
573 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
574 if (num_all_fds > 32) {
575 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
576 return;
577 }
578
579 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
580 for (i=0 ; i < num_all_fds ; i++)
581 fd_remove(all_fd[i]);
582
583 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000584 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100585 _HA_ATOMIC_SUB(&sslconns, 1);
586 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000588/*
Emeric Brun3854e012017-05-17 20:42:48 +0200589 * function used to manage a returned SSL_ERROR_WANT_ASYNC
590 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200592static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000593{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100594 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200595 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200596 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000597 size_t num_add_fds = 0;
598 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200599 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000600
601 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
602 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200603 if (num_add_fds > 32 || num_del_fds > 32) {
604 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000605 return;
606 }
607
Emeric Brun3854e012017-05-17 20:42:48 +0200608 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000609
Emeric Brun3854e012017-05-17 20:42:48 +0200610 /* We remove unused fds from the fdtab */
611 for (i=0 ; i < num_del_fds ; i++)
612 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613
Emeric Brun3854e012017-05-17 20:42:48 +0200614 /* We add new fds to the fdtab */
615 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200616 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000617 }
618
Emeric Brun3854e012017-05-17 20:42:48 +0200619 num_add_fds = 0;
620 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
621 if (num_add_fds > 32) {
622 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
623 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000624 }
Emeric Brun3854e012017-05-17 20:42:48 +0200625
626 /* We activate the polling for all known async fds */
627 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000628 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200629 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000630 /* To ensure that the fd cache won't be used
631 * We'll prefer to catch a real RD event
632 * because handling an EAGAIN on this fd will
633 * result in a context switch and also
634 * some engines uses a fd in blocking mode.
635 */
636 fd_cant_recv(add_fd[i]);
637 }
Emeric Brun3854e012017-05-17 20:42:48 +0200638
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000639}
640#endif
641
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200642/*
643 * This function returns the number of seconds elapsed
644 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
645 * date presented un ASN1_GENERALIZEDTIME.
646 *
647 * In parsing error case, it returns -1.
648 */
649static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
650{
651 long epoch;
652 char *p, *end;
653 const unsigned short month_offset[12] = {
654 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
655 };
656 int year, month;
657
658 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
659
660 p = (char *)d->data;
661 end = p + d->length;
662
663 if (end - p < 4) return -1;
664 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
665 p += 4;
666 if (end - p < 2) return -1;
667 month = 10 * (p[0] - '0') + p[1] - '0';
668 if (month < 1 || month > 12) return -1;
669 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
670 We consider leap years and the current month (<marsh or not) */
671 epoch = ( ((year - 1970) * 365)
672 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
673 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
674 + month_offset[month-1]
675 ) * 24 * 60 * 60;
676 p += 2;
677 if (end - p < 2) return -1;
678 /* Add the number of seconds of completed days of current month */
679 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
680 p += 2;
681 if (end - p < 2) return -1;
682 /* Add the completed hours of the current day */
683 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
684 p += 2;
685 if (end - p < 2) return -1;
686 /* Add the completed minutes of the current hour */
687 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
688 p += 2;
689 if (p == end) return -1;
690 /* Test if there is available seconds */
691 if (p[0] < '0' || p[0] > '9')
692 goto nosec;
693 if (end - p < 2) return -1;
694 /* Add the seconds of the current minute */
695 epoch += 10 * (p[0] - '0') + p[1] - '0';
696 p += 2;
697 if (p == end) return -1;
698 /* Ignore seconds float part if present */
699 if (p[0] == '.') {
700 do {
701 if (++p == end) return -1;
702 } while (p[0] >= '0' && p[0] <= '9');
703 }
704
705nosec:
706 if (p[0] == 'Z') {
707 if (end - p != 1) return -1;
708 return epoch;
709 }
710 else if (p[0] == '+') {
711 if (end - p != 5) return -1;
712 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700713 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200714 }
715 else if (p[0] == '-') {
716 if (end - p != 5) return -1;
717 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700718 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200719 }
720
721 return -1;
722}
723
Emeric Brun1d3865b2014-06-20 15:37:32 +0200724static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200725
726/* This function starts to check if the OCSP response (in DER format) contained
727 * in chunk 'ocsp_response' is valid (else exits on error).
728 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
729 * contained in the OCSP Response and exits on error if no match.
730 * If it's a valid OCSP Response:
731 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
732 * pointed by 'ocsp'.
733 * If 'ocsp' is NULL, the function looks up into the OCSP response's
734 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
735 * from the response) and exits on error if not found. Finally, If an OCSP response is
736 * already present in the container, it will be overwritten.
737 *
738 * Note: OCSP response containing more than one OCSP Single response is not
739 * considered valid.
740 *
741 * Returns 0 on success, 1 in error case.
742 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200743static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
744 struct certificate_ocsp *ocsp,
745 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200746{
747 OCSP_RESPONSE *resp;
748 OCSP_BASICRESP *bs = NULL;
749 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200750 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200751 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200752 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200753 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200754 int reason;
755 int ret = 1;
756
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200757 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
758 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200759 if (!resp) {
760 memprintf(err, "Unable to parse OCSP response");
761 goto out;
762 }
763
764 rc = OCSP_response_status(resp);
765 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
766 memprintf(err, "OCSP response status not successful");
767 goto out;
768 }
769
770 bs = OCSP_response_get1_basic(resp);
771 if (!bs) {
772 memprintf(err, "Failed to get basic response from OCSP Response");
773 goto out;
774 }
775
776 count_sr = OCSP_resp_count(bs);
777 if (count_sr > 1) {
778 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
779 goto out;
780 }
781
782 sr = OCSP_resp_get0(bs, 0);
783 if (!sr) {
784 memprintf(err, "Failed to get OCSP single response");
785 goto out;
786 }
787
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200788 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
789
Emeric Brun4147b2e2014-06-16 18:36:30 +0200790 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200791 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200792 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200793 goto out;
794 }
795
Emeric Brun13a6b482014-06-20 15:44:34 +0200796 if (!nextupd) {
797 memprintf(err, "OCSP single response: missing nextupdate");
798 goto out;
799 }
800
Emeric Brunc8b27b62014-06-19 14:16:17 +0200801 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200802 if (!rc) {
803 memprintf(err, "OCSP single response: no longer valid.");
804 goto out;
805 }
806
807 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200808 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200809 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
810 goto out;
811 }
812 }
813
814 if (!ocsp) {
815 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
816 unsigned char *p;
817
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200818 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200819 if (!rc) {
820 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
821 goto out;
822 }
823
824 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
825 memprintf(err, "OCSP single response: Certificate ID too long");
826 goto out;
827 }
828
829 p = key;
830 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200831 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200832 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
833 if (!ocsp) {
834 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
835 goto out;
836 }
837 }
838
839 /* According to comments on "chunk_dup", the
840 previous chunk buffer will be freed */
841 if (!chunk_dup(&ocsp->response, ocsp_response)) {
842 memprintf(err, "OCSP response: Memory allocation error");
843 goto out;
844 }
845
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200846 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
847
Emeric Brun4147b2e2014-06-16 18:36:30 +0200848 ret = 0;
849out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100850 ERR_clear_error();
851
Emeric Brun4147b2e2014-06-16 18:36:30 +0200852 if (bs)
853 OCSP_BASICRESP_free(bs);
854
855 if (resp)
856 OCSP_RESPONSE_free(resp);
857
858 return ret;
859}
860/*
861 * External function use to update the OCSP response in the OCSP response's
862 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
863 * to update in DER format.
864 *
865 * Returns 0 on success, 1 in error case.
866 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200867int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200868{
869 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
870}
871
872/*
873 * This function load the OCSP Resonse in DER format contained in file at
874 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
875 *
876 * Returns 0 on success, 1 in error case.
877 */
878static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
879{
880 int fd = -1;
881 int r = 0;
882 int ret = 1;
883
884 fd = open(ocsp_path, O_RDONLY);
885 if (fd == -1) {
886 memprintf(err, "Error opening OCSP response file");
887 goto end;
888 }
889
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200890 trash.data = 0;
891 while (trash.data < trash.size) {
892 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200893 if (r < 0) {
894 if (errno == EINTR)
895 continue;
896
897 memprintf(err, "Error reading OCSP response from file");
898 goto end;
899 }
900 else if (r == 0) {
901 break;
902 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200903 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200904 }
905
906 close(fd);
907 fd = -1;
908
909 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
910end:
911 if (fd != -1)
912 close(fd);
913
914 return ret;
915}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100916#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200917
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100918#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
919static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
920{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100921 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100922 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100923 struct connection *conn;
924 int head;
925 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100926 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100927
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200928 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200929 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100930 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
931
932 keys = ref->tlskeys;
933 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100934
935 if (enc) {
936 memcpy(key_name, keys[head].name, 16);
937
938 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100939 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100940
Emeric Brun9e754772019-01-10 17:51:55 +0100941 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100942
Emeric Brun9e754772019-01-10 17:51:55 +0100943 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
944 goto end;
945
Willy Tarreau9356dac2019-05-10 09:22:53 +0200946 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100947 ret = 1;
948 }
949 else if (ref->key_size_bits == 256 ) {
950
951 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
952 goto end;
953
Willy Tarreau9356dac2019-05-10 09:22:53 +0200954 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100955 ret = 1;
956 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100957 } else {
958 for (i = 0; i < TLS_TICKETS_NO; i++) {
959 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
960 goto found;
961 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100962 ret = 0;
963 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100964
Christopher Faulet16f45c82018-02-16 11:23:49 +0100965 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100966 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200967 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100968 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
969 goto end;
970 /* 2 for key renewal, 1 if current key is still valid */
971 ret = i ? 2 : 1;
972 }
973 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200974 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100975 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
976 goto end;
977 /* 2 for key renewal, 1 if current key is still valid */
978 ret = i ? 2 : 1;
979 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100980 }
Emeric Brun9e754772019-01-10 17:51:55 +0100981
Christopher Faulet16f45c82018-02-16 11:23:49 +0100982 end:
983 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
984 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200985}
986
987struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
988{
989 struct tls_keys_ref *ref;
990
991 list_for_each_entry(ref, &tlskeys_reference, list)
992 if (ref->filename && strcmp(filename, ref->filename) == 0)
993 return ref;
994 return NULL;
995}
996
997struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
998{
999 struct tls_keys_ref *ref;
1000
1001 list_for_each_entry(ref, &tlskeys_reference, list)
1002 if (ref->unique_id == unique_id)
1003 return ref;
1004 return NULL;
1005}
1006
Emeric Brun9e754772019-01-10 17:51:55 +01001007/* Update the key into ref: if keysize doesnt
1008 * match existing ones, this function returns -1
1009 * else it returns 0 on success.
1010 */
1011int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001012 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001013{
Emeric Brun9e754772019-01-10 17:51:55 +01001014 if (ref->key_size_bits == 128) {
1015 if (tlskey->data != sizeof(struct tls_sess_key_128))
1016 return -1;
1017 }
1018 else if (ref->key_size_bits == 256) {
1019 if (tlskey->data != sizeof(struct tls_sess_key_256))
1020 return -1;
1021 }
1022 else
1023 return -1;
1024
Christopher Faulet16f45c82018-02-16 11:23:49 +01001025 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001026 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1027 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001028 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1029 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001030
1031 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001032}
1033
Willy Tarreau83061a82018-07-13 11:56:34 +02001034int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001035{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001036 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1037
1038 if(!ref) {
1039 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1040 return 1;
1041 }
Emeric Brun9e754772019-01-10 17:51:55 +01001042 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1043 memprintf(err, "Invalid key size");
1044 return 1;
1045 }
1046
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001047 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001048}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001049
1050/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001051 * automatic ids. It's called just after the basic checks. It returns
1052 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001053 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001054static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001055{
1056 int i = 0;
1057 struct tls_keys_ref *ref, *ref2, *ref3;
1058 struct list tkr = LIST_HEAD_INIT(tkr);
1059
1060 list_for_each_entry(ref, &tlskeys_reference, list) {
1061 if (ref->unique_id == -1) {
1062 /* Look for the first free id. */
1063 while (1) {
1064 list_for_each_entry(ref2, &tlskeys_reference, list) {
1065 if (ref2->unique_id == i) {
1066 i++;
1067 break;
1068 }
1069 }
1070 if (&ref2->list == &tlskeys_reference)
1071 break;
1072 }
1073
1074 /* Uses the unique id and increment it for the next entry. */
1075 ref->unique_id = i;
1076 i++;
1077 }
1078 }
1079
1080 /* This sort the reference list by id. */
1081 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1082 LIST_DEL(&ref->list);
1083 list_for_each_entry(ref3, &tkr, list) {
1084 if (ref->unique_id < ref3->unique_id) {
1085 LIST_ADDQ(&ref3->list, &ref->list);
1086 break;
1087 }
1088 }
1089 if (&ref3->list == &tkr)
1090 LIST_ADDQ(&tkr, &ref->list);
1091 }
1092
1093 /* swap root */
1094 LIST_ADD(&tkr, &tlskeys_reference);
1095 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001096 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001097}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001098#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1099
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001100#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001101int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1102{
1103 switch (evp_keytype) {
1104 case EVP_PKEY_RSA:
1105 return 2;
1106 case EVP_PKEY_DSA:
1107 return 0;
1108 case EVP_PKEY_EC:
1109 return 1;
1110 }
1111
1112 return -1;
1113}
1114
Emeric Brun4147b2e2014-06-16 18:36:30 +02001115/*
1116 * Callback used to set OCSP status extension content in server hello.
1117 */
1118int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1119{
yanbzhube2774d2015-12-10 15:07:30 -05001120 struct certificate_ocsp *ocsp;
1121 struct ocsp_cbk_arg *ocsp_arg;
1122 char *ssl_buf;
1123 EVP_PKEY *ssl_pkey;
1124 int key_type;
1125 int index;
1126
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001127 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001128
1129 ssl_pkey = SSL_get_privatekey(ssl);
1130 if (!ssl_pkey)
1131 return SSL_TLSEXT_ERR_NOACK;
1132
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001133 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001134
1135 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1136 ocsp = ocsp_arg->s_ocsp;
1137 else {
1138 /* For multiple certs per context, we have to find the correct OCSP response based on
1139 * the certificate type
1140 */
1141 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1142
1143 if (index < 0)
1144 return SSL_TLSEXT_ERR_NOACK;
1145
1146 ocsp = ocsp_arg->m_ocsp[index];
1147
1148 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001149
1150 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001151 !ocsp->response.area ||
1152 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001153 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001154 return SSL_TLSEXT_ERR_NOACK;
1155
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001156 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001157 if (!ssl_buf)
1158 return SSL_TLSEXT_ERR_NOACK;
1159
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001160 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1161 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001162
1163 return SSL_TLSEXT_ERR_OK;
1164}
1165
1166/*
1167 * This function enables the handling of OCSP status extension on 'ctx' if a
1168 * file name 'cert_path' suffixed using ".ocsp" is present.
1169 * To enable OCSP status extension, the issuer's certificate is mandatory.
1170 * It should be present in the certificate's extra chain builded from file
1171 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1172 * named 'cert_path' suffixed using '.issuer'.
1173 *
1174 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1175 * response. If file is empty or content is not a valid OCSP response,
1176 * OCSP status extension is enabled but OCSP response is ignored (a warning
1177 * is displayed).
1178 *
1179 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001180 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001181 */
1182static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1183{
1184
1185 BIO *in = NULL;
1186 X509 *x, *xi = NULL, *issuer = NULL;
1187 STACK_OF(X509) *chain = NULL;
1188 OCSP_CERTID *cid = NULL;
1189 SSL *ssl;
1190 char ocsp_path[MAXPATHLEN+1];
1191 int i, ret = -1;
1192 struct stat st;
1193 struct certificate_ocsp *ocsp = NULL, *iocsp;
1194 char *warn = NULL;
1195 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001196 pem_password_cb *passwd_cb;
1197 void *passwd_cb_userdata;
1198 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001199
1200 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1201
1202 if (stat(ocsp_path, &st))
1203 return 1;
1204
1205 ssl = SSL_new(ctx);
1206 if (!ssl)
1207 goto out;
1208
1209 x = SSL_get_certificate(ssl);
1210 if (!x)
1211 goto out;
1212
1213 /* Try to lookup for issuer in certificate extra chain */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001214 SSL_CTX_get_extra_chain_certs(ctx, &chain);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001215 for (i = 0; i < sk_X509_num(chain); i++) {
1216 issuer = sk_X509_value(chain, i);
1217 if (X509_check_issued(issuer, x) == X509_V_OK)
1218 break;
1219 else
1220 issuer = NULL;
1221 }
1222
1223 /* If not found try to load issuer from a suffixed file */
1224 if (!issuer) {
1225 char issuer_path[MAXPATHLEN+1];
1226
1227 in = BIO_new(BIO_s_file());
1228 if (!in)
1229 goto out;
1230
1231 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1232 if (BIO_read_filename(in, issuer_path) <= 0)
1233 goto out;
1234
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001235 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1236 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1237
1238 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001239 if (!xi)
1240 goto out;
1241
1242 if (X509_check_issued(xi, x) != X509_V_OK)
1243 goto out;
1244
1245 issuer = xi;
1246 }
1247
1248 cid = OCSP_cert_to_id(0, x, issuer);
1249 if (!cid)
1250 goto out;
1251
1252 i = i2d_OCSP_CERTID(cid, NULL);
1253 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1254 goto out;
1255
Vincent Bernat02779b62016-04-03 13:48:43 +02001256 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001257 if (!ocsp)
1258 goto out;
1259
1260 p = ocsp->key_data;
1261 i2d_OCSP_CERTID(cid, &p);
1262
1263 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1264 if (iocsp == ocsp)
1265 ocsp = NULL;
1266
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001267#ifndef SSL_CTX_get_tlsext_status_cb
1268# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1269 *cb = (void (*) (void))ctx->tlsext_status_cb;
1270#endif
1271 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1272
1273 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001274 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001275 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001276
1277 cb_arg->is_single = 1;
1278 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001279
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001280 pkey = X509_get_pubkey(x);
1281 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1282 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001283
1284 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1285 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1286 } else {
1287 /*
1288 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1289 * Update that cb_arg with the new cert's staple
1290 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001291 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001292 struct certificate_ocsp *tmp_ocsp;
1293 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001294 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001295 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001296
1297#ifdef SSL_CTX_get_tlsext_status_arg
1298 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1299#else
1300 cb_arg = ctx->tlsext_status_arg;
1301#endif
yanbzhube2774d2015-12-10 15:07:30 -05001302
1303 /*
1304 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1305 * the order of operations below matter, take care when changing it
1306 */
1307 tmp_ocsp = cb_arg->s_ocsp;
1308 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1309 cb_arg->s_ocsp = NULL;
1310 cb_arg->m_ocsp[index] = tmp_ocsp;
1311 cb_arg->is_single = 0;
1312 cb_arg->single_kt = 0;
1313
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001314 pkey = X509_get_pubkey(x);
1315 key_type = EVP_PKEY_base_id(pkey);
1316 EVP_PKEY_free(pkey);
1317
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001318 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001319 if (index >= 0 && !cb_arg->m_ocsp[index])
1320 cb_arg->m_ocsp[index] = iocsp;
1321
1322 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001323
1324 ret = 0;
1325
1326 warn = NULL;
1327 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1328 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001329 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001330 }
1331
1332out:
1333 if (ssl)
1334 SSL_free(ssl);
1335
1336 if (in)
1337 BIO_free(in);
1338
1339 if (xi)
1340 X509_free(xi);
1341
1342 if (cid)
1343 OCSP_CERTID_free(cid);
1344
1345 if (ocsp)
1346 free(ocsp);
1347
1348 if (warn)
1349 free(warn);
1350
1351
1352 return ret;
1353}
1354
1355#endif
1356
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001357#ifdef OPENSSL_IS_BORINGSSL
1358static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1359{
1360 char ocsp_path[MAXPATHLEN+1];
1361 struct stat st;
1362 int fd = -1, r = 0;
1363
1364 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1365 if (stat(ocsp_path, &st))
1366 return 0;
1367
1368 fd = open(ocsp_path, O_RDONLY);
1369 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001370 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001371 return -1;
1372 }
1373
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001374 trash.data = 0;
1375 while (trash.data < trash.size) {
1376 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001377 if (r < 0) {
1378 if (errno == EINTR)
1379 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001380 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001381 close(fd);
1382 return -1;
1383 }
1384 else if (r == 0) {
1385 break;
1386 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001387 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001388 }
1389 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001390 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1391 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001392}
1393#endif
1394
Willy Tarreau5db847a2019-05-09 14:13:35 +02001395#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001396
1397#define CT_EXTENSION_TYPE 18
1398
1399static int sctl_ex_index = -1;
1400
1401/*
1402 * Try to parse Signed Certificate Timestamp List structure. This function
1403 * makes only basic test if the data seems like SCTL. No signature validation
1404 * is performed.
1405 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001406static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001407{
1408 int ret = 1;
1409 int len, pos, sct_len;
1410 unsigned char *data;
1411
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001412 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001413 goto out;
1414
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001415 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001416 len = (data[0] << 8) | data[1];
1417
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001418 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001419 goto out;
1420
1421 data = data + 2;
1422 pos = 0;
1423 while (pos < len) {
1424 if (len - pos < 2)
1425 goto out;
1426
1427 sct_len = (data[pos] << 8) | data[pos + 1];
1428 if (pos + sct_len + 2 > len)
1429 goto out;
1430
1431 pos += sct_len + 2;
1432 }
1433
1434 ret = 0;
1435
1436out:
1437 return ret;
1438}
1439
Willy Tarreau83061a82018-07-13 11:56:34 +02001440static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1441 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001442{
1443 int fd = -1;
1444 int r = 0;
1445 int ret = 1;
1446
1447 *sctl = NULL;
1448
1449 fd = open(sctl_path, O_RDONLY);
1450 if (fd == -1)
1451 goto end;
1452
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001453 trash.data = 0;
1454 while (trash.data < trash.size) {
1455 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001456 if (r < 0) {
1457 if (errno == EINTR)
1458 continue;
1459
1460 goto end;
1461 }
1462 else if (r == 0) {
1463 break;
1464 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001465 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001466 }
1467
1468 ret = ssl_sock_parse_sctl(&trash);
1469 if (ret)
1470 goto end;
1471
Vincent Bernat02779b62016-04-03 13:48:43 +02001472 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001473 if (!chunk_dup(*sctl, &trash)) {
1474 free(*sctl);
1475 *sctl = NULL;
1476 goto end;
1477 }
1478
1479end:
1480 if (fd != -1)
1481 close(fd);
1482
1483 return ret;
1484}
1485
1486int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1487{
Willy Tarreau83061a82018-07-13 11:56:34 +02001488 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001489
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001490 *out = (unsigned char *) sctl->area;
1491 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001492
1493 return 1;
1494}
1495
1496int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1497{
1498 return 1;
1499}
1500
1501static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1502{
1503 char sctl_path[MAXPATHLEN+1];
1504 int ret = -1;
1505 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001506 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001507
1508 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1509
1510 if (stat(sctl_path, &st))
1511 return 1;
1512
1513 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1514 goto out;
1515
1516 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1517 free(sctl);
1518 goto out;
1519 }
1520
1521 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1522
1523 ret = 0;
1524
1525out:
1526 return ret;
1527}
1528
1529#endif
1530
Emeric Brune1f38db2012-09-03 20:36:47 +02001531void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1532{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001533 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001534 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001535 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001536 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001537
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001538#ifndef SSL_OP_NO_RENEGOTIATION
1539 /* Please note that BoringSSL defines this macro to zero so don't
1540 * change this to #if and do not assign a default value to this macro!
1541 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001542 if (where & SSL_CB_HANDSHAKE_START) {
1543 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001544 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001545 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001546 conn->err_code = CO_ER_SSL_RENEG;
1547 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001548 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001549#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001550
1551 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001552 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001553 /* Long certificate chains optimz
1554 If write and read bios are differents, we
1555 consider that the buffering was activated,
1556 so we rise the output buffer size from 4k
1557 to 16k */
1558 write_bio = SSL_get_wbio(ssl);
1559 if (write_bio != SSL_get_rbio(ssl)) {
1560 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001561 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001562 }
1563 }
1564 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001565}
1566
Emeric Brune64aef12012-09-21 13:15:06 +02001567/* Callback is called for each certificate of the chain during a verify
1568 ok is set to 1 if preverify detect no error on current certificate.
1569 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001570int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001571{
1572 SSL *ssl;
1573 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001574 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001575 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001576
1577 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001578 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001579
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001580 ctx = conn->xprt_ctx;
1581
1582 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001583
Emeric Brun81c00f02012-09-21 14:31:21 +02001584 if (ok) /* no errors */
1585 return ok;
1586
1587 depth = X509_STORE_CTX_get_error_depth(x_store);
1588 err = X509_STORE_CTX_get_error(x_store);
1589
1590 /* check if CA error needs to be ignored */
1591 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001592 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1593 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1594 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001595 }
1596
Willy Tarreau07d94e42018-09-20 10:57:52 +02001597 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001598 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001599 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001600 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001601 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001602
Willy Tarreau20879a02012-12-03 16:32:10 +01001603 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001604 return 0;
1605 }
1606
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001607 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1608 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001609
Emeric Brun81c00f02012-09-21 14:31:21 +02001610 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001611 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001612 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001613 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001614 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001615 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001616
Willy Tarreau20879a02012-12-03 16:32:10 +01001617 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001618 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001619}
1620
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001621static inline
1622void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001623 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001624{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001625 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001626 unsigned char *msg;
1627 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001628 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001629
1630 /* This function is called for "from client" and "to server"
1631 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001632 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001633 */
1634
1635 /* "write_p" is set to 0 is the bytes are received messages,
1636 * otherwise it is set to 1.
1637 */
1638 if (write_p != 0)
1639 return;
1640
1641 /* content_type contains the type of message received or sent
1642 * according with the SSL/TLS protocol spec. This message is
1643 * encoded with one byte. The value 256 (two bytes) is used
1644 * for designing the SSL/TLS record layer. According with the
1645 * rfc6101, the expected message (other than 256) are:
1646 * - change_cipher_spec(20)
1647 * - alert(21)
1648 * - handshake(22)
1649 * - application_data(23)
1650 * - (255)
1651 * We are interessed by the handshake and specially the client
1652 * hello.
1653 */
1654 if (content_type != 22)
1655 return;
1656
1657 /* The message length is at least 4 bytes, containing the
1658 * message type and the message length.
1659 */
1660 if (len < 4)
1661 return;
1662
1663 /* First byte of the handshake message id the type of
1664 * message. The konwn types are:
1665 * - hello_request(0)
1666 * - client_hello(1)
1667 * - server_hello(2)
1668 * - certificate(11)
1669 * - server_key_exchange (12)
1670 * - certificate_request(13)
1671 * - server_hello_done(14)
1672 * We are interested by the client hello.
1673 */
1674 msg = (unsigned char *)buf;
1675 if (msg[0] != 1)
1676 return;
1677
1678 /* Next three bytes are the length of the message. The total length
1679 * must be this decoded length + 4. If the length given as argument
1680 * is not the same, we abort the protocol dissector.
1681 */
1682 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1683 if (len < rec_len + 4)
1684 return;
1685 msg += 4;
1686 end = msg + rec_len;
1687 if (end < msg)
1688 return;
1689
1690 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1691 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001692 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1693 */
1694 msg += 1 + 1 + 4 + 28;
1695 if (msg > end)
1696 return;
1697
1698 /* Next, is session id:
1699 * if present, we have to jump by length + 1 for the size information
1700 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001701 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001702 if (msg[0] > 0)
1703 msg += msg[0];
1704 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001705 if (msg > end)
1706 return;
1707
1708 /* Next two bytes are the ciphersuite length. */
1709 if (msg + 2 > end)
1710 return;
1711 rec_len = (msg[0] << 8) + msg[1];
1712 msg += 2;
1713 if (msg + rec_len > end || msg + rec_len < msg)
1714 return;
1715
Willy Tarreaubafbe012017-11-24 17:34:44 +01001716 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001717 if (!capture)
1718 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001719 /* Compute the xxh64 of the ciphersuite. */
1720 capture->xxh64 = XXH64(msg, rec_len, 0);
1721
1722 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001723 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1724 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001725 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001726
1727 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001728}
1729
Emeric Brun29f037d2014-04-25 19:05:36 +02001730/* Callback is called for ssl protocol analyse */
1731void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1732{
Emeric Brun29f037d2014-04-25 19:05:36 +02001733#ifdef TLS1_RT_HEARTBEAT
1734 /* test heartbeat received (write_p is set to 0
1735 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001736 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001737 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001738 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001739 const unsigned char *p = buf;
1740 unsigned int payload;
1741
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001742 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001743
1744 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1745 if (*p != TLS1_HB_REQUEST)
1746 return;
1747
Willy Tarreauaeed6722014-04-25 23:59:58 +02001748 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001749 goto kill_it;
1750
1751 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001752 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001753 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001754 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001755 /* We have a clear heartbleed attack (CVE-2014-0160), the
1756 * advertised payload is larger than the advertised packet
1757 * length, so we have garbage in the buffer between the
1758 * payload and the end of the buffer (p+len). We can't know
1759 * if the SSL stack is patched, and we don't know if we can
1760 * safely wipe out the area between p+3+len and payload.
1761 * So instead, we prevent the response from being sent by
1762 * setting the max_send_fragment to 0 and we report an SSL
1763 * error, which will kill this connection. It will be reported
1764 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001765 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1766 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001767 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001768 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1769 return;
1770 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001771#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001772 if (global_ssl.capture_cipherlist > 0)
1773 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001774}
1775
Bernard Spil13c53f82018-02-15 13:34:58 +01001776#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001777static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1778 const unsigned char *in, unsigned int inlen,
1779 void *arg)
1780{
1781 struct server *srv = arg;
1782
1783 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1784 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1785 return SSL_TLSEXT_ERR_OK;
1786 return SSL_TLSEXT_ERR_NOACK;
1787}
1788#endif
1789
1790#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001791/* This callback is used so that the server advertises the list of
1792 * negociable protocols for NPN.
1793 */
1794static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1795 unsigned int *len, void *arg)
1796{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001797 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001798
1799 *data = (const unsigned char *)conf->npn_str;
1800 *len = conf->npn_len;
1801 return SSL_TLSEXT_ERR_OK;
1802}
1803#endif
1804
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001805#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001806/* This callback is used so that the server advertises the list of
1807 * negociable protocols for ALPN.
1808 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001809static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1810 unsigned char *outlen,
1811 const unsigned char *server,
1812 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001813{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001814 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001815
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001816 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1817 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1818 return SSL_TLSEXT_ERR_NOACK;
1819 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001820 return SSL_TLSEXT_ERR_OK;
1821}
1822#endif
1823
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001824#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001825#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001826
Christopher Faulet30548802015-06-11 13:39:32 +02001827/* Create a X509 certificate with the specified servername and serial. This
1828 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001829static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001830ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001831{
Christopher Faulet7969a332015-10-09 11:15:03 +02001832 X509 *cacert = bind_conf->ca_sign_cert;
1833 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001834 SSL_CTX *ssl_ctx = NULL;
1835 X509 *newcrt = NULL;
1836 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001837 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001838 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001839 X509_NAME *name;
1840 const EVP_MD *digest;
1841 X509V3_CTX ctx;
1842 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001843 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001844
Christopher Faulet48a83322017-07-28 16:56:09 +02001845 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001846#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001847 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1848#else
1849 tmp_ssl = SSL_new(bind_conf->default_ctx);
1850 if (tmp_ssl)
1851 pkey = SSL_get_privatekey(tmp_ssl);
1852#endif
1853 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001854 goto mkcert_error;
1855
1856 /* Create the certificate */
1857 if (!(newcrt = X509_new()))
1858 goto mkcert_error;
1859
1860 /* Set version number for the certificate (X509v3) and the serial
1861 * number */
1862 if (X509_set_version(newcrt, 2L) != 1)
1863 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001864 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001865
1866 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001867 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1868 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001869 goto mkcert_error;
1870
1871 /* set public key in the certificate */
1872 if (X509_set_pubkey(newcrt, pkey) != 1)
1873 goto mkcert_error;
1874
1875 /* Set issuer name from the CA */
1876 if (!(name = X509_get_subject_name(cacert)))
1877 goto mkcert_error;
1878 if (X509_set_issuer_name(newcrt, name) != 1)
1879 goto mkcert_error;
1880
1881 /* Set the subject name using the same, but the CN */
1882 name = X509_NAME_dup(name);
1883 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1884 (const unsigned char *)servername,
1885 -1, -1, 0) != 1) {
1886 X509_NAME_free(name);
1887 goto mkcert_error;
1888 }
1889 if (X509_set_subject_name(newcrt, name) != 1) {
1890 X509_NAME_free(name);
1891 goto mkcert_error;
1892 }
1893 X509_NAME_free(name);
1894
1895 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001896 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001897 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1898 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1899 X509_EXTENSION *ext;
1900
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001901 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001902 goto mkcert_error;
1903 if (!X509_add_ext(newcrt, ext, -1)) {
1904 X509_EXTENSION_free(ext);
1905 goto mkcert_error;
1906 }
1907 X509_EXTENSION_free(ext);
1908 }
1909
1910 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001911
1912 key_type = EVP_PKEY_base_id(capkey);
1913
1914 if (key_type == EVP_PKEY_DSA)
1915 digest = EVP_sha1();
1916 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001917 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001918 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001919 digest = EVP_sha256();
1920 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001921#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001922 int nid;
1923
1924 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1925 goto mkcert_error;
1926 if (!(digest = EVP_get_digestbynid(nid)))
1927 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001928#else
1929 goto mkcert_error;
1930#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001931 }
1932
Christopher Faulet31af49d2015-06-09 17:29:50 +02001933 if (!(X509_sign(newcrt, capkey, digest)))
1934 goto mkcert_error;
1935
1936 /* Create and set the new SSL_CTX */
1937 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1938 goto mkcert_error;
1939 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1940 goto mkcert_error;
1941 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1942 goto mkcert_error;
1943 if (!SSL_CTX_check_private_key(ssl_ctx))
1944 goto mkcert_error;
1945
1946 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001947
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001948#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001949 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001950#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001951#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1952 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001953 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001954 EC_KEY *ecc;
1955 int nid;
1956
1957 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1958 goto end;
1959 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1960 goto end;
1961 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1962 EC_KEY_free(ecc);
1963 }
1964#endif
1965 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001966 return ssl_ctx;
1967
1968 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001969 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001970 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1972 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001973 return NULL;
1974}
1975
Christopher Faulet7969a332015-10-09 11:15:03 +02001976SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001977ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001978{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001979 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001980 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001981
Olivier Houchard66ab4982019-02-26 18:37:15 +01001982 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001983}
1984
Christopher Faulet30548802015-06-11 13:39:32 +02001985/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001986 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001987SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001988ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001989{
1990 struct lru64 *lru = NULL;
1991
1992 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001993 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001994 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001995 if (lru && lru->domain) {
1996 if (ssl)
1997 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001998 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001999 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002000 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002001 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002002 }
2003 return NULL;
2004}
2005
Emeric Brun821bb9b2017-06-15 16:37:39 +02002006/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2007 * function is not thread-safe, it should only be used to check if a certificate
2008 * exists in the lru cache (with no warranty it will not be removed by another
2009 * thread). It is kept for backward compatibility. */
2010SSL_CTX *
2011ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2012{
2013 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2014}
2015
Christopher Fauletd2cab922015-07-28 16:03:47 +02002016/* Set a certificate int the LRU cache used to store generated
2017 * certificate. Return 0 on success, otherwise -1 */
2018int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002019ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002020{
2021 struct lru64 *lru = NULL;
2022
2023 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002024 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002025 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002026 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002027 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002028 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002029 }
Christopher Faulet30548802015-06-11 13:39:32 +02002030 if (lru->domain && lru->data)
2031 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002032 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002033 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002034 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002035 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002036 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002037}
2038
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002039/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002040unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002041ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002042{
2043 return XXH32(data, len, ssl_ctx_lru_seed);
2044}
2045
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002046/* Generate a cert and immediately assign it to the SSL session so that the cert's
2047 * refcount is maintained regardless of the cert's presence in the LRU cache.
2048 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002049static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002050ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002051{
2052 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002053 SSL_CTX *ssl_ctx = NULL;
2054 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002055 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002056
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002057 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002058 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002059 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002060 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002061 if (lru && lru->domain)
2062 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002063 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002064 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002065 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002066 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002067 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002068 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002069 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002070 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002071 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002072 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002073 SSL_set_SSL_CTX(ssl, ssl_ctx);
2074 /* No LRU cache, this CTX will be released as soon as the session dies */
2075 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002076 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002077 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002078 return 0;
2079}
2080static int
2081ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2082{
2083 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002084 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002085
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002086 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002087 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002088 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002089 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002090 }
2091 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002092}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002093#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002094
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002095#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002096typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2097
2098static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002099{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002100#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002101 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002102 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2103#endif
2104}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002105static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2106 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002107 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2108}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002109static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002110#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002111 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002112 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2113#endif
2114}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002115static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002116#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002118 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2119#endif
2120}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002121/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002122static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2123/* Unusable in this context. */
2124static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2125static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2126static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2127static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2128static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002129#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002130typedef enum { SET_MIN, SET_MAX } set_context_func;
2131
2132static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2133 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002134 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2135}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002136static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2137 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2138 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2139}
2140static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2141 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002142 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2143}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002144static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2145 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2146 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2147}
2148static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2149 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002150 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2151}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002152static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2153 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2154 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2155}
2156static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2157 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002158 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2159}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002160static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2161 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2162 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2163}
2164static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002165#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002166 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002167 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2168#endif
2169}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002170static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2171#if SSL_OP_NO_TLSv1_3
2172 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2173 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002174#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002175}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002176#endif
2177static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2178static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002179
2180static struct {
2181 int option;
2182 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002183 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2184 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002185 const char *name;
2186} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002187 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2188 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2189 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2190 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2191 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2192 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002193};
2194
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002195static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2196{
2197 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2198 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2199 SSL_set_SSL_CTX(ssl, ctx);
2200}
2201
Willy Tarreau5db847a2019-05-09 14:13:35 +02002202#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002203
2204static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2205{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002206 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002207 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002208
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002209 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2210 return SSL_TLSEXT_ERR_OK;
2211 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002212}
2213
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002214#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002215static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2216{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002217 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002218#else
2219static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2220{
2221#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002222 struct connection *conn;
2223 struct bind_conf *s;
2224 const uint8_t *extension_data;
2225 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002226 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002227
2228 char *wildp = NULL;
2229 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002230 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002231 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002232 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002233 int i;
2234
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002235 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002236 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002237
Olivier Houchard9679ac92017-10-27 14:58:08 +02002238 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002239 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002240#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002241 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2242 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002243#else
2244 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2245#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002246 /*
2247 * The server_name extension was given too much extensibility when it
2248 * was written, so parsing the normal case is a bit complex.
2249 */
2250 size_t len;
2251 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002252 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002253 /* Extract the length of the supplied list of names. */
2254 len = (*extension_data++) << 8;
2255 len |= *extension_data++;
2256 if (len + 2 != extension_len)
2257 goto abort;
2258 /*
2259 * The list in practice only has a single element, so we only consider
2260 * the first one.
2261 */
2262 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2263 goto abort;
2264 extension_len = len - 1;
2265 /* Now we can finally pull out the byte array with the actual hostname. */
2266 if (extension_len <= 2)
2267 goto abort;
2268 len = (*extension_data++) << 8;
2269 len |= *extension_data++;
2270 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2271 || memchr(extension_data, 0, len) != NULL)
2272 goto abort;
2273 servername = extension_data;
2274 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002275 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002276#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2277 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002278 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002279 }
2280#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002281 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002282 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002283 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002284 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002285 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002286 goto abort;
2287 }
2288
2289 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002290#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002291 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002292#else
2293 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2294#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002295 uint8_t sign;
2296 size_t len;
2297 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002298 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002299 len = (*extension_data++) << 8;
2300 len |= *extension_data++;
2301 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002302 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002303 if (len % 2 != 0)
2304 goto abort;
2305 for (; len > 0; len -= 2) {
2306 extension_data++; /* hash */
2307 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002308 switch (sign) {
2309 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002310 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002311 break;
2312 case TLSEXT_signature_ecdsa:
2313 has_ecdsa_sig = 1;
2314 break;
2315 default:
2316 continue;
2317 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002318 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002319 break;
2320 }
2321 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002322 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002323 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 }
2325 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002326 const SSL_CIPHER *cipher;
2327 size_t len;
2328 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002329 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002330#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002331 len = ctx->cipher_suites_len;
2332 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002333#else
2334 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2335#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002336 if (len % 2 != 0)
2337 goto abort;
2338 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002339#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002340 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002341 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002342#else
2343 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2344#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002345 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002346 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002347 break;
2348 }
2349 }
2350 }
2351
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002352 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002353 trash.area[i] = tolower(servername[i]);
2354 if (!wildp && (trash.area[i] == '.'))
2355 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002356 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002357 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358
2359 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002360 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002361
2362 /* lookup a not neg filter */
2363 for (n = node; n; n = ebmb_next_dup(n)) {
2364 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002365 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002366 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002367 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002368 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 break;
2370 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002371 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002372 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002373 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002374 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002375 if (!node_anonymous)
2376 node_anonymous = n;
2377 break;
2378 }
2379 }
2380 }
2381 if (wildp) {
2382 /* lookup in wildcards names */
2383 node = ebst_lookup(&s->sni_w_ctx, wildp);
2384 for (n = node; n; n = ebmb_next_dup(n)) {
2385 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002386 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002387 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002388 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002389 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002390 break;
2391 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002392 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002393 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002394 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002395 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002396 if (!node_anonymous)
2397 node_anonymous = n;
2398 break;
2399 }
2400 }
2401 }
2402 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002403 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002404 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2405 : ((has_rsa_sig && node_rsa) ? node_rsa
2406 : (node_anonymous ? node_anonymous
2407 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2408 : node_rsa /* no rsa signature case (far far away) */
2409 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002410 if (node) {
2411 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002412 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002413 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002414 if (conf) {
2415 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2416 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2417 if (conf->early_data)
2418 allow_early = 1;
2419 }
2420 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002422#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002423 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002424 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002425 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002426 }
2427#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002428 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002429 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002430 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002431 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002432allow_early:
2433#ifdef OPENSSL_IS_BORINGSSL
2434 if (allow_early)
2435 SSL_set_early_data_enabled(ssl, 1);
2436#else
2437 if (!allow_early)
2438 SSL_set_max_early_data(ssl, 0);
2439#endif
2440 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002441 abort:
2442 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2443 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002444#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002445 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002446#else
2447 *al = SSL_AD_UNRECOGNIZED_NAME;
2448 return 0;
2449#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002450}
2451
2452#else /* OPENSSL_IS_BORINGSSL */
2453
Emeric Brunfc0421f2012-09-07 17:30:07 +02002454/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2455 * warning when no match is found, which implies the default (first) cert
2456 * will keep being used.
2457 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002458static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002459{
2460 const char *servername;
2461 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002462 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002463 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002464 int i;
2465 (void)al; /* shut gcc stupid warning */
2466
2467 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002468 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002469#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002470 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2471 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002472#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002473 if (s->strict_sni)
2474 return SSL_TLSEXT_ERR_ALERT_FATAL;
2475 ssl_sock_switchctx_set(ssl, s->default_ctx);
2476 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002477 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002478
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002479 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002480 if (!servername[i])
2481 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002482 trash.area[i] = tolower(servername[i]);
2483 if (!wildp && (trash.area[i] == '.'))
2484 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002485 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002486 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002487
2488 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002489 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002490
2491 /* lookup a not neg filter */
2492 for (n = node; n; n = ebmb_next_dup(n)) {
2493 if (!container_of(n, struct sni_ctx, name)->neg) {
2494 node = n;
2495 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002496 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002497 }
2498 if (!node && wildp) {
2499 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002500 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002501 }
2502 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002503#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002504 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2505 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002506 return SSL_TLSEXT_ERR_OK;
2507 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002508#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002509 if (s->strict_sni)
2510 return SSL_TLSEXT_ERR_ALERT_FATAL;
2511 ssl_sock_switchctx_set(ssl, s->default_ctx);
2512 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002513 }
2514
2515 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002516 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002517 return SSL_TLSEXT_ERR_OK;
2518}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002519#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002520#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2521
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002522#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002523
2524static DH * ssl_get_dh_1024(void)
2525{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002526 static unsigned char dh1024_p[]={
2527 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2528 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2529 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2530 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2531 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2532 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2533 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2534 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2535 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2536 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2537 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2538 };
2539 static unsigned char dh1024_g[]={
2540 0x02,
2541 };
2542
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002543 BIGNUM *p;
2544 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002545 DH *dh = DH_new();
2546 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002547 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2548 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002549
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002550 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002551 DH_free(dh);
2552 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002553 } else {
2554 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002555 }
2556 }
2557 return dh;
2558}
2559
2560static DH *ssl_get_dh_2048(void)
2561{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002562 static unsigned char dh2048_p[]={
2563 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2564 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2565 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2566 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2567 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2568 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2569 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2570 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2571 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2572 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2573 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2574 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2575 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2576 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2577 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2578 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2579 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2580 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2581 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2582 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2583 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2584 0xB7,0x1F,0x77,0xF3,
2585 };
2586 static unsigned char dh2048_g[]={
2587 0x02,
2588 };
2589
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002590 BIGNUM *p;
2591 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002592 DH *dh = DH_new();
2593 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002594 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2595 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002596
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002597 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002598 DH_free(dh);
2599 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002600 } else {
2601 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002602 }
2603 }
2604 return dh;
2605}
2606
2607static DH *ssl_get_dh_4096(void)
2608{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002609 static unsigned char dh4096_p[]={
2610 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2611 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2612 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2613 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2614 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2615 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2616 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2617 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2618 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2619 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2620 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2621 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2622 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2623 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2624 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2625 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2626 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2627 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2628 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2629 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2630 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2631 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2632 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2633 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2634 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2635 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2636 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2637 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2638 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2639 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2640 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2641 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2642 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2643 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2644 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2645 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2646 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2647 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2648 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2649 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2650 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2651 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2652 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002653 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002654 static unsigned char dh4096_g[]={
2655 0x02,
2656 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002657
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002658 BIGNUM *p;
2659 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002660 DH *dh = DH_new();
2661 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002662 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2663 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002664
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002666 DH_free(dh);
2667 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002668 } else {
2669 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002670 }
2671 }
2672 return dh;
2673}
2674
2675/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002676 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2678{
2679 DH *dh = NULL;
2680 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002681 int type;
2682
2683 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002684
2685 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2686 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2687 */
2688 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2689 keylen = EVP_PKEY_bits(pkey);
2690 }
2691
Willy Tarreauef934602016-12-22 23:12:01 +01002692 if (keylen > global_ssl.default_dh_param) {
2693 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002694 }
2695
Remi Gacogned3a341a2015-05-29 16:26:17 +02002696 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002697 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002698 }
2699 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002700 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002701 }
2702 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002703 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002704 }
2705
2706 return dh;
2707}
2708
Remi Gacogne47783ef2015-05-29 15:53:22 +02002709static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002710{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002711 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002712 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002713
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002714 if (in == NULL)
2715 goto end;
2716
Remi Gacogne47783ef2015-05-29 15:53:22 +02002717 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002718 goto end;
2719
Remi Gacogne47783ef2015-05-29 15:53:22 +02002720 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2721
2722end:
2723 if (in)
2724 BIO_free(in);
2725
Emeric Brune1b4ed42018-08-16 15:14:12 +02002726 ERR_clear_error();
2727
Remi Gacogne47783ef2015-05-29 15:53:22 +02002728 return dh;
2729}
2730
2731int ssl_sock_load_global_dh_param_from_file(const char *filename)
2732{
2733 global_dh = ssl_sock_get_dh_from_file(filename);
2734
2735 if (global_dh) {
2736 return 0;
2737 }
2738
2739 return -1;
2740}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002741#endif
2742
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002743static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002744 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002745{
2746 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002747 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002748 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002749
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002750 if (*name == '!') {
2751 neg = 1;
2752 name++;
2753 }
2754 if (*name == '*') {
2755 wild = 1;
2756 name++;
2757 }
2758 /* !* filter is a nop */
2759 if (neg && wild)
2760 return order;
2761 if (*name) {
2762 int j, len;
2763 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002764 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002765 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002766 if (j >= trash.size)
2767 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002768 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002769
2770 /* Check for duplicates. */
2771 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002772 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002773 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002774 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002775 for (; node; node = ebmb_next_dup(node)) {
2776 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002777 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002778 return order;
2779 }
2780
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002781 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002782 if (!sc)
2783 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002784 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002785 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002786 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002787 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002788 sc->order = order++;
2789 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002790 if (kinfo.sig != TLSEXT_signature_anonymous)
2791 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002792 if (wild)
2793 ebst_insert(&s->sni_w_ctx, &sc->name);
2794 else
2795 ebst_insert(&s->sni_ctx, &sc->name);
2796 }
2797 return order;
2798}
2799
yanbzhu488a4d22015-12-01 15:16:07 -05002800
2801/* The following code is used for loading multiple crt files into
2802 * SSL_CTX's based on CN/SAN
2803 */
yanbzhu488a4d22015-12-01 15:16:07 -05002804/* This is used to preload the certifcate, private key
2805 * and Cert Chain of a file passed in via the crt
2806 * argument
2807 *
2808 * This way, we do not have to read the file multiple times
2809 */
2810struct cert_key_and_chain {
2811 X509 *cert;
2812 EVP_PKEY *key;
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002813 STACK_OF(X509) *chain;
William Lallemandfa892222019-07-23 16:06:08 +02002814 DH *dh;
yanbzhu488a4d22015-12-01 15:16:07 -05002815};
2816
William Lallemand36b84632019-07-18 19:28:17 +02002817/*
2818 * this is used to store 1 to SSL_SOCK_NUM_KEYTYPES cert_key_and_chain and
2819 * metadata.
2820 */
2821struct ckch_node {
2822 struct cert_key_and_chain *ckch;
2823 int multi; /* is it a multi-cert bundle ? */
William Lallemand6af03992019-07-23 15:00:54 +02002824 struct ebmb_node node;
2825 char path[0];
William Lallemand36b84632019-07-18 19:28:17 +02002826};
2827
William Lallemand6af03992019-07-23 15:00:54 +02002828/*
2829 * tree used to store the ckchn ordered by filename/bundle name
2830 */
2831struct eb_root ckchn_tree = EB_ROOT_UNIQUE;
2832
William Lallemandc4ecddf2019-07-31 16:50:08 +02002833#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
2834
yanbzhu08ce6ab2015-12-02 13:01:29 -05002835#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2836
2837struct key_combo_ctx {
2838 SSL_CTX *ctx;
2839 int order;
2840};
2841
2842/* Map used for processing multiple keypairs for a single purpose
2843 *
2844 * This maps CN/SNI name to certificate type
2845 */
2846struct sni_keytype {
2847 int keytypes; /* BITMASK for keytypes */
2848 struct ebmb_node name; /* node holding the servername value */
2849};
2850
William Lallemandc4ecddf2019-07-31 16:50:08 +02002851#endif
William Lallemandfa892222019-07-23 16:06:08 +02002852
2853/* Loads Diffie-Hellman parameter from a ckchn. Returns 1 if loaded, else -1
2854 if an error occurred, and 0 if parameter not found. */
2855#ifndef OPENSSL_NO_DH
2856static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
2857{
2858 int ret = -1;
2859 DH *dh = NULL;
2860
William Lallemanda8c73742019-07-31 18:31:34 +02002861 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02002862 dh = ckch->dh;
William Lallemandfa892222019-07-23 16:06:08 +02002863 ret = 1;
2864 SSL_CTX_set_tmp_dh(ctx, dh);
2865
2866 if (ssl_dh_ptr_index >= 0) {
2867 /* store a pointer to the DH params to avoid complaining about
2868 ssl-default-dh-param not being set for this SSL_CTX */
2869 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2870 }
2871 }
2872 else if (global_dh) {
2873 SSL_CTX_set_tmp_dh(ctx, global_dh);
2874 ret = 0; /* DH params not found */
2875 }
2876 else {
2877 /* Clear openssl global errors stack */
2878 ERR_clear_error();
2879
2880 if (global_ssl.default_dh_param <= 1024) {
2881 /* we are limited to DH parameter of 1024 bits anyway */
2882 if (local_dh_1024 == NULL)
2883 local_dh_1024 = ssl_get_dh_1024();
2884
2885 if (local_dh_1024 == NULL)
2886 goto end;
2887
2888 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
2889 }
2890 else {
2891 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2892 }
2893
2894 ret = 0; /* DH params not found */
2895 }
2896
2897end:
William Lallemandfa892222019-07-23 16:06:08 +02002898 return ret;
2899}
2900#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05002901
yanbzhu488a4d22015-12-01 15:16:07 -05002902/* Frees the contents of a cert_key_and_chain
2903 */
2904static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2905{
yanbzhu488a4d22015-12-01 15:16:07 -05002906 if (!ckch)
2907 return;
2908
2909 /* Free the certificate and set pointer to NULL */
2910 if (ckch->cert)
2911 X509_free(ckch->cert);
2912 ckch->cert = NULL;
2913
2914 /* Free the key and set pointer to NULL */
2915 if (ckch->key)
2916 EVP_PKEY_free(ckch->key);
2917 ckch->key = NULL;
2918
2919 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002920 if (ckch->chain)
2921 sk_X509_pop_free(ckch->chain, X509_free);
2922 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05002923
2924}
2925
2926/* checks if a key and cert exists in the ckch
2927 */
William Lallemand1633e392019-09-30 12:58:13 +02002928#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05002929static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2930{
2931 return (ckch->cert != NULL && ckch->key != NULL);
2932}
William Lallemand1633e392019-09-30 12:58:13 +02002933#endif
yanbzhu488a4d22015-12-01 15:16:07 -05002934
2935/* Loads the contents of a crt file (path) into a cert_key_and_chain
2936 * This allows us to carry the contents of the file without having to
2937 * read the file multiple times.
Emmanuel Hocdetefa4b952018-12-04 17:37:47 +01002938 * The caller must call ssl_sock_free_cert_key_and_chain_contents.
yanbzhu488a4d22015-12-01 15:16:07 -05002939 *
2940 * returns:
2941 * 0 on Success
2942 * 1 on SSL Failure
yanbzhu488a4d22015-12-01 15:16:07 -05002943 */
2944static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2945{
2946
2947 BIO *in;
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002948 X509 *ca;
yanbzhu488a4d22015-12-01 15:16:07 -05002949 int ret = 1;
2950
yanbzhu488a4d22015-12-01 15:16:07 -05002951 in = BIO_new(BIO_s_file());
2952 if (in == NULL)
2953 goto end;
2954
2955 if (BIO_read_filename(in, path) <= 0)
2956 goto end;
2957
yanbzhu488a4d22015-12-01 15:16:07 -05002958 /* Read Private Key */
2959 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2960 if (ckch->key == NULL) {
2961 memprintf(err, "%sunable to load private key from file '%s'.\n",
2962 err && *err ? *err : "", path);
2963 goto end;
2964 }
2965
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02002966#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02002967 /* Seek back to beginning of file */
2968 if (BIO_reset(in) == -1) {
2969 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2970 err && *err ? *err : "", path);
2971 goto end;
2972 }
2973
2974 ckch->dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2975 /* no need to check for NULL there, dh is not mandatory */
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02002976#endif
William Lallemandfa892222019-07-23 16:06:08 +02002977
Willy Tarreaubb137a82016-04-06 19:02:38 +02002978 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002979 if (BIO_reset(in) == -1) {
2980 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2981 err && *err ? *err : "", path);
2982 goto end;
2983 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002984
2985 /* Read Certificate */
2986 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2987 if (ckch->cert == NULL) {
2988 memprintf(err, "%sunable to load certificate from file '%s'.\n",
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002989 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02002990 goto end;
2991 }
2992
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02002993 if (!X509_check_private_key(ckch->cert, ckch->key)) {
2994 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2995 err && *err ? *err : "", path);
2996 goto end;
2997 }
2998
yanbzhu488a4d22015-12-01 15:16:07 -05002999 /* Read Certificate Chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003000 ckch->chain = sk_X509_new_null();
3001 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3002 if (!sk_X509_push(ckch->chain, ca)) {
3003 X509_free(ca);
3004 goto end;
3005 }
yanbzhu488a4d22015-12-01 15:16:07 -05003006
yanbzhu488a4d22015-12-01 15:16:07 -05003007 ret = ERR_get_error();
3008 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3009 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
3010 err && *err ? *err : "", path);
3011 ret = 1;
3012 goto end;
3013 }
3014
3015 ret = 0;
3016
3017end:
3018
3019 ERR_clear_error();
3020 if (in)
3021 BIO_free(in);
3022
3023 /* Something went wrong in one of the reads */
3024 if (ret != 0)
3025 ssl_sock_free_cert_key_and_chain_contents(ckch);
3026
3027 return ret;
3028}
3029
3030/* Loads the info in ckch into ctx
3031 * Currently, this does not process any information about ocsp, dhparams or
3032 * sctl
3033 * Returns
3034 * 0 on success
3035 * 1 on failure
3036 */
3037static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3038{
yanbzhu488a4d22015-12-01 15:16:07 -05003039 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3040 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3041 err && *err ? *err : "", path);
3042 return 1;
3043 }
3044
3045 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3046 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3047 err && *err ? *err : "", path);
3048 return 1;
3049 }
3050
yanbzhu488a4d22015-12-01 15:16:07 -05003051 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003052#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003053 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3054 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3055 err && *err ? *err : "", path);
3056 return 1;
yanbzhu488a4d22015-12-01 15:16:07 -05003057 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003058#else
3059 { /* legacy compat (< openssl 1.0.2) */
3060 X509 *ca;
3061 while ((ca = sk_X509_shift(ckch->chain)))
3062 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3063 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3064 err && *err ? *err : "", path);
3065 X509_free(ca);
3066 return 1;
3067 }
3068 }
3069#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003070
William Lallemandfa892222019-07-23 16:06:08 +02003071#ifndef OPENSSL_NO_DH
3072 /* store a NULL pointer to indicate we have not yet loaded
3073 a custom DH param file */
3074 if (ssl_dh_ptr_index >= 0) {
3075 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3076 }
3077
3078 if (ssl_sock_load_dh_params(ctx, ckch) < 0) {
3079 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3080 err && *err ? *err : "", path);
3081 return 1;
3082 }
3083#endif
3084
yanbzhu488a4d22015-12-01 15:16:07 -05003085 return 0;
3086}
3087
William Lallemandc4ecddf2019-07-31 16:50:08 +02003088#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003089
3090static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3091{
3092 struct sni_keytype *s_kt = NULL;
3093 struct ebmb_node *node;
3094 int i;
3095
3096 for (i = 0; i < trash.size; i++) {
3097 if (!str[i])
3098 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003099 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003100 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003101 trash.area[i] = 0;
3102 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003103 if (!node) {
3104 /* CN not found in tree */
3105 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3106 /* Using memcpy here instead of strncpy.
3107 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3108 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3109 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003110 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003111 s_kt->keytypes = 0;
3112 ebst_insert(sni_keytypes, &s_kt->name);
3113 } else {
3114 /* CN found in tree */
3115 s_kt = container_of(node, struct sni_keytype, name);
3116 }
3117
3118 /* Mark that this CN has the keytype of key_index via keytypes mask */
3119 s_kt->keytypes |= 1<<key_index;
3120
3121}
3122
William Lallemandc4ecddf2019-07-31 16:50:08 +02003123#endif
3124
William Lallemand36b84632019-07-18 19:28:17 +02003125/*
William Lallemand6af03992019-07-23 15:00:54 +02003126 * lookup a path into the ckchn tree.
3127 */
3128static inline struct ckch_node *ckchn_lookup(char *path)
3129{
3130 struct ebmb_node *eb;
3131
3132 eb = ebst_lookup(&ckchn_tree, path);
3133 if (!eb)
3134 return NULL;
3135
3136 return ebmb_entry(eb, struct ckch_node, node);
3137}
3138
3139/*
William Lallemand36b84632019-07-18 19:28:17 +02003140 * This function allocate a ckch_node and populate it with certificates from files.
3141 */
3142static struct ckch_node *ckchn_load_cert_file(char *path, int multi, char **err)
3143{
3144 struct ckch_node *ckchn;
William Lallemand36b84632019-07-18 19:28:17 +02003145
William Lallemand6af03992019-07-23 15:00:54 +02003146 ckchn = calloc(1, sizeof(*ckchn) + strlen(path) + 1);
William Lallemand36b84632019-07-18 19:28:17 +02003147 if (!ckchn) {
3148 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3149 goto end;
3150 }
3151 ckchn->ckch = calloc(1, sizeof(*ckchn->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
3152
3153 if (!ckchn->ckch) {
3154 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3155 goto end;
3156 }
3157
3158 if (!multi) {
3159
3160 if (ssl_sock_load_crt_file_into_ckch(path, ckchn->ckch, err) == 1)
3161 goto end;
3162
William Lallemand6af03992019-07-23 15:00:54 +02003163 /* insert into the ckchn tree */
3164 memcpy(ckchn->path, path, strlen(path) + 1);
3165 ebst_insert(&ckchn_tree, &ckchn->node);
William Lallemand36b84632019-07-18 19:28:17 +02003166 } else {
3167 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003168#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3169 char fp[MAXPATHLEN+1] = {0};
3170 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003171
3172 /* Load all possible certs and keys */
3173 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3174 struct stat buf;
3175 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3176 if (stat(fp, &buf) == 0) {
3177 if (ssl_sock_load_crt_file_into_ckch(fp, &ckchn->ckch[n], err) == 1)
3178 goto end;
3179 found = 1;
3180 ckchn->multi = 1;
3181 }
3182 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003183#endif
William Lallemand36b84632019-07-18 19:28:17 +02003184
3185 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003186 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003187 goto end;
3188 }
William Lallemand6af03992019-07-23 15:00:54 +02003189 /* insert into the ckchn tree */
3190 memcpy(ckchn->path, path, strlen(path) + 1);
3191 ebst_insert(&ckchn_tree, &ckchn->node);
William Lallemand36b84632019-07-18 19:28:17 +02003192 }
3193 return ckchn;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003194
William Lallemand36b84632019-07-18 19:28:17 +02003195end:
William Lallemand6af03992019-07-23 15:00:54 +02003196 if (ckchn) {
William Lallemand36b84632019-07-18 19:28:17 +02003197 free(ckchn->ckch);
William Lallemand6af03992019-07-23 15:00:54 +02003198 ebmb_delete(&ckchn->node);
3199 }
3200
William Lallemand36b84632019-07-18 19:28:17 +02003201 free(ckchn);
3202
3203 return NULL;
3204}
3205
William Lallemandc4ecddf2019-07-31 16:50:08 +02003206#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3207
William Lallemand36b84632019-07-18 19:28:17 +02003208/*
3209 * Take a ckch_node which contains a multi-certificate bundle.
3210 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003211 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3212 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003213 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003214 *
3215 * Returns
3216 * 0 on success
3217 * 1 on failure
William Lallemand36b84632019-07-18 19:28:17 +02003218 *
3219 * TODO: This function shouldn't access files anymore, sctl and ocsp file access
3220 * should be migrated to the ssl_sock_load_crt_file_into_ckch() function
yanbzhu08ce6ab2015-12-02 13:01:29 -05003221 */
William Lallemand36b84632019-07-18 19:28:17 +02003222static int ssl_sock_load_multi_ckchn(const char *path, struct ckch_node *ckch_n,
3223 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3224 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003225{
William Lallemand36b84632019-07-18 19:28:17 +02003226 int i = 0, n = 0;
3227 struct cert_key_and_chain *certs_and_keys;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003228 struct eb_root sni_keytypes_map = { {0} };
3229 struct ebmb_node *node;
3230 struct ebmb_node *next;
3231 /* Array of SSL_CTX pointers corresponding to each possible combo
3232 * of keytypes
3233 */
3234 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3235 int rv = 0;
3236 X509_NAME *xname = NULL;
3237 char *str = NULL;
3238#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3239 STACK_OF(GENERAL_NAME) *names = NULL;
3240#endif
3241
William Lallemand36b84632019-07-18 19:28:17 +02003242 if (!ckch_n || !ckch_n->ckch || !ckch_n->multi) {
3243 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3244 err && *err ? *err : "", path);
3245 return 1;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003246 }
3247
William Lallemand36b84632019-07-18 19:28:17 +02003248 certs_and_keys = ckch_n->ckch;
3249
yanbzhu08ce6ab2015-12-02 13:01:29 -05003250 /* Process each ckch and update keytypes for each CN/SAN
3251 * for example, if CN/SAN www.a.com is associated with
3252 * certs with keytype 0 and 2, then at the end of the loop,
3253 * www.a.com will have:
3254 * keyindex = 0 | 1 | 4 = 5
3255 */
3256 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3257
3258 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3259 continue;
3260
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003261 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003262 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003263 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3264 } else {
3265 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3266 * so the line that contains logic is marked via comments
3267 */
3268 xname = X509_get_subject_name(certs_and_keys[n].cert);
3269 i = -1;
3270 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3271 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003272 ASN1_STRING *value;
3273 value = X509_NAME_ENTRY_get_data(entry);
3274 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003275 /* Important line is here */
3276 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003277
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003278 OPENSSL_free(str);
3279 str = NULL;
3280 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003281 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003282
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003283 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003284#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003285 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3286 if (names) {
3287 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3288 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003289
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003290 if (name->type == GEN_DNS) {
3291 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3292 /* Important line is here */
3293 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003294
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003295 OPENSSL_free(str);
3296 str = NULL;
3297 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003298 }
3299 }
3300 }
3301 }
3302#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3303 }
3304
3305 /* If no files found, return error */
3306 if (eb_is_empty(&sni_keytypes_map)) {
3307 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3308 err && *err ? *err : "", path);
3309 rv = 1;
3310 goto end;
3311 }
3312
3313 /* We now have a map of CN/SAN to keytypes that are loaded in
3314 * Iterate through the map to create the SSL_CTX's (if needed)
3315 * and add each CTX to the SNI tree
3316 *
3317 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003318 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003319 * combination is denoted by the key in the map. Each key
3320 * has a value between 1 and 2^n - 1. Conveniently, the array
3321 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3322 * entry in the array to correspond to the unique combo (key)
3323 * associated with i. This unique key combo (i) will be associated
3324 * with combos[i-1]
3325 */
3326
3327 node = ebmb_first(&sni_keytypes_map);
3328 while (node) {
3329 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003330 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003331 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003332
3333 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3334 i = container_of(node, struct sni_keytype, name)->keytypes;
3335 cur_ctx = key_combos[i-1].ctx;
3336
3337 if (cur_ctx == NULL) {
3338 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003339 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003340 if (cur_ctx == NULL) {
3341 memprintf(err, "%sunable to allocate SSL context.\n",
3342 err && *err ? *err : "");
3343 rv = 1;
3344 goto end;
3345 }
3346
yanbzhube2774d2015-12-10 15:07:30 -05003347 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003348 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3349 if (i & (1<<n)) {
3350 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003351 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3352 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003353 SSL_CTX_free(cur_ctx);
3354 rv = 1;
3355 goto end;
3356 }
yanbzhube2774d2015-12-10 15:07:30 -05003357
3358#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3359 /* Load OCSP Info into context */
William Lallemand36b84632019-07-18 19:28:17 +02003360 /* TODO: store OCSP in ckch */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003361 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003362 if (err)
3363 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003364 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003365 SSL_CTX_free(cur_ctx);
3366 rv = 1;
3367 goto end;
3368 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003369#elif (defined OPENSSL_IS_BORINGSSL)
3370 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003371#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003372 }
3373 }
3374
yanbzhu08ce6ab2015-12-02 13:01:29 -05003375 /* Update key_combos */
3376 key_combos[i-1].ctx = cur_ctx;
3377 }
3378
3379 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003380 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003381 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003382 node = ebmb_next(node);
3383 }
3384
3385
3386 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3387 if (!bind_conf->default_ctx) {
3388 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3389 if (key_combos[i].ctx) {
3390 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003391 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003392 break;
3393 }
3394 }
3395 }
3396
3397end:
3398
3399 if (names)
3400 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3401
yanbzhu08ce6ab2015-12-02 13:01:29 -05003402 node = ebmb_first(&sni_keytypes_map);
3403 while (node) {
3404 next = ebmb_next(node);
3405 ebmb_delete(node);
3406 node = next;
3407 }
3408
3409 return rv;
3410}
3411#else
3412/* This is a dummy, that just logs an error and returns error */
William Lallemand36b84632019-07-18 19:28:17 +02003413static int ssl_sock_load_multi_ckchn(const char *path, struct ckch_node *ckch_n,
3414 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3415 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003416{
3417 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3418 err && *err ? *err : "", path, strerror(errno));
3419 return 1;
3420}
3421
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003422#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003423
William Lallemand36b84632019-07-18 19:28:17 +02003424static int ssl_sock_load_ckchn(const char *path, struct ckch_node *ckch_n, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
William Lallemandc9402072019-05-15 15:33:54 +02003425 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003426{
William Lallemandc9402072019-05-15 15:33:54 +02003427 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02003428 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003429 int order = 0;
3430 X509_NAME *xname;
3431 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003432 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003433 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02003434#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3435 STACK_OF(GENERAL_NAME) *names;
3436#endif
William Lallemand36b84632019-07-18 19:28:17 +02003437 struct cert_key_and_chain *ckch;
William Lallemanda59191b2019-05-15 16:08:56 +02003438
William Lallemand36b84632019-07-18 19:28:17 +02003439 if (!ckch_n || !ckch_n->ckch)
William Lallemanda59191b2019-05-15 16:08:56 +02003440 return 1;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003441
William Lallemand36b84632019-07-18 19:28:17 +02003442 ckch = ckch_n->ckch;
3443
William Lallemandc9402072019-05-15 15:33:54 +02003444 ctx = SSL_CTX_new(SSLv23_server_method());
3445 if (!ctx) {
3446 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3447 err && *err ? *err : "", path);
3448 return 1;
3449 }
3450
William Lallemand36b84632019-07-18 19:28:17 +02003451 if (ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err) != 0) {
William Lallemandc9402072019-05-15 15:33:54 +02003452 SSL_CTX_free(ctx);
3453 return 1;
3454 }
3455
William Lallemand36b84632019-07-18 19:28:17 +02003456 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003457 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003458 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003459 switch(EVP_PKEY_base_id(pkey)) {
3460 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003461 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003462 break;
3463 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003464 kinfo.sig = TLSEXT_signature_ecdsa;
3465 break;
3466 case EVP_PKEY_DSA:
3467 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003468 break;
3469 }
3470 EVP_PKEY_free(pkey);
3471 }
3472
Emeric Brun50bcecc2013-04-22 13:05:23 +02003473 if (fcount) {
3474 while (fcount--)
William Lallemandc9402072019-05-15 15:33:54 +02003475 order = ssl_sock_add_cert_sni(ctx, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003476 }
3477 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003478#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02003479 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003480 if (names) {
3481 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3482 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3483 if (name->type == GEN_DNS) {
3484 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemandc9402072019-05-15 15:33:54 +02003485 order = ssl_sock_add_cert_sni(ctx, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003486 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003487 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003488 }
3489 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003490 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003491 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003492#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02003493 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003494 i = -1;
3495 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3496 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003497 ASN1_STRING *value;
3498
3499 value = X509_NAME_ENTRY_get_data(entry);
3500 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemandc9402072019-05-15 15:33:54 +02003501 order = ssl_sock_add_cert_sni(ctx, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003502 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003503 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003504 }
3505 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003506 /* we must not free the SSL_CTX anymore below, since it's already in
3507 * the tree, so it will be discovered and cleaned in time.
3508 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003509
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003510#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emmanuel Hocdeta7a0f992019-07-30 17:17:03 +02003511 if (ssl_sock_load_ocsp(ctx, path) < 0) {
Emeric Brun4147b2e2014-06-16 18:36:30 +02003512 if (err)
3513 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3514 *err ? *err : "", path);
3515 return 1;
3516 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003517#elif (defined OPENSSL_IS_BORINGSSL)
3518 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003519#endif
3520
Willy Tarreau5db847a2019-05-09 14:13:35 +02003521#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003522 if (sctl_ex_index >= 0) {
Emmanuel Hocdeta7a0f992019-07-30 17:17:03 +02003523 if (ssl_sock_load_sctl(ctx, path) < 0) {
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003524 if (err)
3525 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3526 *err ? *err : "", path);
3527 return 1;
3528 }
3529 }
3530#endif
3531
Emeric Brunfc0421f2012-09-07 17:30:07 +02003532#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003533 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003534 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3535 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003536 return 1;
3537 }
3538#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003539 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003540 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003541 bind_conf->default_ssl_conf = ssl_conf;
3542 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003543
3544 return 0;
3545}
3546
Willy Tarreau03209342016-12-22 17:08:28 +01003547int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003548{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003549 struct dirent **de_list;
3550 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003551 DIR *dir;
3552 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003553 char *end;
3554 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003555 int cfgerr = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003556 struct ckch_node *ckchn;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003557#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003558 int is_bundle;
3559 int j;
3560#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003561
William Lallemand6af03992019-07-23 15:00:54 +02003562 if ((ckchn = ckchn_lookup(path))) {
3563
3564 /* we found the ckchn in the tree, we can use it directly */
3565 if (ckchn->multi)
3566 return ssl_sock_load_multi_ckchn(path, ckchn, bind_conf, NULL, NULL, 0, err);
3567 else
3568 return ssl_sock_load_ckchn(path, ckchn, bind_conf, NULL, NULL, 0, err);
3569
3570 }
3571
yanbzhu08ce6ab2015-12-02 13:01:29 -05003572 if (stat(path, &buf) == 0) {
3573 dir = opendir(path);
William Lallemand36b84632019-07-18 19:28:17 +02003574 if (!dir) {
3575 ckchn = ckchn_load_cert_file(path, 0, err);
3576 if (!ckchn)
3577 return 1;
3578 return ssl_sock_load_ckchn(path, ckchn, bind_conf, NULL, NULL, 0, err);
3579 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003580
yanbzhu08ce6ab2015-12-02 13:01:29 -05003581 /* strip trailing slashes, including first one */
3582 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3583 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003584
yanbzhu08ce6ab2015-12-02 13:01:29 -05003585 n = scandir(path, &de_list, 0, alphasort);
3586 if (n < 0) {
3587 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3588 err && *err ? *err : "", path, strerror(errno));
3589 cfgerr++;
3590 }
3591 else {
3592 for (i = 0; i < n; i++) {
3593 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003594
yanbzhu08ce6ab2015-12-02 13:01:29 -05003595 end = strrchr(de->d_name, '.');
3596 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3597 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003598
yanbzhu08ce6ab2015-12-02 13:01:29 -05003599 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3600 if (stat(fp, &buf) != 0) {
3601 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3602 err && *err ? *err : "", fp, strerror(errno));
3603 cfgerr++;
3604 goto ignore_entry;
3605 }
3606 if (!S_ISREG(buf.st_mode))
3607 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003608
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003609#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003610 is_bundle = 0;
3611 /* Check if current entry in directory is part of a multi-cert bundle */
3612
3613 if (end) {
3614 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3615 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3616 is_bundle = 1;
3617 break;
3618 }
3619 }
3620
3621 if (is_bundle) {
3622 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3623 int dp_len;
3624
3625 dp_len = end - de->d_name;
3626 snprintf(dp, dp_len + 1, "%s", de->d_name);
3627
3628 /* increment i and free de until we get to a non-bundle cert
3629 * Note here that we look at de_list[i + 1] before freeing de
3630 * this is important since ignore_entry will free de
3631 */
3632 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3633 free(de);
3634 i++;
3635 de = de_list[i];
3636 }
3637
3638 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
William Lallemand6af03992019-07-23 15:00:54 +02003639 if ((ckchn = ckchn_lookup(fp)) == NULL)
3640 ckchn = ckchn_load_cert_file(fp, 1, err);
William Lallemand36b84632019-07-18 19:28:17 +02003641 if (!ckchn)
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02003642 cfgerr++;
3643 else
3644 cfgerr += ssl_sock_load_multi_ckchn(fp, ckchn, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003645
3646 /* Successfully processed the bundle */
3647 goto ignore_entry;
3648 }
3649 }
3650
3651#endif
William Lallemand6af03992019-07-23 15:00:54 +02003652 if ((ckchn = ckchn_lookup(fp)) == NULL)
3653 ckchn = ckchn_load_cert_file(fp, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02003654 if (!ckchn)
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02003655 cfgerr++;
3656 else
3657 cfgerr += ssl_sock_load_ckchn(fp, ckchn, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02003658
yanbzhu08ce6ab2015-12-02 13:01:29 -05003659ignore_entry:
3660 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003661 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003662 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003663 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003664 closedir(dir);
3665 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003666 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003667
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003668 ckchn = ckchn_load_cert_file(path, 1, err);
William Lallemand36b84632019-07-18 19:28:17 +02003669 if (!ckchn)
3670 return 1;
3671 cfgerr = ssl_sock_load_multi_ckchn(path, ckchn, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003672
Emeric Brunfc0421f2012-09-07 17:30:07 +02003673 return cfgerr;
3674}
3675
Thierry Fournier383085f2013-01-24 14:15:43 +01003676/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3677 * done once. Zero is returned if the operation fails. No error is returned
3678 * if the random is said as not implemented, because we expect that openssl
3679 * will use another method once needed.
3680 */
3681static int ssl_initialize_random()
3682{
3683 unsigned char random;
3684 static int random_initialized = 0;
3685
3686 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3687 random_initialized = 1;
3688
3689 return random_initialized;
3690}
3691
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003692/* release ssl bind conf */
3693void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003694{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003695 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003696#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003697 free(conf->npn_str);
3698 conf->npn_str = NULL;
3699#endif
3700#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3701 free(conf->alpn_str);
3702 conf->alpn_str = NULL;
3703#endif
3704 free(conf->ca_file);
3705 conf->ca_file = NULL;
3706 free(conf->crl_file);
3707 conf->crl_file = NULL;
3708 free(conf->ciphers);
3709 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02003710#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003711 free(conf->ciphersuites);
3712 conf->ciphersuites = NULL;
3713#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003714 free(conf->curves);
3715 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003716 free(conf->ecdhe);
3717 conf->ecdhe = NULL;
3718 }
3719}
3720
3721int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3722{
3723 char thisline[CRT_LINESIZE];
3724 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003725 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003726 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003727 int linenum = 0;
3728 int cfgerr = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003729 struct ckch_node *ckchn;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003730
Willy Tarreauad1731d2013-04-02 17:35:58 +02003731 if ((f = fopen(file, "r")) == NULL) {
3732 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003733 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003734 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003735
3736 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003737 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003738 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003739 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003740 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003741 char *crt_path;
3742 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003743
3744 linenum++;
3745 end = line + strlen(line);
3746 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3747 /* Check if we reached the limit and the last char is not \n.
3748 * Watch out for the last line without the terminating '\n'!
3749 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003750 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3751 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003752 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003753 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003754 }
3755
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003756 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003757 newarg = 1;
3758 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003759 if (*line == '#' || *line == '\n' || *line == '\r') {
3760 /* end of string, end of loop */
3761 *line = 0;
3762 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003763 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003764 newarg = 1;
3765 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003766 } else if (*line == '[') {
3767 if (ssl_b) {
3768 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3769 cfgerr = 1;
3770 break;
3771 }
3772 if (!arg) {
3773 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3774 cfgerr = 1;
3775 break;
3776 }
3777 ssl_b = arg;
3778 newarg = 1;
3779 *line = 0;
3780 } else if (*line == ']') {
3781 if (ssl_e) {
3782 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003783 cfgerr = 1;
3784 break;
3785 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003786 if (!ssl_b) {
3787 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3788 cfgerr = 1;
3789 break;
3790 }
3791 ssl_e = arg;
3792 newarg = 1;
3793 *line = 0;
3794 } else if (newarg) {
3795 if (arg == MAX_CRT_ARGS) {
3796 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3797 cfgerr = 1;
3798 break;
3799 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003800 newarg = 0;
3801 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003802 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003803 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003804 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003805 if (cfgerr)
3806 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003807 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003808
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003809 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003810 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003811 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003812
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003813 crt_path = args[0];
3814 if (*crt_path != '/' && global_ssl.crt_base) {
3815 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3816 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3817 crt_path, linenum, file);
3818 cfgerr = 1;
3819 break;
3820 }
3821 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3822 crt_path = path;
3823 }
3824
3825 ssl_conf = calloc(1, sizeof *ssl_conf);
3826 cur_arg = ssl_b ? ssl_b : 1;
3827 while (cur_arg < ssl_e) {
3828 newarg = 0;
3829 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3830 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3831 newarg = 1;
3832 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3833 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3834 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3835 args[cur_arg], linenum, file);
3836 cfgerr = 1;
3837 }
3838 cur_arg += 1 + ssl_bind_kws[i].skip;
3839 break;
3840 }
3841 }
3842 if (!cfgerr && !newarg) {
3843 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3844 args[cur_arg], linenum, file);
3845 cfgerr = 1;
3846 break;
3847 }
3848 }
3849 if (cfgerr) {
3850 ssl_sock_free_ssl_conf(ssl_conf);
3851 free(ssl_conf);
3852 ssl_conf = NULL;
3853 break;
3854 }
3855
3856 if (stat(crt_path, &buf) == 0) {
William Lallemand36b84632019-07-18 19:28:17 +02003857
3858 ckchn = ckchn_load_cert_file(crt_path, 0, err);
3859 if (!ckchn)
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02003860 cfgerr++;
3861 else
3862 cfgerr = ssl_sock_load_ckchn(crt_path, ckchn, bind_conf, ssl_conf,
3863 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003864 } else {
William Lallemand36b84632019-07-18 19:28:17 +02003865 ckchn = ckchn_load_cert_file(crt_path, 1, err);
3866 if (!ckchn)
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02003867 cfgerr++;
3868 else
3869 cfgerr = ssl_sock_load_multi_ckchn(crt_path, ckchn, bind_conf, ssl_conf,
3870 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003871 }
3872
Willy Tarreauad1731d2013-04-02 17:35:58 +02003873 if (cfgerr) {
3874 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003875 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003876 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003877 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003878 fclose(f);
3879 return cfgerr;
3880}
3881
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003882/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003883static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003884ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003885{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003886 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003887 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003888 SSL_OP_ALL | /* all known workarounds for bugs */
3889 SSL_OP_NO_SSLv2 |
3890 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003891 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003892 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003893 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003894 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003895 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003896 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003897 SSL_MODE_ENABLE_PARTIAL_WRITE |
3898 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003899 SSL_MODE_RELEASE_BUFFERS |
3900 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003901 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003902 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003903 int flags = MC_SSL_O_ALL;
3904 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003905
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003906 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003907 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003908
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003909 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003910 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3911 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3912 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003913 else
3914 flags = conf_ssl_methods->flags;
3915
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003916 min = conf_ssl_methods->min;
3917 max = conf_ssl_methods->max;
3918 /* start with TLSv10 to remove SSLv3 per default */
3919 if (!min && (!max || max >= CONF_TLSV10))
3920 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003921 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003922 if (min)
3923 flags |= (methodVersions[min].flag - 1);
3924 if (max)
3925 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003926 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003927 min = max = CONF_TLSV_NONE;
3928 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003929 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003930 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003931 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003932 if (min) {
3933 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003934 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3935 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3936 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3937 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003938 hole = 0;
3939 }
3940 max = i;
3941 }
3942 else {
3943 min = max = i;
3944 }
3945 }
3946 else {
3947 if (min)
3948 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003949 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003950 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003951 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3952 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003953 cfgerr += 1;
3954 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003955 /* save real min/max in bind_conf */
3956 conf_ssl_methods->min = min;
3957 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003958
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003959#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003960 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003961 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003962 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003963 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003964 else
3965 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3966 if (flags & methodVersions[i].flag)
3967 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003968#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003969 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003970 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3971 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003972#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003973
3974 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3975 options |= SSL_OP_NO_TICKET;
3976 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3977 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08003978
3979#ifdef SSL_OP_NO_RENEGOTIATION
3980 options |= SSL_OP_NO_RENEGOTIATION;
3981#endif
3982
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003983 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003984
Willy Tarreau5db847a2019-05-09 14:13:35 +02003985#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003986 if (global_ssl.async)
3987 mode |= SSL_MODE_ASYNC;
3988#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003989 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003990 if (global_ssl.life_time)
3991 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003992
3993#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3994#ifdef OPENSSL_IS_BORINGSSL
3995 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3996 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02003997#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01003998 if (bind_conf->ssl_conf.early_data) {
3999 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
4000 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4001 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004002 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4003 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004004#else
4005 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004006#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004007 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004008#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004009 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004010}
4011
William Lallemand4f45bb92017-10-30 20:08:51 +01004012
4013static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4014{
4015 if (first == block) {
4016 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4017 if (first->len > 0)
4018 sh_ssl_sess_tree_delete(sh_ssl_sess);
4019 }
4020}
4021
4022/* return first block from sh_ssl_sess */
4023static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4024{
4025 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4026
4027}
4028
4029/* store a session into the cache
4030 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4031 * data: asn1 encoded session
4032 * data_len: asn1 encoded session length
4033 * Returns 1 id session was stored (else 0)
4034 */
4035static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4036{
4037 struct shared_block *first;
4038 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4039
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004040 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004041 if (!first) {
4042 /* Could not retrieve enough free blocks to store that session */
4043 return 0;
4044 }
4045
4046 /* STORE the key in the first elem */
4047 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4048 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4049 first->len = sizeof(struct sh_ssl_sess_hdr);
4050
4051 /* it returns the already existing node
4052 or current node if none, never returns null */
4053 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4054 if (oldsh_ssl_sess != sh_ssl_sess) {
4055 /* NOTE: Row couldn't be in use because we lock read & write function */
4056 /* release the reserved row */
4057 shctx_row_dec_hot(ssl_shctx, first);
4058 /* replace the previous session already in the tree */
4059 sh_ssl_sess = oldsh_ssl_sess;
4060 /* ignore the previous session data, only use the header */
4061 first = sh_ssl_sess_first_block(sh_ssl_sess);
4062 shctx_row_inc_hot(ssl_shctx, first);
4063 first->len = sizeof(struct sh_ssl_sess_hdr);
4064 }
4065
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004066 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004067 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004068 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004069 }
4070
4071 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004072
4073 return 1;
4074}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004075
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004076/* SSL callback used when a new session is created while connecting to a server */
4077static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4078{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004079 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004080 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004081
Willy Tarreau07d94e42018-09-20 10:57:52 +02004082 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004083
Olivier Houcharde6060c52017-11-16 17:42:52 +01004084 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4085 int len;
4086 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004087
Olivier Houcharde6060c52017-11-16 17:42:52 +01004088 len = i2d_SSL_SESSION(sess, NULL);
4089 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4090 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4091 } else {
4092 free(s->ssl_ctx.reused_sess[tid].ptr);
4093 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4094 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4095 }
4096 if (s->ssl_ctx.reused_sess[tid].ptr) {
4097 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4098 &ptr);
4099 }
4100 } else {
4101 free(s->ssl_ctx.reused_sess[tid].ptr);
4102 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4103 }
4104
4105 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004106}
4107
Olivier Houcharde6060c52017-11-16 17:42:52 +01004108
William Lallemanded0b5ad2017-10-30 19:36:36 +01004109/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004110int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004111{
4112 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4113 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4114 unsigned char *p;
4115 int data_len;
4116 unsigned int sid_length, sid_ctx_length;
4117 const unsigned char *sid_data;
4118 const unsigned char *sid_ctx_data;
4119
4120 /* Session id is already stored in to key and session id is known
4121 * so we dont store it to keep size.
4122 */
4123
4124 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4125 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4126 SSL_SESSION_set1_id(sess, sid_data, 0);
4127 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4128
4129 /* check if buffer is large enough for the ASN1 encoded session */
4130 data_len = i2d_SSL_SESSION(sess, NULL);
4131 if (data_len > SHSESS_MAX_DATA_LEN)
4132 goto err;
4133
4134 p = encsess;
4135
4136 /* process ASN1 session encoding before the lock */
4137 i2d_SSL_SESSION(sess, &p);
4138
4139 memcpy(encid, sid_data, sid_length);
4140 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4141 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4142
William Lallemanda3c77cf2017-10-30 23:44:40 +01004143 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004144 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004145 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004146 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004147err:
4148 /* reset original length values */
4149 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4150 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4151
4152 return 0; /* do not increment session reference count */
4153}
4154
4155/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004156SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004157{
William Lallemand4f45bb92017-10-30 20:08:51 +01004158 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004159 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4160 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004161 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004162 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004163
4164 global.shctx_lookups++;
4165
4166 /* allow the session to be freed automatically by openssl */
4167 *do_copy = 0;
4168
4169 /* tree key is zeros padded sessionid */
4170 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4171 memcpy(tmpkey, key, key_len);
4172 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4173 key = tmpkey;
4174 }
4175
4176 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004177 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004178
4179 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004180 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4181 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004182 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004183 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004184 global.shctx_misses++;
4185 return NULL;
4186 }
4187
William Lallemand4f45bb92017-10-30 20:08:51 +01004188 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4189 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004190
William Lallemand4f45bb92017-10-30 20:08:51 +01004191 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004192
William Lallemanda3c77cf2017-10-30 23:44:40 +01004193 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004194
4195 /* decode ASN1 session */
4196 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004197 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004198 /* Reset session id and session id contenxt */
4199 if (sess) {
4200 SSL_SESSION_set1_id(sess, key, key_len);
4201 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4202 }
4203
4204 return sess;
4205}
4206
William Lallemand4f45bb92017-10-30 20:08:51 +01004207
William Lallemanded0b5ad2017-10-30 19:36:36 +01004208/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004209void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004210{
William Lallemand4f45bb92017-10-30 20:08:51 +01004211 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004212 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4213 unsigned int sid_length;
4214 const unsigned char *sid_data;
4215 (void)ctx;
4216
4217 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4218 /* tree key is zeros padded sessionid */
4219 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4220 memcpy(tmpkey, sid_data, sid_length);
4221 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4222 sid_data = tmpkey;
4223 }
4224
William Lallemanda3c77cf2017-10-30 23:44:40 +01004225 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004226
4227 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004228 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4229 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004230 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004231 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004232 }
4233
4234 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004235 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004236}
4237
4238/* Set session cache mode to server and disable openssl internal cache.
4239 * Set shared cache callbacks on an ssl context.
4240 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004241void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004242{
4243 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4244
4245 if (!ssl_shctx) {
4246 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4247 return;
4248 }
4249
4250 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4251 SSL_SESS_CACHE_NO_INTERNAL |
4252 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4253
4254 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004255 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4256 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4257 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004258}
4259
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004260int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4261{
4262 struct proxy *curproxy = bind_conf->frontend;
4263 int cfgerr = 0;
4264 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004265 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004266 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004267#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004268 const char *conf_ciphersuites;
4269#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004270 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004271
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004272 if (ssl_conf) {
4273 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4274 int i, min, max;
4275 int flags = MC_SSL_O_ALL;
4276
4277 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004278 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4279 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004280 if (min)
4281 flags |= (methodVersions[min].flag - 1);
4282 if (max)
4283 flags |= ~((methodVersions[max].flag << 1) - 1);
4284 min = max = CONF_TLSV_NONE;
4285 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4286 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4287 if (min)
4288 max = i;
4289 else
4290 min = max = i;
4291 }
4292 /* save real min/max */
4293 conf_ssl_methods->min = min;
4294 conf_ssl_methods->max = max;
4295 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004296 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4297 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004298 cfgerr += 1;
4299 }
4300 }
4301
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004302 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004303 case SSL_SOCK_VERIFY_NONE:
4304 verify = SSL_VERIFY_NONE;
4305 break;
4306 case SSL_SOCK_VERIFY_OPTIONAL:
4307 verify = SSL_VERIFY_PEER;
4308 break;
4309 case SSL_SOCK_VERIFY_REQUIRED:
4310 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4311 break;
4312 }
4313 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4314 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004315 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4316 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4317 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004318 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004319 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004320 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4321 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004322 cfgerr++;
4323 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004324 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4325 /* set CA names for client cert request, function returns void */
4326 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4327 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004328 }
Emeric Brun850efd52014-01-29 12:24:34 +01004329 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004330 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4331 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004332 cfgerr++;
4333 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004334#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004335 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004336 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4337
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004338 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004339 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4340 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004341 cfgerr++;
4342 }
Emeric Brun561e5742012-10-02 15:20:55 +02004343 else {
4344 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4345 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004346 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004347#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004348 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004349 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004350#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004351 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004352 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004353 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4354 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004355 cfgerr++;
4356 }
4357 }
4358#endif
4359
William Lallemand4f45bb92017-10-30 20:08:51 +01004360 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004361 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4362 if (conf_ciphers &&
4363 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004364 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4365 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004366 cfgerr++;
4367 }
4368
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004369#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004370 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4371 if (conf_ciphersuites &&
4372 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4373 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4374 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4375 cfgerr++;
4376 }
4377#endif
4378
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004379#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004380 /* If tune.ssl.default-dh-param has not been set,
4381 neither has ssl-default-dh-file and no static DH
4382 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004383 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004384 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004385 (ssl_dh_ptr_index == -1 ||
4386 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004387 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4388 const SSL_CIPHER * cipher = NULL;
4389 char cipher_description[128];
4390 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4391 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4392 which is not ephemeral DH. */
4393 const char dhe_description[] = " Kx=DH ";
4394 const char dhe_export_description[] = " Kx=DH(";
4395 int idx = 0;
4396 int dhe_found = 0;
4397 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004398
Remi Gacogne23d5d372014-10-10 17:04:26 +02004399 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004400
Remi Gacogne23d5d372014-10-10 17:04:26 +02004401 if (ssl) {
4402 ciphers = SSL_get_ciphers(ssl);
4403
4404 if (ciphers) {
4405 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4406 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4407 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4408 if (strstr(cipher_description, dhe_description) != NULL ||
4409 strstr(cipher_description, dhe_export_description) != NULL) {
4410 dhe_found = 1;
4411 break;
4412 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004413 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004414 }
4415 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004416 SSL_free(ssl);
4417 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004418 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004419
Lukas Tribus90132722014-08-18 00:56:33 +02004420 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004421 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004422 }
4423
Willy Tarreauef934602016-12-22 23:12:01 +01004424 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004425 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004426
Willy Tarreauef934602016-12-22 23:12:01 +01004427 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004428 if (local_dh_1024 == NULL) {
4429 local_dh_1024 = ssl_get_dh_1024();
4430 }
Willy Tarreauef934602016-12-22 23:12:01 +01004431 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004432 if (local_dh_2048 == NULL) {
4433 local_dh_2048 = ssl_get_dh_2048();
4434 }
Willy Tarreauef934602016-12-22 23:12:01 +01004435 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004436 if (local_dh_4096 == NULL) {
4437 local_dh_4096 = ssl_get_dh_4096();
4438 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004439 }
4440 }
4441 }
4442#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004443
Emeric Brunfc0421f2012-09-07 17:30:07 +02004444 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004445#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004446 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004447#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004448
Bernard Spil13c53f82018-02-15 13:34:58 +01004449#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004450 ssl_conf_cur = NULL;
4451 if (ssl_conf && ssl_conf->npn_str)
4452 ssl_conf_cur = ssl_conf;
4453 else if (bind_conf->ssl_conf.npn_str)
4454 ssl_conf_cur = &bind_conf->ssl_conf;
4455 if (ssl_conf_cur)
4456 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004457#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004458#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004459 ssl_conf_cur = NULL;
4460 if (ssl_conf && ssl_conf->alpn_str)
4461 ssl_conf_cur = ssl_conf;
4462 else if (bind_conf->ssl_conf.alpn_str)
4463 ssl_conf_cur = &bind_conf->ssl_conf;
4464 if (ssl_conf_cur)
4465 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004466#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004467#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004468 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4469 if (conf_curves) {
4470 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004471 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4472 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004473 cfgerr++;
4474 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004475#if defined(SSL_CTX_set_ecdh_auto)
4476 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4477#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004478 }
4479#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004480#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004481 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004482 int i;
4483 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004484#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004485 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004486 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4487 NULL);
4488
4489 if (ecdhe == NULL) {
4490 SSL_CTX_set_dh_auto(ctx, 1);
4491 return cfgerr;
4492 }
4493#else
4494 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4495 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4496 ECDHE_DEFAULT_CURVE);
4497#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004498
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004499 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004500 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004501 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4502 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004503 cfgerr++;
4504 }
4505 else {
4506 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4507 EC_KEY_free(ecdh);
4508 }
4509 }
4510#endif
4511
Emeric Brunfc0421f2012-09-07 17:30:07 +02004512 return cfgerr;
4513}
4514
Evan Broderbe554312013-06-27 00:05:25 -07004515static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4516{
4517 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4518 size_t prefixlen, suffixlen;
4519
4520 /* Trivial case */
4521 if (strcmp(pattern, hostname) == 0)
4522 return 1;
4523
Evan Broderbe554312013-06-27 00:05:25 -07004524 /* The rest of this logic is based on RFC 6125, section 6.4.3
4525 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4526
Emeric Bruna848dae2013-10-08 11:27:28 +02004527 pattern_wildcard = NULL;
4528 pattern_left_label_end = pattern;
4529 while (*pattern_left_label_end != '.') {
4530 switch (*pattern_left_label_end) {
4531 case 0:
4532 /* End of label not found */
4533 return 0;
4534 case '*':
4535 /* If there is more than one wildcards */
4536 if (pattern_wildcard)
4537 return 0;
4538 pattern_wildcard = pattern_left_label_end;
4539 break;
4540 }
4541 pattern_left_label_end++;
4542 }
4543
4544 /* If it's not trivial and there is no wildcard, it can't
4545 * match */
4546 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004547 return 0;
4548
4549 /* Make sure all labels match except the leftmost */
4550 hostname_left_label_end = strchr(hostname, '.');
4551 if (!hostname_left_label_end
4552 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4553 return 0;
4554
4555 /* Make sure the leftmost label of the hostname is long enough
4556 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004557 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004558 return 0;
4559
4560 /* Finally compare the string on either side of the
4561 * wildcard */
4562 prefixlen = pattern_wildcard - pattern;
4563 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004564 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4565 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004566 return 0;
4567
4568 return 1;
4569}
4570
4571static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4572{
4573 SSL *ssl;
4574 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004575 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004576 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004577 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004578
4579 int depth;
4580 X509 *cert;
4581 STACK_OF(GENERAL_NAME) *alt_names;
4582 int i;
4583 X509_NAME *cert_subject;
4584 char *str;
4585
4586 if (ok == 0)
4587 return ok;
4588
4589 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004590 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004591 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004592
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004593 /* We're checking if the provided hostnames match the desired one. The
4594 * desired hostname comes from the SNI we presented if any, or if not
4595 * provided then it may have been explicitly stated using a "verifyhost"
4596 * directive. If neither is set, we don't care about the name so the
4597 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004598 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004599 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004600 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004601 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004602 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004603 if (!servername)
4604 return ok;
4605 }
Evan Broderbe554312013-06-27 00:05:25 -07004606
4607 /* We only need to verify the CN on the actual server cert,
4608 * not the indirect CAs */
4609 depth = X509_STORE_CTX_get_error_depth(ctx);
4610 if (depth != 0)
4611 return ok;
4612
4613 /* At this point, the cert is *not* OK unless we can find a
4614 * hostname match */
4615 ok = 0;
4616
4617 cert = X509_STORE_CTX_get_current_cert(ctx);
4618 /* It seems like this might happen if verify peer isn't set */
4619 if (!cert)
4620 return ok;
4621
4622 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4623 if (alt_names) {
4624 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4625 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4626 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004627#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004628 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4629#else
Evan Broderbe554312013-06-27 00:05:25 -07004630 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004631#endif
Evan Broderbe554312013-06-27 00:05:25 -07004632 ok = ssl_sock_srv_hostcheck(str, servername);
4633 OPENSSL_free(str);
4634 }
4635 }
4636 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004637 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004638 }
4639
4640 cert_subject = X509_get_subject_name(cert);
4641 i = -1;
4642 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4643 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004644 ASN1_STRING *value;
4645 value = X509_NAME_ENTRY_get_data(entry);
4646 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004647 ok = ssl_sock_srv_hostcheck(str, servername);
4648 OPENSSL_free(str);
4649 }
4650 }
4651
Willy Tarreau71d058c2017-07-26 20:09:56 +02004652 /* report the mismatch and indicate if SNI was used or not */
4653 if (!ok && !conn->err_code)
4654 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004655 return ok;
4656}
4657
Emeric Brun94324a42012-10-11 14:00:19 +02004658/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004659int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004660{
Willy Tarreau03209342016-12-22 17:08:28 +01004661 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004662 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004663 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004664 SSL_OP_ALL | /* all known workarounds for bugs */
4665 SSL_OP_NO_SSLv2 |
4666 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004667 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004668 SSL_MODE_ENABLE_PARTIAL_WRITE |
4669 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004670 SSL_MODE_RELEASE_BUFFERS |
4671 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004672 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004673 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004674 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004675 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004676 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004677
Thierry Fournier383085f2013-01-24 14:15:43 +01004678 /* Make sure openssl opens /dev/urandom before the chroot */
4679 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004680 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004681 cfgerr++;
4682 }
4683
Willy Tarreaufce03112015-01-15 21:32:40 +01004684 /* Automatic memory computations need to know we use SSL there */
4685 global.ssl_used_backend = 1;
4686
4687 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004688 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004689 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004690 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4691 curproxy->id, srv->id,
4692 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004693 cfgerr++;
4694 return cfgerr;
4695 }
4696 }
Emeric Brun94324a42012-10-11 14:00:19 +02004697 if (srv->use_ssl)
4698 srv->xprt = &ssl_sock;
4699 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004700 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004701
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004702 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004703 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004704 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4705 proxy_type_str(curproxy), curproxy->id,
4706 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004707 cfgerr++;
4708 return cfgerr;
4709 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004710
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004711 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004712 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4713 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4714 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004715 else
4716 flags = conf_ssl_methods->flags;
4717
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004718 /* Real min and max should be determinate with configuration and openssl's capabilities */
4719 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004720 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004721 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004722 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004723
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004724 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004725 min = max = CONF_TLSV_NONE;
4726 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004727 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004728 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004729 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004730 if (min) {
4731 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004732 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4733 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4734 proxy_type_str(curproxy), curproxy->id, srv->id,
4735 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004736 hole = 0;
4737 }
4738 max = i;
4739 }
4740 else {
4741 min = max = i;
4742 }
4743 }
4744 else {
4745 if (min)
4746 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004747 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004748 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004749 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4750 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004751 cfgerr += 1;
4752 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004753
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004754#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004755 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004756 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004757 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004758 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004759 else
4760 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4761 if (flags & methodVersions[i].flag)
4762 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004763#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004764 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004765 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4766 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004767#endif
4768
4769 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4770 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004771 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004772
Willy Tarreau5db847a2019-05-09 14:13:35 +02004773#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004774 if (global_ssl.async)
4775 mode |= SSL_MODE_ASYNC;
4776#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004777 SSL_CTX_set_mode(ctx, mode);
4778 srv->ssl_ctx.ctx = ctx;
4779
Emeric Bruna7aa3092012-10-26 12:58:00 +02004780 if (srv->ssl_ctx.client_crt) {
4781 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004782 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4783 proxy_type_str(curproxy), curproxy->id,
4784 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004785 cfgerr++;
4786 }
4787 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004788 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4789 proxy_type_str(curproxy), curproxy->id,
4790 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004791 cfgerr++;
4792 }
4793 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004794 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4795 proxy_type_str(curproxy), curproxy->id,
4796 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004797 cfgerr++;
4798 }
4799 }
Emeric Brun94324a42012-10-11 14:00:19 +02004800
Emeric Brun850efd52014-01-29 12:24:34 +01004801 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4802 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004803 switch (srv->ssl_ctx.verify) {
4804 case SSL_SOCK_VERIFY_NONE:
4805 verify = SSL_VERIFY_NONE;
4806 break;
4807 case SSL_SOCK_VERIFY_REQUIRED:
4808 verify = SSL_VERIFY_PEER;
4809 break;
4810 }
Evan Broderbe554312013-06-27 00:05:25 -07004811 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004812 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004813 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004814 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004815 if (srv->ssl_ctx.ca_file) {
4816 /* load CAfile to verify */
4817 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004818 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4819 curproxy->id, srv->id,
4820 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004821 cfgerr++;
4822 }
4823 }
Emeric Brun850efd52014-01-29 12:24:34 +01004824 else {
4825 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004826 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4827 curproxy->id, srv->id,
4828 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004829 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004830 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4831 curproxy->id, srv->id,
4832 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004833 cfgerr++;
4834 }
Emeric Brunef42d922012-10-11 16:11:36 +02004835#ifdef X509_V_FLAG_CRL_CHECK
4836 if (srv->ssl_ctx.crl_file) {
4837 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4838
4839 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004840 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4841 curproxy->id, srv->id,
4842 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004843 cfgerr++;
4844 }
4845 else {
4846 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4847 }
4848 }
4849#endif
4850 }
4851
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004852 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4853 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4854 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004855 if (srv->ssl_ctx.ciphers &&
4856 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004857 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4858 curproxy->id, srv->id,
4859 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004860 cfgerr++;
4861 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004862
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004863#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004864 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004865 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004866 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4867 curproxy->id, srv->id,
4868 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4869 cfgerr++;
4870 }
4871#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004872#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4873 if (srv->ssl_ctx.npn_str)
4874 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4875#endif
4876#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4877 if (srv->ssl_ctx.alpn_str)
4878 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4879#endif
4880
Emeric Brun94324a42012-10-11 14:00:19 +02004881
4882 return cfgerr;
4883}
4884
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004885/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004886 * be NULL, in which case nothing is done. Returns the number of errors
4887 * encountered.
4888 */
Willy Tarreau03209342016-12-22 17:08:28 +01004889int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004890{
4891 struct ebmb_node *node;
4892 struct sni_ctx *sni;
4893 int err = 0;
4894
Willy Tarreaufce03112015-01-15 21:32:40 +01004895 /* Automatic memory computations need to know we use SSL there */
4896 global.ssl_used_frontend = 1;
4897
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004898 /* Make sure openssl opens /dev/urandom before the chroot */
4899 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004900 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004901 err++;
4902 }
4903 /* Create initial_ctx used to start the ssl connection before do switchctx */
4904 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004905 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004906 /* It should not be necessary to call this function, but it's
4907 necessary first to check and move all initialisation related
4908 to initial_ctx in ssl_sock_initial_ctx. */
4909 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4910 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004911 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004912 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004913
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004914 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004915 while (node) {
4916 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004917 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4918 /* only initialize the CTX on its first occurrence and
4919 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004920 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004921 node = ebmb_next(node);
4922 }
4923
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004924 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004925 while (node) {
4926 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004927 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4928 /* only initialize the CTX on its first occurrence and
4929 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004930 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004931 node = ebmb_next(node);
4932 }
4933 return err;
4934}
4935
Willy Tarreau55d37912016-12-21 23:38:39 +01004936/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4937 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4938 * alerts are directly emitted since the rest of the stack does it below.
4939 */
4940int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4941{
4942 struct proxy *px = bind_conf->frontend;
4943 int alloc_ctx;
4944 int err;
4945
4946 if (!bind_conf->is_ssl) {
4947 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004948 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4949 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004950 }
4951 return 0;
4952 }
4953 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004954 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004955 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4956 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004957 }
4958 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004959 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4960 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004961 return -1;
4962 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004963 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004964 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004965 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004966 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004967 sizeof(*sh_ssl_sess_tree),
4968 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004969 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004970 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4971 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4972 else
4973 ha_alert("Unable to allocate SSL session cache.\n");
4974 return -1;
4975 }
4976 /* free block callback */
4977 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4978 /* init the root tree within the extra space */
4979 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4980 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004981 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004982 err = 0;
4983 /* initialize all certificate contexts */
4984 err += ssl_sock_prepare_all_ctx(bind_conf);
4985
4986 /* initialize CA variables if the certificates generation is enabled */
4987 err += ssl_sock_load_ca(bind_conf);
4988
4989 return -err;
4990}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004991
4992/* release ssl context allocated for servers. */
4993void ssl_sock_free_srv_ctx(struct server *srv)
4994{
Olivier Houchardc7566002018-11-20 23:33:50 +01004995#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4996 if (srv->ssl_ctx.alpn_str)
4997 free(srv->ssl_ctx.alpn_str);
4998#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01004999#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005000 if (srv->ssl_ctx.npn_str)
5001 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005002#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005003 if (srv->ssl_ctx.ctx)
5004 SSL_CTX_free(srv->ssl_ctx.ctx);
5005}
5006
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005007/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005008 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5009 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005010void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005011{
5012 struct ebmb_node *node, *back;
5013 struct sni_ctx *sni;
5014
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005015 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005016 while (node) {
5017 sni = ebmb_entry(node, struct sni_ctx, name);
5018 back = ebmb_next(node);
5019 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005020 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005021 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005022 ssl_sock_free_ssl_conf(sni->conf);
5023 free(sni->conf);
5024 sni->conf = NULL;
5025 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005026 free(sni);
5027 node = back;
5028 }
5029
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005030 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005031 while (node) {
5032 sni = ebmb_entry(node, struct sni_ctx, name);
5033 back = ebmb_next(node);
5034 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005035 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005036 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005037 ssl_sock_free_ssl_conf(sni->conf);
5038 free(sni->conf);
5039 sni->conf = NULL;
5040 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005041 free(sni);
5042 node = back;
5043 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005044 SSL_CTX_free(bind_conf->initial_ctx);
5045 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005046 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005047 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005048}
5049
Willy Tarreau795cdab2016-12-22 17:30:54 +01005050/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5051void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5052{
5053 ssl_sock_free_ca(bind_conf);
5054 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005055 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005056 free(bind_conf->ca_sign_file);
5057 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005058 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005059 free(bind_conf->keys_ref->filename);
5060 free(bind_conf->keys_ref->tlskeys);
5061 LIST_DEL(&bind_conf->keys_ref->list);
5062 free(bind_conf->keys_ref);
5063 }
5064 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005065 bind_conf->ca_sign_pass = NULL;
5066 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005067}
5068
Christopher Faulet31af49d2015-06-09 17:29:50 +02005069/* Load CA cert file and private key used to generate certificates */
5070int
Willy Tarreau03209342016-12-22 17:08:28 +01005071ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005072{
Willy Tarreau03209342016-12-22 17:08:28 +01005073 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005074 FILE *fp;
5075 X509 *cacert = NULL;
5076 EVP_PKEY *capkey = NULL;
5077 int err = 0;
5078
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005079 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005080 return err;
5081
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005082#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005083 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005084 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005085 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005086 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005087 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005088#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005089
Christopher Faulet31af49d2015-06-09 17:29:50 +02005090 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005091 ha_alert("Proxy '%s': cannot enable certificate generation, "
5092 "no CA certificate File configured at [%s:%d].\n",
5093 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005094 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005095 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005096
5097 /* read in the CA certificate */
5098 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005099 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5100 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005101 goto load_error;
5102 }
5103 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005104 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5105 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005106 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005107 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005108 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005109 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005110 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5111 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005112 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005113 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005114
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005115 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005116 bind_conf->ca_sign_cert = cacert;
5117 bind_conf->ca_sign_pkey = capkey;
5118 return err;
5119
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005120 read_error:
5121 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005122 if (capkey) EVP_PKEY_free(capkey);
5123 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005124 load_error:
5125 bind_conf->generate_certs = 0;
5126 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005127 return err;
5128}
5129
5130/* Release CA cert and private key used to generate certificated */
5131void
5132ssl_sock_free_ca(struct bind_conf *bind_conf)
5133{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005134 if (bind_conf->ca_sign_pkey)
5135 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5136 if (bind_conf->ca_sign_cert)
5137 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005138 bind_conf->ca_sign_pkey = NULL;
5139 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005140}
5141
Emeric Brun46591952012-05-18 15:47:34 +02005142/*
5143 * This function is called if SSL * context is not yet allocated. The function
5144 * is designed to be called before any other data-layer operation and sets the
5145 * handshake flag on the connection. It is safe to call it multiple times.
5146 * It returns 0 on success and -1 in error case.
5147 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005148static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005149{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005150 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005151 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005152 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005153 return 0;
5154
Willy Tarreau3c728722014-01-23 13:50:42 +01005155 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005156 return 0;
5157
Olivier Houchard66ab4982019-02-26 18:37:15 +01005158 ctx = pool_alloc(ssl_sock_ctx_pool);
5159 if (!ctx) {
5160 conn->err_code = CO_ER_SSL_NO_MEM;
5161 return -1;
5162 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005163 ctx->wait_event.tasklet = tasklet_new();
5164 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005165 conn->err_code = CO_ER_SSL_NO_MEM;
5166 pool_free(ssl_sock_ctx_pool, ctx);
5167 return -1;
5168 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005169 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5170 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005171 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005172 ctx->sent_early_data = 0;
5173 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005174 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005175 ctx->send_wait = NULL;
5176 ctx->recv_wait = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005177 ctx->xprt_st = 0;
5178 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005179
5180 /* Only work with sockets for now, this should be adapted when we'll
5181 * add QUIC support.
5182 */
5183 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005184 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005185 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5186 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005187 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005188
Willy Tarreau20879a02012-12-03 16:32:10 +01005189 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5190 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005191 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005192 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005193
Emeric Brun46591952012-05-18 15:47:34 +02005194 /* If it is in client mode initiate SSL session
5195 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005196 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005197 int may_retry = 1;
5198
5199 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005200 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005201 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5202 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005203 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005204 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005205 goto retry_connect;
5206 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005207 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005208 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005209 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005210 ctx->bio = BIO_new(ha_meth);
5211 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005212 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005213 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005214 goto retry_connect;
5215 }
Emeric Brun55476152014-11-12 17:35:37 +01005216 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005217 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005218 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005219 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005220 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005221
Evan Broderbe554312013-06-27 00:05:25 -07005222 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005223 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5224 SSL_free(ctx->ssl);
5225 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005226 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005227 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005228 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005229 goto retry_connect;
5230 }
Emeric Brun55476152014-11-12 17:35:37 +01005231 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005232 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005233 }
5234
Olivier Houchard66ab4982019-02-26 18:37:15 +01005235 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005236 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5237 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5238 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005239 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005240 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005241 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5242 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005243 } else if (sess) {
5244 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005245 }
5246 }
Evan Broderbe554312013-06-27 00:05:25 -07005247
Emeric Brun46591952012-05-18 15:47:34 +02005248 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005249 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005250
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005251 _HA_ATOMIC_ADD(&sslconns, 1);
5252 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005253 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005254 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005255 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005256 if (conn->flags & CO_FL_ERROR)
5257 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005258 return 0;
5259 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005260 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005261 int may_retry = 1;
5262
5263 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005264 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005265 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5266 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005267 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005268 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005269 goto retry_accept;
5270 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005271 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005272 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005273 }
Emeric Brun46591952012-05-18 15:47:34 +02005274
Olivier Houcharda8955d52019-04-07 22:00:38 +02005275 ctx->bio = BIO_new(ha_meth);
5276 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005277 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005278 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005279 goto retry_accept;
5280 }
Emeric Brun55476152014-11-12 17:35:37 +01005281 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005282 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005283 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005284 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005285 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005286
Emeric Brune1f38db2012-09-03 20:36:47 +02005287 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005288 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5289 SSL_free(ctx->ssl);
5290 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005291 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005292 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005293 goto retry_accept;
5294 }
Emeric Brun55476152014-11-12 17:35:37 +01005295 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005296 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005297 }
5298
Olivier Houchard66ab4982019-02-26 18:37:15 +01005299 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005300
Emeric Brun46591952012-05-18 15:47:34 +02005301 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005302 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02005303#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005304 conn->flags |= CO_FL_EARLY_SSL_HS;
5305#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005306
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005307 _HA_ATOMIC_ADD(&sslconns, 1);
5308 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005309 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005310 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005311 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005312 if (conn->flags & CO_FL_ERROR)
5313 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005314 return 0;
5315 }
5316 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005317 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005318err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005319 if (ctx && ctx->wait_event.tasklet)
5320 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005321 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005322 return -1;
5323}
5324
5325
5326/* This is the callback which is used when an SSL handshake is pending. It
5327 * updates the FD status if it wants some polling before being called again.
5328 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5329 * otherwise it returns non-zero and removes itself from the connection's
5330 * flags (the bit is provided in <flag> by the caller).
5331 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005332static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005333{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005334 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005335 int ret;
5336
Willy Tarreau3c728722014-01-23 13:50:42 +01005337 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005338 return 0;
5339
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005340 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005341 goto out_error;
5342
Willy Tarreau5db847a2019-05-09 14:13:35 +02005343#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005344 /*
5345 * Check if we have early data. If we do, we have to read them
5346 * before SSL_do_handshake() is called, And there's no way to
5347 * detect early data, except to try to read them
5348 */
5349 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5350 size_t read_data;
5351
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005352 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005353 1, &read_data);
5354 if (ret == SSL_READ_EARLY_DATA_ERROR)
5355 goto check_error;
5356 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5357 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5358 return 1;
5359 } else
5360 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5361 }
5362#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005363 /* If we use SSL_do_handshake to process a reneg initiated by
5364 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5365 * Usually SSL_write and SSL_read are used and process implicitly
5366 * the reneg handshake.
5367 * Here we use SSL_peek as a workaround for reneg.
5368 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005369 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005370 char c;
5371
Olivier Houchard66ab4982019-02-26 18:37:15 +01005372 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005373 if (ret <= 0) {
5374 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005375 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005376
Emeric Brun674b7432012-11-08 19:21:55 +01005377 if (ret == SSL_ERROR_WANT_WRITE) {
5378 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005379 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005380 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005381 return 0;
5382 }
5383 else if (ret == SSL_ERROR_WANT_READ) {
5384 /* handshake may have been completed but we have
5385 * no more data to read.
5386 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005387 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005388 ret = 1;
5389 goto reneg_ok;
5390 }
5391 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005392 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005393 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005394 return 0;
5395 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005396#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005397 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005398 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005399 return 0;
5400 }
5401#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005402 else if (ret == SSL_ERROR_SYSCALL) {
5403 /* if errno is null, then connection was successfully established */
5404 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5405 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005406 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005407#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5408 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005409 conn->err_code = CO_ER_SSL_HANDSHAKE;
5410#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005411 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005412#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005413 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005414 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005415 empty_handshake = state == TLS_ST_BEFORE;
5416#else
Lukas Tribus49799162019-07-08 14:29:15 +02005417 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5418 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005419#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005420 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005421 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005422 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005423 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5424 else
5425 conn->err_code = CO_ER_SSL_EMPTY;
5426 }
5427 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005428 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005429 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5430 else
5431 conn->err_code = CO_ER_SSL_ABORT;
5432 }
5433 }
5434 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005435 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005436 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005437 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005438 conn->err_code = CO_ER_SSL_HANDSHAKE;
5439 }
Lukas Tribus49799162019-07-08 14:29:15 +02005440#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005441 }
Emeric Brun674b7432012-11-08 19:21:55 +01005442 goto out_error;
5443 }
5444 else {
5445 /* Fail on all other handshake errors */
5446 /* Note: OpenSSL may leave unread bytes in the socket's
5447 * buffer, causing an RST to be emitted upon close() on
5448 * TCP sockets. We first try to drain possibly pending
5449 * data to avoid this as much as possible.
5450 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005451 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005452 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005453 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005454 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005455 goto out_error;
5456 }
5457 }
5458 /* read some data: consider handshake completed */
5459 goto reneg_ok;
5460 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005461 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005462check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005463 if (ret != 1) {
5464 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005465 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005466
5467 if (ret == SSL_ERROR_WANT_WRITE) {
5468 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005469 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005470 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005471 return 0;
5472 }
5473 else if (ret == SSL_ERROR_WANT_READ) {
5474 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005475 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005476 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5477 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005478 return 0;
5479 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005480#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005481 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005482 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005483 return 0;
5484 }
5485#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005486 else if (ret == SSL_ERROR_SYSCALL) {
5487 /* if errno is null, then connection was successfully established */
5488 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5489 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005490 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005491#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5492 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005493 conn->err_code = CO_ER_SSL_HANDSHAKE;
5494#else
5495 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005496#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005497 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005498 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005499 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005500#else
Lukas Tribus49799162019-07-08 14:29:15 +02005501 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5502 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005503#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005504 if (empty_handshake) {
5505 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005506 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005507 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5508 else
5509 conn->err_code = CO_ER_SSL_EMPTY;
5510 }
5511 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005512 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005513 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5514 else
5515 conn->err_code = CO_ER_SSL_ABORT;
5516 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005517 }
5518 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005519 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005520 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5521 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005522 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005523 }
Lukas Tribus49799162019-07-08 14:29:15 +02005524#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02005525 }
Willy Tarreau89230192012-09-28 20:22:13 +02005526 goto out_error;
5527 }
Emeric Brun46591952012-05-18 15:47:34 +02005528 else {
5529 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005530 /* Note: OpenSSL may leave unread bytes in the socket's
5531 * buffer, causing an RST to be emitted upon close() on
5532 * TCP sockets. We first try to drain possibly pending
5533 * data to avoid this as much as possible.
5534 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005535 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005536 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005537 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005538 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005539 goto out_error;
5540 }
5541 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005542#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005543 else {
5544 /*
5545 * If the server refused the early data, we have to send a
5546 * 425 to the client, as we no longer have the data to sent
5547 * them again.
5548 */
5549 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005550 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005551 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5552 goto out_error;
5553 }
5554 }
5555 }
5556#endif
5557
Emeric Brun46591952012-05-18 15:47:34 +02005558
Emeric Brun674b7432012-11-08 19:21:55 +01005559reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005560
Willy Tarreau5db847a2019-05-09 14:13:35 +02005561#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005562 /* ASYNC engine API doesn't support moving read/write
5563 * buffers. So we disable ASYNC mode right after
5564 * the handshake to avoid buffer oveflows.
5565 */
5566 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005567 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005568#endif
Emeric Brun46591952012-05-18 15:47:34 +02005569 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005570 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005571 if (objt_server(conn->target)) {
5572 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5573 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5574 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005575 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005576 else {
5577 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5578 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5579 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5580 }
Emeric Brun46591952012-05-18 15:47:34 +02005581 }
5582
5583 /* The connection is now established at both layers, it's time to leave */
5584 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5585 return 1;
5586
5587 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005588 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005589 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005590 ERR_clear_error();
5591
Emeric Brun9fa89732012-10-04 17:09:56 +02005592 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005593 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5594 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5595 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005596 }
5597
Emeric Brun46591952012-05-18 15:47:34 +02005598 /* Fail on all other handshake errors */
5599 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005600 if (!conn->err_code)
5601 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005602 return 0;
5603}
5604
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005605static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005606{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005607 struct wait_event *sw;
5608 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005609
Olivier Houchard0ff28652019-06-24 18:57:39 +02005610 if (!ctx)
5611 return -1;
5612
Olivier Houchardea8dd942019-05-20 14:02:16 +02005613 if (event_type & SUB_RETRY_RECV) {
5614 sw = param;
5615 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
5616 sw->events |= SUB_RETRY_RECV;
5617 ctx->recv_wait = sw;
5618 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5619 !(ctx->wait_event.events & SUB_RETRY_RECV))
5620 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
5621 event_type &= ~SUB_RETRY_RECV;
5622 }
5623 if (event_type & SUB_RETRY_SEND) {
5624sw = param;
5625 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
5626 sw->events |= SUB_RETRY_SEND;
5627 ctx->send_wait = sw;
5628 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5629 !(ctx->wait_event.events & SUB_RETRY_SEND))
5630 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
5631 event_type &= ~SUB_RETRY_SEND;
5632
5633 }
5634 if (event_type != 0)
5635 return -1;
5636 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005637}
5638
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005639static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005640{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005641 struct wait_event *sw;
5642 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005643
Olivier Houchardea8dd942019-05-20 14:02:16 +02005644 if (event_type & SUB_RETRY_RECV) {
5645 sw = param;
5646 BUG_ON(ctx->recv_wait != sw);
5647 ctx->recv_wait = NULL;
5648 sw->events &= ~SUB_RETRY_RECV;
5649 /* If we subscribed, and we're not doing the handshake,
5650 * then we subscribed because the upper layer asked for it,
5651 * as the upper layer is no longer interested, we can
5652 * unsubscribe too.
5653 */
5654 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5655 (ctx->wait_event.events & SUB_RETRY_RECV))
5656 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
5657 &ctx->wait_event);
5658 }
5659 if (event_type & SUB_RETRY_SEND) {
5660 sw = param;
5661 BUG_ON(ctx->send_wait != sw);
5662 ctx->send_wait = NULL;
5663 sw->events &= ~SUB_RETRY_SEND;
5664 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5665 (ctx->wait_event.events & SUB_RETRY_SEND))
5666 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
5667 &ctx->wait_event);
5668
5669 }
5670
5671 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005672}
5673
Olivier Houchard2e055482019-05-27 19:50:12 +02005674/* Use the provided XPRT as an underlying XPRT, and provide the old one.
5675 * Returns 0 on success, and non-zero on failure.
5676 */
5677static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
5678{
5679 struct ssl_sock_ctx *ctx = xprt_ctx;
5680
5681 if (oldxprt_ops != NULL)
5682 *oldxprt_ops = ctx->xprt;
5683 if (oldxprt_ctx != NULL)
5684 *oldxprt_ctx = ctx->xprt_ctx;
5685 ctx->xprt = toadd_ops;
5686 ctx->xprt_ctx = toadd_ctx;
5687 return 0;
5688}
5689
Olivier Houchard5149b592019-05-23 17:47:36 +02005690/* Remove the specified xprt. If if it our underlying XPRT, remove it and
5691 * return 0, otherwise just call the remove_xprt method from the underlying
5692 * XPRT.
5693 */
5694static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
5695{
5696 struct ssl_sock_ctx *ctx = xprt_ctx;
5697
5698 if (ctx->xprt_ctx == toremove_ctx) {
5699 ctx->xprt_ctx = newctx;
5700 ctx->xprt = newops;
5701 return 0;
5702 }
5703 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
5704}
5705
Olivier Houchardea8dd942019-05-20 14:02:16 +02005706static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
5707{
5708 struct ssl_sock_ctx *ctx = context;
5709
5710 /* First if we're doing an handshake, try that */
5711 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
5712 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
5713 /* If we had an error, or the handshake is done and I/O is available,
5714 * let the upper layer know.
5715 * If no mux was set up yet, and nobody subscribed, then call
5716 * xprt_done_cb() ourself if it's set, or destroy the connection,
5717 * we can't be sure conn_fd_handler() will be called again.
5718 */
5719 if ((ctx->conn->flags & CO_FL_ERROR) ||
5720 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
5721 int ret = 0;
5722 int woke = 0;
5723
5724 /* On error, wake any waiter */
5725 if (ctx->recv_wait) {
5726 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005727 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005728 ctx->recv_wait = NULL;
5729 woke = 1;
5730 }
5731 if (ctx->send_wait) {
5732 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005733 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005734 ctx->send_wait = NULL;
5735 woke = 1;
5736 }
5737 /* If we're the first xprt for the connection, let the
5738 * upper layers know. If xprt_done_cb() is set, call it,
5739 * otherwise, we should have a mux, so call its wake
5740 * method if we didn't woke a tasklet already.
5741 */
5742 if (ctx->conn->xprt_ctx == ctx) {
5743 if (ctx->conn->xprt_done_cb)
5744 ret = ctx->conn->xprt_done_cb(ctx->conn);
5745 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
5746 ctx->conn->mux->wake(ctx->conn);
5747 return NULL;
5748 }
5749 }
5750 return NULL;
5751}
5752
Emeric Brun46591952012-05-18 15:47:34 +02005753/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005754 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005755 * buffer wraps, in which case a second call may be performed. The connection's
5756 * flags are updated with whatever special event is detected (error, read0,
5757 * empty). The caller is responsible for taking care of those events and
5758 * avoiding the call if inappropriate. The function does not call the
5759 * connection's polling update function, so the caller is responsible for this.
5760 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005761static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005762{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005763 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005764 ssize_t ret;
5765 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005766
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005767 conn_refresh_polling_flags(conn);
5768
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005769 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005770 goto out_error;
5771
5772 if (conn->flags & CO_FL_HANDSHAKE)
5773 /* a handshake was requested */
5774 return 0;
5775
Emeric Brun46591952012-05-18 15:47:34 +02005776 /* read the largest possible block. For this, we perform only one call
5777 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5778 * in which case we accept to do it once again. A new attempt is made on
5779 * EINTR too.
5780 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005781 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005782 int need_out = 0;
5783
Willy Tarreau591d4452018-06-15 17:21:00 +02005784 try = b_contig_space(buf);
5785 if (!try)
5786 break;
5787
Willy Tarreauabf08d92014-01-14 11:31:27 +01005788 if (try > count)
5789 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005790
Olivier Houchardc2aae742017-09-22 18:26:28 +02005791 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005792 ctx->tmp_early_data != -1) {
5793 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005794 done++;
5795 try--;
5796 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005797 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005798 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005799 continue;
5800 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005801
Willy Tarreau5db847a2019-05-09 14:13:35 +02005802#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005803 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5804 size_t read_length;
5805
Olivier Houchard66ab4982019-02-26 18:37:15 +01005806 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005807 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005808 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5809 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005810 conn->flags |= CO_FL_EARLY_DATA;
5811 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5812 ret == SSL_READ_EARLY_DATA_FINISH) {
5813 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5814 /*
5815 * We're done reading the early data,
5816 * let's make the handshake
5817 */
5818 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5819 conn->flags |= CO_FL_SSL_WAIT_HS;
5820 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005821 /* Now initiate the handshake */
5822 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005823 if (read_length == 0)
5824 break;
5825 }
5826 ret = read_length;
5827 }
5828 } else
5829#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005830 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02005831
Emeric Brune1f38db2012-09-03 20:36:47 +02005832 if (conn->flags & CO_FL_ERROR) {
5833 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005834 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005835 }
Emeric Brun46591952012-05-18 15:47:34 +02005836 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005837 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005838 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005839 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005840 }
Emeric Brun46591952012-05-18 15:47:34 +02005841 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005842 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005843 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005844 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005845 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005846 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005847#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005848 /* Async mode can be re-enabled, because we're leaving data state.*/
5849 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005850 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005851#endif
Emeric Brun46591952012-05-18 15:47:34 +02005852 break;
5853 }
5854 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005855 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005856 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5857 SUB_RETRY_RECV,
5858 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01005859 /* handshake is running, and it may need to re-enable read */
5860 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005861#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005862 /* Async mode can be re-enabled, because we're leaving data state.*/
5863 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005864 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005865#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005866 break;
5867 }
Emeric Brun46591952012-05-18 15:47:34 +02005868 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005869 } else if (ret == SSL_ERROR_ZERO_RETURN)
5870 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005871 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5872 * stack before shutting down the connection for
5873 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005874 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5875 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005876 /* otherwise it's a real error */
5877 goto out_error;
5878 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005879 if (need_out)
5880 break;
Emeric Brun46591952012-05-18 15:47:34 +02005881 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005882 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005883 return done;
5884
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005885 clear_ssl_error:
5886 /* Clear openssl global errors stack */
5887 ssl_sock_dump_errors(conn);
5888 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005889 read0:
5890 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005891 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005892
Emeric Brun46591952012-05-18 15:47:34 +02005893 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005894 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005895 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005896 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005897 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005898 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005899}
5900
5901
Willy Tarreau787db9a2018-06-14 18:31:46 +02005902/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5903 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5904 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005905 * Only one call to send() is performed, unless the buffer wraps, in which case
5906 * a second call may be performed. The connection's flags are updated with
5907 * whatever special event is detected (error, empty). The caller is responsible
5908 * for taking care of those events and avoiding the call if inappropriate. The
5909 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005910 * is responsible for this. The buffer's output is not adjusted, it's up to the
5911 * caller to take care of this. It's up to the caller to update the buffer's
5912 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005913 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005914static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005915{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005916 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005917 ssize_t ret;
5918 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005919
5920 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005921 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005922
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005923 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005924 goto out_error;
5925
Olivier Houchard010941f2019-05-03 20:56:19 +02005926 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005927 /* a handshake was requested */
5928 return 0;
5929
5930 /* send the largest possible block. For this we perform only one call
5931 * to send() unless the buffer wraps and we exactly fill the first hunk,
5932 * in which case we accept to do it once again.
5933 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005934 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005935#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005936 size_t written_data;
5937#endif
5938
Willy Tarreau787db9a2018-06-14 18:31:46 +02005939 try = b_contig_data(buf, done);
5940 if (try > count)
5941 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005942
Willy Tarreau7bed9452014-02-02 02:00:24 +01005943 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005944 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005945 global_ssl.max_record && try > global_ssl.max_record) {
5946 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005947 }
5948 else {
5949 /* we need to keep the information about the fact that
5950 * we're not limiting the upcoming send(), because if it
5951 * fails, we'll have to retry with at least as many data.
5952 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005953 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005954 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005955
Willy Tarreau5db847a2019-05-09 14:13:35 +02005956#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02005957 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005958 unsigned int max_early;
5959
Olivier Houchard522eea72017-11-03 16:27:47 +01005960 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01005961 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01005962 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005963 if (SSL_get0_session(ctx->ssl))
5964 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01005965 else
5966 max_early = 0;
5967 }
5968
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005969 if (try + ctx->sent_early_data > max_early) {
5970 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005971 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02005972 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005973 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005974 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005975 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005976 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005977 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005978 if (ret == 1) {
5979 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005980 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005981 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005982 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005983 /* Initiate the handshake, now */
5984 tasklet_wakeup(ctx->wait_event.tasklet);
5985 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005986
Olivier Houchardc2aae742017-09-22 18:26:28 +02005987 }
5988
5989 } else
5990#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005991 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005992
Emeric Brune1f38db2012-09-03 20:36:47 +02005993 if (conn->flags & CO_FL_ERROR) {
5994 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005995 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005996 }
Emeric Brun46591952012-05-18 15:47:34 +02005997 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005998 /* A send succeeded, so we can consier ourself connected */
5999 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006000 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006001 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006002 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006003 }
6004 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006005 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006006
Emeric Brun46591952012-05-18 15:47:34 +02006007 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006008 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006009 /* handshake is running, and it may need to re-enable write */
6010 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006011 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006012#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006013 /* Async mode can be re-enabled, because we're leaving data state.*/
6014 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006015 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006016#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006017 break;
6018 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006019
Emeric Brun46591952012-05-18 15:47:34 +02006020 break;
6021 }
6022 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006023 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006024 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006025 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6026 SUB_RETRY_RECV,
6027 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006028#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006029 /* Async mode can be re-enabled, because we're leaving data state.*/
6030 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006031 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006032#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006033 break;
6034 }
Emeric Brun46591952012-05-18 15:47:34 +02006035 goto out_error;
6036 }
6037 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006038 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006039 return done;
6040
6041 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006042 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006043 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006044 ERR_clear_error();
6045
Emeric Brun46591952012-05-18 15:47:34 +02006046 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006047 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006048}
6049
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006050static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006051
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006052 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006053
Olivier Houchardea8dd942019-05-20 14:02:16 +02006054
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006055 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006056 if (ctx->wait_event.events != 0)
6057 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6058 ctx->wait_event.events,
6059 &ctx->wait_event);
6060 if (ctx->send_wait) {
6061 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006062 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006063 }
6064 if (ctx->recv_wait) {
6065 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006066 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006067 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006068 if (ctx->xprt->close)
6069 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006070#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006071 if (global_ssl.async) {
6072 OSSL_ASYNC_FD all_fd[32], afd;
6073 size_t num_all_fds = 0;
6074 int i;
6075
Olivier Houchard66ab4982019-02-26 18:37:15 +01006076 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006077 if (num_all_fds > 32) {
6078 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6079 return;
6080 }
6081
Olivier Houchard66ab4982019-02-26 18:37:15 +01006082 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006083
6084 /* If an async job is pending, we must try to
6085 to catch the end using polling before calling
6086 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006087 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006088 for (i=0 ; i < num_all_fds ; i++) {
6089 /* switch on an handler designed to
6090 * handle the SSL_free
6091 */
6092 afd = all_fd[i];
6093 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006094 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006095 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006096 /* To ensure that the fd cache won't be used
6097 * and we'll catch a real RD event.
6098 */
6099 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006100 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006101 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006102 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006103 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006104 return;
6105 }
Emeric Brun3854e012017-05-17 20:42:48 +02006106 /* Else we can remove the fds from the fdtab
6107 * and call SSL_free.
6108 * note: we do a fd_remove and not a delete
6109 * because the fd is owned by the engine.
6110 * the engine is responsible to close
6111 */
6112 for (i=0 ; i < num_all_fds ; i++)
6113 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006114 }
6115#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006116 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006117 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006118 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006119 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006120 }
Emeric Brun46591952012-05-18 15:47:34 +02006121}
6122
6123/* This function tries to perform a clean shutdown on an SSL connection, and in
6124 * any case, flags the connection as reusable if no handshake was in progress.
6125 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006126static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006127{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006128 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006129
Emeric Brun46591952012-05-18 15:47:34 +02006130 if (conn->flags & CO_FL_HANDSHAKE)
6131 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006132 if (!clean)
6133 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006134 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006135 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006136 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006137 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006138 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006139 ERR_clear_error();
6140 }
Emeric Brun46591952012-05-18 15:47:34 +02006141}
6142
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006143/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006144int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006145{
Christopher Faulet82004142019-09-10 10:12:03 +02006146 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006147 struct pkey_info *pkinfo;
6148 int bits = 0;
6149 int sig = TLSEXT_signature_anonymous;
6150 int len = -1;
6151
6152 if (!ssl_sock_is_ssl(conn))
6153 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02006154 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006155 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006156 if (pkinfo) {
6157 sig = pkinfo->sig;
6158 bits = pkinfo->bits;
6159 } else {
6160 /* multicert and generated cert have no pkey info */
6161 X509 *crt;
6162 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006163 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006164 if (!crt)
6165 return 0;
6166 pkey = X509_get_pubkey(crt);
6167 if (pkey) {
6168 bits = EVP_PKEY_bits(pkey);
6169 switch(EVP_PKEY_base_id(pkey)) {
6170 case EVP_PKEY_RSA:
6171 sig = TLSEXT_signature_rsa;
6172 break;
6173 case EVP_PKEY_EC:
6174 sig = TLSEXT_signature_ecdsa;
6175 break;
6176 case EVP_PKEY_DSA:
6177 sig = TLSEXT_signature_dsa;
6178 break;
6179 }
6180 EVP_PKEY_free(pkey);
6181 }
6182 }
6183
6184 switch(sig) {
6185 case TLSEXT_signature_rsa:
6186 len = chunk_printf(out, "RSA%d", bits);
6187 break;
6188 case TLSEXT_signature_ecdsa:
6189 len = chunk_printf(out, "EC%d", bits);
6190 break;
6191 case TLSEXT_signature_dsa:
6192 len = chunk_printf(out, "DSA%d", bits);
6193 break;
6194 default:
6195 return 0;
6196 }
6197 if (len < 0)
6198 return 0;
6199 return 1;
6200}
6201
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006202/* used for ppv2 cert signature (can be used for logging) */
6203const char *ssl_sock_get_cert_sig(struct connection *conn)
6204{
Christopher Faulet82004142019-09-10 10:12:03 +02006205 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006206
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006207 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6208 X509 *crt;
6209
6210 if (!ssl_sock_is_ssl(conn))
6211 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006212 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006213 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006214 if (!crt)
6215 return NULL;
6216 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6217 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6218}
6219
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006220/* used for ppv2 authority */
6221const char *ssl_sock_get_sni(struct connection *conn)
6222{
6223#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006224 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006225
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006226 if (!ssl_sock_is_ssl(conn))
6227 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006228 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006229 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006230#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006231 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006232#endif
6233}
6234
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006235/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006236const char *ssl_sock_get_cipher_name(struct connection *conn)
6237{
Christopher Faulet82004142019-09-10 10:12:03 +02006238 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006239
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006240 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006241 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006242 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006243 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006244}
6245
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006246/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006247const char *ssl_sock_get_proto_version(struct connection *conn)
6248{
Christopher Faulet82004142019-09-10 10:12:03 +02006249 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006250
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006251 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006252 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006253 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006254 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006255}
6256
Willy Tarreau8d598402012-10-22 17:58:39 +02006257/* Extract a serial from a cert, and copy it to a chunk.
6258 * Returns 1 if serial is found and copied, 0 if no serial found and
6259 * -1 if output is not large enough.
6260 */
6261static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006262ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006263{
6264 ASN1_INTEGER *serial;
6265
6266 serial = X509_get_serialNumber(crt);
6267 if (!serial)
6268 return 0;
6269
6270 if (out->size < serial->length)
6271 return -1;
6272
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006273 memcpy(out->area, serial->data, serial->length);
6274 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006275 return 1;
6276}
6277
Emeric Brun43e79582014-10-29 19:03:26 +01006278/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006279 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6280 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006281 */
6282static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006283ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006284{
6285 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006286 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006287
6288 len =i2d_X509(crt, NULL);
6289 if (len <= 0)
6290 return 1;
6291
6292 if (out->size < len)
6293 return -1;
6294
6295 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006296 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006297 return 1;
6298}
6299
Emeric Brunce5ad802012-10-22 14:11:22 +02006300
Willy Tarreau83061a82018-07-13 11:56:34 +02006301/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006302 * Returns 1 if serial is found and copied, 0 if no valid time found
6303 * and -1 if output is not large enough.
6304 */
6305static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006306ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006307{
6308 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6309 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6310
6311 if (gentm->length < 12)
6312 return 0;
6313 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6314 return 0;
6315 if (out->size < gentm->length-2)
6316 return -1;
6317
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006318 memcpy(out->area, gentm->data+2, gentm->length-2);
6319 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006320 return 1;
6321 }
6322 else if (tm->type == V_ASN1_UTCTIME) {
6323 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6324
6325 if (utctm->length < 10)
6326 return 0;
6327 if (utctm->data[0] >= 0x35)
6328 return 0;
6329 if (out->size < utctm->length)
6330 return -1;
6331
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006332 memcpy(out->area, utctm->data, utctm->length);
6333 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006334 return 1;
6335 }
6336
6337 return 0;
6338}
6339
Emeric Brun87855892012-10-17 17:39:35 +02006340/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6341 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6342 */
6343static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006344ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6345 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006346{
6347 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006348 ASN1_OBJECT *obj;
6349 ASN1_STRING *data;
6350 const unsigned char *data_ptr;
6351 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006352 int i, j, n;
6353 int cur = 0;
6354 const char *s;
6355 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006356 int name_count;
6357
6358 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006359
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006360 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006361 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006362 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006363 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006364 else
6365 j = i;
6366
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006367 ne = X509_NAME_get_entry(a, j);
6368 obj = X509_NAME_ENTRY_get_object(ne);
6369 data = X509_NAME_ENTRY_get_data(ne);
6370 data_ptr = ASN1_STRING_get0_data(data);
6371 data_len = ASN1_STRING_length(data);
6372 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006373 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006374 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006375 s = tmp;
6376 }
6377
6378 if (chunk_strcasecmp(entry, s) != 0)
6379 continue;
6380
6381 if (pos < 0)
6382 cur--;
6383 else
6384 cur++;
6385
6386 if (cur != pos)
6387 continue;
6388
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006389 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006390 return -1;
6391
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006392 memcpy(out->area, data_ptr, data_len);
6393 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006394 return 1;
6395 }
6396
6397 return 0;
6398
6399}
6400
6401/* Extract and format full DN from a X509_NAME and copy result into a chunk
6402 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6403 */
6404static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006405ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006406{
6407 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006408 ASN1_OBJECT *obj;
6409 ASN1_STRING *data;
6410 const unsigned char *data_ptr;
6411 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006412 int i, n, ln;
6413 int l = 0;
6414 const char *s;
6415 char *p;
6416 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006417 int name_count;
6418
6419
6420 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006421
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006422 out->data = 0;
6423 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006424 for (i = 0; i < name_count; i++) {
6425 ne = X509_NAME_get_entry(a, i);
6426 obj = X509_NAME_ENTRY_get_object(ne);
6427 data = X509_NAME_ENTRY_get_data(ne);
6428 data_ptr = ASN1_STRING_get0_data(data);
6429 data_len = ASN1_STRING_length(data);
6430 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006431 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006432 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006433 s = tmp;
6434 }
6435 ln = strlen(s);
6436
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006437 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006438 if (l > out->size)
6439 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006440 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006441
6442 *(p++)='/';
6443 memcpy(p, s, ln);
6444 p += ln;
6445 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006446 memcpy(p, data_ptr, data_len);
6447 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006448 }
6449
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006450 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006451 return 0;
6452
6453 return 1;
6454}
6455
Olivier Houchardab28a322018-12-21 19:45:40 +01006456void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6457{
6458#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet82004142019-09-10 10:12:03 +02006459 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006460
Olivier Houcharde488ea82019-06-28 14:10:33 +02006461 if (!ssl_sock_is_ssl(conn))
6462 return;
Christopher Faulet82004142019-09-10 10:12:03 +02006463 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006464 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006465#endif
6466}
6467
Willy Tarreau119a4082016-12-22 21:58:38 +01006468/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6469 * to disable SNI.
6470 */
Willy Tarreau63076412015-07-10 11:33:32 +02006471void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6472{
6473#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006474 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006475
Willy Tarreau119a4082016-12-22 21:58:38 +01006476 char *prev_name;
6477
Willy Tarreau63076412015-07-10 11:33:32 +02006478 if (!ssl_sock_is_ssl(conn))
6479 return;
Christopher Faulet82004142019-09-10 10:12:03 +02006480 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02006481
Willy Tarreau119a4082016-12-22 21:58:38 +01006482 /* if the SNI changes, we must destroy the reusable context so that a
6483 * new connection will present a new SNI. As an optimization we could
6484 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6485 * server.
6486 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006487 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006488 if ((!prev_name && hostname) ||
6489 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006490 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006491
Olivier Houchard66ab4982019-02-26 18:37:15 +01006492 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006493#endif
6494}
6495
Emeric Brun0abf8362014-06-24 18:26:41 +02006496/* Extract peer certificate's common name into the chunk dest
6497 * Returns
6498 * the len of the extracted common name
6499 * or 0 if no CN found in DN
6500 * or -1 on error case (i.e. no peer certificate)
6501 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006502int ssl_sock_get_remote_common_name(struct connection *conn,
6503 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006504{
Christopher Faulet82004142019-09-10 10:12:03 +02006505 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04006506 X509 *crt = NULL;
6507 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006508 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006509 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006510 .area = (char *)&find_cn,
6511 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006512 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006513 int result = -1;
David Safb76832014-05-08 23:42:08 -04006514
6515 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006516 goto out;
Christopher Faulet82004142019-09-10 10:12:03 +02006517 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006518
6519 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006520 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006521 if (!crt)
6522 goto out;
6523
6524 name = X509_get_subject_name(crt);
6525 if (!name)
6526 goto out;
David Safb76832014-05-08 23:42:08 -04006527
Emeric Brun0abf8362014-06-24 18:26:41 +02006528 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6529out:
David Safb76832014-05-08 23:42:08 -04006530 if (crt)
6531 X509_free(crt);
6532
6533 return result;
6534}
6535
Dave McCowan328fb582014-07-30 10:39:13 -04006536/* returns 1 if client passed a certificate for this session, 0 if not */
6537int ssl_sock_get_cert_used_sess(struct connection *conn)
6538{
Christopher Faulet82004142019-09-10 10:12:03 +02006539 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006540 X509 *crt = NULL;
6541
6542 if (!ssl_sock_is_ssl(conn))
6543 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02006544 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006545
6546 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006547 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006548 if (!crt)
6549 return 0;
6550
6551 X509_free(crt);
6552 return 1;
6553}
6554
6555/* returns 1 if client passed a certificate for this connection, 0 if not */
6556int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006557{
Christopher Faulet82004142019-09-10 10:12:03 +02006558 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006559
David Safb76832014-05-08 23:42:08 -04006560 if (!ssl_sock_is_ssl(conn))
6561 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02006562 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006563 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006564}
6565
6566/* returns result from SSL verify */
6567unsigned int ssl_sock_get_verify_result(struct connection *conn)
6568{
Christopher Faulet82004142019-09-10 10:12:03 +02006569 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006570
David Safb76832014-05-08 23:42:08 -04006571 if (!ssl_sock_is_ssl(conn))
6572 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet82004142019-09-10 10:12:03 +02006573 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006574 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006575}
6576
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006577/* Returns the application layer protocol name in <str> and <len> when known.
6578 * Zero is returned if the protocol name was not found, otherwise non-zero is
6579 * returned. The string is allocated in the SSL context and doesn't have to be
6580 * freed by the caller. NPN is also checked if available since older versions
6581 * of openssl (1.0.1) which are more common in field only support this one.
6582 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006583static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006584{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006585#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6586 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006587 struct ssl_sock_ctx *ctx = xprt_ctx;
6588 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006589 return 0;
6590
6591 *str = NULL;
6592
6593#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006594 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006595 if (*str)
6596 return 1;
6597#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006598#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006599 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006600 if (*str)
6601 return 1;
6602#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006603#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006604 return 0;
6605}
6606
Willy Tarreau7875d092012-09-10 08:20:03 +02006607/***** Below are some sample fetching functions for ACL/patterns *****/
6608
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006609static int
6610smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6611{
6612 struct connection *conn;
6613
6614 conn = objt_conn(smp->sess->origin);
6615 if (!conn || conn->xprt != &ssl_sock)
6616 return 0;
6617
6618 smp->flags = 0;
6619 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02006620#ifdef OPENSSL_IS_BORINGSSL
6621 {
6622 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6623 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
6624 SSL_early_data_accepted(ctx->ssl));
6625 }
6626#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006627 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6628 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02006629#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006630 return 1;
6631}
6632
Emeric Brune64aef12012-09-21 13:15:06 +02006633/* boolean, returns true if client cert was present */
6634static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006635smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006636{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006637 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006638 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006639
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006640 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006641 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006642 return 0;
6643
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006644 ctx = conn->xprt_ctx;
6645
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006646 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006647 smp->flags |= SMP_F_MAY_CHANGE;
6648 return 0;
6649 }
6650
6651 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006652 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006653 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006654
6655 return 1;
6656}
6657
Emeric Brun43e79582014-10-29 19:03:26 +01006658/* binary, returns a certificate in a binary chunk (der/raw).
6659 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6660 * should be use.
6661 */
6662static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006663smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006664{
6665 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6666 X509 *crt = NULL;
6667 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006668 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006669 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006670 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006671
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006672 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006673 if (!conn || conn->xprt != &ssl_sock)
6674 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006675 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006676
6677 if (!(conn->flags & CO_FL_CONNECTED)) {
6678 smp->flags |= SMP_F_MAY_CHANGE;
6679 return 0;
6680 }
6681
6682 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006683 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006684 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006685 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006686
6687 if (!crt)
6688 goto out;
6689
6690 smp_trash = get_trash_chunk();
6691 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6692 goto out;
6693
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006694 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006695 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006696 ret = 1;
6697out:
6698 /* SSL_get_peer_certificate, it increase X509 * ref count */
6699 if (cert_peer && crt)
6700 X509_free(crt);
6701 return ret;
6702}
6703
Emeric Brunba841a12014-04-30 17:05:08 +02006704/* binary, returns serial of certificate in a binary chunk.
6705 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6706 * should be use.
6707 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006708static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006709smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006710{
Emeric Brunba841a12014-04-30 17:05:08 +02006711 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006712 X509 *crt = NULL;
6713 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006714 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006715 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006716 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006717
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006718 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006719 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006720 return 0;
6721
Olivier Houchard66ab4982019-02-26 18:37:15 +01006722 ctx = conn->xprt_ctx;
6723
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006724 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006725 smp->flags |= SMP_F_MAY_CHANGE;
6726 return 0;
6727 }
6728
Emeric Brunba841a12014-04-30 17:05:08 +02006729 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006730 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006731 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006732 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006733
Willy Tarreau8d598402012-10-22 17:58:39 +02006734 if (!crt)
6735 goto out;
6736
Willy Tarreau47ca5452012-12-23 20:22:19 +01006737 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006738 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6739 goto out;
6740
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006741 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006742 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006743 ret = 1;
6744out:
Emeric Brunba841a12014-04-30 17:05:08 +02006745 /* SSL_get_peer_certificate, it increase X509 * ref count */
6746 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006747 X509_free(crt);
6748 return ret;
6749}
Emeric Brune64aef12012-09-21 13:15:06 +02006750
Emeric Brunba841a12014-04-30 17:05:08 +02006751/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6752 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6753 * should be use.
6754 */
James Votha051b4a2013-05-14 20:37:59 +02006755static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006756smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006757{
Emeric Brunba841a12014-04-30 17:05:08 +02006758 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006759 X509 *crt = NULL;
6760 const EVP_MD *digest;
6761 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006762 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006763 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006764 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006765
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006766 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006767 if (!conn || conn->xprt != &ssl_sock)
6768 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006769 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006770
6771 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006772 smp->flags |= SMP_F_MAY_CHANGE;
6773 return 0;
6774 }
6775
Emeric Brunba841a12014-04-30 17:05:08 +02006776 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006777 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006778 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006779 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006780 if (!crt)
6781 goto out;
6782
6783 smp_trash = get_trash_chunk();
6784 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006785 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6786 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006787
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006788 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006789 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006790 ret = 1;
6791out:
Emeric Brunba841a12014-04-30 17:05:08 +02006792 /* SSL_get_peer_certificate, it increase X509 * ref count */
6793 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006794 X509_free(crt);
6795 return ret;
6796}
6797
Emeric Brunba841a12014-04-30 17:05:08 +02006798/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6799 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6800 * should be use.
6801 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006802static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006803smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006804{
Emeric Brunba841a12014-04-30 17:05:08 +02006805 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006806 X509 *crt = NULL;
6807 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006808 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006809 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006810 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006811
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006812 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006813 if (!conn || conn->xprt != &ssl_sock)
6814 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006815 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006816
6817 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006818 smp->flags |= SMP_F_MAY_CHANGE;
6819 return 0;
6820 }
6821
Emeric Brunba841a12014-04-30 17:05:08 +02006822 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006823 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006824 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006825 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006826 if (!crt)
6827 goto out;
6828
Willy Tarreau47ca5452012-12-23 20:22:19 +01006829 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006830 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006831 goto out;
6832
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006833 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006834 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006835 ret = 1;
6836out:
Emeric Brunba841a12014-04-30 17:05:08 +02006837 /* SSL_get_peer_certificate, it increase X509 * ref count */
6838 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006839 X509_free(crt);
6840 return ret;
6841}
6842
Emeric Brunba841a12014-04-30 17:05:08 +02006843/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6844 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6845 * should be use.
6846 */
Emeric Brun87855892012-10-17 17:39:35 +02006847static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006848smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006849{
Emeric Brunba841a12014-04-30 17:05:08 +02006850 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006851 X509 *crt = NULL;
6852 X509_NAME *name;
6853 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006854 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006855 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006856 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006857
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006858 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006859 if (!conn || conn->xprt != &ssl_sock)
6860 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006861 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006862
6863 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006864 smp->flags |= SMP_F_MAY_CHANGE;
6865 return 0;
6866 }
6867
Emeric Brunba841a12014-04-30 17:05:08 +02006868 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006869 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006870 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006871 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006872 if (!crt)
6873 goto out;
6874
6875 name = X509_get_issuer_name(crt);
6876 if (!name)
6877 goto out;
6878
Willy Tarreau47ca5452012-12-23 20:22:19 +01006879 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006880 if (args && args[0].type == ARGT_STR) {
6881 int pos = 1;
6882
6883 if (args[1].type == ARGT_SINT)
6884 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006885
6886 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6887 goto out;
6888 }
6889 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6890 goto out;
6891
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006892 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006893 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006894 ret = 1;
6895out:
Emeric Brunba841a12014-04-30 17:05:08 +02006896 /* SSL_get_peer_certificate, it increase X509 * ref count */
6897 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006898 X509_free(crt);
6899 return ret;
6900}
6901
Emeric Brunba841a12014-04-30 17:05:08 +02006902/* string, returns notbefore date in ASN1_UTCTIME format.
6903 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6904 * should be use.
6905 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006906static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006907smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006908{
Emeric Brunba841a12014-04-30 17:05:08 +02006909 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006910 X509 *crt = NULL;
6911 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006912 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006913 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006914 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006915
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006916 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006917 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006918 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006919 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006920
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006921 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006922 smp->flags |= SMP_F_MAY_CHANGE;
6923 return 0;
6924 }
6925
Emeric Brunba841a12014-04-30 17:05:08 +02006926 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006927 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006928 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006929 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006930 if (!crt)
6931 goto out;
6932
Willy Tarreau47ca5452012-12-23 20:22:19 +01006933 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006934 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006935 goto out;
6936
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006937 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006938 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006939 ret = 1;
6940out:
Emeric Brunba841a12014-04-30 17:05:08 +02006941 /* SSL_get_peer_certificate, it increase X509 * ref count */
6942 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006943 X509_free(crt);
6944 return ret;
6945}
6946
Emeric Brunba841a12014-04-30 17:05:08 +02006947/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6948 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6949 * should be use.
6950 */
Emeric Brun87855892012-10-17 17:39:35 +02006951static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006952smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006953{
Emeric Brunba841a12014-04-30 17:05:08 +02006954 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006955 X509 *crt = NULL;
6956 X509_NAME *name;
6957 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006958 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006959 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006960 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006961
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006962 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006963 if (!conn || conn->xprt != &ssl_sock)
6964 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006965 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006966
6967 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006968 smp->flags |= SMP_F_MAY_CHANGE;
6969 return 0;
6970 }
6971
Emeric Brunba841a12014-04-30 17:05:08 +02006972 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006973 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006974 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006975 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006976 if (!crt)
6977 goto out;
6978
6979 name = X509_get_subject_name(crt);
6980 if (!name)
6981 goto out;
6982
Willy Tarreau47ca5452012-12-23 20:22:19 +01006983 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006984 if (args && args[0].type == ARGT_STR) {
6985 int pos = 1;
6986
6987 if (args[1].type == ARGT_SINT)
6988 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006989
6990 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6991 goto out;
6992 }
6993 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6994 goto out;
6995
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006996 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006997 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006998 ret = 1;
6999out:
Emeric Brunba841a12014-04-30 17:05:08 +02007000 /* SSL_get_peer_certificate, it increase X509 * ref count */
7001 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007002 X509_free(crt);
7003 return ret;
7004}
Emeric Brun9143d372012-12-20 15:44:16 +01007005
7006/* integer, returns true if current session use a client certificate */
7007static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007008smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007009{
7010 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007011 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007012 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007013
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007014 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007015 if (!conn || conn->xprt != &ssl_sock)
7016 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007017 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007018
7019 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007020 smp->flags |= SMP_F_MAY_CHANGE;
7021 return 0;
7022 }
7023
7024 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007025 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007026 if (crt) {
7027 X509_free(crt);
7028 }
7029
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007030 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007031 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007032 return 1;
7033}
7034
Emeric Brunba841a12014-04-30 17:05:08 +02007035/* integer, returns the certificate version
7036 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7037 * should be use.
7038 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007039static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007040smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007041{
Emeric Brunba841a12014-04-30 17:05:08 +02007042 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007043 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007044 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007045 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007046
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007047 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007048 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007049 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007050 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007051
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007052 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007053 smp->flags |= SMP_F_MAY_CHANGE;
7054 return 0;
7055 }
7056
Emeric Brunba841a12014-04-30 17:05:08 +02007057 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007058 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007059 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007060 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007061 if (!crt)
7062 return 0;
7063
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007064 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007065 /* SSL_get_peer_certificate increase X509 * ref count */
7066 if (cert_peer)
7067 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007068 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007069
7070 return 1;
7071}
7072
Emeric Brunba841a12014-04-30 17:05:08 +02007073/* string, returns the certificate's signature algorithm.
7074 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7075 * should be use.
7076 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007077static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007078smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007079{
Emeric Brunba841a12014-04-30 17:05:08 +02007080 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007081 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007082 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007083 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007084 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007085 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007086
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007087 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007088 if (!conn || conn->xprt != &ssl_sock)
7089 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007090 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007091
7092 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007093 smp->flags |= SMP_F_MAY_CHANGE;
7094 return 0;
7095 }
7096
Emeric Brunba841a12014-04-30 17:05:08 +02007097 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007098 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007099 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007100 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007101 if (!crt)
7102 return 0;
7103
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007104 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7105 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007106
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007107 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7108 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007109 /* SSL_get_peer_certificate increase X509 * ref count */
7110 if (cert_peer)
7111 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007112 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007113 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007114
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007115 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007116 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007117 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007118 /* SSL_get_peer_certificate increase X509 * ref count */
7119 if (cert_peer)
7120 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007121
7122 return 1;
7123}
7124
Emeric Brunba841a12014-04-30 17:05:08 +02007125/* string, returns the certificate's key algorithm.
7126 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7127 * should be use.
7128 */
Emeric Brun521a0112012-10-22 12:22:55 +02007129static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007130smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007131{
Emeric Brunba841a12014-04-30 17:05:08 +02007132 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007133 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007134 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007135 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007136 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007137 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007138
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007139 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007140 if (!conn || conn->xprt != &ssl_sock)
7141 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007142 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007143
7144 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007145 smp->flags |= SMP_F_MAY_CHANGE;
7146 return 0;
7147 }
7148
Emeric Brunba841a12014-04-30 17:05:08 +02007149 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007150 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007151 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007152 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007153 if (!crt)
7154 return 0;
7155
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007156 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7157 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007158
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007159 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7160 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007161 /* SSL_get_peer_certificate increase X509 * ref count */
7162 if (cert_peer)
7163 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007164 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007165 }
Emeric Brun521a0112012-10-22 12:22:55 +02007166
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007167 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007168 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007169 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007170 if (cert_peer)
7171 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007172
7173 return 1;
7174}
7175
Emeric Brun645ae792014-04-30 14:21:06 +02007176/* boolean, returns true if front conn. transport layer is SSL.
7177 * This function is also usable on backend conn if the fetch keyword 5th
7178 * char is 'b'.
7179 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007180static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007181smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007182{
Emeric Bruneb8def92018-02-19 15:59:48 +01007183 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7184 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007185
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007186 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007187 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007188 return 1;
7189}
7190
Emeric Brun2525b6b2012-10-18 15:59:43 +02007191/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007192static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007193smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007194{
7195#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007196 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007197 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007198
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007199 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007200 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007201 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007202 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007203 return 1;
7204#else
7205 return 0;
7206#endif
7207}
7208
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007209/* boolean, returns true if client session has been resumed.
7210 * This function is also usable on backend conn if the fetch keyword 5th
7211 * char is 'b'.
7212 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007213static int
7214smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7215{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007216 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7217 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007218 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007219
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007220
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007221 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007222 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007223 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007224 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007225 return 1;
7226}
7227
Emeric Brun645ae792014-04-30 14:21:06 +02007228/* string, returns the used cipher if front conn. transport layer is SSL.
7229 * This function is also usable on backend conn if the fetch keyword 5th
7230 * char is 'b'.
7231 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007232static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007233smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007234{
Emeric Bruneb8def92018-02-19 15:59:48 +01007235 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7236 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007237 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007238
Willy Tarreaube508f12016-03-10 11:47:01 +01007239 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007240 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007241 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007242 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007243
Olivier Houchard66ab4982019-02-26 18:37:15 +01007244 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007245 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007246 return 0;
7247
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007248 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007249 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007250 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007251
7252 return 1;
7253}
7254
Emeric Brun645ae792014-04-30 14:21:06 +02007255/* integer, returns the algoritm's keysize if front conn. transport layer
7256 * is SSL.
7257 * This function is also usable on backend conn if the fetch keyword 5th
7258 * char is 'b'.
7259 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007260static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007261smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007262{
Emeric Bruneb8def92018-02-19 15:59:48 +01007263 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7264 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007265 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007266 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007267
Emeric Brun589fcad2012-10-16 14:13:26 +02007268 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007269 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007270 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007271 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007272
Olivier Houchard66ab4982019-02-26 18:37:15 +01007273 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007274 return 0;
7275
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007276 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007277 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007278
7279 return 1;
7280}
7281
Emeric Brun645ae792014-04-30 14:21:06 +02007282/* integer, returns the used keysize if front conn. transport layer is SSL.
7283 * This function is also usable on backend conn if the fetch keyword 5th
7284 * char is 'b'.
7285 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007286static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007287smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007288{
Emeric Bruneb8def92018-02-19 15:59:48 +01007289 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7290 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007291 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007292
Emeric Brun589fcad2012-10-16 14:13:26 +02007293 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007294 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7295 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007296 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007297
Olivier Houchard66ab4982019-02-26 18:37:15 +01007298 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007299 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007300 return 0;
7301
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007302 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007303
7304 return 1;
7305}
7306
Bernard Spil13c53f82018-02-15 13:34:58 +01007307#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007308static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007309smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007310{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007311 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007312 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007313
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007314 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007315 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007316
Olivier Houchard6b77f492018-11-22 18:18:29 +01007317 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7318 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007319 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7320 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007321 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007322
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007323 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007324 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007325 (const unsigned char **)&smp->data.u.str.area,
7326 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007327
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007328 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007329 return 0;
7330
7331 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007332}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007333#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007334
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007335#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007336static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007337smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007338{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007339 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007340 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007341
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007342 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007343 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007344
Olivier Houchard6b77f492018-11-22 18:18:29 +01007345 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7346 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7347
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007348 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007349 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007350 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007351
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007352 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007353 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007354 (const unsigned char **)&smp->data.u.str.area,
7355 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007356
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007357 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007358 return 0;
7359
7360 return 1;
7361}
7362#endif
7363
Emeric Brun645ae792014-04-30 14:21:06 +02007364/* string, returns the used protocol if front conn. transport layer is SSL.
7365 * This function is also usable on backend conn if the fetch keyword 5th
7366 * char is 'b'.
7367 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007368static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007369smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007370{
Emeric Bruneb8def92018-02-19 15:59:48 +01007371 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7372 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007373 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007374
Emeric Brun589fcad2012-10-16 14:13:26 +02007375 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007376 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7377 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007378 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007379
Olivier Houchard66ab4982019-02-26 18:37:15 +01007380 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007381 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007382 return 0;
7383
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007384 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007385 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007386 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007387
7388 return 1;
7389}
7390
Willy Tarreau87b09662015-04-03 00:22:06 +02007391/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007392 * This function is also usable on backend conn if the fetch keyword 5th
7393 * char is 'b'.
7394 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007395#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007396static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007397smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007398{
Emeric Bruneb8def92018-02-19 15:59:48 +01007399 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7400 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007401 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007402 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007403
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007404 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007405 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007406
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007407 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7408 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007409 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007410
Olivier Houchard66ab4982019-02-26 18:37:15 +01007411 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007412 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007413 return 0;
7414
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007415 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7416 (unsigned int *)&smp->data.u.str.data);
7417 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007418 return 0;
7419
7420 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007421}
Patrick Hemmer41966772018-04-28 19:15:48 -04007422#endif
7423
Emeric Brunfe68f682012-10-16 14:59:28 +02007424
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007425#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007426static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007427smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7428{
7429 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7430 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7431 struct buffer *data;
7432 struct ssl_sock_ctx *ctx;
7433
7434 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7435 return 0;
7436 ctx = conn->xprt_ctx;
7437
7438 data = get_trash_chunk();
7439 if (kw[7] == 'c')
7440 data->data = SSL_get_client_random(ctx->ssl,
7441 (unsigned char *) data->area,
7442 data->size);
7443 else
7444 data->data = SSL_get_server_random(ctx->ssl,
7445 (unsigned char *) data->area,
7446 data->size);
7447 if (!data->data)
7448 return 0;
7449
7450 smp->flags = 0;
7451 smp->data.type = SMP_T_BIN;
7452 smp->data.u.str = *data;
7453
7454 return 1;
7455}
7456
7457static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007458smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7459{
7460 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7461 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7462 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007463 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007464 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007465
7466 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7467 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007468 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007469
Olivier Houchard66ab4982019-02-26 18:37:15 +01007470 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007471 if (!ssl_sess)
7472 return 0;
7473
7474 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007475 data->data = SSL_SESSION_get_master_key(ssl_sess,
7476 (unsigned char *) data->area,
7477 data->size);
7478 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007479 return 0;
7480
7481 smp->flags = 0;
7482 smp->data.type = SMP_T_BIN;
7483 smp->data.u.str = *data;
7484
7485 return 1;
7486}
7487#endif
7488
Patrick Hemmer41966772018-04-28 19:15:48 -04007489#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007490static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007491smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007492{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007493 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007494 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007495
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007496 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007497 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007498
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007499 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007500 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7501 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007502 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007503
Olivier Houchard66ab4982019-02-26 18:37:15 +01007504 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007505 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007506 return 0;
7507
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007508 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007509 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007510}
Patrick Hemmer41966772018-04-28 19:15:48 -04007511#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007512
David Sc1ad52e2014-04-08 18:48:47 -04007513static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007514smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7515{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007516 struct connection *conn;
7517 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007518 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007519
7520 conn = objt_conn(smp->sess->origin);
7521 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7522 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007523 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007524
Olivier Houchard66ab4982019-02-26 18:37:15 +01007525 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007526 if (!capture)
7527 return 0;
7528
7529 smp->flags = SMP_F_CONST;
7530 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007531 smp->data.u.str.area = capture->ciphersuite;
7532 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007533 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007534}
7535
7536static int
7537smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7538{
Willy Tarreau83061a82018-07-13 11:56:34 +02007539 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007540
7541 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7542 return 0;
7543
7544 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007545 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007546 smp->data.type = SMP_T_BIN;
7547 smp->data.u.str = *data;
7548 return 1;
7549}
7550
7551static int
7552smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7553{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007554 struct connection *conn;
7555 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007556 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007557
7558 conn = objt_conn(smp->sess->origin);
7559 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7560 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007561 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007562
Olivier Houchard66ab4982019-02-26 18:37:15 +01007563 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007564 if (!capture)
7565 return 0;
7566
7567 smp->data.type = SMP_T_SINT;
7568 smp->data.u.sint = capture->xxh64;
7569 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007570}
7571
7572static int
7573smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7574{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007575#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007576 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007577 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007578
7579 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7580 return 0;
7581
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007582 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007583 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007584 const char *str;
7585 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007586 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007587 uint16_t id = (bin[0] << 8) | bin[1];
7588#if defined(OPENSSL_IS_BORINGSSL)
7589 cipher = SSL_get_cipher_by_value(id);
7590#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007591 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007592 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7593 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007594#endif
7595 str = SSL_CIPHER_get_name(cipher);
7596 if (!str || strcmp(str, "(NONE)") == 0)
7597 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007598 else
7599 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7600 }
7601 smp->data.type = SMP_T_STR;
7602 smp->data.u.str = *data;
7603 return 1;
7604#else
7605 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7606#endif
7607}
7608
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007609#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007610static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007611smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007612{
Emeric Bruneb8def92018-02-19 15:59:48 +01007613 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7614 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007615 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007616 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007617 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007618
7619 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007620 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7621 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007622 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007623
7624 if (!(conn->flags & CO_FL_CONNECTED)) {
7625 smp->flags |= SMP_F_MAY_CHANGE;
7626 return 0;
7627 }
7628
7629 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007630 if (!SSL_session_reused(ctx->ssl))
7631 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007632 finished_trash->area,
7633 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007634 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007635 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007636 finished_trash->area,
7637 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007638
7639 if (!finished_len)
7640 return 0;
7641
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007642 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007643 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007644 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007645
7646 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007647}
Patrick Hemmer41966772018-04-28 19:15:48 -04007648#endif
David Sc1ad52e2014-04-08 18:48:47 -04007649
Emeric Brun2525b6b2012-10-18 15:59:43 +02007650/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007651static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007652smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007653{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007654 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007655 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007656
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007657 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007658 if (!conn || conn->xprt != &ssl_sock)
7659 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007660 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007661
7662 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007663 smp->flags = SMP_F_MAY_CHANGE;
7664 return 0;
7665 }
7666
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007667 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007668 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007669 smp->flags = 0;
7670
7671 return 1;
7672}
7673
Emeric Brun2525b6b2012-10-18 15:59:43 +02007674/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007675static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007676smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007677{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007678 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007679 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007680
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007681 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007682 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007683 return 0;
7684
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007685 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007686 smp->flags = SMP_F_MAY_CHANGE;
7687 return 0;
7688 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007689 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007690
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007691 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007692 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007693 smp->flags = 0;
7694
7695 return 1;
7696}
7697
Emeric Brun2525b6b2012-10-18 15:59:43 +02007698/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007699static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007700smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007701{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007702 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007703 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007704
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007705 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007706 if (!conn || conn->xprt != &ssl_sock)
7707 return 0;
7708
7709 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007710 smp->flags = SMP_F_MAY_CHANGE;
7711 return 0;
7712 }
7713
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007714 ctx = conn->xprt_ctx;
7715
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007716 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007717 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007718 smp->flags = 0;
7719
7720 return 1;
7721}
7722
Emeric Brun2525b6b2012-10-18 15:59:43 +02007723/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007724static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007725smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007726{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007727 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007728 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007729
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007730 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007731 if (!conn || conn->xprt != &ssl_sock)
7732 return 0;
7733
7734 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007735 smp->flags = SMP_F_MAY_CHANGE;
7736 return 0;
7737 }
7738
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007739 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007740 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007741 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007742
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007743 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007744 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007745 smp->flags = 0;
7746
7747 return 1;
7748}
7749
Emeric Brunfb510ea2012-10-05 12:00:26 +02007750/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007751static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007752{
7753 if (!*args[cur_arg + 1]) {
7754 if (err)
7755 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7756 return ERR_ALERT | ERR_FATAL;
7757 }
7758
Willy Tarreauef934602016-12-22 23:12:01 +01007759 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7760 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007761 else
7762 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007763
Emeric Brund94b3fe2012-09-20 18:23:56 +02007764 return 0;
7765}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007766static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7767{
7768 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7769}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007770
Christopher Faulet31af49d2015-06-09 17:29:50 +02007771/* parse the "ca-sign-file" bind keyword */
7772static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7773{
7774 if (!*args[cur_arg + 1]) {
7775 if (err)
7776 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7777 return ERR_ALERT | ERR_FATAL;
7778 }
7779
Willy Tarreauef934602016-12-22 23:12:01 +01007780 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7781 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007782 else
7783 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7784
7785 return 0;
7786}
7787
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007788/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007789static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7790{
7791 if (!*args[cur_arg + 1]) {
7792 if (err)
7793 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7794 return ERR_ALERT | ERR_FATAL;
7795 }
7796 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7797 return 0;
7798}
7799
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007800/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007801static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007802{
7803 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007804 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007805 return ERR_ALERT | ERR_FATAL;
7806 }
7807
Emeric Brun76d88952012-10-05 15:47:31 +02007808 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007809 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007810 return 0;
7811}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007812static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7813{
7814 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7815}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007816
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007817#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007818/* parse the "ciphersuites" bind keyword */
7819static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7820{
7821 if (!*args[cur_arg + 1]) {
7822 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7823 return ERR_ALERT | ERR_FATAL;
7824 }
7825
7826 free(conf->ciphersuites);
7827 conf->ciphersuites = strdup(args[cur_arg + 1]);
7828 return 0;
7829}
7830static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7831{
7832 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7833}
7834#endif
7835
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007836/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007837static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007838{
Willy Tarreau38011032013-08-13 16:59:39 +02007839 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007840
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007841 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007842 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007843 return ERR_ALERT | ERR_FATAL;
7844 }
7845
Willy Tarreauef934602016-12-22 23:12:01 +01007846 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7847 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007848 memprintf(err, "'%s' : path too long", args[cur_arg]);
7849 return ERR_ALERT | ERR_FATAL;
7850 }
Willy Tarreauef934602016-12-22 23:12:01 +01007851 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007852 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007853 return ERR_ALERT | ERR_FATAL;
7854
7855 return 0;
7856 }
7857
Willy Tarreau03209342016-12-22 17:08:28 +01007858 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007859 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007860
7861 return 0;
7862}
7863
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007864/* parse the "crt-list" bind keyword */
7865static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7866{
7867 if (!*args[cur_arg + 1]) {
7868 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7869 return ERR_ALERT | ERR_FATAL;
7870 }
7871
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007872 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007873 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007874 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007875 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007876
7877 return 0;
7878}
7879
Emeric Brunfb510ea2012-10-05 12:00:26 +02007880/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007881static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007882{
Emeric Brun051cdab2012-10-02 19:25:50 +02007883#ifndef X509_V_FLAG_CRL_CHECK
7884 if (err)
7885 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7886 return ERR_ALERT | ERR_FATAL;
7887#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007888 if (!*args[cur_arg + 1]) {
7889 if (err)
7890 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7891 return ERR_ALERT | ERR_FATAL;
7892 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007893
Willy Tarreauef934602016-12-22 23:12:01 +01007894 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7895 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007896 else
7897 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007898
Emeric Brun2b58d042012-09-20 17:10:03 +02007899 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007900#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007901}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007902static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7903{
7904 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7905}
Emeric Brun2b58d042012-09-20 17:10:03 +02007906
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007907/* parse the "curves" bind keyword keyword */
7908static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7909{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007910#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007911 if (!*args[cur_arg + 1]) {
7912 if (err)
7913 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7914 return ERR_ALERT | ERR_FATAL;
7915 }
7916 conf->curves = strdup(args[cur_arg + 1]);
7917 return 0;
7918#else
7919 if (err)
7920 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7921 return ERR_ALERT | ERR_FATAL;
7922#endif
7923}
7924static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7925{
7926 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7927}
7928
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007929/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007930static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007931{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007932#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02007933 if (err)
7934 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7935 return ERR_ALERT | ERR_FATAL;
7936#elif defined(OPENSSL_NO_ECDH)
7937 if (err)
7938 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7939 return ERR_ALERT | ERR_FATAL;
7940#else
7941 if (!*args[cur_arg + 1]) {
7942 if (err)
7943 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7944 return ERR_ALERT | ERR_FATAL;
7945 }
7946
7947 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007948
7949 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007950#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007951}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007952static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7953{
7954 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7955}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007956
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007957/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007958static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7959{
7960 int code;
7961 char *p = args[cur_arg + 1];
7962 unsigned long long *ignerr = &conf->crt_ignerr;
7963
7964 if (!*p) {
7965 if (err)
7966 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7967 return ERR_ALERT | ERR_FATAL;
7968 }
7969
7970 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7971 ignerr = &conf->ca_ignerr;
7972
7973 if (strcmp(p, "all") == 0) {
7974 *ignerr = ~0ULL;
7975 return 0;
7976 }
7977
7978 while (p) {
7979 code = atoi(p);
7980 if ((code <= 0) || (code > 63)) {
7981 if (err)
7982 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7983 args[cur_arg], code, args[cur_arg + 1]);
7984 return ERR_ALERT | ERR_FATAL;
7985 }
7986 *ignerr |= 1ULL << code;
7987 p = strchr(p, ',');
7988 if (p)
7989 p++;
7990 }
7991
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007992 return 0;
7993}
7994
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007995/* parse tls_method_options "no-xxx" and "force-xxx" */
7996static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007997{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007998 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007999 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008000 p = strchr(arg, '-');
8001 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008002 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008003 p++;
8004 if (!strcmp(p, "sslv3"))
8005 v = CONF_SSLV3;
8006 else if (!strcmp(p, "tlsv10"))
8007 v = CONF_TLSV10;
8008 else if (!strcmp(p, "tlsv11"))
8009 v = CONF_TLSV11;
8010 else if (!strcmp(p, "tlsv12"))
8011 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008012 else if (!strcmp(p, "tlsv13"))
8013 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008014 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008015 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008016 if (!strncmp(arg, "no-", 3))
8017 methods->flags |= methodVersions[v].flag;
8018 else if (!strncmp(arg, "force-", 6))
8019 methods->min = methods->max = v;
8020 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008021 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008022 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008023 fail:
8024 if (err)
8025 memprintf(err, "'%s' : option not implemented", arg);
8026 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008027}
8028
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008029static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008030{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008031 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008032}
8033
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008034static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008035{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008036 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8037}
8038
8039/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8040static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8041{
8042 uint16_t i, v = 0;
8043 char *argv = args[cur_arg + 1];
8044 if (!*argv) {
8045 if (err)
8046 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8047 return ERR_ALERT | ERR_FATAL;
8048 }
8049 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8050 if (!strcmp(argv, methodVersions[i].name))
8051 v = i;
8052 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008053 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008054 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008055 return ERR_ALERT | ERR_FATAL;
8056 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008057 if (!strcmp("ssl-min-ver", args[cur_arg]))
8058 methods->min = v;
8059 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8060 methods->max = v;
8061 else {
8062 if (err)
8063 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8064 return ERR_ALERT | ERR_FATAL;
8065 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008066 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008067}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008068
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008069static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8070{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008071#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008072 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008073#endif
8074 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8075}
8076
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008077static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8078{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008079 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008080}
8081
8082static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8083{
8084 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8085}
8086
Emeric Brun2d0c4822012-10-02 13:45:20 +02008087/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008088static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008089{
Emeric Brun89675492012-10-05 13:48:26 +02008090 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008091 return 0;
8092}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008093
Olivier Houchardc2aae742017-09-22 18:26:28 +02008094/* parse the "allow-0rtt" bind keyword */
8095static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8096{
8097 conf->early_data = 1;
8098 return 0;
8099}
8100
8101static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8102{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008103 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008104 return 0;
8105}
8106
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008107/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008108static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008109{
Bernard Spil13c53f82018-02-15 13:34:58 +01008110#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008111 char *p1, *p2;
8112
8113 if (!*args[cur_arg + 1]) {
8114 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8115 return ERR_ALERT | ERR_FATAL;
8116 }
8117
8118 free(conf->npn_str);
8119
Willy Tarreau3724da12016-02-12 17:11:12 +01008120 /* the NPN string is built as a suite of (<len> <name>)*,
8121 * so we reuse each comma to store the next <len> and need
8122 * one more for the end of the string.
8123 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008124 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008125 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008126 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8127
8128 /* replace commas with the name length */
8129 p1 = conf->npn_str;
8130 p2 = p1 + 1;
8131 while (1) {
8132 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8133 if (!p2)
8134 p2 = p1 + 1 + strlen(p1 + 1);
8135
8136 if (p2 - (p1 + 1) > 255) {
8137 *p2 = '\0';
8138 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8139 return ERR_ALERT | ERR_FATAL;
8140 }
8141
8142 *p1 = p2 - (p1 + 1);
8143 p1 = p2;
8144
8145 if (!*p2)
8146 break;
8147
8148 *(p2++) = '\0';
8149 }
8150 return 0;
8151#else
8152 if (err)
8153 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8154 return ERR_ALERT | ERR_FATAL;
8155#endif
8156}
8157
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008158static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8159{
8160 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8161}
8162
Willy Tarreauab861d32013-04-02 02:30:41 +02008163/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008164static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008165{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008166#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008167 char *p1, *p2;
8168
8169 if (!*args[cur_arg + 1]) {
8170 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8171 return ERR_ALERT | ERR_FATAL;
8172 }
8173
8174 free(conf->alpn_str);
8175
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008176 /* the ALPN string is built as a suite of (<len> <name>)*,
8177 * so we reuse each comma to store the next <len> and need
8178 * one more for the end of the string.
8179 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008180 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008181 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008182 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8183
8184 /* replace commas with the name length */
8185 p1 = conf->alpn_str;
8186 p2 = p1 + 1;
8187 while (1) {
8188 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8189 if (!p2)
8190 p2 = p1 + 1 + strlen(p1 + 1);
8191
8192 if (p2 - (p1 + 1) > 255) {
8193 *p2 = '\0';
8194 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8195 return ERR_ALERT | ERR_FATAL;
8196 }
8197
8198 *p1 = p2 - (p1 + 1);
8199 p1 = p2;
8200
8201 if (!*p2)
8202 break;
8203
8204 *(p2++) = '\0';
8205 }
8206 return 0;
8207#else
8208 if (err)
8209 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8210 return ERR_ALERT | ERR_FATAL;
8211#endif
8212}
8213
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008214static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8215{
8216 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8217}
8218
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008219/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008220static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008221{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008222 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008223 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008224
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008225 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8226 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008227#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008228 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8229 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8230#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008231 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008232 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8233 if (!conf->ssl_conf.ssl_methods.min)
8234 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8235 if (!conf->ssl_conf.ssl_methods.max)
8236 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008237
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008238 return 0;
8239}
8240
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008241/* parse the "prefer-client-ciphers" bind keyword */
8242static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8243{
8244 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8245 return 0;
8246}
8247
Christopher Faulet31af49d2015-06-09 17:29:50 +02008248/* parse the "generate-certificates" bind keyword */
8249static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8250{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008251#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008252 conf->generate_certs = 1;
8253#else
8254 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8255 err && *err ? *err : "");
8256#endif
8257 return 0;
8258}
8259
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008260/* parse the "strict-sni" bind keyword */
8261static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8262{
8263 conf->strict_sni = 1;
8264 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008265}
8266
8267/* parse the "tls-ticket-keys" bind keyword */
8268static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8269{
8270#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8271 FILE *f;
8272 int i = 0;
8273 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008274 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008275
8276 if (!*args[cur_arg + 1]) {
8277 if (err)
8278 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
8279 return ERR_ALERT | ERR_FATAL;
8280 }
8281
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008282 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008283 if (keys_ref) {
8284 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008285 conf->keys_ref = keys_ref;
8286 return 0;
8287 }
8288
Vincent Bernat02779b62016-04-03 13:48:43 +02008289 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008290 if (!keys_ref) {
8291 if (err)
8292 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8293 return ERR_ALERT | ERR_FATAL;
8294 }
8295
Emeric Brun9e754772019-01-10 17:51:55 +01008296 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008297 if (!keys_ref->tlskeys) {
8298 free(keys_ref);
8299 if (err)
8300 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8301 return ERR_ALERT | ERR_FATAL;
8302 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008303
8304 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01008305 free(keys_ref->tlskeys);
8306 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008307 if (err)
8308 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
8309 return ERR_ALERT | ERR_FATAL;
8310 }
8311
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008312 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008313 if (!keys_ref->filename) {
8314 free(keys_ref->tlskeys);
8315 free(keys_ref);
8316 if (err)
8317 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8318 return ERR_ALERT | ERR_FATAL;
8319 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008320
Emeric Brun9e754772019-01-10 17:51:55 +01008321 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008322 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8323 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008324 int dec_size;
8325
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008326 /* Strip newline characters from the end */
8327 if(thisline[len - 1] == '\n')
8328 thisline[--len] = 0;
8329
8330 if(thisline[len - 1] == '\r')
8331 thisline[--len] = 0;
8332
Emeric Brun9e754772019-01-10 17:51:55 +01008333 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8334 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01008335 free(keys_ref->filename);
8336 free(keys_ref->tlskeys);
8337 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008338 if (err)
8339 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02008340 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008341 return ERR_ALERT | ERR_FATAL;
8342 }
Emeric Brun9e754772019-01-10 17:51:55 +01008343 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8344 keys_ref->key_size_bits = 128;
8345 }
8346 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8347 keys_ref->key_size_bits = 256;
8348 }
8349 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8350 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8351 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
8352 free(keys_ref->filename);
8353 free(keys_ref->tlskeys);
8354 free(keys_ref);
8355 if (err)
8356 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
8357 fclose(f);
8358 return ERR_ALERT | ERR_FATAL;
8359 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008360 i++;
8361 }
8362
8363 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01008364 free(keys_ref->filename);
8365 free(keys_ref->tlskeys);
8366 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008367 if (err)
8368 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02008369 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008370 return ERR_ALERT | ERR_FATAL;
8371 }
8372
8373 fclose(f);
8374
8375 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008376 i -= 2;
8377 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008378 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008379 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008380 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008381 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008382
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008383 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8384
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008385 return 0;
8386#else
8387 if (err)
8388 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8389 return ERR_ALERT | ERR_FATAL;
8390#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008391}
8392
Emeric Brund94b3fe2012-09-20 18:23:56 +02008393/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008394static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008395{
8396 if (!*args[cur_arg + 1]) {
8397 if (err)
8398 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8399 return ERR_ALERT | ERR_FATAL;
8400 }
8401
8402 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008403 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008404 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008405 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008406 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008407 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008408 else {
8409 if (err)
8410 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8411 args[cur_arg], args[cur_arg + 1]);
8412 return ERR_ALERT | ERR_FATAL;
8413 }
8414
8415 return 0;
8416}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008417static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8418{
8419 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8420}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008421
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008422/* parse the "no-ca-names" bind keyword */
8423static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8424{
8425 conf->no_ca_names = 1;
8426 return 0;
8427}
8428static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8429{
8430 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8431}
8432
Willy Tarreau92faadf2012-10-10 23:04:25 +02008433/************** "server" keywords ****************/
8434
Olivier Houchardc7566002018-11-20 23:33:50 +01008435/* parse the "npn" bind keyword */
8436static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8437{
8438#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8439 char *p1, *p2;
8440
8441 if (!*args[*cur_arg + 1]) {
8442 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8443 return ERR_ALERT | ERR_FATAL;
8444 }
8445
8446 free(newsrv->ssl_ctx.npn_str);
8447
8448 /* the NPN string is built as a suite of (<len> <name>)*,
8449 * so we reuse each comma to store the next <len> and need
8450 * one more for the end of the string.
8451 */
8452 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8453 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8454 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8455 newsrv->ssl_ctx.npn_len);
8456
8457 /* replace commas with the name length */
8458 p1 = newsrv->ssl_ctx.npn_str;
8459 p2 = p1 + 1;
8460 while (1) {
8461 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8462 newsrv->ssl_ctx.npn_len - (p1 + 1));
8463 if (!p2)
8464 p2 = p1 + 1 + strlen(p1 + 1);
8465
8466 if (p2 - (p1 + 1) > 255) {
8467 *p2 = '\0';
8468 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8469 return ERR_ALERT | ERR_FATAL;
8470 }
8471
8472 *p1 = p2 - (p1 + 1);
8473 p1 = p2;
8474
8475 if (!*p2)
8476 break;
8477
8478 *(p2++) = '\0';
8479 }
8480 return 0;
8481#else
8482 if (err)
8483 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8484 return ERR_ALERT | ERR_FATAL;
8485#endif
8486}
8487
Olivier Houchard92150142018-12-21 19:47:01 +01008488/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008489static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8490{
8491#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8492 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008493 char **alpn_str;
8494 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008495
Olivier Houchard92150142018-12-21 19:47:01 +01008496 if (*args[*cur_arg] == 'c') {
8497 alpn_str = &newsrv->check.alpn_str;
8498 alpn_len = &newsrv->check.alpn_len;
8499 } else {
8500 alpn_str = &newsrv->ssl_ctx.alpn_str;
8501 alpn_len = &newsrv->ssl_ctx.alpn_len;
8502
8503 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008504 if (!*args[*cur_arg + 1]) {
8505 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8506 return ERR_ALERT | ERR_FATAL;
8507 }
8508
Olivier Houchard92150142018-12-21 19:47:01 +01008509 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008510
8511 /* the ALPN string is built as a suite of (<len> <name>)*,
8512 * so we reuse each comma to store the next <len> and need
8513 * one more for the end of the string.
8514 */
Olivier Houchard92150142018-12-21 19:47:01 +01008515 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8516 *alpn_str = calloc(1, *alpn_len + 1);
8517 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008518
8519 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008520 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008521 p2 = p1 + 1;
8522 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008523 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008524 if (!p2)
8525 p2 = p1 + 1 + strlen(p1 + 1);
8526
8527 if (p2 - (p1 + 1) > 255) {
8528 *p2 = '\0';
8529 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8530 return ERR_ALERT | ERR_FATAL;
8531 }
8532
8533 *p1 = p2 - (p1 + 1);
8534 p1 = p2;
8535
8536 if (!*p2)
8537 break;
8538
8539 *(p2++) = '\0';
8540 }
8541 return 0;
8542#else
8543 if (err)
8544 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8545 return ERR_ALERT | ERR_FATAL;
8546#endif
8547}
8548
Emeric Brunef42d922012-10-11 16:11:36 +02008549/* parse the "ca-file" server keyword */
8550static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8551{
8552 if (!*args[*cur_arg + 1]) {
8553 if (err)
8554 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8555 return ERR_ALERT | ERR_FATAL;
8556 }
8557
Willy Tarreauef934602016-12-22 23:12:01 +01008558 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8559 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008560 else
8561 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8562
8563 return 0;
8564}
8565
Olivier Houchard9130a962017-10-17 17:33:43 +02008566/* parse the "check-sni" server keyword */
8567static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8568{
8569 if (!*args[*cur_arg + 1]) {
8570 if (err)
8571 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8572 return ERR_ALERT | ERR_FATAL;
8573 }
8574
8575 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8576 if (!newsrv->check.sni) {
8577 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8578 return ERR_ALERT | ERR_FATAL;
8579 }
8580 return 0;
8581
8582}
8583
Willy Tarreau92faadf2012-10-10 23:04:25 +02008584/* parse the "check-ssl" server keyword */
8585static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8586{
8587 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008588 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8589 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008590#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008591 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8592 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8593#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008594 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008595 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8596 if (!newsrv->ssl_ctx.methods.min)
8597 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8598 if (!newsrv->ssl_ctx.methods.max)
8599 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8600
Willy Tarreau92faadf2012-10-10 23:04:25 +02008601 return 0;
8602}
8603
8604/* parse the "ciphers" server keyword */
8605static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8606{
8607 if (!*args[*cur_arg + 1]) {
8608 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8609 return ERR_ALERT | ERR_FATAL;
8610 }
8611
8612 free(newsrv->ssl_ctx.ciphers);
8613 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8614 return 0;
8615}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008616
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008617#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008618/* parse the "ciphersuites" server keyword */
8619static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8620{
8621 if (!*args[*cur_arg + 1]) {
8622 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8623 return ERR_ALERT | ERR_FATAL;
8624 }
8625
8626 free(newsrv->ssl_ctx.ciphersuites);
8627 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8628 return 0;
8629}
8630#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008631
Emeric Brunef42d922012-10-11 16:11:36 +02008632/* parse the "crl-file" server keyword */
8633static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8634{
8635#ifndef X509_V_FLAG_CRL_CHECK
8636 if (err)
8637 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8638 return ERR_ALERT | ERR_FATAL;
8639#else
8640 if (!*args[*cur_arg + 1]) {
8641 if (err)
8642 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8643 return ERR_ALERT | ERR_FATAL;
8644 }
8645
Willy Tarreauef934602016-12-22 23:12:01 +01008646 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8647 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008648 else
8649 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8650
8651 return 0;
8652#endif
8653}
8654
Emeric Bruna7aa3092012-10-26 12:58:00 +02008655/* parse the "crt" server keyword */
8656static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8657{
8658 if (!*args[*cur_arg + 1]) {
8659 if (err)
8660 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8661 return ERR_ALERT | ERR_FATAL;
8662 }
8663
Willy Tarreauef934602016-12-22 23:12:01 +01008664 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008665 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008666 else
8667 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8668
8669 return 0;
8670}
Emeric Brunef42d922012-10-11 16:11:36 +02008671
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008672/* parse the "no-check-ssl" server keyword */
8673static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8674{
8675 newsrv->check.use_ssl = 0;
8676 free(newsrv->ssl_ctx.ciphers);
8677 newsrv->ssl_ctx.ciphers = NULL;
8678 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8679 return 0;
8680}
8681
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008682/* parse the "no-send-proxy-v2-ssl" server keyword */
8683static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8684{
8685 newsrv->pp_opts &= ~SRV_PP_V2;
8686 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8687 return 0;
8688}
8689
8690/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8691static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8692{
8693 newsrv->pp_opts &= ~SRV_PP_V2;
8694 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8695 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8696 return 0;
8697}
8698
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008699/* parse the "no-ssl" server keyword */
8700static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8701{
8702 newsrv->use_ssl = 0;
8703 free(newsrv->ssl_ctx.ciphers);
8704 newsrv->ssl_ctx.ciphers = NULL;
8705 return 0;
8706}
8707
Olivier Houchard522eea72017-11-03 16:27:47 +01008708/* parse the "allow-0rtt" server keyword */
8709static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8710{
8711 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8712 return 0;
8713}
8714
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008715/* parse the "no-ssl-reuse" server keyword */
8716static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8717{
8718 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8719 return 0;
8720}
8721
Emeric Brunf9c5c472012-10-11 15:28:34 +02008722/* parse the "no-tls-tickets" server keyword */
8723static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8724{
8725 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8726 return 0;
8727}
David Safb76832014-05-08 23:42:08 -04008728/* parse the "send-proxy-v2-ssl" server keyword */
8729static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8730{
8731 newsrv->pp_opts |= SRV_PP_V2;
8732 newsrv->pp_opts |= SRV_PP_V2_SSL;
8733 return 0;
8734}
8735
8736/* parse the "send-proxy-v2-ssl-cn" server keyword */
8737static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8738{
8739 newsrv->pp_opts |= SRV_PP_V2;
8740 newsrv->pp_opts |= SRV_PP_V2_SSL;
8741 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8742 return 0;
8743}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008744
Willy Tarreau732eac42015-07-09 11:40:25 +02008745/* parse the "sni" server keyword */
8746static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8747{
8748#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8749 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8750 return ERR_ALERT | ERR_FATAL;
8751#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008752 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008753
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008754 arg = args[*cur_arg + 1];
8755 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008756 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8757 return ERR_ALERT | ERR_FATAL;
8758 }
8759
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008760 free(newsrv->sni_expr);
8761 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008762
Willy Tarreau732eac42015-07-09 11:40:25 +02008763 return 0;
8764#endif
8765}
8766
Willy Tarreau92faadf2012-10-10 23:04:25 +02008767/* parse the "ssl" server keyword */
8768static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8769{
8770 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008771 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8772 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008773#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008774 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8775 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8776#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008777 return 0;
8778}
8779
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008780/* parse the "ssl-reuse" server keyword */
8781static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8782{
8783 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8784 return 0;
8785}
8786
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008787/* parse the "tls-tickets" server keyword */
8788static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8789{
8790 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8791 return 0;
8792}
8793
Emeric Brunef42d922012-10-11 16:11:36 +02008794/* parse the "verify" server keyword */
8795static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8796{
8797 if (!*args[*cur_arg + 1]) {
8798 if (err)
8799 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8800 return ERR_ALERT | ERR_FATAL;
8801 }
8802
8803 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008804 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008805 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008806 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008807 else {
8808 if (err)
8809 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8810 args[*cur_arg], args[*cur_arg + 1]);
8811 return ERR_ALERT | ERR_FATAL;
8812 }
8813
Evan Broderbe554312013-06-27 00:05:25 -07008814 return 0;
8815}
8816
8817/* parse the "verifyhost" server keyword */
8818static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8819{
8820 if (!*args[*cur_arg + 1]) {
8821 if (err)
8822 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8823 return ERR_ALERT | ERR_FATAL;
8824 }
8825
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008826 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008827 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8828
Emeric Brunef42d922012-10-11 16:11:36 +02008829 return 0;
8830}
8831
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008832/* parse the "ssl-default-bind-options" keyword in global section */
8833static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8834 struct proxy *defpx, const char *file, int line,
8835 char **err) {
8836 int i = 1;
8837
8838 if (*(args[i]) == 0) {
8839 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8840 return -1;
8841 }
8842 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008843 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008844 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008845 else if (!strcmp(args[i], "prefer-client-ciphers"))
8846 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008847 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8848 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8849 i++;
8850 else {
8851 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8852 return -1;
8853 }
8854 }
8855 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008856 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8857 return -1;
8858 }
8859 i++;
8860 }
8861 return 0;
8862}
8863
8864/* parse the "ssl-default-server-options" keyword in global section */
8865static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8866 struct proxy *defpx, const char *file, int line,
8867 char **err) {
8868 int i = 1;
8869
8870 if (*(args[i]) == 0) {
8871 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8872 return -1;
8873 }
8874 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008875 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008876 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008877 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8878 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8879 i++;
8880 else {
8881 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8882 return -1;
8883 }
8884 }
8885 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008886 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8887 return -1;
8888 }
8889 i++;
8890 }
8891 return 0;
8892}
8893
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008894/* parse the "ca-base" / "crt-base" keywords in global section.
8895 * Returns <0 on alert, >0 on warning, 0 on success.
8896 */
8897static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8898 struct proxy *defpx, const char *file, int line,
8899 char **err)
8900{
8901 char **target;
8902
Willy Tarreauef934602016-12-22 23:12:01 +01008903 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008904
8905 if (too_many_args(1, args, err, NULL))
8906 return -1;
8907
8908 if (*target) {
8909 memprintf(err, "'%s' already specified.", args[0]);
8910 return -1;
8911 }
8912
8913 if (*(args[1]) == 0) {
8914 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8915 return -1;
8916 }
8917 *target = strdup(args[1]);
8918 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008919}
8920
8921/* parse the "ssl-mode-async" keyword in global section.
8922 * Returns <0 on alert, >0 on warning, 0 on success.
8923 */
8924static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8925 struct proxy *defpx, const char *file, int line,
8926 char **err)
8927{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008928#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008929 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008930 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008931 return 0;
8932#else
8933 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8934 return -1;
8935#endif
8936}
8937
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008938#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008939static int ssl_check_async_engine_count(void) {
8940 int err_code = 0;
8941
Emeric Brun3854e012017-05-17 20:42:48 +02008942 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008943 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008944 err_code = ERR_ABORT;
8945 }
8946 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008947}
8948
Grant Zhang872f9c22017-01-21 01:10:18 +00008949/* parse the "ssl-engine" keyword in global section.
8950 * Returns <0 on alert, >0 on warning, 0 on success.
8951 */
8952static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8953 struct proxy *defpx, const char *file, int line,
8954 char **err)
8955{
8956 char *algo;
8957 int ret = -1;
8958
8959 if (*(args[1]) == 0) {
8960 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8961 return ret;
8962 }
8963
8964 if (*(args[2]) == 0) {
8965 /* if no list of algorithms is given, it defaults to ALL */
8966 algo = strdup("ALL");
8967 goto add_engine;
8968 }
8969
8970 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8971 if (strcmp(args[2], "algo") != 0) {
8972 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8973 return ret;
8974 }
8975
8976 if (*(args[3]) == 0) {
8977 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8978 return ret;
8979 }
8980 algo = strdup(args[3]);
8981
8982add_engine:
8983 if (ssl_init_single_engine(args[1], algo)==0) {
8984 openssl_engines_initialized++;
8985 ret = 0;
8986 }
8987 free(algo);
8988 return ret;
8989}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008990#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008991
Willy Tarreauf22e9682016-12-21 23:23:19 +01008992/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8993 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8994 */
8995static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8996 struct proxy *defpx, const char *file, int line,
8997 char **err)
8998{
8999 char **target;
9000
Willy Tarreauef934602016-12-22 23:12:01 +01009001 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009002
9003 if (too_many_args(1, args, err, NULL))
9004 return -1;
9005
9006 if (*(args[1]) == 0) {
9007 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9008 return -1;
9009 }
9010
9011 free(*target);
9012 *target = strdup(args[1]);
9013 return 0;
9014}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009015
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009016#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009017/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9018 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9019 */
9020static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9021 struct proxy *defpx, const char *file, int line,
9022 char **err)
9023{
9024 char **target;
9025
9026 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9027
9028 if (too_many_args(1, args, err, NULL))
9029 return -1;
9030
9031 if (*(args[1]) == 0) {
9032 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9033 return -1;
9034 }
9035
9036 free(*target);
9037 *target = strdup(args[1]);
9038 return 0;
9039}
9040#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009041
Willy Tarreau9ceda382016-12-21 23:13:03 +01009042/* parse various global tune.ssl settings consisting in positive integers.
9043 * Returns <0 on alert, >0 on warning, 0 on success.
9044 */
9045static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9046 struct proxy *defpx, const char *file, int line,
9047 char **err)
9048{
9049 int *target;
9050
9051 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9052 target = &global.tune.sslcachesize;
9053 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009054 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009055 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009056 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009057 else if (strcmp(args[0], "maxsslconn") == 0)
9058 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009059 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9060 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009061 else {
9062 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9063 return -1;
9064 }
9065
9066 if (too_many_args(1, args, err, NULL))
9067 return -1;
9068
9069 if (*(args[1]) == 0) {
9070 memprintf(err, "'%s' expects an integer argument.", args[0]);
9071 return -1;
9072 }
9073
9074 *target = atoi(args[1]);
9075 if (*target < 0) {
9076 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9077 return -1;
9078 }
9079 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009080}
9081
9082static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9083 struct proxy *defpx, const char *file, int line,
9084 char **err)
9085{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009086 int ret;
9087
9088 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9089 if (ret != 0)
9090 return ret;
9091
Willy Tarreaubafbe012017-11-24 17:34:44 +01009092 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009093 memprintf(err, "'%s' is already configured.", args[0]);
9094 return -1;
9095 }
9096
Willy Tarreaubafbe012017-11-24 17:34:44 +01009097 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9098 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009099 memprintf(err, "Out of memory error.");
9100 return -1;
9101 }
9102 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009103}
9104
9105/* parse "ssl.force-private-cache".
9106 * Returns <0 on alert, >0 on warning, 0 on success.
9107 */
9108static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9109 struct proxy *defpx, const char *file, int line,
9110 char **err)
9111{
9112 if (too_many_args(0, args, err, NULL))
9113 return -1;
9114
Willy Tarreauef934602016-12-22 23:12:01 +01009115 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009116 return 0;
9117}
9118
9119/* parse "ssl.lifetime".
9120 * Returns <0 on alert, >0 on warning, 0 on success.
9121 */
9122static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9123 struct proxy *defpx, const char *file, int line,
9124 char **err)
9125{
9126 const char *res;
9127
9128 if (too_many_args(1, args, err, NULL))
9129 return -1;
9130
9131 if (*(args[1]) == 0) {
9132 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9133 return -1;
9134 }
9135
Willy Tarreauef934602016-12-22 23:12:01 +01009136 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009137 if (res == PARSE_TIME_OVER) {
9138 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9139 args[1], args[0]);
9140 return -1;
9141 }
9142 else if (res == PARSE_TIME_UNDER) {
9143 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9144 args[1], args[0]);
9145 return -1;
9146 }
9147 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009148 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9149 return -1;
9150 }
9151 return 0;
9152}
9153
9154#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009155/* parse "ssl-dh-param-file".
9156 * Returns <0 on alert, >0 on warning, 0 on success.
9157 */
9158static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9159 struct proxy *defpx, const char *file, int line,
9160 char **err)
9161{
9162 if (too_many_args(1, args, err, NULL))
9163 return -1;
9164
9165 if (*(args[1]) == 0) {
9166 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9167 return -1;
9168 }
9169
9170 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9171 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9172 return -1;
9173 }
9174 return 0;
9175}
9176
Willy Tarreau9ceda382016-12-21 23:13:03 +01009177/* parse "ssl.default-dh-param".
9178 * Returns <0 on alert, >0 on warning, 0 on success.
9179 */
9180static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9181 struct proxy *defpx, const char *file, int line,
9182 char **err)
9183{
9184 if (too_many_args(1, args, err, NULL))
9185 return -1;
9186
9187 if (*(args[1]) == 0) {
9188 memprintf(err, "'%s' expects an integer argument.", args[0]);
9189 return -1;
9190 }
9191
Willy Tarreauef934602016-12-22 23:12:01 +01009192 global_ssl.default_dh_param = atoi(args[1]);
9193 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009194 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9195 return -1;
9196 }
9197 return 0;
9198}
9199#endif
9200
9201
William Lallemand32af2032016-10-29 18:09:35 +02009202/* This function is used with TLS ticket keys management. It permits to browse
9203 * each reference. The variable <getnext> must contain the current node,
9204 * <end> point to the root node.
9205 */
9206#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9207static inline
9208struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9209{
9210 struct tls_keys_ref *ref = getnext;
9211
9212 while (1) {
9213
9214 /* Get next list entry. */
9215 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9216
9217 /* If the entry is the last of the list, return NULL. */
9218 if (&ref->list == end)
9219 return NULL;
9220
9221 return ref;
9222 }
9223}
9224
9225static inline
9226struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9227{
9228 int id;
9229 char *error;
9230
9231 /* If the reference starts by a '#', this is numeric id. */
9232 if (reference[0] == '#') {
9233 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9234 id = strtol(reference + 1, &error, 10);
9235 if (*error != '\0')
9236 return NULL;
9237
9238 /* Perform the unique id lookup. */
9239 return tlskeys_ref_lookupid(id);
9240 }
9241
9242 /* Perform the string lookup. */
9243 return tlskeys_ref_lookup(reference);
9244}
9245#endif
9246
9247
9248#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9249
9250static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9251
9252static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9253 return cli_io_handler_tlskeys_files(appctx);
9254}
9255
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009256/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9257 * (next index to be dumped), and cli.p0 (next key reference).
9258 */
William Lallemand32af2032016-10-29 18:09:35 +02009259static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9260
9261 struct stream_interface *si = appctx->owner;
9262
9263 switch (appctx->st2) {
9264 case STAT_ST_INIT:
9265 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009266 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009267 * later and restart at the state "STAT_ST_INIT".
9268 */
9269 chunk_reset(&trash);
9270
9271 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9272 chunk_appendf(&trash, "# id secret\n");
9273 else
9274 chunk_appendf(&trash, "# id (file)\n");
9275
Willy Tarreau06d80a92017-10-19 14:32:15 +02009276 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009277 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009278 return 0;
9279 }
9280
William Lallemand32af2032016-10-29 18:09:35 +02009281 /* Now, we start the browsing of the references lists.
9282 * Note that the following call to LIST_ELEM return bad pointer. The only
9283 * available field of this pointer is <list>. It is used with the function
9284 * tlskeys_list_get_next() for retruning the first available entry
9285 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009286 if (appctx->ctx.cli.p0 == NULL) {
9287 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9288 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009289 }
9290
9291 appctx->st2 = STAT_ST_LIST;
9292 /* fall through */
9293
9294 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009295 while (appctx->ctx.cli.p0) {
9296 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009297
9298 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009299 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009300 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009301
9302 if (appctx->ctx.cli.i1 == 0)
9303 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9304
William Lallemand32af2032016-10-29 18:09:35 +02009305 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009306 int head;
9307
9308 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9309 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009310 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009311 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009312
9313 chunk_reset(t2);
9314 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009315 if (ref->key_size_bits == 128) {
9316 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9317 sizeof(struct tls_sess_key_128),
9318 t2->area, t2->size);
9319 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9320 t2->area);
9321 }
9322 else if (ref->key_size_bits == 256) {
9323 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9324 sizeof(struct tls_sess_key_256),
9325 t2->area, t2->size);
9326 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9327 t2->area);
9328 }
9329 else {
9330 /* This case should never happen */
9331 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9332 }
William Lallemand32af2032016-10-29 18:09:35 +02009333
Willy Tarreau06d80a92017-10-19 14:32:15 +02009334 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009335 /* let's try again later from this stream. We add ourselves into
9336 * this stream's users so that it can remove us upon termination.
9337 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009338 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009339 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009340 return 0;
9341 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009342 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009343 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009344 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009345 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009346 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009347 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009348 /* let's try again later from this stream. We add ourselves into
9349 * this stream's users so that it can remove us upon termination.
9350 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009351 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009352 return 0;
9353 }
9354
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009355 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009356 break;
9357
9358 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009359 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009360 }
9361
9362 appctx->st2 = STAT_ST_FIN;
9363 /* fall through */
9364
9365 default:
9366 appctx->st2 = STAT_ST_FIN;
9367 return 1;
9368 }
9369 return 0;
9370}
9371
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009372/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009373static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009374{
William Lallemand32af2032016-10-29 18:09:35 +02009375 /* no parameter, shows only file list */
9376 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009377 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009378 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009379 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009380 }
9381
9382 if (args[2][0] == '*') {
9383 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009384 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009385 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009386 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
Willy Tarreau9d008692019-08-09 11:21:01 +02009387 if (!appctx->ctx.cli.p0)
9388 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02009389 }
William Lallemand32af2032016-10-29 18:09:35 +02009390 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009391 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009392}
9393
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009394static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009395{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009396 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009397 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009398
William Lallemand32af2032016-10-29 18:09:35 +02009399 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +02009400 if (!*args[3] || !*args[4])
9401 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009402
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009403 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +02009404 if (!ref)
9405 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +02009406
Willy Tarreau1c913e42018-08-22 05:26:57 +02009407 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +02009408 if (ret < 0)
9409 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +01009410
Willy Tarreau1c913e42018-08-22 05:26:57 +02009411 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +02009412 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
9413 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009414
Willy Tarreau9d008692019-08-09 11:21:01 +02009415 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +02009416}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009417#endif
William Lallemand32af2032016-10-29 18:09:35 +02009418
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009419static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009420{
9421#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9422 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009423 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009424
9425 if (!payload)
9426 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009427
9428 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +02009429 if (!*payload)
9430 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009431
9432 /* remove \r and \n from the payload */
9433 for (i = 0, j = 0; payload[i]; i++) {
9434 if (payload[i] == '\r' || payload[i] == '\n')
9435 continue;
9436 payload[j++] = payload[i];
9437 }
9438 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009439
Willy Tarreau1c913e42018-08-22 05:26:57 +02009440 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +02009441 if (ret < 0)
9442 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009443
Willy Tarreau1c913e42018-08-22 05:26:57 +02009444 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009445 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +02009446 if (err)
9447 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
9448 else
9449 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009450 }
Willy Tarreau9d008692019-08-09 11:21:01 +02009451
9452 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +02009453#else
Willy Tarreau9d008692019-08-09 11:21:01 +02009454 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +02009455#endif
9456
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009457}
9458
Willy Tarreau86a394e2019-05-09 14:15:32 +02009459#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009460static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9461{
9462 switch (arg->type) {
9463 case ARGT_STR:
9464 smp->data.type = SMP_T_STR;
9465 smp->data.u.str = arg->data.str;
9466 return 1;
9467 case ARGT_VAR:
9468 if (!vars_get_by_desc(&arg->data.var, smp))
9469 return 0;
9470 if (!sample_casts[smp->data.type][SMP_T_STR])
9471 return 0;
9472 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9473 return 0;
9474 return 1;
9475 default:
9476 return 0;
9477 }
9478}
9479
9480static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9481 const char *file, int line, char **err)
9482{
9483 switch(args[0].data.sint) {
9484 case 128:
9485 case 192:
9486 case 256:
9487 break;
9488 default:
9489 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9490 return 0;
9491 }
9492 /* Try to decode a variable. */
9493 vars_check_arg(&args[1], NULL);
9494 vars_check_arg(&args[2], NULL);
9495 vars_check_arg(&args[3], NULL);
9496 return 1;
9497}
9498
9499/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9500static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9501{
9502 struct sample nonce, key, aead_tag;
9503 struct buffer *smp_trash, *smp_trash_alloc;
9504 EVP_CIPHER_CTX *ctx;
9505 int dec_size, ret;
9506
9507 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9508 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9509 return 0;
9510
9511 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9512 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9513 return 0;
9514
9515 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9516 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9517 return 0;
9518
9519 smp_trash = get_trash_chunk();
9520 smp_trash_alloc = alloc_trash_chunk();
9521 if (!smp_trash_alloc)
9522 return 0;
9523
9524 ctx = EVP_CIPHER_CTX_new();
9525
9526 if (!ctx)
9527 goto err;
9528
9529 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9530 if (dec_size < 0)
9531 goto err;
9532 smp_trash->data = dec_size;
9533
9534 /* Set cipher type and mode */
9535 switch(arg_p[0].data.sint) {
9536 case 128:
9537 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9538 break;
9539 case 192:
9540 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9541 break;
9542 case 256:
9543 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9544 break;
9545 }
9546
9547 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9548
9549 /* Initialise IV */
9550 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9551 goto err;
9552
9553 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9554 if (dec_size < 0)
9555 goto err;
9556 smp_trash->data = dec_size;
9557
9558 /* Initialise key */
9559 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9560 goto err;
9561
9562 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9563 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9564 goto err;
9565
9566 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9567 if (dec_size < 0)
9568 goto err;
9569 smp_trash_alloc->data = dec_size;
9570 dec_size = smp_trash->data;
9571
9572 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9573 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9574
9575 if (ret <= 0)
9576 goto err;
9577
9578 smp->data.u.str.data = dec_size + smp_trash->data;
9579 smp->data.u.str.area = smp_trash->area;
9580 smp->data.type = SMP_T_BIN;
9581 smp->flags &= ~SMP_F_CONST;
9582 free_trash_chunk(smp_trash_alloc);
9583 return 1;
9584
9585err:
9586 free_trash_chunk(smp_trash_alloc);
9587 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009588}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009589# endif
William Lallemand32af2032016-10-29 18:09:35 +02009590
9591/* register cli keywords */
9592static struct cli_kw_list cli_kws = {{ },{
9593#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9594 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009595 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009596#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009597 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009598 { { NULL }, NULL, NULL, NULL }
9599}};
9600
Willy Tarreau0108d902018-11-25 19:14:37 +01009601INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009602
Willy Tarreau7875d092012-09-10 08:20:03 +02009603/* Note: must not be declared <const> as its list will be overwritten.
9604 * Please take care of keeping this list alphabetically sorted.
9605 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009606static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009607 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009608 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009609#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009610 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009611#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009612 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009613#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9614 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9615#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009616 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009617 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009618 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009619 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009620#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009621 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009622#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009623#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009624 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9625 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -04009626 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9627#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009628 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9629 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009630 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009631 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009632 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9633 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9634 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9635 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9636 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9637 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9638 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9639 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009640 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009641 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9642 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009643 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009644 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9645 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9646 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9647 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9648 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9649 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9650 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009651 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009652 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009653 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009654 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009655 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009656 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009657 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009658 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009659 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009660#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009661 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009662#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009663#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009664 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009665#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009666 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009667#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009668 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009669#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009670 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009671#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009672 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009673#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009674#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009675 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9676 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -04009677 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9678#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009679#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009680 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009681#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009682 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9683 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9684 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9685 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009686 { NULL, NULL, 0, 0, 0 },
9687}};
9688
Willy Tarreau0108d902018-11-25 19:14:37 +01009689INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9690
Willy Tarreau7875d092012-09-10 08:20:03 +02009691/* Note: must not be declared <const> as its list will be overwritten.
9692 * Please take care of keeping this list alphabetically sorted.
9693 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009694static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009695 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9696 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009697 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009698}};
9699
Willy Tarreau0108d902018-11-25 19:14:37 +01009700INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9701
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009702/* Note: must not be declared <const> as its list will be overwritten.
9703 * Please take care of keeping this list alphabetically sorted, doing so helps
9704 * all code contributors.
9705 * Optional keywords are also declared with a NULL ->parse() function so that
9706 * the config parser can report an appropriate error when a known keyword was
9707 * not enabled.
9708 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009709static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009710 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009711 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9712 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9713 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009714#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009715 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9716#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009717 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009718 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009719 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009720 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009721 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009722 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9723 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009724 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9725 { NULL, NULL, 0 },
9726};
9727
Willy Tarreau0108d902018-11-25 19:14:37 +01009728/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9729
Willy Tarreau51fb7652012-09-18 18:24:39 +02009730static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009731 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009732 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9733 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9734 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9735 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9736 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9737 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009738#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009739 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9740#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009741 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9742 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9743 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9744 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9745 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9746 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9747 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9748 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9749 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9750 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009751 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009752 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009753 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009754 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9755 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9756 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9757 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009758 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009759 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9760 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009761 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9762 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009763 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9764 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9765 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9766 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9767 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009768 { NULL, NULL, 0 },
9769}};
Emeric Brun46591952012-05-18 15:47:34 +02009770
Willy Tarreau0108d902018-11-25 19:14:37 +01009771INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9772
Willy Tarreau92faadf2012-10-10 23:04:25 +02009773/* Note: must not be declared <const> as its list will be overwritten.
9774 * Please take care of keeping this list alphabetically sorted, doing so helps
9775 * all code contributors.
9776 * Optional keywords are also declared with a NULL ->parse() function so that
9777 * the config parser can report an appropriate error when a known keyword was
9778 * not enabled.
9779 */
9780static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009781 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009782 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009783 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009784 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009785 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009786 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9787 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009788#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009789 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9790#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009791 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9792 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9793 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9794 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9795 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9796 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9797 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9798 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9799 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9800 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9801 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9802 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9803 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9804 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9805 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9806 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9807 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9808 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009809 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009810 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9811 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9812 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9813 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9814 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9815 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9816 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9817 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9818 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9819 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009820 { NULL, NULL, 0, 0 },
9821}};
9822
Willy Tarreau0108d902018-11-25 19:14:37 +01009823INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9824
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009825static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009826 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9827 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009828 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009829 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9830 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009831#ifndef OPENSSL_NO_DH
9832 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9833#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009834 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009835#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009836 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009837#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009838 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9839#ifndef OPENSSL_NO_DH
9840 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9841#endif
9842 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9843 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9844 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9845 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009846 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009847 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9848 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009849#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009850 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9851 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9852#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009853 { 0, NULL, NULL },
9854}};
9855
Willy Tarreau0108d902018-11-25 19:14:37 +01009856INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9857
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009858/* Note: must not be declared <const> as its list will be overwritten */
9859static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +02009860#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009861 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9862#endif
9863 { NULL, NULL, 0, 0, 0 },
9864}};
9865
9866INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9867
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009868/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009869static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009870 .snd_buf = ssl_sock_from_buf,
9871 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009872 .subscribe = ssl_subscribe,
9873 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +02009874 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +02009875 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +02009876 .rcv_pipe = NULL,
9877 .snd_pipe = NULL,
9878 .shutr = NULL,
9879 .shutw = ssl_sock_shutw,
9880 .close = ssl_sock_close,
9881 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009882 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009883 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009884 .prepare_srv = ssl_sock_prepare_srv_ctx,
9885 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009886 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009887 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009888};
9889
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009890enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9891 struct session *sess, struct stream *s, int flags)
9892{
9893 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009894 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009895
9896 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009897 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009898
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009899 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009900 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009901 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009902 s->req.flags |= CF_READ_NULL;
9903 return ACT_RET_YIELD;
9904 }
9905 }
9906 return (ACT_RET_CONT);
9907}
9908
9909static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9910{
9911 rule->action_ptr = ssl_action_wait_for_hs;
9912
9913 return ACT_RET_PRS_OK;
9914}
9915
9916static struct action_kw_list http_req_actions = {ILH, {
9917 { "wait-for-handshake", ssl_parse_wait_for_hs },
9918 { /* END */ }
9919}};
9920
Willy Tarreau0108d902018-11-25 19:14:37 +01009921INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9922
Willy Tarreau5db847a2019-05-09 14:13:35 +02009923#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009924
9925static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9926{
9927 if (ptr) {
9928 chunk_destroy(ptr);
9929 free(ptr);
9930 }
9931}
9932
9933#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009934static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9935{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009936 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009937}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009938
Emeric Brun46591952012-05-18 15:47:34 +02009939__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009940static void __ssl_sock_init(void)
9941{
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009942#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009943 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009944 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009945#endif
Emeric Brun46591952012-05-18 15:47:34 +02009946
Willy Tarreauef934602016-12-22 23:12:01 +01009947 if (global_ssl.listen_default_ciphers)
9948 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9949 if (global_ssl.connect_default_ciphers)
9950 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009951#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009952 if (global_ssl.listen_default_ciphersuites)
9953 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9954 if (global_ssl.connect_default_ciphersuites)
9955 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9956#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009957
Willy Tarreau13e14102016-12-22 20:25:26 +01009958 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009959#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009960 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009961#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009962#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009963 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009964 n = sk_SSL_COMP_num(cm);
9965 while (n--) {
9966 (void) sk_SSL_COMP_pop(cm);
9967 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009968#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009969
Willy Tarreau5db847a2019-05-09 14:13:35 +02009970#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009971 ssl_locking_init();
9972#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +02009973#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009974 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
9975#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02009976 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02009977 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01009978 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009979#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009980 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009981 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009982#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01009983#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9984 hap_register_post_check(tlskeys_finalize_config);
9985#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009986
9987 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9988 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
9989
9990#ifndef OPENSSL_NO_DH
9991 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
9992 hap_register_post_deinit(ssl_free_dh);
9993#endif
9994#ifndef OPENSSL_NO_ENGINE
9995 hap_register_post_deinit(ssl_free_engines);
9996#endif
9997 /* Load SSL string for the verbose & debug mode. */
9998 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +02009999 ha_meth = BIO_meth_new(0x666, "ha methods");
10000 BIO_meth_set_write(ha_meth, ha_ssl_write);
10001 BIO_meth_set_read(ha_meth, ha_ssl_read);
10002 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
10003 BIO_meth_set_create(ha_meth, ha_ssl_new);
10004 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
10005 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
10006 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
Willy Tarreau80713382018-11-26 10:19:54 +010010007}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010010008
Willy Tarreau80713382018-11-26 10:19:54 +010010009/* Compute and register the version string */
10010static void ssl_register_build_options()
10011{
10012 char *ptr = NULL;
10013 int i;
10014
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010015 memprintf(&ptr, "Built with OpenSSL version : "
10016#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010017 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010018#else /* OPENSSL_IS_BORINGSSL */
10019 OPENSSL_VERSION_TEXT
10020 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010021 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010022 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010023#endif
10024 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010025#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010026 "no (library version too old)"
10027#elif defined(OPENSSL_NO_TLSEXT)
10028 "no (disabled via OPENSSL_NO_TLSEXT)"
10029#else
10030 "yes"
10031#endif
10032 "", ptr);
10033
10034 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10035#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10036 "yes"
10037#else
10038#ifdef OPENSSL_NO_TLSEXT
10039 "no (because of OPENSSL_NO_TLSEXT)"
10040#else
10041 "no (version might be too old, 0.9.8f min needed)"
10042#endif
10043#endif
10044 "", ptr);
10045
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010046 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10047 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10048 if (methodVersions[i].option)
10049 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010050
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010051 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010052}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010053
Willy Tarreau80713382018-11-26 10:19:54 +010010054INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010055
Emeric Brun46591952012-05-18 15:47:34 +020010056
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010057#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010058void ssl_free_engines(void) {
10059 struct ssl_engine_list *wl, *wlb;
10060 /* free up engine list */
10061 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10062 ENGINE_finish(wl->e);
10063 ENGINE_free(wl->e);
10064 LIST_DEL(&wl->list);
10065 free(wl);
10066 }
10067}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010068#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010069
Remi Gacogned3a23c32015-05-28 16:39:47 +020010070#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010071void ssl_free_dh(void) {
10072 if (local_dh_1024) {
10073 DH_free(local_dh_1024);
10074 local_dh_1024 = NULL;
10075 }
10076 if (local_dh_2048) {
10077 DH_free(local_dh_2048);
10078 local_dh_2048 = NULL;
10079 }
10080 if (local_dh_4096) {
10081 DH_free(local_dh_4096);
10082 local_dh_4096 = NULL;
10083 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010084 if (global_dh) {
10085 DH_free(global_dh);
10086 global_dh = NULL;
10087 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010088}
10089#endif
10090
10091__attribute__((destructor))
10092static void __ssl_sock_deinit(void)
10093{
10094#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010095 if (ssl_ctx_lru_tree) {
10096 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010097 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010098 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010099#endif
10100
Willy Tarreau5db847a2019-05-09 14:13:35 +020010101#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010102 ERR_remove_state(0);
10103 ERR_free_strings();
10104
10105 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080010106#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020010107
Willy Tarreau5db847a2019-05-09 14:13:35 +020010108#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010109 CRYPTO_cleanup_all_ex_data();
10110#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020010111 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020010112}
10113
10114
Emeric Brun46591952012-05-18 15:47:34 +020010115/*
10116 * Local variables:
10117 * c-indent-level: 8
10118 * c-basic-offset: 8
10119 * End:
10120 */